AWS Veeam VMware VMware Cloud on AWS

Monitoring VMC – Part 1

As previously mentioned I have been working a lot with VMware Cloud on AWS and one of the questions that often crops up is around an approach to monitoring.

This is an interesting topic as VMC is technicaly “as a service” therefore the monitoring approach is a bit different. Technically AWS and VMware’s SRE teams will be monitoring all of the infrastructure components,

however you still need to monitor your own Virtual Machines. If it was me I would still want some monitoring on the Infrastructure and I see two different reasons why you would want to do this:

Firstly I want to check that the VMware Cloud on AWS service is doing what I am paying for. Secondly I still need to monitor my VM’s to ensure they are all behaving properly, the added factor is that with a good realtime view of my workload I can potential optimise the number of VMC hosts in my fleet reducing the costs.

With that in mind, I decided to look at a few options for connecting some monitoring tools to a VMC enviroment to see what worked and what didn’t.  I am expecting some things could behave differently as you don’t have true root/admin access as you would usually do.  All of the tests will be done with the cloudadmin@vmc.local account.   This is the highest level account that a service user has within VMC.

The first product that I decided to test was Veeam One.  This made sense for a few reasons:  Firstly I’m a Veeam Vanguard and am very familiar with the product. I also have access to the Beta versions of the v10 products as part of the Vanguard program.

Secondly, it’s pretty easy to spin up a test server to kick the tyres and finally, the config is incredibly quick to implement.

I could have easily added a VMC vCentre to my existing Veeam servers however I choose to deploy a new server just for this testing.  Assuming you have network access between your Veeam One server and the VMC vCentre then adding to Veeam One is straightforward. If not you will need to open up the relevant firewall’s

Once done Veeam performs an inventory operation and returns all of the objects you would expect.   This test was shortly after a VMC environment was created so it doesn’t yet have any workloads migrated to it.  However, as you can see below its correctly reporting on the hosts and VM workloads. It is correctly reporting back that the hosts are running ESXi 6.9.1

I also ran a couple of test reports to check they functioned as expected. Everything seemed to work as I would expect.

In Part two I am going to look at using  Grafana, Influxdb and Telegraf and seeing if this common opensource monitoring stack works with VMC.

Cloudflare Hosting

Cloudflare Setup for WordPress Users

I have been a huge fan of Cloudflare since they first came to my attention.  I did a post on them a few years ago. They do an excellent job of improving web performance and increasing security. I also find Cloudflare’s Blog a fascinating read

I saw a tweet by Chris Wahl recently where he talked about a Cloudflare firewall rule he is using to protect his WordPress instance.

I am using something similar in the Firewall section and also leveraging a couple of other cool features.

Chris has done an excellent write up on the firewall part including how to achieve this with Terraform so for the detailed look check out his blog post here for a slightly simpler version see below.  This post will talk about some of the other features I am using to improve the Speed, Security and functionality of my site.

Firewall Rules

The most important thing when hosting a WordPress site is to protect the admin section.  This should be done with a strong password and preferably two-factor authentication.  However, if you can stop people even accessing this part of the site then even better.  If you are using Cloudflare then this is easy to achieve.

From the Cloudflare, portal navigate to My account > Firewall Firewall Rules and create a rule and give it an appropriate name then configure the settings as per below.   The IP(s) in the value section are the only ones that will be able to access the site once this configuration is live.

When the rule is live it will look like the below.  A really nice touch is the graph showing how many requests have matched this rule and you can also dig into see the individual events if required.  An example drop log is shown below

Page Rules

I also use another feature within Cloudflare called Page Rules. My account > Page Rules

Within the free tier of Cloudflare, you are allowed to create up to 3 rules.  At the moment I am using two of these.

The first of these is an automatic rule to rewrite to HTTPS. I am using this with wildcards to ensure that all pages are taken care of but still land on the intended page.   Details of what Cloudflare does are here

The other rule I use is for a status page.  This is more for demonstrating some AWS features as a status page but I am sure multiple other use cases exist.   As Cloudflare intercepts the request before any webserver the redirect is quicker.  However, in this case, they can do the redirect even if my webserver is not online.

Cloudflare Applications

Another really nice use case is Cloudflare’s applications.   As the HTML  CSS etc is passing through the Cloudflare network they can manipulate it.  They do this to improve performance using compression.  They also have the capability to inject code I use this to add Google Analytics into every web page.  They have a large number of Apps available to easily make functional changes to your site.

WordPress Plugins

WordPress has a plugin for interacting with Cloudflare via the API.  This has a couple of uses and it is highly recommended.  Firstly the plugin can optimise your WordPress install to work best with Cloudflare. It also gives you access to some of the basic settings allowing anyone with admin access to WordPress to tweak Cloudflare settings if required.

The second function that it performs is that performs automatic cache management automatically invalidating cache as the content is changed as required.



As everyone knows by now the world has changed possibly forever.  Due to Covid19 working from home has become the new normal.  We are lucky in the IT world that this has been fairly straightforward for most of us.  We are privileged in that it’s possible for us to continue indefinitely.  Organisations still need to move forward, to progress and adapt into the new normal.

In the words of Charles Darwin “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change.”

With that most (if not all IT conferences have been postponed or gone online)   Veeam’s annual conference VeeamON is no exception and now it’s here!!

As a Veeam Vanguard I was privileged to be given an early briefing on some of the announcements.  These are summarised below but for all the details make sure you sign up and view some of the great sessions

If you haven’t managed to sign up you still can here.

Headline Announcements

  • Veeam Backup for Office 365 v5

– Microsoft Teams backup

– Modern Authentication

  • Veeam Backup for AWS v2

– Snapshot Replication

– Hybrid Cloud

  • Veeam Availability Orchestrator v3

– Fast recovery using Netapp Snapshots

– DR Pack purchase options

  • Veeam Availablity Suite v11

-Continuous Data Protection.

-Object Storage Enhancements – Capacity Tier now supporting Google Cloud Object Storage

-New Archive Tier- Supporting AWS S3 Glacier

-Instant Reocovery improvements  – Instant NAS & Instant Database recovery.

Last but not least a feature that I have been asking about for over 3 years


Yes Veeam Backup Agent for MAC