inSync Connector or AD/LDAP Connector is a software that needs to be installed on a Windows device or a server within your organization network.
inSync Connector is required in the following scenarios -
- You want to use Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) for importing and managing new users in Druva inSync.
- You want to protect Cloud Apps like Office 365 and G-Suite apps data of your users and you do NOT have -
- A user endpoint device (desktop or laptop) configured for backup in Druva inSync.
- Enabled the Cloud Key Management feature. For more information, see Configure Key Management for Cloud Apps.
inSync Connector role in AD/LDAP Environment
inSync uses the inSync Connector only while authenticating and activating inSync Client deployed on user devices. Backups and restores from user devices on which inSync Client is activated will work as usual even if the computer where you installed the inSync Connector is not available. This means that you do not need to ensure high availability (HA) for the inSync Connector.
The inSync Connector connects with the AD/LDAP Server only when required. The following points outline some of the use cases for the inSync Connector.
- During AD/LDAP Mapping creation: You must create AD/LDAP Mapping if you want to create inSync users by importing their details from the AD/LDAP Server. When creating AD/LDAP Mapping, inSync Cloud queries the AD/LDAP server to retrieve the name of the Base DN, Organizational Units, and Groups. The inSync Connector facilitates communication.
For more information, see Creating an AD/LDAP Mapping.
- When importing user details: When you are creating users by importing their details from the AD/LDAP Server, inSync Cloud fetches the user details from the AD/LDAP Server. The communication is facilitated by the inSync Connector. If inSync Cloud is configured to fetch user details periodically, it sends its query to the inSync Connector once every 24 hours.
For more information, see Adding a group of users by importing details from an Active Directory.
- When activating inSync Client during the mass deployment process: At the end of the inSync Client mass deployment process, the users log on to their computer using their AD/LDAP credentials. The inSync Client sends the user details and the mass deployment token to inSync Cloud for verification. inSync Cloud communicates with the AD/LDAP Server through inSync Connector to query the user details. inSync Cloud verifies the token. If the user exists on inSync Cloud, the device is activated. If not, the user is created on inSync Cloud and the user device is activated. To know more about the mass deployment process, see Mass Deploying inSync Client.
- When authenticating users on inSync Web: If a user, who is configured to use his AD/LDAP credentials for inSync, tries to log on to inSync Web, inSync Cloud will send a verification request to the AD/LDAP Server through the inSync Connector.
inSync Connector role in Cloud Apps
inSync requires access to the ekey and initiate the scheduled backup of any Cloud App data. ekey is used to encrypt the user data when it is being backed up to the inSync Cloud. This is part of the digital envelope encryption process that Druva strictly adheres to.
Druva does not store ekey of the users and has no access to their data.
Druva inSync requires at least one inSync Connector to be configured and connected to the inSync Cloud (default option).
- inSync Connector acts as a Cloud Apps connector to provide the ekeys without requiring users to have their devices connected for their Cloud Apps backup .
- If the registered inSync Connector is not connected, backup of the configured Cloud Apps data fails.
- inSync Connector does not need to have any domains or AD mappings added to it.
inSync generates a Not Connected alert if inSync Connector is not connected to inSync Cloud.