Subtenants is a multi-tenant division of an existing Veeam Cloud Connect tenant, that can be used to split a Cloud Repository into multiple isolated repositories that share the same quota. If multiple agents use the main Tenant account to store their backups, they would be able to see each other data; since tenant's administrators would prefer to guarantee data confidentiality to their users, subtenants can help to achieve this.
5.32: Logical design of Cloud Connect subtenants
When agents uses subtenants accounts, they can store their backups inside the same Cloud Repository, sharing the same quota, but at the same time they cannot access each other's backups.
The Tenant's administrator can fully manage his own cloud repository and share it among his users. This is possible because subtenants's management can be done by both the service provider and the tenant primary account.
Subtenants creation and management for Standalone accounts
In order for the tenant to manage his subtenants, he needs to install Veeam Backup & Replication and register the service provider's Veeam Cloud Connect. Another option is to use Veeam Availability Console, if the service provider is offering it. This is however out of the scope of this book.
Once the registration is completed, by selecting the registration itself the option to manage subtenants is available:
5.33: Subtenants management at the tenant's side
With the Add button, the tenant's administrator can create a new subtenant:
5.34: Standalone subtenant creation
Each subtenant receives his credentials, and a personal quota that is carved out from one of the Cloud repositories that the tenant has received from the service provider. Subtenants can have a personal limit, or share the overall limit of the Cloud repository until it is full. Personal quota are hard limits for the subtenants, but the tenant can oversubscribe his cloud repositories if needed. At the same time, the size of the Cloud repository is still a hard limit for the tenant, even if it's oversubscribed.
From the management panel, tenants can add, edit or remove their own subtenants, and control the quota usage, without involving the service provider. This makes the solution highly flexible, giving full self-service capabilities to tenants and at the same time reducing the load on the service provider, which still has control over the overall quota.
5.35: Subtenant management panel
Subtenants creation and management for vCloud Director accounts
As explained in previous chapters, when vCloud Director is used in Veeam Cloud Connect, Veeam totally relies on existing objects instead of creating new ones. Even for subtenants this rules applies. In fact, if a service provider or a tenant open the subtenant management page and try to add a new subtenant, the window will be different than the one shown before:
5.36: Add subtenant with vCloud Director
Users cannot be created directly in Cloud Connect but they need to be selected from the existing vCloud Director users that are not organization administrators. For example, multiple vApp users can be created in vCloud Director directly by the tenant:
5.37: vCloud Director users
When the tenant goes to add a new subtenant, in the user selection he can see and select the vApp users read in real time from vCloud Director:
5.38: List vCloud Director users in Cloud Connect
The rest of the configuration proceeds as explained for local subtenants:
5.39: vCloud Director subtenants
In the next chapter, we will see how subtenants can be used to run Veeam agents backups.