Discussions specific to the VMware vSphere hypervisor
Post Reply
bjdboyer
Enthusiast
Posts: 50
Liked: 2 times
Joined: Nov 16, 2015 5:52 pm
Full Name: Bill Boyer
Contact:

Access vCenter via a proxy

Post by bjdboyer »

We have a customer in our hosted environment that we back up. We do this by them adding a 2nd interface to vCenter so it's on a common network for Veeam access. They are saying the support contractor (EMC) for that system won't support that 2nd interface configuration and we need to come up with a way for Veeam to talk to their vCenter. is there a way to have a proxy-like system that is on the customer network and also on the network for Veeam that Veeam can use to talk to vCenter? or does Veeam only support direct communication to the vCenter? Their vCenter is a vxRails EMC implementation and EMC is the one saying they can't have the 2nd vNIC and be supported in their environment. We have been doing it that way for 6-mo. but they are saying their internal upgrade processes won't support it. so we need to come up with a different way for Veeam to access vcenter.

Bill

PetrM
Veeam Software
Posts: 747
Liked: 103 times
Joined: Aug 28, 2013 8:23 am
Full Name: Petr Makarov
Location: Prague, Czech Republic
Contact:

Re: Access vCenter via a proxy

Post by PetrM »

Hi Bill!

I think it should work if you add vCenter by its IP or DNS into the Veeam and there is a proxy which routes packets coming from your network to customer's one.

Thanks!

Andreas Neufert
VP, Product Management
Posts: 4599
Liked: 878 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Access vCenter via a proxy

Post by Andreas Neufert »

As Petr said, in theory we just connect through https to the vcenter system from B&R Server and from the Proxy Server. If something is transparently forwarding those connections to the vcenter server, then it might work, but we can not guaranty/support it as we never tested those scenarios.

The best option is to take care with firewalling/routing/VPN (for example VeeamPN) to access the vcenter directly.

bjdboyer
Enthusiast
Posts: 50
Liked: 2 times
Joined: Nov 16, 2015 5:52 pm
Full Name: Bill Boyer
Contact:

Re: Access vCenter via a proxy

Post by bjdboyer »

Customers internal network is 172.28.13.0/24 and that's the primary IP of the vCenter.
Our Veeam server sits on our network 172.31.14.0/24.
Between out network and the customers network is our 'management' network for the customer. 172.29.13.0/24. For our hosting services computers on the customer network have an adapter on the 'management' network so our monitoring/backup can access their systems. access from our network to/from the 172.28.13.0 network is controlled via a firewall. Right now the customer has a 2nd adapter on the vCenter on 172.29.13.0. Veeam can access it from that address. Their contactor for the vxRails says the supplied vCenter 'appliance (but not really)' does not support a 2nd adapter. So either we need to remove it to allow for their internal upgrades to the vxRails and then re-add it when done, or come up with another way for Veeam (172.31.14.0) to access their internal network IP of the vCenter (172.28.13.0). Can I do that with the VeeamPN? The documentation mostly discusses point-to-site or site-to-site and Azure. Can I implement VeeamPN to accomplish accessing their internal network from my Veeam server(s)? I'm using a proxy that is on their vCenter connected to their internal network and the management network for the hotadd backups.

Andreas Neufert
VP, Product Management
Posts: 4599
Liked: 878 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Access vCenter via a proxy

Post by Andreas Neufert »

I don´t have a solution right out of the box.
But if the sitaution is like

172.28.13.0/24 <=> FW <=> 172.29.13.0 <=> FW <=> 172.31.14.0
You could set routing entries on the firwall so that 172.28. can communicate with 172.31. and then open port 443 in the direction of the B&R/Proxy Server to vcenter.

bjdboyer
Enthusiast
Posts: 50
Liked: 2 times
Joined: Nov 16, 2015 5:52 pm
Full Name: Bill Boyer
Contact:

Re: Access vCenter via a proxy

Post by bjdboyer »

172.28.13.0/24 and 172.29.13.0/24 are separate networks. Servers in the customers network 172.28.13.0 have a production IP on the 172.28.13.0/24 and then a 'mgmt' nic and IP on the 172.29.13.0/24 network. Along with a static route directing 172.31.0.0/16 back through the 172.29.13.0/24 interface. So there is o routing/filewall between the 172.28.13.0 and 172.29.13.0 networks. the firewall is between the 172.29.13.0/24 network and our internal network 172.31.0.0/16. Right now their vCenter and ESXi hosts all have a 2nd interface on the 172.29.13.0/24 network and the route to force the traffic. Their vendor says they don't support the 2nd interface on the vCenter so we need to find another way for Veeam and vCenter to talk to each other.

Andreas Neufert
VP, Product Management
Posts: 4599
Liked: 878 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Access vCenter via a proxy

Post by Andreas Neufert »

OK so my understanding is that you have a router between 2 subnets and from one of the subnets you have a firewall to a 3rd subnet.
Set the correct routing information on the router and on the firewall and open needed ports.

Post Reply

Who is online

Users browsing this forum: No registered users and 23 guests