#1 Global Leader in Data Protection & Ransomware Recovery

How to Connect to an Object Storage Repository via Google Cloud Private Access

KB ID: 4324
Product: Veeam Backup & Replication | 12 | 12.1
Published: 2022-06-14
Last Modified: 2024-04-15
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Purpose

This article documents how to configure Veeam Backup & Replication to use Google Cloud Private Access to connect to a GCS bucket instead of the public IPs for Scale-Out Backup Repository offload to Capacity Tier or Archive Tier or to connect to an Object Storage Repository in Veeam Backup & Replication 12 or newer.

Connectivity from on-premises to private access can be accomplished via Cloud VPN or Direct/Partner Interconnects to Google Cloud, and Private Access enabled on the VPC Subnet.

Note: Backup repository servers located in GCE need to be on a VPC Subnet where Private Access is enabled. 

Solution

Prepare the Google Cloud Environment

  1. Make sure the VPC Subnet(s) that traffic will traverse have Private Google Access enabled:
Enable Private Google Access

Prepare the On-Prem DNS

  1. On the DNS server(s) used by the repository server(s), create a new Primary Forward Lookup Zone named 'googleapis.com'.
  2. Set up a CNAME record for *.googleapis.com to point to private.googleapis.com.
  3. Create DNS A Records for private.googleapis.com pointing to:
    • 199.36.153.8
    • 199.36.153.9
    • 199.36.153.10
    • 199.36.153.11. 
  4. Create a blank DNS A Record to point googleapis.com to 199.36.153.8.
    Value in name column will appear as (same as parent folder).
DNS Config
  1. For repository servers on-premises, ensure the CloudVPN or Cloud Interconnect uses dynamic routes or has a static route for the 199.36.153.8/30 pointing to the VPC subnet with Private Google Access enabled, and that the subnet is configured to send this traffic to the default internet gateway. 

Prepare the Veeam Backup & Replication Environment

  1. To configure the Helper Appliance used for Object Storage Repository Health Checks to use the private IP address, add the following registry value on the Veeam Backup Server:

    Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication
    Value Name: ArchiveUsePrivateIpForGoogleHelperAppliance
    Value Type: DWORD (32-Bit) Value
    Value Data: 1

    1 = Enable Archive Appliance use Private IP | 0 = Disable (Default)

More Information

If the Gateway server assigned with the Object Storage Repository settings has a restricted internet connection, that machine cannot perform Certificate Renovation List (CRL) checks. In such a scenario, disable certificate revocation checks by creating the following setting on the machine assigned as the Gateway server within the Object Storage Repository settings.

Note: This setting will disable TLS revocation checks for all interactions with Object Storage performed by the machine where the registry value is created.

  • For Windows-based Gateway servers, create the following registry value:

    Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
    Value Name: ObjectStorageTlsRevocationCheck
    Value Type: DWORD (32-Bit) Value
    Value Data: 0
  • For Linux-based Gateway servers, add the following entry to the /etc/VeeamAgentConfigIf the /etc/VeeamAgentConfig file is not present, it must be created. file:
    ObjectStorageTlsRevocationCheck=0
    
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.