I'm curious if the connection for Veeam ONE to monitor Veeam Backup for M365 is encrypted. I see the setup article at https://helpcenter.veeam.com/docs/one/d ... ml?ver=120. There is a certificate it checks. The article says that "Veeam ONE uses the saved thumbprint to verify the server identity and avoid the man-in-the-middle attack."
So it uses a certificate for verification but is the actual network traffic encrypted?
-
- Service Provider
- Posts: 98
- Liked: 13 times
- Joined: Dec 16, 2020 7:03 pm
- Full Name: Eric Henke
- Contact:
-
- Veeam Software
- Posts: 1489
- Liked: 654 times
- Joined: Jul 17, 2015 6:54 pm
- Full Name: Jorge de la Cruz
- Contact:
Re: Veeam ONE Connection to Veeam Backup for M365
Hello Eric,
All our connections between VONE towards VB365 server happen at VB365 API level, using HTTPS. If you explore the logs a bit, you will see how VONE authenticates using SSL/TLS
And then how it gets data using the API endpoints, always using SSL/TLS:
As per usual, we will recommend you have the connection between Veeam ONE and the rest of the items it monitors on separate VLAN from other services, etc. And control which system access what system over what port; for example, VONE connects to VB365 using the API Port (Default:4443), so if nothing else makes use of it, force the Firewall to have it closed and only opened to Veeam ONE Server, etc.
Hope it helps.
All our connections between VONE towards VB365 server happen at VB365 API level, using HTTPS. If you explore the logs a bit, you will see how VONE authenticates using SSL/TLS
Code: Select all
08.03.23 14:31:41 [INF] 0x12c0 235t 5114c CompatibilityService - - - - - : <--SendAsync (in 0:00:00.0103316)
08.03.23 14:32:14 [INF] 0x12c0 133t 5114c CompatibilityService - - - - - : -->SendAsync POST 'v7/Token'
08.03.23 14:32:14 [INF] 0x12c0 105t 5114c CompatibilityService - - - - - : <--SendAsync (in 0:00:00.3973837)
08.03.23 14:32:14 [INF] 0x12c0 105t 5114c CompatibilityService - - - - - : Authorization successful for user '"jorgedelacruz\administrator"'. Server: 'https://192.168.1.32:4443/'
08.03.23 14:32:14 [INF] 0x12c0 105t 5114c CompatibilityService - - - - - : -->SendAsync GET 'v7/ServiceInstance'
08.03.23 14:32:14 [INF] 0x12c0 235t 5114c CompatibilityService - - - - - : <--SendAsync (in 0:00:00.0307137)
08.03.23 14:32:14 [INF] 0x12c0 133t 5114c CompatibilityService - - - - - : -->SendAsync GET 'v7/License'
Code: Select all
08.03.23 14:48:30 [INF] 0x0c0c 213t 1438c VbmRestorePointLoader - - - - - : -->SendAsync GET '/v7/RestorePoints/fb37151b-4a83-4c1e-8e79-df3cd67330a5bac178c0-85a4-4885-8245-95a397c23cb6/protectedUsers?offset=0&limit=5000'
Hope it helps.
Jorge de la Cruz
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
-
- Service Provider
- Posts: 98
- Liked: 13 times
- Joined: Dec 16, 2020 7:03 pm
- Full Name: Eric Henke
- Contact:
Re: Veeam ONE Connection to Veeam Backup for M365
Ok, thanks for the information!
Eric
Eric
Who is online
Users browsing this forum: No registered users and 4 guests