Inventory scan uses Google Cloud Storage Insights reports to back up large-scale Google Cloud Storage environments that contain millions or billions of objects across buckets.
Instead of enumerating objects through API scans, Commvault downloads and processes Storage Insights inventory reports that are generated by Google Cloud Storage. Inventory reports are delivered as CSV files with a manifest JSON file in a staging Google Cloud Storage bucket.
Note
Inventory scan supports only regular buckets.
Requirements
-
Configure a Google Cloud service account with all required permissions for Google Cloud Storage and Storage Insights.
-
Configure a staging Google Cloud Storage bucket to store Storage Insights inventory CSV reports and manifest JSON files.
-
Verify the following:
-
The service account has access to the staging bucket.
-
The local storage is available for inventory report processing.
-
Sufficient network bandwidth is available to download inventory reports from the staging bucket.
-
Permissions
Make sure the required permissions are in place before configuring an inventory scan.
For more information, see Permissions to Back Up Google Cloud Buckets.
How inventory scan works
-
During discovery, Commvault analyses the configured subclient content to determine whether the total object count across the selected buckets exceeds the default inventory scan threshold of 500 million objects.
-
If the total object count exceeds 500 million objects, the default subclient automatically switches to inventory scan for newly created instances.
-
Commvault creates and manages Google Cloud Storage Storage Insights inventory policies.
-
Google Cloud Storage generates inventory reports on a scheduled basis and stores CSV inventory files and a manifest JSON file in the staging bucket.
-
Commvault reads the manifest JSON file to identify and download the required inventory report files.
-
Commvault supports inventory scan for Google storage repositories with full backups.
Additional configuration
You can set the nInventoryScanObjectCountThreshold entity setting to modify the object count threshold to determine when Commvault must switch the object scan to inventory scan threshold.
For environments that contain billions of objects, split content across multiple subclients by using bucket names and prefix patterns. This configuration enables parallel inventory processing and improves scalability.
Storage Insights reports are generated on a scheduled basis. Configure lifecycle policies on the staging bucket to manage report retention and cleanup.
Planning considerations
-
Inventory scan is designed for large-scale environments that contain hundreds of millions or billions of objects.
-
Inventory scan uses scheduled Storage Insights reports and does not provide real-time inventory updates.
-
The staging bucket must remain accessible to the configured service account. Missing bucket permissions will cause inventory report processing to fail.
-
Manually separate regular buckets and HNS buckets into different subclients.
what's not supported
-
Inventory scan is not supported when subclient content is configured for an individual object path.
-
Inventory scan is not supported if the service account is missing required IAM permissions.
-
Buckets with Hierarchical Namespace (HNS) enabled are not supported.
Frequently asked questions
Can inventory scan automatically create required resources?
Yes. When inventory scan is enabled, Commvault can automatically create a staging Google Cloud Storage bucket.
If the configured service account does not have permission to create resources, the initial job fails.
To resolve the issue, either:
-
Grant all required permissions to the service account.
-
Manually create the required Google Cloud resources by using the resource names provided in the job logs.
Ensure that the service account credentials and IAM bindings are configured correctly before rerunning the job.
Does inventory scan capture object rename operations?
No. Google Cloud Storage inventory reports do not track object rename operations.
Renamed objects can appear as new objects in subsequent inventory reports, while the original object paths can appear as deleted objects.
What authentication methods are supported?
Inventory scan supports service account authentication with secret keys.
The service account must include all required IAM permissions.
Can I use the same service account across multiple Google Cloud projects?
Yes. A single service account can be used across multiple Google Cloud projects if the account has the required cross-project IAM permissions.
For improved security and auditing, Commvault recommends using project-specific service accounts.
What happens if the staging bucket is inaccessible?
If Commvault cannot access the staging bucket because of missing permissions, bucket deletion, or network connectivity issues, inventory report downloads fail and the scan job does not complete.
Verify that the staging bucket exists and that the service account has the required access permissions before rerunning the job.