-
- Enthusiast
- Posts: 81
- Liked: 5 times
- Joined: Oct 31, 2022 11:39 pm
- Full Name: Backup Administrator
- Contact:
Group Managed Service Accounts (gMSA) for Veeam & vCenter ?
According to the latest Veeam Backup v12 documentation, Group Managed Service Accounts (gMSA) are supported for Veeam Service Accounts.
How do I accomplish that for my Veeam Backup server?
What privileges should I assign to the VMware vCenter when using this gMSA?
Anything of help would be much appreciated.
How do I accomplish that for my Veeam Backup server?
What privileges should I assign to the VMware vCenter when using this gMSA?
Anything of help would be much appreciated.
-
- Product Manager
- Posts: 9385
- Liked: 2500 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Group Managed Service Accounts (gMSA) for Veeam & vCenter ?
Hi Backup Operator
Where do you have seen that you can use gMSA for vCenter Connection?
gMSA can be used for guest processing tasks. Such as Application Aware Processing or Guest OS File restore.
Best,
Fabian
Where do you have seen that you can use gMSA for vCenter Connection?
gMSA can be used for guest processing tasks. Such as Application Aware Processing or Guest OS File restore.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Enthusiast
- Posts: 81
- Liked: 5 times
- Joined: Oct 31, 2022 11:39 pm
- Full Name: Backup Administrator
- Contact:
Re: Group Managed Service Accounts (gMSA) for Veeam & vCenter ?
From https://helpcenter.veeam.com/docs/backu ... ml?ver=120
So I wonder is there any procedure I can follow to replace all of my service account with gMSA?
So I wonder is there any procedure I can follow to replace all of my service account with gMSA?
-
- Product Manager
- Posts: 9385
- Liked: 2500 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Group Managed Service Accounts (gMSA) for Veeam & vCenter ?
I read on top of this page:
- You can use gMSAs to run guest processing tasks.
Nothing about other components or vSphere connection.
Best,
Fabian
- You can use gMSAs to run guest processing tasks.
Nothing about other components or vSphere connection.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Veteran
- Posts: 913
- Liked: 51 times
- Joined: Nov 05, 2009 12:24 pm
- Location: Sydney, NSW
- Contact:
Re: Group Managed Service Accounts (gMSA) for Veeam & vCenter ?
@Backup.Operator,
The gMSA is the service account that will be used by Veeam to interact with the Windows Guest OS, this is the way I create the gMSA for my Veeam Service account:
Therefore as you can see from the above method, you will need to add the Windows computer to the AD security group that will be using the guest processing methods.
Hope this helps.
The gMSA is the service account that will be used by Veeam to interact with the Windows Guest OS, this is the way I create the gMSA for my Veeam Service account:
Code: Select all
$paramNewADServiceAccount = @{
Name = 'gMSA-Veeam'
DNSHostName = 'gMSA-Veeam.domain.com'
PrincipalsAllowedToRetrieveManagedPassword = 'gMSA-Veeam-grp'
Description = 'Veeam service account can only be used by gMSA-Veeam-grp AD group members'
}
New-ADServiceAccount @paramNewADServiceAccount
Hope this helps.
--
/* Veeam software enthusiast user & supporter ! */
/* Veeam software enthusiast user & supporter ! */
-
- Enthusiast
- Posts: 81
- Liked: 5 times
- Joined: Oct 31, 2022 11:39 pm
- Full Name: Backup Administrator
- Contact:
[MERGED] Using Group managed service accounts (gMSAs) as Veeam backup service account?
Would it be possible to use the Group managed service accounts (gMSAs) for the Veeam Backup service account?
Because I cannot even add the existing and the newly created Group managed service accounts (gMSAs) to the builtin Veeam Credentials manager:
Any clarification would be appreciated.
Because I cannot even add the existing and the newly created Group managed service accounts (gMSAs) to the builtin Veeam Credentials manager:
Any clarification would be appreciated.
-
- Product Manager
- Posts: 14599
- Liked: 2969 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Group Managed Service Accounts (gMSA) for Veeam & vCenter ?
Hello,
it looks like you asked the same question above and my colleague quoted the user guide
I cannot follow what the credentials screenshot is showing. It looks different for me https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best regards,
Hannes
it looks like you asked the same question above and my colleague quoted the user guide
Question: why do you want to run the service with gMSA instead of LOCAL SYSTEM? Which problem do you try to solve?user guide wrote:You can use gMSAs to run guest processing tasks.
I cannot follow what the credentials screenshot is showing. It looks different for me https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best regards,
Hannes
-
- Enthusiast
- Posts: 81
- Liked: 5 times
- Joined: Oct 31, 2022 11:39 pm
- Full Name: Backup Administrator
- Contact:
Re: Group Managed Service Accounts (gMSA) for Veeam & vCenter ?
Hi @
I am trying to secure the Service Account using the gMSA as the best practice where possible since there is no need for remembering and rotating passwords.
Can I add the gMSA to the below vCenter role using this script https://github.com/falkobanaszak/vCente ... _Veeam.ps1
I am trying to secure the Service Account using the gMSA as the best practice where possible since there is no need for remembering and rotating passwords.
Can I add the gMSA to the below vCenter role using this script https://github.com/falkobanaszak/vCente ... _Veeam.ps1
-
- Product Manager
- Posts: 9385
- Liked: 2500 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Group Managed Service Accounts (gMSA) for Veeam & vCenter ?
Hello
You cannot use a gMSA for the authentication between Veeam and vCenter.
Even if you use Falko's script to give gMSA vCenter permissions, Veeam wouldn't be able to use it.
Best,
Fabian
You cannot use a gMSA for the authentication between Veeam and vCenter.
Even if you use Falko's script to give gMSA vCenter permissions, Veeam wouldn't be able to use it.
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: No registered users and 94 guests