-
- Influencer
- Posts: 20
- Liked: never
- Joined: Dec 20, 2014 10:57 am
- Full Name: Greg
- Contact:
Four-Eyes Authorization
I've recently heard about a new feature in Veeam - Four-Eyes Authorization. I would like to take advantage of it. My repository is an iSCSI disk connected to a server with VBR installed. I'm wondering how to avoid a situation where, while Veeam ensures four-eyes control, the files are physically present and visible on the machine's disk. From there, they could be deleted without four-eyes approval.
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
-
- VeeaMVP
- Posts: 1016
- Liked: 317 times
- Joined: Jan 31, 2011 11:17 am
- Full Name: Max
- Contact:
Re: Four-Eyes Authorization
Four-Eyes Authorization will protect you from malicious or accidental actions inside of Veeam.
But to protect your backup files, you should implement immutable backups: https://helpcenter.veeam.com/docs/backu ... ility.html
But of course, immutability needs to be configured correctly. For example you could use your iSCSI storage to setup a hardened repository. But if an attacker gets administrative access to your storage he could still wipe your backups.
But to protect your backup files, you should implement immutable backups: https://helpcenter.veeam.com/docs/backu ... ility.html
But of course, immutability needs to be configured correctly. For example you could use your iSCSI storage to setup a hardened repository. But if an attacker gets administrative access to your storage he could still wipe your backups.
-
- Veteran
- Posts: 291
- Liked: 25 times
- Joined: May 22, 2015 7:16 am
- Full Name: Paul
- Contact:
Re: Four-Eyes Authorization
Hi
Question related to Four-Eyes Authorization and the expiry of requests
Enabled this function last week and have been testing it. I changed the expiry from 7 to 1 days and deleted a backup file on disk. Pending approval was shown in the console and an email received. I told the other admins not to do anything with the approval as I wanted to see what happened when it expired. I expected it to expire after 1 day but in the end it was almost 2. It also appears that the backup file on disk was actually deleted. I expected the approval to auto reject and the file on disk to remain. Is that not how it works? I am testing this again and have taken screenshots at every step.
In the history I can see the status of the request I submitted last week (Thursday) is Expired. That is what I expected. I hadn't expected the actual file on disk to be deleted as the request hadn't been approved.
I am running Veeam 12.1.1.56 I have not contacted support yet
Question related to Four-Eyes Authorization and the expiry of requests
Enabled this function last week and have been testing it. I changed the expiry from 7 to 1 days and deleted a backup file on disk. Pending approval was shown in the console and an email received. I told the other admins not to do anything with the approval as I wanted to see what happened when it expired. I expected it to expire after 1 day but in the end it was almost 2. It also appears that the backup file on disk was actually deleted. I expected the approval to auto reject and the file on disk to remain. Is that not how it works? I am testing this again and have taken screenshots at every step.
In the history I can see the status of the request I submitted last week (Thursday) is Expired. That is what I expected. I hadn't expected the actual file on disk to be deleted as the request hadn't been approved.
I am running Veeam 12.1.1.56 I have not contacted support yet
-
- Chief Product Officer
- Posts: 31964
- Liked: 7437 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Four-Eyes Authorization
Correct, expired requests are automatically Rejected.
-
- Veteran
- Posts: 291
- Liked: 25 times
- Joined: May 22, 2015 7:16 am
- Full Name: Paul
- Contact:
Re: Four-Eyes Authorization
Thanks for the info. During my testing it appears even thought the request was rejected, the actual files on disk were deleted. I am running more tests so will see what happens with that. Thanks
-
- Product Manager
- Posts: 14785
- Liked: 1721 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Four-Eyes Authorization
Hello Paul,
Please raise a support case if you confirm this behavior and share the case ID with us. Thank you!
Please raise a support case if you confirm this behavior and share the case ID with us. Thank you!
-
- Veteran
- Posts: 291
- Liked: 25 times
- Joined: May 22, 2015 7:16 am
- Full Name: Paul
- Contact:
Re: Four-Eyes Authorization
I ran another test and it worked as expected
Who is online
Users browsing this forum: No registered users and 39 guests