Configuration of Veeam Backup for Google Cloud
Follow the different steps to install Veeam Backup for GCP , and learn how to configure it and how to perform backup and restore’s configurations in Google Cloud
Introduction
Veeam Backup for Google Cloud Platform (GCP) is a solution designed to provide data protection and management for Google Cloud environments. Below is an introduction to the steps involved in installing Veeam Backup for GCP, configuring it, and performing backup and restore operations.
Summary
Introduction
1 . Installation of Veeam Backup for Google Cloud
2.Accessing Veeam Backup for Google Cloud
3. Configuring Veeam Backup for google cloud
3.1 Adding Service Account
3.2 Adding Projects and Folders
3.3 Adding User Accounts
3.4 Adding Backup Repositories
3.5 Adding Worker Configurations
4. Performing Configuration Backup Automatically
5. Restoring Configuration Data
Conclusion
1. Installation of Veeam Backup for Google cloud
To install Veeam Backup for Google Cloud, follow these steps:
Step 1 : Log in to “Google Cloud Marketplace” using the credentials of a Google account with the Editor role.
Step 2 : Refer to Google Cloud documentation for guidance on managing user roles in the Google Cloud console.
Step 3 : Navigate to “Explore the marketplace.”
Step 4 : In the search field, enter “Veeam Backup for Google Cloud” and press [Enter].
Step 5 : From the search results, select “Veeam Backup for Google Cloud” to access the product overview page.
Click “Launch” to initiate the installation process.
Step 6 : On the New Veeam Backup for Google Cloud deployment page, configure the following installation settings:
1. Select a project to which the VM instance running Veeam Backup for Google Cloud will belong.
2 . Permissions that must be granted to service accounts used for Veeam Backup for Google Cloud operations : Default Permissions ,Repository Permissions ,Worker Permissions, Snapshot Permissions, Backup Permissions,Restore Permissions, and Permissions Changelog .
3. The backup appliance and worker instances must have outbound internet access to the following Google Cloud APIs: Compute Engine API, Service Usage API, IAM Service Account Credentials API, Identity and Access Management (IAM) AP, Cloud Resource Manager API, Cloud Billing API, Pub/Sub API, Cloud Key Management Service API, Cloud SQL Admin API, Cloud Logging API, Cloud Deployment Manager v2 API .
4. Enter a name for the new Veeam Backup for Google Cloud deployment in the “Deployment name” field. This deployment encompasses the VM instance running Veeam Backup for Google Cloud, the associated Google Cloud service account facilitating access to Google Cloud APIs, firewall rules permitting traffic to and from the VM instance, and other configurations specified during installation.
5. Choose an availability zone within a Google Cloud region from the “Zone” drop-down list. This determines the location where the VM instance running Veeam Backup for Google Cloud will be situated. For details on configuring availability and redundancy settings for Google Cloud resources, refer to Google Cloud documentation.
6 .Within the “Machine type” section, define the number of vCPUs and the amount of memory on Compute Engine allocated to the VM instance running Veeam Backup for Google Cloud. The recommended hardware requirement is an e2-standard-2 instance with 2 vCPUs and 8 GB RAM.
7. In the “Disks” section, specify the size of the boot disk attached to the VM instance and the size of an additional data disk dedicated to storing the application database and logs.
8. In the Networking section, specify a VPC network and a subnet to which the VM instance running Veeam Backup for Google Cloud will be connected.
For a VPC network and a subnet to be displayed in the lists of available networks, they must be created in the Google Cloud console for the region specified at step 6.3 , as described in Google Cloud documentation.
IMPORTANT
Consider the following:
The specified VPC network and subnet must have the outbound internet access to Google Cloud APIs listed in the section.
The specified VPC network and subnet must allow the inbound internet access from a local machine that you plan to use to work with Veeam Backup for Google Cloud.
To learn how to enable internet access for VPC networks and subnets, see https://cloud.google.com/vpc/docs/create-modify-vpc-networks?hl=fr .
If there are no firewall rules permitting inbound HTTPS traffic within the designated network, it is necessary to choose the option to “Allow HTTPS traffic from the internet” and explicitly define the authorized IP address ranges.
For those intending to connect to Veeam Backup for Google Cloud via the Veeam Backup for Google Cloud REST API, it is essential to select the “Allow public API traffic from the internet” checkbox and specify the permissible IP address ranges.
Additionally, the option to allow SSH connections to the backup appliance may be selected, which can be valuable for debugging and troubleshooting requirements.
TIP :
The IPv4 address ranges should be indicated in CIDR notation (e.g., 12.23.34.0/24). If you wish to grant access to the VM instance running Veeam Backup for Google Cloud from all IPv4 addresses, you can use the CIDR notation 0.0.0.0/0. However, it is important to recognize that permitting access from all IPv4 addresses is insecure and is therefore not advisable in production environments.
9. Click Deploy to begin installation.
2.Accessing Veeam backup for Google Cloud
To access Veeam Backup for Google Cloud, follow these steps:
Step 1 : Open a web browser and navigate to the Veeam Backup for Google Cloud web address.
Important Note:
Internet Explorer is not supported. Use Microsoft Edge (latest version), Mozilla Firefox (latest version), or Google Chrome (latest version) to access Veeam Backup for Google Cloud.
The address typically includes a public IPv4 address or DNS hostname of the backup appliance, and the website is available exclusively over HTTPS.
Note:
Your web browser might display a warning about an untrusted connection. To address this, you can replace the current TLS certificate used for securing traffic. Learn more about certificate replacement in the Replacing Web Certificates documentation.
Step 2 : In the provided Username and Password fields, enter the credentials of an authorized user account. If it’s your first login, use the credentials of the Default Administrator account established during product installation. Subsequently, you can add other user accounts to grant access.
Tip:
If you forget your password, you can reset it by clicking the “Forgot password?” link and following the instructions outlined in Veeam KB article.
Step 3 : Optionally, select the “Remain logged in” checkbox to save the specified credentials in a persistent browser cookie. This ensures your session remains active for 24 hours, eliminating the need to re-enter credentials in each new browser session.
Step 4 : Click “Log in.”
Note:
If multi-factor authentication (MFA) is enabled for the user, Veeam Backup for Google Cloud will prompt you to enter a code for identity verification. In the “Verification code” field, input the temporary six-digit code generated by the authentication application on your trusted device. Then, click “Log in.”
3. Configuring Veeam Backup for google cloud
3.1 add service account
Step 1 : To launch the Add Projects and Folders wizard, do the following:
1.Switch to the Configuration page.
2.Navigate to Infrastructure > Projects & Folders.
3.Click Add.
Step 2 : choose the type of service account
At the Service Account step , choose whether you want to add an existing service account, or to create a new service account and add it to Veeam Backup for Google Cloud.
Step 3: Specify Project
This step applies only if you have selected the “Create new account” option at the Service Account step of the wizard :
At the Project step of the wizard, specify the ID of a project in which the new service account will be created.
Step 4 : Specify Account Details
At the Account Details step of the wizard, follow these steps:
- If you have selected the “Add existing account” option at the Service Account step of the wizard, use the Email and Description fields to specify an email address generated for the service account upon the account creation and to provide a description for future reference.
2. If you have selected the “Create new account” option at the Service Account step of the wizard, use the Account ID and Description fields to specify an ID for the new service account and to provide a description for future reference.
3. The minimum length of the account ID is 6 characters. The following characters are supported: lowercase Latin letters, numeric characters and hyphens.
Step 5: Track Account Creation Progress
This step applies only if you have selected the “Create new account” option at the Service Account step of the wizard
Veeam Backup for Google Cloud will display the results of every step performed while creating the “service account”. At the “Creation Log” step of the wizard, wait for the creation process to complete and click “Next”.
Step 6 : Finish Working with Wizard
At the Summary step of the wizard, review summary information and click Finish.
TIP
If you want to associate the newly added service account with a project or folder, select the “Open the Add Projects and Folders wizard when I click Finish” check box.
3.2 Adding Projects and Folders
To add a new project or folder, do the following:
Step 1: Launch the Add Projects and Folders wizard.
Step 2: Specify a service account to access the project or folder.
Step 3 : Define operations to perform in the project or folder.
Step 4 : Select the project or folder.
Step 5 : Check the required permissions.
Step 6 : Finish working with the wizard.
3.3 Adding User Accounts
To add a new user account, do the following:
Step 1 : Launch the Add Account wizard.
Step 2 : Specify an account name and description.
Step 3 : Specify a password.
Step 4 : Finish working with the wizard.
3.4 Adding Backup Repositories
To add a new backup repository, do the following:
Step 1: Launch Add Repository Wizard
To launch the Add Repository wizard, do the following:
- Switch to the Configuration page.
- Navigate to Repositories.
3. Click Add.
Step 2: Specify Repository Name and Description
At the Repository Info step of the wizard, use the Name and Description fields to enter a name for the new backup repository and to provide a description for future reference. The maximum length of the name is 127 characters and the following characters are not supported: \ / “ ‘ [ ] : | < > + = ; , ? * @ & _ .
Step 3: Specify Project
At the Project step of the wizard, select a project to which the new backup repository will belong.
For a project to be displayed in the Project list, it must be added to Veeam Backup for Google Cloud as described in section “Adding Projects and Folders”. If you have not added the necessary project to Veeam Backup for Google Cloud beforehand, you can do it without closing the Add Repository wizard. To add a repository, click Add and complete the Add Projects and Folders wizard.
Step 4: Specify Service Account
At the Service Account step of the wizard, do the following:
- In the Service account section, click Choose to select a service account whose permissions Veeam Backup for Google Cloud will use to access the specified project. For more information on the required permissions, see “Service Account Permissions”.
For a service account to be displayed in the Service Accounts list, it must be added to Veeam Backup for Google Cloud as described in section “Adding Service Accounts”, and must be assigned permissions required to access the specified project as described in section “Adding Projects and Folders”.
IMPORTANT
The selected service account must belong to the same project as that you have specified at step 3 of the wizard.
2. In the HMAC credentials section, use the Access key and Secret key fields to provide a Hash-based Message Authentication Code (HMAC) key associated with the account — Veeam Backup for Google Cloud will use the HMAC key to authenticate requests to the backup repository.
You can create the necessary HMAC key before hand in the Google Cloud console as described in Google Cloud documentation. Alternatively, you can click “Generate HMAC Credentials” to create a new HMAC key and associate it with the service account without closing the Add Repository wizard.
Step 5 : Configure Repository Settings
At the Storage Bucket step of the wizard, do the following:
- In the Storage bucket section, click Choose bucket.
In the Choose storage bucket window, select a storage bucket that will be used as a target location for image-level backups of VM instances and Cloud SQL instances, and click Apply.
For a storage bucket to be displayed in the Available Buckets list, it must be created for the selected project in the Google Cloud console as described in Google Cloud documentation.
2. In the Folder section, choose whether you want to use an existing subdirectory inside the selected storage bucket or to create a new one to group backups stored in the bucket.
To use an existing subdirectory, select the Use existing folder option and click Choose folder. In the Choose folder window, select the necessary subdirectory and click Apply.
For a subdirectory to be displayed in the Available Folders list, it must be previously created by a backup appliance in the selected storage bucket.
Step 6 : Enable Encryption
At the Encryption step of the wizard, choose whether you want to encrypt backups stored in the selected storage bucket. If you enable encryption, specify a password that will be used to encrypt data.
If you have selected an existing subdirectory at the Storage Bucket step of the wizard, you must provide the currently used password to let Veeam Backup for Google Cloud access this subdirectory and add it as a backup repository. You cannot change the encryption settings while adding the repository, but you will be able to edit the repository settings later.
Step 7 : Finish Working with Wizard
At the Summary step of the wizard, review summary information and click Finish.
As soon as you click Finish, Veeam Backup for Google Cloud will start creating the new backup repository. To track the progress, click Go to Sessions in the Session Info window to proceed to the Session Logs tab.
3.5 Adding worker configurations
To add a new worker configuration, do the following:
Step 1 : Launch the Add Worker Configuration wizard.
Step 2 : Specify general settings for the worker configuration.
At the Region step of the wizard, select a region where new worker instances will operate and an availability zone for which you want to configure network settings.
Step 3 : Specify network settings
- At the Network step of the wizard, do the following:
Select a VPC network and a subnet to which you want to connect worker instances created based on the new worker configuration.
For a VPC network and a subnet to be displayed in the lists of available networks, they must be created in the Google Cloud console for the region specified at step 2 of the wizard, as described in Google Cloud documentation.
2. For a firewall rule to be displayed in the list of available rules, it must be created in the Google Cloud console as described in Google Cloud documentation.
Step 4 : Check the required prerequisites.
At the Verification step of the wizard, Veeam Backup for Google Cloud will verify whether all the necessary prerequisites required to deploy worker instances based on the new worker configuration are met. For more information on the prerequisites, see Specifying Network Settings.
Step 5 : Finish working with the wizard.
4. Performing Configuration Backup Automatically
To back up the configuration database in Veeam Backup for Google Cloud automatically on a schedule . During a configuration backup, Veeam exports data from the configuration database and saves it to a backup file in a designated backup repository , Follow these steps :
Step 1: Switch to the Configuration page.
Step 2: Navigate to General > Configuration Backup.
Step 3: In the Backup schedule section, set the Enable scheduling toggle to On.
Step 4: Click Choose in the Repository field, and use the list of available repositories in the Choose Repository window to select a repository where configuration backups will be stored.
Step 5: For a backup repository to be displayed in the list of available repositories, it must be added to Veeam Backup for Google Cloud as described in section Adding Backup Repositories. The list shows only backup repositories of the Standard and Nearline storage classes that have encryption enabled.
Step 6: In the Keep restore points for field, specify the number of days for which you want to keep restore points in the selected backup repository.
In the Create daily backup at field, choose whether configuration backups will be created every day, on weekdays (Monday through Friday), or on specific days.
Step 7: Click Save.
5. Restoring Configuration Data
Veeam Backup for Google Cloud offers restore of the configuration database that can be helpful in the following situations:
The configuration database got corrupted, and you want to recover data from a configuration backup.
You want to roll back the configuration database to a specific point in time.
The backup appliance got corrupted, and you want to recover its configuration from a configuration backup.
The backup appliance went down, and you want to apply its configuration to a new backup appliance.
IMPORTANT
Before you start the restore process, stop all backup policies that are currently running.
To restore the configuration database, do the following:
Step 1 : Launch the Configuration Restore wizard.
To launch the Configuration Restore wizard, do the following:
1.Switch to the Configuration page.
2.Navigate to General > Configuration Backup.
3.In the Configuration restore section, click Restore.
Step 2 : Choose a backup file.
Step 3 : Review the backup file info.
Step 4 : Choose restore options.
IMPORTANT
After you click Restore, the restore process will start. You will not be able to halt the process or edit the restore settings.
Step 5 : Track the restore progress.
Veeam Backup for Google Cloud will display the results of every step performed while executing the configuration restore. At the Restore step of the wizard, wait for the restore process to complete and click Next.
Step 6 : View the results of verification steps :
Step 7 : Finish working with the wizard:
Conclusion
Veeam Backup for GCP provides a comprehensive solution for protecting your Google Cloud resources, ensuring data availability, and simplifying recovery processes. Following the installation, configuration, and backup procedures outlined above will help you establish a robust data protection strategy within your Google Cloud environment. Always refer to the latest Veeam documentation for the most accurate and up-to-date information.
Take a look at Veeam Documetation :
https://helpcenter.veeam.com/docs/vbgc/guide/deployment.html?ver=40
