Backing up virtual machines in DMZ

VMware specific discussions

Re: Backing up virtual machines in DMZ

Veeam Logoby foggy » Thu Oct 01, 2015 2:47 pm

btmaus wrote:Which section do I need to look at?

VM Guest OS Connections section.
foggy
Veeam Software
 
Posts: 14728
Liked: 1077 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

[MERGED] Guest Processing - through a firewall

Veeam Logoby Jack1874 » Tue Jan 26, 2016 7:48 pm

Guys, our environment has some domain controllers in the DMZ.

We want to enable Guest Processing to back them up using a Service Account in the DMZ.

Currently it fails as there is no authentication through the firewall to allow the service account to reach the DMZ from the backup server.

Is anyone doing this successfully? What ports did you need to open on the firewall.

Thoughts??
Jack1874
Enthusiast
 
Posts: 88
Liked: 4 times
Joined: Sat Oct 17, 2015 3:32 pm
Location: Canada
Full Name: Stuart Little

Re: Backing up virtual machines in DMZ

Veeam Logoby foggy » Tue Jan 26, 2016 8:59 pm

What message do you see on the job failure? Actually, direct network connection is not required for guest processing, see details above.
foggy
Veeam Software
 
Posts: 14728
Liked: 1077 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Tue Jan 26, 2016 11:04 pm

@Jack1874 ... I use the VIX method now for the VMs in my DMZ, as suggested earlier in this thread.

@foggy ... One DMZ VM in particular keeps on producing this warning (with VIX enabled):

Code: Select all
Failed to prepare guest for hot backup. Details: Failed to connect to guest agent. Errors:
'Cannot connect to the host's administrative share. Host:  [xyz.xyz.xyz.xyz]. Account: [Administrator].
Win32 error:The trust relationship between this workstation and the primary domain failed.
 Code: 1789


Idea's?
'
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby foggy » Wed Jan 27, 2016 9:47 am

Glenn, check whether UAC is disabled on the VM and whether you're using Domain Administrator account, since one of those is required to perform application-aware image processing work over VIX.
foggy
Veeam Software
 
Posts: 14728
Liked: 1077 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Backing up virtual machines in DMZ

Veeam Logoby v.Eremin » Wed Jan 27, 2016 12:03 pm

Also, you can choose a VM sitting in DMZ as guest interaction proxy and let it push run-time process to the required VMs there. Thanks.
v.Eremin
Veeam Software
 
Posts: 13266
Liked: 968 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Thu Jan 28, 2016 3:25 am

@foggy ... it's using the Local Administrator account to backup the VM.

So if I place a Guest Interaction Proxy in the DMZ, then I can backup all my DMZ VMs using application-aware processing (which I can't at the moment)?
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby PTide » Thu Jan 28, 2016 8:08 am

foggy ... it's using the Local Administrator account to backup the VM
Please make sure that you can connect to the admin share (for example, \\Server Name\admin$) with the same credentials as provided to Veeam Backup & Replication for guest processing.

So if I place a Guest Interaction Proxy in the DMZ, then I can backup all my DMZ VMs using application-aware processing (which I can't at the moment)?
Yes, but you'll have to provide a two-way communication between guest proxy and VBR.

Thank you.
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Re: Backing up virtual machines in DMZ

Veeam Logoby v.Eremin » Thu Jan 28, 2016 12:50 pm

btmaus wrote:So if I place a Guest Interaction Proxy in the DMZ, then I can backup all my DMZ VMs using application-aware processing (which I can't at the moment)?

Correct, but be aware to open TCP 6190 between backup server and guest interaction proxy.Thanks.
v.Eremin
Veeam Software
 
Posts: 13266
Liked: 968 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Thu Jan 28, 2016 8:50 pm

PTide wrote:
foggy ... it's using the Local Administrator account to backup the VM
Please make sure that you can connect to the admin share (for example, \\Server Name\admin$) with the same credentials as provided to Veeam Backup & Replication for guest processing.


It can't, as it's in the DMZ and doesn't have all those ports open. I have the options ticked to use both application-aware and vSphere quiesce, from reading the documentation I thought it should failover to using vSphere (no need for connection to admin share)? Or am I wrong?

So if I place a Guest Interaction Proxy in the DMZ, then I can backup all my DMZ VMs using application-aware processing (which I can't at the moment)?
Yes, but you'll have to provide a two-way communication between guest proxy and VBR.


Thanks, might have to look into this.Would the Guest Interaction proxy still need a connection back to the vCentre though? Not sure I want to open all those ports from my DMZ.
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby PTide » Fri Jan 29, 2016 9:40 am

it should failover to using vSphere (no need for connection to admin share)? Or am I wrong?
You're absolutely right, it slipped out from my mind that your VM is in DMZ. I recommend contacting support. Normally the job should attempt using VIX after being unable to connect via network.

Would the Guest Interaction proxy still need a connection back to the vCentre though
It must have a LAN or VIX connection to the VM that will be backed up or replicated.

Thank you.
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Re: Backing up virtual machines in DMZ

Veeam Logoby v.Eremin » Fri Jan 29, 2016 11:03 am

Would the Guest Interaction proxy still need a connection back to the vCentre though?

Nope, it wouldn't. All required ports are mentioned in the referenced section of our User Guide. Thanks.
v.Eremin
Veeam Software
 
Posts: 13266
Liked: 968 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

[MERGED] Backup Workgroup DMZ Servers

Veeam Logoby Psycorp » Mon Apr 25, 2016 11:32 am

Hi All

We'd like to backup certain servers within our DMZ which are in a workgroup. Possibly silly question but is it possible to do this without using Administrator credentials for the guest OS but while also leaving remote UAC enabled?

Cheers
Psycorp
Novice
 
Posts: 4
Liked: never
Joined: Tue Apr 05, 2016 7:31 am
Full Name: Kris Woodward

Re: Backing up virtual machines in DMZ

Veeam Logoby foggy » Mon Apr 25, 2016 12:08 pm

Kris, either Domain Administrator account or disabled UAC is required, please see the thread above.
foggy
Veeam Software
 
Posts: 14728
Liked: 1077 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Previous

Return to VMware vSphere



Who is online

Users browsing this forum: Yahoo [Bot] and 25 guests