The word from Gostev 10th Sep 2018

[ian0x0r]

Morning all,

A very informative word from Gostev today about ReFS adoption and where the reported issues usually lie. What piqued my interest though was whether or not the sample set of 13500 sets of debug log data was voluntarily submitted to Veeam as part of a support case OR if Veeam has some kind of anonymous phone home capability (I don't think it does)?

Any insight into this would be greatly appreciated

Thanks,

Ian

[Gostev]

What piqued my interest though was whether or not the sample set of 13500 sets of debug log data was voluntarily submitted to Veeam as part of a support case

This. We don't have any sort of phone home for debug logs, and not planning to be introducing one.

[ian0x0r]

Thanks for the quick response Anton

Ian

[k00laid]

Is the data anonymized in the process of doing the data mining? While I trust Veeam with my data having VM and job names show up in a paste bin in the case of something silly happen would be awkward.

[Rick.Vanover]

Guys there absolutely is no dial home. In fact, most B&R servers are off the Internet - that's a good practice too.

[Rick.Vanover]

The other thing I would add is that now with SO MANY customers - we have some very good aggregated views on data, additionally - there are corner cases in the corner of the corner. LOL

[Gostev]

Is the data anonymized in the process of doing the data mining? While I trust Veeam with my data having VM and job names show up in a paste bin in the case of something silly happen would be awkward.

I don't really understand your question, perhaps you're thinking some other type of reports? May be you can give me an example of what kind of big data report output you have in mind that may require anonymization?

Because at least in our case, it's all about collecting numbers for statistics purposes, for example - the number of ESXi hosts of certain version that we consider dropping. And even if I imagine some nonsense report that would actually tie up to a VM name or job name, for the results to be actionable in case of big data, it would have to be something like "What percent of customers have a VM named myCriticalVM", and the output of this report will still be the number (or percent) of deployments in the data set. So, there's nothing to anonymize here further?

In other words, "anonymization" of big data into numbers is specifically what makes it usable and actionable.

[dellock6]

Guys there absolutely is no dial home. In fact, most B&R servers are off the Internet - that's a good practice too.

Not if you want license auto-update

[AlexLeadingEdge]

Not if you want license auto-update

And remote administration...

[Gostev]

In the environments where security is important, remote administration is usually done through a jumpbox, so the backup server itself is never connected to the Internet.

[nmdange]

For real security, you should be using a Privileged Access Workstation. Jump boxes are not really all that useful, since the computer you are typing your password on and also using to browse the internet could be much more easily compromised. https://docs.microsoft.com/en-us/window ... rkstations

Not really relevant to this discussion, but ever since I learned about PAW, it's been my mission to educate people on the value of using them for security

[Gostev]

I mean, jump box is the name of the concept. PAW is one of the possible implementations of a jump box for Windows shops (instead of the classic Windows Server with RDS). For example, in Unix world a typical jump box is a hardened Unix (or Unix-like) machine configured with SSH and a local firewall.

[nmdange]

The key point of PAW and not a jump box is that the physical device an administrator is using must be hardened. If you use that device for other purposes like e-mail, web browsing, etc., or if it's accessible to lower privilege user accounts (desktop support techs, or other domain users) then there is a risk the device you use being compromised and your administrator credentials being captured by a keylogger or other malware. In the past, this often meant having two separate laptops/desktops, but now you can run VMs locally to accomplish the same goal. But the important part is that the untrusted/non-admin workload (e-mail, web browsing), takes place in a VM. The Administration workload can be on the physical device or in a second VM. A jump box could still be used, but you must secure the physical endpoint.

[stubbint]

And remote administration...

And access to a Cloud Repository....