Feature request: Role based access in Veeam Console

[edison5000]

Thanks Gostev I really appreciate your input. If Service Provider Console can do this, and we can use it on prem, then I will certainly try to get hold of demo asap.

However, since you moved my original post to this thread, I believe that is likely not the case. To reiterate: we were told "there is no current way to use a *centralized single B&R server or the Enterprise Manager to divide up complete administrative powers by department.* "

We need a topology such that:
1. Only admins in Dept A can do B&R admin things in Dept A. They would not see any other machines in B&R that are not members of Dept A.
2. Only admins in Dept B can do B&R things in Dept B , only admins in Dept C can do B&R things in Dept C. et al
3. There would be at least one or two 'super admins' who can globally administer all the departments, in case machines need to be moved between A, B, C.

The Veeam engineers we consulted the last few weeks said the only way to do this with Veeam in its present form, on-premises-only, would be: "have individual B&R servers in each dept. You could then opt to have a single central storage location if you desired, with separate repositories, and still none of them would see each other."

I do not think Enterprise Manager would allow this with a single B&R server either, based on my limited time with the demo so far, but perhaps I am mistaken. Enterprise Manager Plus I think adds some more functionality to EM console, but not what we need re: dept separation. Veeam One is just more reporting.

If Service Provider Console would allow for this kind of robust, centralized administration, on-premises only, with no need to contact cloud in any way - that would be fantastic. If that is *not* something it can do, then that is useful to know as well. : )

[Gostev]

B&R is completely irrelevant here because you noted you only need to back up user endpoints, which is something VSPC manages directly using Veeam Agents. In other words, you don't need B&R at all.

[veremin]

By the way, we have a dedicated Service Provider subforum where similar questions about VSCP and other SP-related functionalities are discussed. You can try to apply to Veeam Cloud Provider group, using User Group settings in the User Control Panel. This is needed to get access to the said subforum.

Thanks!

[Gostev]

No point in trying, he won't get approved by the script because his account is not marked as VCSP.

[edison5000]

B&R is completely irrelevant here because you noted you only need to back up user endpoints, which is something VSPC manages directly using Veeam Agents. In other words, you don't need B&R at all.

Hello again - our sales rep inquired of someone on the VSPC team.

We are a Fed customer with only around 1k employees, and again, can only use on-prem backup with no touching of cloud whatsoever.

The VSPC person said: "Unfortunately, only registered MSPs have access to the service provider console. They would need to be an active Veeam service provider to gain access. We do not give access to traditional business end users of our products. If your client is after the monitoring and analytics piece of the service provider console, I would suggest they look at Veeam One as it has that functionality.”

That's fine, although I'm pretty sure the Veeam site says that if you are not a provider or reseller, "contact sales for determination on a 'case by case basis'."

Now that being said, we don't need much from analytics; I'm sure Veeam One is plenty. Our biggest concern is still the ability to use RBAC to separate admins by department, such that admins in dept A cannot see or manage agents or admins in dept B, and vice-versa. I suspect this is still not doable even in VSPC (which is likely why you moved my query to this thread : ) I am also pretty sure based on my Veeam VAS trial exploring, that BEM or BEM Plus do not allow for that either.

But if you *can* do that with VSPC - then while I realize we are not a large client, seems like it could make our job a lot easier, plus possibly make us a good reference case for other Veeam customers in the future.

Thoughts? Either way, thanks much for your input!

[Gostev]

Since you're not a service provider, I would say it makes no sense for your sales person to get input from the VCSP team as these folks specialize exclusively on MSP business.

Normally your Veeam sales person needs to determine your eligibility for VSPC, which I believe primarily depends on your deal size. He should consult with senior colleagues and management as he's clearly unaware about the possibility to offer VSPC to large end users who operate as service providers. Although I don't blame him in this case because it's indeed quite rare for end users to want VSPC. But we do have a number of such customers.

From the product side and based on your explanation above, I can only confirm that VSPC is the perfect fit for your scenario from a technical perspective. And I agree you would be a good reference for the product, so keep pushing! Unfortunately being with R&D we can't really help with the sales process or influence their rules of engagement (like a deal size threshold) anyhow.

Thanks!

[edison5000]

Well, there's just too much to uncover for a forum post if you're starting literally from zero with VSPC the proper way at this point would be for you to reach out to your Veeam sales rep and ask for its live demo by a pre-sales engineers, who will also be able to answer all your questions above. Thanks!

Hello again. First - thanks very much for your input! based on it, our sales agent has been talking to a number of people to get us access. It is taking a while though.

In the meantime, question: is the product that you previously suggested we use, "VSPC for the Enterprise" or "Veeam Cloud Connect for the Enterprise" ?

For vspc: If vspc for enterprise, Is there some reason that is hidden away? If it's a trial that is going to time out like any other software, why so secret?
Again, the only link is here - https://www.veeam.com/service-providers-download.html

if Cloud Connect - the trial download strangely points only to VAS.
https://www.veeam.com/cloud-connect-ent ... -text-link

Thanks once again.

[Gostev]

I suggested the regular and only VSPC. "VSPC for the Enterprise" does not currently exist. We had such product originally some years ago with UI-level differences (a bunch of irrelevant UI tabs hidden) but decided it's not worth to continue this special edition and instead just have everyone (both MSPs and Enterprises) use the same single product.

[edison5000]

Hello again. Due to your input, I have finally obtained and managed to install VSPC on prem for the first time. Thanks again. However, it seems it is still not working because it appears to require at least one Cloud Connect server... which requires B&R to be installed. ? This is per both the VSPC Configuration screen, as well as the VSPC 6.0 deployment guide, unless I am missing something.

Previously you mentioned that we would not need to use B&R at all. Or did you mean that it would need to be installed...but then we could ignore it? In any seems like the # of parts required to make all this work keeps increasing. Which is not unreasonable given the intended scope of VSPC, but seems like a lot to get the functionality we're after. Still, I was hoping based on your prior description that we'd only need VSPC with its sys reqs (SQL & IIS on Win server), and boom, ready to roll.

A cloud engineer I corresponded with today via a ticket said "You can use VSPC as on premises to a degree to monitor and manage jobs but you will need to setup a cloud connect server of sorts (even if just internally) to have gateway server and single tenant setup to map all the data to. Backup Enterprise Manager is also an option if you aren't a cloud provider and want to avoid all the cloud connect licensing and server setup. That is what I typically recommend since VSPC for enterprise is no longer around."

I apologize if this is not a good place to continue this discussion; I can't seem to find any forum specific to VSPC in the R&D Forums, nor VSPC for Enterprise (which although it no longer exists, I'd think conceptually could use its own area if our numbers grow). If there is one where this should go, feel free to move it over there. : )

Thanks once again, I really appreciate it.

[Gostev]

VSPC rides on top of the Veeam Cloud Connect (VCC) engine which is installed with a B&R server. There's no separate installer for VCC. You don't need to use any other backup server functionality, but you do have to install VBR itself and configure a handful of VCC provider settings like certificates, ports etc.

There's actually no "good place" here on these forums for what you're looking for at this particular stage. Normally you should continue working with your pre-sales engineer or hire a VASP to take care of VSPC deployment and configuration. Although I would recommend starting from reading the product documentation, as it should have answers to virtually all questions you may have...

These R&D forums are not meant for providing deployment and configuration assistance for individual installations, nor are they staffed accordingly. Rather, they let our customers and partners to submit product feedback and request missing features without having to go through our sales or support teams, by communicating directly with the R&D team instead.