Backup of Cloud Machines

To back up data of Amazon EC2 instances or Microsoft Azure virtual machines (both objects can be also referred to as cloud machines), you can use Veeam Agent for Microsoft Windows or Veeam Agent for Linux together with Veeam Backup & Replication. Veeam Backup & Replication allows you to discover cloud machines and deploy Veeam Agents using cloud native API instead of the connection over network.

Veeam Backup & Replication supports backup of the following cloud machines:

• Amazon EC2 instances
• Microsoft Azure virtual machines

You can back up cloud machines running Microsoft Windows or Linux OSes that are supported by Veeam Agent and by cloud service provider.

• To learn lists of OSes supported by Veeam Agent, see system requirements for Veeam Agent for Microsoft Windows or for Veeam Agent for Linux depending on the type of Veeam Agent you plan to use.
• To learn lists of OSes supported by cloud service provider, see AWS documentation or Microsoft documentation depending on the type of cloud machines you plan to protect.

Getting Started

To back up cloud machine data, you must complete the following steps:

1. Add a Microsoft Azure blob storage or Amazon S3 storage to your infrastructure depending on the type of cloud machines you plan to protect. To learn more, see the Adding Azure Blob Storage or Adding Amazon S3 Storage section in the Veeam Backup & Replication User Guide.

2. Get the cloud user with the required permissions. With this user, Veeam Backup & Replication connects to the bucket or container on the cloud. To learn more, see Permissions.
3. Configure a protection group for cloud machines. Keep in mind that the protection group of the cloud machines type is the only applicable protection group to back up data of cloud machines. To learn more, see Creating Protection Groups.

When you finish configuring a protection group and perform the rescan operation, Veeam Backup & Replication installs the Veeam components on the cloud machine. For more information, see Setup of Veeam Components.

4. Configure a backup job. Depending on the OS running on your cloud machine, see one of the following sections:

• Creating Job for Windows Computers
• Creating Job for Linux Computers

Setup of Veeam Components

Veeam Backup & Replication installs the following Veeam components on the cloud machine:

• Veeam Cloud Message Service
• Veeam Agent
• Veeam Transport Service

When you add a cloud machine to a protection group, it is managed by Amazon EC2 Simple Systems Manager (SSM) or Azure Run Command depending on the cloud that you use. Unlike working with physical machines, Veeam Backup & Replication does not send commands to cloud machines directly, but through these services. For more information about Amazon SSM and Azure Run Command, see AWS documentation and Microsoft documentation.

To accelerate the communication speed between Veeam Backup & Replication and a cloud machine, Veeam Backup & Replication installs the Veeam Cloud Message Service on the machine during the rescan operation. After the Veeam Cloud Message Service is installed, all communication between Veeam Backup & Replication and the machine is switched from Amazon SSM or Azure Run Command to the Veeam Cloud Message Service. The Veeam Cloud Message Service uses queue services to send commands to the machine: Amazon Simple Queue Service (SQS) or Azure Queue Storage. To learn more about these queue services, see AWS documentation and Microsoft documentation.

To install the Veeam components on the cloud machine, Veeam Backup & Replication uses a distribution repository. Veeam Backup & Replication uploads installation files to the distribution repository using signed URLs, and from there the files are downloaded to the cloud machine. The distribution repository is only used to interchange files between the Veeam Backup & Replication and the machine, not to store backups. For more information, see Distribution Repository.

Veeam Backup & Replication installs the Veeam components on the cloud machine in the following way:

1. Veeam Backup & Replication starts the rescan operation and checks that Amazon SSM or Azure Run Command can receive and execute commands.

2. Veeam Backup & Replication checks that the cloud machine is not managed by another Veeam backup server.
3. Veeam Backup & Replication creates two queues. Veeam Backup & Replication listens to its queue where a managed Veeam Agent sends messages. Veeam Agent listens to its queue and Veeam Backup & Replication sends messages to it.

All managed by Veeam Backup & Replication Veeam Agents send messages to one Veeam Backup & Replication queue.

4. Veeam Backup & Replication installs the Veeam Cloud Message Service on the cloud machine and starts it.
5. Veeam Backup & Replication installs Veeam Agent and Veeam Transport Service on the cloud machine.

Communication Scheme

After the installation of Veeam components is completed, Veeam Backup & Replication communicates with the cloud machine and Veeam Agent in the following way:

1. Veeam Cloud Message Service on Veeam backup server sends a message to the queue service on the cloud.
2. Veeam Cloud Message Service on the cloud machine with Veeam Agent checks the queue, reads the message, and performs one of the following operations depending on the message content:

• Runs the command. For example, if your cloud machine runs the Microsoft Windows OS, Veeam Agent can run the Windows PowerShell command.
• Re-sends the command to another Veeam component. For example, Veeam Agent or Veeam Transport Service.

3. Veeam Cloud Message Service sends the command result to the queue service.
4. Veeam Backup & Replication reads the queue and receives the command result.