Veeam Powered Network Overview and Installation
I had seen a couple of tweets from Anthony Spiteri around Veeam Powered Network or Veeam PN. Having only briefly heard a couple of blurbs about this after VeeamOn I wanted to get some first hand experience with the product. Â Anthony also has a really informative video you can take a look at here which gives a good overview of the technology. Aisde from Azure restores, I think it really fills a niche out there concerning site to site connectivity especially in DR situations. The beauty of Veeam Powered Network is its simplicity. Let’s take a closer look at Veeam Powered Network Overview and Installation.
Veeam Powered Network Overview
There is a lot of great information on Veeams official site for Veeam PN as well as Anthony has done some great writeups around the product. Essentially Veeam PN is a free solution from Veeam that at its core supports the Veeam functionallity of restoring to Microsoft Azure. However, the Veeam PN product is a standalone solution that can be used to do more than simply support restores to Microsoft Azure. It can be used for the following:
- Site to Site VPN between copany offices and Azure networks on which you have virtual machine workloads running (possibly restored from Veeam)
- Point to site VPN between remote computers and Azure or on prem Veeam PN hub
- Using Microsoft Azure network to allow users to connect up with company network resources
- As Anthony had pointed out as well, there is a great hidden use case for those of us running home labs wanting to connect to those labs from anywhere or splice into various networks to/from a home lab network
At the core of the Veeam PN technology is OpenVPN. Veeam has basically just put a nice wrapper around OpenVPN and created an extremely straightforward and easy to use interface to create connections between sites.
There are many different models of network architecture you can provision using Veeam Powered Network. Â Below are a few of the network layouts that organizations may benefit from as contained in the Veeam Powered Network Overview document from Veeam.
The Veeam PN in Azure can act as a “Network Hub” for various sites connecting into the hub.
A traditional site to site approach may be configured as well from on prem to Azure.
A point to site configuration below.
Below, we will take a look at provisioning the network hub in Azure and then connecting a local site gateway to the Azure network hub.
Veeam Powered Network Azure Installation
Let’s take a look at the installation of the Veeam Powered Network appliance from the Azure marketplace.  The installation is fairly straightforward.  Simply search for “Veeam PN” from the Azure marketplace and choose to Create the appliance.
The basic configuration settings have you setup a machine name, user name, password, choose your subscription and Resource Group.
Next, we get into the build of the appliance itself with setting up storage, public IP address, domain name, virtual network, subnet, etc.
Part of the configuration is setting up the self signed certificate for the appliance. Â Fill in the certificate information.
The VPN information configuration has you select the specific protocol and port settings for the different VPN types.
Finally, we come to the summary of our configuration settings.
After clicking OK on the Summary screen, we are presented with the terms of “purchase”.  Click the Purchase button.
After purchasing, the Veeam PN appliance will start Deploying.
After just a few minutes, you should see the Resources populated with the Veeam PN resources that are provisioned.
Click on your Veeam PN virtual machine to find the Public IP Address.  This is the address you will connect to in finishing out the configuration of the appliance, setting up VPN clients, etc.
Veeam Powered Network Azure Configuration
After connecting to the public IP address and logging in with the credentials that you setup in the Azure installation, you will be presented with the Azure Setup.  As mentioned, you will be walked through logging into your Azure account, the process should create a service principal account, and give this accout least required privileges to Azure virtual network routing table.
The login process is a bit unique. Â You will follow the link and enter the code that is presented to authenticate. Â Then you will click on the account you want to login with. Â You will most likely already be logged in, so you won’t have to reenter your password, just click your account. Â It will tell you that you can simply close the window.
Veeam PN Azure Config Failed
I ran into an issue stating the Azure config failed on stage “Cannot fine routing table”.  A bit of Googling turned up the Veeam forum post found here.  The problem below comes from having more than one subscription under an account.  The setup looks for the first account listed to enumerate the routing tables, etc.  The first account listed for me was a “disabled” account and not the current one.
As the post mentions you can verify this by SSH’ing into the Azure appliance and running the azure account list command.  Notice below the two accounts.  The first one is listed as Disabled but also shows Current.  To set it to the correct one you use the command azure account set GUID_OF_ID_OF_CORRECT_SUBSCRIPTION replacing the GUID with your correct subscription.
After setting the correct account to current, the step succeeds.
Connecting a Remote Site to Azure Veeam Powered Network Hub
Since we are using Azure as the hub, we go back to our local Veeam PN appliance, we choose the Site Gateway configuration.
It needs the configuration file from our Azure Network Hub. Â Go to your Azure Network Hub Veeam PN and let’s create the client for our site and download the configuration.
Create the Veeam Powered Network Client for Remote Site
Back to our Azure network hub, we create a new client. Click Clients and then the “+” sign for Add. In the Type, we choose Entire site.
Enter your subnet for the remote site.
Click Finish to create the client. Â Upon clicking finish the configuration will download automatically.
You can also manually download the site configuration by clicking the Download link under the Configuration file.
Now back to our local appliance, we browse to the configuration file we downloaded.
After downloading and installing the configuration file, we should see our client connect up automatically.
As you can see, it is super easy to get sites connected using the Azure hub and a local site gateway.
Takeaways
Hopefully, this Veeam Powered Network Overview and Installation will give an idea of the power this appliance brings to the table. Â This appliance makes setting up VPN connections or connecting multiple sites together “fall off a log” easy. Â It takes all the heavy lifting out of configuration settings etc. Â It is definitely a tool that can be used in the case of a DR situation where you need to connect up a remote site for connectivity or restoring to Azure which is the primary documented intent. Â However, using it for home lab connectivity or other use cases will definitely come in handy. Â Be sure to check out the Veeam Powered Network appliance. Â It is a free download and looks to be very stable even in RC from.
