Considerations and Limitations

When you plan to deploy and configure Veeam Backup for Microsoft Azure, keep in mind the following limitations and considerations.

Hardware

Component

Recommended Azure VM size

Backup appliance

  • Standard_B2s with 2 CPUs and 4 GB RAM
  • Standard_B2ms with 2 CPUs and 8 GB RAM

Workers

  • Standard_F2s_v2 with 2 CPUs and 4 GB RAM for regular backup
  • Standard_E2_v5 with 2 CPUs and 16 GB RAM for archived backup

For more information on Azure VM sizes, see Microsoft Docs.

Software

To access Veeam Backup for Microsoft Azure, use Microsoft Edge (latest version), Mozilla Firefox (latest version) or Google Chrome (latest version). Internet Explorer is not supported.

Security Certificates

Veeam Backup for Microsoft Azure supports certificates in the formats .PFX and .P12.

Backup Repositories

Before you start managing backup repositories, consider the following:

  • Veeam Backup for Microsoft Azure does not support creation of backup repositories in storage accounts with enabled blob soft delete option.
  • Veeam Backup for Microsoft Azure does not support creation of backup repositories in storage accounts with enabled blob versioning option. If you plan to use an account with blob versioning enabled, consider that this may result in extra costs for storing objects that have been removed by the retention policy.
  • Veeam Backup for Microsoft Azure does not support creation of backup repositories in storage accounts with the redundancy options Geo-zone-redundant storage (GZRS) or Read-access geo-zone-redundant storage (RA-GZRS) enabled, and creation of archive repositories in storage accounts with the Zone-redundant storage (ZRS) redundancy option enabled. For more information on zone data redundancy, see Microsoft Docs.

Network Settings for Worker Instances

Before you start adding worker configurations, consider the following:

  • A service endpoint (routing) for the Microsoft.Storage service must be configured for virtual networks to which workers will be connected. To learn how to configure virtual network service endpoints, see Microsoft Docs.
  • A subnet to which workers will be connected must have at least one free IP address in the subnet range — Veeam Backup for Microsoft Azure will launch and simultaneously run as many workers as many free IP addresses there are in the subnet range.
  • By default, workers use public endpoints to connect to Azure SQL Managed Instances through the port 3342. If a worker tries to connect to an Azure SQL Managed Instance and public endpoints are disabled for this instance, the worker will use a private endpoint to connect to the instance through the port 1433 instead. However, for the worker to be able to establish the connection, virtual networks to which the worker and the Azure SQL Managed Instance are connected must be peered in the Microsoft Azure portal. To learn how to peer virtual networks, see Microsoft Docs.

For more information on worker configurations, see Configuring Workers.

Backup

Before you start protecting Azure resources, consider the following:

  • Due to Microsoft Azure limitations, Veeam Backup for Microsoft Azure does not support backup of Azure VMs with Azure ultra disks. For more information about Azure ultra disks, see Microsoft Docs.
  • Due to Microsoft Azure limitations, Veeam Backup for Microsoft Azure does not support backup of NFS Azure file shares. For more information about Azure file share snapshots, see Microsoft Docs.
  • When Veeam Backup for Microsoft Azure backs up Azure VMs with IPv6 addresses assigned, it does not save the addresses. That is why if you plan to restore these VMs, you will have to assign IPv6 addresses to the restored VMs manually in the Microsoft Azure portal after the restore process completes.
  • Veeam Backup for Microsoft Azure does not support backup of databases hosted by Azure Arc-enabled SQL Managed Instances and SQL Servers on Azure Arc-enabled servers.
  • Veeam Backup for Microsoft Azure uses BACPAC files to back up SQL databases. BACPAC export of databases with external references is not supported. That is why if a SQL database was migrated to an Azure SQL Database Server or Azure SQL Managed Instance, make sure to clear legacy references, orphaned database users and credentials set up with authentication types not supported by Azure SQL, to avoid BACPAC export errors.
  • If you delete a file share from the Microsoft Azure infrastructure, the snapshots of this file share will be deleted as well. To protect your snapshots from accidental deletion, you can use the file share soft delete option. For more information on the soft delete option for Azure file shares, see Microsoft Docs.

Azure Disk Encryption

The current Veeam Backup for Microsoft Azure version supports Azure Disk Encryption with the following limitations:

  • Azure Disk Encryption is supported for backup and restore operations only within one Azure region. If you choose to backup or to restore your data to another region, you must first migrate to the target region all Azure key vaults, cryptographic keys and secrets used to encrypt the source Azure resources, as described in Microsoft Docs.
  • File-level recovery is not supported for VMs whose virtual disks are encrypted using Azure Disk Encryption.

For more information on Azure Disk Encryption, see Microsoft Docs.