Architecture Overview
The Veeam Backup for GCP infrastructure includes the following components:
The backup appliance is a Linux-based VM instance where Veeam Backup for GCP is installed. The backup appliance performs the following administrative activities:
- Manages infrastructure components.
- Coordinates snapshot creation, backup and recovery tasks.
- Controls backup policy scheduling.
The backup appliance also maintains the configuration database that stores data collected from Veeam Backup for GCP for existing backup policies, protected VMs, deployed worker instances, connected projects and so on.
A backup repository is a GCP storage bucket where Veeam Backup for GCP stores backups of VM instances.
To communicate with a backup repository, Veeam Backup for GCP uses Veeam Data Mover — the service that runs on a worker instance and that is responsible for data processing and transfer. When a backup policy addresses the backup repository, the Veeam Data Mover establishes a connection with the repository to enable data transfer.
Encryption on Repositories
For enhanced data security, Veeam Backup for GCP allows you to enable encryption at the repository level. Veeam Backup for GCP uses the same encryption standards as Veeam Backup & Replication to encrypt backup files stored in backup repositories. To learn what encryption standards Veeam Backup & Replication uses to encrypt its data, see the Veeam Backup & Replication User Guide, section Encryption Standards.
To learn how to enable encryption at the repository level, see Enabling Data Encryption.
Limitations for Repositories
To use a storage bucket as a target location for backups, you must connect to a project in which this bucket resides, as described in section Adding Backup Repositories.
Veeam Backup for GCP allows you to store backups only in the Standard Storage class. Nearline Storage, Coldline Storage and Archive Storage classes are not supported. For more information on storage classes offered by Cloud Storage, see Google Cloud documentation.
A worker instance is an auxiliary Linux-based VM instance that is responsible for the interaction between the backup appliance and other components of the Veeam Backup for GCP infrastructure. Worker instances process backup workload and distribute backup traffic when transferring data to backup repositories.
Veeam Backup for GCP automatically deploys a worker instance to every processed VM instance and keeps the worker instance running for the duration of the backup or restore process. To minimize cross-region traffic charges and to speed up the data transfer, depending on the performed operation, Veeam Backup for GCP launches the worker instance in the following location:
Operation | Worker Instance Location | Default Worker Instance Size |
---|---|---|
Creating image-level backups | GCP region in which a processed VM instance resides | e2-highcpu-8, with an additional empty standard persistent (pd-standard) disk up to 4000 GB in size |
VM instance restore | GCP region to which an VM instance is restored | e2-highcpu-4, with an additional empty standard persistent (pd-standard) disk up to 1500 GB in size |
File-level restore from cloud-native snapshots | GCP region in which an original VM instance resides | e2-highcpu-2 |
File-level restore from image-level backups | GCP region in which a storage bucket with backed-up data resides | e2-highcpu-2 |
Worker instances are deployed based on worker configurations that can be created either automatically by Veeam Backup for GCP, or manually by the user as described in section Managing Workers.
Worker Instance Components
A worker instance uses the following components:
- Veeam Data Mover — the service that performs data processing tasks. During backup, the Veeam Data Mover retrieves data from snapshots and stores the retrieved data to backup repositories. During restore, the Veeam Data Mover transfers backed-up data from backup repositories to the target location.
- File Level Recovery for Veeam Backup Browser — the web service that allows you to find and save files and folders of a backed-up instance to a local machine. The Veeam File-Level Recovery Browser is installed automatically on every worker instance that is launched for file-level recovery.
For more information on recovering files of VM instances with the File Level Recovery for Veeam Backup browser, see Performing File-Level Recovery.
Security Certificates for Worker Instances
Veeam Backup for GCP uses self-signed TLS certificates to establish secure communication between the web browser on a user workstation and the File Level Recovery for Veeam Backup browser running on a worker instance during the file-level recovery process. A self-signed certificate is generated automatically on the worker instance when the recovery session starts.