shwstppr commented on code in PR #642: URL: https://github.com/apache/cloudstack-documentation/pull/642#discussion_r3240715383
########## source/adminguide/kvm_veeam.rst: ########## @@ -0,0 +1,497 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +.. _KVM with Veeam Backup and Replication: + +KVM with Veeam Backup and Replication +===================================== + +About the KVM with Veeam Backup and Replication +----------------------------------------------- +Starting with 4.23.0 release, support has been added for integrating +KVM-based CloudStack environments with Veeam Backup & Replication. This +integration allows CloudStack-managed KVM virtual machines to be discovered +and protected by Veeam, enabling organizations to use Veeam's backup +infrastructure for data protection and recovery. + +The integration exposes a compatibility layer that allows Veeam to interact +with CloudStack in a manner similar to environments managed by platforms such +as oVirt. Through this interface, Veeam can discover infrastructure resources +such as datacenters, clusters, hosts, and virtual machines, and perform +backup and restore operations using its standard workflows. + +At present, backup and restore operations are supported only for the +following storage types: + +- NFS +- Local storage +- SharedMountPoint + +Backup and restore operations are currently supported for user instances +only. Similar to other backup providers in CloudStack, system VMs (for +example, VR, CPVM, SSVM, and other infrastructure VMs) are not considered +by this integration. + +With this capability, administrators can: + +- Configure CloudStack as a virtualization manager within Veeam. +- Discover KVM hosts and virtual machines managed by CloudStack. +- Perform VM backups and restores directly from the Veeam Backup & Replication console. +- Leverage Veeam features such as scheduled backups, retention policies, and recovery operations. + +It is important to note that backup and restore operations are managed +entirely from the Veeam side. CloudStack does not currently provide a native +user interface or self-service capability for triggering or managing backups. +This is because CloudStack does not communicate directly with the Veeam UHAPI +manager for backup orchestration. + +As a result, self-service backup and restore functionality within CloudStack +is not available in this release. All backup configuration, execution, and +recovery workflows must be initiated and managed through the Veeam Backup & +Replication platform. + +This integration provides a foundation for using enterprise-grade backup +tooling with CloudStack-managed KVM environments while maintaining +compatibility with Veeam's existing workflows and management interfaces. + +Configuring CloudStack as Hypervisor Manager in Veeam Backup & Replication +--------------------------------------------------------------------------- + +To allow **Veeam Backup & Replication** to discover and protect virtual machines +running on **Apache CloudStack** KVM environments, the CloudStack Veeam Control +Service must first be enabled and configured. Once configured, CloudStack can +be added as a hypervisor manager within Veeam. + +1. Configure the CloudStack Veeam Control Service +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +CloudStack exposes a control service that allows Veeam to communicate with the +CloudStack-managed KVM infrastructure. This service must be enabled and +configured using CloudStack global configuration parameters. + +Update the following global configuration values in CloudStack: + ++------------------------------------------------+-------------------------------------------------------------+ +| Configuration Key | Description | ++================================================+=============================================================+ +| integration.veeam.control.enabled | Enables the CloudStack Veeam Control Service. | ++------------------------------------------------+-------------------------------------------------------------+ +| integration.veeam.control.bind.address | IP address on which the control service listens. | ++------------------------------------------------+-------------------------------------------------------------+ +| integration.veeam.control.port | Port used by the service. | ++------------------------------------------------+-------------------------------------------------------------+ +| integration.veeam.control.api.username | Username used by Veeam to authenticate with the service. | ++------------------------------------------------+-------------------------------------------------------------+ +| integration.veeam.control.api.password | Password used by Veeam to authenticate with the service. | ++------------------------------------------------+-------------------------------------------------------------+ +| integration.veeam.control.allowed.client.cidrs | Comma-separated list of CIDR blocks representing clients | +| | allowed to access the API. If empty, all clients will be | +| | allowed. Example: 192.168.1.1/24,192.168.2.100/32 | ++------------------------------------------------+-------------------------------------------------------------+ + +These parameters can be configured from the **Global Settings** section of the +CloudStack UI or using the CloudStack API. + +After updating the desired values, **restart the CloudStack management +server(s)** for the changes to take effect. + +The CloudStack environment must have SSL enabled on the management server so +that it can be added in Veeam as a KVM hypervisor manager. + +For instructions on enabling HTTPS/SSL on the management server, see: +`SSL (Optional) <installguide/optional_installation.html#ssl-optional>`_. + +2. Verify the CloudStack Veeam Control Service +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Once the management server has restarted, verify that the service is accessible. + +You can test the service using ``curl`` from a machine that can reach the +CloudStack management server. + +Example:: + + curl -k -u <username>:<password> \ + https://<cloudstack-management-ip>:<port>/<context-path>/api + +If the service is configured correctly, the request should return a valid +response from the CloudStack Veeam control API. + +This confirms that the API endpoints required by Veeam are reachable. + +3. Add CloudStack in Veeam Backup & Replication +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. note:: + **CloudStack KVM** is not currently available as a native hypervisor manager type in Veeam Backup & Replication. + For testing purposes, the **oVirt KVM** hypervisor manager can be used to connect to CloudStack environments. + When adding a new manager in Veeam, select **oVirt KVM** as the type and provide the CloudStack management server details. + + This workaround is for testing only until native support for CloudStack KVM is introduced in a future Veeam Backup & Replication release. + There is no upgrade path for CloudStack environments added as **oVirt KVM** managers. + After native CloudStack KVM support becomes available, the existing manager must be removed and re-added using the native CloudStack KVM manager type. + +After confirming that the CloudStack control service is operational, CloudStack +can be added as a hypervisor manager in Veeam. + +1. Open the **Veeam Backup & Replication Console**. +2. Navigate to **Inventory**. +3. Select **CloudStack KVM**. +4. Click **Add Manager**. +5. Enter the CloudStack server details: + + - **Server address**: CloudStack management server address. + - **Port**: The configured control service port. + - **Credentials**: The username and password configured earlier in + CloudStack (``integration.veeam.control.api.username`` and + ``integration.veeam.control.api.password``). + +6. Complete the wizard to add the manager. + +Once the manager is successfully added, Veeam will connect to CloudStack, +discover the infrastructure resources, and make the virtual machines available +for backup and restore operations. + +Backup Proxy or Worker VM for Veeam Backup and Replication +---------------------------------------------------------- + +A **worker VM** (also referred to as a backup proxy by Veeam) is required by +**Veeam Backup & Replication** to perform backup and restore operations in a +CloudStack KVM environment. + +The worker VM is responsible for: + +* Performing data transfer during backup and restore operations. +* Communicating with the **CloudStack Veeam Control Service** to discover + infrastructure resources and coordinate backup activities. +* Interacting with the KVM hypervisor hosts to read or write VM disk data. + +For worker VM deployment, the Veeam Backup & Replication platform must be +able to connect to KVM hypervisor hosts to upload QCOW2 images. This upload +is performed via CloudStack Image Service on the KVM hosts, which runs on +port 54322. + +Because of these responsibilities, the worker VM must be deployed in a +network that provides connectivity between the following components: + +* The Veeam Backup and Replication platform and the worker VM. +* The worker VM and the **CloudStack management server** running the Veeam + Control Service. +* The worker VM and the **KVM hypervisor hosts** that store and run the + virtual machines. + +For Advanced network zones, including Edge zones, one approach is to create a +**shared network** within the **management traffic range** configured in +CloudStack. The worker VM can then be deployed on this network so that it can +communicate with both the management server and the hypervisor hosts. Review Comment: Added -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
