Veeam Backup & Replication added support for VMware vCloud Director back in the v7 release. It was an immediate success for many service providers because they were finally able to properly protect native vCloud components like Organizations and vApps, instead of relying on operations happening at the underlying vSphere level where no information about vCloud constructs could be saved and restored.
In addition to this, the complete support for RESTful API allowed those service providers with in-house development to integrate these capabilities into their own portals and automate procedures.
In the following releases, Veeam kept adding support for new versions of VMware vCloud Director, and, in fact, Veeam Availability Suite v9 has complete support for the latest vCloud Director 8.0.
But, service providers are hard to please, and they push us to develop better solutions. This is what we are doing in the upcoming Veeam Availability Suite 9.5.
Through the use of the web interface provided by Veeam Enterprise Manager, or via its RESTful API, service providers are already able to allow self-service restore operations to their customers. However, the authentication into the portal is only possible using Windows credentials. Additionally, only restore operations are supported, which means service providers have to either configure backups for all their customers and maintain them, or develop custom procedures using automation tools that can leverage Veeam Powershell or RESTful API.
In Veeam Availability Suite 9.5, two major improvements are coming.
Native vCloud authentication
First, the authentication process. In 9.5, Veeam will leverage the native vCloud Director authentication technology to also authorize tenants to log in to Enterprise Manager.
By identifying the resources a vCloud Director user is allowed to see and manage, Veeam will automatically filter vCloud resources and show to a tenant only the components that belong to him:
This is a major improvement in service provider operations because now a tenant only needs to be configured once in vCloud Director, and any change like a new password or a disable operation will be immediately reflected in Veeam Enterprise Manager.
But there’s more!
Self-service backup
Once a tenant logs in to Veeam Enterprise Manager using their vCloud Director credentials, they will be able to create new backup jobs by specifying which VMs to backup as well as all essential parameters such as retention and notifications.
Of course, tenants will not be able to set up all job parameters; for example, service providers will still control the backup destination (and tenant’s quota). Likewise, to make things simpler for the tenants (and more controllable for the service providers), all advanced job parameters will be automatically populated from the job template assigned to the particular tenant. This way, tenants don’t have to learn all the backup modes and advanced job settings provided by Veeam.
Before you think that such self-service gives tenants too much flexibility (and the ability to impact the service provider’s infrastructure), keep in mind that it is protected from excessive resource consumption by Veeam’s existing intelligent load balancing. Moreover, service providers will be able to limit particular tenant’s ability to schedule the jobs to run too often or restrict the ability to schedule jobs completely and set the required schedule themselves manually or using a script.
Last but not least, the new approach is also more secure because a tenant will now be able to input the guest OS credentials required for application-aware processing directly into the Veeam job they create, without having to hand over to the service provider as was required before the self-service portal.
This is a major improvement towards complete confidentiality. With this new capability, Veeam service providers will be able to offer their customers the deepest possible level of granularity right down to an application item, guarantee application consistency to critical workloads hosted on behalf of their customers and deliver the peace of mind that no credential can be misused by the service provider staff.
Self-service restores
Thanks to the combination of native vCloud authentication and the secure configuration of guest credentials, restores are also going to be streamlined much further.
As soon as a tenant logs in to Veeam Enterprise Manager, they can easily see the list of the VMs that are protected. From here, they will be able to quickly restore the entire VM and even use the quick rollback option to restore only the damaged blocks of the virtual disk.
And, thanks to the advanced guest processing, file-level and application item-level restores available in the Enterprise Manager web UI today will also be available for tenants directly from the self-service portal.
Back-end management
As anticipated before, service providers will be able to manage these capabilities directly from the same Enterprise Manager. By logging in with the portal administrator credentials, they will be able to configure their tenants’ target repositories and quotas:
Advanced job settings templates can also be used to quickly assign advanced backup options to tenants without them knowing about these technical tidbits. For example, if a service provider wants to use a generic deduplication appliance as a backup target, he will want to have every backup job use an active full backup mode.
Conclusions
All of these options are going to be available in the upcoming Veeam Availability Suite 9.5, and I can tell you that when we presented these new features to a selected list of top service providers, the feedback we received was awesome.
We are confident that every service provider using VMware vCloud Director will find that this improved technology will be a must-have for their environment.