Cleanroom Recovery to support SaaS, AD, and Pave + Repave

Starting in August 2024, Commvault® Cloud Cleanroom™ Recovery will support SaaS, Active Directory, and Repave using "Golden Image." This release will further emphasize Commvault's commitment to cyber readiness and resilience for our customers.

Cybersecurity breaches are inevitable; customers need to embrace and plan accordingly. Now, SaaS customers can be recovery-ready by conducting cyber recovery testing. Testing has historically been complex and increasingly expensive. This release will enable our SaaS customers to do the same without the complexities and unpredictable expenses.

Cleanroom Recovery for SaaS: How does it work?

Cleanroom Recovery for SaaS provides seamless integration with the SaaS control plane:

• For centralized management.
• Automated scaling of Access nodes and Media Agents to meet the dynamic needs of SaaS workloads.
• Support for multi-tenancy to accommodate diverse environments.
• Comprehensive API access for enhanced automation and tool integration.
• Delivering feature parity between software and SaaS solutions for uniform functionality across deployment models.

Users can log into their SaaS portal, create recovery groups, and perform cleanroom recovery orchestration into their Azure subscription. The experience remains the same, so SaaS customers can perform regular testing to better understand vulnerabilities, incident response and forensics, and high-speed recovery. Cleanroom Recovery in SaaS is a secure and quick recovery of applications into an on-demand cleanroom to enable reliable cyber recovery.

The SaaS Control Plane is within Commvault's infrastructure. If a SaaS customer wants to do a cyber recovery testing or investigation, or a recovery, they would need to identify where the Cleanroom needs to aux copy the backup data into Air Gap Protect.

Once this is available, they create an Azure subscription and bring their own infrastructure (the networking components), and then orchestrate the recovery of the application using Air Gap Protect into the defined Cleanroom. This process can be automated, and any recovery validation can be performed with this being orchestrated.

The difference between software and SaaS is straightforward. In software, the control plane is running inside production, and the first step is to recover it and perform application recovery. In the case of SaaS, the control plane is already within our infrastructure. It is isolated from the customer environment, and we are targeting application recovery.

Active Directory Recovery + Cleanroom Domain Controller Recovery

The August release of Cleanroom Recovery also will include Active Directory. Active Directory is an important component of any application, and when it comes to cyberattacks, attackers don't just infect a singular component, VMs, or databases. They want to insert themselves into the Active Directory as an admin user, make changes, and modify. So, it's mission-critical to make sure that AD is recovered from a clean point. With multiple elements involved in recovering applications, organizations need a single management point that can perform mass recovery.

Cleanroom Recovery support for Active Directory streamlines the entire recovery and recovery validation process. Customers don't need to deploy a new Active Directory or manually recover an Active Directory before performing a cleanroom recovery.

Benefits:

• Accelerate investigations to identify and recover lost directory data as quickly as possible, which is crucial for maintaining operational continuity and security within the organization's IT infrastructure.
• Rollback overwritten or corrupted attributes in mass across hundreds of objects at once.
• Streamlines the recovery process of the entire application, including AD.

Pave / Repave - "Golden Image"

Cleanroom Recovery of VMs using Golden Image enables customers to use templates to create the Azure VM in the cleanroom before restoring the data to the VM.

Benefits:

• Flexibility to use the public marketplace and private custom templates for Azure VM creation enhances recovery precision and adaptability.
• It provides a streamlined recovery process by creating a new Azure VM from a template before restoring data. This allows for a clean and efficient restoration with the complexities of OS drive content.
• Start with a known, trusted configuration, which minimizes the likelihood of reintroducing malicious code into the clean environment.

Prerequisites:

Commvault:

• Application backup aux copied to Commvault Air Gap Protect

Customer Environment:

• Active Directory or other identity management, free of infection, is already up and running in the cleanroom.
• A clean Azure tenant (customer subscription) with
  • Network resources created and configured.
• Resource groups and storage accounts created and configured.
• Key management service encryption key configured.
• IAM Access is configured to access the resources.

Key Requirements for SaaS:

• CRR subscription is required.
  • 10 TB increments
  • Usage is metered based on the amount of data configured in "Recovery Groups."

Support Matrix:

Workloads

• VM's VMware (On-prem, AWS VMC, Azure AVS, Google Cloud VMware, OCI VMware, Azure, AWS, Hyper-V)
• Active Directory (installed on any of the VMs)
• Databases (SQL server, Oracle, and DB2 installed on VMs)

Cleanroom Target

• MSFT Azure

Storage

• Air Gap Protect

Public link

Please use the above public link if you want to share this noodl on another website.