-
- Service Provider
- Posts: 19
- Liked: 2 times
- Joined: May 27, 2021 3:48 am
- Full Name: Dean Anderson
- Contact:
Helper Appliance Clarification
Could anyone shed some light on helper appliances under the properties of object storage repo in VBR 12, image below.
According to description it should help with health check operations and if trying to configure it, it offers me a list of our Managed Servers (all Windows VMs). What is considered close network proximity with object storage? Just a good network latency or should the appliance be deployed in the same bucket? It's a bit confusing...
According to description it should help with health check operations and if trying to configure it, it offers me a list of our Managed Servers (all Windows VMs). What is considered close network proximity with object storage? Just a good network latency or should the appliance be deployed in the same bucket? It's a bit confusing...
-
- Product Manager
- Posts: 9848
- Liked: 2610 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Helper Appliance Clarification
Hi Dean
The helper appliance becomes helpful if you use public cloud object storage such as Azure or AWS.
Having an helper appliance in their cloud environment allows you to run a health check without egress costs.
For on-premise object storage appliances, I recommend to have the helper appliance as close as possible to the object storage appliance. We need to read data from the object storage when we do the health check. The better network connectivity (bandwidth, latency) you have between the helper appliance and object storage, the better performance you will get.
Best,
Fabian
The helper appliance becomes helpful if you use public cloud object storage such as Azure or AWS.
Having an helper appliance in their cloud environment allows you to run a health check without egress costs.
For on-premise object storage appliances, I recommend to have the helper appliance as close as possible to the object storage appliance. We need to read data from the object storage when we do the health check. The better network connectivity (bandwidth, latency) you have between the helper appliance and object storage, the better performance you will get.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Service Provider
- Posts: 49
- Liked: 3 times
- Joined: Apr 24, 2009 10:16 pm
- Contact:
Re: Helper Appliance Clarification
Hi,
I would also like some clarification. Is it correct that the helper appliance requires EC2 (or an equivalent) for cloud object storage? I have set up a Wasabi repository, and the dialog says that the helper appliance has been configured successfully, which confuses me. How does the helper appliance work with Wasabi and other providers that do not offer EC2 (or an equivalent)? Can health checks be performed on cloud object storage without a helper appliance?
Thanks,
Johan
I would also like some clarification. Is it correct that the helper appliance requires EC2 (or an equivalent) for cloud object storage? I have set up a Wasabi repository, and the dialog says that the helper appliance has been configured successfully, which confuses me. How does the helper appliance work with Wasabi and other providers that do not offer EC2 (or an equivalent)? Can health checks be performed on cloud object storage without a helper appliance?
Thanks,
Johan
-
- Product Manager
- Posts: 9848
- Liked: 2610 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Helper Appliance Clarification
It may not be the best wording for S3 compatible object storage targets.
- Automated "Helper appliance" deployment to the cloud (EC2 or Azure VM) is only available for Amazon S3 and Azure BLOB repositories. By deploying such a helper appliance as a VM in Amazon or Azure, we can reduce some costs and provide better performance for the health check process and applying retention for unstructured data backup files (NAS, Object storage backups).
- For S3 compatible object storages, the "helper appliance" can be any managed Linux or windows server added to the backup console. We cannot deploy any appliance to Wasabi or similar services. Therefore instead of deploying a new appliance, we use existing managed server to do the health check and applying the retention for unstructured data backups.
Best,
Fabian
- Automated "Helper appliance" deployment to the cloud (EC2 or Azure VM) is only available for Amazon S3 and Azure BLOB repositories. By deploying such a helper appliance as a VM in Amazon or Azure, we can reduce some costs and provide better performance for the health check process and applying retention for unstructured data backup files (NAS, Object storage backups).
- For S3 compatible object storages, the "helper appliance" can be any managed Linux or windows server added to the backup console. We cannot deploy any appliance to Wasabi or similar services. Therefore instead of deploying a new appliance, we use existing managed server to do the health check and applying the retention for unstructured data backups.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Service Provider
- Posts: 49
- Liked: 3 times
- Joined: Apr 24, 2009 10:16 pm
- Contact:
Re: Helper Appliance Clarification
Thanks for clarifying, Fabian. Much appreciated.
According to the documentation:
"If you perform health check for encrypted backup files, Veeam Backup & Replication will pass encryption keys to the regular backup repository or cloud repository. For more information on encryption, see Data Encryption."
This raises a security concern for me. While I understand that the encryption keys are sent to the helper application in the cloud for validating the unencrypted data, how does this statement apply to S3 compatible storage, especially when the health check is conducted from one of my managed (and protected) servers? Will my encryption keys enter the cloud?
Thanks,
Johan
According to the documentation:
"If you perform health check for encrypted backup files, Veeam Backup & Replication will pass encryption keys to the regular backup repository or cloud repository. For more information on encryption, see Data Encryption."
This raises a security concern for me. While I understand that the encryption keys are sent to the helper application in the cloud for validating the unencrypted data, how does this statement apply to S3 compatible storage, especially when the health check is conducted from one of my managed (and protected) servers? Will my encryption keys enter the cloud?
Thanks,
Johan
-
- Product Manager
- Posts: 9848
- Liked: 2610 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Helper Appliance Clarification
Hi Johan
We will never send the encryption keys to Wasabi or any other S3 compatible service provider. Only specific Veeam components managed by your backup server will need to have access to the encryption key.
Cloud repository is in case you have backups on a cloud connect target. Then we need to send the encryption keys to the providers cloud connect environment for the health check process.
I will ask our tech writers to update the user guide with better information where the encryption key is passed on.
Best,
Fabian
We will never send the encryption keys to Wasabi or any other S3 compatible service provider. Only specific Veeam components managed by your backup server will need to have access to the encryption key.
Cloud repository is in case you have backups on a cloud connect target. Then we need to send the encryption keys to the providers cloud connect environment for the health check process.
I will ask our tech writers to update the user guide with better information where the encryption key is passed on.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Service Provider
- Posts: 11
- Liked: 3 times
- Joined: Oct 18, 2013 7:51 am
- Full Name: Michele
- Contact:
Re: Helper Appliance Clarification
So, to perform a health check with wasabi you (well, the helper appliance) need to download again the data, right?Mildur wrote: ↑Jan 05, 2024 3:12 pm - For S3 compatible object storages, the "helper appliance" can be any managed Linux or windows server added to the backup console. We cannot deploy any appliance to Wasabi or similar services. Therefore instead of deploying a new appliance, we use existing managed server to do the health check and applying the retention for unstructured data backups.
-
- Product Manager
- Posts: 9848
- Liked: 2610 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Helper Appliance Clarification
Hi Michele
Yes, that's correct.
Best,
Fabian
Yes, that's correct.
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: No registered users and 10 guests