Veeam Cloud Connect Scalability Tweaks

The registry values below are to be set on each server in the infrastructure.

LogDirectory

Defines the default log storage directory. (For more information, see KB1825)

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: LogDirectory
Value Type: String Value (REG_SZ)
Value Data: <path>

Recommendation: Specify a folder location with sufficient free space to ensure

Note:

• The path provided must be to a folder on a drive of the server without the trailing slash. 
• The path cannot be a remote location or mapped drive.
• Restart not required, but recommended to ensure all running services begin writing to the new locaiton.

TcpTimedWaitDelay

Defines the time that must elapse before TCP can release a closed connection and reuse its resources. For more information, refer to this Microsoft Article.

Key Location: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
Value Name: TcpTimedWaitDelay
Value Type: DWORD (32-Bit) Value
Default Value Data (Dec): 240
Recommended Value Data (Dec): 30

Note: Machine reboot required to apply changes.

Cloud Gateway-Specific Settings

The registry values in this section should be created on all existing cloud gateway servers.

Note: These settings regulate different DDoS prevention mechanisms and should be used with caution. 

DefaultBanDuration

Defines default connection ban duration.

Key Location: HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam Gate Service
Value Name: DefaultBanDuration
Value Type: DWORD (32-bit) Value
Default Value Data (Dec): 60000 (in milliseconds)

Recommendation: Test with the value of 0 to determine if connections are being dropped due to internal Cloud Connect DDoS protection logic.

DefaultWarningLimit

Defines a threshold for suspicious connections originating from a single IP address. If exceeded, the IP address gets banned.

Key Location: HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam Gate Service
Value Name: DefaultWarningLimit
Value Type: DWORD (32-bit) Value
Default Value Data (Dec): 64

Recommendation: Set to 512 and higher. The value may need to be set even higher if the Cloud Gateway Server is behind NAT.

MaxSimultaneousCloudConnections

Defines the total number of allowed simultaneous connections to a cloud gateway. Connections exceeding the threshold get dropped automatically.

Note: Starting with Veeam Cloud Connect 12.1.2, the default MaxSimultaneousCloudConnections value was raised to 15000, aligning with the recommendation for previous versions.

Key Location: HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam Gate Service
Value Name: MaxSimultaneousCloudConnections
Value Type: DWORD (32-bit) Value
Pre 12.1.2 Default Value Data (Dec): 1024
Post 12.1.2 Default Value Data (Dec): 15000

Recommended value: 15000 - for a maximum of 500 concurrent tasks. To support more simultaneous connections deploy additional cloud gateways.

PeerCloudConnectionsLimit

Defines the number of allowed simultaneous connections to a cloud gateway originating from a single IP address. Connections exceeding the threshold get dropped automatically.

Key Location: HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam Gate Service
Value Name: PeerCloudConnectionsLimit
Value Type: DWORD (32-bit) Value
Default Value Data (Dec): 64

Recommendation: The recommended value with vary depending on the number of agents backed up directly to a cloud repository from a single IP address (NAT). Use the following formula: X = N * 20

Where N is the number of agents backed up from a single IP address, and 20 is the maximum number of connections established to a cloud gateway by an agent.