4.8 Veeam proxies
In order to receive replication data from a tenant, at least one proxy is needed. This proxy needs to be able to talk with its controlling VBR server, the vCenter server (standalone or connected to vCloud Director) and all the ESXi hosts. To increase the availability of the service, deploy multiple proxy servers. Any service provider should consider carefully how many proxies are necessary based on the specific design of the environment.
In our lab, we have one Windows and one Linux proxy, to remember that any of the two type can be used, or both of them at the same time.
PROXY1 | |
---|---|
server name | proxy1.cloudconnect.local |
IP Address | 10.10.110.101 |
Operating System | Windows Server 2019 |
Installed components | Veeam Proxy |
vCPU | 4 |
RAM | 8 Gb |
Disk | 40 Gb |
PROXY2 | |
---|---|
server name | proxy2.cloudconnect.local |
IP Address | 10.10.110.102 |
Operating System | Ubuntu Linux |
Installed components | Veeam Proxy |
vCPU | 4 |
RAM | 8 Gb |
Disk | 20 Gb |
Proxies need to communicate with the different components: ESXi hosts and vCenter, Veeam Backup & Replication server, cloud gateways, WAN accelerators. For this reason, you should add firewall rules between the different networks.
NOTE: Some additional aliases have been added to the central firewall:
Proxies: 10.10.110.101, 10.10.110.102
Proto | Source | Port | Destination | Port | Description |
---|---|---|---|---|---|
IPv4 TCP/UDP | Proxies | * | Domain_controllers | 53 (DNS) | Allow proxies to use internal DNS |
IPv4 TCP | VBR_Server | * | Proxies | 22 | Temporary port to deploy Veeam components on Linux proxies |
IPv4 TCP | VBR_Server | * | Proxies | 445 | Temporary port to deploy Veeam components on Windows proxies |
IPv4 TCP | VBR_Server | * | Proxies | 6160 | Veeam Installer from VBR to Proxies |
IPv4 TCP | VBR_Server | * | Proxies | 6162 | Veeam Transport from VBR to Proxies |
IPv4 TCP | VCC_gateways | * | Proxies | 2500-3300 | Gateways transfer data to Proxies |
IPv4 TCP | VBR_Server | * | Proxies | 2500-3300 | VBR transfers data to Proxies |
IPv4 TCP | VBR_Server | * | Proxies | 49152-65535 | Veeam RPC from VBR to Windows Proxies (for disks and volumes discovery) |
Once all the different firewall rules are in place, service providers can deploy the proxy component on the different proxy servers:
4.24: Install a new Veeam proxy
You should leave all the configuration parameters as the default ones; transport mode specifically should be left as automatic because the proxies are VMs and they will use hotadd mode, which is the preferred mode for a target proxy. However, leaving automatic selection on allows for the usage of network mode as a failover option should something not work for the hotadd mode.
Traffic rules are also left empty, as any bandwidth management is done directly by Veeam Cloud Connect when configuring a tenant.
One last step must be done once the different Veeam proxies have been deployed. By default, the Veeam Backup & Replication server itself is also configured as a proxy.
4.25: List of available Veeam proxies
To guarantee that replication traffic follows the designed path from cloud gateways to WAN accelerators and proxies, you have to disable the default proxy role installed in Veeam Backup & Replication server or even choose to remove the role completely.