Newsletter for New Features in Commvault Platform Release 2024E

Features and enhancements that we want to highlight in this platform release are listed here, with a link to full documentation for the feature.

Artificial Intelligence

Arlie API Code Assist

Arlie API Code Assist feature allows users to use natural language interaction to get step-by-step coding assistance on using Commvault APIs. This valuable tool streamlines the Commvault APIs, making it faster and easier for engineers to implement integrations and automation.

More Information

Using API Code Assist

Arlie Active Insights

The Arlie Active Insights feature provides accurate recommendations based on previously resolved tickets, allowing you to quickly resolve job errors and paused jobs.

Additionally, this feature reduces your downtime by helping you resolve issues faster and reducing your dependence on customer service for assistance.

More Information

Using Arlie Active Insights to Resolve a Pending or Failed Job

Arlie Chatbot

The Arlie Chatbot feature enables you to ask questions using natural language about configuring and using the Command Center. The Arlie Chatbot lists answers derived from the Commvault product documentation, saving you time and effort by providing the necessary information in the same Command Center browser window. The Arlie Chatbot also lists relevant walk-throughs and Commvault store contents.

More Information

Using the Arlie Chatbot

Custom Walk-Through

Use the custom walk-through feature to receive step-by-step guidance on using the Command Center to complete common tasks. In a walk-through, in-product suggestions appear in message boxes to guide you through different steps of a task.

More Information

Using Custom Walk-Throughs to Complete Tasks

Cloud Native and SaaS Apps

AWS Canada West (Calgary) Region is now protected

Today, Commvault is announcing protection for supported workloads in a new Region in Canada. AWS Canada West (Calgary), also known as ca-west-1, is the thirty-third AWS Region. Commvault supports deployment to, integration with, and protection of the following AWS services: Amazon Aurora, Aurora PostgreSQL, AWS CloudFormation, Amazon DynamoDB, Amazon Elastic Block Storage (Amazon EBS), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), AWS Identity and Access Management (IAM), AWS Key Management Service (AWS KMS), AWS Organizations, Amazon Redshift, Amazon Relational Database Service (Amazon RDS), AWS Security Token Service, Amazon Simple Storage Service (Amazon S3), AWS Systems Manager, Amazon Virtual Private Cloud (Amazon VPC), and VM Import/Export. Commvault also protects additional AWS Global Infrastructure in AWS Local Zones in Toronto and Vancouver. You can get started today by deploying Commvault from the AWS Marketplace.

More Information

Amazon EBS volume restore now supports customization

Commvault Cloud restores for Amazon EC2 and Amazon EBS now allow you to customize volume type, encryption keys, throughput, and IOPS. You can tune your recovered EBS volumes to meet your security, performance, and cost objectives. You can intelligently recover your instances and volumes with original settings or customize on a per-volume basis. True cyber resilience includes the ability to perform reliable cost-aware recovery testing, which custom EBS volume recovery delivers.

More Information

Amazon S3 object backup support in Canada West Region

Amazon S3 backup support is now available in the Canada West Region. You can now protect your Amazon S3 and S3 Express resources in this region, ensuring your data is safe from unplanned data loss or corruption events. 

Announcing Amazon EBS io2 Block Express Volume protection

Commvault Cloud now protects your Amazon EBS io2 Block Express volumes when protecting your large, I/O intensive, mission-critical applications. io2 Block Express volumes deliver up to 4x higher throughput, IOPS, and capacity than io2 volumes, and are designed to deliver sub-millisecond latency and 99.999% durability.

You can protect your volumes with EBS snapshots and service-independent backup copies stored in cost-optimized Amazon S3. Commvault protects and recovers your EBS volume data and configuration settings (capacity, throughput, and IOPS), ensuring that your recovered applications meet your business performance and cost objectives.

More Information

Enable fine-grained permission controls with service control policies in AWS Organizations

Starting today, you can use Commvault-provided service control policies (SCPs) to set data protection-aware permission guardrails with the fine-grained access controls. This makes it easier to ensure that you have met Commvault Cloud IAM permission requirements and that your workloads can be protected. AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Commvault integrates with your organization by providing least-priviledge SCPs for your central security administrators to deploy, ensuring cross-account protection occurs reliably.

More Information

Google Cloud Platform Customer Managed Encryption Keys across Projects Support

The Virtual Server Agent for GCP now offers support for Compute Instances that are encrypted with a Key Management Service (KMS) located in a different Google Cloud Platform project. This means that customers can easily select and restore their Compute Instances with the desired KMS key from any GCP project, enhancing flexibility and security for their encrypted data.

More Information

Introducing Commvault Cloud account customization with AWS Control Tower Account Factory Customization

Commvault Cloud now helps customers effortlessly customize and generate new AWS accounts for their organizations, complete with Commvault-required IAM permissions and policies. Leveraging AWS Control Tower Account Factory, Commvault-provided account customizations are provided to streamline your multi-account landing zone setup, and creation of service and worker accounts, guaranteeing efficient deployment with assured protection by Commvault Cloud. 

More Information

OCI Dedicated Region Support

OCI Dedicated Region Support allows customers to seamlessly integrate and operate their on-premise OCI Dedicated Region environment, including VM and storage, from within Commvault. This provides the convenience of managing all cloud infrastructure and data backup and recovery processes within a single platform, improving efficiency and streamlining operations.

More Information

Protecting Encrypted etcd Databases on Red Hat OpenShift Container Platform Clusters

Commvault now protects encrypted etcd databases for the Red Hat OpenShift Container Platform (RHOCP) clusters, ensuring that sensitive data such as secrets and config maps remain protected even if an etcd backup is compromised. The encrypted etcd backup provides an added layer of data security and prevents possible loss of sensitive data.

More Information

Release Commvault AMIs in Calgary Region

The new Calgary Region for AWS Canada West is now available, and Commvault AMIs can be easily deployed in this region. By deploying Commvault AMIs in the Calgary Region, users can effectively protect and recover their AWS workloads, ensuring the safety of their data and enabling efficient disaster recovery processes.

More Information

Simplified Licensing for Kubernetes with Capacity License

Commvault software has simplified the Kubernetes metering with the Capacity license allowing you to streamline cost management by paying only for the data space you use. You can also choose to use the Virtual Operating Instance (VOI) license which consumes one VOI per workload protected.

More Information

Support for Azure Trusted Launch VMs

Commvault now supports Trusted Launch VMs, adding a robust layer of security to protect your Azure virtual machines. This feature provides peace of mind with the integrity of your VMs during the launch process, safeguarding your critical data.

Support for Google Cloud Platform Key Management Service

Commvault Cloud now supports GCP Key Management Service (KMS), allowing users to protect their encryption keys with GCP KMS before storing them in the CommServe database, ensuring enhanced data security and control.

Track and Manage Salesforce GDPR Requests Using Compliance Manager

The Compliance Manager feature in Commvault Cloud allows Salesforce administrators to efficiently monitor and manage the data subject requests in compliance with General Data Protection Regulation (GDPR) mandates. Only an authorized personnel can access and manage GDPR requests and an audit trail is generated for all actions, providing a clear record for compliance purposes. This feature supports the following subject requests of GDPR:

  • Right to forget
  • Right to rectify and 
  • Right of access

More Information

Common Platform

Tape management enhancements in CC

The tape management enhancements in CC bring additional properties and operations for Tape Storage in the Command Center. This allows end customers to have a more comprehensive and efficient management of their tape storage, leading to improved organization and ease of access to data.

On Prem Protection

Backup and Restore Huawei Gauss DB (DWS) Using XBSA Interface

The backup and restore feature allows the administrators to easily orchestrate the backup and restore of Huawei Gauss DB (DWS) databases using the XBSA interface. It simplifies the process of backing up and restoring data, making it more efficient and reliable for administrators.

More Information

Continuous Protection for SAP HANA Log Backups Using Disk Cache

This feature enables administrators to provide uninterrupted log backup support for SAP HANA, allowing log protection even when the CommServe computer is in maintenance mode. This feature ensures that the database is encrypted and transported using a Secure Data Transfer (SDT) pipeline to back up to the configured target (disk library, cloud library, or HSX). 

More Information

Disk Caching for Frequent Database Log Backups

FS: Backup CIFS shares using Linux Access Nodes

Feature: Backup CIFS shares using Linux Access Nodes
Value to the end customer: The CIFS Share Backup feature empowers organizations to conveniently back up their critical data stored on Windows file servers (CIFS shares) directly from their existing Linux access nodes. This eliminates the need for separate backup infrastructure or processes, especially beneficial for businesses with primarily Linux environments. 

Migrate IBM Spectrum Protect Historical Data to Commvault

This feature allows administrators to efficiently and securely migrate IBM Spectrum protect (formerly Tivoli Storage Manager) historical and long-term data to Commvault with improved performance and scalability. It also enables seamless browse and restore of the migrated data from the Command Center.

More Information

Migrate Veritas Netbackup Historical Data to Commvault

This feature allows administrators to efficiently and securely migrate Veritas NetBackup historical and long-term data to Commvault with improved performance and scalability. It also enables seamless browse and restore of the migrated data from the Command Center.

More Information

Orchestrate SAP HANA Log Backup to Support Fivetran HVR Replication

This feature allows administrators to orchestrate and support Fivetran HVR replication using SAP HANA logs on the filesystem that is protected with backint by enabling log dump to disk. This capability allows customers to ensure the availability of databases in case of disaster and other use cases beyond HVR replication.

PostgresSQL Cluster Backup Support

The Postgres SQL Cluster Backup Support feature allows database adminnistrators to easily backup and restore multi-node Postgres clusters without any manual intervention. This ensures that the backups and restores continue seamlessly in the event of failover or failure, providing peace of mind for the customer.

More Information

Protect SAP/Sybase ASE databases in HADR deployment

The Sybase High Availability Disaster Recovery (HADR) feature allows the administrators to ensure the protection of SAP/Sybase ASE databases in high availability disaster recovery (HADR) deployments. By automatically detecting the primary node and facilitating uninterrupted database and log backup during failover events, it helps to minimize downtime and data loss, ensuring the continuity of critical business operations.

More Information

Support SAP MaxDB Instance Configuration from Command Center

SAP MaxDB instance configuration feature enables the administrators to configure and schedule MaxDB from the Command Center. Also, it provides a more streamlined and user-friendly experience for setting up MaxDB instances.

More Information

VMware Region-based Backups in vSphere Environment

Region-based backups for your VMware hypervisor can now be performed easily using an access node within the same region as your vSphere environment. This feature provides a more efficient and optimized backup process, enhances data security, and reduces transfer time for faster data recovery.

More Information

Partner Ecosystem

Amazon S3 Cloud Library support in AWS Canada West (Calgary)

Commvault now supports the AWS Canada West (Calgary) region to be used as an S3 cloud library backup target. This helps customers remain protected from data loss or corruption events while also maintaining a copy of data in-region for fast recovery and compliance with data sovereignty requirements. 

More Information

HyperMetro Support for Huawei Storage Array

Huawei HyperMetro Support allows customers to protect their active-active storage configurations with IntelliSnap. In the event of a storage array malfunction, services will automatically switch to another storage system without any data loss or interruption. It provides uninterrupted service availability to the end customer.

More Information

IntelliSnap - Immutable Snapshot support for INFINIDAT

IntelliSnap now supports an immutable snapshot feature for the INFINIDAT storage arrays. This feature ensures that the snapshots are secured by compliance lock and remain unchanged and protected from accidental or intentional deletions or modifications until the set retention time.

More Information

IntelliSnap - Immutable snapshot support for NetApp

IntelliSnap now supports an immutable snapshot feature for Vault/Replica copies on NetApp storage arrays starting from ONTAP version 9.13.1. This feature ensures that Vault/Replica snapshots remain unchanged and protected from accidental or intentional deletions or modifications until the set retention time.

More Information

IntelliSnap - Thin Image Advanced support for Hitachi

IntelliSnap's Thin Image Advanced provides Hitachi customers with a more efficient, space-saving solution. A lower load on the storage system offers improved performance and reliability. Upgrading from Thin Image to Thin Image Advanced ensures seamless operation and maximizes the benefits of the new technology.

NDMP Credential Manager

The NDMP Credential Manager allows a storage admin to easily manage NDMP credentials without the need to wait for a backup admin or modify client configurations. This feature simplifies the way you handle periodic password modifications. Also, the support for CIFS has been enhanced to use the Credential Manager, providing a streamlined approach to manage domain logins and passwords for subclients.

Recovery Orchestration

Auto-scale Infrastructure for Cleanroom Recovery

Auto-scale infrastructure for Cleanroom recovery allows you to easily create and customize auto-scaling policies or plans for virtual machines. This ensures that the infrastructure automatically scales up to handle increased workloads and data volumes during recovery. It provides a flexible and efficient on-demand infrastructure for cyber recovery and recovery testing.

More Information

Configure Auto-Scaling for Azure Access Nodes

Cleanroom Recovery for Commvault Cloud SaaS

Commvault has launched Cleanroom Recovery for Commvault Cloud SaaS, allowing users to manage cyber recovery through the SaaS control plane. With dynamic resource adjustments for efficient restoration, receive consistent functionality across software and SaaS offerings. Cleanroom Recovery supports multi-tenancy and can be accessed via APIs for task automation and integration with other systems.

More Information

Cleanroom Recovery

Repave VMs Using “Golden Image”

Cleanroom Recovery of VMs using a Golden Image enables you to use templates (both public marketplace and private custom templates) to create the Azure VM in the cleanroom before restoring data to the VM. This simplifies and accelerates the recovery process and allows you to recover applications from cyberattacks to a known good state.

Single Domain Controller Active Directory Recovery in Cleanroom Recovery

Users can include a single domain controller in the Cleanroom recovery group to streamline the recovery process and integrate Active Directory seamlessly. This allows for the seamless recovery of Active Directory alongside other workloads into a Cleanroom target for the recovery of directory services

Support for DB Recovery in Cleanroom Using VM Backups

You can now recover Microsoft SQL Server, Oracle, and DB2 databases running inside virtual machines (VMs). This facilitates the easy restoration and recovery of databases, thus ensuring business continuity and reducing downtime in the event of cyberattacks or system failures.

More Information

Support Matrix for Cleanroom Recovery

SaaS Applications and Active Directory

Restore Mailboxes and OneDrive Users using Active Directory Groups

M365 Restore by Active Directory Group allows you to restore the most recent data set for many users as a group. This feature streamlines the restoration process by providing a mechanism for logical groupings of users to be restored together

Security

Acante Integration

The Acante Integration feature allows end customers to view AWS RDS database threat insights directly within the Threat Indicators dashboard. This valuable feature enables quick identification and response to potential threats, ensuring the security and integrity of the database. With this feature, customers can easily monitor and address risks to their database, enhancing overall data protection and maintaining regulatory compliance.

More Information

Security Integrations with Acante

Amazon S3 Express One Zone protection using AWS Security Token Service

Commvault Cloud now supports protecting Amazon S3 Express One Zone directory buckets using temporary credentials from AWS Security Token Service (AWS STS). The new S3 Express One Zone storage class is purpose-built to deliver the fastest cloud object storage for performance-critical applications that demand consistent single-digit millisecond request latency. AWS Security Token Service is a web service that enables you to request temporary, limited-privilege credentials you can use to access your AWS resources. Commvault Cloud also supports AWS STS issued credentials to perform cross-account protection of S3 One Zone buckets and objects.

More Information

Amazon VPC Network Address Control List (NACL) protection

Commvault Cloud now protects your network access control lists (NACLs) as part of Amazon EC2 protection. NACLs allow or deny specific inbound or outbound traffic at the subnet level and are a key security control for protecting your AWS workloads. Commvault protects, recovers, and allows network forensic auditing of NACL changes for your protected compute instances.

More Information

Announcing Amazon Linux 2023 support

Commvault Cloud now supports Amazon Linux 2023 (AL2023) for a broad array of cyber resilience functions. AL2023 is designed to provide a secure, stable, high-performance environment to develop and run cloud applications. Commvault Cloud supports AL2023 for your MediaAgents, access nodes, autonomous recovery replication, and Linux-based agent-in-guest protection. Commvault Cloud supports AL2023 running on arm64 (AWS Graviton) and x86 processors.

AL2023 takes a secure-by-default approach to help improve your security posture with preconfigured security policies, SELinux in permissive mode, IMDSv2 enabled by default, and kernel live patching.

AL2023 can be used to protect the following AWS and hybrid workloads: Amazon Aurora, Amazon DocumentDB, Amazon DynamoDB, Amazon EC2, Amazon EBS, Amazon EFS, Amazon EKS (Kubernetes), Amazon FSx, Amazon RDS, Amazon Redshift, Cassandra, CockroachDB, Couchbase, Lustre, MongoDB, MySQL,  PostgreSQL, YugabyteDB, Laptops, and Salesforce.

More Information

Announcing Amazon S3 dual-layer server-side encryption (DSSE-KMS) support

Customers can now apply two independent layers of server-side encryption to Commvault Cloud backups stored in Amazon S3. Dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS) is designed to meet National Security Agency CNSSP 15 for FIPS compliance and Data-at-Rest Capability Package (DAR CP) Version 5.0 guidance for two layers of CNSA encryption. S3 features such as DSSE-KMS are vetted and accepted for use on top-secret workloads, which benefits all customers globally. 

More Information

Bulk Restore of Overwritten or Corrupt AD Attributes

The Bulk Restore feature helps administrators quickly rectify issues of overwritten or corrupt attributes in AD. By identifying and reverting these specific attributes to their original values across numerous objects in the directory at once, users can efficiently recover from unforeseen disasters such as poorly executed scripts or troublesome application upgrades.

More Information

CIS Level 1 Images for Cloud Marketplace

CIS Level 1 hardened images provide a simple and secure deployment method for CommServe servers based on Rocky Linux in the cloud marketplace. Images are available for Azure, AWS, GCP, and VMWare, and provide a secure and cost-effective deployment of the CommServe server. These images help eliminate deployment complexity and ensure a smooth and protected environment for your data management needs, while remaining compliant with organizational and governing regulations that require CIS hardening.

Enable Delete Authorization Workflows by default

Enabling Delete Authorization workflows by default provides customers with an extra layer of protection for their data. This feature prevents insider threats and accidental deletion by requiring a built-in approval process before any bulk data deletion can occur. This maintains the integrity and safety of the backup data.

More Information

Multi-Person Authorization to Minimize Insider Threat

Interactive, Domain-Wide AD Comparison Reporting

This feature provides an interactive, comprehensive comparison report between two points in time, helping AD administrators easily identify deleted or modified directory objects. Admininistrators can compare all changes between two backups or identify all changes that have taken place between a backup and the live state of AD. With the option to filter, search, and directly restore objects from the report, businesses experience minimal disruption, reducing downtime.

More Information

PQC: Post-Quantum Enhancements for secure communication

The Post-Quantum Enhancements for secure communication feature updates the key components of secure communication to protect against quantum attacks. By implementing post-quantum encryption algorithms approved by NIST (such as CRYSTALS-Kyber and CRYSTALS-Dilithium3/Falcon), it ensures secure and authenticated communication within the Commvault Cloud platform, safeguarding customer data from potential cyber threats.

Protecting Amazon Elastic Kubernetes Service (EKS) Using Amazon Linux 2023 Access Node

Commvault now supports Amazon Linux 2023 (AL2023) based access node to protect Amazon Elastic Kubernetes Service (EKS) thereby enabling backup administrators to reduce cyber resilience TCO with best price-performance in AWS.

More Information

Protection of Conditional Access Policies

The protection of Conditional Access Policies feature in Entra ID offers increased security by ensuring that critical policies can be quickly recovered or reverted to previously safe configurations. This fortifies user access control, safeguards sensitive data, and maintains an optimum cloud security environment.

Protection of Entra ID Roles

The protection of Entra ID roles offers administrators the ability to locate, select, and restore roles and role properties, including memberships. This benefits customers by safeguarding crucial data from accidental deletion or inadvertent alterations, thereby enhancing security and operational efficiency.

Protection of Group Policy Objects

The Protection of Group Policy Objects feature empowers Active Directory administrators with enhanced security controls. It helps detect, recover, and rollback unwanted changes to Group Policy Objects (GPOs). Consequently, this facilitates robust protection of user and computer settings from potential breaches, ensuring elevated security across the Active Directory environment.

Recovery Points Calendar for AD Backups

The Recovery Points Calendar feature in AD offers a visual representation of backup dates for easy and accurate selection. It enables quicker, precise decision-making while restoring, maximizing uptime, and reducing potential errors for a hassle-free admin experience.

More Information

Scan VM backups For Malware Threats with Threat Scan

Commvault Threat Scan now supports scanning of VM backups for malware threats. With native support for VM Threat Scan operations, threats can be detected by file activity or size anomalies, providing early warning and quicker incident response. To further simplify response, scanned jobs can be flagged as suspicious or marked as corrupt, allowing for quick recovery of the last known good version.

Splunk SOAR Integration

The Splunk SOAR (Security Orchestration, Automation and Response) integration provides two-way interoperability between Splunk SOAR and Commvault. Commvault provides backup threat insights to Splunk SOAR so that Security Operations (SecOps) have another form of intel for enrichment purposes. Actions can be executed from Splunk SOAR that protect the Commvault Cloud assets. For example, suppose a server is detected as compromised, and disabling data-aging operations in Commvault Cloud helps protect backups from premature deletion while SecOps investigate the root cause. By sending threat indicators to Splunk SOAR, Commvault Cloud can take necessary actions to protect its platform.

Use Machine Learning to Detect Suspicious Extension Changes

Use machine learning algorithms and historical behaviors to detect suspicious file extension changes occurring within backups. This provides timely, accurate alerts of changes that could indicate threat activity, which may impact your ability to recover clean data. Anomalies are shown on the Threat Indicators dashboard and can be scanned with Threat Scan for deeper analysis, or data can be recovered to a pre-anomalous clean state. This capability enhances Commvault's overall anomaly and threat detection and helps organizations secure their data faster to remain resilient to attack.

Storage Solutions

Air Gap Protect for Oracle Cloud Infrastructure Software Customers (OCI Cyber Recovery solution)

Introducing Air Gap Protect on Oracle Cloud Infrastructure Infrequent Access for Software customers. This OCI Cyber Recovery solution enables customers using Commvault software to protect their on-premises data using secure cloud storage offered by OCI. This expands the Air Gap Protect options to include OCI Infrequent Access, providing customers with more flexibility in choosing their preferred cloud storage provider. With this solution, customers can protect any application data and benefit from the simplicity and predictability advantages of Air Gap Protect on OCI.

The solution also enforces a minimum retention of 90 days for data copies and maintains the same user experience for licensing, configuration, and monitoring usage as the Azure AGP option.

All regions supported by SaaS OCI AGP are available for the software option as well.

Default Compliance Lock on all Air Gap Protect Storage Pools

The Compliance Lock feature is introduced for all Air Gap Protect (AGP) storage pools to provide enhanced data protection by enabling a security lock on new and existing AGP Storage pools. Users can benefit from self-service support for resetting locks, which is equipped with a 24-hour auto re-enable functionality, promoting better cyber resilience.

HyperScale X support for HPE DL380 Gen 11 Hardware

The HyperScale X support for N12 HPE DL380 Gen 11 hardware allows for seamless and planned transitions to new hardware, providing flexibility for customers to obtain new or capacity expansion nodes for HyperScale X. It detects hardware components, alerts for failures, and enables recovery without requiring customer input, ensuring a smooth and uninterrupted user experience.

More Information

Design Specifications for HyperScale X Reference Architecture

Support for Lenovo HS350X V3 - N24 server

The new feature provides support for Lenovo HS350X V3 - N24 server and allows easy configuration on supported hardware designs. It can detect and alert hardware component failures, such as power supplies and storage devices, and automatically recover from component failure upon replacement. This saves time and effort for the end customer and ensures smooth operation of their servers.

More Information

Design Specifications for HyperScale X Reference Architecture

Support for Lenovo SR650 V3 - N12 server

The feature enables support for the Lenovo SR650 V3 - N12 server and allows for the automatic and manual configuration of supported hardware designs. It includes detection and alerting of hardware components and failure monitoring, with the ability to recover from component failure seamlessly. This provides the end customer with a more efficient and hassle-free experience in managing their server infrastructure.

More Information

Design Specifications for HyperScale X Reference Architecture

Loading...