Hi all,
I'm wondering if someone could help me this issue that I'm having. With a merger of companies we're inherited an environment that was 'supported' by the world's worst managed IT services company. I keep shaking my head daily but there is this one thing concerning Veeam which chills me to the core but that I'm not sure how to fix.
They were offering us a 'warm' site solution (We're asking for 100% back of the cost of that because it worked 3 times in 6 months... and they had the balls to charge 3 hours a week for monitoring!!) by doing Veeam Replications onto their ESX server at a remote location. The problem with that is that when I open up Veeam Backup and FastSCP I can clearly see their ESX server in the Servers hierarchy. Not only can I see it but I can also browse all the way down to the SANs that are connected to it and download/backup their own and their clients' stuff. The worst being that I see another VeeamBackup folder in there which has been setup for someone else, meaning they'd have the same access to our data.
Is there any proper way of doing that without them having a separate server/storage so it's isolated? Any permissions that could be set to restrict access to all but one datastore?
Any help in handling this nightmare is appreciated!
Cheers,
Kae
-
- Novice
- Posts: 6
- Liked: never
- Joined: Oct 23, 2009 2:33 pm
- Contact:
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Limiting access to target ESX for replication
Hi, from the top of my head (I have not tested it yet), you could try creating separate account for each customer on target ESX host, and granting permissions to each account to access specific datastores only. Then, each customer should add target ESX server to Veeam Backup UI using its own account. Thanks.
-
- Novice
- Posts: 6
- Liked: never
- Joined: Oct 23, 2009 2:33 pm
- Contact:
Re: Limiting access to target ESX for replication
Thanks Gostev.
From the testings that I've been doing on ESXi the permissions set in the Permissions tab on the VI Client seem to take over the actual 'linux' permissions set on individual folders manually. So it looks like you can toggle access to Datastores as a whole to either on or off but not to a specific datastore.
I'll dig around some more on the VMware forums to see if there's any workaround that issue.
From the testings that I've been doing on ESXi the permissions set in the Permissions tab on the VI Client seem to take over the actual 'linux' permissions set on individual folders manually. So it looks like you can toggle access to Datastores as a whole to either on or off but not to a specific datastore.
I'll dig around some more on the VMware forums to see if there's any workaround that issue.
Who is online
Users browsing this forum: Semrush [Bot] and 115 guests