Architecture Overview

In this article

    The Veeam Backup for GCP infrastructure includes the following components:

    Backup Appliance

    The backup appliance is a Linux-based VM instance where Veeam Backup for GCP is installed. The backup appliance performs the following administrative activities:

    The backup appliance also maintains the configuration database that stores data collected from Veeam Backup for GCP for existing backup policies, protected VMs, deployed worker instances, connected projects and so on.

    Backup Repositories

    A backup repository is a GCP storage bucket where Veeam Backup for GCP stores backups of VM instances.

    To communicate with a backup repository, Veeam Backup for GCP uses Veeam Data Mover — the service that runs on a worker instance and that is responsible for data processing and transfer. When a backup policy addresses the backup repository, the Veeam Data Mover establishes a connection with the repository to enable data transfer.

    Important

    Backup files are stored in backup repositories in the native Veeam format and must be modified neither manually nor by 3rd party tools. Otherwise, Veeam Backup for GCP may fail to restore the backed-up data.

    Encryption on Repositories

    For enhanced data security, Veeam Backup for GCP allows you to enable encryption at the repository level. Veeam Backup for GCP uses the same encryption standards as Veeam Backup & Replication to encrypt backup files stored in backup repositories. To learn what encryption standards Veeam Backup & Replication uses to encrypt its data, see the Veeam Backup & Replication User Guide, section Encryption Standards.

    To learn how to enable encryption at the repository level, see Enabling Data Encryption.

    Limitations for Repositories

    To use a storage bucket as a target location for backups, you must connect to a project in which this bucket resides, as described in section Adding Backup Repositories.

    Veeam Backup for GCP allows you to store backups only in the Standard Storage and Archive Storage classes. The Nearline Storage and Coldline Storage classes are not supported. For more information on storage classes offered by Cloud Storage, see Google Cloud documentation.

    Worker Instances

    A worker instance is an auxiliary Linux-based VM instance that is responsible for the interaction between the backup appliance and other components of the Veeam Backup for GCP infrastructure. Worker instances process backup workload and distribute backup traffic when transferring data to backup repositories.

    Veeam Backup for GCP automatically deploys a worker instance to every processed VM instance and keeps the worker instance running for the duration of the backup or restore process. To minimize cross-region traffic charges and to speed up the data transfer, depending on the performed operation, Veeam Backup for GCP launches the worker instance in the following location:

    Operation

    Worker Instance Location

    Default Worker Instance Size

    Creating image-level backups

    GCP region in which a processed VM instance resides

    e2-highcpu-8, with an additional empty standard persistent (pd-standard) disk up to 4000 GB in size

    Creating archived backups

    GCP region in which a processed VM instance resides

    e2-standard-4

    VM instance restore

    GCP region to which an VM instance is restored

    e2-highcpu-4, with an additional empty standard persistent (pd-standard) disk up to 1500 GB in size

    File-level restore from cloud-native snapshots

    GCP region in which an original VM instance resides

    e2-highcpu-4

    File-level restore from image-level backups

    GCP region in which a storage bucket with backed-up data resides

    e2-highcpu-4

    Worker instances are deployed based on worker configurations that can be created either automatically by Veeam Backup for GCP, or manually by the user as described in section Managing Workers.

    Important

    For Veeam Backup for GCP to deploy the number of worker instances required for a backup or restore process, you must have enough resource quotas allocated between your projects. To learn how to check your quotas, see Google Cloud documentation.

    Worker Instance Components

    A worker instance uses the following components:

    • Veeam Data Mover — the service that performs data processing tasks. During backup, the Veeam Data Mover retrieves data from snapshots and stores the retrieved data to backup repositories. During restore, the Veeam Data Mover transfers backed-up data from backup repositories to the target location.
    • File Level Recovery for Veeam Backup Browser — the web service that allows you to find and save files and folders of a backed-up instance to a local machine. The Veeam File-Level Recovery Browser is installed automatically on every worker instance that is launched for file-level recovery.

    For more information on recovering files of VM instances with the File Level Recovery for Veeam Backup browser, see Performing File-Level Recovery.

    Security Certificates for Worker Instances

    Veeam Backup for GCP uses self-signed TLS certificates to establish secure communication between the web browser on a user workstation and the File Level Recovery for Veeam Backup browser running on a worker instance during the file-level recovery process. A self-signed certificate is generated automatically on the worker instance when the recovery session starts.