Unstructured S3 Object Backup with Multiple Accounts on Pure Storage FlashBlade


Userlevel 2

With Veeam B&R version 12.1 we have been given the fantastic ability to protect S3 compatible object storage buckets natively. This has quickly become a key request for Pure Storage customers that utilize FlashBlade for unstructured data, given its natural ability to simultaneously host multiple types of parallel streams of various unstructured data use cases. This includes NAS file systems supporting SMB and NFS, which @MarkPolin highlighted in his recent post about my scripts that can be used for backup from storage snapshot. It also of course includes native S3 Object bucket use cases, which is something FlashBlade has been best of breed for since its inception.

With Veeam’s object protection, combined with FlashBlade security perimeters around “Accounts”, an interesting scenario arises where the fencing of bucket access to separate users in separate accounts conflicts with the need to protect said buckets with Veeam. How do you go about providing Veeam with the required access across accounts without breaking down the security perimeters required by your applications that are using FlashBlade as a mission critical data storage platform?

The short answer: PowerShell!

I’ve created a proof-of-concept script that can quickly set up a Veeam+FlashBlade environment to allow access across FlashBlade accounts from Veeam to support backup of buckets regardless of the account in which they reside. In simplified form, we can do this using the addition of the FlashBlade array as an unstructured object data source multiple times using unique DNS cname entries (aliases), coupled with unique Veeam Cloud Credentials for each array. This can quickly get complicated at scale when dealing with dozens or hundreds of FlashBlade accounts, so I created a script:

 


 

 

All you have to do is modify the variables listed above to match your environment. The example script parameters are catered to our Pure Test Drive Lab for Veeam 12.1, which you can access with the assistance of your Pure Storage account team if interested. With that lab, the only thing you have to modify is the API Token, to match the one appropriate for the ephemeral lab instance. Here’s what things look like once configured:
 

 

 

Please reach out to your Pure Storage team with any questions, we’re always here to help!


4 comments

Userlevel 7
Badge +19

Very well done @pureben ! Thank you for sharing. 

Userlevel 7
Badge +21

That is very interesting technology. Thanks for sharing.

Userlevel 4
Badge +3

I’ve already had the privilege of seeing this in action through @pureben - but it’s great to see this shared in the community. Just goes to show the versatility of Veeam. Not all environments, but here is a great example of how to tune Veeam  to deploy efficiently on a   platform that can provide this type of scale for object storage. 

Userlevel 4
Badge

Thank you @pureben.  Appreciate you writing this blog!

Comment