Discussions related to using object storage as a backup target.
Post Reply
micoolpaul
Veeam Vanguard
Posts: 211
Liked: 107 times
Joined: Jun 29, 2015 9:21 am
Full Name: Michael Paul
Contact:

Archiving Proxy Appliance Detail Request

Post by micoolpaul »

Hi,

Apologies if this isn't the best place to post the question.

I'm trying to gleam some extra technical detail into the proxy appliance, as I need to provide extra detail & assurances to a security team as to what the proxy appliance VM will be based on & doing.

I'm trying to find out some specifics on which OS/Image is being used by AWS & Azure when an Archiving Appliance is created. I'm familiar with how this has worked historically for other types of proxy appliances with VMware & Hyper-V as you've been able to bring your own flp's and ISOs.

I'm presuming you're either using a standard Ubuntu image or similar, or otherwise you might have an image maintained by yourselves that you call. Without having this information to hand, it's difficult to know the security risk incurred whilst the virtual machine is running. This also brings me onto the next question, binaries. If it's a custom image maintained by yourselves, then it seems reasonable that you are using SSH to communicate to the virtual machine and run any binaries for object storage offloads to archive tier, and the binaries are pre-installed. If you're using a standard image however, unless the binaries you require are installed natively, you've got to deploy them, I can't see any firewall port requirements within the documentation for the proxy appliance to speak to any APT repositories for example, so I can only assume that otherwise the binaries are pushed over SSH to the Linux server too.

Apologies I'm not being 100% clear, but that's because I can see multiple avenues as to how this works, but I've not seen a technical write up on exactly WHAT the proxy appliance consists of in regards to OS + Binaries.

Any insights would be greatly appreciated!
-------------
Michael Paul
Veeam Legend | Veeam Certified Architect | Veeam Vanguard
HannesK
Product Manager
Posts: 14402
Liked: 2909 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Archiving Proxy Appliance Detail Request

Post by HannesK » 1 person likes this post

Hello,
yes, we use the Ubuntu image from AWS. APT is not needed. There is not even a DEB package at the moment :-) So yes, we just push it via SSH.

Best regards,
Hannes
micoolpaul
Veeam Vanguard
Posts: 211
Liked: 107 times
Joined: Jun 29, 2015 9:21 am
Full Name: Michael Paul
Contact:

Re: Archiving Proxy Appliance Detail Request

Post by micoolpaul »

Thank you 🙂
-------------
Michael Paul
Veeam Legend | Veeam Certified Architect | Veeam Vanguard
Driberot
Lurker
Posts: 1
Liked: never
Joined: May 31, 2023 12:45 pm
Full Name: DAVID RIBEROT
Contact:

Re: Archiving Proxy Appliance Detail Request

Post by Driberot »

HannesK wrote: May 23, 2023 7:00 pm Hello,
yes, we use the Ubuntu image from AWS. APT is not needed. There is not even a DEB package at the moment :-) So yes, we just push it via SSH.

Best regards,
Hannes
Hi, one additional question. You push binaries through SSH on port 22 from VBR server to proxy appliance on which address (Public IP address) ? If so, it leads to security issues which are not compatible many restrictions with customers. Coudl you confirm ?
Mildur
Product Manager
Posts: 8913
Liked: 2357 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Archiving Proxy Appliance Detail Request

Post by Mildur » 1 person likes this post

Hi David

Yes, public IP address with the default configuration.
But you can use AWS private link. Then we will connect via VPN to the private IP address: https://www.veeam.com/kb4226

Best,
Fabian
Product Management Analyst @ Veeam Software
Post Reply

Who is online

Users browsing this forum: No registered users and 15 guests