Considerations and Limitations

In this article

    When you plan to deploy and configure Veeam Backup for Microsoft Azure, keep in mind the following limitations and considerations.

    Hardware

    Component

    Recommended Azure VM size

    Backup appliance

    • Standard_B2s with 2 CPUs and 4 GB RAM
    • Standard_B2ms with 2 CPUs and 8 GB RAM

    Workers

    • Standard_F2s_v2 with 2 CPUs and 4 GB RAM for regular backup
    • Standard_E2_v5 with 2 CPUs and 16 GB RAM for archived backup

    For more information on Azure VM sizes, see Microsoft Docs.

    Software

    To access Veeam Backup for Microsoft Azure, use Microsoft Edge (latest version), Mozilla Firefox (latest version) or Google Chrome (latest version). Internet Explorer is not supported.

    Network Settings for Worker Instances

    Before you start adding worker configurations, consider the following:

    • A service endpoint (routing) for the Microsoft.Storage service must be configured for virtual networks to which workers will be connected. To learn how to configure virtual network service endpoints, see Microsoft Docs.
    • A subnet to which workers will be connected must have at least one free IP address in the subnet range — Veeam Backup for Microsoft Azure will launch and simultaneously run as many workers as many free IP addresses there are in the subnet range.
    • By default, workers use public endpoints to connect to Azure SQL Managed Instances through the port 3342. If a worker tries to connect to an Azure SQL Managed Instance and public endpoints are disabled for this instance, the worker will use a private endpoint to connect to the instance through the port 1433 instead. However, for the worker to be able to establish the connection, virtual networks to which the worker and the Azure SQL Managed Instance are connected must be peered in the Microsoft Azure portal. To learn how to peer virtual networks, see Microsoft Docs.

    For more information on worker configurations, see Configuring Workers.

    Encryption

    The current Veeam Backup for Microsoft Azure version supports Azure Disk Encryption with the following limitations:

    • Azure Disk Encryption is supported for backup and restore operations only within one Azure region. If you choose to backup or to restore your data to another region, you must first migrate to the target region all Azure key vaults, cryptographic keys and secrets used to encrypt the source Azure resources, as described in Microsoft Docs.
    • File-level recovery is not supported for VMs whose virtual disks are encrypted using Azure Disk Encryption.

    For more information on Azure Disk Encryption, see Microsoft Docs.

    Backup

    Before you start protecting Azure resources, consider the following:

    • Veeam Backup for Microsoft Azure does not support creation of backup repositories in storage accounts with enabled blob soft delete option.
    • Veeam Backup for Microsoft Azure does not support archive tiering of storage accounts with enabled zone data redundancy (ZRS, GZRS, RA-GZRS) option.
    • Veeam Backup for Microsoft Azure does not support backups of Azure VMs using Azure ultra disks due to Microsoft Azure limitations. For more information about Azure ultra disks, see Microsoft Docs.
    • When Veeam Backup for Microsoft Azure backs up Azure VMs with IPv6 addresses assigned, it does not save the addresses. That is why if you plan to restore these VMs, keep in mind that you will have to assign IPv6 addresses to the restored VMs manually in the Microsoft Azure portal after the restore process completes.
    • Veeam Backup for Microsoft Azure does not support backup of databases hosted by Azure Arc-enabled SQL Managed Instances and SQL Servers on Azure Arc-enabled servers.
    • If an Azure SQL database was migrated to a SQL Server or an Azure SQL Managed Instance, you will have to delete legacy references, orphaned database users and credentials set up with authentication types not supported on Azure SQL, to avoid BACPAC export errors. BACPAC export of databases with external references is not supported.
    • If you delete a file share from the Microsoft Azure infrastructure, the snapshots of this file share will be deleted as well. To protect your snapshots from accidental deletion, you can use the file share soft delete option. For more information on the soft delete option for Azure file shares, see Microsoft Docs.  

    Security Certificates

    Veeam Backup for Microsoft Azure supports certificates in the formats .PFX and .P12.