Preparing for SaaS application data protection

Before you start protecting your Asana data, complete the following steps:

Getting familiar with your SaaS application specifics

Before you start protecting your Asana data, you must get familiar with all prerequisites, limitations, considerations, and/or recommendations in this topic to make sure that your module is prepared and configured correctly.

Prerequisites

Before you configure the module in R-Cloud, create the personal access token on your Asana account. For details, see topic Creating the personal access token.

The Asana user who created the personal access token must be added to all Asana projects, portfolios, and to the teams that you plan to protect.

Note  Asana uses the delegated authentication and authorization flow. This means that R-Cloud does not store or manage the Asana user names and passwords. Instead, R-Cloud passes the control to Asana by identifying itself with a personal access token. When Asana allows you to choose an account and to sign in, Asana hands over the control back to R-Cloud along with the personal access token.

Limitations

General limitations

  • The Asana members can be backed up but cannot be restored. They can be assigned to an Asana object.

  • Data protection is possible for all Asana objects that are accessible by using the personal access token.

  • The custom Asana fields can be protected only if using a paid Asana subscription plan.

  • The custom Asana fields can be protected only at the workspace level.

  • The workspace recovery will restore to the same workspace that was used for the backup because Asana does not allow you to create new workspaces.

  • The restored objects will have a new timestamp and will be created by the token user. The data cannot be restored on behalf of other users.

  • The following cannot be protected:

    • Box, Dropbox, Gdrive, OneDrive, and Vimeo attachment types.

    • The portfolio's custom field values.

    • The repeat option of the Due Date Task Field.

API call rate limitations

  • For free users: 150 calls per minute

  • For the premium, business, and enterprise users: 1500 calls per minute

These limitations may cause the HTTP 429 Too Many Requests errors during the backup and restore procedures.

Creating a personal access token

To create a personal access token in Asana, follow these steps:

  1. Go to the Asana developer console at https://app.asana.com/0/my-apps.

  2. Go to your Personal access tokens, and then click Create new token.

  3. Give the token a name, accept the Asana's terms and conditions, and click the Create token button.

  4. The token appears on your screen. Copy the token.

When adding the module as a source, provide the following information:

  • Display name

  • Backup target

  • AUTH_SETTINGS

  • Personal access token

Configuring SaaS application data backup options

Before you start protecting SaaS applications, you can adjust SaaS application protection to the needs of your data protection environment by configuring backup options in R‑Cloud.

Important  Configuring backup options is not supported for all types of SaaS applications. Additionally, the list of available backup options varies depending on the type of your SaaS application.

Backup options

Backup option Description
Exclude Resources

Enables you to specify one or more resources to be excluded from the backup.
Options

Enables you to use backup options specific to each SaaS application or SaaS application resource (for example, if you are protecting Google Cloud SQL, you can set the offload option that enables R‑Cloud to delegate the export operation to a separate data mover).
Data Movers

Enables you to specify the source, the region, and the subnet where you want R‑Cloud to create a data mover during the backup. If the specified source is an , you can also select a security group. If the specified source is an Azure resource group, you must select a network.

Important  For the SaaS applications that run in an , in an Azure resource group, or in a Google Cloud project: If you do not configure this backup option, R‑Cloud by default creates the data mover in your , Azure resource group, or Google Cloud project after you set up a target in R‑Cloud or add a source to R‑Cloud.

Prerequisites

  • For Google Cloud SaaS applications: Specifically for the HMSA, R‑Cloud requires additional permissions. For details, see Google Cloud permissions required by R‑Cloud.

  • Only if you plan to configure the data mover and select the Azure resource group as a source for the data mover. The network that you select must allow your Azure service principal or the HMSP to access the specified source and the targets that store the protected data.

  • The data movers must have access to the SaaS applications that you want to protect and to the targets that store the protected data. To ensure this, configure SaaS application backup options so that the data mover uses the appropriate subnet.

    Tip  You can check under which subnet the SaaS applications and the targets are accessible in your cloud provider management console.

Consideration

Only if you plan to store the protected SaaS application data on an Azure target. For security purposes, it is recommended that you configure SaaS application backup options so that R‑Cloud creates the data mover in the Azure resource group to keep the protected data in the same Azure environment during the backup.

Recommendation

If you plan to use targets for storing the protected data, optimize the egress data costs by configuring SaaS application backup options so that the data mover uses the same or the nearest available region as the target.

Note  R‑Cloud performs automatic synchronization of SaaS applications at periodic intervals. However, you can at any time update the list of SaaS applications also manually by clicking Synchronize Refresh.

To access the SaaS panel, in the navigation pane, click SaaS SaaS.

Procedure

  1. In the SaaS panel, select the SaaS application or the resource for which you want to configure backup options.

  2. Click Configuration Configuration. The SaaS Configuration dialog box opens.

  3. Depending on what you want to do, perform the required action:

    I want to... Instructions
    Exclude resources from the backup. On the Exclude Resources tab, select the resources that you want to exclude from the backup.
    Use a backup option specific to my SaaS application or resource. On the Options tab, specify which of the available backup options you want to use and provide the required information.
    Specify the source, the region, the subnet, the network, or the security group for a data mover.

    On the Data Movers tab, do the following:

    1. From the Compute drop-down menu, select the source for the data mover.

      Important  If the type of the source that you select for the data mover differs from the source where the target specified in the R‑Cloud policy resides, this may result in data egress charges.

    2. From the Region drop-down menu, select the preferred region.

    3. For Azure resource groups: From the Network drop-down menu, select the preferred network.

    4. From the Subnet drop-down menu, select the preferred subnet.

    5. For s: Optionally, from the Security Group drop-down menu, select the preferred security group. By default, the data mover is created in the default security group of the preferred subnet.

  4. Click Save.