Feature request: getting rid of admin credentials for application-aware processing?

1 year ago
7 December 2022
5 comments
65 views

Userlevel 4

cosmik
Comes here often
16 comments

This was also asked at the AMA session during the Veeam 100 summit: I’d like to have application aware processing on Windows boxes by pre-installing some special Veeam software, but without having to specify an administrator-level account during job configuration.

@HannesKback then replied that on V11 AAP did that trick just fine, but further testing showed that it was not possible. At least not without providing an account with administrative access corresponding to the VM.

@Mildur at the time provided me with an alternative: instead of backing up via the ESXi API, install a standalone agent on the VM boxes, that would allow backing up without having to configure an admin account to the box. Have not tested it yet, should work just fine though!

In any case, it’s day one of the VMCE course (thanks Veeam ) and during discussion of the AAP-related options AlexH was pondering about exactly the same issue.

In any case, I’d like to re-iterate my request to Veeam for providing a way to have account-less AAP, by pre-installing some sort of Veeam agent beforehand.

5 comments

Userlevel 4

cosmik
Author
Comes here often
16 comments
1 year ago
7 December 2022

Let’s continue at https://forums.veeam.com/vmware-vsphere-f24/feature-request-getting-rid-of-admin-credentials-for-application-aware-processing-t84018.html

@HannesK if possible c/p your post above to the f0s :)

Userlevel 5

HannesK
Comes here often
160 comments
1 year ago
7 December 2022

@HannesKback then replied that on V11 AAP did that trick just fine, but further testing showed that it was not possible. At least not without providing an account with administrative access corresponding to the VM.

it wasn’t me who replied that ;-) But I did not want to start a discussion, whether the persistent guest agent could be a solution or not, because I was not 100% sure.

I postponed testing it a couple of times… but your post made me test it now and I can confirm what you say and I believed in Prague: a local admin account is required for authentication.

A local admin account requirement makes sense, because otherwise any “random user” with a VBR server could just take over the machine.

I agree, that it’s a valid request. Just thinking out loud: would you be comfortable to deploy certificates manually on the machines instead of providing username / password centrally?