Establishing a data protection environment
After you sign in to R‑Cloud, you must establish a data protection environment in which data will be effectively protected.
Consideration
Keep in mind that the role you have assigned determines what kind of actions you can perform. For details on roles, see R‑Cloud roles.
If you have the Administrator role assigned, you can switch between the Subscription and Protection set contexts. Depending on the scope of the tasks that you want to perform, click 
next to the name of the currently selected context to switch to another one. The Subscription context enables you to perform administration tasks related to the selected subscription such as adding identity providers, adding or removing users, and changing roles, whereas the Protection set context enables you to perform data protection tasks related to the selected protection set. See Managing identity and access and Managing protection sets for details.
Tasks
Before you start establishing your data protection environment, review all tasks that are listed in this topic and determine their applicability to your specific environment. Perform only those tasks that are relevant to your environment.
Define your data protection scopeR‑Cloud employs protection sets to group sources that you add to R‑Cloud. Your data protection scope is always one of the following types of protection sets:
| Protection set | Created by | Description |
|---|---|---|
| Predefined | R‑Cloud automatically | R‑Cloud automatically creates a predefined protection set and all sources that you add to R‑Cloud are by default included in this protection set. |
| Custom | Administrator |
If your business needs extend beyond the predefined protection set, an administrator can create one or more additional protection sets, and distribute the sources among them. In this case, access to the data protection sets is restricted according to role-based access control (RBAC) permissions. If you have access to more than one protection set, see Selecting an R‑Cloud protection set. |
You must create a data mover configuration only if it is mandatory for the entities that you plan to protect, or if you do not want to use the default data mover location that is defined by R‑Cloud. In addition, creating a data mover configuration is mandatory if your company security policies require it.
| I plan to protect... | Is creating a data mover configuration mandatory? | Where are data movers created by default? |
|---|---|---|
| iManage Cloud, Box, or Microsoft 365 SaaS applications | 
|
N/A |
| SaaS applications that run natively in AWS, Azure, or Google Cloud | 
|
In the original SaaS instance location. |
| SaaS applications that do not run natively in AWS, Azure, or Google Cloud |
|
In compute that is provided and managed by HYCU. |
| Applications, instances, or buckets |
|
In the original source of the instance, the application, or the bucket. |
The data mover configuration must be assigned to the entities that you plan to protect. You can do this in one of the following ways:
-
By specifying the Data Movers configuration property.
-
By setting up automatic assignment of the data mover configuration.
-
By enabling the Use data mover configuration switch when adding the source to R‑Cloud.
For more information, see Creating a data mover configuration.
Depending on what kind of data you plan to protect, you must add one or more of the following environments to R‑Cloud: an AWS account, an Azure resource group, a Google Cloud project, or a SaaS instance.
For more information, see Adding sources.
In certain data protection scenarios, you must add also compute to ensure that R‑Cloud has access to computing resources that are required to create and run data movers (instances that R‑Cloud creates automatically for data protection purposes). Adding compute is mandatory in the following scenarios:
-
If you plan to protect the iManage Cloud, Box, or Microsoft 365 SaaS applications.
-
If you plan to protect SaaS applications that do not run natively in AWS, Azure, or Google Cloud, and your company security policies require using your own compute for creating data movers.
You can add compute as a separate procedure or as part of setting up a target.
For more information, see Adding compute.
As an alternative to using automatically created targets, R‑Cloud allows you to set up your own targets and use them as locations for storing the protected data.
For more information, see Setting up targets.
You can use any of the predefined policies to simplify the data protection implementation, or, if none of the predefined policies meets the needs of your environment, you can create a new policy and tailor it to your needs.
For more information, see Defining your backup strategy.
In certain data protection scenarios, you must configure your network to allow R‑Cloud to access the required data.
For more information, see Enabling network access.