Comprehensive data protection for all workloads
Post Reply
lrz
Novice
Posts: 3
Liked: never
Joined: Oct 14, 2009 1:14 pm
Full Name: Luca Ruzzeddu
Contact:

Delegating Access

Post by lrz »

I am testing a number of virtual backup products, and one of the features my company is interested in is access delegation. Basically we would like for a subset of users , mostly helpdesk, to be able to perform file-level restores without having full-blown access to the console, and possibly without having to publish the app through Terminal Services and delegating from there. Is Veeam 4.0 going to provide delegation?
Thank you.
Gostev
Chief Product Officer
Posts: 31806
Liked: 7300 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Delegating Access

Post by Gostev »

Hello Luca, unfortunately this type of delegation for file-level restores is not a part of v4 release. What you can do with v4 is to have multiple Veeam Backup servers (for instance, 1 server per department), with each server backing up (and thus having ability to restore) only specific subset of Vms. But IT management will still be able to keep control over all backup servers using the centralized job management and reporting web UI.

Delegation for file level restores is something we can easily add (we already have added some new user roles in v4), but the problem is, we did not have any requests for this type of functionality, and thus we are not even sure what is required. So your feedback and more details on how you see this implemented (from security perspective) will be highly appreciated. Again, there's nothing easier for us to restrict users with certain roles from clicking certain buttons in UI, so this functionality can be easily added even in a minor update (depending on depth/breadth required, of course). Thank you!
lrz
Novice
Posts: 3
Liked: never
Joined: Oct 14, 2009 1:14 pm
Full Name: Luca Ruzzeddu
Contact:

Re: Delegating Access

Post by lrz »

Gostev,
Thanks for the follow-up. We have a rather large virtual infrastructure comprising several VMware farms. Right now we use a traditional approach to backup and restore with agents running on the VMs. My team is in charge of the infrastructure, we would do DR, full restores of servers, but we have an Help-Desk that handles "small" restores, files, folders, etc, as there are many requests of such restores every day and my team can not afford to be bogged down with it. Unfortunately this can happen on any VM, so we can't create a subset of VMs to be managed by a "Help-Desk" Veeam server. I frankly am surprised that no other customer has expressed the need for delegation.
Gostev
Chief Product Officer
Posts: 31806
Liked: 7300 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Delegating Access

Post by Gostev »

Luca, I meant we have little information/requests about actual "delegation". In other words, how to manage and configure delegation where each help desk user can only restore files from certain VMs (backups), but not from all backups? But this is really where all complexity comes from.

Or did you mean simplistic implementation, say, if the user has the "Restore Operator" role, then allow him/her to perform file level restores from all backups produced by the given Veeam Backup proxy, but restrict from doing everything else (like controlling or editing actual jobs)?
lrz
Novice
Posts: 3
Liked: never
Joined: Oct 14, 2009 1:14 pm
Full Name: Luca Ruzzeddu
Contact:

Re: Delegating Access

Post by lrz »

Gostev, it was more the second option, where we could set the "depth" of restores a specific group of users has access to. In our case, we want John from Help-Desk to be able to do simple file-level restores, not DR.
Gostev
Chief Product Officer
Posts: 31806
Liked: 7300 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Delegating Access

Post by Gostev »

I see... this is something we were recently considering to add to v4 - but had to drop to make the release date. It is quite simple to add from coding standpoint, but requires a few weeks of manual testing to make sure there are no "holes" or workarounds, but we did not have available QC resources at the time.
Post Reply

Who is online

Users browsing this forum: Majestic-12 [Bot] and 233 guests