Configuring Private Network Deployment

If you want worker instances to operate in a private network, you can enable the private network deployment functionality and instruct Veeam Backup for AWS to deploy worker instances without public IPv4 addresses. In this case, worker instances will communicate with the Amazon S3 service through a private S3 endpoint specified in repository settings for data protection and recovery tasks.

To configure private network deployment, do the following:

  1. Switch to the Configuration page, navigate to General > Deployment Mode and set the Private network deployment toggle to On.
  1. To allow worker instances to access AWS services, create VPC interface endpoints for all subnets to which the worker instances will be connected, as described in section Configuring Private Networks (step 1).
  2. To allow worker instances to communicate with the Amazon S3 service, do the following:
  1. For all VPCs in the AWS Regions where backup repositories are located, create an S3 interface endpoint for all subnets to which worker instances will be connected, as described in section Configuring Private Networks (step 1).
  2. For the backup appliance and worker instances, ensure connectivity between them and the Amazon S3 service, as described in section Configuring Private Networks (steps 2–3).
  1. To allow worker instances to access Amazon S3 buckets, configure repository settings to use the created S3 interface endpoint for backup operations:
  1. Click Save to enable the private network deployment functionality.
  2. Click the Configure repositories link.
  3. In the Configuration Issues window, click the link in the Settings column.

For a backup repository to be displayed in the list of available repositories, it must be added to Veeam Backup for AWS as described in section Managing Backup Repositories.

  1. In the Edit Repository wizard, navigate to the Settings step. Then, from the Interface VPC endpoint drop-down list, select the S3 interface endpoint that will be used to communicate with the Amazon S3 service.

For an S3 interface endpoint to be displayed in the Interface VPC endpoint list, it must be created in the Amazon VPC console for all subnets to which the worker instances will be connected, as described in section Configuring Private Networks (step 1).

To check whether you have configured all the necessary settings correctly, run your backup policies as described in section Performing Backup.

Enabling Private Network Deployment

Page updated 8/8/2024

Page content applies to build 8.1.0.7