Question

Feature request: getting rid of admin credentials for application-aware processing?


Userlevel 4
Badge +1

This was also asked at the AMA session during the Veeam 100 summit: I’d like to have application aware processing on Windows boxes by pre-installing some special Veeam software, but without having to specify an administrator-level account during job configuration.

@HannesKback then replied that on V11 AAP did that trick just fine, but further testing showed that it was not possible. At least not without providing an account with administrative access corresponding to the VM.

@Mildur at the time provided me with an alternative: instead of backing up via the ESXi API, install a standalone agent on the VM boxes, that would allow backing up without having to configure an admin account to the box. Have not tested it yet, should work just fine though!

In any case, it’s day one of the VMCE course (thanks Veeam 🙂 ) and during discussion of the AAP-related options AlexH was pondering about exactly the same issue.

In any case, I’d like to re-iterate my request to Veeam for providing a way to have account-less AAP, by pre-installing some sort of Veeam agent beforehand.


5 comments

Userlevel 7
Badge +3

@Mildur 

Userlevel 7
Badge +8

Hi @cosmik 

Requests should go to the RnD forum :) 

 

My idea was to use a protection group type “Computers with pre-installed agents”.

You distribute the agent outside of Veeam Backup & Replication using generated config files.

Protection Group Types - Veeam Agent Management Guide

Deploying Veeam Agents Using Generated Setup Files - Veeam Agent Management Guide

 

Best, 

Fabian

Userlevel 4
Badge +1

Thanks @Mildur will do!

(Notifying

@alexheylin )

 

Userlevel 3
Badge +1

@HannesKback then replied that on V11 AAP did that trick just fine, but further testing showed that it was not possible. At least not without providing an account with administrative access corresponding to the VM.

it wasn’t me who replied that ;-) But I did not want to start a discussion, whether the persistent guest agent could be a solution or not, because I was not 100% sure.

 

I postponed testing it a couple of times… but your post made me test it now and I can confirm what you say and I believed in Prague: a local admin account is required for authentication. 

A local admin account requirement makes sense, because otherwise any “random user” with a VBR server could just take over the machine. 

I agree, that it’s a valid request. Just thinking out loud: would you be comfortable to deploy certificates manually on the machines instead of providing username / password centrally?

Userlevel 4
Badge +1

Let’s continue at https://forums.veeam.com/vmware-vsphere-f24/feature-request-getting-rid-of-admin-credentials-for-application-aware-processing-t84018.html

@HannesK if possible c/p your post above to the f0s :)

Comment