1st time deployment clarification ?

[tanjum]

Hi all,

I'm doing my 1st setup for Veeam B&R and need to understanding something.

I have a Windows Server with 1 interface, 1Gb, Veeam will be installed on this.

I have ESXi with 2 interfaces 1Gbps [Management], and 10Gbps [Storage].

I have Storage with 1 interface, 10Gb [Storage].

Because Veeam requires repository configuration, does it require a 10Gb interface as well or is Windows Server is only acting as a Management plane for the storage and no storage data passes through the Windows Server ?

Hoping this is clear, I can add a diagram if this is not clear in understanding.

Thank You

[Mildur]

Hi tanjum

I have Storage with 1 interface, 10Gb [Storage].
Because Veeam requires repository configuration, does it require a 10Gb interface as well or is Windows Server is only acting as a Management plane for the storage and no storage data passes through the Windows Server ?

You write "I have storage". I assume backup storage.
What sort of storage? ISCSi? SMB? How is your plan to use it? We need more information to provide a good recommendation.
General recommendation for NAS devices: Do not use a SMB or NFS Share, use ISCSI.
iSCSI has to be mounted to a Linux or Windows VM and format it as a ReFS/XFS volume to use FastClone aware backup jobs.

If you only have one Windows server, then I assume you will install Veeam Backup & Replication on that machine; mount the iSCSI LUN and format it with ReFS.
Please also remember to implement copy jobs to immutable or air-gapped backup storage. A single backup file (non-immutable) is not a good protection against malicious attacks on your infrastructure.

Veeam uses a proxy server to protect your VMs. The proxy server reads data from your vSphere environment and then transfer the backup data to a backup repository server.
The proxy server can use one of three transport modes:
- Direct Storage Access (requires compatible production VM storage)
- Virtual appliance (Proxy server runs on a virtual windows or linux VM on your VmWare environment)
- Network Mode (Any machine with the proxy role can access the VM data through ESXI management interface)

Your backup server will be automatically the first proxy server. Because Direct Storage Access will require additional configuration, your backup server will most likely use Network Mode.
Data flow:
ESXI storage > ESXI server > Windows Server > Backup Storage

If you plan to configure Direct Storage Access proxies or Virtual Appliance proxy, traffic flow will be different. But it would be still going through the Windows Server (if your backup storage is mounted to that server).
In the end, 1Gbit vs 10 Gbit is a decision your business has to make. Do you require faster backups and restores? Then go with 10 Gbit.

If you are completely new to Veeam, I suggest to reach out to one of our partners in your region. They are able to help you to design and implement your backup infrastructure with our best practices in mind:
https://www.veeam.com/find-partner.html?type%5B%5D=VASP

Best,
Fabian

[tanjum]

Hi Midur,

Yes the Windows Server will have Veeam B&R installed, and the storage is over iSCSI but the storage is not mounted to the Windows Server.

The Storage will be mounted to TrueNAS which is the Storage Server.

Best I add the diagram..

[tanjum]

This is how the setup is like..

A Linux proxy will be deployed on ESXi.

Based on your reply I understand 10Gb NIC is only required if the Storage is mounted to it right ?

[Mildur]

TrueNAS is not seen as a "storage server" in Veeam products. You can't install our Veeam components on it. Therefore the question:
- How will your TrueNAS storage be consumed by your backup environment?
- What kind of backup repository will you configure in the backup server console?

Based on your reply I understand 10Gb NIC is only required if the Storage is mounted to it right?

Scenario: You use a virtual proxy server which can write directly to the TrueNAS backup storage (not mounted to the windows server):
- For backup jobs --> the backup server will only do management traffic. 1 Gbit will be enough.
- For instant recovery --> backup traffic may need to be transferred through the windows management server (if you haven't added another windows server to the managed server list). 1 Gbit may be too slow for this restore scenario.

If you follow our design best practices, then the TrueNAS server will provide it's storage through ISCSI directly to a windows (or linux) repository server.
Not recommended backup repository types:
- virtual disks on a ESXI datastore (storage from TrueNAS through iSCSI to the ESXi host) for a virtual backup repository server
- SMB or NFS Share as backup repositories on the TrueNAS appliance

I suggest to just connect the storage with iSCSI directly to your windows server. That's the least complex configuration you can have for your backup repository.
Also go with a 10 Gbit card. It can't be too expensive this days. And don't forget about the immutable/air-gapped backup copy location.


Best,
Fabian

[tanjum]

Thanks Fabian for all that,

I have been searching for your Best Practices, is there a link to it you can share ?

Thanks a lot..

[tanjum]

Found it..

https://bp.veeam.com/vbr/

https://bp.veeam.com/vbr/2_Design_Struc ... ositories/

Thanks again Fabian..

[Mildur]

Sure. You can find our best practice guide here: https://bp.veeam.com/vbr/

https://bp.veeam.com/vbr/2_Design_Struc ... ositories/

It is also recommended not to use VMFS based disks. If the disk was to be lost or corrupted, then all the backup data would also be lost as well. It is recommend that the repository VM either uses directly mounted iSCSI, or as RDMs in Physical access mode. This allows the disks to be either be reattached to a VM in a new cluster, or to a physical server.

https://bp.veeam.com/vbr/2_Design_Struc ... orage.html

Use ReFS/XFS with block cloning to reduce space requirements for synthetic fulls and GFS restore points and improve merge performance

Best,
Fabian

PS: Was too late with my answer. I'm glad you found it as well

[tanjum]

No worries Fabian, thanks again..

[tanjum]

Hi again,

I have gone through the below 4 links to get clarification on what subnet should the proxy be in, but could not find an answer for this.

https://bp.veeam.com/vbr/3_Build_struct ... p_proxies/

https://helpcenter.veeam.com/docs/backu ... ml?ver=120

https://helpcenter.veeam.com/docs/backu ... ml?ver=120

https://helpcenter.veeam.com/docs/backu ... ml?ver=120

VM Subnet - 10.21.30.0/24 - 1Gbps link
Storage Subnet 10.21.40.0/24 - 10Gbps link

So in this case should the proxy be in the VM subnet, or Storage ?

Or should the VMs be moved to traverse over the 10Gbps link ?

I have read the Proxy should be close to the source, on the same host as the VMs but no clarification on which subnet.

Thank You

[Mildur]

Hello tanjum

Please start using exact names when you ask about "storage". It would make it easier for any future reader of this topic.
Suggestion:
- production storage
- backup storage

A "network" or "virtual appliance" proxy doesn't require access to the "production storage" subnet. But the proxy must be able to connect to the server with the repository or gateway role. You can use different subnets for all Veeam components and open the necessary ports in the firewall: https://helpcenter.veeam.com/docs/backu ... ml?ver=120

A design recommendation for subnet segmentation is in our user guide:
https://bp.veeam.com/security/Design-an ... ation.html

Best,
Fabian

[tanjum]

Thanks Fabian,

Sure, understood..

Will go through these links as well..