Setting up a Google Cloud target

R‑Cloud supports using a Google Cloud target to store data in Google Cloud Storage.

Prerequisites

  • Your HYCU Managed Service Account (HMSA) must have access to the target.

  • Only if you plan to select a service account other than the HMSA for performing all operations on the target. The service account must have access to the target.

  • Only if you want the data stored on this target to be encrypted by using the customer managed key management type. The length of your AES-256 key must be 32 bytes.

Limitations

  • Storing data to a publicly available target is not supported.

  • Storing data to a target on which a lifecycle configuration is set is not supported and may result in data loss.

  • Storing data to a target that has Bucket Lock enabled is not supported.

  • Only if you plan to enable target encryption. The following limitations apply:

    • Target encryption is limited to the SaaS application data.

    • R‑Cloud cannot encrypt data of the SaaS applications that are related to R‑Cloud modules that use staging targets or only use snapshots to store backup data. For details, see the relevant topics for your SaaS application in Protecting SaaS applications

Considerations

  • You can set up the same target in multiple protection sets.

  • You can store data to a target that has Object Retention Lock enabled.

  • Only if you plan to select a service account other than the HMSA for performing all operations on the target that will store the copy of backup data. The service account must have sufficient permissions also for performing operations on the target that will store primary backup data.

  • For Google Cloud targets with a soft delete policy enabled: R‑Cloud will automatically remove the policy from the target to ensure that your data is stored most cost-efficiently.

  • Only if you plan to enable target encryption. Consider the following:

    • The R‑Cloud encryption is applied on top of the native cloud platform data encryption to provide an additional layer of security.

    • After you enable target encryption, the previously stored backup data remains unencrypted.

    • If you decide to disable target encryption, the backup data that was stored on the target while the target encryption was enabled remains encrypted.

    • The SaaS applications metadata is not encrypted.

Recommendation

The exclude policy is automatically assigned to the bucket that is added to R‑Cloud as a target. It is highly recommended that you do not change this default configuration.

To access the Targets panel, in the navigation pane, click Targets Targets. Alternatively, in the Dashboard panel, click the Targets widget title.

Procedure

  1. In the Targets panel, click Add Add.

  2. Select Google Cloud, and then click Next.

  3. In the Bucket Name, enter the name of an existing bucket that will store protected data.

  4. In the Size Quota field, specify the amount of storage space that should be used for storing data (in MiB, GiB, or TiB).

    Important  The specified amount represents a soft limit, therefore actual usage may exceed it.

  5. Use the Enforce quota switch to stop running backups if this target reaches its size quota. The backups will start running again after you increase the size quota of this target or assign a different policy to the entities. Such a policy must use a target with the sufficient size quota.

  6. Use the Target encryption switch if you want the SaaS application data stored on this target to be encrypted.

    1. From the Key Management Type drop-down menu, select one of the following:

      • Select HYCU managed if you want the encryption key to be provided and managed by HYCU.

      • Select Customer managed if you want to provide and manage the encryption key by yourself.

    2. Only if you selected the customer managed key management type. In the AES-256 Encryption Key field, browse for and select your AES-256 binary key.

      Note  If you later decide to edit the target, the AES-256 Encryption Key field will remain populated.

  7. Only if you want a service account other than the HMSA to be used for performing all operations on the target. From the Cloud Account drop-down menu, select the preferred service account.

    By clicking Add Add New, you are automatically redirected to the dialog box that enables you to add the preferred cloud account to R‑Cloud, if not already added.

  8. Click Grant Consent to open the HYCU Managed Service Account configuration wizard that guides you through all the required steps of enabling the HMSA or any other service account for the Google Cloud project.

  9. Return to the R‑Cloud web user interface, and then click Save.

The target is added to the list of targets in the Targets panel. For details on managing targets, see Managing targets.