Hello...So we picked up a new customer and they have a Linux Hardened Repo running on site and it works very well (on a separate server).  However, the Veeam backup and replication is running directly on the Hyper-V Host.  Obviously this is not good if the domain creds are compromised.  Even if the linux repo has a immutable date of 10 days (which this customer has) then an attacker can just lower retention and wait out the immutability. 
So we can recommend a separate box but what do you all think about spinning up a new VM on the Hyper-V host running something like Windows 10 and configure it to be off the domain.  And then even enable VTPM and setup the VM with bitlocker so an attacker can not not use everyday tools to crack the password and get into the Backup and replication console to play with retention settings.  What are the thoughts on this?  I know the attacker can simply wipe the VM that is running backup and replication but as long as we maintain a separate location for the configuration backup the Linux repo should remain unmolested and we can recover.
Or should I just recommend that they get a separate physical box to run B&R?  
Thanks for any info.
Dave
			
			
									
						
										
						- 
				dhayes16
- Service Provider
- Posts: 208
- Liked: 23 times
- Joined: Feb 12, 2019 2:31 pm
- Full Name: Dave Hayes
- Contact:
- 
				HannesK
- Product Manager
- Posts: 15598
- Liked: 3445 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: VBR on VM
Hello,
agree, running software on the parent partition on Hyper-V is a bad idea in general and also unsupported. Running the backup server in a VM is supported and usually the best "price / value" for that size of customer.
I prefer the standalone host as primary backup target. then backup copy to hardened repository. But I understand that for very small customers, this might be "too much"
Best regards,
Hannes
			
			
									
						
										
						agree, running software on the parent partition on Hyper-V is a bad idea in general and also unsupported. Running the backup server in a VM is supported and usually the best "price / value" for that size of customer.
I prefer the standalone host as primary backup target. then backup copy to hardened repository. But I understand that for very small customers, this might be "too much"
Best regards,
Hannes
- 
				srdegeus
- Enthusiast
- Posts: 40
- Liked: 5 times
- Joined: Jul 03, 2018 6:27 pm
- Contact:
Re: VBR on VM
I would definitely recommend to run the Veeam Server in a VM.
Note that you need to assign enough memory to the VM if it is running all the Veeam roles, including console. I usually assign 12GB to a VBR VM (or more if it is a large site with a lot of jobs/VMs.)
However I would not use Windows 10 for this. Technically there is no issue, this would work just fine, but the Windows 10 EULA does not allow you to use Windows 10 as a server.
			
			
									
						
										
						Note that you need to assign enough memory to the VM if it is running all the Veeam roles, including console. I usually assign 12GB to a VBR VM (or more if it is a large site with a lot of jobs/VMs.)
However I would not use Windows 10 for this. Technically there is no issue, this would work just fine, but the Windows 10 EULA does not allow you to use Windows 10 as a server.
- 
				dhayes16
- Service Provider
- Posts: 208
- Liked: 23 times
- Joined: Feb 12, 2019 2:31 pm
- Full Name: Dave Hayes
- Contact:
Re: VBR on VM
Thanks very much for the responses on this.  I appreciate it!
			
			
									
						
										
						Who is online
Users browsing this forum: No registered users and 29 guests