Académique Documents
Professionnel Documents
Culture Documents
Version 5.0
755-0086-01 Rev A6
Tables 33
Figures 38
Examples 39
Preface 40
Document purpose ............................................................................................ 40
Revision history ................................................................................................ 40
Support ............................................................................................................ 44
Related documentation ..................................................................................... 45
Comments and suggestions ............................................................................... 45
Product ............................................................................................................ 45
Product documentation ..................................................................................... 45
Chapter 1 Configuration 46
Logging in to the Rubrik CDM web UI ....................................................................... 47
Logging in with a local account .......................................................................... 47
Logging in with an LDAP account ....................................................................... 48
Settings menu ........................................................................................................ 48
Opening the Settings menu ............................................................................... 48
Settings and tasks available through the Settings menu ....................................... 49
Adaptive Backup ..................................................................................................... 51
On-demand snapshots ...................................................................................... 52
Limit types ....................................................................................................... 52
Enabling Adaptive Backup settings ..................................................................... 53
Configuring IPMI .................................................................................................... 53
Configuring iSCSI .................................................................................................... 54
Notification settings ................................................................................................ 56
Rubrik MIB file .................................................................................................. 57
Welcome to Rubrik. We appreciate your interest in our products. Rubrik is continually working to
improve its products and regularly releases revisions and new versions. Some information
provided by this guide may not apply to a particular revision or version of a product. Review the
release notes for the product to see the most up-to-date information about that product.
Document purpose
The purpose of this guide is to provide information about configuring, administering, and using
Rubrik clusters.
Revision history
Table 1 provides the revision history of this guide.
Table 1 Documentation revision history (page 1 of 5)
Revision Date Description
Rev. A0 October, 2018 Early Access release of Rubrik CDM version 5.0.
Rev. A1 October, 2018 • Added QStar port requirement to Ports.
• Added the ports required for Rubrik CloudOut and CloudOn to Ports.
• Added an additional vCenter Server privilege requirement in the
Resource category to support vCloud Director vApps, in Minimum
vCenter Server Privileges.
Rev. A2 November, 2018 • Added details on ports used by the SMB protocol for Volume Group
backups in Full Volume Protection for Windows.
• Added vCenter Server requirement to enable a Rubrik cluster to
unmount a virtual disk that is mounted during a Live Mount operation, in
Minimum vCenter Server Privileges.
• Removed port 7780 and added port 8077 to Ports.
• Documented UI additions to the system-configuration cluster settings in
Configuration.
• Added support for AIX 6.1 to File Systems.
• Temporarily excluded the User Accounts chapter to work on the
transition from Active Directory authentication to LDAP authentication.
Support
Use one of the following methods to contact Rubrik Support:
Web https://support.rubrik.com
Email support@rubrik.com
Product
To provide comments and suggestions about the product, contact Rubrik Support by using the
information provided in Support.
Product documentation
To provide comments and suggestions about the product documentation, please send your
message by email to:
techpubs@rubrik.com
To help us find the documentation content that is the subject of your comments, please include
the following information:
Full title
Part number
Revision
Relevant pages
This chapter describes how to configure a Rubrik cluster and perform other system tasks.
Logging in to the Rubrik CDM web UI......................................................................... 47
Settings menu .......................................................................................................... 48
Adaptive Backup ....................................................................................................... 51
Configuring IPMI ...................................................................................................... 53
Configuring iSCSI...................................................................................................... 54
Notification settings .................................................................................................. 56
Enabling polling via SNMP ......................................................................................... 60
Manage storage arrays.............................................................................................. 65
Proxy settings........................................................................................................... 67
Network settings....................................................................................................... 69
Network Throttling.................................................................................................... 70
Guest OS settings ..................................................................................................... 73
Secure SMB settings ................................................................................................. 78
Syslog settings ......................................................................................................... 80
Support bundle......................................................................................................... 81
Time zone setting ..................................................................................................... 82
Security banner and classification settings .................................................................. 83
Data sources setting ................................................................................................. 85
Opening and closing a Support tunnel ........................................................................ 85
Pause and resume protection activity ......................................................................... 87
Note: When the Rubrik cluster has not been registered, a notification appears on each page of
the web UI. The Rubrik Install and Upgrade Guide provides detailed information about how to
register the Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Logging in to the Rubrik CDM web UI 47
Configuration
Settings menu
The web UI provides access to Rubrik cluster settings and tasks through the Settings menu.
Adaptive Backup
Adaptive Backup settings instruct the Rubrik cluster to check the resource usage of a virtual
machine before starting a snapshot. When the resource usage is above configured limits, the
Rubrik cluster postpones the snapshot.
When Adaptive Backup settings are enabled, the Rubrik cluster checks the virtual machine I/O
latency, datastore I/O latency, and virtual machine CPU utilization before starting a snapshot.
When a value exceeds a configured limit, the Rubrik cluster reschedules the snapshot.
After approximately 15 minutes, the Rubrik cluster checks the values again. When the values are
below the limits, the Rubrik cluster initiates the snapshot. When the values are above the limits,
the Rubrik cluster reschedules the snapshot.
Each time an Adaptive Backup setting causes the rescheduling of a snapshot, the Rubrik cluster
moves the policy-based snapshot schedule for the virtual machine to accommodate the change.
Example 1 describes this.
On-demand snapshots
Adaptive Backup settings also apply to on-demand snapshots.
When the Adaptive Backup settings are enabled, the Rubrik cluster performs an Adaptive Backup
settings check before starting an on-demand snapshot. When a value exceeds a configured limit,
the Rubrik cluster reschedules the on-demand snapshot.
After approximately 15 minutes, the Rubrik cluster checks the values again. When the values are
below the limits, the Rubrik cluster initiates the on-demand snapshot.
The Rubrik cluster continues to reschedule the on-demand snapshot until the values for the virtual
machine are below the configured limits. When the values are below the limits, the Rubrik cluster
completes the on-demand snapshot.
Limit types
When applying Adaptive Backup settings the Rubrik cluster considers the virtual machine I/O
Latency, datastore I/O latency, and virtual machine CPU utilization before initiating a snapshot of
that virtual machine.
The Rubrik cluster postpones a snapshot when the actual value of a limit type exceeds the value
that is set for the limit.
Table 3 describes the limit types that the Rubrik cluster considers when applying Adaptive Backup
settings.
Table 3 Limit types considered by Adaptive Backup settings
Limit Description
Maximum VM IO Sets the maximum time in milliseconds to process a command from the
Latency guest OS to the virtual machine.
The actual value is determined from ‘vm.maxTotalLatency’.
Maximum Datastore IO Sets the highest latency for all datastores being used by a virtual machine,
Latency not including any excluded VMDKs.
The actual value is determined by finding the highest value for
‘disk.TotalLatency’ for all of the datastores assigned to the virtual machine.
Maximum VM CPU Sets the maximum percentage of the combined frequency of all processors
Utilization assigned to the virtual machine.
The actual value is computed by dividing the ‘vm.overallCpuUsage’ by
‘vm.maxCpuUsage’.
Configuring IPMI
The Rubrik node hardware includes a baseboard management controller (BMC) that can be used
to perform Intelligent Platform Management Interface (IPMI) tasks. Provide more security for the
Rubrik nodes by requiring a secure strong password for access to the IPMI interface.
Use the web UI to assign a strong password and control access to the IPMI interface on all nodes
in the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click IPMI Credentials.
The Configure IPMI page appears.
Configuring iSCSI
The Rubrik cluster supports the iSCSI protocol for direct data connection to a storage array that is
providing storage for virtual machines.
When iSCSI is enabled, the Rubrik cluster maintains a control channel with the hypervisor host
and uses the iSCSI protocol to establish a data channel with the storage array. This protocol
replaces the NBD transport protocol for transfers of data from the storage array.
The Rubrik cluster supports the following authentication modes:
No authentication
Unidirectional CHAP – Using the Challenge-Handshake Authentication Protocol (CHAP), the
Rubrik cluster authenticates with the storage array.
Bidirectional CHAP – Using CHAP, the Rubrik cluster authenticates with the storage array and
the storage array authenticates with the Rubrik cluster.
Note: PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994 defines the username
and password requirements for unidirectional and bidirectional CHAP.
To enable iSCSI support, provide the Rubrik cluster with the iSCSI connection details.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click iSCSI.
The iSCSI Sources page appears.
4. In Server Name, type the name of the iSCSI server.
5. In Port, type the connection port used by the iSCSI server for incoming iSCSI connections.
The default is port 3260.
6. In Target, type the IPv4 address of the iSCSI server.
Leave Target empty to instruct the Rubrik cluster to attempt to automatically discover the IP
address of the iSCSI server.
7. In Authentication Mode, select the authentication mode used by the iSCSI server.
Choose one of the following:
• No Authentication
• Unidirectional CHAP
• Bidirectional CHAP
When No Authentication is selected, click Update.
8. (Unidirectional CHAP and Bidirectional CHAP) In Outgoing Name, type a username that
enables the storage array to authenticate the Rubrik cluster.
The storage array must grant sufficient access rights to the account represented by the
username to allow the Rubrik cluster access to the stored data.
9. (Unidirectional CHAP and Bidirectional CHAP) In Outgoing Secret, type the associated
password.
When Unidirectional CHAP is selected, click Update.
10.(Bidirectional CHAP) In Incoming Name, type a username that enables the Rubrik cluster to
authenticate the storage array.
11.(Bidirectional CHAP) In Incoming Secret, type the associated password.
12.Click Update.
A success message appears.
The Rubrik cluster enables the iSCSI connection and uses the iSCSI protocol to directly access
data that is stored on the storage array.
To add additional iSCSI connections, repeat this task for each connection.
The web UI does not currently provide information about the iSCSI connection records that exist
on a Rubrik cluster.
Notification settings
To enable the Rubrik cluster to send email notifications, provide configuration information through
the Notifications page. Also use the Notifications page to enable the SNMPv2c protocol and allow
the Rubrik cluster to respond to queries from an SNMP manager. Provide a list of email recipients
organized by event type to specify who should receive different types of notifications from the
activity log.
The Rubrik cluster transfers notification email messages to an SMTP server for delivery to the
administrator accounts. Configuring outgoing email settings provides instructions for configuring
the Rubrik cluster for email delivery.
The Rubrik cluster stores information in its Management Information Base (MIB). In order for an
SNMP manager to query that information, both the Rubrik cluster and the SNMP manager must
use the SNMPv2c protocol. See Enabling polling via SNMP for more information.
Rubrik provides a private MIB file that defines all the measurements and traps available from the
Rubrik cluster. The Rubrik MIB file can be downloaded from the web UI. See Downloading the
Rubrik MIB file for instructions. See Rubrik MIB file for information on MIB file contents, including
the trap messages sent by the Rubrik cluster.
Trap receivers collect the traps sent by the Rubrik cluster. Adding trap receivers explains how to
configure one or more trap receivers.
Notification messages are collected from the activity log and organized by event type. All
messages associated with one or more event types can be sent to a list of email recipients, as
configured in the web UI. See Configuring email settings for notifications for more information.
6. In From Email Address, type the email address assigned to the account on the SMTP server.
7. In Username, type the username assigned to the account on the SMTP server.
8. In Password, type the password associated with the username.
9. In Encryption, select the encryption protocol required by the SMTP server.
10.Click Update.
The Rubrik cluster validates and stores the email settings.
11.Click Send Test Email.
The Rubrik cluster sends a test email to the user accounts on the local Rubrik cluster that have
the Admin role.
Manage hosts
The Hosts page provides a central location to add physical Windows, Linux, and Unix hosts to the
Rubrik cluster. The Hosts page also provides the ability to edit hosts and to remove hosts from the
Rubrik cluster.
Before you begin — Complete the tasks described in:
Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI or Obtaining the
Rubrik Backup Service software by URL
Installing the Rubrik Backup Service software on a Linux or Unix host or Installing the Rubrik
Backup Service software on a Windows host
! IMPORTANT
Deleting a storage array removes storage array integration for all virtual machines that use
the array as a datastore. The Rubrik cluster switches the data ingestion path from the
storage array to the vCenter Server. This can potentially cause a performance impact for
snapshots of those virtual machines.
Proxy settings
Some of the functionality of the Rubrik cluster relies on Internet access. The Rubrik cluster can be
configured to use a proxy server when accessing the Internet.
You can optionally configure the Rubrik cluster to use a proxy server in order to accommodate
your network and security requirements. The proxy server must be configured to permit the
Rubrik cluster to meet the network requirements listed in Ports.
Proxy implementations
A Rubrik cluster supports the following proxy server implementations:
HTTP
HTTPS, using the HTTP CONNECT method and port 443
SOCKS5
Network settings
The Rubrik cluster uses network address information for specific types of network entities to
perform system tasks. Table 8 describes the information that the Rubrik cluster uses.
Table 8 Network information
Network entity Description
NTP Comma-separated list of IP addresses or resolvable hostnames of network time protocol
(NTP) servers.
Requires bidirectional UDP access to the servers on port 123.
DNS Comma-separated list of IP addresses of domain name system (DNS) servers.
Requires bidirectional TCP and UDP access to the DNS servers on port 53.
Search domain Comma-separated list of domain names. Restricts DNS queries to the provided domains.
Floating IPs Comma-separated list of IP addresses used to maintain NFS mounts if a Rubrik node
fails.
The number of floating IP addresses is distributed evenly across the nodes in a cluster. If
the number of available nodes changes for any reason, floating IP addresses are
rebalanced as necessary to maintain an even distribution. Each floating IP must be in
one of the subnets of a Rubrik node’s network interfaces; otherwise, it cannot be
configured.
Note: Rubrik node IP address assignments cannot be changed through the web UI. To change the
IP address of a Rubrik node, refer to the Rubrik CLI Reference or contact Rubrik Support.
Network Throttling
Rubrik CDM allows configuration of how much bandwidth is used for replication and archiving for
outbound data.
Use the Network throttling feature to set bandwidth limits for replication and archiving. The
general throttling settings can also be modified by setting one or more scheduled overrides. The
general settings can be used alone or with scheduled throttle overrides. General rules for the
throttling settings are the following:
The general setting applies unless overridden by a scheduled override.
Scheduled throttle overrides apply only for the specified time window.
Scheduled overrides override the general throttle setting.
Multiple schedules can be set.
No two schedules can have a common time window.
The scheduled overrides are enforced according to the cluster time zone.
The bandwidth limits for archiving and replication are configured separately and are independent
of each other. The bandwidth limits are at a cluster level and are distributed dynamically between
the nodes based on the load. This means that cluster size should also be taken into account when
configuring throttle limits, the same throttle limit may not work well across different cluster sizes.
Note: The bandwidth limit is enforced on each node by throttling traffic on port 443 for archiving
and port 7785 for replication. If an archival location proxy is enabled and uses a port other than
443, archival throttling will not work.
Note: Network throttling is not supported for archiving to any location that does not use Port 443,
such as NFS targets and QStar tape.
Replication throttling must be enabled for scheduled overrides to work. The scheduled limit
overrides the general limit if the schedule is active.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Network Throttling.
The Network Throttling page appears.
4. Click Schedule Override.
The Schedule Network Throttle Override page appears.
5. Select Replication.
6. Under Replication Network Usage Threshold (Mbps), type an integer value representing
the highest network usage allowed, in Mbps.
7. Select specified Day(s) for the replication throttling policy.
8. Select specified times Between a given time and another given time for the replication
throttling policy.
9. Click Add.
10.Repeat the steps to schedule additional replication policies if needed.
After throttling is configured, click the ellipsis next to the scheduled override to edit or delete the
throttle policy.
6. Click Update.
This setting can be used alone or with scheduled archival throttling overrides.
Guest OS settings
The Guest OS Settings page enables the administration of guest OS credentials for virtual
machines and fileset hosts. The page also provides a setting to enable and disable automatic
deployment of the Rubrik Backup Service to vSphere virtual machines.
The Rubrik cluster uses guest OS credentials to provide application consistent snapshots of
vSphere virtual machines that are running a Windows guest operating system. The Rubrik cluster
also uses guest OS credentials to enable direct restore of files and folders to guest operating
systems that do not have the Rubrik Backup Service installed.
Backup consistency levels describes application consistent snapshots.
Restore files and folders directly to a guest file system describes direct restore to the file system of
a supported guest operating system. Guest OS credentials can also be added through the Restore
File dialog during a direct restore.
Guest OS credentials
Guest OS credentials provide access to guest operating systems for vSphere virtual machines.
To allow the Rubrik cluster to start scripts on a vSphere virtual machine, provide Guest OS
credentials with sufficient privileges. Without adequate credentials, the Rubrik cluster cannot start
the scripts.
To restore directly to a Linux guest, provide the credentials for an account that has Write
permission for the restore location.
To restore directly to a Windows guest or to create application-consistent snapshots from a
Windows guest, the Rubrik cluster requires the credentials of an account that has administrator
access to the guest. The account can be either a local administrator account or a domain
administrator account.
Providing the credentials of a local administrator account on the guest meets this requirement.
However, when there are many guests, providing individual guest OS credentials for each guest
can be inconvenient.
Providing the credentials of a domain administrator account meets this requirement, and
avoids the need to submit a separate guest OS credential for each guest, but does not satisfy
the security concerns of many networks.
Rubrik recommends providing the Rubrik cluster with a credential for a domain-level account that
has a small privilege set that includes administrator access to the relevant guests. Based on
organizational requirements, several credentials of this sort can be provided. The Rubrik cluster
tries each provided guest OS credential to gain access to a guest.
! IMPORTANT
For a Linux credential, ensure that the Domain field is empty.
6. Click Update.
The Rubrik cluster saves the new information.
Note: Once enabled, all SMB connections are secured. This feature cannot be disabled.
Before you begin — Disconnect any existing live mounted SQL Server, Hyper-V or volume groups.
Wait for any currently running backup jobs to finish, or pause those jobs.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click SMB Security.
The SMB Security page appears.
4. Click Enable SMB Security.
A list of Active Directory (AD) domains detected by Rubrik agents displays.
5. Click Authenticate next to a listed AD Domain.
The Authenticate dialog appears.
6. Enter the user credentials for a user on the AD Domain.
7. (Optional) Specify a domain controller.
8. Click Authenticate.
9. (Optional) To add an AD domain not listed, click +.
The Add SMB Domain dialog appears.
10.Enter the FQDN of the domain, the user credentials, and the domain controller, then click Add.
The new AD Domain displays on the list. The Authentication Status for the domain changes to
‘Configured’.
Note: When the Rubrik cluster cannot reach the controller for the AD Domain, or when
authentication to the AD Domain fails, the status changes to Failed. Re-configure any AD
Domains in the Failed status.
Deleting an AD domain
Removing a configured AD Domain removes the ability to perform secure Live Mounts of data
sources that depend on that domain.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click SMB Security.
The SMB Security page appears.
4. Click the ellipsis next to the domain.
5. Click Delete.
The AD Domain entry is removed from the list.
Syslog settings
The Rubrik cluster supports transmission of system activities to an external syslog server.
The Rubrik cluster uses the standard syslog protocol for formatting and transmission of system
notifications. By default, at the transport layer the Rubrik cluster sets the syslog standard protocol
and port (UDP/514). The transport layer protocol and port can also be configured to use custom
settings.
At the application layer, the syslog transmissions use the HTTP protocol.
When syslog support is enabled, the Rubrik cluster sends to the syslog server messages that are
based on the events that also appear in the Activity Log. Viewing Activity Log messages describes
the messages that appear in the Activity Log.
Support bundle
When it is not feasible for Rubrik Support to use the Support Tunnel to troubleshoot an issue on a
Rubrik cluster, the Rubrik cluster can create a bundle of Rubrik cluster and Rubrik node logs for
download and transfer.
Once a support bundle is created, it can be downloaded from the web UI and transferred to Rubrik
Support. The support bundle provides an alternative method for providing Rubrik Support with
troubleshooting information that does not require a network connection between Rubrik Support
and the Rubrik cluster.
The Rubrik cluster organizes a support bundle into a single file using tar and compresses the tar
file using gzip. The size of a support bundle will vary significantly depending on many factors, such
as:
Number of Rubrik nodes
Data protection activity
Number of logged alerts, warnings, and notifications
Table 9 shows the impact of changing the time zone setting from PDT to EDT for an event and for
a report.
Table 9 Impact of changes between two time zone settings
Original time zone New time zone
Report at 1:00 PM (PDT) Report at 1:00 PM (EDT)
Snapshot window 1-3 PM (PDT; UTC -7) Snapshot window 4-6 PM (EDT; UTC -4)
Rubrik CDM Version 5.0 User Guide Security banner and classification settings 83
Configuration
The Cluster Settings page of the UI has the following security-related settings:
Login advisement
Top and bottom banners in a selected color
Top and bottom banner text
Rubrik CDM Version 5.0 User Guide Security banner and classification settings 84
Configuration
If the Support tunnel for a given node is closed, the Last Opened, Timeout Window, and Port
columns are empty.
Note: Opening and closing the Support tunnel, and editing the Timeout window in the Support
tunnel, apply only to the node marked as Current.
Rubrik CDM Version 5.0 User Guide Opening and closing a Support tunnel 86
Configuration
6. Click Update.
The Support Tunnel page re-appears, showing the updated timeout value.
Rubrik CDM Version 5.0 User Guide Pause and resume protection activity 87
Configuration
Rubrik CDM Version 5.0 User Guide Pause and resume protection activity 88
Chapter 2
VLAN Tagging
This chapter describes how to implement the optional VLAN tagging feature, in the following
sections:
Overview ................................................................................................................. 90
Adding special network VLANs after system setup ....................................................... 92
Managing VLANs....................................................................................................... 93
Overview
VLAN tagging is an optional feature that allows a Rubrik cluster to efficiently switch network traffic
using Virtual Local Area Networks (VLANs).
Each VLAN is partitioned and isolated at the data link layer. By applying VLAN tags to network
packets the network traffic of some applications on a physical network can be separated from the
network traffic of other applications on the same physical network.
In enterprise data centers, VLANs are typically used to segregate network traffic according to
organizational group, application type, or security policy. Segregating network traffic using VLANs
can optimize network throughput and promote data security.
The Rubrik cluster uses the Management Network and the Data Network to carry data that is
integral to cluster operations and interactions. The importance of these networks imposes
requirements on the actions described in Table 11.
Table 11 Special network VLAN requirements
Action Description
Configuration Management Network and the Data Network VLAN configuration can only be accomplished
by using one of the following methods:
• Specifying the VLAN settings during Rubrik cluster system setup using the Rubrik CLI.
• Using the CLI tool re_ip to reconfigure the network settings for the Rubrik cluster.
Bonding Interface bonding requires:
• The VLAN that is used by the Data Network must use bond0, the active/passive 10GbE
interfaces.
• When a single VLAN is used by both the Management Network and the Data Network,
both networks use bond0.
• When separate VLANs are used for each special network, the Data Network VLAN still
uses bond0 but the Management Network VLAN uses bond1, the active/passive 1GbE
interfaces.
VLAN settings for the Management Network and the Data Network must be configured using the
Rubrik CLI. This can be done during system setup, as described in the Rubrik CDM Install and
Upgrade Guide, or by using the re_ip tool after system setup, as described in Adding special
network VLANs after system setup.
When configuring VLAN settings for the Management Network and the Data Network after system
setup, take into consideration the following:
All nodes must have an OK status.
Changing an IP address, or multiple IP addresses, will involve an automatic reboot of each
affected node.
Configuring the Management Network and the Data Network on two separate networks means
that network access must be available to both the 10GbE and the 1GbE interfaces.
! IMPORTANT
Do not use the vlan_add utility to configure VLAN settings for the Management Network or
the Data Network.
The Rubrik CDM Install and Upgrade Guide describes how to use the Rubrik CLI to configure VLAN
settings for the Management Network and the Data Network.
1. Log in to the Rubrik cluster and check that all nodes have an OK status.
When any node in the Rubrik cluster does not have an OK status, make any corrections that
are required to return all nodes to an OK status before continuing this task.
2. On any node in the Rubrik cluster, open an SSH session:
ssh admin@<node_ip>
where <node_ip> is the IP address of a node.
3. At the password prompt, type the password for the admin account.
The Rubrik CLI prompt appears.
4. At the prompt, type:
re_ip
The re_ip utility starts.
5. At Management Gateway, type the IPv4 address of the network gateway for the
Management Network.
To use the existing gateway, press Enter.
6. At Management Subnet Mask, type the subnet mask for the Management Network.
To use the existing subnet mask, press Enter.
7. At Management VLAN, type a unique VLAN tag for the Management Network VLAN.
A valid VLAN tag is any integer from 2 to 4094. The tag must be unique within the network
trunk.
Many switches reserve VLAN 1 for the default native VLAN. To avoid conflicts with this setting,
select a VLAN tag other than VLAN 1.
Rubrik CDM Version 5.0 User Guide Adding special network VLANs after system setup 92
VLAN Tagging
! IMPORTANT
The following two optional steps create a separate network for the Data Network.
Creating a separate Data Network causes the Data Network to bond to the 10GbE
interfaces and the Management Network to bond to the 1GbE interfaces. To allow the
Management Network and the Data Network to share a network on the 10GbE
interfaces, skip these next two steps.
8. (Optional) At Data Subnet Mask, type the subnet mask for the Data Network.
Typing a subnet mask for the Data Network configures the Data Network to bond on the 10GbE
interfaces and the Management Network to bond on the 1GbE interfaces, and brings up the
Data VLAN prompt.
9. (Contingent) At Data VLAN, type a unique VLAN tag for the Data Network VLAN.
10.At Proceed with Re IP, Yes/No, type Yes.
The Rubrik cluster saves the new network configuration and reboots any nodes that have a
changed IP address.
Managing VLANs
Other than the special Management and Data networks, VLANs can be managed from the
command-line interface or from the Rubrik CDM web UI.
! IMPORTANT
Before removing a VLAN, verify that the Rubrik cluster can be accessed on a network other
than the one being removed. Failure to do ensure alternate connectivity can result in the
Rubrik cluster losing network access when the VLAN is removed.
! IMPORTANT
Before removing a VLAN, verify that the Rubrik cluster can be accessed on a network other
than the one being removed. Failure to do ensure alternate connectivity can result in the
Rubrik cluster losing network access when the VLAN is removed.
This chapter describes how to add user accounts, assign privileges, set up multifactor
authentication, and generate API tokens for authentication.
Overview ................................................................................................................. 99
Local Authentication................................................................................................ 102
LDAP authentication................................................................................................ 105
Privileges for End User accounts .............................................................................. 114
Multifactor authentication ........................................................................................ 120
API tokens ............................................................................................................. 123
Overview
The Rubrik cluster authenticates Rubrik cluster user accounts at login. Authentication verifies that
the user account is known to the Rubrik cluster and that the correct user account name and
password were provided. After authentication, the Rubrik cluster uses the role and privileges
assigned to the user account to determine what actions are permitted during the session.
Authentication
The Rubrik cluster provides two separate methods for authenticating Rubrik cluster user accounts:
local authentication and LDAP authentication.
For local authentication, the Rubrik cluster validates the username and password typed in the
login fields against values in a database on the Rubrik cluster. When the login information matches
a user account in the database, the Rubrik cluster creates a session and assigns the role and
privileges of the user account to the session.
For LDAP authentication, the Rubrik cluster determines whether to create a session by
authenticating the username and password typed in the login screen with an available LDAP
directory server.
If a Domain or Domain Display Name is specified during login, the Rubrik cluster attempts to
authenticate the user account against the specified domain. If the Rubrik cluster does not
recognize the specified domain, or if the user’s credentials are not valid for that domain, the
login fails.
If the Domain or Domain Display Name field on the login screen is left empty, the Rubrik
cluster searches the local directory until it finds the username. If no match is found in the local
directory, the Rubrik cluster searches all available LDAP domains. If a match is found, the
Rubrik cluster assigns the role and privileges of the user account to the session.
Table 12 describes the similarities and differences of the authentication methods.
Table 12 Comparison of Local and LDAP authentication (page 1 of 3)
Feature Local LDAP
Available roles • Administrator Same as for local user
• End User
• No Access
Roles
Each user account and group account has one of three roles associated with it: Administrator, End
User, or No Access. Each role corresponds to a set of privileges that are enabled for the duration of
a session on the Rubrik cluster.
The Rubrik cluster enables the following privileges for each role:
Administrator role – Full access to all Rubrik operations on all objects.
End User role – For assigned objects: browse snapshots, recover files and Live Mount.
No Access role – Cannot log in to Rubrik UI and cannot make REST API calls.
Note: When a local user account is first created, it is automatically assigned the No Access role.
To activate an account and grant a set of privileges, an administrator must change the role to
either End User or Administrator. LDAP directory accounts must also be activated before they can
access the Rubrik cluster.
The resources in a Rubrik cluster can be partitioned into independently managed collections
known as Tenant Organizations. Users in tenant organizations have privilege levels that are
managed by users with the Organization admin role.
Multitenant Organizations describes how to configure tenant organizations.
Local Authentication
Local authentication uses information stored in a database on the Rubrik cluster to authenticate a
login.
9. (Optional) Click Enable RSA SecurID to enable multifactor authentication using an RSA
SecurID server.
Note: An RSA SecurID server must be configured before it can be enabled. See Multifactor
authentication.
10.(If RSA SecurID is enabled) Select an RSA SecurID from the dropdown menu.
11.Click Add.
The Rubrik cluster adds the new local user account.
By default, the Rubrik cluster sets all new local user accounts to the No Access role. To permit the
account to access the Rubrik CDM web UI, change the assigned role to either Administrator or End
User, as described in Changing the role of a local user account.
6. Open the ellipsis menu next to the local user account entry.
7. Select Delete.
The Delete User confirmation appears.
8. Click Delete.
The Rubrik cluster removes Rubrik cluster authorization for the selected user account and deletes
the account.
LDAP authentication
The Rubrik cluster uses LDAP to authenticate users who log in through the Rubrik CDM web UI
welcome screen. After a user is successfully authenticated, the Rubrik cluster controls
authorization through the user management system.
The Rubrik cluster connects to one or more LDAP servers through a service or bind account with
read access. This account permits the Rubrik cluster to search information about the user, such as
email address and group membership. To narrow the search to a specific location within the LDAP
directory tree, a Base DN can be provided. Search filters narrow the search even further by
identifying a specific group or users.
The Rubrik CDM web UI requests LDAP server information in three stages:
Credentials - see Credentials for details.
Servers, User & Group Settings - see Servers and User and Group settings for details.
Multifactor Authentication - see Multifactor authentication for details on configuring an MFA
server before enabling a user for multifactor authentication.
Credentials
LDAP Credentials establish the starting point of an LDAP directory search for a user who is trying
to log in to the Rubrik cluster.
The Rubrik cluster uses the information shown in Table 13 in order to search for information about
an authenticated user in the LDAP directory structure and authenticate a user. Contact your LDAP
or Active Directory administrator for the actual values to use.
Table 13 LDAP credentials
Parameter Description
Domain or Name used by the Rubrik cluster when referring to this LDAP integration. Users can enter
Domain this name for the Domain when logging in on the welcome screen. Domain Display Name
Display can be an alias for the domain that is easier to remember than the full domain name.
Name This information is case insensitive.
The Rubrik cluster supports multiple LDAP domains; however, when a user provides a Domain or
Domain Display Name in the login screen, only that domain is searched for the user’s credentials.
The Rubrik cluster uses the LDAP information for authentication on the local Rubrik cluster only. To
enable LDAP authentication on another Rubrik cluster, log in to that Rubrik cluster and provide the
required information.
Logging in with an LDAP account describes how to log in to the Rubrik CDM web UI using an LDAP
account.
When an LDAP server cannot be reached, the Rubrik cluster rejects logins that authenticate
against that server. Until an LDAP server becomes available, the Users and Groups page will not
show authorization for any LDAP users or groups associated with that server.
Servers
The Rubrik cluster requires a list of one or more LDAP servers that it can search.
LDAP servers can be specified in two ways:
Dynamic DNS name
IP or hostname along with the associated port for each LDAP server
The Rubrik cluster first tries to connect to an LDAP server. If LDAP servers are not specified, or if
they are not responsive, the Rubrik cluster next tries to discover Global Catalog servers that
correspond to the dynamic DNS name by resolving DNS SRV records for _gc._tcp.<dynamic DNS
name>. If no Global Catalog servers are found, the Rubrik cluster tries to resolve DNS SRV records
for _ldap._tcp.<dynamic DNS name>.
If the discovered servers were active in port 686 (for LDAP) or port 3269 (for Global Catalog),
secure LDAP using TLS is automatically chosen. If the LDAP servers support StartTLS, then
StartTLS is automatically chosen.
Note: To force the Rubrik cluster to connect using only the dynamic DNS name, leave the server
field empty.
2. Click Add.
The LDAP server is added to the list of servers.
Note: When a user is added to a Rubrik cluster, the Rubrik cluster assigns the No Access role to
the account. Users with the No Access role cannot log in to the Rubrik cluster.
The Rubrik cluster does not display the accounts of LDAP users with the No Access role. Accounts
appear in the Rubrik CDM web UI when the account is activated on the Rubrik cluster by changing
the role to Administrator or End User. Activating a user account or group account describes how to
activate a user account or group account and assign a specific set of privileges.
Continue to type characters to narrow down the results until the user name or group name
appears.
7. Select the user account or group account entry.
8. Click Continue.
The Manage Role dialog box appears.
9. In Role, select a role.
Selecting the End User role displays the Assigned Objects section.
10.(End User role only) In the Assigned Objects field, assign access to at least one object.
The objects that are assigned to an End User account can be edited after the user is added,
but at least one object must be selected for the account to appear on the Manage Users page.
For information about assigning objects to an account with the End User role refer to:
• Assigning virtual machines, folders, and clusters to an End User account
• Assigning SQL Server databases to an End User account
• Assigning Linux and Unix hosts and host filesets to an End User account
11.(End User role only) (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
12.Click Assign.
The Rubrik cluster enables the user account or group account and displays the account on the
Manage Users page.
5. Open the ellipsis menu next to the user account or group account entry.
6. Select Manage Authorization.
The Manage Role dialog box appears.
7. Select No Access.
8. Click Assign.
The Rubrik cluster removes Rubrik cluster authorization for the selected user account or group
account and hides the account.
Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 114
User Accounts
Table 16 describes the privileges that can be granted to a user account with the End User role.
Table 16 End User role privileges
Privilege type Description
Download data from Data download only from assigned object types:
backups • vSphere virtual machines
• Hyper-V virtual machines
• AHV virtual machines
• Linux & Unix hosts
• Windows hosts
• NAS hosts
• SQL Server databases
• Managed volumes
Live Mount or Export Live Mount or Export a snapshot only from specified virtual machines and only
virtual machine snapshot to specified target locations.
Export data from backups Export data only from specified source objects.
Restore data over source Write data from backups to the source location, overwriting existing data, only
for assigned objects, and only when ‘Allow overwrite of original’ is enabled for
the user account or group account.
Select a user with the End User role by using one of the methods in this section, then assign
objects to that user.
Inheritance of privileges
Privileges for an object can be inherited from the privilege assigned for a parent object. Privileges
for an object can also be inherited through membership in an LDAP group.
A privileged object can contain other objects. For example, a virtual environment cluster contains
virtual machines. Assigning the privilege for an object also assigns privileges for all objects
contained within the assigned object.
A user that is a member of an LDAP group adds the group’s privileges to the privileges held by the
user individually. A user that does not have a particular object specifically assigned to that user
gains privileges on that object if the user is a member of an LDAP group to which that object is
assigned.
Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 115
User Accounts
Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 116
User Accounts
Select multiple vCenters to permit Live Mount and Export to all selected entries.
12.Click Continue.
The Manage Role dialog box displays.
13.Click Assign.
The Rubrik cluster stores the privileges for the selected account.
Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 117
User Accounts
To move down the hierarchy of a host or cluster, click the value in the Name column.
11.Click Continue.
The Manage Role dialog box displays.
12.Click Assign.
The Rubrik cluster stores the privileges for the selected account.
Assigning Linux and Unix hosts and host filesets to an End User account
Assign an End User account privileges for a Linux or Unix host and host filesets.
1. (Local account) Select a user account or group account.
Browse the account entries. Or, use search to find and select an account entry.
2. (Local account) Open the ellipsis menu and click Manage Authorization.
3. (LDAP account) Click Grant Authorization and select the account.
4. In Roles, select End User.
The Assigned Objects section appears.
5. (Optional) Click Allow overwrite of original.
This option allows the user account or group account to restore data to the original source
location for all assigned objects.
6. In the Assigned Objects section, click the pencil icon in the Linux & Unix Hosts field.
The Select Linux & Unix Hosts dialog box appears.
7. (Optional) To view the filesets assigned to a host, click the value in the Name column.
8. Select an entry.
Select multiple entries to assign privileges for all selected entries to the account.
9. Click Continue.
The Select Export Locations pane appears.
10.Select a host.
Select multiple hosts to permit the account to export to each selected host.
11.Click Continue.
The Manage Role dialog box displays.
12.Click Assign.
The Rubrik cluster stores the privileges for the selected account.
Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 118
User Accounts
Rubrik CDM Version 5.0 User Guide Privileges for End User accounts 119
User Accounts
Multifactor authentication
Multifactor authentication (MFA) adds one or more factors to the basic authentication process,
which prevents unauthorized users from accessing the Rubrik cluster.
Note: When multifactor authentication is required for a user, the Rubrik user’s username must
match the username stored in the MFA server.
If a user account is associated with an MFA server, that user will see an additional login screen
after signing in with username and password. Another authentication factor will be required, such
as a passcode, a PIN, or biometric data. The type of authentication factor, and the number of
factors required to authenticate to the Rubrik cluster, are determined by the configuration of the
MFA server.
If a user is enabled for multifactor authentication, and that user accesses Rubrik REST APIs from a
script, an API token must be generated from the Rubrik CDM web UI and inserted in the script.
See Generating an API token for instructions.
Note: The Access Key is confidential. Copy this value to a secure location, and use it to configure
the RSA SecurID server from the Rubrik CDM web UI.
7. In the Base URL field, enter your RSA Authentication Manager server’s REST API base URL.
8. In the RSA SecurID API Key field, enter the API Access Key that was generated when you
enabled RSA SecurID.
9. In the Client ID field, enter the host name or IP address of the Rubrik cluster, which acts as
the Authentication Agent.
10.(Optional) Enter the name of the assurance policy in the Assurance Policy Name field.
11.(If using HMAC mode) In the REST API Access ID field, enter the RSA Authentication
Manager server’s access ID that was generated when you enabled RSA SecurID.
12.(Optional) Download the RSA Authentication Manager server’s certificate and save it as a PEM
file. Copy its contents and paste into the CA Certificates window.
13.Click Add.
Once the RSA server is configured, verify that authentication is working by adding a test account.
10.(If you have an assurance policy) Enter the name of the assurance policy in the Assurance
Policy Name field.
11.(Optional) Download the RSA Authentication Manager server’s certificate and save it as a PEM
file. Copy its contents and paste into the CA Certificates window.
12.Click Add.
Once the RSA server is configured, verify that authentication is working by adding a test account.
API tokens
API tokens are used in scripts to provide secure authentication, rather than hard-coding
credentials directly in the script and exposing them as clear text.
Tokens are generated directly from the Rubrik CDM web UI. When a token is generated, the user
can specify how long the token is valid, and supply a tag that can be used to identify its purpose.
For example, if a different token is generated for each script a user plans to run, the tag can
indicate the name of the script associated with that token.
If a token is accidentally exposed, the user who generated it can delete it from the Rubrik CDM
web UI, then generate a new token.
API Tokens have the same privileges as the user who generates them. For example, if a user with
the Administrator role generates an API token, that token has Administrator privileges.
Note that API tokens may not be used for the following purposes:
Updating or deleting any MFA servers
Creating new sessions or generating additional API tokens
Creating new user accounts or updating user account information
Updating user preferences
Creating, updating, or deleting LDAP services
! IMPORTANT
Use caution when deleting an API token. Once the token is deleted, all REST API calls that
use that token will fail.
Delete an API token so that it cannot be used in REST API calls to the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the user icon on the top bar of the Rubrik CDM web UI and select API Token Manager.
The API Token Manager dialog appears.
3. Open the ellipsis menu next to the API token to be deleted and select Delete.
The Delete API Token dialog appears with a warning message about the consequences of
deleting the token.
4. Click Delete.
The API token is removed from the list of API tokens
This chapter discusses the management of tenant organizations in the following sections:
Overview ............................................................................................................... 126
Create a new tenant organization ............................................................................ 129
Modifying an existing tenant organization ................................................................. 135
Deleting a tenant organization ................................................................................. 136
Overview
The multitenancy extension of the RBAC scheme enables a central organization to delegate
administrative capabilities to multiple tenant organizations.
Each tenant organization in a multitenant RBAC cluster has a subset of administrative privileges
defined by the global organization. The subset of administrative privileges also specifies the
cluster resources available to the tenant organization. The administrators of the tenant
organization can exercise these administrative privileges independently of each other and of the
cluster administrators.
Organizations must be set up by users with the Rubrik Administrator role. However, no additional
external privileges, such as specific Active Directory or Windows Domain permissions, are
required. See User Accounts for full details on RBAC administration and privilege levels.
A Rubrik cluster can have one central organization and any number of tenant organizations. An
organization is a collection of the following elements:
Protected objects
Replication and archival targets
SLA Domains
Local users
Active Directory users and groups
Service credentials
Reports
A central organization is administered by a user with the Administrator role. The Administrator role
has access to all cluster resources and grants privileges to other users, including tenant
organization administrators.
Tenant organization administrators can create new local users in the tenant organization and
assign the End-user or No Access roles to those users.
Note: Users that are part of tenant organizations can have different levels of cluster and
organization privileges. Users with the “No Access” role at both cluster and organization levels are
unable to log in to the Rubrik cluster. A user with the “No Access” cluster role that is part of a
tenant organization must have the “End User” role or higher within that organization to
successfully log in to the Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Create a new tenant organization 129
Multitenant Organizations
11.(Optional) Clear Create/Edit SLA to prevent a user or AD group with the Organization Admin
privilege level from creating or modifying an SLA Domain.
12.(Optional) Clear Manage Hosts to prevent a user or AD group with the Organization Admin
privilege level from managing hosts in the tenant organization.
13.(Optional) Clear Manage Users to prevent a user or AD group with the Organization Admin
privilege level from managing users and AD groups in the tenant organization.
14.Click Next.
The Protectable Objects section of the wizard appears, as shown in Figure 1.
Figure 1 Create Organization wizard - Protectable Objects section
Next task — Use the procedure in Protecting objects in an organization to continue creating the
organization.
Rubrik CDM Version 5.0 User Guide Create a new tenant organization 130
Multitenant Organizations
Rubrik CDM Version 5.0 User Guide Create a new tenant organization 131
Multitenant Organizations
Rubrik CDM Version 5.0 User Guide Create a new tenant organization 132
Multitenant Organizations
8. On the vSphere Web Client, right-click on the host and click Deploy OVF Template to install
the OVA disk image.
9. Select the downloaded OVA file as the template, and click Continue.
The virtual machine configuration page appears.
10.Type a name for the virtual machine and click Save.
Rubrik cluster saves the settings of the virtual machine.
Refer to VMware documentation for information on how to configure a virtual appliance.
11.On the Rubrik Envoy virtual appliance, connect one network interface card (NIC) to the service
provider network and the other to the tenant network.
12.Click Finish.
The virtual appliance is deployed to the vSphere environment.
13.Log in to the Rubrik Envoy virtual machine with the username and password generated when
the OVA is being deployed to the specific Rubrik cluster.
You can find the username and password by clicking the information icon on the Rubrik CDM
web UI Envoy configuration page.
14.Open a terminal session on the host.
15.Use the sudoedit command to change the network configuration.
sudoedit /etc/network/interfaces
There can be different ways to set up the network interfaces, such as using static network
settings for both interfaces or using static network settings on one interface and dynamic
settings on the other interface. Sample configuration settings can be found in the text file
included with the OVA package. Such samples are for reference only and are not exhaustive.
16.Use the ifdown and ifup commands to restart the eth0 and eth1 interfaces.
sudo ifdown eth0
sudo ifdown eth1
sudo ifup eth0
sudo ifup eth1
17.Use the ifconfig command to check the network configuration.
ifconfig
18.Make note of the IP addresses of the eth0 and eth1 interfaces.
The Rubrik Envoy agents run on the Rubrik Envoy virtual appliance.
Rubrik CDM Version 5.0 User Guide Create a new tenant organization 133
Multitenant Organizations
Next task — Use the procedure in Connecting Rubrik Envoy to finish creating the organization.
Rubrik CDM Version 5.0 User Guide Create a new tenant organization 134
Multitenant Organizations
Rubrik CDM Version 5.0 User Guide Modifying an existing tenant organization 135
Multitenant Organizations
12.(Optional) Follow the steps in Assigning protection resources to a tenant organization to edit
the resources that are assigned to a tenant organization.
13.(Optional) Click Envoy at the top of the “Edit Organization” page to edit the IP address and
port assigned to the tenant organization.
This IP address is the IP address of the interface connected to the service provider network.
14.Click Finish.
The Rubrik cluster modifies the tenant organization.
Rubrik CDM Version 5.0 User Guide Deleting a tenant organization 136
Chapter 5
Protection Policies
This chapter describes the SLA Domain feature and the available protection policies.
SLA Domain overview ............................................................................................. 138
Default SLA Domains .............................................................................................. 139
Custom SLA Domains .............................................................................................. 140
Snapshot window ................................................................................................... 146
First full backup ...................................................................................................... 147
SLA Domain changes .............................................................................................. 149
Delete an SLA Domain ............................................................................................ 153
Local SLA Domain management............................................................................... 154
Local SLA Domain page........................................................................................... 155
The SLA Domains feature simplifies data protection. Rubrik provides Gold, Silver, and Bronze
default SLA Domains that are ready for immediate use.
For example, an enterprise can choose to protect mission-critical databases with the data backup,
retention, replication, and archival policies specified in the Gold SLA Domain and protect web
servers through the policies defined in the Bronze SLA Domain.
Custom SLA Domains can be quickly and easily created. Create custom SLA Domains to apply to
groups of data sources. Use the custom SLA Domains to meet the data protection and retention
requirements of different groups of virtual machines, applications, and file system hosts.
Rubrik CDM Version 5.0 User Guide SLA Domain overview 138
Protection Policies
For each protected data source, SLA Domain policies generally result in the protection objects that
are described in Table 19.
Table 19 Data protection objects created by SLA Domain policies
Object Description
Snapshot An application consistent, point-in-time backup of a data source.
Replica Copy of a snapshot that resides on a remote Rubrik cluster that is designated as the
replication target.
Archival snapshot Copy of a snapshot that resides on a secondary storage host.
Rubrik CDM Version 5.0 User Guide Default SLA Domains 139
Protection Policies
Rubrik CDM Version 5.0 User Guide Custom SLA Domains 140
Protection Policies
Table 21 describes the frequency and retention rule types available in the Service Level Agreement
section.
Table 21 Rule types in the Service Level Agreement sectiona
Rule type Frequency Retention
Hourly Every n0 hours For n1 days
Daily Every n2 days For n3 days
Monthly Every n4 months For n5 years
Yearly Every n6 years For n7 years
a. The variables n0-n7 represent a user assigned number that defines a period in the associated units.
Table 22 describes the frequency and retention rule types available in the advanced Service Level
Agreement section.
Table 22 Rule types in the advanced Service Level Agreement sectiona
Rule type Frequency Retention
Hourly Every n0 hours For n1 days or n2 weeks
Daily Every n3 days For n4 days or n5 weeks
Weekly Every n6 weeks For n7 weeks
(On specified day of week)
Monthly Every n8 months For n9 months, n10 quarters, or n11 years
(On the first, 15th. or last day of the month)
Quarterly Every n12 quarters For n13 quarters or n14 years
Begin Quarter in (specify month)
(On the first or last day of the quarter)
Yearly Every n15 years For n16 years
Begin Year (specify month)
(On the first or last day of the year)
a. The variables n0-n16 represent a user assigned number that defines a period in the associated units.
For each rule type, the rule that initiates the creation of the retained snapshot is the rule type that
specifies the smallest frequency, such as the hourly rule. This occurs when a snapshot that is
initiated by another rule is the last successful snapshot for the defined period.
Each of the rule types described in Table 21 is referred to as an SLA Rule. Any snapshot created
based on an SLA Rule is referred to as a policy driven snapshot.
Rubrik CDM Version 5.0 User Guide Custom SLA Domains 141
Protection Policies
Base Frequency
The Base Frequency of an SLA Domain is the frequency at which snapshots must be created to
comply with all of the rules specified for the SLA Domain.
In general:
The Base Frequency normally corresponds to the frequency specified by the Hourly Rule.
When there is no Hourly Rule, the Base Frequency normally corresponds to the frequency
specified in the Daily Rule.
When both the Hourly Rule and the Daily Rule are not defined, the Base Frequency
corresponds to the frequency specified in the Monthly Rule.
When the Yearly Rule is the only rule defined, the base frequency corresponds to the frequency
specified in that rule.
Rubrik CDM Version 5.0 User Guide Custom SLA Domains 142
Protection Policies
Rubrik CDM Version 5.0 User Guide Custom SLA Domains 143
Protection Policies
Rubrik CDM Version 5.0 User Guide Custom SLA Domains 144
Protection Policies
Note: The maximum local retention period changes to the maximum retention period specified
in the SLA rules.
Rubrik CDM Version 5.0 User Guide Custom SLA Domains 145
Protection Policies
Move the slider to set the local retention period for the SLA Domain. The setting can be from 0
day up to the maximum local retention period defined in the SLA rules.
Note: An archival policy, a replication policy, or both must be specified before the local
retention period can be adjusted.
Local retention period provides information about the local retention period.
17.Click Create.
The Rubrik cluster creates the new SLA Domain and adds it to the Local SLA Domains page.
Next task — Assign data sources to the SLA Domain.
Snapshot window
A custom SLA Domain can optionally provide a snapshot window. A snapshot window defines a
period during each day when the Rubrik cluster is permitted to create snapshots for the data
sources that are assigned to the SLA Domain.
! IMPORTANT
When a backup is running and the current Snapshot Window closes, any currently running
backup will be allowed to complete, but no new backup job will be allowed to start.
4. In Take Snapshots From, click the left box and select the beginning time for the snapshot
window.
The Rubrik cluster waits until the specified time to initiate policy-based snapshots for this SLA
Domain.
5. In Take Snapshots From, click the right box and select the ending time for the snapshot
window.
The Rubrik cluster will not initiate policy-based snapshots for this SLA Domain after this time.
6. Complete any other changes and click Create (new SLA Domains) or Update (existing SLA
Domains).
The Rubrik cluster adds the snapshot window to the SLA Domain. The Rubrik cluster creates
snapshots for the SLA Domain only during the specified period each day.
Rubrik CDM Version 5.0 User Guide First full backup 147
Protection Policies
Rubrik CDM Version 5.0 User Guide First full backup 148
Protection Policies
Rubrik CDM Version 5.0 User Guide SLA Domain changes 149
Protection Policies
Rubrik CDM Version 5.0 User Guide SLA Domain changes 150
Protection Policies
Example 3 describes the results of decreasing the base frequency of an SLA Domain.
Retention Changes
Editing the SLA rules can change the retention period associated with snapshots. The new
retention period is applied to existing snapshots and to new snapshots. Edits can increase or
decrease retention period. In both cases, existing snapshots are impacted by the edits.
Rubrik CDM Version 5.0 User Guide SLA Domain changes 151
Protection Policies
Rubrik CDM Version 5.0 User Guide SLA Domain changes 152
Protection Policies
Rubrik CDM Version 5.0 User Guide Delete an SLA Domain 153
Protection Policies
Note: When data sources are assigned to the SLA Domain, a warning message appears. Click
OK to acknowledge the message. To delete the SLA Domain, first remove the data sources that
are assigned to the SLA Domain.
5. Click Delete.
Rubrik CDM Version 5.0 User Guide Local SLA Domain management 154
Protection Policies
Rubrik CDM Version 5.0 User Guide Local SLA Domain page 155
Protection Policies
Rubrik CDM Version 5.0 User Guide Local SLA Domain page 156
Protection Policies
Rubrik CDM Version 5.0 User Guide Local SLA Domain page 157
Chapter 6
Replication
This chapter provides information about replication policy, setting up replication, and using the
replication feature.
Replication overview ............................................................................................... 159
Replication target setup .......................................................................................... 160
Replication policy.................................................................................................... 166
Replication policy changes....................................................................................... 168
Manage Replications page ....................................................................................... 170
Replication monitoring and reporting........................................................................ 171
Remote SLA Domains.............................................................................................. 172
Remote data sources .............................................................................................. 175
Replication overview
When a replication policy is enabled for a local SLA Domain, the local Rubrik cluster (source Rubrik
cluster) rapidly copies snapshot and backup data for that SLA Domain to a remote Rubrik cluster
(target Rubrik cluster).
A source Rubrik cluster and a target Rubrik cluster use the Transport Layer Security (TLS) protocol
to encrypt all replication data-in-flight.
A Rubrik cluster can have multiple target Rubrik clusters. Each SLA Domain on the source can
direct replication to the target that best accomplishes business goals.
Also, a Rubrik cluster can be the target for many source Rubrik clusters.
When issues interfere with the network connection between the source Rubrik cluster and a target
Rubrik cluster, the replication task is retried. The Rubrik cluster retries the task every 30 seconds,
with up to 20 retries. This provides the ability to handle up to 10 minutes of network downtime
before the task fails.
! IMPORTANT
When constraints, such as limited bandwidth, interfere with the completion of all of the
replication tasks that are specified for an SLA Domain, the Rubrik cluster may skip
replication of older snapshots and backups to ensure that the newest data is successfully
replicated.
Note: IP addresses for the source and target clusters must be static in order for replication to
work properly. Floating IP addresses cannot be used.
Rubrik CDM Version 5.0 User Guide Replication target setup 160
Replication
The process is reversed for data packets sent from the target Rubrik cluster to the source Rubrik
cluster:
The target Rubrik cluster sends the data packet to a specified port on the gateway for the
source Rubrik cluster.
The gateway device forwards the data packet to one of the private IP addresses that is
assigned to a node on the source Rubrik cluster.
The source Rubrik cluster provides the data packet to the appropriate service and node on the
source Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Replication target setup 161
Replication
Rubrik CDM Version 5.0 User Guide Replication target setup 162
Replication
To use replication with NAT, follow the requirements described in Table 25.
Table 25 Requirements for replication using NAT
Requirement Description
Assigned ports on the target Assign incoming ports on the target gateway specifically for the
gateway replication processes. Each dedicated “replication” port on the target
gateway receives data packets from the source Rubrik cluster. A
minimum of one “replication” port on the target gateway is required, up to
a maximum of the number of Rubrik nodes on the target Rubrik cluster.
To provide redundancy, Rubrik recommends at least two “replication”
ports on the target gateway.
Port forwarding rules on the The target gateway uses port forwarding rules to forward the data
target gateway packets received on a target gateway “replication” port. The target
gateway forwards the data packets to port 7785 of the associated private
IP address that is assigned to a Rubrik node on the target Rubrik cluster.
Assigned ports on the source Assign incoming ports on the source gateway specifically for the
gateway replication processes. Each dedicated “replication” port on the source
gateway receives data packets from the target Rubrik cluster. A minimum
of one “replication” port on the source gateway is required, up to a
maximum of the number of Rubrik nodes on the source Rubrik cluster. To
provide redundancy, Rubrik recommends at least two “replication” ports
on the source gateway.
Port forwarding rules on the The source gateway uses port forwarding rules to forward the data
source gateway packets received on a source gateway “replication” port. The source
gateway forwards the data packets to port 7785 of the associated private
IP address that is assigned to a Rubrik node on the source Rubrik
cluster.
Address mapping
When setting up replication using NAT, communication between the source Rubrik cluster and the
target Rubrik cluster can use either of the following addressing methods:
One-to-one Network Address Translation (NAT)
Rubrik cluster utilizes a pool of public addresses that are mapped one-to-one to the private
addresses.
One-to-multiple Port Address Translation (PAT)
PAT is an extension to NAT that permits multiple private addresses and ports to be mapped to
a single public address.
Rubrik cluster utilizes a single public address and multiple ports that are mapped to multiple
private addresses. Each private address is associated with a “replication” port.
Rubrik CDM Version 5.0 User Guide Replication target setup 163
Replication
Rubrik CDM Version 5.0 User Guide Replication target setup 164
Replication
11.In Target Cluster Password, type the password for the account.
The source Rubrik cluster tests the replication information.
After a successful test, the source Rubrik cluster adds the replication relationship to the
Replication Clusters section of the Manage Replication page. The target Rubrik cluster also adds
the replication relationship to its Manage Replication page.
Note: When private IPv4 addressing is used, this method carries the potential for IP address
conflicts between the source Rubrik cluster and the target Rubrik cluster. To avoid this problem, be
sure each cluster uses different static IPv4 addresses.
Rubrik CDM Version 5.0 User Guide Replication target setup 165
Replication
Replication policy
Enable a replication policy for an SLA Domain to replicate the snapshot and backup data of the
source objects that are protected by the SLA Domain.
A replication policy specifies a replication target and determines how long replicas are kept on the
target. Replication policy is optional for an SLA Domain.
After enabling a replication policy, a slider provides two alternative settings that determine how
long replicas are kept. The first alternative specifies that only the most recent replica is kept. The
second alternative specifies that replicas are kept for the retention period that is specified by the
slider’s position, up to the Maximum Retention Period of the SLA Domain.
Table 26 describes the alternative slider position settings.
Table 26 Replication retention slider settings
Slider setting Replica retention
Far left, null position Retained until another replica is created.
Any position except the far left The period defined by the position of the slider, up to the Maximum
Retention Period of the SLA Domain
When a replication policy is set, the Rubrik cluster immediately begins creating replicas of
unexpired snapshots and backups. Snapshots or backups that existed before the replication target
was added to the Rubrik cluster are not replicated.
Rubrik CDM Version 5.0 User Guide Replication policy changes 168
Replication
Rubrik CDM Version 5.0 User Guide Replication policy changes 169
Replication
Rubrik CDM Version 5.0 User Guide Manage Replications page 170
Replication
The information cards in the Replication Clusters section use symbols to indicate the replication
configuration between the two Rubrik clusters, either unidirectional or bidirectional.
In addition to the replication configuration symbol, the information card provides the information
described in Table 27.
The information on the card is presented from the perspective of the local Rubrik cluster. The card
does not provide all replication information or the remote Rubrik cluster, only the information from
the association between the two clusters.
Table 27 Information provided by the Replication Clusters information card
Field Local section Remote section
Data Total amount of data replicated by the Total amount of data replicated by
remote Rubrik cluster to the local the local Rubrik cluster to the remote
Rubrik cluster. Rubrik cluster.
When the remote Rubrik cluster is the When the local Rubrik cluster is the
target of a unidirectional replication target of a unidirectional replication
association this section is empty. association this section is empty.
SLA Domains The number of remote SLA Domains The number of local SLA Domains
that replicate data to the local Rubrik that replicate data to the remote
cluster. Rubrik cluster.
Objects The number of remote objects that are The number of local objects that are
replicated to the local Rubrik cluster. replicated to the remote Rubrik
cluster.
Rubrik CDM Version 5.0 User Guide Replication monitoring and reporting 171
Replication
Rubrik CDM Version 5.0 User Guide Remote SLA Domains 172
Replication
Rubrik CDM Version 5.0 User Guide Remote SLA Domains 173
Replication
Rubrik CDM Version 5.0 User Guide Remote SLA Domains 174
Replication
Note: To go directly to the page for a remote data source, type the name of the data source in the
search box on the top bar of the Rubrik CDM web UI and select the remote data source from the
results list.
Rubrik CDM Version 5.0 User Guide Remote data sources 175
Replication
Rubrik CDM Version 5.0 User Guide Remote data sources 176
Replication
Rubrik CDM Version 5.0 User Guide Remote data sources 177
Replication
Rubrik CDM Version 5.0 User Guide Remote data sources 178
Chapter 7
Archiving
This chapter provides information about archival policy, setting up archival locations, and using the
archival feature.
Overview ............................................................................................................... 180
Archival policy ........................................................................................................ 183
Archival policy changes ........................................................................................... 187
Archival location configuration ................................................................................. 190
Amazon S3............................................................................................................. 191
Amazon Glacier ...................................................................................................... 196
Google Cloud Platform ............................................................................................ 201
Microsoft Azure....................................................................................................... 204
Object storage system ............................................................................................ 209
NFS share .............................................................................................................. 213
QStar tape archive .................................................................................................. 216
Reader-writer archival model ................................................................................... 219
Disaster recovery using an archival location .............................................................. 223
Tests for disaster recovery using an archival location................................................. 234
Cascading archival .................................................................................................. 235
Archival consolidation.............................................................................................. 238
Archival location proxy ............................................................................................ 240
Archival lifecycle best practices ................................................................................ 243
Archival location removal......................................................................................... 243
Overview
An SLA Domain can include an archival policy that instructs the Rubrik cluster to copy protected
data to an archival location. The archival policy specifies the archival location to use, how soon
after a backup the data is copied, and how long the data is retained.
The Rubrik cluster supports the following archival location types:
Amazon S3
Amazon Glacier
Google Cloud Platform
Azure
Object Store
NFS
Tape
Multiple archival locations and types can be added to a Rubrik cluster. The archival policy of an SLA
Domain can only specify one archival location but each SLA Domain can specify a different archival
location.
Archival workflow
Archiving data to an archival location follows a standard workflow. As one of the steps in that
workflow, the Rubrik cluster determines whether to upload an incremental or full copy of the
archival snapshot.
The following steps describe the typical sequence of tasks that a Rubrik cluster performs to satisfy
the archival policy of an SLA Domain.
1. Based on the archival policy initiate an archival task.
2. Determine the most recent existing archival snapshot from the data source.
3. Use the factors described in Table 32 to determine whether to run an Incremental upload or a
Full upload of the snapshot.
4. Check that the required space is available.
5. Prepare the metadata for the new archival snapshot.
6. Create a local copy of the archival snapshot data.
7. Upload archival snapshot data to the archival location.
8. Verify the integrity of the uploaded data.
9. When the local copy of the index file for the snapshot is ready, upload a copy of the index file
to the archival location.
10.Upload the metadata for the new archival snapshot to the archival location.
Table 32 describes the factors used by a Rubrik cluster to determine when a full upload of an
archival snapshot is required.
The percent change rate factor means that the more changes that occur in a data source the more
frequent the Rubrik cluster will upload full snapshots of that data source.
The minimum time to upload check on the percent change rate factor ensures that at least a
minimum amount of time exists between most recent archival snapshot and the current snapshot.
When a full upload is not required, the Rubrik cluster uploads an incremental with only the data
that has changed since the last snapshot.
! IMPORTANT
Even though a Rubrik cluster can upload data to multiple archival locations, each archival
location can only be associated with one Rubrik cluster. In other words, archival locations
cannot be shared by multiple Rubrik clusters for any reason.
Archival policy
An archival policy defines how long to retain data within the local Rubrik cluster before moving the
data to an archival account for long term storage. Archival policy is optional for an SLA Domain.
When available, the Rubrik cluster uses an encrypted connection to transfer data to an archival
location. The Rubrik cluster deduplicates, compresses, and, when supported by the archival
location, encrypts all data that is stored at the archival location.
Instant Archive
The Instant Archive feature can be enabled to instruct the Rubrik cluster to immediately queue a
task to copy a new snapshot to a specified archival location.
When an SLA Domain has the Instant Archive feature enabled, the Rubrik cluster queues a task to
copy a snapshot to the associated archival location as soon as the snapshot is processed.
The Instant Archive feature does not change the amount of time that a snapshot is retained locally
on the Rubrik cluster. The Retention On Brik setting determines how long a snapshot is kept on the
Rubrik cluster.
Note: Instant Archive is not supported for tape archival locations or Amazon Glacier.
8. In the archival location field, select one of the configured archival locations.
9. Complete any other changes.
For example, change the Retention On Brik setting, as described in Creating a custom SLA
Domain.
10.Click Create or Edit.
The Rubrik cluster adds the archival policy to the SLA Domain and applies it to the existing
snapshots and the new snapshots for data sources assigned to the SLA Domain.
Example 6 describes the results of an archival policy without Instant Archive.
Rubrik CDM Version 5.0 User Guide Archival policy changes 187
Archiving
! IMPORTANT
Disabling archival policy for an extended period, then re-enabling archival policy, can result
in a backlog that will temporarily delay the expiration of snapshots.
Rubrik CDM Version 5.0 User Guide Archival policy changes 188
Archiving
Rubrik CDM Version 5.0 User Guide Archival Locations page 189
Archiving
Rubrik CDM Version 5.0 User Guide Archival location configuration 190
Archiving
Amazon S3
The Rubrik cluster supports Amazon S3 as an archival location with data encryption provided by an
RSA key.
An Amazon S3 archival location can be configured to use one of the following storage classes:
Standard
Standard Infrequent Access
Reduced Redundancy
The storage class can be edited after the archival location is added. The Rubrik cluster applies the
new storage class to data that is archived after a change.
Refer to Amazon's S3 documentation for more information about storage classes and the Amazon
pricing structure.
! IMPORTANT
After successfully completing the following task, only the access key ID, the secret key, and
the storage class can be changed. Confirm all information before starting the task, and
check the provided information before finalizing the task.
http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html
11.In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
12.In Encryption Type, select RSA Key.
13.In RSA Key, paste the RSA key for encrypting data for the selected region.
! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.
! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.
27.Click Save.
28.To configure compute proxy settings, click Compute Proxy Settings.
If configured, all API calls for instantiating a virtual machine on the archival location is routed
over the compute proxy.
29.In Protocol, select a protocol.
30.In Proxy Server (IP or FQDN), type the compute proxy server IP address or FQDN. network.
31.In Port Number, type the port number of the compute proxy server.
32.In Username, type the username for the compute proxy server.
33.In Password, type the password of the compute proxy server.
34.Click Save.
The Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information.
The Advanced Settings page appears with the Cloud Compute Settings menu selected.
Configuring cloud compute settings is required in order for Rubrik cluster to launch a
temporary Rubrik instance on the cloud.
9. (Optional for CloudOn) In Virtual Network ID, copy and paste the resource ID of the virtual
network.
10.(Optional for CloudOn) In Subnet ID, copy and paste the name of the virtual network.
11.(Optional for CloudOn) In Security Group, copy and paste the name of the network security
group.
12.Click Save.
13.(For CloudOn) To configure archival proxy settings, click Archival Proxy Settings.
If configured, all backup or restore data and metadata pertaining to an archival location is
transferred via the archival proxy.
14.(For CloudOn) In Protocol, select a protocol.
15.(For CloudOn) In Proxy Server (IP or FQDN), type the archival proxy server IP address or
FQDN.
16.(For CloudOn) In Port Number, type the port number of the archival proxy server.
17.(For CloudOn) In Username, type the username for the archival proxy server.
18.(For CloudOn) In Password, type the password of the archival proxy server.
19.Click Save.
20.(For CloudOn) To configure compute proxy settings, click Compute Proxy Settings.
If configured, all API calls for instantiating a virtual machine on the archival location is routed
over the compute proxy.
21.(For CloudOn) In Protocol, select a protocol.
22.(For CloudOn) In Proxy Server (IP or FQDN), type the compute proxy server IP address or
FQDN. network.
23.(For CloudOn) In Port Number, type the port number of the compute proxy server.
24.(For CloudOn) In Username, type the username for the compute proxy server.
25.(For CloudOn) In Password, type the password of the compute proxy server.
26.Click Save.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
Amazon Glacier
The Rubrik cluster supports Amazon Glacier as an archival location.
Amazon Glacier is an extremely low-cost cold storage service intended for long-term (months and
years) storage of large amount of very infrequently-accessed data. The following are major
characteristics and differences compared to the Amazon S3 storage service.
Glacier works with vaults similar to buckets in Amazon S3.
Glacier manages archives whereas Amazon S3 manages objects.
Users upload objects to Amazon S3 (and other object stores) and specify the names (which can
be full path names) for these objects, which can later be used to query and download these
objects. Users upload archives to Glacier and cannot specify names for these archives. On a
successful upload, Glacier assigns a unique archiveId to an archive and returns it to the user. It
is user's responsibility to track this archiveId for each archive uploaded.
Glacier allows adding description to each archive which is used to track additional information
(like the archive's name on the cluster).
Glacier archives are immutable. Once uploaded, they cannot be modified.
Glacier does not support synchronous instantaneous downloads of archives. Glacier supports
only asynchronous retrieval of archives, where user first submits a job to retrieve an archive
and then downloads the archive when it's ready for retrieval.
Glacier supports three levels of retrieval tiers, which determine how long it can potentially take
for archives to be ready for download. This wait can be from minutes to hours depending on
the retrieval tier chosen.
Glacier supports Vault Lock Policy for vaults. Once applied, the archives in the vault are
protected and cannot be deleted based on the policy.
Glacier does not support synchronous query to list all archives (similar to listObjects in Amazon
S3). User first submits a job to retrieve vault inventory and then downloads the inventory
information when ready.
Glacier vault cannot be deleted unless it is empty.
Note: Refer to Amazon's Glacier documentation for more information about storage classes and
the Amazon pricing structure.
! IMPORTANT
Deletion of a Glacier location with vault lock policy enabled is not supported if there are any
snapshots protected by the vault lock policy.
Do not manage the vault lock policy directly from the Amazon Glacier management console for
vaults used as an archival target from Rubrik cluster. It can create inconsistency and unexpected
results.
12.In Re-Enter Encryption Password, type the encryption password to recover the Glacier
archive.
! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.
Note: See Glacier Vault Lock operations for additional information on using Vault Lock Policy.
15.If Enable Vault Lock Policy is configured, set File Lock Period (days).
16.Click Add.
If Vault Lock Policy is not enabled, the archival location card will appear with a solid bar across
the top of the card.
If Vault Lock Policy is enabled, the archival location card will appear with moving bar across the
top of the card.
17.(optional) If Vault Lock Policy is enabled, open the ellipsis menu on the archival location card
and select Verify Vault Lock Policy.
Note: If you do not verify Vault Lock Policy within 24 hours, it will be automatically canceled.
Note: Refer to Google's Cloud Platform documentation for more information about storage classes
and the Google pricing structure.
Rubrik CDM Version 5.0 User Guide Google Cloud Platform 201
Archiving
Note: See Table 35 for additional information on Google Cloud Platform fields.
6. In Region, select a Regional or Multi-regional location which will host the archival data.
• Regional locations - Data is stored in one bucket in a single geographic location within the
specified region.
• Multi-regional locations - Data is geo-redundant and data is stored in multiple geographic
locations.
Rubrik CDM Version 5.0 User Guide Google Cloud Platform 202
Archiving
7. In Storage Class, Rubrik will create a bucket with the appropriate Storage Class.
• Standard uses Regional or Multi-regional storage class based on the selection in the
previous field.
• Durable Reduced Availability is a legacy Storage class that is now superseded by Regional
class.
8. In Bucket, enter the bucket name.
• The bucket name needs to be unique across Google Cloud Platform.
• The bucket name can correspond to an existing bucket can be created through the Rubrik
CDM (recommended).
9. In Encryption Password, type the encryption password to recover the Google Cloud Platform
archive.
10.In Re-Enter Encryption Password, type the encryption password to recover the Google
Cloud Platform archive.
! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.
11.In Archival Location Name, accept the default archival location name or specify a custom
name.
12.In Service Account JSON Key, paste the contents of the JSON file obtained from Google
Cloud Platform.
13.Click Add.
The Archival Location can now be assigned to SLA Domains.
Rubrik CDM Version 5.0 User Guide Google Cloud Platform 203
Archiving
Microsoft Azure
The Rubrik cluster supports Microsoft Azure as an archival location.
Before you begin. Complete the tasks described in Preparing Microsoft Azure as an archival
location.
! IMPORTANT
Microsoft Azure has a 500 TB data storage limit for each container and for each storage
account. Plan archival usage to ensure that the data storage requirements for any single
container and storage account do not exceed this limit.
9. In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
10.In Instance Type, select the Cloud Platform type of this archival location.
Select one of the following:
• Azure Default – All regions except: China, India, and Azure Government.
• Azure Government – Regions: US Gov Iowa and US Gov Virginia.
• Azure China – Regions: China North and China East.
• Azure Germany – Germany.
11.In RSA Key, paste the RSA key.
The Rubrik cluster uses the RSA key to encrypt the archived data.
! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.
18.(For CloudOn) In Port Number, type the port number of the archival proxy server.
19.(For CloudOn) In Username, type the username for the archival proxy server.
20.(For CloudOn) In Password, type the password of the archival proxy server.
21.Click Save.
22.(For CloudOn) To configure compute proxy settings, click Compute Proxy Settings.
If configured, all API calls for instantiating a virtual machine on the archival location is routed
over the compute proxy.
23.(For CloudOn) In Protocol, select a protocol.
24.(For CloudOn) In Proxy Server (IP or FQDN), type the compute proxy server IP address or
FQDN. network.
25.(For CloudOn) In Port Number, type the port number of the compute proxy server.
26.(For CloudOn) In Username, type the username for the compute proxy server.
27.(For CloudOn) In Password, type the password of the compute proxy server.
28.Click Save.
The Rubrik cluster stores the information.
To configure additional Microsoft Azure settings, use the Azure portal.
If configured, all API calls for instantiating a virtual machine on the archival location is routed
over the compute proxy.
30.(For CloudOn) In Protocol, select a protocol.
31.(For CloudOn) In Proxy Server (IP or FQDN), type the compute proxy server IP address or
FQDN. network.
32.(For CloudOn) In Port Number, type the port number of the compute proxy server.
33.(For CloudOn) In Username, type the username for the compute proxy server.
34.(For CloudOn) In Password, type the password of the compute proxy server.
35.Click Save.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
The Rubrik cluster stores the updated information.
To configure additional Microsoft Azure settings, use the Azure portal.
Note: Rubrik does not support HDS systems with the HDS server-side
encryption enabled.
HDS systems have a 2 TB limit on file size and do not support multi-part
uploads.
Scality Scality object storage system.
Scality has some limitations on file listing capabilities that prevent full
Amazon S3 API compatibility.
Rubrik CDM Version 5.0 User Guide Object storage system 209
Archiving
Rubrik CDM Version 5.0 User Guide Object storage system 210
Archiving
Note: When the provided credentials do not have bucket creation permissions, use the object
storage system management console to manually create the required buckets before
completing this task.
11.In Number of Buckets, type the number of buckets assigned to the Rubrik cluster.
Type an integer value that is greater than or equal to one.
12.In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
Rubrik CDM Version 5.0 User Guide Object storage system 211
Archiving
! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.
14.Click Add.
The Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information.
Editing the object storage system access key and secret key
Provide more security for the archived data by regularly changing the access key and secret key
for the object storage system. Also, when necessary, edit the display name.
Before you begin. On the object storage system, change the access key and secret key assigned to
the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu.
5. Select Edit.
The Edit Archival Location dialog box appears.
6. (Optional) In Access Key, type the new access key.
7. (Optional) In Secret Key, type the new secret key.
8. (Optional) In Archival Location Name, type a new display name.
9. Click Edit.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
Rubrik CDM Version 5.0 User Guide Object storage system 212
Archiving
NFS share
The Rubrik cluster supports using an NFS share, or an EMC Isilon NFS share, as an archival
location.
! IMPORTANT
The folder specified in the next step must be empty, or only contain files that were
written by the Rubrik cluster. Any other data in the folder will be overwritten by archival
data.
8. In Destination Folder Name, type the name of the target folder beneath the NFS mount
point.
Use the folder name, not the full path. For example, type Cluster1 when the full path is
/export/RubrikArchive/Cluster1.
9. In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
! IMPORTANT
The value provided in the next step, for Encryption Password, must be safely stored and
kept secure. If the source Rubrik cluster becomes unavailable for any reason, decryption
of the archival data by a second Rubrik cluster requires the password. Without the
password, the archival data cannot be recovered.
! IMPORTANT
Do not edit the connection information for an NFS archival location to point to a new export.
This will cause data corruption and data unavailability.
11.Click Edit.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
Rubrik CDM Version 5.0 User Guide QStar tape archive 216
Archiving
Rubrik CDM Version 5.0 User Guide QStar tape archive 217
Archiving
10.In QStar User Name, type the name for a user account.
The specified user account must have permission to mount an Integral Volume set from an
external system and to perform read and write operations on the mounted Integral Volume set.
11.In QStar Password, type the password for the user account.
! IMPORTANT
This password must be stored safely as disaster recovery cannot be performed without
this password.
Rubrik CDM Version 5.0 User Guide QStar tape archive 218
Archiving
7. (Optional) In Archival Location Name, type a new display name for the archival location.
8. (Optional) In QStar User Name, type the name for a new user account.
9. (Required when password changes) In QStar Password, type the new password.
10.Click Edit.
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
Note: A pair of clusters can be setup as reader and writer for archival or can be setup for
replication. Reader-writer archival and replication is not supported on the same Rubrik cluster pair.
The four possible states for an archival location are described in Table 37.
Table 37 Archival location states
Archival location states Description
Owner The archival location is owned by the cluster and is active for archiving. The
owner cluster has full read-write access to the archival location. There can
be only one owner for each archival target at an archival location.
Paused An archival location on the owner cluster which is currently paused for
archiving.
Reader The archival location created on a cluster for read-only purposes. The
reader cluster can recover snapshots from the archival target but cannot
archive new snapshots or expire any existing snapshots. There can be more
than one reader cluster to the same archival target concurrently. The owner
cluster has no knowledge of any reader cluster accessing the archival target.
Deleted Once an archival location is no longer needed, it can be deleted from a
cluster. Deleting an archival location from a reader cluster has no effect on
the archival target or the owner cluster.
The supported operations for each archival state are described in Table 38.
Table 38 Supported operations for archival states (page 1 of 2)
Archival states Upload Download Expire and delete SLA mapping
Owner Yes Yes Yes Yes
Paused No Yes No No
Reader No Yes Yes Yes
Rubrik CDM Version 5.0 User Guide Reader-writer archival model 219
Archiving
Rubrik CDM Version 5.0 User Guide Reader-writer archival model 220
Archiving
Rubrik CDM Version 5.0 User Guide Reader-writer archival model 221
Archiving
Pausing an archive
Use the Rubrik CDM web UI of the owner cluster to pause an archival location. Pausing suspends
archival activity but does not change the status of the owner cluster.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
4. Select an archival location.
5. Click the ellipsis and select Pause Archival.
The Pause Archival Location dialog box appears.
6. Click Pause.
If there are currently jobs running, the current jobs will complete before the archive is paused.
When the archival location is paused the border of the dialog box changes from teal to orange.
Rubrik CDM Version 5.0 User Guide Reader-writer archival model 222
Archiving
The recovery cluster only obtains exclusive (write) access if it is promoted. This requires using the
credentials of the original Rubrik cluster to authenticate with the archival location. The recovery
Rubrik cluster obtains Read-Only access to the archived data.
The recovery cluster can still connect as a reader while the owner cluster is still active, as long as
the user does not intend to promote the reader cluster.
A cluster for recovery should be connected to an existing archival target only when the original
cluster is lost or has deleted the location and no longer wants to access the archival target.
Disaster recovery from an archival location is available for any of the following archive types:
Amazon S3
Amazon Glacier
Google Cloud Platform
Microsoft Azure
Object storage system
NFS share
QStar tape archive
! IMPORTANT
To re-enable the existing archival policies of the original SLA Domains, the archival location
must also be added to the recovery Rubrik cluster as described in Archival location
configuration.
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 223
Archiving
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 224
Archiving
13.(RSA key only) In RSA Key, paste the RSA key that was used to encrypt the archival data on
the original Rubrik cluster.
14.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
15.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
16.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.
17.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 225
Archiving
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 226
Archiving
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 227
Archiving
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
14.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
15.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared a refresh is processed before the promotion process.
16.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 228
Archiving
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 229
Archiving
27.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 230
Archiving
11.In RSA Key, paste the RSA key that was used to encrypt the archival data on the original
Rubrik cluster. This password must match the encryption password from the original owner
cluster.
12.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
13.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
14.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.
15.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 231
Archiving
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 232
Archiving
Rubrik CDM Version 5.0 User Guide Disaster recovery using an archival location 233
Archiving
13.Click Connect.
The recovery Rubrik cluster tests the keys and connection information and, after a successful
test, stores the keys and connection information.
The recovery Rubrik cluster connects the archival location for read-only access. A gray border
on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the cluster is
recovering metadata from the archival location.
14.Open the ellipsis menu on the page bar, and select Promote to Owner.
The Promote to Owner dialog box appears.
15.(Refresh not required) Select The owner cluster has not modified the archival location
since the last refresh.
When this field is cleared, the Rubrik cluster performs a metadata refresh before the promotion
process.
16.Click Promote.
The selected Rubrik cluster assumes the owner cluster role and recovery from the archival location
can be started.
4. After the initial metadata recovery by the reader cluster, use the owner cluster to upload new
snapshots.
The reader cluster will not see the new snaps shots until a metadata refresh occurs.
Rubrik CDM Version 5.0 User Guide Tests for disaster recovery using an archival location 234
Archiving
5. From the reader cluster, perform a metadata refresh to get the most recent view of the
location’s archived metadata.
This captures any snapshots that were created while the metadata was originally synchronized.
Refresh can be a time consuming operation. The entire archival location must be scanned for
metadata files.
Cascading archival
Use the cascading archival feature to replicate data from a source Rubrik cluster to a target Rubrik
cluster and then archive the data from the target Rubrik cluster.
Cascading archival combines the ability to rapidly replicate data from a remote site to a central site
with the cost-saving benefit of moving the replicated data to an archival location.
Source Rubrik cluster On the source Rubrik cluster Specifies how long is data is kept locally
SLA Domain > Remote Settings on the source Rubrik cluster.
>Retention on Brik
Target Rubrik cluster On the source Rubrik cluster Specifies how long the data is kept locally
SLA Domain > Remote Settings on the target Rubrik cluster.
>Replication
Archival location On the target Rubrik cluster Specifies how long the data is kept at the
SLA Domain > Remote Settings cascading archival location.
>Archival
! IMPORTANT
The maximum retention setting on the source Rubrik cluster also determines the maximum
retention of replicated data on the target Rubrik cluster and on the cascading archival
location. Shortening the maximum retention of the source SLA Domain will expire data
sooner on the source Rubrik cluster, the target Rubrik cluster, and on the archival location.
For an extreme example, setting the maximum retention on the source Rubrik cluster to 0
will expire the data immediately on the source Rubrik cluster, the target Rubrik cluster, and
the archival location.
9. Click Create.
It can take several minutes for the replication changes to propagate to other clusters.
From the target Rubrik cluster, complete the following steps.
1. From the Rubrik CDM web UI, select SLA Domains > Remote Domains.
The Remote SLA Domains dialog box appears.
2. Select the source Rubrik cluster SLA Domain.
3. Click Edit Archival Policy.
The Edit Archival Policy dialog box appears.
4. Configure the archival policy for the target Rubrik cluster.
5. Click Update.
The archival policy is configured.
Archival consolidation
Enabling Archival consolidation frees storage on the archival storage as snapshots are expired.
When archival consolidation is enabled, Rubrik merges the expired set of snapshots with the next
live snapshot. This helps free up some storage and reduce the snapshot chain length. With
reduced snapshot chain length, there is no need for Rubrik to upload another full snapshot after
the first one. This usually triggers incremental-forever archival.
With archival consolidation enabled, Rubrik might occasionally upload a full snapshot when the
following conditions are met simultaneously:
More than 15 days have lapsed since the last full snapshot was uploaded.
Of the current incremental snapshots that are dependent on the most recently uploaded full
snapshot, more than 60 incremental snapshots are unexpired in the coming 30 days.With archival
consolidation enabled, Rubrik will consolidate on a snapshot chain if one of following conditions is
met:
There are at least five expired snapshots in the snapshot chain and the sum of their physical
sizes is at least 15% of the logical full
There are at least 40 expired snapshots in the snapshot chain
If the archival consolidation is on Amazon S3 or Microsoft Azure, one of the following conditions
must also be met for consolidation on a snapshot chain:
The cost of storage saved (after consolidation has run) is at least 1.5 times greater than the
cost of consolidating it
It has been at least 30 days since we last run consolidation for the snapshot chain
Before you begin — Ensure that the connectivity between the Brik and the customer VPC is
established. Contact your Rubrik account team to enable this connectivity.
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
When creating a new archival location, depending on the archival location type, click Enable
Archive Consolidation, then click Save.
• For NFS and Object Store, the Enable Archive Consolidation is on the Add Archival Location
page.
• For Amazon S3 and Azure, the option is under Advanced Settings > Cloud Compute
Settings.
Alternatively, select an existing archival location, click the ellipsis, select Edit. When the Edit
Archival Location dialog box appears, check Enable Archival Consolidation, then click Edit.
Archival consolidation is enabled.
Note: Archival location proxy facilitates archival over a private VPN connection.
Rubrik CDM Version 5.0 User Guide Archival location proxy 240
Archiving
Rubrik CDM Version 5.0 User Guide Archival location proxy 241
Archiving
Rubrik CDM Version 5.0 User Guide Archival location proxy 242
Archiving
Vendor Notes
Amazon Web • In the AWS Console, move older objects in the S3-Standard Storage Class to
Services S3-Infrequent Access Storage Class.
• Rubrik cluster does not support Lifecycle management to Glacier.
• When a snapshot is transitioned from S3-Standard Storage Class to S3-Infrequent
Access Storage Class, keep the snapshot in the S3-Infrequent Access Storage Class
for a minimum of 30 days to avoid early deletion charges as defined in your SLA
Domain retention policy.
Microsoft Azure • Through Azure, move older objects from the Hot storage tier to the Cool storage tier.
Blob Storage • Rubrik cluster does not support Lifecycle management to the Archival storage tier.
• When a snapshot is transitioned from Hot storage tier to Cool storage tier, keep the
snapshot in the Cool storage tier for a minimum of 30 days to avoid early deletion
charges as defined in your SLA Domain retention policy.
Google Cloud • Through GCP, move older objects to Nearline or Coldline storage.
Storage • When a snapshot is transitioned to Nearline or Coldline storage, keep the snapshot in
the Nearline storage for a minimum of 30 days or Coldline storage for a minimum of 90
days to avoid early deletion charges as defined in your SLA Domain retention policy.
Rubrik CDM Version 5.0 User Guide Archival lifecycle best practices 243
Archiving
! IMPORTANT
An SLA Domain cannot use a disconnected archival location for archiving. When an archival
location is disconnected, all SLA Domains that use that archival location are set to Not
Archiving. To provide an archival policy for an SLA Domain that had the archival location
disconnected, edit the SLA Domain to add a new archival location.
Rubrik CDM Version 5.0 User Guide Archival location removal 244
Archiving
! IMPORTANT
Expired data stored at a deleted archival location cannot be retrieved by the Rubrik cluster.
To meet SLA requirements, wait until all data that is stored through a disconnected archival
location has exceeded the retention periods that are specified by the associated SLA
Domains.
Rubrik CDM Version 5.0 User Guide Archival location removal 245
Chapter 8
Hyper-V Virtual Machines
This chapter describes how to protect and manage data from Microsoft Hyper-V virtual machines.
Overview ............................................................................................................... 247
Virtual machine protection....................................................................................... 247
Rubrik Backup Service software for SCVMM .............................................................. 248
Rubrik Backup Service software for non SCVMM........................................................ 253
SLA Domain assignment.......................................................................................... 258
Finding protection objects ....................................................................................... 262
Protection consequences ......................................................................................... 265
Local host page ...................................................................................................... 267
Virtual machine snapshots....................................................................................... 272
Archival snapshots .................................................................................................. 275
Recovery and restore of virtual machine data ........................................................... 276
Recovery of virtual machines ................................................................................... 276
Recovery of folders and files.................................................................................... 284
Unmanaged data .................................................................................................... 290
Rubrik CDM Version 5.0 User Guide Hyper-V Virtual Machines 246
Hyper-V Virtual Machines
Overview
A Rubrik cluster provides data management and protection for virtual machines that are deployed
in a Microsoft Hyper-V environment. The Rubrik cluster can manage and protect virtual machines
in an environment with multiple Hyper-V servers and virtual machines.
Rubrik invokes the Windows Management Instrumentation (WMI) APIs to communicate with the
hypervisor directly for a first full and forever incremental set of backups via Resilient Change
Tracking (RCT). Data is ingested over the SMB protocol to the Rubrik cluster in a secure manner.
There is no requirement to have SCVMM installed in your environment.
SLA policies can be applied anywhere in the hierarchy stack: the SCVMM host, the cluster, host, or
virtual machine levels. The Rubrik cluster provides a variety of methods to recover virtual
machines and to restore protected data. Recover virtual machines and restore data by using
snapshots, replicas, and archival snapshots.
Rubrik supports any Hyper-V based Windows or Linux virtual machines using the Rubrik Backup
Service. The Rubrik Backup Service is a connector that self manages after initial deployment.
Hyper-V host refers to a Windows Server with the Hyper-V role installed.
Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA
Domain assigned to a parent object.
Objects from which a virtual machine can inherit are the following virtualization system entities:
Rubrik clusters support three Hyper-V hierarchies for protection:
Hyper-V SCVMM > Hyper-V Cluster > Hyper-V Clustered Hosts > Hyper-V VMs on Clustered
Hosts
Hyper-V Cluster > Hyper-V Clustered Hosts > Hyper-V VMs on Clustered Hosts
Hyper-V Standalone Host > Hyper-V VMs on Standalone Host
The automatic protection mechanism simplifies assigning protection to large numbers of virtual
machines and provides an easy method to uniformly assign specific SLA Domains to groups of
functionally similar virtual machines.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
During SLA Domain assignment, the Rubrik cluster displays the objects that have individual
assignments which conflict with the new assignment. For each conflicting object, the Rubrik
cluster permits an administrator to choose to retain the individual setting or apply the new setting.
! IMPORTANT
The Rubrik Backup Service software can only be used with the Rubrik cluster from which
the software is obtained. Each Rubrik cluster generates a copy of the Rubrik Backup Service
software that includes authentication information specific to that Rubrik cluster. This
method ensures that the Rubrik cluster and a hosted deployment of the Rubrik Backup
Service can reliably authenticate each other.
Rubrik provides automatic upgrade of the Rubrik Backup Service software as part of a general
upgrade of the Rubrik cluster software. After upgrading the Rubrik cluster software, the Rubrik
cluster automatically upgrades the Rubrik Backup Service software on all protected hosts.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 248
Hyper-V Virtual Machines
Prerequisites
The following prerequisites are required for SCVMM hosts supported by Rubrik:
Rubrik version 4.1 or later
Hyper-V Server 2016 or later
Hyper-V host must be joined to one of the Active Directory domains that the Rubrik cluster is a
member of
Create a Run As Account that is a member of the local Administrators group on the Hyper-V
servers being managed
Virtual machines must be Configuration 8 or later
For versions of Hyper-V that are older than Hyper-V 2016, use volume snapshots, or install the
Rubrik Backup Service on each virtual machine.
Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI
Obtain the Rubrik Backup Service software from the Rubrik CDM web UI of the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > Hyper-V VMs.
The VMs tab of the Hyper-V VMs page appears.
3. Click Add SCVMMs.
The Add SCVMM dialog box appears.
4. In the IP or Hostname field, type the IP address or Hostname of the SCVMM.
5. In the Run As Account field, specify the Run As account.
6. (optional) Click the Add Rubrik Backup Service to other hosts if you want the Rubrik Backup
Service to automatically install on hosts within SCVMM.
Next task — Install the connector software on SCVMM.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 249
Hyper-V Virtual Machines
! IMPORTANT
When installing the Rubrik Backup Service software, the security certificate file must be
in the same folder as the Windows Installer Package.
3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package, RubrikBackupService.msi.
The Windows Installer Package installs the Rubrik Backup Service software and incorporates
the security certificate into the installation.
4. Create a directory, RubrikBackupService.cr on a host that can access the virtual machine
manager console.
5. Copy the .msi, .crt, and ,cmd files to the RubrikBackup.cr folder.
6. Open the SCVMM console. Navigate to Library > Library Servers > MSSCVMMLibrary >
ApplicationFrameworks.
7. Right-click on ApplicationFrameworks and select Explore.
8. Copy the RubrikBackupService.cr folder and paste it into ApplicationFrameworks.
9. Right-click on ApplicationFrameworks and select Refresh. Confirm RubrikBackupService.cr
is listed as a custom resource.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 250
Hyper-V Virtual Machines
Note: Removing the Rubrik Backup Service from a Windows host also removes the connection
between the Windows host and the Rubrik cluster. The Rubrik cluster designates any retained
snapshots as relics. Use the Snapshot Retention page to manually manage the relics, as described
in Retention Management.
1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.
3. Type appwiz.cpl, and press OK.
The Uninstall or change a program window appears.
4. Right-click Rubrik Backup Service, and click Uninstall/Change.
5. Follow the prompts to remove the application.
The uninstaller removes the Rubrik Backup Service software. The Rubrik cluster designates any
retained snapshots as relics.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 251
Hyper-V Virtual Machines
To enable Failover Clustering, use the Windows Server Manager, then select the Add Roles and
Features Wizard to add the Failover Clustering feature.
The Failover Clustering Tools include the Failover Cluster Manager snap-in, the Failover Clustering
Windows PowerShell cmdlets, the Cluster-Aware Updating (CAU) user interface and Windows
PowerShell cmdlets, and related tools.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for SCVMM 252
Hyper-V Virtual Machines
! IMPORTANT
The Rubrik Backup Service software can only be used with the Rubrik cluster from which
the software is obtained. Each Rubrik cluster generates a copy of the Rubrik Backup Service
software that includes authentication information specific to that Rubrik cluster. This
method ensures that the Rubrik cluster and a hosted deployment of the Rubrik Backup
Service can reliably authenticate each other.
Rubrik provides automatic upgrade of the Rubrik Backup Service software as part of a general
upgrade of the Rubrik cluster software. After upgrading the Rubrik cluster software, the Rubrik
cluster automatically upgrades the Rubrik Backup Service software on all protected hosts.
Prerequisites
The following prerequisites are required for Hyper-V hosts (in a non SCVMM configuration)
supported by Rubrik:
Rubrik version 4.0 or later
Hyper-V Server 2016 or later
Hyper-V host must be joined to one of the Active Directory domains that the Rubrik cluster is a
member of
Hyper-V host must be joined to one of the Active Directory domains that the Rubrik cluster is a
member of
Create a Run As Account that is a member of the Domain Admins group
Virtual machines must be Configuration 8 or later
For versions of Hyper-V that are older than Hyper-V 2016, use volume snapshots, or install the
Rubrik Backup Service on each virtual machine.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 253
Hyper-V Virtual Machines
Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI
Obtain the Rubrik Backup Service software from the Rubrik CDM web UI of the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. Click Add Windows Hosts.
The Add Windows Hosts dialog box appears.
4. In the text of the dialog box, click Rubrik Backup Service.
A browser-specific dialog box appears to enable saving the package file.
5. Save the file to a temporary location.
Next task — Install the connector software on hosts.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 254
Hyper-V Virtual Machines
Instead of running the Rubrik Backup Service as a LocalSystem account, the Rubrik Backup
Service can be configured to run as a member of the local Administrators group.
To run as a member of the local Administrators group, run the Rubrik Backup Service as a user
account that is one of the following:
Local user account that is a member of the local Administrators group
Domain user account that is a member of the local Administrators group
! IMPORTANT
When installing the Rubrik Backup Service software, the security certificate file must be
in the same folder as the Windows Installer Package.
3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package.
The Windows Installer Package installs the Rubrik Backup Service software and incorporates
the security certificate into the installation.
The Rubrik Backup Service software can also be push installed on multiple Windows hosts
using automation software, such as Puppet or Chef.
4. (Optional) Change the account used to run the Rubrik Backup Service.
Account used to run the Rubrik Backup Service on a Windows host describes the account
requirements.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 255
Hyper-V Virtual Machines
Note: The default LocalService account does not provide sufficient privileges to permit the
Rubrik Backup Service to access data on network shares.
Next task — Add the Windows hosts that are running the Rubrik Backup Software to the Rubrik
cluster.
Note: Removing the Rubrik Backup Service from a Windows host also removes the connection
between the Windows host and the Rubrik cluster. The Rubrik cluster designates any retained
snapshots as relics. Use the Snapshot Retention page to manually manage the relics, as described
in Retention Management.
1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.
3. Type appwiz.cpl, and press OK.
The Uninstall or change a program window appears.
4. Right-click Rubrik Backup Service, and click Uninstall/Change.
5. Follow the prompts to remove the application.
The uninstaller removes the Rubrik Backup Service software. The Rubrik cluster designates any
retained snapshots as relics.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 256
Hyper-V Virtual Machines
To stop managing the data on a host, delete the host from the Rubrik cluster. Deleting a host
removes that host from the Windows Hosts tab. A removed host cannot be paired with a fileset
and cannot be a target of an export. The Rubrik cluster moves the existing host filesets of the
removed host and all associated backups to the Retention Management page.
To enable Failover Clustering, use the Windows Server Manager, then select the Add Roles and
Features Wizard to add the Failover Clustering feature.
The Failover Clustering Tools include the Failover Cluster Manager snap-in, the Failover Clustering
Windows PowerShell cmdlets, the Cluster-Aware Updating (CAU) user interface and Windows
PowerShell cmdlets, and related tools.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software for non SCVMM 257
Hyper-V Virtual Machines
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 258
Hyper-V Virtual Machines
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 259
Hyper-V Virtual Machines
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 260
Hyper-V Virtual Machines
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 261
Hyper-V Virtual Machines
Rubrik CDM Version 5.0 User Guide Finding protection objects 262
Hyper-V Virtual Machines
The Rubrik CDM web UI displays the virtual machines that belong to the selected protection state.
Rubrik CDM Version 5.0 User Guide Finding protection objects 263
Hyper-V Virtual Machines
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual
machines present in the system.
3. In the tab bar, select a tab.
Select one of the following:
• VMs – Provides a virtual machines only view, with the hierarchical location of each virtual
machine displayed in the location column.
• Hosts and Clusters – Provides a list of Hyper-V hosts and Hyper-V clusters.
4. (Search Only) In the tab search field, begin typing an entity name.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
The search matches the characters entered in the search field with the same sequence of
characters anywhere in a name. Continue to type characters to narrow down the results until
the entity appears in the results.
5. (Search Only) Stop typing when the name of the entity appears on the page.
6. (Browse Only) Click the name of a top-level entity.
The Rubrik CDM web UI displays the entities within the selected entity.
7. (Browse Only) Continue clicking entity names to browse down the hierarchy to a specific entity.
Protected warning
The Rubrik CDM web UI displays the protected warning when the Rubrik cluster detects that an
SLA Domain setting is already associated with a selected virtual machine.
Rubrik CDM Version 5.0 User Guide Finding protection objects 264
Hyper-V Virtual Machines
Protection consequences
The SLA rules defined by an SLA Domain impact the protection of virtual machines in several
ways. SLA rules specify when snapshots are created, when snapshots expire, and where snapshot
data is stored.
A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an
SLA Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same
SLA Domain that created the snapshot.
Sometimes, the source virtual machine for a snapshot is assigned to another SLA Domain after the
snapshot is created. When this occurs the new SLA Domain becomes the managing SLA Domain
for the policy driven snapshot.
A policy driven snapshot can require manual management when it loses an association with the
SLA Domain.
When a reassignment occurs, the existing snapshots of the virtual machine are subject to the
retention policies of the currently assigned SLA Domain, including:
Local cluster retention period
Replication retention period
Maximum retention period
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide Local host page 267
Hyper-V Virtual Machines
Action bar
For the selected local virtual machine, the action bar provides the actions described in Table 43.
Table 43 Actions available from the action bar
Action Description
Take On Demand Snapshot Adds an on-demand snapshot of the virtual machine to the task queue.
Note: Backup Window settings defined for the SLA Domain of the virtual
machine do not apply to on-demand snapshots. Only the maximum
retention and remote configuration settings of the associated SLA Domain
apply to on-demand snapshots.
Manage Protection Opens the Manage Protection page where the virtual machine can be
assigned to an SLA Domain for protection.
When the virtual machine is already assigned to an SLA Domain, a warning
appears. Click Continue to open the Manage Protection page. Click Cancel
to return to the local host page.
Overview card
The Overview card provides the information that is described in Table 44.
Table 44 Information available on the Overview card (page 1 of 2)
Field Description
SCVMM If SCVMM is part of the cluster, the IP address of the SCVMM Server.
Cluster If the Hyper-V Server is part of a cluster, the IP address of the Hyper-V Server that
manages the virtual machine.
Host IP address of the hypervisor that hosts the virtual machine.
SLA Domain Name of the SLA Domain that manages the protection of the selected virtual
machine.
Live Mounts Number of live mounts for snapshots associated with the selected virtual machine.
Oldest Snapshot Timestamp for the oldest snapshot associated with the selected virtual machine.
When the SLA Domain has an active archival policy, the oldest snapshot resides at
the archival location.
Latest Snapshot Timestamp for the most recent successful snapshot of the selected virtual machine.
Total Snapshots Total number of retained snapshots for the selected virtual machine, including both
the local Rubrik cluster and any archival location.
Rubrik CDM Version 5.0 User Guide Local host page 268
Hyper-V Virtual Machines
Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the
snapshots that reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views.
Each view uses color spots to indicate the presence of snapshots on a date and to indicate the
status of SLA Domain compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the
virtual machine.
Table 45 lists the colors that the Snapshots card uses and describes the status that each color
represents.
Table 45 Status colors used on the calendar views
Color Status
Green All snapshots required by SLA Domain policy were successfully created.
Orange All snapshots required by SLA Domain policy were successfully created but at least one
snapshot caused a warning.
Red At least one snapshot required by SLA Domain policy was not successfully created.
Rubrik CDM Version 5.0 User Guide Local host page 269
Hyper-V Virtual Machines
The following icon indicates a snapshot that resides locally and at an archival location.
The following icon indicates a replica of the snapshot was sent to the target Rubrik cluster.
Status The following icon indicates a warning for the snapshot entry. Hover over the icon to see
additional information.
The following icon indicates the policy driven snapshot represented by the entry was not
completed successfully.
Rubrik CDM Version 5.0 User Guide Local host page 270
Hyper-V Virtual Machines
The ellipsis menu provides the actions described in Table 48 for snapshots that reside on the local
Rubrik cluster.
Table 48 Actions available for snapshots on the local Rubrik cluster
Command Description
Search by File Use the predictive search field to find file by typing the name.
Name
Mount Use the snapshot to create and mount a new virtual machine on a hypervisor host.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows: name of
source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The local Rubrik cluster is the datastore for the new virtual machine.
Instantly Recover Restore a virtual machine into the production environment by using the selected
snapshot.
The new virtual machine is given the same name as the source virtual machine and is
powered on and connected to the network. The source virtual machine is powered off
and renamed.
The local Rubrik cluster serves as the datastore for the new virtual machine.
Export Use the snapshot to create and mount on an hypervisor host a new virtual machine,
that is a copy of the local virtual machine.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows: name of
source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The hypervisor host is the datastore for the new virtual machine.
Browse Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Restoring files or folders by download from notification message describes how to
download a file or folder.
Delete Delete the selected snapshot.
This command only appears for snapshots that are not created based on an SLA
Domain policy, such as:
• On-demand snapshots
• Retrieved snapshots
• Snapshots for an unprotected virtual machine
Rubrik CDM Version 5.0 User Guide Local host page 271
Hyper-V Virtual Machines
For snapshots that reside on an archival location, the ellipsis menu provides the actions described
in Table 49.
Table 49 Actions available for snapshots that reside on an archival location
Command Description
Download Transfer a copy of the selected snapshot to the local Rubrik cluster so that it is available
for additional local actions. The local Rubrik cluster provides a notification when the
download is completed.
Browse Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Restoring files or folders by download from notification message describes how to
download a file or folder.
! IMPORTANT
For best performance, use a 10 Gigabit Ethernet connection between the Rubrik cluster and
the Hyper-V environment. Also, for replication, provide a 10 Gigabit Ethernet connection
between the source Rubrik cluster and the target Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 272
Hyper-V Virtual Machines
The Rubrik cluster uses a distributed job scheduler. The distributed job scheduler permits the
Rubrik cluster to schedule jobs to run on any node and on multiple nodes, as needed.
Since the distributed job scheduler can seamlessly schedule jobs on all available nodes and across
multiple nodes, adding nodes to a Rubrik cluster further increases ingestion and processing
efficiency.
Back up processes
A Rubrik cluster backs up a virtual machine by using VSS to create a snapshot of the virtual
machine.
When a Rubrik cluster begins protecting a virtual machine, the Rubrik cluster starts by creating a
first full snapshot of the virtual machine. This first full snapshot is a complete backup of the virtual
machine.
After the first full snapshot, the Rubrik cluster continues protection of the virtual machine by
creating incremental snapshots based on the change information provided by Resilient Change
Tracking (RCT). The Rubrik cluster creates each incremental snapshot very quickly because the
snapshot only includes the data blocks that have changed since the last snapshot.
The Hyper-V environment transmits the snapshot data to the Rubrik cluster using the SMB
protocol.
Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines
the period in a day when the Rubrik cluster can initiate policy-driven snapshots of the virtual
machines that the SLA Domain protects.
When using the snapshot window policy, the specified window must be long enough to
accommodate the number of virtual machines that are assigned to the SLA Domain. Monitor the
snapshot activity of the SLA Domain to ensure that all policy-driven snapshots are successfully
completed. When necessary, lengthen the period to permit all snapshots to be completed
successfully.
Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 273
Hyper-V Virtual Machines
Protection exceptions
The Rubrik cluster cannot protect data that exists on any of the following:
Failover clustering feature should always be installed on the host, even if it is a standalone
host. This is required because the WMI API for taking backups with RCT is tightly coupled with
this feature. The snapshots will fail if this feature is not enabled.
Live mounted VMs will be discovered by Rubrik, but they cannot be backed up.
For security reasons, the SMB share exposed for Live Mounts is only accessible to one host, the
host where the snapshot is being mounted. For live migration, the mounted virtual machine
can only reside on the storage which is accessible to that Host.
Application consistency
The Rubrik cluster supports application consistent snapshots for a variety of guest OS types and
application types.
The Rubrik cluster supports application consistent snapshot for applications such as Microsoft
Exchange Server, Microsoft SQL Server, Microsoft Active Directory, Microsoft SharePoint, and
Oracle Database (RDBMS) running on certain versions of Windows Sever guest OS.
! IMPORTANT
The Rubrik cluster does not support restore of an application consistent snapshot into an
availability group. Cluster consistency for the availability group cannot be ensured in this
situation and problems may occur.
Linux guest OS
A Rubrik cluster provides file system consistent snapshots on supported Linux guest OS types.
On-demand snapshots
In addition to policy-based snapshots, create virtual machine snapshots by using the on-demand
snapshot process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically,
according to the SLA rules of the associated SLA Domain.
Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 274
Hyper-V Virtual Machines
Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines
can be created by using the on-demand snapshot process.
Archival snapshots
Archival snapshots provide long term storage of snapshot data outside of the local Rubrik cluster.
Retention
The retention period assigned to the archival snapshot by the associated SLA Domain determines
the expiration of an archival snapshot. After the expiration of the retention period, the Rubrik
cluster marks the archival snapshot as expired and moves the snapshot data to garbage collection.
To ensure that existing snapshots are always fully functional, the Rubrik cluster combines any
required data from expired incremental snapshots into the chain of existing incremental
snapshots. This permits each retained archival snapshot to be mounted as a fully functional virtual
machine.
Rubrik CDM Version 5.0 User Guide Recovery and restore of virtual machine data 276
Hyper-V Virtual Machines
a. The name of the recovered virtual machine is constructed as follows: name of source virtual machine + time-
stamp of snapshot + incremented integer. For example, the first mount of the snapshot of the virtual machine
“NitroN1” that was created at “08-04 06:48” is named “NitroN1 08-04 06:48 1”.
The recovery actions that the Rubrik cluster provides depend on the data protection object being
used. Table 51 lists the available recovery actions for each type of data protection object.
Table 51 Recovery actions available for data protection objects
Object Available recovery actions
Local snapshot Initiated from the local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export
Replica Initiated from the target Rubrik cluster:
• Live Mount
• Export
Archival snapshot Initiated from the local Rubrik cluster, after the archival snapshot is downloaded to
the local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 277
Hyper-V Virtual Machines
Skip step 5 and step 6, except when recovering a virtual machine from an archival snapshot.
5. (Recovering archival snapshot only) Open the ellipsis menu for the snapshot.
6. (Recovering archival snapshot only) On the ellipsis menu, click Download.
The Rubrik cluster retrieves the archival snapshot. Status of the retrieval appears on the
Activity Log. Activity Log describes activity notifications.
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot.
Manually delete a downloaded archival snapshot that is no longer required on local storage.
7. Perform one of the available recovery actions on the selected snapshot or restore files and
folders from the selected snapshot.
Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before
applying a recovery action.
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the
Remote VM Details page when the name of the source virtual machine is known.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 278
Hyper-V Virtual Machines
Live migration
After a recovery, the recovered virtual machine can be live migrated.
After live migration of a virtual machine that was recovered by the Instant Recovery or Live Mount
actions, the Rubrik cluster maintains metadata for the recovered virtual machine that should be
removed.
Delete the metadata for the recovered virtual machine through the Live Mounts page of the Rubrik
CDM web UI by using the Force Delete option, as described in Removing a virtual machine entry
after live migration.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 279
Hyper-V Virtual Machines
The Rubrik cluster powers down the source virtual machine and renames it. Then the Rubrik
cluster mounts the snapshot on the selected Hyper-V host with the name of source virtual
machine, connects the recovered virtual machine to the network, and powers up the virtual
machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also
records the final result of the task in the Activity Log. The Rubrik cluster lists the recovered virtual
machine on the Live Mounts page of the Rubrik CDM web UI.
Optionally, move the recovered virtual machine back to the cluster. Use Hyper-V Manager to move
the instantly recovered virtual machine to any host in the cluster except the host of the source
virtual machine. Once moved, re-add the virtual machine to the cluster, using the Failover Cluster
Manager, which returns the virtual machine to its original state. The instantly recovered virtual
machine derives protection from parent objects. When the recovered virtual machine does not
obtain protection from any parent objects, add it to an SLA Domain. To protect it using the same
SLA rules and policies as the source virtual machine, add the recovered virtual machine to the
original SLA Domain. Alternatively, add the recovered virtual machine to another SLA Domain.By
default Instant Recover uses dynamic virtual disks, even if the original disk was a fixed virtual disk.
During storage migration, the disk can be reconfigured as a fixed virtual disk if this is preferred.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 280
Hyper-V Virtual Machines
The Rubrik cluster mounts the snapshot on the selected Hyper-V host with a new name and
powers up the virtual machine. During the process, messages about the status appear in the
Activity Log. The Rubrik cluster records the final result of the task in the Activity Log.
Note: The Rubrik cluster sets the protection state of the Live Mount recovered virtual machine to
Do Not Protect. To protect the new virtual machine, add it to an SLA Domain, or remove the
individual assignment of Do Not Protect to permit it to inherit protection.
Performing an Export
An Export creates a new virtual machine from a point-in-time copy of the source virtual machine.
The datastore of the selected Hyper-V host is the datastore for the recovered virtual machine.
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The
Rubrik cluster does not connect the recovered virtual machine to a network. The Rubrik cluster
sets the protection state of the new virtual machine to Do Not Protect.
1. Select a snapshot, an archival snapshot, or a replica.
Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Export.
The Export Snapshot dialog box appears.
4. In Choose an Hyper-V Host, select an Hyper-V host for the virtual machine.
A list of the datastores that are associated with the select Hyper-V host appears.
5. In Choose a Datastore, select a datastore.
6. (Optional) Select Remove virtual network devices.
Select this option when networking changes or issues prevent the virtual machine from
starting.
7. Click Export.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 281
Hyper-V Virtual Machines
The Rubrik cluster creates a new virtual machine from the snapshot on the selected Hyper-V host,
transfers the virtual machine files to the datastore, and powers up the recovered virtual machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also
records the final result of the task in the Activity Log.
The Rubrik cluster initially sets the protection state of the exported virtual machine to Do Not
Protect. To protect the new virtual machine, add it to an SLA Domain, or remove the individual
assignment of Do Not Protect to permit it to inherit protection.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 282
Hyper-V Virtual Machines
The confirmation message includes the option Remove local entry even if Rubrik cannot
confirm Hyper-V configuration. Enable this option to remove a stale entry for a recovered
virtual machine that was live migrated, as described in Removing a virtual machine entry after
live migration. Otherwise, the option is not required.
6. Click Unmount.
The Rubrik cluster removes the selected virtual machine from the Hyper-v host (or cluster) and
deletes the recovered virtual machine files from the Rubrik cluster datastore. This action does
not remove data protection objects.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster
also records the final result of the task in the Activity Log.
7. (After all live mounts are removed) Detach the Rubrik cluster datastore devices from the
associated Hyper-V host (or cluster).
The Rubrik cluster names the datastore devices using the following format:
<IP_NODE>_sdmount
where <IP_NODE> is the IPv4 address of one of the nodes of the Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 283
Hyper-V Virtual Machines
The Rubrik cluster removes the metadata associated with the selected virtual machine and
removes the entry for the virtual machine from the Live Mounts page. This action does not remove
data protection objects and does not unmount the recovered and migrated virtual machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also
records the final result of the task in the Activity Log.
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 284
Hyper-V Virtual Machines
Note: The Rubrik cluster must download an archival snapshot before it can be browsed.
Searching by name for a file or folder on an archival snapshot does not require that the archival
snapshot be downloaded first.
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 285
Hyper-V Virtual Machines
To successfully restore directly to the source file system the Rubrik cluster must be provided the
following information:
Resolvable hostname or IP address of the authentication server
Username of an account with Administrator privileges for the target
Password for the account
When the Rubrik cluster has previously accepted the service credentials of a guest operating
system, the restore job does not require additional credential information. This feature requires
that the Rubrik cluster has successfully used the service credentials for at least one backup prior to
the restore task. Otherwise, the credentials can be provided through the Restore File dialog during
the restore task.
Guest OS settings describes how to provide service credentials for a guest operating system.
Note: When the Rubrik cluster has previously accepted the service credentials of the host, the
credential fields do not appear.
4. (If available) (Windows only) In Domain, type the resolvable hostname or IP address of the
authentication server for the credential.
When the Windows guest OS performs Workstation Authentication of credentials instead of
Domain Authentication, leave the Domain field For a Linux guest, leave the Domain field
empty.
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 286
Hyper-V Virtual Machines
5. (If available) In Username, type a guest OS username for an account with sufficient privileges
on the host.
For a Windows guest, the account must have administrator privileges on the guest.
For a Linux guest, the account must have Write permission for the restore location.
6. (If available) In Password, type the password for the account.
7. Select one of the restore methods.
• Select Overwrite original to restore the selected file or folder to the original path. This
choice overwrites the existing file or folder.
• Select Restore to separate folder to restore the file or folder to another location.
8. (Restore to separate folder only) In Folder Path, type the full path of the restore location.
Note: Do not type the original path of the source file or folder. When Restore to separate
folder is selected, the object cannot be restored to a folder that contains an object of the
same name.
Use the correct path delimiter for the guest operating system.
For Windows use a back slash. For example:
C:\Users\jsmith\work
For Linux use a forward slash. For example:
/home/jsmith/work
9. (If available) (Optional) Select Store as service credential for all VMs.
When this setting is selected, the Rubrik cluster stores the credential. The stored credential can
be managed through the Service Credentials page, as described in Guest OS settings.
10.Click Restore.
The Rubrik cluster restores the file or folder to the specified location.
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 287
Hyper-V Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 288
Hyper-V Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 289
Hyper-V Virtual Machines
To download files and folders to a specified location, change the default Chrome Download
setting.
1. In Chrome, click the customize icon.
The Chrome menu appears.
2. On the menu, click Settings.
The Chrome Settings page appears.
3. Click Show Advanced Settings.
Additional settings appear on the Settings page.
4. In the Downloads section, enable Ask where to save each file before downloading.
Chrome applies the new setting and opens a Save As dialog for selecting a download location
when a file is downloaded.
Unmanaged data
Manage file system data that is not subject to a retention policy through the Snapshot Retention
page of the Rubrik CDM web UI.
The Rubrik cluster views backups and snapshots that do not have a retention policy as
unmanaged snapshots. Unmanaged snapshots can be managed through the Snapshot Retention
page of the Rubrik CDM web UI.
Retention Management describes the Snapshot Retention page and how to perform tasks with
unmanaged snapshots.
This chapter describes how to protect and manage data from Nutanix AHV virtual machines.
Overview ............................................................................................................... 292
Nutanix cluster management ................................................................................... 293
Prerequisites .......................................................................................................... 293
Nutanix limitations .................................................................................................. 294
Configuring Nutanix support .................................................................................... 294
Installing the Rubrik Backup Service......................................................................... 295
Virtual machine protection....................................................................................... 299
SLA Domain assignment.......................................................................................... 300
Finding protection objects ....................................................................................... 304
Protection consequences ......................................................................................... 307
Local host page ...................................................................................................... 309
Virtual machine snapshots....................................................................................... 313
Archival snapshots .................................................................................................. 318
Recovery and restore of virtual machine data ........................................................... 318
Recovery of virtual machines ................................................................................... 319
Recovery of folders and files.................................................................................... 321
Unmanaged data .................................................................................................... 327
Rubrik CDM Version 5.0 User Guide AHV Virtual Machines 291
AHV Virtual Machines
Overview
Acropolis (AHV) is a developed by Nutanix on top of KVM that can run on a Nutanix cluster.
Rubrik capitalizes on enhancements to Acropolis Block Services (ABS), such as
Challenge-Handshake Authentication Protocol (CHAP) support for connecting to iSCSI targets for
data ingest.
Additionally, the new REST 3.0 API is utilized to interact with Nutanix Changed Region Tracking
(CRT) to query the changed metadata regions given any two snapshots of a virtual disk or virtual
machine. This approach is valuable for taking incremental backups and even useful while taking
full backups because the API identifies regions that are zeroed, therefore saving on read
operations. This integration also leverages Nutanix VSS snapshots with Nutanix Guest Tools to
quiesce virtual machines as a part of the snapshot.
A Rubrik cluster provides data management and protection for virtual machines that are deployed
in an AHV environment. The Rubrik cluster can manage and protect virtual machines in an
environment with multiple Nutanix clusters and virtual machines.
SLA policies can be applied anywhere in the hierarchy stack: the cluster or virtual machine levels.
The Rubrik cluster provides a variety of methods to recover virtual machines and to restore
protected data. Recover virtual machines and restore data by using snapshots, replicas, and
archival snapshots.
An overview of Rubrik’s support of AHV is as follows:
Automated protection and restore workflow
Policy driven protection and retention operations
Virtual machine granular backup and restore
Auto-protect newly discovered virtual machines
Export and recover virtual machines
File browse and download
Securely replicate or archive to other sites
Rubrik Core Capabilities – global search, erasure coding, reporting
Scale as you need
Rubrik is uses iSCSI with CHAP for data ingest and export from Nutanix
Prerequisites
In order for Rubrik CDM to support Nutanix, there are prerequisite requirements.
Rubrik version 4.0 or later
AHV based environment listed in the Rubrik Compatibility Matrix
Nutanix REST API version 3.0 or later
IP configured for iSCSI Data Services
Permissions within Nutanix for the Rubrik cluster to create and delete volume group, copy
container, create virtual machine, and create and delete snapshot
TLS/SSL public key certificate has been generated for the Nutanix Cluster
Highly available IP for Prism
Obtain the Nutanix Cluster IP address of FQDN
Obtain the Nutanix Cluster UUID
Have a Nutanix Cluster account with administrative privileges with v3 API permissions. There
are two options that can be used.
• The Built-in Nutanix Prism admin account (specify lowercase)
• Use Active Directory. This requires that the Nutanix Cluster is linked to Active Directory. Map
the Active Directory account to the Cluster Admin role. Through the Prism self-service
portal, assign SSP administrator privileges to the user.
Have a Rubrik account with administrative privileges
Rubrik CDM Version 5.0 User Guide Nutanix cluster management 293
AHV Virtual Machines
Have access to the public key certificate for the Nutanix Cluster
To determine the public key certificate use the following command:
openssl s_client -connect <IP>:<port> -tls1_2
where <IP> is the IP address of the Nutanix cluster and <port> is the web port of the Nutanix
cluster.
Nutanix limitations
There are Nutanix limitations that impact Rubrik backup and restore functionality.
Table 52 describes the Nutanix limitations.
Table 52 Nutanix limitations
Limitation Description
Export of Nutanix backups If a Nutanix virtual machine has a bus type other than
are only supported on SCSI SCSI (for example SATA or IDE), the virtual machine is
bus types always exported with a SCSI bus type.
If the export is restored to a virtual machine that does not
have a SCSI bus type, the virtual machine might fail to
boot after a restore operation.
Export of Nutanix backups do If a Nutanix virtual machine has a bus type other than
not support CD-ROMs SCSI (for example SATA or IDE), the virtual machine is
always exported with a SCSI bus type.
If the export is restored to a virtual machine that does not
have a SCSI bus type, the virtual machine might fail to
boot after a restore operation.
4. In the Nutanix Cluster field specify the Nutanix Cluster IP address or FQDN.
5. In the Cluster UUID field specify the UUID assigned to the Nutanix Cluster.
6. In the Username field specify a username that has administrative rights to the Nutanix
Cluster.
7. In the Password field specify the username password.
8. In the CA Certificate field specify CA certificate for the Nutanix Cluster.
9. Click Add.
The Rubrik cluster checks connectivity with the specified Nutanix Cluster and adds the Nutanix
Cluster.
Rubrik CDM Version 5.0 User Guide Installing the Rubrik Backup Service 295
AHV Virtual Machines
! IMPORTANT
The RBS software can only be used with the Rubrik cluster from which the software is
obtained. Each Rubrik cluster generates a copy of the RBS software that includes
authentication information specific to that Rubrik cluster. This method ensures that the
Rubrik cluster and a hosted deployment of the RBS can reliably authenticate each other.
Rubrik CDM Version 5.0 User Guide Installing the Rubrik Backup Service 296
AHV Virtual Machines
Instead of running the RBS as a LocalSystem account, the RBS can be configured to run as a
member of the local Administrators group.
To run as a member of the local Administrators group, run the RBS as a user account that is one of
the following:
Local user account that is a member of the local Administrators group
Domain user account that is a member of the local Administrators group
! IMPORTANT
When installing the RBS software, the security certificate file must be in the same folder
as the Windows Installer Package.
3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package.
The Windows Installer Package installs the RBS software and incorporates the security
certificate into the installation.
The RBS software can also be push installed on multiple Windows hosts using automation
software, such as Puppet or Chef.
4. (Optional) Change the account used to run the RBS.
Account used to run the RBS on a Windows host describes the account requirements.
Note: The default LocalService account does not provide sufficient privileges to permit the RBS
to access data on network shares.
Next task — Register the Windows guests that are running the Rubrik Backup Software with the
Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Installing the Rubrik Backup Service 297
AHV Virtual Machines
Registering a guest
After installing the RBS on a guest OS, register the guest with the Rubrik cluster. Registering the
guest allows the Rubrik cluster to manage data on the guest.
Before you begin — Install the RBS software on the guest OS.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The All VMs page appears, with the VMs tab selected.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Register Rubrik Backup Service.
The Register Rubrik Backup Service modal appears.
4. Click Register.
The Rubrik cluster establishes an authenticated secure connection with the RBS running on the
guest.
Note: Removing the RBS from a Windows guest also removes the connection between the
Windows guest and the Rubrik cluster. The Rubrik cluster designates any retained snapshots as
relics. Use the Snapshot Retention page to manually manage the relics, as described in Retention
Management.
1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.
3. Type appwiz.cpl, and press OK.
The Uninstall or change a program window appears.
4. Right-click Rubrik Backup Service, and click Uninstall/Change.
5. Follow the prompts to remove the application.
The uninstaller removes the RBS software. The Rubrik cluster designates any retained snapshots
as relics.
Rubrik CDM Version 5.0 User Guide Installing the Rubrik Backup Service 298
AHV Virtual Machines
Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA
Domain assigned to a parent object.
The automatic protection mechanism simplifies assigning protection to large numbers of virtual
machines and provides an easy method to uniformly assign specific SLA Domains to groups of
functionally similar virtual machines.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
During SLA Domain assignment, the Rubrik cluster displays the objects that have individual
assignments which conflict with the new assignment. For each conflicting object, the Rubrik
cluster permits an administrator to choose to retain the individual setting or apply the new setting.
Rubrik CDM Version 5.0 User Guide Virtual machine protection 299
AHV Virtual Machines
Displaying unprotected virtual machines from the Dashboard describes how to use the Rubrik CDM
web UI to view all virtual machines that do not have the protection of an SLA Domain.
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 300
AHV Virtual Machines
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 301
AHV Virtual Machines
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 302
AHV Virtual Machines
Table 54 Options available through the Manage Protection dialog box (page 2 of 2)
Field Action Description
Do Not Protect Select to assign Individually assigns the Do Not Protect setting to each of
the selected objects.The automatic protection rules
determine whether objects that are contained by a
selected object inherit the Do Not Protect setting.
The Rubrik cluster does not create policy driven
snapshots for a virtual machine that is individually set to
Do Not Protect or that inherits the Do Not Protect setting.
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 303
AHV Virtual Machines
Rubrik CDM Version 5.0 User Guide Finding protection objects 304
AHV Virtual Machines
Rubrik CDM Version 5.0 User Guide Finding protection objects 305
AHV Virtual Machines
Protected warning
The Rubrik CDM web UI displays the protected warning when the Rubrik cluster detects that an
SLA Domain setting is already associated with a selected virtual machine.
The protected warning is “These VM(s) are already protected”.
Rubrik CDM Version 5.0 User Guide Finding protection objects 306
AHV Virtual Machines
Protection consequences
The SLA rules defined by an SLA Domain impact the protection of virtual machines in several
ways. SLA rules specify when snapshots are created, when snapshots expire, and where snapshot
data is stored.
A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an
SLA Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same
SLA Domain that created the snapshot.
Sometimes, the source virtual machine for a snapshot is assigned to another SLA Domain after the
snapshot is created. When this occurs the new SLA Domain becomes the managing SLA Domain
for the policy driven snapshot.
A policy driven snapshot can require manual management when it loses an association with the
SLA Domain.
Action bar
For the selected local virtual machine, the action bar provides the actions described in Table 56.
Table 56 Actions available from the action bar
Action Description
Take On Demand Snapshot Adds an on-demand snapshot of the virtual machine to the task queue.
Note: Backup Window settings defined for the SLA Domain of the
virtual machine do not apply to on-demand snapshots. Only the
maximum retention and remote configuration settings of the associated
SLA Domain apply to on-demand snapshots.
Manage Protection Opens the Manage Protection page where the virtual machine can be
assigned to an SLA Domain for protection.
When the virtual machine is already assigned to an SLA Domain, a
warning appears. Click Continue to open the Manage Protection page.
Click Cancel to return to the local host page.
Rubrik CDM Version 5.0 User Guide Local host page 309
AHV Virtual Machines
Overview card
The Overview card provides the information that is described in Table 57.
Table 57 Information available on the Overview card
Field Description
Cluster The Nutanix cluster that manages the virtual machines.
SLA Domain Name of the SLA Domain that manages the protection of the selected virtual
machine.
Oldest Snapshot Timestamp for the oldest snapshot associated with the selected virtual machine.
When the SLA Domain has an active archival policy, the oldest snapshot resides at
the archival location.
Latest Snapshot Timestamp for the most recent successful snapshot of the selected virtual machine.
Total Snapshots Total number of retained snapshots for the selected virtual machine, including both
the local Rubrik cluster and any archival location.
Missed Snapshots Number of policy-driven snapshots that did not complete successfully. A missed
snapshot is included in the count until the period since the SLA Domain policy
required the snapshot exceeds the retention period of the SLA Domain.
Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the
snapshots that reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views.
Each view uses color spots to indicate the presence of snapshots on a date and to indicate the
status of SLA Domain compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the
virtual machine.
Table 58 lists the colors that the Snapshots card uses and describes the status that each color
represents.
Table 58 Status colors used on the calendar views
Color Status
Green All snapshots required by SLA Domain policy were successfully created.
Orange All snapshots required by SLA Domain policy were successfully created but at least
one snapshot caused a warning.
Red At least one snapshot required by SLA Domain policy was not successfully created.
Rubrik CDM Version 5.0 User Guide Local host page 310
AHV Virtual Machines
Rubrik CDM Version 5.0 User Guide Local host page 311
AHV Virtual Machines
The following icon indicates a snapshot that resides locally and at an archival location.
The following icon indicates a replica of the snapshot was sent to the target Rubrik cluster.
Status The following icon indicates a warning for the snapshot entry. Hover over the icon to see
additional information.
The following icon indicates the policy driven snapshot represented by the entry was not
completed successfully.
Rubrik CDM Version 5.0 User Guide Local host page 312
AHV Virtual Machines
Table 61 Actions available for snapshots that reside on the local Rubrik cluster
Command Description
Export Use the snapshot to create and mount on AHV host for a new virtual machine, that is a
copy of the local virtual machine.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows: name of
source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The AHV host is the datastore for the new virtual machine.
Browse Open a file browser view on the selected snapshot.
Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 313
AHV Virtual Machines
The period a virtual machine is quiescent, is very brief, just long enough to create a snapshot. The
virtual machine does not remain quiescent during the processing and ingestion of the snapshot
data.
! IMPORTANT
For best performance, use a 10 Gigabit Ethernet connection between the Rubrik cluster and
the Nutanix environment. Also, for replication, provide a 10 Gigabit Ethernet connection
between the source Rubrik cluster and the target Rubrik cluster.
The Rubrik cluster uses a distributed job scheduler. The distributed job scheduler permits the
Rubrik cluster to schedule jobs to run on any node and on multiple nodes, as needed.
Since the distributed job scheduler can seamlessly schedule jobs on all available nodes and across
multiple nodes, adding nodes to a Rubrik cluster further increases ingestion and processing
efficiency.
Back up processes
A Rubrik cluster backs up a virtual machine by creating a snapshot of the virtual machine.
When a Rubrik cluster begins protecting a virtual machine, the Rubrik cluster starts by creating a
first full snapshot of the virtual machine. This first full snapshot is a complete backup of the virtual
machine.
After the first full snapshot, the Rubrik cluster continues protection of the virtual machine by
creating incremental snapshots based on the change information provided by Changed Block
Tracking (CBT). The Rubrik cluster creates each incremental snapshot very quickly because the
snapshot only includes the data blocks that have changed since the last snapshot.
The Nutanix environment transmits the snapshot data to the Rubrik cluster using iSCSI with CHAP
for authentication.
Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 314
AHV Virtual Machines
Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines
the period in a day when the Rubrik cluster can initiate policy-driven snapshots of the virtual
machines that the SLA Domain protects.
When using the snapshot window policy, the specified window must be long enough to
accommodate the number of virtual machines that are assigned to the SLA Domain. Monitor the
snapshot activity of the SLA Domain to ensure that all policy-driven snapshots are successfully
completed. When necessary, lengthen the period to permit all snapshots to be completed
successfully.
Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 315
AHV Virtual Machines
Application consistency
Nutanix application consistent snapshots are supported.
The following configuration is required for application consistent snapshots:
Nutanix Guest Tools must be installed on the target virtual machine.
If the target virtual machine uses a Linux operating system, pre-freeze and post-thaw scripts
must be configured.
In the Rubrik CDM web UI, confirm snapshot consistency is configured as Automatic (default
setting).
VSS Consistency
Nutanix VSS consistent snapshots are supported.
The following configuration is required for VSS consistent snapshots:
Nutanix Guest Tools must be installed on the target virtual machine.
RBS must be installed and registered on the Nutanix guest.
In the Rubrik CDM web UI, confirm snapshot consistency is configured as Automatic (default
setting).
Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 316
AHV Virtual Machines
On-demand snapshots
In addition to policy-based snapshots, create virtual machine snapshots by using the on-demand
snapshot process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically,
according to the SLA rules of the associated SLA Domain.
Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines
can be created by using the on-demand snapshot process.
Rubrik CDM Version 5.0 User Guide Virtual machine snapshots 317
AHV Virtual Machines
Archival snapshots
Archival snapshots provide long term storage of snapshot data outside of the local Rubrik cluster.
Retention
The retention period assigned to the archival snapshot by the associated SLA Domain determines
the expiration of an archival snapshot. After the expiration of the retention period, the Rubrik
cluster marks the archival snapshot as expired and moves the snapshot data to garbage collection.
To ensure that existing snapshots are always fully functional, the Rubrik cluster combines any
required data from expired incremental snapshots into the chain of existing incremental
snapshots. This permits each retained archival snapshot to be mounted as a fully functional virtual
machine.
Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the local
host page when the name of the source virtual machine is known.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
To work with data from an unmanaged virtual machine on the Unmanaged Objects page, On
the left-side menu, click Unmanaged Objects. Then, continue with the following steps from
the Unmanaged Objects page instead of the Virtual Machines page.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
Local host page provides information about the Snapshots card and navigating to a snapshot.
Skip step 4 and step 5, except when recovering a virtual machine from an archival snapshot.
4. (Recovering archival snapshot only) Open the ellipsis menu for the snapshot.
5. (Recovering archival snapshot only) On the ellipsis menu, click Download.
The Rubrik cluster retrieves the archival snapshot. Status of the retrieval appears on the
Activity Log. Activity Log describes activity notifications.
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot.
Manually delete a downloaded archival snapshot that is no longer required on local storage.
6. Perform the recovery action on the selected snapshot or restore files and folders from the
selected snapshot.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 319
AHV Virtual Machines
Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before
applying a recovery action.
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the
Remote VM Details page when the name of the source virtual machine is known.
2. On the left-side menu of the Rubrik CDM web UI, click SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. Select a remote SLA Domain.
The page for the selected SLA Domain appears.
4. In the Virtual Machines section of the remote SLA Domain’s page, click the name of a virtual
machine.
The Remote VM Details page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a replica.
Snapshots card or Recovery Points card provides information about the Snapshots card and
navigating to a replica.
6. Perform one of the available recovery actions on the selected replica or restore files and folders
from the selected replica.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 320
AHV Virtual Machines
Performing an Export
An Export creates a new virtual machine from a point-in-time copy of the source virtual machine.
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The
Rubrik cluster does not connect the recovered virtual machine to a network. The Rubrik cluster
sets the protection state of the new virtual machine to Do Not Protect.
1. Select a snapshot, an archival snapshot, or a replica.
Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Export.
The Export Snapshot dialog box appears.
4. A list of the containers that are associated with the selected Nutanix Cluster appears, select an
Nutanix Cluster for the virtual machine.
A list of the datastores that are associated with the select Nutanix host appears.
5. Power on the virtual machine.
6. Click Export.
The Rubrik cluster creates a new virtual machine from the snapshot on the selected Nutanix
cluster, transfers the virtual machine files to the datastore, and powers up the recovered virtual
machine. During the process, messages about the status appear in the Activity Log. The Rubrik
cluster also records the final result of the task in the Activity Log.
The Rubrik cluster initially sets the protection state of the exported virtual machine to Do Not
Protect. To protect the new virtual machine, add it to an SLA Domain, or remove the individual
assignment of Do Not Protect to permit it to inherit protection.
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 321
AHV Virtual Machines
Note: The Rubrik cluster must download an archival snapshot before it can be browsed.
Searching by name for a file or folder on an archival snapshot does not require that the archival
snapshot be downloaded first.
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 322
AHV Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 323
AHV Virtual Machines
5. (Restore to separate folder only) In Folder Path, type the full path of the restore location.
Note: Do not type the original path of the source file or folder. When Restore to separate
folder is selected, the object cannot be restored to a folder that contains an object of the
same name.
Use the correct path delimiter for the guest operating system.
For Windows use a back slash. For example:
C:\Users\jsmith\work
For Linux use a forward slash. For example:
/home/jsmith/work
6. (If available) (Optional) Select Store as service credential for all VMs.
When this setting is selected, the Rubrik cluster stores the credential. The stored credential can
be managed through the Service Credentials page, as described in Guest OS settings.
7. Click Restore.
The Rubrik cluster restores the file or folder to the specified location.
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 324
AHV Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 325
AHV Virtual Machines
5. On the messages card, select the ‘Link ready for download’ message.
Use the Recovery filter type to filter for this type of message.
The Activity Detail dialog box appears.
6. Click the download icon.
The Save As dialog box appears in the web browser.
7. Select a download location for the file, and click Save.
Configuring Chrome to ask for download location describes how to enable user-selectable
download locations in Chrome.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
8. (Folder only) Extract the folder using a ZIP utility.
Rubrik CDM Version 5.0 User Guide Recovery of folders and files 326
AHV Virtual Machines
Unmanaged data
Manage file system data that is not subject to a retention policy through the Snapshot Retention
page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as
unmanaged snapshot objects. Unmanaged snapshot objects can be managed through the
Snapshot Retention page of the Rubrik CDM web UI.
Retention Management describes the Snapshot Retention page and how to perform tasks with
unmanaged snapshot objects.
This chapter describes how to protect and manage data from VMware vSphere virtual machines.
Overview ............................................................................................................... 329
Virtual machine protection....................................................................................... 329
Manage vCenters .................................................................................................... 332
SLA Domain assignment.......................................................................................... 335
Virtual machine scripts ............................................................................................ 341
Storage array integration......................................................................................... 343
Exclude VMDK files ................................................................................................. 345
Finding protection objects ....................................................................................... 346
Protection consequences ......................................................................................... 350
Local host page ...................................................................................................... 353
Snapshots .............................................................................................................. 359
Linux guest ............................................................................................................ 363
Windows guest ....................................................................................................... 364
On-demand snapshots ............................................................................................ 370
Recovering and restoring virtual machine data .......................................................... 371
Recovery of virtual machines ................................................................................... 371
File and folder restore ............................................................................................. 383
Unmanaged data .................................................................................................... 389
Rubrik CDM Version 5.0 User Guide vSphere Virtual Machines 328
vSphere Virtual Machines
Overview
A Rubrik cluster provides data management and protection for virtual machines that are deployed
in a VMware vSphere environment. The Rubrik cluster can manage and protect virtual machines in
an environment with multiple vCenter Servers and multiple ESXi hosts.
The Rubrik cluster provides a variety of methods to recover virtual machines and to restore
protected data. Recover virtual machines and restore data by using snapshots, replicas, and
archival snapshots.
Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA
Domain assigned to a parent object.
Objects from which a virtual machine can inherit are the following virtualization system entities:
Folders
Clusters
Hosts
The automatic protection mechanism simplifies assigning protection to large numbers of virtual
machines and provides an easy method to uniformly assign specific SLA Domains to groups of
functionally similar virtual machines.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
During SLA Domain assignment, the Rubrik cluster displays the objects that have individual
assignments which conflict with the new assignment. For each conflicting object, the Rubrik
cluster permits an administrator to choose to retain the individual setting or apply the new setting.
Rubrik CDM Version 5.0 User Guide Virtual machine protection 330
vSphere Virtual Machines
Administrator individually assigns the virtual machine to the Gold SLA Domain:
The virtual machine is protected by the Gold SLA Domain (Rule One).
Administrator changes the SLA Domain setting of folder F1 to the Silver SLA Domain:
A conflict occurs between the individually assigned setting for the virtual machine and the
setting selected for F1. The Rubrik cluster displays the conflict. The administrator chooses to
remove the individually assigned setting and have the virtual machine inherit the new SLA
Domain setting of F1. The virtual machine is protected by the Silver SLA Domain.
Displaying unprotected virtual machines from the Dashboard describes how to use the Rubrik CDM
web UI to view all virtual machines that do not have the protection of an SLA Domain.
Rubrik CDM Version 5.0 User Guide Virtual machine protection 331
vSphere Virtual Machines
For that reason, any time a virtual machine is added to a Rubrik cluster, the Rubrik cluster runs a
detection algorithm designed to identify whether that virtual machine was previously known to the
system.
If the optional automatic linking feature is turned on, the Rubrik cluster will link any duplicate
virtual machine occurrences it detects and present them as if they are the same virtual machine.
These linked virtual machines also retain an SLA Domain that is specifically assigned to the original
virtual machine.
The automatic linking feature is either turned on or off for an entire vCenter Server. You can make
this decision when the vCenter Server is added, or by editing the vCenter Server connection
properties.
Note: The automatic linking feature does not perform any retroactive processing. For example, if
the feature is turned off, and a virtual machine is deleted and re-registered with the same vCenter
Server, the re-registered virtual machine will be added as a new virtual machine. Even if automatic
linking is turned on after that occurs, the new virtual machine will not be linked to the previous
virtual machine.
Manage vCenters
The Rubrik cluster accesses virtual machine data through a connection with the VMware vCenter
Server that manages the hypervisor that is running the virtual machine. To successfully connect
with a vCenter Server, the Rubrik cluster requires connection information for that vCenter Server.
The Rubrik cluster provides access to vCenter Server information on the vCenter Servers page.
That page provides the FQDN or IP address, and the connection status, for every vCenter Server
that is added to the Rubrik cluster.
After connection information for a vCenter Server is added to a Rubrik cluster, the Rubrik cluster
requests relevant metadata from the vCenter Server. The Rubrik cluster uses the metadata to
display and work with the virtual machines on the vCenter Server.
The Rubrik cluster automatically refreshes the metadata from a vCenter Server every 30 minutes.
This is referred to as a light refresh. The Rubrik Edge appliance performs a light refresh of a
vCenter Server every six hours.
The Rubrik cluster automatically refreshes the metadata and rescans the VMDK files of a vCenter
Server every two hours. This is referred to as a full refresh. The Rubrik Edge appliance performs a
full refresh of a vCenter Server every 24 hours.
VMDK files are also automatically scanned as part of every create snapshot job.
A full refresh can be manually initiated at any time.
! IMPORTANT
When a trusted root certificate is not provided, the Rubrik cluster uses the trust on first use
(TOFU) standard to authenticate the vCenter Server. Depending on the network
environment, this might not ensure secure operation.
10.Paste the text of the trusted CA root certificate for the vCenter into the Trusted Root Certificate
field.
11.Click Add.
The Rubrik cluster tests the connection and saves the information.
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 335
vSphere Virtual Machines
Automatic protection uses the automatic protection rules to determine whether a setting applies to
an object. Automatic protection rules describes these rules.
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 336
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 337
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 338
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 339
vSphere Virtual Machines
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide SLA Domain assignment 340
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Virtual machine scripts 341
vSphere Virtual Machines
Enabling scripts
Configure the Rubrik cluster to run scripts when a virtual machine is backed up.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide Virtual machine scripts 342
vSphere Virtual Machines
7. (Optional) In Post-Snap Script Path, type the full path for the Post-Snap Script.
The full path is relative to the root of the guest OS file system.
8. (Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the
Post-Snap Script because the script cannot be completed.
9. (Optional) In Post-Backup Script Path, type the full path for the Post-Backup Script.
The full path is relative to the root of the guest OS file system.
10.(Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the
Post-Backup Script because the script cannot be completed.
11.Click Apply.
The Rubrik cluster stores the information and runs the specified scripts for all subsequent backups
of the selected virtual machine. The Rubrik cluster provides entries in the Activity Log for errors
that occur when running the scripts as specified.
Rubrik CDM Version 5.0 User Guide Storage array integration 343
vSphere Virtual Machines
Storage array integration can employ custom scripts running on the guest operating system to
provide application level quiescence or application consistency. A pre-backup script can prepare an
application for the brief quiescence and a post-snap script can resume the application immediately
after the snapshot./
Virtual machine scripts provides information about scripts.
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide Storage array integration 344
vSphere Virtual Machines
5. Open the ellipsis menu on the top bar of the local host page and select Enable Array
Integration.
The Enable Array Integration menu item only appears when the virtual machine is eligible for
storage array integration. After a storage array is added, the Rubrik cluster scans all virtual
machines to determine eligibility for storage array integration. The menu item will not appear
until the conclusion of the scanning period.
The message “Enabled array integration” appears in the Activity Log.
The Rubrik cluster stores the information and uses storage array integration for all subsequent
backups of the virtual machine.
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide Exclude VMDK files 345
vSphere Virtual Machines
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Rubrik CDM Version 5.0 User Guide Finding protection objects 346
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Finding protection objects 347
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Finding protection objects 348
vSphere Virtual Machines
Warning messages
As part of the task of assigning SLA Domains, the Rubrik cluster may display warning messages.
For each type of warning, the Rubrik cluster offers the option to continue or to cancel the task.
The Rubrik cluster may display the following warning messages, individually or in combination:
Assignment Conflicts
These VM(s) are already protected
VMware Tools not installed
Each of these warnings can appear separately, or together in a Multiple Warnings dialog box.
Assignment Conflicts
The Rubrik CDM web UI displays the Assignment Conflicts warning when the Rubrik cluster
detects a conflict in the SLA Domain setting for a selected object.
When a virtual machine within the hierarchy of a selected object inherits an SLA Domain
assignment from a vCenter Server cluster or host, and also from a vCenter Server folder, the
Assignment Conflicts warning appears. In this situation, the virtual machine always inherits the
policy of the vCenter Server folder, unless a SLA Domain setting is individually assigned to the
virtual machine.
When the Assignment Conflicts warning appears, do one of the following:
Continue the operation to assign the selected SLA Domain setting to the selected objects.
Cancel the operation and remove the selected objects from the selection set.
Rubrik CDM Version 5.0 User Guide Finding protection objects 349
vSphere Virtual Machines
To prevent the Assignment Conflicts warning from appearing again, select Don’t show this
again.
Protection consequences
The SLA rules defined by an SLA Domain impact the protection of virtual machines in several
ways. SLA rules specify when snapshots are created, when snapshots expire, and where snapshot
data is stored.
A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an
SLA Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same
SLA Domain that created the snapshot.
Sometimes, the source virtual machine for a snapshot is assigned to another SLA Domain after the
snapshot is created. When this occurs the new SLA Domain becomes the managing SLA Domain
for the policy driven snapshot.
A policy driven snapshot can require manual management when it loses an association with the
SLA Domain.
If D1 has a higher base frequency of snapshots than D2 (e.g. D1 was Gold and D2 was Bronze),
then existing policy-driven snapshots that are not required by the policies of D2 are deleted from
the system.
By doing this, the Rubrik cluster brings the snapshot history for the virtual machine into
compliance with the frequency and retention periods defined by D2.
Alternatively, if D2 specifies a higher base frequency of snapshots, (e.g. D2 was Gold and D1 was
Bronze) then the virtual machine will initially appear in the SLA Compliance reports as out of
compliance with D2’s SLA because the existing snapshots were insufficient to meet the new SLA
rules.
All existing and future snapshots for the virtual machine are subject to D2’s rules regarding local
cluster retention period, replication retention period and maximum retention period.
Note: To go directly to the page for a single virtual machine, type the name of the virtual
machine in the search box on the top bar of the Rubrik CDM web UI and select the virtual
machine from the results list.
Action bar
For the selected local virtual machine, the action bar provides the actions described in Table 68.
Table 68 Actions available from the action bar (page 1 of 2)
Action Description
Take On Demand Snapshot Adds an on-demand snapshot of the virtual machine to the task queue.
Note: Backup Window settings defined for the SLA Domain of the
virtual machine do not apply to on-demand snapshots. Only the
maximum retention and remote configuration settings of the associated
SLA Domain apply to on-demand snapshots.
Rubrik CDM Version 5.0 User Guide Local host page 353
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Local host page 354
vSphere Virtual Machines
Overview card
The Overview card provides the information that is described in Table 69.
Table 69 Information available on the Overview card
Field Description
vCenter IP address of the vCenter Server that manages the virtual machine.
Host Host–For virtual machines that are assigned to an SLA Domain without an
or Archival policy, shows the IP address of the hypervisor that hosts the virtual
Cloud Conversion machine.
Cloud Conversion–For virtual machines that are assigned to an SLA Domain
with an Archival policy, shows the Configure button and either:
• Disabled
• Name of the archival location
SLA Domain Name of the SLA Domain that manages the protection of the selected virtual
machine.
Live Mounts Number of live mounts for snapshots associated with the selected virtual
machine.
Oldest Snapshot Timestamp for the oldest snapshot associated with the selected virtual machine.
When the SLA Domain has an active archival policy, the oldest snapshot
resides at the archival location.
Latest Snapshot Timestamp for the most recent successful snapshot of the selected virtual
machine.
Total Snapshots Total number of retained snapshots for the selected virtual machine, including
both the local Rubrik cluster and any archival location.
Missed Snapshots Number of policy-driven snapshots that did not complete successfully. A missed
snapshot is included in the count until the period since the SLA Domain policy
required the snapshot exceeds the retention period of the SLA Domain.
Rubrik CDM Version 5.0 User Guide Local host page 355
vSphere Virtual Machines
Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the
snapshots that reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views.
Each view uses color spots to indicate the presence of snapshots on a date and to indicate the
status of SLA Domain compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the
virtual machine.
Table 70 lists the colors that the Snapshots card uses and describes the status that each color
represents.
Table 70 Status colors used on the calendar views
Color Status
Green All snapshots required by SLA Domain policy were successfully created.
Orange All snapshots required by SLA Domain policy were successfully created but at least
one snapshot caused a warning.
Red At least one snapshot required by SLA Domain policy was not successfully created.
Rubrik CDM Version 5.0 User Guide Local host page 356
vSphere Virtual Machines
The following icon indicates a snapshot that resides locally and at an archival location.
The following icon indicates a replica of the snapshot was sent to the target Rubrik cluster.
Status The following icon indicates a warning for the snapshot entry. Hover over the icon to see
additional information.
The following icon indicates the policy driven snapshot represented by the entry was not
completed successfully.
Rubrik CDM Version 5.0 User Guide Local host page 357
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Local host page 358
vSphere Virtual Machines
For snapshots that reside on an archival location, the ellipsis menu provides the actions described
in Table 74.
Table 74 Actions available for snapshots that reside on an archival location
Command Description
Download Transfer a copy of the selected snapshot to the local Rubrik cluster so that it is available for
additional local actions. The local Rubrik cluster provides a notification when the download is
completed.
Browse Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Restoring files or folders by download from notification message describes how to download
a file or folder.
Snapshots
The Rubrik cluster provides protection for virtual machines by combining native snapshot
technology with the fast and scalable cloud data management platform of the Rubrik cluster.
Back up processes
A Rubrik cluster backs up a virtual machine by creating a snapshot of the virtual machine by using
VADP, or for Windows guests, by using the VSS agent that is integrated into the Rubrik Backup
Service (RBS).
When a Rubrik cluster begins protecting a virtual machine, the Rubrik cluster starts by creating a
first full snapshot of the virtual machine. This first full snapshot is a complete backup of the virtual
machine.
After the first full snapshot, the Rubrik cluster continues protection of the virtual machine by
creating incremental snapshots based on the change information provided by Changed Block
Tracking (CBT). The Rubrik cluster creates each incremental snapshot very quickly because the
snapshot only includes the data blocks that have changed since the last snapshot.
The vSphere environment transmits the snapshot data to the Rubrik cluster using the most
efficient available transport mode. Normally, the vSphere environment uses the NBD/NBDSSL
transport mode. The high efficiency of the Rubrik cluster eliminates data bottlenecks, allowing the
NBD/NBDSSL transport mode to provide data transmission rates that minimize the time that a
virtual machine is quiescent.
For VMDKs that are stored on a SAN, the Rubrik cluster can use the SAN transport mode. In this
mode, the Rubrik cluster uses the iSCSI protocol to obtain snapshot data over a direct connection
to the storage array resulting in very fast data transmission.
Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines
the period in a day when the Rubrik cluster can initiate policy-driven snapshots of the virtual
machines that the SLA Domain protects.
When using the snapshot window policy, the specified window must be long enough to
accommodate the number of virtual machines that are assigned to the SLA Domain. Monitor the
snapshot activity of the SLA Domain to ensure that all policy-driven snapshots are successfully
completed. When necessary, lengthen the period to permit all snapshots to be completed
successfully.
Protection exceptions
The Rubrik cluster cannot protect data that exists on any of the following:
VMDKs that are set to Independent-Persistent mode or to Independent-Nonpersistent
mode.
Network drives that are mounted on the file system of a protected virtual machine.
Any virtual machine for which the Rubrik cluster does not have snapshot creation permission
because of settings on the virtual machine or on a vSphere folder that contains the virtual
machine.
Any virtual machine data that resides on raw disk mappings (RDMs), where the compatibility
mode of the RDMs is set to Physical.
! IMPORTANT
To ensure file system consistent snapshots or application consistent snapshots for a virtual
machine, always install the most up-to-date version of VMware Tools.
Application consistency
The Rubrik cluster supports application consistent snapshots for many guest OS types and
application types.
The Rubrik cluster supports application consistent snapshot for applications such as Microsoft
Exchange Server, Microsoft SQL Server, Microsoft Active Directory, Microsoft SharePoint, and
Oracle Database (RDBMS) running on certain versions of Windows Sever guest OS. To enable
application consistent snapshots for these applications, the RBS must be installed on the guest OS.
For Windows Guest OS, if RBS is not installed but VMware Tools is installed, the Rubrik cluster will
attempt to quiesce the Windows virtual machine using VMware Tools. Application consistency
cannot be assured under these circumstances but it will be attempted.
The Rubrik cluster does not support restore of an application consistent snapshot into an
availability group. Cluster consistency for the availability group cannot be ensured in this situation
and problems may occur.
Linux guest
A Rubrik cluster provides file system consistent snapshots on supported Linux guest OS types.
During snapshot creation, the Rubrik cluster uses VMware Tools to make guest OS kernel level
calls to quiesce (freeze) and to enable (thaw) the guest OS file system.
To provide performance improvements when restoring data to a Linux guest, install the RBS on
the Linux guest as described in Installing the Rubrik Backup Service software on a Linux or Unix
host.
Windows guest
A Rubrik cluster uses the RBS running on a Windows guest OS to provide application consistent
snapshots for Windows applications. The RBS has an integrated VSS provider to work with VSS on
the Windows OS.
Note: If RBS is not installed but VMware Tools is installed, the Rubrik cluster will attempt to
quiesce the Windows virtual machine using VMware Tools. Application consistency cannot be
assured under these circumstances but it will be attempted.
The RBS can be installed manually or automatically. In order to automatically install the RBS, the
Rubrik cluster must have valid guest OS credentials for the Windows guest and the Admin
Approval Mode must be disabled on the Windows guest.
For supported versions of Microsoft Exchange Server, the RBS truncates the transaction log after a
successful snapshot. Log truncation can significantly reduce the virtual machine space required by
the transaction log.
! IMPORTANT
The RBS software can only be used with the Rubrik cluster from which the software is
obtained. Each Rubrik cluster generates a copy of the RBS software that includes
authentication information specific to that Rubrik cluster. This method ensures that the
Rubrik cluster and a hosted deployment of the RBS can reliably authenticate each other.
! IMPORTANT
When installing the RBS software, the security certificate file must be in the same folder
as the Windows Installer Package.
3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package.
The Windows Installer Package installs the RBS software and incorporates the security
certificate into the installation.
The RBS software can also be push installed on multiple Windows hosts using automation
software, such as Puppet or Chef.
Note: The default LocalService account does not provide sufficient privileges to permit the RBS
to access data on network shares.
Next task — Register the Windows guests that are running the Rubrik Backup Software with the
Rubrik cluster.
Registering a guest
After installing the RBS on a guest OS, register the guest with the Rubrik cluster. Registering the
guest allows the Rubrik cluster to manage data on the guest.
Before you begin — Install the RBS software on the guest OS.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Register Rubrik Backup Service.
The Register Rubrik Backup Service modal appears.
4. Click Register.
The Rubrik cluster establishes an authenticated secure connection with the RBS running on the
guest.
Note: Removing the RBS from a Windows guest also removes the connection between the
Windows guest and the Rubrik cluster. The Rubrik cluster designates any retained snapshots as
relics. Use the Snapshot Retention page to manually manage the relics, as described in Retention
Management.
1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.
When the ‘icacls’ script cannot be run, the Rubrik cluster can still restore objects in the Windows
guest file system, but the ACL values of the source objects will not be preserved in the restored
objects.
On-demand snapshots
In addition to policy-based snapshots, create virtual machine snapshots by using the on-demand
snapshot process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically,
according to the SLA rules of the associated SLA Domain. Warning messages describes how to set
up policy-based snapshots for virtual machines.
Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines
can be created by using the on-demand snapshot process.
Rubrik CDM Version 5.0 User Guide Recovering and restoring virtual machine data 371
vSphere Virtual Machines
The recovery actions that the Rubrik cluster provides depend on the data protection object being
used. Table 78 lists the available recovery actions for each type of data protection object.
Table 78 Recovery actions available for data protection objects
Object Available recovery actions
Local snapshot Initiated from the local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export
Replica Initiated from the target Rubrik cluster:
• Live Mount
• Export
Archival snapshot Initiated from the local Rubrik cluster, after the archival snapshot is downloaded to
the local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export
Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the local
host page when the name of the source virtual machine is known.
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
To work with data from an unmanaged virtual machine, go to the left-side menu and click
Snapshot Retention. Then, continue with the following steps from the Snapshot Retention
page instead of the Virtual Machines page.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
Local host page provides information about the Snapshots card and navigating to a snapshot.
Skip step 4 and step 5, except when recovering a virtual machine from an archival snapshot.
4. (Recovering archival snapshot only) Open the ellipsis menu for the snapshot.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 372
vSphere Virtual Machines
! IMPORTANT
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot.
Manually delete a downloaded archival snapshot that is no longer required on local
storage.
6. Perform one of the available recovery actions on the selected snapshot or restore files and
folders from the selected snapshot.
Selecting a replica
Select a replica from the Rubrik CDM web UI of the replication target Rubrik cluster before
applying a recovery action.
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
Note: Use the search box on the top bar of the Rubrik CDM web UI to directly access the
Remote VM Details page when the name of the source virtual machine is known.
2. On the left-side menu of the Rubrik CDM web UI, click SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. Select a remote SLA Domain.
The page for the selected SLA Domain appears.
4. In the Virtual Machines section of the remote SLA Domain’s page, click the name of a virtual
machine.
The Remote VM Details page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a replica.
Snapshots card or Recovery Points card provides information about the Snapshots card and
navigating to a replica.
6. Perform one of the available recovery actions on the selected replica or restore files and folders
from the selected replica.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 373
vSphere Virtual Machines
Live migration
After a recovery, the recovered virtual machine can be live migrated using a process such as
VMware Storage vMotion.
After live migration of a virtual machine that was recovered by the Instant Recovery or Live Mount
actions, the Rubrik cluster maintains metadata for the recovered virtual machine that should be
removed.
Delete the metadata for the recovered virtual machine through the Live Mounts page of the Rubrik
CDM web UI by using the Force Delete option, as described in Removing a virtual machine entry
after live migration.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 374
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 375
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 376
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 377
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 378
vSphere Virtual Machines
Gateway: 12.42.1.12
Administrator uses the ‘route’ command:
The command displays the new kernel routing table.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.255 0.0.0.0 UG 0 0 0 bond0
1.2.0.0 0.0.0.0 255.255.0.0 U 0 0 0 bond0.1000
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 bond0
13.4.0.0 10.0.0.254 255.255.0.0 UG 0 0 0 bond0
12.42.0.0 12.42.1.12 255.255.0.0 U 0 0 0 bond0.1000
Performing an Export
An Export creates a new virtual machine from a point-in-time copy of the source virtual machine.
The datastore of the selected ESXi host is the datastore for the recovered virtual machine.
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The
Rubrik cluster does not connect the recovered virtual machine to a network. The Rubrik cluster
sets the protection state of the new virtual machine to Do Not Protect.
1. Select a snapshot, an archival snapshot, or a replica.
Selecting a snapshot or an archival snapshot describes the selection task for snapshots and
archival snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Export.
The Export Snapshot dialog box appears.
4. In Choose an ESXi Host, select an ESXi host for the virtual machine.
A list of the datastores that are associated with the select ESXi host appears.
5. In Choose a Datastore, select a datastore.
6. (Optional) Select Remove virtual network devices.
Select this option when networking changes or issues prevent the virtual machine from
starting.
7. Click Export.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 379
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 380
vSphere Virtual Machines
After recovering a snapshot of a vCenter Server or Platform Services Controller, see the
documentation for VMware vCenter to restore an environment based on a vCenter Server image.
The Rubrik cluster initially sets the protection state of the exported virtual machine to Do Not
Protect. To protect the new virtual machine, add it to an SLA Domain, or remove the individual
assignment of Do Not Protect to permit it to inherit protection.
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 381
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide Recovery of virtual machines 382
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide File and folder restore 383
vSphere Virtual Machines
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file
and folder pathnames.
Search matches the string of characters entered in the search field with the same string in any
portion of the pathname of a folder or file. Continue to type characters until the file or folder
appears in the results.
3. Select the file or folder.
The Download File Version dialog box appears. A cloud icon appears next to files or folders that
are on archival snapshots.
4. Select a version of the file or folder.
For supported Windows and Linux guest operating systems, the selection can be restored to the
original file system, or downloaded from a generated link. For other guest operating systems, the
selection can be downloaded from a generated link.
Note: The Rubrik cluster must download an archival snapshot before it can be browsed.
Searching by name for a file or folder on an archival snapshot does not require that the archival
snapshot be downloaded first.
Rubrik CDM Version 5.0 User Guide File and folder restore 384
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide File and folder restore 385
vSphere Virtual Machines
When the Rubrik cluster has previously accepted the guest OS credentials of the host, the
credential fields do not appear.
4. (If available) (Windows only) In Domain, type the resolvable hostname or IP address of the
authentication server for the credential.
When the Windows guest OS performs Workstation Authentication of credentials instead of
Domain Authentication, leave the Domain field empty.
Note: With some ESXi hypervisors, the VMware API requires a single period character in the
Domain field to correctly pass the Workstation Authentication value to the Windows guest.
When an empty Domain field does not provide successful Workstation Authentication with the
Windows guest, add a period character in the Domain field.
Note: Do not type the original path of the source file or folder. When Restore to separate
folder is selected, the object cannot be restored to a folder that contains an object of the
same name.
Use the correct path delimiter for the guest operating system.
For Windows use a back slash. For example:
C:\Users\jsmith\work
For Linux use a forward slash. For example:
/home/jsmith/work
Rubrik CDM Version 5.0 User Guide File and folder restore 386
vSphere Virtual Machines
9. (If available) (Optional) Select Store as service credential for all VMs.
When this setting is selected, the Rubrik cluster stores the credential. The stored credential can
be managed through the guest OS credentials page, as described in Guest OS settings.
10.Click Restore.
The Rubrik cluster restores the file or folder to the specified location.
Rubrik CDM Version 5.0 User Guide File and folder restore 387
vSphere Virtual Machines
Rubrik CDM Version 5.0 User Guide File and folder restore 388
vSphere Virtual Machines
Unmanaged data
Manage file system data that is not subject to a retention policy through the Snapshot Retention
page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as
unmanaged snapshot objects. Unmanaged snapshot objects can be managed through the
Snapshot Retention page of the Rubrik CDM web UI.
Retention Management describes the Snapshot Retention page and how to perform tasks with
unmanaged snapshot objects.
This chapter describes how to protect and manage data from VMware vCloud Director vApps.
Overview ............................................................................................................... 391
Protection hierarchy ................................................................................................ 394
vCloud Director instances ........................................................................................ 396
vApp management.................................................................................................. 399
Recovery and restore of vApp data .......................................................................... 405
Rubrik CDM Version 5.0 User Guide vCloud Director vApps 390
vCloud Director vApps
Overview
Rubrik CDM provides SLA Domain protection and data management for VMware vCloud Director
vApps.
When a vCloud Director instance is added to a Rubrik cluster, the Rubrik cluster automatically
discovers all of the components of the vCloud Director deployment, including:
Organizations
Organization virtual datacenters
vApps
Virtual machines
The components appear in the Rubrik CDM web UI and provide the basis for assigning SLA
Domain protection to the vApps. Rubrik CDM manages and protects the data in vApps using the
same SLA Domain approach that it provides for vSphere virtual machines.
The SLA Domain assignment of a vApp can be derived from a higher level component or the
assignment can be directly specified. Assigning an SLA Domain at a higher level in the
organizational hierarchy, automatically assigns the policies of that SLA Domain to all vApps and
virtual machines that are beneath that level. Assigning an SLA Domain at a lower level in the
hierarchy overrides an assignment made at a higher level. Protection hierarchy describes this
hierarchy-based protection.
The Rubrik cluster provides full protection of vApps, backing up not just virtual machine data but
also vApp data and metadata, including networks, boot order, and access lists.
Rubrik CDM offers the option to enable or disable synchronized snapshots for a vApp. When
enabled, the Rubrik cluster attempts synchronization across the vApp by initiating snapshots of all
virtual machines in a vApp at the same time.
Metadata protection
Rubrik CDM protection of vApps includes the metadata of the vApp.
Table 80 describes the vApp metadata that Rubrik CDM protects.
Table 80 Protected vApp metadata
Metadata Description
Networks Protects both isolated and routed networks. Also, can reconnect restored virtual machines
to the virtual datacenter network if the same network is available at restore time.
Boot order Protects the order that the virtual machines in the vApp are configured to start and stop.
Access list Protects the access list for the vApp.
Limitations
Rubrik CDM support for vApps works within specific limitations.
Table 81 describes the limitations of Rubrik CDM support for vApps.
Table 81 Limitations with vApp support
Limit type Description
Virtual machines in a vApp Maximum of 30 virtual machines in a vApp. To protect a vApp with more than
30 virtual machines, use the exclude function to reduce the number
protected.
Mounts The Rubrik cluster performs all mounts for vApps at the virtual machine level.
Backup exclusion Protection of vApps does not include vCloud Director Object Metadata.
Autodiscovery Rubrik CDM ignores the vCloud Director auto discovery feature.
Protection hierarchy
SLA Domain protection can be applied to virtual machines within vApps by assigning the SLA
Domain at several different levels in the vCloud Director hierarchy. Protection can also be applied
by assigning an SLA Domain to an individual virtual machine within a vApp.
Figure 4 depicts the protection hierarchy – the hierarchical levels in a vCloud Director deployment
at which SLA Domain protection can be specified.
VM VM VM VM VM VM
1
vCloud Director Instance
VM VM VM VM VM VM
2
Organization 1
3 Organization Virtual Data Center 2
VM VM VM VM VM VM
VM VM VM VM VM VM VM VM VM VM VM VM
Rubrik CDM Version 5.0 User Guide vCloud Director instances 396
vCloud Director vApps
5. In vCD Server Hostname, type the FQDN of the computer that hosts the vCloud Director
instance.
Use the format: vcdhost.example.com
6. In Username, type the name of an administrator account on the vCloud Director instance.
7. In Password, type the account password.
8. (Optional) Click Advanced Setting to add a certificate for TLS validation.
The dialog box expands to show the Trusted Root Certificate box.
9. In Trusted Root Certificate, paste the trusted root certificate of the vCloud Director
instance.
10.Click Add.
The Rubrik cluster adds the vCloud Director instance. After establishing a connection and
successfully completing authentication, the Rubrik cluster queries the vCloud Director instance for
all vApp information.
Rubrik CDM Version 5.0 User Guide vCloud Director instances 397
vCloud Director vApps
Rubrik CDM Version 5.0 User Guide vCloud Director instances 398
vCloud Director vApps
vApp management
After a vCloud Director instance is added, the Rubrik cluster provides methods for finding, viewing,
and protecting the vApps.
When the Rubrik cluster finishes querying the vCloud Director instance, the vApps and hierarchical
information appear on the vCD vAps page. From the vCD vApps page, or the local page for a
vApp, the Rubrik cluster can perform the tasks listed Table 83.
Table 83 Tasks available for vApps page
Task Description
Find a vApp View the listing for a specific vApp and use the listing to access the local page for
the vApp.
View the hierarchy View each part of the vCloud Director hierarchy that leads to any vApp.
Enable Enable synchronization for a vApp to request that the Rubrik cluster initiate
synchronization snapshots of all of the virtual machines in a vApp at the same time.
Exclude a virtual Select a vApp virtual machine and exclude it from all snapshots of the vApp.
machine
Perform virtual Select a vApp virtual machine and perform standard Rubrik CDM tasks with it:
machine tasks • Configure the application consistency setting
• Set up a pre-script and a post-script
• Exclude VMDKs from snapshots of the virtual machine
• Register the Rubrik Backup Service after it is installed on the virtual machine
Protect a vApp Assign the data protection policies of an SLA Domain to the vApp. The SLA
Domain can be inherited from any of the levels of the hierarchy or directly assigned
to the vApp.
Take an on-demand Initiate an on-demand snapshot of the selected vApp and assign the policies of any
snapshot SLA Domain to that snapshot.
Enabling synchronization
For a vApp that contains more than one virtual machine, enable synchronization to request that
the Rubrik cluster initiate snapshots of all of the virtual machines at the same time.
1. Log in to the Rubrik CDM web UI.
2. Open the local page of the vApp that contains the virtual machine.
Opening the local page for a vApp describes how to open the local page for the vApp.
3. Click the ellipsis on the title bar of the local vApp page.
4. Click Enable Synchronization.
A confirmation dialog box appears.
5. Click Enable.
The Rubrik cluster enable synchronization for the vApp.
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 405
vCloud Director vApps
Table 85 describes the network choices that can be made during Instant Recovery and Export.
Table 85 Network options during Instant Recovery and Export
Option Description
No mapping NICs in the recovered or exported virtual machines are restored with the settings
that they had at the time of the snapshot.
Delete NICs of all VMs The Rubrik cluster deletes the NICs from each virtual machine that is part of the
recovery or export operation.
Advanced Individually assign the NICs in each virtual machine that is part of the recovery or
export operation to any of the available networks in the organization.
Recovery workflow
Recovery provides a way to replace a virtual machine in a vApp with a snapshot of the virtual
machine from a snapshot of the vApp. An entire vApp or one or more virtual machines in a vApp
can be replaced through recovery.
Recovery of a vApp can be either:
Full – all of the vApp virtual machines and metadata are restored to replace the source vApp.
Partial – one or more selected virtual machines and their metadata are restored to the source
vApp.
Recovery can only be used to replace a virtual machine that exists in the target vApp. To restore a
virtual machine that does not exist in the target vApp, use Export.
To recover a virtual machine, the Rubrik cluster performs the following tasks:
1. Remove the virtual machine from the inventory of the vCenter Server.
The virtual machine is not removed from the datastore.
vCloud Director lists the removed virtual machine as missing from the vApp.
2. The Rubrik cluster mounts the snapshot of the virtual machine using the Rubrik cluster as the
datastore and adds the virtual machine to the vCenter Server.
Using the cloud.uuid field, the vCloud Director recognizes the mounted virtual machine and
establishes the link to the vApp.
3. The Rubrik cluster configures the network connections for the virtual machine.
4. (Optional) The Rubrik cluster powers on the virtual machine.
5. When the virtual machine is powered on, the Rubrik cluster initiates Storage vMotion to move
the datastore to a datastore in the vCloud Director.
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 406
vCloud Director vApps
If the Storage vMotion fails and the virtual machine was powered on after being mounted, the
Rubrik cluster maintains the Live Mount of the virtual machine and sends an email to the global
admin.
If there is a failure anywhere in the process, other than during Storage vMotion, the Rubrik cluster
adds the source virtual machine back to the vCenter Server. Normally, vCloud Director will link the
source virtual machine back into the vApp.
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 407
vCloud Director vApps
12.Click Finish.
The Rubrik cluster performs the actions described in Recovery workflow.
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 408
vCloud Director vApps
13.Click Finish.
The Rubrik cluster performs the actions described in Recovery workflow.
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 409
vCloud Director vApps
15.(Advanced only) In Network, for each virtual machine NIC, select a network.
16.In Storage Profile, choose one of the options.
Choose:
• Default
• Custom
17.(Custom only) For each listed virtual machine, select a storage profile.
18.Click Finish.
The Rubrik cluster uses the data in the selected vApp snapshot to create the new vApp.
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 410
vCloud Director vApps
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 411
vCloud Director vApps
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 412
vCloud Director vApps
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 413
vCloud Director vApps
16.Click Finish.
The Rubrik cluster writes the recovered folders and files from the snapshot into the specified
folder, preserving the hierarchy.
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 414
vCloud Director vApps
Rubrik CDM Version 5.0 User Guide Recovery and restore of vApp data 415
Chapter 12
CloudOn for AWS
This chapter describes how to use the Rubrik CloudOn for AWS feature.
Overview ............................................................................................................... 417
Configuration and setup workflow ............................................................................ 422
Permissions ............................................................................................................ 422
VM Import service role ............................................................................................ 429
Security group ........................................................................................................ 429
Cloud conversion settings ........................................................................................ 431
Cloud instance management.................................................................................... 435
Rubrik CDM Version 5.0 User Guide CloudOn for AWS 416
CloudOn for AWS
Overview
Rubrik CloudOn for AWS converts a local or archived snapshot into an Amazon Machine Image
(AMI) that is used to launch an EC2 instance. Rubrik supports instantiating on-premise VMware
virtual machines to AWS. Rubrik also supports instantiating Hyper-V virtual machines to AWS.
Contact Rubrik Support to enable this capability on your Rubrik cluster.
Support describes how to contact Rubrik Support.
Rubrik CloudOn for AWS supports the following scenarios:
Instantiating of VMware virtual machine for testing and development – Launch on-premise
virtual machines to enable sandbox testing and development needs in AWS.
Migrating on-premise virtual machines to AWS – Lift-and-shift migration of virtual machines to
AWS.
Disaster recovery (DR) to AWS – Failover to AWS using archived data when the on-premise
data center fails.
Prerequisites
Before deploying a virtual machine using AWS CloudOn, meet all preliminary requirements.
For successful deployment of AWS CloudOn, ensure that the following prerequisites are met:
Rubrik uses the AWS VM Import Service to convert an on-premise VMware virtual machine to
an AMI. Therefore, all the prerequisites and limitations applicable to AWS VM Import/Export
service are also applicable to Rubrik CloudOn for AWS. Ensure that the source virtual machine
meets the Import/Export Requirements specified on the following Amazon documentation
page:
VM Import/Export Requirements
Virtual machine import supports ENA drivers for Linux. ENA support will be enabled only when
the original virtual machine has ENA and/or NVMe drivers installed. Rubrik recommends the
installation of the latest drivers. Install ENA drivers on the Linux source virtual machines if you
wish to use an AWS instance type that uses ENA by default.
AWS accounts and archive location setup
Follow the steps in the following sections to configure resources on all combinations of AWS
accounts and regions.
Security group
Create a security group with appropriate rules, as described in Creating a security group for
AWS CloudOn. This enables secure access to the transient instance within the VPC that the
customer specified.
IAM roles
• Create one IAM role for all CloudOn permissions. Information about IAM roles can be found
at:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
• Create a virtual machine import service role to download disk images from an Amazon S3
bucket, as described in VM Import service role. Information on how to create a virtual
machine import service role can be found at:
https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
Pre-configuration on source virtual machine
Pre-configure the source virtual as described in Table 86.
Table 86 Source virtual machine pre-configuration
Setting Description
Linux configuration • Enable secure shell for remote access.
• Ensure that the host firewall (such as Linux iptables) grants access to SSH.
• Ensure that the Linux virtual machine has GRUB or GRUB2 as its
bootloader.
• Ensure that there is 500 MB space on the root disk.
Windows configuration • Enable Remote Desktop Protocol (RDP).
• Ensure that the RDP port is enabled on the firewall.
• For instantiation, ensure that there is 900 MB free space on the root disk.
The CloudOn for AWS feature also adds tags to transient compute instances that are launched in
your AWS account to perform conversion of virtual machines.
The table below describes the tags that are added to transient compute instances used to convert
Windows virtual machines in AWS.
Table 89 describes the tags that are added to transient compute instances used to convert
Windows virtual machines in AWS.
Table 89 Transient compute instance tags (page 1 of 2)
Resource Tag Key Tag Value
Bolt and Converter Instance rk_instance_class TransientStormInstance
storm_type BOLT/LINC/WINC
rk_storm_instance_handle_id storm_handle_id
EBS volumes created by Rubrik rk_instance_class CloudSnapshotBasedVolume/Em
ptyVolume
rk_snappable_id snappable_id
rk_object_name snappableName
rk_instance_class VolumeGeneratedCloudSnapshot
rk_object_name snappableName
Temporary instance, AMI and rk_instance_class ImageConversionTemporaryInsta
instance launched nce
provider provider_id
rk_requester_id user-id who launched the job
rk_snappable_id snappable_id
rk_snapshot_id snapshotId
rk_object_name snappableName
Permissions
AWS CloudOn requires a bucket level and site level security policy, and a user account with access
to the specified bucket.
The process of preparing the required AWS objects is similar to the process described in Preparing
to use Amazon S3 as an archival location. The main difference is the additional set of permissions
that must be granted by the security policy that is used for cloud instantiation.
Instead of creating a new bucket for cloud instantiation, a bucket that is already in use as an
archival location can be used. To use an existing bucket, modify the security policy that is applied
to the existing bucket and provide the additional permissions described in Creating a security
policy for AWS CloudOn.
Rubrik CDM Version 5.0 User Guide Configuration and setup workflow 422
CloudOn for AWS
6. Paste the JSON text from the following into the JSON editor.
Size constraints in the formatting of this PDF force the JSON example in this guide to break into
two parts. Paste the entire permission sets into the JSON editor. Alternately, copy the text from
the S3 Security Policy Example.1
When a KMS key is used, the following permission set for an IAM Policy for CloudOn with
permissions to add archival locations using a KMS key is required:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:GenerateDataKey",
"kms:DescribeKey",
"ec2:DescribeInstances",
"ec2:CreateKeyPair",
"ec2:CreateImage",
"iam:CreateRole",
"ec2:CopyImage",
"iam:PutRolePolicy",
"ec2:DescribeSnapshots",
"ec2:DeleteVolume",
"ec2:StartInstances",
"ec2:DescribeVolumes",
"ec2:DescribeExportTasks",
"ec2:DescribeAccountAttributes",
"ec2:ImportImage",
"ec2:DescribeKeyPairs",
"ec2:DetachVolume",
"ec2:CancelExportTask",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:CreateVolume",
"ec2:DescribeImportSnapshotTasks",
"ec2:DescribeSubnets",
"ec2:AttachVolume",
"ec2:DeregisterImage",
"ec2:ImportVolume",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeAvailabilityZones",
"ec2:CreateSnapshot",
"ec2:ModifyInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:CreateInstanceExportTask",
"ec2:TerminateInstances",
"ec2:ImportInstance",
"s3:CreateBucket",
"s3:ListAllMyBuckets",
"ec2:DescribeTags",
"ec2:CancelConversionTask",
"ec2:ImportSnapshot",
"ec2:DescribeImportImageTasks",
"ec2:DescribeSecurityGroups",
"ec2:DescribeImages",
"ec2:DescribeVpcs",
"ec2:CancelImportTask",
"ec2:DescribeConversionTasks"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:RestoreObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
When a RSA key is used, the following permission set for an IAM Policy for CloudOn with
permissions to add archival locations using a RSA key is required:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateKeyPair",
"ec2:CreateImage",
"iam:CreateRole",
"ec2:CopyImage",
"iam:PutRolePolicy",
"ec2:DescribeSnapshots",
"ec2:DeleteVolume",
"ec2:StartInstances",
"ec2:DescribeVolumes",
"ec2:DescribeExportTasks",
"ec2:DescribeAccountAttributes",
"ec2:ImportImage",
"ec2:DescribeKeyPairs",
"ec2:DetachVolume",
"ec2:CancelExportTask",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:CreateVolume",
"ec2:DescribeImportSnapshotTasks",
"ec2:DescribeSubnets",
"ec2:AttachVolume",
"ec2:DeregisterImage",
"ec2:ImportVolume",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeAvailabilityZones",
"ec2:CreateSnapshot",
"ec2:ModifyInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:CreateInstanceExportTask",
"ec2:TerminateInstances",
"ec2:ImportInstance",
"s3:CreateBucket",
"s3:ListAllMyBuckets",
"ec2:DescribeTags",
"ec2:CancelConversionTask",
"ec2:ImportSnapshot",
"ec2:DescribeImportImageTasks",
"ec2:DescribeSecurityGroups",
"ec2:DescribeImages",
"ec2:DescribeVpcs",
"ec2:CancelImportTask",
"ec2:DescribeConversionTasks"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:RestoreObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
! IMPORTANT
Pay close attention to the JSON formatting, including opening and closing braces and
brackets.
7. In the JSON editor, replace mys3bucket with the name of the selected bucket.
Make the replacement for both of the ARN references in that resource.
8. Click Review Policy.
9. In Name, type a name for the policy.
10.(Optional) In Description, type a description for the policy.
11.Click Create policy.
AWS creates the security policy and returns to the policy list page.
9. Select the security policy that was created for the bucket, and click Next: Review.
Select the security policy that was created in Creating a security policy for AWS CloudOn.
The Review page appears.
10.Click Create user.
AWS creates the user, and a success message appears.
11.Click Download CSV.
The web browser opens a Save As dialog box.
12.Save the file credentials.csv.
The file contains the Access key ID and Secret access key for the user account and should be
securely stored. Use these values when configuring the Rubrik cluster to use this AWS bucket as
an archival location. The file can be renamed.
Security group
The Rubrik cluster must have the ID of an AWS security group to assign to the transient Rubrik
working instance. Create an AWS security group and assign the ID of the security group to the
archival location that will be used for the cloud instantiation.
The Rubrik cluster assigns the security group ID to the transient Rubrik working instance each
time that it is instantiated.
Providing the ID of the AWS security group to a Rubrik cluster requires two steps:
Create the security group by using the AWS console.
Assign the security group ID to the archival location on the Rubrik cluster.
Rubrik CDM Version 5.0 User Guide VM Import service role 429
CloudOn for AWS
Alternatively, contact Rubrik Support and provide the security group ID. Rubrik Support then
attaches the security group ID to the selected Rubrik cluster archival location.
12.In the Source text field, type a CIDR, IP, or security group ID that includes the Rubrik cluster.
13.Click Create.
AWS creates the security group, and displays the security group page.
14.Find the new security group and copy the group ID.
15.Paste the group ID into a plain text scratch file.
Keep this scratch file for use in later tasks.
Configuring S3 Endpoints
Configure specific endpoints in your VPC to address situations when public internet connection is
not available. This ensures that the subnet that the Bolt is configured to launch in can still be used
when no public internet connection is available.
When Rubrik cluster reads data from the S3 archive, the Rubrik cluster launches transient
instances within a VPC over public internet. You can launch AWS resources into a specified subnet.
When a public subnet for resources is used but the subnet is not connected to the internet, you
can use an S3 VPC endpoint to gain secure access to S3 without public internet access.
Information on how to configure an S3 VPC endpoint can be found at:
https://docs.aws.amazon.com/AmazonVPC/latest/userguide/vpc-endpoints-s3.html
If public internet is not available on the VPC, the Rubrik cluster cannot perform CloudOn for
snapshots on a KMS-encrypted S3 archive. You can configure an AWS KMS endpoint to connect
directly to AWS KMS through a private endpoint in your VPC instead of connecting over the
internet. Information on how to configure an AWS KMS endpoint can be found at:
https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html
Rubrik CDM Version 5.0 User Guide Cloud conversion settings 431
CloudOn for AWS
Each vSphere virtual machine that is assigned to a qualified SLA Domain can be configured with
one of the settings described in Table 90.
Table 90 Cloud conversion settings
Setting Description
Disabled The Rubrik cluster converts the snapshots from the virtual machine into AMIs
only when cloud instantiation is requested.This setting requires the creation of
an AMI from the VMDKs of the selected snapshot after instantiation is initiated
and so takes longer to complete.
This is the default value.
Cloud conversion without The Rubrik cluster starts converting the most recent virtual machine snapshot
keeping older AMIs as soon as it has been archived. The Rubrik cluster combines the chain of
incremental snapshots leading to the last full snapshot and the AMI is created
from the resulting snapshot. The Rubrik cluster automatically removes the
previously stored AMI from cloud storage.
For all snapshots except the most recent, this setting requires the creation of
an AMI from the VMDKs of the selected snapshot after instantiation is
initiated, and takes longer to complete.
Cloud conversion with The Rubrik cluster starts converting the most recent virtual machine snapshot
keeping older AMIs as soon as it has been archived.The Rubrik cluster combines the chain of
incremental snapshots leading to the last full snapshot and the AMI is created
from the resulting snapshot. The Rubrik cluster does not automatically remove
previously created AMIs from cloud storage. Removing those AMIs requires
user action.
This setting normally does not require the creation of an AMI from the VMDKs
of the selected snapshot after instantiation is initiated. Since the AMI already
exists, the instantiation task is much faster.
Rubrik CDM Version 5.0 User Guide Cloud conversion settings 432
CloudOn for AWS
5. The Converter instance creates snapshots of its attached disks and download drivers required
for Windows instances in AWS.
6. A temporary instance is launched using the newly created snapshots and if necessary, OS
drivers are installed.
7. The temporary instance will be used to validate successful conversion and to create an AMI in
AWS. For Windows virtual machines, the temporary instance will be used to inject AWS
required drivers prior to creation of the AMI.
The transient compute properties are described in Table 91.
Table 91 Transient compute properties
Transient AWS Instance types
Compute Description used
Bolt Instance Reads archived data from Cloud Storage. M52xlarge
Convertor Reads incremental data from Bolt and writes to EBS volumes. M4.xlarge
Instance It also copies drivers for Windows virtual machines that will be
required on the user virtual machine in AWS.
Temporary For Windows, drivers are installed by temporary instance as T2.xlarge
Instance they are required for online installation in AWS.
Rubrik CDM Version 5.0 User Guide Cloud conversion settings 433
CloudOn for AWS
When the Overview card does not contain the Cloud Conversion field, shown in Figure 5, there
are two possible causes:
• The SLA Domain is not correctly configured for cloud instantiation.
• The selected virtual machine is not a vSphere virtual machine.
4. On the Overview card, in the Cloud Conversion field, click Configure.
5. Assign one of the three possible configurations.
• Disabled–In Cloud Conversion, move the slider to the off position. This is the default
configuration and only needs to be set when the virtual machine previously had another
setting applied.
• Cloud Conversion without keeping older AMIs–In Cloud Conversion, move the slider to
the on position and clear Keep older AMIs.
• Cloud Conversion with keeping older AMIs–In Cloud Conversion, move the slider to the
on position and select Keep older AMIs.
Rubrik cluster retains the converted AMIs for all the snapshots of this virtual machine,
including expired snapshots
6. Click Submit.
The Rubrik cluster applies the specified configuration to the selected virtual machine.
Rubrik CDM Version 5.0 User Guide Cloud conversion settings 434
CloudOn for AWS
Note: Instantiating Windows VMs with BitLocker-enabled volumes is not supported by AWS
CloudOn.
Rubrik CDM Version 5.0 User Guide Cloud instance management 435
CloudOn for AWS
! IMPORTANT
The Rubrik cluster makes a AMI instance type recommendation based on a 64-bit
operating system. The recommendation, from the m4 series, will be unsuitable for a
32-bit operating system. When the instantiated virtual machine has a 32-bit operating
system, choose Custom Instance Type and specify a 32-bit AMI instance type.
Rubrik CDM Version 5.0 User Guide Cloud instance management 436
CloudOn for AWS
Removing entry
Use the Cloud Mounts page of the Rubrik CDM web UI to remove the virtual machine.
Rubrik cluster stops managing the virtual machine once it has been removed. Manage this virtual
machine from the AWS console.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Mounts > AWS.
The cloud mounts page appears, with the Instances tab selected.
3. Open the ellipsis menu next to the selected instance.
4. Click Remove entry.
The Rubrik cluster removes the selected virtual machine instance.
Launching AMIs
Launch an individual AMI image from the AWS Cloud Mount page.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Mounts > AWS.
The cloud mounts page appears, with the Instances tab selected.
3. Click the AMIs tab.
The list of available AMIs appears.
4. Open the ellipsis menu next to a selected AMI.
5. Click Launch AMI.
The Rubrik cluster launches the selected AMI.
Rubrik CDM Version 5.0 User Guide Cloud instance management 437
CloudOn for AWS
Removing AMIs
Virtual machine snapshots that have been converted to AMIs appear on the Cloud Mounts page of
the Rubrik CDM web UI. Remove an individual AMI from the AWS Cloud Mount page.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Mounts > AWS.
The cloud mounts page appears, with the Instances tab selected.
3. Click the AMIs tab.
The list of available AMIs appears.
4. Open the ellipsis menu next to a selected AMI.
5. Click Delete AMI.
The Rubrik cluster removes the selected AMI.
Rubrik CDM Version 5.0 User Guide Cloud instance management 438
Chapter 13
CloudOn for Azure
This chapter describes how to use the Rubrik CloudOn for Azure feature.
Azure CloudOn overview ......................................................................................... 440
Prerequisites .......................................................................................................... 440
Azure CloudOn configuration and setup workflow...................................................... 444
Downloading the Rubrik Cloud-On for Azure zip file................................................... 444
Setting up and configuring the PowerShell in Cloud Shell ........................................... 445
Configuring Azure Objects ....................................................................................... 446
Configuring the subnet............................................................................................ 447
Setting up permissions on Azure .............................................................................. 448
Adding an Azure CloudOn configuration.................................................................... 453
Cloud conversion settings ........................................................................................ 454
Cloud instance management.................................................................................... 457
Rubrik CDM Version 5.0 User Guide CloudOn for Azure 439
CloudOn for Azure
Prerequisites
For successful deployment of Azure CloudOn, ensure that the following prerequisites are met.
These prerequisites are applicable to on-premise VMware virtual machines, Rubrik cluster, and
Azure Archive.
Connection between the Azure Virtual Network (VNet) and the on-premise network
Rubrik launches transient instances within the customer account to perform conversion. Rubrik
launches the transient instance in a VNet specified by the customer. This connection between
the VNet and the on-premise network requires the following:
• Connectivity from Rubrik cluster
As a security best practice, Rubrik cluster connects to the instances in the VNet over a
private IP. To establish private connectivity between Rubrik cluster and the VNet, a VPN
connection or an ExpressRoute circuit is required to ensure private connectivity between
the Rubrik cluster and Azure VNet.
Information on how to connect to VPN can be found at:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-reso
urce-manager-portal
Information on how to configure ExpressRoute can be found at:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-portal-r
esource-manager
If your on-premise network is connected to an Azure VNet through VPN or an express
route, there are specific ports and URLs that must be opened for all CloudOn operations to
work successfully
Rubrik CDM Version 5.0 User Guide Azure CloudOn overview 440
CloudOn for Azure
The Bolt VNet must be configured with the VNet endpoint for Azure Storage.
Bolt Network Security Group (NSG) must be configured to allow Storage Service Tags
outbound on port 443.
If you are using an Azure ExpressRoute connection, configure it with Microsoft Peering.
Information on how to configure Microsoft peering can be found at:
https://docs.microsoft.com/en-us/azure/expressroute/how-to-move-peering
If you are using VPN or ExpressRoute, the firewall routing must send Rubrik Archival
(CloudOut) traffic over VPN or ExpressRoute.
Information on the right solution in connecting an on-premise network to Azure can be
found at:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-netwo
rking/
• Connectivity to Blob Store
When Rubrik cluster reads data from the Azure archive, the Rubrik cluster launches
transient instances within a VNet over public internet in the same region.
Since Azure storage is available over public endpoints over public internet, if public internet
is not available on the VNet, it is recommended to use Azure VNet endpoint to securely
access the Azure storage. Information on how to configure VNet endpoints can be found
at:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-restrict-network-access-to-
resources
Resource ID and subnet for VNet
If a VNet is granted the access from the Rubrik cluster and to the Blob store, the resource ID of
the VNet and a subnet within the VNet is required. Information on how to configure a new
VNet for Rubrik can be found at:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-restrict-network-access-to-res
ources#create-a-virtual-network
Perform this step with network administrator privileges.
Azure Active Directory application with contributor permissions
Azure Active Directory (Azure AD) must be able to authenticate the Rubrik cluster. To enable
this, register the Rubrik cluster in Azure AD, as described in Setting up permissions on Azure.
This configuration provides contributor permissions to the Rubrik application.
Rubrik CDM Version 5.0 User Guide Azure CloudOn overview 441
CloudOn for Azure
Rubrik CDM Version 5.0 User Guide Azure CloudOn overview 442
CloudOn for Azure
Rubrik CDM Version 5.0 User Guide Azure CloudOn overview 443
CloudOn for Azure
Rubrik CDM Version 5.0 User Guide Azure CloudOn configuration and setup workflow 444
CloudOn for Azure
When Cloud Shell has been previously set up, the Cloud Shell session opens at the bottom of
the page. For the first use, the Persist account files dialog box appears.
3. (First use of Cloud Shell only) In the Persist account files dialog box, select an Azure
subscription for the Cloud Shell, and click Create storage.
Information about Cloud Shell can be found at:
https://docs.microsoft.com/en-us/azure/cloud-shell/overview
The Cloud Shell session opens at the bottom of the page.
4. If the shell is not set with PowerShell as the command processor, at the top of the Cloud Shell
window, click the shell control, and select PowerShell.
Rubrik CDM Version 5.0 User Guide Setting up and configuring the PowerShell in Cloud Shell 445
CloudOn for Azure
The PowerShell prompt appears in the Cloud Shell window, as shown in Figure 7.
Figure 7 PowerShell prompt in Cloud Shell window
Rubrik CDM Version 5.0 User Guide Configuring Azure Objects 446
CloudOn for Azure
8. Type the virtual network ID number for a virtual network. The Virtual Network Resource ID is
not displayed in the Azure portal. You can obtain the Resource ID of any resource in Azure by
executing the the following command in Powershell or in Cloud Shell:
Get-AzureRmResource -Name “Name of the resource”
9. Type the subnet ID number from the list of available subnets.
The list of subnets is based on the virtual networked selected.
10.Type the network security group number from the list of available network security groups.
Alternatively, type 0 and a network security group name to create a new network security
group.
11.Type the resource group number for the network security group from the list of available
resource groups.
12.Type the Application ID number and the secret key.
Alternatively, type 0 and a name for the application to create a new application.
The rkazurecli script checks and creates the CloudOn configuration prerequisites. The script
generates a JSON text file to capture the configuration prerequisites. The text of this JSON is used
in later configuration to complete Azure CloudOn configuration steps in the Rubrik CDM web UI.
When the script completes the configuration, it closes.
Rubrik CDM Version 5.0 User Guide Configuring the subnet 447
CloudOn for Azure
3. In the resource groups filter, clear all resource groups except the resource group created for
Azure CloudOn.
Clear Select All to clear all selections, then select only the resource group that you copied to
your temporary file in Configuring Azure Objects.
4. Copy the name into your temporary file as the subnet ID.
5. Click the name of the subnet.
The blade for that subnet opens.
6. In the subnet blade menu, select Properties.
7. In Resource ID, click the copy button to copy the resource ID value.
8. Paste the resource ID value into your temporary file.
9. Configure the new subnet to have VPN access to the Rubrik cluster.
For information about setting up VPN access, refer to this Microsoft Azure article:
Create a Site-to-Site connection in the Azure portal
Rubrik CDM Version 5.0 User Guide Setting up permissions on Azure 448
CloudOn for Azure
! IMPORTANT
The key value cannot be retrieved after leaving the Keys blade. Store the key value in a
secure location.
Rubrik CDM Version 5.0 User Guide Setting up permissions on Azure 449
CloudOn for Azure
Rubrik CDM Version 5.0 User Guide Setting up permissions on Azure 450
CloudOn for Azure
“IsCustom”: true,
“Description”: “Can Launch VMs from archived snapshots”,
“Actions”: [
“Microsoft.Compute/snapshots/*“,
“Microsoft.ClassicCompute/virtualMachines/detachDisk/action”,
“Microsoft.ClassicCompute/virtualMachines/attachDisk/action”,
“Microsoft.Compute/images/read”,
“Microsoft.Compute/images/write”,
“Microsoft.Compute/images/delete”,
“Microsoft.Compute/disks/*“,
“Microsoft.Compute/locations/*/read”,
“Microsoft.Compute/skus/read”,
“Microsoft.Compute/virtualMachines/deallocate/action”,
“Microsoft.Compute/virtualMachines/delete”,
“Microsoft.Compute/virtualMachines/extensions/*“,
“Microsoft.Compute/virtualMachines/instanceView/read”,
“Microsoft.Compute/virtualMachines/powerOff/action”,
“Microsoft.Compute/virtualMachines/read”,
“Microsoft.Compute/virtualMachines/restart/action”,
“Microsoft.Compute/virtualMachines/runCommand/action”,
“Microsoft.Compute/virtualMachines/start/action”,
“Microsoft.Compute/virtualMachines/vmSizes/read”,
“Microsoft.Compute/virtualMachines/write”,
“Microsoft.Network/networkInterfaces/*“,
“Microsoft.Network/networkSecurityGroups/join/action”,
“Microsoft.Network/networkSecurityGroups/read”,
“Microsoft.Network/networkSecurityGroups/securityRules/read”,
“Microsoft.Network/publicIPAddresses/read”,
“Microsoft.Network/publicIPAddresses/write”,
“Microsoft.Network/publicIPAddresses/join/action”,
“Microsoft.Network/publicIPAddresses/delete”,
“Microsoft.Network/virtualNetworks/read”,
“Microsoft.Network/virtualNetworks/subnets/join/action”,
“Microsoft.Network/virtualNetworks/subnets/read”,
“Microsoft.Resources/deployments/*“,
“Microsoft.Resources/subscriptions/read”,
“Microsoft.Resources/subscriptions/resourcegroups/*/read”,
Rubrik CDM Version 5.0 User Guide Setting up permissions on Azure 451
CloudOn for Azure
“Microsoft.Resources/subscriptions/resourcegroups/deployments/*“,
“Microsoft.Resources/subscriptions/resourcegroups/write”,
“Microsoft.Storage/*/read”,
“Microsoft.Storage/storageAccounts/blobServices/containers/read”,
“Microsoft.Storage/storageAccounts/blobServices/containers/write”,
“Microsoft.Storage/storageAccounts/listkeys/action”,
“Microsoft.Storage/storageAccounts/read”
],
“NotActions”: [
],
“AssignableScopes”: [
“/subscriptions/<subscription-id>”
]
}
2. Replace <subscription-id> with the Azure Subscription ID for the subscription where the App
Registration was created.
3. Save and exit the nano.
4. At the Cloud Shell prompt, type "az role definition create --role --definition
./RubrikCloudOnMinimalPermissions.json".
The Azure CloudOn CLI creates the Rubrik IAM role in the subscription.
5. On the Azure portal menu, select Subscriptions and choose your subscription.
6. Click Access control (IAM).
7. Click +Add.
8. Type the name of the role created in the Cloud Shell.
This will be "Rubrik CloudOn" if the Name field has not been changed in the JSON above.
9. Verify that the Assign access to is set to Azure AD user, group or application.
10.In the Search field, search and select the Rubrik application.
This step selects the Rubrik application to which the role is to be assigned to.
11.Click Save.
Azure creates the Rubrik role with minimal permissions.
Rubrik CDM Version 5.0 User Guide Setting up permissions on Azure 452
CloudOn for Azure
Rubrik CDM Version 5.0 User Guide Adding an Azure CloudOn configuration 453
CloudOn for Azure
11.In General Purpose Storage, select the name of the storage account that matches the
storage account name in your temporary file.
12.In General Purpose Storage Container Name, type a name for the Azure container that
will store the VHDs.
Use a name that meets the Azure requirements for container names:
• 3-64 characters
• Lowercase
• Alphanumeric characters and the dash symbol
13.(For CloudOn) In Resource Group, type the name of a resource group.
This resource group specifies where the temporary Rubrik Bolt cloud cluster instance will be
launched.
14.In Virtual Network ID, copy and paste the resource ID of the virtual network from your
temporary file.
15.In Subnet ID, copy and paste the name of the virtual network from your temporary file.
16.In Security Group ID, copy and paste the resource ID of the security group.
17.Click Add.
The Rubrik cluster modifies the archival location configuration to add support for Azure CloudOn.
Rubrik CDM Version 5.0 User Guide Cloud conversion settings 454
CloudOn for Azure
Each vSphere virtual machine that is assigned to a qualified SLA Domain can be configured with
one of the settings described in Table 94.
Table 94 Cloud conversion settings
Setting Description
Disabled The Rubrik cluster converts the snapshots from the virtual machine into VHDs
only when cloud instantiation is requested.This setting requires the creation of
a VHD from the VMDKs of the selected snapshot after instantiation is initiated
and so takes longer to complete.
This is the default value.
Cloud conversion without The Rubrik cluster starts converting the most recent virtual machine snapshot
Keep older VHDs as soon as it has been archived. The Rubrik cluster combines the chain of
incremental snapshots leading to the last full snapshot and the VHD is created
from the resulting snapshot. The Rubrik cluster automatically removes the
previously stored VHD from cloud storage.
For all snapshots except the most recent, this setting requires the creation of a
VHD from the VMDKs of the selected snapshot after instantiation is initiated,
and takes longer to complete.
Cloud conversion with The Rubrik cluster starts converting the most recent virtual machine snapshot
Keep older VHDs as soon as it has been archived.The Rubrik cluster combines the chain of
incremental snapshots leading to the last full snapshot and the VHD is created
from the resulting snapshot. The Rubrik cluster does not automatically remove
previously created VHDs from cloud storage. Removing those VHDs requires
user action.
This setting normally does not require the creation of an VHD from the VMDKs
of the selected snapshot after instantiation is initiated. Since the VHD already
exists, the instantiation task is much faster.
Rubrik CDM Version 5.0 User Guide Cloud conversion settings 455
CloudOn for Azure
When the Overview card does not contain the Cloud Conversion field, shown in Figure 8, there
are two possible causes:
• The SLA Domain is not correctly configured for cloud instantiation.
• The selected virtual machine is not a vSphere virtual machine.
• The guest OS of the virtual machine is not Windows.
4. On the Overview card, in the Cloud Conversion field, click Configure.
5. Assign one of the three possible configurations.
• Disabled–In Cloud Conversion, move the slider to the off position. This is the default
configuration and only needs to be set when the virtual machine previously had another
setting applied.
• Cloud Conversion without Keep older VHDs–In Cloud Conversion, move the slider to the
on position and clear Keep older VHDs.
• Cloud Conversion with Keep older VHDs–In Cloud Conversion, move the slider to the on
position and select Keep older VHDs.
6. Click Submit.
The Rubrik cluster applies the specified configuration to the selected virtual machine.
Rubrik CDM Version 5.0 User Guide Cloud conversion settings 456
CloudOn for Azure
Note: Instantiating Windows VMs with BitLocker-enabled volumes is not supported by Azure
CloudOn.
Rubrik CDM Version 5.0 User Guide Cloud instance management 457
CloudOn for Azure
7. In Virtual Machine Size, select the type of VHD instance to use for the instantiated virtual
machine.
The Rubrik cluster examines the source virtual machine and provides a recommended VHD
instance type.
8. (Optional) In Virtual Machine Size, select Custom Instance Type.
The Custom Instance Type field appears.
9. (For Custom Instance Type only) In Custom Instance Type, type the name of a VHD
instance type.
The name must be typed in the exact form that Azure uses.
10.In VNet, select an Azure virtual network.
The field lists the virtual networks that are available at the selected archival location. To see a
list in this field, first select an archival location.
11.In Network Security Group, select an available security group.
The field lists the security groups that are available for the selected virtual network. To see a
list in this field, first select a virtual network.
12.In Resource Group, select an available resource group.
The field lists the resource groups that are available for the selected virtual network. To see a
list in this field, first select a virtual network.
This resource group specifies where the instantiated virtual machine will be launched.
13.Click Submit.
The Rubrik cluster launches the Rubrik Bolt cloud instance in the resource group associated with
the archive location to create a full snapshot.
The Rubrik cluster begins the instantiation task. When the task completes, the instantiated virtual
machine appears on the Cloud Mounts page of the Rubrik CDM web UI.
Rubrik CDM Version 5.0 User Guide Cloud instance management 458
CloudOn for Azure
3. Browse to a snapshot.
4. Open the ellipsis menu for the snapshot, and select Launch on Cloud.
The Launch on Cloud modal appears.
5. In Location Name, select the name of an archival location.
The virtual machine will be instantiated in the storage for the selected location.
6. In Virtual Machine Size, select the type of VHD instance to use for the instantiated virtual
machine.
The Rubrik cluster examines the source virtual machine and provides a recommended VHD
instance type.
7. (Optional) In Virtual Machine Size, select Custom Instance Type.
The Custom Instance Type field appears.
8. (For Custom Instance Type only) In Custom Instance Type, type the name of a VHD
instance type.
The name must be typed in the exact form that Azure uses.
9. In VNet, select an Azure virtual network.
The field lists the virtual networks that are available at the selected archival location. To see a
list in this field, first select an archival location.
10.In Network Security Group, select an available security group.
The field lists the security groups that are available for the selected virtual network. To see a
list in this field, first select a virtual network.
11.In Resource Group, select an available resource group.
The field lists the resource groups that are available for the selected virtual network. To see a
list in this field, first select a virtual network.
This resource group specifies where the instantiated virtual machine will be launched.
12.Click Submit.
The Rubrik cluster launches the Rubrik Bolt cloud instance in the resource group associated with
the archive location to create a full snapshot.
The Rubrik cluster begins the instantiation task. When the task completes, the instantiated virtual
machine appears on the Cloud Mounts page of the Rubrik CDM web UI.
Rubrik CDM Version 5.0 User Guide Cloud instance management 459
CloudOn for Azure
Removing entry
Use the Cloud Mounts page of the Rubrik web UI to remove the virtual machine.
Rubrik cluster stops managing the virtual machine once it has been removed. Manage this virtual
machine from the Azure Portal.
1. Log in to the Rubrik CDM web UI, on the left-side menu, click Cloud Mounts > Azure.
The cloud mounts page appears, with the VMs tab selected.
2. Open the ellipsis menu next to the selected instance.
Rubrik CDM Version 5.0 User Guide Cloud instance management 460
CloudOn for Azure
Removing VHDs
Virtual machine snapshots appear on the Cloud Mounts page of the Rubrik CDM web UI. An
individual VHD can be selected from this page and removed from the Azure account storage.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Mounts > Azure.
The cloud mounts page appears, with the VMs tab selected.
3. Click the VHDs tab.
The list of available VHDs appears.
4. Open the ellipsis menu next to a selected VHD.
5. Click Delete VHD.
The Rubrik cluster removes the selected VHD from the Azure account.
Rubrik CDM Version 5.0 User Guide Cloud instance management 461
CloudOn for Azure
Rubrik CDM Version 5.0 User Guide Cloud instance management 462
CloudOn for Azure
Rubrik recommends using a disambiguation string to avoid potential conflicts that arise when a
string is ambiguous.
! IMPORTANT
Removing a resource group deletes all resources associated in the resource group.
Before removing a resource group, verify that this resource group contains no resource that other
resource group depends upon.
1. Log in to the Azure Portal.
2. On the left-side menu, click Resource groups.
The Resource groups page appears.
3. Select a resource group to be removed, click Delete on the top bar of the Resource groups
page.
Azure removes the selected resource group from the Azure account.
! IMPORTANT
Delete deployments to prevent the number of deployments per resource group to reach its
limit.
As part of the garbage collection tasks, Rubrik cluster deletes deployments with a prefix
“import-vm*” from the resource group being used to launch the transient compute instance and
user instances. Rubrik cluster deletes these deployments to avoid reaching the limit of 800
deployments per resource group and prevent instantiation failures.
As a result, Rubrik cluster also deletes non-Rubrik deployments with the same prefix of
“import-vm*” in the same resource group used for CloudOn that are already in a terminated state.
According to Microsoft, there is no impact of deleting deployments that are in a terminated state.
Information on resource group limits can be found on:
https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#resource-group-limits
Rubrik CDM Version 5.0 User Guide Cloud instance management 463
Chapter 14
Amazon EC2 Instance Backup
This chapter describes how to protect and manage the data in Amazon EC2 instances.
Overview ............................................................................................................... 465
Amazon EC2 instance protection .............................................................................. 465
Configuring an AWS account and user...................................................................... 467
Adding an AWS account .......................................................................................... 470
Managing an existing AWS account .......................................................................... 472
Assigning an SLA to an Amazon EC2 instance ........................................................... 473
Excluding EBS volumes ........................................................................................... 473
Taking an on-demand snapshot ............................................................................... 474
Restoring Amazon EC2 instance snapshots ............................................................... 475
Downloading files or folders from snapshots ............................................................. 476
Rubrik CDM Version 5.0 User Guide Amazon EC2 Instance Backup 464
Amazon EC2 Instance Backup
Overview
Rubrik clusters enable the management and protection of Amazon Elastic Compute Cloud (Amazon
EC2) instances.
Table 95 describes the data management and protection features that a Rubrik cluster provides for
Amazon EC2 instances.
Table 95 Data management and protection provided for Amazon EC2 instances
Feature Description
Amazon EC2 instance Takes snapshots of Amazon EC2 instances.
backup
Indexing Enables file search and download within snapshots of Amazon EC2
instances.
Restore to different region Enables restoring an Amazon EC2 instance snapshots to regions other than
their original region.
Note: Amazon EC2 instances created by using a disk deployed from the AWS Marketplace do not
support indexing.
Protecting Amazon EC2 instances requires the AWS credentials for the account that owns the
instances.
Automatic protection
A Rubrik cluster provides automatic protection of Amazon EC2 instances through inheritance of
the SLA Domain assigned to a parent object.
The automatic protection mechanism simplifies assigning protection to large numbers of Amazon
EC2 instances and provides an easy method to uniformly assign specific SLA Domains to groups of
functionally similar Amazon EC2 instances.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
During SLA Domain assignment, the Rubrik cluster displays the objects that have individual
assignments which conflict with the new assignment. For each conflicting object, the Rubrik
cluster permits an administrator to choose to retain the individual setting or apply the new setting.
Rubrik CDM Version 5.0 User Guide Amazon EC2 instance protection 466
Amazon EC2 Instance Backup
! IMPORTANT
In the next step, pay close attention to the JSON formatting, including opening and
closing braces and brackets.
Rubrik CDM Version 5.0 User Guide Configuring an AWS account and user 467
Amazon EC2 Instance Backup
Rubrik CDM Version 5.0 User Guide Configuring an AWS account and user 468
Amazon EC2 Instance Backup
7. (Optional) For an Amazon EC2 instance that contains encrypted volumes, add the following
section immediately following the “Statement”: [ line:
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:Encrypt",
"kms:GenerateDataKey",
"kms:ReEncryptTo",
"kms:DescribeKey",
"kms:CreateGrant",
"kms:ReEncryptFrom"
],
"Resource": [
"arn:aws:kms:<region>:<accountId>:key/<keyId>",
"arn:aws:kms:<region>:<accountId>:key/<keyId>"
]
},
Enter the correct region, account ID, and key ID for each encrypted volume in the “Resource”:
section.
8. Click Review Policy.
9. In Name, type a name for the policy.
10.(Optional) In Description, type a description for the policy.
11.Click Create policy.
AWS creates the security policy and returns to the policy list page.
Rubrik CDM Version 5.0 User Guide Configuring an AWS account and user 469
Amazon EC2 Instance Backup
Rubrik CDM Version 5.0 User Guide Adding an AWS account 470
Amazon EC2 Instance Backup
Note: Searching for a file within a cloud native snapshot and file-level recovery from a cloud
native snapshot require indexing.
8. (Optional) Move the slider to the right to enable indexing for a region.
9. (Optional) For each region with indexing enabled, select a VPC ID, Subnet ID, and Security
Group ID.
Note: The Rubrik cluster must be able to connect to instances in the selected VPC. Verify that
ports 2002 is open.
10.Click Add.
The Rubrik cluster connects to the AWS account and fetches a list of the Amazon EC2 instances in
the specified regions. The Rubrik cluster refreshes this list every 180 minutes. The Instances tab
displays the following summary information about the Amazon EC2 instances associated with the
AWS accounts that are added to the cluster:
Table 96 : Amazon EC2 Instance summary information
Column Description
Instance ID The unique identifier of the instance.
Instance Name The instance name.
Instance Type The Amazon EC2 type of the instance
Account The account that owns the instance.
Region The region of the instance.
SLA Domain The name of the SLA protecting the instance.
Assignment Specifies whether the SLA was assigned directly or inherited
from an account-wide SLA.
To search for a specific instance, enter a search string in the ‘Search by Name or Instance ID’ field.
To filter the list of instances by region, assigned SLA, or SLA assignment type, select a filter from
the drop-downs at the top right of the list.
Rubrik CDM Version 5.0 User Guide Adding an AWS account 471
Amazon EC2 Instance Backup
Rubrik CDM Version 5.0 User Guide Managing an existing AWS account 472
Amazon EC2 Instance Backup
Rubrik CDM Version 5.0 User Guide Assigning an SLA to an Amazon EC2 instance 473
Amazon EC2 Instance Backup
Note: To go directly to the page for a specific Amazon EC2 instance, type the name of the
instance in the search box on the top bar of the Rubrik CDM web UI and select the instance
from the results list.
Rubrik CDM Version 5.0 User Guide Taking an on-demand snapshot 474
Amazon EC2 Instance Backup
Rubrik CDM Version 5.0 User Guide Restoring Amazon EC2 instance snapshots 475
Amazon EC2 Instance Backup
Rubrik CDM Version 5.0 User Guide Downloading files or folders from snapshots 476
Chapter 15
File Systems
This chapter describes how to protect and manage the data in the file systems of Linux, Unix, and
Windows hosts, and for NAS shares.
Overview ............................................................................................................... 478
Rubrik Backup Service software ............................................................................... 481
Host management .................................................................................................. 488
NAS host management............................................................................................ 491
Filesets .................................................................................................................. 494
Host filesets and share filesets................................................................................. 503
Storage array integration......................................................................................... 506
Backup scripts for Linux, Unix, or Windows hosts ...................................................... 507
Local host pages and local share pages .................................................................... 509
Data recovery from a host fileset or share fileset....................................................... 513
Full Volume Protection for Windows ......................................................................... 520
Unmanaged data .................................................................................................... 528
Overview
A Rubrik cluster provides management and protection of file system data for supported Linux,
Unix, and Windows hosts, and for NAS shares. For Linux and Windows hosts, the supported
operating systems can be running on physical hardware or on a supported virtual machine. For
Unix, the supported operating systems can be running on physical hardware.
Table 97 describes the data management and protection features that a Rubrik cluster provides for
file systems.
Table 97 Data management and protection provided for file systems
Feature Description
Filesets Define the data to manage and protect by specifying paths, path segments,
and file types to include, exclude and exempt from exclusion.
Valid fileset path statements must begin with one of the following:
• Slash (/)
• Backslash (\)
• A single uppercase or lower case alpha character followed immediately by
a colon. For example, C:, e:, and so forth
Use wildcard characters to represent one or more characters in a path or path
segment.
Multiple filesets per host Refine protection by creating several different filesets for a host and assigning
each host fileset to an individually selected SLA Domain.
Filesets stored on Pure Back up filesets stored on Pure Storage FlashArray volumes on AIX hosts.
Storage volumes on AIX
hosts
SLA Domains Protect host filesets with the same SLA Domain functionality that is provided
for other workload types, including SLA rules and policies.
Backup indexing Backup indexes data from a host fileset during ingest. This enables full file
level search and browse of the backed up data when it is on the local Rubrik
cluster, on the replication target, or at the archival location.
Replication Assign a host fileset to an SLA Domain that has a replication policy and the
data backed up from that fileset is replicated according to that policy.
Archiving Assign a host fileset to an SLA Domain that has an archival policy and the
data backed up from that fileset is archived according to that policy.
Restore to original location Search or browse the indexed host fileset backup to find and restore files and
folders to the original location on the source host.
Export to a new location Search or browse the indexed host fileset backup to find and export files and
folders to a known host running the same operating system variant (Linux,
Unix, or Windows), or NAS type.
The file system data protection work flow for NAS shares is:
1. Add the NAS host to the Rubrik cluster.
2. Add the NAS share to the Rubrik cluster.
3. Create a fileset that defines the data to protect.
4. Assign the fileset to the NAS share.
5. Assign the share fileset to an SLA Domain.
Open files
The operating system of the host determines how a Rubrik cluster handles files that are open at
the time of a fileset backup.
For Linux and Unix hosts, the Rubrik cluster backs up open files in the open state. Files that are
backed up in an open state can potentially be inconsistent.
For Windows hosts, the Rubrik cluster uses the Volume Shadow Copy Service (VSS). When the
Rubrik cluster successfully uses VSS, open files are backed up in a consistent state. When the
Rubrik cluster is unable to successfully use VSS, open files are not included in the backup.
Direct Archive
The protection of very large data sources can make challenging requirements on the storage of a
Rubrik CDM cluster. Because Direct Archive makes use of large-scale external archival storage,
snapshot replication is unavailable for data objects that use Direct Archive. The indexed metadata
for directly archived data objects is stored on the Rubrik cluster. The availability of the indexed
metadata enables the use of Rubrik CDM search and reporting features.
Direct Archive is available for Windows, Linux, and NAS filesets that are protected by an SLA that
specifies an archival location. The Rubrik CDM cluster does not apply the local retention settings of
the SLA to filesets that use Direct Archive. Archival consolidation is a best practice for optimizing
the storage use at the archival location. See Enabling archival consolidation for details.
Note: The Rubrik cluster does not require the Rubrik Backup Service to protect data on NAS
shares.
The Rubrik Backup Service software can be downloaded directly from the Rubrik cluster when it is
needed, or the software can be downloaded once and pushed to hosts that are protected by that
cluster, as needed.
For Windows, the Rubrik cluster uses the same Rubrik Backup Service software for both file
system protection and protection of SQL Server databases.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 481
File Systems
! IMPORTANT
The Rubrik Backup Service software can only be used with the Rubrik cluster from which
the software is obtained. Each Rubrik cluster generates a copy of the Rubrik Backup Service
software that includes authentication information specific to that Rubrik cluster. This
method ensures that the Rubrik cluster and a hosted deployment of the Rubrik Backup
Service can reliably authenticate each other.
Rubrik provides automatic upgrade of the Rubrik Backup Service software as part of a general
upgrade of the Rubrik cluster software. After upgrading the Rubrik cluster software, the Rubrik
cluster automatically upgrades the Rubrik Backup Service software on all protected hosts.
Obtaining the Rubrik Backup Service software through the Rubrik CDM web UI
Obtain the Rubrik Backup Service software from the Rubrik CDM web UI of the Rubrik cluster.
The Rubrik Backup Service software can only be used with the Rubrik cluster from which it is
obtained.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
• For Linux, AIX, or Solaris, click Servers & Apps > Linux & Unix Hosts.
The Linux & Unix Hosts tab of the Linux & Unix Hosts page appears.
• For Windows, click Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. Click the button that is appropriate for the host operating system.
• For Linux, AIX, or Solaris, click Add Hosts.
The Add Hosts dialog appears.
• For Windows, click Add Windows Hosts.
The Add Windows Hosts dialog appears.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 482
File Systems
4. In the text of the dialog, click the link that is appropriated for the host operating system.
• For Linux distributions that support the RPM package manager, click rpm.
• For Linux distributions that support the Debian Package package manager, click deb.
• For AIX 6.1, click 6.1.
• For AIX 7.1, click 7.1.
• For AIX 7.2, click 7.2.
• For Solaris 10 or 11, click tar.gz.
• For Windows, click Rubrik Backup Service.
A browser-specific dialog appears to enable saving the package file.
5. Save the file to a temporary location.
Next task — Install the connector software on hosts.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 483
File Systems
Note: If sudo access is unavailable, log in as root to run the package manager command.
• For Linux distributions that support the RPM package manager, run:
sudo rpm -i rubrik-agent.x86_64.rpm
• For Linux distributions that support the Debian Package package manager, run:
sudo dpkg -i rubrik-agent.x86_64.deb
• for AIX 6.1, run:
sudo rpm -ivh rubrik-agent-aix6.1.pcc.rpm
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 484
File Systems
Note: The Rubrik Backup Service software can also be push installed on multiple hosts using
automation software, such as Puppet or Chef.
Next task — Add the hosts that are running the Rubrik Backup Software to the Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 485
File Systems
! IMPORTANT
When installing the Rubrik Backup Service software, the security certificate file must be
in the same folder as the Windows Installer Package.
3. Using an account that is a member of the local Administrators group, run the Windows Installer
Package.
The Windows Installer Package installs the Rubrik Backup Service software and incorporates
the security certificate into the installation.
The Rubrik Backup Service software can also be push installed on multiple Windows hosts
using automation software, such as Puppet or Chef.
4. (Optional) Change the account used to run the Rubrik Backup Service.
Account used to run the Rubrik Backup Service on a Windows host describes the account
requirements.
Note: The default LocalSystem account does not provide sufficient privileges to permit the
Rubrik Backup Service to access data on network shares.
Next task — Add the Windows hosts that are running the Rubrik Backup Software to the Rubrik
cluster.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 486
File Systems
Note: Removing the Rubrik Backup Service from a host also removes the connection between the
host and the Rubrik cluster. The Rubrik cluster designates any retained host filesets as relics. Use
the Snapshot Retention page to manually manage the relics, as described in Retention
Management.
Note: If sudo access is unavailable, log in as root to run the package manager command.
• For Linux and AIX distributions that support the RPM package manager:
sudo rpm -e rubrik-agent
• For Linux distributions that support the Debian Package package manager:
sudo dpkg -P rubrik-agent
The package manager removes the Rubrik Backup Service software. The Rubrik cluster designates
any retained host filesets as relics.
Note: Removing the Rubrik Backup Service from a host also removes the connection between the
host and the Rubrik cluster. The Rubrik cluster designates any retained host filesets as relics. Use
the Snapshot Retention page to manually manage the relics, as described in Retention
Management.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 487
File Systems
Note: Removing the Rubrik Backup Service from a Windows host also removes the connection
between the Windows host and the Rubrik cluster. The Rubrik cluster designates any retained host
filesets as relics. Use the Snapshot Retention page to manually manage the relics, as described in
Retention Management.
1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog appears.
3. Type appwiz.cpl, and press OK.
The Uninstall or change a program window appears.
4. Right-click Rubrik Backup Service, and click Uninstall/Change.
5. Follow the prompts to remove the application.
The uninstaller removes the Rubrik Backup Service software. The Rubrik cluster designates any
retained host filesets as relics.
Host management
After installing the Rubrik Backup Service software on a Linux, Unix, or Windows host, add the
host to the Rubrik cluster.
Adding a host to the Rubrik cluster establishes a secure connection between the Rubrik cluster
and the Rubrik Backup Service that is running on the host. After the host is added, an entry for the
host appears in the Rubrik CDM web UI.
The Rubrik cluster identifies the host by an IPv4 address or a resolvable hostname. When the
value that is used to identify a host changes, edit the host information on the Rubrik cluster to
reflect the new value.
To stop managing the data on a host, delete the host from the Rubrik cluster. Deleting a host
removes that host from the Linux & Unix Hosts tab or the Windows Hosts tab. A removed host
cannot be paired with a fileset and cannot be a target of an export. The Rubrik cluster moves the
existing host filesets of the removed host and all associated backups to the Snapshot Retention
page.
Adding a host
To begin managing and protecting a Linux, Unix, or Windows host, add the host to the Rubrik
cluster.
Before you begin — Obtain and install the Rubrik Backup Service software on each host that will
be added.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
• For Linux, AIX, or Solaris, click Servers & Apps > Linux & Unix Hosts.
The Linux & Unix Hosts tab of the Linux & Unix Hosts page appears.
• For Windows, click Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. Click the button that is appropriate for the host operating system.
• For Linux, AIX, or Solaris, click Add Hosts.
The Add Hosts dialog appears.
• For Windows, click Add Windows Hosts.
The Add Windows Hosts dialog appears.
4. In IPs or Hostnames, type a comma-separated list of IPv4 addresses or resolvable
hostnames for the hosts being added.
The list can contain a mix of IPv4 addresses and hostnames. The Rubrik cluster requires one
IPv4 address or one hostname for each host being added.
Linux and Unix hosts must be added in the Add Hosts dialog. Windows hosts must be added in
the Add Windows Hosts dialog.
5. Click Add.
The Rubrik cluster checks connectivity with the specified hosts and adds the hosts.
The Linux & Unix Hosts tab of the Linux & Unix Hosts page appears.
• For Windows, click Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. Click the selection box next to the host.
4. Open the ellipsis menu, and select Edit.
The Edit Linux & Unix Host or the Edit Windows Host dialog appears. The dialog provides the
address or hostname that the Rubrik cluster has stored for the host.
5. Delete the existing information and type the new address or hostname.
The typed value must be an IPv4 address or a resolvable hostname.
6. Click Update.
The Rubrik cluster checks connectivity using the new host information and stores the information.
Removing a host
Delete a Linux, Unix, or Windows host from the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
• For Linux, AIX, or Solaris, click Servers & Apps > Linux & Unix Hosts.
The Linux & Unix Hosts tab of the Linux & Unix Hosts page appears.
• For Windows, click Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. Click the selection box next to a host.
4. Open the ellipsis menu, and select Delete.
A warning dialog appears.
5. Click Delete.
The Rubrik cluster removes the host from the Linux & Unix Hosts tab or the Windows Hosts tab.
The Rubrik cluster moves all the existing filesets for the host to the Snapshot Retention page.
The Rubrik cluster retains the backups and archival backups for filesets on the Snapshot Retention
page for the length of time specified by the retention SLA. The Rubrik cluster removes a host
fileset from the Snapshot Retention page when all the backups associated with the host fileset
have been manually deleted.
Deleting snapshots for a data source describes how to manually delete the backups that are
associated with a fileset on the Snapshot Retention page.
Rubrik CDM Version 5.0 User Guide NAS host management 491
File Systems
Note: For Isilon appliances configured with multiple access zones, configure each zone as a
separate host.
Note: If the hostname or IPv4 address entered in step 5 is the hostname or IPv4 address of
the system zone, this step is optional.
15.(Optional, Isilon with multiple access zones using a release of the OneFS API prior to version 8)
Enter the name of the non-system zone associated with the system zone in the Non-System
Zone Name field.
Rubrik CDM Version 5.0 User Guide NAS host management 492
File Systems
Rubrik CDM Version 5.0 User Guide NAS host management 493
File Systems
Filesets
A fileset defines a set of files and folders on a host or NAS share. The Rubrik cluster uses the
filesets that are assigned to a host or share to determine the data to manage and protect.
To specify the folders and files that are included in a fileset, type values into the Include, Exclude,
and Do Not Exclude fields. The Rubrik cluster can apply several different types of rules to several
different types of values.
Table 102 describes the rules that apply to fileset descriptions for all host types.
Table 103 describes the rules that apply to fileset descriptions for specific host types.
Table 104 describes the types of values that the Rubrik cluster accepts for fileset descriptions.
Example 15 and Example 16 provide examples that uses several different types of values.
Table 100 Fileset fields common to all host types
Field Required Description
Include Yes Comma-separated set of full path descriptions, path segments, and file
types, to include in the data specified by the fileset. Requires at least one
entry.
Exclude No Comma-separated set of full path descriptions, path segments, and file
types, to exclude from the data specified by the Include field.
Do Not Exclude No Comma-separated set of full path descriptions, path segments, and file
types, to exempt from the exceptions specified by the Exclude field. Paths
and files specified by this field will not be excluded from the data specified
by the Include field. Requires at least one value in Exclude.
Enable Backup of Linux, Unix, For Linux and Unix hosts, this option appears when Follow
Hidden Folders and NAS Network Shares is selected, and is enabled by default.
For Linux and Unix hosts, and for NAS, clear this setting to
exclude hidden folders from the fileset.
Note: On a Windows host, the Rubrik cluster backs up all hidden
files and system files that are within a fileset description.
Enable Pre/Post Scripts Linux, Unix, Select to configure a script to run before the backup and a script
and to run after the backup.
Windows
a. The mount or mount.cifs command can include the ‘nocase’ option. This option causes case insensitive path
name matching for the paths on the network share. Fileset rules applicable to a network share with the
‘nocase’ option should account for the case insensitivity.
Example 15 Linux or Unix fileset with Include, Exclude, and Do Not Exclude
A Linux or Unix fileset is specified with the following values:
Include: /usr/local/**, /home/**
Exclude: /usr/local/tmp, /home/tmp, *.mov
Do Not Exclude: /home/tmp/logs/**, company*.mp4
The fileset defines the following protection rules:
• Protect the folder /usr/local and all that it contains, excluding the folder /usr/local/tmp and
its subfolders, and excluding any file with a filename that ends in .mov, but including any files
in /usr/local/tmp or its subfolders that have a filename that starts with company and ends
with .mp4.
• Protect the folder /home and all that it contains, excluding the folder /home/tmp and its
subfolders, and excluding any file with a filename that ends in .mov, but including the contents
of /home/tmp/logs and all of its subfolders and including any files in /home/tmp or its
subfolders that have a filename that starts with company and ends with .mp4.
Creating a fileset
Create a fileset to define a set of data in a file system. A fileset can be assigned to a host to
protect the data set specified by the fileset on that host.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
• Servers & Apps > Linux & Unix Hosts.
The Linux & Unix Hosts tab of the Linux & Unix Hosts page appears.
• Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
• Servers & Apps > NAS Shares.
The Shares tab of the NAS Shares page appears.
3. Click Filesets.
The Filesets tab appears.
4. Click Add Fileset.
The Add Fileset dialog appears.
5. In Fileset Name, type a unique name for the fileset.
6. (NAS shares only) In Share Type, select either NFS or SMB.
7. In Include, type a comma-separated list of values.
Fileset fields, rules, and value types provides information about acceptable values and how the
Rubrik cluster interprets the values.
8. (Optional) In Exclude, type a comma-separated list of values.
The Rubrik cluster uses the values in Exclude to determine which folders and files to remove
from the fileset defined by the Include values.
9. (Optional) In Do Not Exclude, type a comma-separated list of values.
The Rubrik cluster uses the values in Do Not Exclude to determine which folders and files to
include back into the fileset from the folders and files removed based on the values in Exclude.
10.(Linux and Unix only) (Optional) Select Follow Network Shares.
Select to have the Rubrik cluster include in the fileset network shares that are mounted on the
Linux or Unix host.
11.(Linux, Unix, and NAS) In Enable Backup of Hidden Folders, do one of the following:
• Select to include hidden folders in the fileset.
• Clear to exclude hidden folders from the fileset.
For Linux and Unix hosts, this field only appears when Follow Network Shares is selected.
12.(Linux, Unix, and Windows) (Optional) Click Enable Pre/Post Scripts, and complete the
following fields:
• (Optional) Type a path to a script in Pre-Backup Script Path
• (Optional) Enable Cancel Backup if Pre-Backup Script Fails
• (Optional) Type a path to a script in Post-Backup Script Path
Backup scripts for Linux, Unix, or Windows hosts provides information about these fields.
13.Click Add.
The Rubrik cluster creates and stores the fileset.
Editing a fileset
Edit a fileset to change the set of data that the fileset defines. The Rubrik cluster applies the
changes to the fileset backups that are created after the change.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
• Servers & Apps > Linux & Unix Hosts.
The Linux & Unix Hosts tab of the Linux & Unix Hosts page appears.
• Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
• Servers & Apps > NAS Shares.
The Shares tab of the NAS Shares page appears.
3. Click Filesets.
The Filesets tab appears.
4. (Linux, Unix, and Windows) Select a fileset entry, open the ellipsis menu at the top of the page,
and select Edit.
5. (NAS) Open the ellipsis menu next to a fileset entry, and select Edit.
The Edit Fileset dialog appears.
Rubrik CDM Version 5.0 User Guide Host filesets and share filesets 503
File Systems
5. Select an existing fileset, or click the blue + icon to create a new fileset.
Creating a fileset describes how to create a new fileset. After creating a new fileset, the
Manage Protection dialog appears again. Select the new fileset.
6. Click Next.
The Manage Protection dialog changes to show the second step of the task indicated in the
task flow at the top of the dialog: Assign SLA.
7. Select an existing SLA Domain, or click the blue + icon to create a new SLA Domain.
Creating a custom SLA Domain describes how to create a new SLA Domain. After creating a
new SLA Domain, the Manage Protection dialog appears again. Select the new SLA Domain.
8. (Optional) To enable Direct Archive for the fileset, select Direct Archive.
Direct Archive is only available when the fileset is assigned to an SLA that specifies an archival
location.
9. Click Finish.
The Rubrik cluster creates the selected host filesets or share filesets and assigns them to the
selected SLA Domain.
Rubrik CDM Version 5.0 User Guide Host filesets and share filesets 504
File Systems
5. Select the fileset to use for the on-demand backup, and click Next.
The Take On Demand Snapshot dialog changes to show the second step of the task indicated
in the task flow at the top of the dialog: Assign SLA.
6. Select an SLA Domain.
The Rubrik cluster uses the rules and policies of the selected SLA Domain to manage the
on-demand snapshot. The selected SLA Domain can be different from the SLA Domain that
protects the associated host fileset or share fileset.
To manually manage the on-demand snapshot through the Snapshot Retention page, select
Forever.
7. Click Take On Demand Snapshot.
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log
tracks the status of the on-demand backup task. The Rubrik cluster manages the snapshot based
on the rules and policies of the selected SLA Domain.
Rubrik CDM Version 5.0 User Guide Host filesets and share filesets 505
File Systems
Note: Using an alternate backup host for file ingestion frees up resources on the primary host.
Filesets that use array integration differ from regular filesets in that the Rubrik cluster ingests files
from a storage array snapshot mounted at the primary host or an alternate backup host, rather
than from the original file system.
Note: A fileset’s logical volumes must belong to volume groups whose physical volumes map to
storage array volumes.
1. In the Rubrik CDM web UI, on the left-side menu, click Servers & Apps > Linux & Unix
Hosts.
2. Select the host from the list.
The host can be the primary host or an alternate backup host.
3. Click Manage Protection.
The Manage Protection dialog box appears.
4. Click the blue plus icon to create a new fileset to apply to this host.
5. In the Fileset Name field, enter a name for the fileset.
Rubrik CDM Version 5.0 User Guide Storage array integration 506
File Systems
6. Click the slider switch for Array Snapshots to indicate that the fileset is stored in a storage
array.
7. In the Include field of the Rules section, provide a comma-separated list of the mount points
for all logical volumes to be protected.
Get the mount points by opening a terminal window and entering lsvg -l
<volume_group_name>
8. (Optional) Click Enable Pre/Post Scripts and specify paths to the scripts.
9. (Optional) Choose whether to cancel the backup if the pre-backup script fails.
10.Click Add.
Note: The Rubrik cluster does not require a post-backup script with a pre-backup script; however,
a post-backup script cannot be specified without a pre-backup script.
The pre-backup script and the post-backup script can consist of any sequence of operations that
can be run by the command line interpreter of the host operating system. On a Windows system,
for example, the script filename must have the .cmd or .bat extension, and the Windows
command line interpreter, cmd.exe, must be able to execute the script.
The Rubrik cluster associates host scripts with a fileset. This way, a different set of pre-backup and
post-backup scripts can be assigned to each fileset that is assigned to a host. The Rubrik cluster
applies the script settings of a fileset to all the hosts that are paired with the fileset.
Note: By default, a backup is performed whether the pre-backup script finishes successfully or
not.
Rubrik CDM Version 5.0 User Guide Backup scripts for Linux, Unix, or Windows hosts 507
File Systems
In addition, the Rubrik cluster can be configured to run a post-backup script on the host after a
backup finishes successfully. If the backup does not complete successfully, the Rubrik cluster does
not run the post-backup script.
If the backup is set to occur whether or not the pre-backup script passes (the default behavior),
consider creating a post-backup script to handle the case where the pre-backup script fails.
To override the default behavior so the backup is only performed if the pre-backup script is
successful, enable Cancel Backup if Pre-Backup Script Fails.
Note: Pre-backup and post-backup script support does not apply to NAS hosts.
Before you begin — Create a pre-backup script and, optionally, a post-backup script. Place the
scripts at the same full path location on each host that is associated with the script settings of the
fileset.
1. Open the Add Fileset dialog or the Edit Fileset dialog by starting the task of creating or editing
a fileset.
• Creating a fileset describes how to create a fileset
• Editing a fileset describes how to edit a fileset
2. Click Enable Pre/Post Scripts.
The script fields appear.
3. In Pre-Backup Script Path, type the full path for the pre-backup script.
The full path is relative to the root of a Linux or Unix host file system or to the specified drive
letter of a Windows file system.
4. (Optional) Select Cancel Backup if Pre-Backup Script Fails.
When Cancel Backup if Pre-Backup Script Fails is selected, the Rubrik cluster only runs a
backup when the pre-backup script finishes with a zero exit status.
5. (Optional) In Post-Backup Script Path, type the full path for the post-backup script.
The full path is relative to the root of a Linux or Unix host file system or to the specified drive
letter of a Windows file system.
6. Complete the other fields on the dialog, and click Add or Update.
Rubrik CDM Version 5.0 User Guide Backup scripts for Linux, Unix, or Windows hosts 508
File Systems
The Rubrik cluster stores the information and runs the scripts for all subsequent backups of hosts
that are paired with the fileset. The Rubrik cluster provides entries in Notifications for any errors
that occur when running the scripts.
Rubrik CDM Version 5.0 User Guide Local host pages and local share pages 509
File Systems
Total Snapshots Total number of retained backups for the filesets of the host or share, including both the
local Rubrik cluster and any archival location.
Missed Snapshots Number of policy-driven backups that did not complete successfully for the filesets of
the host or share. A missed backup is included in the count until the period since the
SLA Domain policy required the backup exceeds the retention period of the SLA
Domain.
Rubrik CDM Version 5.0 User Guide Local host pages and local share pages 510
File Systems
Filesets card
The Filesets card in the local view provides the information that is described in Table 106.
Table 106 Filesets card in the local view
Field Description
Name Name of the fileset. Click the name to open the fileset view for that fileset.
SLA List of the SLA Domains that are protecting the fileset. When an entry is abbreviated,
hover over the entry to see the full value in a tool tip. Click an entry to open the SLA
Domain page.
Includes List of the values in Include for the fileset. When an entry is abbreviated, hover over the
entry to see the full value in a tool tip.
Excludes List of the values in Exclude for the fileset. When an entry is abbreviated, hover over the
entry to see the full value in a tool tip.
Do Not Exclude List of the values in Do Not Exclude for the fileset. When an entry is abbreviated, hover
over the entry to see the full value in a tool tip.
Snapshots card
The Snapshots card provides the ability to browse the backups that reside on the local Rubrik
cluster and on the archival location.
In the local view, the Snapshots card shows the backups for all filesets of the host or share. In the
fileset view, the Snapshots card shows only the backups for the selected fileset.
The Snapshots card provides access to backup information through a series of calendar views.
Each view uses color spots to indicate the presence of backups on a date and to indicate the
status of SLA Domain compliance for that date.
The Snapshots card also provides the ability to search for files across all the backups of the filesets
or fileset in the current view.
Table 107 lists the colors that the Snapshots card uses and describes the status that each color
represents.
Table 107 Status colors used on the calendar views
Color Status
Green All backups required by SLA Domain policy were successfully created.
Orange All backups required by SLA Domain policy were successfully created but at least one backup
caused a warning.
Red At least one backup required by SLA Domain policy was not successfully created.
Rubrik CDM Version 5.0 User Guide Local host pages and local share pages 511
File Systems
Table 108 describes the calendar views available on the Snapshots card.
Table 108 Calendar views on the Snapshots card
View Description
Year The Year view displays backup creation information for an entire year. A color spot indicator on a
specific date indicates backup activity, and displays the SLA Domain compliance status for that
day.
Month The Month view displays backup creation information for an entire month. A color spot indicator on
a specific date indicates backup activity, and displays the SLA Domain compliance status for that
day.
Day The Day view displays the individual backups that were created on the selected day.
Total Snapshots Total number of retained backups for the selected host fileset, including both the local
Rubrik cluster and any archival location.
Missed Snapshots Number of policy-driven backups that did not complete successfully. A missed backup
is included in the count until the period since the SLA Domain policy required the
backup exceeds the retention period of the SLA Domain.
Rubrik CDM Version 5.0 User Guide Local host pages and local share pages 512
File Systems
Rubrik CDM Version 5.0 User Guide Data recovery from a host fileset or share fileset 513
File Systems
5. On the Snapshots card, type the name of the file or folder in the search field.
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file
and folder pathnames.
A search matches the string of characters entered in the search field with the same string in
any portion of the pathname of a folder or file. Continue to type characters until the file or
folder appears in the results.
6. Select the file or folder.
The Choose Version dialog appears.
7. Find a file or folder version to recover.
Next task — Restore or export the file or folder version.
Rubrik CDM Version 5.0 User Guide Data recovery from a host fileset or share fileset 514
File Systems
Note: To restore an entire fileset, use the browse method to find and select a specific backup of
the host fileset or share fileset.
1. Open the ellipsis menu for the selected data, and select Restore.
The selected data can be a file, a folder, or a complete fileset.
The Restore dialog appears.
2. Choose where to restore the data.
• Select Overwrite original to restore the folder or file to the original location, replacing the
existing source file, folder, or fileset data.
• Select Restore to separate folder to restore the file, folder, or fileset data to another
folder on the source host. This option does not replace the existing folder or file.
3. (Restore to separate folder only) In Folder Name, type the full path for a folder on the source
host.
Note: Do not type the original path of the source folder or file. When Restore to separate
folder is selected, the object cannot be restored to a folder that contains an object of the
same name.
The restore path must exist on the source host. The Rubrik cluster will create a specified target
folder but will not create intermediary folders on the specified path.
Rubrik CDM Version 5.0 User Guide Data recovery from a host fileset or share fileset 515
File Systems
Export path
When a backup copy of a file, folder, or fileset is exported, the Rubrik cluster writes the exported
data to a location on the target host.
The location where the data is written consists of the path on the target that is provided through
the Export Path value combined with the path of the exported object relative to the root of the
backup.
The path specified in Export Path must already exist on the target. The Rubrik cluster will create
the rest of the path, starting at the specified Export Path value, if it does not already exist.
For a Linux or Unix host, or for a NAS share (NFS), the root directory can be specified by a single
forward slash character.
For a Windows host, the root directory of a drive can be specified by the drive letter, a colon, and
a backslash. For example, specify the root of the ‘D’ drive with:
D:\
For a NAS share (SMB), the root directory of the share can be specified by a single backslash
character.
Example 17, Example 18, and Example 19 provide examples of the final target location for exports
to a Linux or Unix host, a Windows host, and a NAS share (SMB).
Rubrik CDM Version 5.0 User Guide Data recovery from a host fileset or share fileset 516
File Systems
Rubrik CDM Version 5.0 User Guide Data recovery from a host fileset or share fileset 517
File Systems
Rubrik CDM Version 5.0 User Guide Data recovery from a host fileset or share fileset 518
File Systems
Note: To export an entire fileset, use the browse method to find and select a specific backup of
the host fileset or share fileset.
1. Open the ellipsis menu for the selected data, and select Export.
The selected data can be a file, a folder, or a complete fileset.
The Export dialog appears and lists the available export targets.
2. In the Name section, select a host or share.
3. In Export Path, type the full path for a folder on the selected host or share.
The folder must already exist. The Rubrik cluster writes the exported data into the specified
folder.
In the path description, use the directory delimiter for the type of operating system. For Linux,
Unix, and NAS (NFS), use a forward slash: /. For Windows and NAS (SMB), use a backslash: \.
4. Click Export.
The Rubrik cluster writes the selected data to the export target at the location indicated by the
export path. The Activity Log tracks the status of the task.
Rubrik CDM Version 5.0 User Guide Data recovery from a host fileset or share fileset 519
File Systems
Rubrik CDM Version 5.0 User Guide Full Volume Protection for Windows 520
File Systems
Note: Volumes can only be restored an identical or later OS. For example, Windows Server 2012
R2 volumes cannot be restored to a Windows Server 2008 R2 host.
Before you begin. Add the Windows host to the Rubrik cluster using the procedure in Adding a
host.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears, listing the Windows hosts on the
Rubrik cluster.
3. Select the selection box next to a host.
4. Click Manage Protection.
The Manage Protection dialog box appears with the first step of the task indicated in the task
flow at the top of the dialog box: Volumes & Filesets.
5. Click Volumes.
6. Select the volumes to protect.
The selected volumes are collectively referred to as a volume group. To search for a specific
volume, enter a string in the Search by Name field.
7. Click Next.
The task flow at the top of the Manage Protection dialog box updates to the next step: SLA.
The dialog box displays a list of available SLAs.
8. (Optional) To create a new SLA, click the blue + icon.
Follow the procedure in Creating a custom SLA Domain.
Rubrik CDM Version 5.0 User Guide Full Volume Protection for Windows 521
File Systems
Note: Hosts running Windows Server 2008R2 must have Microsoft patch KB3033929 installed
before installing the VFD.
Rubrik CDM Version 5.0 User Guide Full Volume Protection for Windows 522
File Systems
The Take On Demand Snapshot dialog box appears with the first step of the task indicated in
the task flow at the top of the dialog box: Volumes or Files.
5. Click Volumes.
6. Select the volumes to protect.
The selected volumes are collectively referred to as a volume group. To search for a specific
volume, enter a string in the Search by Name field.
7. Click Next.
The task flow at the top of the Take On Demand Snapshot dialog box updates to the next step:
SLA. The dialog box displays a list of available SLAs.
8. (Optional) To create a new SLA, click the blue + icon.
Follow the procedure in Creating a custom SLA Domain.
9. Select an SLA for the volume group from the list.
The SLA applies to each volume in the volume group. To search for a specific SLA, enter a
string in the Search SLA domains field.
10.Click Finish.
The selected volume group is protected as a VHD. The Rubrik cluster adds the specified
on-demand backup to the task queue. The Activity Log tracks the status of the on-demand backup
task. The Rubrik cluster manages the snapshot based on the rules and policies of the selected SLA
Domain.
Live mounting a volume group on a host with Windows and the RBS installed
When a Windows host has the Rubrik Backup Service (RBS) installed, a snapshot of the protected
volume group can be live mounted to the host for access to the volumes.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. In the Name column, click a host name.
The Overview, Snapshots, and Status cards appear for that host.
Rubrik CDM Version 5.0 User Guide Full Volume Protection for Windows 523
File Systems
Rubrik CDM Version 5.0 User Guide Full Volume Protection for Windows 524
File Systems
The ZIP file contains the scripts and utilities described in Table 110.
Table 110 Windows volume group recovery tools
Item name Description
readme.txt Basic instructions for use
WinPEImageCreation/CreateWinPEImage.ps1 Utility to create the bootable WinPE image
BMR/VolumeDataCopy.exe Block copy utility
BMR/RubrikBMR.ps1 Restore script for hosts without Windows installed
BMR/ForeignDiskImport.bat Component of RubrikBMR.ps1
BMR/modules/BMROperations.psm1 Component of RubrikBMR.ps1
BMR/modules/DiskOperations.psm1 Component of RubrikBMR.ps1
BMR/modules/DiskpartOperations.psm1 Component of RubrikBMR.ps1
BMR/modules/VHDOperations.psm1 Component of RubrikBMR.ps1
Restoring the volume group on a host with Windows installed without RBS
A host with a supported Windows OS installed restores a volume group through the OS
functionality.
Before you begin — Download the Windows recovery tools using the process described in
Downloading the Windows recovery tools.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. In the Name column, click a host name.
The Overview, Snapshots, and Status cards appear for that host.
4. In the Snapshots calendar, select a date with a snapshot.
The list of snapshots for that date appears.
5. Click the ellipsis next to the volume group to restore.
6. Click Mount.
The Mount Snapshot dialog box appears.
7. Select the volumes in the volume group to restore and click Next.
A list of Window hosts appears.
Rubrik CDM Version 5.0 User Guide Full Volume Protection for Windows 525
File Systems
Note: Only volume groups with a volume that contains a supported Windows OS installation can
be restored to a host without a Windows OS installed. The license for the OS being restored must
be available during this process.
Before you begin — Creating the WinPE image requires a computer with a licensed installation of
the Windows Server operating system that is 2012 R2 or later. The computer must have the
Windows Assessment and Deploment Kit (ADK) installed. Download the Windows ADK from
https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install. The WinPE image
Rubrik CDM Version 5.0 User Guide Full Volume Protection for Windows 526
File Systems
can be used to restore volume groups from any supported operating system version. Determine
the SMB path of the mounted snapshot of the volume group to restore using the procedure
described in Restoring the volume group on a host with Windows installed without RBS.
1. Copy the BMR and WinPEImageCreation folders to the C:\ drive of the Windows Server
computer.
2. Change to the C:\WinPEImageCreation folder.
3. Run the following command to create the image:
.\CreateWinPEImage.ps1 -version 10 -isopath C:\WinPEISO -utilitiespath
C:\BMR
The WinPE image is created in the C:\WinPEISO directory.
Note: The value of the ‘-version’ parameter is the version of the Windows ADK. The version of
the ADK installed on a system is the name of the folder in C:\Program Files (x86)\Windows
Kits\.
Rubrik CDM Version 5.0 User Guide Full Volume Protection for Windows 527
File Systems
The restore script connects to the SMB shares and copies the data from the volume group
snapshot to the specified volumes on the host.
Unmanaged data
Manage file system data that is not subject to a retention policy through the Snapshot Retention
page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as
unmanaged snapshot objects. Unmanaged snapshot objects can be managed through the
Snapshot Retention page of the Rubrik CDM web UI.
Retention Management describes the Snapshot Retention page and how to perform tasks with
unmanaged snapshot objects.
This chapter describes how to protect and manage data from Oracle databases.
Overview ............................................................................................................... 530
Adding Oracle hosts and discovering Oracle databases .............................................. 542
Assigning an SLA Domain to a host or database........................................................ 543
Backing up databases ............................................................................................. 545
Backing up logs ...................................................................................................... 546
Exporting databases................................................................................................ 547
Exporting tablespaces ............................................................................................. 548
Live mounting an Oracle database ........................................................................... 549
Creating an on-demand snapshot............................................................................. 551
Performing an instant recovery ................................................................................ 552
Overview
A Rubrik cluster provides backup, recovery and data management for Oracle databases. Rubrik
provides a fully automated backup solution that performs all the necessary tasks end-to-end on its
own.
Rubrik supports both standalone and Real Application Cluster (RAC) deployments of Oracle. Rubrik
clusters auto-discover and protect databases on a standalone Oracle host or RAC.
Apply an SLA Domain policy to the standalone Oracle host or RAC to protect all databases on the
standalone Oracle host or RAC. An SLA Domain policy can also be applied to individual databases.
Based on the SLA Domain policy assigned, the Rubrik cluster processes Oracle database
snapshots, manages retention, storage, replication, and archiving of the snapshots.
Rubrik cluster protects Oracle databases by making use of RMAN incremental merge methodology.
The smallest unit to which Rubrik can apply an SLA Domain is the database. The more granular
tablespaces can be recovered but not individually protected. Oracle records transactions in redo
logs before committing them into the database. Oracle archives these redo logs periodically.
Rubrik then backs up these archived redo logs to enable point-in-time recovery.
Rubrik exports one NFS share for each RMAN channel. Each NFS share is exported from a different
Rubrik cluster node.
For optimal performance, Rubrik recommends setting two channels per node. Depending on the
number of datafiles in the database and the distribution of data across datafiles, adjust the
number of channels per node.
Table 111 describes the data protection and management that a Rubrik cluster provides for Oracle
databases.
Table 111 Data management provided for Oracle databases (page 1 of 2)
Feature Description
Automatic discovery • After installing the Rubrik Backup Service (RBS) software on a
standalone Oracle host or on all nodes of an Oracle RAC cluster, RBS
automatically discovers all running database instances.
• RBS provides this information to the Rubrik cluster and the Oracle
objects appear in the Rubrik CDM web UI.
Automatic upgrade When a new version of the RBS software is available, the Rubrik cluster
automatically upgrades the software on all Oracle hosts and RAC nodes.
SLA Domains • Assign SLA Domains to any discovered Oracle host, RAC, or database.
• If an SLA Domain is assigned to an Oracle host or RAC, all databases
on that host or RAC inherit the SLA Domain.
• SLA retention governs database backup retention.
Requirements
A Rubrik cluster provides data protection and management for Oracle databases when specific
requirements are met.
Table 112 describes the system requirements for Oracle database data protection and
management.
Table 112 System requirements for Oracle databases
Requirement Description
RMAN Rubrik uses RMAN to perform backup and recovery of Oracle. The required
RMAN scripts are generated automatically.
Shared storage For RAC, only shared storage configuration is supported. Archived redo logs
must also be on shared storage.
Storage system • Oracle data files on an Oracle supported file system
• Oracle data files on Automatic Storage Management (ASM) is only
supported on RAC.
• Back up and restore Oracle data files on a storage system to the same
storage system type, such as file system to file system, ASM to ASM.
Maximum user processes • Set the minimum value of maxuproc to 16384.
Information on how to add an Oracle host or node and discover Oracle objects can be found in
Adding Oracle hosts and discovering Oracle databases.
Database backup
Database backups on a Rubrik cluster use incremental merge. Through NFS, RMAN reads the
previous snapshot and applies the new changes to form a new snapshot.
Make sure the following are available:
Make sure the database is in the OPEN or MOUNTED state.
Enable ARCHIVEDLOGMODE on the source databases.
Information on how to configure database and archived redo log backups can be found in Backing
up databases and Backing up logs.
Rubrik supports two export options. An automated export restores the database files and recovers
the database. Rubrik creates and starts the database instance, and updates the oratab file. A
database-managed export only restores the database files and exposes the RMAN script to recover
the database. The following prerequisites must be observed:
RBS is installed on the discovered RAC, standalone server, or RAC nodes. Register the RAC,
standalone server, or the nodes of the RAC cluster with the Rubrik cluster.
Export a RAC database to a RAC, a standalone host to another standalone host, and ASM
storage to ASM storage.
The source and target must have the same $ORACLE_HOME and the same Oracle version.
For RAC export, the oratab file must have the ASM configuration for the RAC.
Take a snapshot of the Oracle database and logs as described above, and make note of the
Rubrik snapshot ID.
Install RBS and register the target host. Make note of the target host ID. For RAC make sure to
install the backup agent on all the nodes.
Ensure that there is no instance on the target host with the same SID. The export script checks
if there is any instance with the same SID running on the target host. The exported database is
created with the same database name and database SID.
Ensure that there is enough memory on the target host to run the database and perform
recovery.
Information on how to export an Oracle database can be found in Exporting databases.
Tablespace recovery
Rubrik supports recovery of a single independent tablespace of a database from the backups. The
recovery is restored back to the source.
To trigger a tablespace recovery, select a snapshot or any point-in-time point access from the
available range. Export of tablespaces automatically restores the tablespace to the selected point
in time.
The Rubrik cluster mounts the snapshot on the selected standalone Oracle host or RAC with the
name of source standalone Oracle host or RAC, connects the recovered standalone Oracle host or
RAC to the network, and powers up the standalone Oracle host or RAC.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster
records the final result of the task in the Activities Log. The Rubrik cluster lists the recovered
Oracle database on the Live Mounts page of the Rubrik CDM web UI.
The instantly recovered Oracle database derives protection from parent objects. When the
recovered Oracle database does not derive protection from any parent objects, add it to an SLA
Domain. To protect it using the same SLA rules and policies as the source Oracle database, add
the recovered Oracle database to the original SLA Domain. Or, add the recovered Oracle database
to another SLA Domain.
Information on how to perform an instant recovery can be found in Performing an instant
recovery.
RMAN channels
A Rubrik cluster protects and manages RMAN backups of Oracle databases. The Rubrik cluster
uses the NFS protocol to export each channel of a database instance. For each database instance,
the Rubrik cluster can share multiple NFS exported channels, normally one from each node of the
Rubrik cluster.
Table 114 provides recommendations for the components that are involved in the Rubrik CDM
protection of Oracle databases.
Table 114 Recommendations for Oracle database protection (page 1 of 2)
Component Recommendation Additional information
Oracle database Database size cannot be greater To perform internal data format
than half the size of the available conversions after a database snapshot,
space on the Rubrik cluster. the Rubrik cluster needs available space
that is two times the size of the database
snapshot. The Rubrik cluster reclaims and
reuses the space after the patching
operation is complete.
Oracle database archived Back up the archived redo logs Backing up archived redo logs and control
redo logs and control files and control files for a database. files to a separate database instance
allows you to configure SLA policies for
those files that are different from the SLA
policies that are configured for the
database.
Configuration workflow
To enable protection and management of backups of Oracle databases, complete the configuration
workflow in the order specified. The configuration workflow involves tasks on the standalone
Oracle host or RAC and on the Rubrik cluster.
Complete the tasks in the order specified in this workflow. Each workflow stage references a
detailed task, complete the steps in a task before moving to the next stage in the workflow.
1. Install Rubrik Backup Service (RBS) on the Oracle server or all nodes of the RAC clusters.
Rubrik Backup Service software describes how to do this.
2. Add an Oracle host to the Rubrik cluster and discovering Oracle databases.
Adding Oracle hosts and discovering Oracle databases describes how to do this.
3. Assign SLA Domain to discovered Oracle hosts or databases.
Assigning an SLA Domain to a host or database and Assigning RMAN channels to nodes
describe how to do this.
4. Back up databases and logs.
Backing up databases and Backing up logs describe how to do this.
5. Export of databases and tablespace recovery.
Exporting databases and Exporting tablespaces describes how to do this.
Before you begin — Install RBS on the Oracle server or all node of the RAC clusters.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click Add Hosts/Nodes.
The Add Hosts/Nodes page appears.
4. (Optional) If RBS has not been installed on the host yet, click rpm or deb to download the
appropriate RBS, as described in Rubrik Backup Service software.
5. In IPs or Hostnames, enter an IP or a hostname to identify the connected host.
Use commas to separate multiple IP addresses or hostnames.
6. In Oracle User, type a name for the user.
This Oracle User name is required when the DBA user is not the default “oracle”.
7. Click Add.
The Rubrik cluster saves the configuration and the new Oracle host appears on the Hosts/Clusters
page. The OCI library discovers the databases which appear in the All DBs page.
6. (Optional) Click Clear Existing Assignment to assign selected objects and their contents to
the SLA Domain of the next higher level object.
7. (Optional) Click Do Not Protect to exclude the selected objects from further SLA Domain
assignments.
8. (Optional) Click Overwrite default log backups, type a value in Log Backup Frequency
(Minutes) and Log Backup Retentions (Days).
9. Click Submit.
The Rubrik cluster saves the settings and begins managing the snapshots of the Oracle host or
database instance.
Backing up databases
Protect databases by assigning an SLA Domain to the standalone Oracle host or RAC or to the
database instances. Derived assignment provides a way to uniformly manage and protect those
databases.
A derived assignment applies to the databases that exist at the time of the assignment and to
databases that are added after the assignment.
Before you begin — Do the following:
Install the RBS on the standalone Oracle host or RAC of the database.
Add the standalone Oracle host or RAC to the Rubrik cluster.
Ensure that the database is in the OPEN or MOUNTED state.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters tab of the Oracle DBs page appears.
3. Click the selection box next to a host.
Select multiple hosts to apply the same SLA Domain protection to databases on all of the
selections.
4. Click Manage Protection.
The Manage Protection dialog box appears.
5. Select one of the default SLA Domains to assign to the host.
Alternatively, search for a specific SLA Domain and assign it to the host.
6. (Optional) Click Do Not Protect to enable the Rubrik cluster to stop creating policy-driven
snapshots set individually for this host.
7. (Optional) In Log Backup Frequency, type an integer value.
Type an integer value from 5 to 99. The integer value sets the number of minutes between
backups of the archived redo log. This value overrides the default log backup frequency value.
8. (Optional) In Log Backup Retention, type an integer value.
The integer value sets the number of days to retain the archived redo log.
9. From the left-side menu, click Advanced Settings.
10.In Number of RMAN Channels, type an integer.
Normally, type the same number as the number of nodes in the Rubrik cluster.
Changing the number of channels assigned will trigger a new full backup.
Backing up logs
Create archived redo log backup of a database that protects records that were written to the
archived redo log after the most recent archived redo log backup.
RMAN can also selectively apply archived redo logs and recover to any point in time.
Before you begin — Do the following:
Install the Rubrik Backup Service software on the Windows Server host of the database.
Add the standalone Oracle host or RAC to the Rubrik cluster.
Manage and protect at least one database.
Ensure that ARCHIVEDLOGMODE is enabled on the database. RMAN does not take backups if
this mode is disabled.
Successfully complete at least one snapshot of the database.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click All DBs.
The All Databases page appears.
4. In the Name column, click the name of a database.
The Local page for the database appears.
5. Click Take Log Backup.
A notification regarding the backup job being scheduled appears.
The Rubrik cluster adds the specified log backup to the task queue. The Activity Log tracks the
status of the log backup task.
Exporting databases
Rubrik restores databases by exporting a copy of a selected recovery point of a database to an
Oracle database instance on the same standalone Oracle host or RAC or on another known
standalone Oracle host or RAC.
Rubrik cluster only allows the export of a database for discovered RAC, standalone server, nodes,
or databases.
Before you begin — Do the following:
Manage and protect at least one database.
Restore permission on the host, the Oracle host or RAC, and databases.
RBS is installed on the desired target host or all nodes of the RAC cluster.
For RAC, the oratab file must have ASM configuration configured for the RAC.
Register the target host and RAC cluster nodes on the Rubrik cluster. If only a subset of RAC
clusters are registered, the export will be successful. However, only the registered instances
will have running instances registered with the exported database.
Successfully complete at least one snapshot of the database.
Ensure that there is enough disk space on the target host for recovery.
Ensure that the target has enough memory to run the database.
(Optional) To export a recovery point that is between snapshots, successfully complete log
backups that cover the recovery point period.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click All DBs.
The All Databases page appears.
4. In the Name column, click the name of a database.
The Local page for the database appears, with the Recovery Points card showing the month
view.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates that at least one successful snapshot was created on that day.
The Recovery Points card displays the Day view.
Exporting tablespaces
Rubrik restores tablespaces by exporting them in-place on the same database.
To trigger a tablespace recovery, select a snapshot or any point-in-time point access from the
available range. Rubrik cluster restores tablespaces in-place only to the same database.
Before you begin — A database must be set to “ARCHIVELOGMODE” before attempting a
tablespace recovery. Otherwise, the recovery will fail.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click All DBs.
The All DBs tab appears.
This chapter describes how to protect and manage data from Microsoft SQL Server databases.
Overview ............................................................................................................... 554
Rubrik Backup Service software ............................................................................... 557
Windows Server hosts ............................................................................................. 562
SQL Server databases ............................................................................................. 564
SQL Change Block Tracking ..................................................................................... 570
Recovery Points card page ...................................................................................... 572
Database recovery .................................................................................................. 573
Windows Server Failover Clustering.......................................................................... 580
Always On Availability Groups .................................................................................. 587
Unmanaged data .................................................................................................... 589
Rubrik CDM Version 5.0 User Guide SQL Server Databases 553
SQL Server Databases
Overview
A Rubrik cluster provides data management and protection for Microsoft SQL Server databases. A
Rubrik cluster can manage and protect SQL Server databases that are configured to use the Full
recovery model, Bulk-logged recovery model, or the Simple recovery model.
For a database that uses the Full recovery model or the Bulk-logged recovery model, the Rubrik
cluster performs policy-driven VSS snapshots of the database and frequent interim backups of the
transaction log. The combination of a snapshot of the database and transaction log backups,
permits granular restore of a database to a specified recovery point.
For a database that uses the Simple recovery model, the Rubrik cluster performs policy-driven
snapshots of the database. The snapshots permit recovery of the database to its state at the time
of a snapshot.
Table 115 describes the data management and protection that a Rubrik cluster provides for SQL
Server databases.
Table 115 Data management provided for SQL Server databases (page 1 of 2)
Feature Description
Physical and virtual instances The Rubrik cluster supports SQL server databases running on physical
installations of Windows Server, and on guest OS installations of Windows
Server that are running in a virtual environment.
Windows Server Failover The Rubrik cluster supports SQL server databases running on a WSFC
Clustering instances of SQL Server.
Full, Bulk-logged, and Simple The Rubrik cluster provides protection for Full recovery model, Bulk-logged
recovery models recovery model, and Simple recovery model databases.
Automatic discovery After installing the Rubrik Backup Service software on a Windows Server,
Rubrik connector automatically discovers all instances of SQL Server and
all SQL Server databases on the Windows Server. Rubrik connector
provides this information to the Rubrik cluster and the objects appear in the
Rubrik CDM web UI.
Automatic upgrade When new versions of the Rubrik Backup Service software are available,
the Rubrik cluster automatically upgrades the software on all Windows
Server hosts.
SLA Domains SLA Domains provide simplified management of SQL Server database
protection. Setting the snapshot frequency and retention, snapshot window,
replication policy, and archival policy for a database can be accomplished
by assigning the database to an SLA Domain.
Derived protection Databases can derive SLA Domain protection through an SLA Domain
assignment made to the SQL Server database or the Windows Server
host. Databases added at a later date automatically derive the protection of
the parent entity.
Table 115 Data management provided for SQL Server databases (page 2 of 2)
Feature Description
Configurable log backups For any database, the log backup frequency setting can be derived from
the system defaults, or the log backup frequency and retention can be
configured through an SLA Domain assignment. Log backups can also be
disabled entirely.
Copy Only backups When a database is assigned to an SLA Domain, Copy Only backups can
be specified for that database.
Source-side compression The Rubrik Backup Service compresses the data from SQL Server
database backups before sending the data to the Rubrik cluster.
Replication Based on SLA Domain policy, snapshots and transaction log backups can
be replicated to another Rubrik cluster.
Archiving Based on SLA Domain policy, snapshots and transaction log backups can
be archived to a supported archival location.
Point in time recovery A database can be recovered from a snapshot or to a point in time between
snapshots. The Rubrik cluster returns the recovered database to the state it
was in at the time specified by the user.
VDI The Rubrik cluster fully supports the Microsoft Virtual Device Interface
(VDI) API for transaction log backup and restore operations. However, VDI
requires that the agent performing backups or restores have sysadmin
privileges on the server. Sites that choose to not grant this level of privilege
to the Rubrik agent will use the pre-4.1 local staging mechanism for
transaction log backup backup and restore mechanism.
Point in time export A database can be exported to another SQL Server database of the same
version or higher, on the same Windows Server host or on another
Windows Server host. Export of the database can be based on a snapshot,
or on a snapshot combined with transaction log backups.
Group snapshots On-demand snapshots are available for SQL Server hosts or instances,
creating individual snapshots of all the databases on the host or instance.
Group snapshots are also available for multiple databases from different
SQL Server hosts or instances. When snapshots are grouped in this way,
the count of incoming snapshots is the number of snapshot groups, rather
than the number of individual snapshots.
To recover to a selected point in time, the Rubrik cluster uses two pieces of information:
Last snapshot created before the selected point in time
Log backups created between the time of the snapshot and the selected point in time
The Rubrik cluster first recovers the database from the snapshot. Then the Rubrik cluster unrolls
and applies the contents of the logs until the selected point in time is reached.
The closer that the snapshot is to the selected point in time, the shorter the recovery time
objective (RTO) that is achieved by the process. To minimize RTO, assign a database to an SLA
Domain with frequent snapshots.
Live Mount
A Live Mount creates a new database from a point-in-time copy of the source database. The
Rubrik cluster provides a Samba share of the new database directly from the Rubrik cluster
storage layer.
A Live Mount database can be attached to an SQL Server database on any Windows Server host
that is running the Rubrik Backup Service. Transmissions between the Rubrik cluster and the host
of the Live Mount are secured by end-to-end encryption.
Using Live Mount to access a copy of a database can significantly reduce the RTO for the
database. A Live Mount database cannot be protected through the Rubrik cluster.
Requirements
A Rubrik cluster provides data management and protection for SQL Server databases when
specific requirements are met.
Table 116 describes the system requirements for SQL Server database data management and
protection.
Table 116 System requirements for SQL Server databases
Requirement Description
Operating system Refer to the Rubrik Compatibility Matrix for current version support.
Database management system Refer to the Rubrik Compatibility Matrix for current version support.
Windows service SQL Server VSS Writer (running)
Network protocol TCP/IP or Shared Memory protocol enabled for each SQL Server
database
Note: The Rubrik CDM Compatibility Matrix lists supported source version and target version for
export of SQL Server database snapshots by Rubrik CDM software.
! IMPORTANT
The Rubrik Backup Service software can only be used with the Rubrik cluster from which
the software is obtained. Each Rubrik cluster generates a copy of the Rubrik Backup Service
software that includes authentication information specific to that Rubrik cluster. This
method ensures that the Rubrik cluster and a hosted deployment of the Rubrik Backup
Service can reliably authenticate each other.
Rubrik provides automatic upgrade of the Rubrik Backup Service software as part of a general
upgrade of the Rubrik cluster software. After upgrading the Rubrik cluster software, the Rubrik
cluster automatically upgrades the Rubrik Backup Service software on all protected Windows
Server hosts.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 557
SQL Server Databases
Figure 9 shows a domain user account ‘rubrik.svc’ that is a member of the local Administrators
group and shows that the Rubrik Backup Service is configured to run as the domain user account
‘rubrik.svc’.
Figure 9 Domain user account in local Administrators group
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 558
SQL Server Databases
Table 117 Role requirements for the Rubrik Backup Service account (page 2 of 2)
Level Task Permission
SQL Server Metadata collection • VIEW_SERVER_STATE
database • VIEW_ANY_DEFINITION
Databases Database backup db_backupoperator
Databases Optional db_denydatareader
Note: Do not set db_denydatareader as a database
role for the ‘master’ database or the ‘msdb’
database.
Figure 10 shows the assignment of the required roles in Microsoft SQL Server 2012 using SQL
Server Management Studio.
Figure 10 Assigning server-level roles and database-level roles
Figure 11 shows the assignment of the ‘View server state’ and ‘Alter any database’ permissions,
which are required for the account used by the Rubrik Backup Service.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 559
SQL Server Databases
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 560
SQL Server Databases
! IMPORTANT
The Windows installer package and the security certificate must be in the same folder on
the Windows Server host during installation of the software.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service software 561
SQL Server Databases
Rubrik CDM Version 5.0 User Guide Windows Server hosts 562
SQL Server Databases
Rubrik CDM Version 5.0 User Guide Windows Server hosts 563
SQL Server Databases
Rubrik CDM Version 5.0 User Guide SQL Server databases 564
SQL Server Databases
5. Click Update.
The Rubrik cluster updates the default frequency and applies the new setting to log backups for
databases that use the default value.
Rubrik CDM Version 5.0 User Guide SQL Server databases 565
SQL Server Databases
Rubrik CDM Version 5.0 User Guide SQL Server databases 566
SQL Server Databases
Rubrik CDM Version 5.0 User Guide SQL Server databases 567
SQL Server Databases
4. Select a parent object or a database by clicking the selection box next to the object.
• Select a Windows Server host to remove the derived SLA Domain assignments for all SQL
Server databases and databases on that host.
• Select a SQL Server database to remove the derived SLA Domain assignments for all
databases on that instance.
• Select a database to individually remove the SLA Domain assignment of that database.
Select multiple objects in any of these groups to remove the SLA Domain assignment for all
databases covered by the selected group.
5. Click Manage Protection.
A warning appears.
6. Click Continue Anyway.
The Manage Protection dialog box appears.
7. Select No SLA.
8. Click Submit.
The Rubrik cluster removes the SLA Domain assignments for all databases within the selection
group. Databases within the selection group that have unexpired snapshots appear on the
Unmanaged Objects page.
Rubrik CDM Version 5.0 User Guide SQL Server databases 568
SQL Server Databases
Rubrik CDM Version 5.0 User Guide SQL Server databases 569
SQL Server Databases
Rubrik CDM Version 5.0 User Guide SQL Change Block Tracking 570
SQL Server Databases
The disadvantage to enabling CBT is the filter driver tracks changes as they occur, which might
reduce IOPS on the database.
Rubrik CDM Version 5.0 User Guide SQL Change Block Tracking 571
SQL Server Databases
Overview card
The Overview card on the Recovery Points card page for a database provides general protection
management information for the database.
Table 118 describes the information provided by the Overview card.
Table 118 Overview card on the Recovery Points card page
Field Description
Windows Host The FQDN or IPv4 address of the Windows Server that is the host of the SQL
Server database that manages the database.
SQL Instance The name assigned to the SQL Server database that manages the database.
SLA Domain The name of the SLA Domain that manages the protection of the database.
Recovery Model Type of recovery model that controls how the transactions of the database are
logged, either: Full or Simple.
Oldest Recovery Point Timestamp of the oldest retained recovery point for the database.
Latest Recovery Point Timestamp of the most recent retained recovery point for the database.
Local Storage Amount of storage on the Rubrik cluster that is occupied by data from the
database.
Missed Snapshots Number of policy-driven snapshots that did not complete successfully. A missed
snapshot is counted until the period since the SLA Domain policy required the
snapshot exceeds the retention period of the SLA Domain.
Rubrik CDM Version 5.0 User Guide Recovery Points card page 572
SQL Server Databases
Database recovery
The Rubrik cluster provides recovery of a database through snapshots of the database. When
transaction logs for the database have been backed up, the Rubrik cluster also provides the ability
to recover the database to any point in time that is within the backed up data.
For each protected database, and for each database on the Unmanaged Objects page, the Rubrik
cluster provides a Recovery Points card. Use the Recovery Points card to select a recovery point
and to start the recovery process.
A database can be exported as a new database from a recovery point on the Recovery Points card.
The export can be to the same SQL Server database or to another SQL Server database on any
known Windows Server host.
A database recovery point on the Recovery Points card can be used to create a Live Mount. Live
Mounts are shared directly from the Rubrik storage layer over the SMB/CIFS protocol.
Note: The Live Mount feature does not support SQL Server databases that use filestreams or
in-memory tables.
Note: The Rubrik cluster can back up SQL Server system databases, such as: ‘master’, ‘model’,
and ‘msdb’, but backups of these system databases cannot be directly restored from the Rubrik
cluster. System database backups can be exported or created as Live Mounts.
Recovering a database
Restore a selected database to a specific recovery point.
Before you begin — Do the following:
Protect at least one database.
Successfully complete at least one snapshot of the database.
(Optional) To restore to a recovery point between snapshots, successfully complete log
backups that include the recovery point.
Note: The SQL Server system databases, such as: ‘master’, ‘model’, and ‘msdb’, cannot be directly
restored from the Rubrik cluster. Use Export or Live Mounts to recover data from backups of those
system databases.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates that at least one successful snapshot was created on that day.
The Recovery Points card displays the Day view.
6. Move the Recovery point slider to select a recovery point.
To select a snapshot, move the slider to a snapshot indicator or click the snapshot indicator
dot. The selected time icon changes.
To selected recovery point other than a snapshot time, move the slider to choose that time.
The time appears in the time field and the selected time icon changes. Alternatively, type a
specific time into the time field.
7. Open the ellipsis menu and select Restore.
The restore option does not appear when the database is one of the system databases: master,
model or msdb.
The Restore Database dialog box appears.
8. (Optional) Select Keep database in Restoring state.
When selected, this option exports the database with the SQL Server NORECOVERY option.
The NORECOVERY option prevents roll back, and allows roll forward to continue.
9. Click Restore.
The Rubrik cluster replaces the existing database with a copy of the database from the selected
recovery point. When the recovery point is between snapshots, the Rubrik cluster uses the log to
bring the database from the closest prior snapshot to the selected recovery point.
Note: Live Mount is not supported with SQL Server 2008 databases or with SQL Server databases
that use filestreams or in-memory tables.
Force Unmount
Use Force Unmount to remove the Live Mount entry and the associated storage and metadata
from the Rubrik cluster, when a normal unmount cannot be completed.
A normal unmount can be prevented by:
A lost connection with the host of a Live Mount.
Manually deleting the Live Mount database from the SQL Server database.
When this occurs, use Force Unmount to remove all storage and metadata for the database from
the Rubrik cluster.
Exporting a database
Export a copy of a selected recovery point of a database to a SQL Server database on the same
Windows Server host or on another known Windows Server host.
Before you begin — Do the following:
Manage and protect at least one database.
Successfully complete at least one snapshot of the database.
(Optional) To export a recovery point that is between snapshots, successfully complete log
backups that cover the recovery point period.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
The All DBs tab appears.
To work with the unmanaged snapshots for a database that is listed on the Unmanaged
Objects page, On the left-side menu, click Unmanaged Objects. Then, continue with the
following steps from the Unmanaged Objects page instead of the SQL Server DBs page.
4. In the Name column, click the name of a database.
The Local page for the database appears, with the Recovery Points card showing the month
view.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates that at least one successful snapshot was created on that day.
The Recovery Points card displays the Day view.
6. Move the Recovery point slider to select a recovery point.
To select a snapshot, move the slider to a snapshot indicator or click the snapshot indicator
dot. The selected time icon changes.
To selected recovery point other than a snapshot time, move the slider to choose that time.
The time appears in the time field and the selected time icon changes. Alternatively, type a
specific time into the time field.
7. Open the ellipsis menu and select Export.
The Export Database dialog box appears.
8. In Host, select a Windows Server host for the exported database copy.
9. Click Next.
The second view of the Export Database dialog box appears.
10.In Name, select a SQL Server database.
The Export Database dialog box shows only the SQL Server databases on the selected
Windows Server host that are a SQL Server version that is qualified to receive the exported
database.
11.In Exported Database Name, type a name for the exported database recovery point.
12.In Export Path, select a method for providing the export paths.
Choose:
• Default Method to provide a single path for the data files and a single path for the log files.
• Advanced Method to provide a separate path for each of the database files. The Rubrik
cluster assigns a logical name to each file and lists each file with a logical name and a path
entry field.
The specified export path cannot point to existing database files. If the specified export path
does not exist, the Rubrik cluster creates it.
Each export path must point to a location that has sufficient free storage to accommodate the
data files. The Rubrik cluster checks the available space before exporting the data.
The specified location must be accessible by the selected SQL Server database.
13.(Default Method only) In Data Files Export Path, type a full path on the selected Windows
Server host.
During the export task, the Rubrik cluster places the data files for the database recovery point
at the specified location.
14.(Default Method only) In Logs Files Export Path, type a full path on the selected Windows
Server host.
During the export task, the Rubrik cluster configures the database to store the database
transaction logs at the specified location.
15.(Advanced Method only) Type a full path for each logically named file in the text entry field
next to each logical name.
The path must be a full Windows path including a valid drive letter, or a valid UNC path for a
network share.
16.(Optional) Select Keep database in Restoring state.
When selected, this option exports the database with the SQL Server NORECOVERY option.
The NORECOVERY option prevents roll back, and allows roll forward to continue.
! IMPORTANT
Selecting this option can result in data loss.
18.Click Export.
The Rubrik cluster exports the database recovery point to the selected SQL Server database.
! IMPORTANT
For the account running the Rubrik Backup Service, the View server state permission
must be explicitly enabled at the server scope level for each SQL Server database in the
FCI.
Failover events
A Rubrik cluster handles WSFC failover events automatically.
Rubrik CDM Version 5.0 User Guide Windows Server Failover Clustering 580
SQL Server Databases
When an active WSFC node fails and a secondary WSFC node becomes the active node, the Rubrik
Backup Software detects the failover and communicates the change to the Rubrik cluster. The
Rubrik cluster automatically continues to manage and protect the databases in the FCI through
the new active WSFC node.
The Rubrik cluster continues to provide for each database in the FCI:
Same SLA Domain protection
Access to existing backup history
Access to existing backups
! IMPORTANT
Add all WSFC nodes to the Rubrik cluster to ensure continuous protection of SQL Server
databases in the event of a failover. The Rubrik cluster cannot protect the databases of a
SQL Server database when the active instance is on a WSFC node that has not been
added to the Rubrik cluster.
The list can contain both IPv4 addresses and hostnames. The Rubrik cluster requires one IPv4
address or one resolvable hostname for each Windows Server host.
Rubrik CDM Version 5.0 User Guide Windows Server Failover Clustering 581
SQL Server Databases
8. Click Add.
The Rubrik cluster checks connectivity with the Rubrik Backup Service on each specified Windows
Server host and adds the Windows Server hosts that are successfully connected.
The Rubrik Backup Service communicates the failover cluster information to the Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Windows Server Failover Clustering 582
SQL Server Databases
Before you begin — Add each Window Server host that is a node in the failover cluster to the
Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click Failover Clusters.
The Failover Clusters tab appears.
4. Click the selection box next to a failover cluster or a SQL Server database.
Click the name of a failover cluster to view the SQL Server databases on that failover cluster.
Select failover clusters or SQL Server databases to apply the same SLA Domain protection to
databases on all of the selections.
5. Click Manage Protection.
When a database within the selection is already assigned to an SLA Domain, a warning dialog
box appears.
Click Continue Anyway to change the existing assignment to a new selection or click Cancel
to return to the Hosts/Instances tab.
The Manage Protection dialog box appears.
6. In the SLA Domain section, select an SLA Domain.
7. (Optional) Select Take Copy Only Backups.
The Rubrik cluster will perform Copy Only backups for the policy-driven backups of the
databases in the selection group.
Selecting Take Copy Only Backups closes the Log Backup Frequency and Log Backup Retention
fields.
8. (Optional) In Log Backup Frequency, type an integer value.
Type an integer value from 5 to 99. The integer value sets the number of minutes between
backups of the transaction log. This value overrides the default log backup frequency value.
9. (Optional) In Log Backup Retention, type an integer value.
The integer value sets the number of days to retain the transaction log.
10.Click Submit.
The Rubrik cluster assigns the SLA Domain and other settings to all existing databases within the
selection group.
Rubrik CDM Version 5.0 User Guide Windows Server Failover Clustering 583
SQL Server Databases
Rubrik CDM Version 5.0 User Guide Windows Server Failover Clustering 584
SQL Server Databases
10.Click Submit.
The Rubrik cluster assigns the selected SLA Domain and the other settings to all databases within
the selection group.
Rubrik CDM Version 5.0 User Guide Windows Server Failover Clustering 585
SQL Server Databases
! IMPORTANT
When recovering an FCI database be sure that the data recovery path is within the shared
storage of the FCI.
To export a copy of a selected FCI database recovery point, complete the steps described in
Exporting a database.
Rubrik CDM Version 5.0 User Guide Windows Server Failover Clustering 586
SQL Server Databases
For details on managing these settings, consult the documentation for SQL Server.
! IMPORTANT
In order to prevent unauthorized access to database replicas, Rubrik clusters rely on the
availability groups information in the sys.availability_databases_cluster table during the
discovery process. Restrict the visibility of the group_id and group_database_id identifiers
to the smallest practicable number of people to further reduce the risk of unauthorized
access.
Rubrik CDM Version 5.0 User Guide Always On Availability Groups 587
SQL Server Databases
Rubrik CDM Version 5.0 User Guide Always On Availability Groups 588
SQL Server Databases
! IMPORTANT
For all secondary members of the AAG, select Keep database in Restoring state.
5. Add the databases back to the AAG, selecting "Join Only" for the data synchronization option.
Unmanaged data
Manage application data that is not subject to a retention policy through the Unmanaged Objects
page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as
unmanaged snapshot objects. Unmanaged snapshot objects can be managed through the
Snapshot Retention page of the Rubrik CDM web UI.
Retention Management describes the Snapshot Retention page and how to perform tasks with
unmanaged snapshot objects.
This chapter describes how to protect and manage data from SAP HANA databases.
Overview ............................................................................................................... 591
SAP HANA backup retention .................................................................................... 591
Rubrik Backup Service............................................................................................. 592
Requirements for using sap_hana_bootstrap_main.................................................... 594
Registering SAP HANA database .............................................................................. 595
Configuring Rubrik backup for SAP HANA databases.................................................. 596
Deleting the Rubrik Backup Service software ............................................................ 597
Backing up a SAP HANA database ............................................................................ 598
Restoring a SAP HANA database .............................................................................. 599
Copying a database from an external host ................................................................ 600
Restoring a database from a managed volume snapshot ........................................... 601
Pausing Backint backups ......................................................................................... 603
Resuming Backint backups ...................................................................................... 603
Rubrik CDM Version 5.0 User Guide SAP HANA Databases 590
SAP HANA Databases
Overview
A Rubrik cluster provides data management and protection for SAP HANA Databases.
HANA Studio or HANA Cockpit software from SAP can be used to initiate or schedule backup and
recovery. Internally, Rubrik uses Managed Volumes that can be assigned SLA policies, to store and
retrieve SAP HANA database backup files.
Note: More information using SAP HANA Studio or SAP HANA Cockpit can be found at:
https://help.sap.com/viewer/index
Note: Before upgrading the Rubrik Backup Service, pause any SAP HANA backups, as described in
Pausing Backint backups.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service 592
SAP HANA Databases
3. In the text of the dialog box, from Linux, click rpm.Depending on the Download settings of the
web browser, one of the following occurs:
• The browser downloads the report to the default download folder.
• The browser opens a Save As dialog box.
4. Save the file to a temporary location on the SAP HANA node for single-node deployments or on
the master node of the SAP HANA instance in the case of multi-node deployments.
Next task — Install the Rubrik Backup Service software on a SAP HANA host.
Note: If the Rubrik Backup Service has been installed with CDM 5.0 EA2, the Rubrik Backup
Service is automatically upgraded.
Before you begin — Check that the most up-to-date Linux version of the Rubrik Backup Service
software for the correct Rubrik cluster is available in a temporary location that the host can access.
1. Open a terminal session on the host.
2. Copy the software package to a temporary location on the host.
3. Change the working directory to the location of the package.
Rubrik CDM Version 5.0 User Guide Rubrik Backup Service 593
SAP HANA Databases
Rubrik CDM Version 5.0 User Guide Requirements for using sap_hana_bootstrap_main 594
SAP HANA Databases
Rubrik CDM Version 5.0 User Guide Registering SAP HANA database 595
SAP HANA Databases
Rubrik CDM Version 5.0 User Guide Configuring Rubrik backup for SAP HANA databases 596
SAP HANA Databases
The Enter comma separated S.No of databases to enable backups (0 to enable all): prompt
appears. This lists whether the databases are configured for backup.
12.Specify the databases for backups and press Enter.
For each selected database, the Data MV Size (GB) prompt appears.
13.Specify the MV Size in GB and press Enter.
For each selected database, the Log MV Size (GB) prompt appears.
14.Specify the Log MV Size in GB and press Enter.
The databases are listed, which specifies the databases configured for backup.
The setup successful message appears.
Rubrik CDM Version 5.0 User Guide Deleting the Rubrik Backup Service software 597
SAP HANA Databases
Rubrik CDM Version 5.0 User Guide Backing up a SAP HANA database 598
SAP HANA Databases
Rubrik CDM Version 5.0 User Guide Restoring a SAP HANA database 599
SAP HANA Databases
Rubrik CDM Version 5.0 User Guide Copying a database from an external host 600
SAP HANA Databases
Rubrik CDM Version 5.0 User Guide Restoring a database from a managed volume snapshot 601
SAP HANA Databases
4. Type the HANA SID, a three character ID, and press Enter.
The Enter ‘Rubrik prefix’ (This should be unique for different HANA instances using the same
Rubik cluster) prompt appears.
The Rubrik Prefix or SAP HANA SID, is a unique ID to distinguish Managed Volumes in Rubrik
cluster in case there are multiple HANA instances with same SID and containing databases with
same names using a common Rubrik cluster. The Rubrik Prefix is user generated. Use the same
Rubrik Prefix specified for SAP HANA that was used when sap_hana_bootstrap_main was run.
5. Type the Rubrik prefix and press Enter.
A series of prompts appears.
6. Press 5 to select Configure system to restore from an exported managed-volume snapshot
(press 5).
The Enter Hostname/IP of the Rubrik node prompt appears.
7. Type the Hostname or IP address of the Rubrik node and press Enter.
The Enter admin username for Rubrik cluster [admin] prompt appears.
8. Type the Rubrik cluster admin name and press Enter.
The Enter ‘admin’ password for Rubrik cluster prompt appears.
9. Type the admin password and press Enter.
The Configure system to restore from replicated cluster prompt appears.
10.Type Y for replication and N for archival.
The Do you want to restore [dbname] DB from mounted snapshot prompt appears.
11.Type Y for each database you want to restore.
A setup successful message appears.
After the sap_hana_bootstrap_main process is complete, use SAP HANA Studio or SAP HANA
Cockpit to restore the database.
Once the restore is complete, see Configuring Rubrik backup for SAP HANA databases to reset
normal backup operations.
Rubrik CDM Version 5.0 User Guide Restoring a database from a managed volume snapshot 602
SAP HANA Databases
Rubrik CDM Version 5.0 User Guide Pausing Backint backups 603
SAP HANA Databases
4. Type the HANA SID, a three character ID, and press Enter.
The Enter ‘Rubrik prefix’ (This should be unique for different HANA instances using the same
Rubik cluster) prompt appears.
The Rubrik Prefix or SAP HANA SID, is a unique ID to distinguish Managed Volumes in Rubrik
cluster in case there are multiple HANA instances with same SID and containing databases with
same names using a common Rubrik cluster. The Rubrik Prefix is user generated. Use the same
Rubrik Prefix specified for SAP HANA that was used when sap_hana_bootstrap_main was run.
5. Type the Rubrik prefix and press Enter.
A series of prompts appears.
6. Press R to select Resume for the SAP Backup.
Rubrik CDM Version 5.0 User Guide Resuming Backint backups 604
Chapter 19
Managed Volumes
This chapter describes how to protect and manage data using managed volumes.
Overview ............................................................................................................... 606
Floating IP addresses .............................................................................................. 606
Creating a managed volume .................................................................................... 608
Editing a managed volume ...................................................................................... 610
Deleting a managed volume .................................................................................... 611
Managing protection with SLA Domains .................................................................... 612
Snapshot-level protection ........................................................................................ 613
Creating user accounts for managed volumes ........................................................... 615
The managed volume local page.............................................................................. 617
Overview
Managed volumes are a generic data source that enable users to back up arbitrary data on a
Rubrik cluster. Managed volume snapshots can make use of the full range of Rubrik protection
features, including data deduplication and secure SMB Live Mounts.
Note: Encrypting application backups can lead to ineffective deduplication. Files encrypted with
different encryption keys do not trigger content-based matching.
Configuration workflow
Establishing a managed volume protected by an SLA Domain uses the workflow described in this
section. Once established, the managed volume is treated as any other protected data source.
Complete the tasks in the order specified in this workflow. Each stage references a detailed task.
Complete the steps in a task before moving to the next stage in the workflow. To use secure SMB
for live mounts of managed volumes, enable secure SMB connections using the procedure in
Secure SMB settings.
Note: Managed volumes that use the secure SMB protocol cannot map the IP address of a client
to more than one domain. A given client IP address can only access managed volumes from within
a single domain.
Floating IP addresses
Floating IP addresses must be set up before creating any managed volumes. Floating IP addresses
provide a consistent connection to the Rubrik cluster even when a cluster node becomes
unavailable.
Configure the same number of floating IP addresses as the number of nodes on the Rubrik cluster.
An equal distribution of floating IP addresses between the nodes ensures efficient distribution of
the work between the nodes.
After the floating IP addresses are configured, the Rubrik cluster assigns each node a floating IP
address. The nodes handle communication through the assigned floating IP address.
When a node cannot handle communication on its assigned floating IP address, the Rubrik cluster
assigns (floats) that address to another node. This functionality prevents disruption of data
transmission over the floating IP address and maintains the availability of the managed volumes.
Table 121 describes the requirements for floating IP addresses.
Table 121 Floating IP address requirements
Requirement Description
Number Same number of floating IP addresses as the number of nodes on the Rubrik
cluster.
Subnet Same subnet as the static data IP addresses of the Rubrik cluster.
Uniqueness Each IP address must be unique within the subnets and cannot be the same as
the management IP address or the data IP address.
Network bonding The floating IP addresses should be configured on bond0.
Note: Depending on the settings and size of the managed volume, the volume creation process
can take up to one hour.
Rubrik CDM Version 5.0 User Guide Creating a managed volume 608
Managed Volumes
Before you begin — Set up floating IP addresses for the Rubrik cluster, as described in Setting up
floating IP addresses.
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. Click Add Volume.
The Add Volume dialog appears.
4. In Volume Name, enter a name to identify the managed volume.
To simplify identification, use the name of the database being protected.
5. In Provisioned Size, type a size, in gigabytes.
The actual size allotted could be up to 15% larger as the result of an automatically applied
optimizing calculation.
6. Select a communications protocol for the managed volume.
• Select NFS to use the NFS protocol for live mounts of snapshots for this managed volume.
Note: Managed volumes that use the NFS protocol do not support NFSv4.
• Select SMB to use the secure SMB protocol for live mounts of snapshots for this managed
volume.
Note: To use secure SMB for live mounts of managed volumes, enable secure SMB
connections using the procedure in Secure SMB settings.
Note: Managed volumes that use the secure SMB protocol cannot map the IP address of a
client to more than one domain. A given client IP address can only access managed volumes
from within a single domain. Reusing a client IP as an agent-based host as part of another
domain can result in conflicts.
Rubrik CDM Version 5.0 User Guide Creating a managed volume 609
Managed Volumes
The Rubrik cluster only allows hosts that are identified in the client name patterns to mount the
shares from the managed volume and the managed volume snapshots.
When this field is empty or contains a single asterisk (*), the Rubrik cluster allows any host to
mount the shares from the managed volume.
9. (Optional, with VLAN tagging enabled) In Subnet, type a subnet mask value, in CIDR format.
For example, to use the subnet range 10.128.45.0 - 10.128.45.63, type 10.128.45.0/26.
The Rubrik cluster limits the network traffic of the managed volume to the specified subnet.
10.(Optional) In Number of Channels, type an integer.
Normally, type the same number as the number of nodes in the Rubrik cluster. The number of
managed volume channels is governed by the value of the maxChannelsPerNode configuration
setting. Based on the resources available on the node, this value can be between 4 and 32.
11.Click Add.
Note: The first snapshot taken for a managed volume might show a Data Transferred value in the
Activity Detail that is larger than the actual amount of ingested data. This is due to internal,
one-time filesystem metadata initialization, such as inode tables and extent maps.
The Rubrik cluster saves the configuration information and the new managed volume appears on
the Managed Volumes page.
Rubrik CDM Version 5.0 User Guide Editing a managed volume 610
Managed Volumes
Note: When editing managed volumes created in versions of the Rubrik CDM older than 5.0,
the actual size allotted can be up to 15% larger as the result of an automatically applied
optimizing calculation.
6. To modify client access to the managed volume, type a resolvable hostname or IPv4 address in
Client Name Patterns.
Multiple hostnames and IPv4 addresses can be added.
The Rubrik cluster only allows hosts that are identified in the client name patterns to mount the
shares from the managed volume and the managed volume snapshots.
When this field is empty or contains a single asterisk (*), the Rubrik cluster allows any host to
mount the shares from the managed volume.
7. Click Edit.
The Rubrik cluster makes the specified changes to the information for the managed volume and
performs any resizing operations in the background. The managed volume remains in the
read-only state until resizing operations complete.
Rubrik CDM Version 5.0 User Guide Deleting a managed volume 611
Managed Volumes
Rubrik CDM Version 5.0 User Guide Managing protection with SLA Domains 612
Managed Volumes
Snapshot-level protection
Individual on-demand snapshots of a managed volume can be managed using SLA policies that
are different from the associated managed volume.
For some business purposes, specific managed volume snapshots should be managed differently
from the other snapshots of the managed volume. Business requirements may be satisfied by
specifying a longer retention period, a different replication policy, or a different archival policy.
To assign SLA policies to a managed volume snapshot that are different from those assigned to the
managed volume, the snapshot must be an on-demand snapshot initiated from the Rubrik CDM
web UI. On-demand snapshots of managed volumes can be assigned SLA Domains different from
the SLA Domain set for the managed volume as a whole. These individual SLA Domain
assignments override the assignments made on the managed volume.
To set an on-demand snapshot of a managed volume as unmanaged, specify Forever at the time
the snapshot is taken. The Rubrik cluster handles a snapshot with the Forever setting as follows:
Snapshot labeled as On Demand
No automatic expiration of the snapshot
Manual expiration of the snapshot permitted
Snapshot accessible through the Unmanaged Objects page
! IMPORTANT
For managed volumes using SMB, calling either the begin_snapshot or end_snapshot API
endpoints during the process of restoring the volume causes the restore operation to end
with an error.
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. Create a user account with End User permissions for assigned objects.
3. Open the internal version of the Rubrik REST API Explorer.
Go to: https://<RubrikCluster>/docs/internal/playground/
where <RubrikCluster> is the resolvable hostname or IP address of the Rubrik cluster.
Rubrik CDM Version 5.0 User Guide Creating user accounts for managed volumes 615
Managed Volumes
Rubrik CDM Version 5.0 User Guide Creating user accounts for managed volumes 616
Managed Volumes
To limit the user account to a single managed volume, replace string with the ID assigned to
that managed volume.
17.Delete the "organizationId": "string" member from the JSON object, including the comma that
precedes the member.
Example of a completed JSON object:
{
"principals": [
"User:::a9395d52-632d-4ff2-8ac5-496cb2914543"
],
"privileges": {
"basic": [
"Global:::All"
]
}
}
18.Click Try it out.
The Rubrik REST API server processes the POST request and adds the privilege to the specified
user account. Upon success, the server returns status code 200.
Rubrik CDM Version 5.0 User Guide The managed volume local page 617
Managed Volumes
Action bar
For the selected managed volume, the action bar provides the actions described in Table 123.
Table 123 Actions available from the action bar
Action Description
Begin snapshot Sends the begin_snapshot API call to prepare the managed volume to receive
backup data.
End snapshot Sends the end_snapshot API call to return the managed volume to read-only state.
Manage Protection Opens the Manage Protection dialog to assign a managed volume to an SLA
Domain.
Overview card
The Overview card provides the information described in Table 124.
Table 124 Information available on the Overview card
Field Description
Total Snapshots Total number of retained snapshots for the selected managed volume, including
snapshots stored locally and at archival locations.
Channels The number of channels configured for the managed volume. Click View for
additional details.
Provisioned Size The amount of space that was provisioned for the managed volume.
Used Size The current amount of space used by the managed volume.
SLA Domain The name of the SLA Domain for the managed volume.
Oldest Snapshot Timestamp for the oldest snapshot associated with the managed volume.
When the SLA Domain has an active archival policy, the oldest snapshot resides at
the archival location.
Latest Snapshot Timestamps for the most recent successful snapshot of the managed volume.
Rubrik CDM Version 5.0 User Guide The managed volume local page 618
Managed Volumes
Snapshots card
For the selected managed volume, the Snapshots card provides the ability to browse the
snapshots that reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views.
Each calendar view uses color spots to indicate the presence of snapshots on a date and to
indicate the status of SLA Domain compliance for the managed volume on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the
managed volume.
Rubrik CDM Version 5.0 User Guide The managed volume local page 619
Chapter 20
Retention Management
This chapter describes how to assign retention policies to existing scheduled snapshots,
on-demand snapshots, and snapshots retrieved from an archival location. It also explains how to
delete snapshots.
Overview ............................................................................................................... 621
Snapshot Retention page ........................................................................................ 622
Working with a data source ..................................................................................... 627
Unprotecting a data source...................................................................................... 628
Changing the retention policy on an on-demand snapshot ......................................... 628
Changing the retention policy on a scheduled snapshot ............................................. 629
Deleting snapshots for a data source........................................................................ 629
Removing individual snapshots for a data source ...................................................... 630
Removing retrieved content for a database............................................................... 630
Overview
The Snapshot Retention page of the web UI displays the retention SLAs for all scheduled
snapshots associated with relic, replicated relic, or unprotected data sources. In a separate
column, it also displays the number of on-demand snapshots and retrieved snapshots combined.
To change the retention policy on an existing snapshot, or to delete a snapshot, use the features
available from the Snapshot Retention page of the web UI.
The Rubrik cluster uses SLA Domains to protect data sources, such as virtual machines,
applications, and filesets. An SLA Domain specifies schedules for creating snapshots (called the
protection policy) and how long to retain them (called the retention policy). As long as an SLA
Domain is in effect, the Rubrik cluster stores the snapshots and backups until the specified
retention period expires.
For on-demand snapshots, the retention period is specified when the job is created, either by
assigning an SLA Domain or by choosing the Forever option. If an SLA Domain is assigned, the
Rubrik cluster keeps the on-demand snapshot for the length of time specified by the maximum
retention period specified in the SLA Domain. If the Forever option is selected, the snapshot is
retained until it is manually deleted.
Once a snapshot is placed on the Snapshot Retention page, its retention period can be changed by
selecting Manage Retention.
Snapshots are included in the count on the Snapshot Retention page in the following situations:
When the status of a data source is changed from protected to unprotected.
When the SLA Domain of a data source is changed to Do Not Protect, the status of the data
source changes to Unprotected. The choices for handling existing snapshots include expire
immediately, keep forever, and assign to the current SLA Domain for retention. If snapshots are
kept forever or assigned to the current SLA Domain, they can be managed from the Snapshot
Retention page.
When a snapshot is taken on demand, independent of the schedule specified in the assigned
SLA Domain.
When the on-demand snapshot job is created, the retention period is specified by assigning an
SLA domain or by choosing Forever. If an SLA domain is assigned, the maximum retention
period from that SLA domain is applied to the snapshot. All on-demand snapshots can be
managed from the Snapshot Retention page.
When a data source is disconnected from the Rubrik cluster.
In this case, the data source becomes a relic and the originally assigned SLA Domain is no
longer in effect. Any snapshots taken before the data source was disconnected are moved to
the Snapshot Retention page, where a retention policy can be assigned.
When a snapshot resides on a replication target that is no longer associated with the
replication source.
Once the replication relationship is broken, the snapshot becomes a replication relic and is no
longer subject to the SLA Domain assigned to the replication source.
When the snapshot is retrieved from an archival location.
Information available at the data source level of the Snapshot Retention page
The data source level of the Snapshot Retention page provides information about snapshots listed
by their data sources.
Rubrik CDM Version 5.0 User Guide Snapshot Retention page 622
Retention Management
Table 125 describes the information that is available at the data source level of the Snapshot
Retention page.
Table 125 Fields at the data source level on Unmanaged Snapshots
Field Description
Name The value in the Name column depends on the type of data source:
• Virtual machine–Name of the data source virtual machine. Click a name
value to open the associated local host page.
• Application–Application reference name for the data source; for example, the
name assigned to a database. Click a name value to open the associated
Recovery Points card page.
• Fileset–Fileset name for the data source host fileset. Click a name value to
open the local host page associated with the selected fileset and host pairing.
Location The value in the Location column depends on the type of data source:
• Virtual machine–vCenter Server cluster/host path of the data source virtual
machine. Click a location value to open the Clusters/Hosts tab of the Virtual
Machines page.
• Application–IPv4 address or host name of the application host and name of
the application instance for the data source. Click a location value to open
the Hosts/Instances tab of the SQL Server DBs page.
• Fileset–IPv4 address of the host for the data source host fileset. Click a
location value to open the Hosts page.
Status Status of the data source:
• Protected–The data source is protected through an SLA Domain.
• Relic–The data source is no longer accessible to the Rubrik cluster.
• Unprotected–The data source is accessible, but the SLA domain assignment
has been changed to Do Not Protect.
• Replicated Relic–The replication target’s data source is no longer accessible
to the Rubrik cluster.
Retention SLA Name of the SLA Domain that is assigned to the data source. The Retention
SLA refers to the portion of the SLA Domain that specifies the retention policy.
Scheduled Snapshots Number of snapshots for the data source that were taken according to the
schedule in an SLA Domain that is no longer in effect.
On Number of snapshots taken on demand or retrieved from an archival location.
Demand/Downloaded
Snapshots
Local Storage Total local storage space occupied by the snapshots associated with the
selected data source.
Archive Storage Total archival storage space occupied by the snapshots associated with the
selected data source.
Rubrik CDM Version 5.0 User Guide Snapshot Retention page 623
Retention Management
Filters available at the data source level of the Snapshot Retention page
Display specific subsets of information on the data source level of the Snapshot Retention page by
applying the provided filters. For each data source that meets the filter criterion, the following
information is displayed:
The current retention SLA assigned to the data source.
The number of existing snapshots that are not subject to the current retention SLA.
The combined number of on-demand snapshots and snapshots downloaded from archival
locations.
Table 126 Fields at the object level on the Snapshot Retention page (page 1 of 2)
Field Description
Snapshot Date & Time Date and time that the snapshot was taken.
Rubrik CDM Version 5.0 User Guide Snapshot Retention page 624
Retention Management
Table 126 Fields at the object level on the Snapshot Retention page (page 2 of 2)
Field Description
Type Type of snapshot. Type can be one of the following:
• On Demand–The snapshot was created through the on-demand snapshot
process or the on-demand backup process.
• Relic–The data source of the snapshot is no longer accessible to the Rubrik
cluster.
• Retrieved–The snapshot was retrieved from an archival location.
• Unprotected–The snapshot was created through an SLA Domain policy and the
data source is no longer assigned to an SLA Domain. This type excludes
on-demand snapshots or backups that are assigned to an SLA Domain.
Retrieved snapshots and on-demand snapshots that are not assigned to an SLA
Domain are included in both Relic and Unprotected listings.
Retention SLA Name of the SLA Domain that contains the retention policy for the data source, if
the status is Protected. If the status of the data source is Unprotected, Relic, or
ReplicatedRelic, the Retention SLA refers to the name of the SLA Domain that
contains the retention policy for the Scheduled Snapshots.
Rubrik CDM Version 5.0 User Guide Snapshot Retention page 625
Retention Management
Rubrik CDM Version 5.0 User Guide Snapshot Retention page 626
Retention Management
Rubrik CDM Version 5.0 User Guide Working with a data source 627
Retention Management
Rubrik CDM Version 5.0 User Guide Unprotecting a data source 628
Retention Management
6. Select one of the SLA Domains to apply to all selected snapshots, or select Forever to mark
snapshots for deletion.
Note: Only the maximum retention and remote configuration settings of the associated SLA
Domain apply to an on-demand snapshot.
7. Click Submit.
Rubrik CDM Version 5.0 User Guide Changing the retention policy on a scheduled snapshot 629
Retention Management
5. Click Delete.
The Rubrik cluster removes all the snapshots associated with the selected data sources that have
a Retention SLA of Forever.
For snapshots that exist locally and at an archival location, the Rubrik cluster removes the local
data. To also remove the data at the archival location, perform the removal task a second time.
Note: The retention SLA must be set to Forever before retrieved content can be deleted.
Rubrik CDM Version 5.0 User Guide Removing individual snapshots for a data source 630
Retention Management
Rubrik CDM Version 5.0 User Guide Removing retrieved content for a database 631
Chapter 21
Reports
This chapter discusses the reporting functionality provided by the Rubrik Envision feature,
including customizing the default reports.
Overview ............................................................................................................... 633
SLA Compliance Summary report ............................................................................. 650
Object Backup Task Summary report ....................................................................... 650
Protection Tasks Summary report ............................................................................ 651
Protection Tasks Details report ................................................................................ 651
Recovery Tasks Details report.................................................................................. 652
Object Protection Summary report ........................................................................... 652
Capacity Over Time report....................................................................................... 653
System Capacity report ........................................................................................... 653
Overview
The Rubrik Envision feature provides customizable reports about the data protection functions of
the local Rubrik cluster. The reports record historical information about several categories of
cluster functionality.
Protection tasks
Service Level Agreement (SLA) compliance
System capacity
Snapshot storage usage
Each of these report types supports extensive customization to the graphs displayed, as well as
custom filtering along several different dimensions.
Displaying a report
The Gallery lists all of the reports available on the Rubrik cluster.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the web UI, click Reports > Gallery.
A list of all available reports appears.
3. (Optional) To search the list, type a string into the “Search by Name” field.
To filter the list by template, select a template type from the “Filter Template” drop-down.
To filter the list by type, select “Default” or “Custom” from the “Filter Type” drop-down.
4. Click the name of a report.
The selected report appears.
Filters restrict the content that appears in a report. Table 130 lists the filters available for custom
reports.
Table 130 Filter availability in reports
Filter Description Available in reports
Date Restricts the report information to a selected date • Protection Tasks Summary
range. Supported ranges are: • Protection Tasks Details
• Past 24 Hours
• Recovery Tasks Details
• Past 7 Days
• Capacity Over Time
• Past 30 Days
• Past Year
• Custom Range, which is a start date to an end
date.
Task Status Restricts the report to information about tasks in the • Protection Tasks Summary
selected statuses: • Protection Tasks Details
• Succeeded
• Recovery Tasks Details
• Canceled
• Failed
SLA Domain Filters tasks by the selected SLA Domain. Search All
for specific SLA Domains by typing a portion of the
name of an SLA Domain in “Search by Name”.
Object Type Restricts the report to information about the All
specified object types:
• VMware Virtual Machines
• Linux & Unix Filesets
• Windows Filesets
• SQL Server DBs
• Nutanix Cluster
• Hyper-V Cluster
• Managed Volumes
The measures used by a report are the metrics that the report visualizes. Table 131 lists the
measures available for each report type.
Table 131 Measure availability in reports
Measure Description Available in reports
Task Count Total number of tasks. • Protection Tasks Summary
• Protection Tasks Details
• Recovery Tasks Details
Expected Tasks Number of expected tasks. • Object Backup Task
Summary
Attributes are the categories into which a particular measure is divided. Table 132 lists the
attributes available for custom reports.
Table 132 Attribute availability in reports
Attribute Description Available in reports
Task Status Icon representing the state of the task at the time of • Protection Tasks Summary
the entry. The status can be: • Protection Tasks Details
• Succeeded
• Recovery Tasks Details
• Failed
• Canceled
Task Type Restricts the report to information about tasks of the • Protection Tasks Summary
specified types. Supported task types are: • Protection Tasks Details
• Backup
• Recovery Tasks Details
• Archival
• Replication
SLA Domain One of the following: All, except Capacity Over Time
• The name of the SLA Domain that protects the
object.
• Unprotected
Click on the name of the SLA Domain to manage the
domain.
Object Type One of the following types: All, except Capacity Over Time
• Virtual Machine
• Linux & Unix Fileset
• Windows Fileset
• SQL Server DB
• Nutanix Cluster
• Hyper-V Cluster
• Managed Volumes
Location The definition of location varies by object: All, except Capacity Over Time
• Virtual machines – The IPv4 address or FQDN of
the vCenter Server.
• SQL Server DBs – The FQDN of the Window
Server and the SQL Server instance.
• Linux & Unix Hosts – The IPv4 address or FQDN
of the Linux or Unix host.
• Windows Hosts – The IPv4 address or FQDN of
the Windows host.
• Nutanix Cluster – The name of the cluster.
• Hyper-V Cluster – The name of the cluster.
• Managed Volume – The name of the volume.
Object Name The name of the object that is the subject of the task. All, except Capacity Over Time
In addition to charts, reports feature a data table. The information displayed in this data table can
also be customized with specific measures and attributes.
Table 133 Table customizations available in reports
Table Element Type Available in Report
SLA Domain Attribute All
Object Type Attribute All
Location Attribute All
Object Name Attribute All
Cluster Location Attribute All
Replication Target Attribute All except Protection Tasks Summary
Archival Target Attribute All except Protection Tasks Summary
Task Status Attribute • Protection Tasks Summary
• Protection Tasks Details
• Recovery Task Details
Current Task Status Attribute • Object Backup Task Summary
Task Type Attribute • Protection Tasks Details
• Recovery Task Details
Queued Time Measure • Protection Tasks Details
• Recovery Task Details
Start Time Measure • Protection Tasks Details
• Recovery Task Details
Scheduling a report
Schedule a report to specify times for the Rubrik cluster to send an HTML email containing the
report charts and the first 100 lines of the report table. The email includes all data from the report
table in an attached CSV file.
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the web UI, click Reports > Gallery.
A list of all available reports appears.
3. (Optional) To search the list, type a string into the “Search by Name” field.
4. Click the name of a report.
5. At the top of the report, click Schedule.
The Schedule Report pane appears.
6. In Email Address, type a valid email address. To specify multiple recipients, use commas to
separate each address.
The Rubrik cluster sends reports to the specified email addresses.
7. (Optional) Clear the CSV box to omit the CSV file of report data from the report emails.
Note: The Object Backup Task Summary report does not include information for the current day.
Rubrik CDM Version 5.0 User Guide SLA Compliance Summary report 650
Reports
Rubrik CDM Version 5.0 User Guide Protection Tasks Summary report 651
Reports
Rubrik CDM Version 5.0 User Guide Recovery Tasks Details report 652
Reports
Rubrik CDM Version 5.0 User Guide Capacity Over Time report 653
Chapter 22
System and Task Information
This chapter describes the system and task information that the Rubrik CDM web UI provides
through dashboards, notifications, and alerts.
Overview ............................................................................................................... 655
Dashboards ............................................................................................................ 656
Activity Log ............................................................................................................ 663
Specifying a custom date range ............................................................................... 666
Rubrik CDM Version 5.0 User Guide System and Task Information 654
System and Task Information
Overview
The Rubrik CDM web UI provides administrative information about the status of protection tasks,
protected objects, Rubrik cluster system status, and Rubrik cluster system tasks.
The Rubrik CDM web UI uses a variety of delivery methods to provide information in the most
useful format based on the type of information, the time-sensitivity of the information, and the
historical value of the information.
Table 134 describes the methods used to provide information through the Rubrik CDM web UI.
Table 134 Information delivery methods
Method Description
Dashboard Uses graphical elements and text to provide current state information. The Rubrik
CDM web UI refreshes dashboard information automatically. Dashboards also
provide links to reports, logs, and additional dashboards.
Notification message Task message that the Rubrik cluster classifies as time-sensitive, either because
the message indicates a possible issue or because the message indicates the
completion of a manually initiated task.
Activity message Task state message. Task state is one of the following:
• Canceled
• Failure
• In Progress
• Success
• Warning
• Queued
Data measurements
The Rubrik CDM web UI depicts data values using the decimal definition for the prefixes used with
bits and bytes.
The Rubrik cluster uses the standards promulgated in the Système international d'unités
(International System of Units or SI) for all expressions of data measurements. Under those
standards, the prefixes used with bits (b) and bytes (B) represent decimal multiples of those units,
not binary multiples.
Table 135 compares the traditional prefix definitions used by Rubrik with the binary definitions
used by the International Electrotechnical Commission (IEC)/International Organization for
Standardization (ISO) in ISO/IEC 80000-13 and the binary definitions used by the JEDEC Solid
State Technology Association (JEDEC).
Table 135 Comparison of data prefix definitions
Rubrik Non-Rubrik
Decimal value SI prefix Binary value ISO/IEC prefix JEDEC prefix
1000 k - kilo 1024 ki - kibi K- kilo
10002 M - mega 10242 Mi - mibi M- mega
10003 G - giga 10243 Gi - gibi G- giga
10004 T - tera 10244 Ti - tebi T - tera
10005 P - peta 10245 Pi - pebi
10006 E - exa 10246 Ei - exbi
10007 Z - zetta 10247 Zi - zebi
10008 Y - yotta 10248 Yi - yobi
Dashboards
Dashboards provide information about the current state of various aspects of the Rubrik cluster.
The Rubrik CDM web UI regularly refreshes the information that appears in a dashboard. Table
136 describes the dashboards that are available in the Rubrik CDM web UI.
Table 136 Dashboards available through the Rubrik CDM web UI (page 1 of 2)
Name Description
Dashboard Main system dashboard and default view at the start of a Rubrik CDM web UI
session. Provides:
• Virtual Machine protection numbers and links
• SLA Domains quick look and links
• Current top activities and link
• Number of Live Mounts
• System status quick look and current number of incoming snapshots
• System storage donut chart and link
• Data ingestion line chart
Table 136 Dashboards available through the Rubrik CDM web UI (page 2 of 2)
Name Description
System Overview Provides:
• Name of the Rubrik cluster
• System configuration and a link to the Nodes page
• Storage usage
• IO throughput
• IO operations
Reports Overview Provides information about:
• Operational tasks and link to the Operational Tasks report
• SLA compliance and link to the SLA Compliance report
• System capacity and link to the System Capacity report
Manage Replication Provides information about the incoming and outgoing caused by replication
activities.
Local SLA Domain Provides overview, policy, and storage information for the local SLA Domain.
Remote SLA Domain Provides overview, policy, and storage information for the remote SLA Domain.
Local VM Provides overview and snapshot information for the local virtual machine.
Remote VM Provides overview and snapshot information for the remote virtual machine.
Table 138 describes the information that is provided by the system donut graph.
Table 138 Information provided by the system donut graph
Information type Description
Live mount storage Space used by live mounts.
Snapshot storage Space used to store immutable snapshots.
System storage Space used as storage for the following:
• In-progress data ingestion and file management activity.
• OS reserved space for EXT4 file system metadata and inodes. (~1% of
the total storage)
• Backups of Cassandra snapshot metadata.
• SDFS data that has been marked for garbage collection.
• Journals for active Live Mounts and for running backups of filesets and
manged volumes.
Every Rubrik cluster requires approximately 5% of the total capacity to
handle in-progress jobs and Cassandra snapshots.
Available storage Available space in the system.
Storage graphic
In the Storage section, the System Overview dashboard provides a graphical representation of the
storage on the Rubrik cluster.
The Storage section uses a donut chart to depict information about the total storage capacity of
the Rubrik cluster. Each colored arc in the donut chart represents a unique part of the total
storage. A legend identifies the type of storage that each color represents.
The donut chart displays the largest arc starting at the top of the chart and running clockwise. A
Rubrik cluster with Available as the largest storage category has the arc that represents Available
storage starting at the top and running clockwise. A Rubrik cluster with Snapshot as the largest
storage category has the arc that represents Snapshot storage starting at the top and running
clockwise.
Table 141 describes each information type in the System Usage column of the Reports Overview
dashboard.
Table 141 Information in the System Usage column
Information type Description
Total Storage used by snapshots on the local Rubrik cluster combined with the storage at
the archival location used by snapshots from the local Rubrik cluster.
Local Storage used by snapshots on the local Rubrik cluster.
Archive Storage at the archival location used by snapshots from the local Rubrik cluster
Across all replicas Local Rubrik cluster storage used by replicas from other Rubrik clusters.
Table 142 describes each information type in the Local Overview column of the Reports Overview
dashboard.
Table 142 Information in the Local Overview column
Information type Description
Available Storage Free space on the local Rubrik cluster.
Average Daily Growth Average daily increase in storage on the local Rubrik cluster, computed by using
the daily increase in storage for each day in the last month.
Estimated Runway Estimated number of days remaining before additional data storage space is
required on the local Rubrik cluster.
Remote Brik Storage Storage on the replication target Rubrik cluster that is used by replicas from the
local Rubrik cluster.
Activity Log
The Activity Log contains notifications that are considered time sensitive and log messages about
standard tasks.
The Rubrik cluster creates notifications about tasks that the Rubrik cluster classifies as potentially
time-sensitive. Factors that determine this classification are:
Task status indicates a possible issue
Task was manually initiated
Notifications provide information in three status categories: Success, Warning, and Failure. Click
on a warning notification or on a failure notification to open an associated Rubrik CDM web UI
dialog box or Rubrik CDM web UI page that can be helpful in addressing the underlying issue.
The Rubrik CDM web UI provides Activity Log messages that describe the current state of tasks on
the local Rubrik cluster.
Activity Log messages furnish information about every task that is started on the local Rubrik
cluster over the past 90 days, including tasks that result in a notification.
The top bar of the Rubrik CDM web UI has a globe icon that links to the Activity log page. The
globe icon displays the number of messages added to the Activity Log since the last time the page
was accessed.
Filtering messages
Filter the messages that appear on the Activity Log by status, data source type, message type,
and date.
1. Log in to the Rubrik CDM web UI.
2. Click the globe icon on the top bar of the Rubrik CDM web UI.
The recent messages list of the Activity Log appears.
3. On the recent messages list, click See all.
The Activity Log page appears.
4. Click one of the filter menus and select a filter.
Activity Log filters describes the filters that are available on the Activity Log page.
The Activity Log displays only messages that match the selected filter.
5. (Optional) Select filters from more than one filter menu to further refine the visible
notifications.
6. (Optional) Click the X next to a filter menu to clear a selected filter.
Information provided by Activity Log messages describes the information that is provided on
the Activity Log page.
5. (Optional) Filter the Activity Log messages.
Filtering messages describes how to use the filters on the Activity Log page.
6. (Optional) In Search by Name, type the name of a notification object.
For example, to view all Activity Log entries for a particular user account, type the name of the
user account in Search by Name.
The Rubrik CDM web UI shows matching results as characters are typed. Select one of the
displayed matches to view the Activity Log entries for that object.
7. Click on an activity in the log.
The Activity Detail dialog box for that activity appears.
8. (Optional) On the Activity Detail dialog box, click Download Logs.
The Rubrik cluster collects the logs that are relevant to the message, combines the logs in a zip
file, and provides a download link for that file.
9. Click OK.
The Activity Detail dialog box closes.
Rubrik CDM Version 5.0 User Guide Specifying a custom date range 666
System and Task Information
The Filter By Custom Range dialog box appears, as shown in Figure 12.
Figure 12 Filter By Custom Range dialog box
3. On the left-side calendar, select a day as the earliest end-point of the date range.
The calendar date of the selected day appears in From Date.
4. In From Time, select an hour to mark the earliest hour of the day listed in From Date.
5. On the right-side calendar, select a day to mark the latest end-point of the date range.
The calendar date of the selected day appears in To Date.
6. In To Time, select an hour to mark the latest hour of the day listed in To Date.
7. Click Filter.
The Rubrik CDM web UI displays only the information that was generated after the From Date at
From Time and before the To Date at To Time.
Rubrik CDM Version 5.0 User Guide Specifying a custom date range 667
Appendix A
Ports
This appendix provides all Rubrik port requirements in a single table and also groups related port
requirements into separate tables.
All Rubrik port requirements .................................................................................... 669
Additional network requirement ............................................................................... 674
Rubrik cluster inbound ports .................................................................................... 674
Rubrik cluster outbound ports.................................................................................. 676
Ports used for communication between nodes in a cluster ......................................... 678
Archiving ports ....................................................................................................... 678
Cloud ports ............................................................................................................ 679
Replication port ...................................................................................................... 681
Ports 668
Ports
111 a. VMware ESXi a. Rubrik cluster a. Provides an NFS datastore for ESXi hosts.
TCP hosts b. Rubrik cluster b. Provides NFS access to managed volumes.
b. Oracle c. Rubrik cluster c. Provide NFS access to managed volumes.
database host
c. SAP HANA
database host
123 Rubrik cluster NTP server Provides access to network time protocol (NTP)
UDP servers for time synchronization.
123 Rubrik cluster Rubrik cluster Allows NTP synchronization across nodes of a
UDP cluster.
137 Hyper-V host Rubrik cluster Provides access to Samba share during backup,
UDP export and live mounts.
138 Hyper-V host Rubrik cluster Provides access to Samba share during backup,
UDP export and live mounts.
139 Hyper-V host Rubrik cluster Provides access to Samba share during backup,
TCP export and live mounts.
465 Rubrik cluster Email server Allows the Rubrik cluster to send email alerts to
TCP administrators. Only required when the email server
supports this port.
587 Rubrik cluster Email server Allows the Rubrik cluster to send email alerts to
TCP administrators. Only required when the email server
supports this port.
623 Remote IPMI on Rubrik node Provides access to the IPMI system on a Rubrik
UDP management node.
tool
636 TCP Rubrik cluster Active Directory Permits secure LDAP (LDAPS) communication for
server or LDAP SMB security and LDAP servers.
server
860 Rubrik cluster iSCSI targets Permits iSCSI data transfers.
TCP/UDP
902 Rubrik cluster VMware ESXi hosts Permits network block device (NBD) data transfers.
TCP
2002 a. Cloud a. Rubrik cluster a. Permits secure communication with the cloud
TCP provider (AWS b. <Bolt-subnet> provider.
or Azure) b. Required for CloudOn with Azure and for
b. Rubrik cluster CloudOn with AWS. Replace <Bolt-subnet> with
the CIDR range of the network subnet used by
Bolt.
2013 Rubrik cluster Rubrik cluster Allows sharing of statistics between the nodes of a
TCP Rubrik cluster.
2014 Rubrik cluster Rubrik cluster Allows sharing of statistics between the nodes of a
TCP Rubrik cluster.
2049 Rubrik cluster NFS server Permits communication with a NAS device that is
TCP being used as an archival location.
2049 a. VMware ESXi a. Rubrik cluster a. Permits contact with the NFS daemon running on
TCP/UDP hosts b. Rubrik cluster the Rubrik cluster for Live Mount operations.
b. Oracle c. Rubrik cluster b. Permits contact with the NFS daemon running on
database host the Rubrik cluster for Live Mount of managed
c. SAP HANA volume snapshots.
database host c. Permits contact with the NFS daemon running on
the Rubrik cluster for Live Mount of managed
volume snapshots.
2074 Rubrik cluster Nutanix cluster Permits secure communication between the Rubrik
TCP cluster and the Nutanix Guest Agent (NGA). The
NGA publishes information such as guest OS type,
status of VM mobility and VSS services, and more.
3205 Rubrik cluster iSCSI targets Permits iSCSI data transfers.
TCP/UDP
3260 Rubrik cluster iSCSI targets Permits iSCSI data transfers.
TCP
3268 TCP Rubrik cluster Active Directory Permits LDAP communication for LDAP servers.
Global Catalog
server
3269 TCP Rubrik cluster Active Directory Permits secure LDAP (LDAPS) communication for
Global Catalog LDAP servers.
server
5353 Rubrik node Rubrik node Allows zeroconf node discovery.
UDP
5900 VNC client IPMI on Rubrik node Permits a virtual networking connection with the
TCP IPMI interface on a Rubrik node.
7000 Rubrik cluster Rubrik cluster Allows process arbitration between the nodes of a
TCP Rubrik cluster.
7500- Rubrik cluster Rubrik Envoy Required for communication between Rubrik cluster
7501 TCP and Rubrik Envoy managed service provider, to
handle inbound proxy communications specifically
for RBA traffic.
7781 Rubrik cluster Rubrik cluster Permits the Rubrik cluster to load basic software and
TCP configuration information (bootstrap) during cluster
configuration.
8081 Rubrik node Rubrik node Allows node to node communication to the Graphite
TCP web server.
9440 Nutanix Cluster Rubrik cluster Permits communication between Nutanix Cluster
TCP and the Rubrik cluster
10000 Rubrik cluster Rubrik cluster Allows sharing of Rubrik cluster file system (SDFS)
TCP data between the nodes of a Rubrik cluster.
10001 Rubrik node Rubrik node Allows node to node SDFS communication.
TCP
12800 Rubrik cluster a. Physical Linux or a. Permits contact with the Rubrik Backup Service
TCP Unix host software on the Linux or Unix host.
b. Windows Server b. Permits contact with the Rubrik Backup Service
host software on the Windows Server host.
c. Hyper-V host c. Permits contact with the Rubrik Backup Service
software on the Hyper-V host.
12801 Rubrik cluster a. Physical Linux or a. Permits contact with the Rubrik Backup Service
TCP Unix host software on the Linux or Unix host.
b. Windows Server b. Permits contact with the Rubrik Backup Service
host software on the Windows Server host.
c. Hyper-V host c. Permits contact with the Rubrik Backup Service
software on the Hyper-V host.
18082 Rubrik cluster QStar host Required for archiving to QStar tape archive.
TCP Remote Admin (C:\qstar\bin\admin.exe) listens on
the QStar host.
26257 Rubrik node Rubrik node Allows node to node CockroachDB communication.
TCP
32764 - NFS client Rubrik cluster Required for all NFS protocol Live Mounts of
32769 managed volumes on a Rubrik cluster. Rubrik
TCP/UDP clusters limit the allocated port range for managed
volumes and for the mountd, statd, lockd, and
rquotad services to this inbound TCP/UDP port
range.
Rubrik uses TCP port 443 for secure transmissions in a number of contexts. Table 146 describes
those uses.
Table 146 All uses of secure port 443 TCP (page 1 of 2)
Source Destination Description
Rubrik cluster proxy.rubrik.com Required for:
Rubrik Support tunnel and Rubrik cluster
statistics.
Rubrik cluster logs.rubrik.com Error log upload.
Rubrik cluster s3.amazonaws.com Uploading support bundles.
Rubrik cluster ESXi host File level restore.
Web UI clients Rubrik cluster Secure communication between web UI client
and Rubrik cluster.
Rubrik cluster Archival location URL Transmitting data to the archival location.
Rubrik cluster VMware vCenter Server Information queries about virtual machines.
Local web browser IPMI on a Rubrik node Web interface with IPMI on a Rubrik node.
Rubrik cluster Pure Storage array Invoking Pure Storage REST APIs for
snapshots and queries about volumes.
Rubrik cluster <blob-acct>.blob.core.windo Required for CloudOut to Azure. Replace
ws.net <blob-acct> with the Azure archive blob storage
account name.
Rubrik cluster gp-acct>.blob.core.windows. Required for CloudOn with Azure. Replace
net <gp-acct> with the name of a GPv1 or GPv2
storage account. The account cannot be a blob
storage account.
Rubrik Bolt <blob-acct>.blob.core.windo Required for CloudOn with Azure. Replace
ws.net <blob-acct> with the Azure archive blob storage
account name.
Rubrik cluster s3.<region>.amazonaws.co Required for CloudOut to AWS. Replace
m <region> with an AWS region name.
Rubrik cluster kms.<region>.amazonaws.c Required for CloudOut to AWS only when AWS
om KMS encryption keys are used with the archive.
Replace <region> with an AWS region name.
Rubrik cluster ec2.<region>.amazonaws.co Required for CloudOn with AWS. Replace
m <region> with an AWS region name.
Rubrik Bolt s3.<region>.amazonaws.co Required for CloudOn with AWS. Replace
m <region> with an AWS region name.
Rubrik Bolt kms.<region>.amazonaws.c Required for CloudOn with AWS only when
om AWS KMS encryption keys are used with the
archive. Replace <region> with an AWS region
name.
Archiving ports
For archiving, the Rubrik cluster uses the outbound ports that are listed in Table 150.
Table 150 Archiving ports
Port Destination Description
443 TCP Amazon S3 URL Required for transmitting data to the archival location.
Microsoft Azure URL
2049 TCP NFS server Permits communication with a NAS device that is being used as an
archival location.
For archiving to an object storage system, the Rubrik cluster can be configured to use the port
that is specified in the configuration of the object storage system.
Cloud ports
The required ports for the Rubrik cloud features CloudOut and CloudOn are determined by the
associated cloud service vendor.
Table 151 describes the port requirements for the Microsoft Azure cloud.
Table 151 Azure port requirements
Feature Port Source Destination Description
Support 443 TCP Rubrik cluster logs.rubrik.com Used by the log collection
service.
Support 443 TCP Rubrik cluster proxy.rubrik.com Provides the Rubrik Support
tunnel.
CloudOut 443 TCP Rubrik cluster <blob-acct>.blob.core.windows.net Replace <blob-acct> with
the Azure archive blob
storage account name.
CloudOn 443 TCP Rubrik cluster <Bolt-subnet> Replace <Bolt-subnet> with
the CIDR range of the
network subnet used by
Bolt.
CloudOn 22 TCP Rubrik cluster <Bolt-subnet> Replace <Bolt-subnet> with
the CIDR range of the
network subnet used by
Bolt. Only required when
troubleshooting.
CloudOn 2002 TCP Rubrik cluster <Bolt-subnet> Replace <Bolt-subnet> with
the CIDR range of the
network subnet used by
Bolt.
CloudOn 8077 TCP Rubrik cluster <Bolt-subnet> Replace <Bolt-subnet> with
the CIDR range of the
network subnet used by
Bolt. Only required when
troubleshooting over SSH.
CloudOn 443 TCP Rubrik cluster <gp-acct>.blob.core.windows.net Replace <gp-acct> with the
name of a GPv1 or GPv2
storage account. The
account cannot be a blob
storage account.
CloudOn 443 TCP Rubrik Bolt <blob-acct>.blob.core.windows.net Replace <blob-acct> with
the Azure archive blob
storage account name.
Table 152 describes the port requirements for the Amazon Web Services cloud.
Table 152 AWS port requirements
Feature Port Source Destination Description
Support 443 TCP Rubrik cluster logs.rubrik.com Used by the log collection
service.
Support 443 TCP Rubrik cluster proxy.rubrik.com Provides the Rubrik Support
tunnel.
CloudOut 443 TCP Rubrik cluster s3.<region>.amazonaws.com Replace <region> with an
AWS region name. For
example: us-west-1
CloudOut 443 TCP Rubrik cluster kms.<region>.amazonaws.com Replace <region> with an
AWS region name. For
example: us-west-1
Required only when AWS
KMS encryption keys are
used with the archive.
CloudOn 443 TCP Rubrik cluster ec2.<region>.amazonaws.com Replace <region> with an
AWS region name. For
example: us-west-1
CloudOn 22 TCP Rubrik cluster <Bolt-subnet> Replace <Bolt-subnet> with
the CIDR range of the
network subnet used by
Bolt. Only required when
troubleshooting.
CloudOn 2002 TCP Rubrik cluster <Bolt-subnet> Replace <Bolt-subnet> with
the CIDR range of the
network subnet used by
Bolt.
CloudOn 8077 TCP Rubrik cluster <Bolt-subnet> Replace <Bolt-subnet> with
the CIDR range of the
network subnet used by
Bolt. Only required when
troubleshooting over SSH.
CloudOn 443 TCP Rubrik Bolt s3.<region>.amazonaws.com Replace <region> with an
AWS region name. For
example: us-west-1
CloudOn 443 TCP Rubrik Bolt kms.<region>.amazonaws.com Replace <region> with an
AWS region name. For
example: us-west-1
Required only when AWS
KMS encryption keys are
used with the archive.
Replication port
For replication, the source Rubrik cluster and the target Rubrik cluster use the single, bidirectional,
port listed in Table 153.
Table 153 Replication ports
Port Source Destination Description
7785 TCP a. Replication source a. Spray server on the a. Required for secure
Rubrik cluster replication target communication between
b. Replication source Rubrik cluster replication source and
Rubrik cluster b. Remote cluster service high-performance HTTP server on
c. Replication target on the replication target target.
Rubrik cluster Rubrik cluster b. Replication data transmission.
d. Replication target c. Remote cluster service c. Replication data transmission.
Rubrik cluster on the replication d. Permits replication data
source Rubrik cluster transmission.
d. Snapshot server on the
replication source
Rubrik cluster
This appendix describes the minimum vCenter Server privileges required by the Rubrik cluster in
the following section:
Minimum required privileges .................................................................................... 683
Note: The minimum vCenter account privileges also protect vCloud Director accounts. A vCloud
Director account, however, must be a System Administrator account, because vCloud Director runs
on top of vCenters, and accesses certain additional operations that require the System
Administrator role. Adding a vCloud Director instance describes how to add a vCloud Director
instance.
Table 154 describes the minimum privileges on the vCenter Server that are required by the
vCenter Server role that is assigned to the Rubrik cluster. The table uses an asterisk (*) to indicate
a privilege that Rubrik does not require in the current release but anticipates requiring in a later
release.
Table 154 Minimum vCenter Server privileges required by Rubrik (page 1 of 5)
Privilege category Privilege Description
Datastore Allocate space Used by Rubrik to create virtual machines for export. Also
used by Rubrik to provide space for delta files on the
datastore when creating a snapshot.
Datastore Browse datastore Permits Rubrik to find and download the vmware.log file for
a virtual machine after a failed snapshot and to send the
vmware.log file out for support.
Datastore Configure datastore Allows Rubrik to connect the datastore on a Rubrik cluster
to the vCenter Server for Live Mount and Instant Recovery.
Datastore Low level file operations Permits Rubrik to ingest and to export the contents of
snapshot VMDKs.
Datastore Move datastore* Allows Rubrik to place a Live Mount datastore into a
vCenter Server folder to enhance manageability.
Datastore Remove datastore Used by Rubrik to detach a Live Mount datastore that is no
longer in use.
Globala Disable methods When configured to connect to vCenter server extensions,
this privilege allows Rubrik for vCenter server extensions
to disable certain operations and objects managed by
vCenter Server.
Global Enable methods When configured to connect to vCenter server extensions,
this privilege allows Rubrik to enable certain operations
and objects managed by vCenter Server.
a. The Global privileges Disable methods, Enable methods, and Licenses, are only required for VDDK 5.1
and VDDK 5.5. Upgrading to vSphere 5.1 U3 eliminates the requirement. Refer to the VMware Knowledgebase
article: Restoring or backing up virtual machines using VDDK API fails with the error: Not licensed to use this
function. Error 16064 at 2357 (2063054).
b. This privilege is only required for vCenter servers that are connected for vCloud Director vApp protection.
c. Resetting CBT is required when a known VMware issue occurs that results in vSphere failing to maintain the
setting.
This appendix provides supplemental information about the initial preparation required to use
specific types of archival locations.
Generating an RSA key ........................................................................................... 690
Preparing to use Amazon S3 as an archival location .................................................. 690
Preparing to use Amazon Glacier as an archival location ............................................ 694
Preparing to use GCP as an archival location............................................................. 698
Preparing Microsoft Azure as an archival location ...................................................... 699
Preparing Cleversafe as an archival location.............................................................. 700
Preparing Scality as an archival location ................................................................... 703
Preparing to use an NFS share as an archival location ............................................... 704
Preparing an Isilon NFS share as an archival location ................................................ 705
Preparing a QStar Integral Volume as an archival location ......................................... 706
Creating an S3 bucket
Create an Amazon S3 bucket to use as the archival target when archiving to Amazon S3. Isolating
permissions at the bucket level provides additional security for the archived data.
1. In the AWS Services list, in the Storage section, select S3.
The Amazon S3 page appears.
2. Click + Create bucket.
The Create bucket modal appears.
“s3:GetBucketLocation”
],
“Resource”:“arn:aws:s3:::<bucket-name>”
},
{
“Effect”:“Allow”,
“Action”:[
“s3:PutObject”,
“s3:GetObject”,
“s3:DeleteObject”,
“s3:AbortMultipartUpload”,
“s3:ListMultipartUploadParts”,
“s3:RestoreObject”
],
“Resource”:“arn:aws:s3:::<bucket-name>/*”
}
]
}
Create a security policy with all buckets in the account
You can create IAM roles to delegate access to AWS resources in all buckets in the account.
Make sure that the following permission set is granted to this IAM role:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:ListAllMyBuckets",
"s3:AbortMultipartUpload",
"s3:RestoreObject",
"s3:CreateBucket",
"s3:ListBucket",
"s3:HeadBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:ListMultipartUploadParts"
],
"Resource": "*"
}
]
}
With this permission set, the IAM user can create a new bucket, list all buckets in the account and
work with all objects in all buckets in the account.
1. In the AWS Services list, in the Security, Identity & Compliance section, select IAM.
The Identity and Access Management page appears.
2. On the left-side menu, select Policies.
3. Click Create policy.
4. From Service, click Choose a service.
5. Select S3.
6. From Actions, click Select actions.
7. Check the box for All S3 actions (s3:)*.
This gives all permissions to the user for this bucket.
Alternatively, you can give permissions to the user for all the buckets in the account, as
described in Create a security policy with all buckets in the account.
8. From Resources section, to the right of bucket, click Add ARN.
9. In the Specify ARN for bucket field, remove the placeholder arn:aws:3::: and paste the
bucket ARN copied in step 7 in the previous section with /* at the end.
10.Click Add.
11.At the bottom of the page, click Review policy.
12.In the Name field, provide a policy name (for example, RubrikS3Policy).
13.At the bottom of the page, click Create policy.
AWS creates the bucket policy and returns to the policy list page.
"glacier:InitiateJob",
"glacier:DescribeJob",
"glacier:GetJobOutput",
"glacier:UploadArchive",
"glacier:InitiateMultipartUpload",
"glacier:UplaoadMultipartPart",
"glacier:CompleteMultipartUpload",
"glacier:DeleteArchive",
"glacier:GetVaultLock",
"glacier:InitiateVaultLock",
"glacier:CompleteVaultLock",
"glacier:AbortVaultLock"
],
"Resource": "<vault-arn>"
}
]
}
1. In the AWS Services list, in the Security, Identity & Compliance section, select IAM.
The Identity and Access Management page appears.
2. On the left-side menu, select Policies.
3. Click Create policy.
4. From Service, click Choose a service.
5. Select Glacier.
6. From Actions, click Select actions.
7. Check the box for All Glacier actions (glacier:)*.
This gives all permissions to the user for this vault.
Alternatively, you can give permissions to the user for all the vaults in the account, as described
in Create a security policy with a pre-existing vault.
8. From Resources section, to the right of vault, click Add ARN.
9. In the Specify ARN for bucket field, remove the placeholder arn:aws:glacier::: and paste the
bucket ARN copied in step 10 in the previous section.
10.Click Add.
11.At the bottom of the page, click Review policy.
12.In the Name field, provide a policy name (for example, RubrikGlacierPolicy).
13.At the bottom of the page, click Create policy.
AWS creates the bucket policy and returns to the policy list page.
4. In the Set user details section, in User name, type a name for the user account.
The user account will be used by the Rubrik cluster to access the vault.
5. In the Select AWS access type section, in Access type, select Programmatic access.
6. Click Next: Permissions.
The Set Permissions page appears with various methods for setting the permissions of the user
account.
7. Click Attach existing policies directly.
A list of the available policies appears.
8. Select the policy created for the bucket, and click Next: Review.
The Review page appears.
9. Click Create user.
AWS creates the user and a success message appears.
10.Click Download CSV.
The web browser opens a Save As dialog box.
11.Save the file credentials.csv.
The file can be renamed. The file contains the Access key ID and Secret access key for the user
account and should be securely stored. Use these values when configuring the Rubrik cluster to
use this AWS bucket as an archival location.
! IMPORTANT
The vault template must have Name Index Enabled selected. This option enables the Rubrik
cluster to perform the archival file and directory listings that are required for upgrade and
disaster recovery.
The result of this task is also a new account with the following required characteristics:
The Role of Vault Provisioner
READ/WRITE access to the vault created for the Rubrik cluster
Generated and retained access key and secret key
Note: The instructions provide by this section use Cleversafe version 3.6.6.2. The general
requirements described by this section apply to all versions of Cleversafe. Refer to the Cleversafe
documentation for the most up-to-date instructions for a specific Cleversafe version.
1. Using a web browser, access the Cleversafe dsNet Manager UI and log in using an account with
administrator privileges on the Cleversafe system.
2. On the top menu bar, select Administration.
The Administration page appears.
3. In the Provisioning API Configuration section, click Configure.
The Provisioning API Configuration page appears.
4. Select Create and Delete, and click Update.
5. On the top menu bar, select Configure.
The Configure page appears.
6. In the left-side hierarchical tree, under Access Pools, select an Access Pool.
The page for the selected Access Pool appears.
7. Click Change.
The Editing page appears.
8. On the Editing page, in API Type, select Cloud Storage Object.
9. Click Update.
10.In the left-side hierarchical tree, under Storage Pools, select a Storage Pool.
The page for the selected Storage Pool appears.
11.In Vault Templates, click Create Vault Template.
! IMPORTANT
Do not type a value in the Provisioning Code field. The Rubrik cluster does not support
provisioning codes.
! IMPORTANT
Add a Rubrik cluster that uses an NFS archival location with Kerberos to only one Active
Directory domain. Multiple Active Directory domains are not supported with an NFS archival
location when using Kerberos.
! IMPORTANT
Kerberos authentication can optionally be enabled. When Kerberos is enabled, add a Rubrik
cluster that uses an NFS archival location to only one Active Directory domain. Multiple
Active Directory domains are not supported with an NFS archival location when using
Kerberos.
Initial requirements
Before setting up a QStar Integral Volume as an archival location, ensure that the initial
requirements have been met.
Table 157 describes the Rubrik cluster requirements for using a QStar Manager instance as an
archival location.
Table 157 Rubrik requirements for a QStar tape archival location
Requirement Description
QStar Host OS Windows Server 2012 or newer
QStar software QStar Archive Manager version 6 for Windows Server
Disk Sufficient free disk space on a dedicated volume to use for QStar caching.
Tape library Any tape library that is support by the QStar Archive Manager. The tape library must
be visible to the Windows Server and available to the QStar Archive Manager
instance. The tape library must have at least two tape drives in order to support
concurrent archive and retrieval operations of different snapshots.
! IMPORTANT
The slot must have the value ‘Tape’ in the Type column and have no value in the Set
Name column. Tape indicates that the media in the slot is a tape. An empty value in the
Set Name column indicates that the slot is not assigned to an Integral Volume set.
9. Click Erase.
The QStar Archive Manager erases and initializes the tape.
10.Repeat step 8 and step 9 for each slot that will be assigned to the archival location.
11.On the left-side menu, under Integral Volumes, select Volume Management.
12.Click Create New Integral Volume.
The New Integral Volume Parameters dialog box appears.
13.Configure the new Integral Volume.
Perform the actions specified in Table 158.
Table 158 Actions on the New Integral Volume Parameters dialog
Field Action
Integral Volume Name Type a name for the Integral Volume set.
File System Type Select TDO.
Mount As Select any unused drive letter.
Share drive Select Enable.
Real Media Type Select Tape.
Simulated Media Type Select none.
Rewritable/WORM Select Any.
Location Type the full local path to a folder with sufficient space for the cache. Or click
Browse to find and select an existing folder.
Cache Size Type the cache size, and select the associated unit size.
Page Size Select 1024.
14.Click Create.
The QStar Archive Manager creates the new Integral Volume set using the specified
parameters.
15.On the left-side menu, under Integral Volumes, select Media Management.
The add/remove media lists appears.
16.In Integral Volume Name, select the name of the Integral Volume set.
17.In Library, select the library.
18.For each tape slot being added to the Integral Volume set, select the tape slot from the
right-side list and click the button to move it to the left-side list.
The QStar Archive Manager assigns the tape slots in the left-side list to the Integral Volume
set.
19.On the left-side menu, under Integral Volumes, select Volume Management.
20.In Integral Volume Name, select the name of the Integral Volume set.
21.Click Mount.
The QStar Archive Manager mounts the Integral Volume set, and makes the Integral Volume
set available for the Rubrik cluster to use as a tape archival location.
22.Click Properties.
The Properties dialog box appears.
23.(Recommended) In HPC, set the slider to 85%.
This sets the high water mark for the cache to 85%.
24.(Recommended) In LPC, set the slider to 10%.
This sets the low water mark for the cache to 10%.
25.Click OK.
26.(Optional) On the left-side menu, under Integral Volumes, select Migration View.
The tasks in step 27 through step 30 are part of this optional configuration task.
27.Select Delayed Archiving.
The Delayed Archiving dialog box appears.
28.Select Enabled.
29.In Age Time, specify values in Days, Hours, and Minutes.
The resulting combination of days, hours, and minutes sets the maximum time that data can
reside in the cache before being written to tape.
30.Click OK.
This appendix describes an alternate method of creating and initializing the Active Directory
computer account that the Rubrik cluster uses, in the following sections:
Overview ............................................................................................................... 711
Permissions required for the initialization account ..................................................... 711
Delegating the permissions to the initialization account ............................................. 712
Confirming the delegation of permissions ................................................................. 713
Overview
A Rubrik cluster requires a temporary and limited set of permissions to create and initialize a
read-only Active Directory computer account that the Rubrik cluster uses for Active Directory
authentication. Creating this computer account requires the use of an initialization account with
broader permissions. The initialization account connects to a given Active Directory domain only
once.
Overview 711
Active Directory Account