> CommCell Console > CommCell Recovery > CommServe Recovery > Disaster Recovery Backups > Configuration of DR Backups > Configuration of the Export Destination > Configuring Automatic Uploads to Commvault Cloud

Uploading DR Backups to Commvault Cloud

A copy of the Disaster Recovery (DR) backup is automatically uploaded to Commvault Cloud, whenever a DR backup job is run. If you need to rebuild the CommServe server, and if the existing DR backups are unusable — such as after a ransomware attack — you can use the DR backup in the cloud to rebuild the CommServe server. When metrics upload is enabled, the DR backup upload to Commvault Cloud is automatically activated for the CommCell, if it isn’t already enabled. For the first 15 days after activation, DR backup jobs will not fail even if there are issues with the cloud upload. However, if the DR backup upload to Commvault Cloud continues to fail after this 15-day period, the jobs will be marked as completed with error.

The following key features on uploading and retrieving DR backups from the Commvault Cloud Services Portal must be noted:

  • A valid Commvault Cloud Services Portal account is needed to configure DR backup uploads to Commvault Cloud.

  • All users in your company or organization that have an account with the Commvault Cloud Services Portal can view DR backups from the portal.

    To view a list of users who have access, click the View Users option listed in the Menu Uploading DR Backups to Commvault Cloud Services Portal (1) available in Worldwide Dashboard > CommCell groups in the Commvault Cloud Services website.

    All users of the company can view the DR backup files available in the SET folders. But, only recovery managers are allowed to download the files.

  • DR backups are transmitted using secure http, i.e. https.

  • By default, the backups from your CommServe are securely stored in the East US 2 region of Microsoft Azure. ( This requires version 11 SP17 with Hot Fix Pack 25 or a more recent version on the CommServe server.)

    • You can change the region for DR backup uploads from the DR Backup settings page. The region selection list will appear after the Upload to Commvault Cloud toggle key is enabled. When you select a new region, existing DR backups will remain in the current region while all future backups will be uploaded to the newly selected region. Upon saving the region for the first time or updating it from the DR Backup Settings page, the next DR backup job will be executed as FULL backup even if it was scheduled to run as DIFF.

    • Azure uses encryption as described in https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption. (Commvault relies on Microsoft managed encryption keys.)

    • DR metadata will be uploaded to Azure with the help of SAS tokens, received from Commvault Cloud for each job.

      Note

      Verify that the URLs, https://*.blob.core.windows.net and https://cvdrservices.metallic.io, are added to the allowlist. All endpoints that contain .blob.core.windows.net must be whitelisted on the Commserve machine. Additionally, verify that https://cvdrservices.metallic.io is allowlisted on all Commvault web server machines.

  • All access to this data is tracked and audited.

  • The last successful DR backup copy of the day for the last 5 days, with the latest Differential copies (if any) are retained in the cloud for 7 days.

    DR backup copies that do not satisfy the above mentioned retention criteria is cleaned up periodically. However, to prevent a good DR backup from getting deleted and replaced with newer copies, in situations where the CommServe server is compromised, this cleanup mechanism will be stopped if there is request to retrieve a DR backup copy as follows:

    • If there is at least one pending (not approved or rejected yet) access request submitted in the last 7 days.

    • If there is at least one approved request that has not expired yet.

Configuring Automatic Uploads of Disaster Recovery (DR) Backups to Commvault Cloud

×

Loading...