Here is a summary of target use cases for data protection, including solution architecture information, solution components, and support information for Veeam Backup & Replication.
Use Cases
- Image level backup and restore
- Restore to existing and new VMs
- vApp backup and restore
For customers who wish to backup VMs or virtual disk data residing on a VMware vSAN datastore or local ESXi disks running on VMware Cloud on AWS environments. For customers who want to resume operation of a production VM and failback on a VM replica residing on a VMware vSAN datastore on VMware Cloud on AWS. For additional deployment considerations for VMware Cloud on AWS, please see https://helpcenter.veeam.com/.
Use cases that are not supported on VMware Cloud on AWS
For information pertaining to use cases that are not supported by Veeam for VMware Cloud on AWS, please see https://www.veeam.com/kb2414.
Solution Architecture
Veeam Backup & Replication is a modular solution that lets you build a scalable backup infrastructure for environments of varied sizes and configuration. The installation package of Veeam Backup & Replication includes a set of components that you can use to configure the backup infrastructure. Some components are mandatory and provide core functionality; some components are optional and can be installed to provide additional functionality for your business and deployment needs. You can co-install Veeam Backup & Replication components on the same machine, physical or virtual, or you can set them up separately for a more scalable approach.
The Veeam backup infrastructure comprises a set of components. Some components can be deployed
with the help of the setup file. Other components can be deployed via the Veeam Backup & Replication
console.
The
backup server is a Windows-based physical or virtual machine on which Veeam Backup &
Replication is installed. It is the core component in the backup infrastructure that fills the role of the
“configuration and control center”. The backup server performs all types of administrative activities:
- Coordinates backup, replication, recovery verification and restore tasks
- Controls job scheduling and resource allocation
- Is used to set up and manage backup infrastructure components as well as specify global settings for the backup infrastructure
In addition to its primary functions, a newly deployed backup server also performs the roles of the
default backup proxy and the backup repository (it manages data handling and data storing tasks). For
more information regarding the services and components for the backup server, please visit
https://helpcenter.veeam.com/.
The
Veeam Backup & Replication console is a separate client-side component that provides access to
the backup server. The console is installed locally on the backup server by default. You can also use it in
a standalone mode — install the console on a dedicated machine and access Veeam Backup &
Replication remotely over the network. The console lets you log in to Veeam Backup & Replication and
perform all kind of data protection and disaster recovery operations as if you work on the backup server.
For more information regarding installing and configuring the Veeam Backup & Replication console,
please visit https://helpcenter.veeam.com/docs/backup/vsphere/remote_console.html?ver=100.
You can add the following types of servers and hosts to the backup infrastructure:
- VMware Cloud on AWS vCenter Server
- VMware vSphere Server
- VMware Cloud Director
- Microsoft Windows Server
- Linux Server
You can add physical machines and VMs to the backup infrastructure and assign different roles to them.
For more information on which roles may be assigned to the different types of servers, please visit
https://helpcenter.veeam.com/docs/backup/vsphere/setup_add_server.html?ver=100.
A
backup proxy is an architecture component that sits between the ESXi server and other components
of the backup infrastructure. While the backup server administers tasks, the proxy processes jobs and
delivers backup traffic.
Basic backup proxy tasks include the following:
- Retrieving VM data from the production storage
- Compressing
- Deduplicating
- Encrypting
- Sending it to the backup repository (for example, if you run a backup job) or another backup proxy (for example, if you run a replication job).
For VMware Cloud on AWS support, a backup Proxy operates in a special mode to process VMs in
VMware HotAdd mode only. This processing mode is referred to as “Veeam Virtual Appliance Mode”.
For more information regarding deploying the proxy, selecting transport modes, and services used by
the backup proxy, please visit https://helpcenter.veeam.com/docs/backup/vsphere/backup_proxy.html?ver=100.
A
backup repository is a storage location where you can keep backup files, VM copies and metadata for
replicated VMs. For more information regarding configuration and the types of backup repositories in
the backup infrastructure, please visit https://helpcenter.veeam.com/docs/backup/vsphere/backup_repository_simple.html?ver=100.
For more information pertaining to other backup infrastructure components such as the Guest
Interaction Proxy, Mount Server, WAN accelerators, and Backup Enterprise Manager, please visit
https://helpcenter.veeam.com/docs/backup/vsphere/components.html?ver=100.
Deployment within VMware Cloud on AWS
To perform data protection and disaster recovery tasks in VMware Cloud on AWS, consider the
following recommendations and requirements on the backup infrastructure deployment:
- Backup Server: it is recommended to deploy Veeam backup server in VMware Cloud on AWS environment. The machine must run Microsoft Windows.
- Backup Proxy: it is recommended to deploy backup proxy in VMware Cloud on AWS environment. The machine must run Microsoft Windows. You can assign the role of the backup proxy to a dedicated VM or to the backup server.
To provide sufficient resources, deploy at least one backup proxy per each SDDC cluster in the VMware
Cloud on AWS. This is required for VMware Cloud on AWS specific Hot-Add processing.
- Backup Repository: it is recommended to use a backup repository created outside of the VMware Cloud on AWS environment, for example, on the Amazon EC2 server. This type of deployment allows for efficient data transfer over the fast ENI connection used by VMware to communicate with AWS.
Alternatively, you can store backups on a Veeam backup repository located on-premises or use Veeam
Cloud Connect to transfer backups to the cloud. Note that in this scenario you may be charged
additional fees for traffic from VMware Cloud on AWS to the internet.
To add VMware Cloud on AWS to the backup infrastructure, follow the same steps as described in the
Adding VMware vSphere Servers section. It is mandatory to use the full qualified domain name of the
vCenter server with the ending “.vmc.veeam.com”. A valid DNS configuration for all Veeam servers is a
prerequisite to allow use of the FQDN.
Simple Deployment
Simple deployment is preferable for VMware Cloud on AWS environments with low traffic load. Per this
deployment type, you can install the backup server and the backup proxy on the same VM.
In a simple VMware Cloud on AWS deployment the backup infrastructure includes the following
components:
- Source ESXi host(s)
- Veeam backup server
- Veeam backup repository: an EC2 instance in AWS
Advanced Deployment
Advanced deployment is intended for large-scale VMware Cloud on AWS environments with a large
number of backup and replication jobs. Per this deployment type, it is recommended to install several
backup proxies on dedicated VMs to move the workload from the backup server.
In an advanced VMware Cloud on AWS deployment the backup infrastructure includes the following
components:
- Source ESXi host(s)
- Veeam backup server
- Several Veeam backup proxies for better performance and workload distribution
- Veeam backup repository: an EC2 instance in AWS
To increase scalability and optimize performance in an advanced deployment, please consider the
recommendations below:
- Deploy additional backup proxies.
- Scale accordingly CPU and RAM resources of the EC2 instance used as a backup repository. Ensure it has enough free space for storing backups.
Deployment Scenarios for Offsite Backup
To maintain consistency with the 3-2-1 backup rule, it is recommended that you preserve a copy of your
backups at an offsite location. To transfer your backups offsite, you can leverage Veeam backup copy
jobs.
Transferring backups over the Internet may incur additional fees. As an alternative, you can store
backups in a different AWS geographical location. In this case, backup copies are transferred via the
AWS backbone. Using this AWS network capability provides data transfer at lower latency and cost
when compared to the public Internet.
To perform backup copy to a different Amazon AWS location, the backup infrastructure must contain
the following components:
- Source ESXi host(s)
- Veeam backup server
- Veeam backup proxy
- Veeam backup repository: an EC2 instance in AWS
- Veeam backup repository for backup copy: an EC2 instance in another AWS location
TIP:As an offsite backup solution, you can copy backups to virtual tapes and store them in Amazon
S3/Glacier cloud storage. In this case, AWS Storage Gateway performs the role of a Virtual Tape
Library (VTL).
Deployment Scenarios for Capacity Tier
If you have a scale-out backup repository with a capacity tier option configured, you can transfer your
backups to the capacity tier for long-term storage. To do it, you can leverage Veeam capacity tier copy
mode.
Note that capacity tier is available only as part of scale-out backup repository. For more information on capacity tier, see Capacity Tier.
To transfer backup files to the capacity tier, the backup infrastructure must contain the following components:
- Source ESXi host
- Veeam backup server
- Veeam backup proxy
- Veeam backup repository: an EC2 instance in AWS
- A configured scale-out backup repository with an object storage added as a capacity extent
Considerations, Limitations and Troubleshooting
Some VMware features and permissions are not granted by default initially within VMware Cloud on AWS. For additional information, please consult https://www.veeam.com/kb2414.
VMware Cloud on AWS firewall configuration
The Veeam Backup & Replication Server and Veeam proxy server should be connected to the VMware vCenter using HTTPS through the TCP port 443. With VMware Cloud on AWS, there is no need to open ports to the ESXi hosts itself.
VMware Cloud on AWS locates the vCenter Server on another network (Management Network) so you must implement a VPN tunnel or configure the following firewall settings:
1) Open Port TCP 443 from Backup Server and Proxy Server to the predefined vCenter object on the Compute Network.
2) Allow the Compute Gateway Public IP to communicate over TCP 443 with the predefined vCenter object on the Management Network.
To connect the EC2 Server(s) used as Veeam Repositories the following firewall configuration is needed:
3) On the Compute Network
a. Open TCP 22 (SSH) from Veeam Backup Server and Veeam Proxy Server to the Amazon VPC where the EC2 Server was installed. You can also define the exact IP addresses of the Repository Server as Destination.
b. Open TCP 2500-5000 for Veeam Data Transport in both directions for same servers.
It is recommended to use the ENI Network Tunnel to avoid incurring additional fees.
4) Open the same Ports on the Inbound firewall of the Amazon EC2 Server used as Repository Server