Recover to a cleanroom

For a cleanroom recovery operation, you can recover all the entities in a recovery group or individual entities (for example, a VM).

Recovering to a cleanroom site includes verifying the required role, running a readiness report, recovering the Commvault control plane, and then recovering recovery groups and/or entities in recovery groups.

Determine the IP addresses that need access to the recovered control plane

Before starting the cleanroom recovery process, determine which IP addresses or Classless Inter-Domain Routing (CIDR) ranges need access to the recovered control plane.

You will enter these addresses/ranges in a subsequent step.

Verify the user account has the CS Recovery Manager role

Verify that the user account that will perform the cleanroom recovery operation has the CS Recovery Manager role.

1. Log on to cloud.commvault.com.

2. From the Command Center navigation pane, go to CommCells.

3. Click your CommCell environment.

4. At the top of the page, click the menu button , and then click View Users.

5. If the user account doesn't have the CS Recovery Manager role, contact your Cloud CommCell administrator.

6. If your company doesn't have a Cloud CommCell administrator, request administrator privileges:

   1. From the Command Center navigation pane, go to Workflows.

   2. Click Cloud Administrator Promotion Request.

   3. Click OK.

      A confirmation message appears.

   4. Click Continue.

   When the request is approved, you receive an acknowledgment email.

Run the Cleanroom Recovery Readiness report

1. Download the report from the Commvault Store to your production Commvault control plane server.

2. From the Command Center navigation pane, go to Reports.

3. In the upper-right area of the page, click Actions, select Import report, and then import the report.

4. On the Reports page, click Cleanroom Recovery Readiness.

5. In the upper-left area of the report, click the Entities in recovery groups list to change the entities that are included in the report.

6. Verify that all the entities you want to recover have a status of Ready.

   Entities that have any other status are not included in the recovery.

Recover the control plane

The control plane is recovered to the latest available Commvault version, in a 'least privilege' state, which allows only recovery operations, with no physical access.

1. Log on to cloud.commvault.com.

   The Readiness & Resilience page appears.

2. In the upper-right area of the page, select your CommCell environment.

   

3. In the Control plane section, click Start Cleanroom Recovery.

   The Start Cleanroom Recovery dialog box appears.

4. Select the backup to use for the recovery

5. Enter the public IP addresses or Classless Inter-Domain Routing (CIDR) ranges that need access to the recovered control plane and specify whether to save the IP addresses for subsequent control plane recovery operations.

   The IP addresses must be internet-facing from your location or organization. You can enter the IP addresses and/or ranges as a comma-separated list, using IPv4 and/or IPv6 format.

   Examples

   • Single IPv4 format: 203.0.113.5
   • Single IPv6 format: 2001:db8::1
   • IPv4 CIDR range: 203.0.113.0/24
   • IPv6 CIDR range: 2001:db8::/32
   Can I modify these IP addresses later?

   Yes. After your control plane is recovered to your cleanroom site, if you want to add or remove IP addresses, just repeat these steps.

6. Click Submit.

   A confirmation message appears.

7. Click Submit.

   An email is sent with a confirmation stating that the recovery is completed.

8. If you are using the Commvault Built-in credential vault, enter the pass phrase after your control plane is recovered.

9. After you receive the email, in the left area of the page, click the Recovery Requests tab.

10. To access the newly-recovered instance, in the row for recovered backup set, click the action button , and then select Access Details.

11. Record the URL and user credentials.

12. Open a new web browser, go to the URL, and enter the credentials to log on to the recovered environment.

Recover entities in a recovery group

1. From the Command Center navigation pane, go to Cleanroom > Recovery groups.

2. Click the recovery group.

3. On the Entities tab, specify the entities to recover:

   • To recover all the entities in the recovery group, click Recover all.

   • To recover individual entities, select the checkboxes for each entity, and then select Recover.

4. Expand Advanced options.

5. To skip recovering entities that are already recovered, disable the Override entities that are already recovered toggle key.

6. To run a threat scan on all VMs/instances, enable the Run threat scan toggle key.

7. To run a Microsoft Windows Defender Antivirus scan on Windows VMs/instances, enable the Run Windows Defender toggle key.

8. Click Submit.

Restore latest database backup to the recovered VM (optional)

If database backups occur more frequently than VM backups in your environment, then you can restore the latest database backup to the recovered VM/instance.

Create a network gateway on the recovered control plane

Create a network gateway (access node) in the Cleanroom infra to recovered control plane {Unix time of recovery} server group so that the recovered VMs can connect to the control plane. The Cleanroom infra to recovered control plane {Unix time of recovery} is a predefined server group that includes the network topology that's required for cleanroom recovery.

1. From the Command Center navigation pane, go to Manage > Server groups.

2. For the Cleanroom infra to recovered control plane {Unix time of recovery} server group, click the action button , and then select Create access node.

3. For Workload type, select Virtual machines.

4. Select the operating system and Provisioning hypervisor, and then click Submit.

Create an empty server group for recovered entities

Create an empty server group that the Commvault software can use to register recovered entities with the recovered control plane.

1. From the Command Center navigation pane, go to Manage > Server groups.

2. In the upper-right corner of the page, click Add server group.

3. In the Name box, enter a name for the server group.

4. Select Manual association.

   Important

   Don't select servers. The server group must be empty.

5. Click Save.

Create a one-way forwarding network topology on the recovered control plane

Create a one-way forwarding network topology instance to initiate connections between the recovered VM and the recovered control plane through a network gateway.

1. From the Command Center navigation pane, go to Manage > Network.

2. Click Network topologies.

3. Click Add topology.

4. For Topology name, enter a descriptive name for the network gateway.

5. For Client type, select Servers.

6. For Topology type, select One-way forwarding.

7. Click Next.

8. For Servers, select the empty server group that you created in a previous step.

9. For Network gateways, select an infrastructure server group (Cleanroom infra to recovered control plane {Unix time of recovery}) that you want to designate as the network gateway group.

10. For Backup infrastructure, select the My CommServer Computer server group.

11. Click Next.

12. To encrypt network traffic (HTTPS), enable the Encrypt traffic toggle key.

13. For Tunnel protocol, select Authenticated, Encrypted, Raw, or Regular.

14. For Parallel data transfer streams for long distance networks, the default value is 1 and the maximum value is 8.

15. Click Submit.

Register recovered VM to the recovered control plane

To register the VM to the recovered control plane, run the following commands on the installation_directory/Base folder.

1. Deregister the VM/instance from the production site:

   ./SIMCallWrapper -optype 106

2. Register the VM/instance to the recovered control plane:

   ./SIMCallWrapper -optype 1000 -url cs_url -user user_name -password password -clientname client_name -ConnectionInfo Gateway_hostname:port -ClientHostName client_hostname -ClientGroup client_group -output outputPath instance Instance001

   where:

   • url: The Command Center URL for the recovered control plane.

   • user: The name of the recovered control plane user account. By default, the user_name is recoverymanager.

   • password: The password for the user account provided.

   • clientname: The IP address or hostname of the recovered VM.

   • ConnectionInfo: The host name of the network gateway in the Gateway_hostname:port format. The default port is 8403.

   • ClientHostName: The host name of the recovered VM.

   • ClientGroup: The name of the server group that includes the recovered VM.

   • output: The path to save the output XML file in. The SIMCallWrapper command saves success/error messages in XML format.

Configure the recovered VM as a database server

1. From the Command Center navigation pane, go to Protect > Databases.

2. From the Add Instance list, select Database Server.

3. Select the database type and click Next.

4. For Server name, select the recovered VM.

5. Enter the required details, and then click Add.

Restore the database out of place

1. From the Command Center navigation pane, go to Protect > Databases.

2. On the Instances tab, click the instance.

3. On the Overview tab, in the Recovery points section, select the latest backup, and then click Restore.

4. Select the data that you want to restore, and then click Restore.

5. Select Out of place.

6. For Restore type, select Cross instance restore.

7. From the Destination server list, select the recovered VM.

8. From the Destination instance list, select an instance.

9. Click Submit.

Perform a VirtualizeMe or 1-Touch recovery of physical servers (optional)

After you recover the control plane in the cleanroom site, recover your file servers by using VirtualizeMe (vME) or 1-Touch Recovery.

Configure network connectivity for recovery clients

Before you start VirtualizeMe or 1-Touch Recovery, configure network connectivity.

For one-way forwarding, recovery clients communicate with the cleanroom site control plane through an infrastructure gateway, as shown in the following topology:

Servers > Infrastructure Gateway > Backup Infrastructure (control plane)

Server groups

Create and use the following server groups:

• Recovery Clients (Cleanroom-Recovery-Clients) : You can leave this server group empty during initial configuration. Recovery clients use this group during vME or 1-Touch Recovery to communicate with the cleanroom site control plane.

• Gateway (Cleanroom-Gateway) : Add the infrastructure gateway that you configure for one-way forwarding between recovery clients and the cleanroom site.

• Backup Infrastructure / CS (Cleanroom-CS) : Add the cleanroom site control plane (CommServe server) and associated backup infrastructure.

Create server groups

Create the required server groups if they do not already exist:

1. From the Command Center navigation pane, go to Manage > Server groups.

2. Click Create server group, and then create the following server groups:

3. Cleanroom-Recovery-Clients

4. Cleanroom-Gateway

5. Cleanroom-CS

Create a network topology for one-way forwarding

1. From the Command Center navigation pane, go to Manage > Network Topologies.

2. Click Create topology.

3. Enter a name for the topology (for example, Cleanroom-OneWay-Recovery).

4. For Topology type, select One-Way Forwarding.

5. For Server group, select Cleanroom-Recovery-Clients.

6. For Infrastructure Gateways, select Cleanroom-Gateway.

7. For Backup Infrastructure, select Cleanroom-CS.

8. Configure advanced settings as needed, or keep the default settings, and then select Save.

Download the 1-Touch ISO

You need the 1-Touch ISO for VirtualizeMe (on-premises) recovery and 1-Touch Recovery.

Download the 1-Touch ISO

Create provisioning targets (VirtualizeMe only)

Provisioning targets are required only for VirtualizeMe recovery. You do not need them for 1-Touch Recovery.

Create provisioning targets as required for your VirtualizeMe recovery.

Perform the recovery

Use VirtualizeMe or 1-Touch Recovery to restore a physical server from the control plane that you recovered in the cleanroom site.

When you run the recovery job, provide the following inputs:

• Copy precedence: Select Online Copy.

• MediaAgent: Select Commserve (CS).

• Server group: Select Cleanroom-Recovery-Clients.

• Gateway hostname and port: Enter the same gateway hostname and port that you configured in the one-way forwarding network topology.