-
- Novice
- Posts: 3
- Liked: never
- Joined: May 16, 2014 4:43 pm
- Full Name: JJ
- Contact:
Saved credentials -VBR v7 - WTF ?
Hi,
i just downloaded the current version of veeam backup and replication and installed it on a windows 2008 server to connect to our Vsphere 5.5 to copy some vm´s to our test environment. During the old times i just started veeam fastscp (small and installed fast) and added the vcenters (fast) without saving the permissions and copied the files. That was it. Closing the program meas credentials and password is gone.
Now i have to install sql server, tools and stuff what i don´t need. Ok thats it. Next step is adding a server to connect so the 2 vcenters. No problem but WHY, why do i have to save my credentials? Not only that but if a other user, which has also rights on this server starts VBR he can use my credentials and could do what he wants in the vcenters.
Am i dreaming or is this real the way to use this? I just thing "wtf?!?!" where is the button to hold my credentials private? i don´t other users to have my connections, my favorites and most not my credentials.
So I´m new in the product so i hope i just don´t see the right way to add the vcenters, so could you bring a bit light in this?
thx
i just downloaded the current version of veeam backup and replication and installed it on a windows 2008 server to connect to our Vsphere 5.5 to copy some vm´s to our test environment. During the old times i just started veeam fastscp (small and installed fast) and added the vcenters (fast) without saving the permissions and copied the files. That was it. Closing the program meas credentials and password is gone.
Now i have to install sql server, tools and stuff what i don´t need. Ok thats it. Next step is adding a server to connect so the 2 vcenters. No problem but WHY, why do i have to save my credentials? Not only that but if a other user, which has also rights on this server starts VBR he can use my credentials and could do what he wants in the vcenters.
Am i dreaming or is this real the way to use this? I just thing "wtf?!?!" where is the button to hold my credentials private? i don´t other users to have my connections, my favorites and most not my credentials.
So I´m new in the product so i hope i just don´t see the right way to add the vcenters, so could you bring a bit light in this?
thx
-
- Chief Product Officer
- Posts: 31804
- Liked: 7298 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Saved credentials -VBR v7 - WTF ?
Hi, actually other users simply cannot logon to the management UI and thus use any saved credentials, unless you purposely make them Full Administrators under User and Roles.
Normally, you want to add vCenter servers using a service account, and not your personal account. This way, you will not have to update the vCenter connection each time you change your password.
Thanks!
Normally, you want to add vCenter servers using a service account, and not your personal account. This way, you will not have to update the vCenter connection each time you change your password.
Thanks!
-
- Novice
- Posts: 3
- Liked: never
- Joined: May 16, 2014 4:43 pm
- Full Name: JJ
- Contact:
Re: Saved credentials -VBR v7 - WTF ?
What??
Again:
Installed Backup And Recovery on windows 2008 as Administrator.
Startet app in Free Mode
Added vcenter Servers.
A normal user with only user permissions and another Administrator of windows NOT vmware can start and use the entered users. Does a service account change this? No! Still everybody can use everything.
So ??!?! Every normal User adds the servers and permissions and thinks it is like in visionapp Remote Desktop where you have privacy...
So could you please explain how i or we users can keep our permissions and servers private in the Free Edition? Because this fact wasn't presented during the show of the veeam technical and sales experts.
Again:
Installed Backup And Recovery on windows 2008 as Administrator.
Startet app in Free Mode
Added vcenter Servers.
A normal user with only user permissions and another Administrator of windows NOT vmware can start and use the entered users. Does a service account change this? No! Still everybody can use everything.
So ??!?! Every normal User adds the servers and permissions and thinks it is like in visionapp Remote Desktop where you have privacy...
So could you please explain how i or we users can keep our permissions and servers private in the Free Edition? Because this fact wasn't presented during the show of the veeam technical and sales experts.
-
- Expert
- Posts: 123
- Liked: 16 times
- Joined: Aug 28, 2013 9:46 am
- Full Name: Thomas Braun
- Location: Germany.Europe.Terra.Sol.Milkyway.Localgroup.Virgo
- Contact:
Re: Saved credentials -VBR v7 - WTF ?
How about limiting access to the VEEAM executable via NTFS rights?User0815 wrote: So ??!?! Every normal User adds the servers and permissions and thinks it is like in visionapp Remote Desktop where you have privacy...
Apart from that, normal users should not have any access to parts of the IT infrastructure such as servers or routers. There is not much more I can add to this.
Problem solved.
-
- Influencer
- Posts: 12
- Liked: 11 times
- Joined: Nov 20, 2010 10:03 pm
- Contact:
Re: Saved credentials -VBR v7 - WTF ?
AGREE. If you allow normal users to logon as administrators to your Domain Controller or Exchange servers like you do with the backup server, you have much bigger problem right now.
-
- VeeaMVP
- Posts: 6166
- Liked: 1971 times
- Joined: Jul 26, 2009 3:39 pm
- Full Name: Luca Dell'Oca
- Location: Varese, Italy
- Contact:
Re: Saved credentials -VBR v7 - WTF ?
Agree with both, the problem is not having saved credentials into Veeam console, rather having non authorized people logging into the Windows server holding Veeam services. Nothing different than any other production system.
Saved credentials was added to ease the effort when updating credentials that are used in multiple jobs and location, since with it you now only need to update it once in the credential manager, instead of crawling into several jobs to check wherever it's used, and probably missing some in large deployments.
Saved credentials was added to ease the effort when updating credentials that are used in multiple jobs and location, since with it you now only need to update it once in the credential manager, instead of crawling into several jobs to check wherever it's used, and probably missing some in large deployments.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
Who is online
Users browsing this forum: DanielJ and 159 guests