EHC – Backup as a Service: Automated VM Protection

The Enterprise Hybrid Cloud solution provides fully automated data protection backup and restore services for virtual machines, with EHC Backup as a Service (BaaS).

At virtual machine deployment time, cloud users in the vRealize Automation self-service portal, can choose to protect their machines with a predefined backup service level. This automatically adds data protection backup to their virtual machine, but also enables them to initiate on-demand, point-in-time backups and restores of their virtual machines.


To provision a VM with data protection backup, all that a cloud user need do is select the relevant catalog item from their vRA catalog, and select the Backup Service Level that they want to apply to their new virtual machine, as shown below:


Note: Creating  Backup Policies/Service Levels (BSL) is covered here @ Enterprise Hybrid Cloud: Creating a Backup Service Level

Once the VM is deployed, the user can avail of the Day-2 VM on-demand actions such as Point-in-time Backup and Restore, as well as an on-demand backup report, as shown below:


Note: EMC Data Protection Advisor provides 2 additional reporting services at the VM level, but DPA is not installed in this environment right now

So that’s what the user sees once the VM is deployed, but what was done to get here?

First of all the VM Blueprint had to be created by a user with the Business Group Manager or Service Architect role. When configuring the VM Blueprint, the BackupandRestoreFunctions Build Profile was selected under Blueprint>Properties>Build Profiles, as shown below:


Note: The SiteAffinityFunctions Build Profile is separate to BaaS, and is specific to multi-site with EMC VPLEX.

This build profile is one of the many packages installed as part of the EHC Data Protection Backup package in vRealize Orchestrator. It is the customisations and workflows called from within that Build Profile that enable the BaaS features at VM deployment time, as well as the Day2 on-demand VM actions.

When the user requests a new VM from the vRA catalog, using this VM Blueprint, then a number of post-deployment tasks are involved. The new VM is automatically added to the corresponding vCenter folder and Avamar Policy, as shown below:

EHC_AvamarUI_BackupPolicy_vCenter - New Page

Note: VMs without EHC BaaS will by default be placed in the VRM folder in vCenter

The storage on which the new VM has been deployed will already have been configured for backup on the Avamar Proxy servers. This configuration is part of the STaaS workflow and operations.

The first virtual machine backup will execute according to the Backup Service Level schedule. This will be a full backup, with all subsequent backups being incremental.

The vRA user experiences no interruption in VM services during the VM backup, and is unaware of the tasks being automated in the background. Below is how the backup operation looks in the Avamar UI:



For Avamar to take an image-level VM backup requires a vm snapshot to be created. Below are the tasks visible in vCenter where the vm snapshot is created and mounted to the Avamar proxy server, before being unmounted and removed.


Coming back to the vRA user, the owner of the protected VM, they also have the ability to create on-demand backups in addition to the scheduled backups.


From their vRA portal under VM Actions an On-Demand Backup can be requested quickly and easily. Click on the action, and enter request details, as shown below:



The vRA user can view and select from the available backups for VM restore as required. Below is an example of requesting Backup Status, which will send an email to the user:


By the way, this is what those same backups look like in the Avamar UI:


The vRA user can also initiate an On-Demand Restore which will query Avamar for available backups for the selected VM, and present them with the available point-in-time backups from a drop-down menu in vRA, as shown below:


While these on-demand actions are available to the vRA users, it is possible to restrict various actions using the vRA Entitlements. So for example if a particular user group were to be allowed to backup their VMs, but not restore their VMs on-demand, then this could be configured under the vRA Entitlements, as suggested below:


Note/Bug: In vRA, if a user/usergroup is entitled to certain VM-level actions e.g. EHC BaaS, then these actions will be displayed for any other VMs that user owns that do not use EHC BaaS. This will not break anything, as the actions will simply fail. Not sure at this time if this issue is resolved in later versions of vRA.

For Dual-Site EHC environments, whether it’s DR using RecoverPoint, or Continuous Availability/Disaster Avoidance using VPLEX, all VM backups and VM-level services are replicated and fully available after a DR or migration event. This requires EMC Avamar appliances on both sites, with replication configured between them.

That’s it for this post, hope that helps understand EHC BaaS a little better!


One comment

  1. Pingback: Use VM, Backup, Delete, Restore – What’s the Problem? | Scamallach

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s