Step 3. Specify Network Settings
At the Network step of the wizard, do the following:
- Select a VPC network and a subnet to which you want to connect worker instances created based on the new worker configuration.
For a VPC network and a subnet to be displayed in the lists of available networks, they must be created in the Google Cloud console for the region specified at step 2 of the wizard, as described in Google Cloud documentation.
- A route whose destination IP address range is 0.0.0.0/0 and whose next hop is the default internet gateway must exist for the selected VPC network. To learn how to add and remove routes for a network, see Google Cloud documentation.
- The selected subnet must have Private Google Access enabled. To learn how to enable Private Google Access for a subnet, see Google Cloud documentation.
- If you plan to back up Cloud SQL instances, you must configure network access between the subnets of the worker instances and the subnets of the processed Cloud SQL instances. Alternatively, you can configure the worker instances to allow public IP access as described in section Configuring Deployment Mode.
- If you plan to back up Cloud SQL instances using a staging server, the selected VPC network must have private services access configured. To learn how to configure private services access for a VPC network, see Google Cloud documentation.
- If you want to connect worker instances created based on the worker configuration to a Shared VPC network, the service account used to launch worker instances must have the permissions described in Worker Permissions.
- Select a firewall rule that will be used to control traffic between resources in the specified VPC network.
For a firewall rule to be displayed in the list of available rules, it must be created in the Google Cloud console as described in Google Cloud documentation.
- The selected firewall rule must allow direct network traffic to Google Cloud resources. Proxy redirect and setting a proxy in the Veeam Backup for Google Cloud configuration are not supported.
- If you plan to perform file-level recovery, the selected firewall rule must allow both HTTPS traffic to all VM instances on the specified VPC network. To learn how to create firewall rules that allow HTTPS connections, see Google Cloud documentation.