Envoy for multi-tenant compute infrastructure

The invention claimed is: 1. A method for pulling a snapshot for a first virtual machine hosted in a multi-tenant cloud compute infrastructure, the method comprising: deploying an envoy in the multi-tenant cloud compute infrastructure, wherein the envoy comprises a second virtual machine, the second virtual machine one of a plurality of virtual machines allocated to a tenant in the multi-tenant cloud compute infrastructure, the second virtual machine connected with the plurality of virtual machines of the tenant including the first virtual machine via a virtual network of the tenant, wherein: the envoy is operative to interface with the multi-tenant cloud compute infrastructure and the plurality of virtual machines using a first virtualization protocol; the multi-tenant cloud compute infrastructure restricts access by a data management and storage (DMS) system to the virtual network of the tenant and to an infrastructure network connecting physical machines including a physical machine that hosts the first virtual machine of the tenant; and the infrastructure network and the virtual network use different network layers and share a physical layer; establishing, by the envoy, a connection between the envoy and the DMS system; generating the snapshot of the first virtual machine of the tenant; storing the snapshot of the first virtual machine of the tenant in a data store of computing resources provided by the multi-tenant cloud compute infrastructure; and sending, via the envoy, the snapshot to the DMS system. 2. The method of claim 1 , wherein the DMS system comprises a distributed data store implemented across a cluster of peer DMS nodes, and the method further includes storing the snapshot of an application in the distributed data store. 3. The method of claim 2 , wherein the envoy is a peer DMS node of a plurality of DMS nodes. 4. The method of claim 1 , wherein establishing the connection with the DMS system includes sending a secure socket layer (SSL) certificate to the DMS system. 5. The method of claim 1 , further comprising: prior to sending the snapshot from the first virtual machine to the DMS system, encrypting the snapshot. 6. The method of claim 1 , further comprising: generating another snapshot of another virtual machine in parallel with generating the snapshot of the first virtual machine; and sending the parallel snapshot to the DMS system. 7. The method of claim 1 , further comprising: generating a data fetch job for the first virtual machine; placing the data fetch job in a job queue accessible to the envoy to schedule the data fetch job; retrieving the data fetch job from the job queue; and in response to retrieving the data fetch job, generating the snapshot of the first virtual machine. 8. The method of claim 7 , wherein a peer DMS node generates the data fetch job and places the data fetch job in the job queue stored in a distributed database of the DMS system. 9. The method of claim 8 , wherein the envoy retrieves the data fetch job from the job queue. 10. The method of claim 8 , wherein: the envoy retrieves the data fetch job from the job queue; and the method further includes, in response to retrieving the data fetch job, sending a request to a virtualization module of the first virtual machine via the envoy to generate the snapshot of the first virtual machine. 11. A multi-tenant compute infrastructure, comprising: a first virtual machine of a tenant of the multi-tenant compute infrastructure; and an envoy deployed in the multi-tenant compute infrastructure, wherein the envoy comprises a second virtual machine, the second virtual machine one of a plurality of virtual machines allocated to the tenant in the multi-tenant compute infrastructure, the second virtual machine connected with the plurality of virtual machines of the tenant including the first virtual machine via a virtual network of the tenant, wherein: the envoy is operative to interface with the multi-tenant compute infrastructure and plurality of virtual machines using a first virtualization protocol; the multi-tenant compute infrastructure restricts access by a data management and storage (DMS) system to the virtual network of the tenant and to an infrastructure network connecting physical machines including a physical machine that hosts the first virtual machine of the tenant; the infrastructure network and the virtual network use different network layers and share a physical layer; and the envoy is configured to: establish a connection between the envoy and the DMS system; generate a snapshot of the first virtual machine of the tenant; store the snapshot of the first virtual machine of the tenant in a data store of computing resources provided by the multi-tenant compute infrastructure; and send, via the envoy, the snapshot to the DMS system. 12. The multi-tenant compute infrastructure of claim 11 , wherein the DMS system comprises a distributed data store implemented across a cluster of peer DMS nodes, and the envoy is further configured to store the snapshot of an application in the distributed data store. 13. The multi-tenant compute infrastructure of claim 12 , wherein the envoy is a peer DMS node of a plurality of DMS nodes. 14. The multi-tenant compute infrastructure of claim 11 , wherein establishing the connection with the DMS system includes sending a secure socket layer (SSL) certificate to the DMS system. 15. The multi-tenant compute infrastructure of claim 11 , wherein the envoy is operative to, prior to sending the snapshot from the first virtual machine to the DMS system, encrypt the snapshot. 16. The multi-tenant compute infrastructure of claim 11 , wherein the envoy is operative to: generate another snapshot of another virtual machine in parallel with generating the snapshot of the first virtual machine; and send the parallel snapshot to the DMS system. 17. The multi-tenant compute infrastructure of claim 11 , wherein the DMS system is operative to: generate a data fetch job for the first virtual machine; and place the data fetch job in a job queue accessible to the envoy to schedule the data fetch job; and wherein the envoy is operative to: retrieve the data fetch job from the job queue; and in response to retrieving the data fetch job, generate the snapshot of the first virtual machine. 18. The multi-tenant compute infrastructure of claim 17 , wherein a peer DMS node is operative to generate the data fetch job and place the data fetch job in the job queue stored in a distributed database of the DMS system. 19. The multi-tenant compute infrastructure of claim 18 , wherein the envoy is operative to retrieve the data fetch job from the job queue. 20. The multi-tenant compute infrastructure of claim 18 , wherein the envoy is operative to: retrieve the data fetch job from the job queue; and in response to retrieving the data fetch job, send a request to a virtualization module of the first virtual machine via the envoy to generate the snapshot of the first virtual machine.