How to Offload Backup Files to Capacity Tier via Google Cloud Private Access
| KB ID: | 4324 |
| Product: | Veeam Backup & Replication |
| Version: | 11a or newer |
| Published: | 2022-06-14 |
| Last Modified: | 2022-06-14 |
Purpose
This article documents configuring an environment so Veeam Backup & Replication Object Repository will use Google Cloud Private Access to connect to a GCS bucket instead of the public IPs.
Connectivity from on-premises to private access can be accomplished via Cloud VPN or Direct/Partner Interconnects to Google Cloud, and Private Access enabled on the VPC Subnet.
Note: Backup repository servers located in GCE need to be on a VPC Subnet where Private Access is enabled.
Solution
Preparing the Environment (link)
- Make sure the VPC Subnet(s) that traffic will traverse have Private Google Access enabled:
- Configure DNS
- Configure DNS servers used by repository servers to have a zone for googleapis.com.
- Create DNS A Records for private.googleapis.com pointing to 199.36.153.8, 199.36.153.9, 199.36.153.10, 199.36.153.11.
- Set up a CNAME record for *.googleapis.com to point to private.googleapis.com.
- For repository servers on-premises, ensure the CloudVPN or Cloud Interconnect uses dynamic routes or has a static route for the 199.36.153.8/30 pointing to the VPC subnet with Private Google Access enabled, and that the subnet is configured to send this traffic to the default internet gateway.
Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.