Before you start using Veeam Backup for GCP, consider the following requirements:
The following network ports must be open to ensure proper communication of components in the Veeam Backup for GCP infrastructure.
Workstation web browser
Required to access the Web UI component from a user workstation.
Required to access the File Level Recovery for Veeam Backup browser running on a worker instance during the file-level recovery process.
Required to communicate with the Worker service running on worker instances.
Required to perform file-level recovery.
Ubuntu Security Update Repository (security.ubuntu.com)
Required to get OS security updates.
Veeam Update Notification Server (repository.veeam.com)
Required to download information on available product updates.
Required to send email notifications.
Note: You cannot use the TCP port 25 that is most commonly used by SMTP servers — the port is always blocked by Google Compute Engine. For more information, see Google Cloud documentation.
IAM Role Permissions
Google Cloud Identity and Access Management (IAM) roles that Veeam Backup for GCP uses to perform data protection and disaster recovery operations must have permissions to access GCP services and resources. The minimal set of permissions for IAM roles is described in this Veeam KB article.
The backup appliance and worker instances must have outbound internet access to the following GCP APIs: