Authentication protocols
Authentication protocols are standardized methods used to verify a user’s identity when accessing a network or system. They are essential for secure communication and data protection by ensuring only authorized users gain access. These protocols define how parties exchange information to verify identity and manage access rights.
Veeam Backup & Replication utilizes various authentication protocols to secure access to their features and data. These protocols include Kerberos, NTLM, and SAML 2.0, among others, ensuring a secure and reliable backup infrastructure.
Specific Authentication Protocols Used by Veeam:
Kerberos Veeam Backup & Replication primarily uses Kerberos for domain authentication, with NTLM supported for compatibility, especially when working with older Windows Server versions.
NTLM NTLM is a less secure authentication protocol compared to Kerberos, but it’s supported for backward compatibility in some Veeam configurations. Since Veeam Backup & Replication v12, a kerberos-only architecture is possible and NTLM authentication is disabled by default; keep it disabled unless is really necessary to use it for backward compatibility.
SAML 2.0 Veeam Backup Enterprise Manager supports single sign-on (SSO) based on the SAML 2.0 protocol, allowing users to access the platform after logging into a SSO service.
Also, while they are not technically Authentication Protocols, Veeam Backup & Replication supports authentication security technologies like:
Multi-Factor Authentication (MFA) Veeam Backup & Replication supports MFA, adding an extra layer of security by requiring a one-time password (OTP) generated on a mobile authenticator app in addition to a user’s login and password.
SSH Veeam Backup & Replication uses SSH to communicate with Linux servers, and it’s crucial to use strong and proven encryption algorithms, with sufficient key length. Ensure that private keys are kept in a highly secure place and cannot be uncovered by a 3rd party.