Forum Discussion

GNeil's avatar
GNeil
Level 4
2 years ago

Veritas Introduces New Recovery Options for IaaS Virtual Machines!

New for NetBackup 10.3, Veritas introduces new recovery options for IaaS Virtual Machines!

  1. Selection of an encryption key during restores of instances or hosts.
  2. Source tags will be applied to snapshots of instances/hosts and volumes/disk.
  3. Snapshot and restore of Azure Disk Encryption (ADE) enabled instances in Microsoft Azure.

Selection of Encryption Key

During an IaaS VM restore you can list and provide an encryption key as a disk parameter.  The encryption key name will be stored in the key management service of the given cloud service provider. (CSP)  Once the restore is completed, the restored disks will be encrypted.

Full virtual machine restores of both snapshot and backup from snapshot copies are both supported with the following encryption types:

  • None (Only in AWS)
  • Platform Managed Key (Azure, AWS and GCP)
  • Customer Managed Key (Azure, AWS, and GCP)

Let’s take a look at a virtual machine in GCP:

Here we can see two disks, one is the boot disk and a second disk, both encrypted with Customer Managed encryption.

If we drill into the boot disk we can see our encryption key ID and name.

When you restore the virtual machine, you have the option of which volumes to restore and to edit the encryption keys.

To restore the virtual machine from one region to a different region using our own managed keys, we can select a global multi-regional key.

Add/Retain Tags on a Snapshot

When a snapshot of host(instance) / disk(volume) is initiated through NetBackup Snapshot Manager, tags/labels from the source will be applied to the created snapshot. 

Here is a more specific list of use cases:

  1. When a snapshot of host is taken, the tags assigned in the host/VM will be applied to the snapshots.
  2. When a snapshot of a disk is taken, the tags assigned to the disk will be applied to the snapshots.
  3. While taking a snapshot, NetBackup Snapshot Manager also applies labels and tags to the snapshot.
    1. If there are too many tags to copy over, the ones skipped will be captured in the NetBackup Snap Manager logs.
    2. Max tags/labels limit for Azure/AWS is 50 and for GCP its 64

Note:

For Provider Management Consistent (PMC) based snapshots in Azure.

  1. If a Restore Point Collection (RPC) doesn’t exist, then a new RPC will be created using Instance tags and NetBackup Snap Manager tags.
  2. If an RPC exists and has no tags, then Instance tags and NetBackup Snap Manager tags will be applied to the existing RPC.
  3. If an RPC exists with tags but the tags don’t have the “createdby: cloudpoint” tag then existing tags are preserved and RPC will add a new tag from the instance and NetBackup Snap Manager required tags.
  4. If an RPC exists with tags and the tags do have the “createdby: cloudpoint” tag then the existing RPC tags are preserved and tags from the instance and NetBackup Snap Manager are added.

Allow Snapshots of Azure Disk Encryption (ADE) Enabled Virtual Machines (VM) in Azure

NetBackup now supports the ability to backup snapshots of an ADE enabled VM in Azure with the following scenarios:

  1. Snapshot and restore from snapshot.
  2. Rollback restore is supported.
  3. If the ADE extension is present at the time of the snapshot,  then only the extension will be present after the VM is restored from snapshot.

NetBackup enterprise tools makes backing up, maintaining, and recovering your data easier and more secure than ever!

No RepliesBe the first to reply