Use vSphere Tags for Veeam Backup and Replication jobs

VMware vSphere Tags provide an efficient and quick method to categorise different objects. Traditionally they are used to group virtual machines. In reality it is possible to use them to categorise different object types. For example we can use them to group Hosts, Clusters, Datastores, Virtual Machines and a lot more.

Effectively this means we can also leverage them to manage not just virtual machines but several types of objects based on policies associated to them. For example we can use vSphere Tags in conjunction with vSphere Storage Policies determining the default location for particular VMs.

Another case includes the ability to allocate encrypted VMs. In addition we can also use vSphere Tags to create storage Policies which are determining where to store specific virtual machines based on SLA requirements, Storage features, Locations (also very important for GDPR and Data Sovereignity purposes) and more.

VMware vSphere Tags are very powerful and this is also a good reason we can leverage them seamlessy with Veeam Backup and Replication jobs.

How Veeam Backup and Replication jobs can benefit from using vSphere Tags? Well there are plenty of examples and are really based on prerequisites. Probably the most popular ones I have seen on the field include but are not limited to:

Backup Policy

With a Backup Policy usually there are Service Level Agreeents (SLA) defined with different tiers. A classic one includes Gold, Silver and Bronze levels each one offering separate options.

Compliance Policy

Set of rules and principles included in the regulations that usually fall into the Governance, Risk and Compliance (GRC) Data management. Each Industry vertical has its top ones like Sarbanes Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA) and a lot more.

Replication Policy

Usually defines the Service Levels associated to particular virtual machines that need to be replicated based on a number of criteria like disaster recovery, data criticality and data availability.

Storage Policy

Is another example of set of policies which define particular features like encryption, storage locations and more. This is the perfect companion to work with when enforcing the affinity rules should a virtual machine be evacuated to a different location due to DRS and similar activities. And why not also strictly dictate which virtual machines should sit on which Datastore. This being a Direct Attached Storage, an ISCSI volume, a vVol or even a vSAN.

The list can go on and on. These are only a few examples I have seen in the field. So it’s time to start testing in our home lab. Let’s take a look on how to create VMware vSphere Tags and use them together with Veeam Backup and Replication jobs.

How to create vSphere Tags

From the VMware vCenter UI let’s navigate to Home > Tags & Custom Attributes. This is the main page from where we can manage and view existing vSphere Tags and Categories. The idea is to create the vSphere Tags and associate them to specific Categories. In my home lab at the moment I will create four types of Categories with pertinent Tags:

Backup Policy
Compliance Policy
Replication Policy
Storage Policy

Let’s start with the Backup Policy. All we have to do is to hit the “plus” button.

domalab.com VMware vSphere Tags creation

The wizard opens and from here we can specify the Category name, the option to associate one or multiple vSphere Tags and also the objects to which this category applies to. This is interesting for example when creating Categories that we can use then for Storage Policies choosing for example Cluster, Host and Datastore objects all together.

domalab.com VMware vSphere Tags add category

In this case let’s start with the Backup Policy. In particular this will apply to Data Center, Host, Datastore and virtual machine objects. I would also recommend to add a quick description as when working with multiple Tags and Categories might be not obvious to pick the desired one.

domalab.com VMware vSphere Tags add category object

At this point let’s move to the vSphere Tags view to create one with the same principle.

domalab.com VMware vSphere Tags create new

In this instance I’m creating a Gold, Silver and Bronze SLA Backup Policy. What I find very useful is also to include a link to an internal KB which describes in more detail what to expect from each Service Level. Also let’s make sure to select the appropriate Category.

domalab.com VMware vSphere Tags add tag

Following the same principle I have created 2 other Service Level Agreements corresponding to the pertinent Backup Policies.

domalab.com VMware vSphere Tags backup policy

Now the Backup Policy is just an example. In the screeshot below I have listed a number of other popular use cases covering Data Compliance, Data Replication and also a Storage Policies.

In particular with the GRC Policy we can tag all the workloads which carry sensitive information and as a such are subject to specific regulations. This is very important. The real scenario? Let’s say we want to quickly identify virtual machines where we want or need to test data using tags the job will result a lot easier and most of all structured and pragmatic.

With a Replica Policy we can easily tag all virtual machines which require a Replica copy into a separate instance. This be a Managed or Hosting or even Public Cloud Provider. Rather then trying to understand and add all virtual machines that should be replicated we can easily tag them and work with vSphere Tags directly. That means tags have the privildge of a dynamic nature which includes all objects following specific criteria. And I will expand on this topic in a different article.

Last but not least there is also the use case for Storage Policy Tags. In a nutshell we can simply classify our Datastores based on the type and then associate these vSphere Tags with specific Storage Policies which will dictate where a machine should be allocated.

And again also in this case there are plenty of scenarios where you might want to store specific virtual machines on dedicated storage. For example based on performance, encryption and more.

domalab.com VMware vSphere Tags policy

So how can we effectively leverage vSphere Tags together with Veeam Backup and Replication? Simply put when creating Backup, SureBackup, Replication and SureReplication jobs when adding the objects we can easily use vSphere Tags to automatically catch all objects associated with that specific vSphere Tag.

In the screenshot below just a few example on how we can leverage them and create new Backup Jobs based on the Policy type, or decide which machine to include in a SureBackup job so to test the latest Compliance and Regulation principles.

Likewise with the same principle we can automatically include all virtual machines that should be replicated into other instances. And finally also a few Datastore examples and based on each one technology create Backup and Rpelication Jobs fit for the purpose.

domalab.com VMware vSphere Tags Veeam Backup and Replication job

vSphere Tags surely add a great deal of flexibility on how to manage an increasing number of objects into the vCenter Inventory. Up to this point there is only a particular option I have omitted on purpose: how do we apply Tags to the objects? Simple. For each object we have the option to assign manually the desired and pertinent vSphere Tag.

Of course running this process manually for large environment is time consuming. This is where Veeam ONE Business View comes handy. In fact we can use Veeam ONE to manage the vSphere Tags and this exactly what we’ll cover in the next article!