Veeam Backup & Replication 7 #4: Self-service restore for vCloud Director

0 Flares Twitter 0 Facebook 0 LinkedIn 0 Email -- 0 Flares ×

Another post about the use of the new Veeam Backup & Replication 7.0 in conjunction with vCloud Director. After the configuration of backup jobs with vCloud Director, you can also allow your users/customers to restore files or VMs by themselves, without any need for help from the Veeam Backup operators.

First, you need to publish Enterprise Manager to the internet, so it can be reached remotely from your users. Beeing it a pure web console, this operation is really easy.

Then, you need to creare the logins and assign them to your users, and configure the “scope” they will have. Enterprise Manager does not have internal users, but it relies on the local users of the windows server it is installed on, or the Active Directory users if the server is joined to a domain. So, before configuring Veeam, you need to create all the required users, and give them a strong password. They do not need to be special users, basic users are enough. In my lab, I created Customer1 and Customer2.

Once they are readty, go into Enterprise Manager with an administrative account, and open Configuration -> Roles -> Add:

Account creation in Enterprise Manager

To completely separate users, and let them see only their own backups, by using the button “Choose” you can set the scope for the user “Customer1”. First, select “vCloud object” to be added:

Add vCloud object to the management scope

Then, browse the complete vCloud Director tree, and select the part you’d like your user to see, in my example is his own Organization, named “Customer1”:

Add object to management scope

Once you configured the new roles, in order to test the restores you simply need to logoff from Enterprise Manager and login again using for example the Customer1 login. You will instantly see the interface is different, and you only have the tabs for VMs or Files restore. In the VM list, you will only see those belonging to “vDC C1-A” tenant, that is the one owned by Customer1:

User login in the Enterprise Manager

From here, Customer1 can initiate a self-service restore for example of the VM named “C1-vCloud-WebApp”:

User restores a VM from Enterprise Manager

In order to restore a complete vApp, you will still need to use the complete Veeam Backup & Replication console, but anyway this is a huge step forward in designing a self-service restore solution for vCloud Director.


[This post was originally written by Luca Dell’Oca, and published on the blog ]

2 thoughts on “Veeam Backup & Replication 7 #4: Self-service restore for vCloud Director

  1. Hi Luca,

    thanks for your very interesting post, as usual.

    Question I have: you suggest to expose Enterprise Manager to the internet. Have you run a pen test against this app ? My point is I’m not sure it has been developed to be internet facing, but rather to the Enterprise network.


  2. Hi,
    not yet, mine right now is nost a suggestion as a cool and productive way to use it. From a security standponit, usual activities still applies: application proxies and reverse proxies are still a suggested way do expose this web interface, regardless its inner security.

Comments are closed.