> Software > CommCell Recovery > CommServe Recovery > Disaster Recovery Backups > CommServe Recovery Validation Service

Recovering the Control Plane in Commvault Cloud Using the CommServe Recovery Validation Service

Step 1: Build and Execute a Backup Plan

A good cyber recovery plan starts with a backup plan. Backup plan specify what is protected, where it's protected, and how long it's kept for.

Protect the CommServe Server DR Backup to Commvault Cloud

The Commvault infrastructure is very resilient. Backups are immutable, and core Commvault infrastructure components can be easily rebuilt using metadata that is continuously backedup.

Having backups of the CommServe server database (control plane database) is vital for any backup and recovery plan. Control plane backups are automatic; however, native format backups to Commvault Cloud simplifies recovery.

To protect the control plane database in Commvault Cloud do the following:

  1. Verify or enable CommServe DR backups to Commvault Cloud:

    1. From the navigation pane, go to Manage > System.
      The System page appears.

    2. Click the Maintenance tile. The Maintenance page appears.

    3. Click the DR backup (Daily) tile.

    4. Click the edit icon Configuring a Local Drive or Network Share as the Export Destination for Disaster Recovery (DR) Backups (1). The DR backup (Daily) page appears.

    5. Click the Upload backup metadata to Commvault Cloud toggle key.

    6. Click Save. For more information, see Configuring Automatic Uploads of Disaster Recovery (DR) Backups to Commvault Cloud Services Portal.

  2. View the Security IQ dashboard or the Cloud Command Dashboard to Verify that the control plane backups are being successfully protected.

Note

By default, new deployments on Commvault Platform Release 2023E and more recent versions, are configured to back up the CommServe Server DR backup metadata in Commvault Cloud at no additional cost.

Use Secondary or Tertiary Backup Copies From Cloud or Air Gap Protect

At a minimum, you must have secondary or tertiary copy backups in Air Gap Protect, Azure, or AWS for basic recovery validation testing.

Note

Only backups to Air Gap Protect are supported for Cleanroom application recovery orchestration. Manual recovery tests are supported for data protected in AWS or Azure storage.

Secondary or Tertiary Storage Setup

When selecting your secondary or tertiary cloud backup storage target, consider the following:

Step 2: Build and Execute a Restore Plan

When using the CommServe Recovery Validation service, you recover the Control Plane in least privileged, restore-only mode. This provides the following limited capabilities:

  • Restore virtual machines and files.

  • Set up recovery groups for Cleanroom Orchestrated application recovery.

  • Configure recovery destinations for Azure and AWS.

Prepare a Cloud Recovery Destination

It is a good practice to perform recovery testing to an isolated network environment, which is referred to as a Cleanroom environment. This ensures complete isolation of your recovered data, providing a safe environment to validate recoveries, and even performs security and vulnerability scans across the restored data.

The simplest way to create an isolated recovery environment without complicated network configurations is to use a separate cloud subscription for Azure or AWS.

  • If you are testing a recovery from Air Gap Protect, see Cleanroom recovery for cyber resilience.

  • If you are testing a recovery from Azure storage, you need a separate Azure recovery destination.

  • If you are testing a recovery from AWS storage, you need a separate AWS recovery destination.

    AWS Access keys are required for configuring AWS recovery destination

Note

It is possible to create an isolated Cleanroom environment using an existing cloud subscription; however, this requires additional expertise and network configuration.

Step 3: Perform Recovery Testing with Evidence

Recover the Control Plane

When you recover CommServe (Control Plane) using the CommServe Recovery Service, Commvault recovers to the latest available version in least privileged mode that only allows restore operations with no physical access.

  1. Log on to the Commvault Cloud Command Center.

    The Readiness & Resilience page appears.

  2. In the upper-right corner of the page, click the down arrow beside the CommCell name, and then search and select the CommCell that you want to recover.

  3. In the Control plane tile, click Start recovery test.

    The CommServe details page appears.

  4. On the Protection Details tab, in the Backup Set table, in the row for the backup set that you want to recover, click the Actions button action_button, and then click Start Recovery.

    The CommServe Recovery Test dialog box appears.

  5. To enable access to the recovered CommServe, in the Enter addresses box, enter the public IP addresses or CIDR range. These IPs should be internet facing from your location or organization.

    You can enter the IP address in either IPv4 or IPv6 format.

    Examples:

    • Single IPv4 format: 203.0.113.5
    • Single IPv6 format: 2001:db8::1
    • IPv4 CIDR range: 203.0.113.0/24
    • IPV6 CIDR range: 2001:db8::/32
    • Comma-separated list of IP addresses or address ranges using either IPv4 or IPv6

  6. If you want the Commvault software to remember these IP ranges for future recovery requests, select the Save address for future requests checkbox. This enables the Commvault software to pre-populate the IP addresses when you start a recovery next time.

  7. Click Submit.

    An email is sent with a confirmation stating that the recovery is completed.

  8. After you receive the email, in the left area of the page, click the Recovery Requests tab.

  9. To access the newly-recovered instance, in the row for recovered backup set, click the Actions button action_button, and then select Access Details.

  10. Make a note of the URL and user credentials.

  11. Open a new web browser, go to the URL provided, and use the provided credentials to log on to the restored CommServe Command Center.

Note

If you are using the built-in key management server, enter the pass phrase after the Control Plane is recovered and before initiating the recovery. For more information about Key Manager Servers, see Store Account Information with Credential Vault

Perform Cleanroom Recovery

You can perform a Cleanroom recovery using a recovery group. For more information, see Cleanroom recovery for cyber resilience.

Perform a Manual Recovery Test

You can perform a test restore from the newly recovered Command Center interface and perform the recovery test.

Export Evidence

Providing an evidence of successful recovery is crucial for demonstrating resilience.

The following are the key artifacts for providing evidence:

  • Job Summary Report: View and export the backup job summary report. This report contains the backup job status that demonstrates the data recovery jobs that were successful. You must export this report from the recovered Command Center after the restore operations are complete.

  • Recovery Validation Report: After successfully recovering the isolated Control Plane, under the Recovery Requests tab within the Cloud Command interface, click the Actions button action_button, and then select Manage tags. You can enter manual tags to track what restore operations were performed associated with a particular CommServe recovery. To export the Recovery Validation Report, in the upper-right corner of the data chart, click the settings button, and then select Export to CSV.

×

Loading...