System Requirements for Protecting Google Cloud Platform Instances

Planning for protection of your Google Cloud VMs with Commvault includes verifying that your environment meets the system requirements and configuring access to the resources that you want to protect. For information on how to add a hypervisor and install the access node, see Configuring Backups for Google Instances.

Commvault Packages

Access nodes for GC instances must have the Virtual Server Agent package installed. For information on how to add a hypervisor and install the access node, see Configuring Backups for Google Instances.

Access Node Network Requirements

To back up resources from one or more Google Cloud projects, you must install at least one Commvault access node on a Google Cloud Compute Engine instance.

Google Cloud APIs & Services

The following APIs and services are required to manage various Google Cloud resources and services:

gcloud Commands

You can activate these APIs for the Service Account performing protection. Run the following commands in an authorized gcloud shell.

gcloud services enable iam.googleapis.com
gcloud services enable compute.googleapis.com
gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable storage.googleapis.com

For example:

gcloud services enable *service_name*

For information about activating APIs, see Enabling an API.

Deployment Considerations

Tiers Based on Service Level Agreements (SLAs)

Different instances can have different backup and recovery options that are defined in a service level agreement (SLA) for each class of instance. For example:

High transaction instances that provide customer application support might require multiple daily backups with the requirement to recover instances quickly.
User instances might need the ability to recover specific files and folders on a daily basis.
Development and test instances might only need weekly backups or the ability to recover to predefined states.

To manage different SLAs, you can create a separate VM group for each class of instance. Each VM group can have its own storage policy, backup schedule, and recovery options.

Data Recovery Considerations

The frequency of backups should be based on your requirements for data recovery. For example:

To determine backup frequency, determine how long the maximum window for potential loss can be. For example, if your policy calls for no more than an hour's work to be lost in the event of an instance failure, hourly backups are required.
If immediate recovery is a priority, you can restore a copy of an instance that is frequently updated based on incremental backups.

Deployment and Other Requirements

Access nodes for GCP instances must be present on Google Cloud. You can designate one access node to back up instances from multiple projects (to which access rights are provided in your GCP service account). For faster backups and restores, designate at least one access node for every GCP region.

Important

You must enable the Cloud Resource Manager API. If you do not enable the API, all backup jobs will fail (including backup jobs for clients that were created in a previous release).

Important

You can define discovery rules by a project parameter, in addition to region and zone parameters.

If an environment has discovery rules that are defined using zone or region parameters, then the following are true:

Multiple projects can fall within a region or a zone.
All instances in those multiple projects are backed up.

In this situation, backups might include instances that do not need to be backed up, and so incur unnecessary costs. Review all rules to ensure that only instances that need to be backed up are backed up.

Operating System Support

Access nodes for Google Cloud instances must run one of the following operating systems.

Install the Commvault Virtual Server Agent (VSA) matching your CommServer version.

Linux

Live browse operations using Linux access nodes are supported only for the NTFS file system.
Live browse operations using Linux access nodes are not supported for snapshot-based backups.
Restoring files with advanced encryption attributes using a Linux access nodes is not supported.
Install the Virtual Server Agent on a Linux machine that runs any of the following operating systems:
- Rocky Linux 9.x, 8.x, (recommended)
- Red Hat Enterprise Linux (RHEL) 9.x, 8.x
- Oracle Enterprise Linux (OEL) 9.x, 8.x
End of Life (best effort support)
- CentOS Linux 7.9, 7.8, 7.7, 7.6, 7.5, 7.4
- Red Hat Enterprise Linux (RHEL) 7.x, see What to know about Red Hat Enteprise Linux 7 End of Maintenance
- Oracle Enterprise Linux (OEL) 7.x, see Extend your OS upgrade timeline: Oracle Linux 7's Extended Support with expanded coverage)

Windows

A Windows access node is required only to protect compute instances that use dynamic disks, the ReFS file system, or disk encryption.
A Windows access node cannot perform live browse operations for EXT3, EXT4, and XFS file systems.
The ACL of NTFS files is preserved during cross-platform restores only if the destination client is installed with Windows.
Commvault supports Microsoft Windows Server Standard, DataCenter, and Core editions:
- Microsoft Windows Server 2025 x64
- Microsoft Windows Server 2022 x64
- Microsoft Windows Server 2019 x64
- Microsoft Windows Server 2016 x64

Firewall Requirements

Tunnel ports (for example, 8400 and 8403) must be opened in the security group for the instance to enable installation of the VSA package to GCP instances and communication with the CommServe system.

If a firewall access node is installed, configure Internet options for the firewall access node machine. On the HTTP Proxy tab of the Internet Options dialog box, enter the user name and password for the firewall access node machine, using only the user name and not including the domain name with the user name.

To access GCP backup and restore services, incorporate the following URLs in your firewall or access node settings:

https://compute.googleapis.com/compute/v1/projects
https://content-cloudkms.googleapis.com/v1
https://cloudresourcemanager.googleapis.com/v1
https://storage.googleapis.com
https://storage.googleapis.com/storage/v1/b
https://storage.googleapis.com/upload/storage/v1/b

Configuring a Firewall to Install the VSA Package on a Cloud VM or Instance

To deploy the access node or MediaAgent on a cloud VM or instance when other components (such as the CommServe host) are on premises <Category>, configure a firewall for an access node in the cloud between the on premises components and the cloud VM or instance.

Hardware Specifications

For information about hardware requirements for the Virtual Server Agent, see Hardware Specifications for Virtual Server Agent.

DISCLAIMER

Certain third-party software and service releases (together, "Releases") may not be supported by Commvault. You are solely responsible for ensuring Commvault’s products and services are compatible with any such Releases.