Dell PowerProtect Cyber Recovery 19.15 Product Guide

Managing policies

Create policies to perform replications, make point-in-time (PIT) copies, set retention locks, and perform other Cyber Recovery operations within the Cyber Recovery vault. You can also modify existing policies.

1. Select Policies from the Main Menu.
2. In the Policies content pane, do one of the following:
   1. To create a policy, click Add.
      The Add Policy wizard is displayed.
   2. To modify a policy, select a policy and click Edit.
      The Summary page of the Edit Policy wizard is displayed. Click Back to go to the wizard page that you want to modify.
3. On the Policy Information page, complete the following fields and then click Next:

   Table 1. Policy Information pageTable that describes the fields in the Policy Information page.

   Field	Description
   Name	Specify a policy name.
   Type	From the drop-down list, select either PPDM, Sheltered Harbor, or Standard. NOTE: Standard denotes NetWorker, Avamar, Filesystem, and Other policy types. A PowerProtect Data Manager policy requires two MTrees for configuration. If the Sheltered Harbor feature is not enabled, the drop-down list does not include Sheltered Harbor.
   Storage	Select the vault storage containing the replication context that the policy will protect. NOTE:You cannot edit the vault storage for an existing policy.
   Tags	Optionally, add a tag that provides useful information about the policy. The tag is displayed in the details description for the policy in the Policies content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add. NOTE:If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).

4. On the Replication page, complete the following fields and then click Next:

   Table 2. Replication pageTable that describes the fields in the Replication page.

   Field	Description
   Replication Contexts	Under Context, select the MTree replication context to protect and the interface on the storage instance that is configured for replication. Under Ethernet Port, click Select Repl Ethernet and then select the interface on the storage instance that is configured for replication. NOTE: There can be only one policy per replication context, except for PowerProtect Data Manager policy types, which require a minimum of two replication contexts to create a PowerProtect Data Manager policy. Do not select the data or management Ethernet interfaces. If your DD system is running a version of DDOS that is earlier than version 7.8 and you select a Retention Lock Compliance replication context, the context will not be disabled.
   ServerDR Context	For a PowerProtect Data Manager deployment, select a ServerDR context from the list of replication contexts.
   Replication Window	Set a timeout value in hours for how long a job for a Sync action runs before Cyber Recovery issues a warning. The default value is 0. NOTE:If a job exceeds the time configured for the replication window, an alert is generated.
   Enforce Replication Window	If you change the default value in the Replication Window field, the Enforce Replication Window checkbox is displayed. Enable the checkbox to stop a Sync operation that continues to run beyond the replication window limit for that policy. When the replication window limit is exceeded, the operation completes the current DD snapshot replication and does not proceed to replicate queued snapshots.

5. On the Retention page, complete the following fields and then click Next:

   Table 3. Retention pageTable that describes the fields in the Retention page.

   Field	Description
   Retention Lock Type	Select one of the following: (Add Policy dialog box only) None, if retention locking is not supported. The retention fields are then removed from the dialog box. NOTE:A Sheltered Harbor policy cannot have a retention lock type of None. Governance if it is enabled on the storage instance. (Edit Policy dialog box only) Governance-disabled. Compliance if it is enabled on the storage instance.
   Enable Auto Retention Lock	NOTE:A Sheltered Harbor policy type does not support this feature. Optionally, if the retention lock type is Governance or Compliance, click the checkbox to enable the automatic retention lock feature. There is a five-minute delay before the lock is applied. NOTE: You cannot disable the automatic retention lock feature after you enable it.
   Retention Lock Minimum	Specify the minimum retention duration that this policy can apply to PIT copies. This value cannot be less than 12 hours.
   Retention Lock Maximum	Specify the maximum retention duration that this policy can apply to PIT copies. This value cannot be greater than 1,827 days.
   Retention Lock Duration	Specify the default retention duration that this policy applies to PIT copies. The value can be the retention lock minimum up to the retention lock maximum.

   If you selected a Retention Lock Compliance replication context or the Compliance Retention Lock type, the Storage Security Credentials page is displayed. Otherwise, the Summary page is displayed.

6. On the Storage Security Credentials page, enter the DD Security Officer (SO) username and password and then click Next.
   NOTE: This username was created on the DD system.
7. Review the Summary page and either:
   • Click Finish if you are satisfied with the summary information and want to add the policy.
   • Click Back to return to the previous pages to change the information.
   If you selected a Retention Lock Compliance replication context and your deployment is running a version of DDOS that is earlier than version 7.8, the Cyber Recovery software fails to create the policy.
   By default, the Policies table lists the policies.
8. Click a policy's row to open the details pane and view additional details about a policy, and then:
   1. Click to close the details pane.
   2. Click to open the details pane again.
9. To customize the columns in the table that lists the policies, click and select the columns to show or hide.
10. Disable or enable a policy:
    1. To disable a policy so that it does not run, swipe left on the slider under Enabled. An informational message confirms that the policy has been disabled and the Edit button is inactive. Also, an event is created.
    2. To sort policies by status, click Enabled.
    3. To filter on status, click and then click the Enabled or Disabled checkbox. Only the policies with the selected status are displayed. If you select both checkboxes, all policies are displayed.
    4. To reenable a policy, swipe right on the slider under Enabled. An informational message confirms that the policy has been reenabled and the Edit button is active. Also, an event is created.
11. To export policy information, select a policy and click Export.
    The Downloads window opens and lists the policies.csv file. Depending on your browser, click Open file or the file name to open the spreadsheet. A number in parentheses indicates the next downloaded file, and the number is incremented for each subsequent download. To view previous downloads, depending on your browser, click See more or Show all downloads and select a file.
12. To remove a policy, select an enabled or disabled policy and click Delete.
    NOTE:You cannot delete a policy with associated copies or that is associated with a scheduled report.