Configuring Backup Proxies
To enable backup and replication from Cisco HyperFlex snapshots, you must configure one or more backup proxies in the backup infrastructure. Backup proxies must meet the following requirements:
- The role of a backup proxy must be assigned to a Microsoft Windows machine. This can be a dedicated machine or a backup server performing the role of the default backup proxy.
- The backup proxy that you plan to use must have NFS access to the network handling traffic between Cisco HyperFlex and ESXi hosts where the backed-up or replicated VMs reside.
Backup proxies that process data of VMs hosted on Cisco HyperFlex can read VM data from NFS stores over the NFS HyperFlex data network. Depending on the backup infrastructure configuration, backup proxies can read data over the following data paths:
- Backup from Storage Snapshots over IO Visor on ESXi hosts. The IO Visor is a Cisco HyperFlex software module that runs on every ESXi host that is a part of the Cisco HyperFlex cluster. It presents HyperFlex NFS datastores to the ESXi hosts and optimizes the data paths in the HyperFlex cluster.
Backup over IO Visor is the preferred method. It provides the high speed of VM data reading and balances the load across the HyperFlex cluster. To read VM data over IO Visor, backup proxies must be connected to the same HyperFlex data network as the processed VMs. You must also configure a firewall rule on the ESXi hosts to allow Veeam Backup & Replication to interact with the IO Visor. For more information, see Configuring Firewall Rules for Cisco HyperFlex IOVisor Processing.
If the firewall rules are not configured, Veeam Backup & Replication will fail over to Backup from Storage Snapshot over the HyperFlex Controller Cluster IP by default.
- Backup from Storage Snapshots over HyperFlex Controller Cluster IP. In this processing mode, all traffic is handled by a single HX controller that holds the HyperFlex Controller Cluster IP.
To read VM data over HyperFlex Controller Cluster IP, backup proxies must be connected to the same HyperFlex data network as the processed VMs. Veeam Backup & Replication will configure all necessary firewall settings within the HyperFlex Controllers automatically during the storage discovery process. Veeam Backup & Replication automatically detects new HyperFlex controllers and applies firewall changes.
Configuring Firewall Rules for Cisco HyperFlex IO Visor Processing
The Cisco HyperFlex IO Visor is a software component that runs on all ESXi hosts within a Cisco HyperFlex cluster. It works as an NFS server for Veeam traffic.
You need to allow NFS traffic from the backup proxies to ESXi hosts. As Cisco IO Visor based NFS communication uses dynamic ports, you need to create an ESXi firewall rule with inbound ports 0-65535 and the backup proxy IP addresses as allowed IP addresses.
Configuring Backup Proxies for Backup from Storage Snapshot with Virtual Appliance or Network mode
If you plan to use the Virtual appliance or Network mode to process VMs hosted on Cisco HyperFlex, you must configure the backup infrastructure in the following way:
- You must add Cisco HyperFlex to the backup infrastructure to allow Veeam Backup & Replication to create HyperFlex snapshots.
- You must configure the backup proxies to work in the Virtual appliance or Network transport mode. For more information, see Virtual Appliance (HotAdd) and Network Mode
- If you plan to use the Virtual appliance mode, it is recommended that you enable an optimization for NFS datastores in Veeam Backup & Replication to avoid VM stuns as described in this VMware KB article. To do this:
- Create a backup proxy on every host in the VMware vSphere cluster where VMs that you plan to back up or replicate reside.
- On the machine where the Veeam Backup & Replication console is installed, open Registry Editor.
- Navigate to the key: HKLM\Software\Veeam\Veeam Backup and Replication\.
- Create a new DWORD with the name EnableSameHostHotaddMode, and set its value to 2.
If a backup proxy on the same host as a processed VM is unavailable, Veeam Backup & Replication will use an available backup proxy on a different host, but force it to use the Network transport mode, so that no stun occurs.