The cloud repository is a storage location in the cloud where tenants can store their VM data. If you set up parameters as recommended, click Analyze to perform a security check again and ensure that the status changed to Passed. In other cases, it will have the Unable to detect status because there is no way to identify the production domain automatically. Note that this parameter will have the Passed status only if the backup server is not joined to any domain. For medium-sized and small environments, backup infrastructure components can be placed to a separate workgroup. īackup server should not be a part of the production domainĪdding the backup server and other backup infrastructure components to a management domain in a separate Active Directory forest is the best practice for building the most secure infrastructure. For more information, see Creating Encrypted Configuration Backups. ĭata encryption for configuration backup should be enabled to secure sensitive data stored in the configuration database. For more information, see Configuration Backup and Restore. Ĭonfiguration backup should be enabled to reduce the risk of data loss and manage the Veeam Backup & Replication configuration database easier. For more information, see Managing Encryption Keys. Password loss protection should be enabled on Veeam Backup Enterprise Manager to provide an alternative way to decrypt the data if a password for encrypted backup or tape is lost. Password loss protection should be enabled
For more information, see Backup Repositories with Rotated Drives and Tape Devices Support. Offline media should be used to keep backup files in addition to virtual storage devices. Immutable repositories should be used to protect backup files from being modified or deleted. Immutable or offline (air gapped) media should be used For more information, see Multi-Factor Authentication. Multi-factor authentication (MFA) should be enabled for the Veeam Backup & Replication console to protect user accounts with additional user verification. MFA for the backup console should be enabled For more information, see this Microsoft article. Also, rules for inbound and outbound connections should be set up according to your infrastructure and Microsoft best practices.
Microsoft Defender Firewall with Advanced Security should be turned on. Remote services should be disabled if they are not needed. Remote Registry service (RemoteRegistry) should be disabled For more information, see Remote Desktop Connection to Tenant. Note that for the Veeam Cloud Connect infrastructure, this parameter must be enabled if the SP uses Remote Desktop Protocol (RDP) to connect to the tenant backup server. Remote Desktop Service (TermService) should be disabled
0 kommentar(er)
