Increasing Operational Efficiency With Kasten K10 V6.0

Image
We are excited to announce the release of Kasten K10 version 6.0, the latest and most advanced version of our industry-leading platform that provides enterprise-grade Kubernetes data protection and application mobility. This release helps customers scale their cloud native data protection efficiently. Kubernetes deployments are growing at an unprecedented rate. Gartner predicts that by 2027, more than 90% of global organizations will be running containerized applications in production. However, today’s market conditions are scarred with financial uncertainty and a shortage of cloud native skills. Therefore, you must ensure operational efficiencies are in place to unleash the full potential of your cloud native environments while protecting your data. Additionally, security remains an imperative as organizations focus on keeping their businesses running. With this release, we also continue to innovate in this growing ecosystem, so that you can take advantage of the best-of-breed inn...
Post a Comment

Veeam Backup for Salesforce – Integrating With Azure Active Directory for RBAC

CONGRATULATIONS! You have successfully installed Veeam Backup for Salesforce, and you are ready to provide access to your backup and / or Salesforce teams. But how do I accomplish this? Where do I start? What steps must I take to enable Role Based Access Control (RBAC)? How can I leverage my users and groups in Azure Active Directory? The good news is that Veeam Backup for Salesforce makes it incredibly easy, and only takes a few steps.

Let’s jump into it!

After the installation completes, a URL will be provided to perform the initial configuration – for example:

If you copy the URL into a supported browser, you can perform the initial configuration. One step of the initial configuration will be to create a local administrator account:

Important: the username can be anything. The username of “admin” was used in the screenshot but is not specifically required.

Once the local administrator is created and the rest of the configuration is completed, you will receive the following login prompt:

One item I would like to highlight is that no link calls out “Single Sign-on with Azure AD.” This is how you know that Azure Active Directory integration is not yet configured.

At this point, the only login credentials available will be the local administrator previously configured as part of the initial configuration. The local administrator can perform all operations in the Veeam Backup for Salesforce console. These include, but are not limited to:

  • Establish configuration settings
  • Create backup policies
  • Monitor backup jobs
  • Perform recoveries

But managing Veeam Backup for Salesforce using a single account is not practical. This would mean multiple users accessing the management server using the same account. This brings up a whole host of challenges:

  • Inability to determine which user performs which action.
  • Inability to restrict access to certain actions / functions for specific users.

The solution, Veeam Backup for Salesforce integrates with Azure Active Directory so you can include pre-existing users and/or groups. In addition, these users and groups can be assigned specific roles to define what actions they can perform. This is known as “Role Based Access Control” (RBAC).

There are four roles that you can assign to user and groups working with Veeam Backup for Salesforce:

Role name definition
Administrator Can perform all configuration actions and backup and restore operations. This role gives a user access to all companies and all Salesforce organizations added to Veeam Backup for Salesforce.
Backup Operator Can create and manage backup policies, manage the protected data and perform all restore operations. You can limit access to companies and Salesforce organizations for users when assigning this role.
Restore Operator Can only perform restore operations. You can limit access to companies and Salesforce organizations for users when assigning this role.
Viewer Can monitor backup and restore processes without performing any operations. You can limit access to companies and Salesforce organizations for users when assigning this role.
No Access Explicitly prevents specific user(s) / group(s) from managing Veeam Backup for Salesforce

Now the question is, how do you configure Veeam Backup for Salesforce to leverage Azure Activity Directory and RBAC? It is simple and here are the steps you perform:

  1. Login to the Veeam Backup for Salesforce management console with the local administrator account configured as part of the initial setup.
  2. Perform the following steps:
  • Select “Configuration” in the upper right corner
  • Select “Users and Roles”
  • Select “Single Sign-on”
  • Set the “Enable Azure AD Authentication” to “On”

3. Log in to the Azure portal and launch Azure Active Directory:

4. Create an app registration:

Select “New Registration” and you will provide the following information:

  1. The name of the app registration
  2. Select the “Supported Account Types”
  3. Configure the Redirect URI
    1. Type = Web
    2. The URL can be found in the Veeam Backup for Salesforce configuration as the “Callback URL”

5. Perform the following steps to assign Microsoft Graph API permissions to the app registration:

At this point, you will be able to search / select the following permissions

  • GroupMember.Read.All
  • User.Read
  • User.Read.All

For example:

One additional / important note, for the GroupMember.Read.All and User.Read.All permissions, you will need to “Grant admin consent” for these permissions. Simply click the “Grant admin consent for <Azure Tenant>”.

6. Once the app registration is created and the appropriate permissions are assigned, you will need to update the Azure AD authentication information in the Veeam Backup for Salesforce console:

The following fields will need to be updated:

Field Name Field value and where to find
Domain The IP address, hostname, or fully qualified domain name that you will be accessing the Veeam Backup for Salesforce console with.
Callback URL Auto-generated based on the domain information inputted
Client ID The Application (client) ID of the registered Azure AD application.
Tenant ID The Directory (tenant) ID of the registered Azure AD application. Can be found in the “Properties” pane in Azure Active Directory.
Secret Value A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password. Can be found and generated in “Certificates & Secrets” / “Client secrets” for the app registration created.

7. Once all the information is inputted, you can save and authenticate:

You are now ready to add users / user groups and assign roles!

8. Within the Veeam Backup for Salesforce management console:

  • Select “Configuration” in the upper right corner
  • Select “Users and Roles”
  • Select “Add User”
  • Select “Select user or group”
  • Select the applicable user or group
  • Select the applicable:
    • Role
    • Company
    • Organization
  • Select “Assign Role”

Now you are fully configured and ready to log in and manage Veeam Backup for Salesforce with your Azure AD credentials.

To verify that all is configured successfully, log out of the Veeam Backup for Salesforce console, and when the login prompt is once again displayed, it should now look like this:

It is as simple as that! Just follow the above steps outlined above, and you will be able to integrate and leverage Azure Active Directory in your Veeam Backup for Salesforce deployment.

Salesforce Backup
Salesforce Backup
Global Leader in Data Protection
Get free trial

The post Veeam Backup <i>for Salesforce</i> – Integrating With Azure Active Directory for RBAC appeared first on Veeam Software Official Blog.



Original post here: Veeam Backup for Salesforce – Integrating With Azure Active Directory for RBAC

Comments

Post a Comment

Popular posts from this blog

How to use a SOBR with Veeam Backup & Replication

Image
For those of us who have been in the business of backing up data for a while, we’re used to making copies of data on different types of media. I won’t date myself by mentioning reel-to-reel tapes, but the journey started with tape and then backing up data to block/file-based disk storage came along. More recently, a new kid on the block has become a popular destination for backed up data, object storage. Veeam started to use object storage as a target when we released Veeam Backup & Replication 9.5 Update 4 in January 2019 by introducing our use of AWS S3 compliant object storage via the Capacity Tier. A year later, we launched Veeam Backup & Replication v10 which featured support for object locking to provide data immutability for object storage. Immutability provides protection from ransomware attacks by locking the objects which prevents them from being modified or deleted by malicious software or humans. Today, Veeam Backup & Replication is protecting hundreds of petab...
Read more

How To Migrate a Veeam Backup & Replication Configuration Database to PostgreSQL

Image
Before Veeam Backup & Replication v11, the product used SQL Server to create and store its configuration database. It has always been possible to use SQL Server Express to store a Veeam Backup & Replication, however, this version of SQL Server had some critical limitations. In the 2022 version of SQL Server Express, the most relevant limitations were: Use of one socket or four cores Use of only 1.4GB per instance 10GB limit for databases In an environment of 500 machines or fewer, these limitations may not have an impact, but if you have a large backup environment, you had to migrate to one of the paid SQL Server versions to avoid these limitations. You can check the limits for each version of SQL Server 2022 by clicking this link . For V12 and with scalability, performance and licensing cost in mind, Veeam introduced the possibility of using PostgreSQL as a configuration database. PostgreSQL is a relational database management system that’s been used for over 35 years...
Read more

Use Snapshots to backup SMB File Shares on your NetApp ONTAP system

Image
update notice: The information in this blog post has been updated on April 1st, 2022. Since Veeam Backup & Replication version 10, it’s possible to back up NAS shares with the SMB (CIFS) and NFS protocol. One of the challenges with backing up large file shares is doing so in a consistent state. This blog post shows how to create a consistent backup of an SMB share hosted on a NetApp ONTAP based storage. NetApp storage snapshot, Microsoft VSS snapshot or Storage Integration? Veeam offers three ways to back up a NetApp ONTAP SMB share in a consistent state. With NetApp storage integration From a NetApp storage snapshot (without integration) With Microsoft remote VSS snapshot Using the storage integration is the easiest way to get the latest state with very few configuration steps. Using an alternative snapshot path allows complex scenarios like backing up from a SnapMirror/SnapVault location but it involves scripting or a schedule on NetApp to create and delete t...
Read more