cancel
Showing results for 
Search instead for 
Did you mean: 

BE Server cloud Offsite Storage is leaving the Azure network and going out to internet $$ :(

naarmstrong
Level 4

Issue:

How can i keep the traffic for Backup Exec servers hosted in Azure to connect to an offsite storage, keeping the traffic within the Azure network and not go out through the internet and back into the Azure network? 

We are fully hosted in Azure. We are using the Azure marketplace Veritas BackupExec 21.1 Server located in Azure region 1 and we need our secondary offsite backup for disaster recovery to be located in a different azure region for disaster recovery situations.

For this we picked the Azure cloud blob stroage which is what Veritas suggestswhich works but the issue is the traffic is leaving the backup server located in Azure region 1 vnet out to the internet and back into Azure region 2 vnet to the keyvault blob storage which is really a problem because its not only a risk but it is seriously costing us unecessary azure internet traffic each month.

Current enviroment Scenario with vnet peering enabled

Azure Production Vnet 1 in Region 1 - BackupExec21.1 Server with primary deduplication storage holding full & incremental backups

Azure Offsite Vnet 2  in Region 2 - Offsite Azure Cloud blob storage hosted here

*************************************************************************************************************

thanks

3 REPLIES 3

CraigV
Moderator
Moderator
Partner    VIP    Accredited
Have you peered your VNETs?

Girishrox
Moderator
Moderator
Partner    VIP   

Azure charges as the data moves between one region to another.

If the idea is to achieve redundancy since your Backp Exec 21.1 server is in region 1 and backups are being created here you can also add Locally redundant storage(LRS) which will still create 3 copies in Region1 . So your first line of defense will be the disk based storage attached to BE 21.1 and in case some thing happens to it second line of defense will be the LRS blob storage still being in Region 1 . Hope it helps !!!

Whenever i attatch any Azure blob storage to backup exec its done by attaching it as "cloud storage", so the ports backup exec thinks it needs to use would be possibly either 80 or 443 like as though its going out to the internet. Correct? 

I think i got an idea but not sure. To keep traffic within the Azure Enviroment between vnets could i second backup server and attatched it as a managed media server

So basicly promote my current server to be a centeral Admin server. Then build a second backup exec server making it a managed backup server with just a disk attatched to it. Much like 2 or more managed backup servers on the same domain at different locations. 

Could something like that work?