This article documents how to configure Veeam Backup & Replication to use Azure Blob Storage Account private endpoints for object storage offload.
To access Azure Blob private endpoints, you must configure networking using Azure VPN or Azure ExpressRoute.
regionto match the virtual network you plan to use for the storage account,
public IP address name,and the
availability zone. It is assumed if you're using Azure ExpressRoute that you have configured this prior.
Configure now. You'll need to generate a certificate using PowerShell for your connection. Specify an address pool, select
OpenVPN (SSL)as your tunnel type, and for authentication type, choose
Azure certificate, uploading the root certificate contents.
public network accessis disabled. If you need to access Azure Blob from another resource without using a private endpoint, for example, to see container contents in the Azure Portal you will need to choose
enabled for selected virtual networks and IP addressesinstead.
network interface name.
integrate with DNS zone.
DNS configuration, you should be able to see a private link entry that points to the specific IP address. This is required to support Azure Archive Tier as Veeam Backup & Replication Azure Proxy Appliances are deployed dynamically.
New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'ArchiveFreezingUsePrivateIpForAzureAppliance' -Value "1" -PropertyType DWORD -Force
With the host file modified, Veeam Backup & Replication will connect to the storage account's private endpoint.
Add your Azure object storage account to Veeam Backup & Replication.
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case