You use a service account for authentication and authorization of a VADP-compatible backup solution for backup and restore operations.

Table 1. Design Decisions on Authorization and Authentication Management for a VADP-Compatible Solution

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-BKP-008

Configure a service account svc-bck-vcenter in the ROBO vCenter Server for application-to-application communication from VADP-compatible backup solution with vSphere.

Provides the following access control features:

  • Provide the VADP-compatible backup solution with a minimum set of permissions that are required to perform backup and restore operations.

  • In the event of a compromised account, the accessibility in the destination application remains restricted.

  • You can introduce improved accountability in tracking request-response interactions between the components of the SDDC.

You must maintain the service account's life cycle outside of the SDDC stack to ensure its availability.

ROBO-OPS-BKP-009

Use global permissions when you create the svc-bck-vcenter service account in ROBO vCenter Server.

  • Simplifies and standardizes the deployment of the service account across all vCenter Server instances in the same vSphere domain.

  • Provides a consistent authorization layer.

None.