Page 1 of 1

VBR in security perspective

Veeam LogoPosted: Sun Jun 11, 2017 4:46 pm
by LMS
Hi

We are looking for security best practice recommendations with VBR. As of now using Windows Repositories (FC NetApp SAN), in Hyper V 2012 R2 environment. At present VBR is member of the same Domain, planning to create a separate dedicated AD Domain for VBR and make the VBR server member of this domain. What are the general practices on security perspective?

Thanks in advance

Re: VBR in security perspective

Veeam LogoPosted: Mon Jun 12, 2017 5:54 am
by Mike Resseler
Hi LMS,

I would not dare to say that there are general practices since many organizations will organize their security differently and based on those practice, you can work with VBR server also. A few things to think about:

1) Putting VBR server in a different domain is perfectly possible.
2) Try to use a specific username/ password (as lengthy as possible :-)) for your repository. Write it somewhere, put it in an envelope and move it to the companies safety vault
3) Depending on how many backup admins you have, try to keep them as low as possible and use roles in enterprise manager to keep the restore operators from seeing everything

These are just a few to start with. Obviously I would advise firewall (even windows firewall to start with) and blocking network traffic between servers and VBR if that is not necessary. But it would obviously take some time to map all that out

Just a start
Mike

Re: VBR in security perspective

Veeam LogoPosted: Thu Jun 22, 2017 10:18 pm
by jmmarton
Another thing to consider is to not join the repository to the domain and use a local user for it. Then continue on with step 2 that Mike outlined.

Joe