Backup Design and or Feature for Managed IT Services
-
For the use case where an internal IT team for a single company is replacing VMWare with XCP-NG/XO having the integrated backup system it is great selling point.
On the other side, as a Managed Service Provider that has to manage many separate companies there is a challenge with that process and I am look for some suggestion and guidance that may lead to some feature requests.
The challenge is figuring out the best way to use XO for many clients. My idea is connecting all of our clients to an XOA instance we host so we have visibility in their environments to make sure they are patched and the backups are being managed.
Central Design Idea
- Have one XOA instance that we host in our infrastructure
- Create VPN to each client
- Have XOA Proxy at each client to handle local backups that go to on site client NAS
- Use S3 option to bring all backups back to our infrastructure
Challenges with this design
The ideal way for this to work would like the tools we currently use for VMWare management, which are Auvik for monitoring the stats and Veeam for handling backups. Both of those tools create tickets in our system to alert us of problems.Besides going into the XOA interface everyday or getting all notices sent via email I am not aware of any way to manage the success or failure of the backups for all clients. Maybe there is a way to do this that I am not aware of via the API? Does this sound like a good way to handle client management?
We have some developers and are willing to sponsor writing open source code to get these features done, but I first want to make sure I am on the right track in terms of design, or if each client should have their own XOA instance.
-
Adding @julien-f in the loop so we can discuss this.
-
IIRC, you already have some plugins to notify on backup problems and such. We could simply have a standard "webhook" plugin for this
-
@olivierlambert said in Backup Design and or Feature for Managed IT Services:
IIRC, you already have some plugins to notify on backup problems and such. We could simply have a standard "webhook" plugin for this
Web-hooks would definitely be the way to do this, though its not enabled in my instance it does already exist and is ready to be used.
As for centralizing XO for multiple customers, I've always liked the idea of doing something like this, but have never had a great need to do so, mostly because my customers have all gone with VMware or Hyper-V because of name brand recognition.
-
Yeah, XO + proxies might do the trick for you, especially since they don't manage anything by themselves.
It also depends on the scale we are talking about
-
@lawrencesystems said in Backup Design and or Feature for Managed IT Services:
or if each client should have their own XOA instance.
personally I believe every client should have their own XOA. Although that's more of a matter of opinion/business design.
@lawrencesystems said in Backup Design and or Feature for Managed IT Services:
Have one XOA instance that we host in our infrastructure
Going on this... maybe have a "XOA for MSPs". Instead of connecting to "pools", it can connect to XOAs. A way to view the backup statuses, XOA updates. Also as new MSP techs come on, they can be granted access to clients that may have multiple pools
-
@ajpri1998 said in Backup Design and or Feature for Managed IT Services:
Going on this... maybe have a "XOA for MSPs". Instead of connecting to "pools", it can connect to XOAs. A way to view the backup statuses, XOA updates. Also as new MSP techs come on, they can be granted access to clients that may have multiple pools
Why not just use a single XOA and then setup up ACLs, which would grant access to specific resources only then?
No reinvention required, just RBAC roles within XOA.
The bigger question is how to connect each customer to the central XO instance, confirm backups are going to the local (to the customer) storage etc.
The question I have would the data have to transfer across the internet to hit XOA and then back to the local repo.. ?
-
@lawrencesystems Could the tags play a part here and the new additional features using tags to ensure that the VMs are only placed on the appropriate customer's XCP-ng pools and SR?
While have any self service features ensuring new VMs have the appropriate tags by default on a per customer basis.
@julien-f @lawrencesystems Can tags control the flow of where backups and restorations go to and from? In other words ensuring that backups and restoration actions only go to each appropriate customer.
-
@john-c said in Backup Design and or Feature for Managed IT Services:
Could the tags play a part here
Yes, tagging each pool, storage, VM and Host with a customer name would make organizing this easy to do.
-
@lawrencesystems said in Backup Design and or Feature for Managed IT Services:
@john-c said in Backup Design and or Feature for Managed IT Services:
Could the tags play a part here
Yes, tagging each pool, storage, VM and Host with a customer name would make organizing this easy to do.
@lawrencesystems It may not be a customer name per say but go something similar to customer1 to customer99999999999 (or something similar). So you would need a management list converting customer1 etc into a customer name.
-
@lawrencesystems The customer number scoped tags are currently present in the latest version of Xen Orchestra Appliance (5.90). So the version would need to become stable if your updating based on the stable channel (branch).
-
@lawrencesystems Maybe get behind and help with code and/or sponsorship of this feature request.
https://xcp-ng.org/forum/topic/8252/tag-based-selection-for-multiple-vdi-storages/8
Cause this is a part required for what you are looking for as it will increase tag functionality. Specifically enabling tags to specify the affinity for where VDIs are stored (which SR they go to). There's already this feature present for VMs to ensure that they go to the correct hosts.
