Agentless, cloud-native backup for Amazon Web Services (AWS)
Post Reply
ChrisAnderson_2019
Influencer
Posts: 12
Liked: 1 time
Joined: Jan 28, 2019 9:05 am
Full Name: Chris Anderson
Contact:

Veeam Backup for AWS -- Deployment Feedback

Post by ChrisAnderson_2019 »

Hi All,
Thought I'd share my experience from deploying and integrating Veeam Backup for AWS in the hope it may help others and provide feedback for you guys at Veeam.

We have a Veeam B&R instance running in EC2, this connects to on-prem virtual infrastructure to backup VMware workload to a local repositories.
The next task was to install the AWS plugin and deploy the appliance.

Following the required permissions listed in the documentation, we created the IAM account to use for deploying/managing the appliance.
This failed 5/6 times with various permissions (which we were easily able to identify from the Veeam.AWS.PlatformSvc log) for the specified IAM user.

e.g. not authorized to perform: cloudwatch:PutMetricAlarm on resource
and
not authorized to perform: dlm:CreateLifecyclePolicy on resource
and
Fail: Invalid principal in policy: "AWS":"arn:aws:iam::xxxxx:role/s-de-aws-vbr02-VeeamImpersonationRoleV1

We were able to overcome this adding the required permissions on the fly, but then we failed trying waiting to connect to the applicance.

The VBR instance (on the same VPC) was trying to connect to the appliance publicly (not privately). Hence we need to enable inbound access from the VBR instance. As we didn't want to enable public access our workaround was as follows:

1) Deploy the appliance from the AWS marketplace (this created all the required permissions /alarms / etc as we were using a non-restricted account)
2) Connect to the UI and create a local user account
3) Add the appliance in VBR by "connect to existing appliance" (rather than deploy new)
4) Specify "private network" for the connection type and enter the IP of the appliance

This worked a treat and the AWS appliance is now integrated with AWS.

Hope this helps.
Cheers,
Chris.
dalbertson
Veeam Software
Posts: 492
Liked: 175 times
Joined: Jul 21, 2015 12:38 pm
Full Name: Dustin Albertson
Contact:

Re: Veeam Backup for AWS -- Deployment Feedback

Post by dalbertson »

Thank you for your feedback. Can you ellaborate on the use case for have VBR as an EC2 Instance and protecting VMware workloads onprem?
Dustin Albertson | Director of Product Management - Cloud & Applications | Veeam Product Management, Alliances
nielsengelen
Product Manager
Posts: 5619
Liked: 1177 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: Veeam Backup for AWS -- Deployment Feedback

Post by nielsengelen »

Can u clarify the following?
The next task was to install the AWS plugin and deploy the appliance.
Did you deploy the appliance from VBR after installing the plugin? Or was the first deployment also done via the marketplace?
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
ChrisAnderson_2019
Influencer
Posts: 12
Liked: 1 time
Joined: Jan 28, 2019 9:05 am
Full Name: Chris Anderson
Contact:

Re: Veeam Backup for AWS -- Deployment Feedback

Post by ChrisAnderson_2019 »

@dalbertson
The bulk of the clients infrastructure is (/ will be) in AWS. The on-prem workloads are remote branch offices, with local file/print resource. One site has a local vCenter server deployed and the remaining sites are managed with ROBO licensing.

Each branch office has a local proxy instance and a local repository. All jobs are orchestrated centrally via the VBR in EC2.


@nielsengelen
AWS plugin was installed on the VBR server first (download from Veeam). Then we ran the "add managed server" wizard, specifying "Veeam Backup for AWS" and "deploy new appliance".

The workaround was to deploy the appliance from the market place, then "add managed server" wizard, specifying "Veeam Backup for AWS" and "connect to existing appliance".
nielsengelen
Product Manager
Posts: 5619
Liked: 1177 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: Veeam Backup for AWS -- Deployment Feedback

Post by nielsengelen » 1 person likes this post

Thank you for the feedback and extra information. We will look into it and see if there are things that need to be resolved or improved.
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests