Configure Azure for use as a Veeam Cloud Service Provider

• Author
• Recent Posts

Robert Pearman

Robert is a small business specialist from the UK and currently works as a system administrator. He was a Microsoft MVP for eight years and has worked as a technical reviewer for Microsoft Press. You can follow Robert on Twitter and in his blog.

Latest posts by Robert Pearman (see all)

• Run Exchange Online commands using Azure Automation - Tue, Jul 25 2023
• Connect to Exchange Online with PowerShell and certificate-based authentication - Wed, Jul 19 2023
• Office Deployment Tool (ODT): Deploy Office using custom XML files - Thu, Mar 30 2023

We wanted to host our own CSP infrastructure, and choosing Azure as our platform fitted in nicely with the rest of our offerings. As it happens, Veeam has put a virtual machine (VM) template into the Azure marketplace preconfigured with the CSP components.

You will need Veeam CSP licensing from your rep before you can configure the VM.

To follow me through this article, I am assuming you already have an active Azure subscription. If not, you will need to sign up for one.

From the Azure portal, go to All Resources and search for Veeam. Find Veeam Cloud Connect for Service Providers and then click on Create.

Create an Azure Resource

You will need to specify some settings for your VM:

• A resource group
• VM name
• Region

Create a VM

In addition, you'll need an:

• Administrator username
• Administrator password

VM admin details

On the next page, you will add your disks. I am adding a 1 TB standard HDD managed disk.

Create a disk

On the next page, you can add a network interface. You can leave this on the defaults for now.

Network interface

Click Next to configure Management, setting Auto-Shutdown to Off.

Setting Auto Shutdown to Off

On Guest config, I am leaving everything on default.

Guest config

On the Tags page, I am adding a tag called Service and using it to tag all created resources as Veeam. This helps identify the created resources for billing.

Tags

On the summary page, you will need to enter some contact details, and then you can click on Create to begin deploying your VM.

Deployment complete

Once the deployment is complete, click on Go to resource, and it will take you to your VM. If you click on Connect, you can start a Remote Desktop Connection to the VM.

Connect to the VM

Once logged into your VM, you need to format your data disk.

Open Disk Management, mark the disk as online, and then initialize the disk. When formatting the partition, I chose the ReFS file system and 64k clusters instead of the default.

Format the disk

You will notice the Welcome to Veeam Cloud Connect dialog box. This is where we need to enter our CSP license file. If you still don't have one, you can click the box to say you don't have one, and then click Next and follow the links to request one.

If you do have one, Browse to your license file and click Next.

Cloud Connect

Review the license agreement and click Next if you agree.

The Before You Start page gives you some instructions. You can familiarize yourself with these, but the deployment wizard has already completed some of them.

Open Veeam Backup & Replication. In the main window, click Backup Repositories. In the ribbon, click Add Repository.

I am naming it after the data disk logical unit number (LUN) connection it is attached to the VM on, selecting Windows Server on the next page. On the following page, we can choose the path to store our repository on. If you click Populate, it will show the disks available. Click Next.

Add a repository

Add a repository Populate the disk

Enter the path to your repository. I created a folder on F: to match the name of the repository I am adding.

Add a repository Enter the path

You can accept the defaults for the rest of the wizard, including for vPower Network File System (NFS).

On the summary page, click Apply.

Add a Repository Summary

Add a repository Complete

Now switch to the Cloud Connect section of Veeam in the menu bar on the left.

By default it installs a self-signed certificate on the cloud gateway, as your tenant computer will need to trust your Veeam CSP. I am replacing this with a certificate I have purchased.

Click on Manage Certificates.

Manage certificates

Click on Import certificate from a file and then click on Yes in the message box about gateways.

Import a certificate Warning

Browse for your .pfx file and enter the password to complete the installation.

Import a certificate

Next, we will add a tenant.

Under Tenants, on the ribbon click Add Tenant.

Enter a username for the tenant and a password, or click Generate New to have Veeam create a password for you.

Add a tenant

On the next page, we can set how many tasks they can run concurrently and limit their bandwidth if we want to.

Add a tenant Bandwidth

On the next page, we can link the tenant to a repository. Click Add to create a new cloud repository.

Add a tenant Add a cloud repository

We can give the cloud repository a friendly name and a quota. We can also set deleted item retention on this repository. Use the drop-down list to link this to the backup repository we created earlier.

Add a tenant Cloud repository

Click on Apply and Finish.

Go to Cloud Gateways and go to the properties of your Veeam CSP cloud gateway. Here you can adjust the external port, and on the networking page, you can adjust the public DNS name. This should match the name of the certificate we installed earlier.

Cloud gateway Port

Cloud gateway Public name

This is enough to get us up and running and receiving backups from our tenant.

My tenant is running a single Hyper-V server with three guest machines.

Inside the Veeam console, go to Backup Infrastructure and Service Providers.

On the ribbon, click Add Service Provider.

Add service provider

Enter the public DNS name of your Veeam CSP. Click Next.

Service provider DNS name

Enter the credentials we created for our tenant.

Service provider Tenant

Click Apply.

Review the summary information and follow the prompts to complete the Service Provider wizard.

Service provider Summary

We can now adjust our existing backup jobs to send backups to our CSP or create new jobs to go to the CSP. Take care to consider how backing up to the CSP may affect your recovery time objective (RTO) or recovery point objective (RPO).

Backup to the CSP

You should protect backups sent to the CSP with an encryption password set in the advanced settings of your backup job on the Storage tab.

At this point, you have a working CSP, but of course there is much to do to take this from a proof-of-concept system running on a basic Azure VM to being able to support your client base or own internal servers in production or booting replica VMs in Azure.

For example, you can use your Azure network security group to lock down Remote Desktop Protocol (RDP) Access and limit access to port 6080 for only tenant connections. You can also set up redundancy for your VM and storage in Azure.

You can read more about the Veeam Cloud Connect Infrastructure in the Veeam Help Center.