3 Replies Latest reply on Nov 25, 2014 3:27 AM by ch1ta

    VSS Backups without AD

    TheVMinator Master

      I am using Veeam for backing up Windows Servers.  I use VSS to insure that the backups are application consistent.  VSS requires a local account that has administrator privileges on the OS.  however these servers can't be joined to AD.  The result is that every OS has to be configured separately with a local admin account and password.  However, this can't scale - I can't keep adding more local admin accounts to servers and maintaining seperate sets of local admin credentials on every Windows server especially ones that are owned by other departments and companies.

       

      Is there a better way to get VSS backups for Windows Servers using Veeam, given that this approach doesn't work?

        • 1. Re: VSS Backups without AD
          ch1ta Hot Shot

          Account with local administrator privileges has to be used in order to leverage Application Aware Image Processing, indeed. What about creating sort of unified account on multiple managed systems? This way, the credentials will have to be specified just once in backup server, and then, they can be specified to different source VMs.

           

          Cheers.

          1 person found this helpful
          • 2. Re: VSS Backups without AD
            TheVMinator Master

            Thanks for your input.  The problems with that are:

             

            • The local admin account has to be created and maintained individually on every VM.  Security best practice is to centralize account management rather than distribute it.  If you need to change the account name or password you have to touch every VM.  What if that is 500 or 2000 VMs?
            • If there is a problem and the VSS portion of the backup fails, any admin that troubleshoots the account not working it may need to know the password, which means that if this is some other company's VM, they have admin access on it.  If the company that owns the vm disables the account or changes the password, the backup breaks.  GPO's don't keep the account there consistency as they could through AD.

             

            Overall, distributed local admin accounts that happen to have the same username and password aren't generally the greatest solution.  I'm suprised that Veeam hasn't come up with a better way...

            • 3. Re: VSS Backups without AD
              ch1ta Hot Shot

              As far as I know, the Veeam interactions with VSS do require account's local admin privileges. So, I'm not aware of any way to bypass that. However, you can post your concerns/requests on the corresponding community forum. Based on my experience, all questions provided by customers are treated there in appropriate manner and with due importance; might be worth giving a shot.

               

              Cheers.