VB365 RESTful API / Restore Portal
The RESTful API service and the Restore Portal are tightly coupled as they are within one and the same service. Therefore you cannot separate them onto different machines.
Deploy the RESTful API service onto a dedicated machine instead of on the VB365 Server:
- to offload all the API requests.
- decrease the load on the VB365 Server.
-
increase the performance of the service.
This way, other solutions (e.g. billing and reporting) can be pointed to talk directly and only to the API server, increasing security as unused ports can be closed on either server.
Sizing
| VB365 API/Portal | ||
|---|---|---|
| OS | Windows Server 2019 | |
| CPU | 8 Cores | Minimum. Additional CPU improves backup, restore and search performance. |
| RAM | 16 GB | Minimum. Additional RAM improves backup, restore and search performance. |
| Disk | 50 GB | OS + 500 MB for production installation + additional free space for the configuration database and logs. |
Setup on Service provider side
To set up the Restore Portal we need to create an Azure AD application with the correct permission.
There are two ways of creating this application:
- Automatic, by adding your own service provider M365 tenant to the backup server via the wizard. This will create the Azure AD application and set up the required permissions.
- Manual, by going into Azure AD and manually perform the setup. Please check out this Veeam blog post on how to manually perform the setup.
-
External scripts, by using a collection of scripts to automate the setup and configuration of the Restore Portal. Examples of such scripts are available on our VeeamHub.
Please always carefully inspect each of the scripts and carefully test in a non-production environment.
Take note of the Application ID created for the Restore Portal in the Service Provider’s Azure AD as it is needed to set up each tenant’s organisation. There are two ways of retrieving the Application ID:
-
via Azure AD -> Enterprise applications
-
via VB365 Server -> Options -> Restore Portal
Setup on Tenant side
Once the Restore Portal is set up, tenants can be given access to perform restore operations. However, before any tenant can do this, each tenant is required to add the Restore Portal Enterprise Application to their Azure AD.
-
Run the New-AzureADServicePrincipal PowerShell cmdlet to make the Restore Portal’s Application ID show up in the list of Integrated Applications in the Admin Portal of your tenant’s organisation. Use the tenant admin credentials.
Install-Module AzureAD
$Credential = Get-Credential
Connect-AzureAD -Credential $Credential
New-AzureADServicePrincipal -AppId “00000000-0000-0000-0000-000000000000” -
Go to the Azure portal and sign in to the tenant organisation.
-
Go to Azure Active Directory -> Enterprise applications -> Overview
-
Enter the Application ID from step 1 into the search your tenant field.
Once it shows up, click on it.
-
Go to the Permissions tab. Click on the blue bar Grant admin consent for ….
At this moment, tenant users can log on to the Restore Portal and browse their backup data for restore.
Restore Operator role
In some cases, the tenant can prefer to delegate restore operations on behalf of users or groups to Restore Operators, such as:
- IT administrator at the client
- Service Desk at the service provider
It is important to know that the restore operator can never access any of the data. They can only perform restore to the original location and for the scope they have access to.
To enable the Restore Operator role:
-
Tick the required checkbox on the Authentication tab in the general Options.
-
Add the restore operator(s) and configure the scope.