Veeam Backup for AWS is a solution developed for protection and disaster recovery tasks for Amazon Elastic Compute Cloud (Amazon EC2) environments. With Veeam Backup for AWS, you can create image-level backups of EC2 instances and keep them in Amazon Simple Storage Service (Amazon S3) for high availability, cost-effective and long-term storage. In addition to image-level backups, you can protect your data by creating and maintaining a chain of cloud-native snapshots of EC2 instances.
In our previous article, we discussed Veeam Backup for AWS, and this article will cover the Deployment and Configuration of Veeam Backup for AWS Free Edition.
Before you start using Veeam Backup for AWS, consider the following requirements.
The following network ports must be open to ensure proper communication of components in the backup infrastructure of Veeam Backup for AWS
|Web browser (local machine)||Backup server||HTTPS||443||Port used for communication with Veeam Backup for AWS Web UI.|
|SSH||22||Command port used for communication with the backup server.|
|Worker instance||HTTPS||443||Port used for communication with the Veeam Backup browser on the worker instance in the file-level restore process.|
|Backup server||Worker instance||SSH||22||Command port used for communication with a worker instance.|
|TCP||9999||Port used for communication with the worker instance in the file-level restore process.|
To open network ports, in the AWS Management Console, you must add inbound rules to security groups associated with backup infrastructure components.
- A security group for the backup server is created during the product installation.
- A security group for worker instances is selected per the AWS region and Availability Zone.
For details on how to add inbound rules to security groups, see AWS Documentation.
To access Veeam Backup for AWS, you can use any of the following web browsers: Microsoft Edge 40 or later, Mozilla Firefox 56 or later, Google Chrome 62 or later.
IAM Role Permissions
IAM roles that Veeam Backup for AWS uses to perform data protection and disaster recovery operations must have permissions to access AWS resources. The minimal set of permissions for IAM roles is described in the following Veeam KB articles: KB3032, KB3033, KB3034.
Backup infrastructure components (the backup server and worker instances) must have outbound internet access to the following AWS services:
- Amazon CloudWatch
- Amazon Elastic Compute Cloud (EC2)
- Amazon Simple Notification Service (SNS)
- Amazon Simple Queue Service (SQS)
- Amazon Simple Storage Service (S3)
- AWS Identity and Access Management (IAM)
- AWS Key Management Service (KMS)
- AWS Marketplace Metering Service
- AWS Security Token Service (STS)
- AWS Service Quotas
- AWS Systems Manager (SSM)
Endpoints supported for AWS services are listed in AWS Documentation.
Install Veeam Backup for AWS Free Edition
Sign in to AWS Marketplace using credentials of an AWS account in which you plan to install Veeam Backup for AWS Free Edition.
Search for Veeam Backup for AWS Free Edition and Click on the result
From the Veeam Backup for the AWS overview page, click Continue to Subscribe.
Click on Accept Termas to continue
Click Continue to Configuration
From the Configure this software page, select the installation settings and Clik on Continue Launch
- From the Fulfillment Option drop-down list, select VB for AWS Deployment.
- From the Software Version drop-down list, select the latest version of Veeam Backup for AWS.
- From the Region drop-down list, select an AWS region in which an EC2 instance with Veeam Backup for AWS will reside.
It will launch the Create stack wizard, You have to create a stack for Veeam Backup for AWS from this window
Use default settings on Specify the template page and click Next.
On the Specify stack details step of the wizard, configure stack settings
- specify a name for the stack in the Stack name field
- From the Instance type for Veeam Backup for AWS server drop-down list, select the type for the EC2 instance on which Veeam Backup for AWS will be installed
- From the Key Pair for Veeam Backup for AWS Server drop-down list, select a key pair that will be used to authenticate against the EC2 instance with Veeam Backup for AWS. If the necessary key pair is not in the list, you can create it as described in AWS Documentation.
- Select true if you want to enable an automatic backup for EBS volumes of the Veeam Backup for the AWS server.
- Select true if you want to let AWS restart the Veeam Backup for the AWS server if any software failure occurs.
- Select true if you want to let AWS restart the Veeam Backup for the AWS server if any infrastructure failure occurs.
- Select true if you want to create an Elastic IP address for the Veeam Backup for the AWS server.
- In the Allowed Source IP Addresses for connection to SSH field, specify the IPv4 address range from which the Veeam Backup for AWS server will be accessible over SSH.
- In the Allowed Source IP Addresses for connection to HTTPS field, specify the IPv4 address range from which Veeam Backup for AWS Web UI will be accessible.
Note:-The IPv4 address range is specified in the CIDR notation (for example, 18.104.22.168/24). To let all IPv4 addresses access Veeam Backup for AWS, you can specify 0.0.0.0/0. Note that allowing access from all IPv4 addresses is unsafe and thus not recommended in production environments.
- In the VPC and Subnet section, select an Amazon Virtual Private Cloud (Amazon VPC) and subnet, to which the Veeam Backup for AWS server will be connected.
At the Configure stack options step of the wizard, specify AWS tags, IAM role permissions and other additional settings for the stack and click Next.
select the I acknowledge that AWS CloudFormation might create an IAM resources checkbox and Click Create stack.
You can monitor the status of the creation on the stacks page
Once the creation is completed, click on the stack and you can verify stack details
Next, navigate to EC2 Dashboard and check the new instance has been created and with the same stack name.
Select the instance and note the public IP or the Public DNS to access the Veeam Backup for AWs console and start the initial configuration
After the deployment of the instance, you must perform the initial configuration of Veeam Backup for AWS.
In a web browser, navigate to the Veeam Backup for AWS URL.
The URL consists of a public IPv4 address or DNS hostname of the EC2 instance on which Veeam Backup for AWS is installed like below
- IPv4 address — https://22.214.171.124
- Public DNS hostname — https://ec2-100-27-36-178.compute-1.amazonaws.com
Read and accept the license agreement for Veeam and 3rd party components that Veeam incorporates by selecting checkbox and Click Accept
Provide the EC2 instance ID on which Veeam Backup for AWS is installed and click Next.
Specify credentials for the Default Admin user and click Create.
Once the user created you can login to the console using the Username and Password created in the previous step
Once you logged in you can see a console like below, next you have to perform the configuration which is required to set up the backup of your instance
Veeam Backup for AWS is a solution developed for protection and disaster recovery tasks for Amazon Elastic Compute Cloud (Amazon EC2) environments. And using Veeam backup Free edition you can backup up to 10 instances without any cost. Veeam Backup for AWS is a perfect and cost-effective solution for protecting your AWS instances. In this article, we have covered deployment and initial configuration of Veeam Backup for AWS solution, we will cover backup configuration and other options in the next article.