Protection Groups¶
Introduction¶
Backup Protection Groups are backup policies that define backup schedule intervals and retention periods.
VMs and volumes that are a protection group’s protected resources are backed up according to the group’s backup schedule and retention settings.
A Protection Group can optionally be configured to back up local snapshots to a Remote Object Storage.
There are no prerequisites for the creation of a Protection Group.
Protected resources such as volumes and VM instances can be added to a Protection Group at any time.
Note
To configure a Protection Group to back up local snapshots to a remote Object Storage on completing local snapshot creation, an External Endpoint for the Object Storage container must first be configured, if it does not already exist.
See Creating an External Endpoint.
There is the need to predefine Backup Protection Groups and Restore Protection Groups. Restore Protection Groups are required only when restoring to another site (restore only, without backup) or when restoring to another account on the same cloud.
Backup Protection Group Operations¶
Note
Backup Protection Groups back up and recover within the same project.
Restore Protection Groups are intended only for recovery from a remote Object Store to a different project, account or cloud.
Viewing Backup Protection Groups¶
Navigate to Protection > Protection Groups.
Click the Backup Protection Groups tab.
A list of configured Backup Protection Groups displays, with the following columns:
Column
Description
Name
The Protection Group’s name
Remote Retention Days
Number of days the backup is retained in the remote Object Storage
Local Retention Days
Number of days the local backup is retained
Last Triggered
The last date and time a snapshot was taken
User
The user that triggered the last snapshot
Resources
The number of protected resources backed up in the last snapshot
Enabled
Indicator whether the Protection Group is currently enabled
External Endpoint
Name of the External Endpoint to Object Storage
Admin Only
Indicator whether the Protection Group is managed only by the MSP
Health
The Protection Group’s health status
State
The Protection Group’s readiness status for triggering snapshots
To view a Backup Protection Group’s details, click its Name, to display the following:
Top Menu Bar
The Backup Protection Group’s top menu bar displays the following option buttons:
Disable: See Enabling or Disabling a Backup Protection Group.
Modify: See Modifying a Backup Protection Group.
Schedule: See Rescheduling a Backup Protection Group.
Trigger Now: See Backup Protection Group Trigger Now.
Delete: See Deleting a Backup Protection Group.
If the Backup Protection Group is not configured for backup to remote Object Store, the top menu bar also display’s the following option button:
Associate Object Storage: See Associating a Backup Protection Group with an Object Storage.
Top Pane
The Backup Protection Group’s top pane displays the following sections:
Backup Protection Group basic information: Name, Description, Status and Health
Schedule details for local Snapshots and Remote Object Storage Snapshots
Protected Resources summary count of protected resources, grouped by type (VMs, volumes)
External Endpoint parameter values
Lower Pane tabs:
The Backup Protection Group’s lower pane has the following tabs:
Overview tab:
Basic information about the Backup Protection Group:
Column
Description
Name
The Protection Group’s name
Type
The type of Protection Group (Backup or Restore)
Creation Date
The date and time the Protection Group was created
Last Update
The date and time of the last change to the configuration
External Endpoint
Name of the External Endpoint to Object Storage
Enabled
Indicator whether the Protection Group is currently enabled
Admin Only
Indicator whether the Protection Group is managed only by the MSP
ID
The Protection Group’s UUID
Events tab
Allows applying filters to view selections of the Protection Group’s events log.
Protected Resources tab
Local Protection Group Snapshots tab
List of the Protection Group’s local snapshots, with the option for authorized users to select and delete snapshots.
Remote Protection Group Snapshots tab
List of the Protection Group’s snapshots on remote Object Storage, with the option for authorized users to select and delete snapshots.
Creating a Backup Protection Group¶
To create a Backup Protection Group and configure its backup snapshot schedule:
Navigate to Protection > Protection Groups.
A list of configured Backup Protection Groups displays in the Backup Protection Groups tab.
In the top menu bar, click + Create.
In the Create Backup Protection Group dialog:
In the Group tab, enter the parameters:
Name: A unique meaningful name for the Backup Protection Group.
Description: Optional description.
Backup to Object Store: Toggle switch determining whether local snapshots are backed up to a remote Object Store.
Select:
Off (default): The snapshots are created locally.
On:
If selected, from the External Endpoint dropdown select the B2OS endpoint for the remote Object Storage backup container.
The snapshots are created locally.
Local snapshots are backed up to the selected remote Object Storage destination container, as specified in the selected remote Object Storage’s External Endpoint.
Click Next.
In the Schedule tab, enter the parameters:
Local Snapshots:
Recurrence: The frequency interval units, as one of:
Minute
Hour
Day
Week
Month
Every: The frequency interval as a number of the selected unit, between each snapshot.
For Week intervals, click the days of the week that weekly snapshots are scheduled.
For Month intervals, select one of the Repeat by options, and the Start date:
Day of the month:
Snapshots are scheduled for the selected day of the month, starting from the Start date, and repeating according to the interval defined as the number of months (n) in Every n Month(s).
For example, if Every = 2 and Start date = 17 Jan 2025, snapshots are scheduled for the 17th of every second month, starting 17 Jan 2025.
Day of the week:
Snapshots are scheduled for the selected day of the week, and week of the month, starting from the Start date, and repeating according to the interval defined as the number of months (n) in Every n Month(s).
For example, if Every = 2 and Start date = Fri 17 Jan 2025, since the start date occurs on the 3rd Friday of the month, snapshots are scheduled for the 3rd Friday of every second month, starting 17 Jan 2025.
Start Time: The start time of the schedule, in Hours and Minutes in 12-hour format, and either AM or PM.
Retention for Local snapshots: The duration in days to retain local snapshots.
Local snapshots are deleted automatically after this duration.
Note
A maximum of 50 accumulated local snapshots can be stored.
Additional parameters for Backup Protection Groups that are configured for Backup to Object Store:
Remote Object Storage Snapshots:
Remote snapshots every: The number oflocal snapshots that accumulate, after which they are backed up to the remote Object Store.
Retention for Remote snapshots: The duration in days to retain Remote snapshots.
Remote snapshots are deleted automatically after this duration.
Note
A maximum of 100 accumulated remote snapshots can be stored.
Click Finish.
Note
Continue at any time with Adding or Removing Protected Resources.
Adding or Removing Protected Resources¶
Navigate to Protection > Protection Groups.
A list of configured Backup Protection Groups displays in the Backup Protection Groups tab.
Note
Volumes that are attached to a VM instance are automatically included in that VM’s Backup Protection Group.
Similarly, volumes attached to a VM that is in a Backup Protection Group are automatically removed from the Backup Protection Group upon removal of that VM.
If a volume is independently protected in a Protection Group and also attached to a VM that is later added to the same Protection Group, the volume’s Protection Group snapshots will be deleted. However, you can still recover an individual volume from a VM snapshot or from the Protection Group.
Caution
Attempting to add a VM to a Protection Group will fail, if a volume on that VM is already previously defined as a (standalone) protected resource in the same Protection Group.
In this case, to successfully add the VM and all of its volumes to the Protection Group, it is necessary to first Remove Protection of the conflicting volume from the Protection Group. Then, adding the VM to the Protection Group automatically includes all its volumes.
Click the Backup Protection Group to add or remove protected resources.
The Backup Protection Group’s details display.
In the lower pane, click the Protected Resources tab.
The Backup Protection Group’s protected resources are listed.
Adding a VM instance to the Backup Protection Group
In the lower pane menu bar click + Add VM.
In the Add instance to protection group dialog, from the VMs dropdown, select the VM instance to add to the Backup Protection Group, and click OK.
The VM instance appears in the Backup Protection Group’s protected resources list.
Future snapshots of the Backup Protection Group will include the VM instance and its attached volumes.
Adding a Volume to the Backup Protection Group
In the lower pane menu bar click + Add Volume.
In the Add volume to protection group dialog, from the Volumes dropdown, select the volume to add to the Backup Protection Group, and click OK.
The volume appears in the Backup Protection Group’s protected resources list.
Future snapshots of the Backup Protection Group will include the volume.
Removing a VM or Volume from the Backup Protection Group
To remove a protected resource:
On the row of the VM or volume to remove from the Backup Protection Group, click anywhere except on the Resource Name.
The Remove Protection option appears on the lower pane menu bar.
Click Remove Protection.
In the Remove Protection confirmation dialog, click OK to proceed with removing the selected VM or volume from the Backup Protection Group.
The VM or volume disappears from the Backup Protection Group’s protected resources list.
Future snapshots of the Backup Protection Group will no longer include the removed VM or volume.
Enabling or Disabling a Backup Protection Group¶
Navigate to Protection > Protection Groups.
A list of configured Backup Protection Groups displays in the Backup Protection Groups tab.
The Enabled column displays the Backup Protection Group’s Enabled or Disabled status.
Click a Backup Protection Group to select it for Enabling or Disabling.
The Backup Protection Group details display.
In the top menu bar, click the Enable/Disable toggle.
The Enabled status field displays the Backup Protection Group’s updated Enabled or Disabled status.
Modifying a Backup Protection Group¶
To modify a Backup Protection Group:
Navigate to Protection > Protection Groups.
A list of configured Backup Protection Groups displays.
Click a Backup Protection Group to modify it.
The Backup Protection Group details display.
In the top menu bar, click Modify.
In the Update Backup Protection Group dialog, optionally modify one or more of the modifiable parameters:
Name: A unique meaningful name for the Backup Protection Group.
Description: Optional description.
Backup to Object Store: Toggle switch determining whether local snapshots are backed up to a remote Object Store.
Note
If the Protection Group is not already associated with a remote Object Storage, it is also possible to configure backup to remote Object Storage.
A Protection Group that is associated with a remote Object Storage cannot be disassociated with its remote Object Storage, except for deletion, which also removes all accumulated local snapshots.
Select:
Off (default): The snapshots are created locally.
On:
The snapshots are created locally.
Local snapshots are backed up to the selected remote Object Storage destination container, as specified in the selected remote Object Storage’s External Endpoint.
If selected, the Associate Object Storage dialog opens.
Group tab:
From the External Endpoint dropdown select the B2OS endpoint for the remote Object Storage backup container.
Click Next to continue to the Schedule tab.
Schedule tab:
Optionally modify the Local Snapshots schedule parameters as described in Rescheduling a Backup Protection Group.
Accept or modify the Remote Object Storage Snapshots parameters, as described in Rescheduling a Backup Protection Group.
Click Finish.
Rescheduling a Backup Protection Group¶
To change the frequency or time of a Backup Protection Group’s local or remote Object Storage snapshots:
Navigate to Protection > Protection Groups.
A list of configured Backup Protection Groups displays.
Click a Backup Protection Group to select it for snapshot rescheduling.
The Backup Protection Group details display.
In the top menu bar, click Schedule.
In the Schedule Backup Protection Group dialog, modify the relevant parameters:
Local Snapshots:
Recurrence: The snapshot frequency interval units, as one of:
Minute
Hour
Day
Week
Month
Every: The snapshot frequency interval as a number of the selected unit, between each snapshot.
For Week intervals, click the days of the week that weekly snapshots are scheduled.
For Month intervals, select one of the Repeat by options, and the Start date:
day of the month:
Based on the Start date, snapshots are scheduled to repeat on the selected day of the month at the interval frequency of the number entered for Every number of months.
For example, if Every = 2 and Start date = 24 Jan 2025, snapshots are scheduled for the 24th of every second month, starting 24 Jan 2025.
day of the week:
Based on the Start date, snapshots are scheduled to repeat on the selected day of the week, and week of the month, at the interval frequency of the number entered for Every number of months.
For example, if Every = 2 and Start date = Fri 24 Jan 2025, since the start date occurs on the 4th Friday of the month, snapshots are scheduled for the 4th Friday of every second month, starting 24 Jan 2025.
Start Time: The start time of the schedule, in Hours and Minutes in 12-hour format, and either AM or PM.
Retention for Local snapshots: The duration in days to retainlocal snapshots.
Local snapshots are deleted automatically after this duration.
Additional parameters for Backup Protection Groups that are configured for Backup to Object Store:
Remote Object Storage Snapshots:
Remote snapshots every: The number of local snapshots that accumulate, after which they are backed up to the remote Object Store.
Retention for Remote snapshots: The duration in days to retain remote snapshots.
Remote snapshots are deleted automatically after this duration.
Click Finish.
Backup Protection Group Trigger Now¶
To trigger an immediate snapshot of a Backup Protection Group’s protected resources, in addition to its scheduled snapshot:
Navigate to Protection > Protection Groups.
A list of configured Backup Protection Groups displays.
Click a Backup Protection Group to select it for triggering an immediate snapshot.
The Backup Protection Group details display.
In the top menu bar, click Trigger Now.
In the Trigger Backup Protection Group dialog:
Optionally, enable Remote Object Storage Snapshots to send the snapshot to remote Object Storage.
Click OK to progress with creating the snaphot of the protected resources immediately.
The snapshot and its progress are listed in the Backup Protection Group’s Local Protection Group Snapshots tab in the lower pane.
If Remote Object Storage Snapshots is enabled, the snapshot and its progress are also listed in the Remote Protection Group’s Local Protection Group Snapshots tab in the lower pane.
Deleting a Backup Protection Group¶
To delete a Backup Protection Group:
Navigate to Protection > Protection Groups.
A list of configured Backup Protection Groups displays.
Click a Backup Protection Group to select it for deletion.
The Backup Protection Group details display.
In the top menu bar, click Delete.
In the Delete Protection Group dialog, click Delete to confirm deletion of the Backup Protection Group.
Associating a Backup Protection Group with an Object Storage¶
If a Backup Protection Group is configured for Local Snapshots only, it is also possible to configure backup to remote Object Storage by associating the Backup Protection Group with an Object Storage:
Note
A Protection Group that is associated with a remote Object Storage cannot be disassociated with its remote Object Storage, except for deletion, which also removes all accumulated local snapshots.
To associate a Backup Protection Group with an Object Storage:
Navigate to Protection > Protection Groups.
A list of configured Backup Protection Groups displays.
Click a Backup Protection Group to select it for association with an Object Storage.
The Backup Protection Group details display.
In the top menu bar, click Associate Object Storage.
The Associate Object Storage dialog opens:
In the Group tab:
From the External Endpoint dropdown select the B2OS endpoint for the remote Object Storage backup container.
Note
On completion of snapshot creation, local snapshots are backed up to the remote Object Storage destination container, as configured in the remote Object Storage’s External Endpoint.
Click Next to continue to the Schedule tab.
In the Schedule tab:
Optionally modify the Local Snapshots schedule parameters as described in Rescheduling a Backup Protection Group.
Accept or modify the Remote Object Storage Snapshots parameters, as described in Rescheduling a Backup Protection Group.
Click Finish.
Restoring from a Backup Protection Group¶
Restoring a VM instance¶
To restore a VM instance, see Recover VM Instances from Snapshots in the Snapshots page.
The VM’s attached volumes are restored as an integral part of the VM instance’s recovery process.
Restoring a Volume¶
To restore a volume:
Navigate to Storage > Snapshots.
Select the Local Snapshots tab.
Click Create Volume in the upper menu bar.
In the Create Volume dialog, accept or update the values for:
Name: Volume name
Volume Type
Click OK.
The restored volume displays in the Storage > Block Storage list.
See Volume Snapshot Operations in the Snapshots page for other snapshot operations.
Restore Protection Group Operations¶
Note
Restore Protection Groups are intended only for recovery from a remote Object Store to a different project, account or cloud. In contrast, Backup Protection Groups back up and recover within the same project.
Viewing Restore Protection Groups¶
Navigate to Protection > Protection Groups.
Click the Restore Protection Groups tab.
A list of configured Restore Protection Groups displays, with the following columns:
Name, User, External Endpoint, Health and State.
To view a Restore Protection Group’s External Endpoint details, click a Restore Protection Group.
The Restore Protection Group’s External Endpoint details display in the lower pane.
Creating a Restore Protection Group¶
To create a Restore Protection Group:
Navigate to Protection > Protection Groups.
Click the Restore Protection Groups tab.
A list of configured Restore Protection Groups displays.
In the top menu bar, click + Create.
In the Create Restore Protection Group dialog:
Enter the parameters:
Name: A unique meaningful name for the Restore Protection Group.
Description: Optional description.
External Endpoint: From the dropdown, select the remote Object Storage from the list of B2OS endpoints.
Click Finish.
Modifying a Restore Protection Group¶
To modify a Restore Protection Group:
Navigate to Protection > Protection Groups.
Click the Restore Protection Groups tab.
A list of configured Restore Protection Groups displays.
Click a Restore Protection Group to modify it.
The Restore Protection Group details display.
In the top menu bar, click Modify.
In the Update Restore Protection Group dialog:
Optionally modify one or both modifiable parameters:
Name: A unique meaningful name for the Restore Protection Group.
Description: Optional description.
Click Finish.
Deleting a Restore Protection Group¶
To delete a Restore Protection Group:
Navigate to Protection > Protection Groups.
Click the Restore Protection Groups tab.
A list of configured Restore Protection Groups displays.
Click a Restore Protection Group to select it for deletion.
The Restore Protection Group details display.
In the top menu bar, click Delete.
In the Delete Protection Group dialog, click Delete to confirm deletion of the Restore Protection Group.
Restoring from a Restore Protection Group¶
Note
A VM’s attached volumes are restored as an integral part of the VM instance’s recovery process.
If a Protection Group comprises more than one VM instance (e.g. 2 VMs and two unattached volume), in the UI, each VM instance and each unattached volume must be recovered individually, separately.
The UI does not provide a wizard or dialog for recovering all of a Protection Group’s Protected Resources in a single-phase interaction or transaction.
Restoring a VM instance from Object Storage¶
To restore a VM instance from a remote Object Storage, see Recover VM Instances from Snapshots in the Snapshots page.
The VM’s attached volumes are restored as an integral part of the VM instance’s recovery process.
Restoring a Volume from Object Storage¶
To restore a volume from a remote Object Storage:
Navigate to Storage > Snapshots.
Select the Remote Snapshots tab.
Click Create Volume in the upper menu bar.
In the Create Volume dialog, accept or update the values for:
Name: Volume name
Volume Type
Click OK.
The restored volume displays in the Storage > Block Storage list.
See Volume Snapshot Operations in the Snapshots page for other snapshot operations.
Backup to Object Storage (B2OS)¶
zCompute Backup to Object Storage (B2OS) extends backup and restore capabilities beyond local block storage. It enables backing up and restoring VMs and volumes that are protected by protection-group to and from Zadara Object Storage systems.
These Zadara Object Storage systems can also reside in different physical locations than the source zCompute cloud, allowing recovery to any zCompute cloud in the event of a site-level failure.
On top of this capability, from zCompute v24.03, Protection Groups also provide VM-level crash-consistent backups. Backup snapshots are taken as an atomic operation on all volumes of a protected VM, treating the VM’s volumes as a consistency group.
zCompute B2OS is an integral feature of zCompute. It provides full backup and restore functionality without requiring third-party software or installing software agents on protected VMs.
Protection groups are backup policies that define the backup schedule for protected VMs and volumes, including the backup interval and retention period.
With the introduction of B2OS, you can optionally configure protection groups to back up protected VMs and volumes to Zadara Object Storage.
The following diagram depicts an example scenario of zCompute’s B2OS any-to-any backup and restore capability:
In this example, Site-A is a site that has several zCompute accounts. Each account has one or multiple Protection Groups. Snapshots of a Protection Group’s VM instances and volumes are taken according to schedules and stored locally.
Individual, multiple or all of an account’s Protection Groups local snapshots can also be scheduled for backup to an Object Storage.
Each Protection Group has an exclusive Object Storage bucket or container, used solely for that Protection Group’s snapshots.
An account’s backups can be restored from the Object Storage back to the original account or to other sites, maintaining full data integrity and crash-consistency.
In the example in the diagram above, Site-A’s selected accounts’ Protection Groups are restored to Site-B and Site-C. Each Protection Group’s VM instances and volumes are restored as an integral unit from a snapshot in the Protection Group’s dedicated Object Storage container.
Backup to Object Storage (B2OS) Configuration Flow¶
The zCompute Backup to Object Storage (B2OS) configuration high-level flow:
Create an External Endpoint to the Object Storage.
Create a Backup Protection Group:
Verify that Protection Group’s Backup to Object Storage is enabled.
Add VMs and volumes to a Backup Protection Group.
See Adding or Removing Protected Resources.
Snapshots of the Protected Resources of the Backup Protection Group occur according to the configured schedule.
Optionally, take an initial immediate snapshot with Backup Protection Group Trigger Now.
Remote Snapshots¶
Tenant administrators can configure External Endpoints for the purpose of saving snapshots to remote Object Storage destinations.
Tenant administrators can use Protection Groups to configure sets of protected resources comprising volumes and VM instances for scheduled backups at the same specified periodic intervals for all members of a group. They can also trigger additional immediate backups of a group.
External Endpoints¶
Viewing External Endpoints¶
Navigate to Configuration > External Endpoints.
A list of configured External Endpoints displays.
Click an External Endpoint to display its details.
The External Endpoint’s details display in the lower pane.
Creating an External Endpoint¶
Note
At the cloud level, accessing an Object Storage container via an External Endpoint requires the combination of the container name and the Object Storage user’s Access Key to be unique within the cloud.
To create more than one External Endpoint for the same Object Storage container within a cloud, you must configure the additional External Endpoint with the Access Key and Secret of a different user in the Object Storage.
A separate external B2OS endpoint must be defined for each backup protection group, forming a one-to-one mapping.
Backup protection groups are project-scoped. Each protection group belongs to a single project and protects only the VMs and volumes within that project.
Before creating an External Endpoint, consult with your MSP regarding configuration values, in particular, Network Topology and Endpoint URL.
Navigate to Configuration > External Endpoints.
A list of configured External Endpoints displays.
In the top menu bar, click + Create.
In the Create External Endpoint dialog, enter the External Endpoint’s parameters:
Name: A unique meaningful name for the External Endpoint.
Description: Optional description.
Endpoint Type: From the dropdown, select B2OS.
Currently, B2OS only supports Zadara Object Storage (NGOS).
Caution
To create a new External Endpoint for the purpose of Backup to Object Store, the target Zadara Object Store container must already exist and must be empty.
Any object in the container, including empty folders, will cause the creation of a B2OS endpoint to fail.
Provide the following details from the Zadara Object Storage’s User Information and Console screens.
Network Topology: Based on input from your MSP, select the topology:
Frontend Network
Outbound Network
Region: Copy the User Information > Authentication > Region.
Endpoint URL:
Typically, copy the User Information > Connectivity - Public Network > Public API Endpoint.
Consult and verify this with your MSP, as this endpoint value can depend on your Network Topology.
Important
The configuration requires a URL beginning with
https://.Prefix the B2OS Endpoint URL string with
https://, if it is missing in the URL copied from the Zadara Object Storage’s Public API Endpoint configuration.For example:
If Zadara Object Storage’s Public API Endpoint isabc00000123-public-zadara.zadarazios.comthen the B2OS Endpoint URL ishttps://abc00000123-public-zadara.zadarazios.comBucket: Enter the Container name as it appears in the Console screen.
Access Key: Copy the User Information > Authentication > S3 Access Key.
Secret: Copy the User Information > Authentication > S3 Secret Key.
Verify SSL: Toggle switch to enable or disable checking whether the SSL certificate is valid.
Modifying an External Endpoint¶
Navigate to Configuration > External Endpoints.
A list of configured External Endpoints displays.
Click an External Endpoint to display its details.
In the top menu bar, click Modify.
In the Modify External Endpoint dialog, the following fields can be updated:
Name: A unique meaningful name for the External Endpoint.
Description: Optional description.
Access Key: Object Storage user’s S3 Access Key
Secret: Object Storage user’s S3 Secret Key