Apply and Organize vSphere Tags
Updated: Aug 23, 2021
It feels like everywhere you look vSphere tags are there. VMware talks about how great tags are. Third party vendors talk about how great it is that they integrate with tags. And then you start talking public cloud and tagging now seems mandatory. Despite all the buzz about tags, I personally don't see them applied much in enterprise sized organizations though. Why is this? Typically the company isn't against using tags, but applying and organizing tags at a large scale can be intimidating. Individually applying tags to thousands of VMs is a task not even an intern should ever have to do. Leveraging PowerCLI can be a great way but not everyone knows PowerCLI well enough to whip up tags that make sense for their organization. And that's just the execution piece which is the easy part. Getting different teams to agree on how to organize tags is the real uphill battle. Before jumping into that though let's first make sure we all know what tags are.
What are Tags?
Tags were introduced in vSphere v5.1 because VMware observed customers attaching custom attributes to VMs to make them more findable. Tags are a label you assign to a VMware object (host, VM, cluster, datastore, etc) to help organize your environment more effectively. For example, you could have a category for applications, and within that category could be tags assigned to VMs for Oracle, SQL, Exchange, etc. Another example is a category for operating systems, and within that category could be tags assigned to VMs for Window 2012, Windows 2016, Ubuntu v18, RHEL v 7, etc. Essentially, tagging assigns metadata to vSphere objects to make them more searchable and discoverable.
How do we organize Tags though?
Objects can have multiple tags associated with them. This way multiple different teams can create categories and assign tags to their resources. A great example of this is for the Data Protection team. They can have their own category and then create and apply tags to VMs based on their SLAs for business continuity and disaster recovery. This is a classic case of something that is easier said then done though. In an enterprise sized environment with thousands of VMs how is the data protection team supposed to assign tags to every VM? How do they determine what tags to assign? These are great questions that I am asked and witness businesses go through frequently.
So...how can Veeam help?
Veeam's monitoring and reporting tool, VeeamONE, offers a capability to organize your virtual infrastructure by pushing out tags to vSphere based on custom parameters you define. In the below example, I have created a category called, "Data Protection," and then created tags within that category for windows, Linux, SQL, Oracle and large VMs.
VeeamONE goes out and looks for VMs with the parameters defined and assigns a tag based on the rule. There are over 30 properties you can choose from when creating rules for your tags.
Once the rules have been set, we can see in vSphere that VeeamONE effectively created a category with the underlying tags.
Furthermore, we can confirm VeeamONE assigned those tags to VMs. Let's drill down into the "Gold - SQL" to verify that all my SQL VMs have been tagged. Based on the conditions set in VeeamONE, any VM containing the name SQL AND is not a replica should be tagged, "Gold - SQL."
LinchTip: run the object properties collection task in VeeamONE Reporter, so you don't have to wait for the tags to be exported to vSphere.
Why do Tags matter though for the Data Protection team?
For larger organizations with thousands of VMs, backup job creation and organization requires a little planning. With a soft limit of 300 VMs per job for Veeam, organizing jobs by cluster or datastore might not be ideal. There is no technical reason you can't have a thousand VMs in a job, but we see that maintenance and management can become difficult if you decide to reorganize your infrastructure at that size. This is why tags can be so powerful, and using VeeamONE to organize and push those tags to vSphere makes it much easier to actually leverage tags.
LinchTip: I never recommend organizing jobs by datastore if you're leveraging vSphere DRS (distributed resource scheduler) which will vMotion VMs to another host based on resource consumption. Whereas if your jobs are organized by tags or clusters, we will still protect them with no manual intervention.
Tags in principle sound great! Actually putting it into practice and implementing them at a large scale is a challenge though. The majority of the larger customers I work with want to use tags, but figuring out how to organize their environment and push those tags out is where things get stalled. VeeamONE is a great tool for the data protection team to leverage to push out tags under their own category without relying on any other teams.