How to setup Veeam Backup and Replication for Object Storage

Go back to Veeam Software guides or Main Page.

Here is a how to guide and best practices for setting up Veeam with Object Storage.

• Immutability = Cannot delete until timestamp has elapsed. ( Ransomware protection )
• Retention = Do not delete / keep until X timestamp has been achieved.

• Allow Wasabi endpoint hostnames through firewalls. ( Common cause of "Failed to retrieve certificate from https://" error. )
• Set retention and immutability to the same length of time, usually 30-days.
• Compliance or Governance Mode, is an important choice depending on requirements.

If selecting compliance mode instead of governance mode, data CANNOT be deleted until the set immutability timestamp has elapsed.

Data uploaded with an immutability of 1 year in compliance mode cannot be deleted regardless of policy. You are stuck with it until the expiration date has surpassed. Governance mode will allow a user configured with the correct policies to override the immutability; this allows for data to be deleted if a situation arises with the need, even with immutability enabled. Compliance mode is the most secure and often chosen for legal requirements.

If you have not setup Object Storage in Veeam B&R before we recommend reviewing the Veeam Documentation. We also recommend reading through the documentation explaining how immutability works to have an understanding of data usage, and how object storage is utilized by Veaam B&R including but not limited to considerations and limitations, and health checks of data stored.

If purchasing Wasabi object storage through HBS, the data center engineer handling the order will create the Wasabi account, bucket and bucket credentials to simplify setup and data security. This information will then be provided to you for setup in Veeam B&R.

This setup guide includes HBS specific instructions. Based off the Veeam KB for Adding S3 Compatible Object Storage which includes Screenshots.

1. Open the Backup Infrastructure view.
2. In the inventory pane, right-click the Backup Repositories node and select Add backup repository.
   • Alternatively, you can click Add Repository on the ribbon.
3. In the Add Backup Repository window, select Object storage > S3 Compatible > S3 Compatible.
4. At the Name step of the wizard, use the Name and Description fields to enter a name for a new object storage repository and to provide a description for future reference.
   • If you want to limit the maximum number of tasks that can be processed at once, select the Limit concurrent tasks to N check box.
5. At the Account step of the wizard, specify the connection settings:
   1. In the Service point field, specify an endpoint address and a port number of your S3 compatible object storage.
      • HBS Wasabi: https://s3.us-east-1.wasabisys.com
   2. In the Region field, specify a region.
      • HBS Wasabi: us-east-1
   3. From the Credentials drop-down list, select user credentials to access your S3 compatible object storage.
      • If you already have a credentials record that was configured in advance, select it from the drop-down list. Otherwise, click Add and provide your access and secret keys.
      • You can also click the Manage cloud accounts link to add, edit or remove a credentials record.
      • HBS Wasabi: We recommend adding into the description the name of the bucket used with the Access and Secret Key.
   4. Next to the Connection mode field, click Choose and specify how Veeam Backup & Replication will transfer data to the object storage repository.
      • Direct — select this option if you want to instantly move data of processed VMs or file shares to object storage repositories. Before you select this option, check the following Considerations and Limitations.
      • Through gateway server — select this option if you want Veeam Backup & Replication to use a gateway server to transfer data from processed VM or file share to object storage repositories. From the Name list, select gateway servers that you want to use for data transfer operations.
        • By default, the role of a gateway server is assigned to the Veeam Backup & Replication server. You can choose any Microsoft Windows or Linux server that is added to your Veeam Backup & Replication infrastructure and has internet connection. Note that you must add the server to the Veeam Backup & Replication infrastructure beforehand.
   5. At the Bucket step of the wizard, specify the bucket and folder where you will store data, and define storage limits and immutability settings that Veeam Backup & Replication will apply to data in the object storage. HBS Wasabi: Select the bucket already created as provided in the email or ticket and create a folder within it, make the folder name the Veeam B&R Hostname.
      1. In the Bucket field, enter a name of the bucket or click Browse to get the necessary bucket. Note that you must create the bucket where you want to store your backup data beforehand.
      2. By default, the multiple child buckets creation is enabled. To manage its settings, do the following:
         • Click the Automatic bucket creation disabled link.
         • To specify a number of per-machine backups chains that you want to keep in a single child bucket, check the Create new buckets automatically check box. Veeam Backup & Replication will create child buckets according to this amount of backup chains.
      3. To the right of the Folder field, click Browse and either select an existing folder or click New Folder.
      4. Select the Limit object storage consumption to check box to define a soft limit for your object storage consumption. If this limit is exceeded during a job run, Veeam Backup & Replication will complete the job. However, a new job will not be able to start unless you remove the extra data that exceeds the limit or change the soft limit settings. Provide the value in TB or PB.
      5. Select the Make recent backups immutable for check box to prohibit deletion of blocks of data from object storage. Specify the immutability period. Note that the maximum immutability period you can set in the Veeam Backup & Replication UI is 90 days. If you want to set immutability to a longer period, use the Set-VBRAmazonS3CompatibleRepository cmdlet.
   6. Specifying Mount Server Settings: Skip to Next Screen...
   7. Review Components and apply changes.