Configuring Deployment Mode

By default, worker instances launched by Veeam Backup for Microsoft Azure access protected Azure resources through public virtual networks. If you want worker instances to process resources that reside in private virtual networks, you can enable the private network deployment functionality and instruct Veeam Backup for Microsoft Azure to launch worker instances without public IPv4 addresses. In this case, Veeam Backup for Microsoft Azure will automatically configure worker settings to allow private network access; however, you will also need to perform a number of configuration steps manually as described in section Working in Private Environments.

To enable the private network deployment functionality, do the following:

  1. Switch to the Configuration page, navigate to General > Deployment Mode and set the Private network deployment toggle to On.
  1. By design, Veeam Backup for Microsoft Azure automatically creates a service endpoint for the Microsoft.Storage.Global service to communicate with worker instances in public virtual networks. However, for worker instances operating in private environments, you must do either of the following:
  • Configure the endpoint manually in Microsoft Azure as described in Microsoft Docs.
  • Create private endpoints for the virtual network to which the backup appliance is connected as described in section Creating Private Endpoints.
  • Set the Create service endpoints toggle to On.

In the latter case, you must also configure firewall rules for the storage account in which Azure resources that you want to protect reside, as described in section Configuring Firewall Settings.

  1. To allow Veeam Backup for Microsoft Azure to launch the worker instances while backing up unmanaged Azure VMs and file shares, configure network settings for your storage accounts as described in section Configuring Network Settings for Storage Accounts.
  2. To allow Veeam Backup for Microsoft Azure to launch the worker instances while backing up SQL Servers, configure network settings for these servers as described in section Configuring Network Settings for SQL.
  3. To allow Veeam Backup for Microsoft Azure to launch the worker instances while backing up SQL Managed Instances, configure network settings for these instances as described in section Configuring Network Settings for SQL Managed Instance.
  4. To check whether you have configured all the necessary settings correctly, run your backup policies as described in section Performing Backup.

After you enable the private network deployment functionality, it is recommended that you check whether the service account has all the permissions required to use this functionality as described in section Checking Service Account Permissions.

Choosing Messaging Service

By design, Veeam Backup for Microsoft Azure uses a messaging service to allow communication between the architecture components. In versions prior to 6.0, Veeam Backup for Microsoft Azure used the Azure Service Bus messaging service. However, starting from version 6.0, Veeam Backup for Microsoft Azure will use the Azure Queue Storage messaging service for all newly created endpoints. To optimize data transfer costs while protecting your Azure resources, it is recommended that you switch to the Azure Queue Storage service. For more information on the Azure Queue Storage and the Azure Service Bus messaging services, see Microsoft Docs.

After you choose a messaging service, it is recommended that you check whether the service account has all the permissions required to use this service as described in section Checking Service Account Permissions.

Important

To allow Veeam Backup for Microsoft Azure to perform tasks in private environments using the Azure Service Bus service, the service must be upgraded to the Premium tier. For more information on Azure Service Bus tiers, see Microsoft Docs.

Configuring Deployment Mode