Organization

Hi,

The list of managed resources (VMs in your case) for a tenant is defined on per-agent basis, which means that if you register Agent for VMware (Virtual Appliance or Windows Agent) under some tenant, then all VMs from the ESXi host/vCenter managed by this agent will appear under this tenant and parent root organization only - other tenants won't see the reported VMs list.

Migration of agents between tenants can be done by deleting the agent from the Settings->Agents list in web console interface and after that you can re-register this agent under different tenant, by switching to its context and then following the standard Devices->Add procedure to register this agent (or by running the main installer where tenant selection option is also provided):

Note that due to the above described agent<->tenant relationship specific (it's agent that is registered under tenant, but not the VMs themselves) it won't be possible to register only _some_ VMs under TenantA, while some under TenantB, since all VMs reported by agent will be available under each tenant where this agent is registered.

Thank you.

Hi Vasily,

as always, thank you so much for your answer.

I have the feeling that more questions related to this organization may come so I'm not closing the thread :P

Thank you again Vasily.

Hello again.

We installed in a server, the management server role and also the agent.

After joining that management server we started creating the different units like this:

ORGANIZATION

- Site1

----------- Site1-Department

- Site2

----------- Site2-Department

- Site3

----------- Site3-Department

Is it a storage node a must on each site and also on each site's different departments in order to be able to browse the backup location on each site? Because if we install an agent in a workstation in site2 and add the backup location browsing from that agent, if this workstation goes down, the rest of the agents wont be able to reach the site2's backup location, am I wrong?

We're a bit confused about how to handle the different backup locations for each site. The management server belongs to the organization, I thought we would be able to add backup locations for different units browsing from the management server, as it has access to all backup locations of all sites, but when you jump from organization to Site1 for example, you cannot add backup locations until there's a backup agent/storage node linked to it.

What would be the best way to handle this scenario? We want to keep it as simple as possible, the best scenario would be to create the above organization, add the different backup location on each site and start installing the agents on each site. After that is done, then delegate the administration of each unit to the different site's administrator.

Thanks in advance for your help.

Best regards.

Hi,

The main logic to keep in mind is the following: when you register Acronis Storage Node in one of the child units, then its locations become accessible by all admin in this unit plus in all parent units. In your example it would be as follows: you register Acronis Storage Node under "Site1-Department" unit and create managed locations -> all these locations will become accessible by administrators of "Site1" unit and of root "Organization" unit. To browse backups in these locations you need to have any agent registered in either of these units ("Site1-Department", "Site1", or "Organization") regardless of whether this agent actually performed backup to the location or not.

In other words to cover your scenarios it looks like you need to have 1 Acronis Storage Node per each of the "bottom" child units.

P.S. in future updates we will also support scheme reverse to described above, e.g. when you have 1 Acronis Storage Node under root "Organization" and have ability to create managed locations hosted on this node for each of the child units.

Thank you.

Thank you so much Vasily.

What if I change the scenario to:

ORGANIZATION

- Site1

----------- Site1-Department-A

----------- Site1-Department-B

----------- Site1-Department-N

- Site2

----------- Site2-Department-A

----------- Site2-Department-B

----------- Site2-Department-N

- Site3

----------- Site3-Department-A

----------- Site3-Department-B

----------- Site3-Department-N

After creating this organization, we install a machine with the storage node role linked to, "Site1-Department-B".

Now, I select "Site1-Department-B" in the left menu and because now I have a storage node, I can add a backup location for "Site1-Department-B". Let's say that I add this locations under this unit:

\\Site1Filer\Site1-Department-A\Backups
\\Site1Filer\Site1-Department-B\Backups
\\Site1Filer\Site1-Department-N\Backups

If I understood you well, "Organization", "Site1", "Site1-Department-A" and "Site1-Department-N" will also be able to see all these backup locations, will they?

What we would expect is what you say is going to be added in future versions, I mean:

You add a storage node on each site and the departments under each site are able to add different backup locations using the storage node of each site. Then you can prevent that Department-A can see the backups of Department-B...

Is there a way, in the actual version (7641) to isolate backup locations for each Site's department so administrators of each department cannot touch other's department backups?

Thanks in advance for your help.

Best regards.

Hi,

>> If I understood you well, "Organization", "Site1", "Site1-Department-A" and "Site1-Department-N" will also be able to see all these backup locations, will they?

Not exactly: the "Site1-Department-A" won't see the backup locations, since they were created for "Site1-Department-B" unit (since it's not the parent of "Site1-Department-A"). "Site1" and "Organization" admins will see these locations.

>> Is there a way, in the actual version (7641) to isolate backup locations for each Site's department so administrators of each department cannot touch other's department backups?

The isolation could be achieved if you have an ASN per each "Site1-Department-A", "Site1-Department-B",..., "Site1-Department-N" child units.

An alternative would be not to use ASN (if you don't plan to use deduplication or cataloging functionality for example), but rather use dedicated network shares for each of the departments where admins from one department don't have access to shares from other departments.

Thank you.

Again Thank you Vasily.

I like what you've just said. I thought that my only option to add a backup location to a Site-Department-X was to add an ASN, and we're not going to use DD... and an ASN for each Site-Department is not an option.

After creating my organization, a couple of questions:

ORGANIZATION

- Site1

----------- Site1-Department-A

----------- Site1-Department-B

----------- Site1-Department-N

- Site2

----------- Site2-Department-A

----------- Site2-Department-B

----------- Site2-Department-N

- Site3

----------- Site3-Department-A

----------- Site3-Department-B

----------- Site3-Department-N

To add a backup destination to "Site3-Department-B" I need an agent linked to that unit so...

• Do you recommend to maybe install the agent in whatever existing server of each site's department so the shutdown risk is lower?

• The computers that will be added to each site's departments are workstations and I think is not a good idea to use one of this workstation's agent to browse backup locations because I assume that if this workstation is powered off you will not be able to browse backups from management server and maybe the backup plans that goes to this backup destination may not work, am I wrong?

We can live with the solution you propose about access control to the shares instead of the unit itself, that way admins of different departments among the same site will not be able to see other's department backups.

Thank you.

Best regards.

Hi,

>> Do you recommend to maybe install the agent in whatever existing server of each site's department so the shutdown risk is lower?

An agent is required only to register the backup location under specific unit. After location is registered you can even delete that agent - the location will remain there and will be available for selection by other agents in this (or any parent) unit. In other words location registration is not tightly bind with the agent which registered this location, e.g. it's independent.

>> The computers that will be added to each site's departments are workstations and I think is not a good idea to use one of this workstation's agent to browse backup locations because I assume that if this workstation is powered off you will not be able to browse backups from management server and maybe the backup plans that goes to this backup destination may not work, am I wrong?

If you plan to cover scenario where all agents from Site3-Department-A..N are down/unavailable and you need to recover, then it makes sense to keep one agent registered under the root "Organization" which will be capable for browsing of all the backup locations on all child units.

Thank you.

Thank you Vasily, your support is really appreciated.

We will advance in the scenario with your fantastic tips. Again, maybe more questions to come.

Thank you again.

Answered.

ORGANIZATION level licenses apply to the rest of the TENANTS.

Hi,

tested again...

At ORGANIZATION level, in DEVICES we have at the bottom of the screen:

We use the add license keys link and instead of adding the license key we use the "Sync with Acronis account" option, and after introducing login and password and confirming that we understand that the license period will start, we get:

Anyway, nothing happens... We cannot start backups because even after that sync message, the licenses do not appear and the "A license is required" message still there...

What could be happening?

If we manually add the license keys this does not happen, we can see the licenses added in the license section.

Thanks in advance.

Hi,

It's not exactly clear what happens after you add the keys manually. Is your concern about failure to sync licenses from your account while manual adding of the keys works ok? If yes, then the problem should be investigated with help from our support team since most likely it's specific to particular Acronis account used for sync.

Thank you.