Hyper-V Backup and Secure DMZ Servers: A How-to Guide
From a security point of view, a secure option that is being used for example by VPS hosting providers that we work with, is to DMZ the VMs, not the hyper-v host.
By DMZ-ing the VMs instead of the host, you can access and backup the host as usual and have only the VMs exposed to the outside. Attackers cannot easily access the host from the VM. Only the Hyper-V integration services would potentially and theoretically permit some malicious software perhaps to talk to the host; however, Microsoft has safeguarded this quite well so far.
All strategies including the above have their own pros and cons:
- Adding a new backup NAS in the internal LAN and open the port between DMZ Hyper-V Server for backups
In that case the attacker takes over the host and can do whatever he wants, including damaging the backup device. By the way, ransomware does this, too. It can find network access shares and damage all files there as well.
- Adding a new NAS in the DMZ. Pro: no need change anything in the firewall
In that case the downside is the attacker could gain full access to the host, all VMs on it, and all backups of it, leaving you potentially with nothing to restore from in case of an attack.
If you DMZ all VMs using static IP addresses, the risk is limited to the internals of each VM. The downside is you need to DMZ all VMs separately, but the host would remain on the internal network and protected as-is, including backups etc.
Another security ‘trick’ is to setup an isolated virtual switch and attach a separate NIC for those DMZ VMs so the VMs have no way of talking to the internal network, including the host. That would give you another layer of security in case someone hacks into the VM.
Welcome to BackupChain, the Hyper-V Server Backup Software for IT Professionals!
Download BackupChain now, our Server 2016 backup software that is specifically made for IT pros. Cloud backup, Hyper-V virtual machine backup, VMware server backup, Exchange server backup, and complete file server backup, all in one package. Beyond server backup, BackupChain also includes a DIY cloud server that works on all versions of Windows from XP to Windows 10, and from Windows Server 2003 to Windows Server 2016.
Backup Software Overview
BackupChain Server Backup SoftwareDownload BackupChain
Cloud Backup
Backup VMware Workstation
Backup FTP
Backup VirtualBox
Backup File Server
Hyper-V Backup
Backup Hyper-VPopular
- Hyper-V Links, Guides, Tutorials & Comparisons
- Veeam Alternative
- How to Back up Cluster Shared Volumes
- DriveMaker: Map FTP, SFTP, S3 Site to a Drive Letter (Freeware)
Resources
- Free Hyper-V Server
- Remote Desktop Services Blog
- SCDPM Blog
- SCOM Blog
- V4 Articles
- Knowledge Base
- FAQ
- Sitemap
- Backup Education
- Archive 2024
- Archive 2022
- Archive 2021
- Archive 2020
- Archive 2018
- Archive 2017
- Archive 2016
- Archive 2015
- Archive 2014
- Archive 2013
- Hyper-V Scripts in PowerShell
- FastNeuron
- BackupChain (Greek)
- BackupChain (Deutsch)
- BackupChain (Spanish)
- BackupChain (French)
- BackupChain (Dutch)
- BackupChain (Italian)
Backup Software List
BackupChain
Veeam
Unitrends
Symantec Backup Exec
BackupAssist
Acronis
Zetta
Altaro
Windows Server Backup
Microsoft DPM
Ahsay
CommVault
IBM
Other Backup How-To Guides
- List of Effective Hyper-V Backup Strategies
- How to Convert from Dynamic VHD/VHDX Disk Format to / from Fixed in Hyper-V
- What are Hyper-V Checkpoints, Snapshots, and VSS?
- How to Fix: VM cannot be backed up …file groups reported during OnIdentify
- 0x8004230f VSS_E_UNEXPECTED_PROVIDER_ERROR VSS snapshot creation failed
- Get All VHDX for All VMs with this PowerShell Script
- Hyper-V, VMware, and VirtualBox Hypervisor Limitations
- How to Convert VHD Files to VHDX Disks in Hyper-V
- Download Links for Windows 10 & Windows Server Technical Preview
- How to fix: 0x800423f4, The writer experienced a non-transient error. If the backup process is retried, the error is likely to reoccur
- Windows Server 2022 ISO Preview – Free Download
- Helpful Hyper-V Links
- Windows Server 2016 Download Location ISO File
- How to remove Acronis and StorageCraft VSS driver / provider
- Incremental Backup vs. Differential Backup
- Avoid Saved State Backup and Check Hyper-V Integration Service Versions Automatically
- Hyper-V Server 2008 R2: Important Hotfixes and Updates
- How to Fix VSS Timeout Error VSS_E_FLUSH_WRITES_TIMEOUT
- KB 2885465: CPU resources are not allocated correctly for VMs on Windows Server 2012
- Windows Server 2025 Direct ISO Download Link
