Link Search Menu Expand Document

Elastio Components

Table of Contents

The Elastio stack consists of five main components:

Elastio Tenant

An Elastio Tenant is a logically separated instance of Elastio dedicated to a specific customer. Each Elastio Tenant has its own users (team members), associated sources (AWS accounts), roles and a dedicated subdomain. Your Elastio Tenant can automatically deploy Elastio stack updates, communicates with the Elastio Cloud Connectors deployed in your AWS account(s), monitor the status of jobs, and alert you when something is wrong.

CloudFormation stack

CloudFormation stack is responsible for managing data protection in your AWS account. The CloudFormation template which is deployed into your AWS account as part of the Elastio installation creates several IAM roles. These roles are needed so that each Elastio component runs with only the minimum set of permissions it needs. They are only used within your AWS account to run Elastio code, and are not available for use by Elastio personnel or code running on Elastio servers. Though, there are two exceptional IAM roles such as ElastioTenant role and ElastioInstaller.

ElastioTenant role is needed for your Tenant communicating with the Elastio Cloud Connector and getting information about what available for protection assets are in your AWS account. The ability to assume this role is limited to a specific Elastio AWS account, and requires a secret key specific to your account which is stored encrypted by Elastio with very restricted access to minimize the risk of a compromise.

ElastioInstaller role has enough permissions to create and destroy the resources which Elastio manages in your AWS account. The resources which contain your backed up data can be created with it, but not destroyed. The Elastio Tenant only assumes this role when deploying, updating, or removing the Elastio Cloud Connector in a particular account; for all other operations ElastioTenant role is used.

Cloud Connector

The Cloud Connector is one of the components of Elastio stack that provides proper infrastructure for performing Elastio operations. It is responsible for the communication with your Elastio Tenant, backup and restore operations, scanning your application recovery points for security threats, monitoring the progress of jobs, and storing the backed up data.

The Cloud Connector is deployed into your AWS account, so the protected data never leaves your control. To deploy a Cloud Connector, you need to connect an Elastio Tenant to your AWS account. To proceed with deployment, you need to select a region you want to install Elastio into. One Cloud Connector is deployed in one AWS region. Currently, it is possible to deploy it into the following AWS regions:

  • us-east-1
  • us-east-2
  • us-west-2
  • eu-central-1
  • ap-southeast-2

Being a part of the Cloud Connector, a vault is deployed into your AWS account as well. When deploying a vault, you will need to select a VPC you want to deploy it to and one or more subnets withing that VPC. Be advised that different configurations of the VPC and the subnet(s) may affect the process of deployment. To find more about possible configurations, visit the Prerequisites for Elastio Deployment page.

To perform backup and restore operations, the Cloud Connector communicates with ScaleZ. ScaleZ is Elastio’s custom-developed backup storage engine that stores data and metadata in a deduplicated, compressed and encrypted form in an S3 bucket. The engine utilizes an AWS spot instance for its compute resources when an Elastio operation is requested. To manage the lifetime of ephemeral AWS spot instances, the Cloud Connector service Provisioner is used. The service launches and shuts down a compute instance automatically, so there is no need to do it manually.


ScaleZ is the component of the Elastio backup and disaster recovery product which is responsible for storing and retrieving the metadata which describes backups. This metadata includes change logs between incremental snapshots and pointers to the data which make up each backup image. The actual data is not stored in ScaleZ, but is rather saved in S3. ScaleZ maintains information on which pieces of data are stored in which S3 object, but the transfer of that data happens directly between a client and S3.

Our ScaleZ storage engine deduplicates and compresses and tracks everything under protection for:

  • Files
  • Streams
  • Databases
  • Tables
  • Partitions
  • Disks

Multiple workflows can access the data concurrently for fast recoveries and concurrent access to data. Our backups are incremental for fast performance and space efficiency.

Elastio CLI

The Elastio CLI is a command-line interface that accepts text input to execute operating system functions.

The Elastio CLI can be installed on any Windows, macOS or Linux machine (either physical or virtual). To use the Elastio CLI, the correct credentials to your AWS account must be configured. For this you can either attach the IAM role to an EC2 instance or install and configure the AWS CLI through a set of keys or your AWS profile. The AWS CLI is set up using the aws configure command.

In the Elastio stack, the Elastio CLI is used to deploy the Elastio Cloudformation stack and Cloud Connector(s) and manage vaults, perform backups, restores, recovery point mounts and user and access token management, scan your application recovery points for security threats, etc.