Step 1: Build and Execute a Backup Plan

A good Cyber Recovery plan starts with backup. Backup plans will determine what will be protected, where it will be protected, and how long it will be kept for.

Protect the CommServe Server DR Backup to Commvault Cloud

The Commvault infrastructure is very resilient. Backups are immutable, and core Commvault infrastructure components can be easily rebuilt using metadata that is continuously backedup.

Having backups of the CommServe server database (control plane database) is vital for any backup and recovery plan. Control plane backups are automatic; however, native format backups to Commvault Cloud simplifies recovery.

To protect the control plane database in Commvault Cloud do the following:

1. Steps to verify or enable CommServe DR backups to Commvault Cloud.

   1. From the navigation pane, go to Manage > System.
      The System page appears.

   2. Click the Maintenance tile.
      The Maintenance page appears.

   3. Click the DR backup (Daily) tile.

   4. Click the edit icon .
      The DR backup (Daily) page appears.

   5. Click the Upload backup metadata to Commvault Cloud toggle key.

   6. Click Save.
      For more information, see Configuring Automatic Uploads of Disaster Recovery (DR) Backups to Commvault Cloud Services Portal.

2. View the Security IQ dashboard or the Cloud Command Dashboard to Verify that the control plane backups are being successfully protected.

Use Secondary or Tertiary Backup Copies From Cloud or Air Gap Protect

At a minimum, you must have secondary or tertiary copy backups in Air Gap Protect, Azure, or AWS for basic recovery validation testing.

Secondary or Tertiary Storage Setup

When selecting your secondary or tertiary cloud backup storage target, consider the following:

For information about setting up recovery using the Cleanroom orchestrated application recovery, Cleanroom Recovery.

For manual recoveries, consider setting up Azure or AWS storage.

Step 2: Build and Execute a Restore Plan

When using the CommServe Recovery Validation service, you recover the Control Plane in least privileged, restore-only mode. This provides the following limited capabilities:

• Restore virtual machines and files.

• Set up recovery groups for Cleanroom Orchestrated application recovery.

• Configure recovery destinations for Azure and AWS.

Prepare a Cloud Recovery Destination

It is a good practice to perform recovery testing to an isolated network environment, which is referred to as a Cleanroom Recovery environment. This ensures complete isolation of your recovered data, providing a safe environment to validate recoveries, and even performs security and vulnerability scans across the restored data.

The simplest way to create an isolated recovery environment without complicated network configurations is to use a separate cloud subscription for Azure or AWS.

• If you are testing a recovery from Air Gap Protect, see Cleanroom orchestrated application recovery.
• If you are testing a recovery from Azure storage, you need a separate Azure recovery destination.
• If you are testing a recovery from AWS storage, you need a separate AWS recovery destination. AWS Access keys are required for configuring AWS recovery destination

Step 3: Perform Recovery Testing with Evidence

Recover the Control Plane

When you recover CommServe (Control Plane) using the CommServe Recovery Service, Commvault recovers to the latest available version in least privileged mode that only allows restore operations with no physical access.

1. Log on to the Commvault Cloud Command Center.

2. From the navigation menu, go to Service catalog, and then click the Security Posture tile.

3. In the Recovery Validation column, click the score for your CommCell that you want to recover.

4. In the Backup Sets table, go the DR backup set that you want to recover, click the Actions button , and then click Start Recovery.
   An email is sent with a confirmation stating that the recovery is completed.

5. Click the Recovery Requests tab.

6. Go to the Backup set that you recovered, click the Actions button , and then select Access Details.

7. Obtain the access details, and continue to log on to the restored CommServe Command Center.

Recovering All Workloads

You can perform a Cleanroom recovery using a recovery group. For more information, see Cleanroom Recovery.

Perform a Recovery

You can perform a restore of all workloads from the newly recovered Command Center interface.

Perform Cleanroom Recovery

You can perform a Cleanroom recovery using a recovery group. For more information, see Cleanroom Recovery.

Export Evidence

Providing an evidence of successful recovery is crucial for demonstrating resilience.

The following are the key artifacts for providing evidence:

• Job Summary Report: View and export the backup job summary report. This report contains the backup job status that demonstrates the data recovery jobs that were successful. You must export this report from the recovered Command Center after the restore operations are complete.

• Recovery Validation Report: After successfully recovering the isolated Control Plane, under the Recovery Requests tab within the Cloud Command interface, click the Actions button , and then select Manage tags. You can enter manual tags to track what restore operations were performed associated with a particular CommServe recovery. To export the Recovery Validation Report, in the upper-right corner of the data chart, click the settings button, and then select Export to CSV.