3.1 Network diagram for backups
The first activity that a service provider has to do when starting the deployment of Veeam Cloud Connect is design the overall infrastructure. This is paramount in order to better understand the relationships between the different components of Veeam Cloud Connect, network ports and services, and the way they communicate with each other.
The first step is the creation of the following network diagram. This diagram is specifically about Veeam Cloud Connect Backup. In the next chapter, there will be another diagram dedicated to replication services.
3.2: Network diagram for Veeam Cloud Connect Backup
The diagram depicts the different Veeam Cloud Connect areas and the communication happening between the different components. Later in the chapter, a similar diagram will depict the detailed layout of the different servers. For additional information about network connections between the different Veeam components, you can refer to the Veeam Backup & Replication User Guide or the knowledge-base article KB1518 (http://www.veeam.com/kb1518).
The list of ports used does not change once the services are deployed, but there are two specific use cases in which additional firewall rules are needed temporarily, even if they are not directly related to Veeam Cloud Connect components:
- Disabling a gateway: The Veeam Cloud Service running in the Veeam Backup & Replication server (management zone) needs to access the installer service running on the gateway (DMZ zone) on TCP/6160 in order to disable a gateway. If this port is not open, the gateway can still be disabled but the UI will freeze for a while.
- Installing updates: It’s recommended to temporarily disable firewall rules between the different security zones during updates because operations require multiple open ports, like SMB access to upload new .MSI installers to Windows machines, RPC access to restart services remotely and others.
The following parts of this chapter will explain the network diagram.