I have deployed VBA with private network deployment enabled. There's a policy in every subscription that prevents VMs from being created with public IP addresses, which apparently is preventing the deployment of worker nodes whenever I try to run a backup job:
Failed to perform backup of vm-vba-5 to Backup repository. Cannot find any worker. Resource 'veeamjmscq2tkm38ryq8v42b' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"Disable-Public-Access"
Aren't worker nodes deployed with private IP addresses when the "private network deployment" option is enabled? Service endpoints have been created to Microsoft.Storage.Global, and the storage account has the required firewall rules enabled.https://helpcenter.veeam.com/docs/vbazu ... tml?ver=70.
It seems the issue may be related to the storage account for worker deployment, as indicated by the Veeam resource name in the error.
To troubleshoot the technical issue effectively, we recommend opening a support case. Please provide the support case ID so we can track and address the issue promptly.
Thank you for your input.
I understand that the policies enforced are the problem, and I'll have to take a look at them. I would like to confirm if the worker nodes are deployed with private IP addresses from the very beginning, if the "private network deployment" option is enabled.
Hi! If the private deployment mode is enabled, the workers are deployed without a public IP assigned, and storage accounts are created with public access disabled.
I also deployed VBAZ in a Private endpoint deployment. However, I needed to make the deployment controlled by Terraform and created all Veeam resources manually. It is possible, however not described within the Veeam docs. Another reason I had to create it manually was that there were issues where storage accounts were not able to register within the Azure Private DNS zone which was my setup. I am not sure however if this has been resolved in a new version.