Vous êtes sur la page 1sur 713

Rubrik CDM User Guide

Version 5.0

755-0086-01 Rev A6

Rubrik Headquarters: Palo Alto, California 94304


1-844-4RUBRIK www.rubrik.com
Rubrik CDM Version 5.0 User Guide - Copyright © 2015-2019 Rubrik Inc.
All rights reserved. This document may be used free of charge. Selling without prior written consent is prohib-
ited. Obtain permission before redistributing. In all cases, this copyright notice and disclaimer must remain
intact.
Published February, 2019
THE CONTENTS OF THIS DOCUMENT ARE PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO
REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR
TITLE; THAT THE CONTENTS OF THE DOCUMENT ARE SUITABLE FOR ANY PURPOSE; THAT THE
IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS,
TRADEMARKS OR OTHER RIGHTS.
COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL
DAMAGES ARISING OUT OF ANY USE OF THE DOCUMENT OR THE PERFORMANCE OR IMPLEMENTATION OF
THE CONTENTS THEREOF.

Registered in the U.S. Trademark Office


Rubrik, the Rubrik graphic, Rubrik Polaris, Polaris GPS, Polaris Radar, Rubrik Envision, Rubrik Edge, and Datos
IO are trademarks or registered trademarks of Rubrik, Inc. in the U.S. and/or other countries. All other
trademarks are the property of their respective owners.

Rubrik CDM Version 5.0 User Guide 2


Contents

Tables 33
Figures 38
Examples 39
Preface 40
Document purpose ............................................................................................ 40
Revision history ................................................................................................ 40
Support ............................................................................................................ 44
Related documentation ..................................................................................... 45
Comments and suggestions ............................................................................... 45
Product ............................................................................................................ 45
Product documentation ..................................................................................... 45

Chapter 1 Configuration 46
Logging in to the Rubrik CDM web UI ....................................................................... 47
Logging in with a local account .......................................................................... 47
Logging in with an LDAP account ....................................................................... 48
Settings menu ........................................................................................................ 48
Opening the Settings menu ............................................................................... 48
Settings and tasks available through the Settings menu ....................................... 49
Adaptive Backup ..................................................................................................... 51
On-demand snapshots ...................................................................................... 52
Limit types ....................................................................................................... 52
Enabling Adaptive Backup settings ..................................................................... 53
Configuring IPMI .................................................................................................... 53
Configuring iSCSI .................................................................................................... 54
Notification settings ................................................................................................ 56
Rubrik MIB file .................................................................................................. 57

Rubrik CDM Version 5.0 User Guide 3


Configuring outgoing email settings ................................................................... 58
Modifying the outgoing email settings ................................................................ 59
Deleting the outgoing email settings .................................................................. 59
Enabling polling via SNMP ................................................................................. 60
Adding trap receivers ........................................................................................ 61
Downloading the Rubrik MIB file ........................................................................ 61
Configuring email settings for notifications ......................................................... 62
Manage hosts ......................................................................................................... 63
Adding a physical host ...................................................................................... 63
Editing a physical host ...................................................................................... 64
Removing a physical host .................................................................................. 64
Manage storage arrays ........................................................................................... 65
Adding a storage array ...................................................................................... 65
Editing a storage array ...................................................................................... 66
Deleting a storage array .................................................................................... 66
Proxy settings ........................................................................................................ 67
Functions that use Internet access ..................................................................... 67
Proxy implementations ...................................................................................... 68
Configuring proxy server support ....................................................................... 68
Network settings .................................................................................................... 69
Providing network settings ................................................................................ 69
Editing network settings .................................................................................... 70
Network Throttling ................................................................................................. 70
Enabling and configuring replication throttling .................................................... 71
Scheduling replication throttling overrides .......................................................... 71
Enabling and configuring archival throttling ........................................................ 72
Scheduling archival throttling overrides .............................................................. 73
Guest OS settings ................................................................................................... 73
Guest OS credentials ......................................................................................... 74
Providing credentials for a Windows guest .......................................................... 75
Providing credentials for a Linux guest ............................................................... 76
Editing guest OS credentials .............................................................................. 76
Deleting guest OS credentials ............................................................................ 77

Rubrik CDM Version 5.0 User Guide 4


Secure SMB settings ............................................................................................... 78
Enabling Kerberos authentication for SMB shares ................................................ 79
Deleting an AD domain ..................................................................................... 79
Syslog settings ....................................................................................................... 80
Setting up syslog support .................................................................................. 80
Support bundle ...................................................................................................... 81
Creating and downloading a support bundle ....................................................... 81
Time zone setting ................................................................................................... 82
Default time zone ............................................................................................. 82
Time zone setting changes ................................................................................ 82
Setting the cluster time zone ............................................................................. 83
Security banner and classification settings ................................................................ 83
Setting the login banner text ............................................................................. 84
Setting the security classification color and text .................................................. 84
Data sources setting ............................................................................................... 85
Setting data sources ......................................................................................... 85
Opening and closing a Support tunnel ...................................................................... 85
Opening the Support tunnel .............................................................................. 86
Editing the Timeout window .............................................................................. 86
Closing the Support Tunnel ............................................................................... 87
Pause and resume protection activity ....................................................................... 87
Pausing protection activity ................................................................................. 88
Resuming protection activity .............................................................................. 88

Chapter 2 VLAN Tagging 89


Overview ............................................................................................................... 90
Trunk port requirement ..................................................................................... 90
Management Network and Data Network ........................................................... 90
Adding special network VLANs after system setup ..................................................... 92
Managing VLANs .................................................................................................... 93
Adding VLANs from the command line ............................................................... 93
Adding VLANs from the Rubrik CDM web UI ....................................................... 94
Viewing VLANs from the Rubrik CLI ................................................................... 95

Rubrik CDM Version 5.0 User Guide 5


Viewing VLANs through the Rubrik CDM web UI ................................................. 95
Removing a VLAN from the Rubrik CLI ............................................................... 95
Removing a VLAN from the Rubrik CDM web UI .................................................. 96

Chapter 3 User Accounts 98


Overview ............................................................................................................... 99
Authentication .................................................................................................. 99
Roles ..............................................................................................................101
Viewing the Users and Groups page ..................................................................101
Local Authentication ..............................................................................................102
Adding a local user account ..............................................................................102
Editing local user account information ...............................................................103
Changing the role of a local user account ..........................................................104
Removing a local user account .........................................................................104
LDAP authentication ..............................................................................................105
Credentials ......................................................................................................105
Servers ...........................................................................................................106
User and Group settings ...................................................................................107
Adding LDAP servers ........................................................................................108
Specifying credentials for an LDAP server ..........................................................108
Specifying servers, user settings, and group settings ..........................................109
Enabling multifactor authentication ...................................................................109
Viewing LDAP server information ......................................................................110
Deleting an LDAP server ..................................................................................110
User account and group account authorization ...................................................111
Activating a user account or group account .......................................................111
Changing the role of an LDAP account ..............................................................112
Deactivating a user account or group account ...................................................113
Privileges for End User accounts .............................................................................114
Inheritance of privileges ...................................................................................115
End User ability to overwrite original data during restores ..................................116
Assigning virtual machines, folders, and clusters to an End User account .............116
Assigning SQL Server databases to an End User account ....................................117

Rubrik CDM Version 5.0 User Guide 6


Assigning Linux and Unix hosts and host filesets to an End User account .............118
Assigning Windows hosts and host filesets to an End User account .....................119
Assigning NAS hosts to an End User account .....................................................120
Multifactor authentication .......................................................................................120
Multifactor authentication with RSA SecurID ......................................................121
Configuring an RSA Authentication Manager connection .....................................121
Configuring an RSA Cloud Authentication Service connection ..............................122
API tokens ............................................................................................................123
Generating an API token ..................................................................................123
Deleting an API token ......................................................................................124

Chapter 4 Multitenant Organizations 125


Overview ..............................................................................................................126
Tenant organizations and reports ......................................................................126
Tenant organizations and SLA Domains .............................................................127
Tenant organizations and Active Directory domains ............................................127
Tenant organizations and users ........................................................................127
Multitenancy and Rubrik Envoy .........................................................................127
Rubrik Envoy Configuration Workflow ...............................................................128
Create a new tenant organization ...........................................................................129
Naming the organization and adding users or AD groups ....................................129
Protecting objects in an organization .................................................................131
Assigning protection resources to a tenant organization .....................................131
Configuring Rubrik Envoy .................................................................................132
Connecting Rubrik Envoy .................................................................................134
Modifying an existing tenant organization ................................................................135
Deleting a tenant organization ................................................................................136
Effects of deleting a tenant organization ............................................................136

Chapter 5 Protection Policies 137


SLA Domain overview ............................................................................................138
Default SLA Domains .............................................................................................139
Custom SLA Domains .............................................................................................140

Rubrik CDM Version 5.0 User Guide 7


Service Level Agreement ..................................................................................140
Base Frequency ...............................................................................................142
Local retention period ......................................................................................142
SLA Domain name ...........................................................................................142
Creating a custom SLA Domain .........................................................................143
Snapshot window ..................................................................................................146
Configuring a snapshot window ........................................................................146
First full backup .....................................................................................................147
Configuring a first full time ...............................................................................148
SLA Domain changes .............................................................................................149
Editing an SLA Domain .....................................................................................149
Base Frequency changes ..................................................................................149
Base Frequency increased ................................................................................150
Base Frequency decreased ...............................................................................150
Retention Changes ..........................................................................................151
Snapshot retention period increased .................................................................151
Snapshot retention decreased ..........................................................................152
Impact of retention changes on archival policy and replication policy ...................152
Snapshot window changes ...............................................................................152
Take first full changes ......................................................................................153
Delete an SLA Domain ...........................................................................................153
Deleting an SLA Domain ...................................................................................153
Local SLA Domain management .............................................................................154
Viewing all local SLA Domains ..........................................................................154
Information on the Local SLA Domains page ......................................................154
Searching for a local SLA Domain .....................................................................155
Local SLA Domain page .........................................................................................155
Viewing a local SLA Domain page .....................................................................155
Information provided for a local SLA Domain .....................................................156

Chapter 6 Replication 158


Replication overview ..............................................................................................159
Replication policy workflow ..............................................................................159

Rubrik CDM Version 5.0 User Guide 8


Replication target setup .........................................................................................160
Replication using NAT ......................................................................................160
Address mapping .............................................................................................163
Setting up replication using NAT .......................................................................164
Replication using a private network ...................................................................165
Setting up replication using a private network ....................................................165
Removing a replication target ...........................................................................166
Replication policy ...................................................................................................166
Configuring replication policy for an SLA Domain ...............................................167
Replication policy changes ......................................................................................168
Replication policy disabled ................................................................................168
Replication policy re-enabled ............................................................................169
Replication retention period increased ...............................................................169
Replication retention period decreased ..............................................................169
Manage Replications page ......................................................................................170
Viewing the Manage Replication page ...............................................................170
For Replication section .....................................................................................170
Replication Clusters section ..............................................................................170
Replication monitoring and reporting ......................................................................171
Replication tasks in the Activity Log ..................................................................171
Replication tasks in the Protection Tasks Summary report ..................................172
Remote SLA Domains ............................................................................................172
Viewing all remote SLA Domains .......................................................................172
Information on the Remote SLA Domains page ..................................................172
Searching for a remote SLA Domain ..................................................................173
Individual remote SLA domain pages ................................................................173
Viewing the page of a remote SLA Domain ........................................................173
Information provided for a remote SLA Domain .................................................173
Remote data sources .............................................................................................175
Viewing a remote data source page ..................................................................175
Snapshots card or Recovery Points card ............................................................176
Working with a replica .....................................................................................177

Rubrik CDM Version 5.0 User Guide 9


Chapter 7 Archiving 179
Overview ..............................................................................................................180
Archival data security .......................................................................................180
Archival location encryption keys ......................................................................181
Archival workflow ............................................................................................181
Upload of a full archival snapshot .....................................................................182
Multiple archival locations ................................................................................183
Archival bucket exclusivity ................................................................................183
Archival policy .......................................................................................................183
Instant Archive ................................................................................................184
Configuring archival policy for an SLA Domain without Instant Archive ................184
Configuring archival policy for an SLA Domain with Instant Archive .....................186
Archival policy changes ..........................................................................................187
Archival policy disabled ....................................................................................188
Archival policy re-enabled ................................................................................188
Retention on Brik period increased ....................................................................188
Retention on Brik period decreased ...................................................................188
Maximum Retention Period increased ................................................................189
Maximum Retention Period decreased ...............................................................189
Archival Locations page .........................................................................................189
Viewing the Archival Locations page .................................................................189
For Active Archive section ...............................................................................189
Archival Locations section ................................................................................190
Archival location configuration ................................................................................190
Archival location display name ..........................................................................191
Amazon S3 ...........................................................................................................191
Adding an Amazon S3 archival location .............................................................192
Editing the Amazon S3 Archive Location Configuration or Settings .......................194
Amazon Glacier .....................................................................................................196
Amazon Glacier as an Archival Target ...............................................................197
Glacier upload operations .................................................................................197
Glacier retrieval/download operations ...............................................................198

Rubrik CDM Version 5.0 User Guide 10


Glacier Vault Lock operations ............................................................................198
Adding Amazon Glacier as an archival location ...................................................199
Google Cloud Platform ...........................................................................................201
Google Cloud Platform as an Archival Target .....................................................201
Adding Google Cloud Platform as an archival location .........................................202
Microsoft Azure .....................................................................................................204
Adding Microsoft Azure as an archival location ...................................................204
Editing the Microsoft Azure account name and account key ................................206
Object storage system ...........................................................................................209
Host Name value .............................................................................................209
Adding an object storage system as an archival location .....................................210
Editing the object storage system access key and secret key ..............................212
NFS share .............................................................................................................213
Adding an NFS archival location ........................................................................213
Editing an NFS archival location ........................................................................215
QStar tape archive .................................................................................................216
Shared Integral Volume set ..............................................................................216
QStar Host Name value ....................................................................................216
Adding a QStar tape archive as an archival location ...........................................217
Editing the tape archival location ......................................................................218
Reader-writer archival model ..................................................................................219
Creating a reader archival location ....................................................................220
Refreshing a reader archival location .................................................................220
Promoting a reader archival location to an owner archival location ......................221
Pausing an archive ..........................................................................................222
Resuming a paused archive ..............................................................................222
Disaster recovery using an archival location .............................................................223
Source vCenters available for recovery ..............................................................223
Source vCenters unavailable for recovery ..........................................................224
Connecting an Amazon S3 archival location for disaster recovery ........................224
Connecting an Amazon Glacier archival location for disaster recovery ..................225
Connecting a Google Cloud Platform archival location for disaster recovery ..........227
Connecting a Microsoft Azure archival location for disaster recovery ....................228

Rubrik CDM Version 5.0 User Guide 11


Connecting an object storage system archival location for disaster recovery ........230
Connecting an NFS archival location for disaster recovery ...................................231
Connecting a tape archival location for disaster recovery ....................................233
Tests for disaster recovery using an archival location ...............................................234
Cascading archival .................................................................................................235
Data retention settings .....................................................................................235
Potential retention issue ...................................................................................236
Using cascading archival ..................................................................................237
Archival consolidation ............................................................................................238
Archival consolidation for AWS S3 and Azure .....................................................239
Archival consolidation for NFS and S3 Compatible Object Stores .........................239
Enabling archival consolidation .........................................................................239
Archival location proxy ...........................................................................................240
Configuring an S3 archival location proxy ..........................................................240
Configuring an Azure archival location proxy ......................................................241
Archival lifecycle best practices ...............................................................................243
Archival location removal .......................................................................................243
Disconnecting an archival location ....................................................................244
Deleting an archival location .............................................................................245

Chapter 8 Hyper-V Virtual Machines 246


Overview ..............................................................................................................247
Virtual machine protection .....................................................................................247
Automatic protection .......................................................................................248
Rubrik Backup Service software for SCVMM .............................................................248
Prerequisites ...................................................................................................249
Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI ...249
Obtaining the Rubrik Backup Service software by URL ........................................249
Installing the Rubrik Backup Service software on a SCVMM host .........................250
Removing the Rubrik Backup Service from a Windows host ................................251
Hyper-V host management ...............................................................................251
Adding a Windows host ....................................................................................252
Hyper-V host configuration ...............................................................................252

Rubrik CDM Version 5.0 User Guide 12


Rubrik Backup Service software for non SCVMM ......................................................253
Prerequisites ...................................................................................................253
Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI ...254
Obtaining the Rubrik Backup Service software by URL ........................................254
Account used to run the Rubrik Backup Service on a Windows host .....................254
Installing the Rubrik Backup Service software on a Windows host .......................255
Removing the Rubrik Backup Service from a Windows host ................................256
Hyper-V host management ...............................................................................256
Adding a Windows host ....................................................................................257
Hyper-V host configuration ...............................................................................257
SLA Domain assignment .........................................................................................258
Assigning an SLA Domain setting to a virtual machine ........................................258
Assigning an SLA Domain setting to a Hyper-V cluster or server ..........................259
Manage Protection options ...............................................................................260
Removing an SLA Domain setting .....................................................................261
Finding protection objects ......................................................................................262
Displaying all discovered virtual machines .........................................................262
Displaying unprotected virtual machines from the Dashboard .............................262
Displaying unprotected virtual machines from the Hyper-V VMs page ..................262
Sorting virtual machines by using the SLA filter ..................................................263
Finding virtual machines by using the Search field .............................................263
Finding entities by using the object tab .............................................................263
Selecting data sources .....................................................................................264
Protected warning ...........................................................................................264
Protection consequences ........................................................................................265
Protecting a new virtual machine ......................................................................265
Changing the assigned SLA Domain ..................................................................266
Removing protection from a virtual machine ......................................................266
Re-protecting a virtual machine ........................................................................266
Local host page .....................................................................................................267
Viewing a local host page .................................................................................267
Action bar .......................................................................................................268
Overview card .................................................................................................268

Rubrik CDM Version 5.0 User Guide 13


Snapshots card ................................................................................................269
Information available on the day view for a local virtual machine ........................270
Actions available on the day view for a local virtual machine ...............................270
Virtual machine snapshots ......................................................................................272
Performance and scalability ..............................................................................272
Back up processes ...........................................................................................273
Snapshot window ............................................................................................273
Protection exceptions .......................................................................................274
Backup consistency levels ................................................................................274
Application consistency ....................................................................................274
Linux guest OS ................................................................................................274
On-demand snapshots .....................................................................................274
Creating an on-demand snapshot .....................................................................275
Archival snapshots .................................................................................................275
Archival location storage ..................................................................................275
Retention ........................................................................................................275
Recovery and restore of virtual machine data ..........................................................276
Recovery of virtual machines ..................................................................................276
Selecting a snapshot or an archival snapshot .....................................................277
Selecting a replica ...........................................................................................278
Virtual machine recovery ..................................................................................279
Live migration .................................................................................................279
Performing an Instant Recovery ........................................................................279
Performing a Live Mount ..................................................................................280
Performing an Export .......................................................................................281
Powering off after Instant Recovery or Live Mount .............................................282
Unmounting after Instant Recovery or Live Mount .............................................282
Removing a virtual machine entry after live migration ........................................283
Recovery of folders and files ..................................................................................284
Searching for a file or folder .............................................................................284
Browsing for a file or folder ..............................................................................285
Restore files and folders directly to a guest file system .......................................285
Restoring files and folders directly to a guest file system ....................................286

Rubrik CDM Version 5.0 User Guide 14


Restore files and folders by download ...............................................................288
Restoring files or folders by download from notification message ........................288
Restoring files or folders by download from Activity Detail ..................................289
Configuring Chrome to ask for download location ..............................................289
Unmanaged data ...................................................................................................290

Chapter 9 AHV Virtual Machines 291


Overview ..............................................................................................................292
Nutanix cluster management ..................................................................................293
Prerequisites .........................................................................................................293
Nutanix limitations .................................................................................................294
Configuring Nutanix support ...................................................................................294
Installing the Rubrik Backup Service .......................................................................295
RBS on a Windows guest .................................................................................295
Obtaining the RBS software through the Rubrik CDM web UI ..............................295
Obtaining the RBS software by URL ..................................................................296
Account used to run the RBS on a Windows host ...............................................296
Installing the RBS software on a Windows guest ................................................297
Registering a guest ..........................................................................................298
Removing the RBS from a Windows host ...........................................................298
Virtual machine protection .....................................................................................299
Automatic protection .......................................................................................299
Automatic protection rules ...............................................................................299
Unprotected virtual machines ...........................................................................300
SLA Domain assignment .........................................................................................300
Assigning an SLA Domain setting to a virtual machine ........................................301
Assigning an SLA Domain setting to a Nutanix cluster ........................................301
Manage Protection options ...............................................................................302
Removing an SLA Domain setting .....................................................................303
Finding protection objects ......................................................................................304
Displaying all discovered virtual machines .........................................................304
Displaying unprotected virtual machines from the Dashboard .............................304
Displaying unprotected virtual machines from the AHV VMs page ........................304

Rubrik CDM Version 5.0 User Guide 15


Sorting virtual machines by using the SLA filter ..................................................305
Finding virtual machines by using the Search field .............................................305
Finding entities by using the object tab .............................................................305
Selecting data sources .....................................................................................306
Protected warning ...........................................................................................306
Protection consequences ........................................................................................307
Protecting a new virtual machine ......................................................................307
Changing the assigned SLA Domain ..................................................................308
Removing protection from a virtual machine ......................................................308
Re-protecting a virtual machine ........................................................................308
Local host page .....................................................................................................309
Viewing a local virtual machine page .................................................................309
Action bar .......................................................................................................309
Overview card .................................................................................................310
Snapshots card ................................................................................................310
Information available on the day view for a local virtual machine ........................312
Actions available on the day view for a local virtual machine ...............................312
Virtual machine snapshots ......................................................................................313
Performance and scalability ..............................................................................313
Back up processes ...........................................................................................314
Snapshot window ............................................................................................315
Backup consistency levels ................................................................................315
Application consistency ....................................................................................316
VSS Consistency ..............................................................................................316
Configuring snapshot consistency .....................................................................316
On-demand snapshots .....................................................................................317
Creating an on-demand snapshot .....................................................................317
Archival snapshots .................................................................................................318
Archival location storage ..................................................................................318
Retention ........................................................................................................318
Recovery and restore of virtual machine data ..........................................................318
Recovery of virtual machines ..................................................................................319
Selecting a snapshot or an archival snapshot .....................................................319

Rubrik CDM Version 5.0 User Guide 16


Selecting a replica ...........................................................................................320
Virtual machine recovery ..................................................................................320
Performing an Export .......................................................................................321
Recovery of folders and files ..................................................................................321
Searching for a file or folder .............................................................................322
Browsing for a file or folder ..............................................................................322
Restore files and folders directly to a guest file system .......................................323
Restoring files and folders directly to a guest file system ....................................323
Restore files and folders by download ...............................................................324
Restoring files or folders by download from notification message ........................325
Restoring files or folders by download from Activity Detail ..................................325
Configuring Chrome to ask for download location ..............................................326
Unmanaged data ...................................................................................................327

Chapter 10 vSphere Virtual Machines 328


Overview ..............................................................................................................329
Virtual machine protection .....................................................................................329
Automatic protection .......................................................................................329
Automatic protection rules ...............................................................................330
Unprotected virtual machines ...........................................................................331
Virtual machine linking .....................................................................................331
Manage vCenters ...................................................................................................332
vCenter Server privilege requirements ...............................................................333
Adding vCenter Server connection information ...................................................333
Refreshing the metadata provided by a vCenter Server ......................................334
Editing vCenter Server connection information ...................................................334
Deleting vCenter Server connection information .................................................335
SLA Domain assignment .........................................................................................335
Assigning an SLA Domain setting to a virtual machine ........................................336
Assigning an SLA Domain setting to a vCenter Server folder ...............................337
Assigning an SLA Domain setting to a vCenter Server cluster or host ...................338
Manage Protection options ...............................................................................339
Resolving SLA conflicts .....................................................................................340

Rubrik CDM Version 5.0 User Guide 17


Removing an SLA Domain setting .....................................................................340
Virtual machine scripts ...........................................................................................341
Enabling scripts ...............................................................................................342
Storage array integration .......................................................................................343
Datastore requirements for storage array integration .........................................344
Enabling storage array integration for a virtual machine .....................................344
Disabling storage array integration ...................................................................345
Exclude VMDK files ................................................................................................345
Excluding VMDK files of a virtual machine .........................................................346
Finding protection objects ......................................................................................346
Displaying all discovered virtual machines .........................................................346
Displaying unprotected virtual machines from the Dashboard .............................347
Displaying unprotected virtual machines from the VM Protection page .................347
Sorting virtual machines by using the SLA filter ..................................................347
Finding virtual machines by using the Search field .............................................348
Finding entities by using the object tab .............................................................348
Selecting data sources .....................................................................................349
Warning messages ..........................................................................................349
Assignment Conflicts ........................................................................................349
Protected VMs warning ....................................................................................350
VMware tools warning ......................................................................................350
Protection consequences ........................................................................................350
Protecting a new virtual machine ......................................................................351
Changing the assigned SLA Domain ..................................................................351
Removing protection from a virtual machine ......................................................352
Re-protecting a virtual machine ........................................................................352
Local host page .....................................................................................................353
Viewing a local host page .................................................................................353
Action bar .......................................................................................................353
Overview card .................................................................................................355
Snapshots card ................................................................................................356
Information available on the day view for a local virtual machine ........................357
Actions available on the day view for a local virtual machine ...............................358

Rubrik CDM Version 5.0 User Guide 18


Snapshots .............................................................................................................359
Back up processes ...........................................................................................359
Snapshot window ............................................................................................360
Protection exceptions .......................................................................................360
Backup consistency levels ................................................................................360
VMware Tools version ......................................................................................362
Application consistency ....................................................................................362
Specifying crash consistent backups ..................................................................363
Linux guest ...........................................................................................................363
Windows guest ......................................................................................................364
RBS on a Windows guest .................................................................................364
Automatically deploying the RBS .......................................................................365
Obtaining the RBS software through the Rubrik CDM web UI ..............................366
Obtaining the RBS software by URL ..................................................................366
Account used to run the RBS on a Windows host ...............................................367
Installing the RBS software on a Windows guest ................................................367
Registering a guest ..........................................................................................368
Removing the RBS from a Windows host ...........................................................368
Preserving Windows access control list values ....................................................369
On-demand snapshots ...........................................................................................370
Creating an on-demand snapshot .....................................................................370
Recovering and restoring virtual machine data .........................................................371
Recovery of virtual machines ..................................................................................371
Selecting a snapshot or an archival snapshot .....................................................372
Selecting a replica ...........................................................................................373
Virtual machine recovery ..................................................................................374
Live migration .................................................................................................374
Virtual raw disk mappings ................................................................................374
Performing an Instant Recovery ........................................................................375
Creating a Live Mount of a virtual machine snapshot ..........................................376
Creating a Live Mount of a virtual disk snapshot ................................................377
IP address selection for Live Mounts .................................................................378
Performing an Export .......................................................................................379

Rubrik CDM Version 5.0 User Guide 19


Exporting to a standalone host .........................................................................380
Powering off after Instant Recovery or Live Mount .............................................381
Unmounting after Instant Recovery or Live Mount .............................................382
Removing a virtual machine entry after live migration ........................................383
File and folder restore ............................................................................................383
Searching for a file or folder .............................................................................383
Browsing for a file or folder ..............................................................................384
Restore files and folders directly to a guest file system .......................................385
Restoring files and folders directly to a guest file system ....................................385
Restore files and folders by download ...............................................................387
Restoring files or folders by download from notification message ........................387
Restoring files or folders by download from Activity Detail ..................................388
Configuring Chrome to ask for download location ..............................................389
Unmanaged data ...................................................................................................389

Chapter 11 vCloud Director vApps 390


Overview ..............................................................................................................391
Protection and management features ................................................................391
Metadata protection .........................................................................................393
Limitations ......................................................................................................393
Multitenancy and RBAC ....................................................................................393
Protection hierarchy ...............................................................................................394
Interaction with vSphere protection hierarchy ....................................................395
Migration from virtual machine level protection ..................................................395
vCloud Director instances .......................................................................................396
Adding a vCloud Director instance .....................................................................396
Refreshing vCloud Director instances ................................................................397
Editing a vCloud Director instance .....................................................................398
Deleting a vCloud Director instance ...................................................................398
vApp management ................................................................................................399
Finding a vApp through global search ...............................................................399
Finding a vApp through vApp search .................................................................400
Finding a vApp through the vCD Organizations view ...........................................400

Rubrik CDM Version 5.0 User Guide 20


Opening the local page for a vApp ....................................................................400
Enabling synchronization ..................................................................................401
Excluding a virtual machine ..............................................................................401
Including an excluded virtual machine ...............................................................402
Performing tasks with a vApp virtual machine ....................................................402
Protecting a vApp through the vCloud Director hierarchy ....................................403
Protecting a vApp through the vApps tab ..........................................................404
Protecting a vApp through the local page ..........................................................404
Taking an on-demand snapshot of a vApp .........................................................405
Recovery and restore of vApp data .........................................................................405
Recovery workflow ..........................................................................................406
Performing an Instant Recovery of a full vApp ...................................................407
Performing an Instant Recovery of a partial vApp ..............................................408
Exporting a full vApp .......................................................................................409
Exporting a partial vApp ...................................................................................410
Recovering folders and files for download ..........................................................411
Recovering folders and files to overwrite originals ..............................................413
Recovering folders and files to a new location ....................................................414

Chapter 12 CloudOn for AWS 416


Overview ..............................................................................................................417
Prerequisites ...................................................................................................417
AWS AMI tags .................................................................................................420
Configuration and setup workflow ...........................................................................422
Permissions ...........................................................................................................422
Creating an S3 bucket for archiving and cloud instantiation ................................423
Creating a security policy for AWS CloudOn .......................................................423
Creating a user account with access to the bucket .............................................428
VM Import service role ...........................................................................................429
Security group .......................................................................................................429
Security group requirements ............................................................................430
Creating a security group for AWS CloudOn .......................................................430
Configuring S3 Endpoints .................................................................................431

Rubrik CDM Version 5.0 User Guide 21


Cloud conversion settings .......................................................................................431
Incremental snapshot conversion ......................................................................432
Configuring cloud conversion ............................................................................433
Cloud instance management ..................................................................................435
Instantiating a virtual machine on the cloud ......................................................435
Powering off a cloud instance ...........................................................................436
Removing entry ...............................................................................................437
Launching AMIs ...............................................................................................437
Removing cloud instances ................................................................................437
Removing AMIs ...............................................................................................438

Chapter 13 CloudOn for Azure 439


Azure CloudOn overview ........................................................................................440
Prerequisites ...................................................................................................440
Azure CloudOn configuration and setup workflow ....................................................444
Downloading the Rubrik Cloud-On for Azure zip file ..................................................444
Setting up and configuring the PowerShell in Cloud Shell ..........................................445
Configuring Azure Objects ......................................................................................446
Configuring the subnet ..........................................................................................447
Setting up permissions on Azure .............................................................................448
Creating a custom role .....................................................................................450
Adding an Azure CloudOn configuration ..................................................................453
Editing a location to add Azure CloudOn ..................................................................453
Cloud conversion settings .......................................................................................454
Configuring cloud conversion ............................................................................455
Cloud instance management ..................................................................................457
Instantiating a virtual machine on the cloud using managed snapshots ...............457
Instantiating a virtual machine on the cloud using VHDs .....................................458
Powering off a cloud instance ...........................................................................460
Terminating cloud instances .............................................................................460
Removing entry ...............................................................................................460
Launching virtual machines images ...................................................................461
Removing VHDs ..............................................................................................461

Rubrik CDM Version 5.0 User Guide 22


Creating a resource group ................................................................................462
Removing a resource group ..............................................................................463

Chapter 14 Amazon EC2 Instance Backup 464


Overview ..............................................................................................................465
Amazon EC2 instance protection .............................................................................465
Automatic protection .......................................................................................466
Automatic protection rules ...............................................................................466
Configuring an AWS account and user .....................................................................467
Configuring the AWS account security policy ......................................................467
Configuring the Rubrik CDM user ......................................................................469
Adding an AWS account .........................................................................................470
Managing an existing AWS account .........................................................................472
Assigning an SLA to an Amazon EC2 instance ..........................................................473
Excluding EBS volumes ..........................................................................................473
Excluding EBS volumes from the protection assigned to an instance ....................473
Taking an on-demand snapshot ..............................................................................474
Restoring Amazon EC2 instance snapshots ..............................................................475
Downloading files or folders from snapshots ............................................................476

Chapter 15 File Systems 477


Overview ..............................................................................................................478
Hosts and shares combined with filesets ...........................................................479
Protection work flow for host filesets .................................................................479
Protection work flow for storage array filesets ...................................................479
Protection work flow for share filesets ...............................................................479
File system metadata .......................................................................................480
Symbolic links and junctions .............................................................................480
Open files .......................................................................................................481
Direct Archive ..................................................................................................481
Rubrik Backup Service software ..............................................................................481
Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI ...482
Obtaining the Rubrik Backup Service software by URL ........................................483

Rubrik CDM Version 5.0 User Guide 23


Installing the Rubrik Backup Service software on a Linux or Unix host .................484
Account used to run the Rubrik Backup Service on a Windows host .....................485
Installing the Rubrik Backup Service software on a Windows host .......................485
Removing the Rubrik Backup Service from a Linux or Unix host ..........................486
Removing the Rubrik Backup Service from a Solaris host ....................................487
Removing the Rubrik Backup Service from a Windows host ................................488
Host management .................................................................................................488
Adding a host ..................................................................................................489
Editing the stored information for a host ...........................................................489
Removing a host .............................................................................................490
NAS host management ..........................................................................................491
Required Isilon privileges .................................................................................491
Adding a NAS host ...........................................................................................492
Editing the stored information for a NAS host ....................................................493
Removing a NAS host ......................................................................................494
Filesets .................................................................................................................494
Fileset fields, rules, and value types ..................................................................494
Creating a fileset .............................................................................................499
Editing a fileset ...............................................................................................500
Deleting a fileset from a host or share ...............................................................501
Deleting a fileset globally .................................................................................502
Host filesets and share filesets ...............................................................................503
Protecting a host fileset or share fileset .............................................................503
Starting an on-demand backup of a host fileset or share fileset ...........................504
Removing protection for a host fileset or share fileset ........................................505
Storage array integration .......................................................................................506
Adding an array-enabled fileset ........................................................................506
Backup scripts for Linux, Unix, or Windows hosts .....................................................507
Configure backup script behavior ......................................................................507
Enabling host scripts ........................................................................................508
Local host pages and local share pages ...................................................................509
Viewing the local page .....................................................................................509
Viewing a fileset page ......................................................................................510

Rubrik CDM Version 5.0 User Guide 24


Overview card in the local view ........................................................................510
Filesets card ....................................................................................................511
Snapshots card ................................................................................................511
Overview card in a fileset view .........................................................................512
Data recovery from a host fileset or share fileset .....................................................513
Searching for a file, a folder, or a fileset ............................................................513
Browsing for a file, a folder, or a fileset .............................................................514
Restoring a file, a folder, or a fileset .................................................................515
Export path .....................................................................................................516
Showing hidden files on Windows hosts ............................................................518
Exporting a file, a folder, or a fileset .................................................................519
Downloading files or a folder from a fileset snapshot ..........................................519
Full Volume Protection for Windows ........................................................................520
Protecting Windows volumes ............................................................................521
Installing the Rubrik Volume Filter Driver on a Windows host ..............................522
Taking an on-demand backup of a volume group ...............................................522
Restoring a Windows volume ............................................................................523
Live mounting a volume group on a host with Windows and the RBS installed .....523
Downloading the Windows recovery tools ..........................................................524
Restoring the volume group on a host with Windows installed without RBS .........525
Restoring the volume group on a host without Windows ....................................526
Unmanaged data ...................................................................................................528

Chapter 16 Oracle Databases 529


Overview ..............................................................................................................530
Requirements ..................................................................................................531
Migrating from Managed Volumes .....................................................................532
Upgrading to Oracle 12c database ....................................................................532
Auto-discovery of Oracle databases ..................................................................532
SLA Domain managed protection ......................................................................534
Backups of databases and logs .........................................................................534
Database backup .............................................................................................535
Archived redo log backup .................................................................................535

Rubrik CDM Version 5.0 User Guide 25


Point-in-time recovery of Oracle databases ........................................................536
Replication and archival ...................................................................................536
Expiry of database and archived redo log backups .............................................537
Live mount of Oracle databases ........................................................................537
Export of Oracle databases ...............................................................................538
Tablespace recovery ........................................................................................539
Instant recovery of Oracle database ..................................................................540
RMAN channels ...............................................................................................541
Configuration workflow ..........................................................................................542
Adding Oracle hosts and discovering Oracle databases .......................................542
Assigning an SLA Domain to a host or database .................................................543
Assigning RMAN channels to nodes ...................................................................544
Backing up databases ......................................................................................545
Backing up logs ...............................................................................................546
Exporting databases ........................................................................................547
Exporting tablespaces ......................................................................................548
Live mounting an Oracle database ....................................................................549
Creating an on-demand snapshot .....................................................................551
Performing an instant recovery .........................................................................552

Chapter 17 SQL Server Databases 553


Overview ..............................................................................................................554
Point in time recovery ......................................................................................555
Live Mount ......................................................................................................556
Requirements ..................................................................................................556
Supported SQL Server cross version exports ......................................................557
Rubrik Backup Service software ..............................................................................557
Account used to run the Rubrik Backup Service .................................................557
SQL Server role and permissions requirements ..................................................558
Obtaining the Rubrik Backup Service software ...................................................560
Obtaining the Rubrik Backup Service software by URL ........................................561
Installing the Rubrik Backup Service software ....................................................561
Windows Server hosts ............................................................................................562

Rubrik CDM Version 5.0 User Guide 26


Adding a Windows Server host .........................................................................562
Removing a Windows Server host .....................................................................563
SQL Server databases ............................................................................................564
Setting the default log backup frequency ...........................................................564
Managing and protecting databases through a parent object ..............................565
Managing and protecting individual databases ...................................................566
Removing an SLA Domain assignment ...............................................................567
Creating an on-demand snapshot .....................................................................568
Creating a group on demand snapshot task .......................................................569
Creating a tail-log backup ................................................................................570
SQL Change Block Tracking ....................................................................................570
Configuring default CBT settings .......................................................................571
Enabling or disabling CBT on a Windows host ....................................................571
Recovery Points card page .....................................................................................572
Overview card .................................................................................................572
Recovery Points card .......................................................................................573
Database recovery .................................................................................................573
Recovering a database .....................................................................................574
Live mounting a SQL Server database ...............................................................575
Force Unmount ...............................................................................................577
Unmounting a Live Mount database ..................................................................577
Exporting a database .......................................................................................578
Windows Server Failover Clustering ........................................................................580
Automatic detection and display .......................................................................580
Failover events ................................................................................................580
Adding failover clusters ....................................................................................581
Viewing failover clusters and databases .............................................................582
Managing and protecting FCI databases through a parent object ........................582
Managing and protecting individual FCI databases .............................................584
Removing an SLA Domain assignment ...............................................................585
Creating an on-demand snapshot .....................................................................586
Recover or export from FCI database recovery points ........................................586
Always On Availability Groups .................................................................................587

Rubrik CDM Version 5.0 User Guide 27


Exporting or restoring an availability database recovery point .............................588
Workflow to restore a database into an Always On Availability Group ..................589
Unmanaged data ...................................................................................................589

Chapter 18 SAP HANA Databases 590


Overview ..............................................................................................................591
SAP HANA backup retention ...................................................................................591
Rubrik Backup Service ...........................................................................................592
Obtaining the Rubrik Backup Service software ...................................................592
Obtaining the Rubrik Backup Service software by URL ........................................593
Installing the Rubrik Backup Service software ....................................................593
Requirements for using sap_hana_bootstrap_main ..................................................594
Registering SAP HANA database .............................................................................595
Configuring Rubrik backup for SAP HANA databases ................................................596
Deleting the Rubrik Backup Service software ...........................................................597
Backing up a SAP HANA database ...........................................................................598
Viewing the backup catalog ..............................................................................598
Restoring a SAP HANA database .............................................................................599
Copying a database from an external host ...............................................................600
Restoring a database from a managed volume snapshot ..........................................601
Pausing Backint backups ........................................................................................603
Resuming Backint backups .....................................................................................603

Chapter 19 Managed Volumes 605


Overview ..............................................................................................................606
Configuration workflow ....................................................................................606
Floating IP addresses .............................................................................................606
Setting up floating IP addresses .......................................................................607
Creating a managed volume ...................................................................................608
Editing a managed volume .....................................................................................610
Deleting a managed volume ...................................................................................611
Managing protection with SLA Domains ...................................................................612
Assigning a managed volume to an SLA Domain ................................................612

Rubrik CDM Version 5.0 User Guide 28


Snapshot-level protection .......................................................................................613
Specifying managed volume snapshot assignment .............................................613
Live mounting a managed volume snapshot ......................................................614
Deleting an unmanaged on-demand snapshot ...................................................615
Creating user accounts for managed volumes ..........................................................615
The managed volume local page ............................................................................617
Viewing a managed volume local page ..............................................................617
Action bar .......................................................................................................618
Overview card .................................................................................................618
Snapshots card ................................................................................................619

Chapter 20 Retention Management 620


Overview ..............................................................................................................621
Snapshot Retention page .......................................................................................622
Opening the Snapshot Retention page ..............................................................622
Information available at the data source level of the Snapshot Retention page .....622
Filters available at the data source level of the Snapshot Retention page .............624
Viewing the object level of the Snapshot Retention page ....................................624
Information available at the object level of the Snapshot Retention page .............624
Filters available at the object level of the Snapshot Retention page .....................625
Relic data sources ...........................................................................................626
Working with a data source ....................................................................................627
Unprotecting a data source ....................................................................................628
Changing the retention policy on an on-demand snapshot ........................................628
Changing the retention policy on a scheduled snapshot ............................................629
Deleting snapshots for a data source ......................................................................629
Removing individual snapshots for a data source .....................................................630
Removing retrieved content for a database .............................................................630

Chapter 21 Reports 632


Overview ..............................................................................................................633
Default reports and the Summary view .............................................................633
Viewing summary information from a default report ...........................................634

Rubrik CDM Version 5.0 User Guide 29


Displaying a report ..........................................................................................634
Creating a custom report .................................................................................634
Report customization elements .........................................................................635
Editing an existing report .................................................................................646
Filtering and searching in a report data table .....................................................646
Exporting a report data table ............................................................................647
Scheduling a report .........................................................................................647
Changing ownership of a scheduled report email subscription .............................648
Changing a report schedule ..............................................................................649
Removing a report schedule .............................................................................649
SLA Compliance Summary report ............................................................................650
Viewing the SLA Compliance Summary report ....................................................650
Object Backup Task Summary report ......................................................................650
Viewing the Object Backup Task Summary report ..............................................650
Protection Tasks Summary report ...........................................................................651
Viewing the Protection Tasks Summary report ...................................................651
Protection Tasks Details report ...............................................................................651
Viewing the Protection Tasks Details report .......................................................651
Recovery Tasks Details report ................................................................................652
Viewing the Recovery Tasks Details report ........................................................652
Object Protection Summary report ..........................................................................652
Viewing the Object Protection Summary report ..................................................652
Capacity Over Time report .....................................................................................653
Viewing the Capacity Over Time report .............................................................653
System Capacity report ..........................................................................................653
Viewing the System Capacity report ..................................................................653

Chapter 22 System and Task Information 654


Overview ..............................................................................................................655
Data measurements .........................................................................................655
Dashboards ...........................................................................................................656
Viewing the main dashboard ............................................................................657
Information provided by the main dashboard ....................................................658

Rubrik CDM Version 5.0 User Guide 30


Viewing the System Overview dashboard ..........................................................659
Storage graphic ...............................................................................................660
Information provided by the System Overview dashboard ..................................660
Viewing the Nodes page and node dashboards ..................................................661
Viewing the Reports Overview dashboard ..........................................................661
Information provided by the Reports Overview dashboard ..................................661
Activity Log ...........................................................................................................663
Viewing Activity Log messages .........................................................................663
Filtering messages ...........................................................................................664
Viewing activity details .....................................................................................664
Information provided by Activity Log messages .................................................665
Activity Log filters ............................................................................................666
Specifying a custom date range ..............................................................................666

Appendix A Ports 668


All Rubrik port requirements ...................................................................................669
Additional network requirement ..............................................................................674
Rubrik cluster inbound ports ...................................................................................674
Rubrik cluster outbound ports ................................................................................676
Ports used for communication between nodes in a cluster ........................................678
Archiving ports ......................................................................................................678
Cloud ports ...........................................................................................................679
Replication port .....................................................................................................681

Appendix B Minimum vCenter Server Privileges 682


Minimum required privileges ...................................................................................683

Appendix C Archive Preparation 689


Generating an RSA key ..........................................................................................690
Preparing to use Amazon S3 as an archival location .................................................690
Creating an S3 bucket ......................................................................................690
Creating a security policy for the bucket ............................................................691
Creating a user account with access to the bucket .............................................693
Preparing to use Amazon Glacier as an archival location ...........................................694

Rubrik CDM Version 5.0 User Guide 31


Creating a Glacier vault ....................................................................................695
Creating a security policy for the vault ..............................................................696
Creating a user account with access to the vault ................................................697
Preparing to use GCP as an archival location ...........................................................698
Preparing Microsoft Azure as an archival location .....................................................699
Preparing Cleversafe as an archival location ............................................................700
Preparing Scality as an archival location ..................................................................703
Preparing to use an NFS share as an archival location ..............................................704
Preparing an Isilon NFS share as an archival location ...............................................705
Preparing a QStar Integral Volume as an archival location ........................................706
Determine the cache size .................................................................................706
Initial requirements .........................................................................................707
Setting up the QStar Integral Volume set ..........................................................707

Appendix D Active Directory Account 710


Overview ..............................................................................................................711
Permissions required for the initialization account ....................................................711
Delegating the permissions to the initialization account ............................................712
Confirming the delegation of permissions ................................................................713

Rubrik CDM Version 5.0 User Guide 32


Tables

Documentation revision history ................................................................................ 40


Settings and tasks .................................................................................................. 49
Limit types considered by Adaptive Backup settings .................................................. 52
Traps in the Rubrik MIB file ..................................................................................... 57
Required outgoing email settings ............................................................................. 58
Storage array integration requirements .................................................................... 65
Functions that require Internet access ...................................................................... 67
Network information ............................................................................................... 69
Impact of changes between two time zone settings ................................................... 83
Impact of using the pause feature ........................................................................... 87
Special network VLAN requirements ......................................................................... 91
Comparison of Local and LDAP authentication ........................................................... 99
LDAP credentials ................................................................................................... 105
User settings ........................................................................................................ 107
Group settings ...................................................................................................... 107
End User role privileges ......................................................................................... 115
Rubrik Envoy features ........................................................................................... 128
Data protection policies available through the SLA Domain feature ........................... 138
Data protection objects created by SLA Domain policies .......................................... 139
SLA rules for the default SLA Domains .................................................................... 139
Rule types in the Service Level Agreement section .................................................. 141
Rule types in the advanced Service Level Agreement section ................................... 141
Columns on the Local SLA Domains page ............................................................... 154
Information on the page for a local SLA Domain ..................................................... 156
Requirements for replication using NAT .................................................................. 163
Replication retention slider settings ........................................................................ 167
Information provided by the Replication Clusters information card ............................ 171
Columns on the Remote SLA Domains page ............................................................ 172
Information provided for a remote SLA Domain ...................................................... 173

Rubrik CDM Version 5.0 User Guide 33


Status colors used on the Snapshots card calendar views .........................................176
Calendar views on the Snapshots card ....................................................................177
Factors that require upload of a full archival snapshot ..............................................182
Information provided on an archival location card ....................................................190
Glacier archival parameters ....................................................................................197
Google Cloud Platform archival parameters .............................................................201
Object storage system vendor choices ....................................................................209
Archival location states ..........................................................................................219
Supported operations for archival states ..................................................................219
Data retention settings ..........................................................................................235
Archival Lifecycle Management ...............................................................................243
Options available through the Manage Protection dialog box .....................................260
Impact of SLA Domain properties on snapshots .......................................................265
Actions available from the action bar ......................................................................268
Information available on the Overview card .............................................................268
Status colors used on the calendar views ................................................................269
Calendar views on the Snapshots card ....................................................................269
Additional snapshot information in the day view ......................................................270
Actions available for snapshots on the local Rubrik cluster ........................................271
Actions available for snapshots that reside on an archival location .............................272
Differences between recovery actions ....................................................................276
Recovery actions available for data protection objects ..............................................277
Nutanix limitations .................................................................................................294
Unprotected virtual machines in the Rubrik CDM web UI ..........................................300
Options available through the Manage Protection dialog box .....................................302
Impact of SLA Domain properties on snapshots .......................................................307
Actions available from the action bar ......................................................................309
Information available on the Overview card .............................................................310
Status colors used on the calendar views ................................................................310
Calendar views on the Snapshots card ....................................................................311
Additional snapshot information in the day view ......................................................312
Actions available for snapshots that reside on the local Rubrik cluster .......................313
Actions available for snapshots that reside on an archival location .............................313

Rubrik CDM Version 5.0 User Guide 34


Backup consistency levels ......................................................................................315
Unprotected virtual machines in the Rubrik CDM web UI ..........................................331
Options available through the Manage Protection dialog box .....................................339
Virtual machine Pre/Post Scripts .............................................................................341
Impact of SLA Domain properties on snapshots .......................................................351
Actions available from the action bar ......................................................................353
Information available on the Overview card .............................................................355
Status colors used on the calendar views ................................................................356
Calendar views on the Snapshots card ....................................................................356
Additional snapshot information in the day view ......................................................357
Actions available for snapshots that reside on the local Rubrik cluster .......................358
Actions available for snapshots that reside on an archival location .............................359
Backup consistency levels ......................................................................................360
Requirements for acquiring Windows guest ACL values ............................................369
Differences between recovery actions ....................................................................371
Recovery actions available for data protection objects ..............................................372
Protection and management features provided for vApps .........................................391
Protected vApp metadata .......................................................................................393
Limitations with vApp support ................................................................................393
Actions for vCloud Director instances ......................................................................396
Tasks available for vApps page ...............................................................................399
Recovery operations ..............................................................................................405
Network options during Instant Recovery and Export ...............................................406
Source virtual machine pre-configuration .................................................................419
Supported and unsupported virtual machine configuration ........................................419
AMI tags ...............................................................................................................420
Transient compute instance tags ............................................................................421
Cloud conversion settings .......................................................................................432
Transient compute properties .................................................................................433
Source virtual machine pre-configuration .................................................................443
Supported and unsupported virtual machine configuration ........................................443
Cloud conversion settings .......................................................................................455
Data management and protection provided for Amazon EC2 instances ......................465

Rubrik CDM Version 5.0 User Guide 35


Amazon EC2 Instance summary information ............................................................471
Data management and protection provided for file systems ......................................478
Metadata preserved and include in restores and exports ...........................................480
Isilon OneFS privileges ...........................................................................................491
Fileset fields common to all host types ....................................................................495
Fileset fields specific to some host types .................................................................495
Fileset description rules common to all host types ....................................................496
Fileset description rules specific to host types ..........................................................496
Value types ...........................................................................................................497
Overview card in the local view ..............................................................................510
Filesets card in the local view .................................................................................511
Status colors used on the calendar views ................................................................511
Calendar views on the Snapshots card ....................................................................512
Overview card in a fileset view ...............................................................................512
Windows volume group recovery tools ....................................................................525
Data management provided for Oracle databases ....................................................530
System requirements for Oracle databases ..............................................................531
Oracle data source page details ..............................................................................533
Recommendations for Oracle database protection ....................................................541
Data management provided for SQL Server databases .............................................554
System requirements for SQL Server databases .......................................................556
Role requirements for the Rubrik Backup Service account .........................................558
Overview card on the Recovery Points card page .....................................................572
SQL Server database settings affecting availability group protection ..........................587
SAP HANA backup retention example ......................................................................591
Floating IP address requirements ............................................................................607
Recommendations for managed volume settings ......................................................608
Actions available from the action bar ......................................................................618
Information available on the Overview card .............................................................618
Fields at the data source level on Unmanaged Snapshots .........................................623
Fields at the object level on the Snapshot Retention page ........................................624
Filters at the object level on snapshots ....................................................................625
Rubrik cluster actions for relic events ......................................................................626

Rubrik CDM Version 5.0 User Guide 36


Chart availability in reports .....................................................................................635
Filter availability in reports .....................................................................................636
Measure availability in reports ................................................................................637
Attribute availability in reports ................................................................................641
Table customizations available in reports .................................................................642
Information delivery methods .................................................................................655
Comparison of data prefix definitions ......................................................................656
Dashboards available through the Rubrik CDM web UI .............................................656
Information provided by the main dashboard ..........................................................658
Information provided by the system donut graph .....................................................659
Information provided by the System Overview dashboard ........................................660
Information on the Reports Overview dashboard .....................................................661
Information in the System Usage column ................................................................662
Information in the Local Overview column ...............................................................662
Information provided by Activity Log messages .......................................................665
Activity Log filters ..................................................................................................666
All required ports ...................................................................................................669
All uses of secure port 443 TCP ..............................................................................673
Rubrik cluster inbound ports ...................................................................................674
Rubrik cluster outbound ports ................................................................................676
Rubrik cluster node to node ports ...........................................................................678
Archiving ports ......................................................................................................678
Azure port requirements ........................................................................................679
AWS port requirements ..........................................................................................680
Replication ports ...................................................................................................681
Minimum vCenter Server privileges required by Rubrik .............................................683
Recommended and required export settings ............................................................704
Cache size factors ..................................................................................................706
Rubrik requirements for a QStar tape archival location .............................................707
Actions on the New Integral Volume Parameters dialog ............................................708
Permissions for the single-use initialization account ..................................................711

Rubrik CDM Version 5.0 User Guide 37


Figures

Create Organization wizard - Protectable Objects section ......................................... 130


Replication using NAT ........................................................................................... 162
Example of settings for NAT .................................................................................. 162
Protection hierarchy .............................................................................................. 394
Local host page for a virtual machine ..................................................................... 434
Azure Cloud Shell icon ........................................................................................... 445
PowerShell prompt in Cloud Shell window ............................................................... 446
Local host page for a virtual machine ..................................................................... 456
Domain user account in local Administrators group .................................................. 558
Assigning server-level roles and database-level roles ............................................... 559
Assigning additional permissions ............................................................................ 560
Filter By Custom Range dialog box ......................................................................... 667

Rubrik CDM Version 5.0 User Guide 38


Examples

Rescheduling caused by Adaptive Backup settings ..................................................... 51


Increasing Base Frequency .................................................................................... 150
Decreasing Base Frequency ................................................................................... 151
Increasing snapshot retention ................................................................................ 151
Decreasing snapshot retention ............................................................................... 152
Archival policy without Instant Archive ................................................................... 185
Archival policy with Instant Archive ........................................................................ 187
Cascading archival with early expiration of data ...................................................... 236
Assigning a protected virtual machine to another SLA Domain .................................. 266
Automatic protection rules applied ......................................................................... 330
Assigning a protected virtual machine to another SLA Domain .................................. 351
Re-protecting a virtual machine ............................................................................. 352
Creating a static route for a Live Mount .................................................................. 378
Automatic protection rules applied ......................................................................... 466
Linux or Unix fileset with Include, Exclude, and Do Not Exclude ............................... 498
Windows fileset with Include, Exclude and Do Not Exclude ...................................... 498
Exporting a file from a fileset backup of a Linux or Unix host ................................... 517
Exporting a file from a fileset backup of a Windows host ......................................... 517
Exporting a file from a fileset backup of a NAS share (SMB) ..................................... 518

Rubrik CDM Version 5.0 User Guide 39


Preface

Welcome to Rubrik. We appreciate your interest in our products. Rubrik is continually working to
improve its products and regularly releases revisions and new versions. Some information
provided by this guide may not apply to a particular revision or version of a product. Review the
release notes for the product to see the most up-to-date information about that product.

Document purpose
The purpose of this guide is to provide information about configuring, administering, and using
Rubrik clusters.

Revision history
Table 1 provides the revision history of this guide.
Table 1 Documentation revision history (page 1 of 5)
Revision Date Description
Rev. A0 October, 2018 Early Access release of Rubrik CDM version 5.0.
Rev. A1 October, 2018 • Added QStar port requirement to Ports.
• Added the ports required for Rubrik CloudOut and CloudOn to Ports.
• Added an additional vCenter Server privilege requirement in the
Resource category to support vCloud Director vApps, in Minimum
vCenter Server Privileges.
Rev. A2 November, 2018 • Added details on ports used by the SMB protocol for Volume Group
backups in Full Volume Protection for Windows.
• Added vCenter Server requirement to enable a Rubrik cluster to
unmount a virtual disk that is mounted during a Live Mount operation, in
Minimum vCenter Server Privileges.
• Removed port 7780 and added port 8077 to Ports.
• Documented UI additions to the system-configuration cluster settings in
Configuration.
• Added support for AIX 6.1 to File Systems.
• Temporarily excluded the User Accounts chapter to work on the
transition from Active Directory authentication to LDAP authentication.

Rubrik CDM Version 5.0 User Guide 40


Table 1 Documentation revision history (page 2 of 5)
Revision Date Description
Rev. A3 December, 2018 • Included the User Accounts chapter, along with updated information on
LDAP authentication.
• Added a note that Backup Window settings for the SLA Domain of a
virtual machine do not apply to on-demand snapshots. The note is in AHV
Virtual Machines, Hyper-V Virtual Machines, and vSphere Virtual
Machines.
• Updated Live mounting a SQL Server database with limitations on live
mounting for SQL Server databases that use file-streams or in-memory
tables.
• Added a note that instantiating Windows virtual machines with
BitLocker-enabled volumes is not supported by CloudOn for either AWS
or Azure. The note is in CloudOn for AWS and CloudOn for Azure.
• Updated vSphere Virtual Machines with a section on exporting a
snapshot to a temporary, standalone ESXi host that is not protected
under vCenter.
• Added Oracle database data source feature to Oracle Databases.
• Added destination port for Pure Storage arrays in Ports.
• Updated SAP HANA Databases with feedback from EA2 reviews and
added new subsections.
• Updated ports used by SAP HANA databases in Ports.

Rubrik CDM Version 5.0 User Guide 41


Table 1 Documentation revision history (page 3 of 5)
Revision Date Description
Rev. A4 December, 2018 Directed Availability release of Rubrik CDM version 5.0.
• Added a note that network throttling is not supported for archiving to any
location that does not use port 443, such as NFS targets and QStar tape.
The note is in Configuration.
• Updated Managed Volumes with information that the maximum number
of managed volume channels is based on the resources available on the
node, ranging from 4 to 32.
• Port 12500 TCP is no longer used to allow an ESXi host to perform an
NFS Live Mount to acquire a virtual machine. It has been removed from
Ports.
• Added prerequisites for Windows Full Volume Protection in File Systems.
• Added steps to clarify IAM permissions in CloudOn for Azure.
• Added port 2074, which permits secure communication between the
Rubrik cluster and the Nutanix Guest Agent (NGA). The information is in
Ports.
• Added LDAP ports 389, 636, 3268 and 3269 to Ports.
• Updated description for Floating IPs in the Network information table in
Configuration.
• Updated AHV Virtual Machines to include command to determine the
Nutanix public key certificate.
• Explained where to generate CA Certificates for Isilon and NetApp hosts
in File Systems.
• Added information about trusted root certificates for vCenter Server
connections in vSphere Virtual Machines.
• Updated Configuration with changes to the section that describes using
the built-in tunnel utility. The utility permits Rubrik Support to connect
securely and remotely to the Rubrik cluster for troubleshooting.

Rubrik CDM Version 5.0 User Guide 42


Table 1 Documentation revision history (page 4 of 5)
Revision Date Description
Rev. A5 January, 2019 General Availability release of Rubrik CDM version 5.0.
• Added information about Solaris support to File Systems.
• In 5.0, the Notifications (bell) icon was removed and the information was
merged under the Activity Log (globe) icon. This was updated in System
and Task Information.
• Updated a local host page note regarding on-demand snapshot settings
for the SLA Domain of a virtual machine.This is in AHV Virtual Machines,
Hyper-V Virtual Machines, and vSphere Virtual Machines.
• Added a note describing how vCenter privileges also protect vCloud
Director accounts, but that vCloud Director accounts must be System
Administrator accounts. This update is in Minimum vCenter Server
Privileges.
• Updated Oracle database auto-discovery prerequisites with information
about what to do when no previous database exists on the Oracle
host.This is in Oracle Databases.
• Added information about the tablespace auxiliary destination directory to
Oracle Databases.
• Added ESXi host as a destination for TCP port 443 from Rubrik cluster in
Ports. This port assignment exists only in release 5.0.0.
• Added TCP ports for communication between Rubrik node and Isilon and
NetApp in Ports.
• Added the Bolt subnet as a destination for communication with Rubrik
cluster in Ports.
• Added a section on migrating from Managed Volumes in Oracle
Databases.
• Added ports required for communication between Rubrik Envoy
managed service provider and Rubrik cluster in Ports.
• Updated Cascading archival section in Archiving.
• Made general updates in Protection Policies.
• Added information on storage array integration using Pure Storage
FlashArray on an AIX host to the Filesets section of File Systems.
• Added note that Guest OS credentials are required in order to execute
pre-backup and post-backup scripts. The note appears in Configuration
and vSphere Virtual Machines.

Rubrik CDM Version 5.0 User Guide 43


Table 1 Documentation revision history (page 5 of 5)
Revision Date Description
Rev. A6 February, 2019 • Added sections for SAP HANA backup retention, Pausing Backint
backups, and Resuming Backint backups to SAP HANA Databases.
• Corrected information about how SLA settings are applied when creating
on-demand snapshots. Information is in AHV Virtual Machines, Hyper-V
Virtual Machines, and vSphere Virtual Machines.
• Updated security requirements in Hyper-V Virtual Machines.
• Updated Archival Consolidation in Archiving.
• Updated Solaris configuration information in File Systems.
• Added a note in Managed Volumes describing the behavior of a first
snapshot in a managed volume regarding data transfer values shown.
• Added a comment to the table on data management for SQL server
databases in SQL Server Databases explaining that snapshots in
snapshot groups are counted by group, rather than by individual
snapshot.

Support
Use one of the following methods to contact Rubrik Support:

Web https://support.rubrik.com

Phone 1-844-4RUBRIK, option 2


1-844-478-2745, option 2

Email support@rubrik.com

Rubrik CDM Version 5.0 User Guide 44


Related documentation
The following Rubrik publications provide additional information:
 Rubrik CDM Release Notes
 Rubrik CDM Install and Upgrade Guide
 Rubrik CDM Security Guide
 Rubrik CDM Cloud Cluster Setup Guide
 Rubrik CDM Rubrik Edge Setup Guide
 Rubrik CDM Hardware Guide
 Rubrik CDM CLI Reference Guide
 Rubrik CDM Compatibility Matrix

Comments and suggestions


We welcome your comments and suggestions about our products and our product documentation.

Product
To provide comments and suggestions about the product, contact Rubrik Support by using the
information provided in Support.

Product documentation
To provide comments and suggestions about the product documentation, please send your
message by email to:
techpubs@rubrik.com
To help us find the documentation content that is the subject of your comments, please include
the following information:
 Full title
 Part number
 Revision
 Relevant pages

Rubrik CDM Version 5.0 User Guide 45


Chapter 1
Configuration

This chapter describes how to configure a Rubrik cluster and perform other system tasks.
 Logging in to the Rubrik CDM web UI......................................................................... 47
 Settings menu .......................................................................................................... 48
 Adaptive Backup ....................................................................................................... 51
 Configuring IPMI ...................................................................................................... 53
 Configuring iSCSI...................................................................................................... 54
 Notification settings .................................................................................................. 56
 Enabling polling via SNMP ......................................................................................... 60
 Manage storage arrays.............................................................................................. 65
 Proxy settings........................................................................................................... 67
 Network settings....................................................................................................... 69
 Network Throttling.................................................................................................... 70
 Guest OS settings ..................................................................................................... 73
 Secure SMB settings ................................................................................................. 78
 Syslog settings ......................................................................................................... 80
 Support bundle......................................................................................................... 81
 Time zone setting ..................................................................................................... 82
 Security banner and classification settings .................................................................. 83
 Data sources setting ................................................................................................. 85
 Opening and closing a Support tunnel ........................................................................ 85
 Pause and resume protection activity ......................................................................... 87

Rubrik CDM Version 5.0 User Guide Configuration 46


Configuration

Logging in to the Rubrik CDM web UI


To log in to the Rubrik CDM web UI for the first time, use the default ‘admin’ account and
password.
1. On a computer with network access to the Rubrik cluster, start a web browser.
2. In the address field, type the following URL:
https://<RubrikCluster>
where <RubrikCluster> is the resolvable hostname or IP address of the Rubrik cluster.
The Welcome page appears.
3. In Username, type admin.
4. In Password, type the password for the admin account.
Use the password for the admin account that was created during system setup.
5. Click Sign In.
At the first login, the End User License Agreement appears.
6. Click I Agree to continue.
The Dashboard page for the web UI appears.

Note: When the Rubrik cluster has not been registered, a notification appears on each page of
the web UI. The Rubrik Install and Upgrade Guide provides detailed information about how to
register the Rubrik cluster.

Logging in with a local account


Users who have an account in the local directory on the Rubrik cluster can log in with their local
account credentials. During login, the Domain field is left blank, since local users are not part of an
LDAP domain.
1. Access the Rubrik CDM UI Welcome screen.
2. In Username, type the username assigned to the local account.
3. In Password, type the password for the account.
4. Click Sign In.
The Dashboard page for the web UI appears.

Rubrik CDM Version 5.0 User Guide Logging in to the Rubrik CDM web UI 47
Configuration

Logging in with an LDAP account


Authentication through an LDAP domain requires a user name and password associated with that
domain. If a user is a member of multiple LDAP domains, the user should indicate which domain
to use for authentication.
If no domain is specified during login, the Rubrik cluster searches all LDAP domains randomly until
it finds the first occurrence of the user name. The password entered by the user must match the
password stored in the LDAP directory that was found during the search, or login fails.
1. Access the Rubrik UI Welcome screen.
2. In Username, type the username associated with the LDAP account.
3. In Password, type the password for the account.
4. In Domain or Domain Display Name, type the name of the LDAP domain that contains the
login credentials to be used for authentication.
5. Click Sign In.
The Rubrik cluster authenticates the username through the specified LDAP domain, with one of
the following results:
• Authentication fails.
• Authentication succeeds, but access is denied because the user account has the No Access
role assigned.
• Authentication succeeds, and access is permitted. The Dashboard page for the web UI
appears.

Settings menu
The web UI provides access to Rubrik cluster settings and tasks through the Settings menu.

Opening the Settings menu


The Settings menu provides access to Rubrik cluster settings and tasks.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The Settings menu appears.

Rubrik CDM Version 5.0 User Guide Settings menu 48


Configuration

Settings and tasks available through the Settings menu


Table 2 summarizes the settings and tasks that are available through the Settings menu and
provides links to sections that provide more information.
Table 2 Settings and tasks (page 1 of 3)
Menu item Description
Application Configuration
vCenter Add, view, edit, and delete vCenter Servers.
Servers See vSphere Virtual Machines for more information.
vCD Instances Add, refresh, edit, and delete vCloud Director instances. See vCloud Director instances
for more information.
SCVMM Add, view, edit, and delete Microsoft System Center Virtual Machine Managers
servers (SCVMMs).
See Hyper-V Virtual Machines for more information.
Nutanix Add, view, edit, and delete Nutanix Clusters.
Clusters See AHV Virtual Machines for more information.
Hosts Add, view, edit, and delete physical Windows, Linux, and Unix hosts.
See Enabling polling via SNMP for more information.
Cloud Sources Configure the accounts and regions on which instances need to be protected.
Guest OS Provide credentials to access the guest operating systems. Also, control deployment of
Settings the Rubrik Backup Service (RBS) to vSphere virtual machines that have a Windows guest
operating system.
See Guest OS settings for more information.
System Configuration
Replication Add and remove a Rubrik cluster as a replication target and view information about
Targets replication activity.
See Replication for more information.
Archival Provide the connection settings for an archival location, view information about archival
Locations activity, and initiate a recovery connection.
See Archiving for more information.
Storage Arrays Add, edit, and remove configuration information for storage arrays.
See Manage storage arrays for more information.
Adaptive Configure the Rubrik cluster to pause backup of a virtual machine when resource usage
Backup exceeds set values.
See Adaptive Backup for more information.
Pause Manual pause and resume of all backup jobs and archival jobs.
Protection See Pause and resume protection activity for more information.
Resume
Protection

Rubrik CDM Version 5.0 User Guide Settings menu 49


Configuration

Table 2 Settings and tasks (page 2 of 3)


Menu item Description
TLS Install or delete signed Transport Layer Security (TLS) certificates, and generate
Certificates Certificate Signing Requests (CSRs).
For more information, refer to the Rubrik CDM Security Guide.
IPMI Provide more security for the baseboard management controller on the Rubrik nodes by
Credentials setting an IPMI password.
See Configuring IPMI for more information.
iSCSI Sources Provide and view the connection settings for an iSCSI data connection.
See Configuring iSCSI for more information.
Cluster Set Rubrik cluster name and time zone and set visibility settings for Data Sources.
Settings See Time zone setting and Data sources setting for more information.
Syslog Provide connection information for a syslog server to permit transmission of Rubrik
Settings cluster notifications in syslog format to that server.
See Syslog settings for more information.
SMB Security Enable secure SMB connections. Add domain name and credentials for secure SMB
domains once enabled.
See Secure SMB settings for more information.
Network Configuration
Proxy Settings Provide the Rubrik cluster with proxy configuration information for external connections.
See Proxy settings for more information.
Network Provide connection information for NTP servers, DNS servers, and search domains. Also
Settings provides information on Interfaces.
See Network settings for more information.
Network Enable and configure replication throttling. Enable and configure archival throttling.
Throttling See Network Throttling for more information.
Notification Configure the SMTP server on the Rubrik cluster so it can send email. Configure an
Settings SNMP server to be able to poll the Rubrik cluster for information. Configure a list of email
recipients, and decide whether log messages should be sent to Syslog.
See Notification settings for more information.
Access Management
Users Manage local user accounts and manage authorization for authenticated users.
See User Accounts for more information.
Organizations Manage local tenant organizations.
See Multitenant Organizations for more information.
Support
Support Instruct the Rubrik cluster to provide a complete bundle of cluster and node logs for local
Bundle download.
See Support bundle for more information.

Rubrik CDM Version 5.0 User Guide Settings menu 50


Configuration

Table 2 Settings and tasks (page 3 of 3)


Menu item Description
Enable Tunnel Enable and disable the tunnel used by Rubrik Support.
Disable Tunnel See Opening and closing a Support tunnel for more information.
About Rubrik Click to display the Rubrik software version.

Adaptive Backup
Adaptive Backup settings instruct the Rubrik cluster to check the resource usage of a virtual
machine before starting a snapshot. When the resource usage is above configured limits, the
Rubrik cluster postpones the snapshot.
When Adaptive Backup settings are enabled, the Rubrik cluster checks the virtual machine I/O
latency, datastore I/O latency, and virtual machine CPU utilization before starting a snapshot.
When a value exceeds a configured limit, the Rubrik cluster reschedules the snapshot.
After approximately 15 minutes, the Rubrik cluster checks the values again. When the values are
below the limits, the Rubrik cluster initiates the snapshot. When the values are above the limits,
the Rubrik cluster reschedules the snapshot.
Each time an Adaptive Backup setting causes the rescheduling of a snapshot, the Rubrik cluster
moves the policy-based snapshot schedule for the virtual machine to accommodate the change.
Example 1 describes this.

Example 1 Rescheduling caused by Adaptive Backup settings


The Rubrik cluster has Adaptive Backup settings enabled. A virtual machine is protected by the
GOLD SLA Domain of the Rubrik cluster. This SLA Domain requires hourly snapshots. The next two
hourly snapshots for this virtual machine are scheduled for 1:00 PM and 2:00 PM.
At 1:00 PM the Rubrik cluster finds that the CPU utilization of the virtual machine is above the
configured limit. The 1:00 PM snapshot is rescheduled for 1:15 PM.
At 1:15 PM the snapshot is successfully initiated, and the next hourly snapshot is scheduled for
2:15 PM.

Rubrik CDM Version 5.0 User Guide Adaptive Backup 51


Configuration

On-demand snapshots
Adaptive Backup settings also apply to on-demand snapshots.
When the Adaptive Backup settings are enabled, the Rubrik cluster performs an Adaptive Backup
settings check before starting an on-demand snapshot. When a value exceeds a configured limit,
the Rubrik cluster reschedules the on-demand snapshot.
After approximately 15 minutes, the Rubrik cluster checks the values again. When the values are
below the limits, the Rubrik cluster initiates the on-demand snapshot.
The Rubrik cluster continues to reschedule the on-demand snapshot until the values for the virtual
machine are below the configured limits. When the values are below the limits, the Rubrik cluster
completes the on-demand snapshot.

Limit types
When applying Adaptive Backup settings the Rubrik cluster considers the virtual machine I/O
Latency, datastore I/O latency, and virtual machine CPU utilization before initiating a snapshot of
that virtual machine.
The Rubrik cluster postpones a snapshot when the actual value of a limit type exceeds the value
that is set for the limit.
Table 3 describes the limit types that the Rubrik cluster considers when applying Adaptive Backup
settings.
Table 3 Limit types considered by Adaptive Backup settings
Limit Description
Maximum VM IO Sets the maximum time in milliseconds to process a command from the
Latency guest OS to the virtual machine.
The actual value is determined from ‘vm.maxTotalLatency’.
Maximum Datastore IO Sets the highest latency for all datastores being used by a virtual machine,
Latency not including any excluded VMDKs.
The actual value is determined by finding the highest value for
‘disk.TotalLatency’ for all of the datastores assigned to the virtual machine.
Maximum VM CPU Sets the maximum percentage of the combined frequency of all processors
Utilization assigned to the virtual machine.
The actual value is computed by dividing the ‘vm.overallCpuUsage’ by
‘vm.maxCpuUsage’.

Rubrik CDM Version 5.0 User Guide Adaptive Backup 52


Configuration

Enabling Adaptive Backup settings


Configure Adaptive Backup settings to postpone snapshots when the resource usage of a
protected virtual machine is above configured limits.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Adaptive Backup.
The Adaptive Backup page appears.
4. Select Enable Adaptive Backup.
5. In Maximum VM IO Latency, type an integer value representing the highest virtual machine
I/O latency allowed, in milliseconds.
6. In Maximum Datastore IO Latency, type an integer value representing the highest
datastore I/O latency allowed, in milliseconds.
7. In Maximum VM CPU Utilization, type an integer value representing the greatest
percentage of virtual machine CPU utilization allowed.
8. Click Update.
The Rubrik cluster saves the Adaptive Backup settings. The Rubrik cluster checks the measured
values at the time of every snapshot and postpones a snapshot when a measured value is higher
than a set value.

Configuring IPMI
The Rubrik node hardware includes a baseboard management controller (BMC) that can be used
to perform Intelligent Platform Management Interface (IPMI) tasks. Provide more security for the
Rubrik nodes by requiring a secure strong password for access to the IPMI interface.
Use the web UI to assign a strong password and control access to the IPMI interface on all nodes
in the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click IPMI Credentials.
The Configure IPMI page appears.

Rubrik CDM Version 5.0 User Guide Configuring IPMI 53


Configuration

4. Select which external services can access IPMI. Choices are:


• HTTPS
• IKVM (Java for .Net)
• Virtual Media (media in remote drives)
• SSH
5. Click Update.
6. Click IPMI Password.
The Update IPMI password page appears.
7. In Password, type a secure password.
The password can be from 5 to 19 extended ASCII printable characters. Keep the new
password secret, and store it in a safe location.
8. In Re-Enter Password, type the password again.
9. Click Update.

Configuring iSCSI
The Rubrik cluster supports the iSCSI protocol for direct data connection to a storage array that is
providing storage for virtual machines.
When iSCSI is enabled, the Rubrik cluster maintains a control channel with the hypervisor host
and uses the iSCSI protocol to establish a data channel with the storage array. This protocol
replaces the NBD transport protocol for transfers of data from the storage array.
The Rubrik cluster supports the following authentication modes:
 No authentication
 Unidirectional CHAP – Using the Challenge-Handshake Authentication Protocol (CHAP), the
Rubrik cluster authenticates with the storage array.
 Bidirectional CHAP – Using CHAP, the Rubrik cluster authenticates with the storage array and
the storage array authenticates with the Rubrik cluster.

Note: PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994 defines the username
and password requirements for unidirectional and bidirectional CHAP.

Rubrik CDM Version 5.0 User Guide Configuring iSCSI 54


Configuration

To enable iSCSI support, provide the Rubrik cluster with the iSCSI connection details.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click iSCSI.
The iSCSI Sources page appears.
4. In Server Name, type the name of the iSCSI server.
5. In Port, type the connection port used by the iSCSI server for incoming iSCSI connections.
The default is port 3260.
6. In Target, type the IPv4 address of the iSCSI server.
Leave Target empty to instruct the Rubrik cluster to attempt to automatically discover the IP
address of the iSCSI server.
7. In Authentication Mode, select the authentication mode used by the iSCSI server.
Choose one of the following:
• No Authentication
• Unidirectional CHAP
• Bidirectional CHAP
When No Authentication is selected, click Update.
8. (Unidirectional CHAP and Bidirectional CHAP) In Outgoing Name, type a username that
enables the storage array to authenticate the Rubrik cluster.
The storage array must grant sufficient access rights to the account represented by the
username to allow the Rubrik cluster access to the stored data.
9. (Unidirectional CHAP and Bidirectional CHAP) In Outgoing Secret, type the associated
password.
When Unidirectional CHAP is selected, click Update.
10.(Bidirectional CHAP) In Incoming Name, type a username that enables the Rubrik cluster to
authenticate the storage array.
11.(Bidirectional CHAP) In Incoming Secret, type the associated password.
12.Click Update.
A success message appears.

Rubrik CDM Version 5.0 User Guide Configuring iSCSI 55


Configuration

The Rubrik cluster enables the iSCSI connection and uses the iSCSI protocol to directly access
data that is stored on the storage array.
To add additional iSCSI connections, repeat this task for each connection.
The web UI does not currently provide information about the iSCSI connection records that exist
on a Rubrik cluster.

Notification settings
To enable the Rubrik cluster to send email notifications, provide configuration information through
the Notifications page. Also use the Notifications page to enable the SNMPv2c protocol and allow
the Rubrik cluster to respond to queries from an SNMP manager. Provide a list of email recipients
organized by event type to specify who should receive different types of notifications from the
activity log.
The Rubrik cluster transfers notification email messages to an SMTP server for delivery to the
administrator accounts. Configuring outgoing email settings provides instructions for configuring
the Rubrik cluster for email delivery.
The Rubrik cluster stores information in its Management Information Base (MIB). In order for an
SNMP manager to query that information, both the Rubrik cluster and the SNMP manager must
use the SNMPv2c protocol. See Enabling polling via SNMP for more information.
Rubrik provides a private MIB file that defines all the measurements and traps available from the
Rubrik cluster. The Rubrik MIB file can be downloaded from the web UI. See Downloading the
Rubrik MIB file for instructions. See Rubrik MIB file for information on MIB file contents, including
the trap messages sent by the Rubrik cluster.
Trap receivers collect the traps sent by the Rubrik cluster. Adding trap receivers explains how to
configure one or more trap receivers.
Notification messages are collected from the activity log and organized by event type. All
messages associated with one or more event types can be sent to a list of email recipients, as
configured in the web UI. See Configuring email settings for notifications for more information.

Rubrik CDM Version 5.0 User Guide Notification settings 56


Configuration

Rubrik MIB file


The Rubrik MIB file defines what kinds of information can be obtained from the Rubrik cluster. The
information can be divided into two categories: parameters and traps.
An SNMP manager polls the Rubrik cluster for parameter information via the SNMP protocol.
Examples of parameters in the Rubrik MIB file include:
 Current storage available on the cluster
 Average physical ingest bandwidth for last hour
 Number of active nodes in the cluster
 Rubrik SLA Domain name
A trap is an alert message that is triggered by a predefined condition. The Rubrik cluster sends
traps to one or more trap receivers as soon as a trap condition occurs. The trap receiver decodes
the traps based on information found in the MIB file. The Rubrik MIB file specifies several
categories of traps, as shown in Table 4.
Table 4 Traps in the Rubrik MIB file (page 1 of 2)
Category Traps
Job Rubrik cluster job failure
Network • Network interface down on a port
• Network interface changed state to Recovered
Hardware • Clock on machine is out of sync
• Replace chassis
• Errors with DIMM
• Errors with BIOS
• Node replacement required because of hardware issues
• Replace power supply
• Chassis recovered
• DIMM recovered
• BIOS recovered
Power • Power supply recovered
• Check power supply

Rubrik CDM Version 5.0 User Guide Notification settings 57


Configuration

Table 4 Traps in the Rubrik MIB file (page 2 of 2)


Category Traps
Disk • A disk on a node is unavailable
• A disk on a node was marked recovered
• A disk on a node could not be marked removed
• A disk on a node was successfully marked removed
• A disk on a node could not be set up
• A disk on a node was successfully set up
• Unformatted disk found on a node
• A disk on a node failed health checks

Configuring outgoing email settings


Provide the Rubrik cluster with account information for an SMTP server.
Before you begin — Obtain the information that is described in Table 5.
Table 5 Required outgoing email settings
Setting Description
Host Name Host Name of the SMTP server.
Port Incoming port on the SMTP server. Normally port 25, port 465, or port
587, depending upon the type of encryption used.
From Email Address The email address assigned to the account on the SMTP server.
Username The username assigned to the account on the SMTP server.
Password The password associated with the username.
Encryption The encryption protocol that the SMTP server requires for incoming
SMTP connections. The Rubrik cluster supports the following protocols:
• NONE
• SSL
• STARTTLS

1. Log in to the Rubrik CDM web UI.


2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Notification Settings.
The Notification Settings page appears.
4. In Host Name, type the IP address or the FQDN of the SMTP server.
5. In Port, enter the incoming connections port for the SMTP server.

Rubrik CDM Version 5.0 User Guide Notification settings 58


Configuration

6. In From Email Address, type the email address assigned to the account on the SMTP server.
7. In Username, type the username assigned to the account on the SMTP server.
8. In Password, type the password associated with the username.
9. In Encryption, select the encryption protocol required by the SMTP server.
10.Click Update.
The Rubrik cluster validates and stores the email settings.
11.Click Send Test Email.
The Rubrik cluster sends a test email to the user accounts on the local Rubrik cluster that have
the Admin role.

Modifying the outgoing email settings


Use the Email Settings page to make changes to the outgoing email settings.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Notification Settings.
The Notification Settings page appears.
4. Make changes to the settings.
5. Click Update.
The Rubrik cluster validates and stores the email settings.
6. Click Send Test Email.
The Rubrik cluster uses the new settings to send a test email to the user accounts on the local
Rubrik cluster that have the Admin role.

Deleting the outgoing email settings


Use the Email Settings page to remove the outgoing email settings.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.

Rubrik CDM Version 5.0 User Guide Notification settings 59


Configuration

3. Click Notification Settings.


The Notification Settings page appears.
4. Select the Email Settings tab.
5. Click Clear SMTP Settings.
The Rubrik cluster removes the settings.

Enabling polling via SNMP


SNMP managers can poll the SNMP agent on the Rubrik cluster and request information by using
the SNMPv2c protocol.
The SNMP agent on the Rubrik cluster collects information and compiles it into a Management
Information Base (MIB). The information collected corresponds to the Object Identifiers (OIDs)
defined in RFC 1213 “MIB-II” and RFC 2790 “Host Resources” and in the Rubrik MIB file.
The Rubrik cluster opens incoming UDP port 161 for polling by SNMP managers. A request for
information must include the community string (similar to a password) along with an SNMP
GET-REQUEST in order for the Rubrik cluster to respond with the requested information.
Enable SNMPv2c on the Rubrik cluster and provide a community string to allow an SNMP manager
to poll the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Notification Settings.
The Notification Settings page appears.
4. Select the SNMP tab.
5. Click Edit SNMP.
The Edit SNMP dialog box appears.
6. Select Enable SNMPv2c to allow polling.
7. In Community String, enter the string to be used as a password when sending a request to
the SNMP agent.
8. Click Update.

Rubrik CDM Version 5.0 User Guide Notification settings 60


Configuration

Adding trap receivers


Traps from the Rubrik MIB file can be sent to a trap receiver for further processing. Configure one
or more trap receivers by specifying the IP address or FQDN, along with the receiver port.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Notification Settings.
The Notification Settings page appears.
4. Select the SNMP tab.
5. Click Add Traps Receiver.
The Add Traps Receiver dialog opens.
6. In Traps Receiver (IP or FQDN), enter the IP address or FQDN corresponding to the trap
receiver that will collect the traps sent from the Rubrik cluster.
7. In Receiver Port, enter the incoming connections port for the SNMP trap receiver.
8. Click Add.
9. Repeat step 5 through step 8 to configure additional trap receivers. Each trap receiver can use
a different port and different IP address.

Downloading the Rubrik MIB file


The Rubrik MIB file is available for downloading from the Enable SNMP dialog and from the Add
Traps Receiver dialog. Download the MIB file from the Rubrik cluster to view the types of
measurements and notification messages (traps) specified in the file.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Notification Settings.
The Notification Settings page appears.
4. Select the SNMP tab.
5. Click either Edit SNMP or Add Traps Receiver.
6. Click Download MIB file at the top of the dialog box to download the file to your browser’s
default location.

Rubrik CDM Version 5.0 User Guide Notification settings 61


Configuration

Configuring email settings for notifications


The activity log, which can be viewed by clicking the globe icon in the web UI, records all
notifications. Notifications are classified by event type, such as configuration, hardware,
replication, and so on. These notifications can be sent to specific email addresses by configuring
them in the Notifications dialog. Notifications can also be sent to the Syslog server.
Provide an email recipient list to the Rubrik cluster so it can send email notifications for specified
event types. Configure one email recipient list at a time, and select all event types that share the
same email recipient list. Also, choose whether to send notifications to the syslog server.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Notification Settings.
The Notification Settings page appears.
4. Select the Notifications tab.
5. Click the blue + icon.
The Add Notification Setting dialog appears.
6. Scroll through the menu of event types and select the ones that share the same email recipient
list. To select all event types, click Type.
7. Click Next to specify where to send the notifications for the specified event types.
8. (Optional) Click Emails in the left pane of the dialog box and specify a list of email addresses,
separated by commas. To send to all the Administrators instead, select Send to all
Administrators.
9. (Optional) Click Syslog in the left pane of the dialog box, then select Send to syslog server.
10.Click Finish.

Rubrik CDM Version 5.0 User Guide Notification settings 62


Configuration

Manage hosts
The Hosts page provides a central location to add physical Windows, Linux, and Unix hosts to the
Rubrik cluster. The Hosts page also provides the ability to edit hosts and to remove hosts from the
Rubrik cluster.
Before you begin — Complete the tasks described in:
 Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI or Obtaining the
Rubrik Backup Service software by URL
 Installing the Rubrik Backup Service software on a Linux or Unix host or Installing the Rubrik
Backup Service software on a Windows host

Adding a physical host


Add supported physical hosts to the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Hosts.
The Hosts page appears.
4. Select the Windows Hosts tab or select the Linux & Unix Hosts tab.
5. Click the blue + icon.
The Add Hosts dialog box appears.
6. In IP or Hostname, type a comma-separated list of IPv4 addresses or resolvable hostnames
of physical hosts.
The list can contain a mix of IPv4 addresses and hostnames. The Rubrik cluster requires one
IPv4 address or one hostname for each physical host being added.
7. Click Add.
The Rubrik cluster check connectivity with the specified physical hosts and adds the physical
hosts.

Rubrik CDM Version 5.0 User Guide Manage hosts 63


Configuration

Editing a physical host


Change the IP address or hostname specified for a physical host.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Manage Hosts.
The Hosts page appears.
4. Select the Windows Hosts tab or select the Linux & Unix Hosts tab.
5. Open the ellipsis menu next a host entry and click Edit.
The Edit Host dialog box appears.
6. In IP or Hostname, type a replacement IPv4 address or resolvable hostname for the physical
host.
7. Click Update.
The Rubrik cluster check connectivity using the specified value and stores the information for the
host.

Removing a physical host


Remove a physical host from the Rubrik cluster when data management is no longer required.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Manage Hosts.
The Hosts page appears.
4. Select the Windows Hosts tab or select the Linux & Unix Hosts tab.
5. Open the ellipsis menu next to a host entry and click Delete.
A confirmation message appears.
6. Click Delete.
The Rubrik cluster removes the selected host.

Rubrik CDM Version 5.0 User Guide Manage hosts 64


Configuration

Manage storage arrays


To obtain optimal ingest performance when all data is stored on a storage array, the Rubrik cluster
can retrieve data through storage array level snapshots.
Storage array integration describes array integration for virtual machines.
Table 6 describes the requirements for storage array integration.
Table 6 Storage array integration requirements
Category Requirement
Storage array type Pure Storage FlashArray//m series
Storage array API Pure Storage REST API version 1.0 or newer
Storage array account Username and password for a storage array account with ‘storage
admin’ privileges.

Adding a storage array


Add a storage array to allow the Rubrik cluster to directly interact with the storage array.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Storage Arrays.
The Storage Arrays page appears.
4. Click the blue + icon.
The Add Storage Array dialog box appears.
5. In Array Type, select Pure Storage.
6. In Hostname, type the IPv4 address or resolvable hostname of the storage array.
7. In Username, type the username for an account with ‘storage admin’ privileges on the
storage array.
8. In Password, type the password for the account.
9. Click Add.
The Rubrik cluster tests access to the storage array and saves the configuration information.

Rubrik CDM Version 5.0 User Guide Manage storage arrays 65


Configuration

Editing a storage array


Edit the stored information for a storage array.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Storage Arrays.
The Storage Arrays page appears.
4. Open the ellipsis menu next to an array entry and click Edit.
The Edit Storage Array dialog box appears.
5. Edit the fields.
6. Click Update.
The Rubrik cluster tests access to the storage array using the new configuration information and
saves the configuration information.

Deleting a storage array


Delete the entry for a storage array to remove the configuration information that is stored by the
Rubrik cluster.

! IMPORTANT
Deleting a storage array removes storage array integration for all virtual machines that use
the array as a datastore. The Rubrik cluster switches the data ingestion path from the
storage array to the vCenter Server. This can potentially cause a performance impact for
snapshots of those virtual machines.

1. Log in to the Rubrik CDM web UI.


2. Click the gear icon on the top bar of the web UI.
The gear menu appears.

Rubrik CDM Version 5.0 User Guide Manage storage arrays 66


Configuration

3. Click Storage Arrays.


The Storage Arrays page appears.
4. Open the ellipsis menu next to an array entry and click Delete.
A warning appears.
5. Click Delete.
The Rubrik cluster removes the configuration information for the selected storage array.

Proxy settings
Some of the functionality of the Rubrik cluster relies on Internet access. The Rubrik cluster can be
configured to use a proxy server when accessing the Internet.
You can optionally configure the Rubrik cluster to use a proxy server in order to accommodate
your network and security requirements. The proxy server must be configured to permit the
Rubrik cluster to meet the network requirements listed in Ports.

Functions that use Internet access


Table 7 describes the Rubrik cluster functions that use Internet access.
Table 7 Functions that require Internet access
Function Description
Archiving to public cloud Communication between the Rubrik cluster and cloud-based archival locations.
Uploading log bundles Upload of log bundles to Amazon S3. Log bundles provide Rubrik Support with
a 30 day historical view of the Rubrik cluster. Rubrik Support can use the log
bundles when diagnosing issues.
Uploading real-time logs Real-time upload of error and failed job logs to an Amazon EC2 instance. The
Rubrik Support alert system uses these logs to provide quick responses to
issues.
Uploading statistics Upload of Rubrik cluster statistics to provide Rubrik Support with a dashboard
view of the health of a Rubrik cluster. The statistics are also integrated into the
Rubrik Support alert system.
Opening tunnel Create a tunnel from the Rubrik cluster to the Rubrik Support SSH server. The
Rubrik Support SSH server runs on an Amazon EC2 instance.
The tunnel can be opened to permit Rubrik Support to securely access the
Rubrik cluster. When the tunnel is opened, Rubrik Support can use the tunnel to
diagnose issues and perform maintenance operations. Enable and disable this
tunnel from the web UI.

Rubrik CDM Version 5.0 User Guide Proxy settings 67


Configuration

Proxy implementations
A Rubrik cluster supports the following proxy server implementations:
 HTTP
 HTTPS, using the HTTP CONNECT method and port 443
 SOCKS5

Configuring proxy server support


Configure a Rubrik cluster to route Internet communication through a proxy server.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Proxy Settings.
The Proxy Settings page appears.
4. In Protocol, select an Internet protocol that is supported by the proxy server:
• HTTP
• HTTPS
• SOCKS5
5. In Proxy Server IP or FQDN, type the IPv4 address or the FQDN of the proxy server.
6. In Port Number, type the port on the proxy server for requests from the Rubrik cluster.
The web UI automatically populates this field with the default port for the selected protocol.
When the proxy server uses a custom port, type that value instead.
7. (Optional) In User Name, type the proxy server username assigned to the Rubrik cluster.
8. (Optional) In Password, type the password associated with the assigned username.
9. Click Update.
The Rubrik cluster stores the proxy settings and routes all subsequent Internet traffic through the
proxy server.

Rubrik CDM Version 5.0 User Guide Proxy settings 68


Configuration

Network settings
The Rubrik cluster uses network address information for specific types of network entities to
perform system tasks. Table 8 describes the information that the Rubrik cluster uses.
Table 8 Network information
Network entity Description
NTP Comma-separated list of IP addresses or resolvable hostnames of network time protocol
(NTP) servers.
Requires bidirectional UDP access to the servers on port 123.
DNS Comma-separated list of IP addresses of domain name system (DNS) servers.
Requires bidirectional TCP and UDP access to the DNS servers on port 53.
Search domain Comma-separated list of domain names. Restricts DNS queries to the provided domains.
Floating IPs Comma-separated list of IP addresses used to maintain NFS mounts if a Rubrik node
fails.
The number of floating IP addresses is distributed evenly across the nodes in a cluster. If
the number of available nodes changes for any reason, floating IP addresses are
rebalanced as necessary to maintain an even distribution. Each floating IP must be in
one of the subnets of a Rubrik node’s network interfaces; otherwise, it cannot be
configured.

Note: Rubrik node IP address assignments cannot be changed through the web UI. To change the
IP address of a Rubrik node, refer to the Rubrik CLI Reference or contact Rubrik Support.

Providing network settings


The Rubrik cluster requires network settings information to perform system tasks.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Network Settings.
The Network Settings page appears.
4. In NTP Servers, type a comma-separated list of network time protocol servers.
For each server, type either the IPv4 address or the FQDN.
5. In DNS Servers, type a comma-separated list of domain name system servers.
For each server, type the IPv4 address.

Rubrik CDM Version 5.0 User Guide Network settings 69


Configuration

6. In Search Domains, type a comma-separated list of search domains.


For each search domain, type the FQDN.
7. (Optional) In Floating IPs, type a comma-separated list of IPv4 addresses.
8. Click Update.
The Rubrik cluster stores the information.

Editing network settings


Edit the network settings to accommodate changed network requirements.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Network Settings.
The Network Settings page appears.
4. Change the network settings.
5. Click Update.
The Rubrik cluster stores the new information.

Network Throttling
Rubrik CDM allows configuration of how much bandwidth is used for replication and archiving for
outbound data.
Use the Network throttling feature to set bandwidth limits for replication and archiving. The
general throttling settings can also be modified by setting one or more scheduled overrides. The
general settings can be used alone or with scheduled throttle overrides. General rules for the
throttling settings are the following:
 The general setting applies unless overridden by a scheduled override.
 Scheduled throttle overrides apply only for the specified time window.
 Scheduled overrides override the general throttle setting.
 Multiple schedules can be set.
 No two schedules can have a common time window.
 The scheduled overrides are enforced according to the cluster time zone.

Rubrik CDM Version 5.0 User Guide Network Throttling 70


Configuration

The bandwidth limits for archiving and replication are configured separately and are independent
of each other. The bandwidth limits are at a cluster level and are distributed dynamically between
the nodes based on the load. This means that cluster size should also be taken into account when
configuring throttle limits, the same throttle limit may not work well across different cluster sizes.

Note: The bandwidth limit is enforced on each node by throttling traffic on port 443 for archiving
and port 7785 for replication. If an archival location proxy is enabled and uses a port other than
443, archival throttling will not work.

Enabling and configuring replication throttling


Configure replication throttling limits to specify how much bandwidth can be used for replication
network traffic. This can be configured only by a global admin.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Network Throttling.
The Network Throttling page appears.
4. Select Enable Replication Throttling.
5. Under Replication Network Usage Threshold (Mbps), type an integer value representing
the highest network usage allowed, in Mbps.
6. Click Update.
This setting can be used alone or with scheduled replication throttling overrides.

Note: Network throttling is not supported for archiving to any location that does not use Port 443,
such as NFS targets and QStar tape.

Scheduling replication throttling overrides


Replication throttling overrides can be scheduled to specify how much bandwidth can be used for
replication during specified days and times. Multiple throttle schedules can be set. For example,
bandwidth can be more limited during business hours and increased during non-business hours.

Rubrik CDM Version 5.0 User Guide Network Throttling 71


Configuration

Replication throttling must be enabled for scheduled overrides to work. The scheduled limit
overrides the general limit if the schedule is active.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Network Throttling.
The Network Throttling page appears.
4. Click Schedule Override.
The Schedule Network Throttle Override page appears.
5. Select Replication.
6. Under Replication Network Usage Threshold (Mbps), type an integer value representing
the highest network usage allowed, in Mbps.
7. Select specified Day(s) for the replication throttling policy.
8. Select specified times Between a given time and another given time for the replication
throttling policy.
9. Click Add.
10.Repeat the steps to schedule additional replication policies if needed.
After throttling is configured, click the ellipsis next to the scheduled override to edit or delete the
throttle policy.

Enabling and configuring archival throttling


Configure archival throttling limits to specify how much bandwidth can be used for archival
network traffic. This can be configured only by a global admin.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Network Throttling.
The Network Throttling page appears.
4. Select Enable Archival Throttling.
5. Under Archival Network Usage Threshold (Mbps), type an integer value representing the
highest network usage allowed, in Mbps.

Rubrik CDM Version 5.0 User Guide Network Throttling 72


Configuration

6. Click Update.
This setting can be used alone or with scheduled archival throttling overrides.

Scheduling archival throttling overrides


Archival throttling overrides can be scheduled to specify how much bandwidth can be used for
archiving during specified days and times. Multiple throttle schedules can be set. For example,
bandwidth can be more limited during business hours and increased during non-business hours.
Archival throttling must be enabled for the scheduled overrides to work. The scheduled limit
overrides the general limit if the schedule is active.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Network Throttling.
The Network throttling page appears.
4. Click Schedule Override.
The Schedule Network Throttle Override page appears.
5. Select Archival.
6. Under Archival Network Usage Threshold (Mbps), type an integer value representing the
highest network usage allowed, in Mbps.
7. Select specified Day(s) for the archival throttling policy.
8. Select specified times Between a given time and another given time for the archival throttling
policy.
9. Click Add.
10.Repeat the steps to schedule additional archive policies if needed.
After throttling is configured, click the ellipsis next to the scheduled override to edit or delete the
throttle policy.

Guest OS settings
The Guest OS Settings page enables the administration of guest OS credentials for virtual
machines and fileset hosts. The page also provides a setting to enable and disable automatic
deployment of the Rubrik Backup Service to vSphere virtual machines.

Rubrik CDM Version 5.0 User Guide Guest OS settings 73


Configuration

The Rubrik cluster uses guest OS credentials to provide application consistent snapshots of
vSphere virtual machines that are running a Windows guest operating system. The Rubrik cluster
also uses guest OS credentials to enable direct restore of files and folders to guest operating
systems that do not have the Rubrik Backup Service installed.
Backup consistency levels describes application consistent snapshots.
Restore files and folders directly to a guest file system describes direct restore to the file system of
a supported guest operating system. Guest OS credentials can also be added through the Restore
File dialog during a direct restore.

Guest OS credentials
Guest OS credentials provide access to guest operating systems for vSphere virtual machines.
To allow the Rubrik cluster to start scripts on a vSphere virtual machine, provide Guest OS
credentials with sufficient privileges. Without adequate credentials, the Rubrik cluster cannot start
the scripts.
To restore directly to a Linux guest, provide the credentials for an account that has Write
permission for the restore location.
To restore directly to a Windows guest or to create application-consistent snapshots from a
Windows guest, the Rubrik cluster requires the credentials of an account that has administrator
access to the guest. The account can be either a local administrator account or a domain
administrator account.
 Providing the credentials of a local administrator account on the guest meets this requirement.
However, when there are many guests, providing individual guest OS credentials for each guest
can be inconvenient.
 Providing the credentials of a domain administrator account meets this requirement, and
avoids the need to submit a separate guest OS credential for each guest, but does not satisfy
the security concerns of many networks.
Rubrik recommends providing the Rubrik cluster with a credential for a domain-level account that
has a small privilege set that includes administrator access to the relevant guests. Based on
organizational requirements, several credentials of this sort can be provided. The Rubrik cluster
tries each provided guest OS credential to gain access to a guest.

Rubrik CDM Version 5.0 User Guide Guest OS settings 74


Configuration

Providing credentials for a Windows guest


Provide credentials with administrator privileges for a Windows guest to enable application
consistent snapshots and direct restores.
Before you begin — Select or create a credential for an account that provides administrator access
to the Windows guest.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Guest OS Settings.
The Guest OS Settings page appears.
4. Click the blue + icon.
The Add Guest OS Credentials dialog box appears.
5. In Domain, type the resolvable hostname or IP address of the authentication server for the
credential.
When the guest OS performs Workstation Authentication of credentials instead of Domain
Authentication, leave the Domain field empty.
With some ESXi hypervisors, the VMware API requires a single period character in the Domain
field to correctly pass the Workstation Authentication value to the Windows guest. When an
empty Domain field does not provide successful Workstation Authentication with the Windows
guest, add a period character in the Domain field.
6. In Username, type the username for the credential.
7. In Password, type the password for the credential.
8. (Optional) To add credentials for additional virtual machines, click the blue + icon on the Add
Guest OS Credentials dialog box.
9. Click Update.
The Rubrik cluster stores the credential.

Rubrik CDM Version 5.0 User Guide Guest OS settings 75


Configuration

Providing credentials for a Linux guest


Provide credentials with the necessary Write privileges for a Linux guest to enable direct restores.
Before you begin. Select or create a credential for an account that provides the necessary Write
access for the Linux guest.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Guest OS Settings.
The Guest OS Settings page appears.
4. Click the blue + icon.
The Add Guest OS Credentials dialog box appears.
5. Leave the Domain field empty.
6. In Username, type the username for the credential.
7. In Password, type the password for the credential.
8. (Optional) To add credential for additional virtual machines, click the blue + icon on the Add
Guest OS Credentials dialog box.
9. Click Update.
The Rubrik cluster stores the credentials.

Editing guest OS credentials


Edit guest OS credentials to provide the Rubrik cluster with changes to the authentication server,
credential username, and credential password.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Guest OS Settings.
The Guest OS Settings page appears.
4. Open the ellipsis menu next to a guest OS credential entry, and click Edit.
The Edit Guest OS Credential dialog box appears.

Rubrik CDM Version 5.0 User Guide Guest OS settings 76


Configuration

5. Make changes to the information.

! IMPORTANT
For a Linux credential, ensure that the Domain field is empty.

6. Click Update.
The Rubrik cluster saves the new information.

Deleting guest OS credentials


Delete guest OS credentials to remove them from the list of credentials that the Rubrik cluster
uses to access virtual machines.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Guest OS Settings.
The Guest OS Settings page appears.
4. Open the ellipsis menu next to a guest OS credential entry, and click Delete.
A confirmation message appears.
5. Click Delete.
The Rubrik cluster deletes the selected credential.

Rubrik Backup Service deployment


The Connector Settings tab of the Guest OS Setting page can be used to enable and disable
automatic deployment of the Rubrik Backup Service.
Automatic deployment of the Rubrik Backup Service provides a method for automatically installing
and registering the Rubrik Backup Service on multiple vSphere virtual machines that are running a
Windows guest OS.
Automatically deploying the RBS provides more information about this feature.

Rubrik CDM Version 5.0 User Guide Guest OS settings 77


Configuration

Secure SMB settings


Enabling secure SMB connections provides end-to-end encryption for all data transmitted over
SMB. The encryption uses the AES-CCM algorithm. Enabling secure SMB connections enables SMB
support for live mounts of SQL Server, Hyper-V, and managed volume snapshots.

Note: Once enabled, all SMB connections are secured. This feature cannot be disabled.

Before you begin — Disconnect any existing live mounted SQL Server, Hyper-V or volume groups.
Wait for any currently running backup jobs to finish, or pause those jobs.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click SMB Security.
The SMB Security page appears.
4. Click Enable SMB Security.
A list of Active Directory (AD) domains detected by Rubrik agents displays.
5. Click Authenticate next to a listed AD Domain.
The Authenticate dialog appears.
6. Enter the user credentials for a user on the AD Domain.
7. (Optional) Specify a domain controller.
8. Click Authenticate.
9. (Optional) To add an AD domain not listed, click +.
The Add SMB Domain dialog appears.
10.Enter the FQDN of the domain, the user credentials, and the domain controller, then click Add.
The new AD Domain displays on the list. The Authentication Status for the domain changes to
‘Configured’.

Note: When the Rubrik cluster cannot reach the controller for the AD Domain, or when
authentication to the AD Domain fails, the status changes to Failed. Re-configure any AD
Domains in the Failed status.

Rubrik CDM Version 5.0 User Guide Secure SMB settings 78


Configuration

Enabling Kerberos authentication for SMB shares


Clients that are part of an AD Domain can authenticate to SMB shares on a Rubrik CDM cluster
using the Kerberos protocol instead of the default NT LAN Manager (NTLM) protocol.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click SMB Security.
The SMB Security page appears.
4. Note the name listed in the Service Account Name column.
This name is a randomly generated unique identifier known as the Service Principal Name
(SPN).
5. Log on to the controller for the AD Domain of the client.
Consult Microsoft Active Directory documentation for details on logging in to AD Domain
controllers.
6. Use the ‘setspn’ command to set the SPN noted in step 4 as an alias for the hostname of the
Rubrik node.
The client uses Kerberos authentication to access the SMB share.

Deleting an AD domain
Removing a configured AD Domain removes the ability to perform secure Live Mounts of data
sources that depend on that domain.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click SMB Security.
The SMB Security page appears.
4. Click the ellipsis next to the domain.
5. Click Delete.
The AD Domain entry is removed from the list.

Rubrik CDM Version 5.0 User Guide Secure SMB settings 79


Configuration

Syslog settings
The Rubrik cluster supports transmission of system activities to an external syslog server.
The Rubrik cluster uses the standard syslog protocol for formatting and transmission of system
notifications. By default, at the transport layer the Rubrik cluster sets the syslog standard protocol
and port (UDP/514). The transport layer protocol and port can also be configured to use custom
settings.
At the application layer, the syslog transmissions use the HTTP protocol.
When syslog support is enabled, the Rubrik cluster sends to the syslog server messages that are
based on the events that also appear in the Activity Log. Viewing Activity Log messages describes
the messages that appear in the Activity Log.

Note: Syslog message format conforms to RFC 5424.

Setting up syslog support


Transmit Rubrik cluster notifications to a syslog server.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Syslog Settings.
The Syslog Settings page appears.
4. In IP or Hostname, type the IPv4 address or FQDN of the syslog server.
5. In Protocol, select either UDP or TCP.
6. In Port Number, enter the listening port for the syslog server.
7. Click Test Connection.
The Rubrik cluster sends a test message to the syslog server and displays the content of the
message in the web UI. Check the syslog server for the message. The test is successful when
the message text that appears in the web UI is received by the syslog server.
8. Click Update.
The Rubrik cluster saves the settings and begins transmitting system notifications to the syslog
server.

Rubrik CDM Version 5.0 User Guide Syslog settings 80


Configuration

Support bundle
When it is not feasible for Rubrik Support to use the Support Tunnel to troubleshoot an issue on a
Rubrik cluster, the Rubrik cluster can create a bundle of Rubrik cluster and Rubrik node logs for
download and transfer.
Once a support bundle is created, it can be downloaded from the web UI and transferred to Rubrik
Support. The support bundle provides an alternative method for providing Rubrik Support with
troubleshooting information that does not require a network connection between Rubrik Support
and the Rubrik cluster.
The Rubrik cluster organizes a support bundle into a single file using tar and compresses the tar
file using gzip. The size of a support bundle will vary significantly depending on many factors, such
as:
 Number of Rubrik nodes
 Data protection activity
 Number of logged alerts, warnings, and notifications

Creating and downloading a support bundle


Instruct the Rubrik cluster to create a support bundle file. Then download the support bundle file.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Support Bundle.
The Support Bundle dialog box appears.
4. Click Download.
The Rubrik cluster starts creating the support bundle and a message appears in the
Notifications area.
When the support bundle is ready, the ‘Prepared logs’ message appears in the web UI
Notifications area.
5. Click the ‘Prepared logs’ message.
The message can be clicked in the Notifications area, or on the Notifications page.
The Save As dialog box appears in the web browser.

Rubrik CDM Version 5.0 User Guide Support bundle 81


Configuration

6. Select a download location for the file, and click Save.


Configuring Chrome to ask for download location describes how to enable user-selectable
download locations in Chrome.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
7. Contact Rubrik Support to arrange the method to use when transferring the support bundle.
Support describes how to contact Rubrik Support.

Time zone setting


The web UI provides the ability to set the time zone that is used by the Rubrik cluster. The Rubrik
cluster uses the specified time zone for time values in the web UI, all reports, SLA Domain
settings, and all other time-related operations.
A Rubrik cluster can be configured to use the same time zone as its physical location, or any other
time zone. Once the time zone is set, the Rubrik cluster displays all time values using the
configured time zone.
Time values in the web UI appear the same in all web browsers, even when viewed from web
browser hosts running in different time zones.
The Rubrik cluster automatically handles any changes between standard time and daylight savings
time for the selected time zone.

Default time zone


The default time zone used by a Rubrik cluster is the Coordinated Universal Time (UTC) time zone.
Until a time zone is configured for a Rubrik cluster, the Rubrik cluster displays a banner message in
the web UI to alert the user that a cluster time zone is not set and that the Rubrik cluster is using
the UTC time zone.

Time zone setting changes


The time zone setting for a Rubrik cluster can be changed, either from the default UTC time zone
to another time zone, or between two configured time zone settings. How a change impacts a
displayed time value depends upon the whether the time value is an event time value or a report
time value.
An event time value stays the same relative to the UTC time zone. The offset from UTC changes to
match the configured time zone.
A report time value keeps the set value. After the cluster time zone setting is changed, the
displayed time value stays the same.

Rubrik CDM Version 5.0 User Guide Time zone setting 82


Configuration

Table 9 shows the impact of changing the time zone setting from PDT to EDT for an event and for
a report.
Table 9 Impact of changes between two time zone settings
Original time zone New time zone
Report at 1:00 PM (PDT) Report at 1:00 PM (EDT)
Snapshot window 1-3 PM (PDT; UTC -7) Snapshot window 4-6 PM (EDT; UTC -4)

The table shows:


• Report that was scheduled for 1:00 PM in the PDT time zone is scheduled for 1:00 PM in the
EDT time zone after the time zone setting is changed.
• Snapshot window of 1-3 PM in the PDT time zone keeps the same time relative to UTC (8-10
PM UTC) by changing to 4-6 PM in the EDT time zone. To use the original snapshot window
after the time zone setting is changed, edit the SLA Domain rule to specify a snapshot window
of 1:00 PM to 3:00 PM EDT.

Setting the cluster time zone


Use the web UI to set the cluster time zone.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Cluster Settings.
The Cluster Settings page appears.
4. In Cluster Time Zone, select a time zone for the Rubrik cluster.
5. Click Update.
The Rubrik cluster changes the cluster time zone to the specified time zone and handles
zone-specific daylight savings time changes automatically.

Security banner and classification settings


The Rubrik cluster provides the ability to display a custom advisement that must be acknowledged
before login is permitted. For example, this might be the text of an authorized-use agreement. The
Rubrik cluster also allows setting top and bottom banners on every page of the web UI.
The login-advisement text can be entered either as plain text or using HTML tags.

Rubrik CDM Version 5.0 User Guide Security banner and classification settings 83
Configuration

The Cluster Settings page of the UI has the following security-related settings:
 Login advisement
 Top and bottom banners in a selected color
 Top and bottom banner text

Setting the login banner text


Use the web UI to set the login banner text.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Cluster Settings.
The Cluster Settings page appears.
4. In Login Banner Text, enter the login-advisement text.
5. Click Update.
The Rubrik cluster saves the content and adds it to the modal dialog on the login screen for
subsequent logins.

Setting the security classification color and text


Use the web UI to set the security classification color and text.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Cluster Settings.
The Cluster Settings page appears.
4. In Security Classification Color, select the banner color.
The supported choices are yellow, orange, red, blue, green, and none.
5. In Security Classification Text, enter the classification text.
6. Click Update.
The Rubrik cluster saves the content and adds it to the banners in subsequent sessions.

Rubrik CDM Version 5.0 User Guide Security banner and classification settings 84
Configuration

Data sources setting


The web UI provides the ability to configure visibility preferences for virtual machines, servers,
and applications. This allows customization of the web UI to specify which data sources appear.

Setting data sources


Use the web UI to configure which data sources appear.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Cluster Settings.
The Cluster Settings page appears.
4. Click the Data Sources tab and clear any data sources that are not applicable. Data sources in
use cannot be cleared.
5. Click Update.
The Rubrik cluster saves the settings and displays only the selected data sources.

Opening and closing a Support tunnel


The Rubrik cluster provides a built-in tunnel utility to permit Rubrik Support to make a secure
remote connection to the Rubrik cluster. Rubrik Support uses the tunnel to examine the health of
the Rubrik cluster, and to troubleshoot and resolve issues.
The Support tunnel utility initiates a connection with proxy.rubrik.com to create a tunnel using
outbound port 443 TCP. Once open, the tunnel remains open until either inactivity on the Rubrik
Support side triggers a configurable timeout value, or the user manually closes the tunnel.
The Support Tunnel Page provides a table that includes:
 Nodes attached to the Rubrik cluster
 Tunnel Status of each node: Open or Closed
 Last Opened time for each node
 Timeout Window value configured for each node: the default is 96 hours
 Port number used by each node

Rubrik CDM Version 5.0 User Guide Data sources setting 85


Configuration

If the Support tunnel for a given node is closed, the Last Opened, Timeout Window, and Port
columns are empty.

Note: Opening and closing the Support tunnel, and editing the Timeout window in the Support
tunnel, apply only to the node marked as Current.

Opening the Support tunnel


To permit access by Rubrik Support, open the Support tunnel utility.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Support Tunnel.
The Support Tunnel page appears.
4. Click Open Support Tunnel.
The Open Support Tunnel dialog box appears.
5. Enter a value, in hours, for the Timeout Window.
If no value is entered, the default value is 96 hours.
6. Click Open Tunnel.
The Support Tunnel page re-appears, showing all of the values for the current node.

Editing the Timeout window


Timeout Window is the only editable value for the Support tunnel. An existing Timeout Window
value can be changed only for the node labeled as Current.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Support Tunnel.
The Support Tunnel page appears.
4. Open the ellipsis menu next to the Port column and click Edit Timeout Window.
The Edit Timeout Window dialog box appears.
5. Enter a new value, in hours.

Rubrik CDM Version 5.0 User Guide Opening and closing a Support tunnel 86
Configuration

6. Click Update.
The Support Tunnel page re-appears, showing the updated timeout value.

Closing the Support Tunnel


To prevent access by Rubrik Support, close the Support tunnel utility.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Support Tunnel.
The Support Tunnel page appears.
4. Click Close Support Tunnel.
A confirmation message appears.
5. Click Close Tunnel.
The Support Tunnel page re-appears, showing no values for the current node except for Node
and a Tunnel Status of Closed.
An alternate method for closing the tunnel is simply to allow the Timeout Window value to expire.

Pause and resume protection activity


The Rubrik cluster provides the ability to pause backup jobs and archival data uploads. Use the
pause feature to temporarily reduce the impact of Rubrik cluster activity on the associated
resources.
Table 10 describes the impact of the pause feature on various Rubrik cluster activities.
Table 10 Impact of using the pause feature (page 1 of 2)
Activity Impact Description
Pending policy Canceled The Rubrik cluster cancels all policy driven snapshots that are scheduled
driven snapshot during the pause period. The missed snapshots are not rescheduled.
Pending Canceled The Rubrik cluster cancels all archival snapshots that are scheduled to
archival occur during the pause period.
snapshot
Running policy Cancel The Rubrik cluster requests the cancellation of all policy driven snapshots
driven snapshot requested that are running. A snapshot is canceled when the state of the snapshot task
permits cancellation. Otherwise, the snapshot completes.

Rubrik CDM Version 5.0 User Guide Pause and resume protection activity 87
Configuration

Table 10 Impact of using the pause feature (page 2 of 2)


Activity Impact Description
Running Cancel The Rubrik cluster requests the cancellation of all archival snapshots that
archival requested are running. An archival snapshot is canceled when the state of the archival
snapshot snapshot task permits cancellation. Otherwise, the archival snapshot
completes.
Database log No impact The pause feature does not stop scheduled backups of database
backups transaction logs.
Replication Cancel The Rubrik cluster requests the cancellation of all replication tasks that are
tasks requested running. A replication task is canceled when the state of the replication task
permits cancellation. Otherwise, the replication task completes.
Manual tasks No impact The pause feature does not affect manually initiated tasks.

Pausing protection activity


Pause protection activity to temporarily reduce the impact of Rubrik cluster activity.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Pause Protection.
A confirmation dialog box appears.
4. Click Continue.
The Rubrik cluster pauses activity as described in Table 10.

Resuming protection activity


Resume protection activity to remove the restrictions of the pause feature.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Resume Protection.
A confirmation dialog box appears.
4. Click Resume.
The Rubrik cluster resumes all activity.

Rubrik CDM Version 5.0 User Guide Pause and resume protection activity 88
Chapter 2
VLAN Tagging

This chapter describes how to implement the optional VLAN tagging feature, in the following
sections:
 Overview ................................................................................................................. 90
 Adding special network VLANs after system setup ....................................................... 92
 Managing VLANs....................................................................................................... 93

Rubrik CDM Version 5.0 User Guide VLAN Tagging 89


VLAN Tagging

Overview
VLAN tagging is an optional feature that allows a Rubrik cluster to efficiently switch network traffic
using Virtual Local Area Networks (VLANs).
Each VLAN is partitioned and isolated at the data link layer. By applying VLAN tags to network
packets the network traffic of some applications on a physical network can be separated from the
network traffic of other applications on the same physical network.
In enterprise data centers, VLANs are typically used to segregate network traffic according to
organizational group, application type, or security policy. Segregating network traffic using VLANs
can optimize network throughput and promote data security.

Trunk port requirement


To support VLAN tagging, a network switch must be configured with a trunk port.
A trunk port allows packets to pass through without changing the VLAN tag. This process provides
the ability to use multiple VLAN tags on a single port.
Refer to your network switch documentation for information about implementing a trunk port,
trunk link, and VLAN tagging.

Management Network and Data Network


Rubrik recognizes two networks that require special handling when VLANs are used. Those
networks are the Management Network and the Data Network.
The Management Network handles management communications that take the form of API calls
made from a web browser to the nodes of the Rubrik cluster and the responses to those calls. The
Management Network also handles API calls and responses in a Rubrik REST API session.
The Data Network handles data transfers between nodes of the Rubrik cluster.
The Management Network and the Data Network can share the same network, which can be
tagged as a VLAN. The Management Network settings define the configuration for this shared
management/data network VLAN.
Optionally, the Management Network and the Data Network can be separate networks. Each
network can optionally carry a VLAN. When using separate VLANs, the VLAN configuration for the
Management Network is defined by the Management Network settings and the VLAN configuration
for the Data Network is defined by the Data Network settings.

Rubrik CDM Version 5.0 User Guide Overview 90


VLAN Tagging

The Rubrik cluster uses the Management Network and the Data Network to carry data that is
integral to cluster operations and interactions. The importance of these networks imposes
requirements on the actions described in Table 11.
Table 11 Special network VLAN requirements
Action Description
Configuration Management Network and the Data Network VLAN configuration can only be accomplished
by using one of the following methods:
• Specifying the VLAN settings during Rubrik cluster system setup using the Rubrik CLI.
• Using the CLI tool re_ip to reconfigure the network settings for the Rubrik cluster.
Bonding Interface bonding requires:
• The VLAN that is used by the Data Network must use bond0, the active/passive 10GbE
interfaces.
• When a single VLAN is used by both the Management Network and the Data Network,
both networks use bond0.
• When separate VLANs are used for each special network, the Data Network VLAN still
uses bond0 but the Management Network VLAN uses bond1, the active/passive 1GbE
interfaces.

VLAN settings for the Management Network and the Data Network must be configured using the
Rubrik CLI. This can be done during system setup, as described in the Rubrik CDM Install and
Upgrade Guide, or by using the re_ip tool after system setup, as described in Adding special
network VLANs after system setup.
When configuring VLAN settings for the Management Network and the Data Network after system
setup, take into consideration the following:
 All nodes must have an OK status.
 Changing an IP address, or multiple IP addresses, will involve an automatic reboot of each
affected node.
 Configuring the Management Network and the Data Network on two separate networks means
that network access must be available to both the 10GbE and the 1GbE interfaces.

Rubrik CDM Version 5.0 User Guide Overview 91


VLAN Tagging

Adding special network VLANs after system setup


Configure VLAN settings for the Management Network and the Data Network, after system setup,
by using the re_ip utility.

! IMPORTANT
Do not use the vlan_add utility to configure VLAN settings for the Management Network or
the Data Network.

The Rubrik CDM Install and Upgrade Guide describes how to use the Rubrik CLI to configure VLAN
settings for the Management Network and the Data Network.
1. Log in to the Rubrik cluster and check that all nodes have an OK status.
When any node in the Rubrik cluster does not have an OK status, make any corrections that
are required to return all nodes to an OK status before continuing this task.
2. On any node in the Rubrik cluster, open an SSH session:
ssh admin@<node_ip>
where <node_ip> is the IP address of a node.
3. At the password prompt, type the password for the admin account.
The Rubrik CLI prompt appears.
4. At the prompt, type:
re_ip
The re_ip utility starts.
5. At Management Gateway, type the IPv4 address of the network gateway for the
Management Network.
To use the existing gateway, press Enter.
6. At Management Subnet Mask, type the subnet mask for the Management Network.
To use the existing subnet mask, press Enter.
7. At Management VLAN, type a unique VLAN tag for the Management Network VLAN.
A valid VLAN tag is any integer from 2 to 4094. The tag must be unique within the network
trunk.
Many switches reserve VLAN 1 for the default native VLAN. To avoid conflicts with this setting,
select a VLAN tag other than VLAN 1.

Rubrik CDM Version 5.0 User Guide Adding special network VLANs after system setup 92
VLAN Tagging

! IMPORTANT
The following two optional steps create a separate network for the Data Network.
Creating a separate Data Network causes the Data Network to bond to the 10GbE
interfaces and the Management Network to bond to the 1GbE interfaces. To allow the
Management Network and the Data Network to share a network on the 10GbE
interfaces, skip these next two steps.

8. (Optional) At Data Subnet Mask, type the subnet mask for the Data Network.
Typing a subnet mask for the Data Network configures the Data Network to bond on the 10GbE
interfaces and the Management Network to bond on the 1GbE interfaces, and brings up the
Data VLAN prompt.
9. (Contingent) At Data VLAN, type a unique VLAN tag for the Data Network VLAN.
10.At Proceed with Re IP, Yes/No, type Yes.
The Rubrik cluster saves the new network configuration and reboots any nodes that have a
changed IP address.

Managing VLANs
Other than the special Management and Data networks, VLANs can be managed from the
command-line interface or from the Rubrik CDM web UI.

Adding VLANs from the command line


The Rubrik CLI provides tools to manage the creation of new VLANs for the cluster. Do not use the
tools in this section to create the special Management and Data VLANs.
1. On any node in the Rubrik cluster, open an SSH session:
ssh admin@<node_ip>
where <node_ip> is the IP address of a node.
2. At the password prompt, type the password for the admin account.
The Rubrik CLI prompt appears.
3. At the prompt, type:
vlan_add
The vlan_add utility starts.

Rubrik CDM Version 5.0 User Guide Managing VLANs 93


VLAN Tagging

4. At VLAN ID, type a unique VLAN tag.


A valid VLAN tag is any integer from 2 to 4094. The tag must be unique within the network
trunk.
Many switches reserve VLAN 1 for the default native VLAN. To avoid conflicts with this setting,
select a VLAN tag other than VLAN 1.
5. At Netmask, type the subnet mask for the network identified by the VLAN tag.
6. At Starting IP address, type an IPv4 address.
This IP address becomes the first IP address in the range allowed by the subnet mask and
identified by the VLAN tag. IP addresses from the allowed range are assigned to the nodes
sequentially starting with this IP address.
The Rubrik cluster saves the new network configuration. The Rubrik cluster routes all packets that
are tagged with the specified VLAN tag through the associated IP addresses.

Adding VLANs from the Rubrik CDM web UI


The Rubrik Rubrik CDM web UI provides tools to manage the creation of new VLANs for the
cluster. Do not use the tools in this section to create the special Management and Data VLANs.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Select Network Settings.
The Network Settings tab appears.
4. Click Interfaces.
The Interfaces tab appears.
5. Click Add VLAN.
The Add VLAN dialog box appears.
6. Enter the required information in the fields:
• VLAN ID
• VLAN Subnet Mask
• IP address of each node in the cluster
7. Click Add VLAN.
The Rubrik cluster saves the new network configuration. The Rubrik cluster routes all packets that
are tagged with the specified VLAN tag through the associated IP addresses.

Rubrik CDM Version 5.0 User Guide Managing VLANs 94


VLAN Tagging

Viewing VLANs from the Rubrik CLI


Use the Rubrik CLI vlan_list utility to view the VLANs that have been configured on a Rubrik
cluster.
1. On any node in the Rubrik cluster, open an SSH session:
ssh admin@<node_ip>
where <node_ip> is the IP address of a node.
2. At the password prompt, type the password for the admin account.
The Rubrik CLI prompt appears.
3. At the prompt, type:
vlan_list
The Rubrik CLI lists the VLAN tags that have been configured for the Rubrik cluster.

Viewing VLANs through the Rubrik CDM web UI


Use the Rubrik CDM web UI to view the VLANs that have been configured on a Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Select Network Settings.
The Network Settings page appears.
The lower pane of the Network Settings page lists the VLANs that have been configured on the
Rubrik cluster.

Removing a VLAN from the Rubrik CLI


Use the Rubrik CLI vlan_remove utility to remove a non-special VLAN that is no longer required.
Do not use this method to remove the VLAN assigned to the Management Network or to the Data
Network. Use the re_ip utility to make those changes.

Rubrik CDM Version 5.0 User Guide Managing VLANs 95


VLAN Tagging

! IMPORTANT
Before removing a VLAN, verify that the Rubrik cluster can be accessed on a network other
than the one being removed. Failure to do ensure alternate connectivity can result in the
Rubrik cluster losing network access when the VLAN is removed.

1. On any node in the Rubrik cluster, open an SSH session:


ssh admin@<node_ip>
where <node_ip> is the IP address of a node.
2. At the password prompt, type the password for the admin account.
The Rubrik CLI prompt appears.
3. At the prompt, type:
vlan_remove <VLAN-ID>
where <VLAN-ID> is the tag of the VLAN to remove.
The Rubrik cluster removes the specified VLAN. Network traffic with the specified VLAN tag is
routed through the native VLAN, if available. Otherwise, the traffic is not routed.

Removing a VLAN from the Rubrik CDM web UI


Use the Rubrik web to remove a non-special VLAN that is no longer required.
Do not use this method to remove the VLAN assigned to the Management Network or to the Data
Network. Use the re_ip utility to make those changes.

! IMPORTANT
Before removing a VLAN, verify that the Rubrik cluster can be accessed on a network other
than the one being removed. Failure to do ensure alternate connectivity can result in the
Rubrik cluster losing network access when the VLAN is removed.

1. Log in to the Rubrik CDM web UI.


2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Select Network Settings.
The Network Settings tab appears.
4. Click Interfaces.
The Interfaces tab appears.

Rubrik CDM Version 5.0 User Guide Managing VLANs 96


VLAN Tagging

5. Click Delete VLAN.


The Delete VLAN dialog box appears.
6. Select the VLAN to delete.
7. Click Delete VLAN.
The Rubrik cluster removes the specified VLAN. Network traffic with the specified VLAN tag is
routed through the native VLAN, if available. Otherwise, the traffic is not routed.

Rubrik CDM Version 5.0 User Guide Managing VLANs 97


Chapter 3
User Accounts

This chapter describes how to add user accounts, assign privileges, set up multifactor
authentication, and generate API tokens for authentication.
 Overview ................................................................................................................. 99
 Local Authentication................................................................................................ 102
 LDAP authentication................................................................................................ 105
 Privileges for End User accounts .............................................................................. 114
 Multifactor authentication ........................................................................................ 120
 API tokens ............................................................................................................. 123

Rubrik CDM Version 5.0 User Guide User Accounts 98


User Accounts

Overview
The Rubrik cluster authenticates Rubrik cluster user accounts at login. Authentication verifies that
the user account is known to the Rubrik cluster and that the correct user account name and
password were provided. After authentication, the Rubrik cluster uses the role and privileges
assigned to the user account to determine what actions are permitted during the session.

Authentication
The Rubrik cluster provides two separate methods for authenticating Rubrik cluster user accounts:
local authentication and LDAP authentication.
For local authentication, the Rubrik cluster validates the username and password typed in the
login fields against values in a database on the Rubrik cluster. When the login information matches
a user account in the database, the Rubrik cluster creates a session and assigns the role and
privileges of the user account to the session.
For LDAP authentication, the Rubrik cluster determines whether to create a session by
authenticating the username and password typed in the login screen with an available LDAP
directory server.
 If a Domain or Domain Display Name is specified during login, the Rubrik cluster attempts to
authenticate the user account against the specified domain. If the Rubrik cluster does not
recognize the specified domain, or if the user’s credentials are not valid for that domain, the
login fails.
 If the Domain or Domain Display Name field on the login screen is left empty, the Rubrik
cluster searches the local directory until it finds the username. If no match is found in the local
directory, the Rubrik cluster searches all available LDAP domains. If a match is found, the
Rubrik cluster assigns the role and privileges of the user account to the session.
Table 12 describes the similarities and differences of the authentication methods.
Table 12 Comparison of Local and LDAP authentication (page 1 of 3)
Feature Local LDAP
Available roles • Administrator Same as for local user
• End User
• No Access

Rubrik CDM Version 5.0 User Guide Overview 99


User Accounts

Table 12 Comparison of Local and LDAP authentication (page 2 of 3)


Feature Local LDAP
Local ‘admin’ account Yes No admin account is created for LDAP
created during The admin user account has the by the Rubrik cluster.
installation username ‘admin’ and the role of
Administrator. The admin user account
cannot be deleted or modified except to
change the password.
The password of the admin user
account in the Rubrik CDM web UI
matches the password of the admin
account in the Rubrik CLI.
Modified view for Rubrik cluster modifies the Rubrik CDM Same as for local user.
accounts with the web UI view to show only the resources
End User role applicable to the assigned privileges.
Show accounts with Yes No
the No Access role
Group authentication No Yes
Log in using credentials of a user
account that is a member of the group.
For the session, the Rubrik cluster
combines the privileges of the user
account with the privileges of all the
groups the user belongs to.
Delete account Yes No
Requires Administrator role. Once An Administrator can change the role of
deleted, the account is removed from an account to No Access to hide the
the list of users and groups account in the Rubrik CDM web UI, but
the account will not be deleted on the
LDAP server.
Create new account Yes No
Create new user account by adding: All group and user accounts must be
• username activated before they can be used to
• email address access the Rubrik cluster. From the UI,
search for a group account or user
• password account and change the role to activate
After creating a new user account, the the account.
account has the default role of No
Access.
Change account role Accounts with Administrator role can Same as for local user.
change the role of any other account,
except the local Admin User account.
If an account’s role is changed to End
User, at least one privilege must be
assigned.
Assign End User Requires Administrator role. Requires Administrator role.
privileges After creating an account, change the Change the group or user account role
account role to assign privileges. to assign privileges.

Rubrik CDM Version 5.0 User Guide Overview 100


User Accounts

Table 12 Comparison of Local and LDAP authentication (page 3 of 3)


Feature Local LDAP
Modify End User Requires Administrator role. Same as for local user.
privileges
Modify account Requires Administrator role. No
information Permitted account changes: Account information is controlled through
• email address the LDAP directory.
• password

Roles
Each user account and group account has one of three roles associated with it: Administrator, End
User, or No Access. Each role corresponds to a set of privileges that are enabled for the duration of
a session on the Rubrik cluster.
The Rubrik cluster enables the following privileges for each role:
 Administrator role – Full access to all Rubrik operations on all objects.
 End User role – For assigned objects: browse snapshots, recover files and Live Mount.
 No Access role – Cannot log in to Rubrik UI and cannot make REST API calls.

Note: When a local user account is first created, it is automatically assigned the No Access role.
To activate an account and grant a set of privileges, an administrator must change the role to
either End User or Administrator. LDAP directory accounts must also be activated before they can
access the Rubrik cluster.

The resources in a Rubrik cluster can be partitioned into independently managed collections
known as Tenant Organizations. Users in tenant organizations have privilege levels that are
managed by users with the Organization admin role.
Multitenant Organizations describes how to configure tenant organizations.

Viewing the Users and Groups page


The Rubrik cluster provides authentication and authorization information for accounts on the Users
and Groups page.
1. Log in to the Rubrik CDM web UI as the admin user or a user with the Administrator role.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.

Rubrik CDM Version 5.0 User Guide Overview 101


User Accounts

The Users and Groups page appears.


The Users and Groups tab lists the local user accounts and the LDAP user and group accounts
along with the following information:
 Directory (either local or the name of the LDAP directory) where user credentials are stored
 Username
 Email address
 Description
 Role assigned to each account
The Rubrik cluster displays local user accounts with the No Access role in the Rubrik CDM web UI.
However, the Rubrik cluster does not display LDAP user accounts with the No Access role.

Local Authentication
Local authentication uses information stored in a database on the Rubrik cluster to authenticate a
login.

Adding a local user account


Create a new local user account on the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users page appears.
4. Click Users and Groups > Add Local User.
The Add Local User dialog box appears.
5. In Username, type a user name for the new user account.
6. In Email Address, type a valid email address for the new user account.
The Rubrik cluster will send notification email and alert email to the email address.
7. In Password, type a password for the new user account.
8. In Re-enter Password, type the same password.

Rubrik CDM Version 5.0 User Guide Local Authentication 102


User Accounts

9. (Optional) Click Enable RSA SecurID to enable multifactor authentication using an RSA
SecurID server.

Note: An RSA SecurID server must be configured before it can be enabled. See Multifactor
authentication.

10.(If RSA SecurID is enabled) Select an RSA SecurID from the dropdown menu.
11.Click Add.
The Rubrik cluster adds the new local user account.
By default, the Rubrik cluster sets all new local user accounts to the No Access role. To permit the
account to access the Rubrik CDM web UI, change the assigned role to either Administrator or End
User, as described in Changing the role of a local user account.

Editing local user account information


Edit the email address and password for a local user account.
Before you begin — Create a local user account.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
5. Scroll the page or use the search field to locate a user account entry.
6. Open the ellipsis menu next to the user account entry and select Edit.
The Edit Local User dialog box appears.
7. (Optional) In Email Address, change the email address.
8. (Optional) In Update Password, type a new password.
9. (When password is changed) In Re-Enter Password, type the new password again.
10.(Optional) Change the setting for Enable RSA SecurID.
11.Click Update.
The Rubrik cluster stores the updated information and applies any change to the authorization
level of the account.

Rubrik CDM Version 5.0 User Guide Local Authentication 103


User Accounts

Changing the role of a local user account


Change the role that is assigned to a local user account.
Before you begin. Create a user account.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
5. Use the search field to locate a user.
6. Open the ellipsis menu next to the user account entry.
7. Select Manage Authorization.
The Manage Role dialog box appears.
8. In Roles, select a role for the user account.
When the End User role is selected, the Assigned Objects section appears. Privileges for End
User accounts describes how to use this section to assign object privileges to a user account
that has the End User role.
9. Click Update.
The Rubrik cluster applies the role change to the user account.

Removing a local user account


Remove Rubrik cluster authorization for a local user account and delete the account from the
Rubrik CDM web UI.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
5. Scroll the page or use the search field to locate a local user.

Rubrik CDM Version 5.0 User Guide Local Authentication 104


User Accounts

6. Open the ellipsis menu next to the local user account entry.
7. Select Delete.
The Delete User confirmation appears.
8. Click Delete.
The Rubrik cluster removes Rubrik cluster authorization for the selected user account and deletes
the account.

LDAP authentication
The Rubrik cluster uses LDAP to authenticate users who log in through the Rubrik CDM web UI
welcome screen. After a user is successfully authenticated, the Rubrik cluster controls
authorization through the user management system.
The Rubrik cluster connects to one or more LDAP servers through a service or bind account with
read access. This account permits the Rubrik cluster to search information about the user, such as
email address and group membership. To narrow the search to a specific location within the LDAP
directory tree, a Base DN can be provided. Search filters narrow the search even further by
identifying a specific group or users.
The Rubrik CDM web UI requests LDAP server information in three stages:
 Credentials - see Credentials for details.
 Servers, User & Group Settings - see Servers and User and Group settings for details.
 Multifactor Authentication - see Multifactor authentication for details on configuring an MFA
server before enabling a user for multifactor authentication.

Credentials
LDAP Credentials establish the starting point of an LDAP directory search for a user who is trying
to log in to the Rubrik cluster.
The Rubrik cluster uses the information shown in Table 13 in order to search for information about
an authenticated user in the LDAP directory structure and authenticate a user. Contact your LDAP
or Active Directory administrator for the actual values to use.
Table 13 LDAP credentials
Parameter Description
Domain or Name used by the Rubrik cluster when referring to this LDAP integration. Users can enter
Domain this name for the Domain when logging in on the welcome screen. Domain Display Name
Display can be an alias for the domain that is easier to remember than the full domain name.
Name This information is case insensitive.

Rubrik CDM Version 5.0 User Guide LDAP authentication 105


User Accounts

Table 13 LDAP credentials


Parameter Description
Base DN Indicates where to begin searching within the LDAP tree. If not specified, the Rubrik cluster
will begin searching at the root (defaultNamingContext).
Bind DN or User with read privileges that can be used to search the LDAP directory to obtain
Username information such as group membership.
Password Password for the account entered as the Bind DN or Username.
CA Certificate from the Certificate Authority (CA) that is used to validate the TLS certificate.
Certificates TLS validation is used when a TLS-capable LDAP server is explicitly chosen, or if the LDAP
server offers support for StartTLS.

The Rubrik cluster supports multiple LDAP domains; however, when a user provides a Domain or
Domain Display Name in the login screen, only that domain is searched for the user’s credentials.
The Rubrik cluster uses the LDAP information for authentication on the local Rubrik cluster only. To
enable LDAP authentication on another Rubrik cluster, log in to that Rubrik cluster and provide the
required information.
Logging in with an LDAP account describes how to log in to the Rubrik CDM web UI using an LDAP
account.
When an LDAP server cannot be reached, the Rubrik cluster rejects logins that authenticate
against that server. Until an LDAP server becomes available, the Users and Groups page will not
show authorization for any LDAP users or groups associated with that server.

Servers
The Rubrik cluster requires a list of one or more LDAP servers that it can search.
LDAP servers can be specified in two ways:
 Dynamic DNS name
 IP or hostname along with the associated port for each LDAP server
The Rubrik cluster first tries to connect to an LDAP server. If LDAP servers are not specified, or if
they are not responsive, the Rubrik cluster next tries to discover Global Catalog servers that
correspond to the dynamic DNS name by resolving DNS SRV records for _gc._tcp.<dynamic DNS
name>. If no Global Catalog servers are found, the Rubrik cluster tries to resolve DNS SRV records
for _ldap._tcp.<dynamic DNS name>.
If the discovered servers were active in port 686 (for LDAP) or port 3269 (for Global Catalog),
secure LDAP using TLS is automatically chosen. If the LDAP servers support StartTLS, then
StartTLS is automatically chosen.

Rubrik CDM Version 5.0 User Guide LDAP authentication 106


User Accounts

Note: To force the Rubrik cluster to connect using only the dynamic DNS name, leave the server
field empty.

User and Group settings


User settings specify how Rubrik determines who is a user, and what attributes to use when
mapping users to the respective LDAP directory.
Table 14 shows the user settings that define the scope of the search for users in a particular LDAP
directory.
Table 14 User settings
Field Description Default
Search Filter Query that specifies which users to (&(objectCategory=person)(objectClass=user)(
retrieve from the LDAP directory. !(useraccountcontrol:1.2.840.113556.1.4.803:=
2)))
Username Attribute that identifies the user. This sAMAccountName
Attribute attribute is compared to the username
entered in the login screen. For example,
in Active Directory the attribute is
sAMAccountName. Specify anr to enable
Microsoft’s Ambiguous Name Resolution.
Group Indicates groups that the user belongs to. memberOf
Membership
Attribute

Group seettings specify how groups are queried and identified.


Table 15 shows the group settings that focus the search on a group within a particular LDAP
directory.
Table 15 Group settings
Field Description Default
Search Filter Query that specifies which groups to (&(objectCategory=group))
retrieve from the LDAP directory.
Group Determines which members belong to a member
Member given group. For example, in Active
Attribute Directory, the attribute is member.

Rubrik CDM Version 5.0 User Guide LDAP authentication 107


User Accounts

Adding LDAP servers


Provide information about LDAP directory servers to a local Rubrik cluster so it can access the
LDAP directories in order to authenticate accounts.
Information is provided through the Rubrik CDM web UI in three stages:
 Credentials
 Servers, User and Group Settings
 Multifactor Authentication

Specifying credentials for an LDAP server


Before you begin. For each LDAP server domain, obtain the domain name along with the user
name and password of an account with read privileges for that domain.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
4. Select the LDAP Servers tab.
The LDAP server page appears.
5. Click Add LDAP Server.
The Add LDAP Server dialog appears, with the Credentials step highlighted.
6. In Domain or Domain Display Name, type the domain name associated with the set of
LDAP users.
7. (Optional) In Base DN, specify a DN where the Rubrik cluster should begin searching from
within the LDAP directory tree structure.
If this field is left blank, the Rubrik cluster begins searching at the root of the directory tree.
8. In Bind DN or Username, enter the credentials for a user with read privileges.
9. In Password, type the password for the account entered in the previous step.
10.(If the LDAP server requires a certificate for secure connections) In CA Certificates, provide
the Certificate Authority certificate for TLS certificate validation.
11.Click Next.
The Servers, Users & Group Settings step is highlighted.

Rubrik CDM Version 5.0 User Guide LDAP authentication 108


User Accounts

Specifying servers, user settings, and group settings


Once the Credentials page is filled in, specify one or more LDAP servers, and optionally, specify
user and group settings.
1. Click the Servers tab.
The Servers dialog opens.
2. (If using Dynamic DNS) In Dynamic DNS Name, enter the dynamic DNS name that publishes
the server.
3. (Optional) Add servers by providing the IP address or hostname and the port number for each
server.
4. (Optional) Select Use SSL connection if secure LDAP is used.
5. (Optional) Click the User Settings tab.
The User Settings dialog appears.
6. In the Search Filter field, enter a query that specifies which users to retrieve from the LDAP
directory.
7. In the Username Attribute field, enter the attribute that will be used when comparing to the
username entered in the login screen.
8. In the Group Membership Attribute field, enter the attribute that determines which groups
the user belongs to.
9. (Optional) Click the Group Settings tab.
10.In the Search Filter field, enter a query that specifies which groups to retrieve from the LDAP
directory.
11.In the Group Member Attribute field, enter the attribute used to determine which members
belong to a given group.
12.Click Next.
The Multifactor Authentication step is highlighted.

Enabling multifactor authentication


In the third step for adding an LDAP server, indicate whether multifactor authentication will be
used for the users in an LDAP directory.
1. (If at least one RSA SecurID server has been configured) Select the RSA SecurID server to use
for multifactor authentication.
See Configuring an RSA Authentication Manager connection and Configuring an RSA Cloud
Authentication Service connection for information on configuring an RSA SecurID server.

Rubrik CDM Version 5.0 User Guide LDAP authentication 109


User Accounts

2. Click Add.
The LDAP server is added to the list of servers.

Viewing LDAP server information


Review the list of LDAP servers associated with a Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users and Groups page appears.
4. Select the LDAP Servers tab.
The LDAP Servers page appears and lists the domain display name of each authentication domain
and whether multifactor authentication is enabled or disabled for that domain.

Deleting an LDAP server


Delete an LDAP server from the list of servers the Rubrik cluster can use to authenticate users.
Once the LDAP server is deleted, users authenticated from that server will not be able to log in.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users and Groups page appears.
4. Select the LDAP Servers tab.
5. Open the ellipsis menu for a listed LDAP display name.
6. Select Delete.
A warning dialog box appears.
7. Click Delete.

Rubrik CDM Version 5.0 User Guide LDAP authentication 110


User Accounts

User account and group account authorization


The Rubrik cluster uses LDAP server information to authenticate user account credentials at login.
After authentication, the Rubrik cluster uses the settings assigned to a user account or group
account and stored on the Rubrik cluster to determine which operations the user is authorized to
perform.

Note: When a user is added to a Rubrik cluster, the Rubrik cluster assigns the No Access role to
the account. Users with the No Access role cannot log in to the Rubrik cluster.

The Rubrik cluster does not display the accounts of LDAP users with the No Access role. Accounts
appear in the Rubrik CDM web UI when the account is activated on the Rubrik cluster by changing
the role to Administrator or End User. Activating a user account or group account describes how to
activate a user account or group account and assign a specific set of privileges.

Activating a user account or group account


Activate a user account or a group account on the local Rubrik cluster.
Activating a group account activates the individual accounts of all the group members and assigns
the group privileges to all members of a group.
Before you begin — Set up a local user account or add an LDAP user account as described in
Adding LDAP servers.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users page appears.
The Rubrik cluster hides user accounts that are not activated.
4. Click Grant Authorization.
The Grant Authorization dialog box appears.
5. In Directory, select a directory from the list.
6. In Search by Name, type the user name for a user account or the group name of a group
account.
The search field uses predictive search that begins displaying accounts when the first character
is typed. The search field matches the characters entered in the search field with all user
names and group names that contain the same sequence of characters.

Rubrik CDM Version 5.0 User Guide LDAP authentication 111


User Accounts

Continue to type characters to narrow down the results until the user name or group name
appears.
7. Select the user account or group account entry.
8. Click Continue.
The Manage Role dialog box appears.
9. In Role, select a role.
Selecting the End User role displays the Assigned Objects section.
10.(End User role only) In the Assigned Objects field, assign access to at least one object.
The objects that are assigned to an End User account can be edited after the user is added,
but at least one object must be selected for the account to appear on the Manage Users page.
For information about assigning objects to an account with the End User role refer to:
• Assigning virtual machines, folders, and clusters to an End User account
• Assigning SQL Server databases to an End User account
• Assigning Linux and Unix hosts and host filesets to an End User account
11.(End User role only) (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
12.Click Assign.
The Rubrik cluster enables the user account or group account and displays the account on the
Manage Users page.

Changing the role of an LDAP account


Change the role that is assigned to an LDAP user account or group account.
The Rubrik CDM web UI only displays LDAP accounts that have the Administrator role or the End
User role. To change the role of an LDAP account that has the No Access role, use the procedure
described in Activating a user account or group account.
Before you begin — Create a user account.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.

Rubrik CDM Version 5.0 User Guide LDAP authentication 112


User Accounts

The Users page appears.


4. Scroll the page or use the search field to locate a user.
5. Open the ellipsis menu next to the user account entry.
6. Select Manage Authorization.
The Manage Role dialog box appears.
7. In Roles, select a role for the user account.
When the End User role is selected, the Assigned Objects section appears.
8. (End User role only) In the Assigned Objects field, assign access to at least one object.
The objects assigned to an End User account can be edited after the user is added, but at least
one object must be selected for the account to appear on the Manage Users page.
For information about assigning objects to an account with the End User role refer to:
• Assigning virtual machines, folders, and clusters to an End User account
• Assigning SQL Server databases to an End User account
• Assigning Linux and Unix hosts and host filesets to an End User account
9. (End User role only) (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
10.Click Update.
The Rubrik cluster applies the role change to the user account.

Deactivating a user account or group account


Remove Rubrik cluster authorization for a user account or group account.
Removing a group account removes the group-level access of the users in the group but does not
change existing user account level access, if any.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users page appears.
4. Scroll the page or use the search field to locate a user account or group account

Rubrik CDM Version 5.0 User Guide LDAP authentication 113


User Accounts

5. Open the ellipsis menu next to the user account or group account entry.
6. Select Manage Authorization.
The Manage Role dialog box appears.
7. Select No Access.
8. Click Assign.
The Rubrik cluster removes Rubrik cluster authorization for the selected user account or group
account and hides the account.

Privileges for End User accounts


Accounts with the End User role can search and browse the backed up data from objects that are
assigned to them.
Any of the following types of objects in a Rubrik cluster can be assigned to an End User role:
 Virtual environment clusters
 Virtual environment folders
 Virtual machines
 SQL Server databases
 Linux and Unix hosts
 Linux and Unix filesets
 Windows hosts
 Windows filesets
 NAS hosts
 Managed volumes

Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 114
User Accounts

Table 16 describes the privileges that can be granted to a user account with the End User role.
Table 16 End User role privileges
Privilege type Description
Download data from Data download only from assigned object types:
backups • vSphere virtual machines
• Hyper-V virtual machines
• AHV virtual machines
• Linux & Unix hosts
• Windows hosts
• NAS hosts
• SQL Server databases
• Managed volumes
Live Mount or Export Live Mount or Export a snapshot only from specified virtual machines and only
virtual machine snapshot to specified target locations.
Export data from backups Export data only from specified source objects.
Restore data over source Write data from backups to the source location, overwriting existing data, only
for assigned objects, and only when ‘Allow overwrite of original’ is enabled for
the user account or group account.

Select a user with the End User role by using one of the methods in this section, then assign
objects to that user.

Inheritance of privileges
Privileges for an object can be inherited from the privilege assigned for a parent object. Privileges
for an object can also be inherited through membership in an LDAP group.
A privileged object can contain other objects. For example, a virtual environment cluster contains
virtual machines. Assigning the privilege for an object also assigns privileges for all objects
contained within the assigned object.
A user that is a member of an LDAP group adds the group’s privileges to the privileges held by the
user individually. A user that does not have a particular object specifically assigned to that user
gains privileges on that object if the user is a member of an LDAP group to which that object is
assigned.

Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 115
User Accounts

End User ability to overwrite original data during restores


User accounts and group accounts that have the End User role cannot restore data back to the
original source location. This default setting can be changed.
To allow an account with the End User role to restore data to the source location, enable the Allow
overwrite of original option for the user account or group account through the Manage Role dialog
box.
When enabled, the Allow overwrite of original option applies to all objects assigned to the account.

Assigning virtual machines, folders, and clusters to an End User account


Assign an End User account privileges for virtual machines, virtual environment folders, and virtual
environment clusters.
1. (Local account) Select a user account or group account.
Browse the account entries or use search to find and select an account entry.
2. (Local account) Open the ellipsis menu and click Manage Authorization.
3. (LDAP account) Click Grant Authorization and select the account.
4. In Roles, select End User.
The Assigned Objects section appears.
5. (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
6. In the Assigned Objects section, click the pencil icon in the Virtual Machines field.
The Select Virtual Machines dialog box appears, with the All VMs tab selected.
7. (Optional) To view folders, click the Folders tab.
To move down the hierarchy of a folder, click the value in the Name column.
8. (Optional) To view clusters and hosts, click the Clusters/Hosts tab.
To move down the hierarchy of a cluster or host, click the value in the Name column.
9. Select an entry.
Select multiple entries to assign privileges for all selected entries to the account.
10.Click Continue.
The Select Live Mount and Export Locations dialog box appears.
11.In All vCenters, select a vCenter Server.

Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 116
User Accounts

Select multiple vCenters to permit Live Mount and Export to all selected entries.
12.Click Continue.
The Manage Role dialog box displays.
13.Click Assign.
The Rubrik cluster stores the privileges for the selected account.

Assigning SQL Server databases to an End User account


Assign an End User account privileges for SQL Server hosts, SQL Server clusters, and SQL Server
databases.
1. (Local account) Select an user account or group account.
Browse the account entries. Or, use search to find and select an account entry.
2. (Local account) Open the ellipsis menu and click Manage Authorization.
3. (LDAP account) Click Grant Authorization and select the account.
4. In Roles, select End User.
The Assigned Objects section appears.
5. (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
6. In the Assigned Objects section, click the pencil icon in the SQL Server Databases field.
The Select SQL Databases pane displays, with the Hosts/Clusters tab selected.
To move down the hierarchy of a host or cluster, click the value in the Name column.
7. (Optional) To view all databases, select the All DBs tab.
8. Select an entry.
Select multiple entries to assign privileges for all selected entries to the account.
9. Click Continue.
The Select Export Locations dialog box appears.
10.(Optional) Select a Windows host or Windows cluster.
Select multiple hosts or clusters to permit the account to export to each selected location.
To prevent the account from exporting the selected SQL Server databases, do not select a host
or cluster.

Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 117
User Accounts

To move down the hierarchy of a host or cluster, click the value in the Name column.
11.Click Continue.
The Manage Role dialog box displays.
12.Click Assign.
The Rubrik cluster stores the privileges for the selected account.

Assigning Linux and Unix hosts and host filesets to an End User account
Assign an End User account privileges for a Linux or Unix host and host filesets.
1. (Local account) Select a user account or group account.
Browse the account entries. Or, use search to find and select an account entry.
2. (Local account) Open the ellipsis menu and click Manage Authorization.
3. (LDAP account) Click Grant Authorization and select the account.
4. In Roles, select End User.
The Assigned Objects section appears.
5. (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
6. In the Assigned Objects section, click the pencil icon in the Linux & Unix Hosts field.
The Select Linux & Unix Hosts dialog box appears.
7. (Optional) To view the filesets assigned to a host, click the value in the Name column.
8. Select an entry.
Select multiple entries to assign privileges for all selected entries to the account.
9. Click Continue.
The Select Export Locations pane appears.
10.Select a host.
Select multiple hosts to permit the account to export to each selected host.
11.Click Continue.
The Manage Role dialog box displays.
12.Click Assign.
The Rubrik cluster stores the privileges for the selected account.

Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 118
User Accounts

Assigning Windows hosts and host filesets to an End User account


Assign an End User account privileges for Windows hosts and for Windows host filesets.
1. (Local account) Select an user account or group account.
Browse the account entries or use search to find and select an account entry.
2. (Local account) Open the ellipsis menu and click Manage Authorization.
3. (LDAP account) Click Grant Authorization and select the account.
4. In Roles, select End User.
The Assigned Objects section appears.
5. (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
6. In the Assigned Objects section, click the pencil icon in the Windows Hosts field.
The Select Windows Hosts dialog box appears.
7. (Optional) To view the filesets assigned to a Windows host, click the value in the Name
column.
8. Select an entry.
Select multiple entries to assign privileges for all selected entries to the account.
9. Click Continue.
The Select Export Locations pane appears.
10.Select a Windows host.
Select multiple Windows hosts to permit the account to export to each selected host.
11.Click Continue.
The Manage Role dialog box displays.
12.Click Assign.
The Rubrik cluster stores the privileges for the selected account.

Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 119
User Accounts

Assigning NAS hosts to an End User account


Assign an End User account privileges for NAS hosts.
1. (Local account) Select an user account or group account.
Browse the account entries or use search to find and select an account entry.
2. (Local account) Open the ellipsis menu and click Manage Authorization.
3. (LDAP account) Click Grant Authorization and select the account.
4. In Roles, select End User.
The Assigned Objects section appears.
5. (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
6. In the Assigned Objects section, click the pencil icon in the NAS Hosts field.
The Select NAS Hosts dialog box appears.
7. In the All NAS Hosts section, select a NAS host.
Select multiple entries to assign privileges for all selected entries to the account.
8. Click Continue.
The Select Export Locations pane appears.
9. Select a NAS host.
Select multiple hosts to permit the account to export to each selected host.
10.Click Continue.
The Manage Role dialog box displays.
11.Click Assign.
The Rubrik cluster stores the privileges for the selected account.

Multifactor authentication
Multifactor authentication (MFA) adds one or more factors to the basic authentication process,
which prevents unauthorized users from accessing the Rubrik cluster.

Note: When multifactor authentication is required for a user, the Rubrik user’s username must
match the username stored in the MFA server.

Rubrik CDM Version 5.0 User Guide Multifactor authentication 120


User Accounts

If a user account is associated with an MFA server, that user will see an additional login screen
after signing in with username and password. Another authentication factor will be required, such
as a passcode, a PIN, or biometric data. The type of authentication factor, and the number of
factors required to authenticate to the Rubrik cluster, are determined by the configuration of the
MFA server.
If a user is enabled for multifactor authentication, and that user accesses Rubrik REST APIs from a
script, an API token must be generated from the Rubrik CDM web UI and inserted in the script.
See Generating an API token for instructions.

Multifactor authentication with RSA SecurID


The Rubrik cluster can integrate with two types of RSA SecurID integration servers by using REST
API calls: RSA Authentication Manager (on-premise) and RSA Authentication Server (cloud).
When the RSA Authentication Manager is enabled, it generates an Access Key and an Access ID.
The Rubrik cluster acts as an Authentication Agent, and requires the Access Key in order to
securely pass authentication requests to and from the RSA Authentication Manager. If the
Hash-based Message Authentication Code (HMAC) mode is used, the Rubrik cluster also requires
the Access ID.

Note: The Access Key is confidential. Copy this value to a secure location, and use it to configure
the RSA SecurID server from the Rubrik CDM web UI.

Configuring an RSA Authentication Manager connection


Set up an RSA Authentication Manager connection to provide an additional authentication
requirement when users log in to a Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users and Groups page appears.
4. Click the RSA SecurID tab.
The list of RSA SecurID servers appears.
5. Click Add RSA SecurID.
The Add RSA SecurID dialog appears.
6. In the Name field, enter a name to identify your RSA Authentication Manager.

Rubrik CDM Version 5.0 User Guide Multifactor authentication 121


User Accounts

7. In the Base URL field, enter your RSA Authentication Manager server’s REST API base URL.
8. In the RSA SecurID API Key field, enter the API Access Key that was generated when you
enabled RSA SecurID.
9. In the Client ID field, enter the host name or IP address of the Rubrik cluster, which acts as
the Authentication Agent.
10.(Optional) Enter the name of the assurance policy in the Assurance Policy Name field.
11.(If using HMAC mode) In the REST API Access ID field, enter the RSA Authentication
Manager server’s access ID that was generated when you enabled RSA SecurID.
12.(Optional) Download the RSA Authentication Manager server’s certificate and save it as a PEM
file. Copy its contents and paste into the CA Certificates window.
13.Click Add.
Once the RSA server is configured, verify that authentication is working by adding a test account.

Configuring an RSA Cloud Authentication Service connection


Set up an RSA Cloud Authentication service connection to provide an additional authentication
requirement when users log in to a Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Users.
The Users and Groups page appears.
4. Click the RSA SecurID tab.
The list of RSA SecurID servers appears.
5. Click Add RSA SecurID.
The Add RSA SecurID dialog appears.
6. In the Name field, enter a name to identify your RSA Cloud Authentication Service settings.
7. In the Base URL field, enter your RSA Cloud Authentication Service’s REST API base URL.
8. In the RSA SecurID API Key field, enter the API Access Key that was generated when you
enabled RSA SecurID.
9. In the Client ID field, enter the host name or IP address of the Rubrik cluster, which acts as
the Authentication Agent.

Rubrik CDM Version 5.0 User Guide Multifactor authentication 122


User Accounts

10.(If you have an assurance policy) Enter the name of the assurance policy in the Assurance
Policy Name field.
11.(Optional) Download the RSA Authentication Manager server’s certificate and save it as a PEM
file. Copy its contents and paste into the CA Certificates window.
12.Click Add.
Once the RSA server is configured, verify that authentication is working by adding a test account.

API tokens
API tokens are used in scripts to provide secure authentication, rather than hard-coding
credentials directly in the script and exposing them as clear text.
Tokens are generated directly from the Rubrik CDM web UI. When a token is generated, the user
can specify how long the token is valid, and supply a tag that can be used to identify its purpose.
For example, if a different token is generated for each script a user plans to run, the tag can
indicate the name of the script associated with that token.
If a token is accidentally exposed, the user who generated it can delete it from the Rubrik CDM
web UI, then generate a new token.

Note: Users cannot delete tokens generated by other users.

API Tokens have the same privileges as the user who generates them. For example, if a user with
the Administrator role generates an API token, that token has Administrator privileges.
Note that API tokens may not be used for the following purposes:
 Updating or deleting any MFA servers
 Creating new sessions or generating additional API tokens
 Creating new user accounts or updating user account information
 Updating user preferences
 Creating, updating, or deleting LDAP services

Generating an API token


Generate an API token for use in REST API scripts that run on the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the user icon on the top bar of the Rubrik CDM web UI and select API Token Manager.
The API Token Manager dialog appears.

Rubrik CDM Version 5.0 User Guide API tokens 123


User Accounts

3. Click the plus icon at the top right of the dialog.


The Generate API Token dialog appears.
4. In the Duration field, enter the number of days the token will be valid.
The default is 30 days.
5. In the Tag field, enter a name to distinguish this token from other tokens.
If no tag name is entered, the tag name will appear as API Token in the list of tokens.
6. Click Generate.
The Copy API Token dialog appears.
7. Click Copy and store the API token for future use.
The display shows a list of API token IDs (not the tokens themselves) along with their tag
names, expiration dates, and last activity.

Deleting an API token


Sometimes an API token must be deleted before it expires; for example, if the token is accidentally
exposed or shared with non-authorized users. In this situation, the compromised token can be
deleted and a new token can be generated.

! IMPORTANT
Use caution when deleting an API token. Once the token is deleted, all REST API calls that
use that token will fail.

Delete an API token so that it cannot be used in REST API calls to the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the user icon on the top bar of the Rubrik CDM web UI and select API Token Manager.
The API Token Manager dialog appears.
3. Open the ellipsis menu next to the API token to be deleted and select Delete.
The Delete API Token dialog appears with a warning message about the consequences of
deleting the token.
4. Click Delete.
The API token is removed from the list of API tokens

Rubrik CDM Version 5.0 User Guide API tokens 124


Chapter 4
Multitenant Organizations

This chapter discusses the management of tenant organizations in the following sections:
 Overview ............................................................................................................... 126
 Create a new tenant organization ............................................................................ 129
 Modifying an existing tenant organization ................................................................. 135
 Deleting a tenant organization ................................................................................. 136

Rubrik CDM Version 5.0 User Guide Multitenant Organizations 125


Multitenant Organizations

Overview
The multitenancy extension of the RBAC scheme enables a central organization to delegate
administrative capabilities to multiple tenant organizations.
Each tenant organization in a multitenant RBAC cluster has a subset of administrative privileges
defined by the global organization. The subset of administrative privileges also specifies the
cluster resources available to the tenant organization. The administrators of the tenant
organization can exercise these administrative privileges independently of each other and of the
cluster administrators.
Organizations must be set up by users with the Rubrik Administrator role. However, no additional
external privileges, such as specific Active Directory or Windows Domain permissions, are
required. See User Accounts for full details on RBAC administration and privilege levels.
A Rubrik cluster can have one central organization and any number of tenant organizations. An
organization is a collection of the following elements:
 Protected objects
 Replication and archival targets
 SLA Domains
 Local users
 Active Directory users and groups
 Service credentials
 Reports
A central organization is administered by a user with the Administrator role. The Administrator role
has access to all cluster resources and grants privileges to other users, including tenant
organization administrators.
Tenant organization administrators can create new local users in the tenant organization and
assign the End-user or No Access roles to those users.

Tenant organizations and reports


Tenant organizations have access to the default reports provided by the Rubrik Envision feature.
The report information is restricted to the resources assigned to the tenant organization.
When the user of a tenant organization creates a new custom report, that custom report is only
visible to other users or Active Directory (AD) groups in the tenant organization.
Reports provides detailed information about Rubrik Envision.

Rubrik CDM Version 5.0 User Guide Overview 126


Multitenant Organizations

Tenant organizations and SLA Domains


SLA Domains that are created outside of a tenant organization and assigned to that organization
cannot be altered by the users or AD groups of the tenant organization. SLA Domains that are
created by the users or AD groups in a tenant organization can be used outside the tenant
organization, but cannot be modified by users that are not members of the organization. Tenant
organization administrators can delete SLA Domains that were created by the users or AD groups
that belong to the organization. An SLA Domain that is assigned to any protectable object on the
cluster cannot be deleted.

Tenant organizations and Active Directory domains


A user with Administrator privileges over the Rubrik cluster can add users or AD groups to a tenant
organization. A tenant administrator can view the list of AD domains of the users or groups in the
tenant organization and manage privileges for those users.

Tenant organizations and users


A tenant administrator can manage privileges for existing cluster users that are assigned to the
organization by the cluster administrator, but cannot otherwise modify those users. A tenant
administrator with the privileges to manage users can create new local users within the tenant
organization and manage them. Tenant administrators cannot add existing cluster users, AD users,
or AD groups to tenant organizations.
Users with the end user role in an organization receive notifications about system activity on
objects assigned to those users. Tenant administrators receive notifications about system activity
that affects all of the objects in the tenant organization.

Multitenancy and Rubrik Envoy


Rubrik provides Rubrik Envoy to protect and maintain tenant virtual machines in secure and
isolated networks. Rubrik Envoy acts as a trusted managed service provider representing Rubrik
cluster in the tenant network.
Deploy Rubrik Envoy as a virtual appliance in a tenant network. Rubrik Envoy acts as a proxy
between the tenant network and the service provider network. After deployment, Rubrik Envoy
provides secure managed access between the tenant network and the network used by the Rubrik
cluster.
Rubrik Envoy allows service providers to offer backup-as-a-service (BaaS) in a multitenant
environment.
Rubrik Envoy supports protection of VMware virtual machines and filesets.

Rubrik CDM Version 5.0 User Guide Overview 127


Multitenant Organizations

Table 17 describes the features offered by Rubrik Envoy.


Table 17 Rubrik Envoy features
Feature Description
Proxy service • Rubrik Envoy acts as a proxy between the tenant network and the service
provider network.
• Rubrik Envoy works with the tenant virtual machines for application
quiescence.
• Rubrik Envoy orchestrates file restores between the tenant network and the
managed service provider network.
Secure managed access • Tenants can only access Rubrik CDM web UI via Rubrik Envoy.
• Tenants can only see and access objects that belongs to their organization
only.
Self-service recovery • Tenant admistrators can manage recovery through the self-service Rubrik
CDM web UI.

Rubrik Envoy Configuration Workflow


The following summarizes the deployment process of Rubrik Envoy:
 The global administrator downloads the Rubrik Envoy virtual machine OVA package and
creates a Rubrik Envoy virtual machine.
 Rubrik pre-installs the Rubrik Envoy agent on the Rubrik Envoy virtual machine.
 Rubrik cluster generates the certificate for Rubrik Envoy.
The Envoy agents for each organization within the Rubrik cluster share the same public-private
key pair.
 Rubrik administrator adds the Rubrik Envoy virtual machines to the Rubrik cluster.
Rubrik cluster identifies the Rubrik Envoy agents by the installed certificate on the agent.
 Rubrik cluster generates a separate public certificate of the Envoy virtual machine for Linux and
Windows agents.
 Tenants access Rubrik CDM web UI via Rubrik Envoy virtual machine.
 Tenants download the agent from the Rubrik CDM web UI.
 Rubrik acts as the agent server and sends request to the Rubrik Envoy agent.
The request contains details of the actual virtual machine.

Rubrik CDM Version 5.0 User Guide Overview 128


Multitenant Organizations

Create a new tenant organization


Create a new tenant organization by providing the Rubrik cluster with a name for the organization,
adding users, and assigning objects to be protected.
Only users with the Administrator role can create tenant organizations. For details on managing
user roles, see User Accounts.

Note: Users that are part of tenant organizations can have different levels of cluster and
organization privileges. Users with the “No Access” role at both cluster and organization levels are
unable to log in to the Rubrik cluster. A user with the “No Access” cluster role that is part of a
tenant organization must have the “End User” role or higher within that organization to
successfully log in to the Rubrik cluster.

Naming the organization and adding users or AD groups


The first steps in defining a tenant organization are assigning a name and adding users or AD
groups.
1. Log in to the Rubrik CDM web UI as a user with Administrator privileges.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Organizations.
The Organizations page appears.
4. Click Create Organization.
The Create Organization wizard appears.
5. Enter the name for the organization in the Organization Name field.
6. Click Next.
7. Select a domain from the Domain drop-down.
Valid domains are ‘local,’ for user accounts on the cluster, or any AD domains connected to the
cluster. An organization can contain users or AD groups from any number of separate domains.
8. Enter a search string in the Search by Name field to display a list of users and AD groups that
match the string.
9. Click Add for a user or AD group in the list to add that user or AD group to the organization.
10.(Optional) Select Organization Admin to grant a user or AD group the Organization Admin
privilege level.

Rubrik CDM Version 5.0 User Guide Create a new tenant organization 129
Multitenant Organizations

11.(Optional) Clear Create/Edit SLA to prevent a user or AD group with the Organization Admin
privilege level from creating or modifying an SLA Domain.
12.(Optional) Clear Manage Hosts to prevent a user or AD group with the Organization Admin
privilege level from managing hosts in the tenant organization.
13.(Optional) Clear Manage Users to prevent a user or AD group with the Organization Admin
privilege level from managing users and AD groups in the tenant organization.
14.Click Next.
The Protectable Objects section of the wizard appears, as shown in Figure 1.
Figure 1 Create Organization wizard - Protectable Objects section

Next task — Use the procedure in Protecting objects in an organization to continue creating the
organization.

Rubrik CDM Version 5.0 User Guide Create a new tenant organization 130
Multitenant Organizations

Protecting objects in an organization


Specify the organization objects to protect.
Before you begin. Complete the steps in Naming the organization and adding users or AD groups.
1. Log in to the Rubrik CDM web UI as a user with Administrator privileges.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Organizations.
The Organizations page appears.
4. Click Create Organization.
The Create Organization wizard appears.
5. On the Create Organization wizard, in the Protectable Objects section an object tab and select
the appropriate tab to add an object to the tenant organization.
To filter the lists on the tabs, enter a string in the “Search by Name” field.
6. Select the objects to include in the tenant organization from the list.
The number of selected objects next to the listed object type updates automatically.
7. Click Next.
The Other Resources section of the wizard displays.
Next task — Use the procedure in Assigning protection resources to a tenant organization to
continue creating the organization.

Assigning protection resources to a tenant organization


Finalize the creation of a tenant organization by assigning resources that can be used to provide
data management and protection.
Before you begin — Complete the procedures in Naming the organization and adding users or AD
groups and Protecting objects in an organization.
1. Log in to the Rubrik CDM web UI as a user with Administrator privileges.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Organizations.
The Organizations page appears.
4. Click Create Organization.

Rubrik CDM Version 5.0 User Guide Create a new tenant organization 131
Multitenant Organizations

The Create Organization wizard appears.


5. Open the Create Organization wizard at the Other Resources section.
6. (Optional) Click SLA Domains.
A list of available SLA Domains appears.
7. (Optional) Select the SLA Domains to assign to the tenant organization.
8. (Optional) Click Archival Locations.
A list of available archival locations appears.
9. (Optional) Select the archival locations to assign to the tenant organization.
10.(Optional) Click Replication Targets.
A list of available replication targets appears.
11.(Optional) Select the replication targets to assign to the tenant organization.
12.Click Next.
The Envoy section of the wizard displays.
Next task — Use the procedure in Configuring Rubrik Envoy to continue creating the organization.

Configuring Rubrik Envoy


Install, deploy, and configure the network of the Rubrik Envoy virtual appliance before connecting
it to the Rubrik cluster.
1. Log in to the Rubrik CDM web UI as a user with Administrator privileges.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Organizations.
The Organizations page appears.
4. Click Create Organization.
The Create Organization wizard appears.
5. Open the Create Organization wizard at the Envoy section.
6. Click on OVA package for Rubrik Envoy.
7. Download the file to your computer.
The browser downloads the OVA package to the selected location.

Rubrik CDM Version 5.0 User Guide Create a new tenant organization 132
Multitenant Organizations

8. On the vSphere Web Client, right-click on the host and click Deploy OVF Template to install
the OVA disk image.
9. Select the downloaded OVA file as the template, and click Continue.
The virtual machine configuration page appears.
10.Type a name for the virtual machine and click Save.
Rubrik cluster saves the settings of the virtual machine.
Refer to VMware documentation for information on how to configure a virtual appliance.
11.On the Rubrik Envoy virtual appliance, connect one network interface card (NIC) to the service
provider network and the other to the tenant network.
12.Click Finish.
The virtual appliance is deployed to the vSphere environment.
13.Log in to the Rubrik Envoy virtual machine with the username and password generated when
the OVA is being deployed to the specific Rubrik cluster.
You can find the username and password by clicking the information icon on the Rubrik CDM
web UI Envoy configuration page.
14.Open a terminal session on the host.
15.Use the sudoedit command to change the network configuration.
sudoedit /etc/network/interfaces
There can be different ways to set up the network interfaces, such as using static network
settings for both interfaces or using static network settings on one interface and dynamic
settings on the other interface. Sample configuration settings can be found in the text file
included with the OVA package. Such samples are for reference only and are not exhaustive.
16.Use the ifdown and ifup commands to restart the eth0 and eth1 interfaces.
sudo ifdown eth0
sudo ifdown eth1
sudo ifup eth0
sudo ifup eth1
17.Use the ifconfig command to check the network configuration.
ifconfig
18.Make note of the IP addresses of the eth0 and eth1 interfaces.
The Rubrik Envoy agents run on the Rubrik Envoy virtual appliance.

Rubrik CDM Version 5.0 User Guide Create a new tenant organization 133
Multitenant Organizations

Next task — Use the procedure in Connecting Rubrik Envoy to finish creating the organization.

Connecting Rubrik Envoy


Connect the Rubrik Envoy virtual appliance to the Rubrik cluster.
Before you begin — Complete the procedures in Naming the organization and adding users or AD
groups, Protecting objects in an organization, Assigning protection resources to a tenant
organization, and Configuring Rubrik Envoy.
1. Log in to the Rubrik CDM web UI as a user with Administrator privileges.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Organizations.
The Organizations page appears.
4. Click Create Organization.
The Create Organization wizard appears.
5. Open the Create Organization wizard at the Envoy section.
6. Select Connect to Rubrik Envoy.
The IP Address or Hostname and Port Number becomes available.
7. Type the IP address or hostname of the Envoy agent on the Rubrik cluster network.
This IP address is the IP address of the interface connected to the service provider network.
A list of available archival locations appears.
8. Type the port number of the port of which Rubrik Envoy accepts connections from the Rubrik
agents that can access the Rubrik CDM web UI.
9. Click Finish.
Rubrik cluster sends a request to the Rubrik Envoy virtual machine to create a NAT rule on the
virtual machine to forward requests from the tenant virtual machines to the Rubrik CDM web
UI. The NAT rule stores the Envoy IP address and port that are used for tenant virtual
machines to access the Rubrik CDM web UI.
Rubrik cluster connects the organization to Rubrik Envoy.

Rubrik CDM Version 5.0 User Guide Create a new tenant organization 134
Multitenant Organizations

Modifying an existing tenant organization


Modify the properties of a tenant organization.
1. Log in to the Rubrik CDM web UI as a user with the Administrator privilege level.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Organizations.
The Organizations page appears.
4. Select the ellipsis menu next to the organization to edit.
The ellipsis menu opens.
5. Select Edit from the ellipsis menu.
The Edit Organization page appears with the Organization Name section selected.
6. (Optional) Change the organization name by typing a new name in the Organization Name
field.
7. (Optional) Click Users at the top of the Edit Organization page to manage users or AD groups
in the organization.
Users or AD groups with the Organization Admin role and the Manage Users permission can
create local users and change privilege levels for users and AD groups.
8. (Optional) Edit users or AD groups.
Naming the organization and adding users or AD groups describes user and AD group
information.
9. (Optional) Click Protectable Objects at the top of the “Edit Organization” page to manage
the protectable objects assigned to the tenant organization.
Users or AD groups with the Organization Admin role can change which objects are assigned to
a tenant organization.
10.(Optional) Edit the protectable objects.
Protecting objects in an organization provides information about the protectable objects that
are assigned to a tenant organization.
11.(Optional) Click Other Resources at the top of the “Edit Organization” page to manage SLA
Domains, archival locations, or replication targets assigned to the tenant organization.
Users with the Organization Admin role and the Create/Edit SLA permission cannot modify SLA
Domains that are assigned to a tenant organization by users with the Global Admin role.

Rubrik CDM Version 5.0 User Guide Modifying an existing tenant organization 135
Multitenant Organizations

12.(Optional) Follow the steps in Assigning protection resources to a tenant organization to edit
the resources that are assigned to a tenant organization.
13.(Optional) Click Envoy at the top of the “Edit Organization” page to edit the IP address and
port assigned to the tenant organization.
This IP address is the IP address of the interface connected to the service provider network.
14.Click Finish.
The Rubrik cluster modifies the tenant organization.

Deleting a tenant organization


Remove a tenant organization from the Rubrik cluster.
1. Log in to the Rubrik CDM web UI as a user with Administrator privileges.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Organizations.
The Organizations page appears.
4. Select the ellipsis menu next to the organization to delete.
The ellipsis menu opens.
5. Select Delete from the ellipsis menu.
A confirmation dialog appears.
6. Click Delete.
The Rubrik cluster deletes the organization definition.

Effects of deleting a tenant organization


Deleting a tenant organization from a Rubrik cluster has the following effects on the data objects
that comprise the organization:
 Users and AD groups in the organization have their privilege level set to “No Access”.
 SLA Domains created within the tenant organization persist.
 All other protectable elements remain unmodified.
 When Rubrik Envoy is configured, the Envoy virtual machine persists and stores the metadata
for the deleted tenant organization.

Rubrik CDM Version 5.0 User Guide Deleting a tenant organization 136
Chapter 5
Protection Policies

This chapter describes the SLA Domain feature and the available protection policies.
 SLA Domain overview ............................................................................................. 138
 Default SLA Domains .............................................................................................. 139
 Custom SLA Domains .............................................................................................. 140
 Snapshot window ................................................................................................... 146
 First full backup ...................................................................................................... 147
 SLA Domain changes .............................................................................................. 149
 Delete an SLA Domain ............................................................................................ 153
 Local SLA Domain management............................................................................... 154
 Local SLA Domain page........................................................................................... 155

Rubrik CDM Version 5.0 User Guide Protection Policies 137


Protection Policies

SLA Domain overview


Protecting data that exists in production environments is an ongoing challenge for most
organizations. The ease of deploying new virtual machines, applications, and hosts increases the
burden of correctly configuring and applying enterprise policies for back up, replication, and
archiving of data. Legacy tools that are not optimized for virtual environments further increase the
cost, complexity, and risk associated with these policies.
Service Level Agreements (SLAs) through the Rubrik SLA Domain feature addresses these
challenges by unifying data protection policies under a single policy engine. The SLA Domain
feature provides a configurable set of policies that can be applied to groups of virtual machines,
applications, and hosts to achieve specific data protection objectives.
The SLA Domains feature represents an easy-to-configure container for data protection policies.
Table 18 provides an overview of those policies.
Table 18 Data protection policies available through the SLA Domain feature
Policy Description
Snapshot and backup Directs the Rubrik cluster when to create point-in-time snapshots and backups
frequency and retention of data sources and how long to keep the data.
Replication Directs the Rubrik cluster to send replicas of source snapshots and backups to
a target Rubrik cluster and defines the maximum time to keep the replica.
Archiving Directs the Rubrik cluster to move snapshot and backup data to a separate
data storage system for long-term retention.

The SLA Domains feature simplifies data protection. Rubrik provides Gold, Silver, and Bronze
default SLA Domains that are ready for immediate use.
For example, an enterprise can choose to protect mission-critical databases with the data backup,
retention, replication, and archival policies specified in the Gold SLA Domain and protect web
servers through the policies defined in the Bronze SLA Domain.
Custom SLA Domains can be quickly and easily created. Create custom SLA Domains to apply to
groups of data sources. Use the custom SLA Domains to meet the data protection and retention
requirements of different groups of virtual machines, applications, and file system hosts.

Rubrik CDM Version 5.0 User Guide SLA Domain overview 138
Protection Policies

For each protected data source, SLA Domain policies generally result in the protection objects that
are described in Table 19.
Table 19 Data protection objects created by SLA Domain policies
Object Description
Snapshot An application consistent, point-in-time backup of a data source.
Replica Copy of a snapshot that resides on a remote Rubrik cluster that is designated as the
replication target.
Archival snapshot Copy of a snapshot that resides on a secondary storage host.

Default SLA Domains


Rubrik CDM has three default local SLA Domains.
 Gold
 Silver
 Bronze
These policies have the archival policy and the replication policy disabled, do not have a Snapshot
Window, and do not set a Take First Full Snapshot time.
The additional default SLA rules assigned to these SLA Domains are described in Table 20.
Table 20 SLA rules for the default SLA Domains
Name Hourly Daily Monthly Yearly
Gold Create snapshot Pick the last Pick last successful Pick last successful
every 4 hours successful snapshot snapshot every month snapshot every year
Retain for 3 days every day and retain it and retain it for 1 year and retain it for 2
for 32 days years
Silver Create snapshot Pick the last Pick last successful Pick last successful
every 12 hours successful snapshot snapshot every month snapshot every year
Retain for 3 days every day and retain it and retain it for 1 year and retain it for 2
for 32 days years
Bronze None Create snapshot Pick last successful Pick last successful
every day and retain it snapshot every month snapshot every year
for 32 days and retain it for 1 year and retain it for 2
years

Rubrik CDM Version 5.0 User Guide Default SLA Domains 139
Protection Policies

Custom SLA Domains


Custom SLA Domains provide the ability to create sets of data protection policies that meet the
requirements of various groups of data sources in an enterprise.
The SLA rules shown in this example specify the following policies:
• Hourly Rule – Create a snapshot every 4 hours and retain it for 3 days.
Based on this rule, the Rubrik cluster creates and retains at least 18 snapshots in the system.
Up to 24 snapshots may be retained in the system to account for daily expiration boundaries.
• Daily Rule – Pick the last successful snapshot created during a day and retain it for seven
days.
For this rule, the Rubrik cluster creates six snapshots every day and retains the last successful
snapshot created during a day for seven days.
• Monthly Rule – Pick the last successful snapshot created during a month and retain it for a
year.
For this rule, the Rubrik cluster retains the last successful snapshot created during the month
for a year.
• Yearly Rule – Pick the last successful snapshot created during a year and retain it for 2 years.
For this rule, the Rubrik cluster retains the last successful snapshot created during the year for
two years.

Service Level Agreement


The Service Level Agreement section defines the frequency with which snapshots are created and
how long snapshots are retained.
The Rubrik cluster creates snapshots to satisfy the smallest frequency that is specified by the SLA
rules of the SLA Domain.
For example, when the Hourly rule specifies the smallest frequency, the Rubrik cluster creates
snapshots based on the settings of the Hourly rule. However, when the Daily rule specifies the
smallest frequency, the Rubrik cluster creates snapshots based on the settings of the Daily rule.
The Rubrik cluster uses each rule that specifies a frequency that is larger than the smallest to
determine snapshot expiration.

Rubrik CDM Version 5.0 User Guide Custom SLA Domains 140
Protection Policies

Table 21 describes the frequency and retention rule types available in the Service Level Agreement
section.
Table 21 Rule types in the Service Level Agreement sectiona
Rule type Frequency Retention
Hourly Every n0 hours For n1 days
Daily Every n2 days For n3 days
Monthly Every n4 months For n5 years
Yearly Every n6 years For n7 years
a. The variables n0-n7 represent a user assigned number that defines a period in the associated units.

Table 22 describes the frequency and retention rule types available in the advanced Service Level
Agreement section.
Table 22 Rule types in the advanced Service Level Agreement sectiona
Rule type Frequency Retention
Hourly Every n0 hours For n1 days or n2 weeks
Daily Every n3 days For n4 days or n5 weeks
Weekly Every n6 weeks For n7 weeks
(On specified day of week)
Monthly Every n8 months For n9 months, n10 quarters, or n11 years
(On the first, 15th. or last day of the month)
Quarterly Every n12 quarters For n13 quarters or n14 years
Begin Quarter in (specify month)
(On the first or last day of the quarter)
Yearly Every n15 years For n16 years
Begin Year (specify month)
(On the first or last day of the year)
a. The variables n0-n16 represent a user assigned number that defines a period in the associated units.

For each rule type, the rule that initiates the creation of the retained snapshot is the rule type that
specifies the smallest frequency, such as the hourly rule. This occurs when a snapshot that is
initiated by another rule is the last successful snapshot for the defined period.
Each of the rule types described in Table 21 is referred to as an SLA Rule. Any snapshot created
based on an SLA Rule is referred to as a policy driven snapshot.

Rubrik CDM Version 5.0 User Guide Custom SLA Domains 141
Protection Policies

Base Frequency
The Base Frequency of an SLA Domain is the frequency at which snapshots must be created to
comply with all of the rules specified for the SLA Domain.
In general:
 The Base Frequency normally corresponds to the frequency specified by the Hourly Rule.
 When there is no Hourly Rule, the Base Frequency normally corresponds to the frequency
specified in the Daily Rule.
 When both the Hourly Rule and the Daily Rule are not defined, the Base Frequency
corresponds to the frequency specified in the Monthly Rule.
 When the Yearly Rule is the only rule defined, the base frequency corresponds to the frequency
specified in that rule.

Local retention period


The Rubrik cluster retains a snapshot or backup locally for the period specified by the SLA Domain.
By default, the period is the time specified by each rule.
For an SLA Domain, the maximum retention period is the longest period that is specified by any of
the rules. By default, a Rubrik CDM device retains data locally, on the device, up to the maximum
retention period. For a Rubrik CDM device with reduced storage capacity, such as a Rubrik Edge,
retaining data up to the maximum retention period can result in rapidly filling up storage capacity.
After setting an archival policy, a replication policy, or both, the local retention period can be
shortened from the default maximum retention period. Shortening the local retention period can
be used to reduce the storage requirements of the Rubrik CDM device.
On Rubrik Edge, for example, snapshots and backups could be retained for only a few days locally
and retained for a much longer period on a physical Rubrik cluster that is configured as the
replication target.

SLA Domain name


An SLA Domain name must meet the following requirements:
 Is unique in the local Rubrik cluster namespace
 Consists of any combination of the following characters: alphanumeric, blank space, hyphen,
and underscore
 Contains at least one character

Rubrik CDM Version 5.0 User Guide Custom SLA Domains 142
Protection Policies

Creating a custom SLA Domain


Create a custom SLA Domain with policies that meet specific SLA requirements.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Click the blue + icon.
The first page of the Create SLA Domain dialog box appears.
4. In SLA Domain Name, type a name for the new SLA Domain.
The name must comply with the requirements described in SLA Domain name.
5. (Optional) Create an Hourly Rule by completing both of the following:
Simplified method:
• In Take Snapshots: Every (Hours), type an interval, in hours, for creating Hourly Rule
snapshots
• In Keep Snapshots: For (Days), type an interval, in days, to retain Hourly Rule
snapshots
Advanced method:
• In Take Snapshots: Every (Hours), type an interval, in hours, for creating Hourly Rule
snapshots
• In Keep Snapshots: For (Days) or (Weeks), type an interval, in days or weeks, to
retain Hourly Rule snapshots
6. (Optional) Create a Daily Rule by completing both of the following:
Simplified method:
• In Take Snapshots: Every (Days), type an interval, in days, for creating Daily Rule
snapshots
• In Keep Snapshots: For (Days), type an interval, in days, to retain Daily Rule snapshots
Advanced method:
• In Take Snapshots: Every (Days), type an interval, in days, for creating Daily Rule
snapshots
• In Keep Snapshots: For (Days) or (Weeks), type an interval, in days or weeks, to
retain Daily Rule snapshots

Rubrik CDM Version 5.0 User Guide Custom SLA Domains 143
Protection Policies

7. (Optional) Create a Weekly Rule by completing both of the following:


Advanced method:
• In Take Snapshots: Every (Weeks), type an interval, in months, for creating Weekly
Rule snapshots
• In On: (Day of Week), specify the day of the week to create the snapshot
• In the upper Keep Snapshots: For (Weeks) field, type an interval, in years, to retain
Weekly Rule snapshots
8. (Optional) Create a Monthly Rule by completing both of the following:
Simplified method:
• In Take Snapshots: Every (Months), type an interval, in months, for creating Monthly
Rule snapshots
• In the upper Keep Snapshots: For (Years) field, type an interval, in years, to retain
Monthly Rule snapshots
Advanced method:
• In Take Snapshots: Every (Months), type an interval, in months, for creating Monthly
Rule snapshots
• In On: (Day of Month), specify the first, 15th or last day of the month to create the
Monthly Rule snapshot
• In Begin Quarter in: (Month) specify the month that indicates the start of the first
quarter for the Monthly Rule snapshot
• In the upper Keep Snapshots: For (Months) (Quarters) or (Years) field, type an
interval, in months, quarters, years, to retain Monthly Rule snapshots
9. (Optional) Create a Quarterly Rule by completing both of the following:
Advanced method:
• In Take Snapshots: Every (Quarters), type an interval, in quarters, for creating
Quarterly Rule snapshots
• In On:(Day of Week), specify the day of the week to create the Quarterly Rule snapshot
• In the upper Keep Snapshots: For (Weeks) field, type an interval, in years, to retain
Quarterly Rule snapshots

Rubrik CDM Version 5.0 User Guide Custom SLA Domains 144
Protection Policies

10.(Optional) Create a Yearly Rule by completing both of the following:


Simplified method:
• In Take Snapshots: Every (Years), type an interval, in years, for creating Yearly Rule
snapshots
• In the lower Keep Snapshots: For (Years) field, type an interval, in days, to retain Yearly
Rule snapshots
Advanced method:
• In Take Snapshots: Every (Years), type an interval, in years, for creating Yearly Rule
snapshots
• In On: (First or Last Day of Year), specify the first or last day of the year to create the
Yearly Rule snapshot
• In Begin Year in: (Month) specify the month that indicates the start of the year
• In the upper Keep Snapshots: For (Years) field, type an interval, in years, to retain
Yearly Rule snapshots

Note: The maximum local retention period changes to the maximum retention period specified
in the SLA rules.

11.(Optional) Create a snapshot window for the SLA Domain.


Configuring a snapshot window describes how to configure a snapshot window that creates
snapshots for the data sources that are assigned to the SLA Domain.
12.(Optional) Specify a first full snapshot and backup time for the SLA Domain.
Configuring a first full time describes how to specify a first full snapshot and backup time for an
SLA Domain.
13.Click Configure Remote Settings.
The second page of the Create SLA Domain dialog box appears.
Specify at least one SLA rule to enable Configure Remote Settings.
14.(Optional) Create an archival policy for the SLA Domain.
Archival policy describes how to create an archival policy for an SLA Domain.
15.(Optional) Create a Replication Retention policy for the SLA Domain.
Replication policy describes how to create a replication retention policy for an SLA Domain.
16.(Optional) In Retention On Brik, specify a local retention period for the SLA Domain.

Rubrik CDM Version 5.0 User Guide Custom SLA Domains 145
Protection Policies

Move the slider to set the local retention period for the SLA Domain. The setting can be from 0
day up to the maximum local retention period defined in the SLA rules.

Note: An archival policy, a replication policy, or both must be specified before the local
retention period can be adjusted.

Local retention period provides information about the local retention period.
17.Click Create.
The Rubrik cluster creates the new SLA Domain and adds it to the Local SLA Domains page.
Next task — Assign data sources to the SLA Domain.

Snapshot window
A custom SLA Domain can optionally provide a snapshot window. A snapshot window defines a
period during each day when the Rubrik cluster is permitted to create snapshots for the data
sources that are assigned to the SLA Domain.

! IMPORTANT
When a backup is running and the current Snapshot Window closes, any currently running
backup will be allowed to complete, but no new backup job will be allowed to start.

Configuring a snapshot window


Configure a snapshot window for an SLA Domain when creating a custom SLA Domain or when
editing an SLA Domain.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify the snapshot window for an SLA Domain:
• For a new custom SLA Domain, click the blue + icon and configure the SLA rules, as
described in Creating a custom SLA Domain.
• For an existing SLA Domain, on the Local SLA Domains page, select the SLA Domain. The
properties page for the selected SLA Domain appears. Open the ellipsis menu, and select
Edit.
The Snapshot Window section appears near the bottom of the dialog box.

Rubrik CDM Version 5.0 User Guide Snapshot window 146


Protection Policies

4. In Take Snapshots From, click the left box and select the beginning time for the snapshot
window.
The Rubrik cluster waits until the specified time to initiate policy-based snapshots for this SLA
Domain.
5. In Take Snapshots From, click the right box and select the ending time for the snapshot
window.
The Rubrik cluster will not initiate policy-based snapshots for this SLA Domain after this time.
6. Complete any other changes and click Create (new SLA Domains) or Update (existing SLA
Domains).
The Rubrik cluster adds the snapshot window to the SLA Domain. The Rubrik cluster creates
snapshots for the SLA Domain only during the specified period each day.

First full backup


A custom SLA Domain can optionally provide a first full window. The Rubrik cluster waits until the
first full window before initiating the first full snapshots or backups of data sources that are
assigned to the SLA Domain.
For data sources that are added outside of the period that allows first fulls, the Rubrik cluster
initiates the first full at the next occurrence of the first full window.
The Rubrik cluster ignores a snapshot window for a first full, and instead uses the first full window
to determine whether to initiate a first full.
The default value for this field is First Opportunity. When an SLA Domain is configured to take the
first full at the first opportunity, the Rubrik cluster initiates the first full when a data source is
added. For the First Opportunity setting only, when a snapshot window is specified, the Rubrik
cluster waits until the next available snapshot window.
After a first full is created for a data source, subsequent snapshots or backups of that data source
are created based on the SLA Domain rules, including any snapshot window setting.

Rubrik CDM Version 5.0 User Guide First full backup 147
Protection Policies

Configuring a first full time


Configure a first full time for an SLA Domain when creating a custom SLA Domain or when editing
an SLA Domain.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify the first full time for an SLA Domain:
• For a new custom SLA Domain, click the blue + icon and configure the SLA rules, as
described in Creating a custom SLA Domain.
• For an existing SLA Domain, on the Local SLA Domains page, select the SLA Domain. The
properties page for the selected SLA Domain appears. Open the ellipsis menu, and select
Edit.
The Snapshot Window section appears near the bottom of the dialog box.
On the Take first full between line, the default value First Opportunity appears in the left box.
4. On the Take first full between line, click the left box and select a day of the week.
The selection specifies the first day of each week when the Rubrik cluster can initiate first full
snapshots and backups.
After entering a value, fields for specifying the end of the time range appear.
5. On the Take first full between line, click the right box and select a time of the day.
The selection specifies the time of day when the Rubrik cluster can initiate first full snapshots
and backups.
6. On the second line, click the left box and select a day of the week.
The selection specifies the last day of each week when the Rubrik cluster can initiate first full
snapshots and backups.
7. On the second line, click the right box and select a time of the day.
The selection specifies the time of day when the Rubrik cluster stops initiating first full
snapshots and backups.
8. Complete any other changes and click Create (new SLA Domains) or Update (existing SLA
Domains).
The Rubrik cluster adds the first full policy to the SLA Domain, and initiates first full snapshots and
backups, for data sources that are awaiting a first full, at the next occurrence of the selected day
and hour.

Rubrik CDM Version 5.0 User Guide First full backup 148
Protection Policies

SLA Domain changes


To make changes to the policies of a local SLA Domain, open that SLA Domain for editing. Only
local SLA Domains can be edited.
Remote SLA Domains provide information in a read-only format. To edit an SLA Domain that
appears as a remote SLA Domain, log in to the Rubrik cluster on which the SLA Domain is local.
Changing the settings of an existing SLA Domain will cause changes to the data protection
provided by the SLA Domain.

Editing an SLA Domain


Edit an existing local SLA Domain to change the data protection that is provided. Consider the
consequences of planned changes before applying the changes.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. On the Local SLA Domains page, select the SLA Domain.
The properties page for the selected SLA Domain appears.
4. Open the ellipsis menu, and select Edit.
The Edit SLA Domain dialog box appears.
5. Make changes to the SLA rules, the archival policy, and the replication policy.
6. Click Update.
The Rubrik cluster stores the new policies and rules for the SLA Domain. The following sections
describe the potential consequences of various SLA Domain changes.

Base Frequency changes


Editing the SLA rules can change the frequency with which snapshots are created. When changes
to the frequency impact the Base Frequency of the SLA Domain, all future snapshots are created
using the new Base Frequency.

Rubrik CDM Version 5.0 User Guide SLA Domain changes 149
Protection Policies

Base Frequency increased


Increasing the Base Frequency causes the SLA Domain to create new snapshots based on the
higher frequency. When the retention periods are unchanged, there are no changes to existing
snapshots.
Since the system cannot increase the frequency with which snapshots were taken in the past,
increasing the snapshot creation frequency for an SLA Domain can cause all the virtual machines
being protected by the SLA Domain to be out of compliance. The frequency of the existing
snapshots may not be sufficient to meet the requirements of the new policy.
Example 2 describes the results of increasing the base frequency of an SLA Domain.

Example 2 Increasing Base Frequency


Edits are made to an SLA Domain to increase the Base Frequency by making the following SLA
rules changes:
• Old Hourly Rule – Create one snapshot every six hours and retain it for three days.
• New Hourly Rule – Create one snapshot every three hours and retain it for three days.
These edits result in the following impact to snapshots:
• Existing snapshots – No change.
• New snapshots – Snapshots are created based on the higher frequency specified in the new
Hourly Rule, once every three hours instead of every six hours.

Base Frequency decreased


Decreasing the snapshot creation frequency causes all new policy driven snapshots associated
with the SLA Domain to be created based on the lower frequency.
The Rubrik cluster also applies a decreased Base Frequency to existing snapshots. Applying the
decreased Base Frequency causes some of the existing snapshots to expire automatically.
Automatic expiration occurs when an existing snapshot is not required for compliance with the
new policy.
Automatic expiration applies to existing snapshots on the local Rubrik cluster, archival snapshots
on the archival location, and replicas on the target replication cluster.

Rubrik CDM Version 5.0 User Guide SLA Domain changes 150
Protection Policies

Example 3 describes the results of decreasing the base frequency of an SLA Domain.

Example 3 Decreasing Base Frequency


Edits are made to an SLA Domain to decrease the Base Frequency by making the following SLA
rules changes:
• Old Hourly Rule – Create one snapshot every three hours and retain it for three days.
• New Hourly Rule – Create one snapshot every six hours and retain it for three days.
These edits result in the following impact to snapshots:
• Existing snapshots – Some existing snapshots expire automatically because retention of these
snapshots is not required for compliance with the new lower frequency.
• New snapshots – Snapshots are created based on the lower frequency specified in the new
Hourly Rule (for instance, once every 6 hours instead of every 3 hours).

Retention Changes
Editing the SLA rules can change the retention period associated with snapshots. The new
retention period is applied to existing snapshots and to new snapshots. Edits can increase or
decrease retention period. In both cases, existing snapshots are impacted by the edits.

Snapshot retention period increased


Increasing the retention period causes the Rubrik cluster to retain all new snapshots and all
existing snapshots for the new longer retention period.
Example 4 provides an example of an SLA Domain that is edited to increase the snapshot retention
period.

Example 4 Increasing snapshot retention


Edits are made to an SLA Domain to increase the snapshot retention period by making the
following SLA rules changes:
• Old Hourly Rule – Create one snapshot every four hours and retain it for three days.
• New Hourly Rule – Create one snapshot every four hours and retain it for five days.
These edits result in the following impact to snapshots:
• Existing Snapshots – Retained for five days instead of three days.
• New Snapshots – Retained for five days.

Rubrik CDM Version 5.0 User Guide SLA Domain changes 151
Protection Policies

Snapshot retention decreased


Decreasing the retention period causes the Rubrik cluster to retain new snapshots for the shorter
retention period. The Rubrik cluster also applies the new retention period to existing snapshots.
Some existing snapshots expire automatically because they are not required for compliance with
the new policy.
Example 5 provides an example of an SLA Domain that is edited to decrease the snapshot
retention period.

Example 5 Decreasing snapshot retention


Edits are made to an SLA Domain to decrease the snapshot retention period by making the
following SLA rules changes:
• Old Hourly Rule – Create one snapshot every four hours and retain it for seven days.
• New Hourly Rule – Create snapshot every four hours and retain it for four days.
These edits result in the following impact to snapshots:
• Existing snapshots – Some existing snapshots expire automatically as they are not required for
compliance with the shorter retention period.
• New snapshots – Retained for 4 days.

Impact of retention changes on archival policy and replication policy


When the retention period associated with any SLA Rule is changed, it can potentially trigger an
automatic change of an SLA Domain’s existing Archival and Replication policies.
These changes are described in the following sections:
 Archival policy changes
 Replication policy changes
Before changing the retention period of an SLA Rule, consider the automatic changes to archival
policy and replication policy that result from the change.

Snapshot window changes


Changing the snapshot window causes the Rubrik cluster to use the new snapshot window when
creating new snapshots.

Rubrik CDM Version 5.0 User Guide SLA Domain changes 152
Protection Policies

Take first full changes


Changing the time specified by the Take first full field causes the Rubrik cluster to wait until the
specified time before creating the first full snapshot or backup of newly added data sources. When
a snapshot window is specified, the Rubrik cluster creates the first full during the next available
snapshot window after the specified Take first full time.

Delete an SLA Domain


Deleting an SLA Domain deletes the SLA rules, archival policy, and replication policy specified for
the SLA Domain and removes the SLA Domain from the list of local SLA Domains.
The Rubrik CDM web UI only permits the deletion of a local SLA Domain that has no assigned data
sources.
Remote SLA Domains provide information in a read-only format. To delete an SLA Domain that
appears as a remote SLA Domain, log in to the Rubrik cluster on which the SLA Domain is local.
Information about a remote SLA Domain is removed from the Rubrik CDM web UI of the target
Rubrik cluster when either of the following is true:
 The remote SLA Domain does not protect any virtual machines.
 The remote SLA Domain’s replication policy is disabled.

Deleting an SLA Domain


Delete an SLA Domain to remove all of its SLA rules and policies.
Before you begin — Remove all data sources that are assigned to the SLA Domain. An SLA
Domain cannot be deleted when data sources are assigned to it.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. On the Local SLA Domains page, select the SLA Domain.
The properties page for the selected SLA Domain appears.

Rubrik CDM Version 5.0 User Guide Delete an SLA Domain 153
Protection Policies

4. Open the ellipsis menu, and select Delete.


The Delete SLA Domain confirmation message appears.

Note: When data sources are assigned to the SLA Domain, a warning message appears. Click
OK to acknowledge the message. To delete the SLA Domain, first remove the data sources that
are assigned to the SLA Domain.

5. Click Delete.

Local SLA Domain management


The Rubrik cluster provides management information and tasks for local SLA Domains. A local SLA
Domain is an SLA Domain that is created on the local Rubrik cluster.
The Local SLA Domains page provides general information about all the local SLA Domains.

Viewing all local SLA Domains


Access the Local SLA Domains page to view general information about all local SLA Domains.
1. Log in to the Rubrik CDM web UI of a selected Rubrik cluster.
A local Rubrik cluster session starts on the selected Rubrik cluster.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.

Information on the Local SLA Domains page


The Local SLA Domains page provides information on a local SLA Domain.
Table 23 describes the information available on the Local SLA Domains page.
Sort the information in ascending or descending order by clicking on one of the columns headings.
Table 23 Columns on the Local SLA Domains page (page 1 of 2)
Column heading Description
Name Name assigned to the local SLA Domain.
Base Frequency The rate at which snapshots are created as a result of all of the SLA rules of the SLA
Domain.
Object Count Combined total number of source objects that are protected by the SLA Domain.
Archival Location Name of the archival location that is assigned to the SLA Domain.

Rubrik CDM Version 5.0 User Guide Local SLA Domain management 154
Protection Policies

Table 23 Columns on the Local SLA Domains page (page 2 of 2)


Column heading Description
Replication Target Name of the replication target that is assigned to the SLA Domain, or None.

Searching for a local SLA Domain


Use the search field on the Local SLA Domains page to find a specific local SLA Domain or group of
local SLA Domains.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. In the search box of the Local SLA Domains page, type a text string.
The Rubrik cluster provides a list of the local SLA Domains that have a name that contains the
search string.

Local SLA Domain page


The Rubrik cluster provides a specific page for each local SLA Domain. The page provides details
about a local SLA Domain in a set of information cards.
The page also provides the ability to edit the local SLA Domain and to delete the local SLA Domain,
as described in Editing an SLA Domain and Deleting an SLA Domain.

Viewing a local SLA Domain page


To see details about a local SLA Domain, view the page for that local SLA Domain.
1. Log in to the Rubrik CDM web UI of a selected Rubrik cluster.
A local Rubrik cluster session starts on the selected Rubrik cluster.
2. On left-side menu, select SLA Domains > Local Domains.
The page for the local SLA Domain appears
3. On the page, click a local SLA Domain entry.
The page of the selected local SLA Domain appears.

Rubrik CDM Version 5.0 User Guide Local SLA Domain page 155
Protection Policies

Information provided for a local SLA Domain


Table 24 describes information that the Rubrik cluster provides through the cards on the page for
a local SLA Domain.
Table 24 Information on the page for a local SLA Domain (page 1 of 2)
Information card Element or field Description
SLA Domain Policy Quick view of the SLA rules specified by the local SLA domain.
Take Column listing of the Hourly, Daily, Monthly, and Yearly rules of
snapshot frequency.
Keep Column listing of the Hourly, Daily, Monthly, and Yearly rules of
snapshot retention.
Snapshot Window The Snapshot Window for the SLA Domain.
Replication Replication retention policy of the SLA Domain.
Retention Policy
Archival Policy Archival policy of the SLA Domain.
Storage Donut graph Quick view of the occupied and free space on the local Rubrik
cluster. Click legend entries to include or exclude them from the
graphic. The graphic always starts at the top and runs clockwise
with the segments displayed in order by size from largest to
smallest.
This domain Color-highlighted graphical indication of the portion of the total
storage space on the local Rubrik cluster that is occupied by
data associated with the selected local SLA Domain. Hover
over This domain to highlight that section in the graphic.
Other domains Color-highlighted graphical indication of the portion of the total
storage space on the local Rubrik cluster that is occupied by
data from other local SLA Domains. Hover over Other
domains to highlight that section in the graphic.
Unprotected Color-highlighted graphical indication of the portion of the total
storage space on the local Rubrik cluster that is occupied by
data from unprotected virtual machines. Hover over
Unprotected to highlight that section in the graphic.
Available Color-highlighted graphical indication of the portion of the total
storage space on the local Rubrik cluster that is free. Hover
over Available to highlight that section in the graphic.
Line graph Shows the storage ramp up over time, from 30 days to the
present.

Rubrik CDM Version 5.0 User Guide Local SLA Domain page 156
Protection Policies

Table 24 Information on the page for a local SLA Domain (page 2 of 2)


Information card Element or field Description
Source list Drop down list Selection list to choose a type of data source. Open the list to
select a data source type:
• vSphere VMs
• Hyper-V VMs
• AHV VMs
• Linux & Unix Hosts
• Windows Hosts
• NAS Shares
• SQL Server DBs
• Managed Volumes
Search field Search field that permits a text string search of the names of all
data sources that are protected by the selected local SLA
Domain. Search is confined to the currently selected data
source.
Name Name of a protected data source.
Location Location or host of the protected data source.

Rubrik CDM Version 5.0 User Guide Local SLA Domain page 157
Chapter 6
Replication

This chapter provides information about replication policy, setting up replication, and using the
replication feature.
 Replication overview ............................................................................................... 159
 Replication target setup .......................................................................................... 160
 Replication policy.................................................................................................... 166
 Replication policy changes....................................................................................... 168
 Manage Replications page ....................................................................................... 170
 Replication monitoring and reporting........................................................................ 171
 Remote SLA Domains.............................................................................................. 172
 Remote data sources .............................................................................................. 175

Rubrik CDM Version 5.0 User Guide Replication 158


Replication

Replication overview
When a replication policy is enabled for a local SLA Domain, the local Rubrik cluster (source Rubrik
cluster) rapidly copies snapshot and backup data for that SLA Domain to a remote Rubrik cluster
(target Rubrik cluster).
A source Rubrik cluster and a target Rubrik cluster use the Transport Layer Security (TLS) protocol
to encrypt all replication data-in-flight.
A Rubrik cluster can have multiple target Rubrik clusters. Each SLA Domain on the source can
direct replication to the target that best accomplishes business goals.
Also, a Rubrik cluster can be the target for many source Rubrik clusters.
When issues interfere with the network connection between the source Rubrik cluster and a target
Rubrik cluster, the replication task is retried. The Rubrik cluster retries the task every 30 seconds,
with up to 20 retries. This provides the ability to handle up to 10 minutes of network downtime
before the task fails.

! IMPORTANT
When constraints, such as limited bandwidth, interfere with the completion of all of the
replication tasks that are specified for an SLA Domain, the Rubrik cluster may skip
replication of older snapshots and backups to ensure that the newest data is successfully
replicated.

Replication policy workflow


Adding a replication policy to an SLA Domain follows a set workflow.
The replication workflow is:
1. Set up a target Rubrik cluster.
2. Enable replication for the SLA Domain.
3. Select a target Rubrik cluster.
4. Select the retention period for the data on the target.
5. Optionally, modify the retention period for the data that is retained locally on the source Rubrik
cluster.

Rubrik CDM Version 5.0 User Guide Replication overview 159


Replication

Replication target setup


A Rubrik cluster can replicate data to target Rubrik clusters. To use a Rubrik cluster as a replication
target, the source Rubrik cluster must be provided with information about the target.
A Rubrik cluster can have multiple target Rubrik clusters. An SLA Domain on the Rubrik cluster can
be set up to use any one of the available targets.
After at least one target Rubrik cluster is successfully set up, the source Rubrik cluster makes
replication policy settings available for local SLA Domains.
Communication between the source Rubrik cluster and the target Rubrik cluster can use either of
the following addressing methods:
 Network address translation (NAT)
 Private network

Note: IP addresses for the source and target clusters must be static in order for replication to
work properly. Floating IP addresses cannot be used.

Replication using NAT


To perform replication, a source Rubrik cluster can optionally communicate with a target Rubrik
cluster by using NAT.
When using replication over NAT, the source Rubrik cluster sends data packets destined for the
target Rubrik cluster using the following method:
 The source Rubrik cluster sends the data packet to a specified port on the gateway for the
target Rubrik cluster.
The specified port is a port reserved for routing for replication requests and acknowledgments.
 The gateway device forwards the data packet to one of the private IP addresses that is
assigned to a node on the target Rubrik cluster.
 The target Rubrik cluster provides the data packet to the appropriate service and node on the
target Rubrik cluster.

Rubrik CDM Version 5.0 User Guide Replication target setup 160
Replication

The process is reversed for data packets sent from the target Rubrik cluster to the source Rubrik
cluster:
 The target Rubrik cluster sends the data packet to a specified port on the gateway for the
source Rubrik cluster.
 The gateway device forwards the data packet to one of the private IP addresses that is
assigned to a node on the source Rubrik cluster.
 The source Rubrik cluster provides the data packet to the appropriate service and node on the
source Rubrik cluster.

Rubrik CDM Version 5.0 User Guide Replication target setup 161
Replication

Figure 2 shows an example replication using NAT configuration.


Figure 2 Replication using NAT

Figure 3 Example of settings for NAT

Rubrik CDM Version 5.0 User Guide Replication target setup 162
Replication

To use replication with NAT, follow the requirements described in Table 25.
Table 25 Requirements for replication using NAT
Requirement Description
Assigned ports on the target Assign incoming ports on the target gateway specifically for the
gateway replication processes. Each dedicated “replication” port on the target
gateway receives data packets from the source Rubrik cluster. A
minimum of one “replication” port on the target gateway is required, up to
a maximum of the number of Rubrik nodes on the target Rubrik cluster.
To provide redundancy, Rubrik recommends at least two “replication”
ports on the target gateway.
Port forwarding rules on the The target gateway uses port forwarding rules to forward the data
target gateway packets received on a target gateway “replication” port. The target
gateway forwards the data packets to port 7785 of the associated private
IP address that is assigned to a Rubrik node on the target Rubrik cluster.
Assigned ports on the source Assign incoming ports on the source gateway specifically for the
gateway replication processes. Each dedicated “replication” port on the source
gateway receives data packets from the target Rubrik cluster. A minimum
of one “replication” port on the source gateway is required, up to a
maximum of the number of Rubrik nodes on the source Rubrik cluster. To
provide redundancy, Rubrik recommends at least two “replication” ports
on the source gateway.
Port forwarding rules on the The source gateway uses port forwarding rules to forward the data
source gateway packets received on a source gateway “replication” port. The source
gateway forwards the data packets to port 7785 of the associated private
IP address that is assigned to a Rubrik node on the source Rubrik
cluster.

Address mapping
When setting up replication using NAT, communication between the source Rubrik cluster and the
target Rubrik cluster can use either of the following addressing methods:
 One-to-one Network Address Translation (NAT)
Rubrik cluster utilizes a pool of public addresses that are mapped one-to-one to the private
addresses.
 One-to-multiple Port Address Translation (PAT)
PAT is an extension to NAT that permits multiple private addresses and ports to be mapped to
a single public address.
Rubrik cluster utilizes a single public address and multiple ports that are mapped to multiple
private addresses. Each private address is associated with a “replication” port.

Rubrik CDM Version 5.0 User Guide Replication target setup 163
Replication

Setting up replication using NAT


Provide the source Rubrik cluster with the required information to enable replication using NAT.
Before you begin — For source and target, make available the gateway ports and port forwarding
rules that are described in Table 25.
1. Log in to the Rubrik CDM web UI on the source Rubrik cluster.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Replication Targets.
The Manage Replication page appears.
4. Click the blue + icon.
The Add Remote Cluster dialog box appears.
5. Select NAT.
The NAT view of the Add Remote Cluster dialog box appears.
Figure 2 shows an example replication using NAT configuration.
6. In Source Gateway IP, type the local IPv4 address of the source gateway device.
Use the public IPv4 address of the source gateway device that sends replicated data to the
target gateway device.
7. In Target Gateway IP, type the local IPv4 address of the target gateway device.
Use the public IPv4 address of the target gateway device that receives replicated data from the
source gateway device.
8. In Source Gateway Ports, type a comma-separated list of the ports on the source gateway
that are specified for Rubrik cluster replication.
There must be at least one port, and no more ports than the number of Rubrik nodes on the
source Rubrik cluster. For each port, the gateway must have a port forwarding rule that directs
data packets to the IP address of a Rubrik node on the source Rubrik cluster.
9. In Target Gateway Ports, type a comma-separated list of the ports on the target gateway
that are specified for Rubrik cluster replication.
There must be at least one port, and no more ports than the number of Rubrik nodes on the
target Rubrik cluster. For each port, the gateway must have a port forwarding rule that directs
data packets to the IP address of a Rubrik node on the target Rubrik cluster.
10.In Target Cluster Username, type the username for an account on the target Rubrik cluster
that has the Admin role.

Rubrik CDM Version 5.0 User Guide Replication target setup 164
Replication

11.In Target Cluster Password, type the password for the account.
The source Rubrik cluster tests the replication information.
After a successful test, the source Rubrik cluster adds the replication relationship to the
Replication Clusters section of the Manage Replication page. The target Rubrik cluster also adds
the replication relationship to its Manage Replication page.

Replication using a private network


To perform replication, a source Rubrik cluster can optionally communicate with a target Rubrik
cluster through a private network.
To replicate to a target Rubrik cluster through a private network, the source Rubrik cluster sends
data packets to the static IPv4 address of the target Rubrik cluster, and the target Rubrik cluster
sends data packets to the static IPv4 address of the source Rubrik cluster.

Note: When private IPv4 addressing is used, this method carries the potential for IP address
conflicts between the source Rubrik cluster and the target Rubrik cluster. To avoid this problem, be
sure each cluster uses different static IPv4 addresses.

Setting up replication using a private network


Provide the source Rubrik cluster with the required information about the target Rubrik cluster to
enable replication over a private network.
Before you begin. For the source and the target, ensure that the network meets the port
requirements described in Ports.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Replication Targets.
The Manage Replication page appears.
4. Click the blue + icon.
The static address view of the Add Remote Cluster dialog appears.
5. In Target Cluster IP, type one of the IPv4 addresses of the target Rubrik cluster.
Do not use a floating IP address for the target cluster IP.
6. In Target Cluster Username, type the username for an account on the target Rubrik cluster
that has the Admin role.

Rubrik CDM Version 5.0 User Guide Replication target setup 165
Replication

7. In Target Cluster Password, type the password for the account.


8. Click Add.
The source Rubrik cluster tests the replication information.
After a successful test, the source Rubrik cluster adds the replication relationship to the
Replication Clusters section of the Manage Replication page. The target Rubrik cluster also adds
the replication relationship to its Manage Replication page.

Removing a replication target


Remove a replication target to prevent replication to that target.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Replication Targets.
The Manage Replication page appears.
4. In the Replication Clusters section, open the ellipsis menu next to the name of the target
Rubrik cluster.
5. Click Delete.
A confirmation message appears.
6. Click OK.
The local Rubrik cluster removes the replication target.
7. Manually remove or change the replication policies of the SLA Domains that used that target.
After removing a target, the replicas on that target become unmanaged objects. The replicas must
be manually managed through the Snapshot Retention page of the target Rubrik cluster.

Replication policy
Enable a replication policy for an SLA Domain to replicate the snapshot and backup data of the
source objects that are protected by the SLA Domain.
A replication policy specifies a replication target and determines how long replicas are kept on the
target. Replication policy is optional for an SLA Domain.

Rubrik CDM Version 5.0 User Guide Replication policy 166


Replication

After enabling a replication policy, a slider provides two alternative settings that determine how
long replicas are kept. The first alternative specifies that only the most recent replica is kept. The
second alternative specifies that replicas are kept for the retention period that is specified by the
slider’s position, up to the Maximum Retention Period of the SLA Domain.
Table 26 describes the alternative slider position settings.
Table 26 Replication retention slider settings
Slider setting Replica retention
Far left, null position Retained until another replica is created.
Any position except the far left The period defined by the position of the slider, up to the Maximum
Retention Period of the SLA Domain

When a replication policy is set, the Rubrik cluster immediately begins creating replicas of
unexpired snapshots and backups. Snapshots or backups that existed before the replication target
was added to the Rubrik cluster are not replicated.

Configuring replication policy for an SLA Domain


Configure the replication policy for an SLA Domain when creating a custom SLA Domain or when
editing any SLA Domain.
Before you begin — Configure at least one replication target for the Rubrik cluster, as described in
Replication target setup.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify a replication policy for an SLA Domain:
• For a new custom SLA Domain, click the blue + icon and configure the other fields on the
Create New SLA Domain dialog box, as described in Creating a custom SLA Domain.
• For an existing SLA Domain, on the Local SLA Domains page, select the SLA Domain. The
properties page for the selected SLA Domain appears. Open the ellipsis menu, and select
Edit.
4. Complete the Service Level Agreement for the SLA Domain.
Creating a custom SLA Domain describes this task.
5. Click Remote Settings.
The second page of the Create SLA Domain dialog box appears.
6. In Replication, click the toggle.

Rubrik CDM Version 5.0 User Guide Replication policy 167


Replication

The replication slider becomes available.


7. Open the drop down list and select a replication target.
8. Do one of the following with the replication slider:
• Leave the slider in the leftmost position.
This position specifies that only the most recent replica is kept on the target Rubrik cluster.
• Move the slider to the right to define a replication retention period.
The selected position defines the maximum time that a replica is kept on the target Rubrik
cluster.
9. Complete any other changes.
For example, change the Retention On Brik setting, as described in Creating a custom SLA
Domain.
10.Click Create or Edit.
The Rubrik cluster adds the replication policy to the SLA Domain and applies it to the existing
snapshots or backups and the new snapshots or backups for data sources that are assigned to the
SLA Domain.

Replication policy changes


Editing an SLA Domain can result in a variety of changes that impact the replication policy. These
changes can determine how long the Rubrik cluster retains replication snapshots or backups on a
target cluster and which replication snapshots or backups are automatically expired by the Rubrik
cluster.
Possible changes that can impact an replication policy include:
 Replication policy disabled
 Replication policy re-enabled
 Replication retention period increased
 Replication retention period decreased

Replication policy disabled


When the replication policy is disabled, the Rubrik cluster does not create additional replicas on
the target Rubrik cluster.
Replicas on the target Rubrik cluster that existed before the replication policy was disabled remain
on the target. Manage these replicas through the Snapshot Retention page of the target Rubrik
cluster. Retention Management describes how to use the Snapshot Retention page.

Rubrik CDM Version 5.0 User Guide Replication policy changes 168
Replication

Replication policy re-enabled


When a replication policy is disabled and then re-enabled, the Rubrik cluster does not create
replicas for existing snapshots and backups.
When the replication policy for an SLA Domain is re-enabled, the Rubrik cluster immediately
initiates replication tasks to push replicas for the newest snapshots and backups to the target
Rubrik cluster.
Replicas that exist from before the replication policy was disabled are managed again when the
policy is re-enabled. The Rubrik cluster manages these existing replicas based on the current SLA
rules and replication retention period.

Replication retention period increased


Changes to the SLA rules can cause an automatic increase in the replication retention period.
When this happens, the Rubrik cluster applies the new higher replication retention period to all
replicas on the target Rubrik cluster and the Rubrik cluster continues to manage the replicas based
on the SLA rules.

Replication retention period decreased


Changes to the SLA rules can cause an automatic decrease in the replication retention period.
When the replication retention period is decreased, the Rubrik cluster applies the new lower
replication retention period to all replicas on the target Rubrik cluster and the Rubrik cluster
continues to manage the replicas based on the SLA rules.

Rubrik CDM Version 5.0 User Guide Replication policy changes 169
Replication

Manage Replications page


The Manage Replication page provides summary information about the replication associations of
the local Rubrik cluster.

Viewing the Manage Replication page


Use the Manage Replication page to view summary information about the replication associations
of the local Rubrik cluster.
Before you begin. Configure a replication target Rubrik cluster, as described in Manage
Replications page.
1. Log in to the Rubrik CDM web UI.
2. On the top action bar, click the gear icon.
3. On the menu, select Replication Targets.
The Manage Replication page appears and provides two sections of information:
 for Replication
 Replication Clusters

For Replication section


The for Replication section of the Manage Replication page provides historical information about
network bandwidth consumption due to replication activities.
Two line charts display the network bandwidth consumption, for the previous 24 hours, in a
multiple of bits per second.
The Incoming chart displays the incoming network bandwidth consumption caused by replication
to the local Rubrik cluster from all source Rubrik clusters.
The Outgoing chart displays the outgoing network bandwidth consumption caused by replication
activity from the local Rubrik cluster to all target Rubrik clusters.

Replication Clusters section


The Replication Clusters section of the Manage Replication page provides information cards for
each of the replication associations of the local Rubrik cluster.
Each card displays the local Rubrik cluster on the left-side and a remote Rubrik cluster on the
right-side. The card provides information about the replication association between the two Rubrik
clusters.

Rubrik CDM Version 5.0 User Guide Manage Replications page 170
Replication

The information cards in the Replication Clusters section use symbols to indicate the replication
configuration between the two Rubrik clusters, either unidirectional or bidirectional.
In addition to the replication configuration symbol, the information card provides the information
described in Table 27.
The information on the card is presented from the perspective of the local Rubrik cluster. The card
does not provide all replication information or the remote Rubrik cluster, only the information from
the association between the two clusters.
Table 27 Information provided by the Replication Clusters information card
Field Local section Remote section
Data Total amount of data replicated by the Total amount of data replicated by
remote Rubrik cluster to the local the local Rubrik cluster to the remote
Rubrik cluster. Rubrik cluster.
When the remote Rubrik cluster is the When the local Rubrik cluster is the
target of a unidirectional replication target of a unidirectional replication
association this section is empty. association this section is empty.
SLA Domains The number of remote SLA Domains The number of local SLA Domains
that replicate data to the local Rubrik that replicate data to the remote
cluster. Rubrik cluster.
Objects The number of remote objects that are The number of local objects that are
replicated to the local Rubrik cluster. replicated to the remote Rubrik
cluster.

Replication monitoring and reporting


The Rubrik cluster provides information about replication tasks on the target Rubrik cluster in the
following locations:
 Activity Log
 Operational Tasks report

Replication tasks in the Activity Log


The target Rubrik cluster provides real-time monitoring of replication activity. Activity Log
describes the Activity log.
After a source Rubrik cluster generates a snapshot for a virtual machine, the source Rubrik cluster
begins replicating that snapshot to the target Rubrik cluster. The Activity Log on the target Rubrik
cluster lists an entry for the replication task.
View only replication tasks in the Activity Log by setting Replication in the Type filter.

Rubrik CDM Version 5.0 User Guide Replication monitoring and reporting 171
Replication

Replication tasks in the Protection Tasks Summary report


The target Rubrik cluster provides a virtual machine-oriented view of the success and failure of
completed replication tasks in the Protection Tasks Summary report.
On the Protection Tasks Summary report, in Filter Type, choose Replication to see all replication
task results for the selected period. Protection Tasks Summary report describes the Protection
Tasks Summary report.

Remote SLA Domains


A remote SLA Domain is an SLA Domain that was created on a Rubrik cluster other than the local
Rubrik cluster. Remote SLA Domains appear on a local Rubrik cluster when the local Rubrik cluster
is a replication target.

Viewing all remote SLA Domains


Access the Remote SLA Domains page to view general information about all remote SLA Domains.
1. Log in to the Rubrik CDM web UI of a selected Rubrik cluster.
A local Rubrik cluster session starts on the selected Rubrik cluster.
2. On the left-side menu, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.

Information on the Remote SLA Domains page


The Remote SLA Domains page provides read-only information that is described in the following
table. Sort the information in an ascending or descending order by clicking on one of the columns
headings.
Table 28 describes the information that is provided by the Remote SLA Domains page.
Table 28 Columns on the Remote SLA Domains page
Column heading Description
Name Name of the remote SLA Domain.
Remote Cluster Name of the remote Rubrik cluster.
Base Frequency The rate at which snapshots and backups are created as a result of all of the SLA
rules of the remote SLA Domain.
Object Count Total number of objects that are protected through the remote SLA Domain.
Replication Retention Replication retention period specified by the remote SLA Domain.

Rubrik CDM Version 5.0 User Guide Remote SLA Domains 172
Replication

Searching for a remote SLA Domain


Use the search field on the Remote SLA Domains page to find a specific remote SLA Domain or a
group of remote SLA Domains.
1. Log in to the Rubrik CDM web UI of a selected Rubrik cluster.
A local Rubrik cluster session starts on the selected Rubrik cluster.
2. On the left-side menu, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. In the search box at the top of the Remote SLA Domains page, type a text string.
The Rubrik cluster provides a list of every remote SLA Domain name that contains the search
string.

Individual remote SLA domain pages


The Rubrik cluster provides a specific page for each remote SLA Domain. A remote SLA domain is
an SLA Domain on another Rubrik cluster that uses the local Rubrik cluster as a replication target.
The remote SLA Domain page provides details about a remote SLA Domain in a set of information
cards. The remote SLA Domain page provides read-only information. To edit the properties of a
remote SLA Domain, log in to the Rubrik cluster that is the source for that SLA Domain.

Viewing the page of a remote SLA Domain


1. Log in to the Rubrik CDM web UI of a selected Rubrik cluster.
A local Rubrik cluster session starts on the selected Rubrik cluster.
2. On the left-side menu, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. On the Remote SLA Domains page, click a remote SLA Domain entry.
The page of the selected remote SLA Domain appears.

Information provided for a remote SLA Domain


Table 29 describes the information that the Rubrik cluster provides through the cards on the page
for a remote SLA Domain.
Table 29 Information provided for a remote SLA Domain (page 1 of 3)
Information card Field Description
SLA Domain Policy Quick view of the SLA rules specified by the remote SLA domain.

Rubrik CDM Version 5.0 User Guide Remote SLA Domains 173
Replication

Table 29 Information provided for a remote SLA Domain (page 2 of 3)


Information card Field Description
Take Column listing of the Hourly, Daily, Monthly, and Yearly rules of
snapshot frequency.
Keep Column listing of the Hourly, Daily, Monthly, and Yearly rules of
snapshot retention.
Backup Window (Optional) Displays the Snapshot Window setting, when the
remote SLA Domain has a Snapshot Window.
Storage Donut graph Quick view of the occupied and free space on the local Rubrik
cluster that is occupied by data associated with the selected
remote SLA Domain. Click legend entries to include or exclude
them from the graphic. The graphic always starts at the top and
runs clockwise with the segments displayed in order by size from
largest to smallest.
This domain Color-highlighted graphical indication of the portion of the total
storage space on the local Rubrik cluster that is occupied by data
associated with the selected remote SLA Domain. Hover over
This domain to highlight that section in the graphic.
Other domains Color-highlighted graphical indication of the portion of the total
storage space on the local Rubrik cluster that is occupied by data
from other SLA Domains. Hover over Other domains to highlight
that section in the graphic.
Unprotected Color-highlighted graphical indication of the portion of the total
storage space on the local Rubrik cluster that is occupied by data
from unprotected virtual machines. Hover over Unprotected to
highlight that section in the graphic.
Available Color-highlighted graphical indication of the portion of the total
storage space on the local Rubrik cluster that free. Hover over
Available to highlight that section in the graphic.
Line graph Shows the storage ramp up over time for data associated with the
selected remote SLA Domain, from 30 days to the present.
Data source Selection list to choose a type of data source. Open the list to
selection select a data source type:
• vSphere VMs
• Hyper-V VMs
• AHV VMs
• Linux & Unix Hosts
• Windows Hosts
• NAS Shares
• SQL Server DBs
• Managed Volumes
Search field Search field that permits a text string search of the names of the
selected type of data source objects that are protected by the
remote SLA Domain.

Rubrik CDM Version 5.0 User Guide Remote SLA Domains 174
Replication

Table 29 Information provided for a remote SLA Domain (page 3 of 3)


Information card Field Description
Name Names of the data source objects of the selected type.
Location Location information for the selected type of data source objects.

Remote data sources


Remote data sources are the virtual machines, databases, hosts, and NAS shares that provide the
data that is replicated to a local Rubrik cluster.
A target Rubrik cluster provides access to the replicas of remote data sources though Rubrik CDM
web UI pages that are similar to the pages provided for local data sources. The difference is that
the pages for remote data sources are read-only. Use these pages to find and work with the
replicas of the remote data sources.

Viewing a remote data source page


Access the page for a remote data source to view and work with the replicas from the remote data
source.

Note: To go directly to the page for a remote data source, type the name of the data source in the
search box on the top bar of the Rubrik CDM web UI and select the remote data source from the
results list.

1. Log in to the Rubrik CDM web UI.


2. On the left-side menu, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. In the Name column, select the name of a remote SLA Domain.
The page for the selected remote SLA Domain appears.

Rubrik CDM Version 5.0 User Guide Remote data sources 175
Replication

4. On the data source card, select a data source type.


Select from one of the following types:
• vSphere VMs
• Hyper-V VMs
• AHV VMs
• Linux & Unix Hosts
• Windows Hosts
• NAS Shares
• SQL Server DBs
• Managed Volumes
5. On the data source card, in the Name column, click the name of a data source.
For a virtual machine or a database, the remote data source page appears.
For a file system based data source, the Filesets card appears.
6. (File system data sources only) On the Filesets card, in the Name column, select the name of a
fileset.
The remote data source page appears.

Snapshots card or Recovery Points card


For a selected remote data source, the Snapshots card or Recovery Points card provides the ability
to browse and work with the replicas that reside on the local Rubrik cluster.
The card provides information through a series of calendar views. Each view uses color spots to
indicate the presence of replicas on a date. The color indicates one of the following:
 Status of compliance with the replication policy of the remote SLA Domain for the selected
remote virtual machine on the selected date.
 Consistency state of the snapshot.
 Indexing status.
Table 30 lists the colors that the card uses and describes the status that each color represents.
Table 30 Status colors used on the Snapshots card calendar views
Color Status
Green All replicas required by SLA Domain policy were successfully created.

Rubrik CDM Version 5.0 User Guide Remote data sources 176
Replication

Table 30 Status colors used on the Snapshots card calendar views


Color Status
Orange All replicas required by SLA Domain policy were successfully created but at least one replica
caused a warning.
Red At least one replica required by SLA Domain replication policy was not successfully created.

Table 31 describes the calendar views available on the Snapshots card.


Table 31 Calendar views on the Snapshots card
View Description
Year The Year view displays replica creation information for an entire year. A color spot indicator on a
specific date indicates replication activity, and displays the compliance status for the replication
policy for that day.
Month The Month view displays replica creation information for an entire month. A color spot indicator on
a specific date indicates replication activity, and displays the compliance status for the replication
policy for that day.
Day On a Snapshot card, the Day view displays the individual replicas that were created on the
selected day.
On a Recovery Points card, the Day view provides access the replicas of the available snapshots
and log backups for the database.

Working with a replica


Access a replica and perform one of the actions available for data source type.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. In the Name column, select the name of a remote SLA Domain.
The page for the selected remote SLA Domain appears.

Rubrik CDM Version 5.0 User Guide Remote data sources 177
Replication

4. On the data source card, select a data source type.


Select from one of the following types:
• vSphere VMs
• Hyper-V VMs
• AHV VMs
• Linux & Unix Hosts
• Windows Hosts
• NAS Shares
• SQL Server DBs
• Managed Volumes
5. On the data source card, in the Name column, click the name of a data source.
For a virtual machine or a database, the remote data source page appears.
For a file system based data source, the Filesets card appears.
6. (File system data sources only) On the Filesets card, in the Name column, select the name of a
fileset.
The remote data source page appears.
7. Select a date.
The Day view appears.
8. Based on the type of data source perform an available action.

Rubrik CDM Version 5.0 User Guide Remote data sources 178
Chapter 7
Archiving

This chapter provides information about archival policy, setting up archival locations, and using the
archival feature.
 Overview ............................................................................................................... 180
 Archival policy ........................................................................................................ 183
 Archival policy changes ........................................................................................... 187
 Archival location configuration ................................................................................. 190
 Amazon S3............................................................................................................. 191
 Amazon Glacier ...................................................................................................... 196
 Google Cloud Platform ............................................................................................ 201
 Microsoft Azure....................................................................................................... 204
 Object storage system ............................................................................................ 209
 NFS share .............................................................................................................. 213
 QStar tape archive .................................................................................................. 216
 Reader-writer archival model ................................................................................... 219
 Disaster recovery using an archival location .............................................................. 223
 Tests for disaster recovery using an archival location................................................. 234
 Cascading archival .................................................................................................. 235
 Archival consolidation.............................................................................................. 238
 Archival location proxy ............................................................................................ 240
 Archival lifecycle best practices ................................................................................ 243
 Archival location removal......................................................................................... 243

Rubrik CDM Version 5.0 User Guide Archiving 179


Archiving

Overview
An SLA Domain can include an archival policy that instructs the Rubrik cluster to copy protected
data to an archival location. The archival policy specifies the archival location to use, how soon
after a backup the data is copied, and how long the data is retained.
The Rubrik cluster supports the following archival location types:
 Amazon S3
 Amazon Glacier
 Google Cloud Platform
 Azure
 Object Store
 NFS
 Tape
Multiple archival locations and types can be added to a Rubrik cluster. The archival policy of an SLA
Domain can only specify one archival location but each SLA Domain can specify a different archival
location.

Archival data security


The Rubrik cluster encrypts archival data before transmitting the data to any of the supported
archival location types.
As part of the process of preparing a file for archiving, a Rubrik cluster uses an encrypted
multi-part upload to create AES-256 encrypted chunks of data.
The Rubrik cluster then encrypts (wraps) the random AES-256 key. Depending on the type of
archival location, this wrapping can use an 2048-bit RSA key that is provided when an archival
location is set up, a KMS key, or an encryption password.
The Rubrik cluster stores the wrapped AES-256 key at the archival location with the associated
encrypted data chunks.
The protocol that is used to transfer data between the Rubrik cluster and an archival location
depends upon the archive type:
 Cloud-based archival locations use the HTTPS protocol.
 Object storage systems use either HTTPS or HTTP, depending on the capabilities and
configuration of the system.
 NFS shares use UDP or TCP, depending on the configuration of the NFS host.
 QStar Archive Manager tape archives use the SMB protocol.

Rubrik CDM Version 5.0 User Guide Overview 180


Archiving

Archival location encryption keys


The Rubrik cluster requires a 2048-bit RSA key as part of the set up of an archival location on
Amazon S3, Microsoft Azure, or an object storage system. For Amazon S3, a KMS master key ID
can be used instead.
The Rubrik cluster encrypts the keys that are provided during archival set up and stores the keys
in Cassandra, a distributed database that is part of each Rubrik cluster. The Cassandra nodes for a
Rubrik cluster can only be accessed by using the RSA private key of that Rubrik cluster.

Archival workflow
Archiving data to an archival location follows a standard workflow. As one of the steps in that
workflow, the Rubrik cluster determines whether to upload an incremental or full copy of the
archival snapshot.
The following steps describe the typical sequence of tasks that a Rubrik cluster performs to satisfy
the archival policy of an SLA Domain.
1. Based on the archival policy initiate an archival task.
2. Determine the most recent existing archival snapshot from the data source.
3. Use the factors described in Table 32 to determine whether to run an Incremental upload or a
Full upload of the snapshot.
4. Check that the required space is available.
5. Prepare the metadata for the new archival snapshot.
6. Create a local copy of the archival snapshot data.
7. Upload archival snapshot data to the archival location.
8. Verify the integrity of the uploaded data.
9. When the local copy of the index file for the snapshot is ready, upload a copy of the index file
to the archival location.
10.Upload the metadata for the new archival snapshot to the archival location.
Table 32 describes the factors used by a Rubrik cluster to determine when a full upload of an
archival snapshot is required.

Rubrik CDM Version 5.0 User Guide Overview 181


Archiving

Upload of a full archival snapshot


When any one of the factors listed in Table 32 is true then the Rubrik cluster performs a full
upload.
Table 32 Factors that require upload of a full archival snapshot
Factor Description
Status Upload a full when the status of the most recent archival snapshot is corrupt or
expired.
Requirement Rubrik Support can manually trigger the upload of a full snapshot to resolve an
issue.
Archival time With Instant Archive enabled, the Rubrik cluster uploads a full snapshot when the
time between the most recent archival snapshot and the current snapshot is greater
than the default time-based threshold for uploading a full snapshot.
With Instant Archive disabled, the Rubrik cluster uploads a full snapshot when the
time between the most recent archival snapshot and the current snapshot is greater
than six times the Archival Threshold value.
The Rubrik cluster uses 30 days as the default time-based threshold for uploading a
full snapshot. This value can be modified by Rubrik Support.
Percent change rate The Rubrik cluster uploads a full snapshot when both:
• Percent change rate exceeds 100%.
• Time between the most recent full archival snapshot and the current snapshot
exceeds 15 days.
The percent change rate exceeds 100% when the following formula resolves to true:
total_bytes x 100 / last_full_bytes > 100
where:
• total_bytes is the total number of bytes stored at the archival location for all
increments of the snapshot.
• last_full_bytes is the total number of bytes in the last full archival snapshot.
The minimum time to upload value of 15 days can be configured by Rubrik Support.
Tape or Glacier A tape or Glacier archival location requires the transfer of a full snapshot each time.
archival

The percent change rate factor means that the more changes that occur in a data source the more
frequent the Rubrik cluster will upload full snapshots of that data source.
The minimum time to upload check on the percent change rate factor ensures that at least a
minimum amount of time exists between most recent archival snapshot and the current snapshot.
When a full upload is not required, the Rubrik cluster uploads an incremental with only the data
that has changed since the last snapshot.

Rubrik CDM Version 5.0 User Guide Overview 182


Archiving

Multiple archival locations


Multiple active archival locations can be configured for a Rubrik cluster. When an SLA Domain is
created or edited, any one of the available archival locations can be selected for the archiving
policy of that SLA Domain.
After configuring at least one archival location, archival policy for every existing and new SLA
Domain can be enabled and configured.
The Rubrik cluster supports a mix of multiple active archival locations of any of the supported
types.

! IMPORTANT
Even though a Rubrik cluster can upload data to multiple archival locations, each archival
location can only be associated with one Rubrik cluster. In other words, archival locations
cannot be shared by multiple Rubrik clusters for any reason.

Archival bucket exclusivity


An archival bucket can be used by only one Rubrik cluster.
Cloud-based archival locations use the following terms to identify a logical unit of storage
(bucket):
 ‘bucket’ – Amazon S3 and Google Cloud Platform
 ‘container’ – Microsoft Azure
 ‘vault’ – Amazon Glacier
A specific bucket can be used by only one Rubrik cluster. When a bucket is assigned to a Rubrik
cluster, the Rubrik cluster places restrictive permissions on the bucket that prevent other Rubrik
clusters from using the bucket. This action protects the data that is written to the bucket.

Archival policy
An archival policy defines how long to retain data within the local Rubrik cluster before moving the
data to an archival account for long term storage. Archival policy is optional for an SLA Domain.
When available, the Rubrik cluster uses an encrypted connection to transfer data to an archival
location. The Rubrik cluster deduplicates, compresses, and, when supported by the archival
location, encrypts all data that is stored at the archival location.

Rubrik CDM Version 5.0 User Guide Archival policy 183


Archiving

Instant Archive
The Instant Archive feature can be enabled to instruct the Rubrik cluster to immediately queue a
task to copy a new snapshot to a specified archival location.
When an SLA Domain has the Instant Archive feature enabled, the Rubrik cluster queues a task to
copy a snapshot to the associated archival location as soon as the snapshot is processed.
The Instant Archive feature does not change the amount of time that a snapshot is retained locally
on the Rubrik cluster. The Retention On Brik setting determines how long a snapshot is kept on the
Rubrik cluster.

Note: Instant Archive is not supported for tape archival locations or Amazon Glacier.

Configuring archival policy for an SLA Domain without Instant Archive


Configure the archival policy for an SLA Domain when creating a custom SLA Domain or when
editing an SLA domain, and do not enable Instant Archive.
Before you begin — Configure at least one archival location for the local Rubrik cluster, as
described in Archival location configuration.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify an archival policy for an SLA Domain:
• For a new custom SLA Domain, click the blue + icon and configure the other fields on the
Create New SLA Domain dialog box, as described in Creating a custom SLA Domain.
• For an existing SLA Domain, on the Local SLA Domains page, select the SLA Domain. The
properties page for the selected SLA Domain appears. Open the ellipsis menu, and select
Edit.
4. Complete the Service Level Agreement for the SLA Domain.
Creating a custom SLA Domain describes this task.
5. Click Configure Remote Settings.
The second page of the Create SLA Domain dialog box appears.
6. In Archival, click the toggle.
The archival location field and the archival policy slider become available.
7. Clear Enable Instant Archive.

Rubrik CDM Version 5.0 User Guide Archival policy 184


Archiving

8. In the archival location field, select one of the configured archival locations.
9. Complete any other changes.
For example, change the Retention On Brik setting, as described in Creating a custom SLA
Domain.
10.Click Create or Edit.
The Rubrik cluster adds the archival policy to the SLA Domain and applies it to the existing
snapshots and the new snapshots for data sources assigned to the SLA Domain.
Example 6 describes the results of an archival policy without Instant Archive.

Example 6 Archival policy without Instant Archive


Assume the following rules are specified for an SLA Domain:
• Hourly Rule – Take one snapshot every 12 hours and retain the snapshot for five days.
• Daily Rule – Retain the most recent daily snapshot for 32 days.
• Monthly Rule – Retain the most recent monthly snapshot for one year.
• Annual Rule – None specified.
• Archival policy – Retention on Brik is set to 60 days. Instant Archive is not enabled.
The Rubrik cluster transfers snapshots that are 61 days old (or older) to the archive location and
retains the archival snapshots at that location for one year from the date of the snapshot. The one
year value is the Maximum Retention Period which, in this example, is specified by the Monthly
Rule.
The local Rubrik cluster stores all relevant snapshots, as determined by the Hourly Rule and the
Daily Rule, for 60 days. After 60 days, the Rubrik cluster creates archival snapshots, stores them in
the archival account, and expires the source snapshots on the local Rubrik cluster. The Rubrik
cluster expires the archival snapshots based on the retention settings of the Daily Rule and the
Monthly Rule for the SLA Domain.

Rubrik CDM Version 5.0 User Guide Archival policy 185


Archiving

Configuring archival policy for an SLA Domain with Instant Archive


Configure the archival policy for an SLA Domain when creating a custom SLA Domain or when
editing an SLA Domain, and enable Instant Archive.
Before you begin. Configure an archival location for the local Rubrik cluster, as described in
Archival location configuration.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify an archival policy for an SLA Domain:
• For a new custom SLA Domain, click the blue + icon and configure the other fields on the
Create New SLA Domain dialog box, as described in Creating a custom SLA Domain.
• For an existing SLA Domain, on the Local SLA Domains page, select the SLA Domain. The
properties page for the selected SLA Domain appears. Open the ellipsis menu, and select
Edit.
4. Complete the Service Level Agreement for the SLA Domain.
Creating a custom SLA Domain describes this task.
5. Click Configure Remote Settings.
The second page of the Create SLA Domain dialog box appears.
6. In Archival, click the toggle.
7. In the archival policy section, select Enable Instant Archive.
With the Instant Archive feature enabled, the Rubrik cluster creates a snapshot and
immediately queues a task to transfer the associated archival snapshot to the archival location.
8. In the archival location field, select one of the configured archival locations.
9. Complete any other changes.
For example, change the Retention On Brik setting, as described in Creating a custom SLA
Domain.
10.Click Create or Edit.
The Rubrik cluster adds the archival policy to the SLA Domain and applies it to the existing
snapshots and the new snapshots for data sources assigned to the SLA Domain.

Rubrik CDM Version 5.0 User Guide Archival policy 186


Archiving

Example 7 describes the results of an archival policy with Instant Archive.

Example 7 Archival policy with Instant Archive


Assume the following rules are specified for an SLA Domain:
• Hourly Rule – Take one snapshot every 12 hours and retain the snapshot for five days.
• Daily Rule – Retain the most recent daily snapshot for 32 days.
• Monthly Rule – Retain the most recent monthly snapshot for one year.
• Annual Rule – None specified.
• Archival policy – Retention on Brik is set to 60 days. Instant Archive is enabled.
When snapshots are created, the Rubrik cluster immediately queues tasks to transfer the
associated archival snapshots to the archive location and retains the archival snapshots at that
location for one year. The one year value is the Maximum Retention Period which, in this example,
is specified by the Monthly Rule.
The local Rubrik cluster stores all relevant snapshots, as determined by the Hourly Rule, the Daily
Rule, and the Monthly Rule (day 33 through day 60), for 60 days. After 60 days, the Rubrik cluster
expires the source snapshots on the local Rubrik cluster. The Daily Rule and Monthly Rule govern
the expiration of the archival snapshots.

Archival policy changes


Editing an SLA Domain can result in a variety of changes that impact the archival policy. These
changes can impact where the Rubrik cluster stores existing snapshots and new snapshots, which
snapshots the Rubrik cluster retains for long term storage, and which snapshots the Rubrik cluster
automatically expires.
Possible changes that can impact an archival policy include:
 Archival policy disabled
 Archival policy re-enabled
 Local cluster retention period increased
 Local cluster retention period decreased
 Maximum retention period increased
 Maximum retention period decreased

Rubrik CDM Version 5.0 User Guide Archival policy changes 187
Archiving

Archival policy disabled


After the archival policy is disabled, the Rubrik cluster does not create new archival snapshots at
the archival location. Existing archival snapshots remain at the archival location and the Rubrik
cluster continues to manage the archival snapshots based on the SLA rules.
After the archival policy is disabled, the Rubrik cluster maintains the Retention on Brik setting,
when one is enabled. Otherwise, the Rubrik cluster sets the Local Cluster Retention Period to the
Maximum Retention Period. Existing local snapshots remain on the local Rubrik cluster until the
Rubrik cluster expires them based on the Maximum Retention Period.

! IMPORTANT
Disabling archival policy for an extended period, then re-enabling archival policy, can result
in a backlog that will temporarily delay the expiration of snapshots.

Archival policy re-enabled


When an archival policy is disabled and then re-enabled, all policy driven snapshots on the local
Rubrik cluster that are older than the Local Cluster Retention Period are automatically moved into
the archival account. The Rubrik cluster manages existing archival snapshots at the archival
location based on the SLA rules.

Retention on Brik period increased


When the Retention on Brik period is increased, the Rubrik cluster continues to manage existing
archival snapshots at the archival location based on the SLA rules. Existing archival snapshots are
not moved back to the local Rubrik cluster.
The Rubrik cluster keeps existing local snapshots and new policy driven snapshots on the local
Rubrik cluster for the time set by the new Retention on Brik period. When a policy driven snapshot
on the local Rubrik cluster is older than the Retention on Brik period, the Rubrik cluster moves it to
the archival location.

Retention on Brik period decreased


When the Retention on Brik period is decreased, the Rubrik cluster moves existing local snapshots
that are older than the new Retention on Brik period to the archival location. The Rubrik cluster
also applies the decreased Retention on Brik period to all new policy driven snapshots.
Archival snapshots remain at the archival location and the Rubrik cluster manages those archival
snapshots based on the SLA rules.

Rubrik CDM Version 5.0 User Guide Archival policy changes 188
Archiving

Maximum Retention Period increased


Changes to the SLA rules can cause an automatic increase in the Maximum Retention Period.
When this happens, the Rubrik cluster applies the new higher Maximum Retention Period to all
archival snapshots at the archival location and the Rubrik cluster continues to manage the archival
snapshots based on the SLA rules.

Maximum Retention Period decreased


Changes to the SLA rules can cause an automatic decrease in the Maximum Retention Period.
When this happens, the Rubrik cluster applies the new lower Maximum Retention Period to all
existing policy driven snapshots. The Rubrik cluster automatically expires local snapshots when
the snapshots are not required in order to remain in compliance with the new policy.
The Rubrik cluster automatically expires snapshots from the local Rubrik cluster, replicas at the
target Rubrik cluster, and archival snapshots at the archival location as needed to comply with the
new Maximum Retention Period.

Archival Locations page


Use the Archival Locations page to add, edit, disconnect, and deleted archival locations. The
Archival Locations page provides summary information about the archival locations that are
configured for the local Rubrik cluster.

Viewing the Archival Locations page


Use the Archival Locations page to work with the archival locations of the local Rubrik cluster.
1. In the Rubrik CDM web UI, on the top action bar, click the gear icon.
2. On the menu, select Archival Locations.
The Archival Locations page appears and provides two sections of information:
• Active Archive
• Archival Locations

For Active Archive section


The for Active Archive section of the Archival Locations page provides historical information about
network bandwidth consumption due to archiving activity.
A line chart displays the network bandwidth consumption, for the previous 24 hours, in a multiple
of bits per second. The chart combines all bandwidth consumption for active archival locations.

Rubrik CDM Version 5.0 User Guide Archival Locations page 189
Archiving

Archival Locations section


The Archival Locations section of the Archival Locations page provides information cards for each
of the archival locations that is configured for the local Rubrik cluster.
Table 33 describes the information that is provided by an archival location card. The archival
location card does not have a field label for the name field and the status field. The name field is
at the top of the card and the status field is the first field beneath the name.
Table 33 Information provided on an archival location card
Field Description
Name Reference name for the archival location. The Rubrik cluster uses a default
generated name unless a custom name is configured.
Status Current status of the archival location. The status is either:
• Read/Write – Available for archival write and archival read operations.
• Read Only – Available for archival read operations only.
Data Archived Total amount of data transmitted to the archival location.
Data Downloaded Total amount of data received from the archival location.
Objects Archived Total number of protection objects that have at least one archival snapshot
stored at the archival location.

Archival location configuration


Configure the Rubrik cluster to support a specific archival location by providing the requested
archive-specific information.
The following sections address set up of specific types of archives:
 Amazon S3
 Amazon Glacier
 Google Cloud Platform
 Microsoft Azure
 Object storage system
 NFS share
 QStar tape archive

Rubrik CDM Version 5.0 User Guide Archival location configuration 190
Archiving

Archival location display name


When creating or editing an archival location, assign a display name or allow the Rubrik cluster to
generate a name. The archival location display name appears when adding or editing an SLA
Domain and on the Archival Locations page.
After a bucket or container name is added to an archival location, the Rubrik cluster automatically
generates a display name for the archival location. The generated name combines the short form
for the archive type and the bucket or container name. For example, for an Amazon S3 archive
with a bucket named ‘region-6’ the Rubrik cluster generates the display name ‘S3:region-6’ and
adds that name to the Archival Location Name field.
The generated display name can be accepted or a new display name can be typed into the
Archival Location Name field. The value in this field appears when adding or editing an SLA
Domain and in the heading portion of the card for the archival location on the Archival Locations
page. The generated name always appears on the second line of the card for the archival location.

Amazon S3
The Rubrik cluster supports Amazon S3 as an archival location with data encryption provided by an
RSA key.
An Amazon S3 archival location can be configured to use one of the following storage classes:
 Standard
 Standard Infrequent Access
 Reduced Redundancy
The storage class can be edited after the archival location is added. The Rubrik cluster applies the
new storage class to data that is archived after a change.
Refer to Amazon's S3 documentation for more information about storage classes and the Amazon
pricing structure.

Rubrik CDM Version 5.0 User Guide Amazon S3 191


Archiving

Adding an Amazon S3 archival location


Prepare to use an Amazon S3 archival location by providing the Rubrik cluster with Amazon S3
keys and connection information.
Before you begin — Complete the tasks described in Generating an RSA key and Preparing to use
Amazon S3 as an archival location.

! IMPORTANT
After successfully completing the following task, only the access key ID, the secret key, and
the storage class can be changed. Confirm all information before starting the task, and
check the provided information before finalizing the task.

1. Log in to the Rubrik CDM web UI.


2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click the blue + icon.
The Add Archival Location dialog box appears.
5. In Archival Type, select Amazon S3.
The Amazon S3 archival location fields appear.
6. In Region, select an Amazon S3 region for the bucket.
7. In Storage Class, select one of the following:
• One Zone - Infrequent Access
• Reduced Redundancy
• Standard
• Standard - Infrequent Access
8. In AWS Access Key, paste an access key ID.
9. In AWS Secret Key, paste the associated secret key.
10.In AWS Bucket Name, type the name for the Amazon S3 bucket to use with the Rubrik
cluster.
The bucket name must comply with the guidelines provided by Amazon for DNS-compliant
bucket names. For information refer to:

Rubrik CDM Version 5.0 User Guide Amazon S3 192


Archiving

http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html
11.In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
12.In Encryption Type, select RSA Key.
13.In RSA Key, paste the RSA key for encrypting data for the selected region.

! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.

14.(Optional) In KMS Master Key, paste the KMS master key.

! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.

15.Click Advanced Settings.


The Advanced Settings page appears with the Cloud Compute Settings menu selected.
Configuring cloud compute settings is required in order for Rubrik cluster to launch a
temporary Rubrik instance on the cloud.
16.In Virtual Network ID, copy and paste the resource ID of the virtual network.
17.In Subnet ID, copy and paste the name of the virtual network.
18.In Security Group ID, copy and paste the name of the network security group.
19.(Optional) Check Enable Archive Consolidation to use archival consolidation.
20.Click Save.
21.To configure archival proxy settings, click Archival Proxy Settings.
If configured, all backup or restore data and metadata pertaining to an archival location is
transferred via the archival proxy.
22.In Protocol, select a protocol.
23.In Proxy Server (IP or FQDN), type the archival proxy server IP address or FQDN.
24.In Port Number, type the port number of the archival proxy server.
25.In Username, type the username for the archival proxy server.
26.In Password, type the password of the archival proxy server.

Rubrik CDM Version 5.0 User Guide Amazon S3 193


Archiving

27.Click Save.
28.To configure compute proxy settings, click Compute Proxy Settings.
If configured, all API calls for instantiating a virtual machine on the archival location is routed
over the compute proxy.
29.In Protocol, select a protocol.
30.In Proxy Server (IP or FQDN), type the compute proxy server IP address or FQDN. network.
31.In Port Number, type the port number of the compute proxy server.
32.In Username, type the username for the compute proxy server.
33.In Password, type the password of the compute proxy server.
34.Click Save.
The Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information.

Editing the Amazon S3 Archive Location Configuration or Settings


Provide more security for the archived data by regularly changing the Amazon S3 access key ID
and secret key. Also, when necessary, change the storage class that the Rubrik cluster uses for
data that is archived after the change and change the display name. When necessary, change the
cloud compute settings for the Rubrik cluster.
Before you begin — When changing the access key ID and the secret key, first use the IAM
console to change the access key ID and secret key assigned to the Rubrik cluster by Amazon S3.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu.
5. Select Edit.
The Edit Archival Location dialog box appears.
6. (Optional) In AWS Access Key and AWS Secret Key, add the new access key ID and secret
key.
7. (Optional) In Archival Location Name, type a new display name for the archival location.
8. (Optional for CloudOn) Click Advanced Settings.

Rubrik CDM Version 5.0 User Guide Amazon S3 194


Archiving

The Advanced Settings page appears with the Cloud Compute Settings menu selected.
Configuring cloud compute settings is required in order for Rubrik cluster to launch a
temporary Rubrik instance on the cloud.
9. (Optional for CloudOn) In Virtual Network ID, copy and paste the resource ID of the virtual
network.
10.(Optional for CloudOn) In Subnet ID, copy and paste the name of the virtual network.
11.(Optional for CloudOn) In Security Group, copy and paste the name of the network security
group.
12.Click Save.
13.(For CloudOn) To configure archival proxy settings, click Archival Proxy Settings.
If configured, all backup or restore data and metadata pertaining to an archival location is
transferred via the archival proxy.
14.(For CloudOn) In Protocol, select a protocol.
15.(For CloudOn) In Proxy Server (IP or FQDN), type the archival proxy server IP address or
FQDN.
16.(For CloudOn) In Port Number, type the port number of the archival proxy server.
17.(For CloudOn) In Username, type the username for the archival proxy server.
18.(For CloudOn) In Password, type the password of the archival proxy server.
19.Click Save.
20.(For CloudOn) To configure compute proxy settings, click Compute Proxy Settings.
If configured, all API calls for instantiating a virtual machine on the archival location is routed
over the compute proxy.
21.(For CloudOn) In Protocol, select a protocol.
22.(For CloudOn) In Proxy Server (IP or FQDN), type the compute proxy server IP address or
FQDN. network.
23.(For CloudOn) In Port Number, type the port number of the compute proxy server.
24.(For CloudOn) In Username, type the username for the compute proxy server.
25.(For CloudOn) In Password, type the password of the compute proxy server.
26.Click Save.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.

Rubrik CDM Version 5.0 User Guide Amazon S3 195


Archiving

Amazon Glacier
The Rubrik cluster supports Amazon Glacier as an archival location.
Amazon Glacier is an extremely low-cost cold storage service intended for long-term (months and
years) storage of large amount of very infrequently-accessed data. The following are major
characteristics and differences compared to the Amazon S3 storage service.
 Glacier works with vaults similar to buckets in Amazon S3.
 Glacier manages archives whereas Amazon S3 manages objects.
 Users upload objects to Amazon S3 (and other object stores) and specify the names (which can
be full path names) for these objects, which can later be used to query and download these
objects. Users upload archives to Glacier and cannot specify names for these archives. On a
successful upload, Glacier assigns a unique archiveId to an archive and returns it to the user. It
is user's responsibility to track this archiveId for each archive uploaded.
 Glacier allows adding description to each archive which is used to track additional information
(like the archive's name on the cluster).
 Glacier archives are immutable. Once uploaded, they cannot be modified.
 Glacier does not support synchronous instantaneous downloads of archives. Glacier supports
only asynchronous retrieval of archives, where user first submits a job to retrieve an archive
and then downloads the archive when it's ready for retrieval.
 Glacier supports three levels of retrieval tiers, which determine how long it can potentially take
for archives to be ready for download. This wait can be from minutes to hours depending on
the retrieval tier chosen.
 Glacier supports Vault Lock Policy for vaults. Once applied, the archives in the vault are
protected and cannot be deleted based on the policy.
 Glacier does not support synchronous query to list all archives (similar to listObjects in Amazon
S3). User first submits a job to retrieve vault inventory and then downloads the inventory
information when ready.
 Glacier vault cannot be deleted unless it is empty.

Note: Refer to Amazon's Glacier documentation for more information about storage classes and
the Amazon pricing structure.

Rubrik CDM Version 5.0 User Guide Amazon Glacier 196


Archiving

Amazon Glacier as an Archival Target


Adding a Glacier archival location is similar to adding other types of archival locations.
Table 34 describes the parameters needed to be specified when adding a new Glacier location.
Table 34 Glacier archival parameters
Field Description Additional Information
Name Glacier location name. Can be edited after initial configuration.
AccessKey Glacier user account access key. Can be edited after initial configuration.
SecretKey Glacier user account secret key. Can be edited after initial configuration.
VaultName Glacier Vault to use for this Cannot be edited after initial configuration.
archival location.
Region AWS Region for the Glacier Vault. Cannot be edited after initial configuration.
EncryptionPassword Password to use for encrypting Cannot be edited after initial configuration.
data before sending to Glacier.
This password must be stored
safely as disaster recovery cannot
be performed without this
password.
EnableVaultLock Enable this flag to enable vault You can enable a Vault Lock after the initial
lock on this Glacier vault. configuration. You cannot disable a Vault
Lock once it has been configured.
FileLockDuration Lock duration in days if Vault Lock Can be specified only at the time of
is being enabled. enabling the Vault Lock. Once applied, this
value cannot be changed.
RetrievalTier Retrieval Tier to use when Can be edited after initial configuration.
downloading data from Glacier.

Glacier upload operations


Glacier upload operations have the following characteristics:
 Glacier uploads are synchronous similar to Amazon S3 and other archival targets.
 Glacier refers to uploaded objects as archives.
 Glacier supports native multi-part upload. Large archives are uploaded in parts using
multi-threaded approach.
 After the upload of an archive is successfully completed, Glacier returns an Archive ID for that
archive. The Archive ID is a random unique number generated by Glacier.
 Only full snapshot uploads are supported because of the retrieval mechanism. Incremental
snapshots are not supported.

Rubrik CDM Version 5.0 User Guide Amazon Glacier 197


Archiving

Glacier retrieval/download operations


The Glacier archive download is a multi-step activity.
1. Initiate a download request specifying the archive ID to download. This will return a job id of
the submitted request.
2. Poll using the job ID to check when the job is ready for download. This can take from a few
minutes to several hours depending on the retrieval tier specified when initiating the request.
3. Download the archive. Once an archive is available, it can be downloaded all at once, or in
chunks.
Rubrik only supports retrieval of the entire archive snapshot.
Glacier supports three types of retrieval tiers, providing users with trade off choices between cost
and time to download.

Glacier Vault Lock operations


Glacier supports Vault Lock Policy to deploy and enforce compliance controls for data retention on
a per-vault basis. This policy controls the time duration when an archive cannot be deleted.
The following is supported for managing vault lock policy on Glacier archival locations:
• Support only age-based vault lock policy. User can specify the duration for which all archives
on the vault must be locked. All archives older than this age can be deleted.
• Support enabling vault lock policy at time of adding a Glacier archival location.
• Support enabling vault lock policy for an existing Glacier archival location.
• Once vault lock policy is enabled (initiated) in either ADD or EDIT path mentioned above,
the location card in the UI will show a running top bar to indicate something is in progress.
• A new option "Verify Vault Lock Policy" is added in the drop down menu of the card. When
selected, it will ask user to either ABORT or CONFIRM vault lock.
• Disconnect a Glacier location with vault lock policy enabled.
Setting up a vault lock policy is a multi-step operation:
1. Initiate Vault Lock Policy: Initiate a request to set up a lock policy on an existing vault. If
successful, Glacier activates the specified policy for a duration of 24 hours and returns a Lock
ID.
2. Validate and/or Abort Lock Policy: Validate that the policy is set up as expected, and is what
you really need. If not, Abort the in-progress temporary lock policy using the Lock ID.
3. Complete Vault Lock Policy: Complete and confirm the setting up of the vault lock policy within
24 hour window. Once completed successfully, the vault lock policy cannot be changed or
deleted from the vault.

Rubrik CDM Version 5.0 User Guide Amazon Glacier 198


Archiving

4. Assign a Glacier location with vault lock policy to an SLA Domain.

! IMPORTANT
Deletion of a Glacier location with vault lock policy enabled is not supported if there are any
snapshots protected by the vault lock policy.

Do not manage the vault lock policy directly from the Amazon Glacier management console for
vaults used as an archival target from Rubrik cluster. It can create inconsistency and unexpected
results.

Adding Amazon Glacier as an archival location


Configure a Rubrik cluster to use Amazon Glacier as the archival location.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click the blue + icon.
The Add Archival Location dialog box appears.
5. In Archival Type, select Glacier.
The Add Archival Location dialog box changes to show the Glacier fields.

Note: See Table 34 for additional information on Glacier Archival fields.

6. In Region, select an Amazon Glacier region for the archive.


7. In Access Key, type the access key for the Amazon Glacier account.
8. In Secret Key, type the secret key for the Amazon Glacier account.
9. In Glacier Vault Name, type the name of the Glacier Vault to use for the archive. If the vault
does not exist, it will be created.
10.In Archival Location Name, accept the default name or type a new name for the archival
location.
11.In Encryption Password, type the encryption password to recover the Glacier archive.

Rubrik CDM Version 5.0 User Guide Amazon Glacier 199


Archiving

12.In Re-Enter Encryption Password, type the encryption password to recover the Glacier
archive.

! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.

13.In Retrieval Tier, select the Amazon Glacier retrieval tier.


You can select from:
• Standard
• Expedited
• Bulk
14.In Enable Vault Lock Policy select whether Vault Lock Policy is enabled or disabled.

Note: See Glacier Vault Lock operations for additional information on using Vault Lock Policy.

15.If Enable Vault Lock Policy is configured, set File Lock Period (days).
16.Click Add.
If Vault Lock Policy is not enabled, the archival location card will appear with a solid bar across
the top of the card.
If Vault Lock Policy is enabled, the archival location card will appear with moving bar across the
top of the card.
17.(optional) If Vault Lock Policy is enabled, open the ellipsis menu on the archival location card
and select Verify Vault Lock Policy.

Note: If you do not verify Vault Lock Policy within 24 hours, it will be automatically canceled.

A Confirm Vault Lock dialog box appears.


18.(optional) Click Confirm.

Rubrik CDM Version 5.0 User Guide Amazon Glacier 200


Archiving

Google Cloud Platform


The Rubrik cluster supports Google Cloud Platform as an archival location.
Google Cloud Storage is a unified object storage solution offering four storage classes. Each
storage class fits a particular use case with different price points and SLA. The four storage classes
are:
 Multi-regional storage
 Regional storage
 Nearline storage
 Coldline storage
Rubrik supports all Google Cloud Platform Regional and Multi-Regional locations. A regional
location is a specific geographic place somewhere in the world.

Note: Refer to Google's Cloud Platform documentation for more information about storage classes
and the Google pricing structure.

Google Cloud Platform as an Archival Target


Adding a Google Cloud Platform archival location is similar to adding other types of archival
locations.
Table 35 describes the parameters needed to be specified when adding a new Google Cloud
Platform location.
Table 35 Google Cloud Platform archival parameters
Field Description Additional Information
Region Region for Google Cloud Platform Cannot be edited after initial configuration.
bucket,
Storage Class The storage class specified for the Cannot be edited after initial configuration.
Google Cloud Platform. The
options include:
• Standard
• Durable Reduced Availability
• Nearline
• Coldline
Bucket Bucket created for use as Rubrik Cannot be edited after initial configuration.
archival target.

Rubrik CDM Version 5.0 User Guide Google Cloud Platform 201
Archiving

Table 35 Google Cloud Platform archival parameters


Field Description Additional Information
EncryptionPassword and Password to use for encrypting Cannot be edited after initial configuration.
Re-Enter Encryption data before sending to Google
Password Cloud Platform. This password
must be stored safely as disaster
recovery cannot be performed
without this password.
Archival Location Name Descriptive name for the archival Can be edited after initial configuration.
location. By default this is
configured
as"GCP:<BucketName>".
This field can be edited to any
name.
Service Account JSON Private JSON key for the service Copy and past the contents of this file. It is
Key account. required for the Rubrik archival
configuration.

Adding Google Cloud Platform as an archival location


Configure a Rubrik cluster to use Google Cloud Platform as the archival location.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click the blue + icon.
The Add Archival Location dialog box appears.
5. In Archival Type, select Google Cloud Platform.
The Add Archival Location dialog box changes to show the Google Cloud Platform fields.

Note: See Table 35 for additional information on Google Cloud Platform fields.

6. In Region, select a Regional or Multi-regional location which will host the archival data.
• Regional locations - Data is stored in one bucket in a single geographic location within the
specified region.
• Multi-regional locations - Data is geo-redundant and data is stored in multiple geographic
locations.

Rubrik CDM Version 5.0 User Guide Google Cloud Platform 202
Archiving

7. In Storage Class, Rubrik will create a bucket with the appropriate Storage Class.
• Standard uses Regional or Multi-regional storage class based on the selection in the
previous field.
• Durable Reduced Availability is a legacy Storage class that is now superseded by Regional
class.
8. In Bucket, enter the bucket name.
• The bucket name needs to be unique across Google Cloud Platform.
• The bucket name can correspond to an existing bucket can be created through the Rubrik
CDM (recommended).
9. In Encryption Password, type the encryption password to recover the Google Cloud Platform
archive.
10.In Re-Enter Encryption Password, type the encryption password to recover the Google
Cloud Platform archive.

! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.

11.In Archival Location Name, accept the default archival location name or specify a custom
name.
12.In Service Account JSON Key, paste the contents of the JSON file obtained from Google
Cloud Platform.
13.Click Add.
The Archival Location can now be assigned to SLA Domains.

Rubrik CDM Version 5.0 User Guide Google Cloud Platform 203
Archiving

Microsoft Azure
The Rubrik cluster supports Microsoft Azure as an archival location.
Before you begin. Complete the tasks described in Preparing Microsoft Azure as an archival
location.

! IMPORTANT
Microsoft Azure has a 500 TB data storage limit for each container and for each storage
account. Plan archival usage to ensure that the data storage requirements for any single
container and storage account do not exceed this limit.

Adding Microsoft Azure as an archival location


Configure a Rubrik cluster to use Microsoft Azure as the archival location.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click the blue + icon.
The Add Archival Location dialog box appears.
5. In Archival Type, select Azure.
The Add Archival Location dialog box changes to show the Azure fields.
6. In Storage Account Name, type the name of a Microsoft Azure account.
7. In Access Key, type the access key for the Microsoft Azure account.
8. In Container, type the name to be assigned to the container.
Azure restricts the name based on the following rules:
• The name must be from 3 to 63 characters long.
• The name must start with a lowercase letter or a number.
• All letters must be lowercase.
• The name can only contain lowercase letters, numbers, and the hyphen character.
• Each hyphen must be immediately proceeded by and immediately followed by a lowercase
letter or a number. Consecutive hyphens are not allowed.

Rubrik CDM Version 5.0 User Guide Microsoft Azure 204


Archiving

9. In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
10.In Instance Type, select the Cloud Platform type of this archival location.
Select one of the following:
• Azure Default – All regions except: China, India, and Azure Government.
• Azure Government – Regions: US Gov Iowa and US Gov Virginia.
• Azure China – Regions: China North and China East.
• Azure Germany – Germany.
11.In RSA Key, paste the RSA key.
The Rubrik cluster uses the RSA key to encrypt the archived data.

! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.

12.(For CloudOn) Click Advanced Settings.


The Advanced Settings page appears with the Cloud Compute Settings menu selected.
Configuring cloud compute settings is required in order for Rubrik cluster to launch a
temporary Rubrik instance on the cloud.
13.(For CloudOn) In Import JSON, paste the text generated in the JSON output file.
When the user runs the rkazurecli_cloud_on.ps1 script, the script generates a JSON output file
with the App Id, App Secret Key, Tenant Id, Subscription, Region, General Purpose Storage
name, General Purpose Storage Container Name, Resource Group name, Virtual Network ID,
Subnet ID, and Security Group name, as described in Configuring Azure Objects.
The Rubrik cluster imports these values from the JSON output file and auto-fills these values on
the Rubrik Rubrik CDM web UI page.
14.(For CloudOn) Click Save.
15.(For CloudOn) To configure archival proxy settings, click Archival Proxy Settings.
If configured, all backup or restore data and metadata pertaining to an archival location is
transferred via the archival proxy.
16.(For CloudOn) In Protocol, select a protocol.
17.(For CloudOn) In Proxy Server (IP or FQDN), type the archival proxy server IP address or
FQDN.

Rubrik CDM Version 5.0 User Guide Microsoft Azure 205


Archiving

18.(For CloudOn) In Port Number, type the port number of the archival proxy server.
19.(For CloudOn) In Username, type the username for the archival proxy server.
20.(For CloudOn) In Password, type the password of the archival proxy server.
21.Click Save.
22.(For CloudOn) To configure compute proxy settings, click Compute Proxy Settings.
If configured, all API calls for instantiating a virtual machine on the archival location is routed
over the compute proxy.
23.(For CloudOn) In Protocol, select a protocol.
24.(For CloudOn) In Proxy Server (IP or FQDN), type the compute proxy server IP address or
FQDN. network.
25.(For CloudOn) In Port Number, type the port number of the compute proxy server.
26.(For CloudOn) In Username, type the username for the compute proxy server.
27.(For CloudOn) In Password, type the password of the compute proxy server.
28.Click Save.
The Rubrik cluster stores the information.
To configure additional Microsoft Azure settings, use the Azure portal.

Editing the Microsoft Azure account name and account key


Provide more security for the archived data by regularly changing the account key for the
Microsoft Azure account. Also, when necessary, edit the account name or display name.
Before you begin — Change the account key assigned to the Microsoft Azure account being used
by the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu.
5. Select Edit.
The Edit Archival Location dialog box appears.
6. (Optional) In Storage Account Name, type a new account name.

Rubrik CDM Version 5.0 User Guide Microsoft Azure 206


Archiving

7. In Access Key, type the new access key.


8. In Archival Location Name, type a new display name for the archival location.
9. (Optional for CloudOn) Click Advanced Settings.
The Advanced Settings page appears with the Cloud Compute Settings menu selected.
Configuring cloud compute settings is required in order for Rubrik cluster to launch a
temporary Rubrik instance on the cloud.
10.(Optional for CloudOn) In App ID, type a new application ID.
11.(Optional for CloudOn) In App Secret Key, copy and paste the application secret key.
12.(Optional for CloudOn) In Tenant ID, type a new tenant ID.
13.(Optional for CloudOn) In Subscription, select a new subscription.
14.(Optional for CloudOn) In Region, select a new region.
15.(Optional for CloudOn) In General Purpose Storage, select a new general purpose storage.
16.(Optional for CloudOn) In General Purpose Storage Container Name, select a new
general purpose storage container name.
17.(Optional for CloudOn) In Resource Group, type a new resource group name.
18.(Optional for CloudOn) In Virtual Network ID, type a new virtual network ID.
19.(Optional for CloudOn) In Subnet ID, type a new subnet ID.
20.(Optional for CloudOn) In Security Group, type a new security group name.
21.(For CloudOn) Click Save.
22.(For CloudOn) To configure archival proxy settings, click Archival Proxy Settings.
If configured, all backup or restore data and metadata pertaining to an archival location is
transferred via the archival proxy.
23.(For CloudOn) In Protocol, select a protocol.
24.(For CloudOn) In Proxy Server (IP or FQDN), type the archival proxy server IP address or
FQDN.
25.(For CloudOn) In Port Number, type the port number of the archival proxy server.
26.(For CloudOn) In Username, type the username for the archival proxy server.
27.(For CloudOn) In Password, type the password of the archival proxy server.
28.(For CloudOn) Click Save.
29.(For CloudOn) To configure compute proxy settings, click Compute Proxy Settings.

Rubrik CDM Version 5.0 User Guide Microsoft Azure 207


Archiving

If configured, all API calls for instantiating a virtual machine on the archival location is routed
over the compute proxy.
30.(For CloudOn) In Protocol, select a protocol.
31.(For CloudOn) In Proxy Server (IP or FQDN), type the compute proxy server IP address or
FQDN. network.
32.(For CloudOn) In Port Number, type the port number of the compute proxy server.
33.(For CloudOn) In Username, type the username for the compute proxy server.
34.(For CloudOn) In Password, type the password of the compute proxy server.
35.Click Save.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
The Rubrik cluster stores the updated information.
To configure additional Microsoft Azure settings, use the Azure portal.

Rubrik CDM Version 5.0 User Guide Microsoft Azure 208


Archiving

Object storage system


The Rubrik cluster supports using an object storage system as an archival location.
The Rubrik cluster supports the object storage system types described in Table 36.
Table 36 Object storage system vendor choices
Object Store Vendor Description
Amazon S3 API Compatible Object storage systems that are compatible with the Amazon S3 API.
This vendor type includes:
• Cleversafe object storage system
• Cloudian HyperStore
• Basho Riak S2
• Internet Initiative Japan (IIJ) GIO Drive
HDS Hitachi Data Systems (HDS) systems:
• Hitachi Content Platform (HCP) Access Storage Node
• Economy Storage Node
• HCP VM Access Storage Node

Note: Rubrik does not support HDS systems with the HDS server-side
encryption enabled.

HDS systems have a 2 TB limit on file size and do not support multi-part
uploads.
Scality Scality object storage system.
Scality has some limitations on file listing capabilities that prevent full
Amazon S3 API compatibility.

Host Name value


The Rubrik cluster contacts the object storage system by using the information provided in the
Host Name field.
The value provided in the Host Name field of the Add Archival Location dialog box must be a URL
that includes:
 Protocol, either HTTPS or HTTP
 Resolvable hostname or IPv4 address
Optionally, the URL can include a port designation to indicate the port that the objects storage
system listens on.

Rubrik CDM Version 5.0 User Guide Object storage system 209
Archiving

Adding an object storage system as an archival location


Configure a Rubrik cluster to use an object storage system as the archival location.
Before you begin. Do the following:
 For a Cleversafe object storage system, complete the tasks described in Preparing Cleversafe
as an archival location.
 For Scality object storage, complete the tasks described in Preparing Scality as an archival
location.
 For all object storage systems, generate an RSA key for the Rubrik cluster to use when
encrypting the archival data, as described in Generating an RSA key.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click the blue + icon.
The Add Archival Location dialog box appears.
5. In Archival Type, select Object Store.
The Add Archival Location dialog box changes to show the object storage system fields.
6. In Object Store Vendor, select one of the following:
• S3 API Compatible Object Store
• HDS
• Scality
7. In Access Key, type the access key for the object storage system account.
8. In Secret Key, type the secret key for the object storage system account.

Rubrik CDM Version 5.0 User Guide Object storage system 210
Archiving

9. In Host Name, type the URL of the object store endpoint.


The URL must include a protocol, either HTTP or HTTPS, and optionally can include a port
designation:
http://<hostname>:<port>
https://<hostname>:<port>
where:
• <hostname> is the resolvable hostname of the object storage system or IPv4 address.
• <port> is the incoming port that the object storage system listens on to receive an archival
connection.
10.In Bucket Prefix, type a prefix to use for naming the buckets.
The Bucket Prefix value cannot contain uppercase letters.
The Rubrik cluster uses the Bucket Prefix value as the common first part of the names for the
buckets assigned to the Rubrik cluster.
For example, when the value of Bucket Prefix is datacenter-1 and the value of Number of
Buckets is 3, the Rubrik cluster creates and uses the following three buckets at the archival
location:
• datacenter-1-rubrik-0
• datacenter-1-rubrik-1
• datacenter-1-rubrik-2

Note: When the provided credentials do not have bucket creation permissions, use the object
storage system management console to manually create the required buckets before
completing this task.

11.In Number of Buckets, type the number of buckets assigned to the Rubrik cluster.
Type an integer value that is greater than or equal to one.
12.In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.

Rubrik CDM Version 5.0 User Guide Object storage system 211
Archiving

13.In RSA Key, paste the RSA key.


The Rubrik cluster uses the RSA key to encrypt the archived data.
Store the RSA key in a safe location.

! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.

14.Click Add.
The Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information.

Editing the object storage system access key and secret key
Provide more security for the archived data by regularly changing the access key and secret key
for the object storage system. Also, when necessary, edit the display name.
Before you begin. On the object storage system, change the access key and secret key assigned to
the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu.
5. Select Edit.
The Edit Archival Location dialog box appears.
6. (Optional) In Access Key, type the new access key.
7. (Optional) In Secret Key, type the new secret key.
8. (Optional) In Archival Location Name, type a new display name.
9. Click Edit.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.

Rubrik CDM Version 5.0 User Guide Object storage system 212
Archiving

NFS share
The Rubrik cluster supports using an NFS share, or an EMC Isilon NFS share, as an archival
location.

Adding an NFS archival location


Configure a Rubrik cluster to use an NFS share as the archival location.
Before you begin — Complete the following preparation tasks:
 For an NFS share other than an EMC Isilon NFS share, complete the tasks described in
Preparing to use an NFS share as an archival location.
 For an NFS share from an EMC Isilon, complete the tasks described in Preparing an Isilon NFS
share as an archival location.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click the blue + icon.
The Add Archival Location dialog box appears.
5. In Archival Type, select NFS.
The Add Archival Location dialog box changes to show the NFS fields
6. In Host Name, type the resolvable hostname or IP address of the NFS share host.
7. In Export Directory, type the absolute path of the export directory configured in /etc/exports
on the NFS share host, or in the Isilon OneFS UI.
For example, type: /export/RubrikArchive.

! IMPORTANT
The folder specified in the next step must be empty, or only contain files that were
written by the Rubrik cluster. Any other data in the folder will be overwritten by archival
data.

Rubrik CDM Version 5.0 User Guide NFS share 213


Archiving

8. In Destination Folder Name, type the name of the target folder beneath the NFS mount
point.
Use the folder name, not the full path. For example, type Cluster1 when the full path is
/export/RubrikArchive/Cluster1.
9. In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.

! IMPORTANT
The value provided in the next step, for Encryption Password, must be safely stored and
kept secure. If the source Rubrik cluster becomes unavailable for any reason, decryption
of the archival data by a second Rubrik cluster requires the password. Without the
password, the archival data cannot be recovered.

10.In Encryption Password, type a complex password.


The Rubrik CDM web UI rejects a password that is too easy to guess.
The Rubrik cluster uses the password to encrypt the archival data, as explained in Archival data
security.
11.In Re-Enter Encryption Password, type the same password.
12.In Authentication Type, select either: None or Kerberos.
For an NFS share from an EMC Isilon, select Kerberos.
13.In File Lock Period in Days, type a positive integer, or 0.
This value sets the Write Once Read Many (WORM) lock on every file that the Rubrik cluster
writes to the archival location. The default value is 0 (no WORM lock).
14.Click Add.
The Rubrik cluster tests the connection information and, after a successful test, stores the
connection information.

Rubrik CDM Version 5.0 User Guide NFS share 214


Archiving

Editing an NFS archival location


When changes to the NFS archival location occur, edit the configuration information to update the
settings.
Use the edit task to modify the settings of an existing NFS archival location. Do not use the task to
add a new NFS share as an archival location.
To add a new NFS share as an archival location, complete the tasks described in Adding an NFS
archival location. Adding a new archival location causes the Rubrik cluster to move the existing
archival location to READ-ONLY status and retain read access to the data.

! IMPORTANT
Do not edit the connection information for an NFS archival location to point to a new export.
This will cause data corruption and data unavailability.

1. Log in to the Rubrik CDM web UI.


2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu.
5. Select Edit.
The Edit Archival Location dialog box appears.
6. (Optional) In Host Name, type the new resolvable hostname or IP address of the NFS share
host.
The hostname or IP address must point to the existing NFS share. Only modify this when the
hostname or IP address of the existing NFS share is changed.
7. (Optional) In Export Directory, type the new absolute path of the export directory configured
in /etc/exports, or in the Isilon OneFS UI.
The new absolute path must point to the original destination folder. Only modify this when the
path to the destination folder is changed.
8. (Optional) In Archival Location Name, type a new display name for the archival location.
9. (Optional) In Authentication Type, select either: None or Kerberos.
10.(Optional) In File Lock Period in Days, type a positive integer, or 0.
A change to the WORM lock setting only applies to data written after the change is made.

Rubrik CDM Version 5.0 User Guide NFS share 215


Archiving

11.Click Edit.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.

QStar tape archive


The Rubrik cluster supports archiving to tape through a QStar Integral Volume set.
The Rubrik cluster features the ability to mount a QStar Integral Volume set as an archival
location. This provides the ability to store archival data in a tape library that is managed by the
QStar Archive Manager software.
The Rubrik cluster uses the SMB/CIFS protocol to mount an exported Integral Volume set. To
archive to a tape location, the Rubrik cluster writes the archival data to the cache of the specified
Integral Volume set. This provides performance similar to writing to a disk.
After the data is written to the Integral Volume set cache, the QStar Archive Manager handles the
cache data and manages the transfer of the data to and from the tape library.

Shared Integral Volume set


Several archival locations can be configured to share a single Integral Volume set and tape library.
When a Rubrik cluster mounts the Integral Volume set that is specified when a tape archival
location is added, it creates a folder beneath the mount point. The folder represents the bucket for
the associated archival location. A single Integral Volume set can have several archival locations
associated with it. Each with a uniquely named folder beneath the mount point.
This method permits several archival locations to share the tape media of the library.

QStar Host Name value


The Rubrik cluster connects with the QStar Archive Manager by using the information provided in
the QStar Host Name field.
The value provided in the QStar Host Name field of the Add Archival Location dialog box must be a
URL that includes the resolvable hostname or IPv4 address of the host of the QStar Archive
Manager instance
Optionally, the URL can include a port designation to indicate the port that the QStar Archive
Manager listens on.

Rubrik CDM Version 5.0 User Guide QStar tape archive 216
Archiving

Adding a QStar tape archive as an archival location


Configure a Rubrik cluster to use an QStar tape archive as the archival location.
Before you begin. Complete the tasks described in Preparing a QStar Integral Volume as an
archival location.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click the blue + icon.
The Add Archival Location dialog box appears.
5. In Archival Type, select Tape.
The Add Archival Location dialog box changes to show the tape fields.
6. In QStar Host Name, type the hostname of the host of the QStar Archive Manager instance.
The value can optionally include a port designation:
<hostname>:<port>
where:
• <hostname> is the resolvable hostname or IPv4 address of the host.
• <port> is the incoming port that the QStar Archive Manager instance listens on.
7. In QStar Integral Volume Name, type the name of the Integral Volume set.
8. In Destination Folder Name, type a name for the folder that will be used for the archival
location.
The combination of the three fields: QStar Host Name, QStar Integral Volume Name, and
Destination Folder Name must be unique. After clicking Add, the Rubrik cluster checks the
location to ensure that it is not in use as an archival location.
If the location is in use, the add archival location task fails and a message appears in the
Activity Log.
9. In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.

Rubrik CDM Version 5.0 User Guide QStar tape archive 217
Archiving

10.In QStar User Name, type the name for a user account.
The specified user account must have permission to mount an Integral Volume set from an
external system and to perform read and write operations on the mounted Integral Volume set.
11.In QStar Password, type the password for the user account.

! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.

12.In Encryption Password, type a complex password.


The Rubrik CDM web UI rejects a password that is too easy to guess.
The Rubrik cluster uses the password to encrypt the archival data.
13.In Re-Enter Encryption Password, type the same password.
14.Click Add.
The Rubrik cluster attempts to mount the Integral Volume set and examines the path specified by
the Destination Folder Name.
If the mount fails or the path is unavailable the job to add the archival location fails and the Rubrik
cluster adds a message to the Activity Log. If both tasks are successful the Rubrik cluster stores
the information and makes the archival location available for use.

Editing the tape archival location


Modify the connection information for the tape archival location. Also, when necessary, edit the
display name.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu.
5. Select Edit.
The Edit Archival Location dialog box appears.
6. (Optional) In QStar Host Name, type the new hostname value of the QStar Archive Manage
instance.

Rubrik CDM Version 5.0 User Guide QStar tape archive 218
Archiving

7. (Optional) In Archival Location Name, type a new display name for the archival location.
8. (Optional) In QStar User Name, type the name for a new user account.
9. (Required when password changes) In QStar Password, type the new password.
10.Click Edit.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.

Reader-writer archival model


This model allows for one owner cluster and multiple reader clusters. This model facilities disaster
recovery.

Note: A pair of clusters can be setup as reader and writer for archival or can be setup for
replication. Reader-writer archival and replication is not supported on the same Rubrik cluster pair.

The four possible states for an archival location are described in Table 37.
Table 37 Archival location states
Archival location states Description
Owner The archival location is owned by the cluster and is active for archiving. The
owner cluster has full read-write access to the archival location. There can
be only one owner for each archival target at an archival location.
Paused An archival location on the owner cluster which is currently paused for
archiving.
Reader The archival location created on a cluster for read-only purposes. The
reader cluster can recover snapshots from the archival target but cannot
archive new snapshots or expire any existing snapshots. There can be more
than one reader cluster to the same archival target concurrently. The owner
cluster has no knowledge of any reader cluster accessing the archival target.
Deleted Once an archival location is no longer needed, it can be deleted from a
cluster. Deleting an archival location from a reader cluster has no effect on
the archival target or the owner cluster.

The supported operations for each archival state are described in Table 38.
Table 38 Supported operations for archival states (page 1 of 2)
Archival states Upload Download Expire and delete SLA mapping
Owner Yes Yes Yes Yes
Paused No Yes No No
Reader No Yes Yes Yes

Rubrik CDM Version 5.0 User Guide Reader-writer archival model 219
Archiving

Table 38 Supported operations for archival states (page 2 of 2)


Archival states Upload Download Expire and delete SLA mapping
Deleted No No No No

Creating a reader archival location


Use the Rubrik CDM web UI to create a reader archival location.
When a reader archival location is added, the Rubrik cluster performs metadata recovery from the
archival target. It identifies all protected objects and their snapshots, and populates the local
metadata with this information. A user can access or download any of the recovered snapshots
going forward as long as the snapshot has not expired or been deleted by the owner cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar, and select Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archival Type, select an archival type.
Each archival type has unique setup parameters. See the related sections earlier in this chapter.
6. Click Connect.
The Rubrik cluster creates a reader archival location. The time that is required to complete
metadata recovery depends on how many objects and snapshots are present at the target archival
location.

Refreshing a reader archival location


Use the Rubrik CDM web UI to refresh a reader archival location.
Since the contents of the archival target can be changed by the owner cluster, the recovery view
of the reader cluster can be inconsistent with the actual contents of the archival location. The
refresh operation takes a point in time view of the contents of the archival target and populates
the reader cluster with that information. Use this operation to synchronize the reader cluster with
the latest content.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.

Rubrik CDM Version 5.0 User Guide Reader-writer archival model 220
Archiving

The Settings menu appears.


3. Click Archival Locations.
The Archival Locations page appears.
4. Select a reader archival location.
5. Open the ellipsis menu on the page bar, and select Refresh.
The Rubrik cluster starts the refresh process.

Promoting a reader archival location to an owner archival location


Use the Rubrik CDM web UI to promote a reader archival location to an owner archival location.
The promote operation should be performed on the reader cluster only after ensuring that the
owner cluster is no longer accessing the archival target. This could be because the owner cluster is
no longer available or the archival location was deleted from the owner cluster. Promoting a reader
cluster to owner while the original owner cluster is still accessing the archival location can result in
inconsistent data and potential data integrity issues.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Select a reader archival location.
5. Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
6. If the cluster is synchronized and a refresh is not required, check the The owner cluster has not
modified the archival location since the last refresh. If this box is not checked, then a refresh is
processed before the promotion process.
7. Click Promote.
The new cluster is assigned the owner cluster role.

Rubrik CDM Version 5.0 User Guide Reader-writer archival model 221
Archiving

Pausing an archive
Use the Rubrik CDM web UI of the owner cluster to pause an archival location. Pausing suspends
archival activity but does not change the status of the owner cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Select an archival location.
5. Click the ellipsis and select Pause Archival.
The Pause Archival Location dialog box appears.
6. Click Pause.
If there are currently jobs running, the current jobs will complete before the archive is paused.
When the archival location is paused the border of the dialog box changes from teal to orange.

Resuming a paused archive


Use the Rubrik CDM web UI to resume a paused archival location.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Select an archival location.
5. Click the ellipsis and select Resume Archival.
The Resume Archival Location dialog box appears.
6. Click Resume.
The Rubrik cluster resumes archival activity for the archival location and the border of the archival
location card changes from orange to teal.

Rubrik CDM Version 5.0 User Guide Reader-writer archival model 222
Archiving

Disaster recovery using an archival location


A Rubrik cluster establishes a connection with an archival location by using unique credentials. In
the event the original Rubrik cluster becomes unavailable, use the same credentials with another
Rubrik cluster to recover the archived data.

The recovery cluster only obtains exclusive (write) access if it is promoted. This requires using the
credentials of the original Rubrik cluster to authenticate with the archival location. The recovery
Rubrik cluster obtains Read-Only access to the archived data.

The recovery cluster can still connect as a reader while the owner cluster is still active, as long as
the user does not intend to promote the reader cluster.

A cluster for recovery should be connected to an existing archival target only when the original
cluster is lost or has deleted the location and no longer wants to access the archival target.
Disaster recovery from an archival location is available for any of the following archive types:
 Amazon S3
 Amazon Glacier
 Google Cloud Platform
 Microsoft Azure
 Object storage system
 NFS share
QStar tape archive

Source vCenters available for recovery


When the source vCenters of the original Rubrik cluster are added to the recovery Rubrik cluster
before the recovery, the recovery Rubrik cluster resumes management of the protection objects on
the source vCenters. The recovery Rubrik cluster manages the protection objects based on the
SLA Domain assignments and rules from the original Rubrik cluster.
After recovery, the SLA Domains of the original Rubrik cluster appear in the Rubrik CDM web UI of
the recovery Rubrik cluster. The recovery Rubrik cluster uses the SLA Domain rules from the
original Rubrik cluster to manage the protection objects on those vCenters.

! IMPORTANT
To re-enable the existing archival policies of the original SLA Domains, the archival location
must also be added to the recovery Rubrik cluster as described in Archival location
configuration.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 223
Archiving

Source vCenters unavailable for recovery


When the source vCenters cannot be added to the recovery Rubrik cluster before the recovery, the
original source virtual machines are unavailable to the recovery Rubrik cluster. The recovery Rubrik
cluster provides management access to this recovered archival data through the Snapshot
Retention page.
Retention Management provides information about the Snapshot Retention page.

Connecting an Amazon S3 archival location for disaster recovery


To connect another Rubrik cluster to an S3 archival location, for disaster recovery, provide the
recovery Rubrik cluster with the connection details that were used by the original Rubrik cluster.
Before you begin — Do the following:
 Select a Rubrik cluster as the recovery Rubrik cluster.
 Obtain the access key ID and the secret key used by the original Rubrik cluster.
 Obtain the KMS master key ID, or the RSA key used by the original Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar, and select Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archival Type, select Amazon S3.
6. In Storage Class, select the Amazon S3 Storage Class.
7. In AWS Access Key, paste the access key ID.
8. In AWS Secret Key, paste the associated secret key.
9. In AWS Bucket Name, type the name of the Amazon S3 bucket of the original Rubrik cluster.
10.In Archival Location Name, select Amazon S3 location name.
11.In Encryption Type, select KMS Master Key ID or RSA Key.
12.(KMS master key only) In KMS Master Key ID, paste the KMS master key ID that was used
to encrypt the archival data on the original Rubrik cluster.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 224
Archiving

13.(RSA key only) In RSA Key, paste the RSA key that was used to encrypt the archival data on
the original Rubrik cluster.
14.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
15.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
16.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.
17.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.

Connecting an Amazon Glacier archival location for disaster recovery


To connect another Rubrik cluster to an S3 archival location, for disaster recovery, provide the
recovery Rubrik cluster with the connection details that were used by the original Rubrik cluster.
Before you begin — Do the following:
 Select a Rubrik cluster as the recovery Rubrik cluster.
 Obtain the access key ID and the secret key used by the original Rubrik cluster.
 Obtain the KMS master key ID, or the RSA key used by the original Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar, and select Connect as Reader.
The Connect as Reader dialog box appears.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 225
Archiving

5. In Archival Type, select Glacier.


6. In Region, select an Amazon Glacier region for the archive.
7. In Access Key, type the access key for the Amazon Glacier account.
8. In Secret Key, type the secret key for the Amazon Glacier account.
9. In Glacier Vault Name, type the name of the Glacier Vault to use for the archive. If the vault
does not exist, it will be created.
10.In Archival Location Name, accept the default name or type a new name for the archival
location.
11.In Encryption Password, type the encryption password to recover the Glacier archive. This
password must match the encryption password from the original owner cluster.
12.In Retrieval Tier, select the Amazon Glacier retrieval tier.
You can select from:
• Standard
• Expedited
• Bulk
13.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
14.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
15.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.
16.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 226
Archiving

Connecting a Google Cloud Platform archival location for disaster recovery


To connect another Rubrik cluster to an S3 archival location, for disaster recovery, provide the
recovery Rubrik cluster with the connection details that were used by the original Rubrik cluster.
Before you begin — Do the following:
 Select a Rubrik cluster as the recovery Rubrik cluster.
 Obtain the access key ID and the secret key used by the original Rubrik cluster.
 Obtain the KMS master key ID, or the RSA key used by the original Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar, and select Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archival Type, select Google Cloud Platform.
6. In Region, select a Regional or Multi-regional location which will host the archival data.
7. In Storage Class, select the specified storage class.
8. In Bucket, enter the bucket name.
Use a bucket name that is unique within your Google Cloud Platform account. Rubrik
recommends that you create a new bucket name by typing a new name in this field. However,
an existing Google Cloud Platform name can be used.
9. In Encryption Password, type the encryption password to recover the Google Cloud Platform
archive. This password must match the encryption password from the original owner cluster.
10.In Re-Enter Encryption Password, type the encryption password to recover the Google
Cloud Platform archive.
11.In Archival Location Name, accept the default archival location name or specify a custom
name.
12.In Service Account JSON Key, paste the contents of the JSON file obtained from Google
Cloud Platform.
13.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 227
Archiving

The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
14.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
15.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared a refresh is processed before the promotion process.
16.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.

Connecting a Microsoft Azure archival location for disaster recovery


To connect another Rubrik cluster to a Microsoft Azure archival location, for disaster recovery,
provide the recovery Rubrik cluster with the connection details that were used by the original
Rubrik cluster.
Before you begin — Do the following:
 Select a Rubrik cluster as the recovery Rubrik cluster.
 Obtain the account name and the account key used by the original Rubrik cluster.
 Obtain the container name used by the original Rubrik cluster
 Obtain the RSA key used by the original Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar, and select Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archival Type, select Azure.
6. In Storage Account Name, type the name of the Microsoft Azure account.
7. In Access Key, type the access key for the Microsoft Azure account.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 228
Archiving

8. In Container, type the name of the container.


9. In Archival Location name, type the archival location name.
10.In Instance Type, type the instance type.
11.(Optional for CloudOn) Click Advanced Settings.
The Advanced Settings page appears with the Cloud Compute Settings menu selected.
Configuring cloud compute settings is required in order for Rubrik cluster to launch a
temporary Rubrik instance on the cloud.
12.(Optional for CloudOn) In App ID, type a new application ID.
13.(Optional for CloudOn) In App Secret Key, copy and paste the application secret key.
14.(Optional for CloudOn) In Tenant ID, type a new tenant ID.
15.(Optional for CloudOn) In Subscription, select a new subscription.
16.(Optional for CloudOn) In Region, select a new region.
17.(Optional for CloudOn) In General Purpose Storage, select a new general purpose storage.
18.(Optional for CloudOn) In General Purpose Storage Container Name, select a new
general purpose storage container name.
19.(Optional for CloudOn) In Resource Group, type a new resource group name.
20.(Optional for CloudOn) In Virtual Network ID, type a new virtual network ID.
21.(Optional for CloudOn) In Subnet ID, type a new subnet ID.
22.(Optional for CloudOn) In Security Group, type a new security group name.
23.Click Save.
24.Click Connect.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
25.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
26.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 229
Archiving

27.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.

Connecting an object storage system archival location for disaster recovery


To connect another Rubrik cluster to an object storage system archival location, for disaster
recovery, provide the recovery Rubrik cluster with the connection details that were used by the
original Rubrik cluster.
Before you begin — Do the following:
 Select a Rubrik cluster as the recovery Rubrik cluster.
 Determine the type of object storage system used by the original Rubrik cluster.
 Obtain the access key/username and the secret key/password used by the original Rubrik
cluster.
 Obtain the hostname or IP address of the object storage system endpoint.
 Obtain the bucket prefix used by the original Rubrik cluster.
 Obtain the RSA key that was used to encrypt the archival data on the original Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar, and select Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archival Type, select Object Store.
6. In Object Store Vendor, select the object store vendor.
7. In Access Key, type the access key for the object store account.
8. In Secret Key, type the secret key for the object store account.
9. In Host Name, type the resolvable hostname or IP address of the object store endpoint.
10.In Bucket Prefix, type the prefix that was used for naming the buckets.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 230
Archiving

11.In RSA Key, paste the RSA key that was used to encrypt the archival data on the original
Rubrik cluster. This password must match the encryption password from the original owner
cluster.
12.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
13.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
14.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.
15.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.

Connecting an NFS archival location for disaster recovery


To connect another Rubrik cluster to an NFS archival location, for disaster recovery, provide the
recovery Rubrik cluster with the connection details that were used by the original Rubrik cluster.
Before you begin — Do the following:
 Select a Rubrik cluster as the recovery Rubrik cluster.
 Obtain the hostname of the NFS share host.
 Obtain the export directory configured in /etc/exports on the NFS share host, or in the
Isilon OneFS UI.
 Obtain the name of the target folder beneath the NFS mount point.
 Determine whether Kerberos authentication is required by the export host.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 231
Archiving

3. Click Archival Locations.


The Archival Locations page appears.
4. Open the ellipsis menu on the page bar, and select Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archival Type, select NFS.
6. In Host Name, type the resolvable hostname or IP address of the NFS share host.
7. In Export Directory, type the absolute path of the export directory configured in
/etc/exports on the NFS share host, or in the Isilon OneFS UI.
8. In Destination Folder Name, type the name of the target folder beneath the NFS mount
point.
Use the folder name, not the full path.
9. In Archival Location Name, type the archival location name.
10.In Encryption Password, type the encryption password. This password must match the
encryption password from the original owner cluster.
11.In Authentication Type, select either: None or Kerberos.
12.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
13.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
14.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.
15.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 232
Archiving

Connecting a tape archival location for disaster recovery


To connect another Rubrik cluster to a QStar tape archival location, for disaster recovery, provide
the recovery Rubrik cluster with the connection details that were used by the original Rubrik
cluster.
Before you begin — Do the following:
 Select a Rubrik cluster as the recovery Rubrik cluster.
 Obtain the values used on the source Rubrik cluster for QStar Host Name, QStar Integral
Volume Name, Destination Folder Name, and Encryption Password.
 Obtain the username and password for an account that has permission to mount the specified
Integral Volume set from an external system and to perform read and write operations on the
mounted Integral Volume set.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar, and select Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archival Type, select Tape.
6. In QStar Host Name, type the value that was provided on the source Rubrik cluster.
7. In QStar Integral Volume Name, type the name of the Integral Volume set that was
provided on the source Rubrik cluster.
8. In Destination Folder Name, type a name for the folder that was provided on the source
Rubrik cluster.
9. In Archival Location Name, type a name for the archival location.
10.In QStar User Name, type the name for the user account that was provided on the source
Rubrik cluster.
11.In QStar Password, type the password for the user account.
12.In Encryption Password, type the password that was provided on the source Rubrik cluster.
This password must match the encryption password from the original owner cluster.

Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 233
Archiving

13.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
14.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
15.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.
16.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.

Tests for disaster recovery using an archival location


Tests for disaster recovery using an archival location can be performed without impacting the
production environment by following the recommended workflow.
The following steps provide the recommended workflow for performing an archival disaster
recovery test.
1. While an owner cluster is archiving, connect another Rubrik cluster as a reader cluster of the
archival location
2. Recover the archived metadata from the archive target to the reader cluster.
3. Once the metadata recovery is complete, use the reader cluster to download snapshots from
the archival target, without interfering with the owner cluster archival activities.

Note: Do not promote the reader cluster.

4. After the initial metadata recovery by the reader cluster, use the owner cluster to upload new
snapshots.
The reader cluster will not see the new snaps shots until a metadata refresh occurs.

Rubrik CDM Version 5.0 User Guide Tests for disaster recovery using an archival location 234
Archiving

5. From the reader cluster, perform a metadata refresh to get the most recent view of the
location’s archived metadata.
This captures any snapshots that were created while the metadata was originally synchronized.
Refresh can be a time consuming operation. The entire archival location must be scanned for
metadata files.

Cascading archival
Use the cascading archival feature to replicate data from a source Rubrik cluster to a target Rubrik
cluster and then archive the data from the target Rubrik cluster.
Cascading archival combines the ability to rapidly replicate data from a remote site to a central site
with the cost-saving benefit of moving the replicated data to an archival location.

Data retention settings


Several settings impact the retention of data for the cascading archival feature.
Table 39 describes the retention settings that apply when using cascading archival.

Table 39 Data retention settings

Setting Setting location Description

Source Rubrik cluster On the source Rubrik cluster Specifies how long is data is kept locally
SLA Domain > Remote Settings on the source Rubrik cluster.
>Retention on Brik

Target Rubrik cluster On the source Rubrik cluster Specifies how long the data is kept locally
SLA Domain > Remote Settings on the target Rubrik cluster.
>Replication

Archival location On the target Rubrik cluster Specifies how long the data is kept at the
SLA Domain > Remote Settings cascading archival location.
>Archival

! IMPORTANT
The maximum retention setting on the source Rubrik cluster also determines the maximum
retention of replicated data on the target Rubrik cluster and on the cascading archival
location. Shortening the maximum retention of the source SLA Domain will expire data
sooner on the source Rubrik cluster, the target Rubrik cluster, and on the archival location.
For an extreme example, setting the maximum retention on the source Rubrik cluster to 0
will expire the data immediately on the source Rubrik cluster, the target Rubrik cluster, and
the archival location.

Rubrik CDM Version 5.0 User Guide Cascading archival 235


Archiving

Potential retention issue


This is a cautionary example that shows how a properly configured SLA Domain that uses
cascading archival can be modified on the source Rubrik cluster in a way that results in data being
expired on the archival location.
Example 8 provides an example of an SLA Domain that is configured properly for cascading
archival.

Example 8 Cascading archival with early expiration of data


The initial configuration in this example shows an acceptable configuration for cascading archival.
SLA on source Rubrik cluster
 Take snapshots every 1 day for 100 days
 Local retention (on Retention on Brik setting) for 48 days
 Replication retention for 100 days
SLA on target (after enabling cascaded archival)
Archive to cloud location after 48 days
The data would be stored as follows:
 0 to 48 days - old data resides on source Rubrik cluster
 0 to 48 days - old data resides on target Rubrik cluster
 48 days to 100 days - data resides on the archival location
Changes to the configuration on the source Rubrik cluster, as shown in the following example
could lead to data being expired on the target Rubrik cluster and on the archival location.

Rubrik CDM Version 5.0 User Guide Cascading archival 236


Archiving

SLA is modified on the source Rubrik cluster


On the source Rubrik cluster, a user modifies the retention setting on the target Rubrik cluster for
the assigned SLA Domain to reduce it to 48 days.
The new settings become:
• Take snapshots every 1 day and retain for 100 days
• Local retention (on Retention on Brik setting) for 48 days
However, on the target Rubrik cluster the settings remain the same:
• Local retention for 48 days
• Archive to cloud location after 48 days
When the change is propagated to the target Rubrik cluster, archival to the cloud is disabled.
Importantly, all the data on the archival location that is older than 48 days is immediately expired
and deleted.

Using cascading archival


Use the Rubrik CDM web UI to configure cascading archival.
From the source Rubrik cluster, complete the following steps.
1. From the Rubrik CDM web UI, select SLA Domains > Local Domains.
2. Click the blue + icon to create an SLA Domain.
The Create SLA Domain dialog box appears.
3. Specify the SLA Domain Name.
4. Specify the SLA settings for the Rubrik cluster.
5. Click Remote Settings.
The Remote Storage Configuration dialog box appears.
6. Enable the Replication toggle.
7. Specify the target Rubrik cluster from the drop-down list.
8. Use the slider bar to specify how long data is kept locally on the target Rubrik cluster.

Rubrik CDM Version 5.0 User Guide Cascading archival 237


Archiving

9. Click Create.
It can take several minutes for the replication changes to propagate to other clusters.
From the target Rubrik cluster, complete the following steps.
1. From the Rubrik CDM web UI, select SLA Domains > Remote Domains.
The Remote SLA Domains dialog box appears.
2. Select the source Rubrik cluster SLA Domain.
3. Click Edit Archival Policy.
The Edit Archival Policy dialog box appears.
4. Configure the archival policy for the target Rubrik cluster.
5. Click Update.
The archival policy is configured.

Archival consolidation
Enabling Archival consolidation frees storage on the archival storage as snapshots are expired.
When archival consolidation is enabled, Rubrik merges the expired set of snapshots with the next
live snapshot. This helps free up some storage and reduce the snapshot chain length. With
reduced snapshot chain length, there is no need for Rubrik to upload another full snapshot after
the first one. This usually triggers incremental-forever archival.
With archival consolidation enabled, Rubrik might occasionally upload a full snapshot when the
following conditions are met simultaneously:
 More than 15 days have lapsed since the last full snapshot was uploaded.
Of the current incremental snapshots that are dependent on the most recently uploaded full
snapshot, more than 60 incremental snapshots are unexpired in the coming 30 days.With archival
consolidation enabled, Rubrik will consolidate on a snapshot chain if one of following conditions is
met:
 There are at least five expired snapshots in the snapshot chain and the sum of their physical
sizes is at least 15% of the logical full
 There are at least 40 expired snapshots in the snapshot chain
If the archival consolidation is on Amazon S3 or Microsoft Azure, one of the following conditions
must also be met for consolidation on a snapshot chain:
 The cost of storage saved (after consolidation has run) is at least 1.5 times greater than the
cost of consolidating it
 It has been at least 30 days since we last run consolidation for the snapshot chain

Rubrik CDM Version 5.0 User Guide Archival consolidation 238


Archiving

Archival consolidation has the following characteristics:


 NFS, AWS S3, S3 Compatible Object Stores, and Azure archives support archival consolidation.
 Azure archives support archival consolidation. Archival consolidation is enabled or disabled on a
per archival location basis.
 Upgrading Rubrik CDM to a release version that supports archival consolidation will not
automatically enable archival consolidation for existing archival locations. When archival
consolidation is enabled on an existing archival location, the expired snapshots on the archive
will be merged with the next live snapshot. However, the full snapshots that were uploaded
previously will not be converted to incrementals.
 Archival consolidation can be enabled only on owner cluster archival locations. It cannot be
enabled for reader archival locations. Archival consolidation does not run when an archival to a
location is paused.

Archival consolidation for AWS S3 and Azure


When the storage consumed by expired snapshots exceeds a certain threshold, the Rubrik cluster
launches a temporary Rubrik instance and initiates consolidation jobs on the temporary Rubrik
instance. The temporary Rubrik instance reads archived data from AWS S3 and Azure. Then, the
temporary Rubrik instance identifies the expired snapshots and performs archival consolidation.
Once archival consolidation is complete, the temporary Rubrik instance uploads the consolidated
archival data back to the cloud storage. The Rubrik cluster t hen shuts down and terminates the
temporary Rubrik instance in order to avoid running costs.

Archival consolidation for NFS and S3 Compatible Object Stores


The Rubrik cluster performs archival consolidation for NFS and S3 Compatible Object Store
archival locations by reading the contents of the affected snapshots to the cluster to generate new
consolidated content and then upload it back to the archival location. This increases the
bandwidth consumption between the Rubrik cluster and the archival location. Therefore, provision
additional bandwidth, as required.

Enabling archival consolidation


Archival consolidation is enabled through the Rubrik CDM web UI.
To configure archival consolidation for Azure and Amazon S3 archival locations, cloud compute
settings must be configured.

Rubrik CDM Version 5.0 User Guide Archival consolidation 239


Archiving

Before you begin — Ensure that the connectivity between the Brik and the customer VPC is
established. Contact your Rubrik account team to enable this connectivity.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
When creating a new archival location, depending on the archival location type, click Enable
Archive Consolidation, then click Save.
• For NFS and Object Store, the Enable Archive Consolidation is on the Add Archival Location
page.
• For Amazon S3 and Azure, the option is under Advanced Settings > Cloud Compute
Settings.
Alternatively, select an existing archival location, click the ellipsis, select Edit. When the Edit
Archival Location dialog box appears, check Enable Archival Consolidation, then click Edit.
Archival consolidation is enabled.

Archival location proxy


By default archival location proxy is set through global proxy settings. Archival location proxy
allows S3 and Azure archival locations to override the global proxy settings and use specified proxy
settings.

Note: Archival location proxy facilitates archival over a private VPN connection.

Each archival location supports two different kinds of proxies:


 The Archival proxy is used to route traffic for archival requests.
 The Compute proxy is used for API calls that instantiate virtual machines.

Configuring an S3 archival location proxy


S3 archival location proxy is enabled through the Rubrik CDM web UI.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.

Rubrik CDM Version 5.0 User Guide Archival location proxy 240
Archiving

3. Click Archival Locations.


The Archival Locations page appears.
4. Select an S3 archival location.
5. Click the ellipsis and select Edit.
The Edit Archival Location dialog box appears.
6. Scroll to the bottom of the dialog box and click Advanced Settings.
7. From Archival Proxy Settings, configure:
• Protocol
• Proxy Server (IP or FQDN)
• Port Number
• Username
• Password
8. Click Save.
9. From Compute Proxy Settings, configure:
• Protocol
• Proxy Server (IP or FQDN)
• Port Number
• Username
• Password
10.Click Save.
The archive location proxy settings are saved.

Configuring an Azure archival location proxy


Azure archival location proxy is enabled through the Rubrik CDM web UI.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.

Rubrik CDM Version 5.0 User Guide Archival location proxy 241
Archiving

4. Select an Azure archival location.


5. Click the ellipsis and select Edit.
The Edit Archival Location dialog box appears.
6. Click Advanced Settings.
7. From Archival Proxy Settings, configure:
• Protocol
• Proxy Server (IP or FQDN)
• Port Number
• Username
• Password
8. Click Save.
9. From Compute Proxy Settings, configure:
• Protocol
• Proxy Server (IP or FQDN)
• Port Number
• Username
• Password
10.Click Save.
The archive location proxy settings are saved.

Rubrik CDM Version 5.0 User Guide Archival location proxy 242
Archiving

Archival lifecycle best practices


There are best practices for Archival Lifecycle Management. Configure these best practices
through the archival platforms.
Table 40 lists the best practices.

Table 40 Archival Lifecycle Management

Vendor Notes

Amazon Web • In the AWS Console, move older objects in the S3-Standard Storage Class to
Services S3-Infrequent Access Storage Class.
• Rubrik cluster does not support Lifecycle management to Glacier.
• When a snapshot is transitioned from S3-Standard Storage Class to S3-Infrequent
Access Storage Class, keep the snapshot in the S3-Infrequent Access Storage Class
for a minimum of 30 days to avoid early deletion charges as defined in your SLA
Domain retention policy.

Microsoft Azure • Through Azure, move older objects from the Hot storage tier to the Cool storage tier.
Blob Storage • Rubrik cluster does not support Lifecycle management to the Archival storage tier.
• When a snapshot is transitioned from Hot storage tier to Cool storage tier, keep the
snapshot in the Cool storage tier for a minimum of 30 days to avoid early deletion
charges as defined in your SLA Domain retention policy.

Google Cloud • Through GCP, move older objects to Nearline or Coldline storage.
Storage • When a snapshot is transitioned to Nearline or Coldline storage, keep the snapshot in
the Nearline storage for a minimum of 30 days or Coldline storage for a minimum of 90
days to avoid early deletion charges as defined in your SLA Domain retention policy.

Archival location removal


Archival locations store data to meet the policies specified by the SLA Domains of the Rubrik
cluster. Retiring an archival location is a two stage process.
The two stages for retiring an archival location are:
 Disconnect the archival location to prevent further uploads of data to the archival location.
 Wait until the archival retention period of every snapshot and backup is exceeded, then delete
the archival location.
When retention of the archival data is not required, the waiting period can be skipped and the
disconnect and deletion can be done at the same time.

Rubrik CDM Version 5.0 User Guide Archival lifecycle best practices 243
Archiving

Disconnecting an archival location


Disconnect an archival location to discontinue write access to that archival location. The data on
the disconnected archival location remains available for read access and the Rubrik cluster retains
the data for the periods specified by the source archival policies.

! IMPORTANT
An SLA Domain cannot use a disconnected archival location for archiving. When an archival
location is disconnected, all SLA Domains that use that archival location are set to Not
Archiving. To provide an archival policy for an SLA Domain that had the archival location
disconnected, edit the SLA Domain to add a new archival location.

1. Log in to the Rubrik CDM web UI.


2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu.
5. Select Disconnect.
A warning appears.
6. Click Disconnect.
The Rubrik cluster sets the archival location to READ-ONLY state.

Rubrik CDM Version 5.0 User Guide Archival location removal 244
Archiving

Deleting an archival location


Delete a disconnected archival location to remove it from the Rubrik cluster. Deleting an archival
location immediately expires all unexpired data that is stored through that disconnected archival
location.

! IMPORTANT
Expired data stored at a deleted archival location cannot be retrieved by the Rubrik cluster.
To meet SLA requirements, wait until all data that is stored through a disconnected archival
location has exceeded the retention periods that are specified by the associated SLA
Domains.

1. Log in to the Rubrik CDM web UI.


2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card of a disconnected archival
location, open the ellipsis menu.
For disconnected archival locations, the web UI displays ‘Read-only’ in the status section of the
archival location card.
5. Select Delete.
A warning appears.
6. Click Delete.
The Rubrik cluster expires all associated data at the archival location and removes the archival
location from the Rubrik CDM web UI.

Rubrik CDM Version 5.0 User Guide Archival location removal 245
Chapter 8
Hyper-V Virtual Machines

This chapter describes how to protect and manage data from Microsoft Hyper-V virtual machines.
 Overview ............................................................................................................... 247
 Virtual machine protection....................................................................................... 247
 Rubrik Backup Service software for SCVMM .............................................................. 248
 Rubrik Backup Service software for non SCVMM........................................................ 253
 SLA Domain assignment.......................................................................................... 258
 Finding protection objects ....................................................................................... 262
 Protection consequences ......................................................................................... 265
 Local host page ...................................................................................................... 267
 Virtual machine snapshots....................................................................................... 272
 Archival snapshots .................................................................................................. 275
 Recovery and restore of virtual machine data ........................................................... 276
 Recovery of virtual machines ................................................................................... 276
 Recovery of folders and files.................................................................................... 284
 Unmanaged data .................................................................................................... 290

Rubrik CDM Version 5.0 User Guide Hyper-V Virtual Machines 246
Hyper-V Virtual Machines

Overview
A Rubrik cluster provides data management and protection for virtual machines that are deployed
in a Microsoft Hyper-V environment. The Rubrik cluster can manage and protect virtual machines
in an environment with multiple Hyper-V servers and virtual machines.
Rubrik invokes the Windows Management Instrumentation (WMI) APIs to communicate with the
hypervisor directly for a first full and forever incremental set of backups via Resilient Change
Tracking (RCT). Data is ingested over the SMB protocol to the Rubrik cluster in a secure manner.
There is no requirement to have SCVMM installed in your environment.
SLA policies can be applied anywhere in the hierarchy stack: the SCVMM host, the cluster, host, or
virtual machine levels. The Rubrik cluster provides a variety of methods to recover virtual
machines and to restore protected data. Recover virtual machines and restore data by using
snapshots, replicas, and archival snapshots.
Rubrik supports any Hyper-V based Windows or Linux virtual machines using the Rubrik Backup
Service. The Rubrik Backup Service is a connector that self manages after initial deployment.
Hyper-V host refers to a Windows Server with the Hyper-V role installed.

Virtual machine protection


A Rubrik cluster provides protection for virtual machines through either individual assignment of
the virtual machine to an SLA Domain or through automatic protection. Automatic protection
occurs when the virtual machine derives the SLA Domain assignment of a containing folder,
cluster, or host.
The Rubrik cluster provides flexibility in the protection assignments made for virtual machines.
Virtual machines that are protected by individual assignment can be set to Do Not Protect or can
be set to inherit a protection setting.
An individual virtual machine, that is part of a group of virtual machines being automatically
protected, can be set to Do Not Protect, without moving the virtual machine out of the group.

Rubrik CDM Version 5.0 User Guide Overview 247


Hyper-V Virtual Machines

Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA
Domain assigned to a parent object.
Objects from which a virtual machine can inherit are the following virtualization system entities:
Rubrik clusters support three Hyper-V hierarchies for protection:
 Hyper-V SCVMM > Hyper-V Cluster > Hyper-V Clustered Hosts > Hyper-V VMs on Clustered
Hosts
 Hyper-V Cluster > Hyper-V Clustered Hosts > Hyper-V VMs on Clustered Hosts
 Hyper-V Standalone Host > Hyper-V VMs on Standalone Host
The automatic protection mechanism simplifies assigning protection to large numbers of virtual
machines and provides an easy method to uniformly assign specific SLA Domains to groups of
functionally similar virtual machines.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
During SLA Domain assignment, the Rubrik cluster displays the objects that have individual
assignments which conflict with the new assignment. For each conflicting object, the Rubrik
cluster permits an administrator to choose to retain the individual setting or apply the new setting.

Rubrik Backup Service software for SCVMM


Microsoft provides System Center Virtual Machine Manager (SCVMM) to manage virtual machines
across multiple hosts. The Rubrik Backup Service should be installed on all hosts running SCVMM.
If SCVMM is highly available then the Rubrik Backup Service should be installed on all hosts within
the cluster to which SCVMM may fail over. The Rubrik Backup Service is then pushed automatically
from SCVMM to each Hyper-V host in order to take snapshots.

! IMPORTANT
The Rubrik Backup Service software can only be used with the Rubrik cluster from which
the software is obtained. Each Rubrik cluster generates a copy of the Rubrik Backup Service
software that includes authentication information specific to that Rubrik cluster. This
method ensures that the Rubrik cluster and a hosted deployment of the Rubrik Backup
Service can reliably authenticate each other.

Rubrik provides automatic upgrade of the Rubrik Backup Service software as part of a general
upgrade of the Rubrik cluster software. After upgrading the Rubrik cluster software, the Rubrik
cluster automatically upgrades the Rubrik Backup Service software on all protected hosts.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 248
Hyper-V Virtual Machines

Prerequisites
The following prerequisites are required for SCVMM hosts supported by Rubrik:
 Rubrik version 4.1 or later
 Hyper-V Server 2016 or later
 Hyper-V host must be joined to one of the Active Directory domains that the Rubrik cluster is a
member of
 Create a Run As Account that is a member of the local Administrators group on the Hyper-V
servers being managed
 Virtual machines must be Configuration 8 or later
For versions of Hyper-V that are older than Hyper-V 2016, use volume snapshots, or install the
Rubrik Backup Service on each virtual machine.

Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI
Obtain the Rubrik Backup Service software from the Rubrik CDM web UI of the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > Hyper-V VMs.
The VMs tab of the Hyper-V VMs page appears.
3. Click Add SCVMMs.
The Add SCVMM dialog box appears.
4. In the IP or Hostname field, type the IP address or Hostname of the SCVMM.
5. In the Run As Account field, specify the Run As account.
6. (optional) Click the Add Rubrik Backup Service to other hosts if you want the Rubrik Backup
Service to automatically install on hosts within SCVMM.
Next task — Install the connector software on SCVMM.

Obtaining the Rubrik Backup Service software by URL


Obtain the Rubrik Backup Service software from the Add SCVMM dialog box.
The Rubrik Backup Service software can only be used with the Rubrik cluster from which it is
obtained.
1. From the Add SCVMM dialog box, click Rubrik Backup Service.
A browser-specific dialog box appears to enable saving the package file.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 249
Hyper-V Virtual Machines

2. Save the file to a temporary location.


Next task — Install the Rubrik Backup Service on SCVMM.

Installing the Rubrik Backup Service software on a SCVMM host


Install the Rubrik Backup Service software the SCVMM host.
1. Copy RubrikBackupServiceForScvmm.zip to a temporary directory on the Windows host.
2. Extract the files from the ZIP file.
The ZIP file contains four files:
• RubrikBackupService.msi, a Windows Installer Package.
• backup-agent.crt, a security certificate for the Rubrik Backup Service.
• scvmm_deploy_agent,crt, the Rubrik service that installs the Rubrik backup software agent
on hosts associated with SCVMM.
• ScvmmReadMe.txt, a read me file for installation of the Rubrik backup software agent on
the SCVMM host.

! IMPORTANT
When installing the Rubrik Backup Service software, the security certificate file must be
in the same folder as the Windows Installer Package.

3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package, RubrikBackupService.msi.
The Windows Installer Package installs the Rubrik Backup Service software and incorporates
the security certificate into the installation.
4. Create a directory, RubrikBackupService.cr on a host that can access the virtual machine
manager console.
5. Copy the .msi, .crt, and ,cmd files to the RubrikBackup.cr folder.
6. Open the SCVMM console. Navigate to Library > Library Servers > MSSCVMMLibrary >
ApplicationFrameworks.
7. Right-click on ApplicationFrameworks and select Explore.
8. Copy the RubrikBackupService.cr folder and paste it into ApplicationFrameworks.
9. Right-click on ApplicationFrameworks and select Refresh. Confirm RubrikBackupService.cr
is listed as a custom resource.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 250
Hyper-V Virtual Machines

Removing the Rubrik Backup Service from a Windows host


When the Rubrik Backup Service is no longer required on a Windows host it can be removed by
using Windows commands.

Note: Removing the Rubrik Backup Service from a Windows host also removes the connection
between the Windows host and the Rubrik cluster. The Rubrik cluster designates any retained
snapshots as relics. Use the Snapshot Retention page to manually manage the relics, as described
in Retention Management.

1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.
3. Type appwiz.cpl, and press OK.
The Uninstall or change a program window appears.
4. Right-click Rubrik Backup Service, and click Uninstall/Change.
5. Follow the prompts to remove the application.
The uninstaller removes the Rubrik Backup Service software. The Rubrik cluster designates any
retained snapshots as relics.

Hyper-V host management


After installing the Rubrik Backup Service software on a SCVMM host or a Hyper-V host, add the
host to the Rubrik cluster.
Adding a host to the Rubrik cluster establishes a secure connection between the Rubrik cluster
and the Rubrik Backup Service that is running on the host. After the host is added, an entry for the
host appears in the Rubrik CDM web UI.
The Rubrik cluster identifies the host by an IPv4 address or a resolvable hostname. When the
value that is used to identify a host changes, edit the host information on the Rubrik cluster to
reflect the new value.
To stop managing the data on a host, delete the host from the Rubrik cluster. Deleting a host
removes that host from the Windows Hosts tab. A removed host cannot be paired with a fileset
and cannot be the target of an export. The Rubrik cluster moves the existing host filesets of the
removed host and all associated backups to the Snapshot Retention page.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 251
Hyper-V Virtual Machines

Adding a Windows host


To begin managing a Hyper-V host, add the host to the Rubrik cluster.
Before you begin. Obtain and install the Rubrik Backup Service software on each host being
added.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > Hyper-V VMs.
The VMs tab of the Hyper-V VMs page appears.
3. Click Add Windows Hosts.
The Add Windows Hosts dialog box appears.
4. In IPs or Hostnames, type a comma-separated list of IPv4 addresses or resolvable
hostnames for the hosts being added.
The list can contain a mix of IPv4 addresses and hostnames. The Rubrik cluster requires one
IPv4 address or one hostname for each host being added.
5. Click Add.
The Rubrik cluster checks connectivity with the specified hosts and adds the host(s).

Hyper-V host configuration


In order to protect Hyper-V with a Rubrik cluster, the Failover Clustering feature must be enabled
on the Hyper-V host even if the Hyper-V host is not part of a Failover cluster.

Note: Hyper-V only supports RCT only if Failover Clustering is enabled.

To enable Failover Clustering, use the Windows Server Manager, then select the Add Roles and
Features Wizard to add the Failover Clustering feature.
The Failover Clustering Tools include the Failover Cluster Manager snap-in, the Failover Clustering
Windows PowerShell cmdlets, the Cluster-Aware Updating (CAU) user interface and Windows
PowerShell cmdlets, and related tools.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 252
Hyper-V Virtual Machines

Rubrik Backup Service software for non SCVMM


For Hyper-V without SCVMM, the Rubrik cluster uses the same Rubrik Windows Backup Service
software that is used for Windows file system protection.
For Failover Clusters, the connector should be installed on all hosts and each host should be added
to Rubrik individually.
The Rubrik Backup Service software can be downloaded directly from the Rubrik cluster when it is
needed, or the software can be downloaded once and pushed to hosts as needed.

! IMPORTANT
The Rubrik Backup Service software can only be used with the Rubrik cluster from which
the software is obtained. Each Rubrik cluster generates a copy of the Rubrik Backup Service
software that includes authentication information specific to that Rubrik cluster. This
method ensures that the Rubrik cluster and a hosted deployment of the Rubrik Backup
Service can reliably authenticate each other.

Rubrik provides automatic upgrade of the Rubrik Backup Service software as part of a general
upgrade of the Rubrik cluster software. After upgrading the Rubrik cluster software, the Rubrik
cluster automatically upgrades the Rubrik Backup Service software on all protected hosts.

Prerequisites
The following prerequisites are required for Hyper-V hosts (in a non SCVMM configuration)
supported by Rubrik:
 Rubrik version 4.0 or later
 Hyper-V Server 2016 or later
 Hyper-V host must be joined to one of the Active Directory domains that the Rubrik cluster is a
member of
 Hyper-V host must be joined to one of the Active Directory domains that the Rubrik cluster is a
member of
 Create a Run As Account that is a member of the Domain Admins group
 Virtual machines must be Configuration 8 or later
For versions of Hyper-V that are older than Hyper-V 2016, use volume snapshots, or install the
Rubrik Backup Service on each virtual machine.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 253
Hyper-V Virtual Machines

Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI
Obtain the Rubrik Backup Service software from the Rubrik CDM web UI of the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. Click Add Windows Hosts.
The Add Windows Hosts dialog box appears.
4. In the text of the dialog box, click Rubrik Backup Service.
A browser-specific dialog box appears to enable saving the package file.
5. Save the file to a temporary location.
Next task — Install the connector software on hosts.

Obtaining the Rubrik Backup Service software by URL


Obtain the Rubrik Backup Service software directly by URL. The Rubrik cluster provides direct URL
links for the software package for Linux hosts and the software package for Windows hosts.
The Rubrik Backup Service software can only be used with the Rubrik cluster from which it is
obtained.
1. Open a web browser.
2. Access the URL for Windows:
https://<RubrikCluster>/connector/RubrikBackupService.zip
where <RubrikCluster> is the resolvable hostname or IP address of the Rubrik cluster.
A browser-specific dialog box appears to enable saving the package file.
3. Save the file to a temporary location.
Next task — Install the Rubrik Backup Service on Windows Server hosts.

Account used to run the Rubrik Backup Service on a Windows host


The Rubrik Backup Service must run as an account that is a member of the Administrators group
of the Windows Server host.
When first installed, the Rubrik Backup Service runs as a LocalSystem account. A LocalSystem
account includes the permissions that are provided by the local Administrators group.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 254
Hyper-V Virtual Machines

Instead of running the Rubrik Backup Service as a LocalSystem account, the Rubrik Backup
Service can be configured to run as a member of the local Administrators group.
To run as a member of the local Administrators group, run the Rubrik Backup Service as a user
account that is one of the following:
 Local user account that is a member of the local Administrators group
 Domain user account that is a member of the local Administrators group

Installing the Rubrik Backup Service software on a Windows host


Install the Rubrik Backup Service software the Hyper-V host to provide the Rubrik cluster with the
ability to manage data on the Hyper-V host.
Before you begin — Do the following:
 Check that the most up-to-date Windows version of the Rubrik Backup Service software for the
correct Rubrik cluster is available in a temporary location that the Windows host can access.
 Choose or create an account to run the Rubrik Backup Service software, as described in
Account used to run the Rubrik Backup Service on a Windows host
1. Copy RubrikBackupService.zip to a temporary directory on the Windows host.
2. Extract the files from the ZIP file.
The ZIP file contains two files:
• RubrikBackupService.msi, a Windows Installer Package.
• backup-agent.crt, a security certificate for the Rubrik Backup Service.

! IMPORTANT
When installing the Rubrik Backup Service software, the security certificate file must be
in the same folder as the Windows Installer Package.

3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package.
The Windows Installer Package installs the Rubrik Backup Service software and incorporates
the security certificate into the installation.
The Rubrik Backup Service software can also be push installed on multiple Windows hosts
using automation software, such as Puppet or Chef.
4. (Optional) Change the account used to run the Rubrik Backup Service.
Account used to run the Rubrik Backup Service on a Windows host describes the account
requirements.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 255
Hyper-V Virtual Machines

Note: The default LocalService account does not provide sufficient privileges to permit the
Rubrik Backup Service to access data on network shares.

Next task — Add the Windows hosts that are running the Rubrik Backup Software to the Rubrik
cluster.

Removing the Rubrik Backup Service from a Windows host


When the Rubrik Backup Service is no longer required on a Windows host it can be removed by
using Windows commands.

Note: Removing the Rubrik Backup Service from a Windows host also removes the connection
between the Windows host and the Rubrik cluster. The Rubrik cluster designates any retained
snapshots as relics. Use the Snapshot Retention page to manually manage the relics, as described
in Retention Management.

1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.
3. Type appwiz.cpl, and press OK.
The Uninstall or change a program window appears.
4. Right-click Rubrik Backup Service, and click Uninstall/Change.
5. Follow the prompts to remove the application.
The uninstaller removes the Rubrik Backup Service software. The Rubrik cluster designates any
retained snapshots as relics.

Hyper-V host management


After installing the Rubrik Backup Service software on a Hyper-V host, add the host to the Rubrik
cluster.
Adding a host to the Rubrik cluster establishes a secure connection between the Rubrik cluster
and the Rubrik Backup Service that is running on the host. After the host is added, an entry for the
host appears in the Rubrik CDM web UI.
The Rubrik cluster identifies the host by an IPv4 address or a resolvable hostname. When the
value that is used to identify a host changes, edit the host information on the Rubrik cluster to
reflect the new value.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 256
Hyper-V Virtual Machines

To stop managing the data on a host, delete the host from the Rubrik cluster. Deleting a host
removes that host from the Windows Hosts tab. A removed host cannot be paired with a fileset
and cannot be a target of an export. The Rubrik cluster moves the existing host filesets of the
removed host and all associated backups to the Retention Management page.

Adding a Windows host


To begin managing a Hyper-V host, add the host to the Rubrik cluster.
Before you begin — Obtain and install the Rubrik Backup Service software on each host being
added.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > Hyper-V VMs.
The VMs tab of the Hyper-V VMs page appears.
3. Click Add Hyper-V Hosts.
The Add Windows Hosts dialog box appears.
4. In IPs or Hostnames, type a comma-separated list of IPv4 addresses or resolvable
hostnames for the hosts being added.
The list can contain a mix of IPv4 addresses and hostnames. The Rubrik cluster requires one
IPv4 address or one hostname for each host being added.
5. Click Add.
The Rubrik cluster checks connectivity with the specified hosts and adds the host(s).

Hyper-V host configuration


In order to protect Hyper-V with a Rubrik cluster, the client must enable Failover Clustering feature
on the Hyper-V host even if the Hyper-V host is not part of a Failover cluster.

Note: Hyper-V only supports RCT only if Failover Clustering is enabled.

To enable Failover Clustering, use the Windows Server Manager, then select the Add Roles and
Features Wizard to add the Failover Clustering feature.
The Failover Clustering Tools include the Failover Cluster Manager snap-in, the Failover Clustering
Windows PowerShell cmdlets, the Cluster-Aware Updating (CAU) user interface and Windows
PowerShell cmdlets, and related tools.

Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 257
Hyper-V Virtual Machines

SLA Domain assignment


Provide protection for a virtual machine through an SLA Domain.
A virtual machine can be protected by assigning an SLA Domain setting individually to the virtual
machine. A virtual machine can also be protected by deriving an SLA Domain setting through
automatic protection.
Automatic protection occurs in one of the following ways:
 An administrator assigns an object that contains the virtual machine to an SLA Domain.
 An administrator moves the virtual machine into the hierarchy of an object that is assigned to
an SLA Domain.
Automatic protection uses the automatic protection rules to determine whether a setting applies to
an object. Rubrik Backup Service software for SCVMM describes these rules.

Assigning an SLA Domain setting to a virtual machine


Specify an SLA Domain for a virtual machine, set the virtual machine to inherit from a parent, or
specify Do Not Protect for the virtual machine.
Protect a set of virtual machines by assigning the selected set to an SLA Domain. Assigning virtual
machines to an SLA Domain protects the virtual machines by applying the data protection policies
of the SLA Domain.
1. Log in to the Rubrik CMDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

3. Select a virtual machine.


Select multiple virtual machines to assign the same setting to all of the selected virtual
machines.
To help find virtual machines, use the filters, sort the entries by column heading, or use the
search field. Finding protection objects describes these tools.
4. Click Manage Protection.
A dialog box with one or more warnings may appear.
The Manage Protection dialog box appears.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 258
Hyper-V Virtual Machines

5. Select an SLA Domain.


Manage Protection options describes the choices.
6. Click Submit.
The Rubrik cluster assigns the selection group to the SLA Domain.

Assigning an SLA Domain setting to a Hyper-V cluster or server


Specify an SLA Domain setting for Hyper-V host to have the setting applied to the objects and
virtual machines contained by the clusters and host.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper V-VMs.
The Hyper-V VMs page appears, with the VMs tab selected.
3. Select Hosts and Clusters.
The Hosts and Cluster tab appears.
4. Select a Hyper-V host or cluster.
Select multiple objects to apply the setting to more than one object in the hosts hierarchy.
5. Click Manage Protection.
The Manage Protection dialog box appears.
6. Select an SLA Domain.
Manage Protection options describes the choices.
7. Click Submit.
The Rubrik cluster applies the selected setting to the selected objects.
The automatic protection rules determine the application of the selected setting to virtual
machines contained by the selected objects. Rubrik Backup Service software for SCVMM
describes the automatic protection rules.
8. Click Done.
The Rubrik cluster applies the selected setting to the selected objects and resolves conflicts as
specified.
The automatic protection rules determine the application of the setting to the virtual machines
that are contained by the selected objects.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 259
Hyper-V Virtual Machines

Manage Protection options


Select virtualization hierarchy entities and click Manage Protection to view the Manage Protection
dialog box for the selected entities. The Manage Protection dialog box provides several options for
the selected entities.
Table 41 describes the options available through the Manage Protection dialog box.
Table 41 Options available through the Manage Protection dialog box
Field Action Description
Search Search SLA Domains Predictive search for SLA Domains by using the
characters entered in the search field to match the
same sequence of characters anywhere in the SLA
Domain name.
Blue + icon Click to open the Create New Opens the Create New SLA Domain dialog box.
SLA Domain dialog box Create a new SLA Domain and assign that SLA
Domain to the selected group of objects.
SLA Domain list Select an SLA Domain Select an SLA Domain to assign to the selected group
of objects. The Rubrik cluster assigns the selected
SLA Domain individually to each of the selected
objects. The automatic protection rules determine
whether the Rubrik cluster assigns the selected SLA
Domain to objects contained by a selected object.
Do Not Protect Select to assign Individually assigns the Do Not Protect setting to each
of the selected objects.The automatic protection rules
determine whether objects that are contained by a
selected object inherit the Do Not Protect setting.
The Rubrik cluster does not create policy driven
snapshots for a virtual machine that is individually set
to Do Not Protect or that inherits the Do Not Protect
setting.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 260
Hyper-V Virtual Machines

Removing an SLA Domain setting


Remove an individual SLA Domain setting from a virtual machine. After the task completes, the
virtual machine derives a setting based on the automatic protection rules.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper-V VMs.
The Virtual Machines page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

3. Select a virtual machine.


Select multiple virtual machines to remove the individual setting of every virtual machine in the
selection group.
To help find virtual machines, use the filters, sort the entries by column heading, or use the
search field. Finding protection objects describes these tools.
4. Click Manage Protection.
A dialog box with one or more warnings may appear.
The Manage Protection dialog box appears.
5. Select Clear Existing Assignment.
A warning dialog box appears.
6. Click Clear.
The Rubrik cluster removes the individual assignments for the selected group. Each virtual
machine in the selection group derives a protection setting based on the automatic protection
rules.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 261
Hyper-V Virtual Machines

Finding protection objects


The Rubrik CDM web UI provides several tools for finding protection objects.

Displaying all discovered virtual machines


The Rubrik CDM web UI lists all of the virtual machines that have been discovered on the Hyper-V
VMs page. Access this page using one of several methods.
The following methods open the Hyper-V VMs page and display all discovered virtual machines:
 On the left-side menu, click Virtual Machines > Hyper-V VMs.
 On the Dashboard page, on the Hyper-V VMs card, click See All.

Displaying unprotected virtual machines from the Dashboard


From the Dashboard, display all unprotected virtual machines.
1. Open the web UI to the main Dashboard.
2. On the Hyper-V VMs card, in the Unprotected field, click Protect Now.
The Hyper-V VMs page opens, with the VMs tab selected, and filters the view to show All
Unprotected virtual machines

Displaying unprotected virtual machines from the Hyper-V VMs page


Use a filter to display all unprotected virtual machines.
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
3. Click the Filter SLA drop-down menu.
4. On the Filter SLA drop-down menu, select one of the following filters:
• All Unprotected – Displays all unprotected virtual machines, both No SLA and Do Not
Protect.
• No SLA – Displays virtual machines that have not inherited an SLA Domain setting.
• Do Not Protect – Displays virtual machines that have inherited the Do Not Protect setting,
or have Do Not Protect individually assigned.
• All Protected– Displays virtual machines that have been associated with defined SLAs.

Rubrik CDM Version 5.0 User Guide Finding protection objects 262
Hyper-V Virtual Machines

The Rubrik CDM web UI displays the virtual machines that belong to the selected protection state.

Sorting virtual machines by using the SLA filter


Use the SLA filter to find specific virtual machines.
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
3. Click the Filter SLA drop-down menu.
4. On the Filter SLA drop-down menu, select one of the named SLA Domains, or select a
protection state, either: No SLA or Do Not Protect.
The web UI displays the virtual machines that belong to the selected SLA Domain or to the
selected protection state.

Finding virtual machines by using the Search field


Use the Search field to find a specific virtual machine.
1. Log in to the Rubrik web UI.
2. In the Search field, at the top of all Rubrik CDM web UI pages, type the name of the virtual
machine.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
The search matches the characters entered in the search field with the same sequence of
characters anywhere in a name. Continue to type characters to narrow down the results until
the virtual machine appears.
3. When the name of the virtual machine appears in the displayed list, select the name.
The Rubrik CDM web UI displays the local host page for the virtual machine.

Finding entities by using the object tab


Use object tabs on the Virtual Machines page to define a hierarchical view to search and to
browse. Then, use the search field to find entities within the defined view, or to browse to entities
within the defined view.
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, click Virtual Machines > Hyper-V VMs.

Rubrik CDM Version 5.0 User Guide Finding protection objects 263
Hyper-V Virtual Machines

The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
3. In the tab bar, select a tab.
Select one of the following:
• VMs – Provides a virtual machines only view, with the hierarchical location of each virtual
machine displayed in the location column.
• Hosts and Clusters – Provides a list of Hyper-V hosts and Hyper-V clusters.
4. (Search Only) In the tab search field, begin typing an entity name.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
The search matches the characters entered in the search field with the same sequence of
characters anywhere in a name. Continue to type characters to narrow down the results until
the entity appears in the results.
5. (Search Only) Stop typing when the name of the entity appears on the page.
6. (Browse Only) Click the name of a top-level entity.
The Rubrik CDM web UI displays the entities within the selected entity.
7. (Browse Only) Continue clicking entity names to browse down the hierarchy to a specific entity.

Selecting data sources


Use the objects filter and tab search field to find and select data protection entities.
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
3. Use one of the search or sort methods to display the entities to be selected.
4. Select the entities.
A check mark appears next to each selected entity.
5. Select Manage Protection.
SLA Domain assignment describes how to assign an SLA Domain.

Protected warning
The Rubrik CDM web UI displays the protected warning when the Rubrik cluster detects that an
SLA Domain setting is already associated with a selected virtual machine.

Rubrik CDM Version 5.0 User Guide Finding protection objects 264
Hyper-V Virtual Machines

The protected warning is “These VM(s) are already protected”.


When the protected warning appears, do one of the following:
 Continue the operation to assign the selected SLA Domain to the protected virtual machines.
 Cancel the operation and remove the virtual machines from the selection set.
Changing the SLA Domain of a virtual machine may result in immediate expiration of some
snapshots, as described in Changing the assigned SLA Domain.

Protection consequences
The SLA rules defined by an SLA Domain impact the protection of virtual machines in several
ways. SLA rules specify when snapshots are created, when snapshots expire, and where snapshot
data is stored.
A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an
SLA Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same
SLA Domain that created the snapshot.
Sometimes, the source virtual machine for a snapshot is assigned to another SLA Domain after the
snapshot is created. When this occurs the new SLA Domain becomes the managing SLA Domain
for the policy driven snapshot.
A policy driven snapshot can require manual management when it loses an association with the
SLA Domain.

Protecting a new virtual machine


A new virtual machine is one for which no policy driven snapshots exist. After a new virtual
machine is assigned to an SLA Domain, all of its snapshots, replicas and archival snapshots are
created and managed based on the SLA rules of the SLA Domain.
The following table provides a quick overview of the impact of assigning a new virtual machine to
an SLA Domain.
Table 42 Impact of SLA Domain properties on snapshots (page 1 of 2)
SLA Domain property Virtual machine snapshot impact
SLA rules Determines when policy driven snapshots are created and when they are
automatically expired.
Local Cluster Retention Period Determines how long snapshots are retained on the local Rubrik cluster.
When an archival account exists for the SLA Domain, policy driven
snapshots older than the Local Cluster Retention Period are automatically
copied to archival snapshots on an archival location.
Replication Retention Period Determines how long replicas are retained on a replication target cluster.

Rubrik CDM Version 5.0 User Guide Protection consequences 265


Hyper-V Virtual Machines

Table 42 Impact of SLA Domain properties on snapshots (page 2 of 2)


SLA Domain property Virtual machine snapshot impact
Maximum Retention Period Determines how long snapshots are retained by the system. The Rubrik
cluster automatically expires policy driven snapshots that are older than
the Maximum Retention Period.

Changing the assigned SLA Domain


A protected virtual machine may be assigned to another SLA Domain in order to satisfy specific
business requirements (for example, data governance policy changes or space management
requirements). Example 9 describes this situation.

Example 9 Assigning a protected virtual machine to another SLA Domain


Assume that a virtual machine was assigned to the SLA Domain D1 and later was assigned to the
SLA Domain D2. At the time of the reassignment, the virtual machine had existing policy driven
snapshots. After the reassignment, those existing policy driven snapshots are managed based on
the policies set in SLA Domain D2.
If D1 has a higher base frequency of snapshots than D2 (e.g. D1 was Gold and D2 was Bronze),
then existing policy-driven snapshots that are not required by the policies of D2 are deleted from
the system.
By doing this, the Rubrik cluster brings the snapshot history for the virtual machine into
compliance with the frequency and retention periods defined by D2.
Alternatively, if D2 specifies a higher base frequency of snapshots, (e.g. D2 was Gold and D1 was
Bronze) then the virtual machine will initially appear in the SLA Compliance reports as out of
compliance with D2’s SLA because the existing snapshots were insufficient to meet the new SLA
rules.

Removing protection from a virtual machine


For business reasons, a user might choose to remove protection from a virtual machine by
removing it from the assigned SLA Domain.
When a virtual machine is removed from an SLA Domain, no further policy driven snapshots for
virtual machine are created and no replication or archival activity occurs for the virtual machine.
All existing snapshots for the virtual machine must be managed manually.

Re-protecting a virtual machine


At times, a virtual machine that is protected by one SLA Domain may be temporarily set to Do Not
Protect, and then reassigned to another SLA Domain for protection.

Rubrik CDM Version 5.0 User Guide Protection consequences 266


Hyper-V Virtual Machines

When a reassignment occurs, the existing snapshots of the virtual machine are subject to the
retention policies of the currently assigned SLA Domain, including:
 Local cluster retention period
 Replication retention period
 Maximum retention period

Local host page


The local host page provides detailed information about the protection of a virtual machine, and
tasks related to the virtual machine. The local host page provides the following sections:
 Action bar
 Overview card
 Snapshots card

Viewing a local host page


Access a local host page to view information about a local virtual machine.
1. Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. In Name, click the name of a virtual machine.


The local host page for the selected virtual machine appears.

Rubrik CDM Version 5.0 User Guide Local host page 267
Hyper-V Virtual Machines

Action bar
For the selected local virtual machine, the action bar provides the actions described in Table 43.
Table 43 Actions available from the action bar
Action Description
Take On Demand Snapshot Adds an on-demand snapshot of the virtual machine to the task queue.
Note: Backup Window settings defined for the SLA Domain of the virtual
machine do not apply to on-demand snapshots. Only the maximum
retention and remote configuration settings of the associated SLA Domain
apply to on-demand snapshots.

Manage Protection Opens the Manage Protection page where the virtual machine can be
assigned to an SLA Domain for protection.
When the virtual machine is already assigned to an SLA Domain, a warning
appears. Click Continue to open the Manage Protection page. Click Cancel
to return to the local host page.

Overview card
The Overview card provides the information that is described in Table 44.
Table 44 Information available on the Overview card (page 1 of 2)
Field Description
SCVMM If SCVMM is part of the cluster, the IP address of the SCVMM Server.

Cluster If the Hyper-V Server is part of a cluster, the IP address of the Hyper-V Server that
manages the virtual machine.
Host IP address of the hypervisor that hosts the virtual machine.

SLA Domain Name of the SLA Domain that manages the protection of the selected virtual
machine.
Live Mounts Number of live mounts for snapshots associated with the selected virtual machine.

Oldest Snapshot Timestamp for the oldest snapshot associated with the selected virtual machine.
When the SLA Domain has an active archival policy, the oldest snapshot resides at
the archival location.
Latest Snapshot Timestamp for the most recent successful snapshot of the selected virtual machine.

Total Snapshots Total number of retained snapshots for the selected virtual machine, including both
the local Rubrik cluster and any archival location.

Rubrik CDM Version 5.0 User Guide Local host page 268
Hyper-V Virtual Machines

Table 44 Information available on the Overview card (page 2 of 2)


Field Description
Missed Snapshots Number of policy-driven snapshots that did not complete successfully. A missed
snapshot is included in the count until the period since the SLA Domain policy
required the snapshot exceeds the retention period of the SLA Domain.

Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the
snapshots that reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views.
Each view uses color spots to indicate the presence of snapshots on a date and to indicate the
status of SLA Domain compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the
virtual machine.
Table 45 lists the colors that the Snapshots card uses and describes the status that each color
represents.
Table 45 Status colors used on the calendar views
Color Status
Green All snapshots required by SLA Domain policy were successfully created.
Orange All snapshots required by SLA Domain policy were successfully created but at least one
snapshot caused a warning.
Red At least one snapshot required by SLA Domain policy was not successfully created.

Table 46 describes the calendar views available on the Snapshots card.


Table 46 Calendar views on the Snapshots card
View Description
Year The Year view displays snapshot creation information for an entire year. A color spot
indicator on a specific date indicates snapshot activity, and displays the SLA Domain
compliance status for that day.
Month The Month view displays snapshot creation information for an entire month. A color spot
indicator on a specific date indicates snapshot activity, and displays the SLA Domain
compliance status for that day.
Day The Day view displays the individual snapshots that were created on the selected day. The
Day view also provides the additional information and actions described in the following
section.

Rubrik CDM Version 5.0 User Guide Local host page 269
Hyper-V Virtual Machines

Information available on the day view for a local virtual machine


For a local virtual machine, the day view provides information about snapshots.
The day view provides the information that is described in Table 47 for each listed snapshot.

Table 47 Additional snapshot information in the day view


Category Description
Time Creation time of the snapshot.
Location For a snapshot that resides only on local storage the indicator field is empty.
The following icon indicates a snapshot that resides at an archival location.

The following icon indicates a snapshot that resides locally and at an archival location.

The following icon indicates a replica of the snapshot was sent to the target Rubrik cluster.

Status The following icon indicates a warning for the snapshot entry. Hover over the icon to see
additional information.

The following icon indicates the policy driven snapshot represented by the entry was not
completed successfully.

Source action The following icon indicates a policy driven snapshot.

The following icon indicates an on-demand snapshot.

Actions available on the day view for a local virtual machine


For a local virtual machine, the day view provides the ability to initiate various actions with
snapshots. Access the actions by clicking the ellipsis menu.

Rubrik CDM Version 5.0 User Guide Local host page 270
Hyper-V Virtual Machines

The ellipsis menu provides the actions described in Table 48 for snapshots that reside on the local
Rubrik cluster.
Table 48 Actions available for snapshots on the local Rubrik cluster
Command Description
Search by File Use the predictive search field to find file by typing the name.
Name
Mount Use the snapshot to create and mount a new virtual machine on a hypervisor host.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows: name of
source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The local Rubrik cluster is the datastore for the new virtual machine.
Instantly Recover Restore a virtual machine into the production environment by using the selected
snapshot.
The new virtual machine is given the same name as the source virtual machine and is
powered on and connected to the network. The source virtual machine is powered off
and renamed.
The local Rubrik cluster serves as the datastore for the new virtual machine.
Export Use the snapshot to create and mount on an hypervisor host a new virtual machine,
that is a copy of the local virtual machine.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows: name of
source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The hypervisor host is the datastore for the new virtual machine.
Browse Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Restoring files or folders by download from notification message describes how to
download a file or folder.
Delete Delete the selected snapshot.
This command only appears for snapshots that are not created based on an SLA
Domain policy, such as:
• On-demand snapshots
• Retrieved snapshots
• Snapshots for an unprotected virtual machine

Rubrik CDM Version 5.0 User Guide Local host page 271
Hyper-V Virtual Machines

For snapshots that reside on an archival location, the ellipsis menu provides the actions described
in Table 49.
Table 49 Actions available for snapshots that reside on an archival location
Command Description
Download Transfer a copy of the selected snapshot to the local Rubrik cluster so that it is available
for additional local actions. The local Rubrik cluster provides a notification when the
download is completed.
Browse Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Restoring files or folders by download from notification message describes how to
download a file or folder.

Virtual machine snapshots


The Rubrik cluster provides protection for virtual machines by combining native snapshot
technology with the fast and scalable cloud data management platform of the Rubrik cluster.

Performance and scalability


The Rubrik cluster provides a high performance, highly scalable, integration with the Hyper-V
Windows Management Instrumentation (WMI) and Microsoft Volume Shadow Copy Service (VSS)
to back up virtual machines hosted on Hyper-V hypervisors.
By efficient use of VSS calls and by providing very fast data ingestion, the Rubrik cluster minimizes
the time that a virtual machine is quiescent during a backup. This reduces and, in most cases,
eliminates the application time-outs caused by many other backup products.
The time that a virtual machine is quiescent, sometimes referred to as virtual machine stun or
application stun, is the time between the following:
 The point where execution of the virtual machine is paused, at an instruction boundary, and all
in-flight disk input/output operations are completed.
 The point where execution resumes.
The period a virtual machine is quiescent, is very brief, just long enough to create a snapshot. The
virtual machine does not remain quiescent during the processing and ingestion of the snapshot
data.

! IMPORTANT
For best performance, use a 10 Gigabit Ethernet connection between the Rubrik cluster and
the Hyper-V environment. Also, for replication, provide a 10 Gigabit Ethernet connection
between the source Rubrik cluster and the target Rubrik cluster.

Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 272
Hyper-V Virtual Machines

The Rubrik cluster uses a distributed job scheduler. The distributed job scheduler permits the
Rubrik cluster to schedule jobs to run on any node and on multiple nodes, as needed.
Since the distributed job scheduler can seamlessly schedule jobs on all available nodes and across
multiple nodes, adding nodes to a Rubrik cluster further increases ingestion and processing
efficiency.

Back up processes
A Rubrik cluster backs up a virtual machine by using VSS to create a snapshot of the virtual
machine.
When a Rubrik cluster begins protecting a virtual machine, the Rubrik cluster starts by creating a
first full snapshot of the virtual machine. This first full snapshot is a complete backup of the virtual
machine.
After the first full snapshot, the Rubrik cluster continues protection of the virtual machine by
creating incremental snapshots based on the change information provided by Resilient Change
Tracking (RCT). The Rubrik cluster creates each incremental snapshot very quickly because the
snapshot only includes the data blocks that have changed since the last snapshot.
The Hyper-V environment transmits the snapshot data to the Rubrik cluster using the SMB
protocol.

Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines
the period in a day when the Rubrik cluster can initiate policy-driven snapshots of the virtual
machines that the SLA Domain protects.
When using the snapshot window policy, the specified window must be long enough to
accommodate the number of virtual machines that are assigned to the SLA Domain. Monitor the
snapshot activity of the SLA Domain to ensure that all policy-driven snapshots are successfully
completed. When necessary, lengthen the period to permit all snapshots to be completed
successfully.

Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 273
Hyper-V Virtual Machines

Protection exceptions
The Rubrik cluster cannot protect data that exists on any of the following:
 Failover clustering feature should always be installed on the host, even if it is a standalone
host. This is required because the WMI API for taking backups with RCT is tightly coupled with
this feature. The snapshots will fail if this feature is not enabled.
 Live mounted VMs will be discovered by Rubrik, but they cannot be backed up.
 For security reasons, the SMB share exposed for Live Mounts is only accessible to one host, the
host where the snapshot is being mounted. For live migration, the mounted virtual machine
can only reside on the storage which is accessible to that Host.

Backup consistency levels


By default, the Rubrik cluster provides the highest level of backup consistency that is available for
a virtual machine. The Rubrik cluster creates Application Consistent snapshots. If an Application
Consistent snapshot cannot be created, a Crash Consistent snapshot is used.

Application consistency
The Rubrik cluster supports application consistent snapshots for a variety of guest OS types and
application types.
The Rubrik cluster supports application consistent snapshot for applications such as Microsoft
Exchange Server, Microsoft SQL Server, Microsoft Active Directory, Microsoft SharePoint, and
Oracle Database (RDBMS) running on certain versions of Windows Sever guest OS.

! IMPORTANT
The Rubrik cluster does not support restore of an application consistent snapshot into an
availability group. Cluster consistency for the availability group cannot be ensured in this
situation and problems may occur.

Linux guest OS
A Rubrik cluster provides file system consistent snapshots on supported Linux guest OS types.

On-demand snapshots
In addition to policy-based snapshots, create virtual machine snapshots by using the on-demand
snapshot process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically,
according to the SLA rules of the associated SLA Domain.

Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 274
Hyper-V Virtual Machines

Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines
can be created by using the on-demand snapshot process.

Creating an on-demand snapshot


Access the local host page for a virtual machine to create an on-demand snapshot.
1. In the web UI, on the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. On the local host page, click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
4. Select an SLA Domain.
The Rubrik cluster uses only the maximum retention and remote configuration settings of the
associated SLA Domain to manage the on-demand snapshot. The selected SLA Domain can be
different from the SLA Domain that protects the virtual machine.
All on-demand snapshots can be manually managed through the Snapshot Retention page.
5. Click Take On Demand Snapshot.
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log
tracks the status of the on-demand backup task.

Archival snapshots
Archival snapshots provide long term storage of snapshot data outside of the local Rubrik cluster.

Archival location storage


The Rubrik cluster deduplicates and compresses the data in archival snapshots. The Rubrik cluster
uses client-side encryption to encrypt the archival snapshot data stored on all archival locations
except NFS exports.

Retention
The retention period assigned to the archival snapshot by the associated SLA Domain determines
the expiration of an archival snapshot. After the expiration of the retention period, the Rubrik
cluster marks the archival snapshot as expired and moves the snapshot data to garbage collection.

Rubrik CDM Version 5.0 User Guide Archival snapshots 275


Hyper-V Virtual Machines

To ensure that existing snapshots are always fully functional, the Rubrik cluster combines any
required data from expired incremental snapshots into the chain of existing incremental
snapshots. This permits each retained archival snapshot to be mounted as a fully functional virtual
machine.

Recovery and restore of virtual machine data


The Rubrik cluster provides a variety of methods to recover virtual machines and to restore
protected data.
Recover virtual machines and restore data by using snapshots, replicas, and archival snapshots.
When snapshot data exists in a local snapshot and in an archival snapshot, the Rubrik cluster
always uses the local snapshot to recover a virtual machine or to restore data. By using the local
snapshot, the Rubrik cluster reduces network impact and eliminates any archival data recovery
charges associated with a recovery operation or a restore operation.

Recovery of virtual machines


For a Rubrik cluster, recovery of a source virtual machine means to mount a point-in-time copy of
the source virtual machine.
A virtual machine can be recovered by using any of the Rubrik data protection objects: snapshots,
replicas, and archival snapshots. Recover a virtual machine by using one of the available recovery
actions. The Rubrik cluster provides the following recovery actions for virtual machines:
 Instant Recovery
 Live Mount
 Export
Table 50 provides a description of the differences between the available recovery actions.
Table 50 Differences between recovery actions
Source
Name of recovered Power virtual
Action virtual machine Datastore state Network machine
Instant Recovery Assigned the name of the Local Rubrik On Connected Powered off
source virtual machine cluster (Optional) and renamed
Live Mount Compositea Local Rubrik On Disconnected No impact
cluster
Export Composite Datastore of On Disconnected No impact
hypervisor

Rubrik CDM Version 5.0 User Guide Recovery and restore of virtual machine data 276
Hyper-V Virtual Machines

a. The name of the recovered virtual machine is constructed as follows: name of source virtual machine + time-
stamp of snapshot + incremented integer. For example, the first mount of the snapshot of the virtual machine
“NitroN1” that was created at “08-04 06:48” is named “NitroN1 08-04 06:48 1”.

The recovery actions that the Rubrik cluster provides depend on the data protection object being
used. Table 51 lists the available recovery actions for each type of data protection object.
Table 51 Recovery actions available for data protection objects
Object Available recovery actions
Local snapshot Initiated from the local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export
Replica Initiated from the target Rubrik cluster:
• Live Mount
• Export
Archival snapshot Initiated from the local Rubrik cluster, after the archival snapshot is downloaded to
the local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export

Selecting a snapshot or an archival snapshot


Use the local web UI to select a snapshot before applying a recovery action.
Alternatively, use the search box on the top bar of the Rubrik CDM web UI to directly access the
local host page when the name of the source virtual machine is known.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears with the VMs tab selected, and displays all the virtual machines
in the system.
To work with data from an unmanaged virtual machine on the Snapshot Retention page, click
Snapshot Retention from the left pane. Then, continue with the following steps from the
Snapshot Retention page instead of the Virtual Machines page.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
Local host page provides information about the Snapshots card and navigating to a snapshot.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 277
Hyper-V Virtual Machines

Skip step 5 and step 6, except when recovering a virtual machine from an archival snapshot.
5. (Recovering archival snapshot only) Open the ellipsis menu for the snapshot.
6. (Recovering archival snapshot only) On the ellipsis menu, click Download.
The Rubrik cluster retrieves the archival snapshot. Status of the retrieval appears on the
Activity Log. Activity Log describes activity notifications.
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot.
Manually delete a downloaded archival snapshot that is no longer required on local storage.
7. Perform one of the available recovery actions on the selected snapshot or restore files and
folders from the selected snapshot.

Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before
applying a recovery action.
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.

Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the
Remote VM Details page when the name of the source virtual machine is known.

2. On the left-side menu, click SLA Domains > Remote Domains.


The Remote SLA Domains page appears.
3. Select a remote SLA Domain.
The page for the selected SLA Domain appears.
4. In the Virtual Machines section of the remote SLA Domain’s page, click the name of a virtual
machine.
The Remote VM Details page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a replica.
Snapshots card or Recovery Points card provides information about the Snapshots card and
navigating to a replica.
6. Perform one of the available recovery actions on the selected replica or restore files and folders
from the selected replica.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 278
Hyper-V Virtual Machines

Virtual machine recovery


Recovery consists of selecting a data protection object (snapshot, replica, or archival snapshot)
and selecting an available recovery action (Instant Recovery, Live Mount, or Export). Recovery
using a replica cannot use the Instant Recovery action.
After performing a recovery action, the Rubrik cluster powers on the recovered virtual machine.
The recovered virtual machine can be powered off by using the Rubrik CDM web UI. It can also be
deleted through the Rubrik CDM web UI.

Live migration
After a recovery, the recovered virtual machine can be live migrated.
After live migration of a virtual machine that was recovered by the Instant Recovery or Live Mount
actions, the Rubrik cluster maintains metadata for the recovered virtual machine that should be
removed.
Delete the metadata for the recovered virtual machine through the Live Mounts page of the Rubrik
CDM web UI by using the Force Delete option, as described in Removing a virtual machine entry
after live migration.

Performing an Instant Recovery


An Instant Recovery replaces the source virtual machine with a fully functional point-in-time copy.
The Rubrik cluster powers off and renames the source virtual machine and assigns the name of
the source virtual machine to the recovered virtual machine. The Rubrik cluster powers on the
recovered virtual machine and connects the recovered virtual machine to the source network. The
Rubrik cluster is the datastore for the recovered virtual machine.
1. Select a snapshot or an archival snapshot.
Selecting a snapshot or an archival snapshot describes the selection task. For archival
snapshots, complete the download steps.
2. Open the ellipsis menu for the snapshot.
3. Click Instantly Recover.
The Instantly Recover Snapshot dialog box appears.
4. Select an Hyper-V host for the virtual machine.
5. (Optional) Click Remove virtual network device.
Select this option when networking changes or issues prevent the virtual machine from
starting.
6. Click Instantly Recover.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 279
Hyper-V Virtual Machines

The Rubrik cluster powers down the source virtual machine and renames it. Then the Rubrik
cluster mounts the snapshot on the selected Hyper-V host with the name of source virtual
machine, connects the recovered virtual machine to the network, and powers up the virtual
machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also
records the final result of the task in the Activity Log. The Rubrik cluster lists the recovered virtual
machine on the Live Mounts page of the Rubrik CDM web UI.
Optionally, move the recovered virtual machine back to the cluster. Use Hyper-V Manager to move
the instantly recovered virtual machine to any host in the cluster except the host of the source
virtual machine. Once moved, re-add the virtual machine to the cluster, using the Failover Cluster
Manager, which returns the virtual machine to its original state. The instantly recovered virtual
machine derives protection from parent objects. When the recovered virtual machine does not
obtain protection from any parent objects, add it to an SLA Domain. To protect it using the same
SLA rules and policies as the source virtual machine, add the recovered virtual machine to the
original SLA Domain. Alternatively, add the recovered virtual machine to another SLA Domain.By
default Instant Recover uses dynamic virtual disks, even if the original disk was a fixed virtual disk.
During storage migration, the disk can be reconfigured as a fixed virtual disk if this is preferred.

Performing a Live Mount


A Live Mount creates a new virtual machine from a point-in-time copy of the source virtual
machine. The recovered virtual machine uses the Rubrik cluster as its datastore.
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The
Rubrik cluster does not connect the recovered virtual machine to a network. The Rubrik cluster
sets the protection state of the new virtual machine to Do Not Protect.
1. Select a snapshot, an archival snapshot, or a replica.
Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Mount.
The Mount Snapshot dialog box appears.
4. Select an Hyper-V host for the virtual machine.
5. (Optional) Click Remove virtual network device.
Select this option when networking changes or issues prevent the virtual machine from
starting.
6. Click Mount.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 280
Hyper-V Virtual Machines

The Rubrik cluster mounts the snapshot on the selected Hyper-V host with a new name and
powers up the virtual machine. During the process, messages about the status appear in the
Activity Log. The Rubrik cluster records the final result of the task in the Activity Log.

Note: The Rubrik cluster sets the protection state of the Live Mount recovered virtual machine to
Do Not Protect. To protect the new virtual machine, add it to an SLA Domain, or remove the
individual assignment of Do Not Protect to permit it to inherit protection.

Performing an Export
An Export creates a new virtual machine from a point-in-time copy of the source virtual machine.
The datastore of the selected Hyper-V host is the datastore for the recovered virtual machine.
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The
Rubrik cluster does not connect the recovered virtual machine to a network. The Rubrik cluster
sets the protection state of the new virtual machine to Do Not Protect.
1. Select a snapshot, an archival snapshot, or a replica.
Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Export.
The Export Snapshot dialog box appears.
4. In Choose an Hyper-V Host, select an Hyper-V host for the virtual machine.
A list of the datastores that are associated with the select Hyper-V host appears.
5. In Choose a Datastore, select a datastore.
6. (Optional) Select Remove virtual network devices.
Select this option when networking changes or issues prevent the virtual machine from
starting.
7. Click Export.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 281
Hyper-V Virtual Machines

The Rubrik cluster creates a new virtual machine from the snapshot on the selected Hyper-V host,
transfers the virtual machine files to the datastore, and powers up the recovered virtual machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also
records the final result of the task in the Activity Log.
The Rubrik cluster initially sets the protection state of the exported virtual machine to Do Not
Protect. To protect the new virtual machine, add it to an SLA Domain, or remove the individual
assignment of Do Not Protect to permit it to inherit protection.

Powering off after Instant Recovery or Live Mount


Power off a recovered virtual machine from the Live Mounts page of the Rubrik CDM web UI. The
Live Mounts page lists all recovered virtual machines that were recovered by using Instant
Recovery or Live Mount from the local Rubrik cluster.
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
2. On the left-side menu, click Live Mounts.
The Live Mounts page appears.
3. Select a recovered virtual machine with the Powered On status.
4. Open the ellipsis menu for the recovered virtual machine.
5. Click Power Off.
A confirmation message appears.
6. Click Power Off.
The Rubrik cluster gracefully powers down the selected virtual machine.

Unmounting after Instant Recovery or Live Mount


Unmount a recovered virtual machine from the Live Mounts page of the Rubrik CDM web UI. The
Live Mounts page lists all recovered virtual machines that were recovered by using Instant
Recovery or Live Mount from the local Rubrik cluster.
1. Log in to the Rubrik CDM web UI on the local Rubrik cluster.
2. On the left-side menu, click Live Mounts.
The Live Mounts page appears.
3. Select a recovered virtual machine.
4. Open the ellipsis menu for the recovered virtual machine.
5. Click Unmount.
A confirmation message appears.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 282
Hyper-V Virtual Machines

The confirmation message includes the option Remove local entry even if Rubrik cannot
confirm Hyper-V configuration. Enable this option to remove a stale entry for a recovered
virtual machine that was live migrated, as described in Removing a virtual machine entry after
live migration. Otherwise, the option is not required.
6. Click Unmount.
The Rubrik cluster removes the selected virtual machine from the Hyper-v host (or cluster) and
deletes the recovered virtual machine files from the Rubrik cluster datastore. This action does
not remove data protection objects.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster
also records the final result of the task in the Activity Log.
7. (After all live mounts are removed) Detach the Rubrik cluster datastore devices from the
associated Hyper-V host (or cluster).
The Rubrik cluster names the datastore devices using the following format:
<IP_NODE>_sdmount
where <IP_NODE> is the IPv4 address of one of the nodes of the Rubrik cluster.

Removing a virtual machine entry after live migration


After live migration of a recovered virtual machine the Rubrik cluster maintains an entry for the
recovered and migrated virtual machine on the Live Mounts page. Perform this task to remove the
entry from the Live Mounts page.
1. Log in to the Rubrik CDM web UI on the local Rubrik cluster.
2. On the left-side menu, click Live Mounts.
The Live Mounts page appears.
3. Select a recovered virtual machine that was live migrated.
4. Open the ellipsis menu for the recovered virtual machine.
5. Click Unmount.
A confirmation message appears.
6. Select Remove local entry after Storage vMotion.
7. Click Unmount.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 283
Hyper-V Virtual Machines

The Rubrik cluster removes the metadata associated with the selected virtual machine and
removes the entry for the virtual machine from the Live Mounts page. This action does not remove
data protection objects and does not unmount the recovered and migrated virtual machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also
records the final result of the task in the Activity Log.

Recovery of folders and files


The Rubrik cluster provides file level restore (FLR) of files and folders from any local snapshot,
replica, or archival snapshot that was successfully indexed.
To restore a file or folder, search for the file or folder by name across all local snapshots. or browse
for the file or folder on a selected snapshot.

Searching for a file or folder


Use the Rubrik CDM web UI to search for a file or folder across all local snapshots of a virtual
machine.
1. Open the local host page for the virtual machine.
Viewing a local host page describes how to open a local host page for a virtual machine.
2. On the Snapshots card, type the name of the file or folder in the search field.
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file
and folder pathnames.
Search matches the string of characters entered in the search field with the same string in any
portion of the pathname of a folder or file. Continue to type characters until the file or folder
appears in the results.
3. Select the file or folder.
The Download File Version dialog box appears. A cloud icon appears next to files or folders that
are on archival snapshots.
4. Select a version of the file or folder.
For supported Windows and Linux guest operating systems, the selection can be restored to the
original file system, or downloaded from a generated link. For other guest operating systems, the
selection can be downloaded from a generated link.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 284
Hyper-V Virtual Machines

Browsing for a file or folder


Use the Rubrik CDM web UI to browse for a file or folder in a data protection object (snapshot,
replica, or archival snapshot).

Note: The Rubrik cluster must download an archival snapshot before it can be browsed.
Searching by name for a file or folder on an archival snapshot does not require that the archival
snapshot be downloaded first.

1. Select a snapshot, an archival snapshot, or a replica.


Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the actions menu for the snapshot or replica by clicking the ellipsis icon.
3. Click Browse Files.
The browse dialog box appears.
4. Select a file or folder.
For supported Windows and Linux guest operating systems, the selection can be restored to the
original file system, or downloaded from a generated link. For other guest operating systems, the
selection can be downloaded from a generated link.

Restore files and folders directly to a guest file system


For supported Windows and Linux guest operating systems, the Rubrik cluster can restore files
and folders directly to the source file system.
The Rubrik CDM Compatibility Matrix provide the most up-to-date information about the guest
operating systems supported by this feature.
When restoring from a snapshot of a supported guest operating system, the Rubrik CDM web UI
provides the option to restore a file or folder directly to the source file system. When this option is
selected, the Rubrik CDM web UI provides a choice to overwrite the source file or folder, or to
restore the file or folder to another location.
A restored file or folder inherits the ACL of the parent folder and the same owner as the parent
folder. The restored file or folder retains the modification time (mtime) of the source file or folder
at the time of the snapshot.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 285
Hyper-V Virtual Machines

To successfully restore directly to the source file system the Rubrik cluster must be provided the
following information:
 Resolvable hostname or IP address of the authentication server
 Username of an account with Administrator privileges for the target
 Password for the account
When the Rubrik cluster has previously accepted the service credentials of a guest operating
system, the restore job does not require additional credential information. This feature requires
that the Rubrik cluster has successfully used the service credentials for at least one backup prior to
the restore task. Otherwise, the credentials can be provided through the Restore File dialog during
the restore task.
Guest OS settings describes how to provide service credentials for a guest operating system.

Restoring files and folders directly to a guest file system


Search or browse for a file or folder and restore that file or folder to the source file system of a
supported Windows or Linux guest operating system.
Restore files and folders directly to a guest file system provides an overview of this feature.
1. Search or browse for a file or folder.
Searching for a file or folder and Browsing for a file or folder describe how to do this.
2. Select a file or folder.
3. Click Restore.
The Restore button only appears for supported hosts.
The Restore Files dialog box appears.

Note: When the Rubrik cluster has previously accepted the service credentials of the host, the
credential fields do not appear.

4. (If available) (Windows only) In Domain, type the resolvable hostname or IP address of the
authentication server for the credential.
When the Windows guest OS performs Workstation Authentication of credentials instead of
Domain Authentication, leave the Domain field For a Linux guest, leave the Domain field
empty.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 286
Hyper-V Virtual Machines

5. (If available) In Username, type a guest OS username for an account with sufficient privileges
on the host.
For a Windows guest, the account must have administrator privileges on the guest.
For a Linux guest, the account must have Write permission for the restore location.
6. (If available) In Password, type the password for the account.
7. Select one of the restore methods.
• Select Overwrite original to restore the selected file or folder to the original path. This
choice overwrites the existing file or folder.
• Select Restore to separate folder to restore the file or folder to another location.
8. (Restore to separate folder only) In Folder Path, type the full path of the restore location.

Note: Do not type the original path of the source file or folder. When Restore to separate
folder is selected, the object cannot be restored to a folder that contains an object of the
same name.

Use the correct path delimiter for the guest operating system.
For Windows use a back slash. For example:
C:\Users\jsmith\work
For Linux use a forward slash. For example:
/home/jsmith/work
9. (If available) (Optional) Select Store as service credential for all VMs.
When this setting is selected, the Rubrik cluster stores the credential. The stored credential can
be managed through the Service Credentials page, as described in Guest OS settings.
10.Click Restore.
The Rubrik cluster restores the file or folder to the specified location.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 287
Hyper-V Virtual Machines

Restore files and folders by download


The Rubrik cluster generates download links to use for file level restore (FLR) of files and folders
from any local snapshot, replica, or archival snapshot that was successfully indexed.
Restore a file from a data protection object through the Rubrik CDM web UI. Browse the virtual
machine file system on the data protection object and select the file. The Rubrik cluster processes
the request and provides a link for download of the file.
Restore a folder from a data protection object through the Rubrik CDM web UI. Browse the virtual
machine file system on the data protection object and select the folder. The Rubrik cluster
generates a ZIP file containing the folder and all that the folder contains. The ZIP file retains the
hierarchy of the selected folder. The Rubrik cluster provides a link for download of the ZIP file.

Restoring files or folders by download from notification message


Search or browse for a file or folder and restore that file or folder by download from the
notification message.
Restore files and folders by download provides an overview of this feature.
1. Search or browse for a file or folder.
2. Select the file or folder.
3. For a file, click Download. For a folder, click Download Folder.
4. Click OK.
For a folder, the Rubrik cluster retrieves the folder and creates a ZIP file with the folder and all
files and folders within the selected folder. The ZIP file preserves the folder hierarchy.
5. In the Rubrik CDM web UI Activity Log, a ‘Downloaded’ message appears for the selected file
or folder.
6. Click the message.
The Save As dialog box appears in the web browser.
7. Select a download location for the file, and click Save.
Configuring Chrome to ask for download location describes how to enable user-selectable
download locations in Chrome.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
8. (Folder only) Extract the folder using a ZIP utility.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 288
Hyper-V Virtual Machines

Restoring files or folders by download from Activity Detail


Search or browse for a file or folder and restore that file or folder by download from the Activity
Detail dialog box.
Restore files and folders by download provides an overview of this feature.
1. Search or browse for a file or folder.
2. Select the file or folder.
3. Click Download.
For a folder, the Rubrik cluster retrieves the folder and creates a ZIP file with the folder and all
files and folders within the selected folder. The ZIP file preserves the folder hierarchy.
4. Open the local host page for the virtual machine.
Viewing a local host page describes how to open a local host page for a virtual machine.
5. On the messages card, select the ‘Link ready for download’ message.
Use the Recovery filter type to filter for this type of message.
The Activity Detail dialog box appears.
6. Click the download icon.
The Save As dialog box appears in the web browser.
7. Select a download location for the file, and click Save.
Configuring Chrome to ask for download location describes how to enable user-selectable
download locations in Chrome.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
8. (Folder only) Extract the folder using a ZIP utility.

Configuring Chrome to ask for download location


Use the Google Chrome web browser to access the Rubrik CDM web UI and download recovered
files and folders. Change the default setting of the Chrome web browser to permit specifying the
local download location.
By default, Chrome saves downloaded files to the following locations:
 Windows: \Users\<username>\Downloads
 Mac: /Users/<username>/Downloads
 Linux: home/<username>/Downloads

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 289
Hyper-V Virtual Machines

To download files and folders to a specified location, change the default Chrome Download
setting.
1. In Chrome, click the customize icon.
The Chrome menu appears.
2. On the menu, click Settings.
The Chrome Settings page appears.
3. Click Show Advanced Settings.
Additional settings appear on the Settings page.
4. In the Downloads section, enable Ask where to save each file before downloading.
Chrome applies the new setting and opens a Save As dialog for selecting a download location
when a file is downloaded.

Unmanaged data
Manage file system data that is not subject to a retention policy through the Snapshot Retention
page of the Rubrik CDM web UI.
The Rubrik cluster views backups and snapshots that do not have a retention policy as
unmanaged snapshots. Unmanaged snapshots can be managed through the Snapshot Retention
page of the Rubrik CDM web UI.
Retention Management describes the Snapshot Retention page and how to perform tasks with
unmanaged snapshots.

Rubrik CDM Version 5.0 User Guide Unmanaged data 290


Chapter 9
AHV Virtual Machines

This chapter describes how to protect and manage data from Nutanix AHV virtual machines.
 Overview ............................................................................................................... 292
 Nutanix cluster management ................................................................................... 293
 Prerequisites .......................................................................................................... 293
 Nutanix limitations .................................................................................................. 294
 Configuring Nutanix support .................................................................................... 294
 Installing the Rubrik Backup Service......................................................................... 295
 Virtual machine protection....................................................................................... 299
 SLA Domain assignment.......................................................................................... 300
 Finding protection objects ....................................................................................... 304
 Protection consequences ......................................................................................... 307
 Local host page ...................................................................................................... 309
 Virtual machine snapshots....................................................................................... 313
 Archival snapshots .................................................................................................. 318
 Recovery and restore of virtual machine data ........................................................... 318
 Recovery of virtual machines ................................................................................... 319
 Recovery of folders and files.................................................................................... 321
 Unmanaged data .................................................................................................... 327

Rubrik CDM Version 5.0 User Guide AHV Virtual Machines 291
AHV Virtual Machines

Overview
Acropolis (AHV) is a developed by Nutanix on top of KVM that can run on a Nutanix cluster.
Rubrik capitalizes on enhancements to Acropolis Block Services (ABS), such as
Challenge-Handshake Authentication Protocol (CHAP) support for connecting to iSCSI targets for
data ingest.
Additionally, the new REST 3.0 API is utilized to interact with Nutanix Changed Region Tracking
(CRT) to query the changed metadata regions given any two snapshots of a virtual disk or virtual
machine. This approach is valuable for taking incremental backups and even useful while taking
full backups because the API identifies regions that are zeroed, therefore saving on read
operations. This integration also leverages Nutanix VSS snapshots with Nutanix Guest Tools to
quiesce virtual machines as a part of the snapshot.
A Rubrik cluster provides data management and protection for virtual machines that are deployed
in an AHV environment. The Rubrik cluster can manage and protect virtual machines in an
environment with multiple Nutanix clusters and virtual machines.
SLA policies can be applied anywhere in the hierarchy stack: the cluster or virtual machine levels.
The Rubrik cluster provides a variety of methods to recover virtual machines and to restore
protected data. Recover virtual machines and restore data by using snapshots, replicas, and
archival snapshots.
An overview of Rubrik’s support of AHV is as follows:
 Automated protection and restore workflow
 Policy driven protection and retention operations
 Virtual machine granular backup and restore
 Auto-protect newly discovered virtual machines
 Export and recover virtual machines
 File browse and download
 Securely replicate or archive to other sites
 Rubrik Core Capabilities – global search, erasure coding, reporting
 Scale as you need
 Rubrik is uses iSCSI with CHAP for data ingest and export from Nutanix

Note: Live Mount is not supported for AHV.

Rubrik CDM Version 5.0 User Guide Overview 292


AHV Virtual Machines

Nutanix cluster management


Adding a Nutanix Cluster to the Rubrik cluster establishes a secure connection between the Rubrik
cluster and the Rubrik Backup Service. After the Nutanix Cluster is added, an entry for the Nutanix
Cluster appears in the Rubrik CDM web UI.
The Rubrik cluster identifies the Nutanix Cluster by an IPv4 address or a resolvable hostname.
To stop managing the data on a Nutanix Cluster, delete the Nutanix Cluster from the Rubrik cluster.
Deleting a Nutanix Cluster removes Nutanix Cluster from the Clusters tab. A removed Nutanix
Cluster cannot be a target of an export. The Rubrik cluster moves the existing virtual machines of
the Nutanix Cluster and all associated backups to the Unmanaged Objects page.

Prerequisites
In order for Rubrik CDM to support Nutanix, there are prerequisite requirements.
 Rubrik version 4.0 or later
 AHV based environment listed in the Rubrik Compatibility Matrix
 Nutanix REST API version 3.0 or later
 IP configured for iSCSI Data Services
 Permissions within Nutanix for the Rubrik cluster to create and delete volume group, copy
container, create virtual machine, and create and delete snapshot
 TLS/SSL public key certificate has been generated for the Nutanix Cluster
 Highly available IP for Prism
 Obtain the Nutanix Cluster IP address of FQDN
 Obtain the Nutanix Cluster UUID
 Have a Nutanix Cluster account with administrative privileges with v3 API permissions. There
are two options that can be used.
• The Built-in Nutanix Prism admin account (specify lowercase)
• Use Active Directory. This requires that the Nutanix Cluster is linked to Active Directory. Map
the Active Directory account to the Cluster Admin role. Through the Prism self-service
portal, assign SSP administrator privileges to the user.
 Have a Rubrik account with administrative privileges

Rubrik CDM Version 5.0 User Guide Nutanix cluster management 293
AHV Virtual Machines

 Have access to the public key certificate for the Nutanix Cluster
To determine the public key certificate use the following command:
openssl s_client -connect <IP>:<port> -tls1_2
where <IP> is the IP address of the Nutanix cluster and <port> is the web port of the Nutanix
cluster.

Note: For information on configuring Nutanix, see the Nutanix documentation.

Nutanix limitations
There are Nutanix limitations that impact Rubrik backup and restore functionality.
Table 52 describes the Nutanix limitations.
Table 52 Nutanix limitations
Limitation Description
Export of Nutanix backups If a Nutanix virtual machine has a bus type other than
are only supported on SCSI SCSI (for example SATA or IDE), the virtual machine is
bus types always exported with a SCSI bus type.
If the export is restored to a virtual machine that does not
have a SCSI bus type, the virtual machine might fail to
boot after a restore operation.
Export of Nutanix backups do If a Nutanix virtual machine has a bus type other than
not support CD-ROMs SCSI (for example SATA or IDE), the virtual machine is
always exported with a SCSI bus type.
If the export is restored to a virtual machine that does not
have a SCSI bus type, the virtual machine might fail to
boot after a restore operation.

Configuring Nutanix support


To begin managing AHV, add the Nutanix Cluster to the Rubrik cluster.
1. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
2. Click Nutanix Clusters.
The Nutanix Clusters dialog box appears.
3. In the right-side menu, select +.
The Add Nutanix Cluster page appears.

Rubrik CDM Version 5.0 User Guide Nutanix limitations 294


AHV Virtual Machines

4. In the Nutanix Cluster field specify the Nutanix Cluster IP address or FQDN.
5. In the Cluster UUID field specify the UUID assigned to the Nutanix Cluster.
6. In the Username field specify a username that has administrative rights to the Nutanix
Cluster.
7. In the Password field specify the username password.
8. In the CA Certificate field specify CA certificate for the Nutanix Cluster.
9. Click Add.
The Rubrik cluster checks connectivity with the specified Nutanix Cluster and adds the Nutanix
Cluster.

Installing the Rubrik Backup Service


Installing the Rubrik Backup Service (RBS) provides support for VSS consistent backups. If VSS
consistent backups are not required, this service does not need to be installed.
To use RBS with AHV, install and register RBS on the Nutanix guest.

RBS on a Windows guest


The RBS provides the Rubrik cluster with the ability to provide VSS consistent snapshots for AHV.
The RBS also provides fast performance when restoring files and folders to the guest.
Rubrik provides automatic upgrade of the RBS software as part of a general upgrade of the Rubrik
cluster software. After upgrading the Rubrik cluster software, the Rubrik cluster automatically
upgrades the RBS software on all protected hosts.
The RBS software is deployed to Windows guests manually.
To use the manual method, complete the following tasks:
 Obtain the RBS software
 Select a qualified account to use when installing the software
 Install the software of the Windows guest
 Register the Rubrik Backup Software instance with the Rubrik cluster

Obtaining the RBS software through the Rubrik CDM web UI


Obtain the RBS software from the Rubrik CDM web UI of the Rubrik cluster.
The RBS software can be downloaded directly from the Rubrik cluster when it is needed, or the
software can be downloaded once and pushed to hosts as needed.

Rubrik CDM Version 5.0 User Guide Installing the Rubrik Backup Service 295
AHV Virtual Machines

! IMPORTANT
The RBS software can only be used with the Rubrik cluster from which the software is
obtained. Each Rubrik cluster generates a copy of the RBS software that includes
authentication information specific to that Rubrik cluster. This method ensures that the
Rubrik cluster and a hosted deployment of the RBS can reliably authenticate each other.

1. Log in to the Rubrik CDM web UI.


2. On the left-side menu, select Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. Click Add Windows Hosts.
The Add Windows Hosts dialog box appears.
4. In the text of the dialog box, click Rubrik Backup Service.
The Save As dialog box appears.
5. Save the file to a temporary location.
Next task — Install the RBS software on Windows guests.

Obtaining the RBS software by URL


Obtain the RBS software directly by URL. The Rubrik cluster provides a direct URL link for the
software package for Windows hosts.
The RBS software can only be used with the Rubrik cluster from which it is obtained.
1. Open a web browser.
2. Access the URL:
https://<RubrikCluster>/connector/RubrikBackupService.zip
where <RubrikCluster> is the resolvable hostname or IP address of the Rubrik cluster.
The Save As dialog box appears.
3. Save the file to a temporary location.

Account used to run the RBS on a Windows host


The RBS must run as an account that is a member of the Administrators group of the Windows
Server host.
When first installed, the RBS runs as a LocalSystem account. A LocalSystem account includes the
permissions that are provided by the local Administrators group.

Rubrik CDM Version 5.0 User Guide Installing the Rubrik Backup Service 296
AHV Virtual Machines

Instead of running the RBS as a LocalSystem account, the RBS can be configured to run as a
member of the local Administrators group.
To run as a member of the local Administrators group, run the RBS as a user account that is one of
the following:
 Local user account that is a member of the local Administrators group
 Domain user account that is a member of the local Administrators group

Installing the RBS software on a Windows guest


Install the RBS software to provide the Rubrik cluster with the ability to manage data on the
Windows guest.
Before you begin. Choose or create an account to run the RBS software.
1. Copy RubrikBackupService.zip to a temporary directory on the Windows guest.
2. Extract the files from the ZIP file.
The ZIP file contains two files:
• RubrikBackupService.msi, a Windows Installer Package.
• backup-agent.crt, a security certificate for the RBS.

! IMPORTANT
When installing the RBS software, the security certificate file must be in the same folder
as the Windows Installer Package.

3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package.
The Windows Installer Package installs the RBS software and incorporates the security
certificate into the installation.
The RBS software can also be push installed on multiple Windows hosts using automation
software, such as Puppet or Chef.
4. (Optional) Change the account used to run the RBS.
Account used to run the RBS on a Windows host describes the account requirements.

Note: The default LocalService account does not provide sufficient privileges to permit the RBS
to access data on network shares.

Next task — Register the Windows guests that are running the Rubrik Backup Software with the
Rubrik cluster.

Rubrik CDM Version 5.0 User Guide Installing the Rubrik Backup Service 297
AHV Virtual Machines

Registering a guest
After installing the RBS on a guest OS, register the guest with the Rubrik cluster. Registering the
guest allows the Rubrik cluster to manage data on the guest.
Before you begin — Install the RBS software on the guest OS.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The All VMs page appears, with the VMs tab selected.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Register Rubrik Backup Service.
The Register Rubrik Backup Service modal appears.
4. Click Register.
The Rubrik cluster establishes an authenticated secure connection with the RBS running on the
guest.

Removing the RBS from a Windows host


When the RBS is no longer required on a Windows guest, it can be removed by using standard
Windows commands.

Note: Removing the RBS from a Windows guest also removes the connection between the
Windows guest and the Rubrik cluster. The Rubrik cluster designates any retained snapshots as
relics. Use the Snapshot Retention page to manually manage the relics, as described in Retention
Management.

1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.
3. Type appwiz.cpl, and press OK.
The Uninstall or change a program window appears.
4. Right-click Rubrik Backup Service, and click Uninstall/Change.
5. Follow the prompts to remove the application.
The uninstaller removes the RBS software. The Rubrik cluster designates any retained snapshots
as relics.

Rubrik CDM Version 5.0 User Guide Installing the Rubrik Backup Service 298
AHV Virtual Machines

Virtual machine protection


A Rubrik cluster provides protection for virtual machines through either individual assignment of
the virtual machine to an SLA Domain or through automatic protection. Automatic protection
occurs when the virtual machine derives the SLA Domain assignment from a Nutanix cluster.
The Rubrik cluster provides flexibility in the protection assignments made for virtual machines.
Virtual machines that are protected by individual assignment can be set to Do Not Protect or can
be set to inherit a protection setting.
An individual virtual machine, that is part of a group of virtual machines being automatically
protected, can be set to Do Not Protect, without moving the virtual machine out of the group.

Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA
Domain assigned to a parent object.
The automatic protection mechanism simplifies assigning protection to large numbers of virtual
machines and provides an easy method to uniformly assign specific SLA Domains to groups of
functionally similar virtual machines.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
During SLA Domain assignment, the Rubrik cluster displays the objects that have individual
assignments which conflict with the new assignment. For each conflicting object, the Rubrik
cluster permits an administrator to choose to retain the individual setting or apply the new setting.

Automatic protection rules


To provide consistency when applying automatic protection the Rubrik cluster adheres to a specific
set of rules.
A Rubrik cluster applies protection to a virtual machine using the following rules:
Rule One — The setting individually assigned to an object takes precedence.
Rule Two — An object that is not individually assigned a setting inherits the setting of the
hierarchically closest containing object that has a setting.

Rubrik CDM Version 5.0 User Guide Virtual machine protection 299
AHV Virtual Machines

Unprotected virtual machines


The Rubrik CDM web UI identifies virtual machines that are not protected by an SLA Domain.
Unprotected virtual machines can then be assigned to an SLA Domain.
Table 53 describes how the Rubrik CDM web UI represents unprotected virtual machines.
Table 53 Unprotected virtual machines in the Rubrik CDM web UI
Label Inherited Description
No SLA Yes There are no SLA Domains assigned to any of the parent objects of the
virtual machine, in the cluster hierarchy. The virtual machine inherits the No
SLA state. This can be changed by individually assigning an SLA Domain to
the virtual machine, by assigning an SLA Domain to a parent object, or by
moving the virtual machine beneath a protected parent object.
Do Not Protect Yes The Do Not Protect setting is individually assigned to a parent object of the
virtual machine. Based on the automatic protection rules, the virtual
machine inherits the setting from that parent object.
Do Not Protect No The Do Not Protect setting is individually assigned to the virtual machine.

Displaying unprotected virtual machines from the Dashboard describes how to use the Rubrik CDM
web UI to view all virtual machines that do not have the protection of an SLA Domain.

SLA Domain assignment


Provide protection for a virtual machine through an SLA Domain.
A virtual machine can be protected by assigning an SLA Domain setting individually to the virtual
machine. A virtual machine can also be protected by deriving an SLA Domain setting through
automatic protection.
Automatic protection occurs in one of the following ways:
 An administrator assigns an object that contains the virtual machine to an SLA Domain.
 An administrator moves the virtual machine into the hierarchy of an object that is assigned to
an SLA Domain.
Automatic protection uses the automatic protection rules to determine whether a setting applies to
an object. Automatic protection rules describes these rules.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 300
AHV Virtual Machines

Assigning an SLA Domain setting to a virtual machine


Specify an SLA Domain for a virtual machine, set the virtual machine to inherit from a parent, or
specify Do Not Protect for the virtual machine.
Protect a set of virtual machines by assigning the selected set to an SLA Domain. Assigning virtual
machines to an SLA Domain protects the virtual machines by applying the data protection policies
of the SLA Domain.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected.
2. Select a virtual machine.
Select multiple virtual machines to assign the same setting to all of the selected virtual
machines.
To help find virtual machines, use the filters, sort the entries by column heading, or use the
search field. Finding protection objects describes these tools.
3. Click Manage Protection.
A dialog box with one or more warnings may appear.
The Manage Protection dialog box appears.
4. Select an SLA Domain.
Manage Protection options describes the choices.
5. Click Submit.
The Rubrik cluster assigns the selection group to the SLA Domain.

Assigning an SLA Domain setting to a Nutanix cluster


Specify an SLA Domain setting for Nutanix clusters to have the setting applied to the objects and
virtual machines contained by the clusters and server.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected.
2. Select Clusters.
The Cluster tab appears.
3. Select a Nutanix cluster.
4. Click Manage Protection.
The Manage Protection dialog box appears.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 301
AHV Virtual Machines

5. Select an SLA Domain.


Manage Protection options describes the choices.
6. Click Submit.
The Rubrik cluster applies the selected setting to the selected objects.
The automatic protection rules determine the application of the selected setting to virtual
machines contained by the selected objects. Automatic protection rules describes the
automatic protection rules.
7. Click Done.
The Rubrik cluster applies the selected setting to the selected objects and resolves conflicts as
specified.
The automatic protection rules determine the application of the setting to the virtual machines
that are contained by the selected objects.

Manage Protection options


Select virtualization hierarchy entities and click Manage Protection to view the Manage Protection
dialog box for the selected entities. The Manage Protection dialog box provides several options for
the selected entities.
Table 54 describes the options available through the Manage Protection dialog box.
Table 54 Options available through the Manage Protection dialog box (page 1 of 2)
Field Action Description
Search Search SLA Domains Predictive search for SLA Domains by using the
characters entered in the search field to match the same
sequence of characters anywhere in the SLA Domain
name.
Blue + icon Click to open the Create New Opens the Create New SLA Domain dialog box. Create a
SLA Domain dialog box new SLA Domain and assign that SLA Domain to the
selected group of objects.
SLA Domain list Select an SLA Domain Select an SLA Domain to assign to the selected group of
objects. The Rubrik cluster assigns the selected SLA
Domain individually to each of the selected objects. The
automatic protection rules determine whether the Rubrik
cluster assigns the selected SLA Domain to objects
contained by a selected object.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 302
AHV Virtual Machines

Table 54 Options available through the Manage Protection dialog box (page 2 of 2)
Field Action Description
Do Not Protect Select to assign Individually assigns the Do Not Protect setting to each of
the selected objects.The automatic protection rules
determine whether objects that are contained by a
selected object inherit the Do Not Protect setting.
The Rubrik cluster does not create policy driven
snapshots for a virtual machine that is individually set to
Do Not Protect or that inherits the Do Not Protect setting.

Removing an SLA Domain setting


Remove an individual SLA Domain setting from a virtual machine. After the task completes, the
virtual machine derives a setting based on the automatic protection rules.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The Virtual Machines page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. Select a virtual machine.


Select multiple virtual machines to remove the individual setting of every virtual machine in the
selection group.
To help find virtual machines, use the filters, sort the entries by column heading, or use the
search field. Finding protection objects describes these tools.
3. Click Manage Protection.
A dialog box with one or more warnings may appear.
The Manage Protection dialog box appears.
4. Select Clear Existing Assignment.
A warning dialog box appears.
5. Click Clear.
The Rubrik cluster removes the individual assignments for the selected group. Each virtual
machine in the selection group derives a protection setting based on the automatic protection
rules.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 303
AHV Virtual Machines

Finding protection objects


The Rubrik CDM web UI provides several tools for finding protection objects.

Displaying all discovered virtual machines


The Rubrik CDM web UI lists all of the virtual machines that have been discovered on the AHV VMs
page. Access this page using one of several methods.
The following methods open the AHV VMs page and display all discovered virtual machines:
 On the left-side menu, click Virtual Machines > AHV VMs.
 On the Dashboard page, on the AHV VMs card, click See All.

Displaying unprotected virtual machines from the Dashboard


From the Dashboard, display all unprotected virtual machines.
1. Open the Rubrik CDM web UI to the main Dashboard.
2. On the AHV VMs card, in the Unprotected field, click Protect Now.
The AHV VMs page opens, with the VMs tab selected, and filters the view to show All Unprotected
virtual machines

Displaying unprotected virtual machines from the AHV VMs page


Use a filter to display all unprotected virtual machines.
1. In the left-pane of the Rubrik CDM web UI, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
2. Click the Filter SLA drop-down menu.
3. On the Filter SLA drop-down menu, select one of the following filters:
• All Unprotected – Displays all unprotected virtual machines, both No SLA and Do Not
Protect.
• No SLA – Displays virtual machines that have not inherited an SLA Domain setting.
• Do Not Protect – Displays virtual machines that have inherited the Do Not Protect setting,
or have Do Not Protect individually assigned.
The Rubrik CDM web UI displays the virtual machines that belong to the selected protection state.

Rubrik CDM Version 5.0 User Guide Finding protection objects 304
AHV Virtual Machines

Sorting virtual machines by using the SLA filter


Use the SLA filter to find specific virtual machines.
1. In the left-pane of the Rubrik CDM web UI, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
2. Click the Filter SLA drop-down menu.
3. On the Filter SLA drop-down menu, select one of the named SLA Domains, or select a
protection state, either: Inherited or Do Not Protect.
The Rubrik CDM web UI displays the virtual machines that belong to the selected SLA Domain or
to the selected protection state.

Finding virtual machines by using the Search field


Use the Search field to find a specific virtual machine.
1. In the Search field, at the top of all Rubrik CDM web UI pages, type the name of the virtual
machine.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
The search matches the characters entered in the search field with the same sequence of
characters anywhere in a name. Continue to type characters to narrow down the results until
the virtual machine appears.
2. When the name of the virtual machine appears in the displayed list, select the name.
The Rubrik CDM web UI displays the local host page for the virtual machine.

Finding entities by using the object tab


Use object tabs on the Virtual Machines page to define a hierarchical view to search and to
browse. Then use the search field to find entities within the defined view, or to browse to entities
within the defined view.
1. In the left-pane of the Rubrik CDM web UI, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
2. In the tab bar, select a tab.

Rubrik CDM Version 5.0 User Guide Finding protection objects 305
AHV Virtual Machines

Select one of the following:


• VMs – Provides a virtual machines only view, with the hierarchical location of each virtual
machine displayed in the location column.
• Clusters– Provides the Nutanix cluster(s).
3. (Search Only) In the tab search field, begin typing an entity name.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
The search matches the characters entered in the search field with the same sequence of
characters anywhere in a name. Continue to type characters to narrow down the results until
the entity appears in the results.
4. (Search Only) Stop typing when the name of the entity appears on the page.
5. (Browse Only) Click the name of a top-level entity.
The Rubrik CDM web UI displays the entities within the selected entity.
6. (Browse Only) Continue clicking entity names to browse down the hierarchy to a specific entity.

Selecting data sources


Use the objects filter and tab search field to find and select data protection entities.
1. In the left-pane of the Rubrik CDM web UI, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
2. Use one of the search or sort methods to display the entities to be selected.
3. Select the entities.
A check mark appears next to each selected entity.
4. Select Manage Protection.
SLA Domain assignment describes how to assign an SLA Domain.

Protected warning
The Rubrik CDM web UI displays the protected warning when the Rubrik cluster detects that an
SLA Domain setting is already associated with a selected virtual machine.
The protected warning is “These VM(s) are already protected”.

Rubrik CDM Version 5.0 User Guide Finding protection objects 306
AHV Virtual Machines

When the protected warning appears, do one of the following:


 Continue the operation to assign the selected SLA Domain to the protected virtual machines.
 Cancel the operation and remove the virtual machines from the selection set.
Changing the SLA Domain of a virtual machine may result in immediate expiration of some
snapshots, as described in Changing the assigned SLA Domain.

Protection consequences
The SLA rules defined by an SLA Domain impact the protection of virtual machines in several
ways. SLA rules specify when snapshots are created, when snapshots expire, and where snapshot
data is stored.
A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an
SLA Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same
SLA Domain that created the snapshot.
Sometimes, the source virtual machine for a snapshot is assigned to another SLA Domain after the
snapshot is created. When this occurs the new SLA Domain becomes the managing SLA Domain
for the policy driven snapshot.
A policy driven snapshot can require manual management when it loses an association with the
SLA Domain.

Protecting a new virtual machine


A new virtual machine is one for which no policy driven snapshots exist. After a new virtual
machine is assigned to an SLA Domain, all of its snapshots, replicas and archival snapshots are
created and managed based on the SLA rules of the SLA Domain.
Table 55 provides a quick overview of the impact of assigning a new virtual machine to an SLA
Domain.
Table 55 Impact of SLA Domain properties on snapshots (page 1 of 2)
SLA Domain property Virtual machine snapshot impact
SLA rules Determines when policy driven snapshots are created and when they are
automatically expired.
Local Cluster Retention Period Determines how long snapshots are retained on the local Rubrik cluster.
When an archival account exists for the SLA Domain, policy driven
snapshots older than the Local Cluster Retention Period are automatically
copied to archival snapshots on an archival location.
Replication Retention Period Determines how long replicas are retained on a replication target cluster.

Rubrik CDM Version 5.0 User Guide Protection consequences 307


AHV Virtual Machines

Table 55 Impact of SLA Domain properties on snapshots (page 2 of 2)


SLA Domain property Virtual machine snapshot impact
Maximum Retention Period Determines how long snapshots are retained by the system. The Rubrik
cluster automatically expires policy driven snapshots that are older than
the Maximum Retention Period.

Changing the assigned SLA Domain


A protected virtual machine may be assigned to another SLA Domain in order to satisfy specific
business requirements (e.g. data governance policy changes or space management
requirements).

Removing protection from a virtual machine


For business reasons, a user might choose to remove protection from a virtual machine by
removing it from the assigned SLA Domain.
When a virtual machine is removed from an SLA Domain, no further policy driven snapshots for
virtual machine are created and no replication or archival activity occurs for the virtual machine.
All existing snapshots for the virtual machine must be managed manually.

Re-protecting a virtual machine


At times, a virtual machine that is protected by one SLA Domain may be temporarily set to Do Not
Protect, and then reassigned to another SLA Domain for protection.
When a reassignment occurs, the existing snapshots of the virtual machine are subject to the
retention policies of the currently assigned SLA Domain, including:
 Local cluster retention period
 Replication retention period
 Maximum retention period

Rubrik CDM Version 5.0 User Guide Protection consequences 308


AHV Virtual Machines

Local host page


The local virtual machine page provides detailed information about the protection of a virtual
machine, and tasks related to the virtual machine. The local virtual machine page provides the
following sections:
 Action bar
 Overview card
 Snapshots card

Viewing a local virtual machine page


Access a local virtual machine page to view information about a local virtual machine.
1. In the left-pane of the Rubrik CDM web UI, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
2. In Name, click the name of a virtual machine.
The local host page for the selected virtual machine appears.

Action bar
For the selected local virtual machine, the action bar provides the actions described in Table 56.
Table 56 Actions available from the action bar
Action Description
Take On Demand Snapshot Adds an on-demand snapshot of the virtual machine to the task queue.
Note: Backup Window settings defined for the SLA Domain of the
virtual machine do not apply to on-demand snapshots. Only the
maximum retention and remote configuration settings of the associated
SLA Domain apply to on-demand snapshots.

Manage Protection Opens the Manage Protection page where the virtual machine can be
assigned to an SLA Domain for protection.
When the virtual machine is already assigned to an SLA Domain, a
warning appears. Click Continue to open the Manage Protection page.
Click Cancel to return to the local host page.

Rubrik CDM Version 5.0 User Guide Local host page 309
AHV Virtual Machines

Overview card
The Overview card provides the information that is described in Table 57.
Table 57 Information available on the Overview card
Field Description
Cluster The Nutanix cluster that manages the virtual machines.

SLA Domain Name of the SLA Domain that manages the protection of the selected virtual
machine.
Oldest Snapshot Timestamp for the oldest snapshot associated with the selected virtual machine.
When the SLA Domain has an active archival policy, the oldest snapshot resides at
the archival location.
Latest Snapshot Timestamp for the most recent successful snapshot of the selected virtual machine.

Total Snapshots Total number of retained snapshots for the selected virtual machine, including both
the local Rubrik cluster and any archival location.
Missed Snapshots Number of policy-driven snapshots that did not complete successfully. A missed
snapshot is included in the count until the period since the SLA Domain policy
required the snapshot exceeds the retention period of the SLA Domain.

Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the
snapshots that reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views.
Each view uses color spots to indicate the presence of snapshots on a date and to indicate the
status of SLA Domain compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the
virtual machine.
Table 58 lists the colors that the Snapshots card uses and describes the status that each color
represents.
Table 58 Status colors used on the calendar views
Color Status
Green All snapshots required by SLA Domain policy were successfully created.
Orange All snapshots required by SLA Domain policy were successfully created but at least
one snapshot caused a warning.
Red At least one snapshot required by SLA Domain policy was not successfully created.

Rubrik CDM Version 5.0 User Guide Local host page 310
AHV Virtual Machines

Table 59 describes the calendar views available on the Snapshots card.


Table 59 Calendar views on the Snapshots card
View Description
Year The Year view displays snapshot creation information for an entire year. A color spot
indicator on a specific date indicates snapshot activity, and displays the SLA Domain
compliance status for that day.
Month The Month view displays snapshot creation information for an entire month. A color
spot indicator on a specific date indicates snapshot activity, and displays the SLA
Domain compliance status for that day.
Day The Day view displays the individual snapshots that were created on the selected
day. The Day view also provides the additional information and actions described in
the following section.

Rubrik CDM Version 5.0 User Guide Local host page 311
AHV Virtual Machines

Information available on the day view for a local virtual machine


For a local virtual machine, the day view provides information about snapshots.
The day view provides the information that is described in Table 60 for each listed snapshot.
Table 60 Additional snapshot information in the day view
Category Description
Time Creation time of the snapshot.
Location For a snapshot that resides only on local storage the indicator field is empty.
The following icon indicates a snapshot that resides at an archival location.

The following icon indicates a snapshot that resides locally and at an archival location.

The following icon indicates a replica of the snapshot was sent to the target Rubrik cluster.

Status The following icon indicates a warning for the snapshot entry. Hover over the icon to see
additional information.

The following icon indicates the policy driven snapshot represented by the entry was not
completed successfully.

Source action The following icon indicates a policy driven snapshot.

The following icon indicates an on-demand snapshot.

Actions available on the day view for a local virtual machine


For a local virtual machine, the day view provides the ability to initiate various actions with
snapshots. Access the actions by clicking the ellipsis menu.
The ellipsis menu provides the actions described in Table 61 for snapshots that reside on the local
Rubrik cluster.

Rubrik CDM Version 5.0 User Guide Local host page 312
AHV Virtual Machines

Table 61 Actions available for snapshots that reside on the local Rubrik cluster
Command Description
Export Use the snapshot to create and mount on AHV host for a new virtual machine, that is a
copy of the local virtual machine.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows: name of
source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The AHV host is the datastore for the new virtual machine.
Browse Open a file browser view on the selected snapshot.

Delete Delete the selected snapshot.


This command only appears for snapshots that are not created based on an SLA
Domain policy, such as:
• On-demand snapshots
• Retrieved snapshots
• Snapshots for an unprotected virtual machine
For snapshots that reside on an archival location, the ellipsis menu provides the actions described
in Table 62.
Table 62 Actions available for snapshots that reside on an archival location
Command Description
Download Transfer a copy of the selected snapshot to the local Rubrik cluster so that it is available
for additional local actions. The local Rubrik cluster provides a notification when the
download is completed.
Browse Files Open a file browser view on the selected snapshot.

Virtual machine snapshots


The Rubrik cluster provides protection for virtual machines by combining native snapshot
technology with the fast and scalable cloud data management platform of the Rubrik cluster.

Performance and scalability


The time that a virtual machine is quiescent, sometimes referred to as virtual machine stun or
application stun, is the time between the following:
 The point where execution of the virtual machine is paused, at an instruction boundary, and all
in-flight disk input/output operations are completed.
 The point where execution resumes.

Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 313
AHV Virtual Machines

The period a virtual machine is quiescent, is very brief, just long enough to create a snapshot. The
virtual machine does not remain quiescent during the processing and ingestion of the snapshot
data.

! IMPORTANT
For best performance, use a 10 Gigabit Ethernet connection between the Rubrik cluster and
the Nutanix environment. Also, for replication, provide a 10 Gigabit Ethernet connection
between the source Rubrik cluster and the target Rubrik cluster.

The Rubrik cluster uses a distributed job scheduler. The distributed job scheduler permits the
Rubrik cluster to schedule jobs to run on any node and on multiple nodes, as needed.
Since the distributed job scheduler can seamlessly schedule jobs on all available nodes and across
multiple nodes, adding nodes to a Rubrik cluster further increases ingestion and processing
efficiency.

Back up processes
A Rubrik cluster backs up a virtual machine by creating a snapshot of the virtual machine.
When a Rubrik cluster begins protecting a virtual machine, the Rubrik cluster starts by creating a
first full snapshot of the virtual machine. This first full snapshot is a complete backup of the virtual
machine.
After the first full snapshot, the Rubrik cluster continues protection of the virtual machine by
creating incremental snapshots based on the change information provided by Changed Block
Tracking (CBT). The Rubrik cluster creates each incremental snapshot very quickly because the
snapshot only includes the data blocks that have changed since the last snapshot.
The Nutanix environment transmits the snapshot data to the Rubrik cluster using iSCSI with CHAP
for authentication.

Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 314
AHV Virtual Machines

Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines
the period in a day when the Rubrik cluster can initiate policy-driven snapshots of the virtual
machines that the SLA Domain protects.
When using the snapshot window policy, the specified window must be long enough to
accommodate the number of virtual machines that are assigned to the SLA Domain. Monitor the
snapshot activity of the SLA Domain to ensure that all policy-driven snapshots are successfully
completed. When necessary, lengthen the period to permit all snapshots to be completed
successfully.

Backup consistency levels


By default, the Rubrik cluster provides the highest level of backup consistency that is available for
a virtual machine.
Table 63 describes backup consistency levels, and the levels of consistency provided by a Rubrik
cluster.
Table 63 Backup consistency levels (page 1 of 2)
Consistency
level Description Rubrik usage
Crash A point-in-time snapshot but without Provided when:
consistent quiescence. • Guest OS does not have Nutanix Guest
• Timestamps are consistent Tools installed
• Pending updates for open files are not • Guest OS has an out-of-date version of
saved Nutanix Guest Tools
• In-flight I/O operations are not
completed
The snapshot can be used to restore the
virtual machine to the same state that a
hard reset would produce.
Application A point-in-time snapshot with quiescence Provided when:
consistent and application-awareness. • Guest OS is Windows and the RBS is
• Timestamps are consistent not installed and registered
• Pending updates for open files are • The guest has an up-to-date version of
saved Nutanix Guest Tools. and application
• In-flight I/O operations are completed consistency is supported for the guest
• Application-specific operations are OS
completed.

Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 315
AHV Virtual Machines

Table 63 Backup consistency levels (page 2 of 2)


Consistency
level Description Rubrik usage
VSS consistent A point-in-time snapshot with quiescence Provided when:
and application-awareness. • Guest OS is Windows
• Timestamps are consistent • RBS is installed and registered on the
• Pending updates for open files are Nutanix guest
saved
• In-flight I/O operations are completed
• Application-specific operations are
completed.
• Supports Exchange log truncation

Application consistency
Nutanix application consistent snapshots are supported.
The following configuration is required for application consistent snapshots:
 Nutanix Guest Tools must be installed on the target virtual machine.
 If the target virtual machine uses a Linux operating system, pre-freeze and post-thaw scripts
must be configured.
 In the Rubrik CDM web UI, confirm snapshot consistency is configured as Automatic (default
setting).

VSS Consistency
Nutanix VSS consistent snapshots are supported.
The following configuration is required for VSS consistent snapshots:
 Nutanix Guest Tools must be installed on the target virtual machine.
 RBS must be installed and registered on the Nutanix guest.
 In the Rubrik CDM web UI, confirm snapshot consistency is configured as Automatic (default
setting).

Configuring snapshot consistency


The Rubrik cluster allows you to select which level of snapshot consistency is used.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The All VMs page appears, with the VMs tab selected.

Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 316
AHV Virtual Machines

2. Click the name of a virtual machine.


The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Snapshot Consistency.
The Configure Snapshot Consistency dialog box appears.
4. Select the appropriate level of Snapshot Consistency: Automatic or Crash consistent
(if Automatic, the default setting, is selected, CDM will use the highest level of consistency
available, Application consistent or VSS consistent).
5. Click Update.
The Rubrik cluster applies the setting to all future backups of the virtual machine.

On-demand snapshots
In addition to policy-based snapshots, create virtual machine snapshots by using the on-demand
snapshot process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically,
according to the SLA rules of the associated SLA Domain.
Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines
can be created by using the on-demand snapshot process.

Creating an on-demand snapshot


Access the local host page for a virtual machine to create an on-demand snapshot.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. On the local host page, click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
4. Select an SLA Domain.
The Rubrik cluster uses only the maximum retention and remote configuration settings of the
associated SLA Domain to manage the on-demand snapshot. The selected SLA Domain can be
different from the SLA Domain that protects the virtual machine.
All on-demand snapshots can be manually managed through the Snapshot Retention page.

Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 317
AHV Virtual Machines

5. Click Take On Demand Snapshot.


The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log
tracks the status of the on-demand backup task.

Archival snapshots
Archival snapshots provide long term storage of snapshot data outside of the local Rubrik cluster.

Archival location storage


The Rubrik cluster deduplicates and compresses the data in archival snapshots. The Rubrik cluster
uses client-side encryption to encrypt the archival snapshot data stored on all archival locations
except NFS exports.

Retention
The retention period assigned to the archival snapshot by the associated SLA Domain determines
the expiration of an archival snapshot. After the expiration of the retention period, the Rubrik
cluster marks the archival snapshot as expired and moves the snapshot data to garbage collection.
To ensure that existing snapshots are always fully functional, the Rubrik cluster combines any
required data from expired incremental snapshots into the chain of existing incremental
snapshots. This permits each retained archival snapshot to be mounted as a fully functional virtual
machine.

Recovery and restore of virtual machine data


The Rubrik cluster provides a variety of methods to recover virtual machines and to restore
protected data.
Recover virtual machines and restore data by using snapshots, replicas, and archival snapshots.
When snapshot data exists in a local snapshot and in an archival snapshot, the Rubrik cluster
always uses the local snapshot to recover a virtual machine or to restore data. By using the local
snapshot, the Rubrik cluster reduces network impact and eliminates any archival data recovery
charges associated with a recovery operation or a restore operation.

Rubrik CDM Version 5.0 User Guide Archival snapshots 318


AHV Virtual Machines

Recovery of virtual machines


For a Rubrik cluster, recovery of a source virtual machine means to mount a point-in-time copy of
the source virtual machine.
A virtual machine can be recovered by using any of the Rubrik data protection objects: snapshots,
replicas, and archival snapshots. Recover a virtual machine by using one of the available recovery
actions. The Rubrik cluster provides the export recovery actions for virtual machines.

Selecting a snapshot or an archival snapshot


Use the local Rubrik CDM web UI to select a snapshot before applying a recovery action.

Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the local
host page when the name of the source virtual machine is known.

1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
To work with data from an unmanaged virtual machine on the Unmanaged Objects page, On
the left-side menu, click Unmanaged Objects. Then, continue with the following steps from
the Unmanaged Objects page instead of the Virtual Machines page.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
Local host page provides information about the Snapshots card and navigating to a snapshot.
Skip step 4 and step 5, except when recovering a virtual machine from an archival snapshot.
4. (Recovering archival snapshot only) Open the ellipsis menu for the snapshot.
5. (Recovering archival snapshot only) On the ellipsis menu, click Download.
The Rubrik cluster retrieves the archival snapshot. Status of the retrieval appears on the
Activity Log. Activity Log describes activity notifications.
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot.
Manually delete a downloaded archival snapshot that is no longer required on local storage.
6. Perform the recovery action on the selected snapshot or restore files and folders from the
selected snapshot.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 319
AHV Virtual Machines

Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before
applying a recovery action.
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.

Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the
Remote VM Details page when the name of the source virtual machine is known.

2. On the left-side menu of the Rubrik CDM web UI, click SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. Select a remote SLA Domain.
The page for the selected SLA Domain appears.
4. In the Virtual Machines section of the remote SLA Domain’s page, click the name of a virtual
machine.
The Remote VM Details page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a replica.
Snapshots card or Recovery Points card provides information about the Snapshots card and
navigating to a replica.
6. Perform one of the available recovery actions on the selected replica or restore files and folders
from the selected replica.

Virtual machine recovery


Recovery consists of selecting a data protection object (snapshot, replica, or archival snapshot)
and selecting Export.
After performing a recovery action, the Rubrik cluster powers on the recovered virtual machine.
The recovered virtual machine can be powered off by using the Rubrik CDM web UI. It can also be
deleted through the Rubrik CDM web UI.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 320
AHV Virtual Machines

Performing an Export
An Export creates a new virtual machine from a point-in-time copy of the source virtual machine.
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The
Rubrik cluster does not connect the recovered virtual machine to a network. The Rubrik cluster
sets the protection state of the new virtual machine to Do Not Protect.
1. Select a snapshot, an archival snapshot, or a replica.
Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Export.
The Export Snapshot dialog box appears.
4. A list of the containers that are associated with the selected Nutanix Cluster appears, select an
Nutanix Cluster for the virtual machine.
A list of the datastores that are associated with the select Nutanix host appears.
5. Power on the virtual machine.
6. Click Export.
The Rubrik cluster creates a new virtual machine from the snapshot on the selected Nutanix
cluster, transfers the virtual machine files to the datastore, and powers up the recovered virtual
machine. During the process, messages about the status appear in the Activity Log. The Rubrik
cluster also records the final result of the task in the Activity Log.
The Rubrik cluster initially sets the protection state of the exported virtual machine to Do Not
Protect. To protect the new virtual machine, add it to an SLA Domain, or remove the individual
assignment of Do Not Protect to permit it to inherit protection.

Recovery of folders and files


The Rubrik cluster provides file level restore (FLR) of files and folders from any local snapshot,
replica, or archival snapshot that was successfully indexed.
To restore a file or folder, search for the file or folder by name across all local snapshots. or browse
for the file or folder on a selected snapshot.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 321
AHV Virtual Machines

Searching for a file or folder


Use the Rubrik CDM web UI to search for a file or folder across all local snapshots of a virtual
machine.
1. Open the local host page for the virtual machine.
Viewing a local virtual machine page describes how to open a local host page for a virtual
machine.
2. On the Snapshots card, type the name of the file or folder in the search field.
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file
and folder pathnames.
Search matches the string of characters entered in the search field with the same string in any
portion of the pathname of a folder or file. Continue to type characters until the file or folder
appears in the results.
3. Select the file or folder.
The Download File Version dialog box appears. A cloud icon appears next to files or folders that
are on archival snapshots.
4. Select a version of the file or folder.
For supported Windows and Linux guest operating systems, the selection can be restored to the
original file system, or downloaded from a generated link. For other guest operating systems, the
selection can be downloaded from a generated link.

Browsing for a file or folder


Use the Rubrik CDM web UI to browse for a file or folder in a data protection object (snapshot,
replica, or archival snapshot).

Note: The Rubrik cluster must download an archival snapshot before it can be browsed.
Searching by name for a file or folder on an archival snapshot does not require that the archival
snapshot be downloaded first.

1. Select a snapshot, an archival snapshot, or a replica.


Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the actions menu for the snapshot or replica by clicking the ellipsis icon.
3. Click Browse Files.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 322
AHV Virtual Machines

The browse dialog box appears.


4. Select a file or folder.
For supported Windows and Linux guest operating systems, the selection can be restored to the
original file system, or downloaded from a generated link. For other guest operating systems, the
selection can be downloaded from a generated link.

Restore files and folders directly to a guest file system


For supported Windows and Linux guest operating systems, the Rubrik cluster can restore files
and folders directly to the source file system through the Rubrik Backup Service (RBS).
When restoring from a snapshot of a supported guest operating system, the Rubrik CDM web UI
provides the option to restore a file or folder directly to the source file system. When this option is
selected, the Rubrik CDM web UI provides a choice to overwrite the source file or folder, or to
restore the file or folder to another location.
A restored file or folder inherits the ACL of the parent folder and the same owner as the parent
folder. The restored file or folder retains the modification time (mtime) of the source file or folder
at the time of the snapshot.

Restoring files and folders directly to a guest file system


Search or browse for a file or folder and restore that file or folder to the source file system of a
supported Windows or Linux guest operating system.
Restore files and folders directly to a guest file system provides an overview of this feature.
1. Search or browse for a file or folder.
Searching for a file or folder and Browsing for a file or folder describe how to do this.
2. Select the file or folder.
3. Click Restore.
The Restore button only appears for supported hosts.
The Restore Files dialog box appears.
4. Select one of the restore methods.
• Select Overwrite original to restore the selected file or folder to the original path. This
choice overwrites the existing file or folder.
• Select Restore to separate folder to restore the file or folder to another location.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 323
AHV Virtual Machines

5. (Restore to separate folder only) In Folder Path, type the full path of the restore location.

Note: Do not type the original path of the source file or folder. When Restore to separate
folder is selected, the object cannot be restored to a folder that contains an object of the
same name.

Use the correct path delimiter for the guest operating system.
For Windows use a back slash. For example:
C:\Users\jsmith\work
For Linux use a forward slash. For example:
/home/jsmith/work
6. (If available) (Optional) Select Store as service credential for all VMs.
When this setting is selected, the Rubrik cluster stores the credential. The stored credential can
be managed through the Service Credentials page, as described in Guest OS settings.
7. Click Restore.
The Rubrik cluster restores the file or folder to the specified location.

Restore files and folders by download


The Rubrik cluster generates download links to use for file level restore (FLR) of files and folders
from any local snapshot, replica, or archival snapshot that was successfully indexed.
Restore a file from a data protection object through the Rubrik CDM web UI. Browse the virtual
machine file system on the data protection object and select the file. The Rubrik cluster processes
the request and provides a link for download of the file.
Restore a folder from a data protection object through the Rubrik CDM web UI. Browse the virtual
machine file system on the data protection object and select the folder. The Rubrik cluster
generates a ZIP file containing the folder and all that the folder contains. The ZIP file retains the
hierarchy of the selected folder. The Rubrik cluster provides a link for download of the ZIP file.
File and folder download links appear in a message in the notification area of the Rubrik CDM web
UI. This message provides a link to the download. The Rubrik cluster also provides the download
link on the Activity Detail dialog box for the download task.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 324
AHV Virtual Machines

Restoring files or folders by download from notification message


Search or browse for a file or folder and restore that file or folder by download from the
notification message.
Restore files and folders by download provides an overview of this feature.
1. Search or browse for a file or folder.
2. Select the file or folder.
3. For a file, click Download. For a folder, click Download Folder.
4. Click OK.
For a folder, the Rubrik cluster retrieves the folder and creates a ZIP file with the folder and all
files and folders within the selected folder. The ZIP file preserves the folder hierarchy.
5. In the Activity Log, a ‘Downloaded’ message appears for the selected file or folder.
6. Click the message.
The Save As dialog box appears in the web browser.
7. Select a download location for the file, and click Save.
Configuring Chrome to ask for download location describes how to enable user-selectable
download locations in Chrome.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
8. (Folder only) Extract the folder using a ZIP utility.

Restoring files or folders by download from Activity Detail


Search or browse for a file or folder and restore that file or folder by download from the Activity
Detail dialog box.
Restore files and folders by download provides an overview of this feature.
1. Search or browse for a file or folder.
2. Select the file or folder.
3. Click Download.
For a folder, the Rubrik cluster retrieves the folder and creates a ZIP file with the folder and all
files and folders within the selected folder. The ZIP file preserves the folder hierarchy.
4. Open the local host page for the virtual machine.
Viewing a local virtual machine page describes how to open a local virtual machine page for a
virtual machine.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 325
AHV Virtual Machines

5. On the messages card, select the ‘Link ready for download’ message.
Use the Recovery filter type to filter for this type of message.
The Activity Detail dialog box appears.
6. Click the download icon.
The Save As dialog box appears in the web browser.
7. Select a download location for the file, and click Save.
Configuring Chrome to ask for download location describes how to enable user-selectable
download locations in Chrome.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
8. (Folder only) Extract the folder using a ZIP utility.

Configuring Chrome to ask for download location


Use the Google Chrome web browser to access the Rubrik CDM web UI and download recovered
files and folders. Change the default setting of the Chrome web browser to permit specifying the
local download location.
By default, Chrome saves downloaded files to the following locations:
 Windows: \Users\<username>\Downloads
 Mac: /Users/<username>/Downloads
 Linux: home/<username>/Downloads
To download files and folders to a specified location, change the default Chrome Download
setting.
1. In Chrome, click the customize icon.
The Chrome menu appears.
2. On the menu, click Settings.
The Chrome Settings page appears.
3. Click Show Advanced Settings.
Additional settings appear on the Settings page.
4. In the Downloads section, enable Ask where to save each file before downloading.
Chrome applies the new setting and opens a Save As dialog for selecting a download location
when a file is downloaded.

Rubrik CDM Version 5.0 User Guide Recovery of folders and files 326
AHV Virtual Machines

Unmanaged data
Manage file system data that is not subject to a retention policy through the Snapshot Retention
page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as
unmanaged snapshot objects. Unmanaged snapshot objects can be managed through the
Snapshot Retention page of the Rubrik CDM web UI.
Retention Management describes the Snapshot Retention page and how to perform tasks with
unmanaged snapshot objects.

Rubrik CDM Version 5.0 User Guide Unmanaged data 327


Chapter 10
vSphere Virtual Machines

This chapter describes how to protect and manage data from VMware vSphere virtual machines.
 Overview ............................................................................................................... 329
 Virtual machine protection....................................................................................... 329
 Manage vCenters .................................................................................................... 332
 SLA Domain assignment.......................................................................................... 335
 Virtual machine scripts ............................................................................................ 341
 Storage array integration......................................................................................... 343
 Exclude VMDK files ................................................................................................. 345
 Finding protection objects ....................................................................................... 346
 Protection consequences ......................................................................................... 350
 Local host page ...................................................................................................... 353
 Snapshots .............................................................................................................. 359
 Linux guest ............................................................................................................ 363
 Windows guest ....................................................................................................... 364
 On-demand snapshots ............................................................................................ 370
 Recovering and restoring virtual machine data .......................................................... 371
 Recovery of virtual machines ................................................................................... 371
 File and folder restore ............................................................................................. 383
 Unmanaged data .................................................................................................... 389

Rubrik CDM Version 5.0 User Guide vSphere Virtual Machines 328
vSphere Virtual Machines

Overview
A Rubrik cluster provides data management and protection for virtual machines that are deployed
in a VMware vSphere environment. The Rubrik cluster can manage and protect virtual machines in
an environment with multiple vCenter Servers and multiple ESXi hosts.
The Rubrik cluster provides a variety of methods to recover virtual machines and to restore
protected data. Recover virtual machines and restore data by using snapshots, replicas, and
archival snapshots.

Virtual machine protection


A Rubrik cluster provides protection for virtual machines through either individual assignment of
the virtual machine to an SLA Domain or through automatic protection. Automatic protection
occurs when the virtual machine derives the SLA Domain assignment of a containing folder,
cluster, or host.
The Rubrik cluster provides flexibility in the protection assignments made for virtual machines.
Virtual machines that are protected by individual assignment can be set to Do Not Protect or can
be set to inherit a protection setting.
An individual virtual machine, that is part of a group of virtual machines being automatically
protected, can be set to Do Not Protect, without moving the virtual machine out of the group.
The Rubrik cluster also permits protecting some of the VMDK files on a virtual machine while
designating other VMDK files on the virtual machine as unprotected.

Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA
Domain assigned to a parent object.
Objects from which a virtual machine can inherit are the following virtualization system entities:
 Folders
 Clusters
 Hosts
The automatic protection mechanism simplifies assigning protection to large numbers of virtual
machines and provides an easy method to uniformly assign specific SLA Domains to groups of
functionally similar virtual machines.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.

Rubrik CDM Version 5.0 User Guide Overview 329


vSphere Virtual Machines

During SLA Domain assignment, the Rubrik cluster displays the objects that have individual
assignments which conflict with the new assignment. For each conflicting object, the Rubrik
cluster permits an administrator to choose to retain the individual setting or apply the new setting.

Automatic protection rules


To provide consistency when applying automatic protection the Rubrik cluster adheres to a specific
set of rules.
A Rubrik cluster applies protection to a virtual machine using the following rules:
Rule One — The setting individually assigned to an object takes precedence.
Rule Two — An object that is not individually assigned a setting inherits the setting of the
hierarchically closest containing object that has a setting.
Rule Three — The setting assigned to a containing folder takes precedence over the setting
assigned to a containing cluster or host.

Example 10 Automatic protection rules applied


To show the impact of automatic protection on the protection settings of a virtual machine,
consider the following fictitious virtual machine environment:
• Virtual machine is newly discovered and no protection has been assigned.
• Virtual machine resides on vSphere cluster C, cluster C has not been assigned protection.
• Virtual machine is contained by folder F1, and F1 is contained by top-level folder F2. Neither
folder has been assigned protection.
Administrator assigns the SLA Domain named ClusterProtection to C:
The virtual machine inherits the ClusterProtection assignment (Rule Two).
Administrator assigns the SLA Domain named Folder2Protection to F2:
The virtual machine inherits the Folder2Protection assignment (Rule Three). The expiration
settings of Folder2Protection apply to the snapshots taken while under ClusterProtection. Some
snapshots may be immediately marked as expired.
Administrator assigns the SLA Domain named Folder1Protection to F1:
The virtual machine inherits the Folder1Protection assignment (Rule Two). The expiration
settings of Folder1Protection apply to snapshots taken while under ClusterProtection and while
under Folder2Protection. Some snapshots may be immediately marked as expired.
Administrator changes the SLA Domain setting of folder F1 to Do Not Protect:
The virtual machine inherits the Do Not Protect setting and is unprotected (Rule Two).

Rubrik CDM Version 5.0 User Guide Virtual machine protection 330
vSphere Virtual Machines

Administrator individually assigns the virtual machine to the Gold SLA Domain:
The virtual machine is protected by the Gold SLA Domain (Rule One).
Administrator changes the SLA Domain setting of folder F1 to the Silver SLA Domain:
A conflict occurs between the individually assigned setting for the virtual machine and the
setting selected for F1. The Rubrik cluster displays the conflict. The administrator chooses to
remove the individually assigned setting and have the virtual machine inherit the new SLA
Domain setting of F1. The virtual machine is protected by the Silver SLA Domain.

Unprotected virtual machines


The Rubrik CDM web UI identifies virtual machines that are not protected by an SLA Domain.
Unprotected virtual machines can then be assigned to an SLA Domain.
Table 64 describes how the Rubrik CDM web UI represents unprotected virtual machines.
Table 64 Unprotected virtual machines in the Rubrik CDM web UI
Label Inherited Description
No SLA Yes There are no SLA Domains assigned to any of the parent objects of the
virtual machine, in both the folder hierarchy and the cluster/host hierarchy.
The virtual machine inherits the No SLA state. This can be changed by
individually assigning an SLA Domain to the virtual machine, by assigning
an SLA Domain to a parent object, or by moving the virtual machine
beneath a protected parent object.
Do Not Protect Yes The Do Not Protect setting is individually assigned to a parent object of the
virtual machine. Based on the automatic protection rules, the virtual
machine inherits the setting from that parent object.
Do Not Protect No The Do Not Protect setting is individually assigned to the virtual machine.

Displaying unprotected virtual machines from the Dashboard describes how to use the Rubrik CDM
web UI to view all virtual machines that do not have the protection of an SLA Domain.

Virtual machine linking


When a Rubrik cluster protects virtual machines that are managed by vCenter Servers, certain
conditions can cause a previously protected virtual machine to show up as a new virtual machine
with no snapshot history. This can occur as the result of an instant recovery, or migration of a
virtual machine to another vCenter Server, or unregistering a virtual machine from the current
vCenter Server and then registering it back to the same vCenter Server. In these situations, the
previously protected virtual machine loses its association with previous snapshots and SLA
assignments. This results in a new full snapshot being taken during the next backup window. It
also compromises the ability to restore old data from the virtual machine.

Rubrik CDM Version 5.0 User Guide Virtual machine protection 331
vSphere Virtual Machines

For that reason, any time a virtual machine is added to a Rubrik cluster, the Rubrik cluster runs a
detection algorithm designed to identify whether that virtual machine was previously known to the
system.
If the optional automatic linking feature is turned on, the Rubrik cluster will link any duplicate
virtual machine occurrences it detects and present them as if they are the same virtual machine.
These linked virtual machines also retain an SLA Domain that is specifically assigned to the original
virtual machine.
The automatic linking feature is either turned on or off for an entire vCenter Server. You can make
this decision when the vCenter Server is added, or by editing the vCenter Server connection
properties.

Note: The automatic linking feature does not perform any retroactive processing. For example, if
the feature is turned off, and a virtual machine is deleted and re-registered with the same vCenter
Server, the re-registered virtual machine will be added as a new virtual machine. Even if automatic
linking is turned on after that occurs, the new virtual machine will not be linked to the previous
virtual machine.

Manage vCenters
The Rubrik cluster accesses virtual machine data through a connection with the VMware vCenter
Server that manages the hypervisor that is running the virtual machine. To successfully connect
with a vCenter Server, the Rubrik cluster requires connection information for that vCenter Server.
The Rubrik cluster provides access to vCenter Server information on the vCenter Servers page.
That page provides the FQDN or IP address, and the connection status, for every vCenter Server
that is added to the Rubrik cluster.
After connection information for a vCenter Server is added to a Rubrik cluster, the Rubrik cluster
requests relevant metadata from the vCenter Server. The Rubrik cluster uses the metadata to
display and work with the virtual machines on the vCenter Server.
The Rubrik cluster automatically refreshes the metadata from a vCenter Server every 30 minutes.
This is referred to as a light refresh. The Rubrik Edge appliance performs a light refresh of a
vCenter Server every six hours.
The Rubrik cluster automatically refreshes the metadata and rescans the VMDK files of a vCenter
Server every two hours. This is referred to as a full refresh. The Rubrik Edge appliance performs a
full refresh of a vCenter Server every 24 hours.
VMDK files are also automatically scanned as part of every create snapshot job.
A full refresh can be manually initiated at any time.

Rubrik CDM Version 5.0 User Guide Manage vCenters 332


vSphere Virtual Machines

vCenter Server privilege requirements


The vCenter Server role that is assigned to a Rubrik cluster must provide specific privileges on the
vCenter Server.
Minimum vCenter Server Privileges lists and describes the required privileges.
In order to provide data management and protection for virtual machines in a vSphere
environment, the vCenter Server role assigned to the Rubrik cluster must meet the minimum
requirements.

Adding vCenter Server connection information


Add connection information for a vCenter Server to a Rubrik cluster to permit the Rubrik cluster to
protect the virtual machines that are running on the hypervisors of the vCenter Server.
The Rubrik cluster attempts to initiate a connection with the vCenter Server using vCenter Server
6.0 or newer protocols, which require a trusted root certificate.

! IMPORTANT
When a trusted root certificate is not provided, the Rubrik cluster uses the trust on first use
(TOFU) standard to authenticate the vCenter Server. Depending on the network
environment, this might not ensure secure operation.

1. Log in to the Rubrik CDM web UI.


2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click the blue + icon.
The Add vCenter dialog box appears.
5. In vCenter IP, type the resolvable hostname or IPv4 address of the vCenter Server.
6. In vCenter Username, type the username assigned to the Rubrik cluster.
7. In vCenter Password, type the password assigned to the Rubrik cluster.
8. (Optional) Turn on the automatic linking feature by clicking the Automatically link
discovered virtual machines checkbox.
9. Click Advanced Setting to add a Certificate Authority (CA) certificate for TLS validation.
The dialog box expands to show the Trusted Root Certificate field.

Rubrik CDM Version 5.0 User Guide Manage vCenters 333


vSphere Virtual Machines

10.Paste the text of the trusted CA root certificate for the vCenter into the Trusted Root Certificate
field.
11.Click Add.
The Rubrik cluster tests the connection and saves the information.

Refreshing the metadata provided by a vCenter Server


Manually refresh the metadata provided by a vCenter Server.
Before you begin. Add information about the vCenter Server to the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Select a vCenter Server.
Select multiple vCenter Servers to refresh all of the selected entries.
5. Open the ellipsis menu at the top of the page.
6. Click Refresh vCenter.
The Rubrik cluster starts a task to refresh the selected vCenters.

Editing vCenter Server connection information


Edit the vCenter Server connection information that is stored by a Rubrik cluster to change the IP
address, username, and password.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Open the ellipsis menu of a vCenter Server entry.
5. Click Edit.
The Edit dialog box appears.

Rubrik CDM Version 5.0 User Guide Manage vCenters 334


vSphere Virtual Machines

6. Make changes to the information.


7. (Optional) Turn on or turn off the automatic linking feature by clicking the Automatically link
discovered virtual machines checkbox.
8. Click Update.
The Rubrik cluster tests the connection and saves the information.

Deleting vCenter Server connection information


Delete the vCenter Server connection information that is stored by a Rubrik cluster to remove
protection of the virtual machines of that vCenter Server.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Open the ellipsis menu of a vCenter Server entry.
5. Click Delete.
A confirmation dialog box appears.
6. Click Delete.
The Rubrik cluster deletes the information for the selected vCenter Server.
The Rubrik cluster provides management access to the data from the virtual machines of that
vCenter Server through the Snapshot Retention page.

SLA Domain assignment


Provide protection for a virtual machine through an SLA Domain.
A virtual machine can be protected by assigning an SLA Domain setting individually to the virtual
machine. A virtual machine can also be protected by deriving an SLA Domain setting through
automatic protection.
Automatic protection occurs in one of the following ways:
 An administrator assigns an object that contains the virtual machine to an SLA Domain.
 An administrator moves the virtual machine into the hierarchy of an object that is assigned to
an SLA Domain.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 335
vSphere Virtual Machines

Automatic protection uses the automatic protection rules to determine whether a setting applies to
an object. Automatic protection rules describes these rules.

Assigning an SLA Domain setting to a virtual machine


Specify an SLA Domain for a virtual machine, set the virtual machine to inherit from a parent, or
specify Do Not Protect for the virtual machine.
Protect a set of virtual machines by assigning the selected set to an SLA Domain. Assigning virtual
machines to an SLA Domain protects the virtual machines by applying the data protection policies
of the SLA Domain.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. Select a virtual machine.


Select multiple virtual machines to assign the same setting to all of the selected virtual
machines.
To help find virtual machines, use the filters, sort the entries by column heading, or use the
search field. Finding protection objects describes these tools.
3. Click Manage Protection.
A dialog box with one or more warnings may appear. Warning messages describes the potential
warnings.
The Manage Protection dialog box appears.
4. Select an SLA Domain.
Manage Protection options describes the choices.
5. Click Submit.
The Rubrik cluster assigns the selection group to the SLA Domain.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 336
vSphere Virtual Machines

Assigning an SLA Domain setting to a vCenter Server folder


Specify an SLA Domain setting for a vCenter Server folder to have the setting applied to the
objects and virtual machines contained by the folder.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
2. Select Folders.
The Folders tab appears.
3. Select an object within the vCenter Server folder hierarchy.
Click a value in the Name column to move down in the folder hierarchy.
Select multiple objects to apply the setting to more than one object in the folder hierarchy.
4. Click Manage Protection.
A dialog box with one or more warnings may appear. Warning messages describes the potential
warnings. Click Continue Anyway to proceed or click Cancel to return to the Folders tab.
The Manage Protection dialog box appears.
5. Select an SLA Domain.
Manage Protection options describes the choices.
6. Click Submit.
When the SLA Domain selection will cause a change in the individual setting of a object that is
contained by one of the selected objects, the SLA Conflicts dialog box appears. Resolving SLA
conflicts describes how to use this dialog box.
When there are no SLA conflicts, the Rubrik cluster applies the selected setting to the selected
objects.
The automatic protection rules determine the application of the selected setting to virtual
machines contained by the selected objects. Automatic protection rules describes the
automatic protection rules.
7. (SLA conflicts only) After resolving all SLA conflicts, click Done.
The Rubrik cluster applies the selected setting to the selected objects and resolves conflicts as
specified.
The automatic protection rules determine the application of the setting to the virtual machines
that are contained by the selected objects.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 337
vSphere Virtual Machines

Assigning an SLA Domain setting to a vCenter Server cluster or host


Specify an SLA Domain setting for vCenter Server clusters and hosts to have the setting applied to
the objects and virtual machines contained by the clusters and hosts.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
2. Select Clusters/Hosts.
The Clusters/Hosts tab appears.
3. Select an object within the vCenter Server hosts hierarchy.
To browse down the hosts hierarchy, click a value in the Name column.
Select multiple objects to apply the setting to more than one object in the hosts hierarchy.
4. Click Manage Protection.
A dialog box with one or more warnings may appear. Warning messages describes the potential
warnings. Click Continue Anyway to proceed or click Cancel to return to the Folders tab.
The Manage Protection dialog box appears.
5. Select an SLA Domain.
Manage Protection options describes the choices.
6. Click Submit.
When the SLA Domain selection will cause a change in the individual setting of a object that is
contained by one of the selected objects, the SLA Conflicts dialog box appears. Resolving SLA
conflicts describes how to use this dialog box.
When there are no SLA conflicts, the Rubrik cluster applies the selected setting to the selected
objects.
The automatic protection rules determine the application of the selected setting to virtual
machines contained by the selected objects. Automatic protection rules describes the
automatic protection rules.
7. (SLA conflicts only) After resolving all SLA conflicts, click Done.
The Rubrik cluster applies the selected setting to the selected objects and resolves conflicts as
specified.
The automatic protection rules determine the application of the setting to the virtual machines
that are contained by the selected objects.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 338
vSphere Virtual Machines

Manage Protection options


Select virtualization hierarchy entities and click Manage Protection to view the Manage Protection
dialog box for the selected entities. The Manage Protection dialog box provides several options for
the selected entities.
Table 65 describes the options available through the Manage Protection dialog box.
Table 65 Options available through the Manage Protection dialog box
Field Action Description
Search Search SLA Domains Predictive search for SLA Domains by using the
characters entered in the search field to match the
same sequence of characters anywhere in the SLA
Domain name.
Blue + icon Click to open the Create New Opens the Create New SLA Domain dialog box.
SLA Domain dialog box Create a new SLA Domain and assign that SLA
Domain to the selected group of objects.
SLA Domain list Select an SLA Domain Select an SLA Domain to assign to the selected group
of objects. The Rubrik cluster assigns the selected
SLA Domain individually to each of the selected
objects. The automatic protection rules determine
whether the Rubrik cluster assigns the selected SLA
Domain to objects contained by a selected object.
Do Not Protect Select to assign Individually assigns the Do Not Protect setting to each
of the selected objects.The automatic protection rules
determine whether objects that are contained by a
selected object inherit the Do Not Protect setting.
The Rubrik cluster does not create policy driven
snapshots for a virtual machine that is individually set
to Do Not Protect or that inherits the Do Not Protect
setting.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 339
vSphere Virtual Machines

Resolving SLA conflicts


The Manage Protection setting of a selected object can conflict with the setting that is individually
assigned to an object contained by the selected object. When a conflict is detected, the Rubrik
cluster opens the SLA Conflicts dialog box to permit the conflict to be resolved.
When the SLA Conflicts dialog box appears, it lists each object that has an individual SLA setting
that conflicts with the setting being applied to a selected containing object. The SLA Conflicts
dialog box initially lists these objects in the Keep Current SLA column.
1. Assign an SLA Domain setting to an object, as described in Assigning an SLA Domain setting to
a vCenter Server folder.
2. When the SLA conflicts dialog box appears, do one of the following for each listed object:
• Leave that object in the Keep Current SLA column.
This retains the individual setting of the listed object.
• Move the object to the Inherit From Parent column.
The individual setting of the listed object is removed, and the object inherits the setting
selected in the Manage Protection dialog box. The setting that the object inherits can be a
specific SLA Domain assignment, the Inherit SLA setting, or the Do Not Protect setting
3. Click Done.

Removing an SLA Domain setting


Remove an individual SLA Domain setting from a virtual machine. After the task completes, the
virtual machine derives a setting based on the automatic protection rules.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. Select a virtual machine.


Select multiple virtual machines to remove the individual setting of every virtual machine in the
selection group.
To help find virtual machines, use the filters, sort the entries by column heading, or use the
search field. Finding protection objects describes these tools.

Rubrik CDM Version 5.0 User Guide SLA Domain assignment 340
vSphere Virtual Machines

3. Click Manage Protection.


A dialog box with one or more warnings may appear. Warning messages describes the potential
warnings.
The Manage Protection dialog box appears.
4. Select Clear Existing Assignment.
A warning dialog box appears.
5. Click Clear.
The Rubrik cluster removes the individual assignments for the selected group. Each virtual
machine in the selection group derives a protection setting based on the automatic protection
rules.

Virtual machine scripts


The Rubrik cluster can be configured to run scripts on a guest OS before a snapshot, after the
snapshot, and after the Rubrik cluster completes the backup process.
Use this feature to put a guest OS in a specific state before a snapshot, change that state
immediately after the snapshot is completed on the host system, and perform other actions after
the Rubrik cluster completes the backup process.
To allow the Rubrik cluster to start scripts, provide Guest OS credentials with sufficient privileges.
Without adequate credentials, the Rubrik cluster cannot start the scripts. Guest OS settings
describes how to add Guest OS credentials.
For example, run a script to quiesce applications before a snapshot, another script to restore the
applications to their normal running status after the snapshot, and a final script to perform
clean-up at the end of the backup process.
The scripts can consist of any sequence of operations that can be run by the command line
interpreter of the guest OS. Table 66 describes the scripts.
Table 66 Virtual machine Pre/Post Scripts (page 1 of 2)
Name Description
Pre-Backup Script • Use Pre-Backup Script to prepare for a backup by quiescing the applications on the
virtual machine.
• Requires that a timeout value be specified.
• The Rubrik CDM web UI provides an option to cancel the backup task when the
Pre-Backup Script does not complete successfully.

Rubrik CDM Version 5.0 User Guide Virtual machine scripts 341
vSphere Virtual Machines

Table 66 Virtual machine Pre/Post Scripts (page 2 of 2)


Name Description
Post-Snap Script Must be idempotent, script may be invoked several times during a single backup task.
• Use Post-Snap Script to minimize stun time and resume all applications on the
virtual machine.
• Also, use Post-Snap Script to perform clean-up tasks if a backup task fails.
• Requires that a timeout value be specified.
• Post-Snap Script runs immediately after the host snapshot task completes.
Post-Backup Must be idempotent, script may be invoked several times during a single backup task.
Script • Use Post-Backup Script to perform custom post-processing at the end of the backup
process.
• Requires that a timeout value be specified.
• Post-Backup Script runs after: the snapshot is copied to the Rubrik cluster and
released on the virtual machine host, and the Rubrik cluster completes all data and
metadata processing tasks.

Enabling scripts
Configure the Rubrik cluster to run scripts when a virtual machine is backed up.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. In Name, click the name of a virtual machine.


The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Configure Pre/Post Scripts.
The Configure Pre/Post Scripts dialog box appears.
4. (Optional) In Pre-Backup Script Path, type the full path for the Pre-Backup Script.
The full path is relative to the root of the guest OS file system.
5. (Optional) Select Cancel Backup if Pre-Backup Scripts Fails.
6. (Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the
Pre-Backup Script because the script cannot be completed.

Rubrik CDM Version 5.0 User Guide Virtual machine scripts 342
vSphere Virtual Machines

7. (Optional) In Post-Snap Script Path, type the full path for the Post-Snap Script.
The full path is relative to the root of the guest OS file system.
8. (Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the
Post-Snap Script because the script cannot be completed.
9. (Optional) In Post-Backup Script Path, type the full path for the Post-Backup Script.
The full path is relative to the root of the guest OS file system.
10.(Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the
Post-Backup Script because the script cannot be completed.
11.Click Apply.
The Rubrik cluster stores the information and runs the specified scripts for all subsequent backups
of the selected virtual machine. The Rubrik cluster provides entries in the Activity Log for errors
that occur when running the scripts as specified.

Storage array integration


A Rubrik cluster can integrate with a storage array to further reduce the time that a virtual
machine is quiescent during a snapshot operation. To qualify for storage array integration, all
datastores assigned to the virtual machine must reside on storage arrays.
Normally, a Rubrik cluster ingests the VMDK files of a virtual machine as part of the snapshot
process. During this time the virtual machine must be kept quiescent. A Rubrik cluster ingests the
VMDK files very quickly resulting in extremely short periods of quiescence. However, for large
VMDK files, the time that is required for ingesting the VMDK files can impact the virtual machine.
With storage array integration, a Rubrik cluster can use the API of the storage array to move
ingestion of the VMDK files out of the vSphere environment and onto the storage array. Using
storage array integration, a Rubrik cluster can release a virtual machine for normal operation
immediately after a hypervisor snapshot. The Rubrik cluster takes storage array snapshots and
uses those for ingestion of the VMDK files.
After releasing the virtual machine, the Rubrik cluster mounts the storage array level snapshots as
temporary datastores on the virtual machine host. The Rubrik cluster then attaches the VMDK files
from the temporary datastores to a proxy virtual machine. The Rubrik cluster completes the data
ingestion through the proxy virtual machine, and then removes the temporary datastore objects
and the proxy virtual machine.

Rubrik CDM Version 5.0 User Guide Storage array integration 343
vSphere Virtual Machines

Storage array integration can employ custom scripts running on the guest operating system to
provide application level quiescence or application consistency. A pre-backup script can prepare an
application for the brief quiescence and a post-snap script can resume the application immediately
after the snapshot./
Virtual machine scripts provides information about scripts.

Datastore requirements for storage array integration


To use storage array integration, all of the datastores assigned to a virtual machine must reside on
a single storage array or on multiple storage arrays of the same type.
Datastores that span multiple storage arrays of the same type are permitted.

Enabling storage array integration for a virtual machine


Enable storage array integration for a virtual machine to allow the Rubrik cluster to ingest VMDK
files directly from datastores on storage arrays. Storage array integration can reduce the
quiescence period for a virtual machine during snapshot operations.
Before you begin — Do the following:
 Ensure the datastores of the virtual machine reside on supported storage arrays.
 Add the storage arrays to the Rubrik cluster as described in Adding a storage array.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. In the Name column, click the name of the virtual machine.


The local host page for the selected virtual machine appears.
3. (Optional) Open the ellipsis menu on the top bar of the local host page and select Configure
Pre/Post Scripts.
The Configure Pre/Post Scripts dialog box appears.
4. (Optional) Enable the pre-backup script and the post-snap script for the virtual machine.
Enabling scripts describes how to enable scripts.

Rubrik CDM Version 5.0 User Guide Storage array integration 344
vSphere Virtual Machines

5. Open the ellipsis menu on the top bar of the local host page and select Enable Array
Integration.
The Enable Array Integration menu item only appears when the virtual machine is eligible for
storage array integration. After a storage array is added, the Rubrik cluster scans all virtual
machines to determine eligibility for storage array integration. The menu item will not appear
until the conclusion of the scanning period.
The message “Enabled array integration” appears in the Activity Log.
The Rubrik cluster stores the information and uses storage array integration for all subsequent
backups of the virtual machine.

Disabling storage array integration


Disable storage array integration for a virtual machine to prevent the Rubrik cluster from ingesting
VMDK files directly from datastores on storage arrays. Disabling storage array integration can
increase the quiescence period for a virtual machine during snapshot operations.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. In the Name column, click the name of the virtual machine.


The local host page for the selected virtual machine appears.
3. Open the ellipsis menu on the top bar of the local host page and select Disable Array
Integration.
The message “Disabled array integration” appears in the Activity Log.
The Rubrik cluster uses the normal snapshot work flow for the next scheduled or on demand
backup of the virtual machine and for all subsequent backups of the virtual machine.

Exclude VMDK files


Virtual machines can include some VMDK files that do not need to be protected. The Rubrik cluster
can be configured to ignore some of the VMDK files of a virtual machine while protecting the other
VMDK files of that virtual machine.

Rubrik CDM Version 5.0 User Guide Exclude VMDK files 345
vSphere Virtual Machines

Excluding VMDK files of a virtual machine


When backups are not required for some of the VMDK files of a virtual machine, exclude those
VMDK files from backups.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. In the Name column, click the name of a virtual machine.


To help find virtual machines, use the filters, sort the entries by column heading, or use the
search field. Finding protection objects describes these tools.
The local host page for the selected virtual machine appears. Local host page describes the
local host page.
3. Open the ellipsis menu on the top bar of the local host page and select Exclude VMDKs.
The Exclude VMDK dialog box appears.
4. Select the VMDK files to exclude.
5. Click Exclude.
The Rubrik cluster excludes the selected VMDK files from all future backups of the virtual machine.

Finding protection objects


The Rubrik CDM web UI provides several tools for finding protection objects.

Displaying all discovered virtual machines


The Rubrik CDM web UI lists all of the virtual machines that have been discovered on the VM
Protection page. Access this page using one of several methods.
The following methods open the VM Protection page and display all discovered virtual machines:
 On the Dashboard page, on the Virtual Machines card, click See All.
 On the left-side menu, click Virtual Machines > vSphere VMs.

Rubrik CDM Version 5.0 User Guide Finding protection objects 346
vSphere Virtual Machines

Displaying unprotected virtual machines from the Dashboard


From the Dashboard, display all unprotected virtual machines.
1. Open the Rubrik CDM web UI to the main Dashboard.
2. On the Virtual Machines card, in the Unprotected field, click Protect Now.
The Virtual Machines page opens, with the VMs tab selected, and filters the view to show All
Unprotected virtual machines

Displaying unprotected virtual machines from the VM Protection page


Use a filter to display all unprotected virtual machines.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
2. Click the Filter SLA drop-down menu.
3. On the Filter SLA drop-down menu, select one of the following filters:
• Unprotected – Displays all unprotected virtual machines, both No SLA and Do Not Protect.
• No SLA – Displays virtual machines that have not inherited an SLA Domain setting.
• Do Not Protect – Displays virtual machines that have inherited the Do Not Protect setting,
or have Do Not Protect individually assigned.
The Rubrik CDM web UI displays the virtual machines that belong to the selected protection state.

Sorting virtual machines by using the SLA filter


Use the SLA filter to find specific virtual machines.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
2. Click the Filter SLA drop-down menu.
3. On the Filter SLA drop-down menu, select one of the named SLA Domains, or select a
protection state, either: No SLA or Do Not Protect.
The Rubrik CDM web UI displays the virtual machines that belong to the selected SLA Domain or
to the selected protection state.

Rubrik CDM Version 5.0 User Guide Finding protection objects 347
vSphere Virtual Machines

Finding virtual machines by using the Search field


Use the Search field to find a specific virtual machine.
1. In the Search field, at the top of all Rubrik CDM web UI pages, type the name of the virtual
machine.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
The search matches the characters entered in the search field with the same sequence of
characters anywhere in a name. Continue to type characters to narrow down the results until
the virtual machine appears.
2. When the name of the virtual machine appears in the displayed list, select the name.
The Rubrik CDM web UI displays the local host page for the virtual machine.

Finding entities by using the object tab


Use object tabs on the Virtual Machines page to define a hierarchical view to search and to
browse. Then use the search field to find entities within the defined view, or to browse to entities
within the defined view.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system. In the tab bar, select a tab.
Select one of the following:
• VMs – Provides a virtual machines only view, with the hierarchical location of each virtual
machine displayed in the location column.
• Folders – Provides the vCenter Server folder hierarchy view, starting at the vCenter Server.
• Clusters/Hosts – Provides the vCenter Server cluster and host hierarchy view, starting at
the vCenter Server.
2. (Search Only) In the tab search field, begin typing an entity name.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
The search matches the characters entered in the search field with the same sequence of
characters anywhere in a name. Continue to type characters to narrow down the results until
the entity appears in the results.
3. (Search Only) Stop typing when the name of the entity appears on the page.
4. (Browse Only) Click the name of a top-level entity.
The Rubrik CDM web UI displays the entities within the selected entity.
5. (Browse Only) Continue clicking entity names to browse down the hierarchy to a specific entity.

Rubrik CDM Version 5.0 User Guide Finding protection objects 348
vSphere Virtual Machines

Selecting data sources


Use the objects filter and tab search field to find and select data protection entities.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
2. Use one of the search or sort methods to display the entities to be selected.
3. Select the entities.
A check mark appears next to each selected entity.
4. Select Manage Protection.
SLA Domain assignment describes how to assign an SLA Domain.

Warning messages
As part of the task of assigning SLA Domains, the Rubrik cluster may display warning messages.
For each type of warning, the Rubrik cluster offers the option to continue or to cancel the task.
The Rubrik cluster may display the following warning messages, individually or in combination:
 Assignment Conflicts
 These VM(s) are already protected
 VMware Tools not installed
Each of these warnings can appear separately, or together in a Multiple Warnings dialog box.

Assignment Conflicts
The Rubrik CDM web UI displays the Assignment Conflicts warning when the Rubrik cluster
detects a conflict in the SLA Domain setting for a selected object.
When a virtual machine within the hierarchy of a selected object inherits an SLA Domain
assignment from a vCenter Server cluster or host, and also from a vCenter Server folder, the
Assignment Conflicts warning appears. In this situation, the virtual machine always inherits the
policy of the vCenter Server folder, unless a SLA Domain setting is individually assigned to the
virtual machine.
When the Assignment Conflicts warning appears, do one of the following:
 Continue the operation to assign the selected SLA Domain setting to the selected objects.
 Cancel the operation and remove the selected objects from the selection set.

Rubrik CDM Version 5.0 User Guide Finding protection objects 349
vSphere Virtual Machines

To prevent the Assignment Conflicts warning from appearing again, select Don’t show this
again.

Protected VMs warning


The Rubrik CDM web UI displays the protected VMs warning when the Rubrik cluster detects that
an SLA Domain setting is already associated with a selected virtual machine.
The protected VMs warning is “These VM(s) are already protected”.
When the protected VMs warning appears, do one of the following:
 Continue the operation to assign the selected SLA Domain to the protected virtual machines.
 Cancel the operation and remove the virtual machines from the selection set.
Changing the SLA Domain of a virtual machine may result in immediate expiration of some
snapshots, as described in Changing the assigned SLA Domain.

VMware tools warning


The Rubrik cluster displays the VMware tools warning when it detects that the correct version of
VMware Tools is not installed on a selected virtual machine.
The VMware tools warning is “VMware Tools not installed”.
The Rubrik cluster requires the current version of VMware Tools to perform administrative
operations and to enable application consistent snapshots. The vSphere environment specifies the
current version of VMware Tools for every virtual machine in the environment.
When the VMware tools warning appears, do one of the following:
 Continue the operation to assign the selected SLA Domain to the protected virtual machines.
 Cancel the operation and upgrade VMware Tools on each of the virtual machines in the
selection set.
VMware Tools version provides more information about the role of VMware Tools for application
consistent snapshots.
For information on installing VMware Tools on a guest OS, see:
https://kb.vmware.com/kb/1014294

Protection consequences
The SLA rules defined by an SLA Domain impact the protection of virtual machines in several
ways. SLA rules specify when snapshots are created, when snapshots expire, and where snapshot
data is stored.

Rubrik CDM Version 5.0 User Guide Protection consequences 350


vSphere Virtual Machines

A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an
SLA Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same
SLA Domain that created the snapshot.
Sometimes, the source virtual machine for a snapshot is assigned to another SLA Domain after the
snapshot is created. When this occurs the new SLA Domain becomes the managing SLA Domain
for the policy driven snapshot.
A policy driven snapshot can require manual management when it loses an association with the
SLA Domain.

Protecting a new virtual machine


A new virtual machine is one for which no policy driven snapshots exist. After a new virtual
machine is assigned to an SLA Domain, all of its snapshots, replicas and archival snapshots are
created and managed based on the SLA rules of the SLA Domain.
Table 67 provides a quick overview of the impact of assigning a new virtual machine to an SLA
Domain.
Table 67 Impact of SLA Domain properties on snapshots
SLA Domain property Virtual machine snapshot impact
SLA rules Determines when policy driven snapshots are created and when they are
automatically expired.
Local Cluster Retention Period Determines how long snapshots are retained on the local Rubrik cluster.
When an archival account exists for the SLA Domain, policy driven
snapshots older than the Local Cluster Retention Period are automatically
copied to archival snapshots on an archival location.
Replication Retention Period Determines how long replicas are retained on a replication target cluster.
Maximum Retention Period Determines how long snapshots are retained by the system. The Rubrik
cluster automatically expires policy driven snapshots that are older than
the Maximum Retention Period.

Changing the assigned SLA Domain


A protected virtual machine may be assigned to another SLA Domain in order to satisfy specific
business requirements (e.g. data governance policy changes or space management
requirements). Example 11 describes this situation.

Example 11 Assigning a protected virtual machine to another SLA Domain


Assume that a virtual machine was assigned to the SLA Domain D1 and later was assigned to the
SLA Domain D2. At the time of the reassignment, the virtual machine had existing policy driven
snapshots. After the reassignment, those existing policy driven snapshots are managed based on
the policies set in SLA Domain D2.

Rubrik CDM Version 5.0 User Guide Protection consequences 351


vSphere Virtual Machines

If D1 has a higher base frequency of snapshots than D2 (e.g. D1 was Gold and D2 was Bronze),
then existing policy-driven snapshots that are not required by the policies of D2 are deleted from
the system.
By doing this, the Rubrik cluster brings the snapshot history for the virtual machine into
compliance with the frequency and retention periods defined by D2.
Alternatively, if D2 specifies a higher base frequency of snapshots, (e.g. D2 was Gold and D1 was
Bronze) then the virtual machine will initially appear in the SLA Compliance reports as out of
compliance with D2’s SLA because the existing snapshots were insufficient to meet the new SLA
rules.

Removing protection from a virtual machine


For business reasons, a user might choose to remove protection from a virtual machine by
removing it from the assigned SLA Domain.
When a virtual machine is removed from an SLA Domain, no further policy driven snapshots for
virtual machine are created and no replication or archival activity occurs for the virtual machine.
All existing snapshots for the virtual machine must be managed manually.

Re-protecting a virtual machine


At times, a virtual machine that is protected by one SLA Domain may be temporarily set to Do Not
Protect, and then reassigned to another SLA Domain for protection.
When a reassignment occurs, the existing snapshots of the virtual machine are subject to the
retention policies of the currently assigned SLA Domain, including:
 Local cluster retention period
 Replication retention period
 Maximum retention period
Example 12 describes re-protecting a virtual machine.

Example 12 Re-protecting a virtual machine


Assume that a virtual machine is protected under SLA Domain D1, the virtual machine is removed
from D1, and then the virtual machine is protected again by assigning the virtual machine to SLA
Domain D2.
In this example, when the virtual machine is removed from protection, all its policy driven
snapshots must be managed manually.
When the virtual machine is assigned to SLA Domain D2, the policy driven snapshots for the
virtual machine are managed based on the policies defined in D2.

Rubrik CDM Version 5.0 User Guide Protection consequences 352


vSphere Virtual Machines

All existing and future snapshots for the virtual machine are subject to D2’s rules regarding local
cluster retention period, replication retention period and maximum retention period.

Local host page


The local host page provides detailed information about the protection of a virtual machine, and
tasks related to the virtual machine. The local host page provides the following sections:
 Action bar
 Overview card
 Snapshots card

Viewing a local host page


Access a local host page to view information about a local virtual machine.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.

Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.

2. In Name, click the name of a virtual machine.


The local host page for the selected virtual machine appears.

Action bar
For the selected local virtual machine, the action bar provides the actions described in Table 68.
Table 68 Actions available from the action bar (page 1 of 2)
Action Description
Take On Demand Snapshot Adds an on-demand snapshot of the virtual machine to the task queue.
Note: Backup Window settings defined for the SLA Domain of the
virtual machine do not apply to on-demand snapshots. Only the
maximum retention and remote configuration settings of the associated
SLA Domain apply to on-demand snapshots.

Rubrik CDM Version 5.0 User Guide Local host page 353
vSphere Virtual Machines

Table 68 Actions available from the action bar (page 2 of 2)


Action Description
Manage Protection Opens the Manage Protection page where the virtual machine can be
assigned to an SLA Domain for protection.
When the virtual machine is already assigned to an SLA Domain, a
warning appears. Click Continue to open the Manage Protection page.
Click Cancel to return to the local host page.
Ellipsis menu > Delete All Only appears for an unprotected virtual machine. Deletes all local
Snapshots snapshots for the virtual machine. Archival snapshots and replicas are
not deleted.
Ellipsis menu > Exclude VMDKs Provides access to the Exclude VMDK dialog box, as described in
Exclude VMDK files.
Ellipsis menu > Configure Provides access to the Configure Application Consistency dialog box, as
Application Consistency described in Specifying crash consistent backups.
Ellipsis menu > Configure Provides access to the Configure Pre/Post Scripts dialog box, as
Pre/Post Scripts described in Snapshots.
Ellipsis menu > Enable Array Only appears when the virtual machine is eligible for storage array
Integration integration. Enables storage array integration for all subsequent
backups of the virtual machine, as described in Storage array
integration.
Register Rubrik Backup Service Establishes a connection between the Rubrik cluster and the Rubrik
Backup Service (RBS) software running on the guest OS of the virtual
machine.

Rubrik CDM Version 5.0 User Guide Local host page 354
vSphere Virtual Machines

Overview card
The Overview card provides the information that is described in Table 69.
Table 69 Information available on the Overview card
Field Description
vCenter IP address of the vCenter Server that manages the virtual machine.

Host Host–For virtual machines that are assigned to an SLA Domain without an
or Archival policy, shows the IP address of the hypervisor that hosts the virtual
Cloud Conversion machine.
Cloud Conversion–For virtual machines that are assigned to an SLA Domain
with an Archival policy, shows the Configure button and either:
• Disabled
• Name of the archival location
SLA Domain Name of the SLA Domain that manages the protection of the selected virtual
machine.
Live Mounts Number of live mounts for snapshots associated with the selected virtual
machine.
Oldest Snapshot Timestamp for the oldest snapshot associated with the selected virtual machine.
When the SLA Domain has an active archival policy, the oldest snapshot
resides at the archival location.
Latest Snapshot Timestamp for the most recent successful snapshot of the selected virtual
machine.
Total Snapshots Total number of retained snapshots for the selected virtual machine, including
both the local Rubrik cluster and any archival location.
Missed Snapshots Number of policy-driven snapshots that did not complete successfully. A missed
snapshot is included in the count until the period since the SLA Domain policy
required the snapshot exceeds the retention period of the SLA Domain.

Rubrik CDM Version 5.0 User Guide Local host page 355
vSphere Virtual Machines

Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the
snapshots that reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views.
Each view uses color spots to indicate the presence of snapshots on a date and to indicate the
status of SLA Domain compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the
virtual machine.
Table 70 lists the colors that the Snapshots card uses and describes the status that each color
represents.
Table 70 Status colors used on the calendar views
Color Status
Green All snapshots required by SLA Domain policy were successfully created.
Orange All snapshots required by SLA Domain policy were successfully created but at least
one snapshot caused a warning.
Red At least one snapshot required by SLA Domain policy was not successfully created.

Table 71 describes the calendar views available on the Snapshots card.


Table 71 Calendar views on the Snapshots card
View Description
Year The Year view displays snapshot creation information for an entire year. A color spot indicator on a
specific date indicates snapshot activity, and displays the SLA Domain compliance status for that
day.
Month The Month view displays snapshot creation information for an entire month. A color spot indicator
on a specific date indicates snapshot activity, and displays the SLA Domain compliance status for
that day.
Day The Day view displays the individual snapshots that were created on the selected day. The Day
view also provides the additional information and actions described in the following section.

Rubrik CDM Version 5.0 User Guide Local host page 356
vSphere Virtual Machines

Information available on the day view for a local virtual machine


For a local virtual machine, the day view provides information about snapshots, as described in
Table 72.
Table 72 Additional snapshot information in the day view
Category Description
Time Creation time of the snapshot.
Location For a snapshot that resides only on local storage the indicator field is empty.
The following icon indicates a snapshot that resides at an archival location.

The following icon indicates a snapshot that resides locally and at an archival location.

The following icon indicates a replica of the snapshot was sent to the target Rubrik cluster.

Status The following icon indicates a warning for the snapshot entry. Hover over the icon to see
additional information.

The following icon indicates the policy driven snapshot represented by the entry was not
completed successfully.

Source action The following icon indicates a policy driven snapshot.

The following icon indicates an on-demand snapshot.

Rubrik CDM Version 5.0 User Guide Local host page 357
vSphere Virtual Machines

Actions available on the day view for a local virtual machine


For a local virtual machine, the day view provides the ability to initiate various actions with
snapshots. Access the actions by clicking the ellipsis menu.
The ellipsis menu provides the actions described in Table 73 for snapshots that reside on the local
Rubrik cluster.
Table 73 Actions available for snapshots that reside on the local Rubrik cluster
Command Description
Search by File Name Use the predictive search field to find file by typing the name.
Mount Use the snapshot to create and mount a new virtual machine on a hypervisor host.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows:
name of source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The local Rubrik cluster is the datastore for the new virtual machine.
Instantly Recover Restore a virtual machine into the production environment by using the selected
snapshot.
The new virtual machine is given the same name as the source virtual machine
and is powered on and connected to the network. The source virtual machine is
powered off and renamed.
The local Rubrik cluster serves as the datastore for the new virtual machine.
Export Use the snapshot to create and mount on an hypervisor host a new virtual
machine, that is a copy of the local virtual machine.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows:
name of source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The hypervisor host is the datastore for the new virtual machine.
Browse Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Restoring files or folders by download from notification message describes how to
download a file or folder.
Delete Delete the selected snapshot.
This command only appears for snapshots that are not created based on an SLA
Domain policy, such as:
• On-demand snapshots
• Retrieved snapshots
• Snapshots for an unprotected virtual machine

Rubrik CDM Version 5.0 User Guide Local host page 358
vSphere Virtual Machines

For snapshots that reside on an archival location, the ellipsis menu provides the actions described
in Table 74.
Table 74 Actions available for snapshots that reside on an archival location
Command Description
Download Transfer a copy of the selected snapshot to the local Rubrik cluster so that it is available for
additional local actions. The local Rubrik cluster provides a notification when the download is
completed.
Browse Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Restoring files or folders by download from notification message describes how to download
a file or folder.

Snapshots
The Rubrik cluster provides protection for virtual machines by combining native snapshot
technology with the fast and scalable cloud data management platform of the Rubrik cluster.

Back up processes
A Rubrik cluster backs up a virtual machine by creating a snapshot of the virtual machine by using
VADP, or for Windows guests, by using the VSS agent that is integrated into the Rubrik Backup
Service (RBS).
When a Rubrik cluster begins protecting a virtual machine, the Rubrik cluster starts by creating a
first full snapshot of the virtual machine. This first full snapshot is a complete backup of the virtual
machine.
After the first full snapshot, the Rubrik cluster continues protection of the virtual machine by
creating incremental snapshots based on the change information provided by Changed Block
Tracking (CBT). The Rubrik cluster creates each incremental snapshot very quickly because the
snapshot only includes the data blocks that have changed since the last snapshot.
The vSphere environment transmits the snapshot data to the Rubrik cluster using the most
efficient available transport mode. Normally, the vSphere environment uses the NBD/NBDSSL
transport mode. The high efficiency of the Rubrik cluster eliminates data bottlenecks, allowing the
NBD/NBDSSL transport mode to provide data transmission rates that minimize the time that a
virtual machine is quiescent.
For VMDKs that are stored on a SAN, the Rubrik cluster can use the SAN transport mode. In this
mode, the Rubrik cluster uses the iSCSI protocol to obtain snapshot data over a direct connection
to the storage array resulting in very fast data transmission.

Rubrik CDM Version 5.0 User Guide Snapshots 359


vSphere Virtual Machines

Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines
the period in a day when the Rubrik cluster can initiate policy-driven snapshots of the virtual
machines that the SLA Domain protects.
When using the snapshot window policy, the specified window must be long enough to
accommodate the number of virtual machines that are assigned to the SLA Domain. Monitor the
snapshot activity of the SLA Domain to ensure that all policy-driven snapshots are successfully
completed. When necessary, lengthen the period to permit all snapshots to be completed
successfully.

Protection exceptions
The Rubrik cluster cannot protect data that exists on any of the following:
 VMDKs that are set to Independent-Persistent mode or to Independent-Nonpersistent
mode.
 Network drives that are mounted on the file system of a protected virtual machine.
 Any virtual machine for which the Rubrik cluster does not have snapshot creation permission
because of settings on the virtual machine or on a vSphere folder that contains the virtual
machine.
 Any virtual machine data that resides on raw disk mappings (RDMs), where the compatibility
mode of the RDMs is set to Physical.

Backup consistency levels


By default, the Rubrik cluster provides the highest level of backup consistency that is available for
a virtual machine.
Specifying crash consistent backups describes how to change the default backup consistency
setting.
Table 75 describes backup consistency levels, and the levels of consistency provided by a Rubrik
cluster.
Table 75 Backup consistency levels (page 1 of 2)
Consistency level Description Rubrik usage
Inconsistent A backup that consists of copying each Not provided
file to the backup target without
quiescence.
• File operations are not stopped
The result is inconsistent timestamps
across the backup and, potentially,
corrupted files.

Rubrik CDM Version 5.0 User Guide Snapshots 360


vSphere Virtual Machines

Table 75 Backup consistency levels (page 2 of 2)


Consistency level Description Rubrik usage
Crash consistent A point-in-time snapshot but without Provided when:
quiescence. • Guest OS does not have VMware
• Timestamps are consistent Tools installed
• Pending updates for open files are • Guest OS has an out-of-date version
not saved of VMware Tools
• In-flight I/O operations are not
completed
The snapshot can be used to restore
the virtual machine to the same state
that a hard reset would produce.
File system consistent A point-in-time snapshot with Provided when the guest OS has an
quiescence. up-to-date version of VMware Tools
• Timestamps are consistent and:
• Pending updates for open files are • Application consistency is not
saved supported for the guest OS
• In-flight I/O operations are completed • Guest OS is Windows and the RBS
• Application-specific operations may is not installed and registered
not be completed.
Application consistent A point-in-time snapshot with Provided when:
quiescence and application-awareness. • Guest OS is Windows and the RBS
• Timestamps are consistent is installed and registered
• Pending updates for open files are
saved Note: If RBS is not installed and
• In-flight I/O operations are completed registered, application consistent
• Application-specific operations are backups will be attempted using
completed. VMware Tools.

• Guest OS is not Windows, the guest


has an up-to-date version of VMware
Tools. and application consistency is
supported for the guest OS

Rubrik CDM Version 5.0 User Guide Snapshots 361


vSphere Virtual Machines

VMware Tools version


The Rubrik cluster determines whether a guest OS is running the most up-to-date version of
VMware Tools.
The Rubrik cluster requests the status of VMware Tools on a virtual machine from the vSphere
environment. When the vSphere environment replies that a virtual machine is not running the
most up-to-date version of VMware Tools, the Rubrik cluster displays a warning message. Warning
messages provides information about the warning message.

! IMPORTANT
To ensure file system consistent snapshots or application consistent snapshots for a virtual
machine, always install the most up-to-date version of VMware Tools.

For information on installing VMware Tools on a guest OS, see:


https://kb.vmware.com/kb/1014294

Application consistency
The Rubrik cluster supports application consistent snapshots for many guest OS types and
application types.
The Rubrik cluster supports application consistent snapshot for applications such as Microsoft
Exchange Server, Microsoft SQL Server, Microsoft Active Directory, Microsoft SharePoint, and
Oracle Database (RDBMS) running on certain versions of Windows Sever guest OS. To enable
application consistent snapshots for these applications, the RBS must be installed on the guest OS.
For Windows Guest OS, if RBS is not installed but VMware Tools is installed, the Rubrik cluster will
attempt to quiesce the Windows virtual machine using VMware Tools. Application consistency
cannot be assured under these circumstances but it will be attempted.
The Rubrik cluster does not support restore of an application consistent snapshot into an
availability group. Cluster consistency for the availability group cannot be ensured in this situation
and problems may occur.

Rubrik CDM Version 5.0 User Guide Snapshots 362


vSphere Virtual Machines

Specifying crash consistent backups


By default, the Rubrik cluster initiates application consistent backups for a virtual machine when
the environment of the virtual machine meets the requirements of application consistent backups.
To further minimize the impact of virtual machine stun, configure the Rubrik cluster to only run
crash consistent backups of the virtual machine.
To prevent the Rubrik cluster from running application consistent backups of a virtual machine,
change the default behavior by specifying crash consistent backups for that virtual machine.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Configure Application Consistency.
The Configure Application Consistency dialog box appears.
4. Select Crash Consistent.
5. Click Update.
The Rubrik cluster applies the setting to all future backups of the virtual machine.

Linux guest
A Rubrik cluster provides file system consistent snapshots on supported Linux guest OS types.
During snapshot creation, the Rubrik cluster uses VMware Tools to make guest OS kernel level
calls to quiesce (freeze) and to enable (thaw) the guest OS file system.

RBS on a Linux guest


Install the RBS on supported Linux guest OS virtual machines.
By using the RBS, the Rubrik cluster can provide significantly faster file and folder level restore
from indexed snapshots.
While using the RBS to facilitate restore provides performance improvements, using the RBS for
fileset backups of the Linux guest is not recommended. The VADP snapshots of a Linux guest
provide a more efficient method for backing up the Linux guest than the file system scanning
methods used for fileset backups. VADP snapshots only need to ingest changed blocks from the
Linux guest, but fileset backups require a full scan of the file system

Rubrik CDM Version 5.0 User Guide Linux guest 363


vSphere Virtual Machines

To provide performance improvements when restoring data to a Linux guest, install the RBS on
the Linux guest as described in Installing the Rubrik Backup Service software on a Linux or Unix
host.

Windows guest
A Rubrik cluster uses the RBS running on a Windows guest OS to provide application consistent
snapshots for Windows applications. The RBS has an integrated VSS provider to work with VSS on
the Windows OS.

Note: If RBS is not installed but VMware Tools is installed, the Rubrik cluster will attempt to
quiesce the Windows virtual machine using VMware Tools. Application consistency cannot be
assured under these circumstances but it will be attempted.

The RBS can be installed manually or automatically. In order to automatically install the RBS, the
Rubrik cluster must have valid guest OS credentials for the Windows guest and the Admin
Approval Mode must be disabled on the Windows guest.
For supported versions of Microsoft Exchange Server, the RBS truncates the transaction log after a
successful snapshot. Log truncation can significantly reduce the virtual machine space required by
the transaction log.

RBS on a Windows guest


The RBS provides the Rubrik cluster with the ability to provide application consistent snapshots for
Windows guests. The RBS also provides fast performance when restoring files and folders to the
guest.
Rubrik provides automatic upgrade of the RBS software as part of a general upgrade of the Rubrik
cluster software. After upgrading the Rubrik cluster software, the Rubrik cluster automatically
upgrades the RBS software on all protected hosts.
The RBS software can be deployed to Windows guests automatically or manually.
To use the automatic method, complete the task Automatically deploying the RBS.
To use the manual method, complete the following tasks:
 Obtain the RBS software
 Select a qualified account to use when installing the software
 Install the software of the Windows guest
 Register the Rubrik Backup Software instance with the Rubrik cluster

Rubrik CDM Version 5.0 User Guide Windows guest 364


vSphere Virtual Machines

Automatically deploying the RBS


When automatic deploy is enabled, the Rubrik cluster installs and registers the RBS on a
supported Windows guest at the next scheduled or on-demand backup of that Window guest.
After successfully installing the RBS on the Windows guest, all subsequent snapshots of the
Windows guest use the VSS provider that is integrated into the RBS.
1. Disable the Windows ‘Admin Approval Mode’ setting on each Windows guest.
Refer to Microsoft documentation for information on how to disable the Admin Approval Mode
setting.
2. Log in to the Rubrik CDM web UI of the Rubrik cluster.
3. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
4. Click Guest OS Settings.
The Guest OS Settings page opens, with the Guest OS Credentials tab selected.
5. Click the blue + icon.
The Add Guest OS Credentials dialog box appears.
6. Add a credential.
The credential must provide local administrator permissions for each Windows guest. This can
be provided by one or more separate credentials.
Multiple credentials can be added by click in the blue + sign on the dialog box. The Rubrik
cluster uses each stored credentials until access is obtained.
7. Click Add.
8. Select Connector Settings.
The Connector Settings tab opens.
9. In Rubrik Connector Deployment, select Automatic.
10.Click Update.
The Rubrik cluster stores the credential information. For each qualifying Windows guest, the
Rubrik cluster installs and registers the RBS on the Windows guest the next time a policy-based or
on-demand snapshot is initiated.

Rubrik CDM Version 5.0 User Guide Windows guest 365


vSphere Virtual Machines

Obtaining the RBS software through the Rubrik CDM web UI


Obtain the RBS software from the Rubrik CDM web UI of the Rubrik cluster.
The RBS software can be downloaded directly from the Rubrik cluster when it is needed, or the
software can be downloaded once and pushed to hosts as needed.

! IMPORTANT
The RBS software can only be used with the Rubrik cluster from which the software is
obtained. Each Rubrik cluster generates a copy of the RBS software that includes
authentication information specific to that Rubrik cluster. This method ensures that the
Rubrik cluster and a hosted deployment of the RBS can reliably authenticate each other.

1. Log in to the Rubrik CDM web UI.


2. On the left-side menu, select Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. Click Add Windows Hosts.
The Add Windows Hosts dialog box appears.
4. In the text of the dialog box, click Rubrik Backup Service.
The Save As dialog box appears.
5. Save the file to a temporary location.
Next task — Install the RBS software on Windows guests.

Obtaining the RBS software by URL


Obtain the RBS software directly by URL. The Rubrik cluster provides a direct URL link for the
software package for Windows hosts.
The RBS software can only be used with the Rubrik cluster from which it is obtained.
1. Open a web browser.
2. Access the URL:
https://<RubrikCluster>/connector/RubrikBackupService.zip
where <RubrikCluster> is the resolvable hostname or IP address of the Rubrik cluster.
The Save As dialog box appears.
3. Save the file to a temporary location.

Rubrik CDM Version 5.0 User Guide Windows guest 366


vSphere Virtual Machines

Account used to run the RBS on a Windows host


The RBS must run as an account that is a member of the Administrators group of the Windows
Server host.
When first installed, the RBS runs as a LocalSystem account. A LocalSystem account includes the
permissions that are provided by the local Administrators group.
Instead of running the RBS as a LocalSystem account, the RBS can be configured to run as a
member of the local Administrators group.
To run as a member of the local Administrators group, run the RBS as a user account that is one of
the following:
 Local user account that is a member of the local Administrators group
 Domain user account that is a member of the local Administrators group

Installing the RBS software on a Windows guest


Install the RBS software to provide the Rubrik cluster with the ability to manage data on the
Windows guest.
Before you begin. Choose or create an account to run the RBS software.
1. Copy RubrikBackupService.zip to a temporary directory on the Windows guest.
2. Extract the files from the ZIP file.
The ZIP file contains two files:
• RubrikBackupService.msi, a Windows Installer Package.
• backup-agent.crt, a security certificate for the RBS.

! IMPORTANT
When installing the RBS software, the security certificate file must be in the same folder
as the Windows Installer Package.

3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package.
The Windows Installer Package installs the RBS software and incorporates the security
certificate into the installation.
The RBS software can also be push installed on multiple Windows hosts using automation
software, such as Puppet or Chef.

Rubrik CDM Version 5.0 User Guide Windows guest 367


vSphere Virtual Machines

4. (Optional) Change the account used to run the RBS.


Account used to run the RBS on a Windows host describes the account requirements.

Note: The default LocalService account does not provide sufficient privileges to permit the RBS
to access data on network shares.

Next task — Register the Windows guests that are running the Rubrik Backup Software with the
Rubrik cluster.

Registering a guest
After installing the RBS on a guest OS, register the guest with the Rubrik cluster. Registering the
guest allows the Rubrik cluster to manage data on the guest.
Before you begin — Install the RBS software on the guest OS.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Register Rubrik Backup Service.
The Register Rubrik Backup Service modal appears.
4. Click Register.
The Rubrik cluster establishes an authenticated secure connection with the RBS running on the
guest.

Removing the RBS from a Windows host


When the RBS is no longer required on a Windows guest, it can be removed by using standard
Windows commands.

Note: Removing the RBS from a Windows guest also removes the connection between the
Windows guest and the Rubrik cluster. The Rubrik cluster designates any retained snapshots as
relics. Use the Snapshot Retention page to manually manage the relics, as described in Retention
Management.

1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.

Rubrik CDM Version 5.0 User Guide Windows guest 368


vSphere Virtual Machines

3. Type appwiz.cpl, and press OK.


The Uninstall or change a program window appears.
4. Right-click Rubrik Backup Service, and click Uninstall/Change.
5. Follow the prompts to remove the application.
The uninstaller removes the RBS software. The Rubrik cluster designates any retained snapshots
as relics.

Preserving Windows access control list values


The Rubrik cluster can acquire the access control list (ACL) values for files and folders in a
Windows guest file system. When the ACL values of an object are successfully acquired, the
Rubrik cluster can set the same ACL values on the object as part of a restore or an export.
The Rubrik cluster runs an ‘icacls’ command-line script in a hidden PowerShell session on the
Windows guest to acquire the ACL values for the objects in the Windows guest file system. To
successfully run the script, the requirements specified in Table 76 must be met.
Table 76 Requirements for acquiring Windows guest ACL values
Category Requirement
PowerShell Minimum required version is version 3, preferred is version 4 or newer.
To determine the current version, open a PowerShell window on the guest and type:
$PSVersionTable
PowerShell Must be set to the ‘unrestricted’ PowerShell execution policy.
execution policy To determine the current setting, open a PowerShell window on the guest and type:
Get-ExecutionPolicy
To set the value to unrestricted, type:
Set-ExecutionPolicy unrestricted
.NET Framework Version 4.5 or newer.
Microsoft provides instructions for determining the installed .NET Framework
versions in: How to: Determine Which .NET Framework Versions Are Installed.

When the ‘icacls’ script cannot be run, the Rubrik cluster can still restore objects in the Windows
guest file system, but the ACL values of the source objects will not be preserved in the restored
objects.

Rubrik CDM Version 5.0 User Guide Windows guest 369


vSphere Virtual Machines

On-demand snapshots
In addition to policy-based snapshots, create virtual machine snapshots by using the on-demand
snapshot process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically,
according to the SLA rules of the associated SLA Domain. Warning messages describes how to set
up policy-based snapshots for virtual machines.
Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines
can be created by using the on-demand snapshot process.

Creating an on-demand snapshot


Access the local host page for a virtual machine to create an on-demand snapshot.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. On the local host page, click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
4. Select an SLA Domain.
The Rubrik cluster uses only the maximum retention and remote configuration settings of the
associated SLA Domain to manage the on-demand snapshot. The selected SLA Domain can be
different from the SLA Domain that protects the virtual machine.
All on-demand snapshots can be manually managed through the Snapshot Retention page.
5. Click Take On Demand Snapshot.
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log
tracks the status of the on-demand backup task.

Rubrik CDM Version 5.0 User Guide On-demand snapshots 370


vSphere Virtual Machines

Recovering and restoring virtual machine data


The Rubrik cluster provides a variety of methods to recover virtual machines and to restore
protected data.
Recover virtual machines and restore data by using snapshots, replicas, and archival snapshots.
When snapshot data exists in a local snapshot and in an archival snapshot, the Rubrik cluster
always uses the local snapshot to recover a virtual machine or to restore data. By using the local
snapshot, the Rubrik cluster reduces network impact and eliminates any archival data recovery
charges associated with a recovery operation or a restore operation.

Recovery of virtual machines


For a Rubrik cluster, recovery of a source virtual machine means to mount a point-in-time copy of
the source virtual machine.
A virtual machine can be recovered by using any of the Rubrik data protection objects: snapshots,
replicas, and archival snapshots. Recover a virtual machine by using one of the available recovery
actions. The Rubrik cluster provides the following recovery actions for virtual machines:
 Instant Recovery
 Live Mount
 Export
Table 77 provides a description of the differences between the available recovery actions.
Table 77 Differences between recovery actions
Source
Name of recovered Power virtual
Action virtual machine Datastore state Network machine
Instant Recovery Assigned the name of the Local Rubrik On Connected Powered off
source virtual machine cluster (Optional) and renamed
Live Mount Compositea Local Rubrik On Disconnected No impact
cluster
Export Composite Datastore of On Disconnected No impact
hypervisor
a. The name of the recovered virtual machine is constructed as follows: name of source virtual machine + time-
stamp of snapshot + incremented integer. For example, the first mount of the snapshot of the virtual machine
“NitroN1” that was created at “08-04 06:48” is named “NitroN1 08-04 06:48 1”.

Rubrik CDM Version 5.0 User Guide Recovering and restoring virtual machine data 371
vSphere Virtual Machines

The recovery actions that the Rubrik cluster provides depend on the data protection object being
used. Table 78 lists the available recovery actions for each type of data protection object.
Table 78 Recovery actions available for data protection objects
Object Available recovery actions
Local snapshot Initiated from the local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export
Replica Initiated from the target Rubrik cluster:
• Live Mount
• Export
Archival snapshot Initiated from the local Rubrik cluster, after the archival snapshot is downloaded to
the local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export

Selecting a snapshot or an archival snapshot


Use the local Rubrik CDM web UI to select a snapshot before applying a recovery action.

Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the local
host page when the name of the source virtual machine is known.

1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
To work with data from an unmanaged virtual machine, go to the left-side menu and click
Snapshot Retention. Then, continue with the following steps from the Snapshot Retention
page instead of the Virtual Machines page.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
Local host page provides information about the Snapshots card and navigating to a snapshot.
Skip step 4 and step 5, except when recovering a virtual machine from an archival snapshot.
4. (Recovering archival snapshot only) Open the ellipsis menu for the snapshot.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 372
vSphere Virtual Machines

5. (Recovering archival snapshot only) On the ellipsis menu, click Download.


The Rubrik cluster retrieves the archival snapshot. Status of the retrieval appears in the Activity
Log. Activity Log describes notifications related to archival tasks.

! IMPORTANT
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot.
Manually delete a downloaded archival snapshot that is no longer required on local
storage.

6. Perform one of the available recovery actions on the selected snapshot or restore files and
folders from the selected snapshot.

Selecting a replica
Select a replica from the Rubrik CDM web UI of the replication target Rubrik cluster before
applying a recovery action.
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.

Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the
Remote VM Details page when the name of the source virtual machine is known.

2. On the left-side menu of the Rubrik CDM web UI, click SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. Select a remote SLA Domain.
The page for the selected SLA Domain appears.
4. In the Virtual Machines section of the remote SLA Domain’s page, click the name of a virtual
machine.
The Remote VM Details page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a replica.
Snapshots card or Recovery Points card provides information about the Snapshots card and
navigating to a replica.
6. Perform one of the available recovery actions on the selected replica or restore files and folders
from the selected replica.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 373
vSphere Virtual Machines

Virtual machine recovery


Recovery consists of selecting a data protection object (snapshot, replica, or archival snapshot)
and selecting an available recovery action (Instant Recovery, Live Mount, or Export). Recovery
using a replica cannot use the Instant Recovery action.
After performing a recovery action, the Rubrik cluster powers on the recovered virtual machine.
The recovered virtual machine can be powered off by using the Rubrik CDM web UI. It can also be
deleted through the Rubrik CDM web UI.

Live migration
After a recovery, the recovered virtual machine can be live migrated using a process such as
VMware Storage vMotion.
After live migration of a virtual machine that was recovered by the Instant Recovery or Live Mount
actions, the Rubrik cluster maintains metadata for the recovered virtual machine that should be
removed.
Delete the metadata for the recovered virtual machine through the Live Mounts page of the Rubrik
CDM web UI by using the Force Delete option, as described in Removing a virtual machine entry
after live migration.

Virtual raw disk mappings


A data protection object from a virtual machine that has a virtual raw disk mapping (vRDM) can be
recovered.
When a virtual machine with vRDM mappings is recovered, the Rubrik cluster converts the vRDM
mappings to VMDKs.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 374
vSphere Virtual Machines

Performing an Instant Recovery


An Instant Recovery replaces the source virtual machine with a fully functional point-in-time copy.
The Rubrik cluster powers off and renames the source virtual machine, and assigns the name of
the source virtual machine to the recovered virtual machine. The Rubrik cluster powers on the
recovered virtual machine and connects the recovered virtual machine to the source network. The
Rubrik cluster is the datastore for the recovered virtual machine.
1. Select a snapshot or an archival snapshot.
Selecting a snapshot or an archival snapshot describes the selection task. For archival
snapshots, complete the download steps.
2. Open the ellipsis menu for the snapshot.
3. Click Instantly Recover.
The Instantly Recover Snapshot dialog box appears.
4. Select an ESXi host for the virtual machine.
To search the list of ESXi hosts, enter a search string in the search field.
5. (Optional) Click Remove virtual network device.
Select this option when networking changes or issues prevent the virtual machine from
starting.
6. (Optional) Click Preserve MAC addresses.
Select this option to use the MAC addresses from the snapshot instead of assigning new MAC
addresses.
7. Click Instantly Recover.
The Rubrik cluster powers down the source virtual machine and renames it. Then the Rubrik
cluster mounts the snapshot on the selected ESXi host with the name of source virtual machine,
connects the recovered virtual machine to the network, and powers up the virtual machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also
records the final result of the task in the Activity Log. The Rubrik cluster lists the recovered virtual
machine on the Live Mounts page of the Rubrik CDM web UI.
Optionally, at this point the recovered virtual machine can be live migrated back to primary storage
by using a product such as VMware Storage vMotion.
The instantly recovered virtual machine derives protection from parent objects. When the
recovered virtual machine does not derive protection from any parent objects, add it to an SLA
Domain. To protect it using the same SLA rules and policies as the source virtual machine, add the
recovered virtual machine to the original SLA Domain. Or, add the recovered virtual machine to
another SLA Domain.

Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 375
vSphere Virtual Machines

Creating a Live Mount of a virtual machine snapshot


A Live Mount creates a new virtual machine from a point-in-time copy of the source virtual
machine. The recovered virtual machine uses the Rubrik cluster as its datastore.
The Rubrik cluster assigns the recovered virtual machine a new name and powers on the virtual
machine. The Rubrik cluster does not connect the recovered virtual machine to a network. The
Rubrik cluster sets the protection state of the new virtual machine to Do Not Protect.
1. Select a snapshot, an archival snapshot, or a replica.
Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Mount.
The Mount Snapshot dialog box appears.
4. Select Virtual Machine.
5. Click Next.
The Mount Snapshot dialog box advances to the ‘Target’ state. A list of ESXi hosts appears.
Search the list by entering a text string in the ‘Search’ field.
6. Select a restore target for the virtual machine.
7. (Optional) Click Remove virtual network device.
Select this option when networking changes or issues prevent the virtual machine from
starting.
8. (Option