> Software > Secure > Cleanroom recovery > Cloud-based cleanrooms > Setup > Azure cleanroom sites

Create a runbook for an Azure cleanroom site

Create a runbook that specifies the cleanroom site and the region to recover to. For workloads that include databases or applications, the runbook can restore the VM first and then restore the application data to the required point in time. It can also repave the VM from a secure image and then restore the application data onto the new VM. In the add runbook wizard, you can use either the express configuration for Commvault-managed resources or the custom configuration for self-managed resources.

  • Express configuration: Creates an Azure application called Commvault Cloud App in your cleanroom recovery Azure subscription. For details about the resources that Commvault creates in your cleanroom recovery Azure subscription when you use the Express configuration and/or Create new options, see Resources automatically created in your Azure or Commvault subscription for cleanroom recovery.

  • Custom configuration: Provides Bash and PowerShell commands for creating the Azure application, and a button to open Azure Cloud Shell for running the commands.

Create an Azure subscription for cleanroom and register Azure resource providers

  • In the Azure portal, create a new Azure subscription that's only for cleanroom recovery.

Start the add runbook wizard

  1. In the Command Center navigation pane, go to Security services > Cleanroom.

  2. On the Recovery groups tab, click the recovery group to create a runbook for.

  3. On the Runbooks tab, click Add runbook.

  4. Select Microsoft Azure.

  5. Click Next.

General page

  1. Enter a name for the runbook.

  2. For Cleanroom site, leave Create new selected.

  3. For Region, select the region to recover VMs to.

  4. Select Express configuration.

  5. Sign in with Microsoft as a Global Administrator for your cleanroom recovery Azure subscription, and then consent on behalf of your organization.

  6. If you're a Commvault software customer, when you're prompted to sign in again and asked to grant access to Azure Resource Manager, sign in as an Owner for your cleanroom recovery Azure subscription, and then consent on behalf of your organization.

    Commvault creates the app.

  7. Return to the wizard, and then enter your Azure subscription ID.

  8. Click Next.

Resources page

The Resources page displays the resources associated with the recovery group.

Verify that:

  • The VM is included
  • Associated applications or databases are included

Advanced options page

  1. Specify validation options:

    • Run threat scan: Run a threat scan on all VMs.

      Every 7 days, the count of discovered threats is reset to 0.

    • Run Windows Defender: Run a Microsoft Windows Defender Antivirus scan on Windows VMs.

  2. For Custom scripts, you can specify validation scripts to confirm that the recovered data is usable and applications are functioning correctly:

    1. Click Add.

    2. Upload a file or enter a UNC path and credentials to access the path.

      UNC path examples:

      • Windows: Enter the UNC path as WindowsPathwin.ps1.
      • Unix: Enter the UNC path as \\Pathtofile\file.sh.

    3. Enter a name for the script, and then click Save.

  3. To finish creating the runbook, click Submit.

For information about other settings on this page, see Modify settings for a cleanroom recovery group.

Create an Azure subscription for cleanroom and register Azure resource providers

  1. In the Azure portal, create a new Azure subscription that's only for cleanroom recovery.

  2. In the new subscription, register the following Azure resource providers. You must have Owner or Contributor permissions in the subscription.

    • Microsoft.Support
    • Microsoft.Storage
    • Microsoft.SerialConsole
    • Microsoft.ResourceNotifications
    • Microsoft.ResourceGraph
    • Microsoft.Portal
    • Microsoft.OperationalInsights
    • Microsoft.Network
    • Microsoft.MarketplaceOrdering
    • Microsoft.MachineLearning
    • Microsoft.GuestConfiguration
    • Microsoft.Features
    • Microsoft.CostManagement
    • Microsoft.Consumption
    • Microsoft.Compute
    • Microsoft.Commerce
    • Microsoft.CloudShell
    • Microsoft.ClassicSubscription
    • Microsoft.ChangeAnalysis
    • Microsoft.Billing
    • Microsoft.Authorization
    • Microsoft.ADHybridHealthService

Start the add runbook wizard

  1. In the Command Center navigation pane, go to Security services > Cleanroom.

  2. On the Recovery groups tab, click the recovery group to create a runbook for.

  3. On the Runbooks tab, click Add runbook.

  4. Select Microsoft Azure.

  5. Click Next.

General page

  1. Enter a name for the runbook.

  2. For Cleanroom site, leave Create new selected.

  3. For Region, select the region to recover VMs to.

  4. Select Custom configuration.

    You can also create the Azure application in the Azure portal. For instructions, see Quickstart: Register an application with the Microsoft identity platform.

  5. For Destination hypervisor, leave Create new selected.

  6. Enter the ID of your cleanroom recovery Azure subscription.

  7. In the information box, click Deploy a new application.

    The Deploy a new application dialog box appears.

  8. In the commands, replace "Contributor" with Commvault_Cleanroom.json.

    For details about the permissions that Commvault creates in your cleanroom recovery Azure subscription when you use Commvault_Cleanroom.json, see Resources automatically created in your Azure or Commvault subscription for cleanroom recovery.

  9. In the information box, click Open Azure Cloud Shell, log on to the Azure portal as the subscription owner, and then execute the displayed commands to deploy the application.

  10. Copy the following values, and then return to the wizard:

    • Tenant ID
    • Application ID
    • Application secret

  11. Use the copied values to create a new credential.

  12. Click Next.

Resources page

The Resources page displays the resources associated with the recovery group.

Advanced options page

  1. Specify validation options:

    • Run threat scan: Run a threat scan on all VMs.

      Every 7 days, the count of discovered threats is reset to 0.

    • Run Windows Defender: Run a Microsoft Windows Defender Antivirus scan on Windows VMs.

  2. For Custom scripts, you can specify validation scripts to confirm that the recovered data is usable and applications are functioning correctly:

    1. Click Add.

    2. Upload a file or enter a UNC path and credentials to access the path.

      UNC path examples:

      • Windows: Enter the UNC path as WindowsPathwin.ps1.
      • Unix: Enter the UNC path as \\Pathtofile\file.sh.

    3. Enter a name for the script, and then click Save.

  3. To finish creating the runbook, click Submit.

For information about other settings on this page, see Modify settings for a cleanroom recovery group.

×

Loading...