Hello,
Running vCentre with two ESXI v7 hosts with Windows VMs. Some guidance needed.
Is it best to set up a service account in AD added to the domain users group and use this account to run backup jobs?
Should this account have local admin access on the VM its backing up?
What about Domain Controllers as they do not have local admin accounts?
Thanks!
-
- Influencer
- Posts: 18
- Liked: 2 times
- Joined: Dec 13, 2020 10:53 am
- Full Name: Mark
- Contact:
-
- Product Manager
- Posts: 2581
- Liked: 708 times
- Joined: Jun 14, 2013 9:30 am
- Full Name: Egor Yakovlev
- Location: Prague, Czech Republic
- Contact:
Re: Veeam V10 - Install best practice.
Hi Mark
Yes, service account is a good idea. To be clear, there are 2 levels of access:
- account used to access vCenter, one that actually performs backup, sufficient for data protection. That account is set when adding vCenter to VBR. List of permissions needed for this account can be found here.
- (optional) account used to access VM guest OS, to add application-aware image processing for above said backup. That account is set on Guest Processing tab of backup job. And yes, that account must be in local Administrators group(doesn't have to be machine\account local, it can be domain\account with correct membership). Various scenarios might also require additional permissions(for example to process MS SQL transaction logs, or Domain Controller backup will add new ones), full list of in-guest account permissions can be found here.
Hope that helps!
Yes, service account is a good idea. To be clear, there are 2 levels of access:
- account used to access vCenter, one that actually performs backup, sufficient for data protection. That account is set when adding vCenter to VBR. List of permissions needed for this account can be found here.
- (optional) account used to access VM guest OS, to add application-aware image processing for above said backup. That account is set on Guest Processing tab of backup job. And yes, that account must be in local Administrators group(doesn't have to be machine\account local, it can be domain\account with correct membership). Various scenarios might also require additional permissions(for example to process MS SQL transaction logs, or Domain Controller backup will add new ones), full list of in-guest account permissions can be found here.
Hope that helps!
-
- Influencer
- Posts: 18
- Liked: 2 times
- Joined: Dec 13, 2020 10:53 am
- Full Name: Mark
- Contact:
Re: Veeam V10 - Install best practice.
Egor - perfect. That clears that up nicely.
Who is online
Users browsing this forum: No registered users and 19 guests