Hi,
We are missing an additional role, in the Veeam Backup and Replication console - https://helpcenter.veeam.com/docs/backu ... ml?ver=110
The new role, should have access to creating new jobs, but not edit / delete any of the current ones.
At the moment we have 15 sysadmins, that are required to have access to the backup environment.
Normally i would give them "Veeam Restore Operator" and "Veeam Backup Operator" - but then they cant create any new jobs.
So we have to give them the "Veeam Backup Administrator" Role, which means they can screw up our entire environment, or delete the primary repositories, since these are not immutable
-
ksl28
- Enthusiast
- Posts: 60
- Liked: 11 times
- Joined: Sep 21, 2016 8:31 am
- Full Name: Kristian Leth
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 31816
- Liked: 7302 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Feature Request - Add Backup Creater role
Hi. Thanks for the request but why not have them use our Self Service Backup Portal instead?
-
ksl28
- Enthusiast
- Posts: 60
- Liked: 11 times
- Joined: Sep 21, 2016 8:31 am
- Full Name: Kristian Leth
- Contact:
Re: Feature Request - Add Backup Creater role
Hi,
When we create a new job, we use an Powershell script to do this.
That way we ensure that everything is configured, according to our backup policy - Deleted items, replication to secondary and third backup site, correct credentials for the guest interaction proxy, correct VMware proxies selected, etc
All of this will be moved, to the new VBR RestAPI, once it supports VMware tags.
But since the script is executed as the user itself, that user needs to have the "Veeam Backup Administrator" role.
I hope this makes sense
When we create a new job, we use an Powershell script to do this.
That way we ensure that everything is configured, according to our backup policy - Deleted items, replication to secondary and third backup site, correct credentials for the guest interaction proxy, correct VMware proxies selected, etc
All of this will be moved, to the new VBR RestAPI, once it supports VMware tags.
But since the script is executed as the user itself, that user needs to have the "Veeam Backup Administrator" role.
I hope this makes sense
-
Gostev
- Chief Product Officer
- Posts: 31816
- Liked: 7302 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Feature Request - Add Backup Creater role
Self Service Backup Portal uses job templates to ensure all advanced backup job settings are identical.
-
ksl28
- Enthusiast
- Posts: 60
- Liked: 11 times
- Joined: Sep 21, 2016 8:31 am
- Full Name: Kristian Leth
- Contact:
Re: Feature Request - Add Backup Creater role
Hi,
When we create an job, then based on 4 input parameters, it selects the correct repository in the region (EMEA, ASIA, US)
We tried with using an Template, but found out that it was not flexible enough for us - so we create the jobs from the Powershell Template every time.
The only reason why we wanted an new User Role, was to align and secure our environment, even more.
When we create an job, then based on 4 input parameters, it selects the correct repository in the region (EMEA, ASIA, US)
We tried with using an Template, but found out that it was not flexible enough for us - so we create the jobs from the Powershell Template every time.
The only reason why we wanted an new User Role, was to align and secure our environment, even more.
-
soncscy
- Veteran
- Posts: 643
- Liked: 312 times
- Joined: Aug 04, 2019 2:57 pm
- Full Name: Harvey
- Contact:
Re: Feature Request - Add Backup Creater role
Out of curiosity, how often are they making full new jobs as opposed to one-off backups? Maybe Enterprise Manager is more what you want here.
I feel that the use case here is a bit unclear, as at least the model I propose for clients is that individual teams shouldn't really be making tons of jobs, but instead either having control over a few machines to backup, or letting the backup team handle it. Even for small businesses with < 25 machines to backup, I push for pick one person to control the backups, else everyone gets a different idea on how to do it and you end up with absolute chaos. (Duplicate backups, random naming schemes, ridiculous schedules, etc)
I get you want to allow teams to use only specific repositories and such, but maybe elaborate on what was missing from the Self Service Portal templates; surely there's a way to do it with the Enterprise Manager API and some back-end code that does the Powershell stuff behind the scenes. A backup creator role sounds very open ended and I think introduces more issues than you might have considered (or maybe you have! I would be very curious to hear more on this)
I feel that the use case here is a bit unclear, as at least the model I propose for clients is that individual teams shouldn't really be making tons of jobs, but instead either having control over a few machines to backup, or letting the backup team handle it. Even for small businesses with < 25 machines to backup, I push for pick one person to control the backups, else everyone gets a different idea on how to do it and you end up with absolute chaos. (Duplicate backups, random naming schemes, ridiculous schedules, etc)
I get you want to allow teams to use only specific repositories and such, but maybe elaborate on what was missing from the Self Service Portal templates; surely there's a way to do it with the Enterprise Manager API and some back-end code that does the Powershell stuff behind the scenes. A backup creator role sounds very open ended and I think introduces more issues than you might have considered (or maybe you have! I would be very curious to hear more on this)
-
ksl28
- Enthusiast
- Posts: 60
- Liked: 11 times
- Joined: Sep 21, 2016 8:31 am
- Full Name: Kristian Leth
- Contact:
Re: Feature Request - Add Backup Creater role
Hi,
Its always complicated to describe an confidential environment, and still provide the relevant information
We already have the Enterprise Manager, but still went with the Powershell script.
We are 2 people that have Domain Admin privileges in the backup domain, the remaining sysadmins have an very strict access to the environment, meaning they cant access the Repo, Domain controllers, SQL Server, etc.
None of our sysadmins would ever create an job manually using the VBR console, and would always use the Powershell script.
Simply because its easier, and because we utilize the VBR RestAPI, to check every hour if all jobs are configured correctly - if the job is not configured correctly, and ticket is raised.
The script currently handles the following:
The correct naming standard, based on the 4 parameters
The correct VMware Proxies, based on the 4 parameters (country specific within an region)
The correct retention for active backups, based on the 4 parameters
The correct retention for deleted items
The correct Scale-Out repository, based on the 4 parameters
Defines the correct VSS integration settings, based on the 4 parameters
Defines the correct Guest Interaction Proxy, based on the 4 parameters
Creates an backup copy job, with GFS enabled, based on the 4 parameters
Based on an time range, it also detects what "hour" is the least selected one, and uses that to start the backup.
... and many more settings
I appreciate the time, but i think its an better idea, if i do an remote session, with our local Veeam engineers in Denmark.
Its hard to describe how we do things, without given an idea of how the environment is built + the security measures taken - but thats not something, i want to put on an open forum
Its always complicated to describe an confidential environment, and still provide the relevant information
We already have the Enterprise Manager, but still went with the Powershell script.
We are 2 people that have Domain Admin privileges in the backup domain, the remaining sysadmins have an very strict access to the environment, meaning they cant access the Repo, Domain controllers, SQL Server, etc.
None of our sysadmins would ever create an job manually using the VBR console, and would always use the Powershell script.
Simply because its easier, and because we utilize the VBR RestAPI, to check every hour if all jobs are configured correctly - if the job is not configured correctly, and ticket is raised.
The script currently handles the following:
The correct naming standard, based on the 4 parameters
The correct VMware Proxies, based on the 4 parameters (country specific within an region)
The correct retention for active backups, based on the 4 parameters
The correct retention for deleted items
The correct Scale-Out repository, based on the 4 parameters
Defines the correct VSS integration settings, based on the 4 parameters
Defines the correct Guest Interaction Proxy, based on the 4 parameters
Creates an backup copy job, with GFS enabled, based on the 4 parameters
Based on an time range, it also detects what "hour" is the least selected one, and uses that to start the backup.
... and many more settings
I appreciate the time, but i think its an better idea, if i do an remote session, with our local Veeam engineers in Denmark.
Its hard to describe how we do things, without given an idea of how the environment is built + the security measures taken - but thats not something, i want to put on an open forum
Who is online
Users browsing this forum: Google [Bot], Semrush [Bot] and 81 guests