2.1 Veeam Backup & Replication server
As in every Veeam Backup & Replication deployment, this is the central component. Veeam Backup & Replication holds the main Veeam backup service, which manages all configurations and saves them into the back-end Microsoft SQL Server. You can manage using the standalone console, which is installed locally on the same Windows server or in a remote Windows machine. You can also use either PowerShell or RESTful API to manage Veeam Backup & Replication.
Veeam Backup & Replication requires a 64-bit Windows operating system.
NOTE: Veeam requires every service provider to deploy a dedicated Veeam Backup & Replication deployment to Cloud Connect services, without mixing Cloud Connect with other Veeam-powered services.
If you are only using Veeam Cloud Connect backup, Veeam Backup & Replication does not involve local activities on the service provider’s hypervisor hosts. Instead, it only receives backups from customers that are already processed at the customer’s sites. For this reason, the requirements for its installation are lower than usual: A simple VM with 4 vCPU and 8 GB of RAM will suffice to hold both the Veeam backup service and Microsoft SQL Server. Regarding the SQL Server, the default Microsoft SQL Server Express can be enough unless the Veeam Cloud Connect infrastructure will host a very large amount of customers, because activity logs can fill the maximum size of an Express database (10 GB). If this is the case, you should plan to use a regular SQL installation (Standard or Enterprise) either in the same machine or in a dedicated one.
However, if you are going to deploy Veeam Cloud Connect for DRaaS also, the Veeam Backup & Replication service is going to manage a proper virtualized environment with many virtual machines belonging to all the different hosted customers. In this case, please refer to Veeam best practices to properly size the Windows server hosting the service, and plan on using at least Microsoft SQL Standard.
Security best practices suggest using a dedicated account to run the different Veeam services. This is usually referred as a service account because it is a user that will not be used for interactive logins, but rather only to run the different Veeam services.
The use of a service account has some advantages that providers should consider:
- The account can be configured with a very complex password, which only the minimum amount of administrators that will manage the service will know
- Regular accounts can follow security rules about changing their passwords regularly, without the risk to stop any service because the service account can use a dedicated user ID with an exception to the password expiration policy
- It is easier to trace and log activities for the different services over the network, both for debugging and for auditing purposes. For example, instead of seeing the same administrator account in every log, a service provider can create a service account as veeam-service, and whenever a log will report this user, administrators will know that the traced activity is related to Veeam services.
By default, the installation wizard of Veeam Backup & Replication Server uses LOCALSYSTEM as the service account to execute the service.
It is better to create and use a dedicated account to run the services. Once the account has been created, either as a local account or an Active Directory account, service providers need to add this user to the local administrators of the server that will host the Veeam Backup & Replication server. Then, they can use the account during the installation by selecting Let me specify different settings:
2.1: Specify different settings during Veeam Backup & Replication setup
In the following step of the wizard, administrators need to specify the service account:
2.2: Specify a service account for Veeam Backup & Replication
The service account is also used for the authentication in the locally installed SQL Server Express, as we select to use Windows authentication (SQL Server authentication is equally supporrted):
2.3: Specify SQL server settings
In the last step of the Setup wizard, before the installation begins, administrators will see a recap of the selection options, and the checkbox Check for updates once the product is installed and periodically:
2.4: Check for updates once the product is installed and periodically
This option allows the Veeam Backup & Replication server to connect to the Veeam update notification server (http://dev.veeam.com), so that it will notify administrators about the availability of updates for the software. See the later chapter Regular maintenance of the components for additional details.
Once deployed, Veeam Backup & Replication has different components, listening over different TCP ports:
|Veeam Backup Service||9392|
|Veeam Backup Service over SSL||9401|
|Veeam Cloud Connect Service||6169|
Veeam Cloud Connect does not need the catalog service because there is no local backup activity that stores file-level information in the catalog itself. However, different Veeam components rely on the catalog for their operations so you should install it anyway to avoid undesired results.
Once deployed, Veeam Backup & Replication Server has different services installed in the Windows machine that you should monitored to guarantee the best Availability for the service:
|Service Display name||Service Name||Startup Type||Log On as|
|SQL Server (VEEAMSQL2012)||MSSQL$VEEAMSQL2012||Automatic||Local System|
|Veeam Backup Service||VeeamBackupSvc||Automatic (Delayed Start)||CLOUDCONNECT\svc-vbr|
|Veeam Cloud Connect Service||VeeamCloudSvc||Automatic (Delayed Start)||CLOUDCONNECT\svc-vbr|
|Veeam Data Mover Service||VeeamTransportSvc||Automatic||Local System|
|Veeam Guest Catalog Service||VeeamCatalogSvc||Automatic (Delayed Start)||CLOUDCONNECT\svc-vbr|
|Veeam Installer Service||VeeamDeploySvc||Automatic||Local System|
Note: There are additional Veeam services deployed as part of the default installation. They are not in this list because they are not involved in a Veeam Cloud Connect infrastructure.
Note: Microsoft SQL Service is available in the server only if during the installation has been chosen to install the default Express version. If a dedicated SQL Server is created during the design, this service may not be available in the Veeam Backup & Replication server.
From a protection standpoint, this machine is the most important piece of the environment. Since it cannot be installed in multiple instances, a good way to protect it is to run it as a VM and then rely on the underlying hypervisor for High Availability. Features like VMware vSphere HA or Hyper-V Failover Clustering can protect it and guarantee quick recovery times if the single hypervisor node where the VM is running fails. If a service provider needs an additional level of protection, he can also plan to use Veeam Backup & Replication itself and replicate this virtual machine every few hours; if anything happens, he can power up the replicated machine in a few minutes. In addition, service providers can and should use Veeam configuration backup in order to back up the overall configuration of the Cloud Connect environment, and plan to have a restore plan if anything happens to this machine and the corruption is replicated to the replica.