Host-based backup of VMware vSphere VMs.
Post Reply
pkelly_sts
Veteran
Posts: 600
Liked: 66 times
Joined: Jun 13, 2013 10:08 am
Full Name: Paul Kelly
Contact:

Which hosts need access to Admin$ for agent deployment?

Post by pkelly_sts »

I'm trying to continue backing up some VMs that have been moved into a DMZ & security (firewall) tightened up but wanted to confirm exactly which machines need the access.

So, given the following scenario, what needs access to admin$ on the backed-up VMs:

Primary Site:
FC SAN Storage (both VMFS & Backup volumes)
Physical B&R Server (Direct-attach SAN to local SAN) also a Proxy Server
Primary Proxy VM1
Primary Proxy VM2
Primary Proxy VM3

Job 1: Local Backup job + Backup Copy job (to DR site)

DR Site:
FC SAN Storage (both VMFS & Backup volumes)
Physical B&R Server (Direct-attach SAN to local DR SAN) Also a Proxy Server
DR Proxy VM1
DR Proxy VM2
DR Proxy VM3

Job 1: Local backup job (of a few smaller VMs) + Backup Copy job (to Primary site)
Job 2: Replica job, Source is Primary Site SAN, Destination is DR Site SAN

So, in the replication job running at the DR site but "pulling" from the primary site, which element uploads the agent files:
1) The DR B&R Server
2) The DR Proxy VMs
3) The Primary Site Proxy VMs (of which the Primary site B&R server is also a proxy for the DR site B&R)

Thanks,

Paul
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by Vitaliy S. »

Hi Paul,

Direct network connection to the backed up VMs is not required, since interaction with Guest OS can be performed via VIX API (VMware Tools). As soon as backup server can reach your source ESXi hosts, then you should be fine.

Let me know if that helps!
pkelly_sts
Veteran
Posts: 600
Liked: 66 times
Joined: Jun 13, 2013 10:08 am
Full Name: Paul Kelly
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by pkelly_sts »

Hmm, I think we've had a similar conversation before now that you say that. Thing is, in this case the VSS side of this job consistently fails (I've configured the job to ignore rather than fail on quiescing for now) so it seems the fail-to-VIX-if-needed doesn't appear to be working in our case.

I recall there's a way you can change the overall default to use VIX instead but I'd rather avoid that if I can.

Can you suggest anything I should look at before I log a call with support?

Paul
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by foggy »

Paul, please note that either disabling UAC or using Domain Administrator account is required to perform application-aware image processing work over VIX.
pkelly_sts
Veteran
Posts: 600
Liked: 66 times
Joined: Jun 13, 2013 10:08 am
Full Name: Paul Kelly
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by pkelly_sts »

Ah, thanks for that. I do remember seeing somewhere previously that "THE" Domain Admin account must be used and I deeply frowned upon it as a very bad thing (and still think so) but now I understand the reason, i.e. that it's the only other way around UAC other than disabling it, then this gives me something to go back to the security bods with & let them decide which they want to give up (if they want clean backups of course!).

Thanks,

Paul
pkelly_sts
Veteran
Posts: 600
Liked: 66 times
Joined: Jun 13, 2013 10:08 am
Full Name: Paul Kelly
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by pkelly_sts »

Actually, there is still another option, that is to open the necessary ports to access Admin$ directly, i.e. my original thinking.

Knowing that, if we choose, we can avoid the need by disabling UAC, if TPTB don't want to give up either UAC or Domain Admin creds, then which hosts require access to Admin$, B&R server or source/destination proxies, or all of the above?

Regards,

Paul
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by Vitaliy S. »

Backup server should have access to the Guest OS, as runtime process in the backed up VM is managed by the backup server. Thanks!
pkelly_sts
Veteran
Posts: 600
Liked: 66 times
Joined: Jun 13, 2013 10:08 am
Full Name: Paul Kelly
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by pkelly_sts »

Thanks Vitaliy, I'll give that a go.
ousturali
Influencer
Posts: 11
Liked: 1 time
Joined: Dec 08, 2014 4:07 pm
Full Name: OrcunUsturali
Contact:

[MERGED] Backing up Virtual Machines which has more than 2 n

Post by ousturali »

Hi
we are trying to backup some vm's which have 2 Ethernet cards ,and the external ip address is firstly detected at virtual center ,
When we try to backup with veeam ,it tries to make connection to this external Ip address for backup and gives this error
""connect to the host's administrative share""

I could not find a way to change or this nic selection at veeam ,
how can this be achived ??

Thanks
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Backing up Virtual Machines which has more than 2 nics

Post by Vitaliy S. »

Direct network access to the backed up VM is not required, most likely you have a different issue, that prevents you from having successful backup job run.
ousturali
Influencer
Posts: 11
Liked: 1 time
Joined: Dec 08, 2014 4:07 pm
Full Name: OrcunUsturali
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by ousturali »

Hi Vitaliy,

I had read the above conversation ,according to the above info there are some options for succesfull backups
1-let the veaam server ,logon to the vm with admin credentals (yes all pc are in domain ,)
2-Veeam server can access each ESX server (they are in the same lan)
3-Disable UAC (yes this is also done )



but still the vm's which have more then 1 ethernet are having strange problems in backup.
But the other vm's do not have any problems while backip up.

any other ideas?

REgards.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Which hosts need access to Admin$ for agent deployment?

Post by Vitaliy S. »

Number of NICs does not matter, your VMs can be even located in the DMZ with no network access at tall. Please let our technical team take a look at the debug logs, as it is hard to say what is wrong without seeing this info. BTW, do you have VMware tools up & running on these VMs? Are they up-to-date?
Post Reply

Who is online

Users browsing this forum: KonstantinS and 72 guests