To set up a recovery group for cleanroom recovery, add a recovery group, and then add entities to the recovery group.
A recovery group is a logical container of entities to recover into the cleanroom. Recovery groups can be utilized to group entities together that make up an application to ensure they are recovered in the correct sequence and to the same point in time. All entities in a recovery group will inherit the recovery settings of the recovery group.
Adding a Recovery Group When the Recovery Target Is Pre-Created
-
From the Command Center navigation pane, go to Cleanroom > Recovery groups.
The Recovery groups page appears.
-
In the upper-right area of the page, click Add.
The Add recovery group page appears.
-
In the Recovery group name box, enter a name for the recovery group.
-
If you have a pre-created target and a hypervisor, from the Target list, select the recovery target.
For instructions about creating a recovery target, see Creating a Cleanroom Recovery Target.
-
From the Default recovery point list, select the recovery point for the recovery group.
Selecting Automatic recovery points streamlines the cyber recovery process by integrating with external security tools such as SIEM/SOARs. These tools pinpoint compromised servers and their exact time of infection, allowing Commvault to automatically rewind to the last known good state. In lieu of external tools, you can use blast radius reports or delimited files to determine last known good state, instead of manually picking the point in time for every server. Finally, Commvault software has anomaly detection capabilities that ensure infected backups are excluded, further safeguarding recovered data. If no such exclusions exist, the most recent recovery point is selected.
-
Click Save.
The details page for the recovery group you created appears.
Adding a Recovery Group When the Recovery Target Is Not Pre-Created
-
From the Command Center navigation pane, go to Cleanroom > Recovery groups.
The Recovery groups page appears.
-
In the upper-right area of the page, click Add.
The General page of the Add recovery group wizard appears.
-
In the Recovery group name box, enter a name for the recovery group.
-
From the Default recovery point list, select the recovery point for the recovery group.
-
Click Next.
The Target page of the Add recover group wizard appears.
-
To connect to the Azure account using managed identities, move the Connect using managed identities for Azure resources toggle key to the right.
-
In Subscription ID, enter the subscription ID for the Azure account.
-
If you are connecting to the Azure account without managed identities, from the Credential list, select existing credentials or create new credentials.
Steps to create new credentials
1. Click the Create new button .
The Add credential dialog box appears.
2. In Credential name, enter a descriptive name for the credentials.
3. In Tenant ID, enter the tenant ID for the Azure account.
4. In Application ID, enter the application ID for the tenant.
5. In Application secret, enter the secret key for the application.
6. From the Environment list, select the Azure environment to use.
7. To modify the endpoint URLs, move the Show endpoints toggle key to the right, and then modify the URLs.
8. In Description, enter a description for the credential, and then click Save.
-
From the Access node list, select an access node or an access node group to use for the recovery operation.
To restore multiple instances or VMs simultaneously, select Automatic to distribute the workload (instances or VMs) in the auto recovery job across the access nodes.
-
From the Security list, select users or user groups who can access the recovery target.
-
Click Next.
The Recovery Options page of the Add recovery group wizard appears.
-
From the Resource group list, select the resource group for the destination VM.
-
From the Region list, select the region for the restored VM. This must match the Air Gap Protect region that houses the backups.
-
From the Storage Account list, select the storage account for the destination VM and disks.
-
From the VM size list, select the VM size specification for the destination VM.
-
From the Availability zone list, for Azure managed disks, select the pre-defined availability zone for the restored VM.
The zones listed apply only to the region selected for the restored VM. If you select the Auto option rather than a specific availability zone (1, 2, or 3), and if the feature is supported for the specified region and VM size, the VM is restored to the same availability zone as the source VM, otherwise, it is restored without a zone (No Zone).
-
From the Disk type list, for managed disks only, select the disk type for the Azure destination VM: Auto select (same as the source VM), Standard HDD, Standard SSD, or Premium SSD.
Consider the following:
-
When the Disk Type for the recovery target is set to Auto select, the destination VM disk type is as follows:
-
For Azure source to Azure destination recovery, the destination VM disk type is the same as the source VM.
-
For any other vendor (such as VMware) to Azure destination recovery, the destination VM disk type is standard HDD.
-
-
When the Disk Type for the recovery target is set to Premium SSD, but in the Override recovery options window, the Disk Type is set to Original, the destination VM disk type is as follows:
- For Azure source to Azure destination recovery, the destination VM disk type is the same as the source VM.
-
When the Disk Type for the recovery target is set to Auto select, and in the Override recovery options window, the Disk Type is set to Original, the destination VM disk type is as follows:
-
For Azure source to Azure destination recovery, when in the Override recovery options window, the VM size selected does not support premium SSD (for example, D2v3), the destination VM disk type is standard HDD.
-
For Azure source to Azure destination recovery, when in the Override recovery options window, the VM size selected supports premium SSD (for example, B2ms), the destination VM disk type is the same as the source VM.
-
-
-
From the Virtual network list, select the network connection for the restored VM, or leave the default value of Auto select.
Static IP addresses from a source VM are not recovered to the destination VM.
-
From the Security group list, specify the network security group for the restored VM or leave the default value of Auto select.
-
To have Azure assign a public IP address for destination VMs, move the Create public IP toggle key to the right.
-
Click Submit.
Adding Entities to a Recovery Group
You can add VMs to a recovery group.
Adding Virtual Machines
-
On the recovery group details page, on the Entities tab, click Add, and then select Virtual machines.
The Add virtual machines page appears.
-
From the Browse and select VMs list, select By hypervisor or By VMs.
-
Select the VMs to add.
-
If you are recovering Azure VMs or VMware VMs to an Azure Cleanroom, you can rebuild the VMs with a secure image:
-
Move the Repave VM with new secure image toggle key to the right.
-
From the Image option list, select the OS image to create the new VMs from.
-
Enter the credentials for the VM's OS.
-
If you don't want to attach the OS disk to the new VM, select Skip attaching OS disk.
If you leave this setting unselected, the OS disk is attached to the new VM, as a data disk.
-
-
Click Add.