Category Archives: Veeam

Veeam Backup for Microsoft Azure – Getting Started: Setting up the Infrastructure

In this blog post we will cover the following topics;

- What is Veeam Backup for Azure
- Getting Started
- - Architecture
- - Deploying from Azure Marketplace
- - Logging on for the first time
- - Connecting to your Microsoft Azure Subscriptions and Storage - - Accounts
- - Configuring a repository account
- Deploying worker VMs
- Monitoring
- Protecting your Veeam Backup for Azure Appliance
- Download Logs

The follow up blog posts are;

- Configuring your first Backup Policy
- - How a backup policy works 
- - Creating a Backup Policy 
- - Viewing and Running a Backup Policy
- Restoring a backup
- - Viewing protected data 
- - File Level Recovery 
- - Virtual Machine Disk Restore 
- - Full VM Restore
- Integrating with Veeam Backup and Replication
- - Adding your Azure Repository to Veeam Backup and Replication 
- - Viewing your protected data 
- - What can you do with your data? 
- - - Restore/Recover/Protect

What is Veeam Backup for Azure?

If we look at the Microsoft document “Shared responsibility in the cloud“, we can see the very open comment;

  • Regardless of the type of deployment, the following responsibilities are always retained by you:
    • Data
    • Endpoints
    • Account
    • Access management

So, if you are always responsible for your data, that means you are responsible for protecting it, at both a security and backup point of view.

Veeam Backup for Azure is a turnkey solution that provides you a backup solution which can quickly and securely protect your data, available within the Azure Marketplace itself. Removing the need to spend hours on designing a solution and configuring the software.


There are three main components;

  • Controller Server

A Linux VM deployed into Azure, which runs the Veeam Backup for Azure software.

  • Backup Repositories

Azure blob storage accounts where your Azure VM backups will be saved. The following storage accounts are supported currently;

Image Source

  • Workers

These are Azure VMs which are deployed automatically or manually by Veeam Backup for Azure server and are used for backing up and restoring the data. There is the capability to scale up and scale down the number of workers as needed.

The Azure region that worker VMs are deployed to, depend on the storage account they are linked to.

Each worker can process a single VM at a time, if a worker is idle for 10 minutes or more, then it is decommissioned (when setup to auto scale). Worker VMs, run the following services; A Worker service, which is responsible for fetching data from Azure; File-level recovery service, used for mounting data from a backup to the worker VM to initiate file-level recovery.

(Image Source)

Deploy Veeam Backup for Azure from the Azure Marketplace

The options to access the solution, which is driven via a web portal;

  • Direct via Public IP address
    • I recommend setting up firewall rules if you do this
  • Accessing the portal via a private IP address via the use of a VPN or Azure Express route.
    • If you need a VPN solution, check out VeeamPN.
    • This removes the need to publicly expose the solution.

Logging into the Veeam Backup for Azure Console

Your first login, you’ll provide the username and password configured during the deployment from the marketplace.

In my example, I will be using the publicly assigned IP address to log into the Portal UI. Upon first logon you will need to accept the EULA.

The interface is heavily wizard driven, which makes it simple to use and consume as a solution. If you’ve used Veeam Availability Orchestrator in the past, you’ll recognise similarities with the interface.

Logging into the solution for the first time, you’ll see this getting started screen, which makes it easy to understand how to operationalise the solution and start protecting your data.

Connecting to your Microsoft Azure Subscriptions and Storage Accounts

From the getting started page, we’ll click the first task to connect our Veeam Backup for Azure solution to our Microsoft Azure platform, which takes us to the screen shown below.

Continue reading Veeam Backup for Microsoft Azure – Getting Started: Setting up the Infrastructure

Veeam Backup for Azure – Service Endpoint from virtual network to Microsoft.Storage doesn’t exist

The Issue

After deploying a new Veeam Backup for Azure setup via the Microsoft Azure Marketplace, I was going through the configuration and when deploying my worker instances, which are used for performing the backup of the virtual machines.

I hit the following error;

The Service Endpoint from virtual network {VNET} and subnet {Name} to Microsoft.Storage doesn't exist.

The Cause

This was caused as I was using an existing storage account in a seperate resource group which I created manually. Which meant the pre-reqs were not met.

The Fix

Quick and easy fix, log into your Azure Portal, browse to your storage account where you are deploying the Worker Instances.

  • Click on “Firewalls and Virtual Networks”
  • Select “Selected Networks”
    • This is recommended from a security perspective
  • Click “Add existing virtual network”
  • Input the details of the virtual network to be used by the Worker Instances
  • Click the “Enable” button
    • This will enable the Service Endpoint on your selected network

Once the Service Endpoint is enabled, you see see a status message in the green text box highlighted, and the status changed to enabled.

  • Click the “Add” button
  • And remember to click save on the “Firewalls and virtual networks” pane.

Going back to your Veeam Backup for Azure portal, you can click “Check Again” on the Worker Configuration Status, and you should see this is successful.



Veeam Backup for Azure – Unable to check required permissions.

The Issue

When connecting my newly deployed instance of Veeam Backup for Microsoft Azure, I keep hitting the same error message after authenticating my account with Microsoft.

Error: Unable to check required permissions. This might be a problem in Microsoft Azure. Please wait and continue with the wizard later.

Simple enough message, I don’t have the right permissions, yet I knew on my test tenant I was a global admin, (and the only user configured in this tenant) so why was I seeing this error?

The cause

When I downloaded the logs, I found the following, it indicated that my account is connected to two tennants, both of the same name “Default Directory” to make things confusing, and the error was happening on the permissions check with the tenant.

Continue reading Veeam Backup for Azure – Unable to check required permissions.

Building a Veeam Lab – Testing Scenarios

In my previous post, I looked at the architecture you may want to implement to test the various features of Veeam Backup and Replication, including features from v10.

I thought it would be a good idea to break down the architecture into sections, and provide some ideas of what features/configurations can be tested in each section. This of course is not an exhaustive list.

I’ve broken down the original diagram into 5 Sections.

Section 1 – VMware Cluster Continue reading Building a Veeam Lab – Testing Scenarios

Building a Veeam Lab – a recommended architecture

This blog posts spawns from an interesting discussion between the Veeam Vanguard members on what components are needed to build an effective lab for testing out most of the Veeam features, especially with v10 around the corner. So, I’ve put together something that should hopefully work for this;

I’m not really going to focus on the platform you’ll be running this on, as you should already have some sort of home lab if you are looking to run a Veeam lab, I’d assume.

  • AD and DNS – I’m just going to presume you have this up and running already.
    • If you are trying to cut down your home lab infrastructure, this blog on running PhotonOS as DNS server and NTP server is helpful
  • vSphere Environment
    • Cluster can be as big as you like or already have as your homelab
    • Standalone host for replica’s, or just target one of your existing hosts directly in the replica configuration
  • Hyper-V standalone host
    • Just for running one or two Virtual machines. But if you are a Hyper-v admin, you probably already have a lab you can use.
  • Backup Repository
    • There a few options you can use, but you need to consider where you store your data, if it is on the vSphere environment itself, you may run out of storage fast. An External NAS would be best.

I have wrote a second blog, which covers the testing scenarios that the below architecture covers.

Veeam Components

Veeam Backup and Replication Server:

This is going to be your main virtual machine, and you can multi-home a few components on here, especially if you are not fussed about the performance.

For the database, you should be OK with the built in SQL Express install.

Sizing minimums:

  • 2 vCPU cores, 8 GB RAM, HDD space 60GB (inclusive of Logs, vPowerNFS, VBR software)
  • Recommendations for sizing;
    1 vCPU core (physical or virtual) and 4 GB RAM per 10 concurrently running jobs.

Continue reading Building a Veeam Lab – a recommended architecture