Configuring the Veeam backup server
For the immutable backup and isolated recovery environments, the Veeam® backup server is configured by PowerShell. PowerShell is run locally on the Veeam backup server through an Ansible® playbook that is run on the automation server. Ansible uses WinRM to access Microsoft® Windows® servers. The following items are required by Ansible:
- PowerShell 3.0 or newer and at least .NET 4.0 to be installed.
- A WinRM listener that is created and activated.
Both these requirements are enabled by default in the IBM Cloud® build of Windows 2019.
In this step, the following tasks are required to configure the Veeam backup server so that it can be accessed by the automation server:
- Create a firewall rule that allows WinRM inbound on TCP port
5986. - Create a service account for ansible automation, and add to the local administrator group.
Creating an inbound firewall rule
- From the jump server, use the Remote Desktop Protocol (RDP) client to access the Veeam backup server.
- On the Veeam backup server, open a PowerShell window with Run as administrator option.
- Run the following command
New-NetFirewallRule -DisplayName "WinRM (HTTPS-In)" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 5986to create the required firewall rule.
Creating a service account for ansible automation
-
From the jump server, use the RDP client to access the Veeam backup server.
-
On the Veeam backup server, open a PowerShell window with Run as administrator option.
-
Use the following commands and enter a password at the prompt:
$n = "sa-ansible" $d = "Service Account for ansible control node" $pw = Read-Host -AsSecureString New-LocalUser -AccountNeverExpires -Description $d -Name $n -Password $pw -PasswordNeverExpires -Confirm:$false Add-LocalGroupMember -Group "Administrators" -Member $n -
Verify with
Get-LocalUserandGet-LocalGroupMember -Group "Administrators".
For more information, see Setting up a Windows host.