Managing protection sets
By default, a predefined protection set is created automatically (named default-protection-set) and if your business needs require no additional protection sets, all AWS accounts, Google Cloud projects, and/or R-Cloud modules that you add to R‑Cloud as sources are added to this default protection set. However, you can at any time create additional protection sets and distribute your sources among them. By doing so, you define different scopes of data protection that best suit your needs and gain an at-a-glance view of the sources in each protection set.
Prerequisite
You must have the Administrator role assigned at the subscription level.
You can perform the following tasks related to protection sets:
Task | Instructions |
---|---|
Create a protection set and include preferred sources in it. | Creating protection sets |
Edit an existing protection set. | Editing protection sets |
Add a Google Cloud project to a protection set by using a label. | Adding Google Cloud projects to a protection set by using a label |
Remove a Google Cloud project from a protection set by using a label. | Removing Google Cloud projects from a protection set by using a label |
Delete a protection set that you no longer need. | Deleting protection sets |
To access the Protection Sets dialog box, click Administration, and then select Protection Sets.
Creating protection sets
You can create additional protection sets that allow you to have different data protection setup for different groups of sources.
Considerations
-
If you move a source to a different protection set, consider the following:
- Policies will be automatically unassigned from the entities in the source.
- If you move an AWS account or a Google Cloud project, the credential groups that were manually assigned to the instances in the account or the project will be automatically unassigned from those instances.
- An AWS account cannot be moved to a different protection set if its default AWS IAM role is assigned to an existing target. To be able to move the AWS account to a different protection set, you must either delete the target or make sure that the target uses a different cloud account.
Procedure
-
In the Protection Sets dialog box, click New.
-
Enter a name for your protection set and, optionally, its description.
-
From the list of available sources, select one or more sources that you want to include in the protection set.
Tip You can search for a source by entering its name in the search field and then pressing Enter. By selecting the Source check box, you select all sources at once.
-
Click Save.
The protection set is created and added to the list of protection sets.
Editing protection sets
You can change the name of a protection set, add sources to the protection set, or remove sources from the protection set.
When you remove a source from the protection set other than the default one, the source is automatically moved to the default protection set. If you want to completely remove the source from R‑Cloud and stop protecting its resources, you must remove the source from the default protection set.
As an alternative to adding or removing sources by using the R‑Cloud web user interface, you can also add or remove Google Cloud projects from protection sets by using a label. For details, see the following
-
Adding Google Cloud projects to a protection set by using a label
-
Removing Google Cloud projects from a protection set by using a label
Considerations
-
If you move a source to a different protection set, consider the following:
- Policies will be automatically unassigned from the entities in the source.
- If you move an AWS account or a Google Cloud project, the credential groups that were manually assigned to the instances in the account or the project will be automatically unassigned from those instances.
- An AWS account cannot be moved to a different protection set if its default AWS IAM role is assigned to an existing target. To be able to move the AWS account to a different protection set, you must either delete the target or make sure that the target uses a different cloud account.
Procedure
-
In the Protection Sets dialog box, from the list of protection sets, select the one that you want to edit, and then click Edit.
-
Edit the name of the protection set and its description.
-
Only if you want to add sources to the protection set. From the list of sources, select one or more sources that you want to add to the protection set. The sources that already belong to the protection set are preselected.
-
Only if you want to remove sources from the protection set. From the list of sources, deselect one or more sources that you want to remove from the protection set. The sources that belong to the protection set are preselected.
-
Click Save.
-
Only if you want to add or remove sources from the protection set. Click Yes to confirm that you want to add or remove the sources from the protection set.
Adding Google Cloud projects to a protection set by using a label
As an alternative to adding a project to a protection set by using the R‑Cloud web user interface, you can also add a project to a protection set by attaching the hycu-protection-set
label to the project in Google Cloud.
Prerequisite
The protection set to which you want to add the project must be created in R‑Cloud.
Procedure
In Google Cloud, attach the label to the project as the following key/value pair:
Key | Value |
---|---|
hycu-protection-set
|
In this case, |
For detailed instructions on how to create and manage labels, see Google Cloud documentation.
Removing Google Cloud projects from a protection set by using a label
As an alternative to removing a project from a protection set by using the R‑Cloud web user interface, you can also remove a project from a protection set by attaching the hycu-protection-set
label to the project in Google Cloud.
Consideration
If after excluding a project from a protection set and R‑Cloud by using the hycu-project-exclude
label, you need to add the same project to R‑Cloud again, contact HYCU Support.
Procedure
In Google Cloud, add the label to the project as the following key/value pair:
Key | Value |
---|---|
|
true |
After you add the label to the project, it is no longer included in the protection set and R‑Cloud no longer retrieves its information from Google Cloud.
For detailed instructions on how to create and manage labels, see Google Cloud documentation.
Deleting protection sets
You can at any time delete protection sets that you no longer need.
Prerequisites
- The protection set that you want to delete must be empty with no included sources.
-
The current data protection scope must be set to a protection set other than the protection set that you want to delete.
Consideration
The default protection set created by R‑Cloud cannot be deleted.
Procedure
-
In the Protection Sets dialog box, from the list of protection sets, select the one that you want to delete from R‑Cloud, and then click Delete.
-
Click Delete to confirm that you want to delete the selected protection set.