https://login.veeam.com/en/oauth?client_id=nXojRrypJ8&redirect_uri=https%3A%2F%2Fwww.veeam.com%2Fservices%2Fauthentication%2Fredirect_url&response_type=code&scope=profile&state=eyJmaW5hbFJlZGlyZWN0TG9jYXRpb24iOiJodHRwczovL3d3dy52ZWVhbS5jb20va2I0MDEyIiwiaGFzaCI6IjEzYmNiYzA4LThmMTYtNGE4MS1iN2YwLWM2NjUwYjFmZWY0ZiJ9
1-800-691-1991 | 9am - 8pm ET
EN

Azure VMware Solution Support. Considerations and Limitations.

Challenge

Azure VMware Solution (AVS) is a VMware Cloud Verified offering that requires some specific considerations to work with Veeam Backup & Replication v10a. Aside from the listed instructions and limitations below, you can use AVS with Veeam Backup & Replication like you would any other VMware vSphere environment.

Some VMware features and permissions are not available upon deployment. This means there will be some features in Veeam Backup & Replication that are limited or unavailable. Depending on update releases this situation may change and features in the table below may become available.

Solution

kb4012

Implementation Step 1 - VMware Azure Solution

  1. Deploy and access AVS.

    After deploying AVS you will end up with an AVS private cloud resource and an Azure virtual network associated with it. If you have not already done so, you will need to provision an externally accessible workload with access to this virtual network. Review: Microsoft - Learn how to access an AVS private cloud and Microsoft - Configure networking for your AVS private cloud.


  2. Ensure you have network services configured.

    You will need to deploy DHCP and DNS. You may also wish to configure an identity provider.

    For this your Hub virtual network will act as a central point of connectivity between your on-premises network, your other Azure-native services and your AVS private cloud. For an architecture overview please reference: Microsoft - Learn how AVS integrates with native Azure services


  3. Create a DHCP server.

    Create a DHCP server on NSX. Be sure to you add an NSX-T network segment if you have not already done so and change its default DNS settings under Advanced Networking & Security. Review: Microsoft - Create and manage DHCP in AVS

    (Note that it is also possible to use a local DHCP server in the private cloud instead of using the NSX-integrated option, but you would not want to use external DHCP and to route broadcast DHCP traffic over the WAN.)


  4. Configure a DNS service.

    For Azure DNS resolution it is recommended you configure an AD domain controller and Azure DNS private zones. Microsoft - AVS DNS Resolution Considerations

    Be sure to configure DHCP in the step above to point directly to this local DNS server or Azure DNS.

    (Optionally, you can configure a DNS forwarder service on NSX, ensure your NSX Tier-1 Gateway is associated with your edge cluster, allowing you to configure stateful services. Set up a DNS zone for your NSX deployment and then create a DNS forwarder service. VMware - Add a DNS Forwarder Service.)


  5. Configure an identity provider in the Azure portal.

    Configure vCenter SSO to point to the same AD domain controller as in the previous step. This can be integrated using Azure AD connect for identity purposes. Microsoft - AVS Identity Sources

Implementation Step 1 - Veeam Backup & Replication

  1. Use a new Windows Server virtual machine and install Veeam Backup & Replication 10a. This can be deployed within any AVS or on-premises datacenter environment, if network connectivity exists between it and the AVS vCenter as well as other Veeam servers if needed, or other virtual machines for guest processing.
  2. Ensure DNS settings are configured so that this server can resolve the fully qualified domain name (FQDN) of the AVS vCenter Server.
  3. Check the below information carefully for known limitations and configuration steps before you proceed.

Implementation Step 3 - Add VMware vCenter

Add vCenter to the Veeam console. Review: Veeam - Adding VMware vSphere Servers

  1. Create a vCenter User with the required permissions, or use the cloudadmin@vsphere.local user.
  2. When adding a vCenter server, specify the fully qualified domain name (FQDN) that ends with avs.azure.com.
NOTE:
If you add vCenter by using its DNS name Veeam Backup & Replication v10a will recognize that this is an Azure VMware Solution instance and use HotAdd processing instead of NFC / NBD as this is not currently accessible on AVS out of the box. 

Implementation Step 4 - Add Veeam Proxy

Ensure there is at least one Veeam Proxy Server available to be able to process HotAdd / Virtual Appliance Backup mode. The Backup & Replication server itself can be used for this when installed on the SDDC Cluster. Review: Veeam - Adding a VMware Backup Proxy

NOTE:
Veeam Linux-based Proxy Server does not detect VMware Cloud specific logic and cannot be used as NFC / NBD is not accessible.

Implementation Step 5 - Add Veeam Repository

In AVS, VMware vSAN only comes with one datastore configured. As this is a production datastore we do not recommend using this to also store backups. An external backup location is needed. You could, for example, achieve this by using an Azure-native repository VM as a backup target and then tiering to object storage, or by sending backup data to an on-premises repository.

NOTE:
You may need to ensure network security groups allow Veeam repository traffic. Veeam – Backup Repository Connections

Implementation Step 6 - Add Secondary Backup Target

Following the 3-2-1 rule, it is recommended to create a backup copy to an additional location. There are several ways to achieve this:

  1. Veeam Scale-out Backup Repository - Capacity Tier usage. In copy mode this feature can be used to create additional backup copies on Azure Blob storage. Please use a private endpoint for Azure Blob to minimize data transfer costs.
  2. Veeam Backup Copy Job to a secondary Azure-native VM to keep an additional copy of backup data in a different Azure region.
  3. Veeam Backup Copy Job to on-premises or Veeam Cloud Connect (Enterprise). There is no special configuration required aside from network connectivity and firewall rules. For standard Backup Repository usage, it is recommended to create a VPN tunnel or use an ExpressRoute circuit from AVS to the on-premises datacenter.

Additional Scenarios

  1. Restore external backups to AVS. For this to work you will need to have Veeam Backup & Replication connected to vCenter and a working proxy (can be default) (implementation steps 1-4).
    Data can be restored from on-premises workloads and Azure-native VM workloads. Note that restore functionality that requires conversion may need to be staged to on-premises VMware infrastructure first as NFC / NBD is not accessible on AVS.
  2. Veeam VM Replication to AVS. For this to work you will need to have Veeam Backup & Replication connected to vCenter and a working proxy and repository (implementation steps 1-5).

The Veeam Repository for replication data can be hosted on the AVS vSAN datastore. Note that it is not recommended to use this same production datastore to also store backup data, this should be separate to maintain data resiliency.

It is possible to replicate from on-premises VMs to AVS, from AVS to AVS, and from AVS back to on-premises.

Azure VMware Solution (AVS) specific issues and solutions 

Issue

Veeam Backup & Replication may stop working after AVS is automatically updated.

Solution
  1. Please check this article for the minimum required Veeam Backup & Replication version or patches.
  2. For customers with socket-based licensing, make sure that any newly deployed ESXi hosts receive Veeam licenses. Potentially older ESXi hosts need to be revoked from consuming a license. We recommend using Veeam Universal Licensing to avoid any specific license issues with AVS.
 
Issue

Some Veeam Backup & Replication features are not available due to limitations with VMware Cloud Verified solutions like AVS (when compared with on-premises VMware vSphere infrastructure).

Solution

Affected Veeam Feature

Limitation

Workaround

Instant VM Recovery

Currently AVS does not allow NFS access

Use a combination of Veeam backup jobs and replication jobs for proactive restore capabilities

Other OS File Level Recovery

Currently AVS does not allow NFS access

Start Linux File Level Recovery from a backup copy on-premises

SureBackup, Sure Replica, OnDemand Labs, Virtual Lab

Currently AVS does not allow NFS and network manipulation

SureReplica is available if the replication target is a non-VMware Cloud vSphere environment (i.e. you can replicate a VM from AVS to on-premises)

VM Replication ReIP

ReIP is not available as NFC / NBD is not accessible in AVS

 

VM Replication-based File Level Recovery

 

Use a file restore from backup or use a VM replica to start the File Level Recovery

Replication (where Azure-based repository is used to store replica metadata)

Due to a lack of permissions the repository Data Mover is not able to connect to the Veeam server

Enable "Run server on this side" option for the repository. For Windows repositories it can be found under Ports configuration. For Linux - under Advanced settings in the server configuration wizard.

KB ID:
4012
Product:
Veeam Backup & Replication
Published:
2020-09-15
Last Modified:
2020-10-20
Please rate how helpful this article was to you:
5 out of 5 based on 2 ratings
Thank you for helping us improve!
An error occurred during voting. Please try again later.

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

Knowledge base content request
By submitting, you agree that your personal data will be managed by Veeam in accordance with the Privacy Policy.
Your report was sent to the responsible team. Our representative will contact you by email you provided.
We're working on it please try again later