Contents

Dell PowerProtect 19.2 Data Manager Cyber Recovery User Guide PDF

1 of 68
1 of 68

Summary of Content for Dell PowerProtect 19.2 Data Manager Cyber Recovery User Guide PDF

PowerProtect Data Manager for Cyber Recovery Version 19.2

User Guide 302-005-987

REV 01

September 2019

Copyright 2019 Dell Inc. All rights reserved.

Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS-IS. DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND

WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED

IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property

of their respective owners. Published in the USA.

Dell EMC Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.DellEMC.com

2 PowerProtect Data Manager for Cyber Recovery User Guide

Preface 5

Introduction 7 What is the Dell EMC PowerProtect Cyber Recovery solution?......................... 8 Cyber Recovery architecture..............................................................................9 Cyber Recovery operations............................................................................... 10

Configuring Data Domain Compliance mode retention locking ..............11 Management tools............................................................................................. 12

Getting Started 13 Logging in.......................................................................................................... 14 Activating the Cyber Recovery license.............................................................. 14 Completing initial setup with the Getting Started wizard...................................15 Cyber Recovery UI ............................................................................................17

Masthead Navigation............................................................................ 18

Storage and Applications 21 Assets overview................................................................................................ 22 Managing storage............................................................................................. 23 Managing applications.......................................................................................24

Policies and Copies 27 Policies and copies overview.............................................................................28 Policy actions....................................................................................................28 Managing policies............................................................................................. 29 Running policies.................................................................................................31 Scheduling policies............................................................................................ 31 Managing copies............................................................................................... 32 Securing a copy................................................................................................ 33 Analyzing a PIT copy.........................................................................................33 Managing sandboxes.........................................................................................34

Monitoring 37 Monitoring the CR Vault status.........................................................................38 Monitoring alerts and events.............................................................................38

Handling alerts .................................................................................... 39 Monitoring jobs................................................................................................. 39

Performing a PowerProtect Data Manager recovery with Cyber Recovery 41 Recovering PowerProtect Data Manager data..................................................42 Initiating a PowerProtect Data Manager recovery in the Cyber Recovery CLI.. 42 Performing postrecovery steps for a PowerProtect Data Manager recovery....43

Administration 45

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

CONTENTS

PowerProtect Data Manager for Cyber Recovery User Guide 3

Administration overview....................................................................................46 Manually securing and releasing the CR Vault...................................................46 User roles..........................................................................................................46 Managing users.................................................................................................47 Managing login sessions....................................................................................48 Configuring email notifications..........................................................................48

Specifying which users receive email................................................... 48 Connecting to an email server..............................................................49

Changing the lockbox passphrase.....................................................................50 Changing the database password..................................................................... 50 Resetting the Security Officer password from the management host............... 51 Resetting the IP address on the management host........................................... 51 Changing the log level.......................................................................................52 Collecting logs for upload..................................................................................52 Deleting unneeded Cyber Recovery objects......................................................53 Cyber Recovery disaster recovery.................................................................... 53

Cleaning up existing Cyber Recovery Docker containers......................53 Restoring a Cyber Recovery installation after a disaster......................55

Troubleshooting 57 Troubleshooting suggestions............................................................................ 58 Cyber Recovery logs ........................................................................................58 Managing Cyber Recovery services...................................................................61 Disabling SSH access to the replication interface..............................................61

Cyber Recovery Command Line Interface (CRCLI) 63 CRCLI overview................................................................................................ 64

Functionality........................................................................................ 64 CLI help system................................................................................... 65

Using the CRCLI commands............................................................................. 66 Parameters.......................................................................................... 67 CRCLI password commands.................................................................67

Chapter 8

Chapter 9

Contents

4 PowerProtect Data Manager for Cyber Recovery User Guide

Preface

As part of an effort to improve its product lines, Dell EMC periodically releases revisions of the software and hardware. Therefore, some functions that are described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information about product features.

Contact your Dell EMC technical support professional if a product does not function correctly or does not function as described in this document.

Note: This document was accurate at publication time. To find the latest version of this document, go to Dell EMC Online Support.

Purpose

This guide describes how to install, upgrade, patch, and uninstall the Dell EMC PowerProtect Cyber Recovery software.

Audience

The information in this guide is primarily intended for administrators who are responsible for installing and upgrading the Cyber Recovery software.

Product Documentation

The Cyber Recovery product documentation set includes:

l Dell EMC PowerProtect Cyber Recovery Release Notes

l Dell EMC PowerProtect Cyber Recovery Installation Guide

l Dell EMC PowerProtect Cyber Recovery Product Guide

l Dell EMC PowerProtect Cyber Recovery Solutions Guide

l Dell EMC PowerProtect Cyber Recovery Security Configuration Guide

l Dell EMC PowerProtect Cyber Recovery Open Source License and Copyright Information

Note: Also, see the documentation for the products that are integrated with Cyber Recovery, such as Dell EMC Data Domain Series Appliances, Dell EMC Avamar, Dell EMC NetWorker, and Dell EMC PowerProtect Data Manager applications.

Where to get help

Go to Dell EMC Online Support to obtain Dell EMC support, and product and licensing information. You can also find documentation, release notes, software updates, or information about other Dell EMC products.

You will see several options for contacting Dell EMC Technical Support. To open a service request, you must have a valid support agreement. Contact your Dell EMC sales representative for details about obtaining a valid support agreement or with questions about your account.

Comments and suggestions

Comments and suggestions help us to continue to improve the accuracy, organization, and overall quality of the user publications. Send comments and suggestions about this document to DPAD.Doc.Feedback@emc.com.

Please include the following information:

l Product name and version

PowerProtect Data Manager for Cyber Recovery User Guide 5

l Document name, part number, and revision

l Page numbers

l Other details to help address documentation issues

Preface

6 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 1

Introduction

This section provides an overview of the Dell EMC PowerProtect Cyber Recovery solution.

l What is the Dell EMC PowerProtect Cyber Recovery solution?..............................................8 l Cyber Recovery architecture.................................................................................................. 9 l Cyber Recovery operations....................................................................................................10 l Management tools................................................................................................................. 12

PowerProtect Data Manager for Cyber Recovery User Guide 7

What is the Dell EMC PowerProtect Cyber Recovery solution? The Cyber Recovery solution maintains mission-critical business data and technology configurations in a secure, air-gapped 'vault' environment that can be used for recovery or analysis. The Cyber Recovery Vault (CR Vault) is physically isolated from an unsecure system or network.

The Cyber Recovery solution enables access to the CR Vault only long enough to replicate data from the production system. At all other times, the CR Vault is secured and off the network. A deduplication process is performed in the production environment to expedite the replication process so that connection time to the CR Vault is as short as possible.

Within the CR Vault, the Cyber Recovery software creates point-in-time (PIT) retention-locked copies that can be validated and then used for recovery of the production system.

Figure 1 High-level solution architecture

Note: Data Domain Retention Lock software provides data immutability for a specified time. Retention Lock functionality is enabled on a per-MTree basis, and the retention time is set on a per-file basis. Retention Lock is not required for Cyber Recovery but is strongly recommended as an additional cyber-resiliency measure.

A policy, which can be scheduled, orchestrates the workflow between the production environment and the CR Vault. A policy is a combination of objects (such as Data Domain storage and applications) and jobs (such as synchronization, copy, and lock).

Note: References to Data Domain systems in this documentation, in the UI, and elsewhere in the product include Data Domain systems and the new PowerProtect DD systems.

Introduction

8 PowerProtect Data Manager for Cyber Recovery User Guide

Cyber Recovery architecture

As shown in the following diagram, the Cyber Recovery solution uses Data Domain systems to replicate data from the production system to the CR Vault through a dedicated replication data link:

Figure 2 Cyber Recovery architecture

Note: Unless otherwise specified, this document uses the term CR Vault to describe the vault environment, which includes the Data Domain system, the management host, and backup and analytics applications.

The CR Vault is a customer-provided secure location of the Data Domain MTree replication destination. It requires dedicated resources including a network, and though not required but strongly recommended, a name service such as DNS. The CR Vault can be at another location (hosted by a service provider, for example).

Production environment

In the production environment, applications such as the PowerProtect Data Manager application manages backup operations, which store the backup data in MTrees on Data Domain systems. The production Data Domain system is configured to replicate data to a corresponding Data Domain system in the CR Vault.

Vault environment

The CR Vault environment includes the Cyber Recovery management host, which runs the Cyber Recovery software and a Data Domain system. If required for application recoveries, the CR Vault can also include PowerProtect Data Manager and other applications. By installing Index Engines' CyberSense, an analytic and validation application, you can validate and analyze the data.

The Cyber Recovery software enables and disables the replication Ethernet interface on the Data Domain system in the CR Vault to control the flow of data from the production environment to the vault environment. For short periods of time, the CR Vault is connected to the production system

Introduction

PowerProtect Data Manager for Cyber Recovery User Guide 9

over this dedicated interface to perform replications. Because the management interface is always enabled, other Cyber Recovery operations are performed while the CR Vault is secured.

Note: From the Data Domain command-line interface (CLI) and the Data Domain user interface (UI), MTrees are displayed using the following Cyber Recovery naming convention:

# /data/col1/cr-policy- -repo

where is the unique ID that is created when you create a Cyber Recovery policy. Cyber Recovery The software adds the cr- prefix to the name.

Cyber Recovery operations

Recovery managers can perform continuous and iterative operations that maintain recovery data in the CR Vault if it is needed for restoration. You can perform these operations separately or in combinations. Except for a recovery, you can also schedule operations or trigger them manually as needed.

Replication

Data Domain MTree replications are performed from the Data Domain production system to the Data Domain system in the CR Vault. Each replication uses Data Domain deduplication technology to match the data in the vault incrementally. This document refers to a replication operation as a "Sync."

Copy

A point-in-time (PIT) fast copy is made of the most recent replication. If data recovery is required, the copy serves as a PIT restore point. You can maintain multiple PIT copies to ensure an optimal number of restore points. You can mount each copy in a sandbox. The sandbox is a read/write Data Domain fast copy inside the CR Vault. A fast copy is a clone of files and directory trees of a PIT copy from the cr-policy- -repo MTree. Data can be scanned for malware or analyzed as needed in the sandbox.

Lock

You can secure all files in a PIT copy from modification by retention locking for a specific duration. The Cyber Recovery solution supports both:

l Governance archive data requirements, which are considered lenient and meant to provide relatively short durations as appropriate to achieve your recovery strategy

l Compliance archive data requirements, which are stricter than Governance archive data requirements and are recommended to secure against more threats

For information about the governance and compliance archive data requirements and how to manage them, see the Data Domain documentation.

Analyze

You can analyze locked or unlocked copies with various tools that search for indicators of compromise, suspicious files, or potential malware. These anomalies might identify a copy as an invalid source for recovery.

Recovery

You can use the data in a PIT copy to perform a recovery operation.

Introduction

10 PowerProtect Data Manager for Cyber Recovery User Guide

Configuring Data Domain Compliance mode retention locking Configure the CR Vault Data Domain system for Retention Lock Compliance.

Before you begin

The CR Vault Data Domain system must have a Retention Lock Compliance license.

For more comprehensive information about the procedures to configure Retention Lock Compliance on a Data Domain system, see the Dell EMC Data Domain Operating System Administration Guide.

About this task

Data Domain systems support both Governance mode and Compliance mode retention locking. Compliance mode is a stricter type of retention locking, which enables you to apply retention policies at an individual file level. You cannot delete or overwrite locked files under any circumstances until the retention period expires.

Procedure

1. On the CR Vault Data Domain system, log in as an Admin user and then add a security account with the security role:

# user add role security

The security role user can be referred to as a Security Officer.

2. Log out as the Admin user and log in again as the Security Officer user.

3. Enable security authorization:

# authorization policy set security-officer enabled

4. Log out as the Security Officer user and log in again as the Admin user.

5. Configure the CR Vault Data Domain system for Retention Lock Compliance:

# system retention-lock compliance configure

6. When prompted, enter the security officer credentials.

The software updates the configuration and then reboots the CR Vault Data Domain system, which is unavailable during the process.

7. Log in as the Admin user.

8. Enable Retention Lock Compliance:

# system retention-lock compliance enable

9. When prompted, enter the security officer credentials.

Introduction

PowerProtect Data Manager for Cyber Recovery User Guide 11

Results

You can perform Retention Lock Compliance operations on an MTree. You must be logged in to the CR Vault Data Domain system as an Admin user and provide the security officer credentials, when prompted.

Management tools

The Cyber Recovery solution provides a web-based GUI, API, and CLI.

Cyber Recovery UI

The web-based Cyber Recovery UI is the primary management and monitoring tool. It enables users to define and run policies, monitor operations, troubleshoot problems, and verify outcomes.

Note: To access the Cyber Recovery UI, go to https:// :14777, where is the hostname of the management host.

Cyber Recovery REST API

The Cyber Recovery REST API provides a predefined set of operations that administer and manage tasks over HTTPS. Use the REST API to create a custom client application or to integrate Cyber Recovery functionality into an existing application.

Note: To access the Cyber Recovery REST API documentation, go to https:// :14780, where is the hostname of the management host.

Cyber Recovery Command Line Interface

The Cyber Recovery CLI (CRCLI) is a command-line alternative to the Cyber Recovery UI.

Introduction

12 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 2

Getting Started

This section describes how to log in to the Cyber Recovery UI and activate the Cyber Recovery license. It also describes how to get started by using the Getting Started wizard.

l Logging in.............................................................................................................................. 14 l Activating the Cyber Recovery license...................................................................................14 l Completing initial setup with the Getting Started wizard....................................................... 15 l Cyber Recovery UI ................................................................................................................ 17

PowerProtect Data Manager for Cyber Recovery User Guide 13

Logging in Cyber Recovery users can log in to the Cyber Recovery UI.

About this task

Users that are assigned the Security Officer or admin roles can perform tasks in the Cyber Recovery. A dashboard user can only view the dashboard but cannot perform any tasks.

Procedure

1. Open a supported browser and go to https:// :14777.

where is the hostname of the management host where the Cyber Recovery software is installed.

2. Enter your username and password.

3. Click LOG IN.

The Cyber Recovery dashboard displays.

Activating the Cyber Recovery license Upload the Cyber Recovery license file to activate the license.

Before you begin

Provide a Software Instance ID, which is created at the Cyber Recovery installation, to acquire the license file from Dell EMC. The information icon on the Masthead Navigation displays information about Cyber Recovery, including the Software Instance ID.

When Dell EMC emails you the license file, save it to a directory of your choice. If you must bring the license file into the CR Vault, you must enable a connection from your desktop to the CR Vault or use a USB flash drive.

About this task

After Cyber Recovery installation, the Cyber Recovery deployment state is Unlicensed by default. You can perform some perfunctory Cyber Recovery tasks, however you cannot access full Cyber Recovery capabilities.

Procedure

1. From the Masthead Navigation, click the gear icon to access the System Settings list.

2. Click License.

The License dialog box also provides the following information:

l Expires On

l State

l Type

l Software Instance ID

3. In the License dialog box, click Choose File, select the Cyber Recovery license file, and then click OK.

Results

The Cyber Recovery license is activated and you can use all the Cyber Recovery licensed features.

Getting Started

14 PowerProtect Data Manager for Cyber Recovery User Guide

Completing initial setup with the Getting Started wizard The Getting Started wizard enables you to check your Cyber Recovery deployment, create an Admin user, add storage, and deploy a protection policy quickly.

About this task

When you log in to the Cyber Recovery UI for the first time, the Getting Started wizard is displayed. The wizard guides you through the initial steps for running a policy. When you complete a step, its corresponding number changes color and the next step is highlighted.

Procedure

1. Under Checklist, click REVIEW to verify that you have performed the required deployment steps.

If you have not satisfied all requirements, log out and complete the deployment steps.

2. Under Users, click ADD to create an Admin user. Complete the following fields in the Add User dialog box and click SAVE:

Field Description

Name fields Specify the user's first name and last name.

Role Select either:

l AdminEnables users to perform tasks in the Cyber Recovery software.

l DashboardEnables users to view the Cyber Recovery dashboard but not perform tasks. The dashboard role does not time out.

User Name (required) Specify a username.

Phone Specify the user's telephone number.

Email (required) Specify an email address for alert notifications if the user is configured to receive them.

Password/Confirm New Password (required)

Specify and confirm the password. Password requirements include:

l 964 characters

l At least 1 numeric character

l At least 1 uppercase letter

l At least 1 lowercase letter

l At least 1 special character (~!@#$%^&*()+={}|:";<>?[]-_.,^')

When you change a password, enter and confirm both the new and existing passwords.

Session Timeout Select the amount of idle time after which the user is logged out of the Cyber Recovery UI.

3. Under Vault Storage, click ADD to define the storage object. Complete the following fields in the Add Vault Storage dialog box and click SAVE:

Field Description

Nickname Enter a name for the storage object.

FQDN or IP Address Specify the Data Domain host by using one of the following:

l Fully qualified domain name (FQDN)

Getting Started

PowerProtect Data Manager for Cyber Recovery User Guide 15

Field Description

l IP address

Storage Username Specify a dedicated Cyber Recovery Data Domain administration account (for example, cradmin), which the Cyber Recovery software uses to perform operations with the Data

Domain system. This Data Domain account must be an admin role and on the DD boost users list.

Note: You cannot use the sysadmin account.

Storage Password Enter the password of the Data Domain administrator.

SSH Port Number Enter a storage SSH port number.

Tags Optionally, add a tag that provides useful information about the storage object. The tag is displayed in the details description for the vault storage in the Assets content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

Note: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

4. Under Policies, click ADD to define a policy. Complete the following fields in the Add Policy dialog box and click SAVE:

Field Description

Name Specify a policy name.

Storage Select the storage object containing the replication context that the policy will protect.

Context Select the MTree replication context to protect. Note: There can be only one policy per replication context.

Replication Ethernet Select the interface on the storage instance that is configured for replications. Note: Do not select the data are management Ethernet interfaces.

Replication Window Set a timeout value in hours for how long a job for a Sync action runs before Cyber Recovery issues a warning. The default value is 0.

Retention Lock Type Select one of the following:

l (Add Policy dialog box only) None, if retention locking is not supported. The retention fields are then removed from the dialog box.

l Governance if it is enabled on the storage instance.

l (Edit Policy dialog box only) Governance-disabled.

l Compliance if it is enabled on the storage instance.

Storage SO Username/Password Required when you select Compliance. Enter the username and password of the storage instance Security Officer.

Note: This username was created on the Data Domain system.

Retention Lock Minimum Specify the minimum retention duration that this policy can apply to PIT copies. This value cannot be less than 12 hours.

Note: If the retention lock type is set to Compliance and you edit this value, you are prompted to enter the Storage SO Username/Password.

Getting Started

16 PowerProtect Data Manager for Cyber Recovery User Guide

Field Description

Retention Lock Maximum Specify the maximum retention duration that this policy can apply to PIT copies. This value cannot be greater than 1,827 days.

Note: If the retention lock type is set to Compliance and you edit this value, you are prompted to enter the Storage SO Username/Password.

Retention Lock Duration Specify the default retention duration that this policy applies to PIT copies.

Tags Optionally, add a tag that provides useful information about the policy. The tag is displayed in the details description for the policy in the Policies content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

Note: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

When you complete these steps, the Cyber Recovery dashboard is displayed. Note: You can recall the wizard at any time by selecting System Settings > Getting Started from the Masthead Navigation.

5. To run the policy immediately, do the following:

a. Select Policies in the Main Menu.

b. On the Policies content pane, select the policy checkbox. Then click ACTIONS and select the action that you want the policy to perform.

Note: If you have not installed the Cyber Recovery license, you cannot run any Sync (replication) operations.

Cyber Recovery runs the policy and displays progress messages on the Jobs content pane and the dashboard.

Cyber Recovery UI The Cyber Recovery UI is the primary tool for performing and monitoring Cyber Recovery operations. It is a web application that enables you to define, run, and monitor policies and policy outcomes.

Note: If you log in to the Cyber Recovery UI as a dashboard user, your view of the dashboard is limited and you cannot perform tasks. However, the dashboard does not time out.

The Cyber Recovery UI includes:

l Masthead Navigation icons that provide information or enable you to perform administrative tasks.

l A Main Menu that enables you to access content panes from which you perform operations such as managing assets, policies, recoveries, and users.

l A dashboard that provides comprehensive alerts and events notifications that facilitate troubleshooting and error correction.

The following figure shows the dashboard in the Cyber Recovery UI:

Getting Started

PowerProtect Data Manager for Cyber Recovery User Guide 17

Figure 3 PowerProtect Cyber Recovery dashboard

1. The Masthead Navigation provides icons that enable you to view notifications and additional information, set system settings, and access the Getting Started wizard and online help. A dashboard user can only log out of the Cyber Recovery UI.

2. The Main Menu provides access to content panes from which you can perform operations. It is not available to a dashboard user.

3. Alerts|Security provides details about unacknowledged alerts that identify anomalies in vault activity.

4. Alerts|System provides details about unacknowledged system events.

5. Status shows the current state of the CR Vault and enables you to secure it manually if a network event occurs when the CR Vault is open and stop all replication operations. It also displays the five most recent jobs and their progress. For information about monitoring the CR Vault and about manually securing the CR Vault, see Monitoring the CR Vault status on page 38 and Manually securing and releasing the CR Vault on page 46.

Note: A dashboard user cannot secure the vault.

6. Jobs shows the jobs that are created when a policy is triggered and the overall status of all jobs in the Cyber Recovery environment.

Note: Links in Alerts and Jobs enable you to access content panes that display more information about the specific details on the dashboard.

Your assigned role determines the functions that you can perform in the Cyber Recovery UI. For more information, see User roles on page 46.

Masthead Navigation The Cyber Recovery UI includes Masthead Navigation.

The icons in the masthead of the Cyber Recovery UI provide information or enable you to perform administrative tasks. A dashboard user can only log out of the Cyber Recovery UI and has no access to the other icons.

Getting Started

18 PowerProtect Data Manager for Cyber Recovery User Guide

Figure 4 Masthead navigation icons

1. Provides a drop-down list of unacknowledged alerts

2. Enables you to log out and identifies your username

3. Provides a drop-down list to access the Getting Started wizard, set clean-up and log settings, and enable license activation. The Security Officer can also manage the number of simultaneous login sessions.

4. Displays the Cyber Recovery version and Software Instance ID

5. Displays the Cyber Recovery online help

Getting Started

PowerProtect Data Manager for Cyber Recovery User Guide 19

Getting Started

20 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 3

Storage and Applications

This section describes how to manage storage instances and applications in the Cyber Recovery UI.

l Assets overview.................................................................................................................... 22 l Managing storage..................................................................................................................23 l Managing applications........................................................................................................... 24

PowerProtect Data Manager for Cyber Recovery User Guide 21

Assets overview Assets in the CR Vault are represented as storage and application objects.

Storage objects

Storage objects represent storage systems, such as Data Domain systems. Define a storage object for each Data Domain system that is running in the CR Vault. The Cyber Recovery software uses the Data Domain system to perform replications, store point-in-time (PIT) copies, and apply retention locking.

Application objects

Application objects represent applications, such as PowerProtect Data Manager or Index Engines' CyberSense.

Usually, you include the PowerProtect Data Manager application in the CR Vault when the Data Domain system is integrated with those applications in your production systems. The CR Vault does not require these applications to protect the data because MTree replications copy all the data to the CR Vault. However, running the applications in the CR Vault enables you to analyze, recover, and restore your data so that it can be used to rehydrate production backup applications, if necessary.

The Cyber Recovery software integrates with the Index Engines' CyberSense application, which analyzes backup data for the presence of malware or other anomalies. After you install Index Engines' CyberSense on a separate host in the CR Vault, define an application object for it. Then, Cyber Recovery policies can call Index Engines' CyberSense to analyze PIT copies.

Storage and Applications

22 PowerProtect Data Manager for Cyber Recovery User Guide

Managing storage Define a storage object for each Data Domain system that is running in the CR Vault environment. A Data Domain system in the CR Vault serves as the repository for the data that is replicated from the production system and protected by the Cyber Recovery solution.

Before you begin

Before you add a storage object, install the Data Domain instance in the CR Vault environment and perform an initial replication.

About this task

If you are defining the Data Domain system for the first time, see Completing initial setup with the Getting Started wizard on page 15.

Procedure

1. Select Assets from the Main Menu.

2. Do one of the following:

l To add a storage object, click ADD.

l To modify an existing object, select the object and click EDIT.

3. Complete the fields in the following dialog box:

Field Description

Nickname Enter a name for the storage object.

FQDN or IP Address Specify the Data Domain host by using one of the following:

l Fully qualified domain name (FQDN)

l IP address

Storage Username Specify a dedicated Cyber Recovery Data Domain administration account (for example, cradmin), which the Cyber Recovery software uses to perform operations with the Data

Domain system. This Data Domain account must be an admin role and on the DD boost users list.

Note: You cannot use the sysadmin account.

Storage Password Enter the password of the Data Domain administrator.

SSH Port Number Enter a storage SSH port number.

Tags Optionally, add a tag that provides useful information about the storage object. The tag is displayed in the details description for the vault storage in the Assets content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

Note: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

4. Click SAVE.

The VAULT STORAGE table lists the storage object.

5. Click in the row for the storage object to view more detailed information that is retrieved from the Data Domain system, such as the replication contexts and the Ethernet interface.

6. To remove a storage object, select the storage object, and then click DELETE.

Storage and Applications

PowerProtect Data Manager for Cyber Recovery User Guide 23

Managing applications When you install an application in the CR Vault, you must represent the application to the Cyber Recovery software. Applications can include the PowerProtect Data Manager, Index Engines' CyberSense, or other applications.

Before you begin

The application must be installed and running at the CR Vault location before you can define it in the Cyber Recovery UI.

Procedure

1. Select Assets from the Main Menu and click APPLICATIONS at the top of the Assets content pane.

2. Do one of the following:

l To add an application, click ADD.

l To modify an existing application, select the application and click EDIT.

3. Complete the following fields in the dialog box:

Field Description

Nickname Enter a name for the application object.

FQDN or IP Address Specify the Data Domain host by using one of the following:

l Fully qualified domain name

l IP address

Host Username Specify the host administrator username. Note: This username is for the operating system host.

Host Password Enter the password of the host administrator. Note: Enter the password for the user admin account, which is the default account.

SSH Port Number Enter an application SSH port number.

Application Type Selection an application type:

l To represent an application in Cyber Recovery, select the following:

n PPDM Complete the following fields:

In the Application Username field, enter the username of the application user.

In the Application Password field, enter the password of the application user.

In the Host Root Password field, enter the root password of the vault application. The root password is required to reboot the PowerProtect Data Manager appliance.

n IndexEngines

Storage and Applications

24 PowerProtect Data Manager for Cyber Recovery User Guide

Field Description

l Select FileSystem if you want to mount copies on an NFS share and examine data by using any application on the host. Selecting this option does not require you to install an application on the host.

l Select Other for other application types.

Tags Optionally, add a tag that provides useful information about the application. The tag is displayed in the Assets content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

For PowerProtect Data Manager recoveries, add a tag that indicates the DD Boost user name that is configured for the production application.

Note: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

4. Click Save.

The APPLICATIONS table lists the application.

5. Click in the row for the application to view more detailed information.

6. To remove an application, select the application and click DELETE.

Storage and Applications

PowerProtect Data Manager for Cyber Recovery User Guide 25

Storage and Applications

26 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 4

Policies and Copies

This section describes how to create and run policies that perform replications, create point-in- time copies, and set retention locks.

l Policies and copies overview................................................................................................. 28 l Policy actions........................................................................................................................ 28 l Managing policies..................................................................................................................29 l Running policies..................................................................................................................... 31 l Scheduling policies.................................................................................................................31 l Managing copies....................................................................................................................32 l Securing a copy.....................................................................................................................33 l Analyzing a PIT copy............................................................................................................. 33 l Managing sandboxes............................................................................................................. 34

PowerProtect Data Manager for Cyber Recovery User Guide 27

Policies and copies overview The Cyber Recovery solution secures data by using policies and copies.

Policies

The Cyber Recovery solution uses policies to perform replications, create point-in-time (PIT) copies, set retention locks, and create sandboxes.

Note the following details about Cyber Recovery policies:

l One Cyber Recovery policy governs each Data Domain MTree that is being protected.

l You can create, modify, and delete policies.

l When you run a policy, you can perform a single action or carry out multiple actions in sequence. For example, you can run a policy so that it only performs a replication. Or, you can run the same policy so that it performs a replication, creates a PIT copy, and then retention locks the copy.

l You cannot run concurrent Sync or Lock actions for a policy.

Copies

Copies are the PIT MTree copies that serve as restore points that you can use to perform recovery operations.

In the Cyber Recovery UI, you can retention lock a copy or analyze its data to detect the presence of malware or other anomalies. You can also delete unlocked copies.

Policy actions The Cyber Recovery UI supports the Copy, Sync, Copy Lock, Sync Copy, and Secure Copy policy actions.

Copy

A Copy action makes a point-in-time (PIT) copy of an Mtree's most recent replication in the CR Vault and stores it in the replication archive.

Copy Lock

A Copy Lock action retention locks all files in the PIT copy.

Policies and Copies

28 PowerProtect Data Manager for Cyber Recovery User Guide

Sync

A Sync action (or replication) replicates an MTree from the production system to the CR Vault, synchronizing with the previous replication of that MTree.

Sync Copy

A Sync Copy action combines the Sync and Copy actions into one request. It first performs the replication and then creates a PIT copy.

Secure Copy

A Secure Copy action performs a replication, creates a PIT copy, and then retention locks all files in the PIT copy.

Note: You can also retention lock an existing PIT copy as described in Securing a copy on page 33.

Managing policies You create policies to perform replications, make point-in-time (PIT) copies, set retention locks, and perform other Cyber Recovery operations within the CR Vault. You can also modify and delete policies.

Before you begin

Ensure that a storage object is available to reference in the policy and that it has an unprotected replication context. Only one policy can protect a replication context. Policies that perform recovery or analysis operations require an application.

Procedure

1. Select Policies from the Main Menu.

2. In the Policies content pane, do one of the following:

a. To create a policy, click ADD.

b. To modify a policy, select a policy and click EDIT.

3. Complete the fields in the following dialog box:

Field Description

Name Specify a policy name.

Storage Select the storage object containing the replication context that the policy will protect.

Context Select the MTree replication context to protect.

Policies and Copies

PowerProtect Data Manager for Cyber Recovery User Guide 29

Field Description

Note: There can be only one policy per replication context.

Replication Ethernet Select the interface on the storage instance that is configured for replications. Note: Do not select the data are management Ethernet interfaces.

Replication Window Set a timeout value in hours for how long a job for a Sync action runs before Cyber Recovery issues a warning. The default value is 0.

Retention Lock Type Select one of the following:

l (Add Policy dialog box only) None, if retention locking is not supported. The retention fields are then removed from the dialog box.

l Governance if it is enabled on the storage instance.

l (Edit Policy dialog box only) Governance-disabled.

l Compliance if it is enabled on the storage instance.

Storage SO Username/Password Required when you select Compliance. Enter the username and password of the storage instance Security Officer.

Note: This username was created on the Data Domain system.

Retention Lock Minimum Specify the minimum retention duration that this policy can apply to PIT copies. This value cannot be less than 12 hours.

Note: If the retention lock type is set to Compliance and you edit this value, you are prompted to enter the Storage SO Username/Password.

Retention Lock Maximum Specify the maximum retention duration that this policy can apply to PIT copies. This value cannot be greater than 1,827 days.

Note: If the retention lock type is set to Compliance and you edit this value, you are prompted to enter the Storage SO Username/Password.

Retention Lock Duration Specify the default retention duration that this policy applies to PIT copies.

Tags Optionally, add a tag that provides useful information about the policy. The tag is displayed in the details description for the policy in the Policies content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

Note: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

4. Click SAVE to complete creating or modifying the policy.

For information about running policies, see Running policies on page 31.

5. To remove a policy, select the policy and then click DELETE.

You cannot delete a policy if there are any active copies that are associated with the policy. Delete the copies before you try to delete the policy.

Note: When you delete a policy, the Cyber Recovery software does not remove the MTree from the Data Domain system. The software does not delete unlocked PIT copies. Remove them manually.

The data on the Data Domain system might be required until a retention lock expires or you might continue to want access to the data. Therefore, the data is retained.

Policies and Copies

30 PowerProtect Data Manager for Cyber Recovery User Guide

Running policies Run a policy manually at any time so that it performs a specified action or actions.

Procedure

1. Select Policies from the Main Menu.

2. Select the policy that you want to run.

3. Click ACTIONS and select one of the following:

Task Description

Secure Copy Performs a Sync, a Copy, and then a Lock action.

Sync Copy Performs a Sync and then a Copy action.

Copy Lock Retention locks the most recent point-in-time (PIT) copy. To retention lock an earlier PIT copy, see Managing copies.

Sync Replicates the MTree from the production system to the CR Vault. This replication synchronizes with the previous replication of the MTree. Cyber Recovery unlocks the CR Vault to perform the replication.

Note: When performing a Sync action, there might be a delay of up to 15 minutes, depending on the replication cycle on the production Data Domain system. The Cyber Recovery software itself does not initiate a replication. Instead, it waits for the production Data Domain system to synchronize its data over the replication interface and then validates the timestamp of the replicated data on the CR Vault Data Domain system.

Copy Creates a PIT copy of the latest replication.

Results

The policy starts a job that you can monitor on the Jobs page.

You cannot choose to run concurrent sync or lock actions for a policy. If you run a policy, and then run the same policy with an action that performs either a sync or lock operation, Cyber Recovery displays an informational message and does not create a job. When the initial job is completed, run the policy.

Note: You can run concurrent Copy actions on a policy.

Scheduling policies Schedule an action that you want the policy to perform.

Before you begin

l If you have not installed the Cyber Recovery license, you cannot create a schedule.

l The policy action that you want to perform might have prerequisites. For example, a point-in- time (PIT) copy must exist if you want to perform the Lock action.

Policies and Copies

PowerProtect Data Manager for Cyber Recovery User Guide 31

About this task

You can create multiple schedules for the same policy. However, you cannot create multiple schedules for a policy that run simultaneously. Each schedule specifies the action that the policy performs.

Procedure

1. Select Policies from the Main Menu.

2. Click SCHEDULES at the top of the Policies content pane.

3. To add a schedule, click ADD and complete the following fields in the dialog box:

Field Description

Schedule Name Specify a schedule name.

Policy Select the policy that you are scheduling.

Action Select the action that the policy performs when it runs under this schedule. See Running policies on page 31 for a description of the actions.

Retention Lock Duration

Enter the duration of the retention lock that this policy applies to PIT copies.

Application Host Only if you selected Analyze as the action, select the host for Index Engines' CyberSense

Data Type Only if you selected Analyze as the action, select the application type.

Frequency Enter the frequency in days and hours.

Start Date Select the date to start running the policy under this schedule.

Start Time Select the time to start running the policy under this schedule.

4. Click APPLY.

The Schedules table lists the schedules.

5. To delete an existing schedule and remove it permanently, select the schedule and then click DELETE.

6. To disable an existing schedule but not delete it, select the schedule and then click DISABLE.

The status column indicates that the schedule is disabled.

7. To enable a disabled schedule so that it runs again, select the schedule and then click ENABLE.

The status column indicates that the schedule is enabled.

Managing copies The Policies page enables you to view, secure, analyze, and delete point-in-time (PIT) copies.

Procedure

1. Select Policies from the Main Menu.

2. Click COPIES at the top of the Policies content pane to display existing copies.

Each row shows the copy name, policy name, size, expiration time, and indicates if the copy was analyzed.

Policies and Copies

32 PowerProtect Data Manager for Cyber Recovery User Guide

3. To view details about a copy, click in the copy's row.

The Details window displays the information and provides links to the policy and sandboxes (if any).

4. To retention lock a copy or extend the retention period of a locked copy, see Securing a copy.

5. To analyze a copy, see Analyzing a copy.

6. To delete an unlocked copy, select the copy and then click DELETE.

Note: If a copy's Expires On column displays a date, the copy is retention locked and cannot be deleted.

You can also view, lock, analyze, and delete copies by policy. Click the policy name in the Name column to display the Details for Policy page. Then click COPIES.

Securing a copy Secure a point-in-time (PIT) copy for a specific retention period during which the data in the PIT copy can be viewed, but not modified. If a copy is already retention locked, you can extend (but not decrease) the current retention period.

Before you begin

A policy must create the PIT copy.

About this task

When a copy's retention period expires, the data is no longer protected from deletion.

Procedure

1. Select Policies from the Main Menu.

2. On the Policies content pane, click COPIES to display the list of existing copies.

3. Select the copy that you want to secure and click LOCK.

4. In the LOCK dialog box, specify the retention period and click SAVE.

Note: The Policy Retention Range field displays the policy's minimum and maximum retention value. Specify a duration within this range.

Results

The retention lock is set and the Expires On column change from Unlocked and displays the expiration date.

Analyzing a PIT copy Analyze a point-in-time (PIT) copy by using analytics tools that have been added to the CR Vault.

Before you begin

The following prerequisites must be satisfied:

l An analytics application must be installed at the CR Vault location and defined as a Cyber Recovery application asset.

Note: Index Engines' CyberSense is an example of such a tool (for more information, go to the Index Engines website).

l A policy must create the PIT copy to analyze.

Policies and Copies

PowerProtect Data Manager for Cyber Recovery User Guide 33

Procedure

1. Select Policies from the Main Menu.

2. On the Policies content pane, click COPIES to display the list of existing copies.

3. Select the copy to analyze and click ANALYZE.

a. From the Application Host list box, select the application host name for Index Engines' CyberSense.

b. From the Data Type list box, select the application type.

Note: You cannot run an analysis concurrently on a copy. Otherwise, Cyber Recovery displays an informational message and does not create a job. When the initial job is completed, run the analysis on the copy.

The policy starts a job that you can view on the Jobs page. If the analysis includes indicators of possible malware or other anomalies, the job status is listed as Critical. Otherwise, the job status is listed as Success.

4. When the analysis is complete, return to the list of copies and click in the copy's row.

A Details panel displays the results in the Last Analysis fields.

Managing sandboxes A sandbox is a unique location in the CR Vault in which you can perform read/write operations on a point in time (PIT) copy. This copy is a read/write copy of the locked data in the CR Vault. Create sandboxes as needed to perform data analysis, recovery, or validation operations.

About this task

Cyber Recovery enables you to create custom sandboxes to perform operations by using applications that are not in the Cyber Recovery default list. A sandbox can contain only one PIT copy, however, you can create multiple sandboxes for one PIT copy.

Procedure

1. From the Main Menu, click Recovery.

2. Select a PIT copy from the list.

3. Click Sandbox.

4. In the Sandbox dialog box:

a. Select an application that is configured in the CR Vault.

b. Enter a unique sandbox name.

Note: The cr prefix is appended to the custom sandbox name. For example, if you enter MySandbox, the sandbox name displays as cr-MySandbox.

c. Indicate if you want to mount the file system. Enter where you want to mount the data if you do not want to use the default.

Note: Cyber Recovery supports mount operations for UNIX operating systems only. The host is available by using SSH.

This step starts a job that you can view on the Jobs page.

5. From the Recovery content pane, click Sandboxes if you want to:

Policies and Copies

34 PowerProtect Data Manager for Cyber Recovery User Guide

a. View the list of sandboxes and details.

b. Select a sandbox and then delete it.

Policies and Copies

PowerProtect Data Manager for Cyber Recovery User Guide 35

Policies and Copies

36 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 5

Monitoring

This section describes how to use the dashboard in the Cyber Recovery UI to monitor Cyber Recovery operations and take corrective steps when necessary.

l Monitoring the CR Vault status............................................................................................. 38 l Monitoring alerts and events................................................................................................. 38 l Monitoring jobs..................................................................................................................... 39

PowerProtect Data Manager for Cyber Recovery User Guide 37

Monitoring the CR Vault status The CR Vault status indicates if the vault connection to the production system is open (Unlocked) or closed (Locked). The CR Vault is in the Locked state unless the Cyber Recovery software is performing a replication.

After Cyber Recovery software installation and initial configuration, the CR Vault might be unlocked. This behavior is as designed. An initialization might be in progress while you are configuring the Cyber Recovery environment, therefore, the port must be open. The Cyber Recovery software creates a job for the initial Sync operation, which you can use to monitor the operation. When the initialization is complete, the port closes automatically.

Note: You cannot create another Sync job while the initial Sync job is running.

If necessary, the Security Officer or an Admin user can manually lock the vault and close the connection. For more information, see Manually securing and releasing the CR Vault on page 46.

To view the CR Vault connection status, click Dashboard in the Main Menu. The state displays under Status.

The following table describes the three connection states:

Status Icon Description

Locked All configured replication connections are closed because no replication is being performed. If a replication policy is run, the Cyber Recovery software opens the connection and changes the vault state to Unlocked.

Unlocked One or more replication network connections are open because a replication is being performed. The state returns to Locked when the replication completes.

Secured All replication network connections are secured because the Security Officer or an Admin user manually locked the connection due to a security breach. You cannot initiate any replication policy actions. When the CR Vault is released and returns to the Locked state, you can then run replication policies.

Monitoring alerts and events The Cyber Recovery software generates notifications about alerts and events.

An alert indicates that an event occurred and might require you to take action.

Alert categories include:

l SystemIndicates a system issue that might compromise the Cyber Recovery system such as a failed component

l StorageIndicates storage issues such as insufficient disk space

l SecurityIndicates that a user cannot log in or malware might have been detected Note: By default, the alerts table includes the Security Officer login as a security alert. Use this account only when necessary.

Events indicate system events, such as the start of a job or completion of a retention lock.

You can view alerts and events from:

l The dashboard

Monitoring

38 PowerProtect Data Manager for Cyber Recovery User Guide

l The Alerts and Events content pane

l The icon in the Masthead Navigation (alerts only)

The Alerts and Events content pane enables you to view details, acknowledge, and add notes for alerts. You can only view details for events.

Handling alerts An alert indicates that you might have to take action.

Procedure

1. Select Alerts and Events from the Main Menu.

The content pane lists the alerts.

2. To view details about an alert, click in the alert's row.

The Details pane displays complete details about the alert.

3. Take any necessary actions to resolve the problem.

4. Select an alert or multiple alerts and click ACKNOWLEDGE.

The Acknowledge column now displays a flag icon for each selected alert.

If you click the select all checkbox at the head of the Message ID column, all the alerts on the current page are selected.

Note: The dashboard and the Navigation Masthead no longer show these alerts. Only the five most recent unacknowledged alerts are displayed on the dashboard and from the drop-down list on the Navigation Masthead.

5. Optionally, click UNACKNOWLEDGE to remove the acknowledgment from the alert.

The unacknowledged alerts are displayed on the dashboard and from the drop-down list on the Navigation Masthead again.

6. To add a note about an alert, select the alert and click ADD NOTE. Enter a note into the Add Note window.

The note displays in the alert's Details pane.

Monitoring jobs When you run a policy or recovery operation, the Cyber Recovery software creates a job.

The Jobs content pane shows the job status, which indicates the job's progress. It lists jobs that are running, successfully completed, or canceled. When a job is completed, its status is either Success, Warning, or Critical. If a job's status is Critical, a critical alert is also associated with the job.

When you create or edit a policy, you can set an optional job window timeout value in hours for how long a job for a Sync action runs. If the duration of the job reaches the timeout limit, Cyber Recovery issues a warning alert. Cancel the job, if necessary.

In the Jobs content pane:

l For more information about a job, click in a job's row to bring up the Details window.

l To stop a running Sync, Sync Copy, or Secure Copy job, select the job and then click CANCEL JOB. The Alerts and Events content pane displays an alert for the cancel request.

Monitoring

PowerProtect Data Manager for Cyber Recovery User Guide 39

l To refresh the content pane, click the refresh icon.

l To select how often the content pane refreshes, click the refresh icon and select the time from the list box.

Monitoring

40 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 6

Performing a PowerProtect Data Manager recovery with Cyber Recovery

This section describes how to recover data from PowerProtect Data Manager point-in-time copies.

l Recovering PowerProtect Data Manager data...................................................................... 42 l Initiating a PowerProtect Data Manager recovery in the Cyber Recovery CLI.......................42 l Performing postrecovery steps for a PowerProtect Data Manager recovery........................ 43

PowerProtect Data Manager for Cyber Recovery User Guide 41

Recovering PowerProtect Data Manager data Use a point-in-time (PIT) copy to rehydrate PowerProtect Data Manager data in the CR Vault.

Initiate a PowerProtect Data Manager recovery by using the CRCLI. The Cyber Recovery software prepares your environment to recover VMs that are crash-consistent. Then, complete the recovery from the PowerProtect Data Manager application in the CR Vault.

Note: You can only run one recovery job per application at a time.

Before a recovery operation, run application and server backups in the PowerProtect Data Manager production environment. Then, perform a Secure Copy policy operation to copy data to the CR Vault environment.

The PowerProtect Data Manager application must be installed as the admin user in the CR Vault.

Initiating a PowerProtect Data Manager recovery in the Cyber Recovery CLI

Initiate a recovery from the CRCLI.

Before you begin

Ensure that the following prerequisites are met before you initiate a PowerProtect Data Manager recovery:

l The CR Vault Data Domain system must be running DD OS Version 6.2 or later.

l You have deployed the PowerProtect Data Manager OVA file in the CR Vault. The PowerProtect Data Manager application must be installed as the admin user.

l The UID's that are associated with the production PowerProtect Data Manager DD Boost users are configured in the CR Vault Data Domain system. These UID's must be available in the Data Domain system in the CR Vault.

l The PowerProtect Data Manager application in the CR Vault must be configured with the credentials of the PowerProtect Data Manager application on the production system.

l The PowerProtect Data Manager server host within the CR Vault uses the same IP address and hostname as the PowerProtect Data Manager production host.

l The PowerProtect Data Manager application is defined as an application asset in the Cyber Recovery software. Use either the Cyber Recovery UI or the CRCLI to add the application.

l You have performed a Secure Copy policy operation to copy data to the CR Vault environment.

l You have created a policy for the VM data and a policy for the server backup.

Procedure

1. Log in to the PowerProtect Data Manager application in the CR Vault.

The Welcome to PowerProtect Data Manager window opens.

2. Take a VM snapshot of the PowerProtect Data Manager appliance.

You use this snapshot to revert the PowerProtect Data Manager software after you complete the recovery.

3. Log in to the CRCLI.

Performing a PowerProtect Data Manager recovery with Cyber Recovery

42 PowerProtect Data Manager for Cyber Recovery User Guide

4. Run the recovery run command. Ensure that you specify the backup copy first and then the data copy, as shown in the following example:

# crcli recovery run --action --backupcopyname -- copyname --appnickname

Note: The backup metadata and data copies must be in the correct order on the command line.

For example:

# crcli recovery run -a recoverapp -b cr-copy-Backup-P-20190812170227 -c cr-copy-Data- Pol-20190812170232 -i app1-PPDM

5. At the prompt, enter the lock box passphrase of the production PowerProtect Data Manager appliance.

The Cyber Recovery software prepares your environment so that you can run a VM recovery from the PowerProtect Data Manager application console. As part of this process, the software creates a production DD Boost username and password and reboots the PowerProtect Data Manager appliance.

Performing postrecovery steps for a PowerProtect Data Manager recovery

After the PowerProtect Data Manager recovery is completed, perform required postrecovery steps.

Procedure

1. From the Cyber Recovery UI or the CRCLI, delete the two sandboxes that were created when you initiated the PowerProtect Data Manager recovery.

2. Optionally, on the Data Domain system, run the filesys clean command.

This step deletes the DD Boost storage unit. If you choose not to perform this step, the DD Boost storage unit is deleted during the next scheduled cleaning operation.

3. Run the user unassign and user del command to delete the DD Boost user.

# user unassign

# user del

4. Revert the PowerProtect Data Manager software to the snapshot that you created in step 2 of Initiating PowerProtect Data Manager recovery in the Cyber Recovery CLI.

The Welcome to PowerProtect Data Manager window opens.

Performing a PowerProtect Data Manager recovery with Cyber Recovery

PowerProtect Data Manager for Cyber Recovery User Guide 43

Performing a PowerProtect Data Manager recovery with Cyber Recovery

44 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 7

Administration

This section covers the following topics:

l Administration overview........................................................................................................ 46 l Manually securing and releasing the CR Vault....................................................................... 46 l User roles.............................................................................................................................. 46 l Managing users..................................................................................................................... 47 l Managing login sessions........................................................................................................ 48 l Configuring email notifications.............................................................................................. 48 l Changing the lockbox passphrase......................................................................................... 50 l Changing the database password..........................................................................................50 l Resetting the Security Officer password from the management host....................................51 l Resetting the IP address on the management host................................................................51 l Changing the log level........................................................................................................... 52 l Collecting logs for upload...................................................................................................... 52 l Deleting unneeded Cyber Recovery objects.......................................................................... 53 l Cyber Recovery disaster recovery.........................................................................................53

PowerProtect Data Manager for Cyber Recovery User Guide 45

Administration overview

You can perform administrative tasks from either the Cyber Recovery UI or on the management host by using the Cyber Recovery command line interface (CRCLI).

Manually securing and releasing the CR Vault If a security breach occurs, the Security Officer or an Admin user can manually secure the CR Vault. During this time, the Cyber Recovery software performs no replication operations.

To secure or release (unsecure) the CR Vault, log in to Cyber Recovery and access the dashboard. Under Status, do one of the following:

l To secure the CR Vault if you suspect a security breach, click SECURE VAULT so that the CR Vault status changes from Locked to Secured. All Sync policy operations stop immediately and no new Sync policy operations can be initiated. The Cyber Recovery software also issues an alert that the CR Vault is secured.

Note: All non-Sync policies can be run in the CR Vault while it is secured.

l To unsecure the vault when you are confident that there is no longer a security threat, click RELEASE VAULT. The CR Vault status returns to Locked. Sync policy operations can now be initiated.

For more information about the CR Vault status, see Monitoring the CR Vault status on page 38.

User roles Cyber Recovery users are assigned roles that determine the tasks that they can perform in the CR Vault environment.

The Cyber Recovery installation creates the default crso user and assigns the Security Officer role to this user. The Security Officer user must perform the initial Cyber Recovery login and then create users. There is only one Security Officer per Cyber Recovery installation; you cannot create another Security Officer.

Note: Do not confuse the Cyber Recovery Security Officer with the Data Domain Security Officer for Data Domain Compliance retention locking.

There are three Cyber Recovery user roles:

l DashboardThis role enables the user to view the Cyber Recovery dashboard but not perform tasks.

l AdminThis role has the following permissions:

n Create, modify, and disable dashboard users

n Create, manage, and run policies and associated objects

n Acknowledge and add notes to alerts

n Change administrative settings

n Modify own user account

n Change own password

n Manually secure and release (unsecure) the CR Vault

l Security OfficerThis role has the following permissions:

Administration

46 PowerProtect Data Manager for Cyber Recovery User Guide

n All Admin permissions

n Create, modify, and disable users

n Change and reset user passwords

n Change the Security Officer password

If as the Security Officer, you forget your password, use the crsetup.sh script to reset it. For instructions, see Resetting the Security Officer password.

Managing users The Security Officer creates, modifies, and disables users.

About this task

The Security Officer can enable and disable users, but not delete them.

Procedure

1. Select Administration > Users from the Main Menu.

2. Do one of the following:

l To create a user, click ADD.

l To modify a user, select a user and click Edit.

3. Complete the following fields in the dialog box.

Field Description

Name fields Specify the user's first name and last name.

Role Select either:

l AdminEnables users to perform tasks in the Cyber Recovery software.

l DashboardEnables users to view the Cyber Recovery dashboard but not perform tasks. The dashboard role does not time out.

User Name (required) Specify a username.

Phone Specify the user's telephone number.

Email (required) Specify an email address for alert notifications if the user is configured to receive them.

Password/Confirm New Password (required)

Specify and confirm the password. Password requirements include:

l 964 characters

l At least 1 numeric character

l At least 1 uppercase letter

l At least 1 lowercase letter

l At least 1 special character (~!@#$%^&*()+={}|:";<>?[]-_.,^')

When you change a password, enter and confirm both the new and existing passwords.

Session Timeout Select the amount of idle time after which the user is logged out of the Cyber Recovery UI.

4. Click SAVE.

5. Enable and disable users:

a. Select the user and click DISABLE.

Administration

PowerProtect Data Manager for Cyber Recovery User Guide 47

b. Click DISABLED USERS at the top of the content pane and note that the table lists the newly disabled user.

c. Select the user and click ENABLE. Note that the table no longer lists the user.

d. Click ENABLED USERS at the top of the content pane and note that the table lists the newly enabled user.

Managing login sessions The Security Officer (crso) can set the number of maximum simultaneous login sessions.

Before you begin

You must be assigned the Security Officer role to change login session settings.

About this task

The login session count uses a first in, first out priority. If a specific user and role exceeds the number of simultaneous logins, that user's earliest session is longer a valid Cyber Recovery session and the session is logged out. The user must log in to the Cyber Recovery software again.

Procedure

1. From the Masthead Navigation, select the gear icon to access the System Settings menu.

2. Click Login Count Settings.

The Login Count Settings dialog box opens and shows the default session login values, which are:

l Security Officerone login session

l Adminthree login sessions

l Dashboard userthree login sessions

3. Set the maximum number of login sessions for the Security Officer, Admin, and Dashboard user.

The maximum number of login sessions for each user is 10.

Configuring email notifications If your configuration is set up to allow email to leave the CR Vault, specify which users receive email notifications about alerts.

Specifying which users receive email 1. Select Administration > Alert Notifications from the Main Menu.

The table lists Cyber Recovery users, their email addresses, and roles.

2. For each user that you want to receive email messages, select either or both the Receive Critical Alerts and Receive Warning Alerts check boxes. If you select Receive Warning Alerts, by default, the user also receives critical alerts.

3. To send a test email to the user, click SEND TEST EMAIL. Contact the intended user to verify if the email was received.

Administration

48 PowerProtect Data Manager for Cyber Recovery User Guide

Connecting to an email server After you have configured an SMTP server, use Postfix to route and deliver Cyber Recovery email notifications to Cyber Recovery users. Postfix is an open-source mail transfer agent that is included in most non-Windows systems.

Note: If your system has an active firewall, ensure that port 25 is open on the firewall.

To set up the Postfix configuration:

1. If necessary, open port 25 on the firewall:

# iptables -I INPUT -p tcp --dport 25 -j ACCEPT

2. Open /etc/postfix/main.cf in an editor and modify it, as shown in the following example.

a. Add the inet address:

# RECEIVING MAIL # # Note: you need to stop/start Postfix when this parameter changes. # inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #inet_interfaces = localhost

Note: Ensure that you do not uncomment more than one inet_interface.

b. Add the fully-qualified domain name (FDQN) of the management host:

# INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The defualt is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # myhostname =

3. Reload the Postfix configuration file.

# postfix reload

4. Stop and start Postfix:

# postfix stop # postfix start

5. Optionally, check the Postfix status:

# postfix status

Administration

PowerProtect Data Manager for Cyber Recovery User Guide 49

Changing the lockbox passphrase For security purposes, use the crsetup.sh script to change the Cyber Recovery lockbox passphrase.

Before you begin

You must provide the current lockbox passphrase, which is created during the Cyber Recovery installation.

Note: This procedure is disruptive; it causes the Docker container services to be stopped.

About this task

The Cyber Recovery software uses a lockbox resource to securely store sensitive information, such as credentials for application resources and databases. The lockbox securely manages sensitive information by storing the information in an encrypted format.

Note: Ensure that there are no jobs running before you change the lockbox password. Otherwise, the CR Vault might go to an unsecured state.

Procedure

1. Log in to the management host and go to the Cyber Recovery installation directory.

2. Enter the following command:

# ./crsetup.sh --lockbox

3. When prompted to continue, enter y.

The script stops the Docker container services.

4. When prompted, enter the current lockbox passphrase.

5. When prompted, enter and confirm the new lockbox passphrase.

The script changes the passphrase and then restarts all Docker container services.

Changing the database password For security purposes, use the crsetup.sh script to change the Cyber Recovery database password.

Before you begin

l You must provide the lockbox passphrase, which is created during the Cyber Recovery installation.

l Ensure that there are no jobs running before you change the database password.

Note: This procedure is disruptive; it causes the Docker container services to be stopped.

About this task

Cyber Recovery microservices communicate with the MongoDB database to access policies and other persisted data. The database is password-protected and only accessible by the microservices that run in the Cyber Recovery environment.

Procedure

1. Log in to the management host and go to the Cyber Recovery installation directory.

Administration

50 PowerProtect Data Manager for Cyber Recovery User Guide

2. Enter the following command:

# ./crsetup.sh --mongodb

3. When prompted, enter y to continue.

The script stops the Docker container services.

4. When prompted, enter and confirm the new database password.

The script starts the Docker container services.

Resetting the Security Officer password from the management host

As the Security Officer (crso), use the crsetup.sh script to reset the crso password.

Before you begin

You must provide the lockbox passphrase, which is created during the Cyber Recovery installation.

About this task

As the Security Officer, use the Cyber Recovery UI or Cyber Recovery CRCLI to change the crso password. However, if you forget the crso password or if there is a change in Security Officer, use the crsetup.sh script.

Procedure

1. Log in to the management host and go to the Cyber Recovery installation directory.

2. Enter the following command:

# ./crsetup.sh --crso

3. When prompted, enter y to continue with the change.

4. When prompted, enter the lockbox passphrase.

5. Enter and confirm the new crso password.

A message indicates that the change is successful.

Resetting the IP address on the management host When you reset the IP address on the management host in the CR Vault, run the crsetup.sh script to ensure that the Cyber Recovery software runs properly.

Before you begin

You must have the lockbox password to enter at the crsetup.sh script prompt.

Procedure

1. Modify the IP address of the Cyber Recovery management host.

2. Restart the network service:

# service network restart

Administration

PowerProtect Data Manager for Cyber Recovery User Guide 51

3. Restart Docker:

# service docker restart

4. Run the crsetup.sh --address script:

# ./crsetup.sh --address Do you want to continue[y/n]: y . . . Enter lockbox password:

5. Verify that all Cyber Recovery containers are up and running:

# docker ps -a

6. Log in to the Cyber Recovery UI and confirm that you can access the Cyber Recovery software.

Changing the log level Change the logging level that is used to add information to the Cyber Recovery log files.

About this task

Cyber Recovery supports two log levels:

l InfoProvides contextual details relevant to software state and configuration.

l DebugProvides granular details to aide analysis and diagnostics.

The default log level is Info.

Procedure

1. From the Masthead Navigation, click the gear icon to access the System Settings list.

2. Click Log Settings.

3. In the Service Log Level dialog box, do one of the following:

l Click the Set All radio button to change the level for all logs.

l Click a radio button to set the level for each specific log.

4. Click Save.

Collecting logs for upload Collect all logfiles in an archive file so that they can be uploaded to Dell EMC support to facilitate troubleshooting.

Procedure

1. From the Masthead Navigation, click the gear icon to access the System Settings list.

2. Click Log Settings.

3. In the Service Log Level dialog box, click GENERATE LOG BUNDLE.

Administration

52 PowerProtect Data Manager for Cyber Recovery User Guide

The logfiles are collected and added to a .tar file in the opt/dellemc/cr/var/log directory. Also, Cyber Recovery triggers a log collection on all associatedData Domain systems in the vault environment. To view these collections, click Settings (gear icon) in the PowerProtect DD Management Center and select System > Support > Support Bundles.

4. Click OK to dismiss the Log Bundle window and then close the Service Log Level dialog box.

Deleting unneeded Cyber Recovery objects Delete alerts, events, expired and unlocked copies, and jobs when they are no longer needed. By setting a Cyber Recovery cleaning schedule, you can avoid system slowdown.

Procedure

1. From the Masthead Navigation, click the gear icon to access the System Settings list.

2. Select Cleaning Schedule.

3. In the dialog box, specify the frequency for when the schedule runs and the age of the objects to be deleted.

4. Optionally, change any of the default settings.

5. Click Save so that the data retention schedule runs at the specified time.

Cyber Recovery disaster recovery The Cyber Recovery crsetup.sh setup script with the recover option enables you to perform a recovery after a disaster.

In some cases, it might be necessary to clean up existing Cyber Recovery Docker containers before you restore the Cyber Recovery software. These cases can include, but are not limited to:

l An upgrade failed.

l You deleted the Cyber Recovery directory by mistake.

l The uninstallation section of the setup script does not allow removal of the Cyber Recovery software.

See Cleaning up existing Cyber Recovery Docker containers on page 53.

After you clean up the existing Docker containers, follow the procedure to restore the Cyber Recovery software. For more information, see Restoring a Cyber Recovery installation after a disaster on page 55.

Cleaning up existing Cyber Recovery Docker containers If necessary, clean up existing Cyber Recovery containers before you run the restore procedure after a disaster.

Procedure

1. Identify the Cyber Recovery containers that are running:

docker container ls --filter name=cr_

The output shows the running Cyber Recovery containers, which might be similar to the following example:

Administration

PowerProtect Data Manager for Cyber Recovery User Guide 53

l cr_swagger

l cr_ui

l cr_edge

l cr_schedules

l cr_policies

l cr_mgmtdds

l cr_apps

l cr_notifications

l cr_vault

l cr_users

l cr_mongo-auth

l cr_registry

Note: Each container name includes a suffix, which differs depending on your version of Docker Compose.

2. Stop all the running Cyber Recovery containers:

docker container stop `docker container ls -q --filter name=cr_`

3. Remove all the stopped Cyber Recovery containers:

docker container rm `docker container ls -a -q --filter name=cr_`

4. Verify that all Cyber Recovery containers are removed:

docker container ls -a -filter name=cr_

No containers are listed.

5. List the Cyber Recovery images that are associated with the containers that you removed:

docker images | grep localhost:14779/cr_

6. Remove all the Cyber Recovery container images:

docker image remove `docker images | grep localhost:14779/cr_ | awk '{ print $3 }'`

7. Verify that all the Cyber Recovery container images have been removed:

docker images | grep localhost:14779/cr_

The images that were listed in step 5 are no longer listed and the clean up is complete.

Administration

54 PowerProtect Data Manager for Cyber Recovery User Guide

8. Perform to the Cyber Recovery software restore procedure (see Restoring a Cyber Recovery installation after a disaster on page 55).

Restoring a Cyber Recovery installation after a disaster Use the crsetup.sh setup script with the recover option to perform a disaster recovery.

Before you begin

Before you perform this procedure:

l Have a Cyber Recovery backup tar package that was created before the disaster. Otherwise, you cannot complete this procedure.

l Delete the Cyber Recovery installation directory.

l If necessary, clean up existing Docker containers before you begin this procedure. See Cleaning up existing Cyber Recovery Docker containers on page 53.

About this task

For information about how to install the Cyber Recovery software, see the Dell EMC PowerProtect Cyber Recovery Installation Guide.

Procedure

1. Install the same version of the Cyber Recovery software that was running before the disaster occurred.

If you were running an installation that included patch updates, install the patch updates also.

Note: We recommend that when you reinstall the Cyber Recovery software for this procedure that you use the same password that was used in the previous installation for the crso account, the MongoDB database, and the lockbox. This same password makes it easier to complete the recovery procedure. We also recommend that you use the same installation locations.

2. When the installation is complete, start the UI and validate that the configuration is empty.

3. Close the UI.

4. Start the Cyber Recovery software restore procedure:

a. Run the crsetup.sh setup script:

crsetup.sh --recover

b. Type y to continue:

Do you want to continue [y/n]:

c. Type y to confirm and continue:

Are you REALLY sure you want to continue [y/n]:

d. Type the full path to the Cyber Recovery backup tar package location, for example:

/tmp/cr_backups/cr.19.2.1.0-3.2019-09-19.08_02_09.tar.gz

Administration

PowerProtect Data Manager for Cyber Recovery User Guide 55

e. Type the newly installed MongoDB password.

Please enter the newly installed MongoDB password:

Note: This password is the password that you created when you reinstalled the Cyber Recovery software in step 1.

f. Type the newly installed MongoDB password again to confirm:

Enter newly installed MongoDB password:

g. Type the lockbox passphrase for the original installation, that is, the installation before the disaster:

Enter the previously saved lockbox passphrase:

The Cyber Recovery restore operation proceeds and then returns a success message when it completes:

19.02.19 08_45_20 : 19.02.19 08_45_20 : Cyber Recovery has been successfully recovered onto this system 19.02.19 08_45_20 :

5. Log in to the Cyber Recovery UI or the CRCLI and validate that the previous installation has been restored.

Administration

56 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 8

Troubleshooting

This section describes the following topics:

l Troubleshooting suggestions.................................................................................................58 l Cyber Recovery logs ............................................................................................................ 58 l Managing Cyber Recovery services....................................................................................... 61 l Disabling SSH access to the replication interface.................................................................. 61

PowerProtect Data Manager for Cyber Recovery User Guide 57

Troubleshooting suggestions The following table lists possible Cyber Recovery problems and suggested remedies.

If you cannot Do this

Install the Cyber Recovery software l Ensure that the crsetup.sh --check command passed all

prerequisites before continuing.

l Ensure that you are using a stable version of Docker.

l Set Docker to start on reboot with the systemctl enable docker command.

l Find the crsetup.sh logs in the directory from which you run

crsetup.sh.

l If your system has an active firewall, ensure that the following ports are open on the firewall:

n 14777 (for Cyber Recovery UI)

n 14778 (for the Cyber Recovery REST API)

n 14779 (for the Cyber Recovery Registry - local management host access)

n 14780 (for the Cyber Recovery API Documentation)

Log in to the Cyber Recovery UI l Check the edge and users service logs.

l Ensure that your DNS settings are resolvable.

l If your system has an active firewall, ensure that the following ports are open on the firewall:

n 14777 (for Cyber Recovery UI)

n 14778 (for the Cyber Recovery REST API)

n 14779 (for the Cyber Recovery Registry - local management host access)

n 14780 (for the Cyber Recovery API Documentation)

Run a job Check the schedules, policies, or mgmtdds service logs.

Receive alert email messages l If your system has an active firewall, ensure that port 25 is open on the firewall.

l Verify your Postfix or email configuration and check that you added the email for alert notifications.

Secure the CR Vault Check the vault service logs.

Recover or analyze Check the policies and apps service logs.

Cyber Recovery logs The Cyber Recovery software generates both a JSON and a text logfile for each service.

The logfiles are in the /opt/dellemc/cr/var/log/ directory, where service is one of the following services:

Troubleshooting

58 PowerProtect Data Manager for Cyber Recovery User Guide

Services Log message content

edge The routing for all calls from REST clients, the Cyber Recovery CLI, and the Cyber Recovery UI, as well as the logic for setting system log levels, licensing, and dashboard.

Note: This service is the entry point for all REST API calls.

apps Anything that is related to applications that are associated with Cyber Recovery, including Index Engines' CyberSense used for copy analysis, PowerProtect Data Manager instances, and file system hosts.

mgmtdds All communication with the CR Vault Data Domain.

notifications All the system notifications (alerts and events) and SMTP email messages.

policies Anything that is related to policies, jobs, copies, and sandboxes.

schedules All the system schedules, cleaning schedules, and action endpoints.

users Anything that is associated with users, including addition, modification, and authentication operations.

vault Anything that is related to the status of the vault, and opening and closing managed interfaces.

All Cyber Recovery logfiles use the following log message format:

[ ] [ ] [: number>] : message

For example:

[2018-08-23 06:31:31] [INFO] [users] [restauth.go:63 func1()] : GET /irapi/ users Start GetUsers

Troubleshooting

PowerProtect Data Manager for Cyber Recovery User Guide 59

Log Levels

The following table describes the log levels by order from low to high. Each log level automatically includes all lower levels. For example, when you set the log level to INFO, the log captures all INFO, WARNING, and ERROR events.

The default log level is INFO.

Log Level Purpose Example

ERROR Reports failures in the execution of some operation or task that usually requires manual intervention.

l Replication failure due to an incorrect password

l Sandbox creation failure due to the mount point already in use

WARNING Reports unexpected technical or business events that might indicate a potentially harmful situation, but do not require immediate attention.

l Corrupted or truncated file

l Policy 1 hour over the sync timeout period of 6 hours

INFO Reports information about the progress of an operation or task.

l Synchronization started

l Creating a point-in-time copy

l Scanning for malware

DEBUG Captures highly granular information for debugging or diagnosis. This level is typically useful to administrators, developers, and other users.

Troubleshooting

60 PowerProtect Data Manager for Cyber Recovery User Guide

Managing Cyber Recovery services Start and stop Cyber Recovery Docker container services manually if there is an unexpected event on the management host.

To stop or start the Docker container services, use the crsetup.sh script that is located in the Cyber Recovery installation directory.

Enter the following command to stop the Docker container services:

# ./crsetup.sh -stop

The following Cyber Recovery Docker container services stop in this order:

Service Function

schedules Manages Cyber Recovery schedule actions

edge Acts as the gateway to the Cyber Recovery services

apps Manages storage system and applications in the CR Vault actions

vault Manages CR Vault actions

mgmtdds Manages the Data Domain actions in the CR Vault

policies Manages Cyber Recovery policy actions

ui Manages Cyber Recovery UI actions

users Manages the Cyber Recovery Admin users and the Security Officer user actions

notifications Manages alert, event, email, and log actions

swagger Provides access to the Cyber Recovery REST API documentation

Mongo-auth Manages the database

Enter the following command to start the Docker container services:

# ./crsetup.sh -start

The Docker container services start again.

Note: At this time, you cannot stop and start an individual Docker container service.

Disabling SSH access to the replication interface Disable SSH access to the replication interface on the CR Vault Data Domain system.

About this task

The Cyber Recovery software works with a replication data link between the vault-environment and production-environment Data Domain systems. The Cyber Recovery software communicates with all Data Domain systems by using SSH.

Optionally, use the following procedure on the Data Domain host to restrict SSH inbound access for the Cyber Recovery management host:

Troubleshooting

PowerProtect Data Manager for Cyber Recovery User Guide 61

Procedure

1. On the management host, obtain the hostname.

2. Log in to the Data Domain host and enter the following command:

adminaccess ssh add

where is the hostname from step 1.

3. Use the Data Domain net filter functionality.

For information about how to use the net filer functionality, see the Data Domain documentation.

Results

SSH is blocked on all interfaces except the management interface.

Troubleshooting

62 PowerProtect Data Manager for Cyber Recovery User Guide

CHAPTER 9

Cyber Recovery Command Line Interface (CRCLI)

This chapter covers the Cyber Recovery command line interface (CRCLI).

l CRCLI overview.....................................................................................................................64 l Using the CRCLI commands..................................................................................................66

PowerProtect Data Manager for Cyber Recovery User Guide 63

CRCLI overview The Cyber Recovery Command Line Interface (CRCLI) enables you to perform Cyber Recovery management tasks from a command line. The commands represent a subset of the functionality that is available in the Cyber Recovery UI.

The CRCLI is typically used by administrators. If the Cyber Recovery software is installed using the default locations, the CRCLI is located in the /opt/dellemc/cr/bin directory.

Functionality

The following table lists the Cyber Recovery operations that you can perform with the CRCLI.

Module Functionality

login / logout l Log in a user

l Log out the current user

users l Create users

l Modify users

l Disable and enable users

l List users

l Show user details

l Change user passwords

l Configure email notifications for users

dd Note: A storage object in the Cyber Recovery UI corresponds to dd in the CRCLI.

l Create a Data Domain

l Modify a Data Domain

l List Data Domains

l Show Data Domain configuration

apps l Create an application

l Modify application

l List applications

l Show application details

policy l Create a policy

l List all policies

l Run a policy with the following actions:

n sync

n sync-copy

n secure copy

n copy

n copy-lock

n lock

Cyber Recovery Command Line Interface (CRCLI)

64 PowerProtect Data Manager for Cyber Recovery User Guide

Module Functionality

n analyze

l Show details about a policy

l List jobs by policy

l Get details about a specific job

l Cancel a job

l List PIT copies by policy

l List sandboxes by policy

schedules l Create schedules

l List schedules

l Modify schedules

l Delete schedules

recovery l Perform a recovery operation

l List current recoveries

vault l Secure (lock) the vault

l Release (unlock) the vault

l Show vault status

alerts l List alerts

l Show alert details

l Acknowledge an alert

l Add note to an alert

events l List events

l Show event details

system l Initiate Cyber Recovery log collection and Data Domain support bundle.

l Change log level settings

l Change cleaning schedule settings

license l Add a license

l Show license information

version Display the Cyber Recovery version and build number

help Display help

CLI help system The CRCLI help system provides reference documentation that gives detailed information about each command.

After you log in to the CRCLI, you can access help:

Cyber Recovery Command Line Interface (CRCLI)

PowerProtect Data Manager for Cyber Recovery User Guide 65

l To view the entire help system, enter:

# crcli help

l To view help for a specific module, include the module name in the command:

# crcli policy help

l To view help for a specific action, include the action name after the module name:

# crcli apps add help

The help system shows both required and optional parameters. In the following example, required parameters are listed first, followed by optional parameters that are enclosed within brackets ([ ]).

# crcli users add help

-a, --alertnotification string (optional) ex. --alertnotification "critical" -e, --email string (required) ex. --email user@sample.com -f, --firstname string (optional) ex. --firstname "Mickey" -l, --lastname string (optional) ex. --lastname "Mouse" -p, --phone string (optional) ex. --phone 555-555-5555 -r, --role string (required) ex. --role admin -u, --username string (required) ex. --username "admin1"

crcli users add

--username --role --email [ ] -u "admin1" -r "admin" -e "admin1@local.com" Required: username : Set the desired username role : Set the desired role for the user (Roles: admin, dashboard) email : Set the email address for the user Options: firstname : Set the users first name lastname : Set the users last name phone : Set the users phone number alertnotification : Define the type of alert the user will receive via email (Alert Types: critical, warning) Examples: crcli users add --username admin1 --role admin --email admin1@local.com

Using the CRCLI commands All CRCLI commands have the same basic structure.

crcli

where:

l is the module name, for example users or policy.

l is the operation name, for example list, run, or show.

l are one or more required and optional parameters.

Cyber Recovery Command Line Interface (CRCLI)

66 PowerProtect Data Manager for Cyber Recovery User Guide

Parameters CRCLI commands have both required and optional parameters.

To include a parameter, specify the parameter name or pflag followed by the parameter value. Two dashes precede the parameter names; a single dash precedes the pflags.

Use the CRCLI help system to view the parameters and pflags. For example, enter crcli policy add to view the parameters for adding a policy.

crcli policy add help -w, --jobwindow string (optional) ex. --jobwindow 1h -h, --mgmtddid string (required) ex. --mgmtddid 5aec99e97f9d0732fcef00fb -c, --mgmtddreplctxname string (required) ex. --mgmtddreplctxname "mtree://dd1/data/ col1/repl-1" -e, --mgmtddreplethinterface string (required) ex. --mgmtddreplethinterface "ethV1" -n, --policyname string (required) ex. --policyname "policy1" -d, --retlockduration string (optional) ex. --retlockduration 1d (default "12h") -x, --retlockmax string (optional) ex. --retlockmax 45d (default "45d") -m, --retlockmin string (optional) ex. --retlockmin 12h (default "12h") -y, --retlocktype string (optional) ex. --retlocktype compliance (default "governance") -u, --securityuser string (optional) ex. --securityuser ddso -t, --tags string (optional) ex. --tags "NW92,finance,daily"

Policy actions

When you run a policy, you can specify multiple --action parameters to define different actions.

Each --action parameter specifies a request operation:

l sync

l copy

l lock

l copy-lock

l sync-copy

l securecopy

l analyze

CRCLI password commands For security purposes, do not specify passwords in CRCLI commands.

The CRCLI prompts you for passwords as needed. For example, an administrator name and password are required to create a storage object. However, when creating the object wi

Manualsnet FAQs

If you want to find out how the 19.2 Dell works, you can view and download the Dell PowerProtect 19.2 Data Manager Cyber Recovery User Guide on the Manualsnet website.

Yes, we have the Cyber Recovery User Guide for Dell 19.2 as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Cyber Recovery User Guide should include all the details that are needed to use a Dell 19.2. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell PowerProtect 19.2 Data Manager Cyber Recovery User Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell PowerProtect 19.2 Data Manager Cyber Recovery User Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell PowerProtect 19.2 Data Manager Cyber Recovery User Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell PowerProtect 19.2 Data Manager Cyber Recovery User Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.2 Data Manager Cyber Recovery User Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.