Share on Facebook0Share on Google+0Share on LinkedIn0Share on Reddit3Tweet about this on Twitter0

This spring, during VeeamON 2017, Veeam Software presented Veeam Powered Network (VeeamPN), their first solution in the field of enterprise networking.

Here is its brief video review by Anthony Spiteri, Veeam evangelist:

Veeam PN is a simple tool for establishing VPN between all parts of a distributed infrastructure: the headquarters, remote and branch offices, employees working remotely, etc. This solution is based on the OpenVPN technology. It serves as a virtual machine, running in Microsoft Azure (Veeam PN Server) or client’s private cloud, with the components on customer’s sites (Veeam PN Gateway):

Veeam Powered Network for Azure

Connections Overview

In addition to Azure-based Veeam PN, any VMware vSphere on-premises VM environment may serve as a central routing server. For this purpose, it is necessary to upload and deploy a virtual Veeam PN Appliance module as an OVA file.

Veeam PN Appliance module as an OVA file

It should be noted that Veeam PN is a completely free product that serves as a network basis for Veeam Recovery to Microsoft Azure, a complex solution for ensuring datacenters’ disaster resiliency. Veeam PN can be also used as a VPN for companies seeking for an easily-scalable virtual private-network infrastructure.

StarWind Virtual SAN eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows StarWind Virtual SAN to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.
Learn more about ➡ StarWind Virtual SAN.

Veeam PN network infrastructure may have any configuration. For example, it may be an environment with a Veeam PN Server virtual machine in Azure, Veeam PN Gateway client’s software in three geographically separated datacenters, or even external private network users connecting via OpenVPN Client.

During product’s deployment, you should specify one of the following options:

Choose installation type - Network hub

  • Network Hub is a Veeam PN server deployed in Azure or in the private infrastructure.
  • Site gateway is a virtual machine serving as a gateway for Veeam PN with 2048-bit self-signed certificates for communication.

The initial setup is described in the image below:

Initial setup description

Further, we set up network communication properties:

set up network communication properties

  • Network hub public IP or DNS name determines a public address that all members of the private network can access (including the remote clients outside the private cloud).
  • Enable site-to-site VPN option should be checked if communication between datacenters (Veeam PN Gateways) is needed.
  • Enable point-to-site VPN allows communication between OpenVPN Client and a Veeam PN Gateway component on datacenter’s site.

Once Veeam PN Server is deployed, we need to generate settings file for datacenter networks (a site-to-site scenario) and standalone computers (a point-to-site scenario). For this purpose, computers and sites must be registered on Veeam PN Server (Hub portal):

Veeam PN clients add client window

As a result, we get the list of registered sites and separate clients:

list of registered sites and separate clients

Once clients are registered, VPN settings for clients and sites should be downloaded as an XML file. These settings must be imported during Site Gateway deployment:

Select the configuratioon file

If Network Hub Server is deployed in the on-premise network, the new route in the Default gateway is to be added to the network with Veeam PN Server. The route should be also added to the sites’ networks with Site Gateway to make both sides of the VPN tunnel aware of the new route. You can find more information here.

When you register Site Gateways on the Network Hub site, and upload its XML configuration file on the site, you allow the gateways to find out Network Hub location and zones that Site Gateways are responsible for. Virtual machines running on the sites need to be able to access VMs in other zones through default gateways. That, actually, is why the static routes are to be added. Once data passes Site Gateway and reaches the Network Hub, it is redirected properly to the corresponding site through its Site Gateway.

For instance, you may have the following infrastructure (the example can be found here):

Veeam Powered Network configuration schema

The table of static routes on MEL site will look like this:

table of static routes on MEL site

Here, Site Gateway of this site serves as Next Hope. Further, Site Gateway sends the traffic to Veeam PN Server. Afterwards, the data is sent to another machine on different site. The route is the same for other sites.

If Veeam PN Server is used in Azure, it is not necessary to add new routes because Veeam PN automatically adds the necessary routes in routing tables. Besides, infrastructures on premises of different public cloud services (laaS, AWS, IBM, Google, etc.) can be used as a component of Veeam PN network infrastructure.

Free Veeam PN solution can be downloaded here. Veeam Recovery to Microsoft Azure trial version also can be downloaded via the link above.

Views All Time
4
Views Today
13
Appreciate how useful this article was to you?
No Ratings Yet
Loading...
Back to blog
The following two tabs change content below.
Alex Samoylenko
Alex Samoylenko
Virtualization technology professional. 10 years ago he built #1 website on virtualization in Russia. Alex runs his own virtualization-focused company VMC. He is a CEO of a mobile game publisher Nova Games and a CEO of an international dating site