Comprehensive data protection for all workloads
Post Reply
isaez
Enthusiast
Posts: 29
Liked: 4 times
Joined: Aug 16, 2019 11:36 am
Full Name: Ivan Saez Scheihing
Contact:

rman plugin 12 veeam_config.xml

Post by isaez »

Hi,

On our linux systems the veeam credentials are stored in the veeam_config.xml file: vbrPassword. The value of vbrPassword is encoded in some way. My question is: is this encoding safe? or is it a easy to crack encoding?
My question is because of the ever increasing security requirements.
I couldn't find any info on the vbrpassword encoding on the veeam resources and google.

regards,

Ivab
Andreas Neufert
VP, Product Management
Posts: 7073
Liked: 1506 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: rman plugin 12 veeam_config.xml

Post by Andreas Neufert »

Hi Ivan,

The VBR connection password is stored encrypted in the veeam_config.xml file. Various hardware numbers are used for the encryption similar to what databases with machine key encryption are using. Basically you can copy the file to another server, but you will not be able to login with it. To be able to use passwords against a system you need to implement local ways to retrieve the password and authenticate then to the remote system for that reason all local encrypted stored passwords can be retrieved with the specific decryption methods (does not matter what backup tool or software/database you use). For that reason it is important that a normal user do not get access to the XML file. It is as well best practices to give any client an own (non admin) account on the VBR server. That way you ensure that only the specific plug-in can read their own data.

There is a second configuration option that you might consider. With v12 we introduced an option to use protection groups to distribute/update the plug-ins and this method uses certificate based authentication against the backup server, which means there is no password in use at all.
isaez
Enthusiast
Posts: 29
Liked: 4 times
Joined: Aug 16, 2019 11:36 am
Full Name: Ivan Saez Scheihing
Contact:

Re: rman plugin 12 veeam_config.xml

Post by isaez » 1 person likes this post

Andreas,

Thank you for the explanation. I'll start checking the permissions for the veeam_config.xml on all our servers.
And I'll read more about the certificate based authentication. It seems a good solution.

regards,

Ivan
Post Reply

Who is online

Users browsing this forum: Bing [Bot], mdippold, Paul.Loewenkamp and 84 guests