Enabling Ransomware Protection for a HyperScale MediaAgent

Updated

Requirement:

If current MediaAgent version of the node is Feature Release 24, you must upgrade the MediaAgent version 24.19 or above and upgrade the Commvault Distributed Storage (CDS) RPM version to 4.5.1 or above. For instructions to upgrade the MediaAgent version, see Updating Commvault Software on a Server. For instructions to upgrade the CDS version, see Installing Operating System Updates on Existing Nodes.

You can enable ransomware protection for a HyperScale MediaAgent. You must enable protection for all the nodes in a HyperScale environment.

Note: You cannot enable ransomware protection for a HyperScale MediaAgent that hosts CommServe.

Before You Begin

  • Review the system requirements and the considerations for ransomware protection.

  • If any disk libraries or mount paths that are mounted are already present on the MediaAgent, you must take a backup of the /etc/fstab system file.

  • You must set the MediaAgent on maintenance mode because the operations in the procedure require a reboot and perform unmount and mount of the disk libraries.

  • If the MediaAgent is a client computer, make sure that there are no active backup or restore operations running on the MediaAgent.

Procedure

  1. Login to your MediaAgent.

  2. Go to the /opt/commvault/MediaAgent64 directory.

  3. To enable the ransomware protection, run the following command:

    ./cvsecurity.py enable_protection -i InstanceID

    where instanceID is the ID of the instance. For example, Instance001.

    Note: If any disk libraries or mount paths that are mounted are already present on the MediaAgent, then you need not run the protect_disk_library command. The enable_protection command performs the operations that are done by the protect_disk_library command such as updating the context in the /etc/fstab file and performing unmount and mount of the disk library.

  4. Reboot the MediaAgent for the ransomware protection to take effect.

    The reboot operation is required only when you enable the protection for the first time.

    Note:

    Take the following precautions:

    • Wait for the node to come online after you enable ransomware protection on the node and reboot the node. To ensure that the node is online, verify the start_node operation completes successfully in the /tmp/cvsecurity_hvcmd.log file.

    • To verify that the protection is resumed successfully, run the sestatus command and check that the value for the Current mode parameter is set to enforcing.

    • Verify that the cluster is online and NFS vdisk is mounted. After reboot, you may experience some additional time for the cluster to be up and online depending on the amount of backup data present on the cluster.

    • Verify that the Commvault services are up and running. For instructions, see Using Process Manager to View and Manage Commvault Services.

      Do not enable ransomware protection on another node until you complete the above verification steps on the current node.

      Repeat the above steps on all the nodes in the HyperScale environment.

  5. Turn off the maintenance mode on all the nodes.

Result

Ransomware will be enabled in the MediaAgent and can be viewed as follows:

  1. From the navigation pane, go to Manage > Infrastructure.

    The Infrastructure page appears.

  2. Click the MediaAgent tile.

    The MediaAgents page appears.

  3. Click the MediaAgent in which you enabled ransomware

    In the Control section, the Ransomware Protection toggle key will be enabled. (The toggle key will appear grayed out.)

Additional Information

  • The software logs the activities of the ransomware protection in the /var/log/cvsecurity.log file.

  • The software logs any unauthorized activities in the /var/log/audit/audit.log file.