-
- Novice
- Posts: 9
- Liked: never
- Joined: Apr 04, 2022 5:00 pm
- Full Name: Aaron Lloyd
- Contact:
Copy Job via AWS Privatelink
Hi,
I have followed this article (https://www.veeam.com/kb4226) to configure VBR to conect to the EC2 appliance using the private IP.
Is it possible to do the same thing in Veeam Backup for Microsoft 365?
Thanks.
I have followed this article (https://www.veeam.com/kb4226) to configure VBR to conect to the EC2 appliance using the private IP.
Is it possible to do the same thing in Veeam Backup for Microsoft 365?
Thanks.
-
- Product Manager
- Posts: 8191
- Liked: 1322 times
- Joined: Feb 08, 2013 3:08 pm
- Full Name: Mike Resseler
- Location: Belgium
- Contact:
Re: Copy Job via AWS Privatelink
Hey Aaron,
As far as I am aware this is not tested with the VB365 appliance. I will put this on the QA test list but it will probably take some time to get it tested since we are getting close to a new (minor) version release.
If you have the possibility to test it yourself, please do
As far as I am aware this is not tested with the VB365 appliance. I will put this on the QA test list but it will probably take some time to get it tested since we are getting close to a new (minor) version release.
If you have the possibility to test it yourself, please do
-
- Novice
- Posts: 9
- Liked: never
- Joined: Apr 04, 2022 5:00 pm
- Full Name: Aaron Lloyd
- Contact:
Re: Copy Job via AWS Privatelink
Hi Mike,
Yeah, I have been having a go but no success so far. I think the only real issue is that I cannot find a way to actually tell VB365 to use the private IP address. I have modified the AmazonS3Regions file as described in the article but modified the file in C:\Program Files\Veeam\Backup365. I then took a punt and created the same registry values described in the article but placed them in HKLM\SOFTWARE\Veeam\Veeam Backup for Microsoft Office 365\. However it is still trying to connect using the public IP rather than the private IP.
I suspect the registry entries are the issue. Any suggestions on how to configure VB365 to use the private IP rather than public?
Thanks,
Aaron
Yeah, I have been having a go but no success so far. I think the only real issue is that I cannot find a way to actually tell VB365 to use the private IP address. I have modified the AmazonS3Regions file as described in the article but modified the file in C:\Program Files\Veeam\Backup365. I then took a punt and created the same registry values described in the article but placed them in HKLM\SOFTWARE\Veeam\Veeam Backup for Microsoft Office 365\. However it is still trying to connect using the public IP rather than the private IP.
I suspect the registry entries are the issue. Any suggestions on how to configure VB365 to use the private IP rather than public?
Thanks,
Aaron
-
- Novice
- Posts: 5
- Liked: 1 time
- Joined: Mar 18, 2021 12:54 pm
- Contact:
Re: Copy Job via AWS Privatelink
Hi, i'm also interested, if it's not possible, how to secure S3 bucket with public access configured ?
Thanks.
Brice
Thanks.
Brice
-
- Novice
- Posts: 9
- Liked: never
- Joined: Apr 04, 2022 5:00 pm
- Full Name: Aaron Lloyd
- Contact:
[MERGED][Feature Request] Connect to AWS using Privatelink
Hi,
I would like to register a feature request for VBO to be able to backup to AWS and connect to the EC2 appliance using the private IP. This is already possible in VBR as per this article (https://www.veeam.com/kb4226) but does not appear to be possible in VBO.
I would also appreciate thoughts on the remaining benefits of using a VPN for VBR if it cannot be used for VBO? For us two key benefits of the VPN for VBR were that we only had to open SSH to the private IP and that we did not need to open public access into AWS. It now seems though that we will lose both of these benefits as they will stop VBO from working. So with that in mind are there still any benefits to using a VPN for VBR when it cannot be used by VBO?
Many Thanks,
Aaron
I would like to register a feature request for VBO to be able to backup to AWS and connect to the EC2 appliance using the private IP. This is already possible in VBR as per this article (https://www.veeam.com/kb4226) but does not appear to be possible in VBO.
I would also appreciate thoughts on the remaining benefits of using a VPN for VBR if it cannot be used for VBO? For us two key benefits of the VPN for VBR were that we only had to open SSH to the private IP and that we did not need to open public access into AWS. It now seems though that we will lose both of these benefits as they will stop VBO from working. So with that in mind are there still any benefits to using a VPN for VBR when it cannot be used by VBO?
Many Thanks,
Aaron
-
- Product Manager
- Posts: 9847
- Liked: 2606 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Copy Job via AWS Privatelink
Hi Aaron
Thanks for the request.
I believe it‘s the same question as this one.
Thanks
Fabian
Thanks for the request.
I believe it‘s the same question as this one.
Have you installed VB365 on the same server as VBR? Or why is the VPN between VBR and AWS connected to the VB365 machine?It now seems though that we will lose both of these benefits as they will stop VBO from working.
Thanks
Fabian
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 9
- Liked: never
- Joined: Apr 04, 2022 5:00 pm
- Full Name: Aaron Lloyd
- Contact:
Re: Copy Job via AWS Privatelink
Hi Fabian,
Yes, its the same question. I logged a support case (Case #05495988) and it was suggested that I should raise a feature request.
I do have them installed on the same server, although happy to seperate if it is going to help resolve this issue though.
The VPN is not actually to the server though, it is to our Cisco ASA. We have routing setup to send traffic for the AWS private IP range over the VPN.
Thanks,
Aaron
Yes, its the same question. I logged a support case (Case #05495988) and it was suggested that I should raise a feature request.
I do have them installed on the same server, although happy to seperate if it is going to help resolve this issue though.
The VPN is not actually to the server though, it is to our Cisco ASA. We have routing setup to send traffic for the AWS private IP range over the VPN.
Thanks,
Aaron
-
- Product Manager
- Posts: 9847
- Liked: 2606 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Copy Job via AWS Privatelink
Hi Aaron
Thanks.
I'll moved your request to the same topic then.
Using different server for VBR and VB365 is our recommendation. Not because of this VPN issue, but other things like Veeam component sharing and CPU/Memory sharing.
I'm not a network specialist, but can you put a dedicated VB365 server in to his own subnet and exclude this subnet from the global routing? Or exclude a single source IP Address?
Thanks
Fabian
Thanks.
I'll moved your request to the same topic then.
Using different server for VBR and VB365 is our recommendation. Not because of this VPN issue, but other things like Veeam component sharing and CPU/Memory sharing.
I'm not a network specialist, but can you put a dedicated VB365 server in to his own subnet and exclude this subnet from the global routing? Or exclude a single source IP Address?
Thanks
Fabian
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 9
- Liked: never
- Joined: Apr 04, 2022 5:00 pm
- Full Name: Aaron Lloyd
- Contact:
Re: Copy Job via AWS Privatelink
Hi Fabian,
Yes, we can certainly do that, but that is not really the issue/concern.
The concern is that to get VBO working using the public IP we need to open up far more access than we would reallt want to i.e. SSH to all of the AWS IP range.
Having the VPN for VBR meant that we only needed to open SSH to our private IP in AWS which is much better practice for us. However it now seems we are going to have to change that and open SSH to the full AWS public range anyway, which is some ways make having the VPN for VBR a bit pointless now.
Thanks,
Aaron
Yes, we can certainly do that, but that is not really the issue/concern.
The concern is that to get VBO working using the public IP we need to open up far more access than we would reallt want to i.e. SSH to all of the AWS IP range.
Having the VPN for VBR meant that we only needed to open SSH to our private IP in AWS which is much better practice for us. However it now seems we are going to have to change that and open SSH to the full AWS public range anyway, which is some ways make having the VPN for VBR a bit pointless now.
Thanks,
Aaron
Who is online
Users browsing this forum: No registered users and 16 guests