-
- Influencer
- Posts: 10
- Liked: never
- Joined: Jan 06, 2011 1:39 pm
- Full Name: Mark Whalley
- Contact:
UAIR with multiple networks and domains
I have tried searching this forum to see if I could see whether anyone else had posted this question. I couldn't find anything on the subject, apologies if this has already been discussed.
We are a hosting company and use Veeam to backup all of our hosted VM’s. Each of our customers have VM’s on separate virtual networks and domains. The Veeam backup server (which also hosts the Veeam Enterprise Manager) is located on a network separate again to the customer networks.
My question is: What is the best practice for using the UAIR recovery to restore AD, Exchange and SQL for each of the customer VMs?
If I run the UAIR recovery wizard from the Veeam server, it is unable to see any of the customer production networks therefore when the wizard asks you to connect to the domain controller it is unable to do so.
I have also tried installing the UAIR application on a client machine on the domain of one of the customer networks, this machine has access to both its own network and the network where the Veeam server (and Enterprise Manager) resides. However when I try to connect to the Enterprise Manager I get an error stating “The server has rejected the client credentials”. I now know that the client machine where the UAIR application is installed must reside on the same domain as the Enterprise Manager.
Thanks in advance for your advise.
We are a hosting company and use Veeam to backup all of our hosted VM’s. Each of our customers have VM’s on separate virtual networks and domains. The Veeam backup server (which also hosts the Veeam Enterprise Manager) is located on a network separate again to the customer networks.
My question is: What is the best practice for using the UAIR recovery to restore AD, Exchange and SQL for each of the customer VMs?
If I run the UAIR recovery wizard from the Veeam server, it is unable to see any of the customer production networks therefore when the wizard asks you to connect to the domain controller it is unable to do so.
I have also tried installing the UAIR application on a client machine on the domain of one of the customer networks, this machine has access to both its own network and the network where the Veeam server (and Enterprise Manager) resides. However when I try to connect to the Enterprise Manager I get an error stating “The server has rejected the client credentials”. I now know that the client machine where the UAIR application is installed must reside on the same domain as the Enterprise Manager.
Thanks in advance for your advise.
-
- VeeaMVP
- Posts: 6165
- Liked: 1971 times
- Joined: Jul 26, 2009 3:39 pm
- Full Name: Luca Dell'Oca
- Location: Varese, Italy
- Contact:
Re: UAIR with multiple networks and domains
Running U-AIR in a multi-domain environment is a really tricky stuff.
On a "multi-domain belonging to the same forest" environment, AD domain trusts will help for sure, but this is something impossible to do in a multi-tenancy environment, where every hosted domain has to be separated from each other.
At the moment, in our environment (basically same as yours) we ended up offering only crash-consistent backup. I would like to integrate also VSS-aware backups if the customer allows us to have their admin credentials to run application-aware backups, but I have not finished testing the restore part of this.
I found no direct way at the moment to delegate restore activities to different customers (also access to backup repositories is an issue), but I'm really interested too in a possible workaround to do this. This thread can become a starting point to exchange our ideas regarding this topic.
On a "multi-domain belonging to the same forest" environment, AD domain trusts will help for sure, but this is something impossible to do in a multi-tenancy environment, where every hosted domain has to be separated from each other.
At the moment, in our environment (basically same as yours) we ended up offering only crash-consistent backup. I would like to integrate also VSS-aware backups if the customer allows us to have their admin credentials to run application-aware backups, but I have not finished testing the restore part of this.
I found no direct way at the moment to delegate restore activities to different customers (also access to backup repositories is an issue), but I'm really interested too in a possible workaround to do this. This thread can become a starting point to exchange our ideas regarding this topic.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
Principal EMEA Cloud Architect @ Veeam Software
@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
-
- Influencer
- Posts: 10
- Liked: never
- Joined: Jan 06, 2011 1:39 pm
- Full Name: Mark Whalley
- Contact:
Re: UAIR with multiple networks and domains
Thanks for the response Luca, I am out of ideas how we are going to proceed with this.
We can't be the only two Veeam users who host Virtual Machines for multiple customers who require this sort of functionality.
It is simply not feasible to have individual Veeam servers for each customer.
Does anyone have any suggestions regarding this?
Thanks
Mark
We can't be the only two Veeam users who host Virtual Machines for multiple customers who require this sort of functionality.
It is simply not feasible to have individual Veeam servers for each customer.
Does anyone have any suggestions regarding this?
Thanks
Mark
-
- Novice
- Posts: 8
- Liked: never
- Joined: Nov 16, 2011 11:49 pm
- Full Name: Stephen Ollis
- Contact:
Re: UAIR with multiple networks and domains
Hi Guys,
I'm also needing to tackle this problem.
The only way I can think of solving this is by:
a) providing a dedicated dual homed backup proxy for each customer, and manually allocating to the job
b) by having a backup Private vLAN for the hosting company, and then to dual-home one of the customer machines into that vlan, install the Veeam Proxy on the customer VM, and dedicate it in the backup job.
c) have a group of proxies, with carefully managed NATs/persistent routes to make sure you have unique ranges per proxy/customers - VERY MESSY
Steve Ollis
Data Centre Administrator
Oriel Hosting, Sydney Australia
I'm also needing to tackle this problem.
The only way I can think of solving this is by:
a) providing a dedicated dual homed backup proxy for each customer, and manually allocating to the job
b) by having a backup Private vLAN for the hosting company, and then to dual-home one of the customer machines into that vlan, install the Veeam Proxy on the customer VM, and dedicate it in the backup job.
c) have a group of proxies, with carefully managed NATs/persistent routes to make sure you have unique ranges per proxy/customers - VERY MESSY
Steve Ollis
Data Centre Administrator
Oriel Hosting, Sydney Australia
-
- Novice
- Posts: 8
- Liked: never
- Joined: Nov 16, 2011 11:49 pm
- Full Name: Stephen Ollis
- Contact:
Re: UAIR with multiple networks and domains
I have come up with another solution
Requirements:
Please feel free to tear this apart, and/or improve it.
Steve Ollis
Data Centre Administrator
Oriel Hosting, Sydney Australia
Requirements:
- Hosting Provider Backup vlan
- Hosting Provider per-customer virtual firewall with a leg in both customer network, and Hosting Backup vlan
- IP address in Customer network, NAT'd to an address in the Hosting Backup vlan
- Hosting provider Veeam B&R proxy with leg into the backup vlan
- Change to Veeam B&R Proxy
Please feel free to tear this apart, and/or improve it.
Steve Ollis
Data Centre Administrator
Oriel Hosting, Sydney Australia
-
- Novice
- Posts: 8
- Liked: never
- Joined: Nov 16, 2011 11:49 pm
- Full Name: Stephen Ollis
- Contact:
Re: UAIR with multiple networks and domains
After re-reading this, I realise I left out a vital piece.
A remote VSS proxy agent is also needed on one of the servers in the customer container to actually initiate the Remote VSS call.
A remote VSS proxy agent is also needed on one of the servers in the customer container to actually initiate the Remote VSS call.
-
- VP, Product Management
- Posts: 6035
- Liked: 2860 times
- Joined: Jun 05, 2009 12:57 pm
- Full Name: Tom Sightler
- Contact:
Re: UAIR with multiple networks and domains
I'm not really sure I follow you. Remote VSS calls are required during backups, not during restores. This thread is about U-AIR, which is all about restores. Performing backups with VSS isn't really an issue because Veeam doesn't require network connectivity to perform application aware processing, just VMware tools and an account with appropriate permissions.
-
- Novice
- Posts: 8
- Liked: never
- Joined: Nov 16, 2011 11:49 pm
- Full Name: Stephen Ollis
- Contact:
Re: UAIR with multiple networks and domains
Yes, for U-AIR, the issue is different, and maybe my replies should be placed in another thread.
Starting new thread
Starting new thread
Who is online
Users browsing this forum: Semrush [Bot] and 51 guests