Contents

Dell PowerProtect 19.5 Data Manager Cyber Recovery User Guide PDF

1 of 54
1 of 54

Summary of Content for Dell PowerProtect 19.5 Data Manager Cyber Recovery User Guide PDF

Dell EMC PowerProtect Data Manager for Cyber Recovery User Guide

Version 19.5

June 2020 Rev. 01

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the

problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

2018 - 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Preface......................................................................................................................................................................................... 5

Chapter 1: Introduction................................................................................................................... 6 What is the Dell EMC PowerProtect Cyber Recovery solution?.................................................................................... 6 Cyber Recovery architecture............................................................................................................................................... 7 Cyber Recovery operations..................................................................................................................................................8

Configuring Data Domain Compliance mode retention locking .................................................................................8 Management tools.................................................................................................................................................................9

Chapter 2: Getting Started.............................................................................................................10 Logging in.............................................................................................................................................................................. 10 Activating the Cyber Recovery license............................................................................................................................. 10 Completing initial setup with the Getting Started wizard................................................................................................11

Cyber Recovery UI ........................................................................................................................................................ 13

Chapter 3: Storage and Applications............................................................................................... 16 Assets overview................................................................................................................................................................... 16 Managing storage................................................................................................................................................................ 16 Managing applications..........................................................................................................................................................17 Managing vCenter servers..................................................................................................................................................19 Resetting the host fingerprint........................................................................................................................................... 20

Chapter 4: Policies and Copies........................................................................................................21 Policies and copies overview.............................................................................................................................................. 21 Policy actions........................................................................................................................................................................ 21 Managing policies................................................................................................................................................................ 22 Running policies................................................................................................................................................................... 24 Scheduling policies.............................................................................................................................................................. 25 Managing copies..................................................................................................................................................................26 Securing a copy................................................................................................................................................................... 26 Analyzing a copy.................................................................................................................................................................. 27 Managing sandboxes...........................................................................................................................................................28

Chapter 5: Monitoring................................................................................................................... 29 Monitoring the CR Vault status.........................................................................................................................................29 Monitoring alerts and events............................................................................................................................................. 30

Handling alerts .............................................................................................................................................................. 30 Monitoring jobs.................................................................................................................................................................... 30

Chapter 6: Performing a PowerProtect Data Manager recovery with Cyber Recovery......................... 32 Recovering PowerProtect Data Manager data............................................................................................................... 32 Meeting prerequisites for a PowerProtect Data Manager recovery............................................................................ 32 Initiating a PowerProtect Data Manager recovery in the Cyber Recovery UI............................................................ 33 Running a PowerProtect Data Manager recovery check.............................................................................................. 33 Performing postrecovery steps for a PowerProtect Data Manager recovery............................................................34

Contents

Contents 3

Chapter 7: Administration..............................................................................................................35 Administration overview..................................................................................................................................................... 35 Manually securing and releasing the CR Vault.................................................................................................................35 User roles..............................................................................................................................................................................35 Managing users....................................................................................................................................................................36 Managing login sessions......................................................................................................................................................37 Setting up an email server.................................................................................................................................................. 37

Specifying which users receive email..........................................................................................................................37 Configuring the Postfix email service..........................................................................................................................38 Configuring an external email service......................................................................................................................... 39

Changing the lockbox passphrase.....................................................................................................................................39 Changing the database password.....................................................................................................................................40 Resetting the Security Officer password from the management host........................................................................40 Resetting the IP address on the management host........................................................................................................ 41 Changing the log level..........................................................................................................................................................41 Collecting logs for upload................................................................................................................................................... 42 Protect the Cyber Recovery configuration .....................................................................................................................42 Retrieve your preserved Cyber Recovery configuration................................................................................................43 Deleting unneeded Cyber Recovery objects....................................................................................................................43 Cyber Recovery disaster recovery....................................................................................................................................44

Cleaning up existing Cyber Recovery Docker containers.........................................................................................44 Restoring a Cyber Recovery software installation after a disaster.........................................................................45 Restoring a Cyber Recovery virtual appliance deployment after a disaster ......................................................... 46

Chapter 8: Troubleshooting........................................................................................................... 48 Troubleshooting suggestions............................................................................................................................................. 48 Cyber Recovery logs ..........................................................................................................................................................48 Managing Cyber Recovery services..................................................................................................................................49 Disabling SSH access to the replication interface...........................................................................................................50

Chapter 9: Cyber Recovery Command Line Interface (CRCLI)........................................................... 51 CRCLI overview....................................................................................................................................................................51

Functionality....................................................................................................................................................................51 CLI help system............................................................................................................................................................. 53

Using the CRCLI commands..............................................................................................................................................53 Parameters..................................................................................................................................................................... 54 Policy actions................................................................................................................................................................. 54 CRCLI password commands........................................................................................................................................54

4 Contents

Preface As part of an effort to improve its product lines, Dell EMC periodically releases revisions of the software and hardware. Therefore, some functions that are described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information about product features.

Contact your Dell EMC technical support professional if a product does not function correctly or does not function as described in this document.

NOTE: This document was accurate at publication time. To find the latest version of this document, go to Dell

Technologies Online Support.

Purpose This guide describes how to use the Cyber Recovery solution to protect your data.

Audience The information in this guide is primarily intended for administrators who are responsible for configuring, running, and monitoring Cyber Recovery policies.

Product Documentation The Cyber Recovery product documentation set includes:

Dell EMC PowerProtect Cyber Recovery Release Notes Dell EMC PowerProtect Cyber Recovery Installation Guide Dell EMC PowerProtect Cyber Recovery Product Guide Dell EMC PowerProtect Cyber Recovery Solutions Guide Dell EMC PowerProtect Cyber Recovery Security Configuration Guide Dell EMC PowerProtect Cyber Recovery Open Source License and Copyright Information

NOTE: Also, see the documentation for the products that are integrated with Cyber Recovery, such as Dell EMC Data

Domain Series Appliances and Dell EMC PowerProtect Data Manager applications.

Where to get help Go to Dell Technologies Online Support to obtain Dell EMC support, and product and licensing information. You can also find documentation, release notes, software updates, or information about other Dell EMC products.

You will see several options for contacting Dell EMC Technical Support. To open a service request, you must have a valid support agreement. Contact your Dell EMC sales representative for details about obtaining a valid support agreement or with questions about your account.

Comments and suggestions Comments and suggestions help us to continue to improve the accuracy, organization, and overall quality of the user publications. Send comments and suggestions about this document to DPAD.Doc.Feedback@emc.com.

Please include the following information:

Product name and version Document name, part number, and revision Page numbers Other details to help address documentation issues

Preface 5

Introduction This section provides an overview of the Dell EMC PowerProtect Cyber Recovery solution.

Topics:

What is the Dell EMC PowerProtect Cyber Recovery solution? Cyber Recovery architecture Cyber Recovery operations Management tools

What is the Dell EMC PowerProtect Cyber Recovery solution? The Cyber Recovery solution maintains mission-critical business data and technology configurations in a secure, air-gapped 'vault' environment that can be used for recovery or analysis. The Cyber Recovery Vault (CR Vault) is physically isolated from an unsecure system or network.

The Cyber Recovery solution enables access to the CR Vault only long enough to replicate data from the production system. At all other times, the CR Vault is secured and off the network. A deduplication process is performed in the production environment to expedite the replication process so that connection time to the CR Vault is as short as possible.

Within the CR Vault, the Cyber Recovery software creates point-in-time (PIT) retention-locked copies that can be validated and then used for recovery of the production system.

Figure 1. High-level solution architecture

NOTE: Data Domain Retention Lock software provides data immutability for a specified time. Retention Lock

functionality is enabled on a per-MTree basis, and the retention time is set on a per-file basis. Retention Lock is not

required for Cyber Recovery but is strongly recommended as an additional cyber-resiliency measure.

A policy, which can be scheduled, orchestrates the workflow between the production environment and the CR Vault. A policy is a combination of objects (such as Data Domain storage and applications) and jobs (such as synchronization, copy, and lock).

NOTE: References to Data Domain systems in this documentation, in the Cyber Recovery UI, and elsewhere in the

product include Data Domain systems and the new PowerProtect DD systems.

1

6 Introduction

Cyber Recovery architecture As shown in the following diagram, the Cyber Recovery solution uses Data Domain systems to replicate data from the production system to the CR Vault through a dedicated replication data link:

Figure 2. Cyber Recovery architecture

NOTE: Unless otherwise specified, this document uses the term CR Vault to describe the vault environment, which

includes the Data Domain system, the management host, and backup and analytics applications.

The CR Vault is a customer-provided secure location of the Data Domain MTree replication destination. It requires dedicated resources including a network, and though not required but strongly recommended, a name service such as DNS and a clock source. The CR Vault can be at another location (hosted by a service provider, for example).

Production environment In the production environment, applications such as the PowerProtect Data Manager application manages backup operations, which store the backup data in MTrees on Data Domain systems. The production Data Domain system is configured to replicate data to a corresponding Data Domain system in the CR Vault.

Vault environment The CR Vault environment includes the Cyber Recovery management host, which runs the Cyber Recovery software and a Data Domain system. If required for application recoveries, the CR Vault can also include PowerProtect Data Manager and other applications.

By installing and licensing the CyberSense feature, you can validate and analyze your data.

The Cyber Recovery software enables and disables the replication Ethernet interface and the replication context on the Data Domain system in the CR Vault to control the flow of data from the production environment to the vault environment. For short periods of time, the CR Vault is connected to the production system over this dedicated interface to perform replications. Because the management interface is always enabled, other Cyber Recovery operations are performed while the CR Vault is secured.

NOTE: From the Data Domain command-line interface (CLI) and the Data Domain user interface (UI), MTrees are

displayed using the following Cyber Recovery naming convention:

# /data/col1/cr-policy- -repo

Introduction 7

where is the unique ID that is created when you create a Cyber Recovery policy. The Cyber Recovery

software adds the cr- prefix to the name.

Cyber Recovery operations Recovery managers can perform continuous and iterative operations that maintain recovery data in the CR Vault if they are needed for restoration. You can perform these operations separately or in combinations. Except for a recovery, you can also schedule operations or trigger them manually as needed.

Operation Description

Replication Data Domain MTree replications are performed from the Data Domain production system to the Data Domain system in the CR Vault. Each replication uses Data Domain deduplication technology to match the data in the vault incrementally. This document refers to a replication operation as a "Sync."

Copy A point-in-time (PIT) fast copy is made of the most recent replication. If data recovery is required, the copy serves as a PIT restore point. You can maintain multiple PIT copies to ensure an optimal number of restore points. You can mount each copy in a sandbox. The sandbox is a read/write Data Domain fast copy inside the CR Vault. A fast copy is a clone of files and directory trees of a PIT copy from the cr-policy- -repo MTree. Data can be scanned for malware or analyzed as needed in the sandbox.

Lock You can secure all files in a PIT copy from modification by retention locking for a specific duration. The Cyber Recovery solution supports both:

Governance archive data requirements, which are considered lenient and meant to provide relatively short durations as appropriate to achieve your recovery strategy.

Compliance archive data requirements, which are stricter than Governance archive data requirements and are recommended to secure against more threats.

NOTE: For information about the governance and compliance archive data requirements and how to manage them, see the Data Domain documentation.

Analyze You can analyze locked or unlocked copies with various tools that search for indicators of compromise, suspicious files, or potential malware. These anomalies might identify a copy as an invalid source for recovery.

Recovery You can use the data in a PIT copy to perform a recovery operation.

Recovery Check You can run a scheduled or on-demand recovery check on a PowerProtect Data Manager recovery to ensure that after a successful recovery a copy can be recovered.

Configuring Data Domain Compliance mode retention locking Configure the CR Vault Data Domain system for Retention Lock Compliance.

Prerequisites

The CR Vault Data Domain system must have a Retention Lock Compliance license.

For more comprehensive information about the procedures to configure Retention Lock Compliance on a Data Domain system, see the Dell EMC Data Domain Operating System Administration Guide.

About this task

Data Domain systems support both Governance mode and Compliance mode retention locking. Compliance mode is a stricter type of retention locking, which enables you to apply retention policies at an individual file level. You cannot delete or overwrite locked files under any circumstances until the retention period expires.

Steps

1. On the CR Vault Data Domain system, log in as an Admin user and then add a security account with the security role:

# user add role security

8 Introduction

The security role user can be referred to as a Security Officer.

2. Log out as the Admin user and log in again as the Security Officer user. 3. Enable security authorization:

# authorization policy set security-officer enabled

4. Log out as the Security Officer user and log in again as the Admin user. 5. Configure the CR Vault Data Domain system for Retention Lock Compliance:

# system retention-lock compliance configure

6. When prompted, enter the security officer credentials. The software updates the configuration and then reboots the CR Vault Data Domain system, which is unavailable during the process.

7. Log in as the Admin user. 8. Enable Retention Lock Compliance:

# system retention-lock compliance enable

9. When prompted, enter the security officer credentials.

Results

You can perform Retention Lock Compliance operations on an MTree. You must be logged in to the CR Vault Data Domain system as an Admin user and provide the security officer credentials, when prompted.

Management tools The Cyber Recovery solution provides a web-based GUI, API, and CLI.

Cyber Recovery UI The web-based Cyber Recovery UI is the primary management and monitoring tool. It enables users to define and run policies, monitor operations, troubleshoot problems, and verify outcomes.

NOTE: To access the Cyber Recovery UI, go to https:// :14777, where

is the hostname of the management host.

Cyber Recovery REST API

The Cyber Recovery REST API provides a predefined set of operations that administer and manage tasks over HTTPS. Use the REST API to create a custom client application or to integrate Cyber Recovery functionality into an existing application.

NOTE: To access the Cyber Recovery REST API documentation, go to https:// :14780, where is the hostname of the management host.

Cyber Recovery command-line interface

The Cyber Recovery CLI (CRCLI) is a command-line alternative to the Cyber Recovery UI.

Introduction 9

Getting Started This section describes how to log in to the Cyber Recovery UI and activate the Cyber Recovery license. It also describes how to get started by using the Getting Started wizard.

Topics:

Logging in Activating the Cyber Recovery license Completing initial setup with the Getting Started wizard

Logging in Cyber Recovery users can log in to the Cyber Recovery UI.

About this task

Users that are assigned the Security Officer or admin roles can perform tasks in the Cyber Recovery. A dashboard user can only view the dashboard but cannot perform any tasks.

Steps

1. Open a supported browser and go to https:// :14777.

where is the hostname of the management host where the Cyber Recovery software is installed.

2. Enter your username and password. 3. Click LOG IN.

The Cyber Recovery dashboard displays.

Activating the Cyber Recovery license Upload the Cyber Recovery license file to activate the license.

Prerequisites

Provide a Software Instance ID, which is created at the Cyber Recovery installation, to acquire the license file from Dell EMC. The information icon on the Masthead Navigation displays information about Cyber Recovery, including the Software Instance ID.

When Dell EMC emails you the license file, save it to a directory of your choice. If you must bring the license file into the CR Vault, you must enable a connection from your desktop to the CR Vault or use a USB flash drive.

About this task

After Cyber Recovery installation, the Cyber Recovery deployment state is Unlicensed by default. You can perform some perfunctory Cyber Recovery tasks, however you cannot access full Cyber Recovery capabilities.

Steps

1. From the Masthead Navigation, click the gear icon to access the System Settings list. 2. Click License.

The License dialog box also provides the following information:

Expires On State Type Software Instance ID

3. In the License dialog box, click Choose File, select the Cyber Recovery license file, and then click OK.

2

10 Getting Started

Results

The Cyber Recovery license is activated and you can use all the Cyber Recovery licensed features.

Completing initial setup with the Getting Started wizard The Getting Started wizard enables you to check your Cyber Recovery deployment, create an Admin user, add storage, and deploy a protection policy quickly.

About this task

When you log in to the Cyber Recovery UI for the first time, the Getting Started wizard is displayed. The wizard guides you through the initial steps for running a policy. When you complete a step, its corresponding number changes color and the next step is highlighted.

Steps

1. Under Checklist, click Review to verify that you have performed the required deployment steps.

If you have not satisfied all requirements, log out and complete the deployment steps.

2. Under Users, click Add to create an Admin user. Complete the following fields in the Add User dialog box and click Save:

Table 1. User fields

Field Description

Name fields Specify the user's first name and last name.

Role Select either:

AdminEnables users to perform tasks in the Cyber Recovery software. DashboardEnables users to view the Cyber Recovery dashboard but not perform tasks. The

dashboard role does not time out.

User Name (required) Specify a username.

Phone Specify the user's telephone number.

Email (required) Specify an email address for alert notifications if the user is configured to receive them.

Password/Confirm New Password (required)

Specify and confirm the password. Password requirements include:

964 characters At least 1 numeric character At least 1 uppercase letter At least 1 lowercase letter At least 1 special character (~!@#$%^&*()+={}|:";<>?[]-_.,^')

When you change a password, enter and confirm both the new and existing passwords.

Session Timeout Select the amount of idle time after which the user is logged out of the Cyber Recovery UI.

3. Under Vault Storage, click Add to define the storage object. Complete the following fields in the Add Vault Storage dialog box and click Save:

Table 2. Vault storage fields

Field Description

Nickname Enter a name for the storage object.

FQDN or IP Address Specify the Data Domain host by using one of the following:

Fully qualified domain name (FQDN) IP address

Getting Started 11

Table 2. Vault storage fields (continued)

Field Description

Storage Username Specify a dedicated Cyber Recovery Data Domain administration account (for example, cradmin), which the Cyber Recovery software uses to perform operations with the Data Domain system. This Data Domain account must be an admin role and on the DD boost users list.

NOTE: You cannot use the sysadmin account.

Storage Password Enter the password of the Data Domain administrator.

SSH Port Number Enter a storage SSH port number.

Reset Host Fingerprint (Security Officer only) If you change the FQDN or IP address of the Data Domain host, select to reset the fingerprint. The Cyber Recovery software then sends an alert message.

Tags Optionally, add a tag that provides useful information about the storage object. The tag is displayed in the details description for the vault storage in the Assets content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

NOTE: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

4. Under Policies, click Add to define a policy. Complete the following fields in the Add Policy dialog box and click Save:

Table 3. Policy fields

Field Description

Name Specify a policy name.

Policy Type From the drop-down list, select PPDM.

Storage Select the storage object containing the replication context that the policy will protect.

Context a. Under Context, select the MTree replication context to protect and the interface on the storage instance that is configured for replications.

b. Under Ethernet Port, select the interface on the storage instance that is configured for replications.

NOTE: There can be only one policy per replication context, except for PowerProtect Data Manager policy types, which support multiple replication contexts.

NOTE: Do not select the data or management Ethernet interfaces.

Replication Window Set a timeout value in hours for how long a job for a Sync action runs before Cyber Recovery issues a warning. The default value is 0.

Retention Lock Type Select one of the following:

(Add Policy dialog box only) None, if retention locking is not supported. The retention fields are then removed from the dialog box.

Governance if it is enabled on the storage instance. (Edit Policy dialog box only) Governance-disabled. Compliance if it is enabled on the storage instance.

Storage SO Username/Password Required when you select Compliance. Enter the username and password of the storage instance Security Officer.

NOTE: This username was created on the Data Domain system.

Retention Lock Minimum Specify the minimum retention duration that this policy can apply to PIT copies. This value cannot be less than 12 hours.

NOTE: If the retention lock type is set to Compliance and you edit this value, you are prompted to enter the Storage SO Username/Password.

12 Getting Started

Table 3. Policy fields (continued)

Field Description

Retention Lock Maximum Specify the maximum retention duration that this policy can apply to PIT copies. This value cannot be greater than 1,827 days.

NOTE: If the retention lock type is set to Compliance and you edit this value, you are prompted to enter the Storage SO Username/Password.

Retention Lock Duration Specify the default retention duration that this policy applies to PIT copies.

Tags Optionally, add a tag that provides useful information about the policy. The tag is displayed in the details description for the policy in the Policies content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

NOTE: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

When you complete these steps, the Cyber Recovery dashboard is displayed. NOTE: You can recall the wizard at any time by selecting System Settings > Getting Started from the Masthead

Navigation.

5. To run the policy immediately, do the following:

a. Select Policies in the Main Menu. b. On the Policies content pane, select the policy checkbox. Then click Actions and select the action that you want the policy to

perform.

NOTE: If you have not installed the Cyber Recovery license, you cannot run any Sync (replication) operations.

Cyber Recovery runs the policy and displays progress messages on the Jobs content pane and the dashboard.

Cyber Recovery UI The Cyber Recovery UI is the primary tool for performing and monitoring Cyber Recovery operations. It is a web application that enables you to define, run, and monitor policies and policy outcomes.

NOTE: The Cyber Recovery UI is available only in English. No other languages are supported.

The Cyber Recovery UI includes:

Masthead Navigation icons that provide information or enable you to perform administrative tasks. A Main Menu that enables you to access content panes from which you perform operations such as managing assets, policies,

recoveries, and users. A dashboard that provides comprehensive alerts and events notifications that facilitate troubleshooting and error correction.

NOTE: If you log in to the Cyber Recovery UI as a dashboard user, your view of the dashboard is limited and you

cannot perform tasks. However, the dashboard does not time out.

The following figure shows the dashboard in the Cyber Recovery UI:

Getting Started 13

Figure 3. PowerProtect Cyber Recovery dashboard

1. The Masthead Navigation provides icons that enable you to view notifications and additional information, set system settings, and access the Getting Started wizard and online help. A dashboard user can only log out of the Cyber Recovery UI.

2. The Main Menu provides access to content panes from which you can perform operations. It is not available to a dashboard user. 3. Alerts|Security provides details about unacknowledged alerts that identify anomalies in vault activity. 4. Alerts|System provides details about unacknowledged system events. 5. Status shows the current state of the CR Vault and enables you to secure it manually if a network event occurs when the CR Vault is

open and stop all replication operations. It also displays the five most recent jobs and their progress. For information about monitoring the CR Vault and about manually securing the CR Vault, see Monitoring the CR Vault status and Manually securing and releasing the CR Vault.

NOTE: A dashboard user cannot secure the vault.

6. Jobs shows the jobs that are created when a policy is triggered and the overall status of all jobs in the Cyber Recovery environment.

NOTE: Links in Alerts and Jobs enable you to access content panes that display more information about the specific

details on the dashboard.

Your assigned role determines the functions that you can perform in the Cyber Recovery UI. For more information, see User roles.

Masthead Navigation The Cyber Recovery UI includes Masthead Navigation.

The icons in the masthead of the Cyber Recovery UI provide information or enable you to perform administrative tasks. A dashboard user can only log out of the Cyber Recovery UI and has no access to the other icons.

Figure 4. Masthead navigation icons

1. Provides a drop-down list of unacknowledged alerts 2. Provides a drop-down list that identifies your username and enables you to log out 3. Provides a drop-down list to:

Access the Getting Started wizard Configure clean-up, mail server, disaster recovery backup, and log settings Enables the Security Officer to manage the number of simultaneous login sessions Enable license activation

14 Getting Started

4. Displays the Cyber Recovery version and Software Instance ID 5. Displays the Cyber Recovery online help

Getting Started 15

Storage and Applications This section describes how to manage storage instances and applications in the Cyber Recovery UI.

Topics:

Assets overview Managing storage Managing applications Managing vCenter servers Resetting the host fingerprint

Assets overview Assets in the CR Vault are represented as storage, application, and vCenter server objects.

NOTE: Power on all assets before you add them to your Cyber Recovery deployment.

Storage objects Storage objects represent storage systems, such as Data Domain systems. Define a storage object for each Data Domain system that is running in the CR Vault. The Cyber Recovery software uses the Data Domain system to perform replications, store point-in-time (PIT) copies, and apply retention locking.

Application objects Application objects represent applications, such as PowerProtect Data Manager or the CyberSense feature.

Usually, you include the PowerProtect Data Manager application in the CR Vault when the Data Domain system is integrated with those applications in your production systems. The CR Vault does not require these applications to protect the data because MTree replications copy all the data to the CR Vault. However, running the applications in the CR Vault enables you to analyze , recover, and restore your data so that it can be used to rehydrate production backup applications, if necessary.

The Cyber Recovery software integrates with the CyberSense feature application, which analyzes backup data for the presence of malware or other anomalies. After you install CyberSense feature on a separate host in the CR Vault, define an application object for it. Then, Cyber Recovery policies can call the CyberSense feature to analyze PIT copies.

NOTE: The CyberSense feature is only supported as a component of the Cyber Recovery solution in the CR Vault; it is

not supported on the production system.

vCenter server objects If you plan to use PowerProtect Data Manager to perform a recovery in the CR Vault, add a vCenter server asset. Otherwise, a PowerProtect Data Manager recovery fails.

Managing storage Define a storage object for each Data Domain system that is running in the CR Vault environment. A Data Domain system in the CR Vault serves as the repository for the data that is replicated from the production system and protected by the Cyber Recovery solution.

Prerequisites

Before you add a storage object, install the Data Domain instance in the CR Vault environment and perform an initial replication.

3

16 Storage and Applications

About this task

If you are defining the Data Domain system for the first time, see Completing initial setup with the Getting Started wizard.

Steps

1. From the Main Menu, select Infrastructure > Assets. 2. Click VAULT STORAGE at the top of the Assets content pane. 3. Do one of the following:

To add a storage object, click Add. To modify an existing object, select the object and click Edit.

4. Complete the following fields in the dialog box:

Table 4. Vault storage fields

Field Description

Nickname Enter a name for the storage object.

FQDN or IP Address Specify the Data Domain host by using one of the following:

Fully qualified domain name (FQDN) IP address

Storage Username Specify a dedicated Cyber Recovery Data Domain administration account (for example, cradmin), which the Cyber Recovery software uses to perform operations with the Data Domain system. This Data Domain account must be an admin role and on the DD boost users list.

NOTE: You cannot use the sysadmin account.

Storage Password Enter the password of the Data Domain administrator.

SSH Port Number Enter a storage SSH port number.

Reset Host Fingerprint (Security Officer only) If you change the FQDN or IP address of the Data Domain host, select to reset the fingerprint. The Cyber Recovery software then sends an alert message.

Tags Optionally, add a tag that provides useful information about the storage object. The tag is displayed in the details description for the vault storage in the Assets content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

NOTE: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

5. Click Save. The VAULT STORAGE table lists the storage object.

6. Click in the row for the storage object to view more detailed information that is retrieved from the Data Domain system, such as the replication contexts and the Ethernet interface.

7. To remove a storage object, select the storage object, and then click Delete.

Managing applications When you install an application in the CR Vault, you must represent the application to the Cyber Recovery software. Applications can include the PowerProtect Data Manager, the CyberSense feature, or other applications.

Prerequisites

The application must be installed and running at the CR Vault location before you can define it in the Cyber Recovery UI. Modify the /etc/ssh/sshd_config file:

1. Enable password authentication:

Change the PasswordAuthentication field value from no to yes.

2. Run the service sshd restart command.

Storage and Applications 17

Steps

1. From the Main Menu, select Infrastructure > Assets. 2. Click APPLICATIONS at the top of the Assets content pane. 3. Do one of the following:

To add an application, click Add. To modify an existing application, select the application and click Edit.

4. Complete the following fields in the dialog box:

Table 5. Application fields

Field Description

Nickname Enter a name for the application object.

FQDN or IP Address Specify the application host by using one of the following:

Fully qualified domain name IP address

Host Username Specify the host administrator username.

NOTE: This username is for the operating system host.

Host Password Enter the password of the host administrator. NOTE: Enter the password for the user admin account, which is the default account.

SSH Port Number Enter an application SSH port number.

Application Type Selection an application type:

To represent an application in Cyber Recovery, select the following:

PPDM

Complete the following fields:

In the Application Username field, enter the username of the application user.

In the Application Password field, enter the password of the application user.

In the Host Root Password field, enter the root password of the vault application. The root password is required to reboot the PowerProtect Data Manager appliance.

In the vCenter Name field, select a vCenter server In the Lockbox Passphrase field, enter the lockbox passphrase the

PowerProtect Data Manager on the production system.

NOTE: If you upgraded from a Cyber Recovery version 19.2 deployment that used PowerProtect Data Manager, you must edit an existing PowerProtect Data Manager application to add values in the vCenter Name and Lockbox Passphrase fields.

CyberSense to choose the CyberSense feature Select FileSystem if you want to mount copies on an NFS share and

examine data by using any application on the host. Selecting this option does not require you to install an application on the host.

Select Other for other application types.

Reset Host Fingerprint (Security Officer only) If you change the FQDN or IP address of the Data Domain host, select to reset the fingerprint. The Cyber Recovery software then sends an alert message.

Tags Optionally, add a tag that provides useful information about the application. The tag is displayed in the Assets content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

18 Storage and Applications

Table 5. Application fields (continued)

Field Description

ForPowerProtect Data Manager recoveries, add a tag that indicates the DD Boost username that is configured for the production application.

NOTE: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

5. Click Save. The Applications table lists the application.

6. Click in the row for the application to view more detailed information. 7. To remove an application, select the application and click Delete.

Managing vCenter servers When you install a vCenter system in the CR Vault, you must represent it to the Cyber Recovery software.

Steps

1. From the Main Menu, select Infrastructure > Assets. 2. Click VCENTERS at the top of the Assets content pane. 3. Do one of the following:

To add a vCenter, click Add.

To modify an existing vCenter, select the vCenter and click Edit. 4. Complete the following fields in the dialog box:

Table 6. vCenter fields

Field Description

Nickname Enter a name for the vCenter.

FQDN or IP Address Specify the vCenter server by using one of the following:

Fully qualified domain name IP address

Host Username Specify the host administrator username.

NOTE: This username is for the operating system host.

Host Password Enter the password of the host administrator.

Tags Optionally, add a tag that provides useful information about the application. The tag is displayed in the Assets content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

NOTE: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

5. Click Save. The vCenters table lists the application.

6. Click in the row for the vCenter to view more detailed information. 7. To remove a vCenter, select the asset and click Delete.

Storage and Applications 19

Resetting the host fingerprint

Prerequisites

Only the Security Officer role can carry out this task.

About this task

If you change the hostname (that is, the FQDN or IP address) of either an application or a Data Domain system in the CR Vault you need to reset the host fingerprint. This requirement applies to the following cases:

If you change from one FQDN to a different FQDN. If you change from an FQDN to an IP address. If you change from an IP address to an FQDN.

In this case, you do not need to reset the host fingerprint:

If you change from one IP address to a different IP address.

Steps

1. To reset the host fingerprint when changing an FQDN or IP address, do one of the following:

Select Assets from the Main Menu, and click APPLICATIONS at the top of the Assets content pane.

Select Assets from the Main Menu, and click VAULT STORAGE at the top of the Assets content pane. 2. Select an existing application or storage asset, and click Edit. 3. In the dialog box, change the address in the FQDN or IP address field. 4. Check the Reset Host Fingerprint check box. 5. Click Save.

20 Storage and Applications

Policies and Copies This section describes how to create and run policies that perform replications, create point-in-time copies, and set retention locks.

Topics:

Policies and copies overview Policy actions Managing policies Running policies Scheduling policies Managing copies Securing a copy Analyzing a copy Managing sandboxes

Policies and copies overview The Cyber Recovery solution secures data by using policies and copies.

Policies The Cyber Recovery solution uses policies to perform replications, create point-in-time (PIT) copies, set retention locks, and create sandboxes. Note the following details about Cyber Recovery policies:

A Cyber Recovery policy can govern one or more Data Domain MTrees. Only a PowerProtect Data Manager policy type can govern more than one MTree.

You can create, modify, and delete policies. When you run a policy, you can perform a single action or carry out multiple actions in sequence. For example,

you can run a policy so that it only performs a replication. Or, you can run the same policy so that it performs a replication, creates a PIT copy, and then retention locks the copy.

You cannot run concurrent Sync or Lock actions for a policy.

Copies Copies are the PIT MTree copies that serve as restore points that you can use to perform recovery operations. In the Cyber Recovery UI, you can retention lock a copy or analyze its data to detect the presence of malware or other anomalies. You can also delete unlocked copies.

Policy actions The Cyber Recovery UI supports the Copy, Sync, Copy Lock, Sync Copy, and Secure Copy policy actions.

Copy A Copy action makes a point-in-time (PIT) copy of an MTree's most recent replication in the CR Vault and stores

it in the replication archive.

4

Policies and Copies 21

Copy Lock A Copy Lock action retention locks all files in the PIT copy.

Sync A Sync action (or replication) replicates an MTree from the production system to the CR Vault, synchronizing with the previous replication of that MTree.

Sync Copy A Sync Copy action combines the Sync and Copy actions into one request. It first performs the replication and then creates a PIT copy.

Secure Copy A Secure Copy action performs a replication, creates a PIT copy, and then retention locks all files in the PIT copy.

NOTE: You can also retention lock an existing PIT copy as described in Securing a copy.

Managing policies Create policies to perform replications, make point-in-time (PIT) copies, set retention locks, and perform other Cyber Recovery operations within the CR Vault. You can also modify and delete policies.

Prerequisites

Ensure that a storage object is available to reference in the policy and that it has an unprotected replication context. Only one policy can protect a replication context. Policies that perform recovery or analysis operations require an application.

About this task

You can create up to 25 policies for a maximum of five Data Domain systems in the CR Vault.

The Cyber Recovery software supports PowerProtect Data Manager policies that govern multiple MTrees.

You can disable a policy so that you can use the replication contexts of that disabled policy to create new policy. If you use the contexts of a disabled policy, you cannot then enable that policy. You can use a disabled policy's copy to perform a recovery operation manually or from the Recovery window.

Steps

1. Select Policies from the Main Menu. 2. In the Policies content pane, do one of the following:

a. To create a policy, click Add. b. To modify a policy, select a policy and click Edit.

3. Complete the fields in the following dialog box and then click Save:

Table 7. Policy fields

Field Description

Name Specify a policy name.

Policy Type From the drop-down list, select PPDM.

Storage Select the storage object containing the replication context that the policy will protect.

Context a. Under Context, select the MTree replication context to protect and the interface on the storage instance that is configured for replications.

22 Policies and Copies

Table 7. Policy fields (continued)

Field Description

b. Under Ethernet Port, select the interface on the storage instance that is configured for replications.

NOTE: There can be only one policy per replication context, except for PowerProtect Data Manager policy types, which support multiple replication contexts.

NOTE: Do not select the data or management Ethernet interfaces.

Replication Window Set a timeout value in hours for how long a job for a Sync action runs before Cyber Recovery issues a warning. The default value is 0.

Retention Lock Type Select one of the following:

(Add Policy dialog box only) None, if retention locking is not supported. The retention fields are then removed from the dialog box.

Governance if it is enabled on the storage instance. (Edit Policy dialog box only) Governance-disabled. Compliance if it is enabled on the storage instance.

Storage SO Username/Password Required when you select Compliance. Enter the username and password of the storage instance Security Officer.

NOTE: This username was created on the Data Domain system.

Retention Lock Minimum Specify the minimum retention duration that this policy can apply to PIT copies. This value cannot be less than 12 hours.

NOTE: If the retention lock type is set to Compliance and you edit this value, you are prompted to enter the Storage SO Username/Password.

Retention Lock Maximum Specify the maximum retention duration that this policy can apply to PIT copies. This value cannot be greater than 1,827 days.

NOTE: If the retention lock type is set to Compliance and you edit this value, you are prompted to enter the Storage SO Username/Password.

Retention Lock Duration Specify the default retention duration that this policy applies to PIT copies.

Tags Optionally, add a tag that provides useful information about the policy. The tag is displayed in the details description for the policy in the Policies content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.

NOTE: If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

For information about running policies, see Running policies.

4. To disable an existing policy but not delete it, select the policy and then click Disable.

The disabled policy is no longer displayed in the list of enabled policies.

NOTE: When you create a policy, it is enabled by default.

5. To view disabled policies:

a. Click Enabled Policies. The list menu opens.

b. Click View Disabled Policies in the list menu. The policy is displayed in the list of disabled policies and the Status column indicates that the policy is disabled.

6. To enable a disabled policy so that it runs again, from the window that lists the disabled policies, select the policy and then click Enable.

The enabled policy is no longer displayed in the list of disabled policies.

7. To view enabled policies from the window that lists the disabled policies:

a. Click Disabled Policies. The list menu opens.

Policies and Copies 23

b. Click View Enabled Policies in the list menu. The policy is displayed in the list of enabled policies and the Status column indicates that the policy is enabled.

8. To remove a policy:

a. Ensure that there are no active copies that are associated with the policy. Delete any copies before you try to delete the policy. b. Select the policy and then click Delete

NOTE:

The Cyber Recovery software supports PowerProtect Data Manager policies that govern multiple MTrees.

You cannot delete a disabled policy until its copies are retention locked.

If you delete a policy with the retention lock type set to Compliance, the policy is no longer displayed in the Cyber

Recovery UI. However, the associated MTree remains on the Data Domain system.

Running policies Run a policy manually at any time so that it performs a specified action or actions.

Steps

1. Select Policies from the Main Menu. 2. Select the policy that you want to run. 3. Click Actions and select one of the following:

Table 8. Policy actions

Task Description

Secure Copy Performs a Sync, a Copy, and then a Lock action.

Sync Copy Performs a Sync and then a Copy action.

Copy Lock Retention locks the most recent point-in-time (PIT) copy. To retention lock an earlier PIT copy, see Managing copies.

Sync Replicates the MTree from the production system to the CR Vault. This replication synchronizes with the previous replication of the MTree. Cyber Recovery unlocks the CR Vault to perform the replication.

NOTE: When performing a Sync action, there might be a delay of up to 15 minutes, depending on the replication cycle on the production Data Domain system. The Cyber Recovery software itself does not initiate a replication. Instead, it waits for the production Data Domain system to synchronize its data over the replication interface and then validates the timestamp of the replicated data on the CR Vault Data Domain system.

Copy Creates a PIT copy of the latest replication.

Results

The policy starts a job that you can monitor on the Jobs page.

You cannot choose to run concurrent sync or lock actions for a policy. If you run a policy, and then run the same policy with an action that performs either a sync or lock operation, Cyber Recovery displays an informational message and does not create a job. When the initial job is completed, run the policy.

NOTE: You can run concurrent Copy actions on a policy.

24 Policies and Copies

Scheduling policies Schedule an action that you want the policy to perform.

Prerequisites

If you have not installed the Cyber Recovery license, you cannot create a schedule. The policy action that you want to perform might have prerequisites. For example, a point-in-time (PIT) copy must exist if you want to

perform the Lock action.

About this task

You can create multiple schedules for the same policy. However, you cannot create multiple schedules for a policy that run simultaneously. Each schedule specifies the action that the policy performs.

Steps

1. Select Policies from the Main Menu. 2. Click SCHEDULES at the top of the Policies content pane. 3. To add a schedule, click Add and complete the following fields in the dialog box:

Table 9. Schedule fields

Field Description

Schedule Name Specify a schedule name.

Policy Select the policy that you are scheduling.

Action Select the action that the policy performs when it runs under this schedule. See Running policies on page 24 for a description of the actions.

Retention Lock Duration Only if you selected Secure Copy or Copy Lock as the action, enter the duration of the retention lock that this policy applies to PIT copies.

Application Host Only if you selected Analyze as the action, select the host for CyberSense feature.

Frequency Enter the frequency in days and hours.

Next Run Date Select the date to start running the policy under this schedule.

Next Run Time Select the time to start running the policy under this schedule.

4. Click Apply. The Schedules table lists the schedules.

5. To disable an existing schedule but not delete it, select the schedule and then click Disable.

The schedule is no longer displayed in the list of enabled schedules.

a. Click Enabled Schedules. The list menu opens.

b. Click View Disabled Schedules in the list menu. The schedule is listed, and the Status column indicates that the schedule is disabled.

6. To enable a disabled schedule so that it runs again, select the schedule and then click Enable .

The schedule is no longer displayed in the list of enabled schedules.

a. Click Disabled Schedules. The list menu opens.

b. Click View Disabled Schedules in the list menu.

The schedule is listed, and the Status column indicates that the schedule is disabled.

7. To delete an existing schedule and remove it permanently, select the schedule and then click Delete.

Policies and Copies 25

Managing copies The Policies page enables you to view, secure, analyze, and delete point-in-time (PIT) copies.

Steps

1. Select Policies from the Main Menu. 2. Click COPIES at the top of the Policies content pane to display existing copies.

Each row shows the copy and policy names, the copy creation date, the retention lock expiration date, an analysis assessment, and the recovery status.

NOTE: The row does not show child copies that are associated with a PowerProtect Data Manager copy. The Details

window provides information about child copies, as described in the following step.

3. To view details about a copy, click in the copy's row.

The Details window displays the information and provides links to the policy and sandboxes (if any). 4. To retention lock a copy or extend the retention period of a locked copy, see Securing a copy. 5. To analyze a copy, see Analyzing a copy. 6. To delete an unlocked copy, select the copy and then click Delete.

NOTE:

If the Expiration Date column for a copy displays a date, the copy is retention locked and cannot be deleted.

When you delete a PowerProtect Data Manager copy that has associated child copies, those child copies are also

deleted.

You can also view, lock, analyze, and delete copies by policy. Click the policy name in the Name column to display the Details for Policy page. Then click COPIES.

Securing a copy Secure a point-in-time (PIT) copy for a specific retention period during which the data in the PIT copy can be viewed, but not modified. If a copy is already retention locked, you can extend (but not decrease) the current retention period.

Prerequisites

A policy must create the PIT copy.

About this task

When a copy's retention period expires, the data is no longer protected from deletion.

Steps

1. Select Policies from the Main Menu. 2. On the Policies content pane, click COPIES to display the list of existing copies. 3. Select the copy that you want to secure and click Lock. 4. In the LOCK dialog box, specify the retention period and click Save.

NOTE: The Policy Retention Range field displays the minimum and maximum retention value of the policy. Specify a

duration within this range.

Results

The retention lock is set. The Expiration Date column changes from No lock set and displays the expiration date and a locked icon. When the retention lock expires, the Expiration Date column displays the expiration date and an unlocked icon.

26 Policies and Copies

Analyzing a copy Analyze a point-in-time (PIT) copy by using the CyberSense feature in the CR Vault.

Prerequisites

NOTE:

You can only run an Analyze operation on a Standard policy copy.

The CyberSense feature is only supported as a component of the Cyber Recovery solution in the CR Vault; it is not

supported on the production system.

The following prerequisites must be satisfied:

To use the CyberSense feature, you must have a valid license. Contact your Dell Technologies sales representative to obtain a CyberSense feature license. You are provided with access instructions.

A policy must create the PIT copy to analyze.

About this task

A CyberSense feature license is based on TB capacity. If you:

Exceed the licensed capacity, the analysis is completed and the Cyber Recovery software provides an alert. Until you update the licensed capacity, you receive the alert every time you run an Analyze operation. There is a 90-day grace period for you to increase the licensed capacity.

Do not increase the licensed capacity after 90 days, the Analyze operation status is Partial Success and the Cyber Recovery software indicates that security analytics were not generated because the license is invalid.

Let the license expire, the Analyze operation fails. The Cyber Recovery software indicates that there is a missing or invalid license.

Steps

1. Select Policies from the Main Menu. 2. On the Policies content pane, click COPIES to display the list of existing copies.

You cannot run an analysis concurrently on a copy of the same policy. Otherwise, the Cyber Recovery software displays an informational message and does not create a job. When the initial job is completed, run the analysis on the copy. You can run concurrent analyses on copies of different policies.

3. Select the copy to analyze, and click Analyze.

If you do not have a valid license for the CyberSense feature, the Analyze button is disabled.

4. From the Application Host list box, select the application nickname for the CyberSense feature. 5. Click Apply.

The policy starts a job that you can view on the Jobs page. If the analysis indicates possible malware or other anomalies, the Cyber Recovery software generates an alert and the job status is listed as Critical. Otherwise, the job status is listed as Success.

6. Optionally, cancel a running analysis, otherwise go to the next step:

a. Select Jobs from the Main Menu. b. Select the running Analyze job. c. Click Cancel Job.

The Cyber Recovery software generates an alert for the cancel request. When the job is canceled, you can immediately start another Analyze job.

7. When the analysis is complete, return to the list of copies and click in the copy's row. The Last Analysis column shows the results as Suspicious, Good, or Failed.

8. Retrieve a detailed report about a successful Analyze job by using the CRCLI.

A report is only available for a successful Analyze job. If an Analyze job fails, the Cyber Recovery software generates an error.

The report notifies you if there are any anomalies. Acknowledge the alert, otherwise the report for the next analysis includes the anomaly along with any new anomalies.

NOTE: You cannot retrieve a report from the Cyber Recovery UI

The report is stored in the /temp/ folder.

Policies and Copies 27

Managing sandboxes A sandbox is a unique location in the CR Vault in which you can perform read/write operations on a point in time (PIT) copy. This copy is a read/write copy of the locked data in the CR Vault. Create sandboxes as needed to perform data analysis, recovery, or validation operations.

About this task

Cyber Recovery enables you to create custom sandboxes to perform operations by using applications that are not in the Cyber Recovery default list. A sandbox can contain only one PIT copy, however, you can create multiple sandboxes for one PIT copy.

Steps

1. From the Main Menu, click Recovery. 2. Select a PIT copy from the list. 3. Click SANDBOX. 4. In the Sandbox dialog box:

a. Select an application host that is configured in the CR Vault. b. Enter a unique sandbox name.

NOTE: The cr prefix is appended to the custom sandbox name. For example, if you enter MySandbox, the sandbox

name displays as cr-MySandbox.

c. Indicate if you want to mount the file system. Enter where you want to mount the data if you do not want to use the default.

NOTE: Cyber Recovery supports mount operations for UNIX operating systems only. The host is available by

using SSH.

d. Click APPLY.

This step starts a job that you can view on the Jobs page. 5. From the Recovery content pane, click SANDBOXES to:

a. View the list of sandboxes.

The row does not show child sandboxes that are associated with a PowerProtect Data Manager sandbox. The Details window provides information about child copies, as described in the following step

b. To view details about a sandbox, click the sandbox 's row.

The Details window displays the information.

c. Select a sandbox and then delete it.

When you delete a PowerProtect Data Manager sandbox that has associated child sandboxes, those child sandboxes are also deleted.

28 Policies and Copies

Monitoring This section describes how to use the dashboard in the Cyber Recovery UI to monitor Cyber Recovery operations and take corrective steps when necessary.

Topics:

Monitoring the CR Vault status Monitoring alerts and events Monitoring jobs

Monitoring the CR Vault status The CR Vault status indicates if the vault connection to the production system is open (Unlocked) or closed (Locked). The CR Vault is in the Locked state unless the Cyber Recovery software is performing a replication.

After Cyber Recovery software installation and initial configuration, the CR Vault might be unlocked. This behavior is as designed. An initialization might be in progress while you are configuring the Cyber Recovery environment, therefore, the port must be open. The Cyber Recovery software creates a job for the initial Sync operation, which you can use to monitor the operation. When the initialization is complete, the port closes automatically.

NOTE: You cannot create another Sync job while the initial Sync job is running.

If necessary, the Security Officer or an Admin user can manually lock the vault and close the connection. For more information, see Manually securing and releasing the CR Vault on page 35.

To view the CR Vault connection status, click Dashboard in the Main Menu. The state displays under Status.

The following table describes the connection states:

Table 10. Cyber Recovery connection states

Status Icon Description

Locked All configured replication connections are closed because no replication is being performed. If a replication policy is run, the Cyber Recovery software opens the connection and changes the vault state to Unlocked.

Unlocked One or more replication network connections are open because a replication is being performed. The state returns to Locked when the replication completes.

Secured All replication network connections are secured because the Security Officer or an Admin user manually locked the connection due to a security breach. You cannot initiate any replication policy actions. When the CR Vault is released and returns to the Locked state, you can then run replication policies.

Degraded If there are multiple Data Domain systems in the CR Vault and one Data Domain system is unable to communicate with the Cyber Recovery software, the vault status is Degraded. This scenario can occur if you change either the FQDN or the IP address of the Data Domain system. An alert notifies you about the CR Vault status.

Unknown If there are multiple Data Domain systems in the CR Vault and all the Data Domain systems are unable to communicate with the Cyber Recovery software, the vault status is Unknown. This scenario can occur when you first install the Cyber Recovery software or if you change either the FQDNs or IP addresses of the Data Domain systems. An alert notifies you about the CR Vault status.

5

Monitoring 29

Monitoring alerts and events The Cyber Recovery software generates notifications about alerts and events.

An alert indicates that an event occurred and might require you to take action.

Alert categories include:

SystemIndicates a system issue that might compromise the Cyber Recovery system such as a failed component StorageIndicates storage issues such as insufficient disk space SecurityIndicates that a user cannot log in or malware might have been detected

NOTE: By default, the alerts table includes the Security Officer login as a security alert. Use this account only when

necessary.

Events indicate system events, such as the start of a job or completion of a retention lock.

You can view alerts and events from:

The dashboard The Alerts and Events content pane The icon in the Masthead Navigation (alerts only)

The Alerts and Events content pane enables you to view details, acknowledge, and add notes for alerts. You can only view details for events.

Handling alerts An alert indicates that you might have to take action.

Steps

1. Select Alerts and Events from the Main Menu. The content pane lists the alerts.

2. To view details about an alert, click in the alert's row.

The Details pane displays complete details about the alert.

3. Take any necessary actions to resolve the problem. 4. Select an alert or multiple alerts and click Acknowledge.

The Acknowledge column now displays a flag icon for each selected alert.

If you click the select all checkbox at the head of the Message ID column, all the alerts on the current page are selected.

NOTE: The dashboard and the Navigation Masthead no longer show these alerts. Only the five most recent

unacknowledged alerts are displayed on the dashboard and from the drop-down list on the Navigation Masthead.

5. Optionally, click Unacknowledge to remove the acknowledgment from the alert. The unacknowledged alerts are displayed on the dashboard and from the drop-down list on the Navigation Masthead again.

6. To add a note about an alert, select the alert and click add note. Enter a note into the Add Note window. The note displays in the alert's Details pane.

Monitoring jobs When you run a policy or recovery operation, the Cyber Recovery software creates a job.

The Jobs content pane shows the job status, which indicates the job's progress. It lists jobs that are running, successfully completed, or canceled. When a job is completed, its status is either Success, Warning, or Critical. If a job's status is Critical, a critical alert is also associated with the job.

When you create or edit a policy, optionally, set a job window timeout value (in hours) for how long a job for a Sync action runs. If the duration of the job reaches the timeout limit, Cyber Recovery issues a warning alert. Cancel the job, if necessary.

In the Jobs content pane:

For more information about a job, click in a job's row to bring up the Details window. To stop a running Sync, Sync Copy, Secure Copy, PowerProtect Data Manager Recovery, or Analyze job, select the job and then click

Cancel Job.

30 Monitoring

The Cyber Recovery software generates an alert for the cancel request. To refresh the content pane, click the refresh icon. To select how often the content pane refreshes, click the refresh icon and select the time from the list box.

Monitoring 31

Performing a PowerProtect Data Manager recovery with Cyber Recovery

This section describes how to use the Cyber Recovery UI to recover data from PowerProtect Data Manager point-in-time copies.

Topics:

Recovering PowerProtect Data Manager data Meeting prerequisites for a PowerProtect Data Manager recovery Initiating a PowerProtect Data Manager recovery in the Cyber Recovery UI Running a PowerProtect Data Manager recovery check Performing postrecovery steps for a PowerProtect Data Manager recovery

Recovering PowerProtect Data Manager data Use a point-in-time (PIT) copy to rehydrate PowerProtect Data Manager data in the CR Vault.

You can initiate a PowerProtect Data Manager recovery by using the Cyber Recovery UI or the CRCLI. You then complete the recovery from the PowerProtect Data Manager application in the CR Vault.

NOTE: You can only run one recovery job per application at a time.

When you initiate a recovery, the Cyber Recovery software prepares your environment so that you can run a PowerProtect Data Manager recovery from the application console. As part of this process, the software creates a production DD Boost username and password, and reboots the PowerProtect Data Manager appliance. It also takes a VM snapshot of the PowerProtect Data Manager appliance that you use to revert the PowerProtect Data Manager software after you complete the recovery.

During the recovery procedure, the Cyber Recovery software performs a recovery check to ensure that after a successful recovery a copy can be recovered. During the check, the state of the backup copy shows as IN-PROGRESS. When the recovery check is completed successfully, the data backup copy shows as RECOVERABLE.

If the recovery check fails , the state of the backup copy shows as FAILED. Alerts in the dashboard and an email message notify you of the state. The alerts are either:

WarningThe backup copy is partially recoverable. CriticalThe backup copy is unrecoverable.

Meeting prerequisites for a PowerProtect Data Manager recovery Ensure that the following prerequisites are met before you initiate a PowerProtect Data Manager recovery:

The CR Vault Data Domain system must be running DD OS Version 6.2 or later. You have deployed the Cyber Recovery virtual appliance in the CR Vault. The PowerProtect Data Manager application must be

installed as the admin user. The UIDs that are associated with the production PowerProtect Data Manager DD Boost users are configured in the CR Vault Data

Domain system. These UIDs must be available in the Data Domain system in the CR Vault. The PowerProtect Data Manager application in the CR Vault must be configured with the credentials of the PowerProtect Data

Manager application on the production system. NOTE: After 90 days, the root and admin accounts expire. Change the root and admin account passwords,

otherwise, a recovery action fails because the former passwords are not valid. Redeploy the PowerProtect Data

Manager OVA in the CR Vault and then re-create the PowerProtect Data Manager application.

The PowerProtect Data Manager application is defined as an application asset in the Cyber Recovery software. Use either the Cyber Recovery UI or the CRCLI to add the application.

6

32 Performing a PowerProtect Data Manager recovery with Cyber Recovery

Ensure that there are no snapshots of the PowerProtect Data Manager virtual machine that is deployed in the vCenter server. Run application and server backups in the PowerProtect Data Manager production environment. Then, perform a Secure Copy policy

operation to copy data to the CR Vault environment. You have created a policy for the VM data and a policy for the server backup.

Initiating a PowerProtect Data Manager recovery in the Cyber Recovery UI Initiate a recovery in the Cyber Recovery UI. The Cyber Recovery software completes the recovery operation automatically.

Prerequisites

Ensure that you meet all the prerequisites that are listed in Meeting prerequisites for a PowerProtect Data Manager recovery on page 32.

About this task

The Cyber Recovery software prepares your environment so that you can run a VM recovery from the PowerProtect Data Manager application console. As part of this process, the software creates a production DD Boost username and password and reboots the PowerProtect Data Manager appliance.

Steps

1. Select Recovery from the Main Menu. 2. On the Recovery content pane, select the copy, and then click Application. 3. In the Application dialog box, select a PowerProtect Data Manager application host, and then click Apply.

The Cyber Recovery UI software runs a job to create a recovery sandbox, populates it with the selected copy, and then makes the sandbox available to the application host.

4. Optionally, cancel the recovery, otherwise go to the next step:

a. Select Jobs from the Main Menu. b. Select the running recovery job. c. Click Cancel Job.

The recovery job is canceled and the Cyber Recovery software automatically deletes the sandbox, reverts the VM back to the virtual snapshot, and the Data Domain system shows the status of the MTree that was associated with the sandbox is deleted.

5. Wait for the recovery job to complete.

A recovery sandbox is created for the PowerProtect Data Manager application.

6. Click SANDBOXES, click the recoverapp_ name and view the status detail. The Details pane provides the name of the newly created sandbox.

Results

The latest PowerProtect Data Manager configuration is recovered.

Running a PowerProtect Data Manager recovery check Run a scheduled or on-demand PowerProtect Data Manager recovery check to ensure that after a successful recovery a copy can be recovered.

About this task

When the Cyber Recovery software completes a recovery check action, the copy's status is marked as recoverable or nonrecoverable. The Cyber Recovery software reverts PowerProtect Data Manager back to its initial state from which you can run a recovery. However, you can run a recovery manually to determine if the copy is recoverable and manually perform the cleanup.

Steps

1. Schedule a recovery check.

a. Select Policies from the Main Menu.

Performing a PowerProtect Data Manager recovery with Cyber Recovery 33

b. Click SCHEDULES at the top of the Policies content pane. c. Click Add and complete the following fields in the dialog box:

Field Description

Schedule Name Specify a schedule name.

Policy Select the policy that you are scheduling.

Action Select Recover Check from the drop-down list.

Frequency Enter the frequency in days and hours.

Next Run Date Select the date to start running the policy under this schedule.

Next Run Time Select the time to start running the policy under this schedule.

d. Click Save,

The recovery check runs, using the values that you defined in the recovery check schedule. 2. Run an on-demand recovery check.

a. Select Recovery from the Main Menu. b. Under Copies, select a copy. c. Click Recovery Check.

Results

The recovery check runs immediately.

Performing postrecovery steps for a PowerProtect Data Manager recovery After the PowerProtect Data Manager recovery is completed, perform required postrecovery steps.

About this task

You can perform this task by using the Cyber Recovery UI or the CRCLI.

Steps

1. Delete the sandbox that was created when you initiated the PowerProtect Data Manager recovery.

a. From the Main Menu, click Recovery and then click SANDBOXES from the top of the Recovery pane. b. Select the sandbox. c. Click Delete.

The sandbox is deleted, and the Cyber Recovery software reverts the PowerProtect Data Manager software to the snapshot that was created when you initiated the recovery.

2. To validate success, log in to the PowerProtect Data Manager application in the CR Vault.

The Welcome to PowerProtect Data Manager window opens. 3. Optionally, on the Data Domain system, run the filesys clean command.

This step deletes the DD Boost storage unit. If you choose not to perform this step, the DD Boost storage unit is deleted during the next scheduled cleaning operation.

Results

The system is ready for another recovery operation.

34 Performing a PowerProtect Data Manager recovery with Cyber Recovery

Administration This section covers the following topics:

Topics:

Administration overview Manually securing and releasing the CR Vault User roles Managing users Managing login sessions Setting up an email server Changing the lockbox passphrase Changing the database password Resetting the Security Officer password from the management host Resetting the IP address on the management host Changing the log level Collecting logs for upload Protect the Cyber Recovery configuration Retrieve your preserved Cyber Recovery configuration Deleting unneeded Cyber Recovery objects Cyber Recovery disaster recovery

Administration overview You can perform administrative tasks from either the Cyber Recovery UI or on the management host by using the Cyber Recovery command line interface (CRCLI).

Manually securing and releasing the CR Vault If a security breach occurs, the Security Officer or an Admin user can manually secure the CR Vault. During this time, the Cyber Recovery software performs no replication operations.

To secure or release (unsecure) the CR Vault, log in to Cyber Recovery and access the dashboard. Under Status, do one of the following:

To secure the CR Vault if you suspect a security breach, click Secure Vault so that the CR Vault status changes from Locked to Secured. All Sync policy operations stop immediately and no new Sync policy operations can be initiated. The Cyber Recovery software also issues an alert that the CR Vault is secured.

NOTE: All non-Sync policies can be run in the CR Vault while it is secured.

To unsecure the vault when you are confident that there is no longer a security threat, click Release Vault. The CR Vault status returns to Locked. Sync policy operations can now be initiated.

For more information about the CR Vault status, see Monitoring the CR Vault status.

User roles Cyber Recovery users are assigned roles that determine the tasks that they can perform in the CR Vault environment.

The Cyber Recovery installation creates the default crso user and assigns the Security Officer role to this user. The Security Officer user must perform the initial Cyber Recovery login and then create users. There is only one Security Officer per Cyber Recovery installation; you cannot create another Security Officer.

NOTE: Do not confuse the Cyber Recovery Security Officer with the Data Domain Security Officer for Data Domain

Compliance retention locking.

7

Administration 35

There are three Cyber Recovery user roles:

DashboardThis role enables the user to view the Cyber Recovery dashboard but not perform tasks. AdminThis role has the following permissions:

Create, modify, and disable dashboard users Create, manage, and run policies and associated objects Acknowledge and add notes to alerts Change administrative settings Modify own user account Change own password Manually secure and release (unsecure) the CR Vault

Security OfficerThis role has the following permissions:

All Admin permissions Create, modify, and disable users Change and reset user passwords Change the Security Officer password

If as the Security Officer, you forget your password, use the crsetup.sh script to reset it. For instructions, see Resetting the Security Officer password.

Managing users The Security Officer creates, modifies, and disables users.

About this task

The Security Officer can enable and disable users, but not delete them.

Steps

1. Select Administration > Users from the Main Menu. 2. Do one of the following:

To create a user, click Add. To modify a user, select a user and click Edit.

3. Complete the following fields in the dialog box.

Table 11. User fields

Field Description

Name fields Specify the user's first name and last name.

Role Select either:

AdminEnables users to perform tasks in the Cyber Recovery software. DashboardEnables users to view the Cyber Recovery dashboard but not perform tasks. The

dashboard role does not time out.

User Name (required) Specify a username.

Phone Specify the user's telephone number.

Email (required) Specify an email address for alert notifications if the user is configured to receive them.

Password/Confirm New Password (required)

Specify and confirm the password. Password requirements include:

964 characters At least 1 numeric character At least 1 uppercase letter At least 1 lowercase letter At least 1 special character (~!@#$%^&*()+={}|:";<>?[]-_.,^')

When you change a password, enter and confirm both the new and existing passwords.

36 Administration

Table 11. User fields (continued)

Field Description

Session Timeout Select the amount of idle time after which the user is logged out of the Cyber Recovery UI.

4. Click Save. 5. Enable and disable users:

a. Select the user and click Disable. b. Click Disabled Users at the top of the content pane and note that the table lists the newly disabled user. c. Select the user and click Enable. Note that the table no longer lists the user. d. Click Enabled Users at the top of the content pane and note that the table lists the newly enabled user.

Managing login sessions The Security Officer (crso) can set the number of maximum simultaneous login sessions.

Prerequisites

You must be assigned the Security Officer role to change login session settings.

About this task

The login session count uses a first in, first out priority. If a specific user and role exceeds the number of simultaneous logins, that user's earliest session is longer a valid Cyber Recovery session and the session is logged out. The user must log in to the Cyber Recovery software again.

Steps

1. From the Masthead Navigation, select the gear icon to access the System Settings menu. 2. Click Login Count Settings.

The Login Count Settings dialog box opens and shows the default session login values, which are:

Security Officerone login session Adminthree login sessions Dashboard userthree login sessions

3. Set the maximum number of login sessions for the Security Officer, Admin, and Dashboard user.

The maximum number of login sessions for each user is 10.

Setting up an email server If your configuration allows email to leave the CR Vault, specify which users receive email notifications about alerts and connect to an SMTP email server.

By default, a Cyber Recovery deployment uses Postfix to route and deliver Cyber Recovery email notifications to Cyber Recovery users. Postfix is an open-source mail transfer agent that is included with most non-Windows systems.

Optionally, enable and configure the option to use an external email service.

Specifying which users receive email Specify which users receive email notifications about alerts.

Steps

1. Select Administration > Alert Notifications from the Main Menu.

The table lists Cyber Recovery users, their email addresses, and roles.

2. For each user that you want to receive email messages, select either or both the Receive Critical Alerts and Receive Warning Alerts check boxes.

If you select Receive Warning Alerts, by default, the user also receives critical alerts.

Administration 37

3. To send a test email to the user, click SEND TEST EMAIL. Contact the intended user to verify if the email was received.

Configuring the Postfix email service After you have configured an SMTP email server in the Cyber Recovery UI, use Postfix to route and deliver Cyber Recovery email notifications to Cyber Recovery users.

About this task

NOTE: If your system has an active firewall, ensure that port 25 is open on the firewall.

Steps

1. If necessary, open port 25 on the firewall:

# iptables -I INPUT -p tcp --dport 25 -j ACCEPT

2. Open /etc/postfix/main.cf in an editor, and modify it as shown in the following examples:

a. Add the inet address:

# RECEIVING MAIL # # Note: you need to stop/start Postfix when this parameter changes. # inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #inet_interfaces = localhost

NOTE: Ensure that you do not uncomment more than one inet_interface.

b. Add the fully qualified domain name (FDQN) of the management host:

# INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # myhostname =

c. Add the mail server name:

# INTERNET OR INTRANET # # The relayhost parameter specifies the default host to send mail to # when no entry is matched in the optional transport (5) table. When # no relayhost is given, mail is routed directly to the destination. # # On an intranet, specify the organizational domain name. If your # internal DNS uses no MX records, specify the name of the intranet # gateway host instead. # # In the case of SMTP, specify a domain, host, host:port, [host]:port, # [address] or [address]:port; the form [host] turns off MX lookups. # If you're connected via UUCP, see also the deafult_transport parameter. # relayhost = #

3. Reload the Postfix configuration file.

# postfix reload

38 Administration

4. Stop and start Postfix:

# postfix stop # postfix start

5. Optionally, check the Postfix status:

# postfix status

Configuring an external email service After you have configured an SMTP email server in the Cyber Recovery UI, enable the option to use an external email service to route and deliver Cyber Recovery email notifications to Cyber Recovery users.

About this task

If you do not enable this option, by default, the Cyber Recovery software uses Postfix as the default email service.

Steps

1. From the Masthead Navigation, click the gear icon to access the System Settings list. 2. Click Mail Server Settings. 3. In the Mail Server Settings dialog box, enable this option.

The dialog box displays configuration fields.

4. Enter or modify the values in the following fields:

Field Description

Mail Server Specify the Cyber Recovery email server.

Port Specify a port number. The default port number is 25.

Sender's Email Address Specify the email address that delivers Cyber Recovery alert messages. The default value is noreply@cyberrecovery.

Authentication Specify the password for the email address

Username Optionally, specify the username that is associated with the Cyber Recovery email server.

Password Optionally, specify the password that is associated with the Cyber Recovery email server.

5. Click Save.

Changing the lockbox passphrase For security purposes, use the crsetup.sh script to change the Cyber Recovery lockbox passphrase.

Prerequisites

You must provide the current lockbox passphrase, which is created during the Cyber Recovery installation.

NOTE: This procedure is disruptive; it causes the Docker container services to be stopped.

About this task

The Cyber Recovery software uses a lockbox resource to securely store sensitive information, such as credentials for application resources and databases. The lockbox securely manages sensitive information by storing the information in an encrypted format.

NOTE: Ensure that there are no jobs running before you change the lockbox password. Otherwise, the CR Vault might

go to an unsecured state.

Administration 39

Steps

1. Log in to the management host and go to the Cyber Recovery installation directory. 2. Enter the following command:

# ./crsetup.sh --lockbox

3. When prompted to continue, enter y. The script stops the Docker container services.

4. When prompted, enter the current lockbox passphrase. 5. When prompted, enter and confirm the new lockbox passphrase.

The script changes the passphrase and then restarts all Docker container services.

Changing the database password For security purposes, use the crsetup.sh script to change the Cyber Recovery database password.

Prerequisites

You must provide the lockbox passphrase, which is created during the Cyber Recovery installation. Ensure that there are no jobs running before you change the database password.

NOTE: This procedure is disruptive; it causes the Docker container services to be stopped.

About this task

Cyber Recovery microservices communicate with the MongoDB database to access policies and other persisted data. The database is password-protected and only accessible by the microservices that run in the Cyber Recovery environment.

Steps

1. Log in to the management host and go to the Cyber Recovery installation directory. 2. Enter the following command:

# ./crsetup.sh --mongodb

3. When prompted, enter y to continue.

The script stops the Docker container services.

4. When prompted, enter and confirm the new database password.

The script starts the Docker container services.

Resetting the Security Officer password from the management host As the Security Officer (crso), use the crsetup.sh script to reset the crso password.

Prerequisites

You must provide the lockbox passphrase, which is created during the Cyber Recovery installation.

About this task

As the Security Officer, use the Cyber Recovery UI or Cyber Recovery CRCLI to change the crso password. However, if you forget the crso password or if there is a change in Security Officer, use the crsetup.sh script.

Steps

1. Log in to the management host and go to the Cyber Recovery installation directory.

40 Administration

2. Enter the following command:

# ./crsetup.sh --crso

3. When prompted, enter y to continue with the change.

4. When prompted, enter the lockbox passphrase. 5. Enter and confirm the new crso password.

A message indicates that the change is successful.

Resetting the IP address on the management host When you reset the IP address on the management host in the CR Vault, run the crsetup.sh script to ensure that the Cyber Recovery software runs properly.

Prerequisites

You must have the lockbox password to enter at the crsetup.sh script prompt.

Steps

1. Modify the IP address of the Cyber Recovery management host. 2. Restart the network service:

# service network restart

3. Restart Docker:

# service docker restart

4. Run the crsetup.sh --address script:

# ./crsetup.sh --address Do you want to continue[y/n]: y . . . Enter lockbox password:

5. Verify that all Cyber Recovery containers are up and running:

# docker ps -a

6. Log in to the Cyber Recovery UI and confirm that you can access the Cyber Recovery software.

Changing the log level Change the logging level that is used to add information to the Cyber Recovery log files.

About this task

Cyber Recovery supports two log levels:

InfoProvides contextual details relevant to software state and configuration. DebugProvides granular details to aide analysis and diagnostics.

The default log level is Info.

Steps

1. From the Masthead Navigation, click the gear icon to access the System Settings list. 2. Click Log Settings. 3. In the Service Log Level dialog box, do one of the following:

Administration 41

Click the Set All radio button to change the level for all logs. Click a radio button to set the level for each specific log.

4. Click Save.

Collecting logs for upload Collect all logfiles in an archive file so that they can be uploaded to Dell EMC support to facilitate troubleshooting.

Steps

1. From the Masthead Navigation, click the gear icon to access the System Settings list. 2. Click Log Settings. 3. In the Service Log Level dialog box, click Generate Log Bundle.

The logfiles are collected and added to a .tar file in the opt/dellemc/cr/var/log directory. Also, Cyber Recovery triggers a log collection on all associatedData Domain systems in the vault environment. To view these collections, click Settings (gear icon) in the PowerProtect DD Management Center and select System > Support > Support Bundles.

4. Click OK to dismiss the Log Bundle window and then close the Service Log Level dialog box.

Protect the Cyber Recovery configuration Configure a disaster recovery (DR) backup to preserve Cyber Recovery configuration data and policies in case the management server fails.

Prerequisites

Create an MTree for the Cyber Recovery software to use for a DR backup.

About this task

The backup data is stored on a separate MTree on the Data Domain system in the CR Vault for a set period.

After you configure a DR backup, it runs at the frequency that you scheduled. You can also run an on-demand DR backup.

If another job is running at the times that you schedule a DR backup or initiate an on-demand backup, the DR backup does not run. Ensure that you do not schedule other jobs for the same time as the DR backup.

NOTE: We strongly recommend that you configure a DR backup to protect your Cyber Recovery configuration.

Steps

1. From the Masthead Navigation, click the gear icon to access the System Settings list. 2. Select DR Backups.

The Disaster Recovery Backups dialog box is displayed.

NOTE: By default, DR backups are disabled.

3. Click Configuration and do the following:

a. Click the toggle switch to enable a DR backup. b. Select the Data Domain system on which to store the backup data. c. Specify an MTree on which to store the backup data. d. Set the frequency of the DR backups and the time for the next run. e. Click Save.

A message indicates that you created the configuration successfully. 4. To run a DR backup on demand, click Run Backup and then click Backup Now.

You must create an enabled configuration before you can run an on-demand DR backup.

5. To set retention limits for DR backups, click Maintenance from the System Settings list.

The retention time settings include a minimum of one day and a maximum of 90 days. NOTE: The DR backup must be enabled otherwise it is not included in the cleaning schedule and the retention limit is

not enforced.

42 Administration

Results

Backup data is now available if you must recover your Cyber Recovery configuration.

Retrieve your preserved Cyber Recovery configuration Use a disaster recovery (DR) backup to return your Cyber Recovery configuration to the state before a management server failure. Retrieve the backup data and then perform a recovery.

Prerequisites

Ensure that you have a DR backup of your Cyber Recovery configuration.

About this task

DR backups are stored on a separate MTree on the Data Domain system in the CR Vault.

Steps

1. On the Data Domain system, create an NFS export to map to the Cyber Recovery management host on which you want to perform the recovery. Ensure that you use the no_root_squash option for the NFS export:

nfs add /data/col1/drbackups (no_root_squash)

2. On the Cyber Recovery management host, mount the NFS export to a specific directory:

mount

:/data/col1/drbackups /mnt/drbackups

The DR backup files are accessible for the recovery procedure. 3. Access the backup data and perform the recovery. 4. After you recover the Cyber Recovery configuration, perform the following cleanup steps:

a. On the Cyber Recovery management host, run the following command:

umount /mnt/drbackups

b. On the Data Domain system, remove the NFS export that you created in step 1:

nfs del /data/col1/drbackups

The DR backup files are no longer accessible to the Cyber Recovery management host.

Deleting unneeded Cyber Recovery objects Delete alerts, events, expired and unlocked copies, DR backups, and jobs when they are no longer needed. By setting a Cyber Recovery cleaning schedule, you can avoid system slowdown.

About this task

The Cyber Recovery software provides a default cleaning schedule, which you can modify.

Steps

1. From the Masthead Navigation, click the gear icon to access the System Settings list. 2. Select Maintenance.

The Maintenance dialog box is displayed.

3. To modify the default cleaning schedule:

a. Specify the frequency for when the schedule runs, the time that the schedule runs next, and the age of the objects to delete.

Administration 43

The Delete unlocked copies older than field affects locked and unlocked copies differently. An unlocked copy is deleted after the set numbers of days. A locked copy is deleted after the set number of days after the retention lock expires. For example, a copy is retention locked for 14 days and the Delete unlocked copies older than field is set to 7 days. After 14 days, the file is unlocked and then after 7 days it is deleted. That is, after 21 days, the copy is deleted.

NOTE: You must enable and configure a DR backup from the DR Backup option under System Settings to ensure

that the DR backup is included in the cleaning schedule. The Cyber Recovery software deletes a DR backup using

the same process as a locked copy.

b. Click Save.

The cleaning operation runs, using the values that you defined in the cleaning schedule. 4. To run the cleaning schedule on demand, click Clean Now.

The cleaning operation runs immediately, using the values that you defined in the cleaning schedule.

Cyber Recovery disaster recovery The Cyber Recovery crsetup.sh setup script with the recover option enables you to perform a recovery after a disaster.

In some cases, it might be necessary to clean up existing Cyber Recovery Docker containers before you restore the Cyber Recovery software. These cases can include, but are not limited to:

An upgrade failed. You deleted the Cyber Recovery directory by mistake. The uninstallation section of the setup script does not allow removal of the Cyber Recovery software.

See Cleaning up existing Cyber Recovery Docker containers on page 44.

After you clean up the existing Docker containers, follow the procedures to restore the Cyber Recovery software for either aCyber Recovery software installation or an Cyber Recovery virtual appliance deployment. See:

Restoring a Cyber Recovery software installation after a disaster on page 45 Restoring a Cyber Recovery virtual appliance deployment after a disaster on page 46

Cleaning up existing Cyber Recovery Docker containers If necessary, clean up existing Cyber Recovery containers before you run the restore procedure after a disaster.

Steps

1. Identify the Cyber Recovery containers that are running:

docker container ls --filter name=cr_

The output shows the running Cyber Recovery containers, which might be similar to the following example:

cr_swagger cr_ui cr_edge cr_schedules cr_policies cr_mgmtdds cr_apps cr_notifications cr_vault cr_users cr_mongo-auth cr_registry

NOTE: Each container name includes a suffix, which differs depending on your version of Docker Compose.

2. Stop all the running Cyber Recovery containers:

docker container stop `docker container ls -q --filter name=cr_`

44 Administration

3. Remove all the stopped Cyber Recovery containers:

docker container rm `docker container ls -a -q --filter name=cr_`

4. Verify that all Cyber Recovery containers are removed:

docker container ls -a -filter name=cr_

No containers are listed.

5. List the Cyber Recovery images that are associated with the containers that you removed:

docker images | grep localhost:14779/cr_

6. Remove all the Cyber Recovery container images:

docker image remove `docker images | grep localhost:14779/cr_ | awk '{ print $3 }'`

7. Verify that all the Cyber Recovery container images have been removed:

docker images | grep localhost:14779/cr_

The images that were listed in step 5 are no longer listed and the clean up is complete.

8. Perform to the Cyber Recovery software restore procedure (see Restoring a Cyber Recovery software installation after a disaster on page 45).

Restoring a Cyber Recovery software installation after a disaster Use the crsetup.sh setup script with the recover option to perform a disaster recovery.

Prerequisites

Before you perform this procedure:

Have a Cyber Recovery backup tar package that was created before the disaster. Otherwise, you cannot complete this procedure. Delete the Cyber Recovery installation directory. If necessary, clean up existing Docker containers before you begin this procedure. See Cleaning up existing Cyber Recovery Docker

containers on page 44.

About this task

For information about how to install the Cyber Recovery software, see the Dell EMC PowerProtect Cyber Recovery Installation Guide .

Steps

1. Install the same version of the Cyber Recovery software that was running before the disaster occurred.

If you were running an installation that included patch updates, install the patch updates also.

NOTE: We recommend that when you reinstall the Cyber Recovery software for this procedure that you use the

same password that was used in the previous installation for the crso account, the MongoDB database, and the

lockbox. This same password makes it easier to complete the recovery procedure. We also recommend that you use

the same installation locations.

2. When the installation is complete, start the UI and validate that the configuration is empty. 3. Close the UI. 4. Start the Cyber Recovery software restore procedure:

a. Run the crsetup.sh setup script:

crsetup.sh --recover

Administration 45

b. Type y to continue:

Do you want to continue [y/n]:

c. Type y to confirm and continue:

Are you REALLY sure you want to continue [y/n]:

d. Type the full path to the Cyber Recovery backup tar package location, for example:

/tmp/cr_backups/cr.19.2.1.0-3.2019-09-19.08_02_09.tar.gz e. Type the newly installed MongoDB password.

Please enter the newly installed MongoDB password:

NOTE: This password is the password that you created when you reinstalled the Cyber Recovery software in step

1.

f. Type the newly installed MongoDB password again to confirm:

Enter newly installed MongoDB password:

g. Type the lockbox passphrase for the original installation, that is, the installation before the disaster:

Enter the previously saved lockbox passphrase:

The Cyber Recovery restore operation proceeds and then returns a success message when it completes:

19.02.19 08_45_20 : 19.02.19 08_45_20 : Cyber Recovery has been successfully recovered onto this system 19.02.19 08_45_20 :

5. Log in to the Cyber Recovery UI or the CRCLI and validate that the previous installation has been restored.

Restoring a Cyber Recovery virtual appliance deployment after a disaster Return your system to the state that it was in after the Cyber Recovery virtual appliance deployment. Then, use the crsetup.sh setup script with the recover option to perform a disaster recovery.

Prerequisites

Before you perform this procedure:

Have a Cyber Recovery backup tar package that was created before the disaster. Otherwise, you cannot complete this procedure. Delete the Cyber Recovery installation directory. If necessary, clean up existing Docker containers before you begin this procedure. See Cleaning up existing Cyber Recovery Docker

containers on page 44.

About this task

For information about how to install the Cyber Recovery software, see the Dell EMC PowerProtect Cyber Recovery Installation Guide .

Steps

1. Go to the /tmp directory and make the cyber-recovery-installer.bin file an executable file.

# cd tmp # chmod +x ./cyber-recovery-installer.bin

2. Run the cyber-recovery-installer.bin file.

This step returns the system to the state it was in after you deployed the Cyber Recovery virtual appliance.

46 Administration

3. Start the Cyber Recovery software restore procedure:

a. Run the crsetup.sh setup script:

crsetup.sh --recover

b. Type y to continue:

Do you want to continue [y/n]:

c. Type y to confirm and continue:

Are you REALLY sure you want to continue [y/n]:

d. Type the full path to the Cyber Recovery backup tar package location, for example:

/tmp/cr_backups/cr.19.2.1.0-3.2019-09-19.08_02_09.tar.gz The Cyber Recovery restore operation proceeds and then returns a success message when it completes:

19.02.19 08_45_20 : 19.02.19 08_45_20 : Cyber Recovery has been successfully recovered onto this system 19.02.19 08_45_20 :

4. Log in to the Cyber Recovery UI or the CRCLI and validate that the previous installation has been restored.

Administration 47

Troubleshooting This section describes the following topics:

Topics:

Troubleshooting suggestions Cyber Recovery logs Managing Cyber Recovery services Disabling SSH access to the replication interface

Troubleshooting suggestions The following table lists possible Cyber Recovery problems and suggested remedies.

If you cannot Do this

Install the Cyber Recovery software Ensure that the crsetup.sh --check command passed all prerequisites before continuing.

Ensure that you are using a stable version of Docker. Set Docker to start on reboot with the systemctl enable docker command.

Find the crsetup.sh logs in the directory from which you run crsetup.sh.

If your system has an active firewall, ensure that the following ports are open on the firewall:

14777 (for Cyber Recovery UI) 14778 (for the Cyber Recovery REST API) 14779 (for the Cyber Recovery Registry - local management host access) 14780 (for the Cyber Recovery API Documentation)

Log in to the Cyber Recovery UI Check the edge and users service logs. Ensure that your DNS settings are resolvable. If your system has an active firewall, ensure that the following ports are open on the

firewall:

14777 (for Cyber Recovery UI) 14778 (for the Cyber Recovery REST API) 14779 (for the Cyber Recovery Registry - local management host access) 14780 (for the Cyber Recovery API Documentation)

Run a job Check the schedules, policies, or mgmtdds service logs.

Receive alert email messages If your system has an active firewall, ensure that port 25 is open on the firewall. Verify your Postfix or email configuration and check that you added the email for alert

notifications.

Secure the CR Vault Check the vault service logs.

Recover or analyze Check the policies and apps service logs.

Cyber Recovery logs The Cyber Recovery software generates both a JSON and a text logfile for each service.

The logfiles are in the /opt/dellemc/cr/var/log/ directory, where service is one of the following services:

8

48 Troubleshooting

Services Log message content

edge The routing for all calls from REST clients, the Cyber Recovery CLI, and the Cyber Recovery UI, as well as the logic for setting system log levels, licensing, and dashboard.

NOTE: This service is the entry point for all REST API calls.

apps Anything that is related to applications that are associated with Cyber Recovery, including CyberSense feature used for copy analysis, PowerProtect Data Manager instances, and file system hosts.

mgmtdds All communication with the CR Vault Data Domain.

notifications All the system notifications (alerts and events) and SMTP email messages.

policies Anything that is related to policies, jobs, copies, and sandboxes.

schedules All the system schedules, cleaning schedules, and action endpoints.

users Anything that is associated with users, including addition, modification, and authentication operations.

vault Anything that is related to the status of the vault, and opening and closing managed interfaces.

All Cyber Recovery logfiles use the following log message format:

[ ] [ ] [: ] : message

For example:

[2018-08-23 06:31:31] [INFO] [users] [restauth.go:63 func1()] : GET /irapi/users Start GetUsers

Log Levels The following table describes the log levels by order from low to high. Each log level automatically includes all lower levels. For example, when you set the log level to INFO, the log captures all INFO, WARNING, and ERROR events.

The default log level is INFO.

Log Level Purpose Example

ERROR Reports failures in the execution of some operation or task that usually requires manual intervention.

Replication failure due to an incorrect password

Sandbox creation failure due to the mount point already in use

WARNING Reports unexpected technical or business events that might indicate a potentially harmful situation, but do not require immediate attention.

Corrupted or truncated file Policy 1 hour over the sync timeout period of

6 hours

INFO Reports information about the progress of an operation or task.

Synchronization started Creating a point-in-time copy Scanning for malware

DEBUG Captures highly granular information for debugging or diagnosis.

This level is typically useful to administrators, developers, and other users.

Managing Cyber Recovery services Start and stop Cyber Recovery Docker container services manually if there is an unexpected event on the management host.

To stop or start the Docker container services, use the crsetup.sh script that is located in the Cyber Recovery installation directory.

Troubleshooting 49

Enter the following command to stop the Docker container services:

# ./crsetup.sh -stop

The following Cyber Recovery Docker container services stop in this order:

Service Function

swagger Provides access to the Cyber Recovery REST API documentation

ui Manages Cyber Recovery UI actions

edge Acts as the gateway to the Cyber Recovery services

schedules Manages Cyber Recovery schedule actions

policies Manages Cyber Recovery policy actions

vcenter Manages the vCenter server objects that are required for PowerProtect Data Manager deployments

mgmtdds Manages the Data Domain actions in the CR Vault

apps Manages storage system and applications in the CR Vault actions

notifications Manages alert, event, email, and log actions

vault Manages CR Vault actions

users Manages the Cyber Recovery Admin users and the Security Officer user actions

mongo-auth Manages the database

Enter the following command to start the Docker container services:

# ./crsetup.sh -start

The Docker container services start again.

NOTE: At this time, you cannot stop and start an individual Docker container service.

Disabling SSH access to the replication interface Disable SSH access to the replication interface on the CR Vault Data Domain system.

About this task

The Cyber Recovery software works with a replication data link between the vault-environment and production-environment Data Domain systems. The Cyber Recovery software communicates with all Data Domain systems by using SSH.

Optionally, use the following procedure on the Data Domain host to restrict SSH inbound access for the Cyber Recovery management host:

Steps

1. On the management host, obtain the hostname. 2. Log in to the Data Domain host and enter the following command:

adminaccess ssh add

where is the hostname from step 1.

3. Use the Data Domain net filter functionality.

For information about how to use the net filer functionality, see the Data Domain documentation.

Results

SSH is blocked on all interfaces except the management interface.

50 Troubleshooting

Cyber Recovery Command Line Interface (CRCLI)

This chapter covers the Cyber Recovery command line interface (CRCLI).

Topics:

CRCLI overview Using the CRCLI commands

CRCLI overview The Cyber Recovery Command Line Interface (CRCLI) enables you to perform Cyber Recovery management tasks from a command line. The commands represent a subset of the functionality that is available in the Cyber Recovery UI.

The CRCLI is typically used by administrators. If the Cyber Recovery software is installed using the default locations, the CRCLI is located in the /opt/dellemc/cr/bin directory.

Functionality The following table lists the Cyber Recovery operations that you can perform with the CRCLI.

Module Functionality

login/logout Log in a user Log out the current user

users Create users Modify users Disable and enable users List users Show user details Change user passwords Configure email notifications for users

dd NOTE: A storage object in the Cyber Recovery UI corresponds to dd in the CRCLI.

Create a Data Domain Modify a Data Domain List Data Domains Show Data Domain configuration

apps Create an application Modify an application List applications Show application details

vcenter Create a vCenter Modify a vCenter List vCenters Show vCenter details

policy Create a policy

9

Cyber Recovery Command Line Interface (CRCLI) 51

Module Functionality

List all policies Run a policy with the following actions:

sync sync-copy secure copy copy copy-lock lock analyze

Show details about a policy List jobs by policy Get details about a specific job Cancel a job List PIT copies by policy List sandboxes by policy Retrieve an analysis report

schedules Create schedules List schedules Modify schedules Delete schedules

recovery Perform a recovery operation List current recoveries

vault Secure (lock) the vault Release (unlock) the vault Show vault status

alerts List alerts Show alert details Acknowledge an alert Add note to an alert

events List events Show event details

system Initiate Cyber Recovery log collection and Data Domain support bundle.

Change log level settings Change cleaning schedule settings Retrieve Cyber Recovery environment details Show mail server settings Edit mail server settings Show the DR backup configuration edit the DR backup configuration Run a DR backup

license Add a license Show license information

version Display the Cyber Recovery version and build number

help Display help

52 Cyber Recovery Command Line Interface (CRCLI)

CLI help system The CRCLI help system provides reference documentation that gives detailed information about each command.

After you log in to the CRCLI, you can access help:

To view the entire help system, enter:

# crcli help To view help for a specific module, include the module name in the command:

# crcli policy help To view help for a specific action, include the action name after the module name:

# crcli apps add help

The help system shows both required and optional parameters. In the following example, required parameters are listed first, followed by optional parameters that are enclosed within brackets ([ ]).

# crcli users add help

-a, --alertnotification string (optional) ex. --alertnotification "critical" -e, --email string (required) ex. --email user@sample.com -f, --firstname string (optional) ex. --firstname "Mickey" -l, --lastname string (optional) ex. --lastname "Mouse" -p, --phone string (optional) ex. --phone 555-555-5555 -r, --role string (required) ex. --role admin -u, --username string (required) ex. --username "admin1"

crcli users add

--username --role --email [ ] -u "admin1" -r "admin" -e "admin1@local.com" Required: username : Set the desired username role : Set the desired role for the user (Roles: admin, dashboard) email : Set the email address for the user Options: firstname : Set the users first name lastname : Set the users last name phone : Set the users phone number alertnotification : Define the type of alert the user will receive via email (Alert Types: critical, warning) Examples: crcli users add --username admin1 --role admin --email admin1@local.com

Using the CRCLI commands All CRCLI commands have the same basic structure.

crcli

where:

is the module name, for example users or policy. is the operation name, for example list, run, or show. are one or more required and optional parameters.

Cyber Recovery Command Line Interface (CRCLI) 53

Parameters CRCLI commands have both required and optional parameters.

To include a parameter, specify the parameter name or command-line flag followed by the parameter value. Two dashes precede the parameter names; a single dash precedes the command-line flags.

Use the CRCLI help system to view the parameters and command-line flags. For example, enter crcli policy add to view the parameters for adding a policy.

crcli policy add help -f, --financialinstitutionname string (required) ex. --financialinstitutionname Bank123 -w, --jobwindow string (optional) ex. --jobwindow 1 (default 6) -i, --mgmtddnickname string (required) ex. --mgmtddnickname "ddl" -c, --mgmtddreplctxname stringArray (required) ex. --mgmtddreplctxname "mtree://dd1/data/ col1/repl-1" -e, --mgmtddreplethinterface string (required) ex. --mgmtddreplethinterface "ethV1" -n, --policyname string (required) ex. --policyname "policy1" -p, --policytype string (required) ex. --policytype standard -d, --retlockduration string (optional) ex. --retlockduration 1d (default "12h") -x, --retlockmax string (optional) ex. --retlockmax 45d (default "45d") -m, --retlockmin string (optional) ex. --retlockmin 12h (default "12h") -y, --retlocktype string (optional) ex. --retlocktype compliance (default "governance") -u, --securityuser string (optional) ex. --securityuser ddso -s, --serverdr string (optional) ex. --serverdr "mtree://dd1/datat/col1/ repl-1" -t, --tags string (optional) ex. --tags "NW92,finance,daily"

Policy actions When you run a policy, you can specify multiple --action parameters to define different actions.

Each --action parameter specifies a request operation:

sync copy lock copy-lock sync-copy securecopy analyze

CRCLI password commands For security purposes, do not specify passwords in CRCLI commands.

The CRCLI prompts you for passwords as needed. For example, an administrator name and password a

Manualsnet FAQs

If you want to find out how the 19.5 Dell works, you can view and download the Dell PowerProtect 19.5 Data Manager Cyber Recovery User Guide on the Manualsnet website.

Yes, we have the Cyber Recovery User Guide for Dell 19.5 as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Cyber Recovery User Guide should include all the details that are needed to use a Dell 19.5. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell PowerProtect 19.5 Data Manager Cyber Recovery User Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell PowerProtect 19.5 Data Manager Cyber Recovery User Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell PowerProtect 19.5 Data Manager Cyber Recovery User Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell PowerProtect 19.5 Data Manager Cyber Recovery User Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.5 Data Manager Cyber Recovery User Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.