Crossing the divide: how MSPs can deliver Backup-as-a-Service

04 October 2022

Sergei Serdyuk, VP of product management, NAKIVO

Sergei Serdyuk, VP of product management, NAKIVO

With the threat of ransomware of ever-increasing concern, there is high demand for managed service providers (MSPs) to step up and offer more customer-centric data protection services to their clients. Currently, optimum deployment of Backup-as-a-Service (BaaS) is being hindered by the number of network issues that MSPs face, such as the process of setting up a VPN connection while attempting to maintain secure remote access. Organisations with virtual, physical, cloud or Software-as-a-Service (SaaS) IT infrastructures are looking for reliable and cost-effective data protection solutions. But to properly delver BaaS, MSPs require capabilities which allow access to clients’ remote resources (such as a repository or IT infrastructure), without the need for a VPN. So how can MSPs cross this divide?

Multi-tenancy
In single tenant cloud application environments, every client typically has their own on-premise hardware infrastructure and software instance. By leveraging a multi-tenancy approach, MSPs can become more effective through centralising their clients’ management requirements. Multi-tenancy can significantly help streamline administration, as it allows for the creation and management of multiple clients in a single deployment of the solution, ideally with one centralised interface. In watertight environments, the same network infrastructure, compute and storage resources are shared among the multiple tenants. However, these tenants and environments remain completely separate from each other and secure. So even though tenants share the same instance, the data for each tenant is entirely isolated. There is no way for one tenant to access another tenant’s data.

Historically, if a customer had an IT issue, the MSP would have to attend in person, often spending many hours on the road. Thanks to the cloud, multi-tenancy has revolutionised working practices for MSPs. Less time spent travelling has enabled a much-improved allocation of resources focused towards building the business, as well as offering more efficient, reliable remote IT management services to clients, with new and enhanced data protection capabilities.

The ideal multi-tenancy solution for MSPs should enable isolated tenant data protection environments for separate businesses clients, allowing for the creation and management of potentially up to as many as 1,000 tenants in one deployment. With this, the management of all data protection activities can be done from a single pane of glass, with full visibility and control over access permissions granted or allocated resources.

MSP client scope
MSPs delivering BaaS are always looking for ways to adjust their managed service offerings to clients’ demands. Different clients have differing needs, ranging from routine support to fully managed IT requirements. For example, small businesses might not have the resources or a dedicated IT department to adequately manage their services, workstations and data protection issues. This scenario would call for fully managed services where the MSP handles everything for the client, from tech support, to planning, implementing, and keeping infrastructure up and running, including backup and recovery tasks. On the other hand, larger businesses have their own IT departments, where those clients would prefer to handle their own backup and recovery operations without the hassle of managing their resources and software maintenance.

Client-managed data protection
For enterprises, for example, MSPs may wish to offer the option for clients to manage their own data protection activities. If required, this can be enabled opting for self-service capabilities, to allow clients access to their own dashboard with easy-to-use ‘wizards’ aiding in them running their own backups and recovery jobs assigned with built-in or custom roles to certain users with specific permissions. This would also enable the reduction of MSP team workloads, allowing them to focus on other tasks, such as growing MSP backup business, while tenants can manage their particular backup and recovery jobs through self-service multi-tenancy features. As even with permissions granted, tenants remain isolated in their own environments, whereas the MSP retains complete visibility of the entire multi-tenant environment.

Resources provision
MSPs must understand their IT infrastructure and the resources they will need for data protection when creating these tenants, such as host clusters, VMs, and backup repositories, among others. The right BaaS approach should provide control and flexibility over the data protection infrastructure resources available. It should also allow for the distribution of these resources among tenants, dependent upon on their data protection requirements, allowing for their relocation at any time at a later date for cost savings and efficiency.

Secure, remote connection
MSPs can often experience issues in trying to establish a remote and secure VPN connection, but these can also be overcome. Connecting to clients’ remote environments to perform all actions and tasks needed can be achieved via features that enable the direct and secure connection to remote environments over a single port.

Multi-platform protection
The ability to support as many platforms as possible is considered a key aspect to the MSP role. Clients can have very different types of workloads that require protection, and ideally an MSP’s time is not spent on too much administration of many different solutions. So, it’s advantageous that BaaS offerings can be extended to protect a wide range of platforms or have a mixed virtual physical infrastructure.

With the responsibility of protecting clients’ workloads against ransomware, ensuring data can be recovered should an attack occur, and with many other variables to juggle, MSPs certainly have their work cut out for them. But with the right tools and innovative backup and recovery capabilities to help streamline and centralise tasks with the highest levels of data protection, MSPs will be more than able to meet future challenges head on.