VEEAM BACKUP DOMAIN CONTROLLER WINDOWS
This way the Veeam Availability Infrastructure does not rely on the environment it is meant to protect! Windows Workgroup Add the Veeam components to the production domain but make sure the accounts with administrative privileges are protected with two-factor authentication.įor the most secure deployment add the Veeam components to a management domain that resides in a separate Active Directory Forest and protect the administrative accounts with two-factor authentication mechanics.Add the Veeam components to a separate workgroup and place the components on a separate network where applicable.Add the Veeam components to a management domain that resides in a separate Active Directory Forest and protect the administrative accounts with two-factor authentication mechanics.When securing administrative accounts and the Veeam Availability Infrastructure installation you have a few options from most secure to less secure: In this way, the directory can scale globally over a network that has limited available bandwidth. Partitioning data enables organizations to replicate data only to where it is needed. Where a domain is a partition in an Active Directory forest. Domains in the same forest are automatically linked with two-way, transitive trust relationships. A forest is a collection of one or more Active Directory domains that share a common logical structure, directory schema (class and attribute definitions), directory configuration (site and replication information), and global catalog (forest-wide search capabilities). Microsoft Active Directory consists of Forests and Domains. When setting up the Veeam Availability infrastructure keep in mind the principle that a data protection system should not rely on the environment it is meant to protect in any way! This is because when your production environment goes down along with its domain controllers, it will impact your ability to perform actual restores due to the backup server’s dependency on those domain controllers for backup console authentication, DNS for name resolution, etc. Microsoft Active Directory is the heart of the IT infrastructure for nearly every organization. This site uses Just the Docs, a documentation theme for Jekyll.Īdd Veeam to a Workgroup, Domain or Forest? Restoring VMs to an HPE 3PAR with thin disks.
VEEAM BACKUP DOMAIN CONTROLLER VERIFICATION
When testing recovery of one domain controller only choosing role with authoritative restore will speed up verification process.
There are two Domain Controller roles available in application group configuration - for authoritative and non-authoritative restore. Finally if you are redeploying, make sure all FSMO roles are being held by a controller and that you clean up the meta data of the controller that is not coming back. One of such cases is if FSMO roles from the lost domain controller were seized on another one, then it is better to deploy a new VM instead of restoring a server which still thinks it is holding the role. Depending on the Active Directory architecture it might make sense to rebuild domain controller that was lost instead of restoring it from the backup. It is a good practice to implement reduntant Active Directory configuration with several domain controllers which helps eliminate single point of failure. For more details refer to the corresponding section of the User Guide. Job configurationįor backup and restore of domain controllers to work properly application aware image processing opption has to be enabled in the job properties. Preparationįor Microsoft Active Directory, check the tombstone lifetime settings, as described in Veeam Explorers User Guide at Veeam Help Center ( ).
Veeam Backup and Replication natively supports backup of Microsoft Active Directory controllers and allows for image level and granular AD items restore. Sizing Targets for WAN Accereration Relationship Protecting Veeam Backup & Replication Configuration Veeam Backup & Replication Best Practices