Challenge
This article describes configuring Cisco HyperFlex Controller Firewall for Veeam standard backup processing with DirectNFS enhancements.Solution
Important!This configuration is automated with the Veeam HyperFlex integration (Backup from Storage Snapshot) and only needed if the Cisco HyperFlex System was NOT added to the Veeam Storage Infrasturcture and DirectNFS with standard VMware snapshot processing is used. Veeam recommends using the HyperFlex Integration with Backup from Storage Snapshot with HyperFelx Snapshots instead of DirectNFS.
VMware vSphere VMs hosted on Cisco HyperFlex access the storage with the help of special Cisco HyperFlex HX Data Platform controllers. The controllers are dedicated VMs deployed on the same VMware ESX host that hosts the VMs.
By default, the controllers are configured to receive traffic only from the ESX(i) host where they are located. To provide communication between Veeam Backup & Replication and the Cisco HyperFlex storage system, you need to manually enable the Direct NFS access mode between the backup proxy and controllers.
To enable the Direct NFS access on a data platform controller:
1. Log on to the controller with an account that has root privileges:
#ssh <user account>@<Controller IP Address>2. Enable the NFS traffic between the backup proxy and nfs share:
stcli security whitelist add --ips <Veeam NFS Data IP>To verify backup proxy settings, use the following command:
stcli security whitelist list
Important!
Veeam Backup & Replication cannot back up VMs that have VMware vSphere or Cisco HyperFlex snapshots in the DirectNFS mode. This limitation does not apply to Backup from Storage Snapshot over NFS.