SaaS Architecture and

Storage
Commvault Platform Architect - SaaS

© Commvault 2024
Notices and Disclaimers
COPYRIGHT, CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENTS APPLY

Commvault, Commvault and logo, the "C hexagon” logo, Commvault Systems, Metallic, Metallic and logo, the “Wave” logo, Arlie, Cloudburst, and ThreatWise are
trademarks or registered trademarks of Commvault Systems, Inc. (“Commvault) The unauthorized use of any Commvault trademark is strictly prohibited. Other company
and product names mentioned herein may be trademarks of their respective owners. References to any third-party products, services, or websites should not be
considered an endorsement by Commvault. Some examples are for illustration only and are fictitious. All right, title, and interest, including all intellectual property rights in
and to this document/video and to any related subject matter (collectively “Ownership Rights”) are owned and expressly reserved by Commvault. No Ownership Rights
are granted to you.
This training is intended for distribution to and personal reference use solely by Commvault employees, partners; all use of Commvault Solutions, including this document
/video, is governed by Commvault’s Master Terms & Conditions (currently available at https://www.commvault.com/legal/master-terms-and-conditions) which are
incorporated herein in their entirety. This content is provided “as is.” Information in this training, including any specifications, URLs, or other references, is subject to
change without notice.
See www.commvault.com/IP for more information about our trademarks, patents, and other IP rights.

Confidentiality
This training contains information that is confidential and proprietary to Commvault. Without limiting rights under copyright or otherwise, this information is provided with
the express understanding that it will be held in strict confidence and that no part of this document will be disclosed, used, reproduced, stored, or transmitted, in whole or
in part, for any purpose other than as expressly approved or provided by Commvault in writing.

©1999-2024 Commvault

© Commvault 2024

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.
Commvault Cloud SaaS Solutions
Data Protection As A Service (DPAAS) For Your Entire Data Estate

VM & Kubernetes Database Files & Objects Cloud Storage File & Object Archive Threatwise
Microsoft Hyper-V, VMware, For Microsoft SQL, Azure, For Windows Server, For Air-gapped For early warning
For compliance
Nutanix AHV, Azure VM, PaaS, Oracle, Amazon AWS, Azure Blob & Files, OCI cloud storage. into threats.
ready archiving.
Kubernetes, Microsoft Azure, SAP HANA. Object Storage, Amazon, S3,
AWS, AVS, VMware Cloud. Linux/ UNIX.

Microsoft 365 Microsoft Salesforce Endpoint Active Directory Security IQ

For Exchange, Teams, Dynamics 365 For Salesforce For laptops For Entra ID and For actionable
SharePoint, OneDrive, Cloud data. and desktops. Microsoft AD. threat insights.
For CE applications +
Project, and more.
Power Platform.

Auto Recovery Risk Analysis Threat Scan Cleanroom Recovery

For VMs For M365 For Files For SaaS and on-prem
software

Check docs.metallic.io for up-to-date details on supported platforms and workloads

Commvault Cloud for Government
A Single Solution For Data Security In The Cloud

• FedRAMP High
Cloud Endpoints VMs • GCC High
workloads
• CJIS Compliant
• FIPS 140-2 Compliant
Containers Databases Unstructured SaaS Apps
data • Isolated cloud environment

Cloud storage File systems

Hosted on Azure Government Cloud

Commvault Cloud SaaS Managed Services
Commvault Cloud SaaS Services To Meet Your Customers’ Needs

Commvault Shared Responsibility Model

(Health & Performance)

Alerts & Monitoring
Customer Security
On-Prem Cloud Service Management
SaaS Apps Endpoints
Workloads Workloads Options
Customer
Responsibility
Backup Plan Data Restore Data Export BYOS

Backup Health Usage Report Backup Gateway Policy Compliance

Control Plane

Monitoring (Infrastructure & Availability

Commvault Security & Compliance
Commvault Cloud Console Compliance Search MSP Portal
Customer Partner Managed
Managed (MSP Model)
Data Services
Data Movers Data Storage
Commvault
Responsibility
Foundational Services

Dedupe Engine Search Engine Encryption Backup Services

Compute Storage Networking

SaaS Ring
Architecture Ring Home
Rings
Region

M104, M4 Australia East

Commvault Cloud SaaS
Rings consist of
M2, M3, M4,
East US 2
• CommServe M101

• Configured in a cluster
M100 UK South
• MediaAgents
M108, M102,
• Index Servers West Europe
M107
• Access Nodes for supported Germany West
M103
workloads Central

• Commvault Infrastructure M106 Southeast Asia

Components
M105 UAE North
• Command Center
• Web Servers
M921 USGov Virginia
• Web Console
• Network Gateway / Proxies Accessible directly through:
https://<ring>.metallic.io
Simple Cloud Delivery: How It Works
Fast, frictionless, and flexible

YOUR DATA FROM ANY LOCATION TO THE RIGHT LOCATION

On Premises On Prem Data Center Air Gap Protect
Workloads (Primary Storage) (managed storage)

BYO
Cloud Storage

On Prem Data Center

Physical Virtual Converged (Secondary Storage)

CLOUD WORKLOADS YOUR CLOUD STORAGE AIR GAP PROTECT

(managed storage)

BYO
Cloud Storage

SAAS APPLICATIONS
YOUR SAAS APPLICATIONS

WE TAKE CARE OF
CLOUD STORAGE INCLUDED

Data Availability
Backup Infrastructure Maintenance ENDPOINTS
LOCAL DISK
Updates
Support

Unique flexibility to protect and recover data close

to the source for ultimate performance
Storage
Commvault Cloud Workloads & Primary Storage
Commvault Cloud
Salesforce Backup

AGP
Commvault Cloud
Backup for Microsoft
SaaS apps
365
Commvault Cloud
Backup for Microsoft
Dynamics 365
AGP

Commvault Cloud
Endpoints
Endpoint Backup

Commvault Cloud VM &

Kubernetes Backup

Commvault Cloud
Commvault
Cloud Air Gap Hybrid cloud Database Backup
Protect (AGP)
data protection AGP AWS Azure On-prem HSX
Commvault Cloud
File & Object Backup

Commvault Cloud Active

Directory and Entra ID Backup
On-prem AGP Azure AGP
Supported Commvault Cloud SaaS Storage Options
Cross-region storage Cross-region storage is Cross-vendor storage is
is not supported supported with a warning supported with a warning

AGP AGP BYOS Azure AGP BYOS AWS AGP

(EAST US) (WEST US) (WEST US) (EAST US) (US WEST) (EAST US)

Secondary Storage
AGP Azure AGP Azure AGP OCI AGP OCI BYOS BYOS BYOS
Disk and Local
Hot Cool Standard Infrequent Azure OCI AWS
Primary Disk and Local No Yes Yes Yes Yes Yes Yes Yes
Storage
AGP Azure Hot No No Yes No No No No No
AGP OCI Standard No No No No Yes No No No
BYOS Azure No Yes Yes No No Yes No No
BYOS OCI No No No Yes Yes No Yes No
BYOS AWS No Yes Yes Yes Yes No Yes Yes

https://documentation.commvault.com/
 Important: If you must have all data traffic reside in
Commvault Cloud AGP your Azure cloud account due to firewall restrictions or
use Azure IAM VM roles, deploy a Commvault Cloud
for air gapped ransomware backup gateway. The backup gateway must be
protection deployed in the same region as the data you are
Air-Gap offsite backing up.
in AGP

Comparing
Secure
Storage Pool •
•
Customer owned resource

Offset rogue credential risks with

• Managed air-gap storage copy
service

• Global dedupe/encrypted cloud pool

Options
WORM time-locks (2xBET)
(1xBET)
• Global dedupe/encrypted cloud pool And / or
• Embedded secure service credentials
• Embrace Cold/Archive tiers for from CCID
reduced operational costs (added
latency) • Customer-owned encryption keys

• Defer egress and read fees to critical • No egress or read fees

access $$ event
• No server instances required (simple
• No server instances required storage integration)
(storage)

Customer Managed Cloud Store Commvault Cloud AGP on Azure and OCI
 Hot and Cool Storage Tier Options

Hot Storage Cool Storage

You would use a Hot storage tier for primary You would use a Cool storage tier for secondary
backup copies that typically have a shorter backup copies that have a longer retention span,
retention span of 30 days or less, to support more between 30 to 90 days, and support less frequent
frequent restores and fastest RTO. restores with longer RTOs.
 Ransomware and risk Hybrid Cloud Capacity
reduction with testing adoption growth

• Virtual air-gap data copy • Drive agility with cloud-based • Easily meet
backed by Azure cloud storage, limitless scale, and changing capacity
security. cost savings over tape needs with cloud

Air Gap
• Commvault Cloud encryption solutions.
and access controls
access.
• Easy cloud adoption for
enhance security and aid in customers lacking skills to
ransomware recovery.

Protect
integrate it into their IT
strategy.

Key
Use Effectively manage Secondary Cleanroom
cloud costs backup copies Recovery
Cases • Predictable storage • Support the 3, 2, 1 • Integrates with
costs enable long-term rule: Three copies of AGP for
forecasting and the data, two in secure cyber
prevent unexpected different locations, recovery
bills. and one off-site testing within
an isolated
recovery
environment
Deploying Commvault
Cloud AGP

Follow 3-2-1 Align with customer’s target Prepare for Choose Wisely
Best Practices outcome Success
3 - Copies of data Understand backup/recovery SLAs Are resources in place? Set achievable expectations
2 - Copies on different storage • Data location & footprint - Do they want Fast,
media • Daily change rate • Assess “Available” bandwidth Cheap, or Reliable?
1 - Air-Gapped offsite Copy • RPO/RTO objectives • Consider network bottlenecks
• Recovery scenarios • Will Gateway/MA resources scale …Pick 2
 Storage flexibility with Commvault
Cloud SaaS Storage options

On-premise storage Cloud storage linked

with Commvault Cloud to Commvault Cloud
Backup Gateways Control Plane
allows quick recovery enables direct writes
but needs more but may reduce
planning and performance and
infrastructure for incur egress fees.
expansion.
Commvault Cloud Backup Gateways

AN

Represents Backup Gateway

 Commvault Cloud Backup Gateways

Backup Data Flow

Backup gateways are Localized data movement Deduplication and indexing of data Signaling Transfer
deployed locally to workload between workloads and stored locally for reading and creating a
locations to offer: storage secondary copy in cloud storage. Represents
Backup Gateway
Commvault Cloud Backup Gateways

Backup Data Flow

Required for Commvault Cloud Specific cloud-based workloads are
SaaS customers to protect on- supported for AWS, Oracle Cloud Signaling Transfer
premise workloads to local Infrastructure, or database
resources in Azure. Represents
storage.
Backup Gateway
Commvault Cloud Backup Gateway
Exceptions

Backup Data Flow

Backup gateways are not Signaling Transfer
required for these workloads
as they write to Azure directly. Represents
Backup Gateway
Commvault Cloud Backup Gateways

.
.
Backup Data Flow
*Supports up to Install on 200 GB Deduplication and indexing *Consult Commvault
Signaling Transfer
50TBs BET per minimum dedicated operations are performed documentation for larger
environments. Represents
gateway. SSD. on install disk.
Backup Gateway
Thank You!

© Commvault 2024