{"id":20170,"date":"2024-08-20T17:31:03","date_gmt":"2024-08-20T10:31:03","guid":{"rendered":"https:\/\/thegioifirewall.com\/?p=20124"},"modified":"2025-03-24T07:27:22","modified_gmt":"2025-03-24T07:27:22","slug":"bao-mat-co-so-ha-tang-trong-veeam-backup-replication","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/bao-mat-co-so-ha-tang-trong-veeam-backup-replication\/","title":{"rendered":"B\u1ea2O M\u1eacT C\u1ede S\u1ede H\u1ea0 T\u1ea6NG TRONG VEEAM BACKUP &amp; REPLICATION"},"content":{"rendered":"\n<p><strong>1.L\u1eadp k\u1ebf ho\u1ea1ch c\u1edf s\u1edf h\u1ea1 t\u1ea7ng<\/strong><\/p>\n\n\n\n<p>\u0110\u1ed1i v\u1edbi c\u00e1c m\u00f4i tr\u01b0\u1eddng l\u1edbn, vi\u1ec7c th\u00eam backup server v\u00e0 c\u00e1c th\u00e0nh ph\u1ea7n c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup kh\u00e1c v\u00e0o mi\u1ec1n qu\u1ea3n l\u00fd trong m\u1ed9t nh\u00f3m Active Directory ri\u00eang bi\u1ec7t l\u00e0 c\u00e1ch t\u1ed1t nh\u1ea5t \u0111\u1ec3 x\u00e2y d\u1ef1ng c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng an to\u00e0n nh\u1ea5t.&nbsp;<\/p>\n\n\n\n<p>\u0110\u1ed1i v\u1edbi m\u00f4i tr\u01b0\u1eddng v\u1eeba v\u00e0 nh\u1ecf, c\u00e1c th\u00e0nh ph\u1ea7n c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c \u0111\u1eb7t v\u00e0o m\u1ed9t nh\u00f3m l\u00e0m vi\u1ec7c ri\u00eang. N\u1ebfu b\u1ea1n mu\u1ed1n s\u1eed d\u1ee5ng c\u00e1c t\u00ednh n\u0103ng c\u1ee5 th\u1ec3 c\u1ee7a Veeam Backup Enterprise Manager, ch\u1eb3ng h\u1ea1n nh\u01b0 x\u00e1c th\u1ef1c SAML ho\u1eb7c kh\u00f4i ph\u1ee5c c\u00e1c m\u1ee5c Microsoft Exchange, b\u1ea1n c\u00f3 th\u1ec3 th\u00eam th\u00e0nh ph\u1ea7n n\u00e0y v\u00e0o mi\u1ec1n.<\/p>\n\n\n\n<p>Trong c\u1ea3 hai tr\u01b0\u1eddng h\u1ee3p, c\u00e1c th\u00e0nh ph\u1ea7n c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup ph\u1ea3i \u0111\u01b0\u1ee3c \u0111\u1eb7t v\u00e0o m\u1ed9t m\u1ea1ng ri\u00eang n\u1ebfu c\u00f3. Ngo\u00e0i ra, n\u00ean s\u1eed d\u1ee5ng kho l\u01b0u tr\u1eef Hardened Repository.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/08\/bao-mat-co-so-ha-tang-trong-veeam-backup-replication-1024x536.jpg\" alt=\"\" class=\"wp-image-20126\"\/><\/figure>\n\n\n\n<p><strong>2.Backup Server<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 b\u1ea3o m\u1eadt backup server, h\u00e3y xem x\u00e9t c\u00e1c khuy\u1ebfn ngh\u1ecb sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>H\u1ea1n ch\u1ebf k\u1ebft n\u1ed1i ra ngo\u00e0i:<\/strong> \u0110\u1ec3 b\u1eadt ki\u1ec3m tra c\u1eadp nh\u1eadt s\u1ea3n ph\u1ea9m, c\u1eadp nh\u1eadt gi\u1ea5y ph\u00e9p t\u1ef1 \u0111\u1ed9ng v\u00e0 b\u00e1o c\u00e1o s\u1eed d\u1ee5ng gi\u1ea5y ph\u00e9p, Backup Server ph\u1ea3i \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i v\u1edbi Internet v\u00e0 c\u00f3 th\u1ec3 g\u1eedi y\u00eau c\u1ea7u \u0111\u1ebfn c\u00e1c m\u00e1y ch\u1ee7 tr\u00ean Internet. Ch\u1ec9 cho ph\u00e9p k\u1ebft n\u1ed1i HTTPS v\u1edbi Veeam Update Notification Server (dev.veeam.com), Veeam License Update Servers (vbr.butler.veeam.com, autolk.veeam.com), v\u00e0 v\u00e0 m\u00e1y ch\u1ee7 Microsoft WSUS ho\u1eb7c c\u00e1c trang web Microsoft Update.<\/li>\n\n\n\n<li><strong>H\u1ea1n ch\u1ebf k\u1ebft n\u1ed1i g\u1eedi \u0111\u1ebfn:<\/strong> Kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p k\u1ebft n\u1ed1i \u0111\u1ebfn c\u00e1c Backup Server t\u1eeb internet. N\u1ebfu mu\u1ed1n qu\u1ea3n l\u00fd Backup Server t\u1eeb xa qua Internet, b\u1ea1n c\u00f3 th\u1ec3 tri\u1ec3n khai Veeam Backup &amp; Replication console. C\u00e1c nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 mu\u1ed1n qu\u1ea3n l\u00fd Backup Server t\u1eeb xa c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng ch\u1ee9c n\u0103ng Veeam Backup Remote Access. T\u00e0i kho\u1ea3n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 truy c\u1eadp RDP kh\u00f4ng \u0111\u01b0\u1ee3c c\u00f3 \u0111\u1eb7c quy\u1ec1n Qu\u1ea3n tr\u1ecb vi\u00ean (Administrator) c\u1ee5c b\u1ed9 v\u00e0 b\u1ea1n kh\u00f4ng bao gi\u1edd \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng ch\u1ee9c n\u0103ng th\u00f4ng tin x\u00e1c th\u1ef1c \u0111\u00e3 l\u01b0u \u0111\u1ec3 truy c\u1eadp RDP ho\u1eb7c b\u1ea5t k\u1ef3 k\u1ebft n\u1ed1i b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa n\u00e0o kh\u00e1c. \u0110\u1ec3 h\u1ea1n ch\u1ebf ng\u01b0\u1eddi d\u00f9ng l\u01b0u th\u00f4ng tin x\u00e1c th\u1ef1c RDP, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng Ch\u00ednh s\u00e1ch nh\u00f3m Group Policy.<\/li>\n\n\n\n<li><strong>M\u00e3 h\u00f3a l\u01b0u l\u01b0\u1ee3ng backup:<\/strong> Theo m\u1eb7c \u0111\u1ecbnh, Veeam Backup &amp; Replication m\u00e3 h\u00f3a l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng \u0111\u01b0\u1ee3c truy\u1ec1n gi\u1eefa c\u00e1c m\u1ea1ng public \u0110\u1ec3 \u0111\u1ea3m b\u1ea3o li\u00ean l\u1ea1c an to\u00e0n v\u1edbi d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m trong ph\u1ea1m vi ranh gi\u1edbi c\u1ee7a c\u00f9ng m\u1ed9t m\u1ea1ng, h\u00e3y m\u00e3 h\u00f3a l\u01b0u l\u01b0\u1ee3ng sao l\u01b0u trong c\u00e1c m\u1ea1ng ri\u00eang.\u00a0<\/li>\n\n\n\n<li><strong>S\u1eed d\u1ee5ng x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 (multi-factor authentication):<\/strong> B\u1eadt x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 (MFA) trong Veeam Backup &amp; Replication console \u0111\u1ec3 b\u1ea3o v\u1ec7 t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng b\u1eb1ng x\u00e1c minh ng\u01b0\u1eddi d\u00f9ng b\u1ed5 sung.<\/li>\n\n\n\n<li><strong>S\u1eed d\u1ee5ng ch\u1ee9ng ch\u1ec9 TLS t\u1ef1 k\u00fd \u0111\u01b0\u1ee3c t\u1ea1o b\u1edfi Veeam Backup &amp; Replication<\/strong>: Lo\u1ea1i ch\u1ee9ng ch\u1ec9 n\u00e0y \u0111\u01b0\u1ee3c khuy\u00ean d\u00f9ng \u0111\u1ec3 thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i an to\u00e0n t\u1eeb c\u00e1c th\u00e0nh ph\u1ea7n c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup \u0111\u1ebfn Backup Server.<\/li>\n\n\n\n<li><strong>Gi\u1ea3m s\u1ed1 phi\u00ean ng\u01b0\u1eddi d\u00f9ng m\u1edf trong th\u1eddi gian d\u00e0i:<\/strong> \u0110\u1eb7t th\u1eddi gian ch\u1edd kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng (timeout) \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng \u0111\u0103ng xu\u1ea5t (log off) ng\u01b0\u1eddi d\u00f9ng. \u0110\u1ec3 l\u00e0m \u0111i\u1ec1u n\u00e0y \u0111i t\u1edbi <strong>Users and Roles<\/strong>. Ch\u1ecdn <strong>Enable auto log off after &lt;number> min of inactivity<\/strong> v\u00e0 \u0111\u1eb7t s\u1ed1 ph\u00fat.<\/li>\n\n\n\n<li><strong>H\u1ea1n ch\u1ebf c\u00e1c m\u00e1y \u1ea3o Linux v\u00e0 m\u00e1y ch\u1ee7 Linux kh\u00f4ng \u0111\u00e1ng tin c\u1eady k\u1ebft n\u1ed1i v\u1edbi backup server:<\/strong> B\u1eadt x\u00e1c minh SSH fingerprint th\u1ee7 c\u00f4ng cho c\u00e1c m\u00e1y kh\u00f4ng \u0111\u00e1p \u1ee9ng c\u00e1c \u0111i\u1ec1u ki\u1ec7n c\u1ee5 th\u1ec3.<\/li>\n\n\n\n<li><strong>S\u1eed d\u1ee5ng Access Control List (ACL) \u0111\u01b0\u1ee3c \u0111\u1ec1 xu\u1ea5t cho th\u01b0 m\u1ee5c c\u00e0i \u0111\u1eb7t t\u00f9y ch\u1ec9nh:<\/strong> N\u1ebfu b\u1ea1n ch\u1ec9 \u0111\u1ecbnh th\u01b0 m\u1ee5c c\u00e0i \u0111\u1eb7t t\u00f9y ch\u1ec9nh cho Veeam Backup &amp; Replication, h\u00e3y s\u1eed d\u1ee5ng c\u1ea5u h\u00ecnh ACL \u0111\u01b0\u1ee3c \u0111\u1ec1 xu\u1ea5t \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng leo thang \u0111\u1eb7c quy\u1ec1n (privilege escalation) v\u00e0 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd (ACE). X\u00f3a t\u1ea5t c\u1ea3 c\u00e1c quy\u1ec1n \u0111\u01b0\u1ee3c k\u1ebf th\u1eeba kh\u1ecfi th\u01b0 m\u1ee5c n\u00e0y. Sau \u0111\u00f3, th\u00eam c\u00e1c quy\u1ec1n sau:\n<ul class=\"wp-block-list\">\n<li>Administrators: Full control, \u00e1p d\u1ee5ng cho folder, subfolder v\u00e0 file n\u00e0y<\/li>\n\n\n\n<li>SYSTEM: Full control, \u00e1p d\u1ee5ng cho folder, subfolder v\u00e0 file n\u00e0y<\/li>\n\n\n\n<li>CREATOR OWNER: Full control, ch\u1ec9 \u00e1p d\u1ee5ng cho subfolder v\u00e0 file<\/li>\n\n\n\n<li>Users: Read &amp; Execute, \u00e1p d\u1ee5ng cho folder, subfolder v\u00e0 file n\u00e0y<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>3.C\u1edf s\u1edf d\u1eef li\u1ec7u Veeam Backup &amp; Replication<\/strong><\/p>\n\n\n\n<p>C\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ea5u h\u00ecnh Veeam Backup &amp; Replication l\u01b0u tr\u1eef th\u00f4ng tin x\u00e1c th\u1ef1c c\u1ee7a t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng c\u1ea7n thi\u1ebft \u0111\u1ec3 k\u1ebft n\u1ed1i v\u1edbi m\u00e1y ch\u1ee7 \u1ea3o v\u00e0 c\u00e1c h\u1ec7 th\u1ed1ng kh\u00e1c trong c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup. T\u1ea5t c\u1ea3 m\u1eadt kh\u1ea9u \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong c\u01a1 s\u1edf d\u1eef li\u1ec7u \u0111\u1ec1u \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a. Tuy nhi\u00ean, ng\u01b0\u1eddi d\u00f9ng c\u00f3 \u0111\u1eb7c quy\u1ec1n qu\u1ea3n tr\u1ecb vi\u00ean (administrator) tr\u00ean backup server c\u00f3 th\u1ec3 gi\u1ea3i m\u00e3 m\u1eadt kh\u1ea9u, \u0111\u00e2y l\u00e0 m\u1ed1i \u0111e d\u1ecda ti\u1ec1m \u1ea9n.<\/p>\n\n\n\n<p>\u0110\u1ec3 b\u1ea3o m\u1eadt c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ea5u h\u00ecnh Veeam Backup &amp; Replication, h\u00e3y xem x\u00e9t c\u00e1c \u0111\u1ec1 xu\u1ea5t sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>H\u1ea1n ch\u1ebf quy\u1ec1n truy c\u1eadp c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0o c\u01a1 s\u1edf d\u1eef li\u1ec7u:<\/strong> Ki\u1ec3m tra xem ch\u1ec9 nh\u1eefng ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c \u1ee7y quy\u1ec1n m\u1edbi c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o backup server v\u00e0 m\u00e1y ch\u1ee7 l\u01b0u tr\u1eef c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ea5u h\u00ecnh Veeam Backup &amp; Replication (n\u1ebfu c\u01a1 s\u1edf d\u1eef li\u1ec7u- database ch\u1ea1y tr\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa).<\/li>\n\n\n\n<li><strong>M\u00e3 h\u00f3a d\u1eef li\u1ec7u trong b\u1ea3n sao l\u01b0u c\u1ea5u h\u00ecnh:<\/strong> B\u1eadt m\u00e3 h\u00f3a d\u1eef li\u1ec7u \u0111\u1ec3 b\u1ea3n sao l\u01b0u c\u1ea5u h\u00ecnh nh\u1eb1m b\u1ea3o m\u1eadt d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ea5u h\u00ecnh. Ngo\u00e0i ra, h\u00e3y \u0111\u1ea3m b\u1ea3o r\u1eb1ng kho l\u01b0u tr\u1eef (repository) b\u1ea3n sao l\u01b0u c\u1ea5u h\u00ecnh kh\u00f4ng n\u1eb1m trong c\u00f9ng m\u1ea1ng v\u1edbi backup server.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/08\/bao-mat-co-so-ha-tang-trong-veeam-backup-replication.png\" alt=\"\" class=\"wp-image-20127\"\/><\/figure>\n\n\n\n<p><strong>4.Backup Repository<\/strong><\/p>\n\n\n\n<p>Backup Repositories backup and replica, h\u00e3y xem x\u00e9t c\u00e1c \u0111\u1ec1 xu\u1ea5t sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Th\u1ef1c hi\u1ec7n theo quy t\u1eafc 3-2-1:<\/strong> \u0110\u1ec3 x\u00e2y d\u1ef1ng c\u01a1 ch\u1ebf b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u th\u00e0nh c\u00f4ng, h\u00e3y s\u1eed d\u1ee5ng quy t\u1eafc 3-2-1 khi thi\u1ebft k\u1ebf c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup c\u1ee7a b\u1ea1n.<\/li>\n\n\n\n<li><strong>\u0110\u1ea3m b\u1ea3o an ninh v\u1eadt l\u00fd c\u1ee7a t\u1ea5t c\u1ea3 c\u00e1c th\u00e0nh ph\u1ea7n l\u01b0u tr\u1eef d\u1eef li\u1ec7u:<\/strong> T\u1ea5t c\u1ea3 c\u00e1c thi\u1ebft b\u1ecb bao g\u1ed3m backup repository, proxy, v\u00e0 gateway server ph\u1ea3i \u0111\u01b0\u1ee3c \u0111\u1eb7t trong khu v\u1ef1c c\u00f3 ki\u1ec3m so\u00e1t truy c\u1eadp.<\/li>\n\n\n\n<li><strong>H\u1ea1n ch\u1ebf quy\u1ec1n truy c\u1eadp c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0o backup v\u00e0 replica<\/strong>: Ki\u1ec3m tra xem ch\u1ec9 nh\u1eefng ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c \u1ee7y quy\u1ec1n m\u1edbi c\u00f3 quy\u1ec1n truy c\u1eadp c\u00e1c b\u1ea3n backup v\u00e0 replica tr\u00ean m\u00e1y ch\u1ee7 m\u1ee5c ti\u00eau.<\/li>\n\n\n\n<li><strong>M\u00e3 h\u00f3a d\u1eef li\u1ec7u trong b\u1ea3n sao l\u01b0u<\/strong>: S\u1eed d\u1ee5ng t\u00ednh n\u0103ng m\u00e3 h\u00f3a t\u00edch h\u1ee3p Veeam Backup &amp; Replication \u0111\u1ec3 b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u trong c\u00e1c b\u1ea3n sao l\u01b0u.<\/li>\n\n\n\n<li><strong>M\u00e3 h\u00f3a l\u01b0u l\u01b0\u1ee3ng SMB:<\/strong> N\u1ebfu b\u1ea1n s\u1eed d\u1ee5ng chia s\u1ebb SMB trong c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup c\u1ee7a m\u00ecnh, h\u00e3y b\u1eadt SMB signing \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng chuy\u1ec3n ti\u1ebfp NTLMv2. Ngo\u00e0i ra, b\u1eadt m\u00e3 h\u00f3a SMB.<\/li>\n\n\n\n<li><strong>K\u00edch ho\u1ea1t t\u00ednh b\u1ea5t bi\u1ebfn (immutability) cho c\u00e1c b\u1ea3n sao l\u01b0u:<\/strong> \u0110\u1ec3 b\u1ea3o v\u1ec7 c\u00e1c t\u1eadp tin sao l\u01b0u kh\u1ecfi b\u1ecb s\u1eeda \u0111\u1ed5i ho\u1eb7c x\u00f3a, b\u1ea1n c\u00f3 th\u1ec3 \u0111\u1eb7t ch\u00fang \u1edf tr\u1ea1ng th\u00e1i b\u1ea5t bi\u1ebfn. T\u00ednh n\u0103ng n\u00e0y \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 cho m\u1ecdi tier scale-out backup repository.<\/li>\n\n\n\n<li><strong>S\u1eed d\u1ee5ng ph\u01b0\u01a1ng ti\u1ec7n ngo\u1ea1i tuy\u1ebfn \u0111\u1ec3 gi\u1eef c\u00e1c t\u1ec7p sao l\u01b0u ngo\u00e0i b\u1ed9 nh\u1edb \u1ea3o.<\/strong><\/li>\n\n\n\n<li><strong>\u0110\u1ea3m b\u1ea3o t\u00ednh b\u1ea3o m\u1eadt cho mount server:<\/strong> C\u00e1c m\u00e1y th\u1ef1c hi\u1ec7n vai tr\u00f2 mount server c\u00f3 quy\u1ec1n truy c\u1eadp v\u00e0o backup repository v\u00e0 m\u00e1y ch\u1ee7 ESXi, \u0111i\u1ec1u n\u00e0y khi\u1ebfn ch\u00fang tr\u1edf th\u00e0nh ngu\u1ed3n d\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng. Ki\u1ec3m tra xem t\u1ea5t c\u1ea3 c\u00e1c \u0111\u1ec1 xu\u1ea5t b\u1ea3o m\u1eadt c\u1ea7n thi\u1ebft c\u00f3 \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng cho c\u00e1c th\u00e0nh ph\u1ea7n c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup n\u00e0y hay kh\u00f4ng.<\/li>\n<\/ul>\n\n\n\n<p><strong>5.Veeam Backup Enterprise Manager<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 b\u1ea3o m\u1eadt m\u00e1y ch\u1ee7 Veeam Backup Enterprise Manager, h\u00e3y xem x\u00e9t c\u00e1c \u0111\u1ec1 xu\u1ea5t sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>C\u00e0i \u0111\u1eb7t m\u00e1y ch\u1ee7 Veeam Backup &amp; Replication v\u00e0 Veeam Backup Enterprise Manager tr\u00ean c\u00e1c m\u00e1y kh\u00e1c nhau:<\/strong> Tri\u1ec3n khai Veeam Backup Enterprise Manager tr\u00ean m\u1ed9t m\u00e1y ch\u1ee7 kh\u00e1c v\u1edbi m\u00e1y ch\u1ee7 Veeam Backup &amp; Replication \u0111\u1ec3 ng\u0103n ch\u1eb7n cu\u1ed9c t\u1ea5n c\u00f4ng thay \u0111\u1ed5i kh\u00f3a. Ngay c\u1ea3 khi m\u1eadt kh\u1ea9u b\u1ecb m\u1ea5t do truy c\u1eadp tr\u00e1i ph\u00e9p, b\u1ea1n v\u1eabn c\u00f3 th\u1ec3 kh\u00f4i ph\u1ee5c d\u1eef li\u1ec7u b\u1ecb m\u1ea5t v\u1edbi s\u1ef1 tr\u1ee3 gi\u00fap c\u1ee7a Enterprise Manager.<\/li>\n\n\n\n<li><strong>K\u00edch ho\u1ea1t t\u00ednh n\u0103ng b\u1ea3o v\u1ec7 m\u1ea5t m\u1eadt kh\u1ea9u m\u00e3 h\u00f3a:<\/strong> \u0110\u1ec3 c\u1ea3i thi\u1ec7n kh\u1ea3 n\u0103ng b\u1ea3o v\u1ec7 ch\u1ed1ng m\u1ea5t d\u1eef li\u1ec7u, h\u00e3y cung c\u1ea5p m\u1ed9t c\u00e1ch kh\u00e1c \u0111\u1ec3 gi\u1ea3i m\u00e3 d\u1eef li\u1ec7u n\u1ebfu m\u1ea5t m\u1eadt kh\u1ea9u cho b\u1ea3n sao l\u01b0u ho\u1eb7c tape \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a.<\/li>\n\n\n\n<li><strong>S\u1eed d\u1ee5ng Access Control List (ACL) \u0111\u01b0\u1ee3c \u0111\u1ec1 xu\u1ea5t cho th\u01b0 m\u1ee5c c\u00e0i \u0111\u1eb7t t\u00f9y ch\u1ec9nh:<\/strong> N\u1ebfu b\u1ea1n ch\u1ec9 \u0111\u1ecbnh th\u01b0 m\u1ee5c c\u00e0i \u0111\u1eb7t t\u00f9y ch\u1ec9nh cho Veeam Backup Enterprise Manager, s\u1eed d\u1ee5ng c\u1ea5u h\u00ecnh ACL \u0111\u01b0\u1ee3c \u0111\u1ec1 xu\u1ea5t \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng leo thang \u0111\u1eb7c quy\u1ec1n (privilege escalation)\u00a0 v\u00e0 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd (ACE). X\u00f3a t\u1ea5t c\u1ea3 c\u00e1c quy\u1ec1n \u0111\u01b0\u1ee3c k\u1ebf th\u1eeba kh\u1ecfi th\u01b0 m\u1ee5c n\u00e0y. Sau \u0111\u00f3, th\u00eam c\u00e1c quy\u1ec1n sau:\n<ul class=\"wp-block-list\">\n<li>Administrators: Full control, \u00e1p d\u1ee5ng cho folder, subfolder v\u00e0 file n\u00e0y<\/li>\n\n\n\n<li>SYSTEM: Full control, \u00e1p d\u1ee5ng cho folder, subfolder v\u00e0 file n\u00e0y<\/li>\n\n\n\n<li>CREATOR OWNER: Full control, ch\u1ec9 \u00e1p d\u1ee5ng cho subfolder v\u00e0 file<\/li>\n\n\n\n<li>Users: Read &amp; Execute, \u00e1p d\u1ee5ng cho folder, subfolder v\u00e0 file n\u00e0y<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>6.Veeam Cloud Connect<\/strong><\/p>\n\n\n\n<p>Veeam Cloud Connect b\u1ea3o m\u1eadt li\u00ean l\u1ea1c gi\u1eefa ph\u00eda nh\u00e0 cung c\u1ea5p v\u00e0 ph\u00eda \u0111\u1ed1i t\u01b0\u1ee3ng thu\u00ea b\u1eb1ng TLS. N\u1ebfu k\u1ebb t\u1ea5n c\u00f4ng l\u1ea5y \u0111\u01b0\u1ee3c kh\u00f3a ri\u00eang (private key) c\u1ee7a nh\u00e0 cung c\u1ea5p, l\u01b0u l\u01b0\u1ee3ng backup c\u00f3 th\u1ec3 b\u1ecb nghe l\u00e9n v\u00e0 gi\u1ea3i m\u00e3. K\u1ebb t\u1ea5n c\u00f4ng c\u0169ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng ch\u1ee9ng ch\u1ec9 \u0111\u1ec3 m\u1ea1o danh nh\u00e0 cung c\u1ea5p (t\u1ea5n c\u00f4ng trung gian man-in-the-middle). \u0110\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro, nh\u00e0 cung c\u1ea5p Veeam Cloud Connect ph\u1ea3i \u0111\u1ea3m b\u1ea3o r\u1eb1ng ch\u1ee9ng ch\u1ec9 TLS \u0111\u01b0\u1ee3c l\u01b0u gi\u1eef \u1edf n\u01a1i c\u00f3 \u0111\u1ed9 b\u1ea3o m\u1eadt cao v\u00e0 b\u00ean th\u1ee9 ba kh\u00f4ng th\u1ec3 ph\u00e1t hi\u1ec7n \u0111\u01b0\u1ee3c.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/08\/bao-mat-co-so-ha-tang-trong-veeam-backup-replication-1-1024x1024.png\" alt=\"\" class=\"wp-image-20128\"\/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>1.L\u1eadp k\u1ebf ho\u1ea1ch c\u1edf s\u1edf h\u1ea1 t\u1ea7ng \u0110\u1ed1i v\u1edbi c\u00e1c m\u00f4i tr\u01b0\u1eddng l\u1edbn, vi\u1ec7c th\u00eam backup server v\u00e0 c\u00e1c th\u00e0nh ph\u1ea7n c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng backup kh\u00e1c v\u00e0o mi\u1ec1n qu\u1ea3n l\u00fd trong m\u1ed9t nh\u00f3m Active Directory ri\u00eang bi\u1ec7t l\u00e0 c\u00e1ch t\u1ed1t nh\u1ea5t \u0111\u1ec3 x\u00e2y d\u1ef1ng c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng an to\u00e0n nh\u1ea5t.&nbsp; \u0110\u1ed1i v\u1edbi m\u00f4i [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":20265,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[80],"tags":[385],"class_list":["post-20170","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-huong-dan-tai-lieu","tag-veeam-backup-replication","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=20170"}],"version-history":[{"count":1,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20170\/revisions"}],"predecessor-version":[{"id":20308,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20170\/revisions\/20308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/20265"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=20170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=20170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=20170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}