Hey folks,
I'm trying to get creative with licensing costs here and wanted to run this by the community before I potentially shoot myself in the foot.
So here's the deal: I'm thinking about putting my Veeam for M365 server on a cloud VM where the provider includes Windows licensing, and keeping just a Linux proxy + storage on-premise. We've got about 100 users and need to keep backups local for compliance reasons.
The way I see it working: M365 data would go straight to my on-prem proxy which writes to local storage. The cloud server would just handle the control plane stuff like scheduling, management, etc. We have dual WAN with site-to-site VPN to the cloud provider who's in the same region, so connectivity should be solid.
My main concern is that PostgreSQL and NATS would be sitting in the cloud while the actual backup traffic stays local. I keep going back and forth on whether the latency impact on the PostgreSQL cache would be a real issue, or if I'm overthinking it.
Has anyone tried something this backwards before? Part of me thinks this is clever, the other part thinks I'm being an idiot trying to save one Windows license. Would love to hear from anyone who's done something similar or can point out the obvious flaws I'm missing.
What do you think, reasonable architecture or future nightmare?
Thanks in advance.
Best regards
-
ci7rix
- Lurker
- Posts: 1
- Liked: never
- Joined: Jul 09, 2025 7:56 pm
- Contact:
-
micoolpaul
- VeeaMVP
- Posts: 323
- Liked: 139 times
- Joined: Jun 29, 2015 9:21 am
- Full Name: Michael Paul
- Contact:
Re: Weird setup, server in cloud, proxy on-prem
Hi,
Just to validate some things:
You have object storage on-premises right? Because you can’t write to block storage with Linux.
Sure it can work with a stretched architecture, but consider that if it’s just a VPN over the internet there’s no guaranteed bandwidth between the two endpoints and certainly no SLA on that connection, so if you’re going to consider something like this, you need to honestly ask yourself if you’re happy to not be able to recover because you’re troubleshooting your VPN for example. There’s no mention here of latency or bandwidth which should be considered regardless for connection quality between components.
Personally if it wasn’t for your data locality comment I’d be suggesting that you should look at VDC. You probably should look at this anyway because your organisation has already approved the data being stored in the cloud as it sits within M365. Does data local have to mean on-prem? Or just within a certain country or the EU for example?
I personally wouldn’t go with this architecture for the sake of a license.
Just to validate some things:
You have object storage on-premises right? Because you can’t write to block storage with Linux.
Sure it can work with a stretched architecture, but consider that if it’s just a VPN over the internet there’s no guaranteed bandwidth between the two endpoints and certainly no SLA on that connection, so if you’re going to consider something like this, you need to honestly ask yourself if you’re happy to not be able to recover because you’re troubleshooting your VPN for example. There’s no mention here of latency or bandwidth which should be considered regardless for connection quality between components.
Personally if it wasn’t for your data locality comment I’d be suggesting that you should look at VDC. You probably should look at this anyway because your organisation has already approved the data being stored in the cloud as it sits within M365. Does data local have to mean on-prem? Or just within a certain country or the EU for example?
I personally wouldn’t go with this architecture for the sake of a license.
-------------
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
Who is online
Users browsing this forum: No registered users and 1 guest