Guide
SNA Enrollment Overview
How Sendense Node Appliances enroll with SHA and why deployments often include more than one.
Definition
SNA means Sendense Node Appliance. It is a supported Sendense virtual appliance that acts as a backup proxy and runs the EBA Smart Transport role.
Enrollment connects an SNA to SHA so it can be coordinated for backup, recovery, relay, and site-side operations. After enrollment, the SNA reports reachability and readiness and receives assigned work for its site or deployment role.
When To Deploy An SNA
Deploy an SNA when a site or protected environment needs:
- Backup proxy services for protected workloads.
- EBA Smart Transport data movement.
- Restore or restore-to-server site access.
- Controller relay paths in deployment shapes where those are used.
- Platform-local operations for supported source or target environments.
- Additional backup concurrency, load balancing, or fault tolerance.
Connectivity Model
The SNA always initiates its connection to SHA; SHA never needs to reach into the customer site. Each SNA maintains a single always-on outbound encrypted connection to SHA, using one outbound TCP port (443 by default). No inbound firewall rules are required at the site for normal operation.
SNA to SHA connectivity
Every site connects outbound to SHA over one encrypted connection. That connection carries enrollment, control, health heartbeats, backup data, and hub-routed replication.
What the connection carries
Enrollment, control and health heartbeats, backup data streams, and hub-routed replication traffic all travel inside the one encrypted appliance connection.
Firewall model
Sites only need to allow the SNA's outbound connection to SHA. Direct site-to-site replication, where enabled by the replication route policy, is the one case where SNAs communicate across sites.
Enrollment
SNA enrollment uses a pairing and approval workflow. Because an SNA can enroll over the internet where the design permits it, location should be planned around connectivity, routing, performance, load, and fault tolerance rather than a single fixed placement rule.
Enrollment flow
Generated in SHA
Pairing Code
An administrator generates a short-lived pairing code and optionally pre-assigns a site.
Initiated by the SNA
Enrollment Request
The appliance submits its identity with the pairing code and appears in SHA as pending approval.
Administrator decision
Review And Approve
The administrator verifies the appliance identity fingerprint, assigns the site, and approves or rejects.
Managed appliance
Connected
The SNA reports health and heartbeats and receives work for its approved site-side workflows.
Health States
Heartbeat vs health
After approval, the SNA sends heartbeats about every 30 seconds. Heartbeat shows whether SHA is receiving current contact from the SNA; health shows whether the SNA is ready for assigned work. When heartbeats stop, SHA treats the appliance as offline and routes work to other healthy SNAs at the site where they exist.
Scale And Resilience
Customers commonly deploy multiple SNAs for load balancing and fault tolerance. A useful starting point is around one SNA for every five concurrent backup jobs, refined by workload size, storage performance, network capacity, recovery workflows, and required resilience. SHA balances work across the healthy SNAs at a site and skips appliances that are unhealthy, stale, or in maintenance mode.
Lifecycle And Updates
After enrollment, the SNA lifecycle covers site assignment changes, health and heartbeat review, version and update status, source and target connectivity checks, restore-to-server destination testing, maintenance mode before planned appliance work, support evidence collection, and safe removal or replacement.
- Operators can see each SNA's current and available version.
- Updates show progress and final status, and are health-gated where supported.
- Failed or rolled-back updates need operator review.
- Update availability can show as unavailable when version information cannot be checked.
What An SNA Is Not
- An SNA is not snagent, the CloudStack KVM hypervisor host agent.
- An SNA is not a Sendense Controller, the per-VM DR target appliance.
- An SNA is not EBA; it moves backup data, it does not store recovery points.
- SNA enrollment is not the same as source infrastructure discovery.
Related Docs