Veeam: How to Design and Deploy a Backup System Based on SLA Policies – Part III – Assigning vSphere Tags to Application Groups

Greetings friends, we come to the third entry on this interesting topic on how to protect a vSphere environment using Veeam Backup & Replication with SLA policies, we have seen in previous entries, how to design and create SLA policies in vSphere, and how to create the entire Veeam Backup & Replication infrastructure, today we will see how the owners or managers of each department can assign the policies to their workloads.

Create or Edit Roles in VMware vSphere

The first thing we will have to do is to grant the role of vSphere Tagging to the role that the different users or responsible of the workloads are using, for example, I have a very limited role, that only allows to do some operations in the VMs, and to this role, I have added the following permission:Then what we would be interested in, if we don’t have it already created this way, is to assign to different VMs, or Folders, or Resource Pools, the user, or group we just created, with the role we just created too:Note: Besides adding the user with his role to the folder or VMs we want, we will have to assign him to the highest level of vCenter, without marking the option of propagating to children.

Overview as responsible for a small group of VMs – How to assign the SLA policy

If the user, or users, log in to vSphere Client they will be able to see only their resources, as expected:We see in the previous image that the actions are very reduced, but among them, we have available the power to assign a policy of SLA using the vSphere Tags, we are going to add a policy to a VM, in the following way (let’s remember that this can be done by VM, or directly to the folder, so the person in charge is making sure that the present and future VMs assigned to this folder is protected):This would look like this if we look at the attributes of the VM or VMs:With this, the application manager could already be at ease knowing that his VM will be protected according to the SLA policy he has just selected, a look at Veeam confirms this:Although it’s true that in future entries we’ll see how we can send notifications to this person in charge of your applications, as well as offering him the possibility to check it by himself from the vSphere Client.

That’s all for now in this first part of this blog series about SLA policies to create backups, I leave you with the complete series:

Author: jorgeuk

Father, writing in and Blogger, Systems Engineer @veeam - vExpert 2014/2020 & NTC 2018/19

3 Thoughts

  1. Hi Jorge,

    thanks for your article!

    What do you think about the tag/SLA method integration with vCloud Director?

    I’m testing it with some Powershell scripts, I think it’s the only way..



  2. Unfortunately VM Tags are at vSphere level, so vCloud couldn’t see them.

    Infact Veeam vCloud backup jobs don’t have this option..(tested with Veeam B&R v10)

    If you want to protect automatically by vSphere Tags I think we have to use also Powershell..

    I’m testing it in my lab, I can update you if you are interested!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.