11-17-2020 07:09 PM - edited 11-18-2020 01:52 PM
Issue:
How can i keep the traffic for Backup Exec servers hosted in Azure to connect to an offsite storage, keeping the traffic within the Azure network and not go out through the internet and back into the Azure network?
We are fully hosted in Azure. We are using the Azure marketplace Veritas BackupExec 21.1 Server located in Azure region 1 and we need our secondary offsite backup for disaster recovery to be located in a different azure region for disaster recovery situations.
For this we picked the Azure cloud blob stroage which is what Veritas suggestswhich works but the issue is the traffic is leaving the backup server located in Azure region 1 vnet out to the internet and back into Azure region 2 vnet to the keyvault blob storage which is really a problem because its not only a risk but it is seriously costing us unecessary azure internet traffic each month.
Current enviroment Scenario with vnet peering enabled
Azure Production Vnet 1 in Region 1 - BackupExec21.1 Server with primary deduplication storage holding full & incremental backups
Azure Offsite Vnet 2 in Region 2 - Offsite Azure Cloud blob storage hosted here
*************************************************************************************************************
thanks
11-20-2020 02:34 AM
11-23-2020 12:02 PM
Azure charges as the data moves between one region to another.
If the idea is to achieve redundancy since your Backp Exec 21.1 server is in region 1 and backups are being created here you can also add Locally redundant storage(LRS) which will still create 3 copies in Region1 . So your first line of defense will be the disk based storage attached to BE 21.1 and in case some thing happens to it second line of defense will be the LRS blob storage still being in Region 1 . Hope it helps !!!
11-27-2020 12:28 AM - edited 11-27-2020 12:30 AM
Whenever i attatch any Azure blob storage to backup exec its done by attaching it as "cloud storage", so the ports backup exec thinks it needs to use would be possibly either 80 or 443 like as though its going out to the internet. Correct?
I think i got an idea but not sure. To keep traffic within the Azure Enviroment between vnets could i second backup server and attatched it as a managed media server
So basicly promote my current server to be a centeral Admin server. Then build a second backup exec server making it a managed backup server with just a disk attatched to it. Much like 2 or more managed backup servers on the same domain at different locations.
Could something like that work?