> CommCell Console > Ransomware Protection > Increasing Backup Data Security from Ransomware > Data Isolation and Air Gapping

Air Gapping

You can air gap isolated data by severing communication with the machine that contains or manages the data.

Air gapping can be achieved by using one of the following methods:

  • Use VM power management to automatically shut down a MediaAgent virtual machine when not in use.

  • Create blackout windows on storage targets or network devices using scripts and workflows.

Air Gapping Using VM Power Management

You can air gap by using VM power management to shut down a MediaAgent virtual machine automatically when not in use.

For more information, see Overview of Cloud MediaAgent Power Management.

Air Gapping Using Blackout Windows

You can create an air gap by creating blackout windows on isolated resources (for example, a MediaAgent) using scripts. When blackout windows are not in effect, the resources are brought back online. This air gapping method can be used on any storage target or network device.

Procedure 1: Starting and Stopping Outbound Connections to a MediaAgent

You can start and stop outbound connections to a MediaAgent using a one-way topology, in order to create an air gap.

  1. Create a blackout window to control when you want connections established on the MediaAgent.

    For more information, see Blackout Window.

  2. Use commands to turn services on and off, as follows:

    • For Windows, do the following:

      • Create a task schedule that runs the following command to stop services at the beginning of the blackout window:

        <Path to Commvault Base Directory>\gxadmin -stopsvcgrp “All” -console

      • Create another task schedule that runs the following command to start services at the end of the blackout window:

        <Path to Commvault Base Directory>\gxadmin -startsvcgrp "All" -console

    • For UNIX, do the following:

      • Create a cron job that runs the following command to stop services at the beginning of the blackout window:

        commvault -all stop

      • Create another cron job that runs the following command to start services at the end of the blackout window:

        commvault -all start

Procedure 2: Starting and Stopping a Network Gateway to Create an Air Gap

You can use the Airgap workflow to start or stop network gateway proxies to create an air gap. This workflow can be scheduled to run at the beginning of the auxiliary copy blackout window to stop the gateway machines and at the end of the blackout window to start the gateway machines.

For more information, see Starting or Stopping a Network Gateway to Create an Air Gap.

Virtual Air Gap Using Commvault Cloud Air Gap Protect

You can create a virtual air gap using Commvault Cloud Air Gap Protect. See Air Gap Protect: Secure, air-gapped cloud storage for backups.

×

Loading...