Appendix A. Configuring Deployment Mode
Veeam Backup for Google Cloud automatically deploys worker instances in Google Cloud for the duration of backup or restore processes, and removes them immediately after the processes complete. Depending on the types of workloads you plan to protect with Veeam Backup for Google Cloud and on the external security requirements, you can configure a deployment mode for your worker instances.
Configuring Private IPs for Worker Instances Performing File-Level Recovery
By default, worker instances deployed by Veeam Backup for Google Cloud do not use public IPs because they access protected Google Cloud resources through private virtual networks. The only exception is worker instances deployed during file-level recovery operations, allowing you to access backed-up files through the file-level recovery browser.
To enable access to the browser only through private networks, do the following:
- Connect to the backup appliance through SSH as described in Google Cloud documentation.
- Edit the FlrPerformer value in the /opt/veeam/gcpbackup/JobManagerSettings.json configuration file:
Configuring Public IPs for Worker Instances Processing Cloud SQL Instances
By default, worker instances that are deployed to process Cloud SQL instances do not have public network access. That is why you must configure private network access between the subnets of these worker instances and the subnets of the processed Cloud SQL instances as described in Google Cloud documentation.
Alternatively, you can configure the worker instances to allow public IP access. To do that, add the SqlWorker parameter to the /opt/veeam/gcpbackup/ServiceSettings.json configuration file:
Deploying Worker Instances as Shielded VMs
If you need the Virtual Trusted Platform Module (vTPM) and Integrity Monitoring enabled for your worker instances, you can instruct Veeam Backup for Google Cloud to deploy them as Shielded VMs. To do that, edit the Worker value in the /opt/veeam/gcpbackup/ServiceSettings.json configuration file, and restart the veeambackup service: