Menu Close

Veeam Backup For AWS Deployment And Configuration Part 1

Veeam Backup for AWS is a solution developed for protection and disaster recovery tasks for Amazon Elastic Compute Cloud (Amazon EC2) environments. With Veeam Backup for AWS, you can create image-level backups of EC2 instances and keep them in Amazon Simple Storage Service (Amazon S3) for high availability, cost-effective and long-term storage. In addition to image-level backups, you can protect your data by creating and maintaining a chain of cloud-native snapshots of EC2 instances.

In our previous article, we discussed Veeam Backup for AWS,  and this article will cover the Deployment and Configuration of Veeam Backup for AWS Free Edition.

Requirements

Before you start using Veeam Backup for AWS, consider the following requirements.

Network Ports

The following network ports must be open to ensure proper communication of components in the backup infrastructure of Veeam Backup for AWS

From To Protocol Port Notes
Web browser (local machine) Backup server HTTPS 443 Port used for communication with Veeam Backup for AWS Web UI.
SSH 22 Command port used for communication with the backup server.
Worker instance HTTPS 443 Port used for communication with the Veeam Backup browser on the worker instance in the file-level restore process.
Backup server Worker instance SSH 22 Command port used for communication with a worker instance.
TCP 9999 Port used for communication with the worker instance in the file-level restore process.

To open network ports, in the AWS Management Console, you must add inbound rules to security groups associated with backup infrastructure components.

  • A security group for the backup server is created during the product installation.
  • A security group for worker instances is selected per the AWS region and Availability Zone.

For details on how to add inbound rules to security groups, see AWS Documentation.

Web Browsers

To access Veeam Backup for AWS, you can use any of the following web browsers: Microsoft Edge 40 or later, Mozilla Firefox 56 or later, Google Chrome 62 or later.

IAM Role Permissions

IAM roles that Veeam Backup for AWS uses to perform data protection and disaster recovery operations must have permissions to access AWS resources. The minimal set of permissions for IAM roles is described in the following Veeam KB articles: KB3032KB3033KB3034.

AWS Services

Backup infrastructure components (the backup server and worker instances) must have outbound internet access to the following AWS services:

  • Amazon CloudWatch
  • Amazon Elastic Compute Cloud (EC2)
  • Amazon Simple Notification Service (SNS)
  • Amazon Simple Queue Service (SQS)
  • Amazon Simple Storage Service (S3)
  • AWS Identity and Access Management (IAM)
  • AWS Key Management Service (KMS)
  • AWS Marketplace Metering Service
  • AWS Security Token Service (STS)
  • AWS Service Quotas
  • AWS Systems Manager (SSM)

Endpoints supported for AWS services are listed in AWS Documentation.

Install Veeam Backup for AWS Free Edition

 Sign in to AWS Marketplace using credentials of an AWS account in which you plan to install Veeam Backup for AWS Free Edition.

Search for Veeam Backup for AWS Free Edition and Click on the result

From the Veeam Backup for the AWS overview page, click Continue to Subscribe.

Click on Accept Termas  to continue

Click Continue to Configuration

From the Configure this software page, select the installation settings and Clik on Continue Launch

  • From the Fulfillment Option drop-down list, select VB for AWS Deployment.
  • From the Software Version drop-down list, select the latest version of Veeam Backup for AWS.
  • From the Region drop-down list, select an AWS region in which an EC2 instance with Veeam Backup for AWS will reside.

 

Click Launch 

It will launch the Create stack wizard, You have to create a stack for Veeam Backup for AWS from this window 

Use default settings on Specify the template page and click Next.

On the Specify stack details step of the wizard, configure stack settings

  • specify a name for the stack in the Stack name field
  • From the Instance type for Veeam Backup for AWS server drop-down list, select the type for the EC2 instance on which Veeam Backup for AWS will be installed 
  • From the Key Pair for Veeam Backup for AWS Server drop-down list, select a key pair that will be used to authenticate against the EC2 instance with Veeam Backup for AWS. If the necessary key pair is not in the list, you can create it as described in AWS Documentation.
  • Select true if you want to enable an automatic backup for EBS volumes of the Veeam Backup for the AWS server.
  • Select true if you want to let AWS restart the Veeam Backup for the AWS server if any software failure occurs.
  • Select true if you want to let AWS restart the Veeam Backup for the AWS server if any infrastructure failure occurs.
  • Select true if you want to create an Elastic IP address for the Veeam Backup for the AWS server.
  • In the Allowed Source IP Addresses for connection to SSH field, specify the IPv4 address range from which the Veeam Backup for AWS server will be accessible over SSH.
  • In the Allowed Source IP Addresses for connection to HTTPS field, specify the IPv4 address range from which Veeam Backup for AWS Web UI will be accessible.

Note:-The IPv4 address range is specified in the CIDR notation (for example, 12.23.34.0/24). To let all IPv4 addresses access Veeam Backup for AWS, you can specify 0.0.0.0/0. Note that allowing access from all IPv4 addresses is unsafe and thus not recommended in production environments.

  • In the VPC and Subnet section, select an Amazon Virtual Private Cloud (Amazon VPC) and subnet, to which the Veeam Backup for AWS server will be connected.

At the Configure stack options step of the wizard, specify AWS tags, IAM role permissions and other additional settings for the stack and click Next.

select the I acknowledge that AWS CloudFormation might create an IAM resources checkbox and Click Create stack.

You can monitor the status of the creation on the stacks page

Once the creation is completed, click on the stack and you can verify stack details

Next, navigate to EC2 Dashboard and check the new instance has been created and with the same stack name.

 

Select the instance and note the public IP or the Public DNS to access the Veeam Backup for AWs console and start the initial configuration

 

Initial Configuration

After the deployment of the instance, you must perform the initial configuration of Veeam Backup for AWS.

In a web browser, navigate to the Veeam Backup for AWS URL.

The URL consists of a public IPv4 address or DNS hostname of the EC2 instance on which Veeam Backup for AWS is installed like below

  • IPv4 address — https://100.27.36.178
  • Public DNS hostname — https://ec2-100-27-36-178.compute-1.amazonaws.com

Read and accept the license agreement for Veeam and 3rd party components that Veeam incorporates by selecting checkbox and Click Accept

Provide the EC2 instance ID on which Veeam Backup for AWS is installed and click Next.

Specify credentials for the Default Admin user and click Create.

Once the user created you can login to the console using the Username and Password  created in the previous step 

Once you  logged in you can see a console like below, next you have to perform the configuration which is required to set up the backup of your instance

 

Conclusion

Veeam Backup for AWS is a solution developed for protection and disaster recovery tasks for Amazon Elastic Compute Cloud (Amazon EC2) environments. And using  Veeam backup Free edition you can backup up to 10 instances without any cost. Veeam Backup for AWS is a perfect and cost-effective solution for protecting your AWS instances. In this article, we have covered deployment and initial configuration of Veeam Backup for AWS solution, we will cover backup configuration and other options in the next article.

Leave a Reply

Your email address will not be published. Required fields are marked *