Solution Architecture
The Veeam Backup for Microsoft Entra ID architecture comprises the following set of components:
- Backup server
- Microsoft Entra ID Plug-in for Veeam Backup & Replication
- General-purpose backup proxy
- Microsoft Entra ID backup repository
- Log backup repositories
- Cache repository
A backup server is a Windows-based physical or virtual machine on which Veeam Backup & Replication is installed. The backup server is the configuration, administration and management core of the backup infrastructure. It coordinates backup and restore operations, controls job scheduling and manages resource allocation.
The backup server comprises the following components:
- Microsoft Entra ID Plug-in for Veeam Backup & Replication — an architecture component that extends the Veeam Backup & Replication functionality and allows you to add Microsoft Entra ID tenants to the backup infrastructure.
- General-purpose backup proxy — an architecture component that allows communication between Microsoft Entra ID and Microsoft Entra ID Plug-in for Veeam Backup & Replication, processes jobs, and transfers data to and from backup repositories. The role of the backup proxy is assigned to the machine where the backup server is installed. For more information on the backup proxy, see the Veeam Backup & Replication User Guide, section General-Purpose Backup Proxies.
For more information on the backup server, see the Veeam Backup & Replication User Guide, section Backup Server.
Microsoft Entra ID Backup Repository
A Microsoft Entra ID backup repository is a PostgreSQL instance where Veeam Backup for Microsoft Entra ID stores backups of protected Microsoft Entra ID tenants. By default, Veeam Backup for Microsoft Entra ID uses the local PostgreSQL instance installed on the backup server. To ensure data safety, you can instruct Veeam Backup for Microsoft Entra ID to use a remote instance. For more information on the Microsoft Entra ID backup repository configuration, see Configuring Repositories.
A log backup repository is a storage location where Veeam Backup for Microsoft Entra ID stores backups of audit and sign-in logs of protected Microsoft Entra ID tenants.
To increase log availability and ensure that data can be recovered in case a disaster strikes, you can store backed-up data of audit and sign-in logs in different locations — primary and secondary log backup repositories with their own retention policies and encryption settings.
A cache repository is a storage location where Veeam Backup for Microsoft Entra ID keeps temporary metadata to reduce the load on the backup server when performing backup operations. The cache repository keeps track of all log records that change between backup sessions.
Tip |
To minimize network load during backup operations, it is recommended that you configure the cache repository to be located closer to the backup server in the computer network. |
