Multi-Tenancy in Commvault

The Commvault Data platform can be deployed in a multi-tenanted configuration aimed at servicing multiple distinct companies or "tenants" while securely separating access to data and systems.

A multi-tenanted CommCell environment is intended to consolidate the data management needs of multiple distinct organizations, companies or tenant. A tenant is typically identified as a separate legal entity along with a separate identity management infrastructure (Active Directory domain, users, and groups). The CommCell environment provides role-based access controls and per-company administration to its tenants.

In a multi-tenanted configuration, a user from one company cannot see the systems or data from another tenant/company.

Additionally, with the use of tenant provided Identity Servers, the tenant remains in complete control of who can access the data management system. If an employee leaves, their account is disabled and they immediately lose access to the Commvault system.

Key Features

A multi-tenanted CommCell environment includes the following key features:

  • All tenants access a single Command Center web interface.

  • Each tenant supplies their own Identity Provider using industry standard protocols (AD, SAML) to authenticate their users.

  • Users are authenticated in the Command Center as Tenant Administrators or Tenant Operators.

    • An administrator is responsible for an entire tenant/company.

    • An operator is responsible only for their own application servers.

  • A single CommServe system provides data management scheduling, alerts, and data handling.

  • One or more MediaAgents and Virtual Server Agents (VSAs) perform data protection operations on the tenant systems. These components may be shared or segregated depending on the tenant needs.

  • The MediaAgents write backup copies down to backup libraries on disk, cloud, or tape. These libraries may be dedicated or shared.

Multi-Tenancy in Commvault - Revised (1)

Loading...