Skip to main content
  • EN
Question

Azure VM - VRO, VB&R using Enterprise app to connect to subscription

Hi,

I currently have 2 Veeam servers, one is on-prem and one is an Azure VM. I’m trying to link Veeam to my Azure subscription so it can see storage which contains my backups. 

I have created an enterprise application in azure for this. In VB&R I then need to created an Azure compute account to link Veeam to Azure. 

For my on-prem server this is possible and I am successfully able to connect Veeam to Azure by adding the credentials. I did originally have issues, where by I was using a systems proxy - which would fail the connection, however if I added the proxy server in Edge, this would then work.

Next I logged onto my Azure VM with VRO installed and went to follow the same process. I have added the proxy in both “netsh winhttp” system proxy as well as Edge. I cannot get the application to work. When I run wireshark, it looks like the Azure VM is bypassing any sort of proxy setting and trying to get directly to Azure.

My question is, has anyone had the same issue, is it even possible to use the proxy on the Azure VM for this communication or do I need to allow the server to directly connect?

 

Many Thanks

2 comments

Chris.Childerhose
Userlevel 7
Badge +21

It is possible that you need to allow direct connection from VBR in Azure but I cannot say for sure as I don’t use Azure much.  I will let some others here in the community give more feedback like @MicoolPaul 

But here is the deployment guide if that helps - Deployment - Veeam Backup for Microsoft Azure Guide

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
MicoolPaul
Userlevel 7
Badge +22

Hi @Seanp,

On the surface I can’t see any reason why proxying isn’t possible within an Azure VM but I’m currently on holiday so testing this is out of the question for me 😆

 

I know that accessing Azure resources by default within Azure is optimised, but possible to override. Whilst it wasn’t proxying the traffic, a customer had an Azure firewall they wanted EVERYTHING to go through, even VNET to VNET traffic, and it was possible to manipulate the routing to traverse this. Without seeing your explicit configuration or the wireshark capture I can’t give you the steps required to make this work.

 

As for proxying the traffic, as it’s still on Azure, do you need this? You could create a private endpoint on the Azure Storage, permit your network configuration to talk to that specific Azure Storage Account, and then let them talk like they’re on a private LAN to each other. It negates the need for proxying, and especially that overhead if Veeam needs to perform any tasks “in anger” such as scanning the whole thing and stressing your proxy out.

 

Thoughts on this? 🙂

Michael Paul - Opinions are my own and do not necessarily reflect the opinion of Veeam | https://micoolpaul.com | Twitter: @MicoolPaul | Mastodon: @micoolpaul@masto.nu | Bluesky: @micoolpaul.com

Comment


Terms & Conditions