How to Deploy FLR Relay Proxy

KB ID:
3230
Product:
Veeam Backup for AWS
Version:
2.x and later
Published:
Last Modified:
2020-07-14

Challenge

During file-level restore, you want to use your own TLS certificate to secure communication between the web browser on a local machine and the Veeam Backup browser on a worker instance.

Additionally, you want the Veeam Backup browser link to be static and include your own public DNS name instead of a public DNS name of a worker instance.

Solution

To use your own TLS certificate during file-level restore and have the static Veeam Backup browser link:

  1. In AWS CloudFormation, deploy and configure an EC2 instance that will act as an FLR relay proxy.
    In stack settings, you will need to specify the path to the TLS certificate and desired public DNS name. To obtain the stack template file, contact Veeam Customer Support.
  2. In worker instance settings, specify the FLR relay proxy for each AWS region where you plan to perform file-level restore.
    During file-level restore, Veeam Backup for AWS will route traffic to and from the launched worker instance through the specified FLR relay proxy.
Prerequisites
  • Valid TLS certificate, for example, obtained from Let’s Encrypt.
    The TLS certificate must be located in an S3 bucket folder.
  • Public DNS name that you own, for example, flr.domain.com.

Deploying FLR Relay Proxy in AWS CloudFormation

 

In AWS CloudFormation, for each AWS region where you plan to use the FLR relay proxy, complete the following steps:

  1. Launch the Create Stack wizard as described in AWS Documentation.
  2. At the Specify template step of the wizard, upload a template file obtained from Veeam Customer Support.
  3. At the Specify stack details step of the wizard, specify the following settings:
    1. In the Stack name field, specify a name for the EC2 instance that will act as an FLR relay proxy.
      User-added image
    2. From the Key Pair drop-down list, select a key pair that will be used to authenticate against the FLR relay proxy.
      You will require the specified key pair if you want to connect to the proxy over SSH.
    3. [Optional] In the SSH Location field, specify the IPv4 address range from which you want to access the FLR relay proxy over SSH.
    4. In the HTTPS Location field, specify the IPv4 address range from which you plan to access the Veeam Backup browser during file-level restore.
    5. From the VPC and Subnet drop-down lists, select an Amazon Virtual Private Cloud (Amazon VPC) and subnet to which the FLR relay proxy must be connected.
    6. In the DNS Name field, specify the public DNS name that you own and want to include in the Veeam Backup browser link.
      User-added image
    7. In the S3 bucket with certificate field, specify the bucket folder name where the TLS certificate you want to use is located (without ‘s3://’).
      For example, MyBucketName/certificates
    8. In the Certificate file name field, specify the name of the certificate file that is located in the specified bucket folder.
      For example, certificate.pem
    9. In the Key file name field, specify the name of the private key file that is located in the specified bucket folder.
      For example, privatekey.pem
      User-added image
  4. At the Configure stack options step of the wizard, specify AWS tags, IAM role permissions and other additional settings if necessary, and then click Next.
  5. At the Review step of the wizard, review the specified settings, select the I acknowledge that AWS CloudFormation might create IAM resources check box, and click Create stack.
  6. Associate the DNS name specified at step 3.6 with the Elastic IP address that is assigned to the FLR relay proxy.
    To view the public IP address of the FLR relay proxy:
    1. Open the Amazon EC2 console.
    2. In the navigation pane, click Instances.
    3. Find and click your FLR relay proxy.
    4. On the Description tab, on the right of IPv4 Public IP, you will find the IP address of the FLR relay proxy.
  7. Wait until the FLR relay proxy is deployed.
    You can track the proxy deployment progress in the execution log at http://<IPaddress-of-your-proxy>:80.

After successful installation of proxy components, the proxy will automatically shut down.
If this does not happen, check the proxy deployment status in the execution log at http://<IPaddress-of-your-proxy>:80 and contact Veeam Customer Support.
 

Specifying FLR Relay Proxy in Advanced Worker Instance Settings

 

Once the FLR relay proxy is deployed, access Veeam Backup for AWS and complete the following steps:

  1. At the top right corner of the Veeam Backup for AWS window, click Configuration.
  2. In the configuration menu on the left, click Workers.
  3. On the Advanced tab, click Add.
    Veeam Backup for AWS will launch the Add Region wizard.
  4. At the Region step of the wizard, specify the AWS region in which the FLR relay proxy is deployed.
    User-added image
  5. At the Worker Settings step of the wizard:
    1. Click Select and choose the necessary FLR relay proxy from the list.
    2. In the DNS Name field, enter the DNS name that you specified in FLR relay proxy settings.
    3. From the Security Group drop-down list, select a security group to which the FLR relay proxy will be connected during file-level restore.
      User-added image
  6. At the Summary step of the wizard, review the specified settings and click Finish.

Veeam Backup for AWS will automatically use the configured FLR relay proxy when you perform file-level restore in the AWS region where the proxy is deployed.

More Information

Should you have any questions on FLR relay proxy deployment or configuration, please contact Veeam Customer Support.

 

Please be aware that we’re making changes which will restrict access to product updates for users without an active contract.

OK

Rate the quality of this KB article: 
5 out of 5 based on 1 ratings

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.

Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text:

Submit