#1 Global Leader in Data Resilience

Usage of a predefined VMware ESXi extension (VIB) for Veeams Backup from Storage Snapshot with Cisco HyperFlex IOvisor processing

KB ID: 2298
Product: Veeam Backup & Replication | 9.5 | 10 | 11
Published: 2017-06-07
Last Modified: 2021-09-01
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Challenge

This article describes the usage of a predefined VMware ESXi extension (VIB) for Veeams Backup from Storage Snapshot with Cisco HyperFlex IOvisor processing.

For details on how to perform these firewall changes manually please review KB2299.

HyperFlex Version Specific Article

Please follow the KB below only if you are running a HyperFlex version below 3.0.

Starting with Cisco HyperFlex 3.0, the needed Firewall changes have been implemented in the OS image. Please review KB3075.

For new customers, we recommend installing HyperFlex cluster with that latest HX version, and for existing customers, we recommend upgrading to HX 3.0 or higher to benefit from the new Firewall changes.

Cause

To achieve optimal balancing within the Cisco HyperFlex data network at Backup from Storage Snapshot processing, it is needed to change the ESXi host firewall.
See more background information here.

One of the Methods to change the ESXi host firewall is by a pre-defined VIB found on the Veeam Community GitHub site.

To implement this, follow the below instructions.
 

Solution

Install the Firewall VIB on ESXi:

Repeat the following steps on all Cisco HyperFlex nodes in your cluster.

1. Enable ssh and log in to your ESXi host by using a tool like PuTTY
User-added image

2. Copy the VIB file to the ESXi host's tmp folder using HTTP or a SCP client
User-added image

3. Install the VIB
Command:
esxcli software vib install -v /tmp/VeeamCiscoHXFirewall.vib -f
User-added image

4. Verify the VIB was installed
Command:
esxcli software vib list | grep 'Veeam'
User-added image

5. Verify the new firewall rule is active
Command:
esxcli network firewall ruleset list
Note: If the VIB installation fails, you might need to set the acceptance level to CommunitySupport and retry the installation.
Command:
esxcli software acceptance set --level=CommunitySupported
User-added image


Set the Veeam Proxy Servers

1. Enable allowed IP list for the new firewall rule
Command:
esxcli network firewall ruleset set -r "VeeamCiscoHXFirewall" -a false 
User-added image

2. Set the Veeam proxy server data network IP that is on the Hyperflex ("Storage Controller Data Network")
Repeat the following command for all Veeam proxy server or set a subnet:
esxcli network firewall ruleset allowedip add -r "VeeamCiscoHXFirewall" -i "172.17.53.53."
User-added image

3. Verify the IPs are set
Command:
esxcli network firewall ruleset allowedip list | grep -v "All"
User-added image

Note: Veeam recommends to set the all IPs of Veeam proxy servers in the firewall rule. Otherwise the firewall rule is enabled for all incoming connections. You can specify either the IP address or a subnet. Use one command per proxy.


Check if everything is configured correctly

1. Check the Security Profile on the ESXi hosts

For HX systems < HX2.5 using the relevant VIB.
User-added image

For HX system >= HX2.5 using the relevant VIB.
User-added image


2. Check the VIB
Command:
esxcli software vib list | grep 'Veeam'
User-added image

3. Check the ruleset
Command:
esxcli network firewall ruleset list
User-added image

4. Check which Veeam Proxy IPs are assigned
Command:
esxcli network firewall ruleset allowedip list | grep -v "All"
User-added image



 
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.