04 October 2023  —  Marina Smolyanaya

How to Optimize Monitoring Automation with Acronis Cyber Cloud

Acronis
Acronis Cyber Disaster Recovery

Automate provisioning helps you minimize the cost of sale and standardize the way you provision your customers. The next step is to automate protection management and automate monitoring and prevent customers from facing issues. The Acronis Cyber Platform API provides all needed functionality to build a sophisticated monitoring system. However, you might encounter some challenges when implementing that.

This article is intended to help you to understand the Alerts, Activities, and Tasks concept as well as clarify some missing parts from the documentation.

Alerts, Activities, and Tasks Essentials

The Acronis Cyber Platform API provides the following entities to support monitoring processing:

- Tasks

- Activities

- Alerts

A task is a set of actions to be performed by the Acronis Cyber Protection at a certain time or event at a client or in the cloud.

An activity is an action performed for the achievement of some user goal.

Examples: backing up, recovery, exporting a backup, cataloging a vault.

An activity may be initiated by a user or by the software itself. Execution of a task always causes one or more activities. Activity is a consistent set of actions accomplishing some finite and well-defined goal.

An alert is a message with different types from the Acronis Cyber Protection with different levels of severity (from a warning to critical) connected to the protection routines.

Accessing information regarding all these entities provides a full picture of what happens with protected devices. So let’s look at how we can build the foundation for a simple weekly dashboard with the possibility to drill down to details.

Generally, you can paint it like this: to achieve a task, from one to many activities initiated and some activities can raise alerts. However, there are alerts that are raised not from activities but from different components of Acronis Cyber Cloud.

The straightforward way to build a monitoring and issue preventing system is to collect filtered alerts and process them intellectually. However, it might not be enough to cover your area of customer-facing issues fully, or it might be too late when alerts are raised. In that cases, you might want to add protection or application statuses to monitoring and analytics systems.

Application is a combination of a protection plan and a resource protected.

The exact monitoring and analytics system choice is out of the scope of this article. It focuses on how to receive all that information.

Tenants INT and UUID identifiers

All systems are evolving as well as Acronis Cyber Cloud. Historically tenants have unsigned int ids, and it Account Management API V2 they are UUID/GUID. However, in APIs connected to Alerts, Activities, Tasks, and Protection developers can find that unsigned int ids.

So the question is, how to connect that int ids to UUID ids.

In the future, all API will use UUID tenants ids.

This is the historically presented ids, so we use the previous version of Account Management API to convert int ids to UUID ids and vice-versa.

The simplest but not scalable way to convert ids is to call /api/1/group/{any_id} in this call, you can use any id, either int id or UUID id to receive a group/tenant JSON, which contains id field with int id and uuid field with UUID id.

{

"billing": {

....

},

"usage": {

....

},

"language": "en",

"storage": {

....

},

"pricing": {

....

},

"parent_has_access": 1,

"id": 1516165,

"uuid": "531789f2-2be9-42af-8474-18177593c77b",

"contact": {

....

},

"customer_type": 0,

"agents": {},

"brand": null,

"version": 4,

"privileges": {

....

},

"parent_id": null,

....

"name": "Stanislav Pavlov (7551274)",

"default_identity_provider_id": 1,

"grade": 2,

"creation_date": 1590019200,

"kind": 31

}

However, if you plan mass processing monitoring information, it's not a case. In that case, it's better to have an internal mapping database. But calling tenants one-by-one to fill in such a datdabse is not a good idea as well.

We have the solution, /api/1/group/{any_id}/children call, where you can move massively by your hierarchy and build your mapping table. The has_children field can be used to understand if you need to move deeper in the hierarchy.

{

"items": [

{

"id": 1952004,

"usage": {

....

},

"name": "Cyber Protection Training Lab",

"status": 1,

"parent_has_access": 1,

"mfa_status": "disabled",

"capabilities": 278,

"kind": 31,

"uuid": "e1a4cda1-a798-4878-899b-bca06c2f4f89",

....

"creation_date": 1615420800,

"storage": {

"id": null,

"name": "",

"uuid": null

},

"has_children": 1

},

{

"id": 2035746,

"usage": {

....

},

"name": "Cyber Files Partner",

"status": 0,

"parent_has_access": 1,

"mfa_status": "disabled",

"capabilities": 278,

"kind": 31,

"uuid": "567f2c26-6a0a-4c7c-ade5-5d187bf78379",

...

"creation_date": 1618963200,

"storage": {

"id": null,

"name": "",

"uuid": null

},

"has_children": 1

}

.....

]

}

Now we are ready to proceed with alerts, activities, task and protection, and application statuses.

The essential alerts, activities, and tasks operations can be found in this article https://developer.acronis.com/blog/posts/some-technical-aspects-of-the-integration-of-ateras-powerful-psa-and-rmm-suite-with-acronis-cyber-cloud/ .

How to retrieve a simple protection status report can be found in this article https://developer.acronis.com/blog/posts/protection-status-report-for-acronis-cyber-cloud-protected-workloads/.

Advanced Monitoring Tactics

Let's start with a simple scenario: you already have resources with alerts or you need to find what resources have potential or real issues.

The first API call would be GET /api/alert_manager/v1/resource_status. This call returns an array of resources with alerts and provides alerts severity.

{

"items": [

{

"id": "DE911273-A2BA-23D9-9CDF-9DC4EF1A12BC",

"severity": "critical"

},

{

"id": "B3E45141-24D1-4BA7-98C5-A85D830A7901",

"severity": "critical"

},

{

"id": "9984D523-F249-43C6-B6EE-D8B1AAF67CAB",

"severity": "warning"

},

{

"id": "0817BEF5-05AE-4F1F-9B31-1C092F11C12B",

"severity": "warning"

},

{

"id": "2030F14E-BDF5-43CB-8F76-4D8B5A0C90D8",

"severity": "warning"

},

{

"id": "A02AC34D-C224-42E8-8E62-E5C831B7C55E",

"severity": "warning"

}

]

}

You immediately have a list of resources with potential protection issues and as Resource Management API is public now you can drill into that resources to analyze what happened.

You might simplify the following research if you add embed_alert parameter to the request and set it to true.

GET /api/alert_manager/v1/resource_status?embed_alert=true

{

"items": [

{

"id": "B3E45141-24D1-4BA7-98C5-A85D830A7901",

"severity": "critical",

"alert": {

"id": "86E6E34B-B94C-5F8D-BAC9-54CF541CAD6A",

"type": "OfferingItemIsNotSufficient",

"details": {

"errorMessage": {

"kbLink": {

"serCode": "OfferingItemIsNotSufficient"

}

},

"manualAssignAvailable": "",

"noOfferingItem": "1",

"notAvailableFeatures": "",

"planId": "8d17e9b5-1ee9-4290-9888-5c6e0ed5f6bc",

"planName": "Backup Full SQL VM",

"resourceId": "B3E45141-24D1-4BA7-98C5-A85D830A7901",

"resourceName": "test-vm-sql-1"

},

"createdAt": "2021-04-15T14:24:21.161707763Z",

"severity": "critical",

"receivedAt": "2021-03-23T12:32:48.004689272Z",

"updatedAt": "2021-04-15T14:24:21.161707763Z",

"tenant": {

"id": "1952010",

"locator": "/1/1276746/1516165/1952004/1952007/1952010/"

}

}

},

{

"id": "DE911273-A2BA-23D9-9CDF-9DC4EF1A12BC",

"severity": "critical",

"alert": {

"id": "B7365D02-9C5D-58E0-885E-924E48678718",

"type": "OfferingItemIsNotSufficient",

"details": {

"errorMessage": {

"kbLink": {

"serCode": "OfferingItemIsNotSufficient"

}

},

"manualAssignAvailable": "",

"noOfferingItem": "1",

"notAvailableFeatures": "",

"planId": "1f62e544-2538-47ed-b9ce-7b8e25b7d6d7",

"planName": "Backup SQL Server",

"resourceId": "DE911273-A2BA-23D9-9CDF-9DC4EF1A12BC",

"resourceName": "mssql://mssqlserver@47d1ff0b-d6b8-463e-8a8d-71abab8e6747"

},

"createdAt": "2021-03-23T12:33:17.266663624Z",

"severity": "critical",

"receivedAt": "2021-03-23T12:33:17.266663182Z",

"updatedAt": "2021-03-23T12:33:17.266663624Z",

"tenant": {

"id": "1952010",

"locator": "/1/1276746/1516165/1952004/1952007/1952010/"

}

}

},

...

]

}

This JSON immediately in addition to a resource id, provides you tenant id, and plan id so you can filter the following request better or even make an action decision based on an alert type.

This code flow expected that you authorized or exchange an authorize token for a customer scope. In most cases, you need to analize issues customer by customer.

To showcase flow, let's imagine that you analyze those statuses one by one. Protections statuses, policy statuses, and application statutes can be checked. As an application is a combination of a policy and a resource you can just check the application. However, some statuses can be simply retrieved from a resource protection status or a policy status filtered by a resource id.

For example, the last successful and the next backup date-time is much simple to retrieve from resources protection statuses requests /api/resource_management/v4/resource_statuses.

{

"items": [

...

{

"context": {

"id": "0817bef5-05ae-4f1f-9b31-1c092f11c12b",

"created_at": "2021-03-22T12:22:54.118958999Z",

"updated_at": "2021-04-19T09:07:33.791552178Z",

"tenant_id": "1952010",

"external_id": "0817bef5-05ae-4f1f-9b31-1c092f11c12b@1952010",

"type": "resource.machine",

"agent_id": "b757f01e-0b14-4788-b9a0-2671469517d7",

"name": "test-vm-5",

"user_defined_name": "test-vm-5"

},

"aggregate": {

"status": "critical",

"names": "Demo Plan;New licensing protection plan;Protection Automation Training Test Plan"

},

"policies": [

{

"type": "policy.backup.machine",

"next_run": "2021-03-31T15:58:12Z",

"last_run": "2021-03-26T16:00:56Z",

"last_success_run": "2021-03-22T15:59:27Z"

},

{

"type": "policy.security.antimalware_protection",

"next_run": "2021-03-31T14:00:00Z",

"last_run": "2021-03-30T18:00:02.1399766Z",

"last_success_run": "2021-03-25T14:00:11.4683707Z"

},

{

"type": "policy.security.patch_management",

"next_run": "2021-04-05T16:03:49Z"

},

{

"type": "policy.security.vulnerability_assessment",

"next_run": "2021-03-31T11:35:38Z",

"last_run": "2021-03-25T11:01:11.8704957Z",

"last_success_run": "2021-03-25T11:01:11.8704957Z"

}

]

},

{

"context": {

"id": "9984d523-f249-43c6-b6ee-d8b1aaf67cab",

"created_at": "2021-03-22T12:12:06.602646561Z",

"updated_at": "2021-04-13T15:05:21.0523836Z",

"tenant_id": "1952010",

"external_id": "9984d523-f249-43c6-b6ee-d8b1aaf67cab@1952010",

"type": "resource.machine",

"agent_id": "404f006d-af09-43f8-921b-8f393090e613",

"name": "test-vm-4",

"user_defined_name": "test-vm-4"

},

"aggregate": {

"status": "warning",

"names": "New licensing protection plan;Files Backup"

},

"policies": [

{

"type": "policy.backup.machine",

"next_run": "2021-03-26T16:05:16Z",

"last_run": "2021-03-26T15:59:26Z",

"last_success_run": "2021-03-26T15:59:26Z"

},

{

"type": "policy.security.antimalware_protection",

"next_run": "2021-03-31T14:00:00Z",

"last_run": "2021-03-30T18:00:04.8848043Z",

"last_success_run": "2021-03-25T14:00:11.4358869Z"

},

{

"type": "policy.security.patch_management",

"next_run": "2021-04-05T16:46:43Z"

},

{

"type": "policy.security.vulnerability_assessment",

"next_run": "2021-03-31T11:55:40Z",

"last_run": "2021-03-25T11:11:37.6226871Z",

"last_success_run": "2021-03-25T11:11:37.6226871Z"

}

]

},

....

{

"context": {

"id": "b3e45141-24d1-4ba7-98c5-a85d830a7901",

"created_at": "2021-03-23T12:17:06.838035749Z",

"updated_at": "2021-04-15T14:24:23.506054172Z",

"tenant_id": "1952010",

"external_id": "b3e45141-24d1-4ba7-98c5-a85d830a7901@1952010",

"type": "resource.machine",

"agent_id": "47d1ff0b-d6b8-463e-8a8d-71abab8e6747",

"name": "test-vm-sql-1",

"user_defined_name": "test-vm-sql-1"

},

"aggregate": {

"status": "critical",

"names": "Backup Full SQL VM"

},

"policies": [

{

"type": "policy.security.antimalware_protection",

"next_run": "2021-03-27T14:30:00Z",

"last_run": "2021-03-26T15:33:13.6193412Z",

"last_success_run": "2021-03-25T14:30:12.0238497Z"

},

{

"type": "policy.security.patch_management",

"next_run": "2021-03-29T14:58:00Z"

},

{

"type": "policy.security.vulnerability_assessment",

"next_run": "2021-03-27T09:16:56Z",

"last_run": "2021-03-25T10:11:08.1191039Z",

"last_success_run": "2021-03-25T10:11:08.1191039Z"

},

{

"type": "policy.backup.machine",

"next_run": "2021-03-29T16:08:41Z",

"last_run": "2021-03-26T16:27:34Z",

"last_success_run": "2021-03-26T16:27:34Z"

}

]

}

],

"paging": {

"cursors": {

"total": 7

}

},

"groupCreationForbidden": false,

"_links": [

{

"rel": "self",

"href": "/api/resource_management/v4/resource_statuses"

}

]

}

You can notice that tenant_id filed in the JSON above is int.

For that article purposes, we use application filtered by resource_id and with added statuses information /api/policy_management/v4/applications?include_deployment_errors=true& include_running_blockers=true& include_status_events=true& include_aggregate=true& context_id={{resource_id}}.

{

"items": [

[

{

"id": "15525901-fc1e-4547-a2c7-7211c8a520e9",

"created_at": "2021-03-26T15:48:16.268791787Z",

"updated_at": "2021-04-15T14:24:23.488685515Z",

"deleted_at": null,

"enabled": true,

"deployment": {

"state": "deployed"

},

"running": {

"state": "idle"

},

"status_events": [

{

"created_at": "2021-04-15T14:24:21.161707763Z",

"updated_at": "2021-04-15T14:24:21.161707763Z",

"deleted_at": null,

"policy_id": "8d17e9b5-1ee9-4290-9888-5c6e0ed5f6bc",

"context_id": "b3e45141-24d1-4ba7-98c5-a85d830a7901",

"type": "OfferingItemIsNotSufficient",

"tags": null,

"priority": "high",

"severity": "critical",

"value": {

"domain": "",

"code": "",

"reason": "",

"debug": {

"msg": "{\"kbLink\":{\"serCode\":\"OfferingItemIsNotSufficient\"}}"

}

}

}

],

"most_severe_status_event": {

"created_at": "2021-04-15T14:24:21.161707763Z",

"updated_at": "2021-04-15T14:24:21.161707763Z",

"deleted_at": null,

"policy_id": "8d17e9b5-1ee9-4290-9888-5c6e0ed5f6bc",

"context_id": "b3e45141-24d1-4ba7-98c5-a85d830a7901",

"type": "OfferingItemIsNotSufficient",

"tags": null,

"priority": "high",

"severity": "critical",

"value": {

"domain": "",

"code": "",

"reason": "",

"debug": {

"msg": "{\"kbLink\":{\"serCode\":\"OfferingItemIsNotSufficient\"}}"

}

}

},

"status": "critical",

"agent_id": "47d1ff0b-d6b8-463e-8a8d-71abab8e6747",

"aggregate": {

"enabled": true,

"deployment": {

"state": "deployed"

},

"running": {

"state": ""

},

"status_events": [

{

"created_at": "2021-04-15T14:24:21.161707763Z",

"updated_at": "2021-04-15T14:24:21.161707763Z",

"deleted_at": null,

"policy_id": "8d17e9b5-1ee9-4290-9888-5c6e0ed5f6bc",

"context_id": "b3e45141-24d1-4ba7-98c5-a85d830a7901",

"type": "OfferingItemIsNotSufficient",

"tags": null,

"priority": "high",

"severity": "critical",

"value": {

"domain": "",

"code": "",

"reason": "",

"debug": {

"msg": "{\"kbLink\":{\"serCode\":\"OfferingItemIsNotSufficient\"}}"

}

}

},

{

"created_at": "2021-03-29T16:15:38.73060174Z",

"updated_at": "2021-03-29T16:15:38.73060174Z",

"deleted_at": null,

"policy_id": "179de86c-89fc-4f7f-ad4b-b3c0fc329b65",

"context_id": "b3e45141-24d1-4ba7-98c5-a85d830a7901",

"type": "BackupStatusUnknown",

"tags": null,

"priority": "high",

"severity": "warning",

"value": {

"domain": "",

"code": "",

"reason": "",

"debug": {

"msg": "{\"kbLink\":{\"serCode\":\"BackupStatusUnknown\"}}"

}

}

}

],

"most_severe_status_event": {

"created_at": "2021-04-15T14:24:21.161707763Z",

"updated_at": "2021-04-15T14:24:21.161707763Z",

"deleted_at": null,

"policy_id": "8d17e9b5-1ee9-4290-9888-5c6e0ed5f6bc",

"context_id": "b3e45141-24d1-4ba7-98c5-a85d830a7901",

"type": "OfferingItemIsNotSufficient",

"tags": null,

"priority": "high",

"severity": "critical",

"value": {

"domain": "",

"code": "",

"reason": "",

"debug": {

"msg": "{\"kbLink\":{\"serCode\":\"OfferingItemIsNotSufficient\"}}"

}

}

},

"status": "critical"

},

"context": {

"id": "b3e45141-24d1-4ba7-98c5-a85d830a7901",

"type": "resource.machine"

},

"policy": {

"id": "8d17e9b5-1ee9-4290-9888-5c6e0ed5f6bc",

"type": "policy.protection.total",

"name": "Backup Full SQL VM"

},

"tenant_id": "1952007",

"context_tenant_id": "1952010",

"origin_contexts": [

"b3e45141-24d1-4ba7-98c5-a85d830a7901"

]

}.

....

]

],

"paging": {

"cursors": {

"total": 1

}

},

"_links": [

{

"rel": "self",

"href": "/api/policy_management/v4/applications"

}

]

}

And we can immediately have got, that for this resource we have licensing issues which prevent that from being backed up. However, it's not a customer-facing issue yet as we can fix the licensing and backup that database before the real issue occurs.

For the demonstrated cases we can even have a shortcut just analizing alert. The flow above demonstrates the comon approach if you desided to drill down afer you know your alert.

Another way to organize the alerts processing is to define what types of alerts you need to monitor and move them through a similar procedure as above.

For that scenario you need to define "dangerous" types of alerts and then regularly pull them from Acronis Cyber Cloud, looking into details and decide what action should be applied.

The full list of supported alerts types can be retrieved through /api/alert_manager/v1/types call or you can add alerts types to dangerous after you had some issues in the past.

For example, if you decided that BackupDidNotStart alert is quite important, you can pull alerts of that type periodically /api/alert_manager/v1/alerts?type=BackupDidNotStart and process them to understand the root cause and then react. automatically or by creating a ticket for personnel.

Summary

Now you know how to implement advanced monitoring capabilities with Acronis Cyber Platform API. That approach helps to prevent customer-facing issues and automate daily personnel tasks.

All API calls from that article available in the Acronis public Postman collection. You can look into the full collection of calls and try them out in Acronis Sandbox which is available after registering on Acronis Developer Portal.

Check collections at the Postman API Network:

  • Account Management API
  • Task Manager, Activities and Alerts API
  • Plan and Resource Management API
  • Cyber Files API
  • Cyber Notary API
  • Agents Management API

Get started today, register on Acronis Developer Portal and see the code samples available, you can also review solutions available in the Acronis Cyber Cloud Solutions Portal.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.