(note: this post also appears on the official Veeam blog)
Also available in this series:
Part 1: linux certificate-based authentication
Part 2: Quick Rollback
Part 3: Quick Backup
Part 5: Snapshot Hunter
Part 6: Tape Server
Part 7: Save as Default
Part 8: Hyper-V
Veeam Availability Suite v8 has been released and customers and partners are already upgrading their environments and exploring the several new features that have been added to this latest version of the software. There are many enhancements that are not part of the marketing activities, but nonetheless they all contribute to create every time an awesome version of the software.
I’ve created a list of my favorite 8 new technical features, my “gems”. In this series of posts, I will show you them and dive a little bit into their technical details. In this fourth episode, we will talk about the support for vSphere tags.
Towards a policy based datacenter
Modern datacenters are becoming complex, and regardless the efforts of their managers and operators to reduce their complexity, the only way to effectively manage these large environments is through automation. Automation is not just about scripting repetitive tasks; the proper way to automate a datacenter is by creating policies to describe a desired state, and then have a smart software in place capable of applying “automatically” those policies against different components of the infrastructure. In this way, an administrator has to take care of the policies and their assignments, instead of “baby sitting” the different components. As a fundamental part of any environment, data availability could and should be managed via policies. And today I’m going to explain you how you can do it with Veeam Availability Suite v8 and VMware vSphere.
Data Protection policies instead of Backup Jobs
One of the coolest features of VMware vSphere in its latest releases are tags. With it, you can “tag” different objects of the virtualized environment, being it virtual machines, folders, resource pools and others, and then filter and group these objects based on common tags. The advantages over simple folders are immense: one object can have multiple tags (while a virtual machine for example can only be in one folder at a given time), tags can be removed and added as needed, and you can create as many tags as you want in order to better classify your infrastructure. Once your tag configuration is in place, and every virtual machine is properly marked with one or more tags, it’s time to use those tags for data protection activities! When configuring a new job in Veeam Backup & Replication v8, you will note the new “Tags” view in the infrastructure browse dialog:
Once you populate a job with a tag, each virtual machine with the selected tag will be added to the list of processed virtual machines automatically at each job execution, and properly protected. The possible use cases are endless, but let me give you some example, to better understand the power of tag support into Veeam Backup & Replication.
For example, you may want to leverage the new v8 SQL Server transaction logs backup functionality for your most important SQL Servers. You configure a backup job to include all virtual machines with “SQL” tag with the Logs Backup option configured to backup transaction logs every 15 minutes, and then you just tag your important SQL servers virtual machines with the “SQL” tag. By using this setup, each tagged SQL Server will be protected with the RPO of 15 min or less automatically.
Another example: your security policy requires all servers belonging to the Finance department to be saved in encrypted backups. You don’t want to encrypt all your backups, just this one. You can create a new backup job where encryption is enabled and configured, and then you simply select the tag “Finance” in the “Department” category as the dynamic scope of virtual machine selection. All virtual machines with this tag will be protected by this job, and the backup files will be encrypted.
And last example: you have some virtual machines you want to replicate in your Disaster Recovery site every 4 hours. Tags are supported in Replication jobs as well, so again you create a Replication job populated with a “4 hours replication” tag, and the job will automatically pick up the virtual machines tagged with the corresponding tag.
The beauty of tags is that they are truly dynamic in nature, and so are queried each time a job is executed; in this way, each virtual machine that was just tagged is immediately added to the correct job without any job editing required. Say you have two tags like “24 hours RPO” and “4 hours RPO”: with the former you select virtual machines that are saved once a day, and with the latter machines that are saved every 4 hours. After some time, your company realizes that a virtual machine has become too critical to be protected with a daily backup. By simply removing the former tag and applying the latter, immediately the virtual machine starts to be protected with the job running every 4 hours. And all of this without ever modifying any backup job that you initially created.
As you can see, with tags you are effectively not creating simple backup jobs anymore, but Data Protection policies. Each job and its parameters defines a policy, and with tags you define to which policy any virtual machine belongs too. Depending on your data protection policies, you can now create all required jobs with all the desired options in place right away, and manage the actual job’s content by simply tagging your existing and new virtual machines. By the way,
How do I tag a virtual machine?
One option to quickly start with tags is to assign tags to an object by simply browsing the vSphere Web Client and apply a tag:
In this way, an Application Owner could tag his own virtual machines running Microsoft SQL Server for example. This is a quick and effective way to start creating categories and groups that can be later used in other activities.
However, if you have a lot of virtual machines to manage, tagging itself can be the issue. It wouldn’t be really automation if you’d have to configure tags manually for each and every new virtual machine. And we felt we would not be giving our larger customers the complete solution, if we did not also provide the ability to automate virtual machines tagging. So, we also added the ability to…
Apply tags to virtual machines using Veeam ONE
What about setting tags automatically based on business classifications? Veeam Business View is a FREE component of Veeam ONE, and instead of depicting your environment in IT terms, it’s designed to describe your infrastructure from a business point of view. Here you can configure and map resources to departments, locations, defined or required SLAs and so on. And once you have created rules in Business View, and populated it, Veeam ONE can automatically add tags to virtual machines, without any manual intervention. You can map and synchronize Business View categories and groups to vCenter categories and tags, or you can use directly its own grouping schemes, as you like:
And if you already have used extensively vSphere tags, there’s no reason to do the job twice: Veeam ONE has a wizard to map tags created in vSphere to corresponding categories and groups in Business View.
Thanks to vSphere tags integration in both Veeam Backup & Replication and Veeam ONE –regardless if you are a service provider, or your department is acting like an internal provider for your different lines of business, you can now offer advanced data protection services, with also proper separation of duties. Data protection administrators can setup and manage policies, while application owners can independently decide the best policy for their workloads.
It’s no secret that modern datacenters are moving towards a policy-based management; with Veeam Availability Suite v8, now you can have a real policy-based data protection of your vSphere virtual machines in place.