The architecture of the Commvault forest recovery solution includes the Commvault control plane, backup storage, a target gateway and network, as well as recovery and access nodes.
Required installation packages
Commvault Control Plane
The database and services that comprise the Commvault control plane.
Command Center
The Command Center is where most of the forest recovery setup and configuration is done.
Backup Storage
Backup storage contains system state backups of domain controllers. Various types of backup storage are supported. For Active Directory forest recovery, for quick access when AD needs to be restored to a previous state because of schema corruption, store the primary copy of domain controller backups on-premises. To ensure redundancy and resiliency against potential ransomware attacks that might limit the availability of on-premises infrastructure, store a secondary copy in the cloud.
Target Gateway
The target gateway is a server that provides access between the network where the CommServe components are hosted, and the isolated recovery network that domain controllers are recovered to. The target gateway fulfills this role by hosting the following network interfaces:
-
An interface that is connected to the network where the CommServe components are hosted
-
An interface that is connected to the isolated recovery network
You can specify only one target gateway in a runbook. Thus, all domain controllers are recovered to the same isolated recovery network.
Isolated Recovery Network
The isolated recovery network is a network that cannot communicate with the production Active Directory or the public internet.
Important
To prevent the possibility of re-introducing corruption, the recovered AD environment must not be able to communicate with the original Active Directory domain controllers.
Recovery Node
The recovery node manages tasks in the forest recovery runbook, coordinating domain controller recovery jobs and executing pre- and post-configuration steps.
You can specify only one recovery node in a runbook.
Access Node
The access node is a server that has access to the hypervisor the domain controller virtual machines are recovered to. The access node processes domain controller recovery jobs from the runbook and prompts the hypervisor to create the virtual machines to restore the domain controllers to.
The access node can be a separate server or it can be combined on the same server with other roles. For example, if the target is Microsoft Hyper-V, the access node can be the Hyper-V host.
The access node is configured on the recovery target. Thus, you can specify one access node for each recovery target. For example, if an organization is geographically distributed across the United States and Germany and a production forest recovery will recover some domain controllers to a Hyper-V host in the US and some domain controllers to a Hyper-V host in Germany, you can specify two access nodes, one for each Hyper-V host.
Multiple access nodes
In some cases, you can consolidate roles on a single server. For example, if you are testing a forest recovery to a non-production lab where all domain controllers are restored to a single Hyper-V server, then you can consolidate the recovery node and the access node on a single server, the Hyper-V host.
Single access node