How do I connect to a Veeam service provider?

It’s incredibly simple to connect to a Veeam service provider and configure your Veeam Cloud Connect solution.

This blog aims to give you a brief guide on how to complete the configuration.

 

 

Before you begin you need to have the following information to hand:

A full username and password for your tenant account (speak to your service provider to register these details). A full IP address or DNS name for the Service Provider you’ll be communicating with.

Stage 1: Find your Veeam service provider

In the wizard open up the background infrastructure view, click on the ‘Service Providers’ and then ‘add a service provider’. In this section enter your IP address or the full DNS name for the Server Provider. You can also add any information for your Veeam service provider.

Stage 2: Cloud Provider configuration

  • Using the port element, specify which port your tenant backup server will use to connect to the gateway. The default port is 6180, but your service provider should be able to specify this if it’s different.
  • If the service provider is managing the tenant’s backup, you should check the box that states you “Allow this Veeam Backup & Replication installation to be managed by the service provider”. This enables the Veeam service provider to be able to manage the backup server through the Availability Console.  System Domain Credentials are needed for the Service Provider to access your console.
  • Click ‘next’.

Step 3: TLS Certification

Veeam service providerIf applicable, in this section you can view and verify the TLS certificate received from the service provider. To view this, just click the link.

  • From the credentials list, select the details for the tenant account, as provided by your Veeam Service Provider. You can also manually add them in this section. When completed, click ‘apply’.

Stage 4: Repository and Replication resources

  • In the resources tab of this screen, the system will automatically calculate the amount of resource given to the tenant, then display the results. After this has completed, click ‘next’. Please note that it may take some time.
  • Within the hardware plans category the wizard will calculate storage, computing and network assets that are available and allocated to the tenant, by the Veeam Service Provider.

Stage 5: Managing Network extensions

In the network extension tab, the wizard will detail extension appliances for the network that will be deployed on the side of the tenant. The network extension appliance is used for maintaining and initially establishing connections between production Virtual Machines and virtual Machine replicas after a partial site failover has been initiated.

Here, using the Network Extension Appliances list, you can also view the default extension settings, add new network extensions (if you have multiple IP networks in production) or edit current ones.

Step 6: Configuring network extension appliances

This window gives two options, where you can edit the existing appliance by selecting and clicking ‘edit’, or offering the facility to add new extensions.

  • Navigate to ‘choose’ and select the host which the network extension needs applying to. This is the source host where your production Virtual Machines will be replicated to the host.
  • This step differs, depending on what hardware plan you have.
    • For VMware Hardware plans, in the ‘resource pool,’ section click ‘choose’ and select the pool where the extension appliance Virtual machine is to be placed. In the Datastore section, click choose and select the store where you would like to keep the files of the network extension appliance VM.
    • For Hyper-V hardware, in the Folder section, press ‘choose’ and select the path and folder where you’d like to keep files of the network expansion VM. In the network section, select the Virtual Switch that the production VMs on the host is currently connected to.

Step 7 (optional): IP clarification

The next step is to confirm the appliance’s settings. If you’d like to assign this automatically (you have DHCP configured in your environment), simply keep the ‘obtain IP address automatically’ selected.  Please note that Veeam Cloud Connect does not currently support DHCP for replication. Further information on the current limitations can be found at  https://helpcenter.veeam.com/docs/backup/cloud/cloud_replication_limitations.html?ver=95

To manually assign the IP address to the appliance, enter the information into the “use the following IP addresses” section, specifying the IP address, Subnet mask and default gateway. Click ‘ok’ to proceed.

Stage 6: Summary of results

At the apply stage of the wizard, you’ll be able to view and save resource information, as well as deploy the specified number of network extension appliances to your host. After this process has completed, just click ‘next’. You’ll then be able to review the configuration and close the wizard.

If you’d like any further advice or information, feel free to leave a comment below, email enquiries@virtualDCS.co.uk or call +44 (0)3453 888 327.

Veeam Cloud Connect – Downloading and Applying Config File for OpenVPN

In this section, I am going to summarise how to download the config file for an Endpoint and how to apply it within the OpenVPN GUI.

Firstly, let us download the config file from the Veeam PN web portal. This can be done by the administrator under the ‘CLIENTS’ section of the portal. The ‘Download’ link next to each ‘Standalone’ client is the method used to download each config.

 

Veeam OpenVPN

 

Once downloaded and distributed, the user can apply the config to their OpenVPN software by implementing the following steps:

 

Search for the OpenVPN GUI

Veeam OpenVPN

 

In your taskbar, find the OpenVPN icon, right click and select ‘Import file’

 

Veeam OpenVPN

 

Once you select the provided. open file, you should see a ‘File imported successfully’ message.

Veeam OpenVPN

Upon failover, you should now be able to connect to the VPN. In the next chapter of this guide, we will perform a failover and confirm network connectivity can be established.

 

Testing Failover Plan / VPN Access

Now you are happy the VPN is ready for use by the End user and the replicated VMs are ready. You can test the failover plan to confirm everything works, as it should. To begin with, simply browse to your Failover Plan, right click, and select ‘Start’.

 

This will start the failover plan and begin to boot the VMs as configured by you within the Failover Plan. Once Veeam confirms the Failover Plan has finished, I would still give the Veeam PN appliance up to 5 minutes to boot as it can take a while.

 

The easiest way to confirm when the appliance is ready is to try to browse to the Veeam PN portal. This will be accessible on – https: // PUBLIC-IP-ADDRESS:6443

 

Veeam OpenVPN

 

Once you are happy, the portal is loading on port 6443. You can be happy the VPN is ready for use.

To connect to the VPN, the end user simply needs to right click on the OpenVPN icon and select ‘Connect’

 

Veeam OpenVPN

 

If the VPN successfully connects, you will see the following prompt appear:

 

Veeam OpenVPN

 

If this was only a test failover, you can now proceed with performing an ‘Undo’ so all changes are disregarded, however, you will know you’re ready in case of any disaster.

Contact the team today if you’d like any more information or to take advantage of Veeam Cloud Connect on our platform, with a 30-day free trial.

 

Configuring your Failover Plan to include the Veeam PN appliance

Once you are happy your Veeam PN portal is configured correctly, containing all of your required devices and IP address configurations you can start configuring your Failover Plan.

The appliance will first need to be replicated successfully to your Veeam Cloud Connect Service Provider.

I have found that due to it being a Linux VM, you may encounter the following warnings:

  1. No static IP addresses detected for VeeamHUB, please specify default gateway settings manually
  2. One or more source networks possible were mapped to the same cloud network. Simultaneous partial failover of VMs on these networks may cause issues.

Warning number 1 can be ignored going forward. I believe this is a bug with Veeam. If you are happy the IP address is definitely configured to be static, it can be ignored.

Warning number 2 can be cleared by ensuring the default gateway of the appliance is present in your ‘Default Gateways’ section located under (Backup Infrastructure > Service Providers > Select Service Provider > Manage Default Gateways. If you are happy your gateway is present in this list, and if you do not have multiple entries, simplly selecting the ‘Route traffic between these networks’ clears the warning.

Now you are happy your VM is replicated successfully. We can add the Veeam PN appliance into the Failover Plan. The first step is to add the VM in to the list of ‘Virtual Machines’. The delay is once again your choice. I find the appliance can take up to 5 minutes to boot, so I like to set the delay to 0 seconds. This is your choice entirely.

 

Veeam Cloud Connect

The next step is adding in some additional NAT rules for the Veeam PN to function correctly during a failover.

The first NAT rule will be for the ‘Site-to-Site’ VPN communications. Here you want the Public IP address to NAT to the Veeam PN appliance LAN address on port 1194.

The LAN IP has to be entered manually due to previous WARNING which stated the IP could not be automatically detected.

Veeam HUB

The second NAT rule will be for the ‘Point-to-Site’ VPN communications. Again, you want to NAT the Public IP address to the internal IP address of the appliance. However, this time on port 6179.

Veeam Address Mapping Rule

Finally, to allow management of the Veeam PN portal following a failover, you need to add one more NAT rule. In this demonstration, I am using port 6443 to be NAT through to the internal port 443. This means if you want to browse to the portal following a failover, you browse to:

https://PUBLIC-IP-ADDRESS:6443

Veeam PN Portal

That finalises this section. You simply require 3 additional NAT rules for the VPN following a failover. In the next section, I will quickly show you how to download the config file for each Endpoint and connect to the VPN.

Contact the team today if you’d like any more information or to take advantage of Veeam Cloud Connect on our platform, with a 30-day free trial.

 

 

 

Veeam Cloud Connect PN configuration

Now your network has been setup, you need to browse to the IP of the appliance in a web browser to begin the Veeam PN configuration.

In the second blog of the Veeam series, we’ll be discussing the Veeam PN configuration. This procedure will include creating a ‘Self-Signed Certificate’ and specifying your network ranges for the VPN etc.

 First, begin by confirming your Veeam PN appliance is responding to pings on your network. Once this is confirmed, please browse to – https://YOUR-APPLIANCE-IP-ADDRESS

There will be a certificate warning, this can be ignored.

 

When the portal loads, you can login with the default root credentials. 

Veeam PN configuration

You can now enter your new credentials and proceed to the next step.

Veeam PN configuration

We are now ready to begin configuring the ‘Network Hub’. This simply requires a few bits of information to complete your self-signed certificate.

 

Veeam PN configuration

 

Once you have finished entering your information, you can proceed to the creation of your self-signed certificate.

 

Veeam PN configuration

 

Veeam PN configuration

 

Once the certificate has been created, you begin the configuration of your VPN settings. This will require the IP address (or one of) assigned to you as part of your Veeam Cloud Connect subscription. The ports can be left as default, however, please ensure TCP is selected as both protocols because the NEA only currently allows TCP rules.

 

Veeam PN configuration

 

The next step is to configure the Entire site & Standalone computer configurations. We will begin with ‘Entire Site’

 

Veeam PN configuration

 

The name can be chosen by yourself; however, the network address needs to be LAN range of the VMs being replicated.

 

Veeam PN configuration

 

Now the ‘Entire Site’ is completely configured, we can begin with the ‘standalone computer.’

Veeam PN configuration

 

Now the following configuration is set on a ‘Per Client’ basis. That, therefore, means it requires the PC name of the machine connecting. That will mean you will have to create a config file for each PC connecting to the VPN. We will be adding a NAT rule later, which means you, can add new devices following a failover.

Veeam PN configuration

IMPORTANT

Due to the setup of this appliance/software. The configuration file and password to login to this portal must be kept as SECURE AS POSSIBLE. The configuration file for each PC should be treated as a secure password.

You can take whatever precautions you see fit whether that be protecting the file with a password etc.

As previously mentioned, the software used to connect to your VPN is ‘OpenVPN’. The installer has been included in the .ZIP file sent across to you. This should be installed on any PC’s requiring using the VPN in case of a failover. I will demonstrate on how to use the OpenVPN software, later in the series.

Part three we will show you how to configure your failover plans. If you’d like any assistance with your Veeam Cloud Connect solution, please contact the support team on 03453 888 327 or send us an email using the form below.

Veeam Cloud Connect – Veeam PN Setup Configuration

Veeam PN can be used as a VPN for DR access for Veeam Cloud Connect.

In this guide, I will walk through the steps to download, install and configure the appliance. It will then be replicated to your Veeam Cloud Connect provider and pre-configured by YOU, ready for any failovers. This is a four-step guide, with a new document published every week.

Depending on your environment (VMware / Hyper-V), this process to import the appliance will be a little different. I will demonstrate the process to import the appliance for both hypervisors, but will show the configuration on VMware.

Hyper-V Appliance Import

I will have shared a ZIP file with you containing the ‘vhdx’ required to build the appliance. Once you have downloaded the file onto your Hyper-V server, you are ready to begin.

The first step is to create a new VM. We will name it ‘VeeamHUB’ for this demonstration:

 

Veeam PN Setup Configuration

 

This VM should be configured with the following specifications:

  • Generation 1
  • 1024MB of RAM
  • 1 virtual processor
  • Connected to the same network as the VMs being replicated.

When it comes to connecting the ‘Virtual Hard Disk’, you should select ‘Use an existing virtual hard disk’ and select the VHDX, which was included in the ZIP file provided.

You are now done and the VM should boot as normal ready for the OS configuration.

 

Veeam PN Setup Configuration
VMware Appliance Import

The VMware appliance importation is simpler than the Hyper-V import. To begin with, save the .OVA file to an accessible part of your network. Once that is done, you can begin the import process. This can be done in the vSphere Web Client of the vSphere Client. For this demonstration, we will deploy the appliance through the normal vSphere Client.

First, select ‘File’ and the ‘Deploy OVF Template’

Veeam PN Setup Configuration

 

You can then browse to the location you saved the OVA file:

 

Veeam PN Setup Configuration

 

The name, host and cluster can be chosen by yourself. Once again, please ensure the Veeam PN appliance is located on the same network as the VMs you are replicating to the Veeam Cloud Connect platform.   Once finished, please power on the appliance ready to begin the configuration.

Configuring Veeam PN appliance network settings

Once the appliance has booted, you can login with the default credentials found in the following KB article: https://www.veeam.com/kb2271 Once logged in, the first thing we need to change is the network settings.

This can be done by editing the ‘interfaces’ file using the following commands: vi/etc/network/interfaces. Once you are in the ‘Interfaces’ file, press ‘I’ to ‘insert’ and edit the file as follows:

 

Veeam PN Setup Configuration

 

Once you have finished editing the file press ‘Esc’ then ‘:wq!’ (To write the changes and quit) I find a reboot is required sometimes to confirm the network changes, implement if required.

Part two in this series will show how to configure the Veeam PN appliance portal settings.

If you’d like any assistance configuring your Veeam Cloud Connect solution, please contact the support team on 03453 888 327 or send us an email using the form below.