Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
VMware Cloud on AWS and VMware Cloud on Dell EMC are vSphere environments running on AWS and Dell EMC hardware, that needs some specific preparation to allow Veeam Backup & Replication 11.0.0.837 P20210525 or later to work with it. Besides the below-listed preparation and limitations, you can interact with it within Backup & Replication like any other vSphere environment to backup, restore, and replicate VM workloads.
Some VMware features and permissions are not granted by default with these VMware offerings. Thus, some Veeam Backup & Replication features will be limited or inoperable. Depending on VMware update releases, the situation may change, and the features from the table below may become available. Please contact your VMware administrator for timely update.
The Veeam Backup and Replication Server and Veeam proxy server should be connected to the VMware vCenter using HTTPS through TCP port 443. At VMware Cloud on AWS/DellEMC, there is no need to open ports to the ESXi hosts themselves. As the vCenter Server is by design of VMware Cloud on AWS/DellEMC on another network (Management Network), you need to configure one of the following 3 options:
NSX-t allows VMC customers to access the management network over the built-in firewall directly. TCP Port 443 needs to be opened from all Veeam Backup and Veeam Proxy Servers as a Source with the vCenter internal IP as a target.
- On the Management Network
- On the Compute Gateway
To be able to directly access the vСenter within VMC, please follow the VMC internal guidelines to create a VPN tunnel from the compute network to the management network.
Please update your DNS Servers to resolve the FQDN of the vСenter to its private IP address. If you want to use hosts entries on the Veeam Server for it, add them on all Veeam Backup and Proxy Servers.
If your Backup & Replication (Management) Server is outside of the VMC cluster, please implement the same VPN connection for it.
Add vCenter to the Veeam console.
For any VMware Cloud on AWS/DellEMC SDDC Cluster, deploy at least one Veeam Proxy Server to utilize Virtual Appliance (HOTADD) transport mode. If the Backup & Replication server is deployed in the SDDC Cluster, it may be used as a Backup Proxy.
Note: Linux-based Backup Proxy can not be used with VMware Cloud on AWS/DellEMC as they do not enable specific mandatory VMware VDDK settings.
As VMware Cloud on AWS/DellEMC has only one accessible vSAN disk, it would not be prudent to utilize that disk for both production workloads and backups. It is, therefore, advisable to have an external Backup device to store the backup files. Depending on the use case, there are several ways to achieve this with different economic factors.
You could, for example, achieve this by sending data directly to Amazon S3 object storage if applicable, or use an EC2 VM as a backup target and then tier to Amazon S3, or by sending backup data to a repository in a different location depending on the bandwidth and throughput available.
You may need to ensure network security groups allow Veeam repository traffic. Veeam - Backup Repository Connections.
To connect the EC2 Server(s) used as Veeam Repositories the following Firewall configuration is needed:
On the Compute Network:
Open TCP 22 (SSH) port from Veeam Backup server and Veeam proxy server to the Amazon VPC where the EC2 Server was installed. You can as well define the exact IP addresses of the repository server as Destination.
Open TCP 2500-5000 ports for Veeam Data Transport in both directions for same servers. It is recommended to use the VMware Cloud on AWS/DellEMC integrated high throughput/low latency ENI network connection to avoid any traffic costs.
Ports |
Protocol |
Source |
2500-3300 |
tcp |
0.0.0.0/0 |
22 |
tcp |
0.0.0.0/0 |
It is suggested to create a backup copy to an additional place. Depending on the use case, there are several ways to achieve this with different economic factors. Among other ways, the following technologies can be used:
Additional Scenarios
Some of the Backup & Replication Features are not working correctly because of limitations of the VMware Cloud on AWS/DellEMC environment (compared with a standard vSphere environment).
Affected Veeam Feature | Limitation | Workaround |
Instant VM Recovery |
Currently, VMware Cloud on AWS (VMC) does not allow for NFS usage |
Use a combination of a Veeam backup job and replication job for proactive restore capabilities |
Other OS File Level Recovery |
Currently, VMC does not allow for NFS usage |
Start Linux File Level Recovery with a Linux server helper host, instead of using a temporary helper appliance |
SureBackup, Sure Replica, OnDemand Labs, Virtual Lab |
Currently, VMC does not allow NFS and network manipulation |
As for SureReplica, you can perform it if the replication target is a non-VMC vSphere environment (e.g., replicate VM from VMC to on-premises) |
VM Replication ReIP |
ReIP is not available on VMC |
|
Non-Unicode VM names |
Currently, VMC does not allow non-Unicode characters for VM names within their APIs used ad VMC |
|
VM Replication-based File Level Recovery |
|
Use file restore from backups or use a VM replica on a non VMC environment to start the File recovery |
Replication (where EC2-based repository is used to store replica metadata) | Due to lack of permissions, the repository Data Mover is not able to connect to the Veeam Server | Enable "Run server on this side" option for the repository. For Windows repositories it can be found under Ports configuration, for Linux - under Advanced settings in the server configuration wizard. |
Continuous Data Protection (CDP) | Currently, VMware Cloud on AWS (VMC) does not allow for CDP |
Your feedback has been received and will be reviewed.
Please try again later.
Please try select less.
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Your feedback has been received and will be reviewed.