- Veeam Support Knowledge Base
- How to Offload Backup Files to Capacity and Archive Tiers via AWS Privatelink / Direct Connect
How to Offload Backup Files to Capacity and Archive Tiers via AWS Privatelink / Direct Connect
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Purpose
This article documents how to configure Veeam Backup & Replication to use AWS PrivateLink or AWS Direct Connect for Scale-Out Backup Repository offload to Capacity Tier or Archive Tier.
Solution
Prepare the Environment
- (If using Direct Connect, skip to step 2.) For AWS PrivateLink, configure a VPN connection to the VPC where you are planning to deploy the PrivateLink Endpoint. One of the ways to do this is to create a tunnel on the VM gateway using AWS Client VPN.
- Create Endpoints in VPC:
- Create an S3 Interface Endpoint in your VPC. It will be assigned a DNS name that you can see in the AWS Console under VPC - Endpoints, when selecting the corresponding Endpoint.
- If intending to use Archive Tier, an EC2 Endpoint must be created as well.
- Modify the regions file to alter which server Veeam Backup & Replication will attempt to connect to for S3 and EC2
- On the Veeam Backup Server, edit C:\Program Files\Veeam\Backup and Replication\Backup\AmazonS3Regions.xml
- Find the Region section that corresponds to your PrivateLink or Direct Connect location.
Example:
<Region Id="ap-northeast-1" Name="Asia Pacific (Tokyo)" Type="Global">
- Within that Region's section, find the line <Endpoint Type="s3"> and replace the existing DNS value with the S3 Interface Endpoint DNS created in Step 1.
Note: For S3, the AWS console will display a DNS value starting with an asterisk. When altering the AmazonS3Regions file, replace the asterisk with the word bucket.
Example:
<Endpoint Type="S3">s3-ap-northeast-1.amazonaws.com</Endpoint>
Is changed to:
<Endpoint Type="S3">bucket.vpce-00000000000000000-00000000.s3.ap-northeast-1.vpce.amazonaws.com</Endpoint>
- If there are multiple lines for <Endpoint Type="S3"> in the Region section you are altering, remove all but the one you changed.
Example:
<Region Id="ap-northeast-1" Name="Asia Pacific (Tokyo)" Type="Global"> <Endpoint Type="S3">s3-ap-northeast-1.amazonaws.com</Endpoint>
<Endpoint Type="S3">s3.dualstack.ap-northeast-1.amazonaws.com</Endpoint> - If you plan to use Archive Tier: Within the same Region section, find the line <Endpoint Type="EC2"> and replace the existing DNS value with the EC2 Endpoint DNS created in Step 2.
Example:
<Endpoint Type="EC2">ec2.ap-northeast-1.amazonaws.com</Endpoint>
Is changed to:
<Endpoint Type="EC2">vpce-00000000000000000-00000000.ec2.ap-northeast-1.vpce.amazonaws.com</Endpoint>
- Save the file.
- On the Veeam Backup Server, edit C:\Program Files\Veeam\Backup and Replication\Backup\AmazonS3Regions.xml
Before Changes
After Adding Custom S3 and EC2 Endpoint
- Create the following registry values on the Veeam Backup & Replication server.
*All registry values are to be created in the key: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
*All registry values are DWORD (32-Bit) Values
- Name: CloudRegionsDisableUpdate
Data: 1
- Name: S3TLSRevocationCheck
Data: 0
- Name: ArchiveFreezingUsePrivateIpForAmazonAppliance
Data: 1 - Name: ArchiveFreezingSkipProxyValidation
Data: 1
- Name: CloudRegionsDisableUpdate
Alternatively, the following PowerShell commands can be executed on the Veeam Backup server to set the registry values.
New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'CloudRegionsDisableUpdate' -Value "1" -PropertyType DWORD -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'S3TLSRevocationCheck' -Value "0" -PropertyType DWORD -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'ArchiveFreezingUsePrivateIpForAmazonAppliance' -Value "1" -PropertyType DWORD -Force
New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'ArchiveFreezingSkipProxyValidation' -Value "1" -PropertyType DWORD -Force- Stop all tasks within Veeam Backup & Replication and restart the Veeam Backup Service to apply all changes.
Add Object Storage Repository
With the AmazonS3Regions.xml file modified, when selecting the corresponding entry within Veeam Backup & Replication, it will connect to the specified endpoints.
- For Capacity Tier, Add Amazon S3 Storage repository. On the Bucket tab of the wizard, select the Region that matches the Region name you modified in the Prep phase.
- For Archive Tier, Add Amazon S3 Glacier Storage repository. On the Bucket tab of the wizard, select the Data center that matches the Region name you modified in the Prep phase.
Once the Object Storage Repositories are added:
- Add Capacity Tier to Scale-Out Backup Repository
- Add Archive Tier to Scale-Out Backup Repository
More Information
Related Articles:
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please try again later.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Verify your email to continue your product download
We've sent a verification code to:
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!
Your feedback has been received and will be reviewed.