Comprehensive data protection for all workloads
Post Reply
jayrey300
Lurker
Posts: 1
Liked: never
Joined: Sep 30, 2013 9:05 pm
Full Name: Jason Reynoso
Contact:

vlan/vswitch isolated backup from prod network

Post by jayrey300 »

case id: 00517492

Hello.

This is my first post here.
Please forgive me if this inquiry is in the wrong section. moderators, please kindly redirect post where required.

I am currently running veeam 7.0.0.715 (i am aware of the new R3) and proxy as a vm inside of one of our esxi machines

Previously our network was sorta flat but then we started to vlan and trunk in certain areas across our network

right now we have initialized certain ports on our 2960 for mtu 9000 which we would like to point across all the esx machines and with respect with running vcenter.

we were once running our backups through our x.129.0/21 network (vlan1/mgmt) and now we have setup another vlan network as the .x.123.0/24.

Our backup repositories are connecting through the iscsi initiator (vlan 225) inside of our veeam server (win2k8 r2) and pointing to our emc px12 .

As i drew this on whiteboard i could not understand the correct flow to allow veeam to communicate to each vm inside the host or through vcenter.

One of my conclusions was to setup a secondary nic and point to the 123 vswitch inside esx/vm and then manually enter an ip of x.x.123.106.

This way as im under the impression that i will also have to add a secondary nic to the veeam server vm (.x.x.123.130) and also to the veeam proxy server (x.x.123.131)

As I attempted to task this, i went into the 'Backup Infrastructure' and added the .x.123.106 esx host (hostname is: zues.mydomain.pvt and mgt ip is: .x.129.106)

It accepted it and entered the root credtls of the zeus esx server.

I can then go to backup&replication and add a backup job and then select the .123.106 server and add the vm from there.

once i selected the vm (ie. windows server 2008 r2-5) (assuming the windows server 2008 r2-5 already has a secondary nic added to point to the vswitch 123vlan with ip address: .x.123.95) and then complete the rest of the settings, I then run the job

As the job continues is merry way, i started to check the network adapters in veeam and monitor the recent task inside zues. there is zero percent activity. however while veeam continues its attempt, it then starts to list a few things done.

here's the error message after it failed:
=========
Error: Client error: Cannot get service content. Soap fault. TimeoutDetail: 'connect failed in tcp_connect()', endpoint: 'https://x.x.123.124:443/sdk' SOAP connection is not available. Connection ID: [192.168.123.124]. Failed to create NFC download stream. NFC path: [nfc://conn:x.x.123.124,nfchost:ha-host,stg:51c68048-36871621-efc4-d89d67625560@Windows Server 2008 R2 - 5/Windows Server 2008 R2 - 5.vmx]
=========

One thing i worry quite heavily is that I find adding secondary nics on windows and especially unix/linux boxes from production to engineering VMs isnt the correct way to do this as this will affect so many test servers in engineering etc.

I was told by jeff at your support dept that hotadd might work but is by per proxy per vm which in this case might not work/suite or needs.

I there a way or best practice that the above implementation can be done?

Your input is greatly appreciated

-Regards,
Jason
dellock6
VeeaMVP
Posts: 6166
Liked: 1971 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: vlan/vswitch isolated backup from prod network

Post by dellock6 »

Hi Jason,
I'm trying to figure out on paper the design, but I'm missing some pieces Just to be sure:
- the Veeam components (server and proxies) are virtual machines, and are now running on the vlan1 together as vCenter
- repository is the px12, connected as an in-guest iscsi device to the veeam server via vlan 225 (so it's another network card in this VM?)

Anyway, since the veeam proxies are virtual, you can use hotadd mode. With it, you do not need at all any connection to VMs, but only from veeam server to vcenter for the control activities, and from veeam server to proxies and repository for managing jobs.
Data are extracted by proxies via the ESXi storage stack, there is no need to have routing or direct connection between veeam and the VMs...

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Semrush [Bot] and 119 guests