ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Backup File Server to DAS

    Scheduled Pinned Locked Moved IT Discussion
    dasstoragebackupfile server
    497 Posts 13 Posters 411.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @DustinB3403
      last edited by

      @DustinB3403 said:

      I'm replying to @Dashrender and @IT-ADMIN so I don't know why you'd be restoring to identical hardware.

      Unless you were backing up a physical host, expecting the physical host to die because of something software related, not hardware related.

      I'd expect you to more likely restore to different hardware. Which is why I raised the point.

      In which case the backup is likely not any good.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @IT-ADMIN
        last edited by

        @IT-ADMIN said:

        @Dashrender said:

        @IT-ADMIN said:

        @coliver said:

        This. Even with a proper backup you will probably have to re-authorize your key when you restore to the same (or similar) hardware.

        i said that because our friend @coliver said the above 👆

        He's absolutely right on the similar, but probably not if it was the same.

        @scottalanmiller and @DustinB3403 are right though, when would you ever do a full restore to the same hardware?

        I suppose if you needed to completely redo the underlying harddrive setup on a server that could be the case, that's so rare as to not even be considered. If you get a replacement motherboard put into the same server, from a software perspective that's no longer the same hardware, so you'd most likely get a re authorization.

        ah ok in case of hardware change (cpu, RAM, HD, motherboard) otherwise the backup would be made without activation

        How will you do a restore without one of those things changing?

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @IT-ADMIN
          last edited by

          @IT-ADMIN said:

          @DustinB3403 said:

          I'm replying to @Dashrender and @IT-ADMIN so I don't know why you'd be restoring to identical hardware.

          Unless you were backing up a physical host, expecting the physical host to die because of something software related, not hardware related.

          I'd expect you to more likely restore to different hardware. Which is why I raised the point.

          ah ok, thank you for clarifying that, so in this case i can restore my physical server in case of software failure with a previous system image without triggering any activation process (no hardware change)

          Sure, but is that really what your backup is for? This is a very edge case. You have a backup system that's only purpose is to handle the scenario where the software has died and you want to fall back to an older version of the system? What will stop it from dying again right away? Is software "dying" a real concern (other than patching?)

          1 Reply Last reply Reply Quote 0
          • IT-ADMINI
            IT-ADMIN
            last edited by

            if a virus take over the system or a ransomware lock my file server for example, in this case i think a system restore would solve the problem right ??

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @IT-ADMIN
              last edited by

              @IT-ADMIN said:

              if a virus take over the system or a ransomware lock my file server for example, in this case i think a system restore would solve the problem right ??

              Correct. As long as you don't use something like Windows backup attached to a DAS 😉 Which is what we were warning about earlier. If you have Veeam and a NAS without a mapped drive, you are likely okay. This is where you want tape to be really safe.

              1 Reply Last reply Reply Quote 0
              • IT-ADMINI
                IT-ADMIN
                last edited by

                how to make a NAS not mapped, is it by using username and password right ??

                coliverC scottalanmillerS 2 Replies Last reply Reply Quote 0
                • coliverC
                  coliver @IT-ADMIN
                  last edited by coliver

                  @IT-ADMIN said:

                  how to make a NAS not mapped, is it by using username and password right ??

                  A UNC for an SMB share would do it. \\NAS01\VeeamShare

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @IT-ADMIN
                    last edited by

                    @IT-ADMIN said:

                    how to make a NAS not mapped, is it by using username and password right ??

                    Simply don't map it! 🙂

                    IT-ADMINI 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @coliver
                      last edited by

                      @coliver said:

                      @IT-ADMIN said:

                      how to make a NAS not mapped, is it by using username and password right ??

                      A UNC for an SMB share would do it. \NAS01\VeeamShare

                      Only if the ransomware know about it or discover it. Not sure how common that is.

                      coliverC 1 Reply Last reply Reply Quote 0
                      • coliverC
                        coliver @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @coliver said:

                        @IT-ADMIN said:

                        how to make a NAS not mapped, is it by using username and password right ??

                        A UNC for an SMB share would do it. \NAS01\VeeamShare

                        Only if the ransomware know about it or discover it. Not sure how common that is.

                        Would they do that? I've never heard of ransomware digging around for a UNC path. You could also setup the Veeam service to run as a different user account and give write access to that specific user.

                        J 1 Reply Last reply Reply Quote 0
                        • J
                          Jason Banned @coliver
                          last edited by

                          @coliver said:

                          Would they do that? I've never heard of ransomware digging around for a UNC path. You could also setup the Veeam service to run as a different user account and give write access to that specific user.

                          CryptoWall will

                          coliverC 1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            I thought maybe. Any guess what it does to seek it out? Does it look in Veeam config files, just hunt through DNS, etc?

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              I would assume that having an account to access the NAS that is not a normal user or admin account will help so that only if the backup user is compromised that it can attack it?

                              1 Reply Last reply Reply Quote 0
                              • coliverC
                                coliver @Jason
                                last edited by coliver

                                @Jason said:

                                @coliver said:

                                Would they do that? I've never heard of ransomware digging around for a UNC path. You could also setup the Veeam service to run as a different user account and give write access to that specific user.

                                CryptoWall will

                                How does it discover it? If you are just putting the UNC path in the Veeam configuration then it should have no way of finding it. Even if it could find it if you lock it down to one specific user wouldn't that add a layer of protection? I'm asking hypothetically as I really don't know a lot about how this type of malware works.

                                J 1 Reply Last reply Reply Quote 0
                                • IT-ADMINI
                                  IT-ADMIN @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  @IT-ADMIN said:

                                  how to make a NAS not mapped, is it by using username and password right ??

                                  Simply don't map it! 🙂

                                  great, so i shouldn't create a map drive (pointing to NAS) in the server sending the backup to the NAS

                                  scottalanmillerS dafyreD 2 Replies Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @IT-ADMIN
                                    last edited by

                                    @IT-ADMIN said:

                                    @scottalanmiller said:

                                    @IT-ADMIN said:

                                    how to make a NAS not mapped, is it by using username and password right ??

                                    Simply don't map it! 🙂

                                    great, so i shouldn't create a map drive (pointing to NAS) in the server sending the backup to the NAS

                                    We've made that clear from the beginning of the thread that mapping the NAS would instantly expose it like a DAS to Ransonware. That's been repeated over and over.

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      Jason Banned @coliver
                                      last edited by

                                      @coliver said:

                                      How does it discover it?

                                      UNC is easily discoverable, all it has to do is turn on network discovery and look for shares, and many companies likely leave it on.

                                      1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender
                                        last edited by

                                        Would hiding the shares with a $ make any difference in this situation?

                                        J 1 Reply Last reply Reply Quote 0
                                        • J
                                          Jason Banned @Dashrender
                                          last edited by

                                          @Dashrender said:

                                          Would hiding the shares with a $ make any difference in this situation?

                                          doubt it, that's not really hidden, it's up to the client device to hide it from the end user. Windows explorer hides it from the user. Linux and others do not.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @Jason
                                            last edited by

                                            @Jason said:

                                            @Dashrender said:

                                            Would hiding the shares with a $ make any difference in this situation?

                                            doubt it, that's not really hidden, it's up to the client device to hide it from the end user. Windows explorer hides it from the user. Linux and others do not.

                                            Which means that the ransomeware code is not going to hide it either. Likely it won't even notice that you've attempted to hide something. Much like MS Office security, open those files with something other than MS Office and that private data hidden in there is exposed in such a way that the people using it are not even aware that you thought that you were hiding it.

                                            DashrenderD 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 21
                                            • 22
                                            • 23
                                            • 24
                                            • 25
                                            • 24 / 25
                                            • First post
                                              Last post