Solved

Veeam ONE

J
Userlevel 5
Badge +1

This is going to be my first time setting up Veeam ONE (Enterprise Manager?). Where is some good documentation on the product as far as functionality goes. Also, what are some, if any, best practices for setting it up? Should I run it in directly on the VBR server or spin up it’s own VM? Anything will help at this point.  Thanks in advance!

icon

Best answer by MicoolPaul 20 May 2024, 16:53

View original

5 comments

coolsport00
Userlevel 7
Badge +19

Hi @jaceg23 - pretty much all you need to know is in the VONE User Guide:

https://helpcenter.veeam.com/docs/one/deployment/about.html?ver=120

I recommend installing VONE on its own server/VM.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
MicoolPaul
Userlevel 7
Badge +22

Hi @jaceg23 

Veeam ONE are Veeam Backup Enterprise Manager are completely different products :)

Veeam ONE is a monitoring/reporting solution, and Veeam Backup Enterprise Manager is a centralised management system for your VBR instance(s).

Check out https://helpcenter.veeam.com to find the documentation on all solutions, and check out https://www.veeam.com/free-on-demand-trainings.html to get a high level overview of them (plus other Veeam products).

Veeam Backup Enterprise Manager: Yes you could install this on your VBR server but there are benefits to it being its own server, especially for future scaling.

Veeam ONE: Strongly recommend this doesn’t sit on the VBR server, it will be resource hungry at times, and Veeam ONE should sit outside of domain and any related trusts to be a monitoring bastion of your environment.

Michael Paul - Opinions are my own and do not necessarily reflect the opinion of Veeam | https://micoolpaul.com | Twitter: @MicoolPaul | Mastodon: @micoolpaul@masto.nu | Bluesky: @micoolpaul.com
coolsport00
Userlevel 7
Badge +19

I’d pay particular attention to the Deployment Planning/Prep section of the Guide:

https://helpcenter.veeam.com/docs/one/deployment/deployment_planning_preparation.html?ver=120

As well as Deployment Scenarios:

https://helpcenter.veeam.com/docs/one/deployment/deployment_planning_preparation.html?ver=120

And, Install Options:

https://helpcenter.veeam.com/docs/one/deployment/install_veeam_one.html?ver=120

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
J
Userlevel 5
Badge +1

@MicoolPaul when you say “Veeam ONE should sit outside of domain and any related trusts” can you elaborate on that more? 

MicoolPaul
Userlevel 7
Badge +22

@MicoolPaul when you say “Veeam ONE should sit outside of domain and any related trusts” can you elaborate on that more? 

Sure thing.

So, Veeam ONE is, as I mentioned previously, a monitoring & reporting platform. Veeam can trigger alarms to do with environmental performance, issues that are emerging, if it has detected ransomware etc.

If you are a malicious entity, you will want to silence the monitoring platform, to ‘blind’ your intended victim to the ongoing activities you will perform. So, regardless of whether you have a single production domain, or a dedicated management domain for admin activities, it is still best to leave Veeam ONE sitting alone as its own little island, secured & hardened as best possible, and observing everything going on around it.

I’ll make a hypothetical situation here: You might be thinking ‘well what can Veeam ONE really tell me that I don’t already know?’

Well, Veeam knows Veeam really well, as well as the infrastructure it interacts with. So in the security mindset still, Veeam ONE could tell me:

  • Which backup jobs have been disabled (signs that someone is risking the organisation’s ability to recover from an incident
  • Suspicious incremental backup size (signs that ransomware might’ve been deployed and we’ve seen an unusually high change rate as a result)
  • Veeam Malware detection change tracking (signs that someone is reconfiguring my jobs to blind me to malicious activities taking place such as Dark Web data exfiltration
  • Failed backup jobs (Risks to organisation’s ability to recover)
  • vSphere: Potential Ransomware Activity (High CPU/Disk Write/Network over XYZ metrics could be an indication that malicious workloads are consuming host resources such as encrypting data)
  • vSphere: Host Cluster Destroyed (Could be a malicious attempt at breaking the ESXi environment)

 

You get the idea, this is just a small subset and a particular focus, check out the predefined alarms section to get a greater idea of how Veeam ONE can help: Predefined Alarms - Veeam ONE Monitoring Guide

Michael Paul - Opinions are my own and do not necessarily reflect the opinion of Veeam | https://micoolpaul.com | Twitter: @MicoolPaul | Mastodon: @micoolpaul@masto.nu | Bluesky: @micoolpaul.com

Comment


Terms & Conditions