Creating custom policies

If the needs of your data protection environment are not covered with any of the predefined policies, you can create a new policy and tailor it to your needs. In this case, besides setting the desired RPO, the retention period for the backup data, and the target, you can also enable one or more additional policy options for optimal policy implementation.

Policy options

Policy option Available for... Allows you to...
Backup Window

SaaS applications

GKE applications

SQL Server applications

Instances

Buckets

Start all backup tasks within specified time frames to improve efficiency and avoid an overload of your environment. For details, see Creating backup windows.
Copy

SaaS applicationsa

GKE applications using persistent volumes

SQL Server applications

Instances

Buckets

 Create a copy of backup data.
Archiving

SaaS applications

GKE applications using persistent volumes

SQL Server applications

Instances

Buckets

Preserve your data for future reference. For details, see Creating data archives.
Labels

SaaS applicationsa

GKE applications

Instances

Buckets

Set up automatic policy assignment based on labels. For details, see Setting up automatic policy assignment.

a This policy option is not available for all SaaS applications. For more information, see Protecting SaaS applications.

Prerequisites

  • Only if you plan to select a manually created target. The target must be set up. For instructions, see Setting up targets.

  • Only if you plan to enable the Backup Window policy option. A backup window must exist for the selected R‑Cloud protection set. For instructions, see Creating backup windows.

  • Only if you plan to enable the Archiving policy option. A data archive must exist for the selected R‑Cloud protection set. For instructions, see Creating data archives.

  • Only if you plan to enable the Labels policy option.

    • Google Cloud specifics: The HYCU Managed Service Account (HMSA) must have the following roles granted on the projects with the instances that you plan to protect, the clusters on which the GKE applications that you plan to protect are deployed, or the buckets that you plan to protect:

      • Compute Admin (roles/compute.admin)

      • Service Account User (roles/iam.serviceAccountUser)

      • Storage Admin (roles/storage.admin)

      • Required only if protecting GKE applications. Kubernetes Engine Admin (roles/container.admin)

      For instructions on how to grant permissions to service accounts, see Google Cloud documentation.

    • Only if you plan to set up automatic policy assignment by using method 1 (labels, tags, or metadata). The labels that you plan to specify in R‑Cloud must be added to the following:

      • SaaS applications

      • GKE applications in Google Kubernetes Engine as metadata labels

      • Instances in Amazon EC2 or Google Compute Engine as labels (preferred) or custom metadata tags

      • Instances in Azure as tags

      • Buckets in Amazon S3 or Google Cloud Storage as bucket labels

      • Azure buckets as tags

      For instructions on how to do this, see Protecting SaaS applications, or Kubernetes, AWS, Azure, or Google Cloud documentation. For more information on automatic policy assignment, see Setting up automatic policy assignment.

Limitation

  • Only if you plan to use the same target for the backup data and for the data archive. The same storage class cannot be used for the backup data and for the data archive.

    Note  If you select the automatically created target when creating your custom policy and the data archive, R‑Cloud will use the same target for both.

    For details on the available storage classes for targets, see Viewing target information. For details on the automatic storage class selection during archiving, see Creating data archives.

Considerations

  • R‑Cloud automatically associates the resource with one of the pricing tiers based on the value of the Backup every option that you set in the policy. However, if you are storing data as a snapshot and have enabled the Archiving option, the pricing tier is automatically set to bronze regardless of the specified RPO.

  • If you want your data to be stored as a snapshot and on a target, make sure to select the Snapshot backup target type and also enable the Copy policy option.

  • Only if you plan to enable the Labels policy option.

    • Only if you plan to set up automatic policy assignment by using method 1 (labels, tags, or metadata). The labels that you specify in policies in R‑Cloud must be unique within the selected protection set.

    • When matched, the hycu‑policy custom metadata tag takes precedence over other labels or tags that might be added to the same SaaS application, to the same application in Google Kubernetes Engine, to the same instance in Amazon EC2, Azure, or Google Compute Engine, to the same bucket in Amazon S3 or Google Cloud Storage, or to the same bucket in Azure.

    For more information on automatic policy assignment, see Setting up automatic policy assignment.

  • Only if you plan to store data on a target. Backup and restore speed depend on the region of the chosen target and the regions of the resources that you are protecting. The optimum speed is achieved when the target and the resources reside in the same region.

  • Depending on whether your R-Cloud module supports storing data on a staging target, consider the following:

    • If the R-Cloud module supports storing data on a staging target, SaaS application data cannot be stored to automatically created targets.

    • If the R-Cloud module does not support storing data on a staging target, only backup data can be stored to automatically created targets (and not copies of backup data or archive data).

To access the Policies panel, in the navigation pane, click Policies Policies. Alternatively, in the Dashboard panel, click the Policies widget title.

Procedure

  1. In the Policies panel, click New New.

  2. Enter a name for your policy and, optionally, its description.

  3. Enable the required policy options by clicking them (the Backup policy option is mandatory and therefore enabled by default). Depending on the type of entity that you plan to protect, you can enable one or more of the following policy options:

    • Backup Window

    • Copy

    • Archiving

    • Labels

    For details on what policy options are available for each entity, see Policy options.

  4. In the Backup section, do the following:

    1. In the Backup Every field, set the RPO (in months, weeks, days, hours, or minutes).

      Note  You can set the RPO to 30 minutes in the following cases:

      • If you are storing data only as a snapshot.
      • If you are storing data as a snapshot and have enabled the Archiving option.

      For all other cases, the minimum RPO is one hour.

    2. In the Retention fields, set a retention period (in months, weeks, or days) for the backup data.

    3. Select one of the following backup target types:

      Backup target type Next step

      Snapshotab

      Only if protecting Google Cloud instances. Under Snapshot Location, select Regional or Multi‑regional.

      For example, if your instance resides in the us‑central1‑a zone, with the Multi‑regional option selected, a snapshot of the instance is replicated to all us regions, whereas with the Regional option selected, a snapshot is stored only in the us‑central1 region.
      Target

      From the Target drop-down menu, select the target that you want to use for storing protected data.

      If you want your target to be selected automatically, make sure to select the Automatically selected option. In this case, R‑Cloud creates a target and uses it for storing the data. If an automatically created target already exists, it is used instead. For details about automatically created targets, see Backup target types in R‑Cloud.

      4. a Applicable only if you are protecting SaaS applications, GKE applications using persistent volumes, SQL Server applications, or instances.
      b This backup target type is not available for all SaaS applications. For more information, see Protecting SaaS applications.

  5. Depending on which policy options you enabled, do the following:

    Policy option Instructions
    Backup Window

    In the Backup Window section, from the Backup Window drop-down menu, select a backup window for backup tasks.

    If you do not select a backup window, the Always value is shown, which means that your backups are allowed to run at any time.
    Copy

    In the Copy section, do the following:

    1. Set a retention period (in months, weeks, or days) for the copy of backup data.

    2. From the Target drop-down menu, select the target that you want to use for storing the copy of backup data.

      If you want your target to be selected automatically, make sure to select the Automatically selected option. In this case, R‑Cloud creates a target and uses it for storing the data. If an automatically created target already exists, it is used instead. For details about automatically created targets, see Backup target types in R‑Cloud.

      Important  When selecting a target for the copy of backup data, make sure that this target is different from the one you selected for the backup.
    Archiving

    In the Archiving section, from the Data Archive drop-down menu, select a data archive.
    Labels

    In the Labels section, enter a label key and value, and then click Add. If required, repeat the action as appropriate.

    For details on automatic policy assignment, see Setting up automatic policy assignment.

  6. Click Save.

The policy is created and added to the list of policies. For details on managing policies, see Managing policies.