For general info, refer to the User Guide - Solution Architecture.
Backup Entra ID Tenants
When backing up only the Tenants (no logs), the only components required are:
- VBR Server + Microsoft Entra ID Plug-in
- PostgreSQL Instance (to store backup data)
- General-purpose backup proxy
- Cache Repository
Given the small amount of (meta)data backed up, these can be deployed onto the same server.
Backup Entra ID Tenants + Logs
When also backing up the Tenant Logs (Audit + Sign-on) you must add the following components:
- Primary Log Backup Repository
- Secondary Log Backup Repository (optional)
This diagram does not show ports between the Backup Server and the Backup Repositories as they depend a lot on the type chosen (e.g. Linux Repository or Object Storage).
Add to existing VBR or dedicated
It’s recommended to deploy a dedicated machine to host the role for this use case. This to spread the risk or software updates, provide better service uptime and separate user access for security measures.
This use cases is pretty low in system requirements, therefore it’s easier to dedicate resources to it.
Multitenancy
By default, multiple Microsoft Entra ID environments can be backed up from different customers/organizations onto the same Backup Server making it multitenant. However, there is no self-service portal that can be published to the customers.
Storage consumption and billing
Every Tenant backs up to its own dedicated PostgreSQL database. To bill the consumption, simply look at the database files consumption.
Tenant Logs are backed up to regular Backup Repositories. To ease billing, we recommend to create dedicated S3-buckets for each Tenant. This way, you can simply read out the storage consumption on the bucket.