Hi all,
Is there a way to make a Virtual Appliance (HotAdd Proxy VM) work without allowing it network access to vCenter or ESXi kernel/mgmt IPs?
Currently a VeeamBackupServer+Proxy+Repo (all in one) server has access to two networks:
Network1: Can connect to vCenter and ESXi kernel/mgmt IP addresses.
Network2: Dedicated backup network. Has no access to vCenter nor ESXi IPs.
A Veeam Virtual Appliance VM also has access to the same two networks, and HotAdd-mode backup jobs are working as intended.
The Virtual Appliance VM is also sending backup traffic to the Repo server over Network2(the backup network) as intended, by using the Preferred Network setting.
Management is now thinking of removing Network1(access to vCenter and ESXi) from the Virtual Appliance, thinking that HotAdd backup traffic only needs to go through Network2 to the destination Repo.
We tested this by removing the Network1 NIC from the Virtual Appliance and discovered that the backup job would error out.
As soon as we re-add Network1 to the Virtual Appliance, things go back to normal and start working again.
Turns out during a backup job session, the Virtual Appliance itself needs direct access to the vCenter and ESXi IPs.
Seeing how with the Guest Processing feature, Veeam allows delegating the task to another Proxy by using the Guest Interaction Proxy option,
can a similar thing be setup for Virtual Appliance backup jobs, where the "communicate with vCenter and ESXi" tasks are delegated to another Proxy other than the Virtual Appliance itself,
so that the Virtual Appliance won't require direct network access to the vCenter and ESXi IPs?
In short, the goal here is to make it so that the VeeamBackupServer does all the VADP snapshot talking with vCenter/ESXi, and just have the Virtual Appliance focus on the send-backup-traffic-over-the-backup-network-to-a-Repo heavy lifting stuff, all with just a single Network2 IP that only has access to the destination Repo.
Is there a way to set this up? Registry tweak? Thanks!
-
- Enthusiast
- Posts: 76
- Liked: 10 times
- Joined: Jun 15, 2017 8:10 am
- Full Name: RLeon
- Contact:
-
- VP, Product Management
- Posts: 7077
- Liked: 1510 times
- Joined: May 04, 2011 8:36 am
- Full Name: Andreas Neufert
- Location: Germany
- Contact:
Re: Virtual Appliance (aka HotAdd Proxy VM) network connection to vCenter IP and ESXi kernel/mgmt IP
As any other backup vendor, we are integrating the VDDK development kit from VMware into our backup product. This VDDK kit runs on the proxy and need access to the ESXi host and vCenter for correct HotAdd processing.
On VMware Cloud on AWS there is a special networkless hotadd mode needed, but still the kit need access to the vcenter.
Our Linux Proxy HotAdd mode do not use the VDDK kit but even this Proxy need to interact with vcenter to get the latest updates.
I think there is no practical or usable way to implement this.
On VMware Cloud on AWS there is a special networkless hotadd mode needed, but still the kit need access to the vcenter.
Our Linux Proxy HotAdd mode do not use the VDDK kit but even this Proxy need to interact with vcenter to get the latest updates.
I think there is no practical or usable way to implement this.
-
- Enthusiast
- Posts: 76
- Liked: 10 times
- Joined: Jun 15, 2017 8:10 am
- Full Name: RLeon
- Contact:
Re: Virtual Appliance (aka HotAdd Proxy VM) network connection to vCenter IP and ESXi kernel/mgmt IP
So the Virtual Appliance Proxy needs network access to the vCenter and ESXi IPs after all.
Thanks for clarifying!
Thanks for clarifying!
-
- VP, Product Management
- Posts: 7077
- Liked: 1510 times
- Joined: May 04, 2011 8:36 am
- Full Name: Andreas Neufert
- Location: Germany
- Contact:
Re: Virtual Appliance (aka HotAdd Proxy VM) network connection to vCenter IP and ESXi kernel/mgmt IP
Correct.
TCP443 to the vcenter
TCP443,902 to the ESXi
TCP443 to the vcenter
TCP443,902 to the ESXi
Who is online
Users browsing this forum: No registered users and 64 guests