In a previous blog I described the benefits that we’ve seen integrating Veeam 8, EMC Data Domain and Data Domain Boost in Sovereign System’s executive briefing center. Sovereign’s briefing center showcases the solutions that we architect and build for clients and also supports our internal business units.
The 7X performance benefits gained with Veeam and Data Domain Boost allowed us to achieve recovery point and time objectives (RPO/RTO) in minutes with our on-premise, private cloud infrastructure. The next requirement that we wanted to tackle was to provide a low cost, off-site secondary copy of our on-premise backups.
We did not want to resort to leveraging a cumbersome legacy approach, such as tape shipment or duplicate off-site hardware for replication. Both of these options can tend to be cost prohibitive and complex, especially for smaller shops. To keep cost and complexity at a minimum, we looked to store our off-site backups in the public cloud. Doing so also eliminates our need to manage any off-site infrastructure.
A Perfect Fit
Fortunately, with the recent release of Veeam 8 and its new Cloud Connect feature, we had a perfect solution. Veeam 8 Cloud Connect provides a fairly seamless and easy-to-configure secure gateway to various public cloud Managed Service Providers (MSPs). At a high level, Cloud Connect delivers a secure encrypted tunnel to MSPs who host multi-tenant Veeam storage repositories. This solution offers many benefits, including:
- Accessible and managed like local on-premise Veeam storage resources
- Resides off-site in the MSP’s public cloud
- Cloud storage repositories can be used for primary backups (not usually recommended due to WAN performance)
- Cloud storage repositories can be used for secondary off-site backup copy jobs
Here is a high level diagram of the Cloud Connect architecture.
Secure and Cost-Effective
The on-premise Veeam client server(s) connect via SSL encryption directly over the Internet which eliminates the need for complex VPN connections to MSPs. Historically, secure network connectivity to MSP’s has been a challenge for many companies. Now, the SSL connection, provided via a single TCP port through a Veeam Cloud Gateway component (installed on the MSP side), is completely managed and maintained by the MSP, with secure end to end AES 256 encryption.
What’s more, Cloud Connect resolves off-site storage repository hosting challenges often experienced by MSPs. With its truly secure, multi-tenant architecture built on a shared model, Cloud Connect delivers economies of scale which drive down costs for MSP’s and the subsequent cloud services they offer. The multi-tenant storage pools managed by Veeam’s Cloud Repository feature create an abstraction layer that allows multiple customers to store backups in the same shared repository, but in a secure, compliant manner.
We also added Veeam WAN Accelerators (an optional component for the Cloud Connect) to our architecture. On the MSP side, the WAN accelerators sit between the Cloud Gateways and Cloud Repositories. On the client side, they sit on the Veeam backup server. The WAN Accelerators provide bandwidth optimizations by caching blocks internally, eliminating the need to transmit every block over the WAN.
Perhaps the best part is that the Cloud Connect client components are included in all editions of Veeam 8 Backup and Replication, so there are no additional licensing fees from a Veeam perspective.
Configuring Veeam 8 Cloud Connect with 3rd party MSP’s is extremely easy. Literally within a matter of minutes, the Veeam Cloud Connect feature was up and running in our briefing center, using these simple steps:
- Go to the Veeam Backup Infrastructure node
- Choose to add a new Service Provider (this executes the configuration wizard)
- Enter the Service Provider’s DNS name or IP address
- Choose the default TCP port 6180 (unless it has been changed)
- After the DNS name or IP address has been entered, Veeam will connect to the MSP’s Cloud Gateway and retrieve the appropriate SSL certificate.
- Next it will ask to authenticate via a username and password provided by the MSP.
- Once authenticated, it presents the details around the storage resources that are now authorized to be consumed by the client.
When the Cloud Connect wizard completes, the cloud storage repository appears as a normal Veeam storage repository; available for backup and/or backup copy jobs via the local Veeam management console. Backup copy jobs can then be configured with the new repository and will automatically, and securely, be sent off-site to the MSP’s public cloud. Many MSP’s offer enhanced services in addition to cloud storage such as the ability to recover and run virtual machines on the MSP’s offsite infrastructure (IaaS) for disaster recovery (DR) purposes which is a nice added benefit.
For Sovereign, Veeam’s Cloud Connect provided a very easy, cost effective way for us to get a copy of our critical on-premise backups into a secure, fully managed, off-site DR infrastructure.