Discussions related to using object storage as a backup target.
Post Reply
adlloyd79
Novice
Posts: 9
Liked: never
Joined: Apr 04, 2022 5:00 pm
Full Name: Aaron Lloyd
Contact:

VBR / VBO Offload via AWS Privatelink

Post by adlloyd79 »

Hi,

Just looking for a bit of feedback really.

We plan to use both Veeam Backup & Recovery, and Veeam Backup for Office 365. I have followed this article (https://www.veeam.com/kb4226) to configure VBR to conect to AWS using the private IP over VPN, this is working well. However I now understand that VBO does not support connecting to AWS using the private IP, so we will need to maintain access to AWS via public IP for VBO to work.

With this in mind I would appreciate thoughts on the remaining benefits of using a VPN for VBR only if it cannot also be used for VBO? For us two key benefits of the VPN were that we could restrict SSH to the AWS private IP (rather than the massive AWS public IP range) and that we did not need to open public access into AWS. It seems though that we will have to lose these restrictions as they will stop VBO from working. So I am now not really sure there is much point still using the VPN for VBR, am I missing some remaining benefit to continue using the VPN for VBR only?

Thanks,

Aaron
veremin
Product Manager
Posts: 20271
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: VBR / VBO Offload via AWS Privatelink

Post by veremin »

Are you using Capacity or Archive Tiers? Or Direct Restore to AWS EC2? If so, you can make both of them work through a private IP address following the recommendations provided in the KB article. Otherwise, no need to configure it. Thanks!
chris.childerhose
Veeam Vanguard
Posts: 572
Liked: 132 times
Joined: Aug 13, 2014 6:03 pm
Full Name: Chris Childerhose
Location: Toronto, ON
Contact:

Re: VBR / VBO Offload via AWS Privatelink

Post by chris.childerhose »

The issue is that he is asking about VBO versus VBR in this case which I am sure you cannot use the private link as noted by OP.
-----------------------
Chris Childerhose
Veeam Vanguard / Veeam Legend / Veeam Ceritified Architect / VMCE
vExpert / VCAP-DCA / VCP8 / MCITP
Personal blog: https://just-virtualization.tech
Twitter: @cchilderhose
veremin
Product Manager
Posts: 20271
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: VBR / VBO Offload via AWS Privatelink

Post by veremin »

Not sure about this assumption, as Aaron has asked the following :)
With this in mind I would appreciate thoughts on the remaining benefits of using a VPN for VBR only if it cannot also be used for VBO?
Thanks!
adlloyd79
Novice
Posts: 9
Liked: never
Joined: Apr 04, 2022 5:00 pm
Full Name: Aaron Lloyd
Contact:

Re: VBR / VBO Offload via AWS Privatelink

Post by adlloyd79 »

Hi,

Yeah, sorry maybe not as clear as I hoped.

So VBR is configured to use private IP already and works fine.

However now that I know that I cannot use the private IP for VBO I am not sure that there is much point in using the VPN/private IP for VBR anymore.

What I am trying to get clear in my own mind is as I have to relax security for VBO (i.e. allow access to SSH for the full AWS public IP range), are there still any benefits to using VPN/private IP for VBR given that restricting to private IP only is no longer possible due to VBO requirements. If access to AWS is not restricted to private IP only, is there really much point forcing VBR to use the private IP? With access over public IP being open for VBO, I might as well use the same method for VBR as well? Or is there still benefit to using private IP for VBR while VBO uses public IP?

Thanks.
veremin
Product Manager
Posts: 20271
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: VBR / VBO Offload via AWS Privatelink

Post by veremin »

As mentioned, you can make the said features (Capacity Tier, Archive Tier, Direct Restore to AWS EC2) communicate with the cloud over private IP addresses. If you do not find any benefits in this setup, you can relax the security requirements and have everything exposed over public IP addresses. Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 13 guests