This is an archive version of the document. To get the most up-to-date information, see the current version.

SP and Tenant Roles

Communication in the cloud is carried out between two parties: SP on one side and tenants on the other side.

The SP is an organization that provides cloud services to tenants:

Repository as a Service (Veeam Cloud Connect Backup)
Disaster Recovery as a Service (Veeam Cloud Connect Replication)

The tenant is a SP customer who wants to copy VM data offsite, store VM backups in the cloud repository or create VM replicas on the cloud host on the SP side.

SP Tasks

In the cloud, the SP is responsible for performing the following tasks:

Veeam Cloud Connect Backup Tasks

Configuring the Veeam Cloud Connect Backup infrastructure — environment needed to expose cloud repository resources to tenants. As part of this process, the SP takes the following steps:

Decides what backup repositories must be used as cloud repositories.
Sets up TLS certificates to enable secure communication in the Veeam Cloud Connect infrastructure.
Configures cloud gateways.
Registers tenant accounts.

Managing tenant accounts and tenant data to ensure flawless work of the Veeam Cloud Connect infrastructure.

Veeam Cloud Connect Replication Tasks

Configuring the Veeam Cloud Connect Replication infrastructure — environment needed to expose SP's virtualization resources as cloud hosts to tenants. As part of this process, the SP takes the following steps:

Sets up TLS certificates to enable secure communication in the Veeam Cloud Connect infrastructure.
Configures cloud gateways.
Allocates VLANs for cloud networking.
Allocates public IP addresses for tenant VM replicas.
Configures hardware plans to provide tenants with computing, storage and network resources to create VM replicas in the cloud and perform failover tasks with VM replicas on the cloud host.
Registers tenant accounts.

Managing tenant accounts and tenant data to ensure flawless work of the Veeam Cloud Connect infrastructure.
Runs tenant cloud failover plans to perform full site failover and manages tenant VM replicas upon tenant requests.

Tenant Tasks

Tenants, on their hand, are responsible for performing the following tasks:

Connecting to the SP to be able to use Veeam Cloud Connect resources (cloud repository and cloud host).
Configuring and running backup, backup copy and replication jobs targeted at cloud repositories and cloud hosts.
Configuring cloud failover plans to perform full site failover.
Performing restore and failover tasks with VM backups and replicas created by those jobs.
Configuring subtenant accounts to allow tenant-side users create Veeam Agent backups on the cloud repository. To learn more, see Subtenants.
Performing restore tasks with Veeam Agent backups created by subtenants on the cloud repository.

SP and Tenant Roles Note:

It is recommended that the tenant enables the encryption option for backup jobs targeted at the cloud repository. Data encryption helps tenants protect sensitive VM data from unauthorized access while this data is stored in the cloud repository.

On the SP side, the SP should ensure integrity of tenant backups. It is not recommended that the SP uses tenant backups to perform operations that go beyond the scope of regular Veeam Cloud Connect tasks. For example, importing a tenant backup in the Veeam Backup & Replication console on the SP backup server and performing recovery verification of this backup with a SureBackup job may result in failure of the tenant backup job and corruption of the configuration database on the SP backup server.

Backup as a Service (BaaS)

In addition to Repository as a Service and Disaster Recovery as a Service, the SP can use Veeam Backup & Replication to offer Backup as a Service (BaaS) to tenants. In the BaaS scenario, the tenant may not take part in deploying and managing backup infrastructure. The SP takes responsibility for configuring backup infrastructure on the tenant side and performing all data protection and disaster recovery tasks.