User self restore enabling for companies

  • 19 March 2021
  • 8 replies
  • 77 views

Badge +1

Hello,

 

We want to enable self user restores in our company. We are wondering how other Commvault customers have implemented this and what were the challenges. Are you using Command Center or api’s? How are you letting users to restore VM backups? It would be really helpfull to hear your suggestions. We are currently looking at Command center and API options.

Thank you! 


8 replies

Userlevel 4
Badge +7

@ziv just out of curiosity have you looked into the documentation already? there is a whole section related to this topic: https://documentation.commvault.com/11.23/essential/87419_commvault_for_managed_service_providers_msps.html

to be clear on you question and your objective: do you want to organize internal departments into "companies” (I still have this terminology b.t.w. as they should have called it tenant) and you want them to consume Commvault as a Service so they will do their restores themselves via Command Center or API (both follow each other hand in hand because Command Center triggers the same APIs who can be consumed via SDKs or directly via custom written code)? 

Badge +1

Hi Onno,

 

Thank you for your reply. I have checked documentation you have provided. I will try to be more clear what i am trying to implement.  We have around 10k of server in your company. They are owned by different internal departments - some of them are backed up with commvault agent some by snapshots(we have two commservers one for agent based servers and other for snapshot). So, in order to implement Managed Service Provider we should gve access to our environment for each department. I am interesed in how other Commvault customers are approaching this. Is everyone using MSP or other Commvault tools? Or writing custom scripts? What challenges are you seeing in using each approach?

 

Thank you

Userlevel 4
Badge +7

I think it totally depends on your whishes and goals. From what I understand from your writing is that you want transform the operating model and possibly move the responsibility of the backup/recovery from a central team back to the internal departments. I assume there are departments that use both agents based backups and snapshot based backups. Is there any particular reason that you have segregated the environment like this? 

Are there employees who belong to multiple departments and do administration tasks? Because if that is the case than the MSP model with reseller enabled can be a good fit.

This way it would allow you to create a company per department and move the objects towards the companies to which they belong. By enabling reseller model and populate the user groups with the tenant operator role a user is asked to specify a company when he accesses Command Center. When he selects the specific company he can only see and administer the resources related to that company. 

You could also think of introducing (https://documentation.commvault.com/11.23/essential/108583_web_service_routing_for_environments_with_multiple_commcell_deployments.html) to glue both CommCells together to offer the departments a single point of entrance.

Unfortunately I can't really give you a golden solutions because you haven't specified real clear requirements objectives, goals and clarification on possible restrictions from a security perspective. I would anyhow recommend you to play around to see what would be the best fit in your case.

All-in-all there are many options that Commvault offers. Migrating to it at such scale some form of scripting/automation will be very handy because it gives control and speed during the migration.

Badge +1

Hi @Onno van den Berg ,

as I’m from the same team as Zivile, I will give you more clearance on our case.

In our organization we have private cloud solution and building self service for our stakeholders (internal departments). Each server owner should be able to enable/disable backups, execute backups, restore data to their servers etc. However, we don’t want to give full admin rights for the users as backup team is managing whole infrastructure and it would be security breach.

We have few challenges there:

  • Infrastructure complexity:
    • as Zivile mentioned - we have two Commvault servers - one is for agent based backups (File Systems, databases etc.), second for plain VMs and snapshot backups. This change was done due high utilization on Commcell (at some point in time GUI and job manager freezed due multiple schedulers running on the same time), internal database workload, 20K limits for clients per Commcell and others;
    • We have backup metrics server which is used for users to access and check their asset backup info, however for operation tasks backup metrics has only one Commcell CommandCenter so there is limitation how to get ability to operate multiple CS’s in single web console;
  • Development - by coding self-service with Commvault we are facing issues with API limitations, private cloud dependencies (current process workflows might create long wait time for the user, complexity on creating UI’s etc.), additional complexity by implementing security guidelines, ;
  • Strict security policy for user access and data management (i.e. data can be restored only to the same environment (PROD or1 SYST or TEST);
  • Current Commvault web platforms limitations - on MyData user have only file system restores, no database agent management. Multiple Command Centers does not allow to keep all backup assets under single centralized location;

However, I need to dig deeper on information which you provided to make sure if we approached all existing ways, but in general - we need centralized platform where user could manage it’s assets backups from multiple Commcells.

One quick question - is it possible to run CommandCenter web console on separate servers from Commserver (but not backup metrics server)?

Thanks, @Onno van den Berg , for already provided information. If you have anything on that or need more clarifications on topics I’ve mentioned, let us know.

Userlevel 4
Badge +7

@Rolandas please see below my response

One quick question - is it possible to run CommandCenter web console on separate servers from Commserver (but not backup metrics server)?
Yes, this is possible! It is also very well documented.

Current Commvault web platforms limitations - on MyData user have only file system restores, no database agent management. Multiple Command Centers does not allow to keep all backup assets under single centralized location;
I think you should consider stopping the use of the web console and move over to Command Center for everything. I think in the end they might stop with the web console in the current form and integrate the web console part into Command Center. Anyway Command Center allows linking multiple environments all together and web console does not.

Your input around development. Have you really invested a lot of time and money in it by directly talking against the API's? My advise would be to first look at the SDKs which ease API consumption and makes sure API endpoint changes are less intrusive because those should be mitigated by SDK changes. The tighter you integrate the more you will have to do good Q&A if everything still works as expected. 

As said the web service routing should give you a single point of entrance to the CommCells which should streamline and simplify operations for your internal. To enhance it further I would differentiate not on workload but make the split on departments, so you have all workloads of a department in a single CommCell. Additional benefit could also be that the load is spread amongst the infrastructure more efficient as well.

Hope this information gives some guidance! I would definitely advise you to spend time on this to play around with it and see if you can fit it into you operation model. 

 



 

 

Badge

In our environment the self-serve restores are done through CommVault Workflows(WF). The executor of the WF will provide input data such as the date to restore from and what needs to be restored. The WF will then check their Active Directory membership and then provide a list of destination server(s) to choose from based on what AD group they belong to. The rest of the restore process, what the source server(s) are, is there a successful backup for the date chosen, is the backup on disk or offsite tape(s), executing the restore, determining if the restore was successful or not, sending informational emails, is all done through the WF.

Userlevel 5
Badge +13

In our environment the self-serve restores are done through CommVault Workflows(WF). The executor of the WF will provide input data such as the date to restore from and what needs to be restored. The WF will then check their Active Directory membership and then provide a list of destination server(s) to choose from based on what AD group they belong to. The rest of the restore process, what the source server(s) are, is there a successful backup for the date chosen, is the backup on disk or offsite tape(s), executing the restore, determining if the restore was successful or not, sending informational emails, is all done through the WF.

Nice solution @BStibal - how does the user interact with the workflow, through webconsole or do you have a customer frontend via service now or something?

Badge

Some internal support teams have access to the CommVault GUI but we are directing most to the WebConsole. 

Reply