Managing sources
R‑Cloud provides data protection for the following sources:
-
AWS accounts
-
Google Cloud projects
-
R-Cloud modules
Prerequisite
You must have the Administrator role assigned.
Consideration
Depending on whether you are a subscription administrator or a protection set administrator, consider the following:
-
If you are a subscription administrator: You can view and manage all sources in all protection sets in your data protection environment.
-
If you are a protection set administrator: You can view and manage only the sources in the currently selected protection set.
You can add, edit, or remove the sources directly from R‑Cloud. When adding sources, R‑Cloud may request you to grant the required permissions or roles to R‑Cloud.
For details on how to manage sources, see the following topics:
To access the Sources dialog box from the toolbar, click Administration, and then select Sources.
To access the Sources dialog box from the R-Graph, in an empty R-Graph with no sources configured, click Set Up Source.
Managing AWS accounts
You can perform the following tasks related to AWS accounts:
Task | Instructions |
---|---|
Add an AWS account. | Adding AWS accounts |
Edit an existing AWS account. | Editing AWS accounts |
Remove an AWS account that you no longer need. | Removing AWS accounts |
Adding AWS accounts
Prerequisite
Only if you plan to add your AWS account to a protection set other than the default one. The protection set must be created. For instructions, see Creating protection sets.
Consideration
You can also add sources directly from the Marketplace panel by clicking Configure in the product details page, bypassing the initial Sources dialog box.
Procedure
-
Not applicable if you are redirected from the Marketplace panel. In the Sources dialog box, click the AWS tab, and then click New.
-
From the Protection Set drop-down menu, select the protection set to which you want to add the AWS account. By default, the AWS account is added to the currently selected protection set.
-
Enter the account ID, and, optionally, a display name for the AWS account, and then click Add.
-
Click Create IAM Role. The AWS Management Console opens.
Important You must be signed in to AWS Management Console with the account that you are adding to R‑Cloud. If you are already signed in to AWS Management Console with a different account when you create the IAM roles, the creation fails.
-
In the AWS Management Console, on the Quick create stack page, confirm the capabilities required by R‑Cloud by clicking I acknowledge that AWS CloudFormation might create IAM resources with custom names, and then click Create stack.
-
Return to the R‑Cloud web user interface, and then click Save.
The AWS account is added to the list of sources.
Note If you do not complete the IAM role creation step in the AWS Management Console or if you enter an incorrect account ID, the source adding procedure is suspended after a timeout and the status of the source is Preparing. If this happens, remove the source, and then add it to R‑Cloud again. For instructions, see Removing AWS accounts.
Editing AWS accounts
Procedure
-
In the Sources dialog box, from the list of account IDs, select the AWS account that you want to edit, and then click Edit.
-
Edit the selected AWS account as required.
-
Click Save.
Removing AWS accounts
You can at any time remove AWS accounts that you no longer need.
Consideration
Removing the AWS account from R‑Cloud does not delete any IAM resources that were created in the AWS account.
Procedure
-
In the Sources dialog box, from the list of account IDs, select the AWS account that you want to remove from R‑Cloud, and then click Delete.
-
Click Delete to confirm that you want to remove the selected AWS account.
Managing Google Cloud projects
You can perform the following tasks related to Google Cloud projects:
Task | Instructions |
---|---|
Add a Google Cloud project and enable the HYCU Managed Service Account for it. | Adding Google Cloud projects |
Remove a Google Cloud project that you no longer need. | Removing Google Cloud projects |
Enabling the HYCU Managed Service Account
The HYCU Managed Service Account (HMSA) is a special type of account that is designed specifically for R‑Cloud to run data protection operations. It provides business continuity of your data protection environment by enforcing a single service account that cannot be deleted accidentally, and at the same time it also delivers enhanced security by uniquely identifying the service and using key rotation to limit risks associated with potential service account key leaks.
You enable the HMSA for a project by following the HYCU Managed Service Account configuration wizard when adding a Google Cloud project as a source.
Adding Google Cloud projects
Prerequisite
Only if you plan to add your Google Cloud project to a protection set other than the default one. The protection set must be created. For instructions, see Creating protection sets.
Consideration
You can also add sources directly from the Marketplace panel by clicking Configure in the product details page, bypassing the initial Sources dialog box.
Procedure
-
Not applicable if you are redirected from the Marketplace panel. In the Sources dialog box, click the Google Cloud tab, and then click New.
-
From the Protection Set drop-down menu, select the protection set to which you want to add the Google Cloud project. By default, the Google Cloud project is added to the currently selected protection set.
-
Enter the project ID, and then click Add. The HMSA email is displayed.
-
Click Copy to Clipboard to copy the HMSA email to the clipboard. You need the email address to assign permissions to the HMSA.
-
Click Grant Access to open the HYCU Managed Service Account configuration wizard.
The HYCU Managed Service Account configuration wizard guides you through all the required steps of enabling the HMSA for the project.
-
After you successfully complete all the steps, return to the R‑Cloud web user interface, and then click Save.
The Google Cloud project is added to the list of sources.
Note If you do not complete the steps in the HYCU Managed Service Account configuration wizard or if you enter an incorrect project ID, the source adding procedure is suspended after a timeout and the status of the source is Preparing. If this happens, remove the source, and then add it to R‑Cloud again. For instructions, see Removing Google Cloud projects.
Removing Google Cloud projects
You can at any time remove Google Cloud projects that you no longer need.
Consideration
Removing the Google Cloud project from R‑Cloud does not delete any IAM resources that were created in the Google Cloud project.
Procedure
-
In the Sources dialog box, on the Google Cloud tab, select the Google Cloud project that you want to remove from R‑Cloud, and then click Delete.
-
Click Delete to confirm that you want to remove the selected project.
Managing R-Cloud modules
You can perform the following tasks related to R-Cloud modules:
Task | Instructions |
---|---|
Add an R-Cloud module as a source. | Adding R-Cloud modules |
Edit an existing R-Cloud module. |
Editing R-Cloud modules |
Remove an R-Cloud module that you no longer need. | Removing R-Cloud modules |
Adding R-Cloud modules
To be able to protect SaaS application data, you must add an R-Cloud module to R‑Cloud as a source.
If the R-Cloud module supports storing data on a staging target, as part of adding an R-Cloud module, you also add an Amazon S3 bucket, a Google Cloud bucket, or an S3 compatible bucket to R‑Cloud as a staging target. The staging target is used either to temporarily store SaaS application data before it is moved to the target that you define in the R‑Cloud policy, or to store SaaS application data as a snapshot. For information on whether your R-Cloud module supports staging targets, see the
Prerequisites
-
Only if you plan to add your R-Cloud module to a protection set other than the default one. The protection set must be created. For instructions, see Creating protection sets.
-
Only if your R-Cloud module supports storing data on a staging target. The staging target that you plan to add to R‑Cloud must be created in Amazon S3 or Google Cloud Storage.
Limitations
Only if your R-Cloud module supports storing data on a staging target. When adding a staging target to R‑Cloud, the following limitations apply:
-
Targets that are specified in any of the R‑Cloud policies cannot be used as staging targets.
-
Targets with Object Lock (WORM) enabled cannot be used as staging targets.
-
Automatically created staging targets are created only in Google Cloud Storage.
-
The staging target that you add to R‑Cloud when adding an R-Cloud module, and the target that is defined in the policy that is assigned to the related SaaS application must reside on the same cloud platform.
Considerations
-
Only if your R-Cloud module supports storing data on a staging target. When adding a staging target to R‑Cloud, consider the following:
-
The staging target must be dedicated exclusively to SaaS application backups.
-
Data belonging to different R-Cloud modules cannot be stored on the same staging target (one staging target per R-Cloud module).
-
If you use an automatically created staging target, the HMSA must be configured to perform all operations on the target specified in the policy that is assigned to the related SaaS application. Alternatively, the same cloud account must be configured to perform all operations on both targets (the staging target and the target specified in the policy that is assigned to the related SaaS application).
-
-
You can also add sources directly from the Marketplace panel by clicking Configure in the product details page, bypassing the initial Sources dialog box.
Procedure
-
Not applicable if you are redirected from the Marketplace panel. In the Sources dialog box, click the SaaS tab, and then click New.
-
From the R‑Cloud Module drop-down menu, select the R-Cloud module that you want to add to R‑Cloud.
-
In the Display Name field, enter a display name for the R-Cloud module.
-
From the Protection Set drop-down menu, select the protection set to which you want to add the R-Cloud module. By default, the R-Cloud module is added to the currently selected protection set.
-
Only if your R-Cloud module supports storing data on a staging target. From the Staging Target drop-down menu, select one of the following for storing data:
-
Only if your R-Cloud module supports automatically created targets. Automatically selected
If you select this option, R‑Cloud automatically creates a staging target and uses it to temporarily store the data.
-
Any available staging target of your choice
-
-
Provide the required authentication information, such as the organization name, the user name, API tokens, the preferred service account, and so on.
-
Click Save.
Editing R-Cloud modules
Procedure
-
In the Sources dialog box, from the list of R-Cloud modules, select the one that you want to edit, and then click Edit.
-
Edit the selected R-Cloud module as required.
-
Click Save.
Removing R-Cloud modules
You can at any time remove R-Cloud modules that you no longer need.
Prerequisites
-
All the policies must be unassigned from all the SaaS applications in the R-Cloud module. To unassign the policies from the SaaS applications, in the SaaS panel, select the applications, and then click Set Policy. Click Unassign, and then click Yes to confirm that you want to unassign the policies from the selected SaaS applications.
-
No restore points must be present for any of the SaaS applications in the R-Cloud module. If any of the SaaS applications in the R-Cloud module still have valid restore points, you must expire them manually and wait for the next retention maintenance task to finish before removing the R-Cloud module. For details on how to expire restore points, see Expiring backups manually.
-
No tasks with the Ready status or a progress bar indicating the Running status must be present for the R-Cloud module.
Procedure
-
In the Sources dialog box, from the list of R-Cloud module, select the one that you want to remove from R‑Cloud, and then click Delete.
-
Click Delete to confirm that you want to remove the selected R-Cloud module.