Before you configure inSync to back up your data, it is important to understand the complete SaaS Apps architecture. This article explains the data flow between different components of SaaS Apps architecture.
Configuration workflow
The configuration workflow involves global admin authorizing Druva to access the Microsoft 365 data to be backed up. The following graphic illustrates the workflow.
The following table summarizes the workflow steps.
Step | Description |
Step 1 | Global admin authenticates and passes login credentials. |
Step 2 | Microsoft 365 tenant returns the authorization code. |
Step 3 | Druva sends the authorization code to Microsoft 365. |
Step 4 | Microsoft 365 returns the access token with full scope and short Time To Live (TTL) along with a refresh token with a longer TTL. |
Step 5 | Refresh token is encrypted with the customer’s ekey and saved in Druva’s database (RDS). The customer’s ekey is encrypted via the data key received from KMS. |
Backup workflow
The backup workflow involves Druva receiving the data to be backed up from Microsoft 365, encrypting it using ekey, followed by backing it up. The following graphic illustrates the workflow.
The following table summarizes the workflow steps.
Step | Description |
Step 1 | Druva sends the refresh token along with the backup scope to Microsoft 365. |
Step 2 | Microsoft 365 responds with an access token for the backup scope. |
Step 3 | Druva sends GET request API calls with the access token. |
Step 4 | Microsoft 365 responds with data. |
Step 5 | Druva receives the data and encrypts it using ekey and stores it in S3. Metadata is stored in DynamoDB. |