PowerProtect Data Manager 19.9 Azure Deployment Guide

Architecture overview

Access to PowerProtect Data Manager and DDVE is managed by Virtual Network (Vnet) service endpoints and their policies, as well as by network and application security groups. DDVE uses blob containers to store the backed up data of virtual appliances and virtual machines deployed to Azure. For more information about this, see the following Microsoft articles:

• Virtual network service endpoint policies for Azure Storage
• Network security groups
• Application security groups
• Quickstart: Upload, download, and list blobs with the Azure portal

PowerProtect Data Manager deploys with a private IP address. For access from an external site, configure a VPN connection.

The following diagram represents the basic architecture of PowerProtect Data Manager on Azure. The diagram shows a possible distribution of PowerProtect Data Manager and DDVE in one private subnet, and application hosts in another.

Sensitive PowerProtect Data Manager data, such as passwords, is encrypted and stored in a lockbox. For more information about PowerProtect Data Manager security, see the PowerProtect Data Manager Security Configuration Guide at Customer Support.

Control and Data Paths

The following diagram shows the transfer of data between PowerProtect Data Manager and DDVE and application hosts. This network traffic composes the majority of data transferred in an Azure cloud.

DDVE and the replication of data between private subnets.

The following diagram shows the replication of data between private subnets as well as the transfer of data during regular operations. It also shows application hosts distributed between public and private subnets.

NOTE To deploy additional instances of DDVE to Azure outside of the PowerProtect Data Manager deployment process, see the PowerProtect DD Virtual Edition in Azure Installation and Administration Guide at Customer Support