Challenge
VMware Cloud on AWS needs some specific preparation to allow Veeam Backup & Replication v9.5 Update 3 or newer to work with it.
Some of VMware features and permissions are not granted by default at the start of VMware Cloud on AWS (VMC). Thus, some depending Veeam Backup & Replication features will be limited or not operating. Depending on VMware update releases for VMware Cloud on AWS, the situation may change and the features from the table below may become available. Please contact your VMware administrator for timely update.
Solution
Implementation step 1 - Backup & Replication- Use a new Windows Server and install Veeam Backup & Replication v9.5 Update 3 or newer.
- Add DNS network settings so that this Server can resolve Internet DNS names.
- Check the below information carefully for any know limitations and configuration steps before you proceed.
Implementation step 2 - Backup & Replication
Install the latest VMware Cloud on AWS Veeam patch:
Please download the patch for Veeam Backup & Replication 9.5 Update 3 for VMware Cloud on AWS V1.4 here (instructions included).
Implementation step 3 - VMware Cloud on AWS
Firewall Configuration for vCenter connection
The Veeam Backup and Replication Server and Veeam proxy server should be connected to the VMware vCenter using HTTPS through TCP port 443. At VMware Cloud on AWS there is no need to open ports to the ESXi hosts itself. As the vCenter Server is by design of VMware Cloud on AWS on another network (Management Network) you need to implement a VPN tunnel to it or configure the following firewall settings:- Open Port TCP 443 from Backup Server and Proxy Server to the predefined vCenter object on the Compute Network.
- Allow the Compute Gateway Public IP to communicate over TCP 443 with the predefined vCenter object on the Management Network.
Implementation step 4 - add vCenter
Add vCenter to the Veeam console as described here: https://helpcenter.veeam.com/docs/backup/vsphere/add_vmware_server.html?ver=95
- Create a vCenter User with required rights (Active Directory linked mode) described here, or use the cloudadmin@vmc.local user.
- When adding a vCenter server, specify the fully qualified domain name (FQDN) that ends with vmwarevmc.com or vmc.vmware.com (depending on the URL shown in the VMC interface for the vCenter).
Implementation step 5 - add Veeam Repository
VMware Cloud on AWS has only one accessible vSAN disk. It would not make sense to use that disk for production workloads and backups. An external Backup device needs to be added. Depending on the use case there are several ways to achieve this with different economic factors. Please find below an example of an Amazon S3 EC2 Linux Server used as a backup target over the VMware Cloud on AWS integrated EDI network bridge:
To connect the EC2 Server(s) used as Veeam Repositories the following Firewall configuration is needed:
- On the Compute Network:
- Open TCP 22 (SSH) port from Veeam Backup server and Veeam proxy server to the Amazon VPC where the EC2 Server was installed. You can as well define the exact IP addresses of the repository server as Destination.
- Open TCP 2500-5000 ports for Veeam Data Transport in both directions for same servers. It is recommended to use the ENI Network Tunnel to avoid any traffic costs.
- Open the same ports on the Inbound Firewall of the Amazon EC2 server used as a repository server.
More Information
VMware Cloud on AWS specific problems and solutions:
Problem
Impossible to add the VMware Cloud on AWS vCenter server to the managed server, VMs within this vCenter are not visible in the list of VMs or an Error is displayed in the Veeam Jobs “Processing SQL Error: File does not exist or locked. …”Solution
- Create a vCenter User with required rights (Active Directory linked mode) described here, or use the cloudadmin@vmc.local user.
- When adding a vCenter server, specify the fully qualified domain name (FQDN) that ends with vmwarevmc.com or vmc.vmware.com (depending on the URL shown in the VMC interface for the vCenter).
Problem
When working with Restore or VM Replication wizard, users may face some issues accessing VMware Cloud on AWS vCenter server. By design, VMware does not provide customers access to the background infrastructure and used datastores.
Solution
For proper operation, you can select the specific areas marked as “Workload” or “Compute”. Avoid using the non-accessible areas, for example:- vsanDatastore datastore
- Management VMs folder
- Mgmt-ResourcePool resource pool
Problem
Backup & Replication stop working after VMware Cloud on AWS was automatically updated to Version 1.3 or newer.
Solution
UPDATE: New VMware Cloud on AWS V1.3 or 1.4 requires updated Veeam Backup & Replication components. Please download the patch for Veeam Backup & Replication 9.5 Update 3 here (instructions included).[[DOWNLOAD | DOWNLOAD | https://storage.veeam.com/Fix_125006_a473166fe3.zip]]
Problem
Some of the Backup & Replication Features are not working correctly because of limitations of the VMware Cloud on AWS environment (compared with a standard vSphere environment).
Solution
| Affected Veeam Feature | Limitation | Workaround |
|---|---|---|
|
Instant VM Recovery |
Currently, VMware Cloud on AWS (VMC) does not allow for NFS usage |
Use a combination of a Veeam backup job and replication job for proactive restore capabilities |
|
Other OS File Level Recovery |
Currently, VMC does not allow for NFS |
Start Linux File-Level Recovery from a backup copy on-premises |
|
Quick Migration |
Quick Migration cannot migrate VMs to VMC if they are running |
Use Veeam Replication and permanent failover to achieve similar functionality |
|
SureBackup, Sure Replica, OnDemand Labs, Virtual Lab |
Currently, VMC does not allow NFS and network manipulation |
As for SureReplica, you can perform it if the replication target is a non-VMC vSphere environment (e.g., replicate VM from VMC to on-premises) |
|
VM Guest Interaction and Windows File Restore by VIX or WebService API |
Currently, VMC does not allow usage of VMware Webservice API |
If you want to perform Veeam Guest processing or Windows File-Level Recovery, then connect to a VM over the network from Veeam Backup & Replication |
|
VM Replication ReIP |
ReIP is not available on VMC |
|
|
Windows Dynamic disks are not supported |
Currently, VMC does not allow to process dynamic disks at Hot-Add (Virtual Appliance mode) backup |
VMware will provide a hotfix for this soon |
|
Non-Unicode VM names |
Currently, VMC does not allow non-Unicode characters for VM names within their APIs used ad VMC |
|
|
VM Replication-based File Level Recovery |
|
Use file restore from backups or use a VM replica on a non VMC environment to start the File recovery |