#1 Global Leader in Data Protection & Ransomware Recovery
#1 Global Leader in Data Protection & Ransomware Recovery
BACK TO KB LIST

How to Deploy FLR Relay Proxy

KB ID: 3230
Product: Veeam Backup for AWS | 2.0 | 3.0 | 4.0 | 5.0 | 5a | 6.0 | 6a
Published: 2020-07-13
Last Modified: 2024-01-03
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Deprecated Feature
The FLR Relay Proxy feature described in this article was deprecated in Veeam Backup for AWS 7. In deployments where the feature was enabled before upgrading to Veeam Backup for AWS 7, the FLR Relay tab will still appear in the options. However, for Veeam Backup for AWS 7 deployments where this option was not configured previously, the FLR Relay tab has been removed.

Purpose

This article documents how to use your own TLS certificate during a file-level restore to secure communication between the web browser on a local machine and the Veeam Backup browser on a worker instance.

This can also be used when you want the Veeam Backup browser link to be static and include your own public DNS name instead of a public DNS name of a worker instance.

Solution

Summary

To use your own TLS certificate during file-level restore and have the static Veeam Backup browser link:

  1. In AWS CloudFormation, deploy and configure an EC2 instance that will act as an FLR relay proxy.
    In stack settings, you will need to specify the path to the TLS certificate and desired public DNS name. To obtain the stack template file, contact Veeam Customer Support.
  2. In worker instance settings, specify the FLR relay proxy for each AWS region where you plan to perform file-level restore.
    During file-level restore, Veeam Backup for AWS will route traffic to and from the launched worker instance through the specified FLR relay proxy.

Prerequisites

  • A valid TLS certificate. (For example, obtained from Let’s Encrypt.)
    The TLS certificate must be located in an S3 bucket folder.
  • Public DNS name that you own. (For example, flr.domain.com)

Deploying FLR Relay Proxy in AWS CloudFormation

In AWS CloudFormation, for each AWS region where you plan to use the FLR relay proxy, complete the following steps:

  1. Launch the Create Stack wizard as described in AWS Documentation.
  2. At the Specify template step of the wizard, upload a template file obtained from Veeam Customer Support.
  3. At the Specify stack details step of the wizard, specify the following settings:
    1. In the Stack name field, specify a name for the EC2 instance that will act as an FLR relay proxy.
    2. From the Key Pair drop-down list, select a key pair that will be used to authenticate against the FLR relay proxy.
      You will require the specified key pair if you want to connect to the proxy over SSH.
    3. [Optional] In the SSH Location field, specify the IPv4 address range from which you want to access the FLR relay proxy over SSH.
    4. In the HTTPS Location field, specify the IPv4 address range from which you plan to access the Veeam Backup browser during file-level restore.
    5. From the VPC and Subnet drop-down lists, select an Amazon Virtual Private Cloud (Amazon VPC) and subnet to which the FLR relay proxy must be connected.
    6. In the DNS Name field, specify the public DNS name that you own and want to include in the Veeam Backup browser link.
    7. In the S3 bucket with certificate field, specify the bucket folder name where the TLS certificate you want to use is located (without ‘s3://’).
      For example, MyBucketName/certificates
    8. In the Certificate file name field, specify the name of the certificate file that is located in the specified bucket folder.
      For example, certificate.pem
    9. In the Key file name field, specify the name of the private key file that is located in the specified bucket folder.
      For example, privatekey.pem
  4. At the Configure stack options step of the wizard, specify AWS tags, IAM role permissions, and other additional settings if necessary, and then click Next.
  5. At the Review step of the wizard, review the specified settings, select the I acknowledge that AWS CloudFormation might create IAM resources check box, and click Create stack.
  6. Associate the DNS name specified at step 3f with the Elastic IP address that is assigned to the FLR relay proxy.
    To view the public IP address of the FLR relay proxy:
    1. Open the Amazon EC2 console.
    2. In the navigation pane, click Instances.
    3. Find and click your FLR relay proxy.
    4. On the Description tab, on the right of the IPv4 Public IP, you will find the IP address of the FLR relay proxy.
  7. Wait until the FLR relay proxy is deployed.
    You can track the proxy deployment progress in the execution log at http://<IPaddress-of-your-proxy>:80.

After the successful installation of proxy components, the proxy will automatically shut down.

If this does not happen, check the proxy deployment status in the execution log at http://<IPaddress-of-your-proxy>:80 and contact Veeam Customer Support.

Specifying FLR Relay Proxy in Advanced Worker Instance Settings

Once the FLR relay proxy is deployed, access Veeam Backup for AWS and complete the following steps:

  1. At the top right corner of the Veeam Backup for AWS window, click Configuration.
  2. In the configuration menu on the left, click Workers.
  3. On the Advanced tab, click Add.
    Veeam Backup for AWS will launch the Add Region wizard.
  4. At the Region step of the wizard, specify the AWS region in which the FLR relay proxy is deployed.

    User-added image
  5. At the Worker Settings step of the wizard:
    1. Click Select and choose the necessary FLR relay proxy from the list.
    2. In the DNS Name field, enter the DNS name that you specified in FLR relay proxy settings.
    3. From the Security Group drop-down list, select a security group to which the FLR relay proxy will be connected during file-level restore.

      User-added image
  6. At the Summary step of the wizard, review the specified settings and click Finish.

Veeam Backup for AWS will automatically use the configured FLR relay proxy when you perform file-level restore in the AWS region where the proxy is deployed.

More Information

Should you have any questions on FLR relay proxy deployment or configuration, please contact Veeam Customer Support.

 

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.