This article outlines the key concepts and terms used in Enterprise Workloads.
Administrators for Enterprise Workloads
The accounts for managing Enterprise Workloads resources.
Cloud administrators
Perform activities like configuring, managing, and monitoring Enterprise Workloads.
Custom cloud administrators, derived from the base cloud administrator role, can be assigned selective access rights based on business requirements.
Organization administrators
Manage assigned organizations.
Organization administrators create and manage group administrators for assigned organizations.
Custom organization administrators, derived from the base organization administrator role, can have selective access rights based on organization-specific requirements
Group administrators
Manage administrative groups and their servers resources.
Custom group administrators, derived from the base group administrator role, can have selective access rights based on the specific requirements of the administrative group.
Cloud administrators (View-only)
Read-only access to all organizational configurations.
No administrative actions allowed on Enterprise Workloads entities.
Can modify own profile settings (e.g., name, time zone).
Can view, download, and send reports and audit trails for the assigned organization(s).
Organization administrators (View-only)
Read-only access to all configurations within organization(s).
No administration actions allowed on Enterprise Workloads entities.
Can modify own profile settings (e.g., name, time zone).
Can view, download, and send reports and audit trails for the assigned organization(s).
Group administrators (View-only)
Read-only access to the associated administrative groups.
Cannot manage any administrative group.
Can view, download, and send reports and audit trails for the assigned groups.
Data Protection Officer
Configures audit trails and reports, enables and disables backups, and triggers backups.
Restores data to original or alternate location.
Deletes recovery points.
For more information on administrators and roles, see Manage administrator accounts and Manage administrator roles.
Administrative groups
Categorize servers, virtual machines, and NAS shares with common traits and organize these resources for better management. For example, servers located in one region can belong to one administrative group. Similarly, servers having the same operating system can belong to one administrative group.
Mandatory: Create an administrative group and attach servers for backup configuration.
Optional: Assign a group administrator to the administrative group for server management.
Activation token
Used to activate multiple Enterprise Workloads agents and backup proxies.
Generated during server, virtual machine, or NAS Proxy registration.
Performs one-time authentication for agents and proxies.
Establishes persistent connection with the Cloud.
It's recommended to use a single token for servers, virtual machines, NAS shares with common traits.
Removing tokens doesn't affect ongoing backups.
Availability group
An MS SQL server database mirroring technique that supports replicated environments for availability databases.
Allows one set of primary databases and up to eight sets of secondary databases.
Enables backup of databases from the secondary node.
For more information about the MS SQL availability group, see Overview of Always On Availability Groups.
Azure Account
The email address used to create an Azure subscription serves as the Azure account for that subscription.
The party linked to the email account is responsible for the monthly costs of the subscription's resources.
When creating an Azure account, you must provide contact information and billing details, including a credit card. It's possible to use a single Azure account for multiple subscriptions. However, each subscription is linked to only one Azure account.
Azure Key Vault
Provides secure storage of generic secrets, such as passwords and database connection strings.
Encrypts secrets at rest with a hierarchy of encryption keys, with all keys in that hierarchy are protected by modules that are FIPS 140-2 compliant. This service encrypts your secrets when you add them, and decrypts them automatically when you read them.
Azure Resource Manager
The deployment and management service for Azure.
Provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.
Azure Resource
Entity managed by Azure. Examples include Azure Virtual Machines, virtual networks, and storage accounts.
Azure Resource Group
Logical containers that you use to group related resources in a subscription. Each resource can exist in only one resource group.
Allow for more granular grouping within a subscription.
Commonly used to represent a collection of assets that are required to support a workload, application, or specific function within a subscription.
Azure Resource Manager template
A JSON file that defines one or more Azure resources
Defines dependencies between the deployed resources. The template can be used to deploy the resources consistently and repeatedly.
Azure Region
A set of Azure datacenters that deploy inside a latency-defined perimeter.
The datacenters connect through a dedicated, regional, low-latency network. Most Azure resources run in a specific Azure region.
Azure Subscription
Logical container for your resources. Each Azure resource is associated with only one subscription. Creating a subscription is the first step in adopting Azure.
Azure Tenant
A group of users, or an organization, that share access privileges to an instance of a product, service, or application. In the Azure Active Directory, a tenant is an instance of Azure AD that an organization receives registering a cloud application like Microsoft 365.
Each Azure AD tenant is distinct and separate from other Azure AD tenants. Multitenancy refers to an instance of an application shared by multiple organizations, each with separate access to the instance.
Azure Virtual Network
A network that provides connectivity between your Azure resources, which are isolated from other Azure tenants.
Lets you establish connections between different virtual networks, or between a virtual network and an on-premises network. You can control the IP address blocks, DNS settings, security policies, and route tables within a virtual network.
Backup content
Backup content specifies what data to be backed up on a server.
Two types: Content rule and Custom content.
Content rule: Used for similar workloads across multiple servers.
Creating content rule allows choosing file types and folders for backup.
Exclusion option available for selecting folders and file types to exclude from backup.
Druva has a default content rule with predefined inclusions.
For more information, see Manage Content rules.
Custom content: Configured exclusively for specific backup sets with different data needs.
Custom content is backup content for physical servers.
Define and save custom content with a name for later use.
Can't reuse custom content for another server until it's saved.
Backup policy
Rules for automatic backups and data retention.
Create and attach policy to one or more servers, virtual machines, or NAS shares during configuration.
Druva performs backups based on the defined schedule.
Components of a backup policy: policy type, backup schedule, retention period, and platform-specific backup settings.
Backup proxy
A virtual machine that you must deploy and register for backing up and restoring virtual machines in your VMware setup.
Contains Hybrid Workloads agent, which performs backup and restore of virtual machines. For more information, see About backup proxy for VMware.
Backup proxy pool
A collection of backup proxy servers.
Automates mapping of virtual machines to backup proxy servers.
Backup requests assigned to proxy servers based on load balancing. For more information, see About backup proxy pool.
Backup schedule
Defines automatic backup timing.
Druva follows a backup policy-defined schedule for server data backup.
Components of backup schedule are: start time, backup duration, maximum bandwidth per server, days for backup occurrence.
Backup set
A data set configured for backups, including backup content and policies.
Customizable backup content, policy, and retention settings.
Defined for server, virtual machines, and NAS shares, and consists of:
Backup content (content rule or custom content)
Backup policy
Associated with backup set type (e.g., File, MS SQL, VMware).
Multiple backup sets can be attached to a File or MS-SQL server.
In VMware/Nutanix or Hyper-V setup, backup set is a virtual machine with attached policy.
Backup mount
A folder in the ZFS pool of the Phoenix Backup Store that is shared through the NFS.
Data written to this shared folder is backed up to Druva Cloud.
Creating a Backup Mount on Management Console for a registered Phoenix Backup Store creates a shared directory with the specified Backup Mount name on the ZFS pool of Phoenix Backup Store and shared through NFS.
Backup type
Backup comprises copying and archiving of data from servers, virtual machines, and NAS shares to designated Druva storage.
Install and activate Hybrid Workloads agents for server backup.
Druva supports the following types of backups:
Full backup: Backs up all selected files, and the first backup is always a full backup.
Incremental backup: Backs up changed data since the last backup (full or incremental).
Differential backup: Backs up data changed since the last full backup (for MS SQL servers).
Archive logs backup: Backs up archive logs for Oracle databases to recover lost transactions after failures.
Transaction logs backup: Backs up transaction logs for SQL servers recording database changes after each transaction. Transaction log backup intervals can be chosen (5, 10, 15, 30, 45, 60, or 120 minutes). Point-in-time restore uses recovery point from the last full or differential backup, along with transaction logs.
Incremental backups are self-sufficient for complete server restore.
Quick recovery with full backup and last differential backup.
Cloud
Druva Cloud refers to the entire Druva setup.
It includes Hybrid Workloads agent or backup proxy and the cloud storage for data.
Druva protects workloads in Public Cloud and Gov Cloud.
CloudCache
CloudCache is a dedicated server in the local environment.
It locally stores backup and restore data from Hybrid Workloads agents.
Periodically synchronizes this data to Druva Cloud.
Setting up CloudCache ensures faster backups and restores for your organization.
For more information about CloudCache and its deployment, see CloudCache.
Credits for Enterprise Workloads
Credits allow pre-purchasing Druva storage, paying only for what you consume.
The Enterprise Workloads dashboard offers graphs to track purchased credits and storage consumption on the Druva Portal.
Credit balance and cumulative credits used update daily at 12:15 AM UTC based on storage consumption.
For more information about credits and various credit consumption scenarios, see Druva Credits.
Data deduplication
Druva performs global deduplication to optimize storage by removing duplicate data.
Only unique data blocks from all servers are backed up, enabling single-instance restoration.
Data deduplication helps reduce redundant data, manage backup activity, and achieve cost savings.
Let us consider an organization performs full-file incremental backups of files, where only a few bytes have changed, and occasionally performs full backups due to age-old design challenges in backup systems. A 10 TB file server would create 800 TB of backups just from eight weekly fulls, and probably another 8 TB or so of incremental backups over the same amount of time. A good deduplication system can reduce this 808 TB down to less than 100 TB β without lowering restore speed.
Data volume
A discrete storage unit on tape, disk, or other media that supports data.
It serves as storage blocks for saving data.
CloudCache license determines the size of CloudCache for your setup.
A data volume permits you to consume a portion of this storage. You can only consume a portion of the storage that is equivalent to the size of the data volumes that you create.
If your setup requires more storage, you can add up to 10 data volumes, and set a size for these data volumes.
Adding multiple data volumes helps scale CloudCache to match server data size requirements.
Disaster recovery plan
Disaster Recovery (DR) plan is a set of rules for recovering your data in case of emergency or disaster.
A DR plan defines the following:
AWS account: The account in AWS that acts as a secondary site for Disaster Recovery. The account maintains the EBS recovery points for the virtual machines. At the time of disaster, you can launch EC2 instance from these EBS recovery points, in-turn spinning up to production in minutes.
AWS region: The storage region where you want to create DR copies for the virtual machines. The region of the DR plan and region of the storage to which the virtual machine is backing the data to must be same.
Update frequency: The frequency at which Druva updates the DR copy. Based on the defined frequency, on each schedule, the existing DR copy, if present, is replaced with a DR copy based on the latest recovery point available for the virtual machine.
Failover Cluster Instance (FCI)
FCI stands for Failover Cluster Instance of SQL Server.
It is a single SQL Server instance installed across Windows Server Failover Clustering (WSFC) nodes.
The FCI may span multiple subnets.
On the network, it appears as if SQL Server is running on a single computer.
FCI provides failover from one WSFC node to another in case the current node becomes unavailable.
Hybrid Workloads agent
Hybrid Workloads agent is the client-side component of Druva and is deployed locally on servers for backup and restore operations.
Hybrid Workloads agent communicates with Druva Cloud for data backup and restoration.
To enable backup and restore of server data, you must install and activate Hybrid Workloads agent on all relevant servers.
NAS proxy
The Hybrid Workloads agent is installed on Windows or Linux servers.
It handles backup and restore requests from NAS Shares.
To establish connectivity with Druva, you need to install and activate the NAS Proxy.
The link between Druva and a NAS device is established by mapping a NAS Proxy to the device.
Once mapped, the proxy can be attached to a backup set for backup and restore operations.
Multiple proxies can be mapped to a device, and a proxy can be attached to multiple backup sets.
Organizations
Druva uses organizations (sites) as access-based control to segregate resources with no shared data.
Each organization manages its servers, virtual machines, and databases, and policies independently.
Servers, virtual machines, and databases, administrative groups, and policies are isolated within each organization.
Organizations share storage, cloud administrators, and customer licenses.
Access to resources in one organization is restricted from other organizations.
For information about configuring organizations, see Configure Organizations.
Phoenix Backup Store
An NFS server with Druva binaries installed on it.
Phoenix Backup Store has a ZFS pool using disks available on the Phoenix Backup Store.
Backup Mounts in the ZFS pool are shared through NFS.
Data written to a Backup Mount on Phoenix Backup Store is converted to a recovery point and backed up to Druva Cloud.
Data is restored from Druva Cloud to a Backup Mount on Phoenix Backup Store.
Pre and post-script settings
Configure file server and NAS backup policies with pre-backup and post-backup scripts to perform specific tasks before and after a backup job.
Druva executes pre-backup scripts before backup.
Post-backup scripts run after backup for specific tasks.
For more information about pre-backup and post-backup scripts, see Pre-backup and post-backup scripts for File server and Pre-backup and post-backup scripts for NAS.
Retention period
Retention period is the duration the data is kept on Druva Cloud.
Druva Cloud purges data you chose to delete after the retention period.
For example, with a 15-day retention, deleted data is purged after 15 days.
You can define the retention period when configuring the server, virtual machine, or database on Druva Cloud.
Restore
The restore is the process of retrieving backup data that Druva stores. In the event of data loss or corruption, you can restore server data that you previously backed up.
Recovery point
Recovery point is a point-in-time image of backup data.
It indicates the state of the backup data at a particular point-in-time.
Druva supports three types of recovery points:
Hot recovery point: Druva creates hot recovery points if you deploy CloudCache for your Druva setup. A hot recovery point is a point-in-time image of backup data that is stored on CloudCache. CloudCache synchronizes the recovery points to the cloud storage by following the pre-defined schedule. Recovery points that reside on CloudCache appear under Hot on the Restore Overview window.
Warm recovery point: A warm recovery point is a point-in-time image of the backup data. Druva directly backs up the data from the servers to the warm storage, where it stays and is referred to as "warm recovery points".
Cold recovery point: Cold recovery points are point-in-time copies of backup data older than 15 days. These recovery points are stored in the Amazon Glacier Deep Archive. Typically, cold recovery points are maintained for:
Long term data which over a period is hardly accessed or restored.
Need to store this data for compliance and audit purposes.
Cheaper storage and cost savings.
At the time of restore, data from the cold tier is retrieved, moved temporarily to the warm tier, and then restored.
Once you click Restore and initiate the restoration process, the data retrieval from cold tier and its restore from the warm tier happen automatically. Warmed up data is deleted from the warm tier after 10 days.
Storage
A location in the cloud where Druva stores data backed up from different servers.
Pre-purchase Druva storage using credits depending on your data needs and location preferences, and in-effect pay only for the storage that you consume. The purchased storage is translated into credit allocation. For example, if you have purchased a 10-TB Druva storage for a contract term of one year, 120 credits (TB months) are allocated to your account. You can effectively track the purchased credits and storage consumption using Dashboard. For more information about credit usage, see Druva Credits.
βπ Note
β If you have a Business license, you can purchase Druva storage only in one AWS region.Druva directly backs up data from servers to warm storage where the data stays. Because the warm storage is fast in performance, restoring of the data in warm storage is "on-demand" in nature, and starts immediately.
VMware transport mode
Druva backup proxy can access virtual machine data from data stores using three different methods β NBD, HotAdd, NBDSSL. These methods are referred to as VMware Transport modes.
For more information about transport modes, see Transport modes.
Volume Shadow Copy Service (VSS)
Volume Shadow Copy Service (VSS) is a Windows service for capturing and creating recovery points that are called as shadow copies. VSS, which operates at the block level of the file system, provides a backup infrastructure for Microsoft operating systems.
Druva instructs Microsoft VSS to create shadow copies of data on Windows servers. When shadow copies are created on the same volume they can result in heavy input and output load. Therefore, if VSS is enabled, administrators can configure the operating system to create shadow copies on a separate volume.
Consult your Windows operating system documentation for further information about making this configuration change.
Workload
A specific type of server or virtual machine whose data you want to back up, ensuring its protection and recoverability in case of data loss or system failure.
Druva extends data protection and cyber resiliency solutions catering to an array of workloads including:
Hybrid Workloads: File servers, NAS shares, MS SQL servers, Oracle Database Servers, SAP HANA Servers, VMware virtual machines, Nutanix AHV virtual machines, and Hyper-V virtual machines.
AWS Native Workloads: Amazon EC2 instances, EBS resources, RDS Databases, RedShift resources, and Dynamo DB Tables.
Azure VMs