Enabling access to data
In the following data protection scenarios, you must enable access to data by assigning credential groups to instances in R‑Cloud:
Guest OS | Data protection scenario |
---|---|
Any |
You plan to use the default view when restoring individual files or folders. Note If access to the data is enabled at the time of the restore (and not before the backup), individual files or folders can only be restored by using the filesystem view. For details about the views that are available during the restore, see Restoring individual files or folders. |
Linux |
|
Windows |
|
Enabling access to instances
To enable access to instances, you must perform the following tasks:
Task | Instructions |
---|---|
|
Configuring port settings on instances |
|
Configuring credential groups |
|
Assigning credential groups |
Configuring port settings on instances
The following table lists the inbound ports that you must open on each instance by configuring and applying a network firewall rule:
Guest OS | Network service protocol | Port | Transport protocol |
---|---|---|---|
Linux | SSH | 22 | N/A |
Windows |
WinRM |
5986 5985 |
HTTPS HTTP |
For instructions on how to configure and apply the network firewall rule, see the relevant cloud provider documentation.
Note For Google Cloud instances: Optionally, you can make the network firewall rule more restrictive so that it allows network traffic only from legitimate sources and to legitimate targets. To do so, add hycu-network-tag
to the network firewall rule.
Configuring credential groups
Prerequisites
-
A user account with sufficient privileges must be configured within each instance:
-
For Windows: User from the Administrators group
-
For Linux: User with sudo privileges and the NOPASSWD option set
For details on how to do this, see the relevant cloud provider documentation.
-
-
For Linux instances:
-
Ensure the following within the instance:
-
The specified user account must be a member of the
sudo
user group. -
The following line must be included in the
/etc/sudoers
file:<UserName> ALL=(ALL) NOPASSWD: /opt/hycu/tmp/discoverLinuxMountPointDiskMapping.sh*, /opt/hycu/tmp/hycuflr*, /usr/bin/mount, /usr/bin/umount, /usr/bin/mkdir, /usr/bin/rmdir, /usr/bin/rm
-
-
Only if you want R‑Cloud to access the instance by using a specific user account with password authentication. The SSH server must be configured to allow password authentication for signing-in on to the instance.
-
For Ubuntu 22.04 instances that have RSA key-based authentication configured:
You must add the
PubkeyAcceptedKeyTypes=+ssh-rsa
parameter to the/etc/ssh/sshd_config
file, and then restart the SSH service by running the following command:systemctl restart ssh.service
-
Limitation
Only if you use the SSH protocol with public key authentication. If keys are generated with PuttyKeyGen or ssh-keygen using the legacy PEM format, only DSA and RSA keys are supported.

To access the Instances panel, in the navigation pane, click Instances.
Procedure
-
In the Instances panel, select the instance to which you want to assign a credential group.
-
Click
Credentials. The Credential Groups dialog box opens.
-
Click
New.
-
In the Credential group name field, enter a name for the credential group.
-
From the Protocol drop-down menu, select one the following protocol options:
Protocol option Instructions Automatic Select this option if you want R‑Cloud to automatically select a protocol for accessing the instance—the SSH protocol (TCP port 22) or the WinRM protocol (TCP port 5985, HTTP transport)—, and then enter the user name and password of a user account that has required permissions to access the instance.
Use the following format for the user name:
-
Linux:
<LocalOrDomainUserName>
-
Windows:
<LocalUserName
>,<Domain>\<DomainUserName>
,<DomainUserName>@<Domain>
SSH Select this option if you want to use the SSH protocol for accessing the instance, and then do the following:
- In the Port field, enter the SSH server port number.
-
From the Authentication drop-down menu, select the type of authentication you want to be used, and then provide the required information:
Password authentication Enter the user name (in the
<LocalOrDomainUserName>
format) and password of a user account that has required permissions to access the instance.Public key authentication Do the following:
- Enter the user name (in the
<LocalOrDomainUserName>
format) and password of a user account that has required permissions to access the instance. -
Click Browse. Browse for and then select the file with the private key and click Open.
For information on how to obtain the private key, see AWS, Azure, or Google Cloud documentation.
- Only if the private key is encrypted. Enter the private key passphrase.
Important This selection is mandatory in cases where the SSH server is configured to use public key authentication.
- Enter the user name (in the
WinRM Select this option to use the WinRM protocol for instance access and to enable the credential group adjustment for the actual WinRM server configuration.
-
From the Transport drop-down menu, select the transport protocol of the WinRM server in the instance.
-
In the Port field, enter the WinRM server port number.
-
Enter the user name and password of a user account that has the required permissions to access the instance in the following format:
-
AWS:
<LocalUser>
,<domain>\<user>
, or<user>@<domain>
-
Azure:
<Username>
-
Google Cloud:
<LocalOrDomainUsername>
-
-
-
Click Save.
The name of the credential group appears in the list of credential groups in the Credential Groups dialog box.
You can also edit any of the existing credential groups (select a credential group, click Edit, and then make the required modifications) or delete the ones that you do not need anymore (select a credential group, and then click
Delete).
Assigning credential groups
You can assign credential groups to instances by using the R‑Cloud web user interface or by using labels or metadata tags. Depending on how you want to assign the credential groups to the instances, see the following
-
Assigning credential groups by using the R‑Cloud web user interface
-
Assigning credential groups by using labels or metadata tags
Assigning credential groups by using the R‑Cloud web user interface
Procedure
-
In the Instances panel, select the instances to which you want to assign a credential group.
-
Click
Credentials. The Credential Groups dialog box opens.
-
From the list of credential groups, select the credential group that you want to assign to the selected instances, and then click Assign.
The name of the assigned credential group appears in the Credential group column of the Instances panel. R‑Cloud performs instance and application discovery after you assign the credentials to the instance. The Discovery status in the Instances and Applications panels is updated accordingly.
Tip If several instances share the same user name and password, you can use multiple selection to assign the same credential group to them.
To unassign a credential group from an instance, in the Instances panel, select the instance, click Credentials, and then click Unassign.
Assigning credential groups by using labels or metadata tags
You can assign a credential group to an instance by adding the hycu-credential-group
tag to the instance in Amazon EC2, Azure, or Google Compute Engine as a label or a metadata tag. Use the following name/value pair:
Name | Value |
---|---|
hycu-credential-group
|
<CredentialGroupName>
In this case, |
The credential group is automatically assigned to the instance during the next instance synchronization in R‑Cloud.