Configuring Deployment Mode
By default, worker instances launched by Veeam Backup for Microsoft Azure access protected Azure resources through public virtual networks. If you want worker instances to process resources that reside in private virtual networks, you can enable the private network deployment functionality and instruct Veeam Backup for Microsoft Azure to launch worker instances without public IPv4 addresses. In this case, Veeam Backup for Microsoft Azure will automatically configure worker settings to allow private network access; however, you will also need to perform a number of configuration steps manually as described in section Working in Private Environments.
To enable the private network deployment functionality, do the following:
- Switch to the Configuration page, navigate to General > Deployment Mode and set the Private network deployment toggle to On.
- By design, Veeam Backup for Microsoft Azure automatically creates a virtual network service endpoint for the Microsoft.Storage.Global service to communicate with worker instances in public virtual networks. However, for worker instances operating in private environments, you must do either of the following:
- Configure the virtual network service endpoint manually in Microsoft Azure as described in Microsoft Docs.
- Set the Create service endpoints toggle to On.
- To allow Veeam Backup for Microsoft Azure to launch the worker instances while backing up unmanaged Azure VMs and file shares, configure network settings for your storage accounts as described in section Configuring Network Settings for Storage Accounts.
- To allow Veeam Backup for Microsoft Azure to back up Azure VMs in a private environment, configure network settings for these VMs as described in section Configuring Network Settings for VM Backup.
- To allow Veeam Backup for Microsoft Azure to launch the worker instances while backing up SQL Servers, configure network settings for these servers as described in section Configuring Network Settings for SQL Servers.
- To allow Veeam Backup for Microsoft Azure to launch the worker instances while backing up SQL Managed Instances, configure network settings for these instances as described in section Configuring Network Settings for SQL Managed Instances.
- To allow Veeam Backup for Microsoft Azure to to back up Cosmos DB accounts in a private environment, configure network settings for these accounts as described in section Configuring Networking Settings for Cosmos DB Accounts.
- To check whether you have configured all the necessary settings correctly, run your backup policies as described in section Performing Backup.
After you enable the private network deployment functionality, it is recommended that you check whether service accounts have all the permissions required to use this functionality as described in section Checking Service Account Permissions.
[Applies only to upgraded appliances that still use Azure Service Bus as a messaging service]
Veeam Backup for Microsoft Azure uses a messaging service to allow communication between the architecture components. In versions prior to 7.0, Veeam Backup for Microsoft Azure used the Azure Service Bus messaging service by default. In version 7.0, Azure Service Bus was replaced by Azure Queue Storage. That is why you must manually switch to the Azure Queue Storage service immediately after you upgrade the backup appliance — otherwise, Veeam Backup for Microsoft Azure will fail to perform backup and restore operations. For more information on the Azure Queue Storage messaging service, see Microsoft Docs.
Important |
After you switch to the Azure Queue Storage service, you must check whether service accounts have all the permissions required to use this service, as described in section Checking Service Account Permissions. |