You use a service account for authentication and authorization of a VADP-compatible backup solution for backup and restore operations.

Table 1. Design Decisions on Authorization and Authentication Management for a VADP-Compatible Solution

Decision ID

Design Decision

Design Justification

Design Implication


Configure a service account svc-bck-vcenter in the ROBO vCenter Server for application-to-application communication from VADP-compatible backup solution with vSphere.

Provides the following access control features:

  • Provide the VADP-compatible backup solution with a minimum set of permissions that are required to perform backup and restore operations.

  • In the event of a compromised account, the accessibility in the destination application remains restricted.

  • You can introduce improved accountability in tracking request-response interactions between the components of the SDDC.

You must maintain the service account's life cycle outside of the SDDC stack to ensure its availability.


Use global permissions when you create the svc-bck-vcenter service account in ROBO vCenter Server.

  • Simplifies and standardizes the deployment of the service account across all vCenter Server instances in the same vSphere domain.

  • Provides a consistent authorization layer.