Sendense is a universal backup platform that enables cross-platform VM protection between VMware, CloudStack, OSSEA, Azure, and Physical workloads. It provides live replication with 5-minute RTO, backup to S3, and restore to any platform with inline VM conversion.

How is Sendense different from Veeam?

Unlike Veeam, Sendense doesn't require VMware licenses at DR sites, offers native CloudStack support, provides automatic proof-of-recovery with AsureDense, and costs significantly less at $10/VM/month vs Veeam's $50+/VM/month. Sendense also offers a free tier for up to 10 VMs.

Yes, Sendense offers a free Community tier for up to 10 VMs forever, with no credit card required. This includes full AsureDense proof-of-recovery and CloudStack native CBT.

What platforms does Sendense support?

Sendense supports VMware, CloudStack, OSSEA, Azure, and Physical workloads. You can replicate between any of these platforms and restore backups to any supported destination with automatic hypervisor conversion.

AsureDense is Sendense's proof-of-recovery system that automatically attaches validation evidence to every backup. This includes integrity proof (checksums), mount evidence (what the backup contains), and boot proof (screenshots showing the VM can start). This provides audit-ready compliance without manual testing.

Security Architecture

Security by Disaggregation

The repository you can't reach, can't be attacked.

Sendense keeps your backup repository isolated from production networks with outbound-only connectivity, per-block encryption, and immutable storage — on-prem or in the cloud.

Start Free Trial Book a Demo

Why Backups Get Attacked

Most backup platforms fail the same way: they leave the repository reachable on the network.

Exposed Management Ports

Attackers scan for backup services. Open ports for "management" become entry points.

Direct Repository Access

Compromised production hosts have network paths to backup storage. Ransomware follows.

Credential Reuse

Same AD credentials for production and backup. Compromised domain = compromised backups.

Network Architecture

The Sendense Approach

The SHA (Hub) lives in a secure zone. Remote SNAs initiate outbound tunnels — no inbound firewall rules required at remote sites.

Single External Port (443)
Only one port exposed — the same one you use for HTTPS
Outbound-Only Remote Sites
SNAs establish tunnels to the Hub — no inbound rules
Repository Isolation
EBA storage not directly reachable from production networks
Explicit Enrollment
Time-limited pairing with approval flow — no auto-join

Sendense Security Topology: SHA Hub in secure zone with EBA storage, SNAs at remote sites using outbound-only connections via port 443

On-Premises Security

EBA On-Prem: Local Protection

For environments that must keep data local — regulatory, air-gapped, or sovereignty requirements.

Global Deduplication

100 VMs with 80% OS overlap? Store once. Cross-VM dedup that dramatically cuts storage needs.

Per-Block Encryption

Every 4MB block individually encrypted. Steal a disk? Get nothing useful.

Immutable Storage

WORM-capable backends. Once written, data cannot be modified or deleted until retention expires.

Air-Gap Ready

Complete network isolation possible. Physically move data for ultimate protection.

Supported On-Prem Storage

Local NVMe/SSD

Direct attached

NFS

Network shares

S3-compatible

MinIO, CEPH

ZFS

Block storage

☁️

AWS S3

Object Lock supported

WORMGlacier

☁️

Azure Blob

Immutability policies

WORMArchive

☁️

Google Cloud

Retention policies

WORMColdline

☁️

Wasabi / Backblaze

S3-compatible

WORMLow Cost

Cloud Security

EBA Cloud: S3 Object Lock

Ransomware with admin credentials still can't delete your backups. S3 Object Lock enforces immutability at the storage layer.

Governance Mode
Protection with override capability for authorized admins
Compliance Mode
True WORM — nobody can delete, not even root
Legal Holds
Preserve specific backups indefinitely for litigation
Cost Tiers
Hot tier for recent, cold tier for archive — 80%+ savings

Ransomware Protection In Depth

Multiple layers of defense — not just one.

Network Isolation

Attackers can't reach what they can't find

Outbound-Only Tunnels

No inbound ports at remote sites

Repository Segmentation

EBA storage in isolated network zone

Separate Credentials

Not tied to production AD domain

Data Protection

Even if accessed, data is useless to attackers

Per-Block Encryption

AES-256 on every 4MB block

Client-Side Keys

Cloud provider can't read your data

Dedup-Safe Encryption

Convergent encryption preserves dedup

Delete Protection

Even with full access, deletion is blocked

S3 Object Lock

Storage-layer WORM enforcement

72-Hour Delay

Minimum wait before permanent deletion

Soft Delete + Retention

Deleted data recoverable for X days

Credential Management

Secure Credential Vault

vCenter passwords, S3 keys, storage credentials — all encrypted at rest with strict access controls. No cleartext secrets in config files.

AES-256 Encryption at Rest
All credentials encrypted in the vault — never stored in plaintext
Per-User Key Derivation
Secrets bound to user context — no shared access
Access Logging
Every credential access logged with user, timestamp, and purpose
Rotation Support
Rotate credentials without service interruption

vCenter Production

ENCRYPTED

AWS S3 Archive

ENCRYPTED

OSSEA CloudStack

ENCRYPTED

NFS Repository

ENCRYPTED

Last Access: 2026-01-21 09:15 — jsmith — BACKUP_JOB — vCenter Production

Access Control

Role-Based Access Control

Least-privilege by default. Users get exactly the access they need — no more.

Super Admin

Full platform control. System configuration, user management, all operations.

✓ All permissions

✓ User management

✓ System config

Backup Admin

Manage backup jobs, policies, and repositories. No system-level access.

✓ Create/edit jobs

✓ Manage policies

✗ User management

Restore Operator

Perform restores only. Cannot create jobs, modify policies, or delete backups.

✓ Initiate restores

✓ View job status

✗ Create/delete jobs

Auditor

Read-only access to logs, reports, and compliance data. Cannot perform operations.

✓ View all logs

✓ Export reports

✗ Any operations

Scope Restrictions

Limit users to specific VMs, sites, or tenants. Multi-tenant isolation built in.

Per-VM permissions
Site-level isolation
Tenant boundaries

Session Management

Automatic session expiry, concurrent session limits, and forced logout capability.

Configurable timeouts
Single-session mode
Force logout users

MFA Support

Optional multi-factor authentication for high-security environments.

TOTP authenticators
Hardware key support
Per-role enforcement

Compliance

Audit-Ready Evidence

When auditors ask "prove it" — you can. Every operation logged, every backup verifiable, every hold documented.

Complete Audit Trail
Every create, delete, restore, and hold logged with user + timestamp
Legal Holds
Preserve specific backups indefinitely for litigation
Exportable Reports
Generate evidence packages for auditors and legal
Retention Enforcement
Policies enforced automatically — no manual compliance

Legal Hold #LH-2026-001

ACTIVE

Type: All VMs for Customer X

Matter ID: CASE-2026-ACME-001

Custodian: Legal Department

Created: Jan 15, 2026

Status: Cannot be deleted until released

Audit Trail: 47 events logged • All actions tracked • Export available

Recent Audit Events

2026-01-21 09:15 — BACKUP_VERIFIED — prod-sql-01 — System

2026-01-21 08:30 — BACKUP_COMPLETED — prod-web-02 — Scheduler

2026-01-20 17:45 — LEGAL_HOLD_APPLIED — LH-2026-001 — jsmith

Security Summary

Network isolation via outbound-only tunnels

Single external port (443) for all traffic

Per-block AES-256 encryption

S3 Object Lock immutability

Legal holds with full audit trail

72-hour delay before permanent deletion

Encrypted credential vault

Role-based access control (RBAC)

Complete operation audit logging

Multi-factor authentication support

Per-user key derivation

Scope-based access restrictions

Security by design. Not by bolt-on.

Reduce exposure without slowing operations. Start free with 10 VMs.

Start Free Learn About EBA