veeam cloud service provider architecture · veeam cloud connect wan/internet private...
TRANSCRIPT
Veeam Cloud Service ProviderArchitecture
Herbert SzumovskiSystems EngineerVeeam Software
Agenda▪ Basic architecture overview
▪ Veeam Cloud Connect
▪ Veeam Service Provider Console
▪ Reporting
Architecture
Ultimate VM backup architecture
Primary
backup
storage
Production Storage
(1) backup
(2) backup copy
(2) backups to tape
Secondary
backup
storage
(offsite)
Secondary
backup
storage
(onsite)
cloud
Extended datacenter
WAN/Internet
Private Cloud/On-premises
Cloud/Datacenter
Veeam Cloud Connect
WAN/Internet
Private Cloud/On-premises
Veeam Cloud Service Provider
PhysicalVirtualNAS
Dedupe Appliance
Backup jobs or Backup Copy jobs
WAN Accelerator
WAN Accelerator
SSL tunnel
Encrypted backups
Veeam Cloud Connect
Get rid of networking complexity!
VPNs are complex to setup
Each customer has their own configuration
VPN creation cannot be automated →No self-service
Routing problems and network overlaps
Cloud gateway
SSL protected connectionsover a single TCP port (now also UDP)
New server role in Veeam
No need for external load balancers
Integration
Automation
Who can use
▪ Veeam Availability Suite
▪ Veeam Essentials
▪ Veeam Backup & Replication
Customers running any paid edition
Where to deploy
▪ Your own data center
▪ Public Cloud (backup-only!)
▪ White label offering through other VCSP
Deployment and operational cost in Veeam licensing: 0 €
High-level design
Cloud Connect Backup - setup
VBR SP
CloudGateway
TargetWAN
accelerator(optional)
Backup repository
SP Side
Cloud Connect Backup - setup
VBR SP
CloudGateway
TargetWAN
accelerator(optional)
Backup repository
SP Side
1. Install Veeam infrastructure: backup server, repository and cloud gateway
Cloud repository
VBR Customer
Customer Side
Cloud Connect Backup - setup
WANVBR SPVBR Customer
Customer Side
CloudGateway
TargetWAN
accelerator(optional)
Backup repository
1. Install Veeam infrastructure: backup server, repository and cloud gateway
2. Create a tenant and allocate resources to it (cloud repository)
Cloud repository
SSL
SP Side
Cloud Connect Backup - setup
WANVBR SP
CloudGateway
TargetWAN
accelerator(optional)
Backup repository
1. Install Veeam infrastructure: backup server, repository and cloud gateway
2. Create a tenant and allocate resources to it (cloud repository)
3. Give customer connection information (hostname or IP, port, username and password)
SSL
VBR Customer
VBR Customer SourceWAN
accelerator(optional)
SSL
Cloud repositories
SP Side
Customer Side
Deployment
Backup Server
Cloud gateways
WANaccelerator(optional)
Back end subnetFront end subnet
Managed disks Managed disks
Repository VM
Repository VM
Availability Set
WAN
DNS Round Robin
Veeam Scale-Out Backup Repository
DMZ MGMT
• Click to edit Master text styles• Second level
• Third level• Fourth level
Backup storage
File encryption uses two restore keys, one for the user and one stored in Enterprise Manager, allowing restores even if the user key is forgotten
Uses a fixed AES 256-bit key, with CPU extensions this produces little to no overhead.
Data in transit can be encrypted using SSL.
Design with encryption in mind
SOBR – Capacity tier
Private Cloud/On-premises
Capacity Tier
Veeam Scale-out Backup Repository
Performance Tier
Veeam Cloud Connect
S3S3 IA
HOTCOLD
ARCHIVE
Insider Protection for Veeam Cloud Connect
Technology that permits Veeam Cloud Connect backups to keep backup data safe from a number of potentially dangerous situations:• Insider attacks• Accidental deletion• Malicious deletion• Disgruntled employees• Ransomware
What is Insider Protection?
Insider Protection Use Case
In the unfortunate situation where:
▪ All backups deleted or removed from end-user on-premises infrastructure
▪ All backups deleted or removed from Cloud Connect Backup Repositories
The Veeam Cloud Connect Backup service provider can make backup data available again outside of customer’s control.
Veeam Availability Suite
On-Premises Installation & Backup Data
Cloud Repository
Insider Protection Use Case
Veeam Availability Suite
On-Premises Installation & Backup Data
Cloud Repository Service Provider Service Provider can make data available to tenant through insider protection capability.
Insider Protection“Recycle bin” per tenant
Cloud Gateway
Cloud Gateway• Component facing the internet, in charge of connecting on-
premises environments to the cloud, and of securing trafficwith encryption
• More than one Cloud Gateway is recommended to ensureconnectivity (N+1 configuration)
• Provide high availability to that service, and manage loadbalancing
Load balancing• Veeam Cloud Gateways have their own internal load
balancing mechanism and thus do not support a third-party load balancer before them
• However, DNS can be used to provide a single access point to the pool of Cloud Gateways. • Configure DNS round robin at your DNS registrar
Maintenance
Veeam Agents
Veeam Agent for Microsoft Windows
Delivering simple backup and powerful recovery for physical servers, laptops and desktops, and virtual servers in the public cloud
Active full backups
Application-aware
processing
File indexing and search
Instant Recovery to Hyper-V VM
Integration with Veeam Backup & Replication
Server-specific
scheduling and retention
Synthetic full backups
Transaction log backup
for databases
Full support for Windows Server 2016
NEW and Windows 10
Cluster support
CBT driverOneDrive as
a backup target
Latest Updates▪ Current version v4.00▪ Build numbers and version -
https://www.veeam.com/kb2683
Veeam Agent for Linux
Delivering simple backup and powerful recovery for physical servers, laptops and desktops, and virtual servers in the public cloud
Entire computer,
volume-level and file-level
backup
Built-in snapshot and changed block tracking (CBT)
drivers
Support for multiple jobs
Pre-freeze and post-thaw snapshot scripts
Choice of a user-friendly UI or
traditional Linux command line interface (CLI)
Integration with Veeam Backup & Replication
Support for Scale-Out Backup
Repository
Direct backup to Veeam
Cloud Connect
Source-side encryption
Latest Updates▪ Current version v4.00▪ Build numbers and version -
https://www.veeam.com/kb2683
Azure can be very handy as a test environment, safely test patches and critical updates before rolling them out to production
Migrate some of your VMs — or even a legacy physical server —to Microsoft Azure. Easily execute planned workload migrationsof VMware and Hyper-V VMs, or your remaining legacy physical servers, to the cloud
Get a fast and efficient Azure restore via any type of Veeam backup file. No need to pre-deploy an appliance, you can restore to Azure directly from the Veeam Backup & Replication user interface
Restore to Azure
Delivering simple backup and powerful recovery for physical servers, laptops and desktops, and virtual servers in the public cloud
Direct Restore to Microsoft Azure
Veeam Backup & ReplicationDirect Restore to Microsoft Azure
Veeam Backup Free Edition
Veeam Agentfor Microsoft Windows
Veeam Agent for Linux
Azure Proxy(optional)
Repository Veeam
Any backups stored in a Veeam repository…
…can be restored to Azure using VBR UI
to Azure Stack UPDATE 4
to Amazon EC2 UPDATE 4
DRaaS
An overview
Hardware planCPU RAM STORAGE
HARDWARE PLAN
NETWORK
(dedicated VLAN)
Supports both VMware and Microsoft
VMware: Resource pool, if supported by vSphere edition;Otherwise, resource control is managed by SP itself
Microsoft: Own mechanism to guarantee that resources are providedto a tenant in accordance with corresponding HW plan
Hardwareplan:
Veeam Replication is the base engine
Transparent networking
Automatically deployed and configured
Managed via the Veeam Backup & Replication™ interface
Tunneled insidethe cloud gateway
Preserves communicationbetween running VMsregardless of theirphysical location
Failover scenarios
Failover Plan
Full failover: Outgoing traffic
Veeam Service Provider Console
Veeam Service Provider ConsoleService providers and distributed enterprises share many
similar challenges that impact management costs
BillingMonitoring
& alerting
Remote backup
& replica
management
Tenant and
Department
management
Service Provider
Enterprise
VSPC
Architecture
DeploymentVeeam Service Provider Console can be installed in either an All-in-One Deployment or in a distributed manner where the Management, Web UI and SQL Server are on separate computers.
Veeam Service Provider Console
Remote Monitoring and Management
Overview
Single pane of glass
Remote Monitoring
Monitor tenant’s Veeam Backup & Replication environments.
Manage all job types configured on client Veeam Backup & Replication servers.
Remote Management
Service Providers are able to completely manage the
customer environments using Veeam Cloud Connect
Remote Console and Remote Desktop
Multi-Tenant Customer Portal
Client Portal
Veeam Service Provider Console
Web UI
Administrator portal
Client portal
Administrator
Company/department admin
Company/department user
Invoice/chargeback auditor
Self-service area for companies that act as consumers of managed backup services. Users can monitor how much resources they have consumed, deploy Veeam backup agents, manage backup jobs, view invoices, perform basic configuration tasks etc.
Reports
ReportsProtected Computers Backup Report
SummaryLocations, discovered, protected and unprotected computers, latest backup status and reason for failure to meet RPOs
Protected AgentsClient computers with at least one backup restore point that meets RPO requirements
Unprotected AgentsClient computers with outdated or missing backup restore points
ReportsProtected VMs Backup Report
SummaryNumber of VMs protected with Veeam Backup & Replication and the latest backup status
Protected VMsVMs with at least one backup or replica that meets RPO requirements
Unprotected VMsVMs with outdated or missing backup restore points
Billing
Summary InvoiceProvides information about consumed services and their cost
Detailed InvoiceProvides information about consumed services and their cost, as well as services consumed by each company location on each day of a specified period
Quota Usage ReportProvides information about services consumed by each company location on each day of a specified period, but does not include cost details
Invoices
Billing Summary
This dashboard view shows summary information about the revenue state, payments and invoice statuses, including:
• Monthly revenue state• Invoice status• Revenue by service type• Top companies by payment
Resources Summary
This dashboard view shows summary information about Cloud Connect resources consumed by companies, including:
• Backup repository usage• Cloud host CPU ratio• Cloud host memory• Cloud host storage
Thank you