1-800-691-1991 | 9am - 8pm ET
EN

How to offload backup files to Capacity and Archive Tiers via AWS PrivateLink

KB ID: 4226
Product: Veeam Backup & Replication 11
Published: 2021-10-17
Last Modified: 2021-11-12

Purpose

This article documents how to configure Veeam Backup & Replication to use AWS PrivateLink.

Solution

  1. Configure a VPN connection to the VPC where you are planning to deploy the PrivateLink Endpoint.
    One of the ways to do this is to create a tunnel on the VM gateway using AWS Client VPN.
PrivateLink allows users to create private endpoints within their VPC, you will not be able to access buckets via PrivateLink from public networks.
  1. Create an S3 Interface Endpoint in your VPC. It will be assigned a DNS name that you can see in the AWS Console under VPC - Endpoints, when selecting the corresponding Endpoint.

  2. Modify the regions file to alter which server Veeam Backup & Replication will attempt to connect to for S3
    1. On the Veeam Backup Server, edit C:\Program Files\Veeam\Backup and Replication\Backup\AmazonS3Regions.xml 
    2. Find the Region section which corresponds to location of your PrivateLink
    3. Edit the <Endpoint Type="S3"> value to specify "bucket.<DNS_name>" using the value from Step 2.
    4. If there are multiple <Endpoint Type="S3"> entries remove all but the one you modified.

In this example, "eu-central-1" record is used because the S3 bucket and the PrivateLink endpoint are located in that region.

Example of frankfurt entry before edits.
Before Changes
After change example
After Adding Custom S3 Endpoint
  1. Create the following registry value on the Veeam Backup Server to prevent Veeam from automatically updating the XML file edited in step 3:

    Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
    Value Name: CloudRegionsDisableUpdate
    Value Type: DWORD (32-Bit) Value
    Value Data: 1

  2. Create a Scale-Out Backup Repository and add a Capacity Tier and/or an Archive Tier extent, selecting the Region that was modified in Step 3.

    For the example, in the xml from step 3 the Region Name is "EU (Frankfurt)"

  3. In order to use PrivateLink Endpoint with your Archive Tier extent, you will need some additional tweaks:

    1. Create the following registry parameter on the Veeam Backup Server:

      Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
      Value Name: ArchiveFreezingUsePrivateIpForAmazonAppliance
      Value Type: DWORD (32-Bit) Value
      Value Data: 1

    2. Configure an EC2 Interface Endpoint in your VPC.
KB ID: 4226
Product: Veeam Backup & Replication 11
Published: 2021-10-17
Last Modified: 2021-11-12

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you for your interest in Veeam products!
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.