PowerProtect Data Manager 19.10 Cyber Recovery User Guide

PDF

Managing policies

Create policies to perform replications, make point-in-time (PIT) copies, set retention locks, and perform other Cyber Recovery operations within the Cyber Recovery vault. You can also modify and delete policies.

Prerequisites

  • Ensure that a storage object is available to reference in the policy and that it has an unprotected replication context.
  • Policies that perform recovery or analysis operations require an application.
  • To protect a Retention Lock Compliance replication context, your DD system must be running DDOS 7.8.

About this task

You can create up to 25 policies for a maximum of five DD systems in the Cyber Recovery vault. Only one policy can protect a replication context.

The Cyber Recovery software supports PowerProtect Data Manager policies that govern multiple MTrees.

You can disable a policy so that you can use the replication contexts of that disabled policy to create a new policy. If you use the contexts of a disabled policy, you cannot then enable that policy. You can use a disabled policy's copy to perform a recovery operation manually or from the Recovery window.

Steps

  1. Select Policies from the Main Menu.
  2. In the Policies content pane, do one of the following:
    1. To create a policy, click Add.
      The Add Policy wizard is displayed.
    2. To modify a policy, select a policy and click Edit.
      The Summary page of the Edit Policy wizard is displayed. Click Edit or Back to go to the wizard page that you want to modify.
  3. On the Policy Information page, complete the following fields and then click Next:
    Table 1. Policy Information page
    Field Description
    Name Specify a policy name.
    Type From the drop-down list, select PPDM.
    Storage Select the storage object containing the replication context that the policy will protect.
    NOTE You cannot edit the storage object for an existing policy.
    Tags Optionally, add a tag that provides useful information about the policy. The tag is displayed in the details description for the policy in the Policies content pane in the Cyber Recovery UI. Click Add Tag, enter the tag, and then click Add.
    NOTE If a tag exceeds 24 characters, the details description displays the first 21 characters followed by an ellipsis (...).
  4. On the Replication page, complete the following fields and then click Next:
    Table 2. Replication page
    Field Description
    Replication Contexts
    1. Under Context, select the MTree replication context to protect and the interface on the storage instance that is configured for replications.
    2. Under Ethernet Port, select the interface on the storage instance that is configured for replications.
    NOTE
    • There can be only one policy per replication context, except for PowerProtect Data Manager policy types, which support multiple replication contexts.
    • Do not select the data or management Ethernet interfaces.
    • If your DD system is running a version of DDOS that is earlier than version 7.8 and you select a Retention Lock Compliance replication context, the policy creation fails.
    Replication Window Set a timeout value in hours for how long a job for a Sync action runs before Cyber Recovery issues a warning. The default value is 0.
    Enforce Replication Window If you change the default value in the Replication Window field, the Enforce Replication Window checkbox is displayed. Enable the checkbox to stop a Sync operation that continues to run beyond the replication window limit for that policy. When the replication window limit is exceeded, the operation completes the current DD snapshot replication and does not proceed to replicate queued snapshots.
  5. On the Retention page, complete the following fields and then click Next:
    Table 3. Retention page
    Field Description
    Retention Lock Type Select one of the following:
    • (Add Policy dialog box only) None, if retention locking is not supported. The retention fields are then removed from the dialog box.
    • Governance if it is enabled on the storage instance.
    • (Edit Policy dialog box only) Governance-disabled.
    • Compliance if it is enabled on the storage instance.
    Enable Auto Retention Lock Optionally, if the retention lock type is Governance or Compliance, click the checkbox to enable the automatic retention lock feature. There is a five-minute delay before the lock is applied.
    NOTE You cannot disable the automatic retention lock feature after you enable it.
    Retention Lock Minimum Specify the minimum retention duration that this policy can apply to PIT copies. This value cannot be less than 12 hours.
    Retention Lock Maximum Specify the maximum retention duration that this policy can apply to PIT copies. This value cannot be greater than 1,827 days.
    Retention Lock Duration Specify the default retention duration, which is a value between the retention lock minimum and maximum values, that this policy applies to PIT copies.

    If you selected a Retention Lock Compliance replication context or the Compliance Retention Lock type, the Storage Security Credentials page is displayed. Otherwise, the Summary page is displayed.

  6. On the Storage Security Credentials page, enter the DD Security Officer (SO) username and password and then click Next.
    NOTE This username was created on the DD system.
  7. Review the Summary page and either:
    • Click Finish if you are satisfied with the summary information and want to add the policy.
    • Click Back to return to the previous page to change the information.
    • Click Edit to return to a specific page in the wizard to change information.
    If you selected a Retention Lock Compliance replication context and your deployment is running version of DDOS that is earlier than version 7.8, the Cyber Recovery software fails to create the policy.
  8. To disable an existing policy but not delete it, select the policy and then click Disable.
    The disabled policy is no longer displayed in the list of enabled policies.
    NOTE When you create a policy, it is enabled by default.
  9. To view disabled policies, click Enabled Policies > View Disabled Policies
    The policy is displayed in the list of disabled policies, and the Status column indicates that the policy is disabled.
  10. To enable a disabled policy so that it runs again, from the window that lists the disabled policies, select the policy and then click Enable.
    The enabled policy is no longer displayed in the list of disabled policies.
  11. To view enabled policies from the window that lists the disabled policies, click Disabled Policies > View Enabled Policies
    The policy is displayed in the list of enabled policies, and the Status column indicates that the policy is enabled.
  12. To remove a policy:
    1. Ensure that there are no active copies that are associated with the policy. Delete any copies before you try to delete the policy.
    2. Select the policy and then click Delete
    NOTE
    • The Cyber Recovery software supports PowerProtect Data Manager policies that govern multiple MTrees.
    • You cannot delete a disabled policy until there are no active copies associated with the policy.
    • If you delete a policy with the retention lock type set to Compliance, the policy is no longer displayed in the Cyber Recovery UI. However, the associated MTree remains on the DD system. If you are running DDOS 7.3 and later, you can remove the empty MTree manually.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\