Configure Azure for use as a Veeam Cloud Service Provider

As part of Veeam's product lineup, partners have the ability to use a cloud repository to store backups sent directly from their Veeam installations. You can browse a directory of current cloud service providers (CSPs) here, or by signing up as a CSP, you can host your own Veeam CSP infrastructure.

We wanted to host our own CSP infrastructure, and choosing Azure as our platform fitted in nicely with the rest of our offerings. As it happens, Veeam has put a virtual machine (VM) template into the Azure marketplace preconfigured with the CSP components.

You will need Veeam CSP licensing from your rep before you can configure the VM.

To follow me through this article, I am assuming you already have an active Azure subscription. If not, you will need to sign up for one.

From the Azure portal, go to All Resources and search for Veeam. Find Veeam Cloud Connect for Service Providers and then click on Create.

Create an Azure Resource

Create an Azure Resource

You will need to specify some settings for your VM:

  • A resource group
  • VM name
  • Region
Create a VM

Create a VM

In addition, you'll need an:

  • Administrator username
  • Administrator password
VM admin details

VM admin details

On the next page, you will add your disks. I am adding a 1 TB standard HDD managed disk.

Create a disk

Create a disk

On the next page, you can add a network interface. You can leave this on the defaults for now.

Network interface

Network interface

Click Next to configure Management, setting Auto-Shutdown to Off.

Setting Auto Shutdown to Off

Setting Auto Shutdown to Off

On Guest config, I am leaving everything on default.

Guest config

Guest config

On the Tags page, I am adding a tag called Service and using it to tag all created resources as Veeam. This helps identify the created resources for billing.

Tags

Tags

On the summary page, you will need to enter some contact details, and then you can click on Create to begin deploying your VM.

Deployment complete

Deployment complete

Once the deployment is complete, click on Go to resource, and it will take you to your VM. If you click on Connect, you can start a Remote Desktop Connection to the VM.

Connect to the VM

Connect to the VM

Once logged into your VM, you need to format your data disk.

Open Disk Management, mark the disk as online, and then initialize the disk. When formatting the partition, I chose the ReFS file system and 64k clusters instead of the default.

Format the disk

Format the disk

You will notice the Welcome to Veeam Cloud Connect dialog box. This is where we need to enter our CSP license file. If you still don't have one, you can click the box to say you don't have one, and then click Next and follow the links to request one.

If you do have one, Browse to your license file and click Next.

Cloud Connect

Cloud Connect

Review the license agreement and click Next if you agree.

The Before You Start page gives you some instructions. You can familiarize yourself with these, but the deployment wizard has already completed some of them.

Open Veeam Backup & Replication. In the main window, click Backup Repositories. In the ribbon, click Add Repository.

I am naming it after the data disk logical unit number (LUN) connection it is attached to the VM on, selecting Windows Server on the next page. On the following page, we can choose the path to store our repository on. If you click Populate, it will show the disks available. Click Next.

Add a repository

Add a repository

Add a repository Populate the disk

Add a repository Populate the disk

Enter the path to your repository. I created a folder on F: to match the name of the repository I am adding.

Add a repository Enter the path

Add a repository Enter the path

You can accept the defaults for the rest of the wizard, including for vPower Network File System (NFS).

On the summary page, click Apply.

Add a Repository Summary

Add a Repository Summary

Add a repository Complete

Add a repository Complete

Now switch to the Cloud Connect section of Veeam in the menu bar on the left.

By default it installs a self-signed certificate on the cloud gateway, as your tenant computer will need to trust your Veeam CSP. I am replacing this with a certificate I have purchased.

Click on Manage Certificates.

Manage certificates

Manage certificates

Click on Import certificate from a file and then click on Yes in the message box about gateways.

Import a certificate Warning

Import a certificate Warning

Browse for your .pfx file and enter the password to complete the installation.

Import a certificate

Import a certificate

Next, we will add a tenant.

Under Tenants, on the ribbon click Add Tenant.

Enter a username for the tenant and a password, or click Generate New to have Veeam create a password for you.

Add a tenant

Add a tenant

On the next page, we can set how many tasks they can run concurrently and limit their bandwidth if we want to.

Add a tenant Bandwidth

Add a tenant Bandwidth

On the next page, we can link the tenant to a repository. Click Add to create a new cloud repository.

Add a tenant Add a cloud repository

Add a tenant Add a cloud repository

We can give the cloud repository a friendly name and a quota. We can also set deleted item retention on this repository. Use the drop-down list to link this to the backup repository we created earlier.

Add a tenant Cloud repository

Add a tenant Cloud repository

Click on Apply and Finish.

Go to Cloud Gateways and go to the properties of your Veeam CSP cloud gateway. Here you can adjust the external port, and on the networking page, you can adjust the public DNS name. This should match the name of the certificate we installed earlier.

Cloud gateway Port

Cloud gateway Port

Cloud gateway Public name

Cloud gateway Public name

This is enough to get us up and running and receiving backups from our tenant.

My tenant is running a single Hyper-V server with three guest machines.

Inside the Veeam console, go to Backup Infrastructure and Service Providers.

On the ribbon, click Add Service Provider.

Add service provider

Add service provider

Enter the public DNS name of your Veeam CSP. Click Next.

Service provider DNS name

Service provider DNS name

Enter the credentials we created for our tenant.

Service provider Tenant

Service provider Tenant

Click Apply.

Review the summary information and follow the prompts to complete the Service Provider wizard.

Service provider Summary

Service provider Summary

We can now adjust our existing backup jobs to send backups to our CSP or create new jobs to go to the CSP. Take care to consider how backing up to the CSP may affect your recovery time objective (RTO) or recovery point objective (RPO).

Backup to the CSP

Backup to the CSP

You should protect backups sent to the CSP with an encryption password set in the advanced settings of your backup job on the Storage tab.

At this point, you have a working CSP, but of course there is much to do to take this from a proof-of-concept system running on a basic Azure VM to being able to support your client base or own internal servers in production or booting replica VMs in Azure.

For example, you can use your Azure network security group to lock down Remote Desktop Protocol (RDP) Access and limit access to port 6080 for only tenant connections. You can also set up redundancy for your VM and storage in Azure.

You can read more about the Veeam Cloud Connect Infrastructure in the Veeam Help Center.

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads and for free by becoming a member!

0
Share
1 Comment
  1. Matt 1 year ago

    I have this configuration setup in Azure as well.  Sure would be nice to be able to create a scale-out-backup repository out of blob storage.   Soon I will run out of drive letters since I have a couple clients consuming numerous 4TB disks.    I'm not sure how to scale out this solution, adding multiple gateways or back end servers.   If you could show me how to do that, I would send you a six pack of beer.    I worked with a few Veeam support folks, but they were not helpful.

     

    2+

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account