We use a few cookies to run the site and understand how it's used. No tracking. No ads. View our cookie policy
Just the basics!
Rismor Technologies Ltd

Veeam Guide: Adding a Service Provider and Enabling Ransomware-Resilient Backup

Home  ➔  Guides   ➔   Backups   ➔   Veeam Guide: Adding a Service Provider and Enabling Ransomware-Resilient Backup
Backups Cyber Security Guides Veeam

Veeam Guide: Adding a Service Provider & Enabling Ransomware-Resilient Offsite Backup

Who this is for

General IT admins and office managers who want a calm, step-by-step setup that “just works.” You’ll add a Veeam Cloud Connect Service Provider, verify security, then point backup and backup copy jobs to a cloud repository. Throughout, we’ll show simple choices that avoid dead-ends and keep restores fast.

Why this matters

Local backups alone are not enough. Offsite, immutable copies stop ransomware and accidental deletion from wiping you out. Adding a Service Provider gives you a clean, separate place to recover from-especially when the bad day arrives.

Soft path to extra safety

If you want this handled end-to-end with UK-hosted, air-gapped storage and monthly restore drills, our cloud backup service is ready when you are: /services/cloud-backup/.

Before you start

You’ll need

• Service Provider (SP) cloud gateway DNS or IP (e.g. backup.example.cloud).
• Port number (default 6180) if not otherwise specified.
• Tenant username and password (from your provider).
• Veeam Backup & Replication v12 or later installed and opening the console as an admin.

Nice to have (speeds you up)

• A quick outbound firewall check from your VBR server to the SP gateway on the agreed port.
• Any certificate thumbprint details the provider shared (for easy verification).

Step 1 — Launch the Service Provider wizard

Where to click

Open Veeam Backup & Replication > Backup Infrastructure (left pane) > Service Providers > Add Service Provider.

What’s happening

This tells Veeam to build a secure link to your provider so it can discover your allocated cloud repositories and (if applicable) replication resources.

Step 2 - Enter the cloud gateway details

Fields to complete

DNS name or IP: enter the provider gateway you were given.
Port: keep 6180 unless your provider states otherwise.
Description: friendly name like “Rismor Cloud Backup.”
Allow this VBR to be managed by the service provider: leave unticked unless you have a managed BaaS agreement.

Tip

If your provider runs multiple gateways, Veeam will learn them automatically from the one you enter.

Step 3 - Verify the certificate & add credentials

Security first

Veeam will show the TLS certificate presented by the gateway. If the provider supplied a thumbprint, paste it into the fingerprint field and click Verify. If it doesn’t match, stop and check with your provider.

Tenant account

Click Add or Manage accounts to enter the tenant username and password your SP issued. Select that account and click Next.

Step 4 - Confirm resources & finish

Discovery

Veeam queries the provider and lists your Cloud Repositories (and any replication resources). Check names and capacities look right, then click Finish. Your provider now appears under Backup Infrastructure > Service Providers.

Create a Backup Job to the cloud repository

What this achieves

This sends a primary backup straight to the provider’s repository. It’s the shortest path to an offsite copy.

Steps

1) Go to the Home view > Backup Job > choose your platform (e.g. VMware vSphere, Microsoft Hyper-V, or agents for physical/Proxmox-hosted VMs).
2) Name the job and add the VMs/agents/objects you want protected.
3) In Storage, choose the Cloud Repository from the drop-down (the one under your Service Provider).
4) Set your retention (restore points or days). Keep it simple to start—e.g. 14–30 restore points.
5) Enable Encryption here if required (recommended for offsite).
6) Save and run the job to create the first full backup; incrementals follow on schedule.

Create a Backup Copy Job (best-practice extra)

Why add a copy job?

It separates schedules and retention from your primary backups and helps you meet 3-2-1 guidance: three copies of data, two different media, one offsite.

Steps

1) From Home, click Backup Copy (Immediate or Periodic).
2) Objects: select sources (from jobs or repositories).
3) Target: choose your Cloud Repository at the Service Provider.
4) (Optional) Enable GFS (weekly/monthly/annual) restore points for longer compliance retention.
5) Schedule it to run outside peak hours or continuously (Immediate mode).
6) Finish and let it run.

Enabling ransomware resilience (settings that matter)

Keep attackers out of your backups

Immutable storage: if your provider supports hardened, immutable storage, ask them to enable it for your tenant.
Separate credentials: use a unique tenant account; don’t reuse local admin creds.
Encryption: turn on at the job level for offsite chains.
Air-gap by design: the provider repository should not be reachable from your local domain in any admin capacity.

WAN acceleration (when and when not)

When to use it

Enable Veeam WAN Accelerators if you’re copying large volumes over limited bandwidth, or many offices share a small uplink. You’ll deploy a WAN accelerator on-prem and one at the provider side (check with your SP for support).

When to skip it

If bandwidth is strong and jobs complete inside your window, the added complexity may not be worth it. Start simple; add WAN accel later if needed.

Adding your platforms (VMware, Hyper-V, Proxmox/agents)

VMware vSphere

Backup Infrastructure > Managed Servers > VMware vSphere > Add Server. Enter vCenter or ESXi details, accept certificates, then add a Proxy close to the hosts (or use the default). Include these VMs in your jobs.

Microsoft Hyper-V

Managed Servers > Microsoft Hyper-V > Add Server. Add standalone hosts or a cluster. Ensure a Proxy with access to the CSVs is available. Add VMs to jobs as normal.

Proxmox / standalone machines

Use Veeam Agents for Windows/Linux. Install via protection groups or manually, then back up to the Service Provider’s repository. For Proxmox, protect guest OSs via agents unless you’re using a third-party hypervisor plug-in.

Typical questions (answered upfront)

Not always. Many start by pointing the primary Backup Job at the cloud repository for immediate offsite protection. Add a Backup Copy later if you want separate schedules or longer GFS retention.

Your provider will advise planned changes. If you’ve pinned fingerprints, update them during a maintenance window.

Pick one VM monthly. Do a file-level and a whole-VM restore test to a sandbox. Document time-to-recover. If you’d rather we run drills and send reports...

See how it works

Troubleshooting quick wins

Common causes and fixes

Can’t connect to SP: check outbound firewall/NAT on port 6180 to the SP gateway DNS/IP.
Auth failures: confirm you’re using the SP tenant account (not domain admin). Reset via the provider if needed.
Slow uploads: reduce concurrent tasks during business hours; schedule outside peaks; consider WAN acceleration later.
Job encryption mismatch: keep your password safe; losing it prevents decryption of offsite chains.

Verification and next steps

Sanity checks

Test Connection on the Service Provider entry shows green.
• Cloud repository appears under Backup Repositories with expected capacity.
• A small pilot job runs and completes to the cloud repository.
• You can restore a test file from the cloud chain.

Optional hardening (recommended)

• Enable MFA on your Veeam console users.
• Separate service accounts for Veeam components.
• Limit console access to jump-host or management VLAN.
• Turn on configuration backups for Veeam itself (store a copy offsite).

Prefer the calm route?

We run this for you

If you’d like immutable, UK-hosted offsite backups with snapshots that attackers can’t touch-and monthly restore drills for proof-see our service here:

See how it works

Clear pricing. No pressure.

Share on Facebook
Share on Twitter