> CommCell Console > CommCell Recovery > CommServe Recovery > Disaster Recovery Backups > Configuration of DR Backups > Configuration of the Export Destination > Configuring Automatic Uploads to Commvault Cloud

Uploading DR Backups to Commvault Cloud

A copy of the Disaster Recovery (DR) backup is automatically uploaded to Commvault Cloud whenever a DR backup job runs. If you need to rebuild the CommServe server and the existing DR backups are unavailable or compromised (for example, due to a ransomware attack), you can use the DR backups stored in the cloud.

When metrics upload is enabled, DR backup upload to Commvault Cloud is automatically enabled in the CommCell environment, if it is not already configured. For the first 15 days after activation, DR backup jobs do not fail even if there are issues with cloud upload. If upload failures continue beyond this 15-day period, the jobs are marked as Completed with Errors.

The following key features apply to uploading and retrieving DR backups from the Commvault Cloud Services Portal:

  • A valid Commvault Cloud Services Portal account is required to configure DR backup uploads to Commvault Cloud.

  • All users in your organization with access to the Commvault Cloud Services Portal can view DR backups.

    - To view users with access, click View Users from the menu Uploading DR Backups to Commvault Cloud Services Portal (1) in Worldwide Dashboard > CommCell groups on the Commvault Cloud Services website.

    - All users can view DR backup files in the SET folders. However, only recovery managers can download the files.

  • DR backups are transmitted securely using HTTPS.

  • By default, DR backups from your CommServe are stored in the East US 2 region of Microsoft Azure. (This requires version 11 SP17 with Hot Fix Pack 25 or a later version on the CommServe server.)

    • You can change the upload region from the DR Backup settings page. The region selection is available after enabling the Upload to Commvault Cloud option. When you select a new region, existing DR backups remain in the current region, and future backups are uploaded to the new region. After changing the region, the next DR backup job runs as a full backup, even if it was previously scheduled as a differential backup.

  • Azure uses encryption as described in https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption. (Commvault uses Microsoft-managed encryption keys.)

  • DR metadata is uploaded to Azure using SAS tokens provided by Commvault Cloud for each job.

    Note

    Verify that the following URLs are added to the allowlist: - https://*.blob.core.windows.net - https://cvdrservices.metallic.io

    All endpoints that include .blob.core.windows.net must be whitelisted on the CommServe computer. Additionally, ensure that https://cvdrservices.metallic.io is allowlisted on all Commvault web server machines.

    • All access to DR backup data is tracked and audited.

  • The last successful DR backup copy for each day (up to five days), along with the latest differential backups (if available), is retained in the cloud for seven days.

DR backup copies that do not meet the retention criteria are periodically deleted. However, to prevent valid backups from being removed in scenarios where the CommServe is compromised, cleanup is paused under the following conditions:

  • At least one access request is pending (not yet approved or rejected) within the last seven days.
  • At least one approved access request has not yet expired.

Configuring Automatic Uploads of Disaster Recovery (DR) Backups to Commvault Cloud

Page contents

×

Loading...