- Notes, cautions, and warnings
- Preface
- Getting Started
- Preparing for a Deployment
- Deployment
- Configuration
- Glossary
Access to PowerProtect Data Manager and DDVE is managed by a virtual private cloud (VPC), virtual network service endpoints and their policies, and network and application firewall rules. DDVE uses buckets to store the backed-up data of virtual appliances and virtual machines in GCP.
For more information about this, see the following resources:
To deploy additional instances of DDVE to GCP outside of the PowerProtect Data Manager deployment process, see the PowerProtect DD Virtual Edition in Google Cloud Platform Installation and Administration Guide at Customer Support.
PowerProtect Data Manager deploys with a private IP address. For access from an external site, configure a VPN connection. For security considerations, deploy PowerProtect Data Manager and DDVE to a private subnet.
The following diagram represents the basic PowerProtect Data Manager architecture on GCP. The diagram shows a possible distribution of PowerProtect Data Manager and DDVE in one private subnet and application hosts in another subnet.
Sensitive PowerProtect Data Manager data, such as passwords, is encrypted and stored in a lockbox. The PowerProtect Data Manager Security Configuration Guide at Customer Support provides more information.
The following diagram shows the transfer of data between PowerProtect Data Manager, DDVE, and application hosts. This network traffic composes the majority of data transferred in a Google cloud.
The following diagram shows how data replicates between private subnets as well as the transfer of data during regular operations. The diagram also shows the application hosts distributed between public and private subnets.
If you have a different DDVE instance in each region or zone, configure PowerProtect Data Manager policies to protect all the hosts in the same region or zone as each DDVE instance.