Challenge
Some of VMware features and permissions are not granted by default at the start of VMware Cloud on AWS (VMC). Thus, some depending Veeam Backup & Replication features will be limited or not operating. Depending on VMware update releases for VMware Cloud on AWS, the situation may change and the features from the table below may become available. Please contact your VMware administrator for timely update.
Solution
UPDATE: New VMware Cloud on AWS V1.3 (M3) requires updated Veeam Backup & Replication components. Please download the patch for Veeam Backup & Replication 9.5 Update 3 here (instructions included).| Affected Veeam Feature | Limitation | Workaround |
|---|---|---|
|
Instant VM Recovery |
Currently, VMware Cloud on AWS (VMC) does not allow for NFS usage |
Use IVMR from a backup copy on-premises. |
|
Other OS File Level Recovery |
Currently, VMC does not allow for NFS |
Start Linux File-Level Recovery from a backup copy on-premises |
|
Quick Migration |
Quick Migration cannot migrate VMs to VMC if they are running |
Use Veeam Replication and permanent failover to achieve similar functionality |
|
SureBackup, Sure Replica, OnDemand Labs, Virtual Lab |
Currently, VMC does not allow NFS and network manipulation |
As for SureReplica, you can perform it if the replication target is a non-VMC vSphere environment (e.g., replicate VM from VMC to on-premises) |
|
VM Guest Interaction and Windows File Restore by VIX or WebService API |
Currently, VMC does not allow usage of VMware Webservice API |
If you want to perform Veeam Guest processing or Windows File-Level Recovery, then connect to a VM over the network from Veeam Backup & Replication |
|
VM Replication ReIP |
ReIP is not available on VMC |
|
|
Windows Dynamic disks are not supported |
Currently, VMC does not allow to process dynamic disks at Hot-Add (Virtual Appliance mode) backup |
VMware will provide a hotfix for this soon |
|
Non-Unicode VM names |
Currently, VMC does not allow non-Unicode characters for VM names within their APIs used ad VMC |
|
|
VM Replication based File Level Recovery |
|
Use file restore from backups or use a VM replica on a non VMC environment to start the File recovery |
Problem
Impossible to add the VMware Cloud on AWS vCenter server to the managed server, or VMs within this vCenter are not visible in the list of VMs.
Solution
- Create a vCenter User with required rights (Active Directory linked mode) described here, or use the cloudadmin@vmc.local user.
- When adding a vCenter server, specify the fully qualified domain name (FQDN) that ends with vmc.vmware.com.
Problem
When working with Restore or VM Replication wizard, users may face some issues accessing VMware Cloud on AWS vCenter server.
Cause
By design, VMware does not provide customers access to the background infrastructure and used datastores.
Solution
For proper operation, you can select the specific areas marked as “Workload” or “Compute”. Avoid using the non-accessible areas, for example:
- vsanDatastore datastore
- Management VMs folder
- Mgmt-ResourcePool resource pool
More Information
VMware Cloud on AWS Firewall Configuration
The Veeam Backup and Replication Server and Veeam proxy server should be connected to the VMware vCenter using HTTPS through TCP port 443. At VMware Cloud on AWS there is no need to open ports to the ESXi hosts itself. As the vCenter Server is by design of VMware Cloud on AWS on another network (Management Network) you need to implement a VPN tunnel to it or configure the following firewall settings:- Open Port TCP 443 from Backup Server and Proxy Server to the predefined vCenter object on the Compute Network.
- Allow the Compute Gateway Public IP to communicate over TCP 443 with the predefined vCenter object on the Management Network.
To connect the EC2 Server(s) used as Veeam Repositories the following Firewall configuration is needed:
- On the Compute Network
- Open TCP 22 (SSH) port from Veeam Backup server and Veeam proxy server to the Amazon VPC where the EC2 Server was installed. You can as well define the exact IP addresses of the repository server as Destination.
- Open TCP 2500-5000 ports for Veeam DAta Transport in both directions for same servers.
It is recommended to use the ENI Network Tunnel to avoid any traffic costs
- Open the same ports on the Inbound Firewall of the Amazon EC2 server used as repository server
[[DOWNLOAD | DOWNLOAD | https://storage.veeam.com/Fix_125006_a473166fe3.zip]]