Backing up virtual machines in DMZ

VMware specific discussions

Backing up virtual machines in DMZ

Veeam Logoby btmaus » Sun Sep 27, 2015 11:56 pm

I have my Veeam B&R Sever and Veeam Proxy servers in my Production VLAN, where vCenter is also located.

I have a couple of virtual machines in different DMZ networks that are behing firewalls. What options do I have to backup these virtual machines if I want to enable Application-aware processing? Do I need to open firewall ports?

Thanks
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby Gostev » Mon Sep 28, 2015 12:59 am

Direct network connection to the guest is not a requirement with Veeam, as backup server can talk to it via ESXi host as well. Thanks!
Gostev
Veeam Software
 
Posts: 21390
Liked: 2349 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Mon Sep 28, 2015 1:43 am

Ok but I notice if I enable Application-aware processing for the virtual machines in the DMZ network, then I get an error about VIX
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby v.Eremin » Mon Sep 28, 2015 11:25 am

What specific issue you got? What kind of account is specified for application processing of this VM?
v.Eremin
Veeam Software
 
Posts: 13266
Liked: 968 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: Backing up virtual machines in DMZ

Veeam Logoby dellock6 » Mon Sep 28, 2015 3:38 pm

be careful on VIX you either have to disable UAC or use the native administrator account, otherwise indeed you are going to face errors.
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com
vExpert 2011-2012-2013-2014-2015-2016
Veeam VMCE #1
dellock6
Veeam Software
 
Posts: 5047
Liked: 1330 times
Joined: Sun Jul 26, 2009 3:39 pm
Location: Varese, Italy
Full Name: Luca Dell'Oca

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Wed Sep 30, 2015 12:25 am

If I add a VM to my backup job, that has application-aware processing enabled, and I click on test credentials, it says:

Connecting to guest OS via RPC, user Administrator - (this is the correct credentials btw, I have double checked)
Cannot connect to the host's administrative share

So do I need to open firewall ports?
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby dellock6 » Wed Sep 30, 2015 8:18 am 1 person likes this post

Only if you want to use network as a connection, but as said before you can leverage VIX processing that uses the ESXi libraries to access the vm over the hypervisor stack, so you can keep your DMZ closed as before.
The test should actually test both type of connections, haven't you seen the result also of the VIX test?
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com
vExpert 2011-2012-2013-2014-2015-2016
Veeam VMCE #1
dellock6
Veeam Software
 
Posts: 5047
Liked: 1330 times
Joined: Sun Jul 26, 2009 3:39 pm
Location: Varese, Italy
Full Name: Luca Dell'Oca

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Wed Sep 30, 2015 10:55 am

dellock6 wrote:Only if you want to use network as a connection, but as said before you can leverage VIX processing that uses the ESXi libraries to access the vm over the hypervisor stack, so you can keep your DMZ closed as before.
The test should actually test both type of connections, haven't you seen the result also of the VIX test?


The Transport Mode is set to Automatic, with the failver to network option selected. So is it just doing a network test by default and then stopping? I don't see other tests after that. I have application-aware processing checked along with vSphere Guest quiescence.
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby foggy » Wed Sep 30, 2015 11:09 am

There should be a record for the VIX test, right after the RPC lines (or before them, if the registry setting for protocol order inversion is specified). If you do not see them, please contact technical support.
foggy
Veeam Software
 
Posts: 14742
Liked: 1079 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Wed Sep 30, 2015 10:54 pm

I created a new job, with application-aware processing checked along with vSphere Guest quiescence:

Connection to guest OS via RPC failed
Cannot connect to host's Administrative share
Then I get a pass for VIX tests.

So what does this mean, it will use VMware's own vSphere Guest quiescence to take the backup?
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby PTide » Thu Oct 01, 2015 9:32 am

So what does this mean, it will use VMware's own vSphere Guest quiescence to take the backup?
You can still use AAIP without having direct network connection to the backed up VMs. Just make sure you have VMware Tools up and running in these VMs. Please refer to this thread for requirements.

Thank you.
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Thu Oct 01, 2015 12:47 pm

Ok, thanks for the info.

If I decide to open the ports, which ports do I need to open specifically? I've had a look here but it's very confusing: http://helpcenter.veeam.com/backup/80/v ... ports.html

Which section do I need to look at?
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby PTide » Thu Oct 01, 2015 12:56 pm

If I decide to open the ports, which ports do I need to open specifically?
If you mean Guest OS ports then please refer to "VM Guest OS Connections" section of that guide.
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Re: Backing up virtual machines in DMZ

Veeam Logoby btmaus » Thu Oct 01, 2015 1:26 pm

OK thank you, that's alot of ports!
btmaus
Expert
 
Posts: 128
Liked: 9 times
Joined: Fri Jul 17, 2015 9:02 am
Full Name: Glenn L

Re: Backing up virtual machines in DMZ

Veeam Logoby PTide » Thu Oct 01, 2015 1:56 pm

That's alot of ports!
That's why in case of DMZ it's better to stick with VIX. There is an article from our Evangelist, please take a look as it might be helpful.
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Next

Return to VMware vSphere



Who is online

Users browsing this forum: No registered users and 15 guests