Monitoring and reporting for Veeam Data Platform
Post Reply
EricinIT
Service Provider
Posts: 61
Liked: 9 times
Joined: Dec 16, 2020 7:03 pm
Full Name: Eric
Contact:

Veeam ONE Connection to Veeam Backup for M365

Post by EricinIT »

I'm curious if the connection for Veeam ONE to monitor Veeam Backup for M365 is encrypted. I see the setup article at https://helpcenter.veeam.com/docs/one/d ... ml?ver=120. There is a certificate it checks. The article says that "Veeam ONE uses the saved thumbprint to verify the server identity and avoid the man-in-the-middle attack."

So it uses a certificate for verification but is the actual network traffic encrypted?
jorgedlcruz
Veeam Software
Posts: 1327
Liked: 608 times
Joined: Jul 17, 2015 6:54 pm
Full Name: Jorge de la Cruz
Contact:

Re: Veeam ONE Connection to Veeam Backup for M365

Post by jorgedlcruz »

Hello Eric,
All our connections between VONE towards VB365 server happen at VB365 API level, using HTTPS. If you explore the logs a bit, you will see how VONE authenticates using SSL/TLS

Code: Select all

08.03.23 14:31:41 [INF] 0x12c0  235t 5114c CompatibilityService  -   -   -   -   - : <--SendAsync (in 0:00:00.0103316) 
08.03.23 14:32:14 [INF] 0x12c0  133t 5114c CompatibilityService  -   -   -   -   - : -->SendAsync POST 'v7/Token'
08.03.23 14:32:14 [INF] 0x12c0  105t 5114c CompatibilityService  -   -   -   -   - : <--SendAsync (in 0:00:00.3973837) 
08.03.23 14:32:14 [INF] 0x12c0  105t 5114c CompatibilityService  -   -   -   -   - : Authorization successful for user '"jorgedelacruz\administrator"'. Server: 'https://192.168.1.32:4443/'
08.03.23 14:32:14 [INF] 0x12c0  105t 5114c CompatibilityService  -   -   -   -   - : -->SendAsync GET 'v7/ServiceInstance'
08.03.23 14:32:14 [INF] 0x12c0  235t 5114c CompatibilityService  -   -   -   -   - : <--SendAsync (in 0:00:00.0307137) 
08.03.23 14:32:14 [INF] 0x12c0  133t 5114c CompatibilityService  -   -   -   -   - : -->SendAsync GET 'v7/License'
And then how it gets data using the API endpoints, always using SSL/TLS:

Code: Select all

08.03.23 14:48:30 [INF] 0x0c0c  213t 1438c VbmRestorePointLoader -   -   -   -   - : -->SendAsync GET '/v7/RestorePoints/fb37151b-4a83-4c1e-8e79-df3cd67330a5bac178c0-85a4-4885-8245-95a397c23cb6/protectedUsers?offset=0&limit=5000'
As per usual, we will recommend you have the connection between Veeam ONE and the rest of the items it monitors on separate VLAN from other services, etc. And control which system access what system over what port; for example, VONE connects to VB365 using the API Port (Default:4443), so if nothing else makes use of it, force the Firewall to have it closed and only opened to Veeam ONE Server, etc.

Hope it helps.
Jorge de la Cruz
Senior Product Manager | Veeam ONE @ Veeam Software

@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2023 / InfluxAce / Grafana Champion
EricinIT
Service Provider
Posts: 61
Liked: 9 times
Joined: Dec 16, 2020 7:03 pm
Full Name: Eric
Contact:

Re: Veeam ONE Connection to Veeam Backup for M365

Post by EricinIT »

Ok, thanks for the information!

Eric
Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests