Creating custom policies

If the needs of your data protection environment are not covered with any of the predefined policies, you can create a new policy and tailor it to your needs. In this case, besides setting the desired RPO, the retention period for the backup data, and the target, you can also enable one or more additional policy options for optimal policy implementation.

If you plan to protect SaaS applications, Google Kubernetes Engine applications, instances, or buckets, you can also enable one or more of the following policy options:

Policy option Allows you to...
Backup Window

Start all backup tasks within specified time frames to improve efficiency and avoid an overload of your environment. For details, see Creating backup windows.
Copyab Create a copy of backup data.
Archivinga

Preserve your data for future reference. For details, see Creating data archives.
Labelsb

Set up automatic policy assignment based on the labels or tags added to the SaaS applications, the applications in Google Kubernetes Engine, the instances in Google Compute Engine or Amazon EC2, or the buckets in Google Cloud Storage or Amazon S3.

a For GKE applications: This policy option is available only for applications using persistent volumes.
b This policy option is not available for all SaaS applications. For more information, see the R-Cloud Module Guides.

Prerequisites

  • Only if you plan to select a manually created target. The target must be set up. For instructions, see Setting up targets.

  • Only if you plan to enable the Backup Window policy option. A backup window must exist for the selected R‑Cloud protection set. For instructions, see Creating backup windows.

  • Only if you plan to enable the Archiving policy option. A data archive must exist for the selected R‑Cloud protection set. For instructions, see Creating data archives.

  • Only if you plan to enable the Labels policy option.

    • Google Cloud specifics: The HYCU Managed Service Account (HMSA) must have the following roles granted on the projects with the instances that you plan to protect, the clusters on which the GKE applications that you plan to protect are deployed, or the buckets that you plan to protect:

      • Compute Admin (roles/compute.admin)

      • Service Account User (roles/iam.serviceAccountUser)

      • Storage Admin (roles/storage.admin)

      • Required only if protecting GKE applications. Kubernetes Engine Admin (roles/container.admin)

      For instructions on how to grant permissions to service accounts, see Google Cloud documentation.

    • The labels that you plan to specify in R‑Cloud must be added to SaaS applications, to GKE applications in Google Kubernetes Engine as metadata labels, to instances in Google Compute Engine or Amazon EC2 as labels (preferred) or custom metadata tags, or to buckets in Google Cloud Storage or Amazon S3 as bucket labels.

      For instructions on how to do this, see the R-Cloud Module Guides, or the Kubernetes, AWS, or Google Cloud documentation.

Limitation

  • Only if you plan to use the same target for the backup data and for the data archive. The same storage class cannot be used for the backup data and for the data archive.

    Note  If you select the automatically created target when creating your custom policy and the data archive, R‑Cloud will use the same target for both.

    For details on the available storage classes for targets, see Viewing target information. For details on the automatic storage class selection during archiving, see Creating data archives.

Considerations

  • R‑Cloud automatically associates the resource with one of the pricing tiers based on the value of the Backup every option that you set in the policy. However, if you are storing data as a snapshot and have enabled the Archiving option, the pricing tier is automatically set to bronze regardless of the specified RPO.

  • If you want your data to be stored as a snapshot and on a target, make sure to select the Snapshot backup target type and also enable the Copy policy option.

  • Only if you plan to enable the Labels policy option.

    • Labels that you specify in policies in R‑Cloud must be unique within the selected protection set.

    • When matched, the hycu‑policy custom metadata tag takes precedence over other labels or tags that might be added to the same SaaS application, to the same application in Google Kubernetes Engine, to the same instance in Google Compute Engine or Amazon EC2, or to the same bucket in Google Cloud Storage or Amazon S3. For more information on the hycu‑policy tag, see Setting up automatic policy assignment.

  • Only if you plan to store data on a target. Backup and restore speed depend on the region of the chosen target and the regions of the resources that you are protecting. The optimum speed is achieved when the target and the resources reside in the same region.

  • Depending on whether your R-Cloud module supports storing data on a staging target, consider the following:

    • If the R-Cloud module supports storing data on a staging target, SaaS application data cannot be stored to automatically created targets.

    • If the R-Cloud module does not support storing data on a staging target, only backup data can be stored to automatically created targets (and not copies of backup data or archive data).

To access the Policies panel, in the navigation pane, click Policies Policies. Alternatively, in the Dashboard panel, click the Policies widget title.

Procedure

  1. In the Policies panel, click New New. The New Policy dialog box opens.

  2. Enter a name for your policy and, optionally, its description.

  3. Enable the required policy options by clicking them (the Backup policy option is mandatory and therefore enabled by default). Depending on what kind of data you plan to protect, the following policy options are available:

    Policy option Instance and GKE application data protection SAP HANA application data protection Bucket data protection SaaS application data protection
    Backup Window

    ×

    Copy

    a

    ×

    		b

    Archiving

    a

    ×

    Labels

    ×

    		b

    a For GKE applications: This policy option is available only for applications using persistent volumes.
    b This policy option is not available for all SaaS applications. For more information, see the R-Cloud Module Guides.

  4. In the Backup section, do the following:

    1. In the Backup every field, set the RPO (in months, weeks, days, hours, or minutes).

      Note  You can set the RPO to 30 minutes in the following cases:

      • If you are storing data only as a snapshot.
      • If you are storing data as a snapshot and have enabled the Archiving option.

      For all other cases, the minimum RPO is one hour.

    2. In the Retention fields, set a retention period (in months, weeks, or days) for the backup data.

    3. Select one of the following backup target types:

      Backup target type Next target-related step

      Applicable only if you are protecting SaaS applications, GKE applications using persistent volumes, or instances. Snapshota

      Only if protecting Google Cloud instances. Under Snapshot Location, select Regional or Multi‑regional.

      For example, if your instance resides in the us‑central1‑a zone, with the Multi‑regional option selected, a snapshot of the instance is replicated to all us regions, whereas with the Regional option selected, a snapshot is stored only in the us‑central1 region.
      Target

      From the Target drop-down menu, select one of the following for storing data:

      • Automatically selected

        If you select this option, R‑Cloud creates a target and uses it for storing the data. If an automatically created target already exists, it is used instead. For details about automatically created targets, see Backup target types in R‑Cloud.

      • Any available target of your choice

      4. a This backup target type is not available for all SaaS applications. For more information, see the R-Cloud Module Guides.

  5. Depending on which policy options you have enabled, do the following:

    Policy option Instructions
    Backup Window

    In the Backup Window section, from the Backup window drop-down menu, select a backup window for backup tasks.

    If you do not select a backup window, the Always value is shown, which means that your backups are allowed to run at any time.
    Copyab

    In the Copy section, do the following:

    1. Set a retention period (in months, weeks, or days) for the copy of backup data.

    2. From the Target drop-down menu, select one of the following for storing the copy of backup data:

      • Automatically selected

        If you select this option, R‑Cloud creates a target and uses it for storing the data. If an automatically created target already exists, it is used instead. For details about automatically created targets, see Backup target types in R‑Cloud.

      • Any available target of your choice

      When selecting a preferred target for the copy of backup data, make sure that this target is different from the one you selected for the backup.
    Archivinga

    In the Archiving section, from the Data archive drop-down menu, select a data archive.
    Labelsb

    In the Labels section, enter a label key and value, and then click Add. If required, repeat the action as appropriate.

    For details on automatic policy assignment, see Setting up automatic policy assignment.

    a For GKE applications: This policy option is available only for applications using persistent volumes.
    b This policy option is not available for all SaaS applications. For more information, see the R-Cloud Module Guides.

  6. Click Save.

The policy is created and added to the list of policies. For details on managing policies, see Managing policies.