by gyrosc0pe » Mon Nov 14, 2016 11:18 am people like this post
We've had a case where an admin deleted a replica VM from Veeam's replica repository but it turned out to be a production server (seems it was a replica VM back in the days but was failed over to production) Veeam deleted this 'replica' server with no questions, it shutdown the server first and delete it from disk next, no traces left. We want to avoid this happening in the future so my post here, is there a way to create a rule maybe, within Veeam which stops anybody from deleting a VM?
by PTide » Mon Nov 14, 2016 3:27 pm people like this post
Would it be sufficient to prompt the user to shutdown the VM manually first instead of shutting it down automatically? Even with password or a special role there is no guarantee that someone who has the privilege to delete VMs won't make the same mistake.
by gyrosc0pe » Mon Nov 14, 2016 4:34 pm people like this post
A prompt would be somethign, not what i'm looking for but at least some type of step before deletion. What I've noticed is that, for instance, although I log to the V&R server with my admin account, the actions towards the VMWare cluster are done in the background by the Veeam account it uses to connect to VMWare servers which has full permissions. So modifying permissions in VMWare to this Veeam account would mean restricting Veeam doing its work, hence i posted this hoping there's Veeam 'permission' which could limit my admin account .... maybe a long shot?
by DaStivi » Tue Nov 15, 2016 8:45 am people like this post
am i wrong, when doing a failover and finishing all processes the vm disapears from Veeam console? as with a instantVM recovery... maybe another thought, when this was an production vm, hopefully on a productive datastore, is there an backup?!
by gyrosc0pe » Tue Nov 15, 2016 12:07 pm people like this post
Thanks for your input, Dastivi, im not going to discuss that, I described that scenario as a possible cause for our incident but it could have been something else. I'm looking for a solution to avoid anything similar happening again, an admin deleting a production VM from Veeam's console Some Veeam rule set, permissions, rule applied to VM tag.... a third party tool... I'm assuming this doesn't exist as I'm not seeing any solution from anybody.