Scenario:
- Customer would like to protect contractor laptop running operating system: Windows 7 or higher edition such as Windows 10
- Prevent contractor from modify company backup policy
- Backup able to take place from anywhere & anytime without establish connection to corporate office
- Leverage on local cloud service provider to store backup data
- Able to restore backup data
Propose solution:
- Use Veeam agent to protect workstation: entire volume, per volume or data
- Backup data will transfer to local service provider securely using SSL/TLS connection
- Leverage on Veeam cloud connect features.
- Central management on agent deployment, policy deployment & tenant management
Note: No step by step guide. Assuming that you've the knowledge about Veeam products & should able to find the configuration.
[@ Service Provider]
Environment:
- Cloud Connect Infrastructure is ready for BaaS.
- Has Veeam Availability Console (VAC) setup.
- Created tenant & assigned to plan. In this example, we will use Tenant Alpha from Alpha Corp Sdn Bhd
- Credential for Tenant Alpha will send to customer via email.
[@ Tenant - Alpha from Alpha Corp Sdn Bhd ]
- Login to VAC portal using credential that receive by an email,
- After login to portal, tenant require to create a discovery rule to discover all workstation that would like to protect. You can discover workstation by using network segment, Active Directory or CSV file.
- After create the discovery policy, run it & should able to find your workstation. Just set discovery without apply a policy. We will define on next step.
Next, create a backup policy that you would like to apply to workstation.
Select operation mode "Workstation". It is for client guest operating system.
Define backup mode that you would like to protect. We select "Entire computers".
Next step is crucial. Select destination "Veeam Cloud Connect Repository". Backup data will send to VCSP.
Define retention period to keep backup data.
On next page, define backup quota that you want to split to sub tenant.
By default, tenant Alpha will get his large quota that he subscribe from service provider. Example: 10 TB.
To avoid all tenant stored till 50TB, he will specify user quota. Let say limit each users to store backup data up to 1TB. With sub tenant option, backup data will store according to laptop name.
Example: Alpha_LaptopName
Next step is define the scheduling & other backup options.
In this stage, we have create discovery rules & backup policy.
Next process is deploy veeam agent from VAC. Provide the credential that able to perform installation on target workstation & select the backup policy to apply.
Do make sure, you have one host act as master. This can easily assigned from VAC console.Master agent & all workstation must has access Internet.
- Master agent require Internet to download latest veeam agent installer from veeam
- All workstation require Internet to transfer backup data to local service provider.
Below is the deployment process after run the job.
From VAC console, you able to view target repository. It displayed as "tenant_laptopname".
Example:
- alpha_Win10B_repository
- alpha_Win10_repository
[ On Workstation ]
- Agent deployed
- Backup run according to schedule
- Backup data securely transfer to local service provider without VPN
- Contractor unable to modify backup policy. This option has locked down to prevent any modification
To summarise the total solution:
- Customer able to ensure their contractor data is securely backup & store @local service provider
- Contractor has no control to prevent or modify backup policy.
- With backup cache option on veeam agent, backup data will backup even without Internet access. Once contractor connect to Internet, backup data will transfer to local service provider
- No Site to site vpn involved. Data is securely transfer to local service provider.
- Finally customer has control on corporate data