So, it turns out that your data that resides on public cloud IaaS like Amazon Elastic Compute Cloud (Amazon EC2) and Azure VMs doesn’t protect itself. For as long as Veeam Agents have been around, Veeam users have used them to protect their cloud-hosted workloads. In fact, for over three years, the protection of IaaS and PaaS has also been possible in our cloud-native appliances: Veeam Backup for AWS, for Microsoft Azure and for Google Cloud.
With V12 came a host of cloud-focused features and enhancements, including NEW cloud-integrated agents that are optimized for AWS and Azure. Let’s look at exactly when agents are needed for cloud backup, where these agents have been optimized and integrated with cloud services and how they work.
Cloud Backup With Agents
Our most recent Cloud Protection Trends Report shows that 58% of organizations still use third-party agents installed on each cloud instance to protect their data.
On the surface, this seems odd since native tooling has been available for quite some time. However, when you look at this same report, 70% of these cloud hosted workloads originated from on-premises virtual and physical machines as part of a lift and shift motion. These applications that haven’t necessarily been refactored for the cloud often benefit from the advantages that an agent-based approach can bring, ones that native tooling can’t deliver with snapshots alone.
Benefits of Agent-based Backup
- Application awareness: The major benefit of application-aware processing is the guaranteed, proper recovery of your protected applications without any data loss. Application-aware processing is a Veeam technology that’s used to quiesce applications that run on a cloud VM to create a transactionally consistent backup. The agents are also aware of the applications that run on the OS and can talk directly with it to retrieve and interact with thatdata. This is especially true at-scale in multi-terabyte VMs, where it also helps to alleviate any issues that may arise when you’re snapshotting machines of this size.
- Veeam Explorers: Knowledge of your protected application also unlocks the Veeam Explorers, which enables hassle-free granular recovery at the in-guest level for popular applications like Exchange, SharePoint, Active Directory, SQL Server, Oracle and PostgreSQL.
- Back up Direct to Object Storage: Veeam Agents can now write directly to object storage services like Amazon S3 and Azure Blob, which eliminates the need to stage backups or snapshots on less cost-effective (but better performing) storage.
- No direct network connectivity: Discovery and connection of cloud instances to the Veeam backup server is done by means of public cloud queue services, Veeam Cloud Message Service and Veeam Cloud Transport work over secure channels, so no direct network connectivity or VPNs are required.
How It Works
Veeam Backup & Replication communicates with the cloud hosted VM and its associated Veeam Agent by means of Veeam Transport Service and Veeam Cloud Message Service.
- Veeam Cloud Message Service on a Veeam backup server sends requests to the Veeam Cloud Message Service on protected instances by means of Amazon Simple Queue Service (Amazon SQS) or Azure Queue Storage.
- Veeam Cloud Message Service on a protected instance checks the queue, reads the message and either:
- Runs the command (e.g., a PowerShell script)
- Resends the command to another Veeam component (e.g., the Veeam Agent or Veeam Transport Service)
- Veeam Cloud Message Service sends the command result back to Veeam Backup & Replication through the queue service.
Note: For this diagram, Veeam Backup & Replication is installed on-premises, but it can also run on any cloud infrastructure.
Cloud-integrated Veeam Agents deliver several benefits for organizations that look to protect their cloud hosted VMs, particularly those that were migrated from on-premises as part of a lift and shift exercise that has not yet been refactored.
In true Veeam fashion, we are all about options – these new agents are optimized for the cloud and our cloud-native offerings. Better yet, you can have your cake and eat it too by using both Veeam methods to protect your AWS and Azure IaaS with just one Veeam Universal License (VUL).