Hi
Scenario:
* 4 racks in same DC - each have independant firewalls/switches/networks from each other
* Veeam B&R server and local NAS storage for backup repo's in Rack 1
* Offsite NAS which doesnt come in to play for my question below
Currently Veeam B&R server has NIC's for each network in each rack and has direct lan cable links into each racks switches, so a big security hole potentially in the B&R server ever got compromised.
How is best to backup the servers in each rack back to the NAS in Rack 1?
VPN between racks?
WAN accelerators?
Additional B&R servers in racks 2,3 and 4 into a seperate switch in rack 1 which then uplinks to the repo NAS in Rack 1?
Another way?
Jobs are synthetic fulls at the mo, backs up approx 100GB-150GB from each rack each night
Thanks in advance for any help and pointers
-
FTL
- Enthusiast
- Posts: 48
- Liked: 4 times
- Joined: Apr 04, 2017 2:58 pm
- Contact:
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2296 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Veeam Design Query
Hello FTL
I suggest to have all components in different subnets. Use a firewall to limit the ports between the different components. We provide an example on how to segment the backup server from the production environment in our best practice guide: https://bp.veeam.com/security/Design-an ... sing-zones
Best,
Fabian
I suggest to have all components in different subnets. Use a firewall to limit the ports between the different components. We provide an example on how to segment the backup server from the production environment in our best practice guide: https://bp.veeam.com/security/Design-an ... sing-zones
Not necessarily required. A good firewall to protect the different components protects your backup environment.VPN between racks?
WAN accelerators to not provide any security benefits. They are mainly used for backup copy or replication jobs when you have a lot of data to transfer over a WAN connection.WAN accelerators?
A single Backup Server will work when you open all necessary ports on the firewall. Important, make sure that none works on directly on the backup server. The backup server must only be accessed with RDP or other tools for maintenance tasks. All Veeam backup related tasks should only be done with the console from a management machine. May I ask, is the backup server a VM or a physical machine?Additional B&R servers in racks 2,3 and 4 into a separate switch in rack 1 which then uplinks to the repo NAS in Rack 1?
Is there another backup storage in place? There should be at least one backup copy which is immutable or Air-gapped.Veeam B&R server and local NAS storage for backup repo's in Rack 1
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: Semrush [Bot] and 110 guests