Hi,
The documentation states that Veeam ONE has to use port 22(SSH) to a Linux repository.
https://helpcenter.veeam.com/docs/one/d ... ml?ver=110
But best practice for a Hardened Repository is to shutdown SSH.
Any planes for shifting to using Veeam ports for this ?
-
Henrik.Grevelund
- Service Provider
- Posts: 171
- Liked: 26 times
- Joined: Feb 13, 2017 2:56 pm
- Full Name: Henrik Grevelund
- Contact:
Hardened Repository with Veeam ONE
Have nice day,
Henrik
Henrik
-
Vitaliy S.
- VP, Product Management
- Posts: 27377
- Liked: 2799 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Hardened Repository with Veeam ONE
Hi Henrik,
It appears that Veeam ONE does not need SSH port to the repository at all. I'm double-checking it with the QA team now.
Thanks!
It appears that Veeam ONE does not need SSH port to the repository at all. I'm double-checking it with the QA team now.
Thanks!
-
Henrik.Grevelund
- Service Provider
- Posts: 171
- Liked: 26 times
- Joined: Feb 13, 2017 2:56 pm
- Full Name: Henrik Grevelund
- Contact:
Re: Hardened Repository with Veeam ONE
Hi Vitaliy,
Did you manage to get an answer from the QA team ?
Did you manage to get an answer from the QA team ?
Have nice day,
Henrik
Henrik
-
Vitaliy S.
- VP, Product Management
- Posts: 27377
- Liked: 2799 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Hardened Repository with Veeam ONE
Hi Henrik,
Yes, just got the answer from the QA team. SSH port is not needed and we will adjust it in our documentation.
Thanks!
Yes, just got the answer from the QA team. SSH port is not needed and we will adjust it in our documentation.
Thanks!
-
exarchbcn
- Novice
- Posts: 7
- Liked: 3 times
- Joined: Sep 27, 2022 8:21 am
- Full Name: Llorenc
- Contact:
Re: Hardened Repository with Veeam ONE
Hello,
Could you please details the ports needed to open for Veeam ONE to be able to monitor a Linux Repository? For Windows is documented but I don't see any reference here: https://helpcenter.veeam.com/docs/one/d ... ml?ver=110
Thanks in advance
Could you please details the ports needed to open for Veeam ONE to be able to monitor a Linux Repository? For Windows is documented but I don't see any reference here: https://helpcenter.veeam.com/docs/one/d ... ml?ver=110
Thanks in advance
-
Mildur
- Product Manager
- Posts: 9846
- Liked: 2607 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Hardened Repository with Veeam ONE
Hi Llorenc
You don't have to open any ports. Veeam One does not communicate directly with a Linux repository.
Monitoring data of Linux repositories is pulled from the VBR server.
Thanks
Fabian
You don't have to open any ports. Veeam One does not communicate directly with a Linux repository.
Monitoring data of Linux repositories is pulled from the VBR server.
Thanks
Fabian
Product Management Analyst @ Veeam Software
-
exarchbcn
- Novice
- Posts: 7
- Liked: 3 times
- Joined: Sep 27, 2022 8:21 am
- Full Name: Llorenc
- Contact:
Re: Hardened Repository with Veeam ONE
Thanks for the prompt response.
Best Regards,
Llorenç
Best Regards,
Llorenç
-
kaffeine
- Enthusiast
- Posts: 39
- Liked: 17 times
- Joined: Jun 04, 2018 8:03 am
- Full Name: Espresso Doppio
- Location: Austria
- Contact:
Re: Hardened Repository with Veeam ONE
Hello,
we're deploying a new hardened linux repo based on SLES 15 SP3 (IP ending with .52), which itself is a SOBR extent (the only extent at the moment). We followed the official guide regarding the needed ports:
Everything worked as planed, the (physical) B&R Backup Server (IP ending with .50) was able to install everything through SSH (which was later disabled) and deploy the needed components.
We then setup Veeam ONE (client and server) on a different physical server and point it to the B&R Backup Server, with unrestricted TCP communication (Veeam ONE --> B&R). As Mildur points out, Veeam ONE does not connect directly to the Linux Repos, but instead pulls the needed data from B&R.
Veeam ONE is able to fully collect everything from the B&R Server itself, but it triggers a warning regarding the SOBR, a generic "Backup Repository Connection Failure". Our SLES repo has only a minimal set of allowed traffic, and while checking the logs for denied traffic we saw the following:
So it seems that every few minutes the B&R Server tries to fetch data through UDP 137 from the SLES Repo. This denied traffic only started appearing AFTER we installed Veeam ONE, so I suppose these UDP calls are originated on Veeam ONE.
According to the official guide, the port 137 is used only between ONE client and ONE Server, NOT between Veeam ONE and Veeam B&R.
My question: has anyone seen a similar behaviour? Are these UPD 137 requests as expected or is something wrong with our setup?
Regards
we're deploying a new hardened linux repo based on SLES 15 SP3 (IP ending with .52), which itself is a SOBR extent (the only extent at the moment). We followed the official guide regarding the needed ports:
Everything worked as planed, the (physical) B&R Backup Server (IP ending with .50) was able to install everything through SSH (which was later disabled) and deploy the needed components.
We then setup Veeam ONE (client and server) on a different physical server and point it to the B&R Backup Server, with unrestricted TCP communication (Veeam ONE --> B&R). As Mildur points out, Veeam ONE does not connect directly to the Linux Repos, but instead pulls the needed data from B&R.
Veeam ONE is able to fully collect everything from the B&R Server itself, but it triggers a warning regarding the SOBR, a generic "Backup Repository Connection Failure". Our SLES repo has only a minimal set of allowed traffic, and while checking the logs for denied traffic we saw the following:
So it seems that every few minutes the B&R Server tries to fetch data through UDP 137 from the SLES Repo. This denied traffic only started appearing AFTER we installed Veeam ONE, so I suppose these UDP calls are originated on Veeam ONE.
According to the official guide, the port 137 is used only between ONE client and ONE Server, NOT between Veeam ONE and Veeam B&R.
My question: has anyone seen a similar behaviour? Are these UPD 137 requests as expected or is something wrong with our setup?
Regards
-
kaffeine
- Enthusiast
- Posts: 39
- Liked: 17 times
- Joined: Jun 04, 2018 8:03 am
- Full Name: Espresso Doppio
- Location: Austria
- Contact:
Re: Hardened Repository with Veeam ONE
PS: it seems the connection error between B&R and the SLES Repo was caused by something else, and the 137-138 UDP packets were coincidentally in the network traffic as NetBIOS "background noise" at the same time Veeam ONE was deployed. So I can also attest to the fact that there's no direct data flow between Veeam ONE and the Repo 
Regards
Regards
-
RomanK
- Veeam Software
- Posts: 745
- Liked: 191 times
- Joined: Nov 01, 2016 11:26 am
- Contact:
Re: Hardened Repository with Veeam ONE
Hello kaffeine,
That is true, there is no data flow between the Veeam ONE and the repository.
If you open the "Backup Repository Connection Failure" alarm in the Veeam ONE client, on the rule type you would see "State". The states are collected from the WMI on a backup server. There is no need for a direct connection to the repository.
Having that, there could be some records in the VBR logs which could help to troubleshoot the connection. You may contact the support team and let them review the logs to find out the cause of the issue.
Thanks
That is true, there is no data flow between the Veeam ONE and the repository.
If you open the "Backup Repository Connection Failure" alarm in the Veeam ONE client, on the rule type you would see "State". The states are collected from the WMI on a backup server. There is no need for a direct connection to the repository.
Having that, there could be some records in the VBR logs which could help to troubleshoot the connection. You may contact the support team and let them review the logs to find out the cause of the issue.
Thanks
Who is online
Users browsing this forum: No registered users and 4 guests