> Software > Secure > Cleanroom recovery > Cloud-based cleanrooms > Recovery

Recover to a cloud-based cleanroom site

To recover to a cleanroom site, use a runbook for the recovery group that contains the resources you want to recover.

For workloads that include databases or other applications, recovery can restore the VM and then restore the application data to the required point in time, or repave the VM from a secure image and then restore the application data onto the new VM.

Before you start recovery, verify that the VM and the application or database sub-entities are all ready.

Restoring and preparing the control plane database typically takes 30 minutes to 2 hours, depending on database size. If after 2 hours it has not completed, contact support@commvault.com.

Go to the runbook and verify readiness

  1. In the Command Center navigation pane, go to Security services > Cleanroom.

  2. On the Recovery groups tab, click the recovery group that contains the runbook.

  3. On the Runbooks tab, click the runbook.

  4. Expand all phases to verify they have a Recovery readiness status of Ready and to enable the Skip toggle key for any steps you want to skip.

    For workloads that include databases or other applications, confirm that the VM and the application or database sub-entities are ready before you execute the runbook.

Start the recovery

  1. In the upper-right area of the page, click Execute runbook.

    The Recover resources dialog box appears.

    If the workload includes databases or other applications, select a recovery point that matches the required point in time for the application data.

  2. Click Submit.

    The runbook page appears, and the recovery process starts. As the recovery proceeds, you can expand the phases of the runbook to monitor the recovery.

Recovering to a cleanroom site includes verifying the required role, running a readiness report, recovering the Commvault control plane, and then recovering recovery groups and/or resources in recovery groups.

Determine the IP addresses that need access to the recovered control plane

Before starting the cleanroom recovery process, determine which IP addresses or Classless Inter-Domain Routing (CIDR) ranges need access to the recovered control plane.

You will enter these addresses/ranges in a subsequent step.

Verify the user account has the CS Recovery Manager role

Verify that the user account that will perform the cleanroom recovery operation has the CS Recovery Manager role.

  1. Log on to cloud.commvault.com.

  2. From the Command Center navigation pane, go to Manage > CommCells.

  3. Click your CommCell environment.

  4. At the top of the page, click the menu button Menu button, and then click View Users.

  5. If the user account doesn't have the CS Recovery Manager role, contact your Cloud CommCell administrator.

  6. If your company doesn't have a Cloud CommCell administrator, request administrator privileges:

    1. From the Command Center navigation pane, go to Workflows.

    2. Click Cloud Administrator Promotion Request.

    3. Click OK.

      A confirmation message appears.

    4. Click Continue.

    When the request is approved, you receive an acknowledgment email.

Run the Cleanroom Recovery Readiness report

  1. Download the report from the Commvault Store to your production Commvault control plane server.

  2. From the Command Center navigation pane, click Reports.

  3. In the upper-right area of the page, click Actions, select Import report, and then import the report.

  4. On the Reports page, click Cleanroom Recovery Readiness.

  5. In the upper-left area of the report, click the Entities in recovery groups list to change the resources that are included in the report.

  6. Verify that all the resources you want to recover have a status of Ready.

    Entities that have any other status are not included in the recovery.

    For workloads that include databases or other applications, make sure the VM and the application or database sub-entities are ready before you start recovery.

Recover the control plane

The control plane is recovered to the latest available Commvault version, in a 'least privilege' state, which allows only recovery operations, with no physical access.

  1. Log on to cloud.commvault.com.

    The Readiness & Resilience page appears.

  2. In the upper-right area of the page, select your CommCell environment.

    Search CommCell or CommCell group list

  3. In the Control plane section, click Start Cleanroom Recovery.

    The Start Cleanroom Recovery dialog box appears.

  4. Select the backup to use for the recovery.

  5. Enter the public IP addresses or Classless Inter-Domain Routing (CIDR) ranges that need access to the recovered control plane and specify whether to save the IP addresses for subsequent control plane recovery operations.

    The IP addresses must be internet-facing from your location or organization. You can enter the IP addresses and/or ranges as a comma-separated list, using IPv4 and/or IPv6 format.

    Examples
    • Single IPv4 format: 203.0.113.5
    • Single IPv6 format: 2001:db8::1
    • IPv4 CIDR range: 203.0.113.0/24
    • IPv6 CIDR range: 2001:db8::/32
    Can I modify these IP addresses later?

    Yes. After your control plane is recovered to your cleanroom site, if you want to add or remove IP addresses, just repeat these steps.

  6. Specify whether to use multi-factor authentication to protect your recovered control plane.

    If you enable multi-factor authentication, the first time you log on to the recovered control plane, you enroll your authenticator app by scanning a QR code. After enrollment, logging on to the recovered control plane requires multi-factor authentication.

  7. Click Submit.

    A confirmation message appears.

  8. Click Submit.

    An email is sent with a confirmation stating that the recovery is completed.

  9. If you're using the built-in key management server, enter the pass phrase after your control plane is recovered.

  10. After you receive the email, in the left area of the page, click the Recovery Requests tab.

  11. To access the newly-recovered instance, in the row for recovered backup set, click the action button action_button, and then select Access Details.

  12. Record the URL and user credentials.

  13. Open a new web browser, go to the URL, and enter the credentials to log on to the recovered environment.

Go to the runbook and verify readiness

  1. In the Command Center navigation pane, go to Security services > Cleanroom.

  2. On the Recovery groups tab, click the recovery group that contains the runbook.

  3. On the Runbooks tab, click the runbook.

  4. Expand all phases to verify they have a Recovery readiness status of Ready and to enable the Skip toggle key for any steps you want to skip.

    For workloads that include databases or other applications, confirm that the VM and the application or database sub-entities are ready before you execute the runbook.

Start the recovery

  1. In the upper-right area of the page, click Execute runbook.

    The Recover resources dialog box appears.

  2. To select a specific backup for the recovery, enable the Use custom recovery point for recovery job toggle key, and then select a specific recovery point.

    For workloads that include databases or other applications, select a recovery point that matches the required point in time for the application data.

  3. Click Submit.

    The runbook page appears, and the recovery process starts. As the recovery proceeds, you can expand the phases of the runbook to monitor the recovery.

Restore the latest database backup to the recovered VM

If database backups occur more frequently than VM backups in your environment, then you can restore the latest database backup to the recovered VM after the VM is recovered or repaved.

About SQL Server recovery

For workloads that include SQL Server, cleanroom recovery from Linux is:

  • Supported only to Windows.

  • Requires that you enable the Repave VM with new secure image setting in Override recovery options. This setting uses a clean image from Azure Marketplace. For more information, see Modify settings for the resources in a cleanroom runbook.

  • Applies to the default instance only. During recovery, you might need to skip recovery of additional instances.

Create a network gateway on the recovered control plane

Create a network gateway (access node) in the Cleanroom infra to recovered control plane {Unix time of recovery} server group so that the recovered VMs can connect to the control plane. The Cleanroom infra to recovered control plane {Unix time of recovery} is a predefined server group that includes the network topology that's required for cleanroom recovery.

  1. From the Command Center navigation pane, go to Manage > Server groups.

  2. For the Cleanroom infra to recovered control plane {Unix time of recovery} server group, click the action button action_button, and then select Create access node.

  3. For Workload type, select Virtual machines.

  4. Select the operating system and Provisioning hypervisor, and then click Submit.

Create an empty server group for recovered resources

Create an empty server group that the Commvault software can use to register recovered resources with the recovered control plane.

  1. From the Command Center navigation pane, go to Manage > Server groups.

  2. In the upper-right corner of the page, click Add server group.

  3. In the Name box, enter a name for the server group.

  4. Select Manual association.

    Important

    Don't select servers. The server group must be empty.

  5. Click Save.

Create a one-way forwarding network topology on the recovered control plane

Create one-way forwarding network topology to initiate connections between the recovered VM and the recovered control plane through a network gateway.

Note

You must have Administrative Management permissions on the servers that are part of the groups you select in the procedure.

  1. From the Command Center navigation pane, go to Manage > Network.

  2. Click Network topologies.

  3. Click Add topology.

  4. For Topology name, enter a descriptive name for the network gateway.

  5. For Client type, select Servers.

  6. For Topology type, select One-way forwarding.

  7. Click Next.

  8. For Servers, select the empty server group you created in a previous step.

  9. For Network gateways, select an infrastructure server group (Cleanroom infra to recovered control plane {Unix time of recovery}) you want to designate as the network gateway group.

  10. For Backup infrastructure, select the My CommServer Computer server group.

  11. Click Next.

  12. To encrypt network traffic (HTTPS), enable the Encrypt traffic toggle key.

  13. For Tunnel protocol, select Authenticated, Encrypted, Raw, or Regular.

  14. For Parallel data transfer streams for long distance networks, the default value is 1 and the maximum value is 8.

  15. Click Submit.

Register the recovered VM to the recovered control plane

To register the VM to the recovered control plane, run the following commands on the installation_directory/Base folder.

  1. Deregister the VM from the production site:

    ./SIMCallWrapper -optype 106

  2. Register the VM to the recovered control plane:

    ./SIMCallWrapper -optype 1000 -url <cs_url> -user <user_name> -password <password> -clientname <client_name> -ConnectionInfo <Gateway_hostname:port> -ClientHostName <client_hostname> -ClientGroup <client_group> -output <outputPath> instance Instance001

    where:

    • url: The URL for the recovered control plane.

    • user: The name of the recovered control plane user account. By default, the user_name is recoverymanager.

    • password: The password for the user account provided.

    • clientname: The IP address or hostname of the recovered VM.

    • ConnectionInfo: The host name of the network gateway in the Gateway_hostname:port format. The default port is 8403.

    • ClientHostName: The host name of the recovered VM.

    • ClientGroup: The name of the server group that includes the recovered VM.

    • output: The path to save the output XML file in. The SIMCallWrapper command saves success/error messages in XML format.

Configure the recovered VM as a database server

  1. From the Command Center navigation pane, go to Protect > Databases.

  2. From the Add Instance list, select Database Server.

  3. Select the database type and click Next.

  4. For Server name, select the recovered VM.

  5. Enter the required details, and then click Add.

Restore the database out of place

  1. From the Command Center navigation pane, go to Protect > Databases.

  2. On the Instances tab, click the instance.

  3. On the Overview tab, in the Recovery points section, select the latest backup, and then click RESTORE.

  4. Select the data you want to restore, and then click Restore.

  5. Select Out of place.

  6. For Restore type, select Cross instance restore.

  7. From the Destination server list, select the recovered VM.

  8. From the Destination instance list, select an instance.

  9. Click Submit.

Perform a VirtualizeMe or 1-Touch recovery of physical servers (optional)

After you recover the control plane in the cleanroom site, recover your file servers by using VirtualizeMe (vME) or 1-Touch Recovery.

Configure network connectivity for recovery clients

Before you start VirtualizeMe or 1-Touch Recovery, configure network connectivity.

For one-way forwarding, recovery clients communicate with the cleanroom site control plane through an infrastructure gateway, as shown in the following topology:

Servers > Infrastructure gateway > Backup infrastructure (control plane)

Server groups

Create and use the following server groups:

  • Recovery Clients (Cleanroom-Recovery-Clients) : You can leave this server group empty during initial configuration. Recovery clients use this group during vME or 1-Touch Recovery to communicate with the cleanroom site control plane.

  • Gateway (Cleanroom-Gateway) : Add the infrastructure gateway you configure for one-way forwarding between recovery clients and the cleanroom site.

  • Backup Infrastructure / CS (Cleanroom-CS) : Add the cleanroom site control plane (CommServe server) and associated backup infrastructure.

Create server groups

Create the required server groups if they do not already exist:

  1. From the Command Center navigation pane, go to Manage > Server groups.

  2. Click Create server group, and then create the following server groups:

  3. Cleanroom-Recovery-Clients

  4. Cleanroom-Gateway

  5. Cleanroom-CS

Create a network topology for one-way forwarding

  1. From the Command Center navigation pane, go to Manage > Network Topologies.

  2. Click Create topology.

  3. Enter a name for the topology (for example, Cleanroom-OneWay-Recovery).

  4. For Topology type, select One-Way Forwarding.

  5. For Server group, select Cleanroom-Recovery-Clients.

  6. For Infrastructure Gateways, select Cleanroom-Gateway.

  7. For Backup Infrastructure, select Cleanroom-CS.

  8. Configure advanced settings as needed, or keep the default settings, and then select Save.

Download the 1-Touch ISO

You need the 1-Touch ISO for VirtualizeMe (on-premises) recovery and 1-Touch Recovery.

Download the 1-Touch ISO

Create provisioning targets (VirtualizeMe only)

Provisioning targets are required only for VirtualizeMe recovery. You do not need them for 1-Touch Recovery.

Create provisioning targets as required for your VirtualizeMe recovery.

Perform the recovery

Use VirtualizeMe or 1-Touch Recovery to restore a physical server from the control plane you recovered in the cleanroom site.

When you run the recovery job, provide the following inputs:

  • Copy precedence: Select Online Copy.

  • MediaAgent: Select Commserve (CS).

  • Server group: Select Cleanroom-Recovery-Clients.

  • Gateway hostname and port: Enter the same gateway hostname and port you configured in the one-way forwarding network topology.

×

Loading...