> Commvault SaaS > Cleanroom recovery > Configuration

Modify settings for the resources in a cleanroom runbook

Settings for resources in cleanroom runbooks include resource group, storage account, region, recovery point, and post-recovery action scripts. You can also delete an resource or mark it as failed.

Go to the runbook that contains the resource

  1. In the Command Center navigation pane, go to Security services > Cleanroom.

  2. On the Recovery groups tab, click the recovery group that contains the runbook.

  3. Click the runbook.

Reset overridden recovery options for all resources

When you modify a recovery option for a cleanroom site, you can apply that change to all resources in the associated runbook.

  1. On the Steps tab, click Reset overridden options.

    A confirmation message appears.

    reset-overridden-options

  2. To reset the following, enable the toggle keys:

    • Reset static IP address settings: Resets static IP addresses on resources.

    • Reset repave options: Resets the Repave VM with new secure image setting on resources.

  3. Confirm the change, and then click Save.

Override inherited recovery options

You can override recovery options that a resource inherits from its recovery group.

  1. In the row for the resource, click the action button action_button, and then select Override recovery options.

  2. Enter a descriptive name for the recovered resource.

  3. For Availability zone, select the AZ for the recovered EC2 instances.

  4. For Instance type, select the EC2 instance type for the recovered EC2 instances.

    The Automatic option attempts to recover the instances as the same EC2 instance type as the source.

  5. For IAM role for Amazon EC2, select the role for authentication that you created when you configured the Amazon EC2 hypervisor in Commvault Cloud.

  6. For Network, to select a VPC network, subnet, and ENI, follow these steps:

    1. Click the browse button.

      The Select network settings dialog box appears.

    2. Select an existing ENI or create a new ENI.

      When you create a new ENI, you can specify an IP address.

    3. Click Save.

  7. For Security groups, do one of the following:

    • To have the software attempt to assign the same security group from the source EC2 instance to the recovered EC2 instances, select Auto-assign.

    • To select a security group from the AWS account that you're recovering the intances to, select Custom, and then select the security group.

  8. For Volume type, the options are limited to only those that are supported for the volume size.

    Volume types that are not supported for the volume size are visible, but not available to select.

    To view the minimum and maximum volume sizes for a volume type that is not available, hover over that volume type.

  9. For KMS key, select an encryption key or option:

    • Auto: This option is available for recovery to a different AWS Region.

      If the identity that performs the recovery has the ec2:GetEbsDefaultKmsKeyId action, then the default KMS key for EBS encryption will have "Default EBS Key" tag. The ec2:GetEbsDefaultKmsKeyId action is included in amazon_restricted_role_permissions.json.

    • No encryption: This option is not recommended. The AWS Well-Architected Framework (SEC08-BP02) recommends enforcing encryption at rest for sensitive data.

    Important

    • Commvault recommends that you enable default encryption of EBS volumes in each AWS account that creates EBS volumes. For information, see Enable encryption by default in the AWS documentation.

    • The following key types are supported:

      • AWS managed keys
      • AWS owned keys
      • Customer managed keys, including multi-region keys

  10. To rebuild the VMs with a secure image, follow these steps:

    1. Enable the Repave VM with new secure image toggle key.

    2. From the AMI selection list, select the OS image to create the new EC2 instances from.

    3. From the Key pair list, select the Amazon EC2 key pair to access the recovered EC2 instances.

    4. If you want to attach the OS disk and data disk to the new VM during recovery, clear the Skip attaching OS disk check box.

      If you leave this setting selected, the OS disk will not be attached to the new VM, but only data disk will be attached.

  11. Click Save.

  1. In the row for the resource, click the action button action_button, and then select Override recovery options.

  2. In the VM display name box, enter a descriptive name for the recovered resource.

  3. From the Resource group list, select the resource group for the recovered resource.

  4. From the Region list, select a region for the recovered resource.

    The region must align with the region containing Air Gap Protect storage. Otherwise, recovery fails.

  5. From the Storage Account list, select a Standard general-purpose v2 or Premium general-purpose storage account.

    Only storage accounts that are associated with the region you selected for the recovered resource are available to select.

  6. From the VM size box, select a VM size for the recovered resource.

    Only VM sizes that are available for the resource group you selected for the recovered resource are available to select.

  7. From the Availability zone list, for Azure managed disks, select an AZ for the recovered resource.

    Only AZs that are in the region you selected for the recovered resource are available to select.

    If you select the Auto option and if the feature is supported for the specified region and VM size, the Commvault Cloud software attempts to recover the resource to the same availability zone as the source. Otherwise, the resource is recovered without a zone (No Zone).

  8. From the Disk type list, for managed disks, select the disk type for the recovered resource: Original (same as the source), Standard HDD, Standard SSD, Premium SSD.

    Consider the following:

    • When the Disk Type for the cleanroom site is set to Auto select, the disk type of the recovered resource is as follows:

      • For recovery of an Azure resource to an Azure cleanroom site, the disk type of the recovered resource is the same as the source.

      • For any other resource type (such as VMware) to an Azure cleanroom site, the disk type of the recovered resource is Standard HDD.

    • When the Disk Type for the cleanroom site is set to Premium SSD, but in the Override recovery options window, the Disk Type is set to Original, the disk type of the recovered resource is as follows:

      • For recovery of an Azure resource to an Azure cleanroom site, the disk type of the recovered resource is the same as the source.

    • When the Disk Type for the cleanroom site is set to Auto select, and in the Override recovery options window, the Disk Type is set to Original, the disk type of the recovered resource is as follows:

      • For recovery of an Azure resource to an Azure cleanroom site, when in the Override recovery options window, the VM size selected does not support Premium SSD (for example, D2v3), the disk type of the recovered resource is Standard HDD.

      • For recovery of an Azure resource to an Azure cleanroom site, when in the Override recovery options window, the VM size selected supports Premium SSD (for example, B2ms), the disk type of the recovered resource is the same as the source.

  9. Under Network settings, follow these steps:

    1. In the available network interfaces row, click the action button action_button, and then select Edit.

    2. From the Virtual network/subnet list, select the network.

      You can specify any subnet that's in the same region as the selected resource group.

      If you don't select a VNet, then the first VNet in the list and the first (default) subnet that it expands to are attached to the recovered resource.

      Static IP addresses from a source are not applied to the recovered resource.

    3. To create a public IP, enable the Create/assign public IP toggle key, and then from the Public IP type, select Dynamic or Static.

      If a public IP address is not required on the recovered resource, don't enable the Create/assign public IP toggle key. By default, a public IP address is assigned to recovered Azure VMs.

    4. From the Preferred private IP type list, select a custom or dynamic IP.

    5. Click Submit.

  10. From the Security group list, select a network security group for the recovered resource.

  11. To rebuild the recovered VM with a secure image, follow these steps:

    1. Enable the Repave VM with new secure image toggle key.

    2. From the Image option list, select the image to create the VM from.

    3. Enter the credentials for the recovered VM.

    4. If you don't want to attach the OS disk to the recovered VM, select Skip attaching OS disk.

      If you leave this setting unselected, the OS disk is attached to the recovered VM, as a data disk.

  12. Click Save.

Configure post-recovery actions

You can specify scripts to run on the resource after it's recovered.

Note

The following environments are supported:

  • Windows: PowerShell
  • Linux: Linux shell

  1. In the row for the resource, click the action button action_button, and then select Configure post-recovery actions.

  2. To add a custom script, click Add.

  3. Select one of the following:

    • Upload file

    • UNC

      1. In the Path box, enter the UNC path to the script.

        Examples:

        • Windows: Enter the UNC path as WindowsPathwin.ps1.
        • Unix: Enter the UNC path as \\Pathtofile\file.sh.

      2. Select existing credentials or create new credentials to access the UNC path.

  4. Enter a descriptive name for the script.

  5. Click Save.

  6. If you have multiple scripts, to change the order the scripts are executed in, click Reorder.

  7. Drag and drop the scripts.

  8. Click Save.

Modify the recovery point

You can modify the recovery point for the resource. By default, resources inherit the recovery point of the recovery group.

  1. In the row for the resource, click the action button action_button, and then select Edit recovery point.

  2. Disable the Use group recovery point toggle key.

  3. For Default recovery point, select a new recovery point.

  4. If you select Point in time, click the calendar button, select a date and time, and then click Set.

  5. Click Save.

Modify the priority

You can modify the recovery priority of the resource. Priority specifies the order that resources are recovered in, with 1 being the highest priority.

  1. In the row for the resource, click the action button action_button, and then select Change priority.

  2. Specify the priority for the resource.

  3. Click Save.

Delete the resource

  • In the row for the resource, click the action button action_button, and then select Delete.

Mark the resource as failed

If the resource is recovered in an unusable state, you can mark the resource as failed. For example, if a VM doesn't boot after recovery, you can mark the VM as failed, fix the problem that caused the failure, and then retry recovery.

  • In the row for the resource, click the action button action_button, and then select Mark as failed.

Select a different forest recovery runbook for Active Directory resources

You can select a different runbook for Active Directory forest recovery.

  1. In the row for the resource, click the action button action_button, and then select Edit runbook template.

  2. Select a runbook, and then click Save.

×

Loading...