Skip to main content
  • EN

We are building a “green zone” where basic infrastructure systems including a hot standby backup environment should be running. This env is completely separated from current pro environment. This env will have no AD at the beginning. VBR is using a dedicated SQL server.

Our current VBR server is running in prod domain (ideas to move it and all Veeam systems to a dedicated domain exist for a long time but were never implemented. The idea to remove the systems from domain and use Workgroup also exist).

The very simple idea is currently to have a second VBR VM instance running there + some other Veeam components + a empty Linux repo and start downloading/stage backups from immutable Cloud Object Storage to a local Linux repo in this green zone ASAP to have everything local again and ready to restore. VBR server and all Veeam systems will run in Workgroup mode then. Ideally we would at least have the Veeam config backup available + all needed credentials an keys.

Would this be possible out of the box? Is the change for VBR from domain to workgroup impacting a config restore? 

Would regular restore tests with this second VBR from prod cloud repositories be possible? I don’t think that I can connect one repo (or SOBR capacity extend) to a second VBR.

 

hi ​@Ralf 

 

VBR works without any impact even when removed from the domain.

 

Points to note:

 

  • - Loss of automatic Kerberos authentication; everything works with stored “Datacenter Credential” credentials

 

  • - Adding new proxies managed by Windows will require a Local Administrator user.

 

  • - Pay attention to DNS entries if the Veeam backup infrastructure components used DNS. You can use a dedicated DNS or compile a hosts file.

 

You can proceed with the first step by removing the CBR from the domain, fixing the credentials, and resolving any DNS issues.

 

Then perform a backup and proceed to restore the secondary VBR configuration file.

 

  • A repository can only be “attached” to one VBR at a time.

You cannot:

  • Mount the same SOBR extent or standalone repo to both prod and DR VBRs simultaneously.

Use SOBR capacity tier to sync both.

  • Possible using “Object Storage Import” or “Backup Copy” from object storage if the green-zone VBR has credentials and access to the same bucket.

Importing Object Storage Backups - User Guide for VMware vSphere

or from normal repo

Importing Backups Manually - User Guide for VMware vSphere

  • You can’t just “attach” a prod repo; you need to import or copy backups into the green-zone VBR.
  • You can’t share a live repo between prod and DR VBR, but you can import/copy from the same immutable cloud storage.
  • The DR VBR will treat them as imported backups, so SureBackup, Instant VM Recovery, and file-level restore all work. 

Regards

Restoring config will work, to the points above I would also add to make sure no domain credentials are used on the main VBR server ahead of time. 

When it comes to object storage, you can actually use it at a secondary Veeam server, but with read only IAM, and there are some limitation that are also listed here: https://helpcenter.veeam.com/docs/backup/vsphere/general_limitations.html?ver=120

 

 

hi ​@Ralf 

 

VBR works without any impact even when removed from the domain.

Points to note: ...

In addition to the points suggested by ​@Link State, and centred on your comment below.

> Ideally, we would at least have the Veeam config backup available + all needed credentials and keys.


VBR does not require AD to function correctly; you will need to update stored credentials tied to Domain accounts, and also the Repo paths using UNC with Domain auth, if any exist.

 

Hi ​@Ralf  Yes, VBR works in Workgroup mode. You cannot attach the same repo to both VBRs, but you can import backups from immutable cloud storage into the DR VBR. Restore operations like Instant VM Recovery and SureBackup will still work. Just manage credentials and DNS manually.

 

Thanks for the feedback, I’ll now look into the details. As I’m not a Windows/AD expert, this is the hardest part.

If you are moving your VBR server to this site then i would consider the following.

As others have said a workgroup is fine.

I would backup to the linux repo but make it a hardened repo. I would then use backup copies to the cloud.

Having the backups local will lead to quicker restore times than restoring from the cloud directly, or downloading then from the cloud to import and then restore.

Comment


Terms & Conditions