PowerProtect Data Manager 19.11 Cyber Recovery User Guide

PDF

Migrating replication contexts in policies

When you create a policy with a Retention Lock Compliance replication context or modify an existing policy to add a Retention Lock Compliance replication context, the Cyber Recovery software detects the context. If your deployment is running DDOS 7.8, the Cyber Recovery software modifies a setting on the DD system in the Cyber Recovery vault. This one-time modification enables the Cyber Recovery software to support Retention Lock Compliance contexts.

When you create a policy that uses a Retention Lock Compliance replication context, the Cyber Recovery UI and CRCLI prompt you for the Security Officer (SO) credentials. By default, the security authorization for disabling replications is set to enabled. This setting means that the DD system continues to prompt for the SO credentials when the Cyber Recovery software attempts to disable a replication at the end of any Sync action. So that the workflow is not impeded, when you create a policy that uses a Retention Lock Compliance replication context, the Cyber Recovery software changes the setting to disabled. This change ensures that for subsequent workflow actions that disable replications and require SO credentials, the Cyber Recovery software is not required to provide these SO credentials.

If a replication context configured in a Cyber Recovery policy is migrated to a Retention Lock Compliance replication context using the same name, the Cyber Recovery software cannot detect this change. The replication context is migrated to a Retention Lock Compliance replication context, but the Cyber Recovery software does not modify the setting on the DD system. Unlike a policy creation, the Cyber Recovery software does not change the authorization for replication disable setting to disabled on the DD system if it is in the enabled state (the default setting). You must change the setting manually on the DD system.

Run the following command on the DD system to verify the current authorization for replication disable setting on the DD system: 
system replication security-auth repl-disable status
If the status is enabled, run the following command on the DD system to set the authorization for replication disable setting to disabled: 
system replication security-auth repl-disable disable

This command requires SO credentials. It provides a one-time modification on the DD and enables future Retention Lock Compliance migrations to work properly.

  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\