Hi @jaceg23 - pretty much all you need to know is in the VONE User Guide:
https://helpcenter.veeam.com/docs/one/deployment/about.html?ver=120
I recommend installing VONE on its own server/VM.
Hi @jaceg23
Veeam ONE are Veeam Backup Enterprise Manager are completely different products :)
Veeam ONE is a monitoring/reporting solution, and Veeam Backup Enterprise Manager is a centralised management system for your VBR instance(s).
Check out https://helpcenter.veeam.com to find the documentation on all solutions, and check out https://www.veeam.com/free-on-demand-trainings.html to get a high level overview of them (plus other Veeam products).
Veeam Backup Enterprise Manager: Yes you could install this on your VBR server but there are benefits to it being its own server, especially for future scaling.
Veeam ONE: Strongly recommend this doesn’t sit on the VBR server, it will be resource hungry at times, and Veeam ONE should sit outside of domain and any related trusts to be a monitoring bastion of your environment.
@MicoolPaul when you say “Veeam ONE should sit outside of domain and any related trusts” can you elaborate on that more?
@MicoolPaul when you say “Veeam ONE should sit outside of domain and any related trusts” can you elaborate on that more?
Sure thing.
So, Veeam ONE is, as I mentioned previously, a monitoring & reporting platform. Veeam can trigger alarms to do with environmental performance, issues that are emerging, if it has detected ransomware etc.
If you are a malicious entity, you will want to silence the monitoring platform, to ‘blind’ your intended victim to the ongoing activities you will perform. So, regardless of whether you have a single production domain, or a dedicated management domain for admin activities, it is still best to leave Veeam ONE sitting alone as its own little island, secured & hardened as best possible, and observing everything going on around it.
I’ll make a hypothetical situation here: You might be thinking ‘well what can Veeam ONE really tell me that I don’t already know?’
Well, Veeam knows Veeam really well, as well as the infrastructure it interacts with. So in the security mindset still, Veeam ONE could tell me:
- Which backup jobs have been disabled (signs that someone is risking the organisation’s ability to recover from an incident
- Suspicious incremental backup size (signs that ransomware might’ve been deployed and we’ve seen an unusually high change rate as a result)
- Veeam Malware detection change tracking (signs that someone is reconfiguring my jobs to blind me to malicious activities taking place such as Dark Web data exfiltration
- Failed backup jobs (Risks to organisation’s ability to recover)
- vSphere: Potential Ransomware Activity (High CPU/Disk Write/Network over XYZ metrics could be an indication that malicious workloads are consuming host resources such as encrypting data)
- vSphere: Host Cluster Destroyed (Could be a malicious attempt at breaking the ESXi environment)
You get the idea, this is just a small subset and a particular focus, check out the predefined alarms section to get a greater idea of how Veeam ONE can help: Predefined Alarms - Veeam ONE Monitoring Guide
