Monthly Archives: May 2018

Released: NSX-v 6.4.1 New Features and Fixes

Last week VMware released NSX-v 6.4.1 (Build 8599035) that contains a some new features and addresses a number of resolved issues from previous releases. I will go through the new features in more detail below however a key mentions is the fact that vSphere 6.7 is now supported, also meaning the vCloud Director can now be used with NSX-v 6.4.1 fully supported on vSphere 6.7. Prior to that only 6.5 was supported by NSX-v meaning you couldn’t upgrade to vSphere 6.7 as vCloud Director is dependant on NSX-v which didn’t support 6.7 until this 6.4.1 release.

There is also a small, but cool automatic backup feature introduced that backs up the state of the NSX Manager locally prior to the upgrade. Going through the release notes there are a lot of known issues that should be looked at and there are more than a few that apply to service providers.

The NSX User Interface continues to be enhanced and additional components added to the HTML5 Web Client. As you can see below, there are a lot more options in the HTML5 Web Client compared to the 6.4 base release…to reference that version menu, click here.

NSX User Interface

As you can see, the following VMware NSX features are now available through the HTML5 vSphere Client. Installation, Groups and Tags, Firewall, Service Composer, Application Rule Manager, SpoofGuard, IPFIX and Flow Monitoring. VMware is maintaining a web page that show the current NSX for vSphere UI Plug-in Functionality.

Other enhancements to the User Interface include:

  • Firewall – UI Enhancements:
    • Improved visibility: status summary, action toolbar, view of group membership details from firewall table
    • Efficient rule creation: in-line editing, clone rules, multi-selection and bulk action support, simplified rule configuration
    • Efficient section management: drag-and-drop, positional insert of sections and rules, section anchors when scrolling
    • Undo operations: revert unpublished rule and section changes on UI client side
    • Firewall Timeout Settings: Protocol values are displayed at-a-glance, without requiring popup dialogs.
  • Application Rule Manager – UI Enhancements:
    • Session Management: View a list of sessions, and their corresponding status (collecting data, analysis complete) and duration.
    • Rule Planning: View summary counts of grouping objects and firewall rules; View recommendations for Universal Firewall Rules
  • Grouping Objects Enhancements:
    • Improved visibility of where the Grouping Objects are used
    • View list of effective group members in terms of VMs, IP, MAC, and vNIC
  • SpoofGuard – UI Enhancements:
    • Bulk action support: Approve or clear multiple IPs at a time

I really like how the HTML5 interface is coming along and i’m now using it as my primary tool over the Flex interface.

Other New Enhancements:

Looking at Security Services are improvements in the Firewall by way of additional layer 7 application context support for Symantec LiveUpdate Traffic, MaxDB SQL Server support and support for web based Git or version control. There is also extended support via the Identity Firewall for user sessions on RDP and application server which now covers Server 2012 and 2012 R2 with specific VMTool versions.

The NSX Load Balance now scales to 256 pool members up from 32 which is a significant enhancement to an already strong feature of the NSX Edges. There are also a number of enhancements to overall operations and troubleshooting pages.

Those with the correct entitlements can download NSX-v 6.4.1 here.

Special Upgrade and Supportability Notes:

  • vSphere 6.7 support: When upgrading to vSphere 6.7, you must first install or upgrade to NSX for vSphere 6.4.1 or later. See Upgrading vSphere in an NSX Environment in the NSX Upgrade Guide and Knowledge Base article 53710 (Update sequence for vSphere 6.7 and its compatible VMware products).
  • NSX for vSphere 6.1.x reached End of Availability (EOA) and End of General Support (EOGS) on January 15, 2017. (See also VMware knowledge base article 2144769.)
  • NSX for vSphere 6.2.x will reach End of General Support (EOGS) on August 20 2018.

References:

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/rn/releasenotes_nsx_vsphere_641.html

 

Public Cloud and Infrastructure as Code…The Good and the Bad all in One Day!

I’m ok admitting that I am still learning as I progress through my career and I’m ok to admit when things go wrong. Learning from mistakes is a crucial part of learning…and I learnt a harsh lesson today! That Infrastructure as Code is as dangerous as it is awesome…and that the public cloud is an unforgiving place!

Earlier today I created a new GitHub Repository for a project i’ve been working on. Before I realised my mistake I had uploaded a Terraform variables file with my AWS Access and Secret Key. I picked up on this probably two minutes after I pushed the contents up to the public repository. Roughly five minutes later I deleted the repository and was about to start fresh without the credentials but then realised than my Terraform plan was failing with a credential error.

I logged into the AWS Console and saw that my main VPC and EC2 instances had been terminated and that there was 20 new instances in it’s place. I knew exactly at that point what had happened! I’d been compromised and I had handed over the keys on a silver web scraper platter.

My access key had been deleted and new ones created along with VPCs and Key Pairs in every single AWS region across the world. I deleted the new access key the malicious user created locking him out from doing any more damage, however in the space of ten minutes 240 EC2 instances in total where spun up. This was a little more than the twenty I thought I had dealt with initially…costing only $4.50…Amazing!

I contacted AWS support and let them know what happened. To their credit (and to my surprise) I had a call back within a few hours. Meanwhile they automatically restricted my account until I had satisfied a series of clean up steps so as to limit any more potential damage. The billing will be reversed as well so I am a little less in a panic when I see my current month breakdown.

The Bad Side of Infrastructure as Code and Public Cloud:

This example shows how dangerous the world we are living in can be. With AWS and alike providing brilliant API access into their provisioning platforms malicious users have seen an opportunity to use Infrastructure as Code as a way to spin up cloud resources in a matter of seconds. All they need is an in. And in my case, that in was a moment of stupidity…and even though I realised what I had done, all it took was less than five minutes for them to take advantage of my lack of concentration and exploit my security lapse. They also exploited the fact that I am new to this space and had not learnt best practice for storing credentials.

I was lucky that everything I had in AWS was just there for demo purpose and I had nothing of real important there. However, if this happened to be someone running business critical applications they would be in for a very very bad day. Everything was wiped! Even the backup software I had running in there using local snapshots…as ever a case for offsite copies if there was one! (Ergo – Veeam Agents and N2WS)

The Good Side of Infrastructure as Code and Public Cloud:

What good could come of this? Well, apart from learning a little more about Terraform and how to store credentials the awesome part was that all the work I had put in over the past couple of weeks getting a start with Infrastructure as Code and Terraform was that I was able to reprovision everything that I lost within 5 minutes…once my account restriction was lifted.

That’s the power of APIs and the applications that take advantage of them. And even though I copped a slap in the face today…I’m converted. This stuff is cool! We just need to be aware of the dangers that come and the fact that the coolness can be used and exploited in the wrong way as well.

Quick Post – Configuring Key Based Authentication for AWS based Veeam Linux Repository

I’ve been doing a little more within AWS over the past month or so related to my work with VMware Cloud on AWS and the setting up of EC2 instances to use as Veeam Linux Repositories. When deploying a linux based instance in AWS you set a key pair to the instance at the time of deployment. You then download the private key pem file and use that to remotely connect to the instance when desired.

In my testing, I wanted to configure this EC2 instance as a Linux Repository. When creating a new repository you need to set up the Linux server with the key pair. To do this you need to select the Add Linux Private Key drop down in the new Linux Server window.

Next you need to enter the username of the EC2 instance which in this case is centos (best practice here is to create a new repository user and elevate to root but for my testing using the provided) and then load up the pem file that contains the private key. You don’t need to enter in a Passphrase.

The check box to Elevate specified account to root is also selected. Accept the server thumbprint as shown below.

Once accepted the Veeam Linux components will be installed and all things being equal you will have a Veeam Linux based repository ready for action that lives remotely on an EC2 instance.

Once complete you can tag the location against the repository and now use it as a backup target.

So there you go, a quick post on how to get an EC2 Linux instance up and running in Veeam Backup & Replication as a Linux Repository.

VeeamON 2018 Recap

VeeamON has come an gone for another year and it is an exciting time to be in the (hyper) availability industry. There has been a significant shift in the way that backup and recovery is thought about in the IT Industry and Veeam is without question leading the way in this space. We have been the driving force of change for an industry that was once seen as mundane yet necessary. This year we did not announce any new products or features but more importantly laid the ground work for what is to come with our new vision and strategy. To be the leading provider of intelligent data management solution for a world where data is now highly distributed, is growing at exponential rates and where hyper-availability is desired.

What does that exactly mean?

Well for me it is an evolution of our messaging that what presented in August of 2016 where the Veeam Availability platform was first launched. The platform it’s self has evolved over the past eighteen months with the release of Veeam Availability Orchestrator, Veeam Availability Console, Backup for Office 365, both the Windows and Linux agents and more recently the pending releases of our Nutanix AHV backup and support for AIX and Solaris. Put that together with the acquisition of N2WS for AWS availability and you can see that we are serious about fulfilling the promise of the vision laid out during the event.

2018 Highlights:

Apart from delivering three sessions, my highlights revolve around my discussions with customers and partners and getting face to face feedback on how we are doing. This is critical to our function in the Product Strategy team but for me personally it allows me to interact with some of the best innovators in the service provider landscape. On that note, another highlight was the inaugural Veeam Innovation Awards of which I was a voting panel member along with Michael Cade and Jason Buffington. It was great to see four VCSPs win recognition and awesome to have Probax (a local Perth company) included as part of the initial group of winners.

From the Show Floor:

I have copied in a number of media interviews and daily wraps below that go into more detail about the event, it’s announcements and the messaging that we are putting forward as a leader in the space. Enjoy the discussions below and I am already looking forward to VeeamON 2019…I have a feeling it’s going to be massive!

 

Veeam Cloud Announcements:

Veeam expands multi-cloud solutions at VeeamON 2018

VMware Cloud on AWS, Veeam Powered Network and Veeam ONE …my Session Roundup for VeeamON 2018

Yesterday I posted an article highlighting my top picks for VeeamON 2018. The one thing I didn’t list in that post was my own sessions for this years event. This year I’m presenting three sessions in the Cloud Powered track and I am lucky enough to be joined by three awesome co-presenters for each session. All three sessions focus on specific use cases and cover different aspects our cloud features and functionality.

Three more reasons to deploy Veeam Powered Network

Presenting with Edward Watson

Veeam® PN was released as part of Veeam Recovery to Microsoft Azure
earlier this year. However, there is more to Veeam PN than just this use case. Veeam PN allows administrators to create, configure and connect site-to-site or point-to-site VPN tunnels easily through an intuitive and simple UI, all within a couple of clicks. Do you have a remote office network that you want easier access into? Do you have a home lab that you want to access from anywhere in the world? Do you have workloads spread across different cloud platforms that need connecting? SDN doesn’t have to be complex! If you answered “Yes!” to at least one of these questions, then we invite you to our breakout session, where we will provide you with three different use cases that will make your life easier and simplify what has been a traditionally complex part of IT.

Tue, May 15th, 4:10 PM – 5:10 PM

VMware Cloud on AWS technical deep dive with Veeam hybrid cloud Availability

Presenting with Emad Younis

VMware Cloud on AWS brings VMware’s enterprise class Software-Defined Data Center software running on Amazon Web Services bare metal and enables customers to run production applications across vSphere-based private, public and hybrid cloud environments. Delivered, sold and supported by VMware as an on-demand service, customers can continue to leverage their current VMware skill sets and expand them by adding AWS services, including storage, databases, analytics and more. VMware Cloud on AWS provides flexibility, allowing workload mobility between on premises and the cloud SDDC by using familiar tools such as vMotion. Veeam® was a launch partner for data protection for VMware Cloud on AWS. In this session, you will get a technical overview of VMware Cloud on AWS and also how Veeam can protect workloads hosted on VMware Cloud on AWS. Attendees will walk away with practical guidance and tips on getting the best of both worlds with VMware and Veeam hybrid cloud and Availability solutions.

Wed, May 16th, 8:45 AM – 9:45 AM

Veeam ONE for VCSP partners — More powerful than you thought!

Presenting with Eugene Kashperovetskyi

Service providers need to be aware of whats going on within their platforms, and Veeam® Cloud & Service Provider (VCSP) partners should be looking at Veeam ONE™ to monitor and report on more than just base VMware vSphere or Microsoft Hyper-V metrics. Veeam ONE offers expansive monitoring and reporting on Veeam Backup & Replication™ jobs, as well as the ability to dive into vCloud Director environments and give granular metrics on vCD objects, such as vApps, virtual data centers and their parent organizations. SingleHop (a leading VCSP offering providing Veeam Cloud Connect services) uses Veeam ONE as a key element of their platforms monitoring, integration and proactive management of environments. The sophisticated approach between Veeam ONE Monitor, Veeam ONE Reporter and Veeam ONE Business View offers the granularity and automation capabilities highly demanded by their clients. In this session, you will learn about the practical approaches taken by SingleHop to deliver and guarantee the level of services appreciated and valued by their partners, resellers and customers. We will go through how to get the most out of Veeam ONE for your service provider platforms, from reporting and chargeback to how to monitor and report on Veeam Cloud Connect Backup and Veeam Cloud Connect Replication tenant and infrastructure…and tell you how some of this can be done with the FREE edition!

Wed, May 16th, 10:00 AM – 11:00 AM

You can download the VeeamON Mobile Application to register for sessions, organise and keep tabs on other parts of the event. Again, looking forward to seeing you all there at my sessions next week!

CrowdCompass Speaker Link

VeeamON 2018: Top Session Picks

VeeamON is happening next week and the final push towards the event is in full swing. I can tell you that that this years event is going to be extremely valuable for those who can attend! This is going to be my third VeeamOn, and my second being involved with the preparation of elements of the event. Having been behind the scenes, and knowing what our customers and partners are in for in terms of content and event activities…I can’t wait for things to kick off in Chicago.

This year we have 70 breakout sessions with a number of high profile speakers coming over to help delver those sessions. We also have significant keynote speakers for the main stage sessions on each of the three days. You will also hear from our executive team on the vision Veeam has for continuing to provide availability through our industry leading innovations.

Top Session Pick:

The tracks are organised slightly different to last year in that there are no set Technical levels. There are seven tracks available

  • Better Together
  • Architecture and Design
  • Cloud-Powered
  • Deep Tech
  • Implementation Best Practices
  • Operations and Support
  • Vision and Strategy

I’ve gone through all the breakouts and picked out my top sessions that you should consider attending…as usual there is a cloud slant to most of them, but there are also some core technology sessions that are not to be missed. The Veeam Product Strategy team are well represented in the session list so it’s also worth looking to attend talks from Rick Vanover, Michael Cade, Niels Engelen, Melissa Palmer, Dmitry Kniazev, David Chapa and Jason Buffington. Danny Allan will be main stage delivering our core vision and strategy moving beyond 2018.

Veeam Backup for Microsoft Office 365 2.0: Deep Dive

Mike Resseler and Kostya Yasyuk

After learning what is new in Veeam® Backup for Microsoft Office 365 2.0, it is time to look into the details of this solution. Learn about optimization, architecture, under-the-hood workings and much more in this session.

Wed, May 16th, 2:50 PM – 3:50 PM

From zero to hero: A deep dive on RESTful API for Veeam solutions

Niels Engelen and Dmitry Kniazev

Join us for a journey on how to leverage the RESTful API provided in several Veeam® solutions. We will go deeper on how to get started and even develop a full platform with a focus on: Veeam Backup & Replication™ Veeam Backup for Microsoft Office 365 Veeam Availability Console

Tue, May 15th, 2:50 PM – 3:50 PM

Cooking up some Veeam deployment with CHEF automation

Michael Cade and Jeremy Goodrum

A walk-through session showing the open source CHEF cookbook that installs and configures Veeam® Backup & Replication™ based on documented Veeam best practices. Automation in large-scale deployments is a must. This cookbook will allow for a scalable deployment of your Veeam components and the ability for controlled upgrades and configuration best practices across the estate.

Wed, May 16th, 12:15 PM – 1:15 PM

A sneak peek at Veeam Backup & Replication 2018 releases

Anton Gostev

Hear right from Anton Gostev about the details of the next release of Veeam® Backup & Replication™. The details of this will be announced at VeeamON 2018, and this will be your exclusive opportunity to learn more about the next release of Veeam Backup & Replication.

Wed, May 16th, 2:50 PM – 3:50 PM

Getting started with Veeam Availability Orchestrator: Ensure business continuity & DR compliance

Melissa Palmer

As a new product for 2018, Veeam® Availability Orchestrator raises the bar for enterprises of all sizes that need orchestrated disaster recovery (DR) and a strong business continuity plan. In this session, the components and architecture of Veeam Availability Orchestrator will be shown in the context of how they work with each other. This breakout will start with a use case and then apply the capabilities of Veeam Availability Orchestrator to deliver objectives for the use case example. Additionally, this session will provide details of core capabilities of Veeam Availability Orchestrator, including data labs, custom steps and building DR plans. As part of your journey from beginner to expert with Veeam Availability Orchestrator, this session is recommended to attend first before attending “Automate your DR run book with PowerShell and Veeam Availability Orchestrator” and “Plan for disaster with confidence using automated testing in Veeam Availability Orchestrator”.

Tue, May 15th, 11:20 AM – 12:20 PM

Veeam Availability Console usage scenarios

Vitaliy Safarov

Veeam® Availability Console can bring lots of value to a cloud or service provider and enterprise organizations. What are the most common usage scenarios? How can you benefit from the functionality within the solution to lower your daily administration, but at the same time have visibility into your tenant’s environment? If you are a service provider or an enterprise that operates as a service provider, then you will learn a few scenarios that can save you time, effort and money, simply by using this FREE solution.

Wed, May 16th, 12:15 PM – 1:15 PM

The (r)evolution of VMware vSAN

Duncan Epping

The world of hyper-converged infrastructure moves at an extremely rapid pace, and VMware vSAN is one of the biggest enablers. In this session, Duncan Epping will discuss where VMware vSAN began, where it stands today and, most importantly, what to expect in the future. Duncan will start with a brief explanation of the basics of VMware vSAN and then quickly dive into the future by doing a demo of various (potentially) upcoming features.

Wed, May 16th, 1:35 PM – 2:35 PM

Wrap Up:

There are obviously a lot more from which to choose from and the full list can be found here. You can also download the VeeamON Mobile Application to register for sessions, organise and keep tabs on other parts of the event.

Looking forward to seeing you all there!

 

Quick Fix: vSAN Health Reports iSCSI Target Service Stopped

A few weeks ago I wrote about using iSCSI as a backup repository target. While still running this POC in my environment I came across an error in the vSAN Health Checker stating the vSAN iSCSI target service was in a Failed state. Drilling down into the vSAN Health check tree I could see a Service Runtime status of stopped as shown below against the host.

This host had recently been marked as unreachable in vCenter and required a Management Agent reset to bring it back online. There is a chance that that process stopped the iSCSI Target service but did not start it. In any case there is an easy way to see the status of the services and then get them back online.

Once that’s been done, a re-run of the vSAN Health checker will show that the issue has been resolved and the iSCSI Target Service on the host is now running.

References:

https://kb.vmware.com/s/article/2147603

 

Deploying Veeam Powered Network into a AWS VPC

Veeam PN is a very cool product that has been GA for about four months now. Initially we combined the free product together with Veeam Direct Restore to Microsoft Azure to create Veeam Recovery to Microsoft Azure. Of late there has been a push to get Veeam PN out in the community as a standalone product that’s capable of simplifying the orchestration of site-to-site and point-to-site VPNs.

I’ve written a few posts on some of the use cases of Veeam PN as a standalone product. This post will focus on getting Veeam PN installed into an AWS VPC to be used as the VPN gateway. Given that AWS has VPN solutions built in, why would you look to use Veeam PN? The answer to that is one of the core reasons why I believe Veeam PN is a solid networking tool…The simplicity of the setup and ease of use for those looking to connect or extend on-premises or cloud networks quickly and efficiently.

Overview of Use Case and Solution:

My main user case for my wanting to extend the AWS VPC network into an existing Veeam PN Hub connected to my my Homelab and Veeam Product Strategy Lab was to test out using an EC2 instance as a remote Veeam Linux Repository. Having a look at the diagram below you can see the basics of the design with the blue dotted line representing the traffic flow.

 

The traffic flows between the Linux Repository EC2 instance and the Veeam Backup & Replication server in my Homelab through the Veeam PN EC2 instance. That is via the Veeam PN Hub that lives in Azure and the Veeam PN Site Gateway in the Homelab.

The configuration for this includes the following:

  • A virtual private cloud with a public subnet with a size /24 IPv4 CIDR (10.0.100.0/24). The public subnet is associated with the main route table that routes to the Internet gateway.
  • An Internet gateway that connects the VPC to the Internet and to other AWS products.
  • The VPN connection between the VPC network and the Homelab network. The VPN connection consists of a Veeam PN Site Gateway located in the AWS VPC and a the Veeam PN HUB and Site Gateway located at the Homelab side of the VPN connection.
  • Instances in the External subnet with Elastic IP addresses that enable them to be reached from the Internet for management.
  • The main route table associated with the public subnet. The route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC, and two entries that enables instances in the subnet to communicate with the remote subnets (172.17.0.0/24 and 10.0.30.0/24).

AWS has a lot of knobs that need adjusting even for what would normally be assumed functionality. With that I had to work out which knobs to turn to make things work as expected and get the traffic flowing between sites.

Veeam PN Site Gateway Configuration:

To get a Veeam PN instance working within AWS you need to deploy an Ubuntu 16.04 LTS form the Instance Wizard or Marketplace into the VPC (see below for specific configuration items). In this scenario a t2.small instance works well with a 16GB SSD hard drive as provided by the instance wizard. To install the Veeam PN services onto the EC2 instance, follow my previous blog post on Installing Veeam Powered Network Direct from a Linux Repo.

Once deployed along with the EC2 instance that I am using as a Veeam Linux Repository I have two EC2 instances in the AWS Console that are part of the VPC.

From here you can configure the Veeam PN instance as a Site Gateway. This can be done via the exposed HTTP/S Web Console of the deployed VM. First you need to create a new Entire Site Client from the HUB Veeam PN Web Console with the network address of the VPC as shown below.

Once the configuration file is imported into the AWS Veeam PN instance it should connect up automatically.

Jumping on the Veeam PN instance to view the routing table, you can see what networks the Veeam HUB has connected to.

The last two entries there are referenced in the design diagram and are the subnets that have the static routes configured in the VPC. You can see the path the traffic takes, which is reflected in the diagram as well.

Looking at the same info from the Linux Repository instance you can see standard routing for a locally connected server without any specific routes to the 172.17.0.0/24 or 10.0.30.0/24 subnets.

Notice though with the traffic path to get to the 172.17.0.0/24 subnet it’s now going through an extra hop which is the Veeam PN instance.

Amazon VPC Configuration:

For the most part this was a straightforward VPC creation with a IPv4 CIDR block of 10.0.100.0/24 configured. However, to make the routing work and the traffic flowing as desired you need to tweak some settings. After initial deployment of the Veeam PN EC2 instance I had some issues resolving both forward and reverse DNS entries which meant I couldn’t update the servers or install anything off the Veeam Linux software repositories.

By default there are a couple of VPC options that is turned off for some reason which makes all that work.

Enable both DNS Resolution and DNS Hostnames via the menu options highlighted above.

For the Network ACLs the default Allows ALL/ALL for inbound and outbound can be left as is. In terms of Security Groups, I created a new one and added both the Veeam PN and Linux Repository instances into the group. Inbound we are catering for SSH access to connect to and configure the instances externally and as shown below there are also rules in there to allow HTTP and HTTPS traffic to access the Veeam PN Web Console.

These, along with the Network ACLs are pretty open rules so feel free to get more granular if you like.

From the Route Table menu, I added the static routes for the remote subnets so that anything on the 10.0.100.0/24 network trying to get to 172.17.0.0/24 or 10.0.30.0/24 will use the Veeam PN EC2 instance as it’s next hop target.

EC2 Configuration Gotchya:

A big shout out to James Kilby who helped me diagnose an initial static routing issue by discovering that you need to adjust the Source/Destination Check attribute which controls whether source/destination checking is enabled on the instance. This can be done either against the EC2 instance right click menu, or on the Network Interfaces menu as shown below.

Disabling this attribute enables an instance to handle network traffic that isn’t specifically destined for the instance. For example, instances running services such as network address translation, routing, or a firewall should set this value to disabled. The default value is enabled.

Conclusion:

The end result of all that was the ability to configure my Veeam Backup & Replication server in my Homeland to add the EC2 Veeam Linux instance as a repository which allowed me to backup to AWS from home through the Veeam PN network site-to-site connectivity.

Bear in mind this is a POC, however the ability to consider Veeam PN as another options for extending AWS VPCs to other networks in a quick and easy fashion should make you think of the possabilities. Once the VPC/EC2 knobs where turned and the correct settings put in place, the end to end deployment, setup and connecting into the extended Veeam PN HUB network took no more than 10 minutes.

That is the true power of the Veeam Powered Network!

References:

https://docs.aws.amazon.com/glue/latest/dg/set-up-vpc-dns.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#change_source_dest_check