Update 4 for Service Providers – Self Service Backup through RBAC for vSphere

When Veeam Backup & Replication 9.5 Update 4 went Generally Available a couple of weeks ago I posted a What’s in it for Service Providers blog. In that post I briefly outlined all the new features and enhancements in Update 4 as it related to our Veeam Cloud and Service Providers. As mentioned each new major feature deserves it’s own seperate post. I started last week with a look at Tape as a Service and today i’m looking at another underrated feature…vSphere RBAC Self Service Portal.

As a reminder here are the top new features and enhancements in Update 4 for VCSPs.

vSphere RBAC Self Service Portal:

When Veeam Backup & Replication 9.5 was released one of the top new features was the vCloud Director Self Service Portal. This was aimed at our Veeam Cloud & Service Providers that leverage vCloud Director as their Cloud Management Platform to offer self service capabilities. The portal was part of Veeam Enterprise Manager and uses vCloud Director Organizations and leverages vCloud Director authentication.

For Update 4, we have used this feature as a base to release the vSphere RBAC Self Service Portal. This has been primarily marketed as a non service provider feature that enterprises can use to drive self service backup internally.

My fellow Product Strategy Technologist, Melissa Wright (@vmiss) has released a great overview of the vSphere RBAC Self Service Portal here. She goes through the setup and configuration and takes a look at how to configure users and permissions and shows the power of the feature as it pertains to enterprise customers.

RBAC for vSphere IaaS:

The great thing about this new portal is that it can be used either in conjunction with the vCloud Director Self Service Portal or standalone in the case that a service provider is not running vCloud Director. That is where this portal will come into play…while there are a number of VCSPs that do run vCloud Director the large majority of service providers or managed service providers do not. If they are running IaaS off native vSphere, the portal can be used to offer self service backup and recovery to their tenants.

The self service permissions can be retrofitted to existing vCenter permissions or can be started fresh by using vSphere Tags. Personally, I believe the vSphere Tags is the best way to configure the multi-tenancy aspect of the configuration. In the setup, tags are matched to users which will dictate what tenants will be able to see and select when they log in.

Tenant Functions:

Tenants get access to the self service web portal which the VCSP makes available externally. Depending on the user roles and permissions that have been configured, they can select virtual machines to manage backup jobs, as well as restore VMs, files and application items within the bounds of their permissions. Tenants can also a manage retention, schedule and notification settings as well as guest OS processing options.

To simplify job management for the tenants, advanced job parameters (like backup mode and repository settings) are automatically populated from the job templates if desired.

Wrap Up:

Once again, the vSphere RBAC Self Service Portal is one of the sleeper hits of Update 4 for Veeam Backup & Replication 9.5 and should be considered by all VCSPs to offer a level of self service capability to their tenants. The way in which this has been implemented on the back of Enterprise Manager with a one to many portal means this is the best self service portal for IaaS and/or vCloud Director…also we do not need specialised appliances per tenant which is a massive up side on how Veeam differentiates itself in this space.

References:

https://vmiss.net/2019/02/14/veeam-enterprise-manager-self-service-vsphere/amp/

https://helpcenter.veeam.com/docs/backup/em/em_working_with_vsphere_portal.html?ver=95u4