Veeam Cloud Connect Scalability Tweaks
Purpose
Numerous optimizations to the Cloud Connect framework on both the service provider and the tenant sides have been introduced to increase its scalability (including the number of concurrent tenant jobs per Cloud Connect server) and reliability at scale.
The Veeam Backup & Replication 12 release was tested with 1000 concurrent workloads per Cloud Connect instance. Reaching this number may require applying additional tweaks provided in this article.
One recommended approach for building scalable architecture is using the pod design.
Solution
The registry values below are to be set on each server in the infrastructure.
LogDirectory
Defines the default log storage directory. (For more information, see KB1825)
Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: LogDirectory
Value Type: String Value (REG_SZ)
Value Data: <path>
Recommendation:
Specify a folder location with sufficient free space to ensure
Note:
- The path provided must be to a folder on a drive of the server without the trailing slash.
- The path cannot be a remote location or mapped drive.
TcpTimedWaitDelay
Defines the time that must elapse before TCP can release a closed connection and reuse its resources. For more information, refer to this Microsoft Article.
Key Location: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
Value Name: TcpTimedWaitDelay
Value Type: DWORD (32-Bit) Value
Default Value Data: 240
Recommended Value Data: 30
Cloud Gateway Specific Settings
The registry values in this section should be created on all existing cloud gateway servers.
Note: These settings regulate different DDoS prevention mechanisms and should be used with caution.
DefaultBanDuration
Defines default connection ban duration.
Key Location: HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam Gate Service
Value Name: DefaultBanDuration
Value Type: DWORD (32-bit) Value
Default Value Data: 60000 (in milliseconds)
Recommendation:
Test with the value of 0 to determine if connections are being dropped due to internal Cloud Connect DDoS protection logic.
DefaultWarningLimit
Defines a threshold for suspicious connections originating from a single IP address. If exceeded, the IP address gets banned.
Key Location: HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam Gate Service
Value Name: DefaultWarningLimit
Value Type: DWORD (32-bit) Value
Default Value Data: 64
Recommendation:
Set to 512 and higher. The value may need to be set even higher if the Cloud Gateway Server is behind NAT.
MaxSimultaneousCloudConnections
Defines the total number of allowed simultaneous connections to a cloud gateway. Connections exceeding the threshold get dropped automatically.
Key Location: HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam Gate Service
Value Name: MaxSimultaneousCloudConnections
Value Type: DWORD (32-bit) Value
Default Value Data: 1024
Recommended value: 20000 (for 1000 concurrent tasks)
PeerCloudConnectionsLimit
Defines the number of allowed simultaneous connections to a cloud gateway originating from a single IP address. Connections exceeding the threshold get dropped automatically.
Key Location: HKLM\SOFTWARE\Wow6432Node\Veeam\Veeam Gate Service
Value Name: PeerCloudConnectionsLimit
Value Type: DWORD (32-bit) Value
Default Value Data: 64
Recommendation:
The recommended value with vary depending on the number of agents backed up directly to a cloud repository from a single IP address (NAT). Use the following formula:
X = N * 20
N is the number of agents backed up from a single IP address, and 20 is the maximum number of connections established to a cloud gateway by an agent.
More Information
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.