Considerations and Limitations

This section lists considerations and known limitations for object storage repositories.

General Considerations and Limitations

Consider the following limitations:

  • Make sure to open required ports to communicate with object storage repositories in advance. Consider that a backup server and a gateway server must have internet access to verify that the certificates installed on object storage repositories are valid. For more details, see Ports.
  • If you use default network security configuration for helper appliances, make sure that they are compliant with your internal security policies.
  • You can add an object storage repository to a second backup server using credentials with the read-only access permissions that allows you to perform data recovery options. If you use credentials with full-access permissions, it will lead to unpredictable behavior and data loss. For more information on permissions, see Permissions.

Important

Consider the following:

  • This option is not supported for Microsoft Azure Storage and Veeam Data Cloud Vault.
  • This option works for object storage repositories only if they meet the following requirements:
  • You plan to add these object storage repositories as a performance or capacity extent of a scale-out backup repository.
  • The object storage repositories do not have data encryption enabled. If encryption is enabled on these repositories, you will not be able to add object storage repositories using credentials with read-only permissions.
  • You can use this option for direct backup object storage repositories added either as a standalone repository or a performance extent of a scale-out backup repository.
  • Object storage gateway appliances that are used to store backup data in filer (SMB (CIFS)/NFS) or block device mode (iSCSI/FC/SAS) are not supported if the backup data is offloaded to object storage and is no longer stored directly on the appliance.

Such gateway appliances are only supported in the following cases:

  • All of the backup data is stored on the appliance altogether (that is, all of the backup chains are stored on the appliance as a whole and not scattered across multiple devices) and only additional copies of the backup data is transported to object storage.
  • These appliances emulate a tape system (VTL) as an access protocol for Veeam Backup & Replication.
  • Data in an object storage bucket or container must be managed solely by Veeam Backup & Replication, including retention (in case you enable Object Lock and Versioning features on an S3 bucket or version-level WORM on an Azure container) and data management. Enabling lifecycle rules is not supported, and may result in backup and restore failures.
  • Multi-factor authentication (MFA) is not supported for object storage repositories.
  • If a backup chain contains backup files that are marked as corrupted by Health Check, then such corrupted files, as well as all subsequent files that go after the corrupted one are never offloaded. In such a scenario, offload is only possible starting from the full backup file that succeeds the backup chain with corrupted backups.
  • For optimal processing, we recommend to set the default block size to 1MB in the storage settings of a backup job. Larger block size can lead to multiple times larger incremental backups, while smaller block sizes will create extra IO pressure on the object storage.
  • Different object storage repositories mapped to the same cloud folder can be used for storing both the capacity tier backups and the unstructured data backups.

Important

Consider the following:

  • The same object storage repository (mapped to the same cloud folder) must not be used across multiple Veeam Backup & Replication servers for the same purposes as it leads to unpredictable system behavior and data loss.
  • For the same reason, two object storage repositories mapped to the same cloud folder must not be added to different scale-out backup repositories within one Veeam Backup & Replication server.
  • Within a scale-out backup repository, the mount server of a performance extent will act as a gateway server of the capacity extent if all of the following is true:
  1. You use SMB share/NFS share/deduplicating storage appliances as performance extents of your scale-out backup repository.
  2. You have chosen Automatic selection for the gateway server at the Specify Shared Folder Settings step of the New backup repository wizard.
  3. For the object storage that you use as the capacity extent, you have not selected to connect to object storage using a gateway server at the Account step of the New Object Repository wizard.
  • The backup proxy that processes backup data must meet the following requirements:
  • It must be an on-premises server as close as possible to a backup server.
  • It must have access to the cloud storage that you use as an object storage repository.
  • You cannot switch an object storage repository to Sealed Mode and to Maintenance Mode unless it is an extent of a scale-out backup repository.
  • Veeam Cloud Connect service providers cannot use Azure Data Box and AWS Snowball Edge storage as object storage repositories.
  • You cannot back up data using Veeam Agent backup job or policy to AWS Snowball Edge and Azure Data Box devices.
  • Scale-out backup repositories and Veeam Cloud Connect repositories are not supported as a backup destination for cloud machines.

Considerations and Limitations for Direct Backup to Object Storage

Consider the following limitations:

Note

To produce an independent full backup, you can also run the active full backup manually or specify a periodic schedule for it. Note that this method will significantly increase object storage space consumption.

  • You cannot back up directly to Amazon S3 Glacier Storage, S3 compatible with Data Archiving and Azure Archive Storage object storage repositories. These types of object storage repositories can only be used as archive extents of the scale-out backup repository. For more information, see Archive Tier.
  • You cannot use direct backup to object storage to keep backups of applications running on Kubernetes persistent volumes created by Veeam Kasten Plug-in for Veeam Backup & Replication.
  • You cannot use direct backup to object storage to keep backups created with Veeam Plug-ins for Enterprise Applications.

Note

Note that you can use direct backup object storage repositories to keep backups created with backup copy jobs for Veeam Agent for IBM AIX and Veeam Agent for Oracle Solaris.

Considerations and Limitations for Direct Connection Mode

Consider the following limitations:

  • Make sure that a proxy server that you plan to use, meets the following System Requirements.
  • You must locate your proxy server as close as possible to the backup source host.
  • Veeam Agent transfers data to the object storage repositories without a proxy server. Make sure that you grant Veeam Backup & Replication and Veeam Agent necessary permissions. For more information on how to configure permissions within Veeam Backup & Replication, see Access Permissions. For more information on how to configure permissions for Veeam Agent, see the Permissions section in the Veeam Agent Management Guide. For more information on how Veeam Agent works in direct connection with object storage repositories, see the Access Permissions section in the Veeam Agent Management Guide.
  • [For backup copy jobs and file backup copy jobs] Veeam Backup & Replication uses the source backup repository as the gateway server. For more information, see the Automatic Gateway Selection section.

Limitations for Amazon, Wasabi Cloud Storage, S3 Compatible and S3 Compatible with Data Archiving Object Storage

Consider the following limitations:

Limitations for Microsoft Azure Object Storage

Consider the following limitations:

  • [For Microsoft Azure Blob storage] Veeam Backup & Replication supports specific types of storage accounts and tiers. For more information, see Microsoft Azure Storage Accounts.
  • Veeam Backup & Replication supports the Versioning feature for Microsoft Azure object storage repositories for which immutability is enabled.
  • [For Microsoft Azure Blob storage] Veeam Backup & Replication does not support soft delete for blobs.
  • [For Microsoft Azure Archive storage] Microsoft Azure has certain limits (quotas) on maximum amount of resources used. The quotas depend on the type of proxies you have selected. If you exhaust a quota, you will be unable to use Microsoft Azure Archive storage. For more information about Microsoft Azure quotas, see Microsoft Docs.
  • Veeam Backup & Replication performs operations only on a blob level. You cannot create Azure containers or storage accounts from the backup infrastructure.
  • Veeam Backup & Replication does not support object-level immutability and default immutability policies assigned to Azure storage accounts. You must set immutability for an Azure container where backed-up objects will reside. For more information, see Microsoft Docs.
  • Veeam Backup & Replication supports all types of Azure Storage redundancy. For more information, see Microsoft Docs.

Note

Note that the support of storage redundancy depends on the type of the Microsoft Azure Storage. For example. Microsoft Azure Archive Storage with the archive access tier does not support Azure accounts with the following redundancy options: zone-redundant storage (ZRS), geo-redundant storage (GZRS) and read-access geo-zone-redundant storage (RA-GZRS). For more information, see Microsoft Docs.

Limitations for Google Cloud Object Storage

Consider the following limitations:

  • Currently, Veeam Backup & Replication does not support the Object Versioning and Bucket Lock features for Google Cloud object storage.

Important

Enabling either any or both of these features on the bucket may result in unpredictable system behavior and data loss, as well as in extra costs for storing objects that have been removed by the retention policy. For more information, see Object Versioning and Bucket Lock.

  • Backups stored in Google Cloud object storage must be modified neither manually nor by third-party tools, including native Google Cloud capabilities (for example, the Autoclass feature). Otherwise, Veeam Backup & Replication may fail to restore the backed-up data.

Limitations for IBM Cloud Object Storage

Consider the following limitations:

  • For IBM Cloud Object Storage on-premise, Veeam Backup & Replication supports versions starting from 3.15.0.44.
  • Veeam Backup & Replication is supported on all IBM Cloud Object Storage (COS) deployment models. This includes on-premise, public cloud, and hybrid models. For the IBM public cloud, the following storage classes are supported: Standard, Vault, Cold Vault and Smart Tier.
  • Veeam Backup & Replication does not support Archive and Accelerated Archive storage classes in the IBM public cloud.

Limitations for Veeam Data Cloud Vault

Consider the following limitations:

  • You must enable encryption for every job that you target to Veeam Data Cloud Vault.
  • Immutability is enabled by default for Veeam Data Cloud Vault and you cannot disable it.
  • Veeam Data Cloud Vault resides in the Azure Global region.
  • Veeam Data Cloud Vault supports the hot access tier only.
  • You will cannot manage the subscription for your Azure account.
  • You cannot store backups created by Veeam Plug-ins for Enterprise Applications in Veeam Data Cloud Vault.
  • You cannot use Veeam Data Cloud Vault as a source of unstructured data backup.
  • You cannot move or copy unencrypted backups to Veeam Data Cloud Vault.

Limitations for Immutability

For more information, see the Immutability Considerations and Limitations section.

Limitations for Veeam Solutions

For more information on limitations for Veeam solutions that utilizes object storage repositories functionality, see the following sections of the necessary guide:

  • Veeam Agent Management Guide — to check limitations for Veeam Agent management solution.
  • Veeam Agent for Microsoft Windows — to check limitations for data protection and disaster recovery solution for physical and virtual machines running Windows-based operating systems.
  • Veeam Agent for Linux — to check limitations for data protection and disaster recovery solution for physical endpoints and virtual machines running Linux-based operating systems.
  • Veeam Agent for Mac — to check limitations for data protection and disaster recovery solution for physical endpoints and virtual machines running macOS.

Related Topics

Immutability

Page updated 8/27/2024

Page content applies to build 12.2.0.334