Running Veeam from Azure over site-2-site vpn

[frankive]

In a datacenter a customer has rent rack for their S2D servers and a NAS for backup. There is no room for a additional rackserver for Veeam.
What would be best practice here?

1. Run a Veeamserver in a VM running on the Cluster itself (what if the cluster goes down? Run to the datacenter with a laptop with Veeam installed, attached NAS, and import backups?
2. Deploy an Azure VM with Veeam and connect their datacentersubnet over site to site VPN in Azure. (Will there be a lot of traffic over this vpn or just commands? F.ex will backup data go from the S2D cluster directly to the NAS instead of going to Azure first?)

Thanks!

[ejenner]

I'm of the view data is not transmitted via the B&R server. It arranges the transfer between source and target directly. Some data is transmitted to and from the B&R but it's not the main data stream.

It's generally best practice not to run your Veeam environment on the same system you're protecting. As you point out, what would you do if you had to restore the protected data but the Veeam server was also out of action because it's on the same device that you're protecting.

Some of my smaller Veeam installations run as VMs on the environment they protect... for 2 or 3 jobs. But they do a daily export of their configuration which is replicated off site to guard against the worst case scenario. So if you did decide the most viable configuration meant that Veeam would be sharing with the protected data you'd make sure your configuration backup (scheduled after your nightly jobs?) happens reliably and you have a scheme for getting the configuration backup off to a safe secondary location.

[oleg.feoktistov]

Hi Frank,

I would go with the second option. Though, I'd advice to make sure of this:
1. Place a dedicated backup proxy on one of the machines inside S2D cluster
to have backup data processed like this: Source host <-> Backup proxy (Data Mover Service) <-> Gateway Server (Data Mover Service) <-> NAS Backup repository.
This way the only traffic going through Azure would be from Backup server sending commands to other Veeam components
and components sending back their statuses/progress (without handling backup data itself).
2. Use Backup proxy as a Guest interaction proxy.
However, in case you have non-Windows machines, Backup server will still be used instead to deploy runtime processes on VMs with other OS.
3. Use gateway server as a mount server inside your cluster so that restore traffic would also avoid going through Azure VPN.
4. Deploy an additional repository on the same VM Backup server is on for configuration database backups.

Cheers,
Oleg

[frankive]

Thanks!

It's a 2 node S2d cluster. Very powerful hyper-v servers with a lot of resources. I guess this server themselves can act as proxies?

[oleg.feoktistov]

You mean ms hyper-v server as a whole or ms windows server machine with hyper-v role enabled?
You would need a machine with Windows running to use it as either Backup Proxy or Gateway Server.
Check these system requirements.
Best regards,
Oleg

[frankive]

the s2d nodes in Windows GUI with hyper-v role installed.

Lets say that both nodes goes down.
We replace the hardware with a new hyper-v server and add it i the Veeam server in Azure.
When we then restore.. will the traffic automatically go from the local NAS to the Hyper-v server (we restore to the disks local for the server).
On which logical behavior (or how) does Veeam understand the logic path? based on subnet? latency?

[oleg.feoktistov]

the s2d nodes in Windows GUI with hyper-v role installed.

Then the nodes should act as backup proxies by default if you add them to VBR as hyper-v servers (cluster).
Unless you decide to use Off-Host Backup Proxy.

When we then restore.. will the traffic automatically go from the local NAS to the Hyper-v server (we restore to the disks local for the server).

Restore traffic will go this way: NAS <-> Gateway server/Mount server <-> Hyper-v server. Given that all the components are reachable between each other and also from Backup server to receive queries.

On which logical behavior (or how) does Veeam understand the logic path? based on subnet? latency?

Subnet/vlan. Take a look at this guide to manage preferred networks.

Thanks! Oleg

[frankive]

We have a scle out repository at the veeam central server in azure. (connected on-premises over vpn).
If we choose to restore from object storage it always mounts the VeeamFLR folder on the veeam server in azure instead of a local server.
We have chosen on the performance extent (nas at local site) and specified a local windows server for mount, but there is no such option on the object storage or the scale out repository.

Is it not possible to restore directly from an object storage without the data flowing through the Veeam server itself?

[frankive]

i found the gateway server funkction under Accouns in the object storage. that should solve it