Step 3. Specify Network Settings

At the Network step of the wizard, select an Amazon VPC and a subnet to which you want to connect worker instances created based on the new worker configuration, and specify a security group that will be associated with the instances. For an Amazon VPC, a subnet and a security group to be displayed in the lists of available network specifications, they must be created in AWS as described in AWS Documentation.

Veeam Backup for AWS will apply the specified network settings to all worker instances that will be deployed in the specified location. For EFS indexing, Veeam Backup for AWS will also apply these settings to worker instances deployed to process file systems that have mount targets in the selected VPC.

By default, Veeam Backup for AWS uses public access to communicate with worker instances. That is why the public IPv4 addressing attribute must be enabled for the selected subnet, the selected VPC must have an internet gateway attached, and the VPC and subnet route tables must have routes that direct internet-bound traffic to this internet gateway. If you want worker instances to operate in a private network, do either of the following:

• Enable the private network deployment functionality, and configure specific VPC endpoints for the subnet to let Veeam Backup for AWS use private IPv4 addresses as described in section Configuring Private Network Deployment.

For the list of specific endpoints required to perform backup and restore operations, see Configuring Private Networks.

• Configure VPC endpoints as described in section Appendix C. Configuring Endpoints in AWS.