-
- Service Provider
- Posts: 60
- Liked: 3 times
- Joined: Nov 16, 2015 5:52 pm
- Full Name: Bill Boyer
- Contact:
Access vCenter via a proxy
We have a customer in our hosted environment that we back up. We do this by them adding a 2nd interface to vCenter so it's on a common network for Veeam access. They are saying the support contractor (EMC) for that system won't support that 2nd interface configuration and we need to come up with a way for Veeam to talk to their vCenter. is there a way to have a proxy-like system that is on the customer network and also on the network for Veeam that Veeam can use to talk to vCenter? or does Veeam only support direct communication to the vCenter? Their vCenter is a vxRails EMC implementation and EMC is the one saying they can't have the 2nd vNIC and be supported in their environment. We have been doing it that way for 6-mo. but they are saying their internal upgrade processes won't support it. so we need to come up with a different way for Veeam to access vcenter.
Bill
Bill
-
- Veeam Software
- Posts: 3626
- Liked: 608 times
- Joined: Aug 28, 2013 8:23 am
- Full Name: Petr Makarov
- Location: Prague, Czech Republic
- Contact:
Re: Access vCenter via a proxy
Hi Bill!
I think it should work if you add vCenter by its IP or DNS into the Veeam and there is a proxy which routes packets coming from your network to customer's one.
Thanks!
I think it should work if you add vCenter by its IP or DNS into the Veeam and there is a proxy which routes packets coming from your network to customer's one.
Thanks!
-
- VP, Product Management
- Posts: 7079
- Liked: 1511 times
- Joined: May 04, 2011 8:36 am
- Full Name: Andreas Neufert
- Location: Germany
- Contact:
Re: Access vCenter via a proxy
As Petr said, in theory we just connect through https to the vcenter system from B&R Server and from the Proxy Server. If something is transparently forwarding those connections to the vcenter server, then it might work, but we can not guaranty/support it as we never tested those scenarios.
The best option is to take care with firewalling/routing/VPN (for example VeeamPN) to access the vcenter directly.
The best option is to take care with firewalling/routing/VPN (for example VeeamPN) to access the vcenter directly.
-
- Service Provider
- Posts: 60
- Liked: 3 times
- Joined: Nov 16, 2015 5:52 pm
- Full Name: Bill Boyer
- Contact:
Re: Access vCenter via a proxy
Customers internal network is 172.28.13.0/24 and that's the primary IP of the vCenter.
Our Veeam server sits on our network 172.31.14.0/24.
Between out network and the customers network is our 'management' network for the customer. 172.29.13.0/24. For our hosting services computers on the customer network have an adapter on the 'management' network so our monitoring/backup can access their systems. access from our network to/from the 172.28.13.0 network is controlled via a firewall. Right now the customer has a 2nd adapter on the vCenter on 172.29.13.0. Veeam can access it from that address. Their contactor for the vxRails says the supplied vCenter 'appliance (but not really)' does not support a 2nd adapter. So either we need to remove it to allow for their internal upgrades to the vxRails and then re-add it when done, or come up with another way for Veeam (172.31.14.0) to access their internal network IP of the vCenter (172.28.13.0). Can I do that with the VeeamPN? The documentation mostly discusses point-to-site or site-to-site and Azure. Can I implement VeeamPN to accomplish accessing their internal network from my Veeam server(s)? I'm using a proxy that is on their vCenter connected to their internal network and the management network for the hotadd backups.
Our Veeam server sits on our network 172.31.14.0/24.
Between out network and the customers network is our 'management' network for the customer. 172.29.13.0/24. For our hosting services computers on the customer network have an adapter on the 'management' network so our monitoring/backup can access their systems. access from our network to/from the 172.28.13.0 network is controlled via a firewall. Right now the customer has a 2nd adapter on the vCenter on 172.29.13.0. Veeam can access it from that address. Their contactor for the vxRails says the supplied vCenter 'appliance (but not really)' does not support a 2nd adapter. So either we need to remove it to allow for their internal upgrades to the vxRails and then re-add it when done, or come up with another way for Veeam (172.31.14.0) to access their internal network IP of the vCenter (172.28.13.0). Can I do that with the VeeamPN? The documentation mostly discusses point-to-site or site-to-site and Azure. Can I implement VeeamPN to accomplish accessing their internal network from my Veeam server(s)? I'm using a proxy that is on their vCenter connected to their internal network and the management network for the hotadd backups.
-
- VP, Product Management
- Posts: 7079
- Liked: 1511 times
- Joined: May 04, 2011 8:36 am
- Full Name: Andreas Neufert
- Location: Germany
- Contact:
Re: Access vCenter via a proxy
I don´t have a solution right out of the box.
But if the sitaution is like
172.28.13.0/24 <=> FW <=> 172.29.13.0 <=> FW <=> 172.31.14.0
You could set routing entries on the firwall so that 172.28. can communicate with 172.31. and then open port 443 in the direction of the B&R/Proxy Server to vcenter.
But if the sitaution is like
172.28.13.0/24 <=> FW <=> 172.29.13.0 <=> FW <=> 172.31.14.0
You could set routing entries on the firwall so that 172.28. can communicate with 172.31. and then open port 443 in the direction of the B&R/Proxy Server to vcenter.
-
- Service Provider
- Posts: 60
- Liked: 3 times
- Joined: Nov 16, 2015 5:52 pm
- Full Name: Bill Boyer
- Contact:
Re: Access vCenter via a proxy
172.28.13.0/24 and 172.29.13.0/24 are separate networks. Servers in the customers network 172.28.13.0 have a production IP on the 172.28.13.0/24 and then a 'mgmt' nic and IP on the 172.29.13.0/24 network. Along with a static route directing 172.31.0.0/16 back through the 172.29.13.0/24 interface. So there is o routing/filewall between the 172.28.13.0 and 172.29.13.0 networks. the firewall is between the 172.29.13.0/24 network and our internal network 172.31.0.0/16. Right now their vCenter and ESXi hosts all have a 2nd interface on the 172.29.13.0/24 network and the route to force the traffic. Their vendor says they don't support the 2nd interface on the vCenter so we need to find another way for Veeam and vCenter to talk to each other.
-
- VP, Product Management
- Posts: 7079
- Liked: 1511 times
- Joined: May 04, 2011 8:36 am
- Full Name: Andreas Neufert
- Location: Germany
- Contact:
Re: Access vCenter via a proxy
OK so my understanding is that you have a router between 2 subnets and from one of the subnets you have a firewall to a 3rd subnet.
Set the correct routing information on the router and on the firewall and open needed ports.
Set the correct routing information on the router and on the firewall and open needed ports.
Who is online
Users browsing this forum: Amazon [Bot] and 84 guests