My understanding it that the best practice is to run Veeam B&R on a stand alone server, not domain joined. It should have rdp disabled. Veeam console should be installed on another server. Our B&R server is domain joined. I haven’t found any documentation on doing this type of migration. The processes run under the local system account. The credentials for things like vmware and storage arrays are stored in Veeam. What am I missing that would blow up when doing this migration? I would like to move it to a new server, not just remove the current one from the domain. Our repository servers are windows and domain joined as well. Should they be removed from the domain? Seems like yes and that might be biggest issue. Any insights appreciated.
Just run a configuration backup and then restore that to the new VBR server you build. It will restore everything related to your Veeam environment including passwords, etc. This is the best way to move things.
You can remove other servers yes. We have domain joined Veeam but it is on its own domain separated from PROD with a one-way trust only as per best practices.
Further to what Chris said, here is a great page going over this exact question, and describing the one-way trust that he mentioned:
https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html
We also have this KB with possible impacts of removing VBR from domain that can helps: https://www.veeam.com/kb4469
We also have this KB with possible impacts of removing VBR from domain that can helps: https://www.veeam.com/kb4469
Wow, that’s a great KB that answers exactly what he’s asking regarding potential blow-ups. I’ve seen at least 5 of those happen out in the wild.
Hi
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.