Greetings friends, we come to the third entry on this interesting topic on how to protect a vSphere environment using Veeam Backup & Replication with SLA policies, we have seen in previous entries, how to design and create SLA policies in vSphere, and how to create the entire Veeam Backup & Replication infrastructure, today we will see how the owners or managers of each department can assign the policies to their workloads.
Create or Edit Roles in VMware vSphere
The first thing we will have to do is to grant the role of vSphere Tagging to the role that the different users or responsible of the workloads are using, for example, I have a very limited role, that only allows to do some operations in the VMs, and to this role, I have added the following permission:
Then what we would be interested in, if we don’t have it already created this way, is to assign to different VMs, or Folders, or Resource Pools, the user, or group we just created, with the role we just created too:
Note: Besides adding the user with his role to the folder or VMs we want, we will have to assign him to the highest level of vCenter, without marking the option of propagating to children.
Overview as responsible for a small group of VMs – How to assign the SLA policy
If the user, or users, log in to vSphere Client they will be able to see only their resources, as expected:
We see in the previous image that the actions are very reduced, but among them, we have available the power to assign a policy of SLA using the vSphere Tags, we are going to add a policy to a VM, in the following way (let’s remember that this can be done by VM, or directly to the folder, so the person in charge is making sure that the present and future VMs assigned to this folder is protected):
This would look like this if we look at the attributes of the VM or VMs:
With this, the application manager could already be at ease knowing that his VM will be protected according to the SLA policy he has just selected, a look at Veeam confirms this:
Although it’s true that in future entries we’ll see how we can send notifications to this person in charge of your applications, as well as offering him the possibility to check it by himself from the vSphere Client.
That’s all for now in this first part of this blog series about SLA policies to create backups, I leave you with the complete series:
- Veeam: How to Design and Implement a Backup System Based on SLA Policies – Part I – Design, Architecture, and Tagging in vSphere
- Veeam: How to Design and Implement a Policy-Based Backup System – Part II – Creating the Policies in Veeam Backup & Replication
- Veeam: How to Design and Deploy a Backup System Based on SLA Policies – Part III – Assigning vSphere Tags to Application Groups
- Veeam: How to Design and Implement a Backup System Based on SLA Policies – Part IV – Quick Overview and Reporting of Backup Policies
- Veeam: How to design and implement a policy-based SLA backup system – Part V – Monitoring the Veeam Backup & Replication environment with Veeam ONE
Hi Jorge,
thanks for your article!
What do you think about the tag/SLA method integration with vCloud Director?
I’m testing it with some Powershell scripts, I think it’s the only way..
Bye
Marco
Hello, probably it will work the same, and escalate similarly. Are you having any trouble at all?
Unfortunately VM Tags are at vSphere level, so vCloud couldn’t see them.
Infact Veeam vCloud backup jobs don’t have this option..(tested with Veeam B&R v10)
If you want to protect automatically by vSphere Tags I think we have to use also Powershell..
I’m testing it in my lab, I can update you if you are interested!