Automating VM Protection in Rubrik with vSphere Tags
An oft ignored but useful organization tool, tags are labels that can be applied in your VMware inventory to organize and sort objects. Tags allow you to attach metadata to objects, making it easier to sort and search through your inventory. But wait…there’s more. Tags can also be used in conjunction with other programs like vRealize Automation to help manage an objects lifecycle.
Seen in the picture below is an assigned tag on a VM.
To get the most out of vSphere tags, it’s important to also understand the concept of categories. Categories can be used to group your tags together. Think of it like a large filing cabinet: each drawer is a category, and inside of a drawer, there are folders with objects. These folders have a tag or label on the top. As an example, you may create the category of Operating Systems that contains tags like Windows 10 or Windows 7 and so on. Here is a very simple diagram of the hierarchy:
This is one of the ways tags and categories can be used to help organize your environment. Here’s how you add a category for tags in vSphere:
So what could we use categories and tags for? Use cases include the following:
- Application or Business groupings: Organized by company department or other applications used (i.e. HR or IT)
- Data or VM Locality: Organized into different categories of job type or geographic location (i.e. DB or Web)
- Resource Groupings: Organized by the resources needed or consumed (i.e. Gold Storage)
- Data Protection: Organized by type or frequency of protection (i.e. 4HR RTO)
Often the use cases revolve around automation. Users can tag and categorize their VMs and then use those tags to apply lifecycle automation or perform simple tasks across a group of VMs at once. This greatly simplifies common everyday tasks, such as chargeback reports or management policies, to make them faster and repeatable. This can be accomplished using many different automation tools, and with VMware’s REST API, you can most likely use whatever your company is already using to extend functionality.
How are vSphere tags used by customers? One example is a large Service Provider with a number of requirements to be fulfilled. Some of those include assigning virtual machines to customers as well as identify what team was responsible for them. In addition, as an MSP, they had a need to identify licensing for products and keep track of storage tiers in their customers’ environment. After weighing their possible options, they decided to implement tags so they could meet all of these goals without needless headaches and additional expenses.
These are just a few of the responses I received when I asked the twitter VMware and vExpert community what they used tags for in their own environments:
Tags and categories help organize and automate environments that span multiple vCenter Server instances. With hybrid computing becoming more the norm, your vCenter servers might be located on-prem and in the cloud. VMware has further extended the functionality of tags by ensuring they work with VMware Cloud on AWS, their hybrid cloud offering.
There are a number of tagging best practices that have been suggested.
- Decide a schema plan (define primary tags and categories) before beginning the project to keep your schema cleaner and more organized.
- Document everything! – all the uses and meaning of your tags. Documentation helps not only you but also anyone working on your project later.
- Keep your tags as succinct as possible. If you want to write an essay about your VM, utilizing the notes panel might be a better choice.
- Involve all the stakeholders in your process. Getting buy-in will help ensure your projects are used more.
- Be aware that there may be replication delays that can cause errors if not taken into account when planning. Try to avoid creating tags from different management nodes before the replication process completes.
Similarly, Storage Policy Based Management (SPBM) is used by vSAN and vVols to group together storage providers based on criteria, such as availability and performance. Tags can be combined with SPBM to create a level of granularity to easily categorize storage based on performance tiers, disk configurations, disk types, or anything else you want. Back in 2016, we updated the Rubrik SDK for PowerShell to incorporate support for vSphere tags. I personally encourage the use of tags and SPBM where possible, so I wrote a PowerShell script that looks for specific storage policies setup (with the use of tags) and then applies Rubrik SLA policies to the VMs tagged. You can find this script and more on the Rubrik GitHub organization. Rubrik Build happily accepts contributions to improve our existing tooling as well as ideas for new projects.
Many of our customers use Rubrik to protect their VMware environments with our policy-driven solution. For automation and time saving purposes, many customers asked for Rubrik to incorporate vSphere tags natively into our software. I am extremely happy to say, as of version 5.1 of Rubrik’s software, we officially support vSphere tags. The developers and planners put a lot of thought into how best to implement them so that it wouldn’t be just a patch but a fully-detailed feature. Tags can be accessed through Rubrik’s UI on the vSphere VMs page, as seen in the screenshot below.
Tags are treated like a grouping mechanism, the same as Folders or Clusters/Hosts, and can be used for inherited protection. With inherited protection, all current and future VMs using that tag will automatically be protected. If you need to change VM protection en masse, using tags is a simple way to accomplish this. Tags are also a much more versatile and dynamic way to group objects in your automation scripts since you can create tags for any purpose.
Rubrik also backups and restores tags with the VM. Your VM will stay protected if it needs to be restored, but this ability also preserves the relationships the VM previously had inside of vSphere. We also have the option to NOT restore tags with the VM. This is useful for restoring or creating the VM with test or development uses in mind. You also might remove tags if it ties the VM to a particular storage policy or SLA Domain.
We are excited to help companies extend their automation and grouping mechanisms by including tags natively in Rubrik. We look forward to see how companies will use these and incorporate them into Rubrik Build projects in the future!
Want to learn more? Register for our webinar on the latest features and enhancements, including vSphere tagging. Or, watch the video below!