How do I connect to a Veeam service provider?

It’s incredibly simple to connect to a Veeam service provider and configure your Veeam Cloud Connect solution.

This blog aims to give you a brief guide on how to complete the configuration.

 

 

Before you begin you need to have the following information to hand:

A full username and password for your tenant account (speak to your service provider to register these details). A full IP address or DNS name for the Service Provider you’ll be communicating with.

Stage 1: Find your Veeam service provider

In the wizard open up the background infrastructure view, click on the ‘Service Providers’ and then ‘add a service provider’. In this section enter your IP address or the full DNS name for the Server Provider. You can also add any information for your Veeam service provider.

Stage 2: Cloud Provider configuration

  • Using the port element, specify which port your tenant backup server will use to connect to the gateway. The default port is 6180, but your service provider should be able to specify this if it’s different.
  • If the service provider is managing the tenant’s backup, you should check the box that states you “Allow this Veeam Backup & Replication installation to be managed by the service provider”. This enables the Veeam service provider to be able to manage the backup server through the Availability Console.  System Domain Credentials are needed for the Service Provider to access your console.
  • Click ‘next’.

Step 3: TLS Certification

Veeam service providerIf applicable, in this section you can view and verify the TLS certificate received from the service provider. To view this, just click the link.

  • From the credentials list, select the details for the tenant account, as provided by your Veeam Service Provider. You can also manually add them in this section. When completed, click ‘apply’.

Stage 4: Repository and Replication resources

  • In the resources tab of this screen, the system will automatically calculate the amount of resource given to the tenant, then display the results. After this has completed, click ‘next’. Please note that it may take some time.
  • Within the hardware plans category the wizard will calculate storage, computing and network assets that are available and allocated to the tenant, by the Veeam Service Provider.

Stage 5: Managing Network extensions

In the network extension tab, the wizard will detail extension appliances for the network that will be deployed on the side of the tenant. The network extension appliance is used for maintaining and initially establishing connections between production Virtual Machines and virtual Machine replicas after a partial site failover has been initiated.

Here, using the Network Extension Appliances list, you can also view the default extension settings, add new network extensions (if you have multiple IP networks in production) or edit current ones.

Step 6: Configuring network extension appliances

This window gives two options, where you can edit the existing appliance by selecting and clicking ‘edit’, or offering the facility to add new extensions.

  • Navigate to ‘choose’ and select the host which the network extension needs applying to. This is the source host where your production Virtual Machines will be replicated to the host.
  • This step differs, depending on what hardware plan you have.
    • For VMware Hardware plans, in the ‘resource pool,’ section click ‘choose’ and select the pool where the extension appliance Virtual machine is to be placed. In the Datastore section, click choose and select the store where you would like to keep the files of the network extension appliance VM.
    • For Hyper-V hardware, in the Folder section, press ‘choose’ and select the path and folder where you’d like to keep files of the network expansion VM. In the network section, select the Virtual Switch that the production VMs on the host is currently connected to.

Step 7 (optional): IP clarification

The next step is to confirm the appliance’s settings. If you’d like to assign this automatically (you have DHCP configured in your environment), simply keep the ‘obtain IP address automatically’ selected.  Please note that Veeam Cloud Connect does not currently support DHCP for replication. Further information on the current limitations can be found at  https://helpcenter.veeam.com/docs/backup/cloud/cloud_replication_limitations.html?ver=95

To manually assign the IP address to the appliance, enter the information into the “use the following IP addresses” section, specifying the IP address, Subnet mask and default gateway. Click ‘ok’ to proceed.

Stage 6: Summary of results

At the apply stage of the wizard, you’ll be able to view and save resource information, as well as deploy the specified number of network extension appliances to your host. After this process has completed, just click ‘next’. You’ll then be able to review the configuration and close the wizard.

If you’d like any further advice or information, feel free to leave a comment below, email enquiries@virtualDCS.co.uk or call +44 (0)3453 888 327.

Veeam Cloud Connect – Downloading and Applying Config File for OpenVPN

In this section, I am going to summarise how to download the config file for an Endpoint and how to apply it within the OpenVPN GUI.

Firstly, let us download the config file from the Veeam PN web portal. This can be done by the administrator under the ‘CLIENTS’ section of the portal. The ‘Download’ link next to each ‘Standalone’ client is the method used to download each config.

 

Veeam OpenVPN

 

Once downloaded and distributed, the user can apply the config to their OpenVPN software by implementing the following steps:

 

Search for the OpenVPN GUI

Veeam OpenVPN

 

In your taskbar, find the OpenVPN icon, right click and select ‘Import file’

 

Veeam OpenVPN

 

Once you select the provided. open file, you should see a ‘File imported successfully’ message.

Veeam OpenVPN

Upon failover, you should now be able to connect to the VPN. In the next chapter of this guide, we will perform a failover and confirm network connectivity can be established.

 

Testing Failover Plan / VPN Access

Now you are happy the VPN is ready for use by the End user and the replicated VMs are ready. You can test the failover plan to confirm everything works, as it should. To begin with, simply browse to your Failover Plan, right click, and select ‘Start’.

 

This will start the failover plan and begin to boot the VMs as configured by you within the Failover Plan. Once Veeam confirms the Failover Plan has finished, I would still give the Veeam PN appliance up to 5 minutes to boot as it can take a while.

 

The easiest way to confirm when the appliance is ready is to try to browse to the Veeam PN portal. This will be accessible on – https: // PUBLIC-IP-ADDRESS:6443

 

Veeam OpenVPN

 

Once you are happy, the portal is loading on port 6443. You can be happy the VPN is ready for use.

To connect to the VPN, the end user simply needs to right click on the OpenVPN icon and select ‘Connect’

 

Veeam OpenVPN

 

If the VPN successfully connects, you will see the following prompt appear:

 

Veeam OpenVPN

 

If this was only a test failover, you can now proceed with performing an ‘Undo’ so all changes are disregarded, however, you will know you’re ready in case of any disaster.

Contact the team today if you’d like any more information or to take advantage of Veeam Cloud Connect on our platform, with a 30-day free trial.

 

Configuring your Failover Plan to include the Veeam PN appliance

Once you are happy your Veeam PN portal is configured correctly, containing all of your required devices and IP address configurations you can start configuring your Failover Plan.

The appliance will first need to be replicated successfully to your Veeam Cloud Connect Service Provider.

I have found that due to it being a Linux VM, you may encounter the following warnings:

  1. No static IP addresses detected for VeeamHUB, please specify default gateway settings manually
  2. One or more source networks possible were mapped to the same cloud network. Simultaneous partial failover of VMs on these networks may cause issues.

Warning number 1 can be ignored going forward. I believe this is a bug with Veeam. If you are happy the IP address is definitely configured to be static, it can be ignored.

Warning number 2 can be cleared by ensuring the default gateway of the appliance is present in your ‘Default Gateways’ section located under (Backup Infrastructure > Service Providers > Select Service Provider > Manage Default Gateways. If you are happy your gateway is present in this list, and if you do not have multiple entries, simplly selecting the ‘Route traffic between these networks’ clears the warning.

Now you are happy your VM is replicated successfully. We can add the Veeam PN appliance into the Failover Plan. The first step is to add the VM in to the list of ‘Virtual Machines’. The delay is once again your choice. I find the appliance can take up to 5 minutes to boot, so I like to set the delay to 0 seconds. This is your choice entirely.

 

Veeam Cloud Connect

The next step is adding in some additional NAT rules for the Veeam PN to function correctly during a failover.

The first NAT rule will be for the ‘Site-to-Site’ VPN communications. Here you want the Public IP address to NAT to the Veeam PN appliance LAN address on port 1194.

The LAN IP has to be entered manually due to previous WARNING which stated the IP could not be automatically detected.

Veeam HUB

The second NAT rule will be for the ‘Point-to-Site’ VPN communications. Again, you want to NAT the Public IP address to the internal IP address of the appliance. However, this time on port 6179.

Veeam Address Mapping Rule

Finally, to allow management of the Veeam PN portal following a failover, you need to add one more NAT rule. In this demonstration, I am using port 6443 to be NAT through to the internal port 443. This means if you want to browse to the portal following a failover, you browse to:

https://PUBLIC-IP-ADDRESS:6443

Veeam PN Portal

That finalises this section. You simply require 3 additional NAT rules for the VPN following a failover. In the next section, I will quickly show you how to download the config file for each Endpoint and connect to the VPN.

Contact the team today if you’d like any more information or to take advantage of Veeam Cloud Connect on our platform, with a 30-day free trial.

 

 

 

1 2