Often, during the design of Veeam infrastructures for customers, we have to choose how to authenicate into the Veeam Backup Server.
IT guys in complex companies ask always for all their server, and also their databases, to be authenticated towards a central directory. Beeing Veeam a Windows based software, this means MS Active Directory. Same request comes for the backend database used by Veeam.
Personally, I always said no to this requests, and also internally in our datacenter we configured the whole Veeam Infrastructure with a dedicated workgroup, and all the Proxies and Repositories are called by their IP addresses and not by DNS names.
the reason is straight simple: being Veeam the tool to recover from a problem or a damage of other services, I DO NOT want Veeam to depend on other services (maybe corrupted themselves) to operate.
So, we usually do:
– no dns but all proxies and repositories registered by their IP address
– Veeam database locally installed on the Veeam Backup server, since space and performance requirements are low, so the SQL Express installed during the setup is enough
Obviously, IT guys will object this is a lower security level than the one offered by a Active Directory integration. Right, but the ultimate goal of Veeam Backup is to restore Virtual Machines. We do not want to be unable to restore lets say Active Directory right because its services like dns and Active Director are unavailable; it’s a paradox we would like to avoid.