Using object storage as a backup target
Post Reply
dariusz.tyka
Enthusiast
Posts: 53
Liked: 3 times
Joined: Jan 21, 2019 1:38 pm
Full Name: Dariusz Tyka
Contact:

Ports used to communicate with archive tier appliance

Post by dariusz.tyka »

Dear,

can you provide me with the link where I can find ports required for communication between Veeam backup server and archive tier proxy appliance. I could not find those on this page:
https://helpcenter.veeam.com/docs/backu ... ml?ver=110

Maybe I'll describe our situation - we have a backup server in location A. It has direct access to internet and VPN connection to AWS - location B.
Offload to S3 works fine. But when I manually start archive tier offload I can see proxy appliances are provisioned (in private subnet) but backup can't connect to those appliances via SSH.
Internally via VPN all ports are open but I suspect Veeam tries to access those appliances over the Internet. Is my assuming correct?
Can we somehow force Veeam server to connect to those appliances internally via VPN?

Dariusz

veremin
Product Manager
Posts: 18857
Liked: 1905 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Ports used to communicate with archive tier appliance

Post by veremin »

If proxy appliances are deployed in private subnet, backup server tries to communicate with them, using public IP and expectedly fails.

You can confirm whether this is the case by parsing debug logs:

Code: Select all

c:\ProgramData\Veeam\Backup\SOBR_Archival_SOBR_NAME\Session_XXXXX\ProxyAppliance.XXXXXc.log
for entities similar to the following:

Code: Select all

<17> Info [AmazonTempLinuxVmProvider] Initialized machine ID 'i-XXXX', IP 'XXX.XXX.XXX.XXX', MachineType 'm5.xlarge'
and seeing what IP is reported there.

Alternatively, you can enable Internet access in the subnet settings.

Also, we're planning to provide a regkey that allows backup server to communicate with proxy appliance over private IP in the next product update.

Thanks!

dariusz.tyka
Enthusiast
Posts: 53
Liked: 3 times
Joined: Jan 21, 2019 1:38 pm
Full Name: Dariusz Tyka
Contact:

Re: Ports used to communicate with archive tier appliance

Post by dariusz.tyka »

Hi Veremin,

I checked the logs and confirmed backup server was trying to reach appliance using public IP address:
<20> Info [AmazonTempLinuxVmProvider] Initialized machine ID 'i-0410f5a09e83ad216', IP '34.244.155.213', MachineType 'm5.xlarge'

Also we would like to have all communication between backup server and appliance going over private subnet. Also for this reason we deployed S3 gateway within our VPC so EC2 instances can communicate with S3 internally not via Internet.

Is it also the case if we configure Veeam to use gateway server deployed directly in AWS as EC2 instance? That Veeam always tries to reach proxy appliance via public IP address.

Dariusz

dariusz.tyka
Enthusiast
Posts: 53
Liked: 3 times
Joined: Jan 21, 2019 1:38 pm
Full Name: Dariusz Tyka
Contact:

Re: Ports used to communicate with archive tier appliance

Post by dariusz.tyka »

One more question - when proxy appliance is started it gets the public IP assigned via Veeam or automatic IP assignment should be configured on subnet level within AWS? Also Internet access via NAT from this subnet where proxy appliances are started is sufficient?

veremin
Product Manager
Posts: 18857
Liked: 1905 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Ports used to communicate with archive tier appliance

Post by veremin »

Is it also the case if we configure Veeam to use gateway server deployed directly in AWS as EC2 instance?
Correct, having gateway will not help to avoid connection to proxy appliance over public IP
Also Internet access via NAT from this subnet where proxy appliances are started is sufficient?
No, having NAT configured for the corresponding subnet will not solve the issue.

Thanks!

inferno66
Influencer
Posts: 13
Liked: 1 time
Joined: Mar 17, 2021 8:54 am
Full Name: Julien
Contact:

Re: Ports used to communicate with archive tier appliance

Post by inferno66 »

Hello,

Any news about this feature?

My Veeam Server is on AWS with direct access to S3.
S3 (capacity tier) offloading is working great

Now with Veeam V11 I'm trying to use archive tier (to get rid of AWS VTL Storage Gateway), but when configuring the proxy appliance it tells what it'll have a Public IP address.
But my proxy appliance will be on the same VPC / Same Subnet than my Veeam server (and with direct S3 access), so I want them to communicate on private IP.

"Also, we're planning to provide a regkey that allows backup server to communicate with proxy appliance over private IP in the next product update." ==> But I don't see nothing on the changes logs since (https://www.veeam.com/kb4126)

Regards

veremin
Product Manager
Posts: 18857
Liked: 1905 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Ports used to communicate with archive tier appliance

Post by veremin »

Sure, see the adjacent thread. Thanks!

inferno66
Influencer
Posts: 13
Liked: 1 time
Joined: Mar 17, 2021 8:54 am
Full Name: Julien
Contact:

Re: Ports used to communicate with archive tier appliance

Post by inferno66 »

Hello,

Thanks a lot :)

Hoping that the update will be effectively released this month

Regards

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests