Backup and Recovery All Your Questions Answered During December’s EMEA Commvault Virtual Connections, I was struck by how much it felt like an in-person conference. We had so much great engagement with customers and experts—it was so great to interact with so many people on the hot customer topics of cloud, containers and of course ransomware. January 11, 2021 By Mark Jow During December’s EMEA Commvault Virtual Connections, I was struck by how much it felt like an in-person conference. We had so much great engagement with customers and experts—it was so great to interact with so many people on the hot customer topics of cloud, containers and of course ransomware. Unfortunately, as with all good events, we didn’t have time to get to everyone’s questions. Still, we wanted to make sure that you got the Commvault answers you need to make the most of your data. Below, check out answers from our team of Commvault experts to your questions. CUSTOMER: When Commvault talk about protecting Kubernetes, is it the containers and storage? Or can Commvault backup the registry, the namespace configuration, ingress configuration? Also, is there a way to collect/protect the STDOUT/STDERR from Kubernetes? Will you backup that as well when you protect the container? Marek Kedzierski, Senior Sales Engineer, Commvault: Commvault’s agent for Kubernetes can protect both applications and persistent volumes. An application can be a pod, deployment, stateful set or workload. Our agent automatically protects all resources associated with an application, such as secrets and configmaps. Our persistent volume backup process uses CSI Snapshots. Therefore, our recommendation is to deploy our agent in Kubernetes clusters where persistent volumes are provisioned with storage class backed by the CSI driver. Container registries, namespace and ingress configuration, STDOUT/STDERR generated by pods are currently not supported by our agent. However, our agent is actively updated, and these resources may be protected in the future (of course, no guarantees). Commvault protects an on-premises Kubernetes application and migrates it to Google Kubernetes Engine (GKE). Using the cloud-native integration with Kubernetes and CSI, recovery is fully automated and self-service is enabled from the Commvault Command Center™. CUSTOMER: Do you have a unique portal to configure backups for your client’s accessing the cloud portal? Marek Kedzierski, Senior Sales Engineer, Commvault: If the question relates to Metallic, each customer has full control over what and how their systems and data are protected in the cloud, in a simple-to-use web interface. If the question relates to Commvault software in a shared service, it can be deployed in a multi-tenanted configuration aimed at servicing multiple distinct companies or ‘tenants’ while securely separating access to data and systems. A multi-tenant model is intended to consolidate the data management needs of multiple distinct organizations, companies or tenants. A tenant is typically identified as a separate legal entity along with a separate identity management infrastructure (Active Directory domain, users, and groups). The Commvault Command Center provides role-based access controls and per-Company administration to its tenants. In a multi-tenanted environment – a user from one company cannot see the systems or data from another tenant / company. Additionally, with the user of tenant provided Identity Servers, the tenant remains in complete control of who can access the data management system. Should an employee leave, their account can be disabled, and they immediately lose access to the Commvault system(s). For customers using Commvault for their own purposes in a hybrid cloud, role-based self-service consoles are quick and easy to add to your service catalog. Learn more: Multi-Tenancy in Commvault CUSTOMER: Can Commvault protect workloads in Azure Stack platforms? What about the integration and simplicity? Marek Kedzierski, Senior Sales Engineer, Commvault: Commvault can be easily integrated with both Azure Stack Hub and Azure Stack HCI platforms. With our intuitive web-based interface you can: Backup application-aware virtual machines Easily restore guest files and folders, full virtual machines, or virtual machine disks Convert VMs from a different virtualization platform like VMware with image level conversion to Azure Stack Replicate VMs for disaster recovery with orchestration for failovers Configure backup with global deduplication, compression, and encryption Protect data stored on Azure Stack Block Storage Additional resources: Commvault for Microsoft® Azure Stack CUSTOMER: Does Commvault support seamless integration with cloud platforms (Openstack or VMware Cloud Director)? Christian Kubik, Principal Sales Engineer, Commvault: Commvault supports a wide variety of public and private cloud platforms for IaaS/Virtual Machine backups. This includes not only VMware vCloud Director and OpenStack but also Azure Stack HCI, Azure Stack Hub as private platforms as well as Microsoft Azure, Amazon AWS, Google Cloud and others public cloud providers. An overview of the supported platforms can be found here: Virtualization and Cloud Commvault also integrates into a large number of cloud / object storage platforms – a comprehensive list can be found in our documentation here: Cloud Provider Information CUSTOMER: Is a backup copy to a cloud library like S3 an official offline backup, comparable to a tape backup? Commvault cloud backups are air-gapped for extra protection. So, if Access & Secret Key is used, ransomware should not be able to easily access an S3 bucket as it would need to figure out this information somehow. If additional protection is desired, we can use the WORM functionality provided by Amazon to provide additional protection. There is a new workflow available that can enable WORM protection on cloud libraries. CUSTOMER: Does Commvault support backups of Desktop Laptop clients? How can Commvault achieve that goal over the WAN to protect users’ data who are actually working remotely? Ronnie Kaftal, Senior Sales Engineer, Commvault: Commvault supports the backup and desktops as a software solution (Commvault Backup & Recovery) or as a service (Metallic Desktop and Laptop backup as a service powered by Commvault). Both of these solutions offer block based, incremental forever data protection with source side deduplication and encryption to ensure only unique data blocks will be transferred over the WAN. Commvault is able to achieve high levels of efficiency as we are based on proven technologies which have been used for over a decade in large and small enterprises across the globe. Metallic Desktop and Laptop backup as a service takes it a step further. Unlike traditional on-premise backup software, the Metallic service is delivered on MS Azure from a region near you, so the desktop data doesn’t need to be routed through a corporate firewall or impact the client VPN concentrators. The agent pushed by the service on the user’s desktop will take care of the authentication and encryption of the data before it leaves the end user’s system, plus it will use smart scheduling that will only run when enough power and bandwidth are available for backup. In reality, the end users will probably not even notice that their desktop is being protected regularly. Please give it a try for free here: Cover all your bases with endpoint protection We will love to hear back from you on your experience. CUSTOMER: Since Metallic is running on top of Microsoft Azure, what’s the advantage of using Metallic over Azure native backup? Ronnie Kaftal, Senior Sales Engineer, Commvault: Metallic offers a higher level of data protection and recovery granularity. As we backup data from the client Azure tenant to our service tenant, we can work to ensure that the data will be recoverable in the event the client tenant is compromised or otherwise not available. In addition, with data protection between tenants and Azure Geographical redundant storage blob, we can also index the VM we protect so the customer can browse and recover individual files to any backup point in time and even recover data to a location outside of Azure with no egress charges. Please give it a try for free here: VM & Kubernetes Backup We will love to hear back from you on your experience. CUSTOMER: Is Metallic able to protect an on premise environment as well? Ronnie Kaftal, Senior Sales Engineer, Commvault: Our Metallic hybrid solution is fully supported for on-premise workloads, such as virtual machines, databases and Windows and Linux file servers. Metallic subscribers have the choice of protecting their on-premise service on an on-premise Commvault storage appliance, their own storage devices or directly to the Azure cloud. Many subscribers choose a combination of storage targets to ensure the data is protected on at least two copies, one of them being air gapped and remote from the source location. Please review the different backup options for on-premise workloads on our site here: Simple, smart, secure data protection as a service More related posts Backup and Recovery The Resilience Rundown Podcast: Navigating Active Directory Threats and Protections Sep 19, 2024 View The Resilience Rundown Podcast: Navigating Active Directory Threats and Protections Cyber Resilience Cyber Readiness: Why Disaster Recovery Isn’t Enough in Today’s Threat Landscape Sep 17, 2024 View Cyber Readiness: Why Disaster Recovery Isn’t Enough in Today’s Threat Landscape Backup and Recovery Unlocking Cyber Resilience: The Power of Cleanrooms Sep 16, 2024 View Unlocking Cyber Resilience: The Power of Cleanrooms