Multi-tenancy simplifies work for MSPs because it allows them to manage multiple clients through a single instance of software and infrastructure. And even though the customers share the same database, the data for each customer is logically separated, so there’s no mechanism by which gaining access to one tenant will allow access to another. Not only does it simplify work for MSPs, it also reduces costs because customers are hosted in a shared environment, reducing the cost of the software and optimizing storage capacity utilization.
Through the software-as-a-service (SaaS) model, like Carbonite™ Server, MSPs can further save time and money. SaaS environments enable MSPs to easily integrate software with other applications through the use of application programming interfaces (APIs). Plus, since the infrastructure belongs to the vendor, MSPs are absolved of the responsibility of maintaining the environment.
While the benefits of multi-tenancy outweigh the risks, MSPs still need to consider security when configuring a multi-tenant environment. Access to the environment must be controlled so customers view only their data.
Access Control
Carbonite Server provides the control and visibility features that IT admins need to ensure data security and logical segregation of duties between customers, partners and operations teams. Behind the scenes is a secure infrastructure that protects data while it’s being transferred and stored.
Administrators are able to customize the solution for each customer’s needs. This includes:
- Discrete child site that allows for autonomous administration by individual administrators
- Discrete backend vault accounts for storage of each entity’s data
- Role-based access for administrators
- The ability to tag and group backup assets logically
- Discrete encryption per backup job
Service access, either for administration or data transfer, is strictly controlled. Each agent deployed to back up a source server requires registration with the portal. The registration process requires administration access as well as authentication via a set of portal credentials. The portal credentials are managed via the portal administrator account.
Administrator credentials are tied to the vault account, which can be configured with two-factor authentication for on-prem deployments of the portal. A portal administrator can assign discrete vault access to additional portal users and apply role-based access rules if required. The vault is a critical part of Carbonite Server. It listens to the agents and accepts the data to back up. The backup and recovery software for the vault is installed on the vault hardware to manage all backup sets.
Once the data is sent to the on-premises vault or the cloud, the backup and recovery software on the vault stores compressed and deduplicated backup data, which is protected with at-rest encryption. Coupled with our DeltaPro technology, Carbonite Server ensures end-to-end security and significantly shrinks the storage footprint. The backup and recovery software on the vault also ensures and validates the integrity of backup data. You can also schedule automatic replication to a second off-site vault at one of your locations.
Service at Scale
The revenue-generating SaaS pricing model of multi-tenant environments like Carbonite Server allows MSPs to scale their services by managing multiple customers centrally, as if they were a single customer. Using our multi-tenancy architecture, MSPs can address multiple customers through a common service, which they can adapt, transform and enrich according to the needs of their customers. The ability to manage multiple accounts centrally optimizes costs and streamlines resources, all while allowing pricing flexibility.
Vault on-prem hardware can be physical or virtual. You can repurpose existing servers and storage, choose an all-in-one backup and recovery appliance, or run a large scale multi-tenant vault environment with our backup and recovery private cloud scalable infrastructure. For customers who prefer to keep local copies of their environment, Carbonite offers an optional lineup of appliances that can be purchased outright or in a Hardware as a Service (HWaaS) model for customers in North America.
When you build out your private cloud in your data center with our backup and recovery private cloud, you can leverage the elastic scalability and modular infrastructure. This architecture means you can start small and grow the vault on demand when you need it. And the backwards compatibility and singular logical unit simplifies your data protection management to give you even more increased productivity.
Automatic tiering ensures you use the right storage for the right data. Built-in tiering automatically moves data to secondary storage, while clustered vaults significantly ease manageability and reduce the operations cost for enterprises with large amounts of data and service providers that run multi-tenant environments for their customers.
For more information about using Carbonite Server to run your multi-tenant environment, please visit our server backup page.
