With Veeam B&R version 12.1 we have been given the fantastic ability to protect S3 compatible object storage buckets natively. This has quickly become a key request for Pure Storage customers that utilize FlashBlade for unstructured data, given its natural ability to simultaneously host multiple types of parallel streams of various unstructured data use cases. This includes NAS file systems supporting SMB and NFS, which
With Veeam’s object protection, combined with FlashBlade security perimeters around “Accounts”, an interesting scenario arises where the fencing of bucket access to separate users in separate accounts conflicts with the need to protect said buckets with Veeam. How do you go about providing Veeam with the required access across accounts without breaking down the security perimeters required by your applications that are using FlashBlade as a mission critical data storage platform?
The short answer: PowerShell!
I’ve created a proof-of-concept script that can quickly set up a Veeam+FlashBlade environment to allow access across FlashBlade accounts from Veeam to support backup of buckets regardless of the account in which they reside. In simplified form, we can do this using the addition of the FlashBlade array as an unstructured object data source multiple times using unique DNS cname entries (aliases), coupled with unique Veeam Cloud Credentials for each array. This can quickly get complicated at scale when dealing with dozens or hundreds of FlashBlade accounts, so I created a script:
All you have to do is modify the variables listed above to match your environment. The example script parameters are catered to our Pure Test Drive Lab for Veeam 12.1, which you can access with the assistance of your Pure Storage account team if interested. With that lab, the only thing you have to modify is the API Token, to match the one appropriate for the ephemeral lab instance. Here’s what things look like once configured:
Please reach out to your Pure Storage team with any questions, we’re always here to help!