Exploring R-Graph

R-Graph is a visual representation of your data protection environment, displaying the topology, data protection and compliance statuses of different data sources—cloud workloads, applications and databases, and SaaS applications.

Prerequisite

An identity provider that R‑Cloud uses to perform SaaS service discovery must be added to R‑Cloud. For details, see Discovering SaaS services.

Consideration

If no identity provider is configured, only the protection sets and sources that you already configured in R‑Cloud are shown. If no sources are configured, an empty R-Graph is shown.

R-Graph elements and structure

R-Graph can be viewed in two layouts: the tree layout or the force-directed layout. Both layouts use the same elements to represent your environment. Each node in the graph represents an element of the data protection environment—protection sets, services, and sources. Connections between nodes represent relationships between these elements—sources are grouped under services and services are grouped under protection sets. Intuitive icons help you to quickly glance the status of data protection for each node and overlay icons show their compliance status.

The following layers of objects represent the data protection environment:

  • Root element. HYCU subscription (visible only in the Subscription context).

  • Protection sets. The default protection set, protection sets that you create, and generic protection set placeholders that group newly discovered services.

  • SaaS services. Various types of services or platforms that can have one or more sources. Examples of SaaS service types are Amazon EC2, Salesforce, Atlassian Jira, and Google Cloud Storage.

  • Sources. s, Google Cloud projects, or R-Cloud modules.

The following figure shows an example of a zoomed-in part of R-Graph in the force-directed layout with three layers of objects (protections sets, services, and sources), their protection status icons, an indicator that there is an R-Cloud module available in HYCU Marketplace, and a tooltip with protection details:

Figure: R-Graph elements

During the initial scan, R‑Cloud matches the discovered SaaS services with existing protection sets and maps them accordingly. If no source for a particular SaaS service is added to any protection set, R‑Cloud shows the service as part of a generic protection set that would be automatically created when you add the first source, using a name based on the industry or domain under which the service is classified. If you do not want to create such a protection set, you can add the source to an existing protection set or create a different protection set.

Note  If a SaaS service is discovered, but R‑Cloud cannot determine its type, the service is placed in a protection set placeholder (node) named saas-general.

Node protection status

The node protection status is indicated by status icons, compliance overlay icons, and tooltips with more details.

The node protection status depends on whether the discovered services have sources added or not:

Services with added sources

Protection indicators

Status icon Description

80% or more included entities have the protection status .

Between 60% and 80% of included entities have the protection status .

Less than 60% of included entities have the protection status .

There are no entities in the node.

Compliance indicators

Node compliance is indicated with overlay icons:

Overlay icon Description

Green

80% or more included entities have the compliance status Green.

Yellow

Between 60% and 80% of included entities have the compliance status Green.

Red

Less than 60% of included entities have the compliance status Green.

Gray There are no entities in the node.

Detailed information about a node

Pause the pointer on the node to display additional information. Each node has the following properties:

Property Description
Protection

Shows the protection status of the node and individual groups of entities in the node.

Compliance

Shows the compliance status of the node and individual groups of entities in the node.

RPO Available only for SaaS applications. Shows the RPO as defined by the SaaS application.
Retention Available only for SaaS applications. Shows the retention period as defined by the SaaS application.

Protection and compliance calculation and inheritance

The protection and compliance status of a node is calculated based on the status of child entities:

  • An entity is protected if it has at least one valid restore point available and the entity has a policy assigned.

  • An entity is compliant if the RPO set in the assigned policy is met.

  • Only entities with an assigned policy are included in compliance calculation.

  • Entities with the Exclude policy assigned are excluded from the protection calculation.

The status of a source, service, or protection set node is based on the status of all entities that are included in the node.

Services discovered through identity providers

The protection and compliance of services discovered through identity providers are shown as follows:

  • A service is not compliant until it is added as a source and is protected by R‑Cloud.

  • An entity is protected if the RPO of the SaaS application is defined, otherwise it is marked as unprotected.

  • When a service with available information about native data protection capabilities is discovered, the protection status is based on its native protection capabilities.

Protection indicators

Status icon Description

Information about native data protection capabilities is available and one or more of the required capabilities is not available. The actual data protection status of the service is not known.

Information about native data protection capabilities is available and all required capabilities are available. The actual data protection status of the service is not known.

Compliance indicators

The compliance indicator is always Gray until a source is added for the service.

Detailed information about native data protection capabilities

Pause the pointer on the node to display information about native data protection capabilities:

Capability Description
Backup automation

Shows if the service offers backup automation. This means that you can:

  • Schedule automated backups in a user interface provided by the service.

  • Customize the frequency of the backups to meet your RPO and backup retention needs.

Off-site storage automation

Shows if the service enables you to automatically export data to an off-site storage location. This means that you can:

  • Automatically export data to an off-site storage location outside of the service.

  • Select the target (for example, Google Cloud Storage or S3 compatible storage) for copies of backup data from a user interface provided by the service.

Self-service restore

Shows if the service provides a user interface to restore deleted or corrupted data from backups.

Note  Recycle bins are not included as data is deleted after a certain amount of time and data deleted from a recycle bin is unrecoverable.

Note  R-Graph only shows if native data protection capabilities are available. The actual data protection status of the service is not known.