Two different credentials for vCenter
Hi
Using Netbackup 10 I create backup of my virtual hosts via connecting to vSphere vCenter infrastructure.
As we all know It is not safe to use a user with full permission (Write permission) to create backups while it is mandatory to use a write-enabled user for restoring backups.
The problem is every time I need to do a restore I should change the credentials added to Netbackup to another user. Isn't it possible to add two different credentials for one vCenter and choose which one to use in backup and restore operations?
Regards,
Hello
Well maybe you have to take out one ESXi server of vSphere management and use it as stand alone ESXi for restores. Then you can have this limited account tight to vSphere for backups and full account configured against ESXi for restores. Can you afford to dedicate one ESXi sitting idle waiting for eventual restore? Maybe it can be really small machine. These are my two cents...
I am unsure how this bad actor gained access to vmware from NBU? All the stored passwords are encrypted.. And from NBU I cannot see an option to do what you've described. Maybe there was a file with user/pwd stored out there? Also how come you can tell it was taken from NBU server?