Veeam Backup for AWS 9
User Guide
Archive
Version 8.0 Version 7.0
Related documents
Search

Step 3. Specify Network Settings

At the Network step of the wizard, do the following:

  • If you have selected the Account option at step 2 of the wizard, specify an Amazon VPC network and a subnet to which you want to connect worker instances deployed based on the new worker configuration, and choose a security group that will be associated with the instances.

For an Amazon VPC network, a subnet and a security group to be displayed in the lists of available network specifications, it must be created in the selected AWS Region as described in AWS Documentation.

  • If you have selected the Organization option at step 2 of the wizard, specify the key and value of the AWS tag associated with the security group, VPC network and subnet to which you want to connect worker instances deployed based on the new worker configuration.

The network specifications with the specified tag must be created in each AWS account and each AWS Regions within the selected AWS Organization, as described in AWS Documentation.

Veeam Backup for AWS will apply the specified network settings to all worker instances that will be deployed based on the new worker configuration. For EFS indexing, Veeam Backup for AWS will also apply these settings to worker instances deployed to process file systems that have mount targets in the selected VPC network.

Important

  • [Applies only to worker instances used for EFS indexing] The selected security group must allow outbound access on ports 2049 and 443. These ports are used by worker instances to mount file systems and to communicate with AWS services. Proxy redirect and setting a proxy in the Veeam Backup for AWS configuration are not supported.
  • [Applies only to worker instances used for EFS indexing] The DNS resolution option must be enabled for the selected VPC network. For more information, see AWS Documentation.
  • [Applies only to worker instances used for EC2 backup and restore operations] The selected security group must allow outbound access on port 443 required to communicate with AWS services. Proxy redirect and setting a proxy in the Veeam Backup for AWS configuration are not supported.

By default, Veeam Backup for AWS uses public access to communicate with worker instances. That is why the public IPv4 addressing attribute must be enabled for the selected subnet, the selected VPC network must have an internet gateway attached, and the VPC network and subnet route tables must have routes that direct internet-bound traffic to this internet gateway. If you want worker instances to operate in a private network, do either of the following:

  • Enable the private network deployment functionality, and configure specific VPC endpoints for the subnet to let Veeam Backup for AWS use private IPv4 addresses as described in section Configuring Private Network Deployment.

For the list of specific endpoints required to perform backup and restore operations, see Configuring Private Networks.

Adding Worker Configuration

Page updated 3/24/2025

Page content applies to build 9.0.0.304

View all results across Veeam
Back to document search