Create a runbook for an Azure cleanroom site

Create a runbook that specifies the cleanroom site and the region to recover to.

Start the add runbook wizard

1. In the Command Center navigation pane, go to Security services > Cleanroom.

2. On the Recovery groups tab, click the recovery group to create a runbook for.

3. On the Runbooks tab, click Add runbook.

4. Select Microsoft Azure.

5. Click Next.

General page

1. Enter a name for the runbook.

2. For Cleanroom site, leave Create new selected.

3. For Region, select the region to recover VMs/instances to.

4. Create an Azure application using either the express or custom configuration.

   Express configuration

   The express configuration creates an Azure application called Commvault Cloud App for you.

   1. Select Express configuration.

   2. Sign in with Microsoft as a Global Administrator for your cleanroom recovery Azure subscription, and then consent on behalf of your organization.

   3. If you are a Commvault software customer, when you're prompted to sign in again and asked to grant access to Azure Resource Manager, sign in as an Owner for your cleanroom recovery Azure subscription, and then consent on behalf of your organization.

      Commvault Cloud creates the app.

   4. Return to the wizard, and then enter your Azure subscription ID.

   Custom configuration

   The custom configuration provides Bash and PowerShell commands for creating the Azure application, and a button to open Azure Cloud Shell for running the commands. (You can also create the Azure application in the Azure portal. For instructions, see Quickstart: Register an application with the Microsoft identity platform.)

   1. For Destination hypervisor, leave Create new selected.

   2. Enter the ID of your cleanroom recovery Azure subscription.

   3. In the information box, click Deploy a new application.

      The Deploy a new application dialog box appears.

   4. In the commands, replace "Contributor" with Commvault_Cleanroom.json.

   5. In the information box, click Open Azure Cloud Shell, log on to the Azure portal as the subscription owner, and then execute the displayed commands to deploy the application.

   6. Copy the following values, and then return to the wizard:

      • Tenant ID
      • Application ID
      • Application secret

   7. Use the copied values to create a new credential.

5. Click Next.

Resources page

The Resources page displays the resources associated with the recovery group.

Advanced options page

1. Specify validation options:

   • Run threat scan: Run a threat scan on all VMs/instances.

     Every 7 days, the count of discovered threats is reset to 0.

     Threat scan requires auto-scaling. For AWS cleanroom sites, you must configure auto-scaling. For Azure cleanroom sites, auto-scaling is configured by default.

   • Run Windows Defender: Run a Microsoft Windows Defender Antivirus scan on Windows VMs/instances.

2. For Custom scripts, you can specify scripts to validate VMs/instances after they're recovered:

   1. Click Add.

   2. Upload a file or enter a UNC path and credentials to access the path.

      UNC path examples:

      • Windows: Enter the UNC path as WindowsPathwin.ps1.
      • Unix: Enter the UNC path as \\Pathtofile\file.sh.

   3. Enter a name for the script, and then click Save.

3. To finish creating the runbook, click Submit.

For information about other settings on this page, see Modify settings for a cleanroom recovery group.