How to Offload Backup Files to Capacity Tier via Google Cloud Private Access
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
Purpose
This article documents configuring an environment so Veeam Backup & Replication Object Repository will use Google Cloud Private Access to connect to a GCS bucket instead of the public IPs.
Connectivity from on-premises to private access can be accomplished via Cloud VPN or Direct/Partner Interconnects to Google Cloud, and Private Access enabled on the VPC Subnet.
Note: Backup repository servers located in GCE need to be on a VPC Subnet where Private Access is enabled.
Solution
Preparing the Environment (link)
- Make sure the VPC Subnet(s) that traffic will traverse have Private Google Access enabled:
- Configure DNS
- Configure DNS servers used by repository servers to have a zone for googleapis.com.
- Create DNS A Records for private.googleapis.com pointing to 199.36.153.8, 199.36.153.9, 199.36.153.10, 199.36.153.11.
- Set up a CNAME record for *.googleapis.com to point to private.googleapis.com.
- For repository servers on-premises, ensure the CloudVPN or Cloud Interconnect uses dynamic routes or has a static route for the 199.36.153.8/30 pointing to the VPC subnet with Private Google Access enabled, and that the subnet is configured to send this traffic to the default internet gateway.
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.