I want to use a Linux hardened repository to backup my domain controllers for example with the idea to be able to restore the active directory after a ransomware attack and all domain controllers encrypted. (god damn worst case scenario
) The process should look like:1 restore physical Domain controller froms scratch (veeam bootable media recovery)
2 restore active directory to this restored domain controller server
If I'm right, I need a "veeam mount server" to restore the active directory in step 2? What is best practice ins such a scenario? I don't want to use one of my "standard" mount servers, because then I have to open quite a few ports from mount server to veeam hardened repo server. (Hardened repo server is in a separate subnet, which is only accessible via firewall from all other Veeam components) But if I install mount server role to the hardened repo server (not sure if this is possible on a hardened repo server), then I have to open quite a few ports from the VBR server to the hardened repository server. For example port tcp 6170 and the whole RPC portrange (tcp 49152 to 65535)!
I don't want this firewall to have as many holes as a Swiss cheese.
any thoughts or idea's?
sandsturm