Skip to main content
  • EN

Background

We have Veeam Backup & Replication (12.3.2.3617) server installed at our Head Office, where physical and virtual machines on the 192.168.ABC.0/24 network are backed up to Veeam Backup Repositories.

Some physical devices are sometimes on Branch Office 192.168.XYZ.0/24 networks (where the XYZ is provided by local Branch Office DHCP servers). These devices can roam between the Head office and a number of (i.e. several) Branch Offices.

The ABC is never equal to XYZ, and no two Branch Office XYZs are the same.

Situation Summary

  1. I want to be able to backup these roaming physical devices to either the Head Office Backup Repositories when the device is there, or to a local NAS in the Branch Office when it is there.
  2. For bandwidth reasons, we can’t reliably backup from Branch Office to Head Office over the VPNs during business hours. We can, however, replicate from Branch repo to Head repo over the VPNs overnight, which is when the endpoints tend to be disconnected from the LANs and with their owners at home.
  3. No endpoint is at more than one Branch Office per day, although they could be at the Head Office and a Branch Office in any single day.

Requirement

  • Is there a way to create a Backup Job for all the endpoints in the “Roaming Endpoint Protection Group” that saves the device backup to whichever backup is on their LAN?
  • All the repositories are on the V:\Backups drive in every Branch Office site, where that is a mapped ISCSI disk (Thick Block-Based LUN) on a local NAS.
  • I want the backup job to run when an endpoint is connected to a LAN and a user logs in, then every couple of hours whilst they are on the LAN.

I would have thought that this is a reasonably common feature request. We have about 20 devices that are in the “Roaming Endpoint Protection Group” although this number fluctuates up and down. All of the endpoints are running Windows 11 Pro for Workstation operating systems.

In order to do this you would need to use a network share location for each office and not a VBR repository but this could become complicated.  Have a VBR in each office is probably not feasible either.  I understand controlling it from the backup server but you may need to do some more designing.

Thanks, Chris. I would have thought this was quite a common requirement, but from your comment it appears not to be. Have you any suggestions about white papers, knowledge pieces, best practice documents or use cases that seek to accomplish what I am trying to do? I am really surprised that this requirement isn’t addressed out of the box in B&R 12 onwards…

Thanks, Chris. I would have thought this was quite a common requirement, but from your comment it appears not to be. Have you any suggestions about white papers, knowledge pieces, best practice documents or use cases that seek to accomplish what I am trying to do? I am really surprised that this requirement isn’t addressed out of the box in B&R 12 onwards…

Unsure myself how common but understand the need.  I would start here on the help page for Veeam Agents - Working with Protection Groups - Veeam Agent Management Guide

Maybe using Locations for the Protection Groups might help with what you need to accomplish.  Also using a VBR repo won’t be feasible but you could use a Shared Folder for backups in each policy - Creating Veeam Agent Backup Policies - Veeam Agent Management Guide

 
 
 

When several repositories needs to be used, we need to create several backup jobs. To be able to use several backup jobs, Agent needs to be used in Server mode, it can be done for non server OS as well. My idea maybe to run those jobs in parallel and to disable jobs to tun over VPN? 

 

That’s certainly an interesting use case, it might not be as common as you’re thinking. You may be able configure the Veeam agent to back up to a DFS share that replicates across all sites. You would need to configure the DFS replication to only occur outside of business hours. The real risk is the scenario you described where users would not be at more than one branch office per day, but they could be at the Head Office and a Branch Office in any single day. This is a problem because SMB has no awareness of DFSR, and thus file locking gets broken, allowing multiple sources to modify a file.

Also, if a user disconnects their workstation from the head office network in the middle of a backup job, then reconnects at a branch office, the agent will look for the backup file and it will be missing, causing problems with the backup chain.

In my opinion, this solution would be a last resort, and my efforts would be focused on increasing the available bandwidth during the day, or perhaps throttling the network activity by each agent during the day.

If it’s the VPN that is the limitation, and not the internet connection, you could consider pointing the agent backups at a Veeam Service Provider, Veeam Data Vault, or other Object Storage targets.

I’m going to try some of these proposals in the lab over the weekend. The lab is designed to mimic Head Office / Branch Office activities and has representative firewalls, policies, AD etc. I will report on my progress on Monday.

The one thing we can’t change is the available VPN bandwidth. We have already got the best internet fibre deals available at each Branch Office and at the Head Office, and business traffic over the VPN has to take priority over backup traffic. 

I will look into the replicated DFS namespace idea in the context of our current storage implementation and approach.

Thank you for your thoughts so far. I still can’t believe this isn’t a common requirement.

Best of luck and let us know how the testing goes.

Device is able to backup to any repository or only from current office?

Terms & Conditions