A copy of the Disaster Recovery (DR) backup is automatically uploaded to the Commvault Cloud, whenever a DR backup job is run. If you need to rebuild the CommServe server, and if the existing DR backups are unusable — such as after a ransomware attack — you can use the DR backup in the cloud to rebuild the CommServe server. When metrics upload is enabled, the DR backup upload to Commvault Cloud is automatically activated for the CommCell, if it isn’t already enabled. For the first 15 days after activation, DR backup jobs will not fail even if there are issues with the cloud upload. However, if the DR backup upload to Commvault Cloud continues to fail after this 15-day period, the jobs will be marked as completed with error.
The following key features on uploading and retrieving DR backups from the Commvault Cloud Services Portal must be noted:
-
A valid Commvault Cloud Services Portal account is needed to configure DR backup uploads to the Commvault Cloud.
-
All users in your company or organization that have an account with the Commvault Cloud Services Portal can view DR backups from the portal.
To view a list of users who have access, click the View Users option listed in the Menu available in Worldwide Dashboard > CommCell groups in the Commvault Cloud Services website.
All users of the company can view the DR backup files available in the SET folders. But, only recovery managers are allowed to download the files.
-
DR backups are transmitted using secure http, i.e. https.
-
The backups are securely stored in East US 2 region of Microsoft Azure, directly from your CommServe. (Requires V11 SP17 with Hot Fix Pack 25, or a more recent version to be installed on the CommServe server.)
-
Azure uses encryption as described in https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption. (Commvault relies on Microsoft managed encryption keys.)
-
DR metadata will be uploaded to Azure with the help of SAS tokens, received from Commvault Cloud for each job.
Note
Verify that the URLs, https://*.blob.core.windows.net and https://cvdrservices.metallic.io, are added to the allowlist. All endpoints that contain .blob.core.windows.net must be whitelisted.
-
-
All access to this data is tracked and audited.
-
The last successful DR backup copy of the day for the last 5 days, with the latest Differential copies (if any) are retained in the cloud for 7 days.
DR backup copies that do not satisfy the above mentioned retention criteria is cleaned up periodically. However, to prevent a good DR backup from getting deleted and replaced with newer copies, in situations where the CommServe server is compromised, this cleanup mechanism will be stopped if there is request to retrieve a DR backup copy as follows:
-
If there is at least one pending (not approved or rejected yet) access request submitted in the last 7 days.
-
If there is at least one approved request that has not expired yet.
-
Related Topics
Configuring Automatic Uploads of Disaster Recovery (DR) Backups to Commvault Cloud