I have been playing around with some test's for using Veeam B&R and using ISCSI LUN's over internet (different ISP's also, customer- destination).
So far my test results are really good.
Customer 1 (One Hyper-V W2012 (4 VMS) ~40GB data (10Mbps internet Connection)
Customer 2 (One Hyper-V W2012 (2 VMS) ~100 GB data (100Mbps Internet Connection)
Destination Site (100Mbps Internet Connection)(FW + ISCSI Storage Equipment)
In Firewall i allowed ISCSI traffic from each Customer to pass to the ISCSI Storage, presented own LUN's to each customer)
Each LUN are presented @ the Customers Veeam B&R Server as an ordinary ISCSI local Drive.
I did some tests with different Backup Jobs Incremental, reversed etc .. for about 1 week now.
And it works really good, 10Mbps is a little slow but it's acceptable and works.
Customer 1 first Job Run:
Success4Start time09:46:57Total size330,0 GBBackup size35,5 GB
Warning0End time18:44:49Data read76,5 GBDedupe1,1x
Error0Duration8:57:52 Transferred37,7 GBCompression2,0x
Customer 1 second Job Run:
Success4Start time10:01:37Total size330,0 GBBackup size35,8 GB
Warning0End time10:36:18Data read7,3 GBDedupe0,1x
Error0Duration0:34:41 Transferred728,4 MBCompression2,0x
Customer 2 first Job Run:
Success2Start time15:07:28Total size550,0 GBBackup size24,3 GB
Warning0End time15:48:55Data read55,1 GBDedupe1,0x
Error0Duration0:41:27 Transferred24,3 GBCompression2,2x
Customer 2 second Job Run:
Success2Start time10:37:30Total size550,0 GBBackup size25,0 GB
Warning0End time10:43:51Data read12,0 GBDedupe0,2x
Error0Duration0:06:21 Transferred651,6 MBCompression2,4x
This is a really good way to get some backup jobs out off the customers Buildings for storage.
Some troubble i stumbled upon.
ISCSI doesn't seem to be really NAT Compliant, so if you are going to use the ISCSI storage behind and FW and using NAT, you need to have an ISCSI device which can handle multiple IP's.
You need to enter the public IP (which are natt:ed to the device in the FW) as a secondary IP @ the ISCSI storage device, else when you try to connect from the customer server and bring up the LUN's you will see them but you can't
connect, (it tries to connect to the Local IP the ISCSI storage device have on it's LAN port, and that will not work so good over the internet) So by "fooling" ISCSI when you enter a public IP (same that is nat:ed on the firewall) on the ISCSI storage device it will then show up in advanced settings in MS ISCSI and you can specifically force MS ISCSI to connect to that IP instead.
If you are using Public IP's directly on the ISCSI storage device there are no problems.
I have not tried this in VPN tunnels since i think it will bring unnecessary overhead, and backup Jobs ISCSI traffic is just a bunch of compressed 010101101 and if that traffic is sniffed
it still will be very difficult to compile and build readable data from the sessions i think (correct me if i'm wrong). Else it's possible to set up an VPN tunnel from the Customers site to the ISCSI storage device if you need to enhance the security.
Anyway i'm impressed by ISCSI resilience(in W2012, only OS i have tried this over internet), i accidentially turned off the ISCSI storage device for 24H, recieved Failure from Veeam Backup Logs of course, but after i turned on the ISCSI storage device i connected to the customer server the LUN's was visible instantly, retried the backup Jobs and all ran successfully. No need to reconnect ISCSI manually or need for restarting Veeam Services.
When i googled about using ISCSI over the internet i only got answers like NO NO NO .. avoid .. it will not work ..but those threads are a few years old so maybe ISCSI has been more resilience nowdays?
Anyway i'm very interested if anyone else have tried this? And what your results are (good/bad)?