Hi @Armando -

Veeam Best practice is to use a separate management domain for Veeam, different from your production domain. 

See the Veeam Best Practice guide for more information:

https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html

Hi @Armando, you will find this guide very useful as it discusses your concern in detail: https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html

I am in the process of doing this currently in our datacenters.  I followed the BP guide posted which helps but also needed to do some reading on domain trusts.  It works very well so far and no issue with good planning.

Hello dear,

Thank you very much for your prompt response.

I understand that it is recommended, but creating a sub-domain in my forest is only one-way?

Regards

I believe a subdomain will have a two-way trust and why a separate domain is the better option cause you can then set a one-way trust.  That is what I have done for our environment.

I understand, then I will need to add 2 new Servers to the prerequisites to create this Veeam domain.

Sincerely, thank you all very much for answering me quickly.

Greetings to all...

Hi @Armando 

Permit me to add a little bit about domains.

If you create a domain in the existing forest it's automatically linked with two-way relationships.

Best practice is to create a new AD forest with one way trust as @Chris.Childerhose wrote.

Regards 

Hi Andanet

Yes, I totally agree, thank you very much!! I will also bring to the table those tips indicated in the URL: https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html Regards!!