Skip to main content

How can we help you?

Druva Documentation

SaaS Apps architecture

Before you configure inSync to back up your data, it is important to understand the complete SaaS Apps architecture. This article explains the data flow between different components of SaaS Apps architecture. 

Configuration workflow

The configuration workflow involves global admin authorizing Druva to access the Microsoft 365 data to be backed up. The following graphic illustrates the workflow.

Screenshot 2022-09-27 at 12.47.16 PM.png

The following table summarizes the workflow steps. 

Step Description

Step 1

Global admin authenticates and passes login credentials.
Step 2 Microsoft 365 tenant returns the authorization code.
 
Step 3 Druva sends the authorization code to Microsoft 365.
 
Step 4 Microsoft 365 returns the access token with full scope and short Time To Live (TTL) along with a refresh token with a longer TTL.
Step 5 Refresh token is encrypted with the customer’s ekey and saved in Druva’s database (RDS). The customer’s ekey is encrypted via the data key received from KMS.

Backup workflow

The backup workflow involves Druva receiving the data to be backed up from Microsoft 365, encrypting it using ekey, followed by backing it up. The following graphic illustrates the workflow.

Screenshot 2022-09-27 at 12.47.36 PM.png

The following table summarizes the workflow steps. 

Step Description

Step 1

Druva sends the refresh token along with the backup scope to Microsoft 365.
Step 2 Microsoft 365 responds with an access token for the backup scope.
Step 3 Druva sends GET request API calls with the access token.
Step 4 Microsoft 365 responds with data.
Step 5 Druva receives the data and encrypts it using ekey and stores it in S3. Metadata is stored in DynamoDB.
  • Was this article helpful?