Veeam 9.5 and VMware vCloud Director backup

Integration with vCloud Director and the ability to back up virtual machines, vApp and entire organizations appeared in Veeam, if the memory does not fail me, since the eighth version.

In the recently released version 9.5, the opportunity appeared (which I actually waited a long time ago), allowing VMware vCloud Director users to independently manage the backup and recovery processes of their VDC's virtual machines.

For those who are interested in how it looks from the provider, as well as that the VDC user ultimately receives, I ask for cat.

Most likely, Habr's readers who are interested in backing up a VMware cloud using Veeam are familiar with the process of integrating a backup server and vCloud Director, which is actually quite simple: you just need to add vCloud Director in the appropriate section “Backup Infrastucture”, after which the administrator backup systems provide the ability to backup virtual machines and vApp metadata, as well as perform recovery not only in vSphere and then publish the machine in the cloud, but directly to the cloud, bypassing ESA manual publication.
')
From version 9.5, after small settings from the backup server side, it is possible to transfer the backup management of the virtual data center directly to the user, which is undoubtedly convenient for both the administrator and the VDC user.

Interaction scheme:

The VDC user receives backup management functions through the portal provided by Veeam Backup Enterprise Manager using the same access data that they use when interacting with vCloud Director.

In this case, the backup system administrator determines the list of organizations that have the ability to use the backup tool, as well as sets disk quotas for these organizations and the backup task templates that will be used.

Now how this all looks and is configured:

First of all, it is necessary to connect vCloud Director to the Veeam Backup system and make sure that we see the list of organizations, vApp, virtual machines.

Next, you need to install Veeam Backup Enterprise Manager, if it has not yet been installed, all further work will be done through it.

In order to gain access to the Enterprise Manager, go to the browser at https://veeam-ent-manager.example.com:9443/ and log in, for example, as the administrator of the system on which this manager is installed.

If you have not previously installed Enterprise Manager, then after authorization, you must first connect the Backup & Replication server; you can do this through the menu Configuration → Backup Servers. By clicking the Add button and specifying the address and credentials of the backup server, we will connect:


By default, Enterprise Manager collects information from backup servers every 15 minutes. In order not to wait, it is possible to perform the collection by pressing the “Start Collecting” button. Also, when you click "Schedule", you can change the interval for polling the backup servers by the manager.

You can check the status of collecting information about Veeam BR servers in the Sessions menu, which is located on the left side:


This concludes the integration of Enterprise Manager with the backup server. Let's look directly at working with vCloud Director.

For the tests, I will use the fictional organization dis_org, whose administrator really wants to be able to back up and restore their two virtual machines that are in vApp WindowsVMs and LinuxVMs:


I’ll omit the setting and creation of organizations in vCloud Director, I’ll only note that I’m using an organization called dis_org and an administrator with the login name disadmin.

Let's allow the administrator of dis_org to do backups. Those who are familiar with Veeam Backup Enterprise Manager may have noticed that in version 9.5 the “VCLOUD” tab appeared in the manager’s general settings menu, this is where all the necessary settings are made:


In order for dis_org administrators to perform backups, you must click the Add button in the VCLOUD menu:


What is configured here:

1. Specify the organization that has the right to back up;
2. The repository in which the backup copies will be stored;
3. The disk quota of the organization in this repository;
4. Ability to manage your backup schedule. It is, in principle, possible to take away from the client and have to start tasks only manually;
5. The last item in the “Advanced Job Settings” is the settings with which backup tasks will be created. These settings are taken either from some reference task, or by default. What is it for? For example, specify a specific proxy server, or change the level of compression well, etc. In the example, I took the temp_cloud_job task as a basis, in which several parameters were changed.

After clicking the "Save" button, you can see that our organization appeared in the list:



What's next? And then we give our client access to the portal Veeam Backup Enterprise Manager. For greater security, EM is best placed in the DMZ and only port 9443 is allowed.

The client must go to https://external-em-addr.example.com:9443/vCloud/dis_org/ and log in with the same account that he authorizes on the VMware vCloud portal. In my example, this is disadmin:


After entering the portal, the user can view his backup infrastructure on the Dashboard tab:

1. The number of protected virtual machines;
2. Backup task statuses;
3. Available disk space.

The Jobs tab performs operations for creating, launching and managing backup tasks.

Bookmarks VMS, Files, Items are used, directly, for recovery.


Now our administrator has the right to create a backup task for their machines. This is done on the tab "Jobs → Create". First of all, the name of the task and the number of recovery points are indicated:


The following are the virtual machines that must be backed up. In the list, the user sees only the machines that belong to his organization:


The following indicates the need for application-aware processing, where you can specify data to access the protected operating system:


And, since the user has the right to manage the schedule, Schedule settings:


At the last stage of the configuration, you specify the email addresses to which you want to send notifications about the results of the tasks (maybe there were errors and you should contact the provider for help?):


By clicking the “Finish” button we get our first backup task:


Also, this task will be seen by the administrator of Veeam BR. For him, this is the same task as everyone else, except that he did not set it up :). You may notice that the task prefix indicates the name of the organization to which it belongs:


Now that the user has a task, you can start it and observe the execution process:


At the same time, the administrator also sees all running tasks:


After completing the task, the contents of the Dashboard will show everything that was:


It can be seen that the number of protected VMs has changed, the tasks, their status, as well as the speed with which our backups were performed are visible.

On the VMS tab, you can see the protected virtual machines, and from here they are restored. You need to click on the virtual machine and select the item “Restore VM”. A dialog box will appear in which you will need to select a recovery point and a number of other parameters:


Veeam will warn that the car will be restored over:


And in the same way, the user will see the status of the restored machine:


And the backup system administrator will see this:


On this, I have everything to set up backup of VMware vCloud organizations using Veeam tools. I am very happy that Veeam is moving in this direction. True, there are a number of things that I would like to see in the following versions:

1. Ability to change the recovery path of the virtual machine and its name through the Enterprise Manager. Recovery over is not always convenient;
2. Limit the user not only by quota, but also by the number of virtual machines \ bandwidth;
3. A plugin for vCloud Director that allows you to add machines to backup \ restore directly from the console, without going to the portal once again.

Useful links:

1. Work with Enterprise Manager
2. Work Veeam with vCloud Director
3. Even deeper about integrating Veeam with vCloud Director

Thank you for reading to the end.

PS: After I wrote everything, a colleague sent me a link to a similar article in the dataline blog. The articles are similar, but the works are pity, so I apologize for the part of the information that is the “button accordion,” but it was this possibility that I was expected and I could not write about it.