Veeam Backup & Replication 11 on VMware Cloud on AWS
Article ID: 326569
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
This article provides information about Veeam® Backup & Replication™
Resolution
Here is a summary of target use cases for data protection, including solution architecture information, solution components, and support information for Veeam Backup & Replication.
For information pertaining to use cases that are not supported by Veeam for VMware Cloud on AWS, please see https://www.veeam.com/kb2414.
The Veeam backup infrastructure comprises a set of components. Some components can be deployed
with the help of the setup file. Other components can be deployed via the Veeam Backup & Replication
console.
The backup server is a Windows-based physical or virtual machine on which Veeam Backup &
Replication is installed. It is the core component in the backup infrastructure that fills the role of the
“configuration and control center”. The backup server performs all types of administrative activities:
default backup proxy and the backup repository (it manages data handling and data storing tasks). For
more information regarding the services and components for the backup server, please visit
https://helpcenter.veeam.com/.
The Veeam Backup & Replication console is a separate client-side component that provides access to
the backup server. The console is installed locally on the backup server by default. You can also use it in
a standalone mode — install the console on a dedicated machine and access Veeam Backup &
Replication remotely over the network. The console lets you log in to Veeam Backup & Replication and
perform all kind of data protection and disaster recovery operations as if you work on the backup server.
For more information regarding installing and configuring the Veeam Backup & Replication console,
please visit https://helpcenter.veeam.com/docs/backup/vsphere/remote_console.html?ver=100.
You can add the following types of servers and hosts to the backup infrastructure:
For more information on which roles may be assigned to the different types of servers, please visit
https://helpcenter.veeam.com/docs/backup/vsphere/setup_add_server.html?ver=100.
A backup proxy is an architecture component that sits between the ESXi server and other components
of the backup infrastructure. While the backup server administers tasks, the proxy processes jobs and
delivers backup traffic.
Basic backup proxy tasks include the following:
VMware HotAdd mode only. This processing mode is referred to as “Veeam Virtual Appliance Mode”.
For more information regarding deploying the proxy, selecting transport modes, and services used by
the backup proxy, please visit https://helpcenter.veeam.com/docs/backup/vsphere/backup_proxy.html?ver=100.
A backup repository is a storage location where you can keep backup files, VM copies and metadata for
replicated VMs. For more information regarding configuration and the types of backup repositories in
the backup infrastructure, please visit https://helpcenter.veeam.com/docs/backup/vsphere/backup_repository_simple.html?ver=100.
For more information pertaining to other backup infrastructure components such as the Guest
Interaction Proxy, Mount Server, WAN accelerators, and Backup Enterprise Manager, please visit
https://helpcenter.veeam.com/docs/backup/vsphere/components.html?ver=100.
following recommendations and requirements on the backup infrastructure deployment:
Cloud on AWS. This is required for VMware Cloud on AWS specific Hot-Add processing.
Cloud Connect to transfer backups to the cloud. Note that in this scenario you may be charged
additional fees for traffic from VMware Cloud on AWS to the internet.
To add VMware Cloud on AWS to the backup infrastructure, follow the same steps as described in the
Adding VMware vSphere Servers section. It is mandatory to use the full qualified domain name of the
vCenter server with the ending “.vmc.veeam.com”. A valid DNS configuration for all Veeam servers is a
prerequisite to allow use of the FQDN.
Simple deployment is preferable for VMware Cloud on AWS environments with low traffic load. Per this
deployment type, you can install the backup server and the backup proxy on the same VM.
In a simple VMware Cloud on AWS deployment the backup infrastructure includes the following
components:
Advanced deployment is intended for large-scale VMware Cloud on AWS environments with a large
number of backup and replication jobs. Per this deployment type, it is recommended to install several
backup proxies on dedicated VMs to move the workload from the backup server.
In an advanced VMware Cloud on AWS deployment the backup infrastructure includes the following
components:
To increase scalability and optimize performance in an advanced deployment, please consider the
recommendations below:
To maintain consistency with the 3-2-1 backup rule, it is recommended that you preserve a copy of your
backups at an offsite location. To transfer your backups offsite, you can leverage Veeam backup copy
jobs.
Transferring backups over the Internet may incur additional fees. As an alternative, you can store
backups in a different AWS geographical location. In this case, backup copies are transferred via the
AWS backbone. Using this AWS network capability provides data transfer at lower latency and cost
when compared to the public Internet.
To perform backup copy to a different Amazon AWS location, the backup infrastructure must contain
the following components:
TIP:
As an offsite backup solution, you can copy backups to virtual tapes and store them in Amazon
S3/Glacier cloud storage. In this case, AWS Storage Gateway performs the role of a Virtual Tape
Library (VTL).
If you have a scale-out backup repository with a capacity tier option configured, you can transfer your
backups to the capacity tier for long-term storage. To do it, you can leverage Veeam capacity tier copy
mode.
Note that capacity tier is available only as part of scale-out backup repository. For more information on capacity tier, see Capacity Tier.
To transfer backup files to the capacity tier, the backup infrastructure must contain the following components:
Some VMware features and permissions are not granted by default initially within VMware Cloud on AWS. For additional information, please consult https://www.veeam.com/kb2414.
The Veeam Backup & Replication Server and Veeam proxy server should be connected to the VMware vCenter using HTTPS through the TCP port 443. With VMware Cloud on AWS, there is no need to open ports to the ESXi hosts itself.
VMware Cloud on AWS locates the vCenter Server on another network (Management Network) so you must implement a VPN tunnel or configure the following firewall settings:
1) Open Port TCP 443 from Backup Server and Proxy Server to the predefined vCenter object on the Compute Network.
2) Allow the Compute Gateway Public IP to communicate over TCP 443 with the predefined vCenter object on the Management Network.
To connect the EC2 Server(s) used as Veeam Repositories the following firewall configuration is needed:
3) On the Compute Network
It is recommended to use the ENI Network Tunnel to avoid incurring additional fees.
4) Open the same Ports on the Inbound firewall of the Amazon EC2 Server used as Repository Server
Use Cases
- Image level backup and restore
- Restore to existing and new VMs
- vApp backup and restore
Use cases that are not supported on VMware Cloud on AWS
For information pertaining to use cases that are not supported by Veeam for VMware Cloud on AWS, please see https://www.veeam.com/kb2414.
Solution Architecture
Veeam Backup & Replication is a modular solution that lets you build a scalable backup infrastructure for environments of varied sizes and configuration. The installation package of Veeam Backup & Replication includes a set of components that you can use to configure the backup infrastructure. Some components are mandatory and provide core functionality; some components are optional and can be installed to provide additional functionality for your business and deployment needs. You can co-install Veeam Backup & Replication components on the same machine, physical or virtual, or you can set them up separately for a more scalable approach.The Veeam backup infrastructure comprises a set of components. Some components can be deployed
with the help of the setup file. Other components can be deployed via the Veeam Backup & Replication
console.
The backup server is a Windows-based physical or virtual machine on which Veeam Backup &
Replication is installed. It is the core component in the backup infrastructure that fills the role of the
“configuration and control center”. The backup server performs all types of administrative activities:
- Coordinates backup, replication, recovery verification and restore tasks
- Controls job scheduling and resource allocation
- Is used to set up and manage backup infrastructure components as well as specify global settings for the backup infrastructure
default backup proxy and the backup repository (it manages data handling and data storing tasks). For
more information regarding the services and components for the backup server, please visit
https://helpcenter.veeam.com/.
The Veeam Backup & Replication console is a separate client-side component that provides access to
the backup server. The console is installed locally on the backup server by default. You can also use it in
a standalone mode — install the console on a dedicated machine and access Veeam Backup &
Replication remotely over the network. The console lets you log in to Veeam Backup & Replication and
perform all kind of data protection and disaster recovery operations as if you work on the backup server.
For more information regarding installing and configuring the Veeam Backup & Replication console,
please visit https://helpcenter.veeam.com/docs/backup/vsphere/remote_console.html?ver=100.
You can add the following types of servers and hosts to the backup infrastructure:
- VMware Cloud on AWS vCenter Server
- VMware vSphere Server
- VMware Cloud Director
- Microsoft Windows Server
- Linux Server
For more information on which roles may be assigned to the different types of servers, please visit
https://helpcenter.veeam.com/docs/backup/vsphere/setup_add_server.html?ver=100.
A backup proxy is an architecture component that sits between the ESXi server and other components
of the backup infrastructure. While the backup server administers tasks, the proxy processes jobs and
delivers backup traffic.
Basic backup proxy tasks include the following:
- Retrieving VM data from the production storage
- Compressing
- Deduplicating
- Encrypting
- Sending it to the backup repository (for example, if you run a backup job) or another backup proxy (for example, if you run a replication job).
VMware HotAdd mode only. This processing mode is referred to as “Veeam Virtual Appliance Mode”.
For more information regarding deploying the proxy, selecting transport modes, and services used by
the backup proxy, please visit https://helpcenter.veeam.com/docs/backup/vsphere/backup_proxy.html?ver=100.
A backup repository is a storage location where you can keep backup files, VM copies and metadata for
replicated VMs. For more information regarding configuration and the types of backup repositories in
the backup infrastructure, please visit https://helpcenter.veeam.com/docs/backup/vsphere/backup_repository_simple.html?ver=100.
For more information pertaining to other backup infrastructure components such as the Guest
Interaction Proxy, Mount Server, WAN accelerators, and Backup Enterprise Manager, please visit
https://helpcenter.veeam.com/docs/backup/vsphere/components.html?ver=100.
Deployment within VMware Cloud on AWS
To perform data protection and disaster recovery tasks in VMware Cloud on AWS, consider thefollowing recommendations and requirements on the backup infrastructure deployment:
- Backup Server: it is recommended to deploy Veeam backup server in VMware Cloud on AWS environment. The machine must run Microsoft Windows.
- Backup Proxy: it is recommended to deploy backup proxy in VMware Cloud on AWS environment. The machine must run Microsoft Windows. You can assign the role of the backup proxy to a dedicated VM or to the backup server.
Cloud on AWS. This is required for VMware Cloud on AWS specific Hot-Add processing.
- Backup Repository: it is recommended to use a backup repository created outside of the VMware Cloud on AWS environment, for example, on the Amazon EC2 server. This type of deployment allows for efficient data transfer over the fast ENI connection used by VMware to communicate with AWS.
Cloud Connect to transfer backups to the cloud. Note that in this scenario you may be charged
additional fees for traffic from VMware Cloud on AWS to the internet.
To add VMware Cloud on AWS to the backup infrastructure, follow the same steps as described in the
Adding VMware vSphere Servers section. It is mandatory to use the full qualified domain name of the
vCenter server with the ending “.vmc.veeam.com”. A valid DNS configuration for all Veeam servers is a
prerequisite to allow use of the FQDN.
Simple Deployment
Simple deployment is preferable for VMware Cloud on AWS environments with low traffic load. Per thisdeployment type, you can install the backup server and the backup proxy on the same VM.
In a simple VMware Cloud on AWS deployment the backup infrastructure includes the following
components:
- Source ESXi host(s)
- Veeam backup server
- Veeam backup repository: an EC2 instance in AWS
Advanced Deployment
Advanced deployment is intended for large-scale VMware Cloud on AWS environments with a largenumber of backup and replication jobs. Per this deployment type, it is recommended to install several
backup proxies on dedicated VMs to move the workload from the backup server.
In an advanced VMware Cloud on AWS deployment the backup infrastructure includes the following
components:
- Source ESXi host(s)
- Veeam backup server
- Several Veeam backup proxies for better performance and workload distribution
- Veeam backup repository: an EC2 instance in AWS
To increase scalability and optimize performance in an advanced deployment, please consider the
recommendations below:
- Deploy additional backup proxies.
- Scale accordingly CPU and RAM resources of the EC2 instance used as a backup repository. Ensure it has enough free space for storing backups.
Deployment Scenarios for Offsite Backup
To maintain consistency with the 3-2-1 backup rule, it is recommended that you preserve a copy of yourbackups at an offsite location. To transfer your backups offsite, you can leverage Veeam backup copy
jobs.
Transferring backups over the Internet may incur additional fees. As an alternative, you can store
backups in a different AWS geographical location. In this case, backup copies are transferred via the
AWS backbone. Using this AWS network capability provides data transfer at lower latency and cost
when compared to the public Internet.
To perform backup copy to a different Amazon AWS location, the backup infrastructure must contain
the following components:
- Source ESXi host(s)
- Veeam backup server
- Veeam backup proxy
- Veeam backup repository: an EC2 instance in AWS
- Veeam backup repository for backup copy: an EC2 instance in another AWS location
TIP:
As an offsite backup solution, you can copy backups to virtual tapes and store them in Amazon
S3/Glacier cloud storage. In this case, AWS Storage Gateway performs the role of a Virtual Tape
Library (VTL).
Deployment Scenarios for Capacity Tier
If you have a scale-out backup repository with a capacity tier option configured, you can transfer yourbackups to the capacity tier for long-term storage. To do it, you can leverage Veeam capacity tier copy
mode.
Note that capacity tier is available only as part of scale-out backup repository. For more information on capacity tier, see Capacity Tier.
To transfer backup files to the capacity tier, the backup infrastructure must contain the following components:
- Source ESXi host
- Veeam backup server
- Veeam backup proxy
- Veeam backup repository: an EC2 instance in AWS
- A configured scale-out backup repository with an object storage added as a capacity extent
Considerations, Limitations and Troubleshooting
Some VMware features and permissions are not granted by default initially within VMware Cloud on AWS. For additional information, please consult https://www.veeam.com/kb2414.
VMware Cloud on AWS firewall configuration
The Veeam Backup & Replication Server and Veeam proxy server should be connected to the VMware vCenter using HTTPS through the TCP port 443. With VMware Cloud on AWS, there is no need to open ports to the ESXi hosts itself.VMware Cloud on AWS locates the vCenter Server on another network (Management Network) so you must implement a VPN tunnel or configure the following firewall settings:
1) Open Port TCP 443 from Backup Server and Proxy Server to the predefined vCenter object on the Compute Network.
2) Allow the Compute Gateway Public IP to communicate over TCP 443 with the predefined vCenter object on the Management Network.
To connect the EC2 Server(s) used as Veeam Repositories the following firewall configuration is needed:
3) On the Compute Network
a. Open TCP 22 (SSH) from Veeam Backup Server and Veeam Proxy Server to the Amazon VPC where the EC2 Server was installed. You can also define the exact IP addresses of the Repository Server as Destination.
b. Open TCP 2500-5000 for Veeam Data Transport in both directions for same servers.
b. Open TCP 2500-5000 for Veeam Data Transport in both directions for same servers.
It is recommended to use the ENI Network Tunnel to avoid incurring additional fees.
4) Open the same Ports on the Inbound firewall of the Amazon EC2 Server used as Repository Server
Additional Information
Solution Components
List of supported Veeam Products and Components: Veeam Backup & Replication 9.5 Update 3 or newer (also included in Veeam Essentials and Veeam Availability Suite)Include the version of the VMware product: VMware Cloud on AWS Link to official product interoperability matrix or VMware Compatibility Guide (vCG) with VMware products: https://www.vmware.com/resources/compatibility/search.php?deviceCategory=vsanps&details=1&solutionTypes=1&partner=594&page=1&display_interval=10&sortColumn=Partner&sortOrder=Asc
Provide steps to download and install the product on VMware products: For more information on obtaining a license, please visit https://helpcenter.veeam.com/docs/backup/vsphere/license_obtain.html?ver=100.
Support Information
Troubleshooting (logs, procedures and techniques): For further information regarding collecting logs, please refer to the following:- Compile Logs: www.veeam.com/kb1832
- VSS Guest Logs (Application-Aware Processing): www.veeam.com/kb1789
- Windows Event Viewer Logs: www.veeam.com/kb1873
Link to product documentation, and specific reference points in those documents (eg Page Numbers of content referenced): https://www.veeam.com/documentation-guides-datasheets.html.
Link to downloads site: https://www.veeam.com/backup-replication-vcp-download.html
Link to steps to collect partner SVM logs: https://www.veeam.com/kb1832
Support Process: https://www.veeam.com/veeam_software_support_policy_ds.pdf
SLA
All customers with maintenance agreement in effect, regardless of their program, are entitled to contactsupport via web or phone 24x7x365 and open a case.
Veeam offers two support response programs (Basic and Production) to customers and one program
(Evaluation) for 60 days if you are evaluating software.
Production Support
- Production Support program provides 24/7 software support services and fast response times for critical issues.
- To receive Production Support, all production licensed sockets for a product must be licensed at Production Support levels, otherwise support defaults to Basic Support levels.
Basic Support
- Basic Support program provides software support services during business hours as defined below along with upgrades and updates to the products. One year of Basic Support is included with product license purchase.
Evaluation Support
- Evaluation Support program provides software support services during business hours (Monday through Friday) as defined below during the defined evaluation period.
Escalation Process: If at any point during the resolution process, you become dissatisfied with your experience, simply contact the case owner and request an escalation to the manager.
Contact information: https://my.veeam.com/#/support/talk-to-manager
See Also
Veeam Backup & Replication: VMware Cloud on AWS specific limitations and common configuration problems: https://www.veeam.com/kb2414For more information on Veeam Backup & Replication, see http://www.veeam.com
Veeam Product Lifecycle Policy
Impact/Risks:
Disclaimer: The solution referenced in this article is developed and supported by a VMware ecosystem partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see https://www.veeam.com/support.html .
Feedback
Yes
No
Powered by
