In a multi-tenant deployment, we use the design from the blueprint to host multiple clients on. Clients who land on this environment, generally purchase a Fully Managed Service from the Service Provider. Main reasons for this deployment type are:
- Share resources efficiently (CPU/RAM/STORAGE) amongst multiple clients.
- Single management pane.
- Single Self-service Restore Portal. (optional)
- Single RESTful API endpoint for 3rd party applications to talk to.
- Easy to scale by adding more Backup Proxy servers, Proxy Pools and Object Storage Repositories.
- Ability to create dedicated Backup Proxy servers, Proxy Pools and Object Storage Repositories for large clients.
- Allow for centralized licensing and usage reporting into VCSP Pulse via VSPC.
Only one VB365 management server and one API/Portal server exist in this architecture. When maintenance is scheduled for updating, upgrading or else, the service will become completely unavailable for all clients on the platform. Consider deploying dedicated pods for clients to increase the overall service availability at an increased cost of IT infrastructure.
Shared Responsibility Model
Responsibility of a Service Provider:
- The entire service platform (servers, networking, storage, application, licenses, updates, maintenance etc.)
- E.g. Use Veeam ONE for in-depth monitoring and reporting
- Activating M365 BaaS via VSPC:
- All tasks related to Backup & Restore such as:
- Configuring the Backup and Backup Copy Jobs based on a standardized (preferred) or custom offering (e.g. retention policy, backup frequency etc.)
- Servicing restores on behalf of the customer using the Veeam Explorers.
Responsibility of a Client:
- Onboarding the organization via VSPC.
- Requests restores via the service desk of the service provider.
- Initiates restores via the Self-service Restore Portal. Restore capabilities can be delegated to dedicated restore operators or even end-users. The self-service portal should be configured on a per-client basis. To allow self-service, additional configuration is required in the client’s M365 tenant.
- Create and configure Backup and Backup Copy Jobs via VSPC.
This diagram has been simplified to focus on VB365 components and the specific scenario. For ports usage, check the blueprint.
Recommendations
General component sizing is covered in the VB365 components section and applies to any scenario. The following recommendations are specific to the multi-tenant deployment scenario.
Proxy Pools and Proxy Servers
- Use dedicated proxies/pools for large organizations or split large organizations across different proxies/pools to allow room for growth.
The recommendation is a maximum of 5000 users (20.000 objects) per proxy. If an organization contains this amount or more, it is better to split it into 2 or more proxies.
This way, one proxy will not get overloaded, but the load is spread across. - Use dedicated proxies/pools to reserve resources for organizations where you need to guarantee RPOs.
Backup Repositories
- Use dedicated backup repositories per client and per application type.
- Each backup repository can have a different retention policy with or without immutability.
- Allow for customer segregation.
- Simplifies exit strategy (can simply remove repositories).
Please check out other important Backup Repository considerations.