Veeam Backup for Microsoft 365 • Re: Separated restAPI server - in a cluster?

Hi Flavio,

I know we worked on this offline. Just sharing our results for the benefit of the community.

For the Load Balancer (LB) configuration, the session must be persistent (or sticky).

The next question - Is this a recommended configuration? It depends...

Let's start off by defining the use case for the separated REST API server: (Not related to a cluster with an LB)

• Internet-facing Restore Portal
  • If the Restore Portal is made publicly accessible over the internet, best practice is to leverage a separated REST API server. This enables this server to be placed in a more restrictive security zone separate from the Veeam environment. An LB or Reverse Proxy could also be placed in front of this server. This not only increases security but doesn't automatically compromise the Veeam environment if a threat actor gains access to the server.
• Security
  • Even if the Restore Portal is not internet-facing, business and/or security requirements could mandate it be placed in its own more restrictive security zone.
• Reduce Controller server resource consumption for Restore Portal
  • If the Restore Portal is hosted using the separated REST API server, this alleviates the Controller server from hosting it.

Armed with this knowledge only use the separated REST API server if your use case fits one of the above options.

Back to the topic on hand, multiple separated REST API servers with an LB are supported and can be used for limited high availability. Please note the controller server and its config DB are still single points of failure.

Hope this helps!

Statistics: Posted by chris.arceneaux — Jun 16, 2025 1:49 pm

---