Professional Documents
Culture Documents
Rubrik CDM Version 7.0 User Guide (Rev. A5)
Rubrik CDM Version 7.0 User Guide (Rev. A5)
Version 7.0
755-0196-01 Rev A5
Trademarks
Legal Notices
Certain products and features, including Microsoft 365 Protection provided by Rubrik Polaris, are subject to
additional product-specific terms available at https://www.rubrik.com/en/legal.
By using the Rubrik Polaris Sonar application, you understand and acknowledge that Rubrik Polaris Sonar’s
pre-existing Policies and Analyzers contain general suggestions for data elements and formats based on
common data sets and formats. The suggested data elements and formats in Rubrik Polaris Sonar are not
intended to be a comprehensive or exhaustive list of data elements and formats regulated by the GDPR,
CCPA or any other applicable laws and regulations. We also do not guarantee that your Rubrik Polaris
Sonar search results will include every instance of each data element and format within your data set. We
Revision history
The revision history for the Rubrik CDM User Guide.
Preface 05/25/2022 | iv
Revision Date Description
Rev. A4 May 2022 • Added information about downloading replicated snapshots.
• Fixed the inbound port number for communication between SAP HANA
host and Rubrik cluster from 9369 to 9639.
• Added Advanced settings topic in Archiving section.
Rev. A5 May 2022 • Updated information about preparing Azure storage for archiving.
• Fixed typos and made some wording changes in Appendix E for
shutdown and reboot.
• Updated the procedure for downloading RBS for SCVMM hosts.
• Updated port requirements for SAP HANA in the Ports appendix.
• Added a vSphere version restriction for deploying Rubrik Envoy for CDM
7.0.1 only.
• Removed AWS information incorrectly mapped into the Azure section.
Support
Use one of the following methods to contact Rubrik Support.
Related documentation
Rubrik provides documentation that covers a broad range of related concepts, tasks, and reference
information.
• Rubrik Polaris User Guide
• Rubrik Polaris Radar Quick Start Guide
• Rubrik CDM Release Notes
• Rubrik CDM User Guide
• Rubrik CDM Install and Upgrade Guide
• Rubrik CDM Security Guide
• Rubrik CDM Cloud Cluster Setup Guide
• Rubrik CDM Hardware Guide
• Rubrik CDM CLI Guide
• Rubrik CDM Events Guide
• Rubrik Edge Install and Upgrade Guide
• Rubrik Virtual Cluster Install Guide
• Rubrik Compatibility Matrix
Preface 05/25/2022 | v
Comments and suggestions
We welcome your comments and suggestions about our products and our product documentation.
Products
To provide comments and suggestions about our products contact Rubrik Support, as described in Support.
Product documentation
To provide comments and suggestions about the product documentation, please send your message by
email to: techpubs@rubrik.com.
Please include the following information about the product documentation to help us to find the content
that is the subject or your comments:
• Full title
• Part number
• Revision
• Relevant pages
Rubrik Build
Rubrik hosts community-based tools through the Rubrik Build program and associated GitHub repositories
for community-supplied tools.
Rubrik Build is an open source program that provides access to a growing community of enthusiasts and
experts across a number of languages and tools. Rubrik Build is used to create and improve projects that
simplify monitoring, testing, development, and automated workflows for Rubrik product deployments.
Rubrik Build includes the following resources:
• Software Development Kits
• Tooling Integrations
• Use Cases
• Community Projects
• Rubrik REST API documentation
Important: USE AT YOUR OWN RISK. Rubrik does not officially support the community tools. Carefully
investigate a community tool before using it. Always test a community tool on non-production data before
using the tool with production data.
Contents
Configuration.................................................................................................................................. 29
Logging in to the Rubrik CDM web UI...................................................................................... 29
Logging in with a local account...................................................................................... 29
Logging in with an LDAP account................................................................................... 30
Logging in with Single Sign-on....................................................................................... 30
Logging in with Polaris...................................................................................................31
Federated Access with Polaris.........................................................................................31
Gear menu.............................................................................................................................. 31
Opening the gear menu................................................................................................. 32
Settings and tasks available through the gear menu........................................................ 32
Manage hosts.......................................................................................................................... 34
Adding a physical host................................................................................................... 34
Editing a physical host................................................................................................... 35
Removing a physical host...............................................................................................35
Guest OS settings.................................................................................................................... 36
Guest OS credentials......................................................................................................36
Providing credentials for a Windows guest OS................................................................. 37
Providing credentials for a Linux guest OS...................................................................... 37
Editing guest OS credentials...........................................................................................38
Deleting guest OS credentials.........................................................................................38
Rubrik Backup Service automatic deployment.................................................................. 38
Manage storage arrays.............................................................................................................39
Adding a storage array.................................................................................................. 39
Editing a storage array...................................................................................................40
Deleting a storage array.................................................................................................40
Adaptive Backup...................................................................................................................... 41
On-demand snapshots....................................................................................................41
Limit types.....................................................................................................................41
Enabling Adaptive Backup settings.................................................................................. 42
Pause and resume protection activity........................................................................................42
Impact of pausing protection activity.............................................................................. 43
Pausing protection activity.............................................................................................. 44
Resuming protection activity........................................................................................... 44
Data sources setting................................................................................................................ 45
Setting data sources...................................................................................................... 45
Configuring IPMI......................................................................................................................45
iSCSI configuration...................................................................................................................46
Configuring iSCSI........................................................................................................... 46
Time zone setting.................................................................................................................... 47
Setting the cluster time zone......................................................................................... 47
Default time zone.......................................................................................................... 48
Time zone setting changes.............................................................................................48
Security banner and classification settings.................................................................................48
Setting the login banner text..........................................................................................49
Setting the security classification color and text...............................................................49
Secure SMB............................................................................................................................. 49
Configuring SMB Security............................................................................................... 50
VLAN tagging..................................................................................................................................81
Trunk port requirements...........................................................................................................81
Management Network and Data Network.................................................................................. 81
Adding special network VLANs after system setup........................................................... 82
Adding VLANs from the command line............................................................................ 83
Adding VLANs from the Rubrik CDM web UI................................................................... 84
Viewing VLANs from the Rubrik CLI................................................................................84
Viewing VLANs through the Rubrik CDM web UI..............................................................84
User accounts................................................................................................................................. 87
TLS certificate management..................................................................................................... 87
Trusted SSL-TLS interception.......................................................................................... 87
Importing a TLS certificate............................................................................................. 87
Editing a TLS certificate................................................................................................. 88
Deleting a TLS certificate............................................................................................... 89
Using a different TLS certificate......................................................................................89
Generating a CSR.......................................................................................................... 90
Authentication..........................................................................................................................90
Roles....................................................................................................................................... 91
Inheritance of privileges................................................................................................. 92
Adding a custom role.....................................................................................................92
Adding an Infrastructure Admin role............................................................................... 95
Overwrite original during restore.................................................................................... 96
Assigning roles...............................................................................................................96
Global search...........................................................................................................................97
Viewing authentication and authorization information.................................................................98
Local authentication................................................................................................................. 98
Guidelines for choosing a strong password......................................................................98
Strong passwords...........................................................................................................98
Password requirements.................................................................................................. 99
Adding a local user account......................................................................................... 101
Editing local user account information........................................................................... 102
Revoking a role from a local user account.....................................................................102
Removing a local user account..................................................................................... 103
User account lockout....................................................................................................103
Unlocking a user account............................................................................................. 104
Rubrik Two-step Verification with TOTP................................................................................... 104
Enforcing Rubrik Two-step Verification for a local user....................................................104
Enforcing Rubrik Two-step Verification for an LDAP domain............................................ 105
Configuring Rubrik Two-step Verification as a user......................................................... 105
Changing the TOTP device........................................................................................... 106
Configuring Rubrik Two-step Verification........................................................................106
LDAP authentication............................................................................................................... 107
LDAP credentials.......................................................................................................... 108
LDAP servers............................................................................................................... 108
User and Group settings...............................................................................................109
Adding LDAP servers.................................................................................................... 110
Specifying credentials to communicate with an LDAP server........................................... 110
Specifying servers, user settings, and group settings......................................................110
Enabling multifactor authentication................................................................................111
Viewing LDAP server information.................................................................................. 111
Deleting an LDAP server...............................................................................................112
User account and group account authorization.............................................................. 112
Deactivating a user account or group account............................................................... 112
Single Sign-on........................................................................................................................113
Generic Single Sign-on workflow................................................................................... 113
Rubrik metadata file.....................................................................................................113
ADFS integration workflow......................................................................................................114
Downloading the ADFS metadata file............................................................................ 115
Service Provider host address....................................................................................... 115
Configuring single sign-on in Rubrik CDM...................................................................... 115
Adding Rubrik as a Relying Party Trust..........................................................................116
Contents 05/25/2022 | ix
Adding a nameId claim rule......................................................................................... 117
Adding an email claim rule........................................................................................... 118
Group claim rules.........................................................................................................119
Verifying ADFS Service Provider settings........................................................................121
Testing the SSO connection.......................................................................................... 122
Assigning roles to SSO users........................................................................................ 122
Assigning roles to SSO groups...................................................................................... 123
Okta integration workflow.......................................................................................................123
Service Provider host address....................................................................................... 124
Downloading the Rubrik metadata file...........................................................................124
Preparing the encryption certificate for uploading to Okta.............................................. 125
Adding Rubrik as an application integration................................................................... 125
Downloading the Okta metadata file............................................................................. 127
Adding Okta as an identity provider.............................................................................. 127
Granting Okta users access to Rubrik CDM....................................................................128
Granting Okta groups access to Rubrik CDM..................................................................128
Testing the SSO connection.......................................................................................... 129
Assigning roles to SSO users........................................................................................ 129
Assigning roles to SSO groups...................................................................................... 130
Multifactor authentication....................................................................................................... 130
Multifactor authentication with RSA SecurID.................................................................. 131
Configuring an RSA Authentication Manager connection................................................. 131
Configuring an RSA Cloud Authentication Service connection.......................................... 132
CLI access and SSH password support....................................................................................132
Disabling SSH password authentication......................................................................... 133
Configuring authentication to the Rubrik CLI by SSH key pair......................................... 133
API tokens............................................................................................................................. 134
Generating an API token.............................................................................................. 134
Deleting an expired API token...................................................................................... 135
Restricted API operations....................................................................................................... 135
Managing API token whitelist........................................................................................136
Service accounts.................................................................................................................... 136
Adding a service account..............................................................................................137
Editing a service account..............................................................................................137
Deleting a service account............................................................................................137
Rotating the client secret............................................................................................. 138
Encryption..................................................................................................................................... 139
Data in flight encryption.........................................................................................................139
Data at rest encryption.......................................................................................................... 139
Password encryption.....................................................................................................140
Mixed mode clusters.................................................................................................... 140
Key management................................................................................................................... 141
Adding a KMIP server.................................................................................................. 141
Rotating encryption keys.............................................................................................. 142
Integrating with Vormetric Data Security Manager................................................................... 143
Configuring Vormetric DSM........................................................................................... 143
Obtaining a TLS Certificate for Vormetric DSM............................................................... 143
Adding a TLS Certificate to Vormetric DSM....................................................................144
Troubleshooting the Vormetric DSM installation..............................................................144
Verifying the encryption status............................................................................................... 145
Multitenant organizations............................................................................................................146
Tenant organizations.............................................................................................................. 146
Tenant organizations and reports............................................................................................ 147
Multitenancy and Rubrik Envoy............................................................................................... 147
Contents 05/25/2022 | x
Deploying Rubrik Envoy..........................................................................................................148
Supported Rubrik Envoy Network Assignments........................................................................ 149
Configuring Rubrik Envoy....................................................................................................... 149
Registering Rubrik Envoy with a Rubrik cluster........................................................................ 151
Comparing Rubrik Envoy web certificates...................................................................... 153
IP address changes in Rubrik Envoy....................................................................................... 153
Deregistering Rubrik Envoy from a Rubrik cluster.................................................................... 154
Create a new tenant organization........................................................................................... 155
Organization Administrator privileges.............................................................................155
Naming the organization and adding users or AD groups............................................... 156
Protecting objects in an organization.............................................................................157
Assigning protection resources to a tenant organization................................................. 157
Modifying an existing tenant organization................................................................................158
Deleting a tenant organization................................................................................................159
Impact of deleting a tenant..........................................................................................159
Tenant organization storage quota.......................................................................................... 159
Assigning tenant organization storage quota..................................................................160
Viewing the tenant organization storage quota.............................................................. 161
Editing the assigned tenant organization storage quota.................................................. 161
Protection policies........................................................................................................................162
Default SLA Domains..............................................................................................................162
Custom SLA Domains............................................................................................................. 163
Service Level Agreement.............................................................................................. 163
Base Frequency............................................................................................................164
Local retention period.................................................................................................. 165
SLA Domain name....................................................................................................... 165
SLA Domains with CDP enabled....................................................................................165
Creating a custom SLA Domain.....................................................................................165
Snapshot window................................................................................................................... 167
Configuring a snapshot window.................................................................................... 167
First full backup..................................................................................................................... 168
Configuring a first full backup window.......................................................................... 168
SLA Domain changes..............................................................................................................169
Editing an SLA Domain.................................................................................................169
Base Frequency changes.............................................................................................. 171
Retention changes........................................................................................................172
Replication target changes............................................................................................174
Impact of retention changes on archival policy and replication policy...............................174
Snapshot window changes............................................................................................175
Take first full backup changes...................................................................................... 175
Impact of SLA Domain changes on snapshots............................................................... 175
SLA update log backups......................................................................................................... 179
Delete an SLA Domain........................................................................................................... 179
Deleting an SLA Domain...............................................................................................180
Local SLA Domains.................................................................................................................180
Viewing all local SLA Domains...................................................................................... 180
Local SLA Domain properties page................................................................................181
Viewing information for a specific SLA Domain.............................................................. 182
Pause and resume protection................................................................................................. 183
Pausing protection........................................................................................................183
Resuming protection.....................................................................................................184
Retention Locked SLA Domains...............................................................................................184
How retention lock works............................................................................................. 185
Examples: Restrictions on modifying retention locked SLA Domains................................. 187
Creating a retention locked SLA Domain........................................................................187
Contents 05/25/2022 | xi
Backup Verification...................................................................................................................... 189
Authorizing a Rubrik REST API session................................................................................... 190
Backup Verification API attributes........................................................................................... 190
Obtaining object ID from UI...................................................................................................191
Obtaining object ID using API................................................................................................ 191
Verifying backups using API................................................................................................... 192
Getting the status of a Backup Verification job........................................................................ 194
Backup Verification result....................................................................................................... 195
HTTP status codes................................................................................................................. 195
Replication.................................................................................................................................... 197
Replication policy workflow..................................................................................................... 197
Replication target setup..........................................................................................................198
Replication using a private network...............................................................................198
Replication using NAT...................................................................................................199
Removing a replication target....................................................................................... 201
Replication policy................................................................................................................... 202
Configuring replication policy for an SLA Domain..................................................................... 202
Replication policy changes............................................................................................ 203
Replication policy disabled............................................................................................ 204
Replication policy re-enabled.........................................................................................204
Replication retention period increased........................................................................... 204
Replication retention period decreased.......................................................................... 204
Replication start........................................................................................................... 205
Manage Replication page........................................................................................................205
Viewing the Manage Replication page........................................................................... 206
Global replication pause............................................................................................... 206
Pausing replication....................................................................................................... 207
Resuming replication after a pause............................................................................... 207
Replication pause per location...................................................................................... 208
Pausing replication per location.....................................................................................208
Resuming replication per location..................................................................................209
Replication monitoring and reporting.......................................................................................209
Remote SLA Domains............................................................................................................. 210
Viewing all remote SLA Domains...................................................................................210
Information on the Remote SLA Domains page..............................................................210
Searching for a remote SLA Domain............................................................................. 210
Viewing the page of a remote SLA Domain................................................................... 211
Information provided for a remote SLA Domain............................................................. 211
Remote data sources............................................................................................................. 212
Viewing a remote data source page..............................................................................212
Snapshots card or Recovery Points card........................................................................ 213
Working with a replica................................................................................................. 214
Expired snapshot recovery......................................................................................................214
Downloading a replicated snapshot............................................................................... 214
Archiving....................................................................................................................................... 216
Archival policy........................................................................................................................216
Changing archival policy............................................................................................... 216
Archival data security............................................................................................................. 221
Archival bucket exclusivity...................................................................................................... 221
Archival workflow................................................................................................................... 221
Upload of a full or incremental archival snapshot........................................................... 222
Archival Locations page.......................................................................................................... 223
Archival location configuration................................................................................................ 224
Archival location display name...................................................................................... 224
Contents 05/25/2022 | xv
Protecting a new virtual machine..................................................................................341
Changing protection consequences................................................................................342
Removing protection from a virtual machine..................................................................342
Reprotecting a virtual machine..................................................................................... 342
Local host page..................................................................................................................... 342
Viewing a local host page............................................................................................ 342
Action bar....................................................................................................................343
Overview card..............................................................................................................344
Snapshots card............................................................................................................ 344
Day view for a local virtual machine............................................................................. 345
Actions available on the Day view for a local virtual machine.......................................... 346
Virtual machine snapshots...................................................................................................... 347
AHV Performance and scalability................................................................................... 347
AHV backup processes................................................................................................. 348
Snapshot window......................................................................................................... 348
Backup consistency levels............................................................................................. 348
Application consistent snapshots on Linux..................................................................... 349
Setting snapshot consistency........................................................................................ 349
On-demand snapshots.................................................................................................. 350
Creating an on-demand snapshot of an AHV virtual machine.......................................... 350
Snapshot expiration......................................................................................................350
Archival snapshots..................................................................................................................351
Unmanaged data....................................................................................................................351
AHV Virtual machine recovery.................................................................................................352
Selecting a snapshot or archival snapshot..................................................................... 352
Selecting a replica........................................................................................................353
Virtual machine recovery using export...........................................................................353
Exporting a virtual machine snapshot............................................................................354
Virtual machine recovery using Live Mount....................................................................354
Virtual machine Live Mount operations.......................................................................... 355
Creating a Live Mount without migration....................................................................... 356
Creating a Live Mount with optional migration............................................................... 357
Live Mounts page for AHV virtual machines...................................................................358
Migrating a live mounted virtual machine...................................................................... 359
Unmounting a virtual machine...................................................................................... 359
Recovery of folders and files.................................................................................................. 360
Searching for a file, a folder, or a fileset....................................................................... 360
Recovering a file or folder............................................................................................ 361
Restoring to the source file system............................................................................... 361
Restore files and folders by download...........................................................................362
Restoring from notification link..................................................................................... 363
Restoring from Activity Detail........................................................................................363
Contents 05/25/2022 |
xviii
Finding a vApp through the vCD Organizations view...................................................... 441
Opening the local page for a vApp............................................................................... 441
Enabling synchronization...............................................................................................441
Excluding a virtual machine.......................................................................................... 442
Including an excluded virtual machine...........................................................................442
Performing tasks with a vApp virtual machine................................................................443
Protecting a vApp through the vCloud Director hierarchy................................................ 443
Protecting a vApp through the vApps tab...................................................................... 444
Protecting a vApp through the local page......................................................................444
Taking an on-demand snapshot of a vApp.....................................................................445
Protecting vApp templates...................................................................................................... 445
Recovery and restore of vApp data.........................................................................................447
Instant Recovery and Export network options................................................................447
Recovery workflow....................................................................................................... 448
Performing an Instant Recovery of a full vApp...............................................................449
Performing an Instant Recovery of a partial vApp.......................................................... 449
Exporting a full vApp................................................................................................... 450
Exporting a partial vApp...............................................................................................451
Recovering folders and files for download..................................................................... 452
Recovering folders and files to overwrite originals..........................................................453
Recovering folders and files to a new location............................................................... 453
Contents 05/25/2022 | xx
Indexing when VPN is unavailable................................................................................ 512
AWS account and user........................................................................................................... 513
Configuring the AWS account security policy................................................................. 513
Configuring the Rubrik CDM user..................................................................................514
Adding an AWS account......................................................................................................... 515
Amazon EC2 Instances tab data................................................................................... 516
Managing an existing AWS account.........................................................................................516
Assigning an SLA to an Amazon EC2 instance......................................................................... 517
EBS volume exclusion.............................................................................................................518
Excluding EBS volumes from the protection assigned to an instance................................518
Taking an on-demand snapshot.............................................................................................. 518
Restoring Amazon EC2 instance snapshots.............................................................................. 519
Exporting Amazon EC2 instance snapshots.............................................................................. 519
Downloading files or folders from snapshots............................................................................520
Contents 05/25/2022 |
xxiii
Point-in-time recovery............................................................................................................ 647
Live Mount.............................................................................................................................648
SQL Server requirements........................................................................................................648
SQL Server permissions required for backups................................................................ 648
Rubrik Backup Service............................................................................................................649
Windows Server hosts............................................................................................................ 649
Adding a Windows Server host..................................................................................... 649
Removing a Windows Server host.................................................................................650
SQL Server per-host tuning.................................................................................................... 651
Per-host configurations................................................................................................. 651
Numerical limits for per-host configurations................................................................... 652
Creating a per-host configuration..................................................................................652
Updating a per-host configuration................................................................................. 652
Retrieving a per-host configuration............................................................................... 653
Listing per-host configurations for multiple hosts........................................................... 653
Deleting a per-host configuration.................................................................................. 654
SQL Server databases............................................................................................................ 655
Setting the default log backup frequency...................................................................... 655
Managing and protecting databases through a parent object.......................................... 656
Managing and protecting individual databases............................................................... 657
Removing an SLA Domain assignment...........................................................................658
Creating an on-demand snapshot................................................................................. 658
Creating a group on demand snapshot task.................................................................. 659
Creating a tail-log backup.............................................................................................660
Downloading snapshot and transaction logs...................................................................660
SQL Change Block Tracking.................................................................................................... 661
Configuring default CBT settings................................................................................... 661
Enabling or disabling CBT on a Windows host............................................................... 661
Change block tracking for SQL Server clusters............................................................... 662
Unmanaged data....................................................................................................................663
Recovery Points card page..................................................................................................... 663
Overview card..............................................................................................................663
Recovery Points card.................................................................................................... 664
Database recovery................................................................................................................. 664
Recovering a database................................................................................................. 664
Live mounting a SQL Server database...........................................................................665
Force Unmount............................................................................................................ 666
Unmounting a Live Mount database.............................................................................. 666
Exporting a database................................................................................................... 667
SQL Server log shipping......................................................................................................... 668
Setting up a log shipping target................................................................................... 668
Deleting the log shipping configuration......................................................................... 670
Windows Server Failover Clustering.........................................................................................670
Automatic detection and display................................................................................... 670
Failover events............................................................................................................. 671
Adding failover clusters................................................................................................ 671
Viewing failover clusters and databases.........................................................................672
Managing and protecting FCI databases through a parent object.................................... 672
Managing and protecting individual FCI databases......................................................... 673
Removing an SLA Domain assignment...........................................................................674
Creating an on-demand snapshot................................................................................. 675
Recover or export from FCI database recovery points.................................................... 675
Always On Availability Groups................................................................................................. 675
Exporting or restoring an availability database recovery point......................................... 676
Workflow to restore a database into an Always On Availability Group...............................677
Contents 05/25/2022 |
xxiv
SAP HANA databases................................................................................................................... 678
SAP HANA backup retention................................................................................................... 678
Rubrik Backup Service for SAP HANA...................................................................................... 679
Requirements for using sap_hana_bootstrap_main...................................................................679
Including a JSON file with the bootstrap script.............................................................. 680
Including user names and passwords at the command line.............................................681
Enabling SSL connections....................................................................................................... 681
Registering SAP HANA database............................................................................................. 682
Configuring Rubrik backup for SAP HANA databases................................................................ 683
Backing up an SAP HANA database........................................................................................ 684
Viewing the backup catalog.......................................................................................... 685
Restoring an SAP HANA database........................................................................................... 685
Bootstrap SAP HANA for high availability................................................................................. 686
Copying a database from an external host.............................................................................. 686
Restoring a database from a Managed Volume snapshot.......................................................... 688
Pausing Backint backups........................................................................................................ 690
Resuming Backint backups..................................................................................................... 691
SAP HANA best practices........................................................................................................692
Managed Volume SLA Domains..................................................................................... 692
SAP HANA log backup frequency.................................................................................. 693
Managed Volume Channels........................................................................................... 693
Backint streams........................................................................................................... 695
Floating IPs................................................................................................................. 695
Reports.......................................................................................................................................... 750
Summary view....................................................................................................................... 750
Viewing report summary information.............................................................................750
Displaying a report.......................................................................................................751
Default reports.......................................................................................................................751
Custom reports...................................................................................................................... 752
Object logical size........................................................................................................ 752
Types of charts............................................................................................................ 753
Chart measures............................................................................................................753
Chart attributes............................................................................................................ 759
Table measures............................................................................................................ 761
Table attributes............................................................................................................ 766
Report filters................................................................................................................767
Creating a custom report..............................................................................................769
Modifying a custom report............................................................................................771
Transaction log metadata retention......................................................................................... 771
Contents 05/25/2022 |
xxvi
Changing transaction log metadata retention................................................................. 771
Exporting a report data table................................................................................................. 772
Report schedules....................................................................................................................772
Scheduling reports....................................................................................................... 772
Changing ownership of a scheduled report email subscription......................................... 773
Changing a report schedule.......................................................................................... 773
Removing report schedules...........................................................................................774
Contents 05/25/2022 |
xxvii
Appendix B: Minimum vCenter Server privileges....................................................................... 824
Minimum datastore privileges................................................................................................. 824
Minimum global privileges...................................................................................................... 825
Minimum host privileges......................................................................................................... 825
Minimum network privileges................................................................................................... 825
Minimum resource privileges...................................................................................................826
Minimum sessions privileges................................................................................................... 826
Minimum virtual machine privileges.........................................................................................826
Minimum profile-driven storage privileges................................................................................ 829
Minimum vSphere tagging privileges....................................................................................... 829
Configuration
Procedure
1. On a computer with network access to the Rubrik cluster, start a web browser.
2. In the address field, type the following URL: https://RubrikCluster
Where RubrikCluster is the resolvable hostname or IP address of the Rubrik cluster.
The Welcome screen appears.
3. In Username, type admin.
Use the admin account to log in to the Rubrik cluster for the first time.
4. In Password, type the password for the admin account.
Use the password for the admin account that was created during system setup.
5. Click Sign In.
At the first login, the End User License Agreement appears.
6. Click I Agree to continue.
Result
The Dashboard page for the Rubrik CDM web UI appears.
Note: When the Rubrik cluster has not been registered, a notification appears on each page of the Rubrik
CDM web UI. The Rubrik CDM Install and Upgrade Guide provides detailed information about how to
register the Rubrik cluster.
Procedure
1. Open the Rubrik CDM web UI in a web browser.
The Welcome screen appears.
2. In Username, type the username assigned to the local account.
3. In Password, type the password for the account.
Configuration 05/25/2022 | 29
4. Click Sign In.
Result
The Dashboard page for the web UI appears.
Context
If no domain is specified during login, the Rubrik cluster searches all LDAP domains randomly until it finds
the first occurrence of the user name. The password entered by the user must match the password stored
in the LDAP directory that was found during the search, or login fails.
Procedure
1. Open the Rubrik CDM web UI in a web browser.
The Welcome screen appears.
2. In Username, type the username associated with the LDAP account.
3. In Password, type the password for the account.
4. In Domain or Domain Display Name, type the name of the LDAP domain that contains the login
credentials to be used for authentication.
5. Click Sign In.
Result
The Rubrik cluster authenticates the username through the specified LDAP domain, with one of the
following results:
• Authentication succeeds, and access is permitted. The Dashboard page for the web UI appears.
• Authentication succeeds, but access is denied because the user account has the No Access role
assigned.
• Authentication fails.
Prerequisites
A user with global administrator privileges must first configure single sign-on in the Rubrik CDM web UI
and in the UI of the identity provider. Once configured, the Sign In with SSO button becomes available
on the Welcome screen.
Procedure
1. Open the Rubrik CDM web UI in a web browser.
The Welcome screen appears.
2. Click Sign In with SSO.
The Rubrik CDM web UI redirects to the login page for the Identity Provider.
3. Type the requested login credentials and click Sign In.
Result
The identity provider login page redirects to the Rubrik CDM web UI, and the Dashboard page appears.
Configuration 05/25/2022 | 30
Logging in with Polaris
A Polaris user can use their credentials to log in to a connected Rubrik cluster.
Context
Users with accounts on a Polaris instance can use their Polaris credentials to log in to Rubrik clusters
managed by that Polaris instance.
Procedure
1. Open the Rubrik CDM web UI in a web browser.
The Welcome screen appears.
2. Click Sign In with Polaris.
The Polaris login screen appears. Users that are already logged in to Polaris redirect to the CDM
dashboard.
Result
The Dashboard page appears.
Gear menu
The Rubrik CDM web UI provides access to Rubrik cluster settings and tasks through the gear menu.
Use the gear menu to perform the following configurations in Rubrik CDM:
• Application Configuration
Configuration 05/25/2022 | 31
• System Configuration
• Network Configuration
• Access Management
• Support
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
Result
The gear menu appears.
vCD Instances Add, refresh, edit, and delete vCloud Director instances. See vCloud Director
instances for more information.
SCVMM servers Add, view, edit, and delete Microsoft System Center Virtual Machine Managers
(SCVMMs).
See Hyper-V virtual machines for more information.
Hosts Add, view, edit, and delete physical Windows, Linux, and Unix hosts.
See Configuring SNMPv2c support for more information.
Cloud Sources Configure the cloud accounts and regions where instances need to be protected.
See Adding an AWS account for more information.
Guest OS Settings Provide credentials to access the guest operating systems. Also, control
deployment of the Rubrik Backup Service (RBS) to vSphere virtual machines that
have a Windows guest operating system.
See Guest OS settings for more information.
System Configuration
Replication Targets Add and remove a Rubrik cluster as a replication target and view information
about replication activity.
Configuration 05/25/2022 | 32
Menu item Description
See Replication for more information.
Archival Locations Provide the connection settings for an archival location, view information about
archival activity, and initiate a recovery connection.
See Archiving for more information.
Storage Arrays Add, edit, and remove configuration information for storage arrays.
See Manage storage arrays for more information.
Adaptive Backup Configure the Rubrik cluster to pause backup of a virtual machine when resource
usage exceeds set values.
See Adaptive Backup for more information.
Pause Protection Manual pause and resume of all backup jobs and archival jobs.
See Network Throttling for more information.
IPMI Credentials Provide more security for the baseboard management controller on the Rubrik
nodes by setting an IPMI password.
See Configuring IPMI for more information.
iSCSI Sources Provide and view the connection settings for an iSCSI data connection.
See Configuring iSCSI for more information.
Certificate Install or delete signed Transport Layer Security (TLS) certificates, and generate
Management Certificate Signing Requests (CSRs).
For more information, refer to the Rubrik CDM Security Guide.
Cluster Settings Set Rubrik cluster name and time zone and set visibility settings for Data
Sources.
See Time zone setting and Data sources setting for more information.
Network Configuration
Proxy Settings Provide the Rubrik cluster with proxy configuration information for external
connections.
See Proxy settings for more information.
Network Settings Provide connection information for NTP servers, DNS servers, and search
domains. Also provides information on Interfaces.
See Network settings for more information.
Configuration 05/25/2022 | 33
Menu item Description
Network Throttling Enable and configure replication throttling. Enable and configure archival
throttling.
See Network Throttling for more information.
Notification Settings Configure the SMTP server on the Rubrik cluster so it can send email. Configure
an SNMP server to be able to poll the Rubrik cluster for information. Configure
a list of email recipients, and decide whether log messages should be sent to
Syslog.
See Email notifications, SNMP integration, and Syslog settings for more
information.
Access Management
Users Manage local user accounts and manage authorization for authenticated users.
See User accounts for more information.
Support
Support Bundle Instruct the Rubrik cluster to provide a complete bundle of cluster and node logs
for local download.
See Creating and downloading a support bundle for more information.
Support Tunnel Enable and disable the tunnel used by Rubrik Support.
See Secure access to the support tunnel for more information.
Manage hosts
The Hosts page is a central location to manage physical hosts in the Rubrik cluster.
The Rubrik cluster supports Windows, Linux, and Unix hosts. The Hosts page provides a central location
to add the supported physical hosts to the Rubrik cluster. The Hosts page also provides the ability to edit
hosts and to remove hosts from the Rubrik cluster.
Prerequisites
Install the Rubrik Backup Service (RBS) software on the hosts by completing the tasks described in:
• Downloading the RBS software or Obtaining the RBS software by URL
• Installing RBS on Linux and Unix hosts or Installing RBS on Windows
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
Configuration 05/25/2022 | 34
2. Click the gear icon.
3. Click Hosts.
The Hosts page appears.
4. Select one of the following host tabs.
• Windows Hosts
• Linux & Unix Hosts
5. Click the + icon.
The Add Hosts dialog box appears.
6. In IPs or Hostnames, type a comma-separated list of IPv4 addresses or resolvable hostnames of
physical hosts.
The list can contain a mix of IPv4 addresses and hostnames. The Rubrik cluster requires one IPv4
address or one hostname for each physical host being added.
7. Click Add.
Result
The Rubrik cluster checks connectivity with the specified physical hosts and adds the physical hosts.
Related Tasks
Adding a query user to an existing host
Update an existing Oracle host with information on the Oracle query user in order to use the Oracle query
user instead of the user with SYSDBA privileges.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Hosts.
The Hosts page appears.
4. Select the Windows Hosts tab or select the Linux & Unix Hosts tab.
5. Open the ellipsis menu next a host entry and click Edit.
The Edit Host dialog box appears.
6. In IP or Hostname, type a replacement IPv4 address or resolvable hostname for the physical host.
7. Click Update.
Result
The Rubrik cluster checks connectivity using the specified value and stores the information for the host.
Related Tasks
Adding a query user to an existing host
Update an existing Oracle host with information on the Oracle query user in order to use the Oracle query
user instead of the user with SYSDBA privileges.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
Configuration 05/25/2022 | 35
3. Click Hosts.
The Hosts page appears.
4. Select the Windows Hosts tab or select the Linux & Unix Hosts tab.
5. Open the ellipsis menu next to a host entry and click Delete.
A confirmation message appears.
6. Click Delete.
Result
The Rubrik cluster removes the selected host.
Guest OS settings
Enable the administration of guest OS credentials for virtual machines and fileset hosts.
The Guest OS Settings page enables the administration of guest OS credentials for virtual machines and
fileset hosts. The page also provides a setting to enable and disable automatic deployment of the Rubrik
Backup Service to vSphere virtual machines.
The Rubrik cluster uses guest OS credentials to provide application consistent snapshots of vSphere virtual
machines that are running a Windows guest operating system. The Rubrik cluster also uses guest OS
credentials to enable direct restore of files and folders to guest operating systems that do not have the
Rubrik Backup Service installed. The guest OS credentials are added through the Restore File dialog box
during a direct restore.
Related Concepts
Backup consistency levels
By default, the Rubrik cluster provides the highest level of backup consistency that is available for a virtual
machine.
Related Tasks
Restoring directly to a guest file system
Restore a file or folder to the source file system of a supported Windows or Linux guest operating system.
Guest OS credentials
Guest OS credentials provide access to guest operating systems for vSphere virtual machines.
The Rubrik cluster requires an installed Rubrik Backup Service or guest OS credentials to start scripts on a
vSphere virtual machine.
• If the Rubrik Backup Service is installed and registered on the account, no additional permissions are
required. The Rubrik Backup Service will execute the script.
• If the Rubrik Backup Service is not installed, provide guest OS credentials with sufficient privileges.
To restore directly to a Linux guest, provide the credentials for an account that has Write permission for
the restore location.
To restore directly to a Windows guest or to create application-consistent snapshots from a Windows
guest, the Rubrik cluster requires the credentials of an account that has administrator access to the guest.
The account can be either a local administrator account or a domain administrator account.
• Using a local administrator account on the guest OS provides access. However, providing individual
guest OS credentials for each guest OS can be inconvenient.
• Using a domain administrator account on the guest OS provides access. However, using a domain
administrator account causes security concerns for network administrators.
Rubrik recommends providing the Rubrik cluster with a credential for a domain-level account that has
a small privilege set that includes administrator access to the relevant guests. Based on organizational
Configuration 05/25/2022 | 36
requirements, several credentials of this sort can be provided. The Rubrik cluster tries each provided guest
OS credential to gain access to a Guest OS.
Prerequisites
Select or create a credential for an account that provides administrator access to the Windows guest OS.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Guest OS Settings.
The Guest OS Settings page appears.
4. Click the + icon.
The Add Guest OS Credentials dialog box appears.
5. In Domain, type the resolvable hostname or IP address of the authentication server for the
credential.
When the guest OS performs Workstation Authentication of credentials instead of Domain
Authentication, leave the Domain field empty.
With some ESXi hypervisors, the VMware API requires a single period character in the Domain field to
correctly pass the Workstation Authentication value to the Windows guest OS. When an empty Domain
field does not provide successful Workstation Authentication with the Windows guest OS, add a period
character in the Domain field.
6. In Username, type the username.
7. In Password, type the password.
8. Optional: Click the + icon on the Add Guest OS Credentials dialog box to add credentials for additional
virtual machines.
9. Click Add.
Result
The Rubrik cluster stores the credential.
Prerequisites
Select or create an account with the necessary Write access for the Linux guest OS.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Guest OS Settings.
The Guest OS Settings page appears.
4. Click the + icon.
The Add Guest OS Credentials dialog box appears.
5. Leave the Domain field empty.
Configuration 05/25/2022 | 37
6. In Username, type the username.
7. In Password, type the password.
8. Optional: Click the + icon on the Add Guest OS Credentials dialog box to add credentials for additional
virtual machines.
9. Click Add.
Result
The Rubrik cluster stores the credentials.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Guest OS Settings.
The Guest OS Settings page appears.
4. Open the ellipsis menu next to a Guest OS credential entry, and click Edit.
The Edit Guest OS Credential dialog box appears.
5. Make edits to server, username, or password.
For a Linux credential, ensure that the Domain field is empty.
6. Click Update.
Result
The Rubrik cluster saves the new information.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Guest OS Settings.
The Guest OS Settings page appears.
4. Open the ellipsis menu next to a Guest OS credential entry, and click Delete.
A confirmation message appears.
5. Click Delete.
Result
The Rubrik cluster deletes the selected credential.
Configuration 05/25/2022 | 38
Service provides a method for automatically installing and registering the Rubrik Backup Service on
multiple vSphere virtual machines that are running a Windows guest OS.
Related Tasks
Automatically deploying RBS
A Rubrik cluster can install and register the Rubrik Backup Service on a supported Windows guest at the
next scheduled or on-demand backup of that Windows guest.
Category Requirement
Storage array type Pure Storage FlashArray//m series
Storage array API Pure Storage REST API version 1.0 or newer
Storage array account Username and password for a storage array account with ‘storage admin’
privileges
Related Concepts
Storage array integration
A Rubrik cluster can integrate with a storage array to further reduce the time that a virtual machine is
quiescent during a snapshot operation. To qualify for storage array integration, all datastores assigned to
the virtual machine must reside on storage arrays.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Storage Arrays.
The Storage Arrays page appears.
4. Click the + icon.
The Add Storage Array dialog box appears.
5. In Array Type, select the type of array.
Array Type Description
Pure Storage Adds Pure Storage array
Dell EMC PowerStore Adds Dell EMC PowerStore storage array
6. In Hostname, type the IPv4 address or resolvable hostname of the storage array.
7. In Username, type the user name for an account with storage admin privileges on the storage array.
8. In Password, type the password for the account.
9. Optional: To add a root certificate for the storage array type, select the TLS certificate from the
Signed TLS Certificate drop-down menu.
When the TLS certificate is missing from the drop-down menu, it can be added through the Certificate
Management Page.
Configuration 05/25/2022 | 39
10. Click Add.
Result
The Rubrik cluster tests access to the storage array and saves the configuration information.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Storage Arrays.
The Storage Arrays page appears.
4. Open the ellipsis menu next to an array entry and click Edit.
5. Edit the fields.
6. Click Update.
Result
The Rubrik cluster tests access to the storage array using the new configuration information and saves the
configuration information.
Context
Deleting a storage array removes storage array integration for all virtual machines that use the array as
a datastore. The Rubrik cluster switches the data ingestion path from the storage array to the vCenter
Server. This can potentially cause a performance impact for snapshots of those virtual machines.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Storage Arrays.
The Storage Arrays page appears.
4. Open the ellipsis menu next to an array entry and click Delete.
A warning appears.
5. Click Delete.
Result
The Rubrik cluster removes the configuration information for the selected storage array.
Configuration 05/25/2022 | 40
Adaptive Backup
Adaptive Backup settings instruct the Rubrik cluster to check the resource usage of a virtual machine
before starting a snapshot. When the resource usage is above configured limits, the Rubrik cluster
postpones the snapshot.
When Adaptive Backup settings are enabled, the Rubrik cluster checks the virtual machine I/O latency,
datastore I/O latency, and virtual machine CPU utilization before starting a snapshot. When a value
exceeds a configured limit, the Rubrik cluster reschedules the snapshot. Rubrik cluster cancels the backup
jobs associated with the datastore when the free capacity of a datastore is lower than the value defined in
a threshold.
After approximately 15 minutes, the Rubrik cluster checks the values again. When the values are below the
limits, the Rubrik cluster initiates the snapshot. When the values are above the limits, the Rubrik cluster
reschedules the snapshot.
Each time an Adaptive Backup setting causes the rescheduling of a snapshot, the Rubrik cluster moves
the policy-based snapshot schedule for the virtual machine to accommodate the change. Consider the
following example.
The Rubrik cluster has Adaptive Backup settings enabled. A virtual machine is protected by the Gold SLA
Domain of the Rubrik cluster. This SLA Domain requires hourly snapshots. The next two hourly snapshots
for this virtual machine are scheduled for 1:00 PM and 2:00 PM.
At 1:00 PM the Rubrik cluster finds that the CPU utilization of the virtual machine is above the configured
limit. The 1:00 PM snapshot is rescheduled for 1:15 PM.
At 1:15 PM the snapshot is successfully initiated, and the next hourly snapshot is scheduled for 2:15 PM.
On-demand snapshots
Adaptive Backup settings also apply to on-demand snapshots.
When the Adaptive Backup settings are enabled, the Rubrik cluster performs an Adaptive Backup settings
check before starting an on-demand snapshot. When a value exceeds a configured limit, the Rubrik cluster
reschedules the on-demand snapshot.
After approximately 15 minutes, the Rubrik cluster checks the values again. When the values are below the
limits, the Rubrik cluster initiates the on-demand snapshot.
The Rubrik cluster continues to reschedule the on-demand snapshot until the values for the virtual
machine are below the configured limits. When the values are below the limits, the Rubrik cluster
completes the on-demand snapshot.
Limit types
When applying Adaptive Backup settings the Rubrik cluster considers the virtual machine I/O Latency,
datastore I/O latency, and virtual machine CPU utilization before initiating a snapshot of that virtual
machine.
The Rubrik cluster postpones a snapshot when the actual value of a limit type exceeds the value that is
set for the limit. The following table describes how the Rubrik cluster applies the Adaptive Backup settings
based on the limit types.
Configuration 05/25/2022 | 41
Limit Description
Maximum VM IO Latency Sets the maximum time in milliseconds to process a command from the
guest OS to the virtual machine.
The actual value is determined from ‘vm.maxTotalLatency’.
Maximum Datastore IO Sets the highest latency for all datastores being used by a virtual machine,
Latency not including any excluded VMDKs.
The actual value is determined by finding the highest value for
‘disk.TotalLatency’ for all of the datastores assigned to the virtual machine.
Maximum VM CPU Utilization Sets the maximum percentage of the combined frequency of all processors
assigned to the virtual machine.
The actual value is computed by dividing the vm.overallCpuUsage by
vm.maxCpuUsage.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Adaptive Backup.
The Adaptive Backup page appears.
4. Select Enable Adaptive Backup.
5. In Maximum VM IO Latency, type an integer value representing the highest virtual machine I/O
latency allowed, in milliseconds.
6. In Maximum Datastore IO Latency, type an integer value representing the highest datastore I/O
latency allowed, in milliseconds.
7. In Maximum VM CPU Utilization, type an integer value representing the greatest percentage of
virtual machine CPU utilization allowed.
8. Click Update.
Result
The Rubrik cluster saves the Adaptive Backup settings. The Rubrik cluster checks the measured values at
the time of every snapshot and postpones a snapshot when a measured value is higher than a set value.
Configuration 05/25/2022 | 42
Enabling the Two-Person Rule (TPR) for Pause Data Protection/ Backup requires approval from an account
with the TPR approver role.
Related Concepts
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related Tasks
Pausing protection activity
Pause protection activity to temporarily reduce the impact of Rubrik cluster activity.
Resuming protection activity
Resume protection activity to remove the restrictions of the pause feature.
Related reference
Impact of pausing protection activity
Pausing protection impacts all the impending and ongoing protection activities on a Rubrik cluster.
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Configuration 05/25/2022 | 43
Activity Impact Description
SLA Managed Cancel requested The Rubrik cluster requests the cancellation of all SLA
Volumes Managed Volume backups that are in progress. A backup
is canceled when the state of the backup task permits
cancellation. Otherwise, the backup completes.
No new SLA Managed Volume backups can be started during a
pause.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Pause Protection.
A confirmation dialog box appears.
4. Click Continue Anyway.
5. On the Submit Two-Person Rule Request dialog box, click Submit.
The Submit Two-Person Rule Request dialog box appears only when Pause Data Protection/ Backup is
enabled on the Two-Person Rule Controlled Action page. Otherwise, you will not see this dialog box.
The Two-Person Rule generates a review request. When the request is approved, the Rubrik cluster
applies the requested actions. When the request is denied, the Rubrik cluster rejects the requested
actions.
Result
The Rubrik cluster pauses the protection activity.
Related Concepts
Pause and resume protection activity
Pause backup jobs and archival data uploads.
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related reference
Impact of pausing protection activity
Pausing protection impacts all the impending and ongoing protection activities on a Rubrik cluster.
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Resume Protection.
A confirmation dialog box appears.
Configuration 05/25/2022 | 44
4. Click Resume.
Result
The Rubrik cluster resumes all protection activity.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Cluster Settings.
The Cluster Settings page appears.
4. Click the Data Sources tab and clear any data sources that are not applicable. Data sources in use
cannot be cleared.
5. Click Update.
Result
The Rubrik cluster saves the settings and displays only the selected data sources.
Configuring IPMI
The Rubrik node hardware includes a baseboard management controller (BMC) that can be used to
perform Intelligent Platform Management Interface (IPMI) tasks.
Context
Provide more security for the Rubrik nodes by requiring a secure strong password for access to the IPMI
interface.
Use the Rubrik CDM web UI to assign a strong password and to control access to the IPMI interface on all
nodes in the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click IPMI Credentials.
The Configure IPMI page appears.
4. Select one of the following external services to access IPMI.
• HTTPS
• IKVM (Java for .Net)
5. Click Update.
6. Click IPMI Password.
Configuration 05/25/2022 | 45
The Update IPMI password page appears.
7. In Password, type a secure password.
The password can be from 5 to 16 extended ASCII printable characters. Secure the password in a safe
location.
8. In Re-Enter Password, type the password again.
9. Click Update.
Result
The Rubrik CDM web UI assigns a strong password and controls access to the IPMI interface on all nodes
in the Rubrik cluster.
iSCSI configuration
The Rubrik cluster supports the iSCSI protocol for direct data connection to a storage array that is
providing storage for virtual machines.
When iSCSI is enabled, the Rubrik cluster maintains a control channel with the hypervisor host and uses
the iSCSI protocol to establish a data channel with the storage array. This protocol replaces the NBD
transport protocol for transfers of data from the storage array.
The Rubrik cluster supports the following authentication modes:
• No authentication.
• Unidirectional CHAP – Using the Challenge-Handshake Authentication Protocol (CHAP), the Rubrik
cluster authenticates with the storage array.
• Bidirectional CHAP – Using CHAP, the Rubrik cluster authenticates with the storage array and the
storage array authenticates with the Rubrik cluster.
PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994 defines the username and
password requirements for unidirectional and bidirectional CHAP.
Configuring iSCSI
To enable iSCSI support, provide the Rubrik cluster with the iSCSI connection details.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click iSCSI Sources.
The iSCSI Sources page appears.
4. In Server Name, type the name of the iSCSI server.
5. In Port, type the connection port used by the iSCSI server for incoming iSCSI connections.
The default is port 3260.
6. In Target, type the IPv4 address of the iSCSI server.
Leave Target empty to instruct the Rubrik cluster to attempt to automatically discover the IP address
of the iSCSI server.
7. In Authentication Mode, select the authentication mode used by the iSCSI server.
Choose one of the following:
• No Authentication
• Unidirectional CHAP
• Bidirectional CHAP
Configuration 05/25/2022 | 46
8. When No Authentication is selected, click Update.
9. (Unidirectional CHAP and Bidirectional CHAP) In Outgoing Name, type a username that enables the
storage array to authenticate the Rubrik cluster.
The storage array must grant sufficient access rights to the account represented by the username to
allow the Rubrik cluster access to the stored data.
10. (Unidirectional CHAP and Bidirectional CHAP) In Outgoing Secret, type the associated password.
11. When Unidirectional CHAP is selected, click Update.
12. (Bidirectional CHAP) In Incoming Name, type a username that enables the Rubrik cluster to
authenticate the storage array.
13. (Bidirectional CHAP) In Incoming Secret, type the associated password.
14. Click Update.
A success message appears.
15. To add additional iSCSI connections, repeat this task for each connection.
Result
The Rubrik cluster enables the iSCSI connection and uses the iSCSI protocol to directly access data that is
stored on the storage array.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Cluster Settings.
The Cluster Settings page appears.
4. In Cluster Time Zone, select a time zone for the Rubrik cluster.
5. Click Update.
Result
The Rubrik cluster changes the cluster time zone to the specified time zone and handles zone-specific
daylight savings time changes automatically.
Configuration 05/25/2022 | 47
Default time zone
The default time zone used by a Rubrik cluster is the Coordinated Universal Time (UTC) time zone.
Until a time zone is configured for a Rubrik cluster, the Rubrik cluster displays a banner message in the
Rubrik CDM web UI to alert the user that a cluster time zone is not set and that the Rubrik cluster is using
the UTC time zone.
Configuration 05/25/2022 | 48
Setting the login banner text
Use the Rubrik CDM web UI to set the login banner text.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Cluster Settings.
The Cluster Settings page appears.
4. In Login Banner Text, enter the login notice text.
Result
The Rubrik cluster saves the content and adds it to the modal dialog box on the login screen for
subsequent logins.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Cluster Settings.
The Cluster Settings page appears.
4. In Security Classification Color, select the banner color.
The supported choices are yellow, orange, red, blue, green, and none.
5. In Security Classification Text, enter the classification text.
6. Click Update.
Result
The Rubrik cluster saves the content and adds it to the banners in subsequent sessions.
Secure SMB
When the Rubrik cluster enforces SMB security, SMB clients must authenticate through Active Directory
before gaining access to SMB shares.
Important:
Enforcing security for Server Message Block (SMB) shares can cause certain operations to fail if the
required Active Directory (AD) domain is not correctly configured. Examples of operations that depend
on correct AD domain configuration are Volume Group backups, Volume Group mounts, SQL Server Live
Mounts, and Managed Volume actions.
To secure the SMB protocol, the Rubrik cluster joins an AD domain as a user account.
Secure SMB is used by the SQL Live Mount, Hyper-V Live Mount, Managed Volumes using SMB, Volume
Group, and Bare Metal Recovery features. When SMB shares are secured, all the SMB clients are required
to authenticate to access the SMB share. Rubrik CDM uses SMB servers to support signed and encrypted
connections.
Configuration 05/25/2022 | 49
AD domains can exist in several valid states.
State Description
Not configured The initial state when the domain is discovered.
Configured No action necessary - SMB security for this domain is configured.
Failed Network connectivity has failed and the domain must be manually re-added.
Prerequisites
Verify access to the following information:
• Fully qualified domain name of the AD Server
• Username and password of a user with domain access privileges
• List of fully qualified hostnames of domain controllers
• AD service account name of the Rubrik cluster
• AD organization unit
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the gear icon, navigate to System Configuration > SMB Security
The SMB Security page appears.
3. Select a failed connection to reinstate or select the plus icon in the top right corner to configure a new
domain.
The Add SMB Domain dialog box appears.
4. Add the domain information and click Add to complete the configuration.
The Rubrik cluster only uses the Username and Password entries one time in order to join the AD
domain.
The Rubrik cluster saves the configuration information and returns to the SMB Security page.
5. Click SMB Security Configuration in the top right corner.
The Manage SMB Security Configuration dialog box appears.
6. Select Enforce SMB Security.
7. Click Update.
Result
The Rubrik cluster enforces secure access to Server Message Block (SMB) shares from the specified AD
domain.
Related reference
Secure SMB domain information
Configuration 05/25/2022 | 50
Enabling security for a Server Message Block share requires information about several fields in an Active
Directory domain.
Field Description
Domain (FQDN) The fully-qualified domain name (FQDN) of the
server for the Active Directory (AD) domain.
Username The username of an account with access privileges
for the specified AD domain.
Password The password for the specified username.
Domain Controllers (Fully Qualified Hostnames) The FQDNs of the domain controllers for the
specified AD domain.
Computer Account Name A unique computer account name the Rubrik cluster
uses in the AD domain. This name must meet
NETBIOS standards and be unique in the AD forest.
Using an existing name overwrites the current
entry.
Organization Unit Optional. The name of the organization unit to
which the computer account belongs.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the gear menu and click System Configuration > SMB Security.
The SMB Security page appears.
3. Click the ellipses next to the domain.
4. Click Delete.
Result
The Rubrik cluster removes the specified Active Directory domain from the list of available domains.
Configuration 05/25/2022 | 51
2. For each node in the Rubrik cluster, set the Service Principal Name using the IP address as the
hostname portion of the name.
For environments that do not provide NTLM authentication, Rubrik CDM only provides support for hosts
running Windows Server 2016 or newer. Additionally, those hosts must be configured to permit Kerberos
authentication using an IP address.
Related Tasks
Enabling Kerberos authentication for SMB shares
Configure Kerberos clients to support IPv4 and IPv6 hostnames in SPNs.
Context
Clients that are part of an Active Directory domain can authenticate to SMB shares on a Rubrik cluster
using the Kerberos protocol instead of the default NT LAN Manager (NTLM) protocol. By default, Windows
does not use Kerberos authentication for hosts that use IPv4 addresses instead of hostnames.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the gear menu and click System Configuration > SMB Security.
The SMB Security page appears.
3. Note the Service Account Name for the SMB domain.
This name is a unique identifier for the Rubrik cluster in the AD forest.
Service Account Name for demo.com is CVM08CS0ffee61.
4. Log on to the controller for the Active Directory domain of the client.
Consult Microsoft Active Directory documentation for details on logging in to Active Directory domain
controllers.
The Active Directory controller prompt appears.
5. Configure support for using IP addresses as hostnames in Service Principal Names by adding the
TryIPSPN entry to the registry of the client host.
Set the TryIPSPN registry value on each client machine that needs to access Kerberos-protected
resources by IP address.
6. Restart the Rubrik Backup Service.
7. For each node in the Rubrik cluster, set the Service Principal Name using the IP address as the
hostname portion of the name.
Setting the Service Principal Name using the IP address is a requirement for SLA Managed Volume use
cases.
Where:
• $service is the name of the service.
• $IP_for_hostname is the IP address being used to replace the hostname.
Configuration 05/25/2022 | 52
• $account is the Service Account Name.
setspn -l $service_account_name
setspn -l CVM08CS0ffee61
Result
The Rubrik cluster enables Kerberos authentication for SMB shares.
Proxy settings
Some Rubrik cluster functions rely on internet access. The Rubrik cluster can be configured to use a proxy
server when accessing the internet.
To manage network and security requirements, optionally configure the Rubrik cluster to use a proxy
server. The proxy server must be configured to permit the Rubrik cluster to meet the network requirements
listed in Ports.
Function Description
Archiving to public cloud Communication between the Rubrik cluster and cloud-based archival
locations.
Uploading log bundles Upload of log bundles to Amazon S3. Rubrik Support can use the log
bundles when diagnosing issues. Rubrik deployments upload support
bundles to Amazon S3 every night. The support bundles are retained in
Amazon S3 for 20 days before being archived to Glacier, the Amazon S3
archive location.
Uploading real-time logs Real-time upload of error and failed job logs to an Amazon EC2
instance. The Rubrik Support alert system uses these logs to provide
quick responses to issues.
Uploading statistics Upload of Rubrik cluster statistics to provide Rubrik Support with a
dashboard view of the health of a Rubrik cluster. The statistics are also
integrated into the Rubrik Support alert system.
Configuration 05/25/2022 | 53
Function Description
Support tunnel Creates a tunnel from the Rubrik cluster to the Rubrik Support SSH
server. The Rubrik Support SSH server runs on an Amazon EC2 instance.
The tunnel can be opened to permit Rubrik Support to securely access
the Rubrik cluster. When the tunnel is opened, Rubrik Support uses the
tunnel to diagnose issues and perform maintenance operations. Enable
and disable this tunnel from the Rubrik CDM web UI.
Proxy implementations
There are several options for proxy server implementations.
A Rubrik cluster supports the following proxy server implementations:
• HTTP
• HTTPS, using the HTTP CONNECT method and port 443
• SOCKS5
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Proxy Settings.
The Proxy Settings page appears.
4. In Protocol, select an internet protocol that is supported by the proxy server.
Select one of the following protocols:
• HTTP
• HTTPS
• SOCKS5
5. In Proxy Server (IP or FQDN), type the IPv4 address or the FQDN of the proxy server.
6. In Port Number, type the port number the proxy server uses for requests from the Rubrik cluster.
The Rubrik CDM web UI automatically populates this field with the default port for the selected
protocol. When the proxy server uses a custom port, type that value instead.
7. Optional: In User Name, type the proxy server username assigned to the Rubrik cluster.
8. Optional: In Password, type the password associated with the assigned username.
9. Click Update.
Result
The Rubrik cluster stores the proxy settings and routes all subsequent internet traffic through the proxy
server.
Configuration 05/25/2022 | 54
Email notifications
Enable the Rubrik cluster to send email notifications.
To enable the Rubrik cluster to send email notifications, provide configuration information through the
Notifications page.
The Rubrik cluster transfers notification email messages to an SMTP server for delivery to the administrator
accounts.
Note: All email notifications generated by Rubrik contain the following origin identifier at the beginning of
the body of the message text: "This email notification is automatically generated by
Rubrik."
Notification messages are collected from the activity log and organized by event type. All messages
associated with one or more event types can be sent to a list of email recipients, as configured in the
Rubrik CDM web UI.
Related Tasks
Configuring outgoing email settings
To have a Rubrik cluster send email notifications, configure the outgoing email settings.
Configuring event email settings
Specify the types of events and the recipients for event notifications that are sent through email.
Setting Description
Host Name Host Name of the SMTP server.
Port Incoming port on the SMTP server. Normally port 25, port 465, or port 587, depending
upon the type of encryption used.
From Email The email address assigned to the account on the SMTP server.
Address
Username The username assigned to the account on the SMTP server.
Password The password associated with the username.
Encryption The encryption protocol that the SMTP server requires for incoming SMTP connections.
The Rubrik cluster supports the following protocols:
• NONE
• SSL
• STARTTLS
Prerequisites
Obtain the information described in Required outgoing email settings.
Configuration 05/25/2022 | 55
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Notification Settings.
The Notification Settings page opens, and the Email Settings tab is selected by default.
4. In Host Name, type the IP address or the FQDN of the SMTP server.
5. In Port, enter the incoming connections port for the SMTP server.
6. In From Email Address, type the email address assigned to the account on the SMTP server.
7. In Username, type the username assigned to the account on the SMTP server.
8. In Password, type the password associated with the username.
9. In Encryption, select the encryption protocol required by the SMTP server.
10. Click Update.
The Rubrik cluster validates and stores the email settings.
11. Click Send Test Email.
Result
The Rubrik cluster obtains the email address of the current administrator user, and sends a test email to
that user account on the local Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Notification Settings.
The Notification Settings page appears, with the Email Settings tab selected.
4. Make changes to the settings.
5. Click Update.
The Rubrik cluster validates and stores the email settings.
6. Click Send Test Email.
Result
The Rubrik cluster obtains the email address of the current administrator user, and uses the new settings
to send a test email to that user account on the local Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Notification Settings.
The Notification Settings page appears.
4. Select the Email Settings tab.
5. Click Clear SMTP Settings.
Configuration 05/25/2022 | 56
Result
The Rubrik cluster removes the settings.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. In Network Configuration, click Notification Settings.
The Notification Settings page opens.
4. Click the Notifications tab.
5. Click the + icon.
The Add Notification Setting wizard appears, set to the Event Types step.
6. In Event Types, do one of the following to send notifications.
• Select a specific event type. For example, you can select Two Person Rule to send notifications
about events related to the two-person rule.
• Select the Event Types checkbox to send notifications for all event types.
7. Click Next.
The wizard advances to the Severity step.
8. In Severity, do one of the following to send notifications for events based on the event severity.
• Select a specific severity level. For example, you can select Informational severity level to send
notifications about events related to the two-person rule.
• Select the Severity checkbox to send notifications for all event types.
9. Click Next.
The wizard advances to the Object Types step.
10. In Object Types, do one of the following to send notifications for specific object types.
• Select a specific object type.
• Select the Object Types checkbox to send notifications for all object types.
11. Click Next.
The wizard advances to the Send To step.
12. In the Emails tab, perform the required action depending on the notification option.
Option Required action
Emails Specify a comma-separated list of recipient email
addresses.
Send to all Administrators Select this option to send notifications to all
accounts that are part of the administrators
group.
Send to all Two-Person Rule Users Select this option to send notifications to all
accounts that have a two-person rule role
assigned.
Multiple options can be selected.
13. Optional: In the Syslog tab, click Send to syslog server.
14. Click Finish.
Configuration 05/25/2022 | 57
Result
The Rubrik cluster saves the event email settings.
Related Concepts
TPR roles
Enforcing the two-person rule on a Rubrik cluster requires assigning multiple roles that have specific
permissions.
SNMP integration
Rubrik CDM uses SNMP integration for central monitoring.
SNMP is used for network management and network monitoring. SNMP exposes management data
through a Management Information Base (MIB).
Rubrik SNMP integration supports SNMPv2c and SNMPv3.
Category Traps
Network • Network interface down on a port
• Network interface changed state to Recovered
Configuration 05/25/2022 | 58
Category Traps
Disk • A disk is locked
• A disk on a node is unavailable
• A disk on a node was marked recovered
• A disk on a node could not be marked as removed
• A disk on a node was successfully marked as removed
• A disk on a node could not be set up
• A disk on a node was successfully set up
• An unformatted disk was found on a node
• A disk on a node failed health checks
Context
Download the MIB file from the Rubrik cluster to view measurements and notification messages (traps)
specified in the file.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Network Configuration > Notification Settings.
The Notification Settings page appears.
4. Select the SNMP tab.
5. Click either Configure SNMP or Edit SNMP.
6. At the top of the dialog box click Download MIB file.
Result
The SNMP MIB file is downloaded.
Configuration 05/25/2022 | 59
Syslog messages as SNMP objects
The Management Information Base module inside the Rubrik cluster represents syslog messages as SNMP
objects.
The Management Information Base (MIB) module conveys any syslog message using SNMP, allowing
Rubrik clusters using SNMP to send Rubrik CDM events and provide information for the network
management station (NMS) to detect alerts.
The syslog messages conform to the Internet Engineering Task Force (IETF) standards described in RFC
5425, "The Syslog Protocol", and RFC 5676, "The SYSLOG-MSG-MIB."
SNMP polling
SNMP managers can poll the SNMP agent on the Rubrik cluster and request information by using the
SNMPv2c or SNMPv3 protocol.
The SNMP agent on the Rubrik cluster collects information and compiles it into a Management Information
Base (MIB). The information collected corresponds to the Object Identifiers (OIDs) defined in RFC 1213
“MIB-II” and RFC 2790 “Host Resources” and in the Rubrik MIB file.
The Rubrik cluster opens incoming UDP port 161 for polling by SNMP managers. A request for information
must include the community string (similar to a password) for SNMPv2c or user credentials for SNMPv3
along with an SNMP GET-REQUEST in order for the Rubrik cluster to respond with the requested
information.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Notification Settings.
The Notification Settings page appears.
4. Select the SNMP tab.
5. Click Configure SNMP or Edit SNMP.
The relevant dialog box appears.
6. Enable SNMP.
7. In Community String, enter the string to be used as a password when sending a request to the
SNMP agent.
8. Click Update.
Result
The Rubrik cluster is configured for SNMPv2c support.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
Configuration 05/25/2022 | 60
3. Click Notification Settings.
The Notification Settings page appears.
4. Select the SNMP tab.
5. Click Configure SNMP or Edit SNMP.
The relevant dialog box appears.
6. Enable SNMP.
7. In SNMP v3 settings, click Search by Username or click +.
The Add SNMP User dialog box appears.
8. In Username, type the username for the SNMP user.
9. In Authentication Password, type the SHA password.
10. In Privacy Password, type the AES password.
11. Click Add.
12. Click Update.
Result
The Rubrik cluster is configured for SNMP v3 support.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Notification Settings.
The Notification Settings page appears.
4. Select the SNMP tab.
5. Enable SNMP.
6. Click Update.
7. Click Add Trap Receiver.
The Add Traps Receiver dialog box opens.
8. Select the version for the SNMP Trap Receiver, SNMP v2c or SNMP v3.
9. In Traps receiver information, enter the IP address or FQDN corresponding to the trap receiver
that collects the traps sent from the Rubrik cluster.
10. In UDP Port, enter the incoming connections port for the SNMP trap receiver.
11. Click Add.
12. Each trap receiver can use a different port and different IP address.
Repeat the previous steps to add additional trap receivers.
Result
The Rubrik cluster saves the SNMP trap receiver configuration.
Configuration 05/25/2022 | 61
Network settings
The Rubrik cluster uses network address information for specific types of network entities to perform
system tasks.
Search domain Comma-separated list of domain names. The Rubrik cluster will only
request DNS records for the listed domains.
Floating IPs Comma-separated list of IP addresses used to maintain NFS mounts if a
Rubrik node fails.
The number of floating IP addresses is distributed evenly across the
nodes in a cluster. If the number of available nodes changes, floating
IP addresses are rebalanced as necessary to maintain even distribution.
Configure floating IP address to one of the subnets assigned to the
network interfaces of a Rubrik node.
VLAN settings Add a VLAN to the Rubrik cluster by configuring the VLAN ID, VLAN Subnet
Mask, and VLAN IP address.
NTP Comma-separated list of IP addresses or resolvable hostnames of Network
Time Protocol (NTP) servers.
Enabling the Two-Person Rule (TPR) for editing NTP requires approval from an account with the TPR
approver role.
To change the IP address of a Rubrik node, refer to the Rubrik CDM CLI Reference or contact Rubrik
Support.
Related Concepts
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related Tasks
Configuring network settings
Configure the network settings of the Rubrik cluster to enable system tasks.
Editing network settings
Edit the network settings when network requirements change.
Related reference
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Network Settings.
Configuration 05/25/2022 | 62
The Network Settings page appears.
4. Click the Network tab.
The Network settings dialog box appears.
5. In DNS Servers, type a comma-separated list of DNS Servers.
For each DNS Server, type the IPv4 address.
6. In Search Domains, type a comma-separated list of search domains.
For each search domain, type the FQDN.
7. Optional: In Floating IPs IPv4, type a comma-separated list of IPv4 addresses.
8. Optional: In Floating IPs IPv6, type a comma-separated list of IPv6 addresses.
9. Optional: Click the Interfaces tab.
The Interface settings appear.
10. Optional: Click Add VLAN.
The Add VLAN dialog box appears.
11. Optional: In VLAN ID, type the VLAN ID.
12. Optional: In VLAN Subnet Mask, type the VLAN Subnet Mask.
13. Optional: In VLAN IP Address, type a comma-separated list of IPv4 addresses.
14. Optional: Click Add.
15. Click Update.
16. Click the NTP Servers tab.
The NTP Servers dialog box appears.
17. In NTP Servers, type a comma-separated list of network time protocol servers.
For each server, type either the IPv4 address or the FQDN.
Result
The Rubrik cluster stores the information.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Network Settings.
The Network Settings page appears.
4. Change the network settings.
5. On the Submit Two-Person Rule Request dialog box, click Submit.
The Submit Two-Person Rule Request dialog box appears only when Changes to NTP Configuration is
enabled on the Two-Person Rule Controlled Action page. Otherwise, you will not see this dialog box.
6. Click Update.
The Two-Person Rule generates a review request. When the request is approved, the Rubrik cluster
applies the requested edits. When the request is denied, the Rubrik cluster rejects the requested edits.
Result
The Rubrik cluster stores the new information.
Related Concepts
Network settings
Configuration 05/25/2022 | 63
The Rubrik cluster uses network address information for specific types of network entities to perform
system tasks.
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related Tasks
Configuring network settings
Configure the network settings of the Rubrik cluster to enable system tasks.
Related reference
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Action Description
Enable or disable the CORS configuration Specify true or false.
By default, CORS support is not enabled.
Create CORS rules on Rubrik CDM that authorize This can be a specific origin, or use the wildcard
specified origin URLs to access API endpoints on character (*) to allow any origin.
CDM.
Specify the headers allowed This can be a comma-separated list or a wildcard
character (*). For example, the list can specify a list
of these headers:
Authorization,Origin, X-Requested-
With, Content-Type, Accept, x-vcloud-
authorization
Configuration 05/25/2022 | 64
Example: Making a cross-origin GET call
Once CORS is enabled using the PATCH endpoint for the external site or server that accesses the cluster,
this HTML example script can be run from that external site or server. Any GET endpoint can be added
in the script. Because CORS is enabled for that external site, the script can access the cluster using the
browser.
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/
jquery.min.js"></script>
</head>
<body>
<button id="test">Get Info</button>
<p id="content"></p>
<script>
$("#test).click(function() {
var req = new XMLHttpRequest();
req.open('GET', 'https://10.0.113.18/api/v1/cluster/me', true);
req.onreadystatechange = function() {
if (req.readyState === 4) {
$("#content").html(req.responseText);
}
};
req.setRequestHeader('Accept', 'application/json');
req.setRequestHeader('Authorization', 'Bearer TOKEN');
req.send()
});
</script>
</body>
</html>
Context
Users with global administrator permissions can use the GET and PATCH endpoints to configure Rubrik
CDM for CORS support, enabling them to integrate Rubrik CDM in other products. Make the API calls by
using the OpenAPI-based Rubrik playground by issuing cURL commands from the command line of a
computer with access to the Rubrik cluster, or by using any RESTful API-compliant client software.
Access the Rubrik REST API playground through a Rubrik cluster at: https://$cluster_address/
docs/v1/playground/. The GET and PATCH endpoints are located under the /cluster heading.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the account menu in the upper right corner and select API Token Manager.
3. On the API Token Manager page, click +.
4. Complete the Duration and tag fields and click Generate.
5. Click Copy.
6. Paste the token in a scratch file.
Configuration 05/25/2022 | 65
7. Use the token value to create an authenticated session with the Rubrik REST API server.
In the Rubrik REST API playground, click Authorize, paste the token in the value field, and click
Authorize again.
8. Expand the PATCH endpoint under the /cluster heading.
9. Type the payload for the PATCH endpoint to enable CORS on the external site.
Replace the ip_address with IP addresses of the server where the HTML script will run:
{
"isEnabled": true,
"allowedOrigins": "http://ip_address:8081, http://ip_address:8082",
"allowedHeaders": "*"
}
10. Get the current CORS support configuration for the web server with the GET endpoint.
This example retrieves the current CORS support configuration:
{
"isEnabled": true,
"allowedOrigins": "string",
"allowedHeaders": "string"
}
The response body displays the IP addresses specified in the PATCH endpoint.
{
"isEnabled": true,
"allowedOrigins": "http://8.8.8.8:8081, http://9.9.9.9:8082",
"allowedHeaders": "*"
}
Configuration 05/25/2022 | 66
Network Throttling
Rubrik CDM provides settings for replication and archiving that can be used to specify the maximum
bandwidth allowed for outbound traffic.
Use the Network throttling feature to set bandwidth limits for replication and archiving. The general
throttling settings can be modified by setting one or more scheduled overrides. The general settings can be
used alone or with scheduled throttle overrides.
The following rules specify how network throttling settings are applied:
• The general setting applies unless overridden by a scheduled override.
• Scheduled throttle overrides apply only for the specified time window.
• Scheduled overrides override the general throttle setting.
• Multiple schedules can be set.
• No two schedules can have a common time window.
• The scheduled overrides are enforced according to the cluster time zone.
The bandwidth limits for archiving and replication are configured separately and are independent of each
other. The bandwidth limits are configured at the Rubrik cluster level and available bandwidth is distributed
dynamically between the nodes based on the load. The Rubrik cluster size should be considered when
configuring throttle limits, the same throttle limit may not work well across different Rubrik cluster sizes.
Note: The bandwidth limit is enforced on each node by throttling traffic on port 443 for archiving and
port 7785 for replication. If an archival location proxy is enabled and uses a port other than 443, archival
throttling will not work. When determining whether to use archival throttling, take into consideration that
enabling it will slow all traffic through port 443, not just archiving and replication traffic.
Related Concepts
Ports
Rubrik CDM has specific port requirements.
Replication throttling bypass
The Rubrik REST API can be used to bypass the network throttle to provide more bandwidth for
replication.
Context
Multiple throttle schedules can be set. For example, bandwidth can be more limited during business hours
and increased during non-business hours.
Replication throttling must be enabled for the scheduled overrides to work. The scheduled limit overrides
the general limit if the schedule is active.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Network Throttling.
The Network Throttling page appears.
4. Click Schedule Override.
The Schedule Network Throttle Override page appears.
Configuration 05/25/2022 | 67
5. Select Replication.
6. Under Bandwidth Limit (Mbps), type an integer value representing the highest network usage
allowed, in Mbps.
7. Select specified Day(s) for the replication throttling policy.
8. Select specified times for the replication throttling policy.
9. Click Add.
After throttling is configured, click the ellipsis next to the scheduled override to edit or delete the
throttle policy. Configure additional replication throttling policies if needed.
Result
Replication throttling is overwritten.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Network Throttling.
The Network Throttling page appears.
4. Select Enable Replication Throttling.
5. In Replication Network Usage Threshold (Mbps), type an integer value representing the highest
network usage allowed, in Mbps.
6. In Select Network Interface, select a network interface.
7. Click Update.
Result
The Rubrik cluster overrides scheduled replication throttling. This setting can be used alone or with
scheduled replication throttling overrides.
Note: Network throttling is not supported for archiving to any location that does not use Port 443, such
as NFS targets and QStar tape.
Context
Multiple throttle schedules can be set. For example, bandwidth can be more limited during business hours
and increased during non-business hours.
Archival throttling must be enabled for the scheduled overrides to work. The scheduled limit overrides the
general limit if the schedule is active.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
Configuration 05/25/2022 | 68
3. Click Network Throttling.
The Network throttling page appears.
4. Click Schedule Override.
The Schedule Network Throttle Override page appears.
5. Select Archival.
6. Under Bandwidth Limit (Mbps), type an integer value representing the highest network usage
allowed, in Mbps.
7. Select specified Day(s) for the archival throttling policy.
8. Select specified times for the archival throttling policy.
9. Click Add.
Result
Archival throttling overrides are configured. After throttling is configured, click the ellipsis next to the
scheduled override to edit or delete the throttle policy. Configure additional archival throttling policies if
needed.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Network Throttling.
The Network Throttling page appears.
4. Select Enable Archival Throttling.
5. Under Archival Network Usage Threshold (Mbps), type an integer value representing the highest
network usage allowed, in Mbps.
6. In Select Network Interface, select a network interface.
7. Click Update.
Result
The Rubrik cluster overrides scheduled archival throttling. This setting can be used alone or with scheduled
archival throttling overrides.
Configuration 05/25/2022 | 69
A replication target cluster that has the property set to false does not bypass the bandwidth limit of the
configured network throttle setting.
Bypassing replication throttling for a replication target cluster allows faster replication of snapshots on that
target cluster. The available bandwidth specified by the network throttle is shared by the target clusters
that are not configured to bypass the replication throttle limit.
Currently, Rubrik CDM supports replication throttling bypass only for replication clusters that are set up in
a private network where the source and target clusters are assigned static IP addresses and are directly
reachable from each other within the network. It is not supported for source and target clusters where
replication is set up using the Network Address Translation (NAT) network topology.
Consider a scenario where a replication source Rubrik cluster is associated with three replication target
clusters: Cluster A, Cluster B, and Cluster C. Replication throttling is enabled on the source cluster and
configured with a bandwidth of 200 Mbps.
If shouldBypassReplicationThrottle = true for Cluster A, Cluster A will bypass the network
throttle and network traffic to Cluster A will not be constrained.
The aggregate traffic to Cluster B and Cluster C will be limited to 200 Mbps.
Related Concepts
Network Throttling
Rubrik CDM provides settings for replication and archiving that can be used to specify the maximum
bandwidth allowed for outbound traffic.
Replication
The replication feature directs the Rubrik cluster to send replicas of source snapshots or backups to a
target Rubrik cluster and defines the maximum time to keep the replica on each cluster.
Replication using a private network
To perform replication, a source Rubrik cluster can optionally communicate with a target Rubrik cluster
through a private network.
Related Tasks
Enabling and configuring replication throttling
Specify the maximum bandwidth for replication by configuring replication throttling. Replication throttling
can only be set by a global administrator.
Retrieving replication throttling bypass status
Retrieve the replication throttling bypass status for all replication target clusters.
Modifying replication throttling bypass status
Modify the replication throttling bypass status for a specific target cluster.
Endpoint Description
GET /network_throttle/replication/ Retrieves the throttle bypass status for replication
target targets of the API session host cluster. A successful
response contains the following information for the
replication target: ID, name, and bypass status.
Configuration 05/25/2022 | 70
Endpoint Description
GET /network_throttle/replication/ Retrieves the throttle bypass status for the
target/{id} replication targets identified by {id}, where {id} is
the ID of the target cluster.
The response of GET /network_throttle/
replication/target endpoint includes the IDs
for the replication targets available to the session
host.
Related reference
HTTP response model for replication throttling bypass
Description of the elements contained in the responses from the replication throttling bypass endpoints.
Prerequisites
Create an authorized Rubrik REST API session. To use the Rubrik REST API playground for this task,
authorize the session on the "v1" API branch, as described in Authorizing a Rubrik REST API session.
Procedure
1. In a web browser with network access to the Rubrik cluster, open https://RubrikCluster/
docs/v1/playground/.
Where RubrikCluster is the resolvable hostname or IP address of the Rubrik cluster.
2. Click /network_throttle.
The listing expands to show all the operations for that endpoint.
3. Click GET /network_throttle/replication/target.
The endpoint listing displays a list of parameters, if any.
4. Click Try it out.
The Execute button appears.
5. Click Execute to send the request.
The response to a successful request is a set of JSON objects containing the replication throttling
bypass status for each target cluster.
{
"hasMore": false,
"data": [
{
"id": "$replication_target_cluster_1_id",
"clusterName": "$replication_target_cluster_1_name",
"shouldBypassReplicationThrottle": true
},
{
Configuration 05/25/2022 | 71
"id": "$replication_target_cluster_2_id",
"clusterName": "$replication_target_cluster_2_name",
"shouldBypassReplicationThrottle": false
}
],
"total": 2
}
Result
The Rubrik REST API server responds with the summary of all the replication target clusters and specifies
whether the target clusters are bypassing the network throttle.
Related Tasks
Retrieving replication throttling bypass status for a target
Retrieve the replication throttling bypass status for a specified replication target cluster.
Related reference
HTTP response model for replication throttling bypass
Description of the elements contained in the responses from the replication throttling bypass endpoints.
Prerequisites
Do the following:
• Open an authorized Rubrik REST API session. To use the Rubrik REST API playground for this task,
authorize the session on the "v1" API branch, as described in Authorizing a Rubrik REST API session.
• Have available the ID assigned to the replication target cluster to check whether the cluster is
configured to bypass replication throttling.
Procedure
1. In a web browser with network access to the Rubrik cluster, open https://RubrikCluster/
docs/v1/playground/.
Where RubrikCluster is the resolvable hostname or IP address of the Rubrik cluster.
2. Click /network_throttle.
The listing expands to show all the operations for that endpoint.
3. Click GET /network_throttle/replication/target/{id}.
The endpoint listing displays the parameters.
4. Click Try it out.
The parameters become editable and the Execute button appears.
5. In id, type the ID of the target replication cluster.
6. Click Execute to send the request.
The response to a successful request is a JSON object containing the replication throttling bypass
status for the specified target cluster.
{
"id": "$replication_target_cluster_id",
"clusterName": "$replication_target_cluster_name",
"shouldBypassReplicationThrottle": true
}
Configuration 05/25/2022 | 72
Result
The Rubrik REST API server responds with a summary for the replication target cluster and specifies
whether the target cluster is bypassing the network throttle.
Related Tasks
Retrieving replication throttling bypass status
Retrieve the replication throttling bypass status for all replication target clusters.
Related reference
HTTP response model for replication throttling bypass
Description of the elements contained in the responses from the replication throttling bypass endpoints.
Prerequisites
Do the following:
• Open an authorized Rubrik REST API session. To use the Rubrik REST API playground for this task,
authorize the session on the "v1" API branch, as described in Authorizing a Rubrik REST API session.
• Have available the ID assigned to the replication target cluster to update the replication throttling
bypass status for the cluster.
Procedure
1. In a web browser with network access to the Rubrik cluster, open https://RubrikCluster/
docs/v1/playground/.
Where RubrikCluster is the resolvable hostname or IP address of the Rubrik cluster.
2. Click /network_throttle.
The listing expands to show all the operations for that endpoint.
3. Click PATCH /network_throttle/replication/target/{id}.
The endpoint listing displays the parameters.
4. Click Try it out.
The parameters become editable and the Execute button appears.
5. In id, type the ID of the target replication cluster.
6. In config, type the JSON input representing the configuration property and the value to be set for the
property.
Sample JSON input to set the property to true:
{
"shouldBypassReplicationThrottle": true
}
{
"id": "$replication_target_cluster_id",
"clusterName": "$replication_target_cluster_name",
"shouldBypassReplicationThrottle": true
}
Result
The Rubrik REST API server responds with the updated summary of the specified replication target cluster.
Configuration 05/25/2022 | 73
Related Tasks
Retrieving replication throttling bypass status for a target
Retrieve the replication throttling bypass status for a specified replication target cluster.
Related reference
HTTP response model for replication throttling bypass
Description of the elements contained in the responses from the replication throttling bypass endpoints.
Related reference
API endpoints for replication throttling bypass
The Rubrik REST API provides endpoints for managing the network throttle bypass settings of replication
targets.
Syslog settings
The Rubrik cluster supports transmission of system activities to an external syslog server.
The Rubrik cluster uses the standard syslog protocol for formatting and transmission of system
notifications. By default, at the transport layer the Rubrik cluster sets the syslog standard protocol and
port (UDP/514). The transport layer protocol and port can be disabled, or can be configured to use custom
settings.
At the application layer, the syslog transmissions use the HTTP protocol.
When syslog support is enabled, the Rubrik cluster sends server messages to an external syslog server
according to how the facility or severity levels are configured. The facility level represents the machine
process that created the syslog event. For example, general system processes such as the kernel, a user,
mail, but there are also facilities for Rubrik specific logs. The severity level determines how severe the
message is displayed in syslogs. For example, critical, warning, or purely informational.
By default, Rubrik CDM sends all messages to the syslog. The Activity Log displays all the messages.
Configuration 05/25/2022 | 74
Note: The syslog message format conforms to RFC 5424.
Related Tasks
Viewing Activity Log messages
View recent messages of the Activity Log to see the 15 most recent activity messages.
Setting Description
IP or Hostname IPv4 address or resolvable hostname of the syslog server host.
Protocol Transport layer protocol to use for communication between a Rubrik
cluster and the syslog server host. Either TCP or UDP is used. To use
TLS encryption, TCP must be selected.
Port Port number for contacting the syslog server host.. The default syslog
server port is 514.
Facility The event reporting facility to send events from.
• Selecting All sends entries from all facilities.
• Selecting a specific facility sends entries only from the specified
facility.
Severity The event severity threshold to filter. Filters out all events that have a
lower severity than the specified level.
• Selecting All sends all the entries from the selected facility without
filtering based on severity.
• Selecting a specific severity sends entries only for the severity
level that is specified or is greater than what is specified.
TLS Enables TLS encryption of data transmitted from the Rubrik cluster to
the syslog server host. TLS encryption is available only when TCP is
selected as the transport layer protocol.
Context
Rubrik clusters manage interactions with syslog servers through the settings provided by syslog export
rules.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Notification Settings.
The Notifications page appears.
4. Click the Syslog tab.
5. Click Add Syslog Export Rule.
The Add Syslog Export Rule dialog box appears.
6. In IP or Hostname, type the IPv4 address or resolvable hostname of the syslog server host.
Configuration 05/25/2022 | 75
7. In Protocol, choose a transmission layer protocol.
• TCP
• UDP
8. In Port, type the incoming port on the syslog server host to use.
9. In Facility, select an event reporting facility to monitor.
10. In Severity, select a severity level to monitor.
The Rubrik cluster will only send events at the specified severity level or greater.
11. (TLS only) Click Enable TLS.
12. (TLS only) In Signed TLS Certificate, select the certificate from a list or type a name for the TLS
certificate.
The specified name must be unique among all syslog export rules on the Rubrik cluster.
13. Click Add.
Result
The Rubrik cluster validates the connection information provided by the syslog export rule. If the
connection is not valid, the Rubrik cluster does not add the rule. If the connection is valid, the Rubrik
cluster saves the syslog export rule and begins transmitting syslog messages based on the rule.
Note: This check does not guarantee the connection is valid for UDP connections because UDP
connections do not require acknowledgements. To validate a UDP connection, look for the test message or
requested logs on the syslog server.
Related reference
Syslog export rule settings
Rubrik clusters support the creation of syslog export rules based on various settings.
Configuration 05/25/2022 | 76
Rubrik clusters support the creation of syslog export rules based on various settings.
Use a facility level of RubrikEvent and a severity level of All to replicate the facility and severity
behavior from versions 5.0 and earlier. Upgraded versions of Rubrik CDM automatically use these values for
facility and severity levels for systems that had previously configured syslog.
Severity levels
Facility levels
Configuration 05/25/2022 | 77
Numerical code Facility Description
13 LogAudit Log audit
14 LogAlert Log alerts
15 Clock Clock daemon
16 RubrikEvent(local0) Rubrik user audits (all defined user event audits)
17 RubrikCLI(local1) rkcli logs (executed command and output logs)
18 RubrikSSH(local2) ssh command logs (contains all interactively
executed commands)
19 RubrikApp(local3) Rubrik scala application logs (for example, spray,
JFL, node monitor)
20 N/A (local4) local use 4 (unused)
21 N/A (local5) local use 5 (unused)
22 N/A (local6) local use 6 (unused)
23 N/A (local7) local use 7 (unused)
Support bundle
When it is not feasible for Rubrik Support to use the Support Tunnel to troubleshoot an issue on a Rubrik
cluster, the Rubrik cluster can create a bundle of Rubrik cluster and Rubrik node logs for download and
transfer.
Once a support bundle is created, it can be downloaded from the Rubrik CDM web UI and transferred
to Rubrik Support. The support bundle provides an alternative method for providing Rubrik Support with
troubleshooting information that does not require a network connection between Rubrik Support and the
Rubrik cluster.
The Rubrik cluster organizes a support bundle into a single file using tar and compresses the tar file using
gzip. The size of a support bundle will vary significantly depending on many factors, such as:
• Number of Rubrik nodes
• Data protection activity
• Number of logged alerts, warnings, and notifications
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Support Bundle.
The Support Bundle dialog box appears.
4. Click Prepare.
The Rubrik cluster starts creating the support bundle and a message appears in the Notifications area.
When the support bundle is ready, the ‘Prepared logs’ message appears in the Rubrik CDM web UI
Notifications area.
Configuration 05/25/2022 | 78
5. Click Prepared logs.
The message can be clicked in the Notifications area or on the Notifications page.
The Save As dialog box appears in the web browser.
6. Select a download location for the file and click Save.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
7. Contact Rubrik Support to arrange the method to use when transferring the support bundle.
Result
The Rubrik cluster creates the support bundle and sends it to Rubrik Support.
Related Concepts
Support
Use one of the following methods to contact Rubrik Support.
Related Tasks
Configuring Chrome to ask for download location
Use the Google Chrome web browser to access the Rubrik CDM web UI and download recovered files and
folders. Change the default setting of the Chrome web browser to permit specifying the local download
location.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Support Tunnel.
The Support Tunnel page appears.
Configuration 05/25/2022 | 79
4. Click Open Support Tunnel.
The Open Support Tunnel dialog box appears.
5. Enter a value, in hours, for the Timeout Window.
If no value is entered, the default value is 96 hours.
6. Click Open Tunnel.
Result
The Support Tunnel page reappears, showing all of the values for the current node.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Support Tunnel.
The Support Tunnel page appears.
4. Open the ellipsis menu next to the Port column and click Edit Timeout Window.
The Edit Timeout Window dialog box appears.
5. In Timeout Window, enter a new value, in hours.
6. Click Update.
Result
The Support Tunnel page reappears, showing the updated timeout value.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Support Tunnel.
The Support Tunnel page appears.
4. Click Close Support Tunnel.
A confirmation message appears.
5. Click Close Tunnel.
Result
The Support Tunnel page reappears, showing no values for the current node except for Node and a Tunnel
Status of Closed.
An alternate method for closing the tunnel is simply to allow the Timeout Window value to expire.
Configuration 05/25/2022 | 80
Chapter 2
VLAN tagging
VLAN tagging
Virtual Local Area Networks (VLAN) tagging is an optional feature that allows a Rubrik cluster to efficiently
switch network traffic using VLANs.
Each VLAN is partitioned and isolated at the data link layer. By applying VLAN tags to network packets the
network traffic of some applications on a physical network can be separated from the network traffic of
other applications on the same physical network.
In enterprise data centers, VLANs are typically used to segregate network traffic according to
organizational group, application type, or security policy. Segregating network traffic using VLANs can
optimize network throughput and promote data security.
Note: For equipment that has both 1GbE and 10GbE interfaces, use only the 10GbE interfaces for the
Data Network.
VLAN settings for the Management Network and the Data Network must be configured using the Rubrik
CLI. This can be done during system setup, as described in the Rubrik CDM Install and Upgrade Guide, or
by using the network re_ip tool after system setup, as described in Adding special network VLANs after
system setup.
When configuring VLAN settings for the Management Network and the Data Network after system setup,
take into consideration the following:
• All nodes must have an OK status.
• Changing an IP address, or multiple IP addresses, requires an automatic reboot of each affected node.
• Configuring the Management Network and the Data Network on two separate networks means that
network access must be available to both the 10GbE and the 1GbE interfaces.
Context
Do not use the network vlan add command to configure VLAN settings for the Management Network
or the Data Network. The Rubrik CDM Install and Upgrade Guide describes how to use the Rubrik CLI to
configure VLAN settings for the Management Network and the Data Network.
Procedure
1. Log in to the Rubrik cluster and check that all nodes have an OK status.
If any node in the Rubrik cluster does not have an OK status, make any corrections that are required
to return all nodes to an OK status before continuing this task.
2. On any node in the Rubrik cluster, open an SSH session.
ssh admin@node_ip
Result
The Rubrik cluster saves the new network configuration and reboots any nodes that have a changed IP
address.
Procedure
1. On any node in the Rubrik cluster, open an SSH session:
ssh admin@node_ip
Result
The Rubrik cluster saves the new network configuration. The Rubrik cluster routes all packets that are
tagged with the specified VLAN tag through the associated IP addresses.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Select Network Settings.
The Network Settings tab appears.
4. Click Interfaces.
The Interfaces tab appears.
5. Click Add VLAN.
The Add VLAN dialog box appears.
6. Enter the required information in the fields:
• VLAN ID
• VLAN Subnet Mask
• IP address of each node in the cluster
7. Click Add VLAN.
Result
The Rubrik cluster saves the new network configuration. The Rubrik cluster routes all packets that are
tagged with the specified VLAN tag through the associated IP addresses.
Procedure
1. On any node in the Rubrik cluster, open an SSH session:
ssh admin@node_ip
Result
The Rubrik CLI lists the VLAN tags that have been configured for the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Select Network Settings.
Result
The lower pane of the Network Settings page lists the VLANs that have been configured on the Rubrik
cluster.
Context
Do not use this method to remove the VLAN assigned to the Management Network or to the Data Network.
Use the network re_ip command to make those changes.
Before removing a VLAN, verify that the Rubrik cluster can be accessed on a network other than the one
being removed. Failure to do ensure alternate connectivity can result in the Rubrik cluster losing network
access when the VLAN is removed.
Procedure
1. On any node in the Rubrik cluster, open an SSH session.
ssh admin@node_ip
Result
The Rubrik cluster removes the specified VLAN. Network traffic with the specified VLAN tag is routed
through the native VLAN, if available. Otherwise, the traffic is not routed.
Context
Do not use this method to remove the VLAN assigned to the Management Network or to the Data Network.
Use the network re_ip utility to make those changes.
Before removing a VLAN, verify that the Rubrik cluster can be accessed on a network other than the one
being removed. Failure to do ensure alternate connectivity can result in the Rubrik cluster losing network
access when the VLAN is removed.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Select Network Settings.
The Network Settings tab appears.
4. Click Interfaces.
The Interfaces tab appears.
Result
The Rubrik cluster removes the specified VLAN. Network traffic with the specified VLAN tag is routed
through the native VLAN, if available. Otherwise, the traffic is not routed.
User accounts
Rubrik CDM provides role-based access control and several methods for authenticating a user account.
When Rubrik CDM is installed, the 'admin' user is created by default and cannot be modified or deleted.
New local users can be created on a Rubrik cluster and are associated with a set of roles that define the
actions a user can perform on the cluster.
In addition to local accounts, Rubrik supports multiple authentication methods for user accounts, including
single sign-on, multifactor authentication, and API tokens for automated API calls.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
Result
The Rubrik cluster can now use the TLS certificate using the service configuration.
Related tasks
Generating a CSR
A CSR authenticates a TLS certificate.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Certificate Management.
The Certificate Management page appears.
4. Click Editfrom the ellipses menu next to the certificate you want to edit.
The Edit Certificate dialog box appears.
5. Optional: In Display Name, change the name for the certificate.
6. Optional: In Description, change the description for the certificate.
7. Optional: In Certificate, edit the TLS certificate.
8. Optional: To edit Trusted SSL-TLS interception, turn on the Add to trust store toggle.
If you turn on the Add to trust store toggle, the Trust Option dialog box appears.
9. Optional: In the Trust Option dialog box, click OK.
10. Click Save.
The Rubrik cluster saves the edits to the TLS certificate.
Result
The Rubrik cluster uses the edited TLS certificate.
Related concepts
TLS certificate management
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Certificate Management.
The Certificate Management page appears.
4. Click Deletefrom the ellipses menu next to the certificate you want to delete.
The Delete Certificate dialog box appears.
5. Click Delete.
Result
Rubrik cluster deletes the TLS certificate.
Related concepts
TLS certificate management
Rubrik clusters provide a management workflow for TLS certificates as required by several different
authentication components.
Prerequisites
Add certificates to the Rubrik cluster using the steps described in Importing a TLS certificate.
Procedure
1. Select Cluster Settings from the gear icon.
The Cluster page appears with the Cluster Settings tab selected.
2. Click the X next to the certificate name under the Web Server Certificate heading to remove the
current certificate.
3. Select the new certificate from the list.
4. Click Update.
Result
The Rubrik cluster uses the new TLS certificate.
Related concepts
TLS certificate management
Rubrik clusters provide a management workflow for TLS certificates as required by several different
authentication components.
Related tasks
Generating a CSR
A CSR authenticates a TLS certificate.
Configuring an RSA Authentication Manager connection
Generating a CSR
A CSR authenticates a TLS certificate.
Context
Generating a Certificate signing Request (CSR) is the first step for importing a Transport Layer Security
(TLS) certificate with a private key that is managed by the Rubrik cluster. Once a CSR is generated, use
this CSR with the certificate authority (CA) to generate a TLS certificate. Specify the certificate type as CSR
to import this certificate into the Rubrik cluster.
After the CSR signing is complete, the signed certificate must be imported and configured.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Certificate Management.
The Certificate Management page appears with the Certificates tab selected.
4. Click the CSRs tab.
The Certificate Management page changes to the Certificate Signing Request tab.
5. In the top right, click Generate CSR.
The Generate Certificate Signing Request dialog box appears.
6. Fill out the fields and click Generate.
The CSR appears.
7. Click Download.
The web browser saves the CSR to local storage as a text file.
Result
The downloaded or copied CSR can now be signed by a CA. Once the CSR has been signed, it can be
imported for use in the Rubrik cluster.
Related tasks
Importing a TLS certificate
Import a TLS certificate to the Rubrik cluster to use the certificate with authentication workflows that
support TLS certificates.
Authentication
The Rubrik cluster authenticates all login attempts.
Rubrik cluster authentication verifies that the user account is known to the Rubrik cluster and that the
provided account name and password match an authorized account. After authentication, the Rubrik
cluster uses the privileges granted by the roles assigned to the account to authorize actions during the
session.
Several authentication mechanisms use Transport Layer Security (TLS) certificates to secure the user
session. Users can import TLS certificates to the Rubrik cluster for use by the authentication mechanisms
that support TLS certificate use.
Role Description
Infrastructure Administrator Access to all Rubrik operations, except for backup and restore, on all
objects. Choose additional permissions to manage objects.
Infrastructure Administrators have view-only access to the tenant
organizations to which they have been granted access. Therefore,
Organization Administrators cannot create an Infrastructure
Administrator role.
Custom Choose the permissions and access to objects required for the
specific job function.
For example, create a view-only role with access to specific objects
and disable all privileges.
Organization Administrator Choose the permissions required for the specific job function.
No Access User accounts that are not assigned any roles or user accounts that
are assigned roles which do not provide access to any resources
cannot log in to the Rubrik cluster. Assign roles that permit the user
account to access the Rubrik CDM web UI.
The resources in a Rubrik cluster can be partitioned into independently managed collections known as
Tenant Organizations. Users in tenant organizations have privilege levels that are managed by users with
the Organization admin role.
Related tasks
Adding a custom role
Create a custom role and add privileges to access resources and to perform administrative tasks.
Adding an Infrastructure Admin role
Create an Infrastructure Admin role and assign privileges to this role.
Modifying an existing tenant organization
Inheritance of privileges
Privileges for an object can be inherited from the privilege assigned for a parent object. Privileges for an
object can also be inherited through membership in an LDAP group.
A privileged object can contain other objects. For example, a virtual environment cluster contains virtual
machines. Assigning the privilege for an object also assigns privileges for all objects contained within the
assigned object.
A user that is a member of an LDAP group adds the group’s privileges to the privileges held by the user
individually. A user that does not have a particular object specifically assigned to that user gains privileges
on that object if the user is a member of an LDAP group to which that object is assigned.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Select the gear icon.
3. Select Users from the Access Management category.
The User Management page appears with the Users and Groups tab selected.
4. Click Roles.
5. Click Add Role.
6. Select Custom Role and click Next.
The Add Custom Role dialog box appears.
7. Provide a Role Name.
Optionally, in Description, provide a description to help identify this role.
8. Click Next.
The Protectable Objects screen appears.
9. Select the objects to protect.
Users with this role have backup and recovery access for each selected object. Selecting the required
Windows and Linux hosts provides access to the SLA Managed Volumes tab of the Rubrik CDM web
UI.
10. Click Next.
The Other Resources screen appears.
11. Choose SLA Domains and reports.
Users with this role can assign the chosen SLA Domain and view the selected reports. Users with this
role must have access to the selected SLA Domains.
12. Click Next.
The Privileges screen appears.
13. Select privileges.
Users with this role will have the selected privileges for all of the selected objects of this role. Users
with this role must have permission to perform the actions listed in the Protection column.
14. Click Next.
The Summary screen appears and provides parameters of the role.
15. Click Finish.
Linux and Unix Hosts • Select all current and future Linux and Unix hosts
• Linux and Unix Hosts
• Target Linux and Unix Hosts
SQL Server DBs • Select all current and future SQL Server DBs
• DBs
• Failover Clusters
SLA Domains The SLA Domain that users with this role can assign to data sources.
Reports The reports that users with this role can view.
Set data sources to Do Halt future snapshots for a selected data source and assign a retention policy
Not Protect for existing snapshots.
Snapshots inherit protection from the next higher object.
Set data sources to Ability to assign objects and their contents to the SLA Domain of the next
derive protection higher level object.
Allows the role to take Take an on-demand snapshot for the selected data source.
on-demand snapshots
Recovery
Download files Data download only from assigned object types.
Export files Write data from backups to the source location, overwriting existing data. This
only applies to objects assigned to the role and only when the role has the
‘Restore files and snapshots over original’ privilege.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon and, in the Access Management section, select Users.
The User Management page appears with the Users and Groups tab selected.
3. Click Role.
The Roles page appears.
4. Click Add Role.
The Add Role screen appears.
5. Select Infrastructure Admin and click Next.
6. Type a Name.
Optionally, in Description, provide a description to help identify this role.
7. In Privileges, select privileges for the role.
Users assigned this role will have each of the selected privileges.
Multiple privileges can be selected.
8. Click Add.
Result
The role is created and can be assigned to user accounts.
Related reference
Infrastructure Admin Privileges
Privilege Description
Data Source Management Manage add, remove, and register data sources.
Enables managing data sources under the Application Configuration
section of the gear menu.
System Configuration Perform system setting operations from the gear menu.
Enables settings under the System Configuration section of the gear
menu.
Network Configuration Configure network and notifications tasks from the gear menu.
Enables settings under the Network Settings section of the gear menu.
Assigning roles
Assign roles to existing user accounts.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
5. Click Assign Roles.
The Assign Roles dialog box appears.
6. In Directory, choose a directory service type.
Option Description
local or LDAP Directory a. Use the Search by Name to search for user
names.
Result
The selected user account is assigned the chosen roles.
Global search
Users with the Administrator role can search across all objects, files, and folders that the Rubrik cluster has
indexed.
Search results are restricted based on the privileges associated with the role of the user. Users who log in
with the Administrator role can search across all objects, using the search bar at the top of the Rubrik CDM
web UI. Users who log in with another role can perform object-level searches, but the results are limited to
the objects for which they have viewing privileges.
Only the Administrator role has the necessary privileges to search for files or folders. When a user logs in
with the Administrator role, the left side of the global search bar appears and offers two search levels:
• Search by Object
• Search by File/Folder
Note: The left side of the global search bar does not appear for users who log in with any other role,
including an organization administrator role.
For a file-level or folder-level search, select Search by File/Folder. In the Search by Name or
Location field, enter the search term or pattern, including wildcards as necessary to expand the scope of
the search.
Each search can return up to 100 results at a time, although a typical search pattern produces fewer
results. If more than 100 results match the search criteria, the results are randomized each time the
search is performed.
Procedure
1. Log in to the Rubrik CDM web UI as an admin user or a user with the Administrator role.
2. Click the gear icon.
3. Click Users.
Result
The Users and Groups page appears where you can view the authentication and authorization information
for accounts.
Local authentication
Local authentication methods control access to local accounts on the Rubrik cluster.
For local authentication, the Rubrik cluster stores each local user’s username in a database. The Rubrik
cluster uses that information along with the user’s password to authenticate a login. By default, the Rubrik
cluster requires passwords to be of at least eight characters. Rubrik clusters do not support passwords
longer than 1000 characters.
For local user accounts, a more stringent password strength checker is available, which is based on the
zxcvbn algorithm.
Related concepts
Strong passwords
If a Rubrik cluster has the zxcvbn password strength checker enabled, passwords for local users will be
checked against the zxcvbn criteria for a strong password.
Strong passwords
If a Rubrik cluster has the zxcvbn password strength checker enabled, passwords for local users will be
checked against the zxcvbn criteria for a strong password.
The zxcvbn algorithm estimates the strength of a password by measuring its entropy. Entropy is a measure
of randomness and unpredictability that indicates how difficult it is to guess a particular password.
Recognizable character patterns have low entropy and require very little computing power to guess.
The entropy calculated for the entire password is the sum of the entropies for each segment plus the
configuration entropy. Configuration entropy refers to the additional entropy introduced by the number of
password segments and the way they are arranged.
Note: Passwords that would be considered strong by a traditional Lowercase Uppercase Digit Symbol
(LUDS) strength estimator might be rejected as too weak by zxcvbn.
Password requirements
Configure password requirements for local user accounts.
A Rubrik cluster administrator can set the requirements for all local user account passwords at the global
level. The password requirements apply to all local accounts, including organization level accounts. When
an administrator adds or edits a local user account, the password requirements are displayed next to the
Password field.
If a password does not meet the requirements, or is too easy to guess, a message appears that describes
any unmet requirements. The account cannot be created or edited until the password requirements are
met.
A password cannot have more than 1,000 characters. The following table describes the available
requirements for local user account passwords.
Context
Change the password requirements for all new and edited local user accounts.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Users.
The Users page appears with the Users and Groups tab selected.
4. Open the ellipsis menu in the upper-right of the page and select Password Requirements.
The Password Requirements dialog box appears.
5. (Optional) Change the minimum character requirements.
Password requirements describes the available minimum character requirements.
6. (Optional) Select ZXCVBN.
The zxcvbn password strength checker replaces the evaluation of minimum characters for the
determination of password validity.
Result
The Rubrik cluster saves the new password requirements and enforces the requirements for all new and
edited local user accounts.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears with the Users and Groups tab selected.
4. Click Add Local User.
The Add Local User dialog box appears.
5. In Username, type a user name.
6. In Email Address, type a valid email address.
The Rubrik cluster uses the email address for notifications and alerts.
7. In Password, type a password for the new user account.
The password strength is checked by the current password strength checker.
8. In Re-enter Password, type the same password.
9. Optional: In Roles, assign roles to the user account.
10. Optional: Configure the RSA SecurID server.
11. (If using RSA SecurID) Click Enable RSA SecurID to enable multifactor authentication using an RSA
SecurID server.
12. (If using RSA SecurID) Select an RSA SecurID server from the menu.
13. Click Add.
Result
The Rubrik cluster adds the new local user account.
Next task
Assign roles to the user accounts. The role should grant at least one privilege to access the Rubrik CDM
web UI.
Related concepts
Strong passwords
If a Rubrik cluster has the zxcvbn password strength checker enabled, passwords for local users will be
checked against the zxcvbn criteria for a strong password.
Multifactor authentication with RSA SecurID
The Rubrik cluster can integrate with two types of RSA SecurID integration servers by using REST API
calls: RSA Authentication Manager (on-premises) and RSA Authentication Server (cloud).
Related tasks
Assigning roles
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
5. Scroll the page or use the search field to locate a user account entry.
6. Open the ellipsis menu next to the user account entry and select Edit.
The Edit Local User dialog box appears.
7. Optional: In Email Address, change the email address.
8. Optional: In Update Password, type a new password.
9. (When password is changed) In Re-Enter Password, type the new password again.
10. Optional: In Roles, assign roles to the user account.
11. Optional: Change the setting for Enable RSA SecurID.
12. Click Update.
Result
The Rubrik cluster stores the updated information and applies any change to the authorization level of the
account.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
The list of user accounts appears.
5. For the user account click the ellipsis and click Edit.
The Edit User dialog box appears.
6. Revoke a role by clicking the x next to the listed role.
More than one role can be revoked.
7. Click Update.
Result
The Rubrik cluster removes the selected roles from the specified user account.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
5. Scroll the page or use the search field to locate a local user.
6. Open the ellipsis menu next to the local user account entry.
7. Select Delete.
The Delete User confirmation appears.
8. Click Delete.
Result
The Rubrik cluster removes Rubrik cluster authorization for the selected user account and deletes the
account.
Important: While the user account lockout feature is a valuable tool to help prevent brute force account
intrusions, malicious persons can use it to lock an account and prevent a legitimate login by the user who
owns the account. Managing and monitoring IP address access to the Rubrik cluster can help mitigate this
issue.
Context
A global administrator, or an organization administrator for the organization of the account, can unlock a
locked local user account.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the web UI.
The gear menu appears.
3. Click Users.
The Users page appears with the Users and Groups tab selected.
4. Find the locked local user account and open the ellipsis menu for that entry.
5. Click Unlock Account.
Result
The Rubrik cluster resets the count of failed logins to zero and unlocks the account.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
Result
Subsequent logins to this account use Rubrik Two-step Verification after the user configures a source for
time-based one-time passwords.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Select the LDAP Servers tab.
5. Scroll the page or use the search field to locate an LDAP server entry.
6. Open the ellipsis menu next to the LDAP server entry and select Edit.
The Edit LDAP Server wizard appears.
7. Type the password for the domain name or username and click Next.
The wizard advances to the next step.
8. Click Next.
The wizard advances to the next step.
9. Turn on the Enable MFA Addons toggle.
The multifactor authentication option drop-down menu appears.
10. From the Select Option drop-down menu, select Two-Step Verification.
11. Click Update.
Result
Subsequent logins to a user account in this LDAP domain use Rubrik Two-step Verification after the user
configures a source for time-based one-time passwords.
Prerequisites
Install an app that provides time-based one-time passwords (TOTP). Rubrik Two-step Verification supports
apps from Microsoft, Google, and Okta.
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the silhouette drop-down, select Two-Step Verification Configuration.
Result
Subsequent logins to this account require a valid TOTP.
Prerequisites
Confirm that the account already has TOTP enabled.
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the silhouette drop-down, select Two-Step Verification Configuration.
The Two-Factor Authentication dialog appears.
3. Click Change Device.
The Two-Factor Authentication wizard appears.
4. Click Next.
The 2FA Quick Response (QR) code appears.
5. Launch the 2FA app and set up a new authentication service.
The device launches the camera software.
6. Focus the device camera on the QR code.
The 2FA app displays a TOTP.
7. In One Time Password, type the TOTP.
8. Click Submit.
Result
The new device is now the TOTP source for the account.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
LDAP authentication
The Rubrik cluster uses LDAP to authenticate users who log in through the Rubrik CDM web UI welcome
screen.
The Rubrik cluster connects to one or more Lightweight Directory Access Protocol (LDAP) servers through
a service or bind account with read access. This account enables the Rubrik cluster to search information
about the user, such as email address and group membership. A base distinguished name (DN) will narrow
the search to a specific location within the LDAP directory tree. Search filters will identify specific groups or
users to further narrow the search.
The Rubrik CDM web UI requests LDAP server information in three stages:
• Credentials – Establishes the starting point of an LDAP directory search for a user who is trying to log in
to the Rubrik cluster.
• Servers, User and Group Settings – Servers require a list of one or more LDAP servers to search, and
user settings specify how Rubrik determines who is a user, and what attributes to use when mapping
users to the respective LDAP directory.
• Multifactor Authentication – Adds one or more factors to the basic authentication process, which
prevents unauthorized users from accessing the Rubrik cluster.
The Rubrik cluster uses the user management system to control authorization for authenticated users.
Related concepts
LDAP credentials
LDAP credentials establish the starting point of an LDAP directory search for a user who is trying to log in
to the Rubrik cluster.
LDAP servers
The Rubrik cluster requires a list of one or more LDAP servers for connection security.
Related tasks
Enabling multifactor authentication
LDAP credentials
LDAP credentials establish the starting point of an LDAP directory search for a user who is trying to log in
to the Rubrik cluster.
The Rubrik cluster uses the parameters shown in the following table to search for information about
an authenticated user in the Lightweight Directory Access Protocol (LDAP) directory structure and to
authenticate a user. The LDAP or Active Directory administrator can suggest the actual values to use.
Parameter Description
Name used by the Rubrik cluster when referring to this LDAP integration. Users can
Domain or enter this name for the Domain when logging in on the welcome screen. Domain
Domain Display Display Name can be an alias for the domain that is easier to remember than the full
Name domain name.
This information is no case sensitive.
Base DN Indicates where to begin searching within the LDAP tree. If not specified, the Rubrik
cluster will begin searching at the root (defaultNamingContext).
Bind DN or User with read privileges that can be used to search the LDAP directory to obtain
Username information such as group membership.
Password Password for the account entered as the Bind DN or Username.
CA Certificates A .PEM format X.509 certificate is used either to validate an explicitly chosen TLS-
capable LDAP server, or when the LDAP server offers support for StartTLS.
The Rubrik cluster supports multiple LDAP domains; however, when a user provides a Domain or Domain
Display Name in the login screen, only that domain is searched for the user’s credentials.
The Rubrik cluster uses the LDAP information for authentication on the local Rubrik cluster only. To enable
LDAP authentication on another Rubrik cluster, log in to that Rubrik cluster and provide the required
information.
When an LDAP server cannot be reached, the Rubrik cluster rejects logins that authenticate against that
server. Until an LDAP server becomes available, the Users and Groups page will not show authorization for
any LDAP users or groups associated with that server.
Note: Unlike the Rubrik web UI, the Rubrik REST API does not authenticate using the Domain Display
Name value. For LDAP authentication through the Rubrik REST API, the server searches through all LDAP
users in the Organization.
LDAP servers
The Rubrik cluster requires a list of one or more LDAP servers for connection security.
Lightweight Directory Access Protocol (LDAP) servers can be specified in two ways:
Note: If the field is empty, the Rubrik cluster is forced to connect using only the dynamic DNS name.
Prerequisites
For each LDAP server domain, obtain the domain name along with the user name and password of an
account with read privileges for that domain. If the LDAP server requires a Transport Layer Security (TLS)
certificate, import the TLS certificate using the procedure detailed in Importing a TLS certificate.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
4. Select the LDAP Servers tab.
The LDAP server page appears.
5. Click Add LDAP Server.
The Add LDAP Server dialog box appears, with the Credentials step highlighted.
6. In Domain or Domain Display Name, type the domain name associated with the set of LDAP
users.
7. Optional: In Base DN, specify a DN where the Rubrik cluster should begin searching from within the
LDAP directory tree structure.
If this field is left blank, the Rubrik cluster begins searching at the root of the directory tree.
8. In Bind DN or Username, enter the credentials for a user with read privileges.
9. In Password, type the password for the account entered in the previous step.
10. (If the LDAP server requires a TLS certificate) Select a TLS certificate.
11. Click Next.
Result
The Servers, Users & Group Settings step is highlighted.
Procedure
1. Click the Servers tab.
The Servers dialog box opens.
Result
The Multifactor Authentication step is highlighted.
Context
Lightweight Directory Access Protocol (LDAP) is configured per directory as part of the LDAP directory
configuration. Enforce LDAP globally by enabling Time-based One-time Password (TOTP) globally, which
applies to all LDAP and local users.
Procedure
1. (If at least one RSA SecurID server has been configured) Select the RSA SecurID server to use for
multifactor authentication.
2. Click Add.
Result
The LDAP users are configured for multifactor authentication.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users and Groups page appears.
4. Select the LDAP Servers tab.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users and Groups page appears.
4. Select the LDAP Servers tab.
5. Open the ellipsis menu for a listed LDAP display name.
6. Select Delete.
A warning dialog box appears.
7. Click Delete.
Result
The Rubrik cluster no longer uses the LDAP cluster to authenticate users. Users that authenticate from the
removed server are no longer able to log in.
Context
Removing a group account removes the group-level access of the users in the group but does not change
existing user account level access, if any.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Scroll the page or use the search field to locate a user account or group account.
5. Open the ellipsis menu next to the user account or group account entry and select Assign Roles.
The Assign Roles dialog box appears.
6. Clear all roles.
7. Click Finish.
Single Sign-on
Rubrik CDM supports single sign-on using the Security Assertion Markup Language 2.0 standard.
Single sign-on (SSO) allows users to log in to Rubrik CDM using credentials associated with an identity
provider (IdP). The Security Assertion Markup Language (SAML) 2.0 standard uses metadata files to
exchange information between an IdP and a Service Provider (SP), such as Rubrik CDM. The information
in these files establishes a trust relationship between the two entities. The files also specify where
authentication requests and responses should be sent, along with formatting details.
Rubrik CDM can be integrated with any SAML 2.0-enabled IdP that supports either SP-initiated SSO or IdP-
initiated SSO.
Note: When performing these tasks, keep two tabs open: one for the Rubrik CDM web UI and one for the
IdP UI.
Context
The identity provider metadata file contains information that Rubrik CDM needs in order to send and
receive SAML assertions.
Procedure
1. In a web browser, type https://adfs_host/FederationMetadata/2007-06/
FederationMetadata.xml, where adfs_host is the DNS hostname or IP address for the ADFS
Server.
2. Proceed to the ADFS Server address.
Result
The web browser downloads the FederationMetadata.xml file to the default download location.
Next task
Configure single sign-on in Rubrik CDM, as described in Configuring single sign-on in Rubrik CDM.
Procedure
1. Log in to the Rubrik CDM web UI as a user with the Administrator role, or any role that has permission
to view and manage security settings.
2. Click the gear icon and select Users.
The Users and Groups page appears.
3. Select the Identity Providers tab.
4. Click Add Identity Provider.
The Add identity provider dialog box appears.
5. In the Configure Single Sign-on section, in Identity Provider Name, type a name.
The identity provider name is the name that will appear in the Directory column of the Users and
Groups page.
6. Click the download icon to the right of the Identity Provider Metadata field.
7. Select the appropriate metadata file from the Downloads folder and click Open.
8. In Configure Identity Provider Service, enter the Service Provider host address.
Result
The identity providers tab in Rubrik CDM web UI displays information from the uploaded ADFS metadata
file. The web browser downloads the Rubrik metadata file.
Next task
Upload the Rubrik metadata file to the ADFS management console and add Rubrik as a relying party trust,
as described in Adding Rubrik as a Relying Party Trust.
Context
The ADFS Add Relying Party Trust Wizard requires certain information in order to add Rubrik to its list of
Relying Party Trusts. Some information is provided through the Rubrik metadata file, and some information
is entered manually.
Procedure
1. On the Windows Server running ADFS, open the ADFS management console.
2. In the left pane, open the Trust Relationships folder and select Relying Party Trusts.
The center pane displays the following Relying Party Trust information for each configured Service
Provider:
• Display Name
• Enabled status (yes or no)
• Identifier (the Service Provider entity ID)
3. In the Actions window on the right, under Relying Party Trusts, select Add Relying Party
Trust....
The Welcome pane of the Add Relying Party Trust Wizard appears.
4. Click Start.
The Select Data Source pane appears.
5. Select Import data about the relying party from a file, then click Browse to find and select the
Rubrik_Metadata.xml file.
6. Click Next.
The Specify Display Name pane appears.
7. Type the display name and click Next.
The display name identifies the name of the relying party trust in the Relying Party Trusts display.
Result
The ADFS management console lists Rubrik in the Relying Party Trusts display.
Next task
Add custom claim rules, beginning with the nameId rule, as described in Adding a nameId claim rule.
Prerequisites
Complete the steps in the Add Relying Party Trust Wizard, as described in Adding Rubrik as a Relying Party
Trust.
Context
ADFS offers a set of templates for configuring claims. Use the Send Claims Using a Custom Rule
template to set up a custom nameId rule.
Procedure
1. In the Edit Claim Rules dialog box, with the Issuance Transform Rules tab selected, click Add
Rule.
The Select Rule Template pane appears.
2. From the Claim rule template menu, click Send Claims Using a Custom Rule and click Next.
The Configure Rule pane appears.
3. In Claim rule name, type a name for the nameId claim rule.
For example, type nameId.
4. In Custom rule, type the custom rule for nameId.
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/
windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active
Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/
claims/nameidentifier"), query = ";sAMAccountName;{0}", param = c.Value);
5. Click Finish.
The Edit Claim Rules dialog box appears, with the Issuance Transform Rules tab selected.
Result
The nameId custom claim rule is configured.
Next task
Add an email custom claim rule, as described in Adding an email claim rule.
Prerequisites
Add a custom claim rule for the nameId attribute, as described in Adding a nameId claim rule.
Context
ADFS offers a set of templates for configuring claims. Use the Send Claims Using a Custom Rule
template to set up a custom email rule.
Procedure
1. In the Edit Claim Rules dialog box, with the Issuance Transform Rules tab selected, click Add
Rule.
The Select Rule Template pane appears.
2. From the Claim rule template menu, click Send Claims Using a Custom Rule and click Next.
The Configure Rule pane appears.
3. In Claim rule name, type a name for the email claim rule.
For example, type email.
4. In Custom rule, type the custom rule for email.
The custom rule for email claims is:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/
windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active
Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/
claims/emailaddress"), query = ";mail;{0}", param = c.Value);
5. Click Finish.
The Edit Claim Rules dialog box appears, with the Issuance Transform Rules tab selected.
Result
The email custom claim rule is configured.
Next task
Add a group custom claim rule.
• If groups cannot be filtered based on a naming convention, add a custom claim rule that sends all
group claims, as described in Adding a group claim rule for all groups.
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/
windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active
Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query =
";tokenGroups;{0}", param = c.Value);
This claim rule transforms the incoming ADFS group claims into the format requested in the SAML request,
and issues the resulting group claims in the SAML response.
The second scenario requires two custom group claim rules:
• The first claim rule adds all group claims, but does not issue them in the outgoing token. Instead, the
output of this rule is a new incoming claim, which is used as an input for the second claim rule.
• The second claim rule applies a filter to the group claims in the incoming claim. The filter allows only
group claims that start with certain characters to be sent as outgoing claims.
Note: The claims rule engine processes each claim rule in the order listed in the Edit Claim Rules dialog
box. Since the second claim rule depends on the first, the claim rules must be listed in the correct order.
The following example shows the pair of claim rules to use for groups with names that start with "rubrik".
1. The "all-groups" rule, modified by replacing issue with add:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/
windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active
Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query =
";tokenGroups;{0}", param = c.Value);
2. The "group-filter" rule, which uses "^rubrik" as the regular expression:
The regular expression can be adapted to any group naming convention. For example, if the names of all
user groups start with "prod", change the regular expression to "^prod".
Prerequisites
Context
The all-groups rule is used when group names do not follow a pattern. As a result, claim rules cannot
make use of a pattern-match filter before the group claims are sent to Rubrik CDM. If group names follow
a pattern, skip this task and follow the instructions in Adding a group filter claim rule instead.
Procedure
1. In the Edit Claim Rules dialog box, with the Issuance Transform Rules tab selected, click Add
Rule.
The Select Rule Template pane appears.
2. From the Claim rule template menu, click Send Claims Using a Custom Rule and click Next.
The Configure Rule pane appears.
3. In Claim rule name, type a name for the group claim rule.
For example, type all-groups.
4. In Custom rule, type the custom rule for all-groups.
The custom rule is:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/
windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active
Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query =
";tokenGroups;{0}", param = c.Value);
5. Click Finish.
The Edit Claim Rules dialog box appears, with the Issuance Transform Rules tab selected.
6. Click OK.
The Edit Claim Rules dialog box disappears.
Result
The custom claim rules are configured.
Next task
Verify that all ADFS Service Provider settings are correct, as described in Verifying ADFS Service Provider
settings.
Prerequisites
Create a custom email claim rule, as described in Adding an email claim rule. Learn how to set up group
claim rules for different scenarios by reading Group claim rules.
Context
Use the Send Claims Using a Custom Rule template to add two custom rules. The output of the first
rule is a list of all group claims. The second rule filters the list of all group claims so that only groups with a
certain prefix are included in the SAML response.
Procedure
1. In the Edit Claim Rules dialog box, with the Issuance Transform Rules tab selected, click Add
Rule.
The Select Rule Template pane appears.
2. From the Claim rule template menu, click Send Claims Using a Custom Rule and click Next.
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/
windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active
Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query =
";tokenGroups;{0}", param = c.Value);
5. Click Finish.
The Edit Claim Rules dialog box appears, with the Issuance Transform Rules tab selected.
6. Click Add Rule.
The Select Rule Template pane appears.
7. From the Claim rule template menu, click Send Claims Using a Custom Rule and click Next.
The Configure Rule pane appears.
8. In Claim rule name, type a name for the custom filter rule.
For example, type rubrik-groups for a rule that only sends group claims for groups that begin with
"rubrik".
9. In Custom rule, type the custom rule for rubrik-groups.
The custom rule for rubrik-groups is:
Result
The custom group filter claim rules are configured.
Next task
Verify that all ADFS Service Provider settings are correct, as described in Verifying ADFS Service Provider
settings.
Prerequisites
Add the appropriate group claim rules, as described in Adding a group claim rule for all groups and Adding
a group filter claim rule.
Procedure
1. In the Display Name column, right-click the relying party trust and select Properties.
The Properties page appears.
2. Select Advanced.
3. From the Secure hash algorithm menu, select SHA-256.
Result
ADFS has the correct Service Provider settings.
Next task
In the Rubrik CDM web UI, test the SSO connection, as described in Testing the SSO connection.
Procedure
1. Log in to the Rubrik CDM web UI as a user with the Administrator role.
2. On the top bar of the Rubrik CDM web UI, click the gear icon and select Users.
The Users and Groups page appears.
3. Select Identity Providers.
The identity providers page appears.
4. Open the ellipsis menu for the newly added identity provider and select Test.
The Rubrik cluster redirects to the Sign-in screen for the Identity Provider.
5. Type the user name and password for the registered account on the identity provider's system and
click Sign In.
6. Proceed to the Rubrik cluster’s host address.
The Rubrik CDM web UI appears with a message that the SSO test was successful.
Result
The test establishes that users can sign in to the Rubrik cluster using single sign-on.
Next task
Authorize SSO users, as described in Assigning roles to SSO users. Authorize SSO groups, as described in
Assigning roles to SSO groups.
Procedure
1. Log in to the Rubrik CDM web UI as a user with the Administrator role.
2. Click the gear icon and select Users.
The user management page appears with the Users and Groups tab selected.
3. Click Assign Roles.
The Assign Roles wizard opens at the Select Users/Groups step.
4. From the Directory menu, choose the Identity Provider.
Result
The Rubrik cluster updates the Users and Groups tab with the user names and their role assignment.
Context
This task assigns roles to SSO groups managed by an identity provider (IdP).
Procedure
1. Log in to the Rubrik CDM web UI as a user with the Administrator role.
2. From the gear settings menu, select Users.
The user management page appears with the Users and Groups tab selected.
3. Click Assign Roles.
4. Click the Directory menu and select the newly added identity provider name.
5. Click the User/Group menu and select Group.
6. In Groupname, type the group name and click Continue.
The Assign Roles dialog box appears.
7. Select a set of roles and click Finish.
A message confirms that authorization was updated for the selected group.
Result
The Rubrik cluster adds the new group and role to the Users and Groups tab.
Procedure
1. Log in to the Rubrik CDM web UI as a user with the Administrator role, or any role that has permission
to view and manage security settings.
2. Click the gear icon and select Users.
The Users and Groups page appears.
3. Select the Identity Providers tab.
4. Click Add Identity Provider.
The Add Identity Provider dialog box appears.
5. In the Configure Single Sign-on section, in Identity Provider Name, type a name.
The identity provider name is the name that will appear in the Directory column of the Users and
Groups page.
6. In Configure Identity Provider Service, enter the Service Provider host address.
The Service Provider host address can be a floating IP address or a static address, as explained in
Service Provider host address.
The Download Rubrik Metadata link becomes active.
7. Click Download Rubrik Metadata.
Result
The Rubrik cluster generates the metadata file and the web browser downloads it to the default download
location.
Next task
Prepare the encryption certificate for uploading to Okta, as described in Preparing the encryption certificate
for uploading to Okta.
Context
Edit the certificate and store it in a file to prepare the encryption certificate for uploading to the identity
provider.
Procedure
1. From the Downloads folder, open the Rubrik-Metadata.xml file.
2. Find the X.509 certificate used for encryption.
The path is: /EntityDescriptor/SPSSODescriptor/KeyDescriptor use=”encryption”/
KeyInfo/X509Data/@X509Certificate
3. Copy the encryption certificate from the metadata file, without formatting, and paste it into a plain
text editor.
4. Add the statement ––-–-BEGIN CERTIFICATE----- at the beginning of the file and the statement
–––--END CERTIFICATE----- at the end of the file.
5. Save the file and assign a file name, such as enc_cert.pem.
Result
The encryption certificate is ready to upload to Okta.
Next task
In the Okta Admin portal, add Rubrik as an application integration, as described in Adding Rubrik as an
application integration.
Prerequisites
Create a file for the encryption certificate, as described in Preparing the encryption certificate for uploading
to Okta.
Procedure
1. Log in to the Okta web UI as a user with Administrator privileges.
2. Click Admin to go to the administrator portal.
3. On the top menu, next to the gear icon, click Classic UI.
4. Click Applications and select Applications from the menu.
5. Click Add Application.
The Add Application menu appears.
6. Click Create New App.
The Create a New Application Integration page appears.
7. From the Platform menu, select Web.
8. From the Sign-on method menu, select SAML 2.0.
9. Click Create.
The Create SAML Integration page appears.
10. In the General Settings section, enter a name in App name.
11. Click Next.
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/claims/Group
25. In Filter, select Matches regex and type a regular expression to use for the filter.
Regular expression Description
.* This filter allows all groups to be included in the
outgoing claims.
^rubrik This filter only allows groups whose names start
with rubrik to be included in the outgoing claims.
The regular expression can be changed to fit
other naming conventions.
26. Click Next.
The Feedback page appears.
27. Answer the question Are you a customer or a partner?
28. Click I'm an Okta customer adding an internal app.
29. Click Finish.
Result
Okta adds Rubrik as an application integration in the Okta Admin portal.
Next task
Download the Okta metadata file, as described in Downloading the Okta metadata file.
Procedure
1. Log in to the Okta web UI as a user with Administrator privileges.
2. Click Admin to go to the administrator portal.
3. On the top menu, next to the gear icon, click Classic UI.
4. Click Applications and select Applications from the menu.
5. Select the Rubrik CDM application.
The application page for the Rubrik CDM application appears.
6. Click the Sign On tab.
In the SAML 2.0 section of the Settings page, a message indicates that “Identity Provider metadata is
available if this application supports dynamic configuration.”
7. Click Identity Provider metadata to download the Okta metadata file.
Result
The browser downloads the metadata file to the default downloads location.
Next task
Upload the Okta metadata file to add Okta as an identity provider, as described in Adding Okta as an
identity provider.
Prerequisites
• Generate the Rubrik metadata file, as described in Downloading the Rubrik metadata file.
• In the Okta Admin portal, add Rubrik as a SAML 2.0 application integration, as described in Adding
Rubrik as an application integration.
Context
These steps are performed in the Rubrik CDM web UI after downloading the Rubrik metadata file. The
Rubrik CDM web UI tab should still be open, with the Add Identity Provider dialog box displayed.
Procedure
1. In the Add Identity Provider dialog box of the Rubrik CDM web UI, click the download icon to the
right of the Identity Provider Metadata field.
2. Select the Okta metadata file from the Downloads folder and click Open.
3. Click Add.
Result
The Identity Providers page displays the following information, extracted from the Okta metadata file:
• Entity ID
• Sign in URL
• Expiration of the signing certificate
Prerequisites
Create an application integration, as described in Adding Rubrik as an application integration.
Procedure
1. Log in to the Okta web UI as a user with Administrator privileges.
2. Click Admin to go to the administrator portal.
3. On the top menu, next to the gear icon, click Classic UI.
4. Click the Applications menu and select Applications.
5. Select the Rubrik CDM application.
The application page for the Rubrik CDM application appears.
6. Select the Assignments tab.
7. Open the Assign menu and select Assign to People.
The Assign application_name to People dialog box appears. The dialog box lists the names of
people who can be assigned to access the application.
8. Add a user by clicking Assign next to the name of the user.
A confirmation dialog box appears with the name of the user displayed.
9. Click Save and Go Back.
The Assigned status appears next to the name of the user.
10. Repeat steps 8 and 9 until all Rubrik CDM application users have been assigned, then click Done.
Result
The Assignments page confirms that the specified users have access to Rubrik CDM.
Next task
Grant Okta groups access to Rubrik CDM, as described in Granting Okta groups access to Rubrik CDM.
Prerequisites
Create an application integration, as described in Adding Rubrik as an application integration.
Procedure
1. Log in to the Okta web UI as a user with Administrator privileges.
2. Click Admin to go to the administrator portal.
3. On the top menu, next to the gear icon, click Classic UI.
4. Click the Applications menu and select Applications.
5. Select the Rubrik CDM application.
The application page for the Rubrik CDM application appears.
6. Select the Assignments tab.
7. Open the Assign menu and select Assign to Groups.
Result
The Assignments page appears with the Group filter selected. The page displays all groups that have
access, along with an edit icon and a delete icon next to each group name.
Next task
Test the SSO connection, as described in Testing the SSO connection.
Procedure
1. Log in to the Rubrik CDM web UI as a user with the Administrator role.
2. On the top bar of the Rubrik CDM web UI, click the gear icon and select Users.
The Users and Groups page appears.
3. Select Identity Providers.
The identity providers page appears.
4. Open the ellipsis menu for the newly added identity provider and select Test.
The Rubrik cluster redirects to the Sign-in screen for the Identity Provider.
5. Type the user name and password for the registered account on the identity provider's system and
click Sign In.
6. Proceed to the Rubrik cluster’s host address.
The Rubrik CDM web UI appears with a message that the SSO test was successful.
Result
The test establishes that users can sign in to the Rubrik cluster using single sign-on.
Next task
Authorize SSO users, as described in Assigning roles to SSO users. Authorize SSO groups, as described in
Assigning roles to SSO groups.
Procedure
1. Log in to the Rubrik CDM web UI as a user with the Administrator role.
2. Click the gear icon and select Users.
The user management page appears with the Users and Groups tab selected.
3. Click Assign Roles.
The Assign Roles wizard opens at the Select Users/Groups step.
4. From the Directory menu, choose the Identity Provider.
5. From the User/Group menu, select User.
6. In Username, type the username exactly as it appears in the identity provider's user list.
Result
The Rubrik cluster updates the Users and Groups tab with the user names and their role assignment.
Context
This task assigns roles to SSO groups managed by an identity provider (IdP).
Procedure
1. Log in to the Rubrik CDM web UI as a user with the Administrator role.
2. From the gear settings menu, select Users.
The user management page appears with the Users and Groups tab selected.
3. Click Assign Roles.
4. Click the Directory menu and select the newly added identity provider name.
5. Click the User/Group menu and select Group.
6. In Groupname, type the group name and click Continue.
The Assign Roles dialog box appears.
7. Select a set of roles and click Finish.
A message confirms that authorization was updated for the selected group.
Result
The Rubrik cluster adds the new group and role to the Users and Groups tab.
Multifactor authentication
Multifactor authentication (MFA) adds one or more factors to the basic authentication process, which
prevents unauthorized users from accessing the Rubrik cluster.
Note: When multifactor authentication is required for a user, the Rubrik user’s username must match the
username stored in the MFA server.
If a user account is associated with an MFA server, that user will see an additional login screen after
signing in with username and password. Another authentication factor will be required, such as a
passcode, a PIN, or biometric data. The type of authentication factor, and the number of factors required
to authenticate to the Rubrik cluster, are determined by the configuration of the MFA server.
Note: The Access Key is confidential. Copy this value to a secure location, and use it to configure the RSA
SecurID server from the Rubrik CDM web UI.
Prerequisites
If the RSA SecurID server requires a Transport Layer Security (TLS) certificate, import the TLS certificate
using the procedure detailed in Importing a TLS certificate.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users and Groups page appears.
4. Click RSA SecurID.
The list of RSA SecurID servers appears.
5. Click Add RSA SecurID.
The Add RSA SecurID dialog box appears.
6. In Name, type a name to identify the RSA Authentication Manager.
7. In Base URL, type the RSA Authentication Manager server’s REST API base URL.
8. In RSA SecurID API Key, type the API Access Key that was generated when RSA SecurID was
enabled.
9. In Client ID, type the host name or IP address of the Rubrik cluster, which acts as the Authentication
Agent.
10. Optional: Type the name of the assurance policy in Assurance Policy Name.
11. (If using HMAC mode) In REST API Access ID, enter the RSA Authentication Manager server’s
access ID that was generated when RSA SecurID was enabled.
12. (If the RSA SecurID server requires a TLS certificate) Select a TLS certificate.
13. Click Add.
Result
After the RSA server is configured, add a test account to verify connectivity to the RSA server. Once
connectivity is verified, enable the RSA server for production users.
Prerequisites
If the RSA SecurID server requires a Transport Layer Security (TLS) certificate, import the TLS certificate
using the procedure detailed in Importing a TLS certificate.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users and Groups page appears.
4. Click RSA SecurID.
The list of RSA SecurID servers appears.
5. Click Add RSA SecurID.
The Add RSA SecurID dialog box appears.
6. In Name, enter a name to identify the RSA Cloud Authentication Service settings.
7. In Base URL, enter the RSA Cloud Authentication Service’s REST API base URL.
8. In RSA SecurID API Key, type the API Access Key that was generated when RSA SecurID was
enabled.
9. In Client ID, enter the host name or IP address of the Rubrik cluster, which acts as the
Authentication Agent.
10. In Assurance Policy Name, type the name of the assurance policy.
11. (If the RSA SecurID server requires a TLS certificate) Select a TLS certificate.
12. Click Add.
Result
After the RSA server is configured, add a test account to verify connectivity to the RSA server. Once
connectivity is verified, enable the RSA server for production users.
Context
Password support for connecting to a Rubrik cluster node using the Secure Shell (SSH) protocol is enabled
by default.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Select the Users and Groups tab.
5. Click the ellipsis menu in the top bar and select SSH Authentication Options from the list.
By default, Secure Shell (SSH) password authentication is enabled.
The SSH Authentication Options dialog box appears.
6. Turn off the SSH Password Authentication toggle and click Save.
Result
SSH sessions to nodes in this Rubrik cluster can no longer authenticate using passwords.
Related tasks
Configuring authentication to the Rubrik CLI by SSH key pair
Assign a Secure Shell key to a user account to enable authentication without transmitting the account
password.
Prerequisites
Obtain the public Secure Shell (SSH) protocol key for the user account. The key must be in the OpenSSH
format. Copy the SSH key to the clipboard.
Context
This task assigns an SSH key to a user account. Multiple methods and utilities exist for generating SSH
keys. Use any method that results in a valid SSH key that uses the OpenSSH format. Authenticating with
Procedure
1. Log in to the Rubrik CDM web UI as the Rubrik cluster administrator.
2. From the silhouette drop-down, select SSH Configuration.
The SSH configuration dialog box appears.
3. In the SSH keys field, paste the SSH key.
4. Click Update.
Result
The Rubrik cluster uses the SSH key to authenticate SSH connection attempts.
API tokens
API tokens can be used in scripts to provide secure authentication, rather than hard-coding credentials
directly in the script and exposing them as clear text.
Tokens are generated directly from the Rubrik CDM web UI. When a token is generated, the user can
specify how long the token is valid, and supply a tag that can be used to identify its purpose. For example,
if a different token is generated for each script a user plans to run, the tag can indicate the name of the
script associated with that token.
If a token is accidentally exposed, the user who generated it can delete it from the Rubrik CDM web UI,
then generate a new token.
API Tokens have the same privileges as the user who generates them. For example, if a user with the
Administrator role generates an API token, that token has Administrator privileges.
API tokens may not be used for the following purposes:
• Updating or deleting any MFA servers
• Creating new sessions or generating additional API tokens
• Creating new user accounts or updating user account information
• Updating user preferences
• Creating, updating, or deleting LDAP services
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the User account menu and select API Token Manager.
The API Token Manager dialog box appears.
3. Click the plus icon at the top right of the dialog box.
The Generate API Token dialog box appears.
4. In Duration, type the number of days the token will be valid.
The default duration is 30 days.
5. In Tag, enter a name to distinguish this token from other tokens.
Result
The display shows a list of API token IDs along with the associated token tag names, expiration dates, and
last activity.
Context
Delete an expired API token so that it cannot be used in REST API calls to the Rubrik cluster.
Note: Use caution when deleting an API token. Once the token is deleted, all REST API calls that use that
token will fail.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the account menu in the upper right corner and select API Token Manager.
The API Token Manager dialog box appears.
3. Open the ellipsis menu next to the API token to be deleted and select Delete.
The Delete API Token dialog box appears with a warning message about the consequences of deleting
the token.
4. Click Delete.
Result
The API token is removed from the list of API tokens.
Context
Note: An API operation on the whitelist can run in a session that is authenticated with only the
single authentication factor offered by an API session token. Consider the security risk involved before
whitelisting any API operation.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the account menu in the upper right corner and select API Token Manager.
The API Token Manager window opens.
3. Click Manage Token Whitelist.
The Manage API Token Whitelist dialog box opens.
4. Select the API operation to whitelist.
You can select multiple operations at once.
5. Click Submit.
Result
The Rubrik cluster permits the selected API operations to be called in a session authorized through an API
token.
Related concepts
Restricted API operations
By default, Rubrik CDM requires multi-factor authentication for certain API operations that can modify
cluster-wide configurations.
Service accounts
Service accounts allow users to access CDM APIs through scripts or other automation method.
To access CDM APIs through scripts or other automation method, a user can create a service account that
can be seen by all admins. When a user creates a service account, the ID and password for that account
is only shown once. To see it again, a user must rotate the password, which will bring up the credentials
once more (the same ID but a different password because it was rotated). A service account can fetch an
API token by an API call, which is then used by the same automation script.
A POST request to the /service_account/session endpoint generates an API token with a 24-hour
time to live (TTL). This token inherits the permissions of the service account that was used to create
the token. A service account can be assigned roles that specify a set of permissions of the API tokens
created by that service account. A tenant organization administrator can see all service accounts within the
organization and global administrators can see all service accounts on the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Click Service Accounts > Add Service Account.
The Add Service Account dialog box appears.
5. In Service Account Name, type the name of the service account.
6. In Roles, select either AdministratorRole or ReadOnlyAdminRole.
7. Click Add.
The Service Account ID and Secret dialog box appears.
8. Click Copy Secret.
Store the service account ID and secret in a secure location.
The secret is copied to clipboard.
Result
The Rubrik cluster adds a service account and generates credentials.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Click Service Accounts.
The list of service accounts appears.
5. Open the ellipsis menu of the service account and click Edit.
The Edit Service Account dialog box appears.
6. Edit the name of the service account or roles.
7. Click Update.
Result
The Rubrik cluster updates the service account with the new information.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
Result
The Rubrik cluster deletes the selected service account.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Users.
The Users page appears.
4. Click Service Accounts.
The list of service accounts appears.
5. From the ellipsis menu of a service account, click Rotate Secret.
The Rotate Secret dialog box appears.
6. Select Expire all existing sessions immediately to invalidate the existing secret.
7. Click Confirm.
The new client secret appears.
The Service Account ID and Secret dialog box appears.
8. Click Copy Secret.
Store the new secret in a secure location.
The secret is copied to clipboard.
Result
The Rubrik cluster generates a new secret for the service account.
Encryption
Encryption restricts the ability of unauthorized parties to read the encrypted data.
Encryption can be used to protect:
• Data at rest - Data that is stored in a persistent device such as a storage drive.
• Data in flight - Data that is being transmitted between devices.
In a secure Rubrik cluster, data that is transmitted between nodes of the cluster is encrypted using the
Transport Layer Security (TLS) protocol. TLS prevents unauthorized access of the transmitted data even if
the transmission is intercepted.
Secure Rubrik clusters encypt data at rest using the Advanced Encryption Standard (AES) symmetric-key
algorithm with a 256-bit key length (AES-256).
Encryption keys can be managed internally using the Trusted Platform Module (TPM) and can be
archived as required by operational policy. Encryption keys can also be managed remotely using the Key
Management Interoperability Protocol (KMIP) and a KMIP-compliant key manager. With KMIP, archiving the
encryption keys becomes the responsibility of the KMIP key manager.
Password encryption
Rubrik clusters do not store the passwords for local accounts in plain text.
The passwords for local user accounts on a Rubrik cluster are hashed with a salt using the SHA-512
algorithm. To authenticate a local log in attempt the Rubrik CDM cluster compares the resulting hash value
to the stored hash value.
The passwords for services external to the Rubrik cluster are encrypted using AES-256.
Prerequisites
To use a TLS certificate for client authentication, first import the certificate to the Rubrik cluster, as
described in Importing a TLS certificate.
Procedure
1. Log in to the Rubrik CDM web UI.
Use the admin account or an account with administrator privileges.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Manage Encryption.
The Manage Encryption page appears with the Key Rotation Status tab selected.
4. Click the KMIP Settings tab.
A list of the KMIP servers available to the Rubrik cluster appears.
5. Click Configure Client Settings.
The Configure Client Settings dialog box appears.
6. In Client Authentication Mode, select an authentication method.
• Password Only
• Client Certificate Only
• Both
7. (Password Only or Both) In Username type a username and in Password type a password.
Type the username and password required by the key manager. If a username and password are not
required, leave these blank.
8. (Client Certificate Only or Both) In Select a TLS Certificate, select the TLS certificate or type the
name of the certificate.
The certificate must be imported to the Rubrik cluster before it can be selected, or added by typing
the name.
9. Click Update.
The Rubrik cluster stores the updated key manager information.
Result
The Rubrik cluster is configured with the address and credentials of the KMIP server.
Prerequisites
To begin rotating keys by using an external KMIP server, first provide the Rubrik cluster with the KMIP
server information as described in Adding a KMIP server.
Context
Select a key manager for rotating the encryption keys, either the TPM chip or an external KMIP server, or
switch from one manager to the other.
Procedure
1. Log in to the Rubrik CDM web UI.
Use the admin account or an account with administrator privileges.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The Settings menu appears.
3. Click Manage Encryption.
The Manage Encryption page appears with the Key Rotation Status tab selected.
4. Click the Rotate Keys.
The One-Time Key Rotation dialog box appears.
5. Choose a key manager.
Important: Changing the key manager requires restarting all nodes in the cluster. Restarting the
nodes will stop any currently running jobs.
Option Description
External Key Manager (KMIP-compliant) Rotate the keys using an external KMIP server.
Select this field when an external KMIP server is
being used to manage the keys. When the Rubrik
cluster is using the on-board TPM chip for key
rotation, selecting this option will change the key
manager to use an external KMIP server.
Internal Key Manager (Rubrik TPM) Interact with the TPM chip to rotate the keys.
Select this field when interacting with the TPM
chip is being used to manage the keys. When the
Result
The Rubrik cluster rotates the KEKs and, where applicable, the SED passwords.
Context
Follow the instructions in the Vormetric DSM Administration Guide. Generally, configuring the Vormetric
DSM for Rubrik CDM includes the following steps.
Procedure
1. Enable TLS 1.2 support.
2. Configure licenses on the DSM to enable KMIP.
3. Create a domain on the DSM with KMIP enabled.
4. Within the new domain, add a host for the Rubrik cluster using an FQDN with A or CNAME records
pointing to the Rubrik nodes. Make a note of the FQDN in a safe place.
5. For client certificate authentication, ensure that the Password attribute is Generate.
6. Retrieve the Server Certificate from the DSM using a web browser (Windows) or OpenSSL (Linux).
Procedure
1. Log in to the Rubrik CDM web UI.
Use the admin account or an account with administrator privileges.
Next task
Add the TLS certificate to the Vormetric DSM server as described in Adding a TLS Certificate to Vormetric
DSM.
Procedure
1. In the Vormetric DSM UI, locate the Rubrik cluster host and click Import KMIP Key.
2. In Username, type the case-sensitive FQDN.
3. In Client Certificate, paste the signed TLS client certificate.
4. In Server, type the FQDN or IP address of the Vormetric DSM.
5. In Port, type 5696.
6. In Server Certificate, paste the Vormetric DSM server certificate.
7. Click Update.
Result
The Rubrik cluster adds the signed TLS certificate.
Related Tasks
Obtaining a TLS Certificate for Vormetric DSM
Create a certificate signing request to obtain a TLS certificate to use with Vormetric DSM.
Procedure
1. Generate an API token.
Follow the directions in Generating an API token.
2. Retrieve the encryption status of the Rubrik cluster.
In a UNIX shell, use the following command.
Where
• api_token is the token generated in step 1.
• rubrik_cluster is the IP address of the CDM cluster.
Result
On encrypted Rubrik clusters, the response of the API call is:
{"isEncrypted":true,"cipher":"AES","keyLength":256}
{"isEncrypted":false}
Multitenant organizations
The multitenancy extension of the Role Based Access Control (RBAC) scheme enables a central
organization to delegate administrative capabilities to multiple tenant organizations.
Each tenant organization in a multitenant RBAC cluster has a subset of administrative privileges defined by
the global organization. The subset of administrative privileges also specifies the cluster resources available
to the tenant organization. The administrators of the tenant organization can exercise these administrative
privileges independently of each other and of the cluster administrators.
Organizations can only be set up by users with the Rubrik Administrator role. However, no additional
external privileges, such as specific Active Directory or Windows Domain permissions, are required.
A Rubrik cluster can have one central organization and any number of tenant organizations. An
organization is a collection of the following elements:
• Protected objects
• Replication and archival targets
• SLA Domains
• Local users
• Active Directory users and groups
• Service credentials
• Reports
A central organization is administered by a user with the Administrator role. The Administrator role
has access to all cluster resources and grants privileges to other users, including tenant organization
administrators.
Related concepts
User accounts
Rubrik CDM provides role-based access control and several methods for authenticating a user account.
Tenant organizations
Tenant account permissions determine whether that account can add, modify, and delete SLA Domains.
Tenant organizations are managed through the following rules:
• SLA Domains created outside of a tenant organization and assigned to that organization cannot be
altered by the users or AD groups of the tenant organization.
• SLA Domains that are created by the users or AD groups in a tenant organization can be used outside
the tenant organization, but cannot be modified by users that are not members of the organization.
• An organization administrator can delete SLA Domains created by users or AD groups that belong to the
organization. An SLA Domain that is assigned to any object protected on the cluster cannot be deleted.
• A user with Administrator privileges over the Rubrik cluster can add users or AD groups to a tenant
organization.
• An organization administrator can view the list of AD domains of the users or groups in the tenant
organization and manage privileges for those users.
Feature Description
Proxy service Rubrik Envoy is a data-path proxy between the tenant network and the service
provider network.
Using RBS, Rubrik Envoy supports VMware file recovery between the tenant
network and the managed service provider network.
Rubrik Envoy supports filesets, Microsoft SQL Server, and VMware image backups
hosted in a tenant network.
Simple setup Rubrik Envoy requires no change to the firewall in most situations. Each virtual
machine requires only outbound network communication with the Rubrik cluster.
Tenants can only see and access objects that belong to their organization.
Scale out Multiple instances of Rubrik Envoy can work together to increase performance and
provide high availability.
Prerequisites
Rubrik Envoy requires a minimum of 2 vCPU, 2 GB of memory, and a 20 GB virtual disk. Deploying the
Rubrik Envoy NG OVA package for Rubrik CDM Version 7.0.1 requires vSphere 6.7 or later (with HTML5).
Procedure
1. Log in to the Rubrik Support Portal.
2. Under Docs and Downloads, click View Downloads.
The Documentation and Downloads page appears.
3. Select Rubrik CDM 7.0 (GA).
The Rubrik CDM 7.0 (GA) page appears.
4. On the software list, select 7.0.1-xxx (Envoy NG).
The EULA appears.
5. Accept the EULA.
6. Click OVA package for Rubrik Envoy.
The browser downloads the OVA package to the chosen location.
7. Log in to the vSphere Web Client of a vCenter Server.
Log in from the computer with the downloaded OVA package.
8. On the vSphere Web Client home page, click Hosts and Clusters.
The Data Center page appears.
9. Select the data center.
10. In the main area of the data center page, open the Actions menu and select Deploy OVF
Template.
The Deploy OVF Template wizard opens.
11. Follow the wizard instructions.
Be sure to deploy Rubrik Envoy on a network with access to the tenant hosts.
12. When the wizard completes, click Finish.
Result
The vCenter Server deploys a new Rubrik Envoy virtual machine.
Next task
Complete the steps in Configuring Rubrik Envoy to configure IP addresses.
Related concepts
Multitenancy and Rubrik Envoy
Rubrik Envoy enables data movement between Rubrik clusters and a tenant network.
Related tasks
Configuring Rubrik Envoy
Configure the Rubrik Envoy virtual machine.
Registering Rubrik Envoy with a Rubrik cluster
Register the Rubrik Envoy virtual machine with the Rubrik cluster using the Rubrik CLI.
Deregistering Rubrik Envoy from a Rubrik cluster
Remove the association between a Rubrik Envoy virtual machine and a Rubrik cluster.
Prerequisites
Context
Complete this task when networking is not configured using VMware vSphere or vCloud Director
customization.
To configure, use the sample Netplan template shown.
Procedure
1. Open an SSH session to the Rubrik Envoy virtual machine.
2. Log in using the account name ubuntu and account password Envoy.
3. Change the default password using the passwd command.
4. Change the hostname of the Rubrik Envoy virtual machine.
The default hostname is "envoy-ng". Successfully registering Rubrik Envoy requires a hostname that is
unique among all Rubrik Envoy virtual machines in the multitenant organization. To change the name,
type:
network:
ethernets:
eth0:
addresses:Envoy_VM_IP/Netmask_Length
gateway4:Gateway_IP
dhcp4: false
optional: true
nameservers:
search:Search_domain_name
addresses:DNS_IP1, DNS_IP2
version: 2
Result
You have configured the Rubrik Envoy virtual machine.
Prerequisites
Complete the procedures in Naming the organization and adding users or AD groups, Protecting objects
in an organization, Assigning protection resources to a tenant organization, Deploying Rubrik Envoy, and
Configuring Rubrik Envoy.
Context
Setting NAT addresses to register Rubrik Envoy is necessary only if using the provider-side NAT.
Procedure
1. Open an SSH session on the Rubrik node.
2. Log in to the Rubrik CLI.
3. Choose whether to use the data IP addresses on bond0 or to set NAT addresses.
Option Description
Data IP addresses on bond0 By default, Rubrik nodes talk to Rubrik Envoy
virtual machines using the data IP addresses on
bond0.
Provider-side NAT When using the provider-side NAT, set the
external NAT target IP and port for Rubrik Envoy
to use to establish connections to Rubrik cluster
nodes.
4. To set the external NAT target IP and port, run the following command.
Type
Enter the sequence numbers of the Rubrik cluster nodes for which to set the NAT address. Enter 0
when done.
Enter the NAT IP address of the node.
Enter the NAT port of the node: 8011.
sudo /home/ubuntu/envoy_ng_startup.py
The script includes information about viewing the original web certificate for comparison in the
browser of the Rubrik CDM web UI of the Rubrik cluster node.
12. Choose whether to complete the user authentication using an API token or the tenant organization
admin account and password.
Option Description
Enter an API token Optionally obtain an API token from the Rubrik
CDM web UI by clicking the user name in the
upper right of the screen and then selecting API
Token Manager.
Enter the tenant organization admin account Type the tenant organization admin account
name and password name and password.
13. Enter the name of the tenant organization.
The registration script completes, displaying a comment that the SSF tunnels for all CDM nodes set up
successfully.
Result
Rubrik Envoy connects to the Rubrik cluster for the specified organization.
Related concepts
Multitenancy and Rubrik Envoy
Rubrik Envoy enables data movement between Rubrik clusters and a tenant network.
Related tasks
Deploying Rubrik Envoy
Deploy Rubrik Envoy on a vSphere virtual machine.
Configuring Rubrik Envoy
Prerequisites
Creating and exporting a secure cluster web certificate requires an operating system and browser that
support that functionality. A combination of web browser and operating system that is known to work for
this task is Google Chrome running on either Windows or Linux.
Context
The Rubrik Envoy registration script obtains the web certificate of the Rubrik cluster, displays it in the shell
session, and prompts for confirmation that the certificate is valid. This task describes how to obtain the
certificate directly from the Rubrik cluster using a web browser and compare it to the one displayed in the
shell session. Doing this adds an additional layer of security.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the padlock icon on the browser address bar.
A menu appears. The menu includes a choice related to the certificate of the Rubrik cluster.
3. Navigate to the certificate export functionality and choose to export the certificate.
Select the Base-64 encoded X.509 (.CER) export file format.
4. Download the certificate to a local file.
5. Visually compare the contents of the file with the certificate displayed by the Rubrik Envoy registration
script.
The first few lines of the certificate displayed by the script appear on separate lines for readability, but
the contents should otherwise match the certificate obtained through the browser.
Result
You are able to confirm that the Rubrik cluster web certificate shown by the Rubrik Envoy registration
script is the same as the certificate provided to your web browser.
Related tasks
Registering Rubrik Envoy with a Rubrik cluster
Register the Rubrik Envoy virtual machine with the Rubrik cluster using the Rubrik CLI.
Context
Use the Rubrik CDM web UI to deregister a Rubrik Envoy virtual machine from the Rubrik cluster or to
move it from one cluster to another. A deregistered Rubrik Envoy virtual machine is not deleted; it exists in
an idle mode, not associated with any cluster.
Deregistering is also helpful if the IP address of the Rubrik Envoy virtual machine changes inadvertently.
Since that IP address is expected to remain the same, a changed address renders the Rubrik Envoy virtual
machine undetectable by the Rubrik CDM web UI and Rubrik CLI, which would continue to show the
original IP address. Correct that by deregistering and then reregistering the Rubrik Envoy virtual machine
address.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears.
4. Open the ellipsis menu and select Manage Envoy.
The Manage Envoy page appears, showing a list of the deployed Rubrik Envoy virtual machines and
their connection status.
5. Select the Rubrik Envoy virtual machine and click Deregister.
More than one Rubrik Envoy virtual machine can be selected.
Result
The Rubrik cluster deregisters the selected Rubrik Envoy virtual machine.
Related concepts
Multitenancy and Rubrik Envoy
Rubrik Envoy enables data movement between Rubrik clusters and a tenant network.
IP address changes in Rubrik Envoy
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears.
4. Click Create Organization.
The Create Organization wizard appears.
5. In Organization Name, provide a name for the organization.
6. Click Next.
The Administrator Roles screen of the wizard appears.
7. Optional: Select the Enable per tenant access control toggle.
When this toggle is enabled, the organization administrator can add single sign-on domains to the
organization.
8. Add administrator roles to this organization.
The roles are assigned to users in the following screen of the wizard.
9. Optional: Click Add Role to create a new role.
Type a name for the role and assign the privileges to this role.
The following privileges are assigned by default:
• Create SLA
• Manage Hosts
• Unrestricted Unprotection
• Manage Users
• Unrestricted Snapshot Retention
10. Click Next.
The Users screen of the wizard appears.
11. Select a domain from the Directory drop-down menu.
Valid domains are ‘local’ for user accounts on the cluster, or any AD domains connected to the cluster.
An organization can contain users or AD groups from any number of separate domains.
12. Enter a search string in the Search by Name field to display a list of users and AD groups that match
the string.
13. Click Add for a user or AD group in the list to add that user or AD group to the organization.
14. Optional: Select a role for the user from the Administrator Roles drop-down list to make the user
an Organization Administrator.
In an organization, assign the Organization Administrator role to at least one user.
15. Click Next.
The Protectable Objects section of the wizard appears.
Next task
Use the procedure in Protecting objects in an organization to continue creating the organization.
Prerequisites
Complete the steps in Naming the organization and adding users or AD groups.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears.
4. Click Create Organization.
The Create Organization wizard appears.
5. In the Protectable Objects section, select the appropriate tab to add an object to the tenant
organization.
6. Select the objects to include in the tenant organization from the list.
The number of selected objects next to the listed object type updates automatically.
7. Click Next.
The Other Resources section of the wizard displays.
Result
The specified objects are added to the organization.
Next task
Use the procedure in Assigning protection resources to a tenant organization to continue creating the
organization.
Prerequisites
Complete the procedures in Naming the organization and adding users or AD groups and Protecting
objects in an organization.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears.
4. Click Create Organization.
The Create Organization wizard appears.
5. Click Other Resources.
A list of optional resources appears.
6. Click SLA Domains and select the SLA Domains to assign to the tenant organization.
SLA Domains can optionally be assigned at this point and can be assigned or changed later by editing
the tenant organization.
7. Click Archival Locations and select the archival locations to assign to the tenant organization.
Result
The organization has new resource assignments.
Next task
Use the procedure in Deploying Rubrik Envoy to continue creating the organization.
Prerequisites
A user must have the global administrator role to edit tenant organization settings.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears.
4. Open the ellipsis menu for the organization and click Edit.
The Edit Organization page appears with the Organization Name section selected.
5. Optional: Type a new name in the Organization Name field to change the organization name.
6. Optional: Click Administrator Roles at the top of the Edit Organization page to create roles.
7. Optional: Click Users at the top of the Edit Organization page to manage users or AD groups in the
organization.
8. Optional: Click Protectable Objects at the top of the Edit Organization page to manage the
protectable objects assigned to the tenant organization.
9. Optional: Edit the protectable objects that are assigned to a tenant organization.
10. Optional: Click Other Resources at the top of the Edit Organization page to manage SLA Domains,
archival locations, or replication targets assigned to the tenant organization.
Users with the Organization Admin role and the Create/Edit SLA permission can only modify SLA
Domains that are created within a tenant organization.
11. Optional: Edit the resources that are assigned to a tenant organization.
12. Click Finish.
Result
The Rubrik cluster modifies the tenant organization.
Related tasks
Naming the organization and adding users or AD groups
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears.
4. Next to an organization entry, click the ellipsis and select Delete.
A confirmation dialog box appears.
5. Click Delete.
Result
The Rubrik cluster deletes the organization definition.
Prerequisites
Create the organization as described in Naming the organization and adding users or AD groups.
Procedure
1. Log in to the Rubrik CDM web UI as a global admin.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears.
4. In the ellipsis menu for the organization, click Manage Quota.
The Manage Quota dialog box appears.
5. Turn on the Storage Based Quota toggle.
6. In Metric to Quota on select one of the following storage options:
• Local storage is the amount of Rubrik cluster storage currently in use.
• Local effective storage is a calculation of the equitable allocation of deduplicated data assigned
to individual snapshots. This enables a fair distribution between objects.
7. Provide values for the Soft Limit and optionally, for the Hard Limit.
The Hard Limit value cannot be less than the Soft Limit value.
8. Click Save.
A message appears confirming that the organization quotas have been updated.
Result
Storage-based quota is assigned to an organization.
Prerequisites
Assign storage-based quota to an organization as described in Assigning tenant organization storage
quota.
Procedure
1. Log in to the Rubrik CDM web UI as a global admin.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears. The used storage-based quotas and the soft and hard limits appear
in the Storage Quota Used column.
Note: If the storage used is less than 1 GB, this appears as 0 GB.
4. Optional: In the ellipsis menu for the organization, click Manage Quota.
The Manage Quota dialog box appears, displaying the type of Metric to Quota on selected.
Local storage is the amount of Rubrik cluster storage currently in use. Local effective storage is a
calculation of the equitable allocation of deduplicated data assigned to individual snapshots.
Result
The assigned storage quota appears in the Organizations page.
Procedure
1. Log in to the Rubrik CDM web UI as a global admin.
2. Click the gear icon.
3. Click Organizations.
The Organizations page appears. The storage-based quotas and the soft and hard limits appear in the
Storage Quota Used column.
4. In the ellipsis menu for the organization, click Manage Quota.
The Manage Quota dialog box appears.
5. Edit the Soft Limit and/or the Hard Limit, as required.
The limits cannot be set to a value less than the storage quota used.
6. Optional: In Metric to Quota on select one of the following storage options:
• Local storage is the amount of Rubrik cluster storage currently in use.
• Local effective storage is a calculation of the equitable allocation of deduplicated data assigned
to individual snapshots. This enables a fair distribution between objects.
7. Click Save.
A UI message appears confirming that the organization quotas have been updated.
Result
The storage-based quota assigned to an organization is updated.
Protection policies
The SLA Domain feature has default protection policies and user configured protection policies.
Service Level Agreements (SLAs) through the Rubrik SLA Domain feature unifies data protection policies
through a single policy engine. The SLA Domain feature provides a configurable set of policies that can be
applied to groups of virtual machines, applications, and hosts to achieve specific data protection objectives.
The following table defines the data protection policies available through the SLA Domain feature.
Policy Description
Snapshot and backup Directs the Rubrik cluster when to create point-in-time snapshots or backups
frequency and retention of data sources and how long to keep the data.
Replication Directs the Rubrik cluster to send replicas of source snapshots or backups to
a target Rubrik cluster and defines the maximum time to keep the replica on
each cluster.
Archiving Directs the Rubrik cluster to move snapshot or backup data to a separate
data storage system for long-term retention.
Daily Pick the last successful Pick the last successful Create snapshot every
snapshot every day and snapshot every day and day and retain it for 32
retain it for 32 days retain it for 32 days days
Monthly Pick last successful Pick last successful Pick last successful
snapshot every month snapshot every month snapshot every month
and retain it for 1 year and retain it for 1 year and retain it for 1 year
Yearly Pick last successful Pick last successful Pick last successful
snapshot every year and snapshot every year and snapshot every year and
retain it for 2 years retain it for 2 years retain it for 2 years
The following table describes the advanced options for frequency and retention values for each rule type.
To view the advanced options, enable Advanced Frequencies when creating or editing SLA Domains.
For the Minute Rule, the minimum allowed value for Take Snapshots and Keep Snapshots is 15
minutes.
SLA Domains with a backup frequency in minutes will apply only to Managed Volume objects.
For each rule type, the rule that initiates the creation of the retained snapshot is the rule type that
specifies the smallest frequency, such as the hourly rule. This occurs when a snapshot that is initiated by
another rule is the last successful snapshot for the defined period.
Each of the rule types described is referred to as an SLA Rule. Any snapshot created based on an SLA Rule
is referred to as a policy driven snapshot.
In the following scenarios the latest snapshot is skipped by the Expiration Job:
• If a protected data source is protected by a valid SLA Domain it is skipped when deleting the latest
snapshot for the protected data source.
• If a protected data source is retained by a valid SLA Domain, it is skipped when expiring the latest
snapshots in all active retention locations. The latest snapshot is not skipped if it is the last snapshot at
the retention location.
• If a protected data source is unprotected, the latest snapshot at the current location is skipped only if it
is not the last snapshot at that location.
Related concepts
Retention management
Assign retention policies to existing scheduled snapshots, on-demand snapshots, and snapshots retrieved
from an archival location.
Related tasks
Creating a custom SLA Domain
Create a custom SLA Domain with policies that meet specific SLA requirements.
Base Frequency
The Base Frequency of an SLA Domain determines when snapshots are created to comply with all of the
rules specified for the SLA Domain.
Base Frequency is determined through the following SLA Domain settings:
• The Base Frequency corresponds to the shortest frequency specified in the SLA Domain configuration.
• When there is no Minute Rule, the Base Frequency corresponds to the frequency specified in the Hourly
Rule.
• When there is no Hourly Rule, the Base Frequency corresponds to the frequency specified in the Daily
Rule.
• When both the Hourly Rule and the Daily Rule are not defined, the Base Frequency corresponds to the
frequency specified in the Monthly Rule.
• When the Yearly Rule is the only rule defined, the base frequency corresponds to the frequency
specified in that rule.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Click the + icon.
The first page of the Create SLA Domain wizard appears.
4. In SLA Domain Name, type a name for the new SLA Domain.
The name must comply with the requirements defined for SLA Domain names. To create a CDP SLA
(if CDP is enabled), enable the slider toggle for Continuous Data Protection. In Keep Recovery
Points for (Hours) specify the number of hours for the CDP log file. By default, CDP SLAs can only be
configured for four hours.
5. In Service Level Agreement, configure the snapshot frequency and a corresponding retention
period.
Result
The Rubrik cluster creates the new SLA Domain and adds it to the Local SLA Domains page.
Next task
Assign the SLA Domain to data sources.
Related concepts
SLA Domain name
SLA Domain names must be unique and follow character usage requirements.
Service Level Agreement
The Service Level Agreement section defines snapshot frequency and retention.
Archival policy
An archival policy defines how long to retain data within the local Rubrik cluster before moving the data to
an archival account for long term storage. Archival policy is optional for an SLA Domain.
Replication policy
Enable a replication policy for an SLA Domain to replicate the snapshot and backup data of the source
objects that are protected by the SLA Domain.
Local retention period
The Rubrik cluster retains a snapshot or backup locally based on the local retention period specified by the
SLA Domain.
Related tasks
Configuring a snapshot window
Configure a snapshot window for an SLA Domain when creating a custom SLA Domain or when editing an
SLA Domain.
Configuring a first full backup window
Configure a first full backup window for an SLA Domain when creating a custom SLA Domain or when
editing an SLA Domain.
Assigning an SLA Domain setting to a Hyper-V cluster or server
Specify an SLA Domain setting for Hyper-V host to have the setting applied to the objects and virtual
machines contained by the clusters and host.
Assigning an SLA Domain setting to a Nutanix cluster
Snapshot window
A custom SLA Domain can optionally provide a snapshot window. A snapshot window defines a period
during each day when the Rubrik cluster is permitted to create snapshots for the data sources that are
assigned to the SLA Domain.
When a backup is running and the current snapshot window closes, any currently running backup will be
allowed to complete, but no new backup job will be allowed to start.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify the snapshot window for an SLA Domain:
• For a new custom SLA Domain, click the + icon and configure the SLA rules.
• For an existing SLA Domain, on the Local SLA Domains page, select the SLA Domain. The
properties page for the selected SLA Domain appears. Open the ellipsis menu, and select Edit.
The Snapshot Window section appears near the bottom of the dialog box box.
4. In Take Snapshots From, click the left box and select the beginning time for the snapshot window.
The Rubrik cluster waits until the specified time to initiate policy-based snapshots for this SLA Domain.
5. In Take Snapshots From, click the right box and select the ending time for the snapshot window.
The Rubrik cluster will not initiate policy-based snapshots for this SLA Domain after this time.
6. Complete any other changes and click Create (for a new SLA Domain) or Update (for an existing SLA
Domain).
Result
The Rubrik cluster adds the snapshot window to the SLA Domain. The Rubrik cluster creates snapshots for
the SLA Domain only during the specified period each day.
Related tasks
Creating a custom SLA Domain
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify the first full backup window for an SLA Domain:
• For a new custom SLA Domain, click the + icon and configure the SLA rules.
• For an existing SLA Domain, on the Local SLA Domains page, select the SLA Domain. The
properties page for the selected SLA Domain appears. Open the ellipsis menu, and select Edit.
The Snapshot Window section appears near the bottom of the dialog box. On the Take first full
between line, the default value First Opportunity appears in the left box.
4. On the Take first full between line, click the left box and select a day of the week.
The selection specifies the first day of each week when the Rubrik cluster can initiate first full
snapshots and backups.
After entering a value, fields for specifying the end of the time range appear.
5. On the Take first full between line, click the right box and select a time of the day.
The selection specifies the time of day when the Rubrik cluster can initiate first full snapshots and
backups.
6. On the second line, click the left box and select a day of the week.
The selection specifies the last day of each week when the Rubrik cluster can initiate first full
snapshots and backups.
7. On the second line, click the right box and select a time of the day.
The selection specifies the time of day when the Rubrik cluster stops initiating first full snapshots and
backups.
8. Complete any other changes and click Create (new SLA Domains) or Update (existing SLA Domains).
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. On the Local SLA Domains page, select the SLA Domain.
The properties page for the selected SLA Domain appears.
4. Open the ellipsis menu, and select Edit.
The Edit SLA Domain wizard appears.
5. Make changes to the SLA rules.
6. Click Next.
The Set Archiving and Replication page of the Edit SLA Domain wizard appears.
7. Optional: Make changes to the archival policy, the replication policy, or both.
8. Optional: Use the slider for Retention On Brik to adjust the local retention period for the SLA
Domain.
An archival policy, a replication policy, or both must be specified before the local retention period can
be adjusted.
Result
The Rubrik cluster stores the new policies and rules for the SLA Domain. The following sections
describethe potential consequences of various SLA Domain changes.
Related concepts
SLA Domain changes
Edit Local SLA Domain policies when changes are needed.
Base Frequency changes
Editing the SLA rules can change the frequency with which snapshots are created. When changes to the
frequency impact the Base Frequency of the SLA Domain, all future snapshots are created using the new
Base Frequency.
Retention changes
Editing the SLA rules can have an effect on existing snapshots and future snapshots of associated data
sources.
Replication target changes
Editing the replication targets in an SLA Domain does not impact existing snapshots.
Impact of retention changes on archival policy and replication policy
When the retention period associated with any SLA Rule is changed, it can potentially trigger an automatic
change of an SLA Domain’s existing Archival and Replication policies.
Snapshot window changes
Changing the snapshot window causes the Rubrik cluster to use the new snapshot window when creating
new snapshots.
Take first full backup changes
Changing the time specified by the Take first full field causes the Rubrik cluster to wait until the specified
time before creating the first full snapshot or backup of newly added data sources. When a snapshot
window is specified, the Rubrik cluster creates the first full during the next available snapshot window after
the specified Take first full time.
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related reference
TPR Approver role details
Edits are made to an SLA Domain to increase the Base Frequency by making the following SLA rules
changes:
• Old Hourly Rule – Create one snapshot every six hours and retain it for three days.
• New Hourly Rule – Create one snapshot every three hours and retain it for three days.
These edits result in the following impact to snapshots:
• Existing snapshots – No change.
• New snapshots – Snapshots are created based on the higher frequency specified in the new Hourly
Rule, once every three hours instead of every six hours.
Retention changes
Editing the SLA rules can have an effect on existing snapshots and future snapshots of associated data
sources.
The new retention period is applied to existing snapshots and to new snapshots. Edits can increase or
decrease the retention period. In both cases, existing snapshots are impacted by the edits.
Example: Increasing snapshot retention with changes not applied to existing snapshots
Edits are made to an SLA Domain to increase the snapshot retention period by making the following SLA
rules changes:
• Old Hourly Rule – Create one snapshot every four hours and retain it for three days.
• New Hourly Rule – Create one snapshot every four hours and retain it for five days.
These edits result in the following impact to snapshots:
• Existing Snapshots – Retained for three days.
• New Snapshots – Retained for five days.
Edits are made to an SLA Domain to increase the snapshot retention period by making the following SLA
rules changes:
• Old Hourly Rule – Create one snapshot every four hours and retain it for three days.
• New Hourly Rule – Create one snapshot every four hours and retain it for five days.
These edits result in the following impact to snapshots:
• Existing Snapshots – Retained for five days.
• New Snapshots – Retained for five days.
Edits are made to an SLA Domain to decrease the snapshot retention period by making the following SLA
rules changes:
• Old Hourly Rule – Create one snapshot every four hours and retain it for seven days.
• New Hourly Rule – Create snapshot every four hours and retain it for four days.
These edits result in the following impact to snapshots:
• Existing snapshots – Some existing snapshots may expire automatically as they are not required for
compliance with the shorter retention period.
• New snapshots – Retained for four days.
Example: Decreasing snapshot retention with changed not applied to existing snapshots
Edits are made to an SLA Domain to decrease the snapshot retention period by making the following SLA
rules changes:
• Old Hourly Rule – Create one snapshot every four hours and retain it for seven days.
• New Hourly Rule – Create snapshot every four hours and retain it for four days. Changed not applied to
existing snapshots
These edits result in the following impact to snapshots:
• Existing snapshots – Retention unchanged for existing snapshots.
• New snapshots – Retained for four days.
Related reference
Impact of SLA Domain changes on snapshots
Examples showing the impact of changing the retention policy of the SLA Domain assigned to an object.
Examines the impact of retroactive and non-retroactive retention changes on local, archived, and replicated
snapshots.
Snapshot expiration
A Rubrik cluster always retains the latest snapshot of a protected object at locations specified in the SLA
Domain, even when the retention period for all snapshots has expired.
When the retention period for a snapshot ends, the cluster marks the snapshot as expired. Expired
snapshots are no longer listed as a Snapshot Management object in the Rubrik CDM user interface.
The Rubrik cluster periodically deletes expired snapshots, but retains expired snapshots that meet specific
criteria.
SLA Domain SD1 SLA Domain SD2 The local retention for new snapshots is
decreased to 1 month.
Frequency = 2 months Frequency = 2 months
SLA Domain SD1 SLA Domain SD2 Archiving starts after 15 days.
Frequency = 2 months Frequency = 2 months The local retention for new snapshots is
decreased to 15 days.
Retention = 3 months Retention = 3 months
The local retention for existing snapshots
Archival location = AL1 Archival location = AL2
does not change and is 1 month.
Archival threshold = 1 Archival threshold = 15 days
All local snapshots older than 15 days are
month
Changes not applied to archived to location AL2.
existing snapshots.
Snapshots already archived to location AL1
will not be archived again.
The archival retention for the existing
snapshots not archived are derived from
SD1 and will decrease.
SLA Domain SD1 SLA Domain SD2 The local retention for new snapshots is
decreased to 15 days.
Frequency = 2 months Frequency = 2 months
The local retention for existing snapshots
Retention = 3 months Retention = 3 months
is decreased to 15 days. As a result, some
Archival location = AL1 Archival location = AL2 existing snapshots expire immediately and
are deleted locally.
Archival threshold = 1 Archival threshold = 15 days
month All local snapshots older than 15 days are
Changes applied to existing
archived to location AL2. Snapshots already
snapshots.
archived to location AL1 will not be archived
again.
SLA Domain SD1 SLA Domain SD2 The local retention for new snapshots is 45
days.
Frequency = 2 months Frequency = 2 months
The local retention for existing snapshots is
Retention = 3 months Retention = 3 months
increased to 45 days.
Archival location = AL1 Archival location = AL2
All local snapshots older than 45 days are
Archival threshold = 1 Archival threshold = 45 days archived to location AL2.
month
Changes applied to existing Snapshots already archived to location AL1
snapshots. will not be archived again.
The total retention for all snapshots is
derived from SD2.
SLA Domain SD1 SLA Domain SD2 Local retention of existing snapshots will
remain as 1 month, as specified in SD1.
Frequency = 2 months No archival location
Local retention for new snapshots is based
Retention = 3 months Changes not applied to
on SD2.
existing snapshots.
Archival location = AL1
SLA Domain SD1 Frequency SLA Domain SD2 Local retention policy for existing snapshots
= 2 months is specified in SD2.
No archival location
Retention = 3 months The snapshots that have been archived to
Changes applied to existing
AL1 are retained there for the retention
Archival location = AL1 snapshots.
policy specified by SD2.
Archival threshold = 1
The existing snapshots that have not been
month
archived will not be archived and their
retention policy is derived from SD2.
SLA Domain SD1 SLA Domain SD2 All snapshots from the last 30 days, if
available, are eligible for replication to the
Frequency = 1 month Frequency = 1 month
new target.
Retention = 2 months Retention = 2 months
Snapshots are retained on the replication
No replication. Replication target = RT1 target for 10 days.
Replication retention = 10
days
Changes not applied to
existing snapshots.
SLA Domain SD1 SLA Domain SD2 All snapshots from the last 30 days, if
available, are eligible for replication to the
Frequency = 1 month Frequency = 1 month
new target.
Retention = 2 months Retention = 2 months
Snapshots retained on the replication target
No replication. Replication target = RT1 RT1 for 10 days.
Replication retention = 10
days
Changes not applied to
existing snapshots.
SLA Domain SD1 SLA Domain SD2 Any snapshot from the last 30 days is
eligible for replication to the new target
Frequency = 1 month Frequency = 1 month
location.
Retention = 2 months Retention = 2 months
Snapshots retained on the replication target
Replication target = RT1 RT1 for 10 days.
Replication retention = 10
Note: The replication retention window
days
starts from the time the snapshot is
Changes applied to existing created.
snapshots.
SLA Domain SD1 SLA Domain SD2 Snapshots already replicated are retained
on replication target RT1 for 10 days.
Replication target = RT1 Replication target = RT1
Snapshots not yet replicated are replicated
Replication retention = 10 Replication retention = 20
to RT1 and are retained for 20 days.
days days
New snapshots follow the retention policy
Changes applied to existing
specified by SD2.
snapshots.
SLA Domain SD1 SLA Domain SD2 Snapshots already replicated are retained
on replication target RT1 for 10 days.
Replication target = RT1 Replication target = RT2
All snapshots are replicated to RT2 and
Replication retention = 10 Replication retention = 20
retained for 20 days.
days. days
Changes not applied to
existing snapshots
SLA Domain SD1 SLA Domain SD1 Snapshots already replicated are retained
on replication target RT1 for 10 days.
Replication target = RT1 Replication target = RT2
All snapshots are replicated to RT2 and
Replication retention = 10 Replication retention = 20
retained for 20 days.
days days
Changes applied to existing
snapshots.
SLA Domain SD1 SLA Domain SD2 Snapshots already replicated are retained
on replication target RT1 for 10 days.
Replication target = RT1 Replication target = RT1
All snapshots from the last 30 days are
Replication retention = 10 Replication retention = 10
replicated to RT2 and are retained for 20
days days
days.
Replication target = RT2
Snapshots not yet replicated are replicated
Replication retention = 20 to RT1 and are retained for 10 days.
days
Changes not applied to
existing snapshots.
SLA Domain SD1 SLA Domain SD2 Snapshots already replicated are retained
on replication target RT1 for 10 days.
Replication target = RT1 Replication target = RT1
Snapshots not replicated are replicated to
Replication retention = 10 Replication retention = 10
RT1 and retained for 20 days.
days days
All snapshots from the last 30 days are
Replication target = RT2
replicated to RT2 and are retained for 20
Replication retention = 20 days.
days
SLA Domain SD1 Object deleted. Snapshots already replicated are retained
on replication target RT1 for 10 days.
Replication target = RT1
Snapshots not replicated are replicated
Replication retention = 10
based on SD1.
days
Existing snapshots are retained locally
based on SD1.
Prerequisites
Remove all data sources that are assigned to the SLA Domain. An SLA Domain cannot be deleted when
data sources are assigned to it.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. On the Local SLA Domains page, select the SLA Domain.
The properties page for the selected SLA Domain appears.
4. Open the ellipsis menu, and select Delete.
The Delete SLA Domain confirmation message appears.
Note: When data sources are assigned to the SLA Domain, a warning message appears. Click OK to
acknowledge the message. To delete the SLA Domain, first remove the data sources that are assigned
to the SLA Domain.
5. Click Delete.
Result
The SLA Domain is deleted.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
Result
The Local SLA Domains page appears.
Search field Search field that permits a text string search of the names of all data
sources that are protected by the selected local SLA Domain. Search
is confined to the currently selected data source.
Name Name of a protected data source.
Location Location or host of the protected data source.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Optional: In the Search by Name field of the Local SLA Domains page, type a text string.
The Rubrik cluster provides a list of the local SLA Domains that have a name that contains the search
string.
4. Click a local SLA Domain entry.
Result
The page of the selected local SLA Domain appears. The ellipsis menu provides choices to edit or delete
the local SLA Domain, as described in Editing an SLA Domain and Deleting an SLA Domain. The Pause
Protection button provides the option to pause protection tasks for all objects on the page, as described
in Pause and resume protection. If protection is currently paused, the Resume Protection button
appears on the page.
Note: SLA Domains with CDP enabled cannot be paused. Also, Pause Protection does not pause database
log backups.
Pausing protection
Pause protection tasks of all objects assigned to an SLA Domain, whether through direct assignment or
derived assignment.
Procedure
1. Log in to the Rubrik CDM web UI as a user with administrator privileges.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Select a local SLA Domain entry.
4. Click Pause Protection.
A confirmation dialog box appears with the message “Pause Protection will cancel all scheduled
backup, archiving, and replication tasks for all data sources protected by this SLA Domain. In-progress
tasks will be canceled immediately except when data transfer has started. Are you sure you want to
Pause Protection?”
5. Click Continue Anyway.
A confirmation message appears briefly to indicate the selected SLA Domain is paused. After the
message disappears, the Resume Protection button appears on the properties page of the SLA
Domain. On the Local SLA Domains page, a pause icon appears next to the paused SLA Domain.
Result
When an SLA Domain is paused, a message with this format appears in the Activity Log: “Pausing
protection tasks for all objects in SLA Domain ‘name’.”
If an SLA Domain is paused while a backup is in progress, a message appears in the Activity Log to
indicate that: “Pause Protection on SLA Domain name has caused the scheduled backup of Object name to
be canceled. Resume Protection on SLA Domain to resume backups.”
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears. A pause icon provides a visual indicator next to each paused
SLA Domain.
3. Select the paused SLA Domain that can be resumed.
The properties page of the selected SLA Domain appears.
4. Click Resume Protection.
A confirmation dialog box appears with the message “This will resume all protection activity. Are you
sure you want to proceed?”
5. Click Resume.
A confirmation message appears briefly to indicate the selected SLA Domain has been resumed. After
the message disappears, the Pause Protection button appears on the properties page of the SLA
Domain.
Result
When an SLA Domain is resumed, a message appears in the Activity Log to indicate that protection tasks
for all objects in that SLA Domain have been resumed.
Topic Description
Retention-lock removal A retention-locked SLA Domain cannot have the retention lock disabled.
Limits on field When editing a retention-locked SLA Domain:
modification
• The retention-locked SLA Domain cannot be deleted.
• The local retention period can be increased, but not reduced.
• Once added, replication and archival locations cannot be deleted or
modified.
For archival locations, the retention is governed by the archival threshold
and maximum retention. The retention period can be decreased by
increasing the archival threshold.
• Replication retention can be modified only if the new retention period is
longer than the previous period.
• Instant Archive can be enabled but, once set, cannot be disabled.
• The frequency and retention policies of any SLA Domain rule can be
increased, but not decreased. Decreasing the frequency and retention of
the SLA Domain could prevent future snapshots, thus violating the initial
compliance requirement.
Reports In reports, users can easily sort for objects that have been assigned retention-
locked SLA Domains, because the naming convention indicates whether an SLA
Domain has a retention lock.
Miscellaneous • Removing a VM from a Rubrik cluster and then adding the VM back does not
cause any retention-locked SLA Domain to be removed from the VM, as long
as the linking for the VM is enabled for the vCenter.
• An external NTP clock must be used when the retention lock feature is
enabled. Using the local clock is not allowed.
Related concepts
Examples: Restrictions on modifying retention locked SLA Domains
Frequency = 1 hour, retention Frequency = 1 hour, retention The retention period for any
period = 5 hours period = 6 hours frequency type cannot be
reduced.
Frequency = 1 day, retention Frequency = 1 day, retention
period = 5 days period = 4 days
Frequency = 1 hour, retention Frequency = 1 hour, retention The retention period for any
period = 5 hours period = 6 hours location cannot be reduced.
Frequency = 1 hour, retention Frequency = 1 hour, retention The retention period for any
period = 5 hours period = 6 hours location cannot be reduced.
Frequency = 1 hour, retention Frequency = 1 hour, retention The existing archival or replication
period = 5 hours period = 6 hours location cannot be modified.
Procedure
1. Request Rubrik Support to enable the retention lock feature.
2. Log in to the Rubrik CDM web UI.
Result
After the Rubrik cluster enables a retention-locked SLA Domain, the Retention Lock switch for that SLA
Domain is no longer a switch, and the wording changes to Retention Locked SLA. Hover over the adjacent
information icon for additional information.
Related concepts
Retention Locked SLA Domains
Retention locks on a Rubrik SLA Domain prevent premature deletion of snapshots.
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related reference
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Backup Verification
Backup Verification enables administrators to verify local backups on a Rubrik cluster through the Rubrik
REST API.
Backup Verification validates that the data in the snapshot or backup matches the data on the protected
object. Additionally, the ability to verify backups facilitates compliance with data assurance requirements.
The Rubrik REST API provides an endpoint that can be used in customer-side scripts to automatically
initiate an individual or batch snapshot verification job. As the verification proceeds, the Rubrik cluster
displays the series of events for the verification process in the Activity Log. For those events the Rubrik
cluster uses the Event-Type label:
Diagnostic
Upon completion, the Backup Verification process generates a downloadable CSV file with the results.
The Backup Verification process verifies snapshots and backups that reside on the Rubrik cluster, and does
not verify snapshots and backups on a replication target or an archival location.
The Backup Verification process is asynchronous and does not impact other backup related jobs. The
Rubrik cluster supports only one Backup Verification job per node, at any given time. For the ability to run
more than one process at the same time, contact Rubrik Support.
A single Backup Verification job can verify up to five snapshots of a protectable object at a time. The
snapshots may be on-demand snapshots or policy-based snapshots. The snapshots have to belong to the
same protectable object. For example, the request payload of a Backup Verification API will take up to five
IDs for snapshots of a fileset object. The API will not accept a payload with three IDs for snapshots of a
fileset object and two IDs for snapshots of a Managed Volumes object.
The Backup Verification process can verify backups and snapshots for the following protected object types:
• vSphere virtual machines
• Filesets and volume groups
• Managed Volumes and SLA Managed Volumes
• SQL Server databases
• Oracle databases
• Hyper-V virtual machines
• AHV virtual machines
Context
This topic describes how to obtain an authorization token and enable an authorized session in the Rubrik
REST API playground. A similar process can be used to authenticate a Rubrik REST API session for any
REST API client software or requesting system.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the account name in the upper-right corner and select API Token Manager.
3. On the API Token Manager page, click +.
The Generate API Token window opens.
4. Enter the duration and tag requirements and click Generate.
The Copy API Token window opens.
5. Click Copy.
6. Paste the token in a scratch file.
7. In a web browser, open the Rubrik REST API playground page.
Open https://RubrikCluster/docs/branch/playground/.
Where:
• RubrikCluster is the IPv4 address or resolvable hostname of the Rubrik cluster.
• branch is the name of the branch that has the relevant API. For example: internal, v1, v2, or v3.
8. On the Rubrik REST API playground page, click Authorize.
The Available authorizations dialog box appears.
9. In Value in the Bearer (apiKey) section, type Bearer, a space, and paste the token.
Bearer
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI3NzdhNjMyYy1lOWU5LTQ2Nj
UtYTU1YS02Nm2MDcifQ.gBoPXfCzTB6WMtzRZUtIl-X-hVVtk0N_uizMFoQdfpA
Result
The Rubrik REST API server creates an authorized session. The web browser stores the session key and
automatically adds it to all requests sent during the session.
Related Tasks
Verifying backups using API
Use the Rubrik REST API to verify the backup of a protected object.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Navigate the left-side menu and locate the menu item that identifies the type of the protectable
object.
For example, to obtain the ID for a vSphere virtual machine, click Virtual Machines > vSphere
VMs.
A page appears with a list of objects of the selected type. The page may have multiple tabs for each
sub-type of the protectable object type.
3. Select an object from the list.
Type a string into the search field to search for an object by name, or use the filters at the top of the
list.
The management page for the selected object appears.
4. In the URL of the management page, note the identifier that begins with the string
$object_type:::.
Where, $object_type is the type of the protectable object.
The identifier in the URL is the ID for the object.
For example, the ID for a vSphere virtual machine is of the form:
VirtualMachine:::868aa03d-4145-4cb1-808b-e10c4f7a3741-vm-128843
Result
The ID for a protectable object is available to use with Rubrik REST API endpoints.
Prerequisites
Create an authorized Rubrik REST API session.
Procedure
1. Open https://$RubrikCluster/docs/$branch/playground/.
2. Click the endpoint that represents the protectable object.
For example, to obtain the ID for a fileset object, click /fileset.
The listing expands to show all operations for that endpoint.
3. Open the endpoint listing.
Click GET /$object_type.
Where, $object_type is the type of the protectable object.
The endpoint listing displays a list of parameters.
4. Click Try it out.
The parameters become editable.
5. Click Execute.
The REST API call returns a JSON representation of the protectable object. The data array in the
response body supplies the details for each object.
6. In the data array, use the name element to locate a specific object.
The corresponding id element has the ID for the object. The ID has the form
$object_type:::$uuid.
For example, the ID for a fileset is of the form:
Fileset:::5f928a2d-6e9e-424c-a0bd-ef7188d603e3
7. Optional: To obtain IDs for snapshots of the object, click GET /$object_type/{id}.
Use the object ID obtained in the previous step as the value for the {id} parameter and invoke the API.
The Rubrik REST API server responds with the details of the specified object. The snapshots array
in the response includes a list of snapshot objects. The value of the id element is the ID for the
snapshot.
Result
The ID for a protectable object is available to use with other Rubrik REST API endpoints.
Related Tasks
Authorizing a Rubrik REST API session
Obtain an authorization token and create an authorized session in the Rubrik REST API playground.
Prerequisites
1. Create an authorized Rubrik REST API session. To use the Rubrik REST API playground for this task,
authorize the session on the "v1" API branch.
2. Obtain the ID for a protected object to verify backups.
Procedure
1. Open https://$RubrikCluster/docs/v1/playground/.
2. Click /backup.
The listing expands to show all operations for that endpoint.
3. Click POST /backup/verify.
The endpoint listing displays a list of parameters.
4. Click Try it out.
The JSON object for verification_parameters becomes editable.
5. In verification_parameters, edit the JSON object to include the objectId that corresponds to the
ID of the protected object.
Remove optional attributes that do not apply to the current use case.
For example, the JSON object to verify the latest backup of a Fileset:
{
"objectId": "Fileset:::$fileset-uuid"
}
Include the optional attribute, snapshotIdsOpt, to verify up to five snapshots of the object
identified by the objectId attribute.
For example, the JSON object to verify the snapshots of a Fileset:
{
"objectId": "Fileset:::$fileset-uuid",
"snapshotIdsOpt": [
"$snapshot1_id",
"$snapshot2_id",
"$snapshot3_id",
"$snapshot4_id",
"$snapshot5_id"
]
}
6. Click Execute.
The Backup Verification job starts and the Rubrik REST API server responds
with the job details that include the job ID, status, progress, and the ID for the
node where the object belongs. The Backup Verification job ID has the form
BACKUP_INTEGRITY_VERIFICATION_$backup_verification_uuid. The response also
includes the IDs for all the event series that correspond to the snapshots being verified.
7. Optional: Use the GET /event_series/{id} endpoint to retrieve the details of each snapshot
verification job.
8. The Activity Log displays the status of the Backup Verification process.
Result
The Rubrik cluster generates a CSV file with the results of the Backup Verification process when the
process completes. The event series in the Activity Log includes an icon to download the CSV file.
Next task
Download the CSV file and view the results of the Backup Verification process.
Prerequisites
1. Create an authorized Rubrik REST API session. To use the Rubrik REST API playground for this task,
authorize the session on the "v1" API branch.
2. Start a Backup Verification process and obtain the Backup Verification job ID.
Context
This task describes how to get the status of a Backup Verification process from the Rubrik REST API
playground. Actions similar to those in this topic can be used to perform the same task from any REST API
client software or requesting system.
Procedure
1. Open https://$RubrikCluster/docs/v1/playground/.
2. Click /backup.
The listing expands to show all operations for that endpoint.
3. Click GET /backup/verify/{id}.
The endpoint listing displays a list of parameters.
4. Click Try it out.
The parameters become editable.
5. In id, type the {id} of the Backup Verification job.
Where {id} is the backup verification job ID.
The ID has the form:
BACKUP_INTEGRITY_VERIFICATION_$backup_verification_uuid
Where the portion $backup_verification_uuid is the backup verification job ID.
6. Click Execute to send the request.
Result
The Rubrik REST API server responds with the status of the Backup Verification job, including ID, status,
start time, node ID, and a link to the request. The response also includes the end time and a link to the
CSV file with results, when the job is done.
Replication
The replication feature directs the Rubrik cluster to send replicas of source snapshots or backups to a
target Rubrik cluster and defines the maximum time to keep the replica on each cluster.
When a replication policy is enabled for a local SLA Domain, the remote Rubrik cluster (target Rubrik
cluster) rapidly copies the snapshot and backup data for that SLA Domain from the local Rubrik cluster
(source Rubrik cluster).
A source Rubrik cluster and a target Rubrik cluster use the Transport Layer Security (TLS) protocol to
encrypt all replication data in-flight.
A Rubrik cluster can have multiple target Rubrik clusters. Each SLA Domain on the source can direct
replication to the target that best accomplishes business goals.
A Rubrik cluster can be the target for many source Rubrik clusters.
When issues interfere with the network connection between the source Rubrik cluster and a target Rubrik
cluster, the replication task is retried. The Rubrik cluster retries the task every 30 seconds, with up to 20
retries. This provides the ability to handle up to 10 minutes of network downtime before the task fails.
Important: When constraints, such as limited bandwidth, interfere with the completion of all of the
replication tasks that are specified for an SLA Domain, the Rubrik cluster may skip replication of older
snapshots and backups to ensure that the newest data is successfully replicated. In this scenario the SLA
does not govern the retention policy. Older snapshots that are outside of the local retention policy are
deleted.
Related concepts
Network Throttling
Rubrik CDM provides settings for replication and archiving that can be used to specify the maximum
bandwidth allowed for outbound traffic.
Replication throttling bypass
The Rubrik REST API can be used to bypass the network throttle to provide more bandwidth for
replication.
Note: When private IPv4 addressing is used, this method carries the potential for IP address conflicts
between the source Rubrik cluster and the target Rubrik cluster. To avoid this problem, be sure each
cluster uses different static IPv4 addresses.
Prerequisites
For the source and the target, ensure that the network meets the port requirements described in Ports.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Replication Targets.
The Manage Replication page appears.
4. Click the + icon.
The static address view of the Add Remote Cluster dialog box appears.
5. In Target Cluster IP, type one of the IPv4 addresses of the target Rubrik cluster.
Do not use a floating IP address for the target Rubrik cluster IP.
6. In Target Cluster Username, type the username for an account on the target Rubrik cluster that
has the Admin role.
For Active Directory domain users, the format is domain name followed by username, seperated by a
space.
7. In Target Cluster Password, type the password for the account.
Result
After a successful test, the source Rubrik cluster adds the replication relationship to the Replication
Clusters section of the Manage Replication page. The target Rubrik cluster also adds the replication
relationship to its Manage Replication page.
Requirement Description
Assign ports on the Assign incoming ports on the target gateway specifically for the replication
target gateway processes. Each dedicated “replication” port on the target gateway receives
data packets from the source Rubrik cluster.
A minimum of one “replication” port on the target gateway is required, up to a
maximum of the number of Rubrik nodes on the target Rubrik cluster.
To provide redundancy, Rubrik recommends at least two “replication” ports on
the target gateway.
Port forwarding rules on The target gateway uses port forwarding rules to forward the data packets
the target gateway received on a target gateway “replication” port.
The target gateway forwards the data packets to port 7785 of the associated
private IP address that is assigned to a Rubrik node on the target Rubrik
cluster.
Assign ports on the Assign incoming ports on the source gateway specifically for the replication
source gateway processes. Each dedicated “replication” port on the source gateway receives
data packets from the target Rubrik cluster.
A minimum of one “replication” port on the source gateway is required, up to a
maximum of the number of Rubrik nodes on the source Rubrik cluster.
To provide redundancy, Rubrik recommends at least two “replication” ports on
the source gateway.
Port forwarding rules on The source gateway uses port forwarding rules to forward the data packets
the source gateway received on a source gateway “replication” port.
The source gateway forwards the data packets to port 7785 of the associated
private IP address that is assigned to a Rubrik node on the source Rubrik
cluster.
Prerequisites
For source and target Rubrik clusters, make the gateway ports and port forwarding rules described in NAT
replication requirements available.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Replication Targets.
4. Click the + icon.
The Add Remote Cluster dialog box appears.
5. Select NAT.
The NAT view of the Add Remote Cluster dialog box appears.
6. In Source Gateway IP, type the local IPv4 address of the source gateway device.
Result
After a successful test, the source Rubrik cluster adds the replication relationship to the Replication
Clusters section of the Manage Replication page. The target Rubrik cluster also adds the replication
relationship to its Manage Replication page.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Replication Targets.
The Manage Replication page appears.
4. In the Replication Clusters section, open the ellipsis menu next to the name of the target Rubrik
cluster.
5. Click Delete.
A confirmation message appears.
6. Click OK.
The local Rubrik cluster removes the replication target.
Result
After removing a target, the replicas on that target become unmanaged objects. The replicas must be
manually managed through the Snapshot Management page of the target Rubrik cluster.
Note: The replication policies of SLA Domains assigned to data sources that use Direct Archive do not
apply to snapshots of those data sources. Replication for snapshots that use Direct Archive is not available
because the Rubrik cluster does not store such snapshots in cluster storage.
Locally stored snapshots expire according to the Retention on Brik setting, even when the snapshot was
not successfully replicated.
Related tasks
Configuring replication policy for an SLA Domain
Configure the replication policy for an SLA Domain when creating a custom SLA Domain or when editing
any SLA Domain.
Prerequisites
Configure at least one replication target for the Rubrik cluster. Replication target setup describes how to
create a replication target.
Context
These changes determine how long the Rubrik cluster retains replication snapshots or backups on a target
cluster and which replication snapshots or backups are automatically expired by the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify a replication policy for an SLA Domain:
• For a new custom SLA Domain, click the + icon and configure the other fields on the Create New
SLA Domain dialog box.
Result
The Rubrik cluster adds the replication policy to the SLA Domain and applies it to subsequent snapshots for
protected objects assigned to the SLA Domain.
When Apply to existing snapshots is selected, the Rubrik cluster also applies the archival policy to
existing snapshots of the protected objects.
Related concepts
Custom SLA Domains
Replication start
For any data source, the start of replication depends on adding the replication target to the Rubrik cluster
and adding the replication policy to the associated SLA Domain.
Event Description
Replication target added Snapshots that were created before the replication target was added to the
to the Rubrik cluster Rubrik cluster are not replicated.
Unexpired snapshots created after the replication target is added are
replicated when the replication policy is added to the associated SLA Domain.
Replication policy added Unexpired snapshots for a data source are replicated when a replication policy
to the SLA Domain is added to the associated SLA Domain.
The Rubrik cluster starts by replicating the most recent snapshot from a data
source and works backward in time, replicating the unexpired snapshots of
that data source.
SLA Domains The number of remote SLA Domains that The number of local SLA Domains that
replicate data to the local Rubrik cluster. replicate data to the remote Rubrik cluster.
Objects The number of remote objects that are The number of local objects that are
replicated to the local Rubrik cluster. replicated to the remote Rubrik cluster.
Prerequisites
Configure a replication target Rubrik cluster, as described in Replication target setup.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the top action bar, click the gear icon.
3. Click Replication Targets.
Result
The Manage Replication page appears.
Context
When a Rubrik cluster is a replication target, pausing replication across the cluster can reduce demand on
network bandwidth for the duration of the pause.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the top action bar, click the gear icon.
3. Select Replication Targets.
The Manage Replication page appears.
4. Click the ellipse on the Incoming pane of the Network Utilization for Replication section.
5. Click Pause all replication.
A confirmation dialog box appears.
6. Click Pause all replication.
Result
The cluster cancels all replication jobs that use this cluster as a replication target. The message 'All
replication is paused' appears at the top of the Incoming pane. Other clusters that use this cluster as a
replication source continue to use network bandwidth for those replication jobs.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the top action bar, click the gear icon.
3. Select Replication Targets.
The Manage Replication page appears. The message 'All replication is paused' is visible at the top of
the Incoming pane of the Network Utilization for Replication section.
4. Click the ellipse in the Incoming pane of the Network Utilization for Replication section.
5. Click Resume all replication.
A confirmation dialog box appears.
6. Choose whether to replicate missed snapshots.
Choice Effect
Resume replicating all new snapshots and missed Replication resumes for all snapshots, including
snapshots snapshots that missed replication during the
pause. For lengthy pauses, replicating missed
snapshots can require substantial time and
network bandwidth.
Resume replicating all new snapshots Replication resumes for new snapshots only.
Replication does not include snapshots that
missed replication during the pause or snapshots
taken before the pause.
7. Click Resume all replication.
Context
When a Rubrik cluster is a replication target, pausing replication per location can reduce demand on
network bandwidth for the duration of the pause.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the top action bar, click the gear icon.
3. Select Replication Targets.
The Manage Replication page appears.
4. Click Manage Pause.
Source clusters that do not have replication paused appear on the Active tab. Source clusters with
replication paused appear on the Pause tab.
5. Click Active.
The active replication source clusters appear.
6. Select a replication source.
More than one replication source can be selected.
7. Click Pause.
The Manage Replication Pause dialog box appears.
8. Choose whether to replicate missed snapshots.
Choice Effect
Cancel in-progress replication tasks immediately The replication target immediately cancels in-
progress replication tasks and pauses incoming
replication tasks from the specified source
replication clusters.
Allow in-progress tasks to complete The replication target completes any in-progress
replication jobs then pauses incoming replication
tasks from the specified source replication
clusters.
9. Click Pause Replication.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the top action bar, click the gear icon.
3. Select Replication Targets.
The Manage Replication page appears.
4. Click Manage Pause.
The Manage Replication Pause page appears.
5. Click Pause.
A list of the paused source replication clusters appears.
6. Select a source replication cluster.
More than one source replication cluster can be selected.
7. Click Resume.
The Manage Replication Pause dialog box appears.
8. Choose whether to replicate missed snapshots.
Choice Effect
Resume replicating all new snapshots and missed Replication resumes for all snapshots, including
snapshots snapshots that missed replication during and
before the pause. For lengthy pauses, replicating
missed snapshots can require substantial time
and network bandwidth.
Resume replicating all new snapshots Replication resumes for new snapshots only.
Replication does not include snapshots that
missed replication during the pause and
snapshots taken before the pause.
9. Click Resume Replication.
Result
The target Rubrik cluster resumes replication tasks for the specified source Rubrik clusters.
Procedure
1. Log in to the Rubrik CDM web UI of a selected Rubrik cluster.
2. On the left-side menu, select SLA Domains > Remote Domains.
Result
The Remote SLA Domains page appears.
Procedure
1. Log in to the Rubrik CDM web UI of a selected Rubrik cluster.
Result
The Rubrik cluster provides a list of every remote SLA Domain name that contains the search string.
Procedure
1. Log in to the Rubrik CDM web UI of a selected Rubrik cluster.
2. On the left-side menu, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. On the Remote SLA Domains page, click a remote SLA Domain entry.
Result
The page of the selected remote SLA Domain appears.
Search field Search field that permits a text string search of the names of the
selected type of data source objects that are protected by the
remote SLA Domain.
Name Names of the data source objects of the selected type.
Location Location information for the selected type of data source objects.
Context
To go directly to the page for a remote data source, type the name of the data source in the search box on
the top bar of the Rubrik CDM web UI and select the remote data source from the results list.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. In the Name column, select the name of a remote SLA Domain.
Result
The remote data source page appears.
Color Status
Green All replicas required by SLA Domain policy were successfully created.
Orange All replicas required by SLA Domain policy were successfully created but at least one replica
caused a warning.
Red At least one replica required by SLA Domain replication policy was not successfully created.
View Description
Year The Year view displays replica creation information for an entire year. A color spot indicator
on a specific date indicates replication activity, and displays the compliance status for the
replication policy for that day.
Month The Month view displays replica creation information for an entire month. A color spot
indicator on a specific date indicates replication activity, and displays the compliance status
for the replication policy for that day.
Day On a Snapshot card, the Day view displays the individual replicas that were created on the
selected day.
On a Recovery Points card, the Day view provides access the replicas of the available
snapshots and log backups for the database.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. In the Name column, select the name of a remote SLA Domain.
The page for the selected remote SLA Domain appears.
4. On the data source card, select a data source type.
5. On the data source card, in the Name column, click the name of a data source.
For a file system based data source, the Filesets card appears.
For a virtual machine or a database, the remote data source page appears.
6. (File system data sources only) On the Filesets card, in the Name column, select the name of a fileset.
The remote data source page appears.
7. Select a date.
The Day view appears.
8. Based on the type of data source, perform an available action.
Result
The Rubrik cluster provides access to the replicas of the remote data source.
Prerequisites
To enable downloading replicated snapshots, contact Rubrik Support.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, locate the menu item that identifies the type of the protectable object.
Result
The replicated snapshot is downloaded to the source Rubrik cluster and the exclamation mark on the
snapshot icon disappears.
Archiving
An SLA Domain can include an archival policy that instructs the Rubrik cluster to copy protected data to
an archival location. The archival policy specifies the archival location to use, how soon after a backup the
data is copied, and how long the data is retained.
The Rubrik cluster supports the following archival location types:
• Amazon S3
• Google Cloud Platform
• Azure
• Object Store
• NFS
• Tape
Cloud-based archival locations use the following terms to identify a logical unit of storage:
• bucket – Amazon S3 and Google Cloud Platform
• container – Microsoft Azure
A specific bucket can only be used by one Rubrik cluster. When a bucket is assigned to a Rubrik cluster, the
Rubrik cluster places restrictive permissions on the bucket that prevent other Rubrik clusters from using
the bucket. This action protects the data that is written to the bucket.
Multiple archival locations and types can be added to a Rubrik cluster. The archival policy of an SLA Domain
can only specify one archival location but each SLA Domain can specify a different archival location.
Archival policy
An archival policy defines how long to retain data within the local Rubrik cluster before moving the data to
an archival account for long term storage. Archival policy is optional for an SLA Domain.
When available, the Rubrik cluster uses an encrypted connection to transfer data to an archival location.
The Rubrik cluster deduplicates, compresses, and, when supported by the archival location, encrypts all
data that is stored at the archival location.
Related tasks
Changing archival policy
Configure the archival policy for an SLA Domain when creating a custom SLA Domain or when editing an
SLA Domain, and enable Instant Archive.
Prerequisites
Configure an archival location for the local Rubrik cluster, as described in Archival location configuration.
Result
The Rubrik cluster adds the archival policy to the SLA Domain and applies it to subsequent snapshots for
protected objects assigned to the SLA Domain.
When Apply to existing snapshots is selected, the Rubrik cluster also applies the archival policy to
existing snapshots of the protected objects.
Related tasks
Editing an SLA Domain
Edit an existing local SLA Domain to change the specified data protection.
Creating a custom SLA Domain
Create a custom SLA Domain with policies that meet specific SLA requirements.
Instant Archive
The Instant Archive feature can be enabled to instruct the Rubrik cluster to immediately queue a task to
copy a new snapshot to a specified archival location.
When an SLA Domain has the Instant Archive feature enabled, the Rubrik cluster queues a task to copy a
snapshot to the associated archival location as soon as the snapshot is processed.
Instant Archive does not change the amount of time that a snapshot is retained locally on the Rubrik
cluster. The most recent snapshot is always preserved locally for protected data sources. The Retention On
Brik setting determines how long a snapshot is kept on the Rubrik cluster. However, if the local copy is the
most recent snapshot it is retained (at minimum) until a new subsequent snapshot is taken. This retention
policy takes precedence over the brik retention setting.
Reserve enough space on the Rubrik cluster to retain at least one full snapshot for each protected
object, to store any additional incremental snapshots based on the assigned SLA Domains, and to run
consolidation and reverse operation tasks.
Instant Archive is not supported for tape archival locations.
Instant Tiering
The Instant Tiering feature can be enabled to instruct the Rubrik cluster to immediately send snapshots to
cold storage.
Instant Tiering is a two-step process. First, snapshots are uploaded to the default tier. Then the snapshots
are moved to less-expensive cold storage for Azure or AWS.
Instant Tiering is enabled for new snapshots by selecting the following options:
• Archive Access Tier Only as the tiering option for Azure.
• Glacier Storage Class Only or Glacier Deep Archive Storage Class Only as the tiering option for AWS.
Optionally, Instant Tiering can be applied to existing snapshots through the Tier existing snapshots
selection. The existing snapshots group includes on-demand, custom retention, and policy-based
snapshots.
Archival workflow
Archiving data to an archival location follows a standard workflow. As one of the steps in that workflow,
the Rubrik cluster determines whether to upload an incremental or full copy of the archival snapshot.
The following steps describe the typical sequence of tasks that a Rubrik cluster performs to satisfy the
archival policy of an SLA Domain.
1. Based on the archival policy initiate an archival task.
2. Determine the most recent existing archival snapshot from the data source.
When Azure Instant Tiering is enabled, archival snapshots have specific characteristics.
• A snapshot can consist of a chain of no more that 40 incremental snapshots. When the chain of
incremental snapshots reaches 40, the Rubrik cluster initiates a full upload of the protected object and
reduces the incremental snapshot chain.
• The Rubrik cluster performs a full snapshot of a protected object when the last archived snapshot was
in Azure Archive Tier and Instant Tiering is not enabled.
The Archival Consolidation feature is available for NFS, Amazon S3 compatible, AWS S3, and Azure archival
locations. If archival consolidation is enabled, the following logic determines when a snapshot uses a full
upload.
• The minimum duration between two full uploads is 14 days.
• If the current snapshot chain length of unexpired snapshots exceeds the default length of 60, a full
upload is used.
The Archival Consolidation feature is available for NFS, Amazon S3 compatible, AWS S3, and Azure archival
locations. If archival consolidation is disabled, the following logic determines when a snapshot uses a full
upload.
• The minimum duration between two full uploads is 14 days.
• If the current snapshot chain length of expired or unexpired snapshots exceeds the default length of
60, a full upload is used.
Snapshot chains cannot exceed an absolute limit of 120. Rubrik uploads a full backup when the chain
length exceeds this limit.
Note: Rubrik Support can change the chain limits from these defaults.
Field Description
Name Reference name for the archival location, which appears at the top of the archival
location card. The Rubrik cluster uses a default generated name unless a custom
name is configured.
Location The type of archival location, followed by an identifier. The identifier value
type:identifier matches the location parameter that was set when the archival location was
created. The format for each location type is shown below:
• S3:S3_bucket_name
• Azure:Azure_container_name
• GCP:GCP_bucket_name
• NFS:host_name
• QStar:host_name
Status Current status of the archival location. The status is one of the following:
• Read/Write – Available for archival read and write operations.
• Read Only – Available for read operations only.
• Paused – New archive operations cannot be performed until the archival
location is set to resume operations.
• Disabled – New archive operations, as well as any background operations that
change data, cannot be performed until the archival location is enabled.
Additional information • Disconnected – The Rubrik cluster does not recognize the archival location,
probably because of a network connectivity issue or invalid credentials.
• Last Refreshed – (Applies to Read Only archival locations only) The time the
archival location was last refreshed.
Available Space (Applies to NFS archival locations only) Total amount of space available in the NFS
directory.
Data Archived Total amount of data currently archived on the archival location. This amount
changes as new snapshots are archived and old snapshots are deleted.
Data Downloaded Running total of data downloaded from the archival location over the last 30 days.
SLA Domain frequency Lock period must exceed SLA Lock period cannot exceed SLA
Domain retention by at least Domain retention by more than
Hourly 15 days minus the archival 30 days minus the archival
threshold threshold
Daily 60 days minus the archival 90 days minus the archival
threshold threshold
Weekly 365 days minus the archival 420 days minus the archival
threshold threshold
Monthly 365 days minus the archival 730 days minus the archival
threshold threshold
Quarterly 365 days minus the archival 1095 days minus the archival
threshold threshold
Yearly 365 days minus the archival 1095 days minus the archival
threshold threshold
This example assumes that a protectable object is assigned an SLA Domain that retains 30 daily snapshots
and 12 monthly snapshots, with an archival threshold of 31 days and a retention period of 100 days.
Snapshots are sent to the immutable archival location after 31 days on the Rubrik cluster storage and
expire at the archival location after 69 days, for a total retention of 100 days. The immutable archival
location stores the monthly snapshots.
The retention lock period must exceed the SLA Domain retention by the difference between the retention
(100 days) and the archival threshold (31 days), which is 69 days. The possible immutability lock periods
range from 434 days (365 days plus 69) to 799 days (730 days plus 69).
Storage class
The storage class can be edited after the archival location is added. The Rubrik cluster applies the new
storage class to data that is archived after a change.
An Amazon S3 archival location can be configured to use one of the following storage classes:
• Standard
• Standard-Infrequent Access
Multipart uploads
Incomplete partial uploads to Amazon S3 count towards the total storage used by an account.
Amazon S3 does not automatically expire multipart uploads when a failure occurs. Amazon S3 abandons
failed multipart uploads in an incomplete state. Abandoned uploads can consume more storage than
expected.
To avoid unnecessary storage costs, institute an Amazon S3 bucket life cycle policy that removes
incomplete multipart uploads 30 days after the failed upload. Follow the instructions in AWS documentation
for incomplete multipart uploads and configure a bucket life cycle policy on the Amazon S3 bucket that is
used for Rubrik CDM archival data.
Prerequisites
Complete the tasks described in Generating an RSA key and Prepare to use Amazon S3 as an archival
location. Save the following information, which is available from the AWS management console:
• Access key ID
• Secret key
• Bucket name
• KMS master key
• VPC ID
• Subnet ID
• Security Group ID
Context
Provide the Rubrik cluster with Amazon S3 keys and connection information, including the VPC ID, the
subnet ID, and the Security Group ID.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Select Archival Locations.
The Archival Locations page appears.
4. Click +.
The Add Archival Location dialog box appears.
5. In Archive Type, select Amazon S3.
The Amazon S3 archival location fields appear.
6. In Region, select an Amazon S3 region for the bucket.
7. Select a storage class.
• One Zone - Infrequent Access
• Standard
• Standard - Infrequent Access
8. In AWS Access Key, paste an access key ID.
Result
The Rubrik cluster tests the keys and connection information. After a successful test, the Rubrik cluster
stores the configuration.
Related tasks
Managing consolidation for Amazon S3
Enable or disable snapshot consolidation for an Amazon S3 archival location.
Prerequisites
Log in to the AWS management console and change the access key ID and secret key assigned to
the Rubrik cluster. Download the .csv file that contains the new access key ID and secret key, so the
information will be available to copy into the Rubrik CDM web UI.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
Result
The Rubrik cluster stores the updated key information.
Glacier Deep Archive The Glacier Deep Archive Storage Class Only option specifies snapshots are first
Storage Class Only uploaded to the default storage class and then immediately tiered to the Glacier
Deep Archive storage class. If this option is selected, metadata files are stored in
the default storage class.
The Glacier Deep Archive Storage Class Only option does not apply to existing
snapshots.
Note: The Glacier Storage Class Only and Glacier Deep Archive Storage Class Only options do not support
Direct Archive workloads.
Prerequisites
Configure an archival location for the local Rubrik cluster, as described in Archival location configuration.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Create a new SLA Domain or edit an existing SLA Domain.
Result
The SLA Domain uses AWS tiering.
Related tasks
Editing an SLA Domain
Edit an existing local SLA Domain to change the specified data protection.
Creating a custom SLA Domain
Create a custom SLA Domain with policies that meet specific SLA requirements.
Note: Rubrik CDM does not support immutable object storage. Rubrik recommends against using
versioning because it can significantly increase storage usage and costs.
Bucket Bucket created for use as Rubrik The bucket name must meet
archival target. Google naming conventions.
See the GCP documentation for
bucket name requirements.
The bucket name cannot be
edited after initial configuration.
If the specified bucket name
already exists, the existing bucket
is used. If the bucket name
does not exist, a new bucket is
created.
Because the lifecycle rule controls
the movement of data to Coldline
storage, no additional SLA-based
configuration is required to
ensure the Rubrik cluster data
moves to Coldline storage.
Encryption Password and Re- Password to use for encrypting This field cannot be edited after
Enter Encryption Password data before sending to Google initial configuration.
Cloud Platform. Disaster recovery
The Encryption Password cannot
cannot be performed without this
be recovered from the Rubrik
password.
cluster after configuring the
archival locations. It is the
responsibility of the user to keep
this password safe for future
reference.
Archival Location Name Descriptive name for the archival This field can be edited after
location. By default this is initial configuration.
configured as"GCP:BucketName".
This field can be edited to any
name.
Service Account JSON Key Private JSON key for the service Copy and past the contents
account. of this file. This information is
required for the Rubrik archival
configuration.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click +.
The Add Archival Location dialog box appears.
5. In Archive Type, select Google Cloud Platform.
The Add Archival Location dialog box changes to show the Google Cloud Platform fields.
6. In Region, select a region type for the archived data.
Location Description
Regional locations Data is stored in one bucket in a single
geographic location within the specified region.
Multi-regional locations Data is geo-redundant and data is stored in
multiple geographic locations.
The Rubrik cluster creates a bucket with the appropriate Storage Class. Standard uses Regional or
Multi-regional storage class based on the region selection. Durable Reduced Availability is a legacy
Storage class that is superseded by Regional class.
7. In Storage Class, choose the class for determining costs for storage, data retrieval, and operations.
Result
The archival location can now be assigned to SLA Domains.
Related reference
Google Cloud Platform as an Archival Target
Adding a Google Cloud Platform archival location is similar to adding other types of archival locations.
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Microsoft Azure
Rubrik CDM supports Microsoft Azure as an archival location.
Archival locations that use Microsoft Azure cloud storage can use standard storage or immutable storage
depending on the use case.
Related concepts
Microsoft Azure archival locations with immutable storage
Immutable blob storage enables the unalterable preservation of protected data objects.
A protectable object is assigned an SLA Domain that takes monthly snapshots with a two-year retention,
kept in mutable storage and with a snapshot chain limit of 60 snapshots. The snapshot chain limit is the
number of incremental snapshots that build on a given full backup snapshot. The Rubrik cluster takes a
new full backup snapshot after reaching the snapshot chain limit.
Monthly snapshots and the snapshot chain limit of 60 result in a snapshot chain that spans five years of
activity. Expired snapshots remain available and are not subject to deletion, garbage collection, or space
reclamation until all of the snapshots in the chain expire. As a result, a retention time of two years and a
five-year snapshot chain length means that the oldest snapshot in the chain is seven years old when the
entire chain expires.
With immutable storage and a snapshot chain limit of 60, the immutability lock period must be seven
years to preserve the earliest snapshot for the entire period. The immutability lock on the Azure
container preserves the last snapshot in the chain, taken at the end of the fifth year, for the length of
the immutability lock period, which is seven years. This results in an unalterable 12 year period of data
retention and associated charges.
Setting a shorter immutability lock period lowers the chain limits, which results in more frequent full
uploads. Reducing the SLA Domain retention to two years results in a snapshot chain limit of 12 and an
immutability lock period of three years for monthly snapshot chains.
Related concepts
Archival Consolidation
Archival Consolidation frees archival storage by deleting expired snapshots.
SLA Domain frequency Lock period must exceed SLA Lock period cannot exceed SLA
Domain retention by at least Domain retention by more than
Hourly 15 days minus the archival 30 days minus the archival
threshold threshold
Daily 60 days minus the archival 90 days minus the archival
threshold threshold
Weekly 365 days minus the archival 420 days minus the archival
threshold threshold
Monthly 365 days minus the archival 730 days minus the archival
threshold threshold
Quarterly 365 days minus the archival 1095 days minus the archival
threshold threshold
Yearly 365 days minus the archival 1095 days minus the archival
threshold threshold
This example assumes that a protectable object is assigned an SLA Domain that retains 30 daily snapshots
and 12 monthly snapshots, with an archival threshold of 31 days and a retention period of 100 days.
Snapshots are sent to the immutable archival location after 31 days on the Rubrik cluster storage and
expire at the archival location after 69 days, for a total retention of 100 days. The immutable archival
location stores the monthly snapshots.
The retention lock period must exceed the SLA Domain retention by the difference between the retention
(100 days) and the archival threshold (31 days), which is 69 days. The possible immutability lock periods
range from 434 days (365 days plus 69) to 799 days (730 days plus 69).
Prerequisites
• Plan archival usage to meet the data storage requirements for any single container and storage
account, as defined in Azure subscription and service limits, quotas, and constraints.
• Refer to the Archive preparation in Azure topic to set up an Azure storage account to begin archiving
data from the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click +.
The Add Archival Location dialog box appears.
5. In Archive Type, select Azure.
The Add Archival Location dialog box changes to show the Azure fields.
6. In Storage Account Name, type the name of a Microsoft Azure account.
7. In Access Key, type the access key for the Microsoft Azure account.
8. In Container, type the name to be assigned to the container.
Container names must meet the following requirements:
• Three to 63 characters in length.
• Can only contain lowercase letters, numbers, and hyphens.
• Hyphens must be preceded and followed by a non-hyphen character.
9. In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
10. In Instance Type, choose the Cloud Platform type of this archival location.
Instance Type Description
Azure Default All regions except: China, India, and Azure
Government.
Azure Government US Gov Iowa and US Gov Virginia.
Azure China China North and China East.
Result
The Rubrik cluster stores the information.
Next task
Configure additional Microsoft Azure settings through the Azure portal.
Related concepts
Microsoft Azure archival locations with immutable storage
Immutable blob storage enables the unalterable preservation of protected data objects.
Related tasks
Managing consolidation for Azure
Enable or disable snapshot consolidation for an Azure archival location.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Related information
Azure subscription and service limits, quotas, and constraints
Prerequisites
Change the account key assigned to the Microsoft Azure account being used by the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu and click Edit
The Edit Archival Location dialog box appears.
5. Optional: In Storage Account Name, type a new account name.
6. In Access Key, type the new access key.
7. In Archival Location Name, type a new display name for the archival location.
8. Optional: Click Advanced Settings.
The advanced settings allow you to configure consolidation or proxy settings.
The Advanced Settings dialog box appears.
Result
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
To configure additional Microsoft Azure settings, use the Azure portal.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Azure tiering
Rubrik CDM supports Microsoft Azure tiering options.
Microsoft Azure implements storage tiers based on varying storage cost, access, and retention
requirements. The storage tiers are Hot, Cool, and Archive.
Note: Refer to the Microsoft Azure documentation for detailed information on tiering options and pricing.
Smart Tiering The Smart Tiering option specifies data is first archived to the default access
tier, and then moved to the archive access tier at a later date based on the SLA
parameters. Smart Tiering requires a General Purpose v2 account. If this option is
selected, metadata files are stored in the default access tier.
Note: The Archive Access Tier Only option does not support Direct Archive workloads. Smart tiering
should be used instead to send Direct Archive workloads to the archive access tier.
Prerequisites
Configure an archival location for the local Rubrik cluster, as described in Archival location configuration
and configure the Cloud Compute Setting for Azure CloudOn, as described in Azure CloudOn configuration
and setup.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select SLA Domains > Local Domains.
The Local SLA Domains page appears.
3. Complete one of the following to add or modify an archival policy for an SLA Domain:
• For a new custom SLA Domain, click the + icon and configure the other fields on the Create New
SLA Domain dialog box.
• For an existing SLA Domain, on the Local SLA Domains page, select the SLA Domain. The
properties page for the selected SLA Domain appears. Open the ellipsis menu and click Edit.
4. Complete the Service Level Agreement for the SLA Domain.
5. Click Next.
The second page of the Create SLA Domain dialog box appears.
6. In Archiving, enable the archiving toggle.
7. In the archival location field, select a configured Azure archival location.
8. Optional: Select Enable Instant Archive to instruct the Rubrik cluster to immediately queue a task
to copy a new snapshot to the archival location.
9. In Azure Tiering select an option.
• Default Access Tier Only (default selection)
• Archive Access Tier Only (enables Instant Tiering)
• Smart Tiering (if selected, specify duration in days)
10. Optional: Select Tier existing snapshots to instantly tier existing snapshots for protected objects.
11. Complete any other changes.
12. Click Create or Edit.
The Rubrik cluster adds the archival policy to the SLA Domain and applies it to the existing snapshots
and the new snapshots for data sources assigned to the SLA Domain.
Result
The SLA Domain uses Azure tiering.
Related tasks
Creating a custom SLA Domain
Note: The Rubrik CDM Compatibility Matrix contains the most up-to-date list of supported object storage
system vendor choices.
Prerequisites
• For Scality object storage, complete the tasks described in Preparing Scality as an archival location.
• For all object storage systems, generate an RSA key for the Rubrik cluster to use when encrypting the
archival data, as described in Generating an RSA key.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click +.
The Add Archival Location dialog box appears.
5. In Archive Type, select Object Store.
The Add Archival Location dialog box shows the object storage system fields.
6. Choose an object store vendor.
• S3 Compatible (StorageGRID, Cloudian, IBM COS, or other compatible object storage)
• Scality
Note: When the provided credentials do not have bucket creation permissions, use the object storage
system management console to manually create the required buckets before completing this task.
11. In Number of Buckets, type the number of buckets assigned to the Rubrik cluster.
Type an integer value that is greater than or equal to one.
12. In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
13. In RSA Key, paste the RSA key.
The Rubrik cluster uses the RSA key to encrypt the archived data. Disaster recovery cannot be
performed without the RSA key.
14. Optional: Select Enable Archive Consolidation.
15. Optional: Select Use System Proxy.
If the archival location does not need to be accessed via a system-configured proxy server, leave the
box unchecked. This allows the network traffic to flow directly to the archival location, whether a
system proxy is configured or not.
16. Click Add.
Result
The Rubrik cluster tests the keys and connection information and, after a successful test, stores the keys
and connection information.
Editing the object storage system access key and secret key
Provide more security for the archived data by regularly changing the access key and secret key for the
object storage system. Also, when necessary, edit the display name.
Prerequisites
On the object storage system, change the access key and secret key assigned to the Rubrik cluster.
Result
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
NFS share
The Rubrik cluster supports using an NFS share, or an EMC Isilon NFS share, as an archival location.
Prerequisites
Complete the following preparation tasks:
• For an NFS share other than an EMC Isilon NFS share, complete the tasks described in Preparing to use
an NFS share as an archival location.
• For an NFS share from an EMC Isilon, complete the tasks described in Preparing an Isilon NFS share as
an archival location.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click +.
The Add Archival Location dialog box appears.
5. In Archive Type, select NFS.
The Add Archival Location dialog box changes to show the NFS fields
6. In Host Name, type the resolvable hostname or IP address of the NFS share host.
7. In Export Directory, type the absolute path of the export directory configured in /etc/exports on
the NFS share host, or in the Isilon OneFS UI.
/export/RubrikArchive
The folder specified in the next step must be empty, or only contain files that were written by the
Rubrik cluster. Any other data in the folder will be overwritten by archival data.
Result
The Rubrik cluster tests the connection information and, after a successful test, stores the connection
information.
Related concepts
Archival data security
The Rubrik cluster encrypts archival data before transmitting the data to any of the supported archival
location types.
Context
Use the edit task to modify the settings of an existing NFS archival location. Do not use the task to add a
new NFS share as an archival location.
To add a new NFS share as an archival location, complete the tasks described in Adding an NFS archival
location. Adding a new archival location causes the Rubrik cluster to move the existing archival location to
READ-ONLY status and retain read access to the data.
Do not edit the connection information for an NFS archival location to point to a new export. This will
cause data corruption and data unavailability.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Optional: In Host Name, type the new resolvable hostname or IP address of the NFS share host.
Result
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
Note: More than one archival location can map to the same Integral Volume using different folders. These
archival locations share the same cache and the same underlying storage media. Mapping multiple archival
locations to the same Integral Volume can affect data isolation, performance, and maintenance.
A QStar server may host up to four Integral Volumes to provide data isolation and better concurrency in
archiving and restore operations with multiple archival locations. The tape library and the server must
Note: The QStar tape archive option does not support direct archive workloads.
Related concepts
Prepare a QStar Integral Volume as an archival location
Prepare a QStar Integral Volume set to use as a tape archival location.
Prerequisites
Complete the tasks described in Prepare a QStar Integral Volume as an archival location.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Click +.
The Add Archival Location dialog box appears.
5. In Archive Type, select Tape.
The Add Archival Location dialog box changes to show the tape fields.
6. In QStar Host Name, type the hostname of the host of the QStar Archive Manager instance.
The value can optionally include a port designation:
hostname:port
• hostname is the resolvable hostname or IPv4 address of the host.
• port is the incoming port that the QStar Archive Manager instance listens on.
7. In QStar Integral Volume Name, type the name of the Integral Volume set.
8. In Destination Folder Name, type a name for the folder to use for the archival location.
The combination of the three fields: QStar Host Name, QStar Integral Volume Name, and Destination
Folder Name must be unique. After clicking Add, the Rubrik cluster checks the location to ensure that
it is not in use as an archival location.
If the location is in use, the add archival location task fails and a message appears in the Activity Log.
9. In Archival Location Name, type a display name for the archival location.
Alternatively, accept the generated name that is displayed in the field.
10. In QStar User Name, type the name for a user account.
The specified user account must have permission to mount an Integral Volume set from an external
system and to perform read and write operations on the mounted Integral Volume set.
11. In QStar Password, type the password for the user account.
12. In Encryption Password, type a complex password.
The Rubrik cluster uses the password to encrypt the archival data.
13. In Re-Enter Encryption Password, type the same password.
14. Click Add.
Result
The Rubrik cluster attempts to mount the Integral Volume set and examines the path specified by the
Destination Folder Name.
If the mount fails or the path is unavailable the job to add the archival location fails and the Rubrik cluster
adds a message to the Activity Log. If both tasks are successful the Rubrik cluster stores the information
and makes the archival location available for use.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Optional: In QStar Host Name, type the new hostname value of the QStar Archive Manager
instance.
6. Optional: In Archival Location Name, type a new display name for the archival location.
7. Optional: In QStar User Name, type the name for a new user account.
8. Required: (When password changes) In QStar Password, type the new password.
9. Click Update.
Result
The Rubrik cluster tests the updated information and, after a successful test, stores the updated
information.
Archival Consolidation
Archival Consolidation frees archival storage by deleting expired snapshots.
Enable Archival Consolidation in Rubrik CDM to merge the expired set of snapshots with the next live
snapshot. Archival Consolidation reduces storage requirements and reduces the snapshot chain length.
With reduced snapshot chain length, only the first snapshot requires a full snapshot and the subsequent
snapshots use incremental-forever snapshots.
Archival Consolidation has the following characteristics:
• NFS, Amazon S3, S3 Compatible Object Stores, and Azure archives support Archival Consolidation.
Context
When consolidation for Amazon S3 is enabled, the snapshot consolidation runs in the AWS cloud using the
cloud compute resources.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
4. On the card for an existing Amazon S3 archival location, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Click Advanced Settings.
6. Select Enable Archive Consolidation.
7. Click Save.
8. Click Update in the Edit Archival Location window.
Result
The Rubrik cluster modifies the configuration of an Amazon S3 archival location to enable or disable
snapshot consolidation.
Related concepts
Prepare to use Amazon S3 as an archival location
Prepare to use Amazon S3 object storage as an archival location.
Related tasks
Configuring AWS CloudOn using the CloudFormation template
Use the CloudOn CloudFormation template to configure CloudOn for AWS.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Context
When consolidation for Azure is enabled, the snapshot consolidation runs in the Azure cloud using the
cloud compute resources.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the card for an existing Azure archival location, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Click Advanced Settings.
6. Select Enable Archive Consolidation.
Result
The Rubrik cluster modifies the configuration of an Azure location to enable or disable snapshot
consolidation.
Related tasks
Adding Microsoft Azure as an archival location
Configure a Rubrik cluster to use Microsoft Azure as the archival location.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Context
When consolidation for an NFS archival location is enabled, the snapshot consolidation runs on the Rubrik
cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the card for an existing NFS archival location, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Select Enable Archive Consolidation.
6. Click Update.
Result
The Rubrik cluster modifies the configuration of the NFS archival location to enable or disable snapshot
consolidation.
Context
When consolidation for object storage is enabled, the snapshot consolidation runs on the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the card for an existing object storage archival location, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Select Enable Archive Consolidation.
Result
The Rubrik cluster modifies the configuration of an object storage archival location to enable or disable
snapshot consolidation.
Cascading Archival
Cascading Archival replicates data from a source Rubrik cluster to a target Rubrik cluster and then archives
the data from the target Rubrik cluster.
Cascading Archival combines the ability to replicate data from a remote site to a central site and then move
the replicated data to an archival location.
The maximum retention setting on the source Rubrik cluster also determines the maximum retention
of replicated data on the target Rubrik cluster and in the Cascading Archival location. Shortening the
maximum retention of the source SLA Domain will expire data sooner on the source Rubrik cluster, the
target Rubrik cluster, and in the archival location. For an extreme example, setting the maximum retention
on the source Rubrik cluster to 0 will expire the data immediately on the source Rubrik cluster, the target
Rubrik cluster, and the archival location.
The initial configuration in this example shows an acceptable configuration for Cascading Archival.
SLA on source Rubrik cluster:
• Take snapshots every 1 day for 100 days
• Local retention (on Retention on Brik setting) for 48 days
• Replication retention for 100 days
• SLA on target (after enabling cascaded archival)
• Archive to cloud location after 48 days
• The data would be stored as follows:
• 0 to 48 days – old data resides on source Rubrik cluster
• 0 to 48 days – old data resides on target Rubrik cluster
• 48 days to 100 days – data resides on the archival location
• Changes to the configuration on the source Rubrik cluster, as shown in the following example could lead
to data being expired on the target Rubrik cluster and on the archival location.
• SLA is modified on the orignal Rubrik cluster
• On the source Rubrik cluster, a user modifies the retention setting on the target Rubrik cluster for
the assigned SLA Domain to reduce it to 48 days.
• The new settings become:
• Take snapshots every 1 day and retain for 100 days
• Local retention (on Retention on Brik setting) for 48 days
However, on the target Rubrik cluster the settings remain the same:
• Local retention for 48 days
• Archive to cloud location after 48 days
• When the change is propagated to the target Rubrik cluster, archival to the cloud is disabled.
Importantly, all the data on the archival location that is older than 48 days is immediately expired and
deleted.
Procedure
From the source Rubrik cluster, complete the following steps.
1. From the Rubrik CDM web UI, select SLA Domains > Local Domains.
2. Click the + icon.
The Create SLA Domain dialog box appears.
3. Specify the SLA Domain Name.
4. Specify the SLA settings for the Rubrik cluster.
5. Click Next.
6. Enable the Replication toggle.
7. Specify the target Rubrik cluster from the drop-down list.
8. Use the slider bar to specify how long data is kept locally on the target Rubrik cluster.
9. Click Next.
The Summary page of the SLA Domain wizard appears.
Result
The archival policy is configured.
Note: Archival location proxies must be forward proxies. Rubrik CDM does not support reverse proxies for
archival location.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the card for S3 archival location, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Click Advanced Settings.
6. From Archival Proxy Settings, configure:
• Protocol
• Proxy Server (IP or FQDN)
• Port Number
• Username
Result
The Rubrik cluster saves the archive location proxy settings.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the card for Azure archival location, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Click Advanced Settings.
6. From Archival Proxy Settings, configure:
• Protocol
• Proxy Server (IP or FQDN)
• Port Number
• Username
• Password
7. Click Save.
8. From Compute Proxy Settings, configure:
• Protocol
• Proxy Server (IP or FQDN)
• Port Number
• Username
• Password
9. Click Save.
Result
The archive location proxy settings are saved.
Related reference
Advanced settings
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar and click Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archive Type, select an archive type.
Each archive type has unique parameters.
6. Fill in the parameters.
If you retrieve only object metadata, you must also refresh reader location objects to see the available
points in time on each object for which to retrieve metadata.
7. Optional: Click Advanced Settings.
The advanced settings allow you to configure consolidation and proxy settings.
Result
The Rubrik cluster connects to the reader archival location. The connection time depends on how many
objects and snapshots are present at the target archival location, as specified in Retrieval Method.
A gray border on the dialog box indicates the cluster is in read-only mode. A rolling bar indicates the
cluster is recovering metadata from the archival location.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Context
Since the contents of the archival target can be changed by the owner cluster, the recovery view of the
reader cluster can be inconsistent with the actual contents of the archival location. The refresh operation
takes a current view of the contents of the archival target and populates the reader cluster with that
information. Use this operation to synchronize the reader cluster with the latest content.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Select a reader archival location.
5. Open the ellipsis menu on the page bar and click Refresh.
Result
The Rubrik cluster starts the refresh process.
Prerequisites
Verify that the current owner cluster does not have access to the archival location.
Important: Promoting a reader cluster to owner while another cluster is actively accessing the archival
location as the owner can result in inconsistent data and potential data integrity issues.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Select a reader archival location to promote.
5. Open the ellipsis menu on the page bar and click Promote to Owner.
The Promote to Owner dialog box appears.
6. In The owner cluster has not modified the archival location since the last refresh select an
action based on the state of changes to the archival location.
Action Description
Select Select the field when the owner cluster has not
made changes to the archival location since the
last refresh. This skips synchronization between
the current owner cluster and the archival
location before the promotion.
Clear Clear the field when the owner cluster has made
changes to the archival location since the last
refresh. This forces synchronization between the
current owner cluster and the archival location
before the promotion.
7. Click Promote.
Result
The reader cluster assumes the owner role.
Context
Pausing suspends archival activity but does not change the status of the owner cluster. For a paused
archival location, some background jobs which may change the contents of the archival location and
expiration of snapshots will continue to be scheduled.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
Result
Jobs in progress are canceled, if possible. Jobs that cannot be canceled are allowed to complete before the
pause takes effect. When the archival location is paused, the information card moves to the bottom of the
display.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card, open the ellipsis menu and click
Resume Archival.
The Resume Archiving dialog box appears.
5. Click Resume.
Result
The Rubrik cluster resumes archival activity for the archival location.
Prerequisites
• Choose a Rubrik cluster to use as the recovery cluster.
• Obtain the access key ID and the secret key used by the owner Rubrik cluster for the S3 archival
location.
• Obtain the KMS master key ID or the RSA key used by the owner Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar and click Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archive Type, select Amazon S3.
6. In Region, select an Amazon S3 region for the bucket.
7. In Storage Class, select the Amazon S3 Storage Class.
8. In AWS Access Key, paste the access key ID.
9. In AWS Secret Key, paste the associated secret key.
10. In AWS Bucket Name, type the name of the Amazon S3 bucket of the owner Rubrik cluster.
11. In Archival Location Name, select Amazon S3 location name.
12. In Retrieval Tier, select the Amazon retrieval tier.
• Standard
• Expedited
• Bulk
13. Select an encryption type.
• KMS Master Key ID
• RSA Key
14. (KMS master key only) In KMS Master Key ID, paste the KMS master key ID that was used to
encrypt the archival data on the owner Rubrik cluster.
15. (RSA key only) In RSA Key, paste the RSA key that was used to encrypt the archival data on the
owner Rubrik cluster.
16. Choose the retrieval method.
• Object List Only (Faster)
Retrieves a list of protected objects.
• Object List and Snapshot Details
Result
The selected Rubrik cluster connects to the archival location for read-only access and provides access to
disaster recovery.
The recovery Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information. A gray border on the dialog box indicates the cluster is in read-only
mode. A rolling bar indicates the cluster is recovering metadata from the archival location.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Prerequisites
• Choose a Rubrik cluster to use as the recovery cluster.
• Obtain the access key ID and the secret key used by the owner Rubrik cluster for the Glacier archival
location.
• Obtain the encryption password used by the owner Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar and click Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archive Type, select Glacier.
6. In Region, select an Amazon Glacier region for the archive.
7. In Access Key, type the access key for the Amazon Glacier account.
8. In Secret Key, type the secret key for the Amazon Glacier account.
9. In Glacier Vault Name, type the name of the Glacier Vault to use for the archive. If the vault does
not exist, it will be created.
10. In Archival Location Name, accept the default name or type a new name for the archival location.
11. In Encryption Password, type the encryption password to recover the Glacier archive. This
password must match the encryption password from the owner cluster.
12. In Retrieval Tier, select the Amazon Glacier retrieval tier.
Result
The selected Rubrik cluster connects to the archival location for read-only access and provides access to
disaster recovery.
The recovery Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information. A gray border on the dialog box indicates the cluster is in read-only
mode. A rolling bar indicates the cluster is recovering metadata from the archival location.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Prerequisites
• Choose a Rubrik cluster to use as the recovery cluster.
• Obtain the access key ID and the secret key used by the owner Rubrik cluster for the Google Cloud
Platform archival location.
• Obtain the encryption password used by the owner Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar and click Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archive Type, select Google Cloud Platform.
6. In Region, select the Regional or Multi-regional location to host the archival data.
7. In Storage Class, select the specified storage class.
8. In Bucket, enter the bucket name.
9. In Encryption Password, type the encryption password to recover the Google Cloud Platform
archive. This password must match the encryption password from the owner cluster.
10. In Re-Enter Encryption Password, type the encryption password to recover the Google Cloud
Platform archive.
Result
The selected Rubrik cluster connects to the archival location for read-only access and provides access to
disaster recovery.
The recovery Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information. A gray border on the dialog box indicates the cluster is in read-only
mode. A rolling bar indicates the cluster is recovering metadata from the archival location.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Prerequisites
• Choose a Rubrik cluster to use as the recovery cluster.
• Obtain the account name and the account key used by the owner Rubrik cluster for the Azure archival
location.
• Obtain the container name used by the owner Rubrik cluster
• Obtain the RSA key used by the owner Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar and click Connect as Reader.
The Connect as Reader dialog box appears.
5. In Archive Type, select Azure.
6. In Storage Account Name, type the name of the Microsoft Azure account.
Result
The selected Rubrik cluster connects to the archival location for read-only access and provides access to
disaster recovery.
The recovery Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information. A gray border on the dialog box indicates the cluster is in read-only
mode. A rolling bar indicates the cluster is recovering metadata from the archival location.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Related reference
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Prerequisites
• Choose a Rubrik cluster to use as the recovery cluster.
• Determine the type of object storage system used by the owner Rubrik cluster.
• Obtain the access key and the secret key used by the owner Rubrik cluster for the object storage.
• Obtain the hostname or IP address of the object storage system endpoint.
• Obtain the bucket prefix used by the owner Rubrik cluster.
• Obtain the RSA key that was used to encrypt the archival data on the owner Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
Result
The selected Rubrik cluster connects to the object storage system for read-only access and provides access
to disaster recovery.
The recovery Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information. A gray border on the dialog box indicates the cluster is in read-only
mode. A rolling bar indicates the cluster is recovering metadata from the object storage system.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Prerequisites
• Choose a Rubrik cluster to use as the recovery cluster.
• Obtain the hostname of the NFS share host.
• Obtain the export directory configured in /etc/exports on the NFS share host, or in the Isilon OneFS
UI.
• Obtain the name of the target folder beneath the NFS mount point.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. Open the ellipsis menu on the page bar and click Connect as Reader.
The Connect as Reader dialog box appears.
Result
The selected Rubrik cluster connects to the archival location for read-only access and provides access to
disaster recovery.
The recovery Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information. A gray border on the dialog box indicates the cluster is in read-only
mode. A rolling bar indicates the cluster is recovering metadata from the archival location.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Prerequisites
• Choose a Rubrik cluster to use as the recovery cluster.
• Obtain the values used on the owner Rubrik cluster for QStar Host Name, QStar Integral Volume Name,
Destination Folder Name, and Encryption Password.
• Obtain the username and password for an account that has permission to mount the specified Integral
Volume set from an external system and to perform read and write operations on the mounted Integral
Volume set.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon.
The Settings menu appears.
3. Click Archival Locations.
The Archival Locations page appears.
Result
The selected Rubrik cluster connects to the archival location for read-only access and provides access to
disaster recovery.
The recovery Rubrik cluster tests the keys and connection information and, after a successful test, stores
the keys and connection information. A gray border on the dialog box indicates the cluster is in read-only
mode. A rolling bar indicates the cluster is recovering metadata from the archival location.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Procedure
1. Connect another Rubrik cluster as a reader cluster of the archival location.
2. Recover the archived metadata from the archive target to the reader cluster.
3. Once the metadata recovery is complete, use the reader cluster to download snapshots from the
archival target.
4. After the initial metadata recovery by the reader cluster, use the owner cluster to upload new
snapshots.
The reader cluster will not display the new snapshots until a metadata refresh occurs.
Note: The refresh operation can be a lengthy operation, since the entire archival location must be
scanned for metadata files.
Result
The selected reader cluster displays the new snapshots, confirming the test for disaster recovery.
Advanced settings
Information on advanced settings for Amazon S3, Google Cloud Platform, and Azure archival locations.
Amazon S3
Vendor Notes
Amazon Web • In the AWS Console, move older objects in the S3-Standard Storage Class to S3-
Services Infrequent Access Storage Class.
• Rubrik cluster does not support Lifecycle management to Glacier.
• When a snapshot is transitioned from S3-Standard Storage Class to S3-Infrequent
Access Storage Class, keep the snapshot in the S3-Infrequent Access Storage Class
for a minimum of 30 days to avoid early deletion charges as defined in your SLA
Domain retention policy.
Microsoft Azure • Through Azure, move older objects from the Hot storage tier to the Cool storage
Blob Storage tier.
• Rubrik cluster does not support Lifecycle management to the Archival storage tier.
Google Cloud • Through GCP, move older objects to Nearline or Coldline storage.
Storage • When a snapshot is transitioned to Nearline or Coldline storage, keep the snapshot
in the Nearline storage for a minimum of 30 days or Coldline storage for a
minimum of 90 days to avoid early deletion charges as defined in your SLA Domain
retention policy.
Context
Expired data stored at a deleted archival location cannot be retrieved by the Rubrik cluster. To meet SLA
Domain requirements, wait until the retention periods have expired for any data that is stored in a paused
archival location.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Locations.
The Archival Locations page appears.
4. On the Archival Locations page, on the archival location card of a paused archival location, open the
ellipsis menu.
For paused archival locations, the web UI displays ‘Paused’ in the status section of the archival location
card.
5. Select Delete.
A warning appears.
6. Click Delete.
Result
The Rubrik cluster expires all associated data at the archival location and removes the archival location
from the Rubrik CDM web UI.
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
The Rubrik Backup Service (RBS) software can be downloaded directly from the Rubrik cluster each time
the software is needed or the software can be downloaded once and pushed to hosts as needed. Providing
software directly from the Rubrik cluster enables the Rubrik cluster and a hosted deployment of the Rubrik
Backup Service to reliably authenticate to each other.
Rubrik provides automatic upgrade of the RBS software as part of a general upgrade of the Rubrik CDM
version. After upgrading the Rubrik CDM version, the Rubrik cluster automatically upgrades the RBS
software at the next backup of a protected resource. After a Rubrik cluster is upgraded to Rubrik CDM
version 7.0.1 or newer, it automatically updates the Rubrik Backup Service (RBS) package on up to 50
Linux, Solaris, or AIX hosts that it protects. The update includes the entire RBS package of binaries,
configuration files, and scripts. The maximum number of supported hosts that will receive automatic
package upgrades for RBS is 50 for each supported host type. When a Rubrik cluster protects more than
50 Linux, Solaris, or AIX hosts, complete the task described in Enabling automatic package upgrade for
RBS for AIX, Linux, and Solaris hosts to increase the number of supported hosts that can be automatically
updated.
RBS software provided by a Rubrik cluster running Rubrik CDM version 5.3.1 or newer can register the host
with multiple Rubrik clusters, with one primary Rubrik cluster. Upgrading a Rubrik cluster to run Rubrik
CDM version 5.3.1 or newer does not enable hosts running versions of RBS installed from Rubrik clusters
running older versions of Rubrik CDM to register with multiple Rubrik clusters. Enabling such hosts to
register with multiple Rubrik clusters requires the installation of a version of the RBS software provided by
a Rubrik cluster running Rubrik CDM version 5.3.1 or newer.
The Rubrik cluster that provides the download for the RBS software package installed to the host is the
initial primary Rubrik cluster for that host. Primary Rubrik clusters provide the following functionality that is
not available for secondary Rubrik clusters:
• Communication and backup activity is restricted to the primary Rubrik cluster.
• Secondary Rubrik clusters do not receive updates on host information or status.
Only Rubrik clusters that replicate to or from the primary Rubrik cluster can register as secondary Rubrik
clusters. RBS instances that connect through Envoy virtual machines or that are running on SCVMM cannot
register with multiple Rubrik clusters. Multi-cluster RBS is not supported for replicated Rubrik clusters
configured as Archival Readers.
For Hyper-V without SCVMM, the Rubrik cluster uses the same Rubrik Backup Service software that is used
for Windows file system protection.
For failover Rubrik clusters, the connector should be installed on all hosts and each host should be added
to Rubrik individually.
Download and install of RBS for Hyper-V hosts with SCVMM requires separate tasks. For SCVMM use the
tasks described in:
• Downloading RBS for SCVMM hosts
• Installing RBS on an SCVMM host
• Removing RBS from a Windows host
Related Concepts
Rubrik Backup Service account on Windows
The Rubrik Backup Service must run as an account that has local Administrators group privileges on the
Windows Server host.
SQL Server roles and permissions for RBS
To provide SQL Server protection, assign specific roles and permissions to the account used for Rubrik
Backup Service. For some use cases, assign the SQL Server sysadmin role to the account used for Rubrik
Backup Service.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Installing RBS on Linux and Unix hosts
Install the Rubrik Backup Service software on Linux and Unix hosts.
Installing RBS on Windows
Install the Rubrik Backup Service software on a computer or virtual machine that is running the Windows
Server operating system.
Automatically deploying RBS
A Rubrik cluster can install and register the Rubrik Backup Service on a supported Windows guest at the
next scheduled or on-demand backup of that Windows guest.
Registering a guest OS install of RBS
After installing the Rubrik Backup Service software on a virtual machine guest OS, register the Rubrik
Backup Service with a Rubrik cluster.
Downloading RBS for SCVMM hosts
Obtain the Rubrik Backup Service software for System Center Virtual Machine Manager hosts from the web
UI of a Rubrik cluster.
Installing RBS on an SCVMM host
Install the Rubrik Backup Service software on an SCVMM host.
Removing RBS from a Linux or Unix host
The Rubrik Backup Service can be removed by using standard package manager commands.
Removing RBS from a Solaris host
Remove the Rubrik Backup Service from a Solaris host.
Removing RBS from a Windows host
Remove the Rubrik Backup Service from a Windows host.
Removing RBS from SAP HANA
Procedure
1. Log in to the Rubrik CDM web UI.
2. Select a host operating system from Servers & Apps.
• Linux & Unix Hosts
• Windows Hosts
The server page for the selected operating system opens. The page includes a button for adding
hosts: Add Windows Hosts for Windows servers or Add Hosts for all other servers.
3. Click the button.
The Add Hosts dialog box appears.
4. Make a choice based on the host operating system.
Option Description
rpm Supported Linux distributions that use the RPM
package manager.
deb Supported Linux distributions that use the Debian
package manager.
AIX AIX 6.1, 7.1, 7.2
Solaris SPARC 10u11+, SPARK 11.1 SRU 14.5+ or I386:
10, 11.1, 11.2, 11.3
Rubrik Backup Service Supported Windows distributions.
A browser-specific dialog box appears to enable saving the package file.
5. Save the file to a temporary location.
Result
The Rubrik CDM web UI downloads the Rubrik Backup Service software.
Next task
Install the Rubrik Backup Service software on the hosts.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Rubrik Backup Service account on Windows
The Rubrik Backup Service must run as an account that has local Administrators group privileges on the
Windows Server host.
Related Tasks
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Installing RBS on Linux and Unix hosts
Install the Rubrik Backup Service software on Linux and Unix hosts.
Installing RBS on Windows
Context
The Rubrik Backup Service software can be used only with the Rubrik cluster from which it is obtained.
Procedure
1. Open a web browser.
2. Enter the download URL.
Use the URL that is appropriate for the host operating system:
• https://RubrikCluster/connector/rubrik-agent.x86_64.rpm
• https://RubrikCluster/connector/rubrik-agent.x86_64.deb
• https://RubrikCluster/connector/rubrik-agent-aix6.1.pcc.rpm
• https://RubrikCluster/connector/rubrik-agent-solaris.sparc.tar.gz
• https://RubrikCluster/connector/rubrik-agent-solaris.i386.tar.gz
• https://RubrikCluster/connector/RubrikBackupService.zip
where RubrikCluster is the resolvable hostname or IP address of the Rubrik cluster.
A browser-specific dialog box appears to enable saving the package file.
3. Save the file to a temporary location.
Result
The Rubrik Backup Service software is downloaded.
Next task
Install the Rubrik Backup Service software.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Rubrik Backup Service account on Windows
The Rubrik Backup Service must run as an account that has local Administrators group privileges on the
Windows Server host.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Installing RBS on Linux and Unix hosts
Install the Rubrik Backup Service software on Linux and Unix hosts.
Installing RBS on Windows
Related Tasks
Registering a guest OS install of RBS
After installing the Rubrik Backup Service software on a virtual machine guest OS, register the Rubrik
Backup Service with a Rubrik cluster.
Prerequisites
Context
This task describes how to install RBS from the command line. RBS can also be push installed on multiple
hosts using automation software such as Puppet or Chef.
Procedure
1. Open a terminal session on the host.
2. Change the working directory to the location of the RBS software package.
3. Use sudo to run the package manager command that is appropriate for the Linux distribution.
If sudo access is unavailable, log in as root to run the package manager command.
• sudo rpm -i rubrik-agent.x86_64.rpm
• sudo dpkg -i rubrik-agent.x86_64.deb
• sudo rpm -ivh rubrik-agent-aix6.1.pcc.rpm
• tar -xvf rubrik-agent-solaris.sparc.tar
cd rubrik-agent-version-sparc/
./install-rubrik
Result
The package manager installs RBS on the Linux host.
An Agent UUID is created for the Rubrik Backup Service during installation. The Agent UUID uniquely
identifies the host as the owner of backups and links it to a snapshot chain once backups are initiated.
Next task
Add the hosts that are running RBS to the Rubrik cluster.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Removing RBS from a Linux or Unix host
The Rubrik Backup Service can be removed by using standard package manager commands.
Removing RBS from a Solaris host
Remove the Rubrik Backup Service from a Solaris host.
Related reference
RBS management commands
Prerequisites
Context
This task describes how to manually install RBS on Windows. For a virtual machine running Windows, RBS
can alternatively be automatically installed, as described in Automatically deploying RBS.
Procedure
1. Log in to the Windows operating system.
Use an account that has local Administrators group privileges.
2. Extract the contents of the ZIP file containing the RBS software to a temporary location.
The ZIP file contains the Windows installer package (RubrikBackupService.msi) and the security
certificate that is used for authentication and encryption of all communication with the Rubrik cluster
(backup-agent.crt).
The Windows installer package and the security certificate must be in the same folder on the Windows
Server host during installation of the software.
3. Double-click RubrikBackupService.msi and follow the on-screen instructions.
Result
The Windows installer package installs the RBS software.
An Agent UUID is created for the Rubrik Backup Service during installation. The Agent UUID uniquely
identifies the host as the owner of backups and links it to a snapshot chain once backups are initiated.
Next task
Add computers that have RBS to the Rubrik cluster.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Rubrik Backup Service account on Windows
The Rubrik Backup Service must run as an account that has local Administrators group privileges on the
Windows Server host.
SQL Server roles and permissions for RBS
To provide SQL Server protection, assign specific roles and permissions to the account used for Rubrik
Backup Service. For some use cases, assign the SQL Server sysadmin role to the account used for Rubrik
Backup Service.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Automatically deploying RBS
A Rubrik cluster can install and register the Rubrik Backup Service on a supported Windows guest at the
next scheduled or on-demand backup of that Windows guest.
Registering a guest OS install of RBS
After installing the Rubrik Backup Service software on a virtual machine guest OS, register the Rubrik
Backup Service with a Rubrik cluster.
Downloading RBS for SCVMM hosts
To prevent RBS from reading data within database tables, assign the role db_denydatareader.
Important: Do not assign db_denydatareader to RBS for the master database or the msdb database.
Assign the sysadmin role to RBS to allow automatic discovery and protection of new databases without
database administrator interaction. Assign the sysadmin role to RBS to enable protection when using the
Virtual Device Interface (VDI) API.
The following examples show the assignment of some of the required roles and permissions in Microsoft
SQL Server Management Studio. Also shown is the assignment of the ‘VIEW SERVER STATE’ and ‘ALTER
ANY DATABASE’ permissions, which are required for the account used by the Rubrik Backup Service.
Context
After successfully installing the Rubrik Backup Service (RBS) on the Windows guest, all subsequent
snapshots of the Windows guest use RBS to enable the Rubrik cluster to use the Windows Volume Shadow
copy Service (VSS).
Procedure
1. Disable the Windows ‘Admin Approval Mode’ setting on each Windows guest.
Refer to Microsoft documentation for information on how to disable the Admin Approval Mode setting.
2. Log in to the Rubrik CDM web UI using the admin account.
3. Click the gear icon.
4. Click Guest OS Settings.
The Guest OS Settings page opens, with the Guest OS Credentials tab selected.
Result
The Rubrik cluster stores the credential information. For each qualifying Windows guest, the Rubrik cluster
installs and registers RBS on the Windows guest the next time a policy-based or on-demand snapshot is
initiated.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Rubrik Backup Service account on Windows
The Rubrik Backup Service must run as an account that has local Administrators group privileges on the
Windows Server host.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Installing RBS on Windows
Install the Rubrik Backup Service software on a computer or virtual machine that is running the Windows
Server operating system.
Automatically deploying RBS
A Rubrik cluster can install and register the Rubrik Backup Service on a supported Windows guest at the
next scheduled or on-demand backup of that Windows guest.
Registering a guest OS install of RBS
After installing the Rubrik Backup Service software on a virtual machine guest OS, register the Rubrik
Backup Service with a Rubrik cluster.
Downloading RBS for SCVMM hosts
Obtain the Rubrik Backup Service software for System Center Virtual Machine Manager hosts from the web
UI of a Rubrik cluster.
Installing RBS on an SCVMM host
Install the Rubrik Backup Service software on an SCVMM host.
Removing RBS from a Windows host
Remove the Rubrik Backup Service from a Windows host.
Removing RBS from SAP HANA
Option Description
vSphere and AHV VMs 1. Click Virtual Machines.
2. Click AHV VMs or vSphere VMs.
View the agent status in the RBS Status column. The following table provides information about RBS
status.
Hyper-V (Hosts and Clusters) • Connected – A connection is established between the Rubrik
cluster and RBS.
• Disconnected – A connection is broken between the Rubrik
cluster and RBS.
• Partially Connected – Not all hosts or VMs of the cluster are
connected with the Rubrik cluster.
Oracle DB, and SQL Server • Connected – A connection is established between the Rubrik
cluster and RBS.
• Disconnected – A connection is broken between the Rubrik
cluster and RBS.
Linux, UNIX, and Windows Hosts • Connected – Agent is connected to the virtual machine.
• Disconnected – Agent is disconnected from the virtual machine.
Select an option from the Filter RBS Status drop-down menu to view the agents with that status. The
status for the protected objects are:
Note: Removing the original host from the Rubrik web UI will cause all existing backups to become relics.
This will not void restore options but may not be optimal.
Related Tasks
Reconnecting a host and retaining existing backups on reinstallation
Reconnect a Windows or Linux host after reinstallation, update the certificate, and link existing backups to
the host.
Context
When a new host certificate and agent UUID is generated on RBS reinstallation, the Rubrik cluster will
not identify the host. Hence, the host will appear to be disconnected in the web UI and backups will fail
Note: Do not remove the original host from the Rubrik web UI. This will cause all existing backups to
become relics. This will not void restore options but may not be optimal.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Select a host operating system from Servers & Apps.
• Linux & Unix Hosts
• Windows Hosts
The server page for the selected operating system opens, displaying a button for adding hosts: Add
Windows Hosts for Windows servers or Add Hosts for all other servers.
3. Click the button.
The Add Hosts dialog box appears.
4. Enter the hostname/IP address and click Add.
The status changes to Connected.
5. If the connection displays a Disconnected status at this point, complete the next steps to provide an
updated host certificate.
6. Navigate to the server page for the selected operating system and select the host.
7. Click on the ellipsis menu on the top right and click Edit.
The Edit Host window opens.
8. Turn on the Update Certificate toggle.
9. Click Update.
Result
The status changes to Connected.
Related Concepts
Reinstallation of RBS on the host
When RBS is reinstalled on the host, this could generate a new host certificate and agent UUID, and as a
result, the Rubrik cluster will not identify the host.
Context
When a duplicate host is created, it will have RBS installed with the same agent identity (UUID). Adding
the new host to the same Rubrik cluster as the parent host will fail, displaying an error message about
conflicting identities.
Procedure
1. Open a terminal session on the host.
2. Use the following command to stop RBS on the host:
$ sudo service rubrikagents stop
3. Use this command to move the file that stores the agent ID to a temporary folder:
sudo mv /etc/rubrik/conf/uuid /tmp/uuid
4. Use this command to start the agent:
Result
The Rubrik cluster is now connected to RBS on a cloned Linux or Unix host.
Context
When a duplicate host is created, it will have RBS installed with the same agent identity. Adding the new
host to the same Rubrik cluster as the parent host will fail, displaying an error message about conflicting
identities.
Procedure
1. Log in to the Windows operating system.
Use an account that has local Administrators group privileges.
2. Stop the Rubrik Backup Service. The agent can be stopped from the Windows Services list.
3. Move the agent ID from the following location to a temporary location:
HKEY_LOCAL_MACHINE\SOFTWARE\Rubrik Inc.\Backup Service
The agent ID will be placed inside a set of brackets with the file name Backup Agent ID. For
example: {c0c3d441-f3de-4b50-a703-b614b8eb1e6f}.
4. Start the Rubrik Backup Agent Service.
The agent can be started from the Windows Services list.
This should generate a new agent UUID.
5. Log in to the Rubrik CDM web UI.
6. From Servers & Apps, select Windows Hosts.
The server page for the selected operating system opens, displaying a button for adding hosts.
7. Click Add Hosts.
The Add Hosts dialog box appears.
8. Enter the hostname/IP address and click Add.
The RBS status shows as Connected.
9. Remove the agent ID from the temporary location where it had been stored.
Result
The RBS status should display as Connected.
Prerequisites
1. Install the RBS software on the guest OS.
2. Modify firewall rules on the guest host to open ports 12800 and 12801 for communication with RBS.
Context
Registering RBS on the guest allows a Rubrik cluster to manage data on the guest.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines and then click the label for
the type of hypervisor that supports the virtual machine.
• vSphere VMs
• AHV VMs
• Hyper-V VMs
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Register Rubrik Backup Service.
The Register Rubrik Backup Service modal appears.
4. Click Register.
Result
The Rubrik cluster establishes an authenticated and secure connection with RBS on the specified virtual
machine.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Rubrik Backup Service account on Windows
The Rubrik Backup Service must run as an account that has local Administrators group privileges on the
Windows Server host.
RBS firewall rules
The firewall on the host must allow communication with the ports used by the Rubrik Backup Service.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Installing RBS on Linux and Unix hosts
Install the Rubrik Backup Service software on Linux and Unix hosts.
Installing RBS on Windows
Install the Rubrik Backup Service software on a computer or virtual machine that is running the Windows
Server operating system.
Automatically deploying RBS
Procedure
1. Log in to the Rubrik CDM web UI for a Rubrik cluster registered as a secondary cluster for a host.
2. Choose a host type.
• vSphere virtual machines
• Linux or UNIX hosts
• Windows hosts
The main page for the selected host type appears, listing the hosts of that type that are registered
with the Rubrik cluster.
3. Select a host with the Rubrik Backup Service (RBS) status Connected as Secondary.
Enter a string in the Search by name field to filter by the string. Filters for fileset name, SLA Domain,
and RBS status are at the top right of the list.
4. From the ellipsis menu, select Make Primary.
Result
The Rubrik cluster becomes the primary RBS cluster for the selected host.
Context
When SCVMM servers are already available, this task is not needed.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click SCVMM Servers.
4. Click Add SCVMM Servers.
The Add SCVMM Server dialog box appears.
5. Click the Rubrik Backup Service link in the first sentence.
The RubrikBackupServiceForScvmm.zip file downloads.
Result
The Rubrik CDM web UI downloads the Rubrik Backup Service software for SCVMM hosts.
Prerequisites
Download the RubrikBackupServiceForScvmm.zip file as described in Downloading RBS for SCVMM
hosts.
Procedure
1. Copy RubrikBackupServiceForScvmm.zip to a temporary directory on the Windows host.
2. Extract the files from the ZIP file.
The ZIP file contains four files:
• RubrikBackupService.msi, a Windows Installer Package.
• backup-agent.crt, a security certificate for the Rubrik Backup Service.
• scvmm_deploy_agent.crt, the Rubrik service that installs the Rubrik backup software agent on
hosts associated with SCVMM.
• ScvmmReadMe.txt, a readme file for installation of the Rubrik backup software agent on the
SCVMM host.
When installing the Rubrik Backup Service software, the security certificate file must be in the same
folder as the Windows Installer Package.
3. Login with a user account that has local Administrators group privileges.
4. Run the Windows Installer Package, RubrikBackupService.msi.
The Windows Installer Package installs the Rubrik Backup Service software and incorporates the
security certificate into the installation.
5. Create a folder named RubrikBackupService.cr on a host that can access the virtual machine
manager console.
6. Copy the .msi, .crt, and .cmd files to the RubrikBackup.cr folder.
7. Open the SCVMM console.
8. Navigate to Library > Library Servers > MSSCVMMLibrary > ApplicationFrameworks.
9. Right-click on ApplicationFrameworks and select Explore.
10. Copy the RubrikBackupService.msi folder and paste it into ApplicationFrameworks.
11. Right-click on ApplicationFrameworks and select Refresh.
12. Confirm RubrikBackupService.msi is listed as a custom resource.
Result
The Rubrik Backup Service software is installed on the SCVMM host.
Procedure
1. Open the Service pane.
2. Scroll to the Rubrik listing.
3. View the status of Rubrik RBS in the Status column.
RBS should have a status of Running. Any other status indicates that RBS is not functioning as
required on that Windows system.
Result
The Windows system displays the Rubrik Backup Service status.
Procedure
1. Open a terminal session on the host.
2. Use sudo to run the package manager command that is appropriate for the Linux or AIX distribution
and downloaded package type.
If sudo access is unavailable, log in as root to run the package manager command.
• sudo rpm -e rubrik-agent
• sudo dpkg -P rubrik-agent
Result
The package manager removes RBS. Removing RBS from a host also removes the connection between the
host and the Rubrik cluster. The Rubrik cluster designates any retained backups or snapshots as relics.
Next task
Use the Snapshot Management page to manually manage these relics, as described in Retention
management.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Installing RBS on Linux and Unix hosts
Install the Rubrik Backup Service software on Linux and Unix hosts.
Procedure
1. Log in to the Solaris host.
2. Using sudo, run the package remove command.
Result
The pkgrm command removes RBS from the Solaris host. Removing RBS from a host also removes the
connection between the host and the Rubrik cluster. The Rubrik cluster designates any retained backups or
snapshots as relics.
Next task
Use the Snapshot Management page to manually manage the relics, as described in Retention
management.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Installing RBS on Linux and Unix hosts
Install the Rubrik Backup Service software on Linux and Unix hosts.
Procedure
1. Log in to the Windows host using an account with local administrator privileges.
2. Right-click the Windows logo key and select Run.
The Run dialog box appears.
3. Type appwiz.cpl, and click OK.
The Windows Uninstall dialog box appears.
4. Right-click Rubrik Backup Service.
5. Click Uninstall/Change.
6. Follow the prompts.
Next task
Use the Snapshot Management page to manually manage the relics, as described in Retention
management.
Related Concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Rubrik Backup Service account on Windows
The Rubrik Backup Service must run as an account that has local Administrators group privileges on the
Windows Server host.
Related Tasks
Downloading the RBS software
Obtain the Rubrik Backup Service software from the web UI of a Rubrik cluster.
Obtaining the RBS software by URL
Obtain the Rubrik Backup Service software directly by URL instead of through the web UI.
Installing RBS on Windows
Install the Rubrik Backup Service software on a computer or virtual machine that is running the Windows
Server operating system.
Procedure
1. Run sap_hana_bootstrap_main from the /usr/bin/rubrik/sap_hana directory.
2. Type the password for the System DB user and press Enter.
3. The Port number of System database (for example, 30113) prompt appears.
4. Type the port for the System database and press Enter.
5. The Enter HANA SID prompt appears.
6. Type the HANA SID, a three character ID, and press Enter.
The Enter Rubrik prefix prompt appears.
7. Type the Rubrik prefix and press Enter.
Use the same Rubrik Prefix that was specified when running sap_hana_bootstrap_main. The
Rubrik prefix or SAP HANA SID, is an ID that is unique for all SAP HANA instances on a Rubrik cluster.
This value is used to distinguish Managed Volumes on a Rubrik cluster when there are multiple SAP
HANA instances with the same SID and which contain databases with the same names.
A series of prompts appears.
8. At the prompt, press 3 to select Uninstall Rubrik (Press 3).
Result
The package manager removes the Rubrik Backup Service software from the SAP HANA database.
Context
After a Rubrik cluster is upgraded to Rubrik CDM version 7.0.1 or newer, it automatically updates the
Rubrik Backup Service (RBS) package on up to 50 Linux, Solaris, or AIX hosts that it protects. The update
includes the entire RBS package of binaries, configuration files, and scripts. The maximum number of
supported hosts that will receive automatic package upgrades for RBS is 50 for each supported host type.
When a Rubrik cluster protects more than 50 Linux, Solaris, or AIX hosts, complete this task to increase
the number of hosts that can be automatically updated.
Procedure
1. As admin, open a SSH session on the Rubrik cluster.
2. Run a Rubrik tool configuration update command.
At the prompt, type:
The integer value 2147483647 is the maximum number of supported host types that can be
automatically updated.
3. Optional: To confirm the change, run the following Rubrik tool command.
At the prompt, type:
The tool displays the current value for the maximum number of supported hosts that will receive
automatic RBS updates.
Result
All supported hosts protected by the Rubrik cluster will now receive automatic RBS updates when the
cluster is upgraded.
A Rubrik cluster provides data management and protection for virtual machines that are deployed in
a Microsoft Hyper-V environment. The Rubrik cluster can manage and protect virtual machines in an
environment with multiple Hyper-V servers and virtual machines.
Rubrik invokes the Windows Management Instrumentation (WMI) APIs to communicate with the hypervisor
directly for a first full and forever incremental set of backups via Resilient Change Tracking (RCT). Data is
ingested over the SMB protocol to the Rubrik cluster in a secure manner. There is no requirement to have
SCVMM installed in your environment.
SLA policies can be applied anywhere in the hierarchy stack: the SCVMM host, the cluster, host, or virtual
machine levels. The Rubrik cluster provides a variety of methods to recover virtual machines and to restore
protected data. Recover virtual machines and restore data by using local snapshots, replicas, and archived
snapshots.
Rubrik supports any Hyper-V based Windows or Linux virtual machines using the Rubrik Backup Service.
The Rubrik Backup Service is a connector that self manages after initial deployment.
Hyper-V host refers to a Windows Server with the Hyper-V role installed.
Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA Domain
assigned to a parent object.
Rubrik clusters support three Hyper-V hierarchies for protection:
• Hyper-V SCVMM > Hyper-V Cluster > Hyper-V Clustered Hosts > Hyper-V virtual machines on Clustered
Hosts
• Hyper-V Cluster > Hyper-V Clustered Hosts > Hyper-V virtual machines on Clustered Hosts
• Hyper-V Standalone Host > Hyper-V virtual machines on standalone host
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
Prerequisites
Obtain and install the Rubrik Backup Service software on each host being added.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > Hyper-V VMs.
The VMs tab of the Hyper-V VMs page appears.
3. Click Add Windows Hosts.
The Add Windows Hosts dialog box appears.
Result
The Rubrik cluster checks connectivity with the specified hosts and adds the hosts.
Context
Protect a set of virtual machines by assigning the selected set to an SLA Domain. Assigning virtual
machines to an SLA Domain protects the virtual machines by applying the data protection policies of the
SLA Domain.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected.
Note: To go directly to the page for a single virtual machine, type the name of the virtual machine
in the search box on the top bar of the Rubrik CDM web UI and select the virtual machine from the
results list.
Result
The Rubrik cluster assigns the selection group to the SLA Domain.
Related concepts
Finding protection objects
The Rubrik CDM web UI provides several tools for finding protection objects.
Related reference
Manage Protection options
Select virtualization hierarchy entities and click Manage Protection to view the Manage Protection dialog
box for the selected entities. The Manage Protection dialog box provides several options for the selected
entities.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper V-VMs.
The Hyper-V VMs page appears, with the VMs tab selected.
3. Select Hosts and Clusters.
The Hosts and Cluster tab appears.
4. Select a Hyper-V host or cluster.
Select multiple objects to apply the setting to more than one object in the hosts hierarchy.
5. Click Manage Protection.
The Manage Protection dialog box appears.
6. Select an SLA Domain.
7. Click Next.
The Review Impact of the Manage Protection dialog box appears.
8. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
9. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand snapshots. The summary information
describes the effect of the changes on existing, new, on-demand, and downloaded snapshots.
10. Click Submit.
The automatic protection rules determine the application of the selected setting to virtual machines
contained by the selected objects.
Result
The Rubrik cluster applies the selected setting to the selected objects and resolves conflicts as specified.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper-V VMs.
The Virtual Machines page appears, with the VMs tab selected.
3. Select a virtual machine.
Select multiple virtual machines to remove the individual setting of every virtual machine in the
selection group.
4. To help find virtual machines, use the filters, sort the entries by column heading, or use the search
field. Finding protection objects describes these tools.
5. Click Manage Protection.
A dialog box with one or more warnings may appear.
The Manage Protection dialog box appears.
6. Choose one of the following options.
Option Description
Inherit The SLA Domain is assigned based on
inheritance rules.
Do Not Protect The virtual machine is excluded from all further
SLA Domain assignments.
Choose the retention policy for the existing
snapshots:
• Preserve retention from previous SLA
• Keep forever
This is the default choice.
• Expire immediately
Result
The Rubrik cluster removes the individual assignments for the selected group. Each virtual machine in the
selection group derives a protection setting based on the automatic protection rules.
Related concepts
Retention policy for existing snapshots
Procedure
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
3. Click the Filter SLA drop-down menu.
4. On the Filter SLA drop-down menu, select a filter.
• All Unprotected – Displays all unprotected virtual machines, both No SLA and Do Not Protect.
• No SLA – Displays virtual machines that have not inherited an SLA Domain setting.
• Do Not Protect – Displays virtual machines that have inherited the Do Not Protect setting, or
have Do Not Protect individually assigned.
• All Protected– Displays virtual machines that have been associated with defined SLAs.
Result
The Rubrik CDM web UI displays the virtual machines that belong to the selected protection state.
Procedure
1. Open the web UI to the main Dashboard.
Result
The Hyper-V VMs page opens, with the VMs tab selected, and filters the view to show All Unprotected
virtual machines
Procedure
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
3. Click the Filter SLA drop-down menu.
4. On the Filter SLA drop-down menu, select one of the following filters:
• All Unprotected – Displays all unprotected virtual machines, both No SLA and Do Not Protect.
• No SLA – Displays virtual machines that have not inherited an SLA Domain setting.
• Do Not Protect – Displays virtual machines that have inherited the Do Not Protect setting, or
have Do Not Protect individually assigned.
• All Protected – Displays virtual machines that have been associated with defined SLAs.
Result
The Rubrik CDM web UI displays the virtual machines that belong to the selected protection state.
Procedure
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
3. Click the Filter SLA drop-down menu.
4. On the Filter SLA drop-down menu, select one of the named SLA Domains, or select a protection
state:
• No SLA
• Do Not Protect
Result
The web UI displays the virtual machines that belong to the selected SLA Domain or to the selected
protection state.
Procedure
1. Log in to the Rubrik web UI.
2. In the Search field, at the top of all Rubrik CDM web UI pages, type the name of the virtual machine.
The search matches the characters entered in the search field with the same sequence of characters
anywhere in a name. Continue to type characters to narrow down the results until the virtual machine
appears.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
3. When the name of the virtual machine appears in the displayed list, select the name.
Result
The Rubrik CDM web UI displays the local host page for the virtual machine.
Procedure
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
3. Select a tab.
• VMs – Provides a virtual-machines-only view, with the hierarchical location of each virtual machine
displayed in the location column.
• Hosts and Clusters – Provides a list of Hyper-V hosts and Hyper-V clusters.
4. (Search Only) In the tab search field, begin typing an entity name.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
The search matches the characters entered in the search field with the same sequence of characters
anywhere in a name. Continue to type characters to narrow down the results until the entity appears
in the results.
5. (Search Only) Stop typing when the name of the entity appears on the page.
6. (Browse Only) Click the name of a top-level entity.
The Rubrik CDM web UI displays the entities within the selected entity.
7. (Browse Only) Continue clicking entity names to browse down the hierarchy to a specific entity.
Result
The search lists the specified entities.
Procedure
1. Log in to the Rubrik CDM web UI.
Result
Rubrik CDM selects the data protection entities.
Related concepts
SLA Domain assignment
Provide protection for a virtual machine through an SLA Domain.
Protected warning
The Rubrik CDM web UI displays the protected warning when the Rubrik cluster detects that an SLA
Domain setting is already associated with a selected virtual machine.
The protected warning is “These VM(s) are already protected”.
When the protected warning appears, do one of the following:
• Continue the operation to assign the selected SLA Domain to the protected virtual machines.
• Cancel the operation and remove the virtual machines from the selection set.
Changing the SLA Domain of a virtual machine may result in immediate expiration of some snapshots.
Related concepts
Changing the assigned SLA Domain
A protected virtual machine may be assigned to another SLA Domain in order to satisfy specific business
requirements (for example, data governance policy changes or space management requirements).
Protection consequences
The SLA rules defined by an SLA Domain impact the protection of virtual machines in several ways. SLA
rules specify when snapshots are created, when snapshots expire, and where snapshot data is stored.
A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an SLA
Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same SLA Domain
that created the snapshot.
Sometimes, the source virtual machine for a snapshot is assigned to another SLA Domain after the
snapshot is created. When this occurs the new SLA Domain becomes the managing SLA Domain for the
policy driven snapshot.
A policy driven snapshot can require manual management when it loses an association with the SLA
Domain.
Replication Retention Determines how long replicas are retained on a replication target cluster.
Period
Maximum Retention Determines how long snapshots are retained by the system. The Rubrik
Period cluster automatically expires policy driven snapshots that are older than the
Maximum Retention Period.
Assume that a virtual machine was assigned to the SLA Domain D1 and later was assigned to the SLA
Domain D2. At the time of the reassignment, the virtual machine had existing policy driven snapshots.
After the reassignment, those existing policy driven snapshots are managed based on the policies set in
SLA Domain D2.
If D1 has a higher base frequency of snapshots than D2 (e.g. D1 was Gold and D2 was Bronze), then
existing policy-driven snapshots that are not required by the policies of D2 are deleted from the system.
By doing this, the Rubrik cluster brings the snapshot history for the virtual machine into compliance with
the frequency and retention periods defined by D2.
Alternatively, if D2 specifies a higher base frequency of snapshots, (e.g. D2 was Gold and D1 was Bronze)
then the virtual machine will initially appear in the SLA Compliance reports as out of compliance with D2’s
SLA because the existing snapshots were insufficient to meet the new SLA rules.
Procedure
1. Virtual Machines > Hyper-V VMs.
To go directly to the page for a single virtual machine, type the name of the virtual machine in the
search box on the top bar of the Rubrik CDM web UI and select the virtual machine from the results
list.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the virtual machines
present in the system.
2. In Name, click the name of a virtual machine.
Result
The local host page for the selected virtual machine appears.
Action bar
The action bar is used to take on demand snapshots or to manage protection.
Action Description
Take On Demand Snapshot Adds an on demand snapshot of the virtual machine to the task queue.
Backup Window settings defined for the SLA Domain of the virtual machine
do not apply to on demand snapshots. Only the maximum retention and
remote configuration settings of the associated SLA Domain apply to on
demand snapshots.
Manage Protection Opens the Manage Protection page where the virtual machine can be
assigned to an SLA Domain for protection.
Ellipsis menu > Exclude Provides access to the Exclude VHD dialog box
VHDs
Ellipsis menu > Register Establishes a connection between the Rubrik cluster and the Rubrik Backup
Rubrik Backup Service Service (RBS) software running on the guest OS of the virtual machine.
Overview card
The Overview card summarizes protection for Hyper-V hosts.
Field Description
SCVMM If SCVMM is part of the cluster, the IP address of the SCVMM Server.
Cluster If the Hyper-V Server is part of a cluster, the IP address of the Hyper-V Server that
manages the virtual machine.
Host IP address of the hypervisor that hosts the virtual machine.
SLA Domain Name of the SLA Domain that manages the protection of the selected virtual
machine.
Live Mounts Number of live mounts for snapshots associated with the selected virtual machine.
Oldest Snapshot Timestamp for the oldest snapshot associated with the selected virtual machine.
When the SLA Domain has an active archival policy, the oldest snapshot resides at
the archival location.
Latest Snapshot Timestamp for the most recent successful snapshot of the selected virtual machine.
Total Snapshots Total number of retained snapshots for the selected virtual machine, including both
the local Rubrik cluster and any archival location.
Missed Snapshots Number of policy-driven snapshots that did not complete successfully. A missed
snapshot is included in the count until the period since the SLA Domain policy
required the snapshot exceeds the retention period of the SLA Domain.
Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the snapshots that
reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views. Each view
uses color spots to indicate the presence of snapshots on a date and to indicate the status of SLA Domain
compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the virtual
machine.
The following table defines the status colors used on calendar views.
Color Status
Green All snapshots required by SLA Domain policy were successfully created.
View Description
Year The Year view displays snapshot creation information for an entire year. A color spot
indicator on a specific date indicates snapshot activity, and displays the SLA Domain
compliance status for that day.
Month The Month view displays snapshot creation information for an entire month. A color spot
indicator on a specific date indicates snapshot activity, and displays the SLA Domain
compliance status for that day.
Day The Day view displays the individual snapshots that were created on the selected day. The
Day view also provides the additional information and actions described in the following
section.
Category Description
Time Creation time of the snapshot.
Location For a snapshot that resides only on local storage the indicator field is empty.
The following icon indicates a snapshot that resides at an archival location.
The following icon indicates a snapshot that resides locally and at an archival location.
The following icon indicates a replica of the snapshot from the source Rubrik cluster.
The following icon indicates the policy driven snapshot represented by the entry was not
completed successfully.
Command Description
Search by Use the predictive search field to find file by typing the name.
File Name
Mount Use the snapshot to create and mount a new virtual machine on a hypervisor host.
The new virtual machine is uniquely named within the virtualization management system.
The name of the recovered virtual machine is constructed as follows: name of source
virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The local Rubrik cluster is the datastore for the new virtual machine.
Instantly Restore a virtual machine into the production environment by using the selected
Recover snapshot.
The new virtual machine is given the same name as the source virtual machine and is
powered on and connected to the network. The source virtual machine is powered off and
renamed.
The local Rubrik cluster serves as the datastore for the new virtual machine.
Export Use the snapshot to create and mount on an hypervisor host a new virtual machine, that
is a copy of the local virtual machine.
Command Description
Download Transfer a copy of the selected snapshot to the local Rubrik cluster so that it is
available for additional local actions. The local Rubrik cluster provides a notification
when the download is completed.
Browse Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Backup processes
A Rubrik cluster backs up a virtual machine by using VSS to create a snapshot of the virtual machine.
When a Rubrik cluster begins protecting a virtual machine, the Rubrik cluster starts by creating a first full
snapshot of the virtual machine. This first full snapshot is a complete backup of the virtual machine.
After the first full snapshot, the Rubrik cluster continues protection of the virtual machine by creating
incremental snapshots based on the change information provided by Resilient Change Tracking (RCT). The
Rubrik cluster creates each incremental snapshot very quickly because the snapshot only includes the data
blocks that have changed since the last snapshot.
The Hyper-V environment transmits the snapshot data to the Rubrik cluster using the SMB protocol.
Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines the
period in a day the Rubrik cluster can initiate policy-driven snapshots of the objects that the SLA Domain
protects.
When using the snapshot window policy, the specified window must be long enough to accommodate the
number of objects that are assigned to the SLA Domain. Monitor the snapshot activity of the SLA Domain
to ensure that all policy-driven snapshots are successfully completed. When necessary, lengthen the period
to permit all snapshots to be completed successfully.
Protection exceptions
The Rubrik cluster cannot protect data if protection exceptions exist.
The following list defines the protection exceptions:
• Failover clustering must be installed on the host, even if it is a standalone host. The snapshots will fail if
this feature is not enabled.
• Rubrik will discover Live Mount virtual machines, but they cannot be backed up.
Linux guest OS
A Rubrik cluster provides file system consistent snapshots on supported Linux guest OS types.
On demand snapshots
In addition to policy based snapshots, create virtual machine snapshots by using the on demand snapshot
process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically, according to
the SLA rules of the associated SLA Domain.
Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines can be
created by using the on demand snapshot process.
Procedure
1. In the web UI, on the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected, and displays all the Hyper-V virtual
machines present in the system.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. On the local host page, click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
4. Select an SLA Domain.
The Rubrik cluster bases the retention period of the on-demand snapshot on the retention period and
frequency of the assigned SLA Domain. The Rubrik cluster uses the remote configuration settings of
the associated SLA Domain to manage the on-demand snapshot. The selected SLA Domain can be
different from the SLA Domain that protects the virtual machine.
5. Click Take On Demand Snapshot.
Result
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log tracks the
status of the on-demand backup task.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears, with the VMs tab selected.
3. In the Name column, click the name of a virtual machine.
To help find virtual machines, use the filters, sort the entries by column heading, or use the search
field.
The local host page for the selected virtual machine appears.
4. Open the ellipsis menu on the top bar of the local host page and select Exclude VHDs.
The Exclude VHDs dialog box appears.
5. Select the VHD files to exclude.
6. Click Exclude.
Result
The Rubrik cluster excludes the selected VHD files from all future backups of the virtual machine.
Retention
The retention period assigned to the archival snapshot by the associated SLA Domain determines the
expiration of an archival snapshot. After the expiration of the retention period, the Rubrik cluster marks the
archival snapshot as expired and moves the snapshot data to garbage collection.
To ensure existing snapshots are always fully functional, the Rubrik cluster combines any required data
from expired incremental snapshots into the chain of existing incremental snapshots. This permits each
retained archival snapshot to be mounted as a fully functional virtual machine.
Unmanaged data
Manage file system and application data that is not subject to a retention policy through the Snapshot
Management page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as unmanaged
snapshot objects. Unmanaged snapshot objects can be managed through the Snapshot Management page
of the Rubrik CDM web UI.
View the Snapshot Management page for information about tasks with unmanaged snapshot objects.
Related concepts
Retention management
Assign retention policies to existing scheduled snapshots, on-demand snapshots, and snapshots retrieved
from an archival location.
Context
Alternatively, use the search box on the top bar of the Rubrik CDM web UI to directly access the local host
page when the name of the source virtual machine is known.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > Hyper-V VMs.
To work with data from an unmanaged virtual machine on the Snapshot Management page, click
Snapshot Management from the left pane. Then, continue with the following steps from the
Snapshot Management page instead of the Virtual Machines page.
The Hyper-V VMs page appears, with the VMs tab selected.
3. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
4. (Recovering archival snapshot only) Open the ellipsis menu for the snapshot.
5. (Recovering archival snapshot only) On the ellipsis menu, click Download.
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot. Manually
delete a downloaded archival snapshot that is no longer required on local storage.
The Rubrik cluster retrieves the archival snapshot. Status of the retrieval process or activity appears
on the Activity Log.
6. Perform one of the available recovery actions on the selected snapshot or restore files and folders
from the selected snapshot.
Result
A snapshot is selected for a recovery operation.
Related concepts
Local host page
The local virtual machine page provides detailed information about the protection of a virtual machine, and
tasks related to the virtual machine.
Activity Log
The Activity Log contains log messages about standard tasks and notifications that are considered time
sensitive.
Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before applying a
recovery action.
Procedure
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
Result
A replication target Rubrik cluster is selected for a recovery action.
Procedure
1. Select a snapshot or an archival snapshot.
2. Open the ellipsis menu for the snapshot.
3. Click Instantly Recover.
The Instantly Recover Snapshot dialog box appears.
4. Select an Hyper-V host for the virtual machine.
5. Click Instantly Recover.
Result
The Rubrik cluster powers down the source virtual machine and renames it. Then the Rubrik cluster
mounts the snapshot on the selected Hyper-V host with the name of source virtual machine, connects the
recovered virtual machine to the network, and powers up the virtual machine.
Related tasks
Selecting a snapshot or an archival snapshot
Context
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The Rubrik
cluster does not connect the recovered virtual machine to a network. The Rubrik cluster sets the protection
state of the new virtual machine to Do Not Protect.
Procedure
1. Select a snapshot, an archival snapshot, or a replica.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Mount.
The Mount Snapshot dialog box appears.
4. Select an Hyper-V host for the virtual machine.
5. Optional: Click Remove virtual network device.
Select this option when networking changes or issues prevent the virtual machine from starting.
6. Click Mount.
Result
The Rubrik cluster mounts the snapshot on the selected Hyper-V host with a new name and powers up
the virtual machine. During the process, messages about the status appear in the Activity Log. The Rubrik
cluster records the final result of the task in the Activity Log.
Note: The Rubrik cluster sets the protection state of the Live Mount recovered virtual machine to Do Not
Protect. To protect the new virtual machine, add it to an SLA Domain, or remove the individual assignment
of Do Not Protect to permit it to inherit protection.
Related tasks
Selecting a snapshot or an archival snapshot
Use the Rubrik CDM web UI to select a snapshot before applying a recovery action.
Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before applying a
recovery action.
Performing an Export
An Export creates a new virtual machine from a point-in-time copy of the source virtual machine. The
datastore of the selected Hyper-V host is the datastore for the recovered virtual machine. Rubrik can
export the resulting VMDK as either Thick Provisioned or Thin Provisioned.
Context
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The Rubrik
cluster does not connect the recovered virtual machine to a network. The Rubrik cluster sets the protection
state of the new virtual machine to Do Not Protect.
Procedure
1. Select a snapshot, an archival snapshot, or a replica.
Result
The Rubrik cluster creates a new virtual machine from the snapshot on the selected Hyper-V host,
transfers the virtual machine files to the datastore, and powers up the recovered virtual machine. During
the process, messages about the status appear in the Activity Log. The Rubrik cluster also records the final
result of the task in the Activity Log.
The Rubrik cluster initially sets the protection state of the exported virtual machine to Do Not Protect. To
protect the new virtual machine, add it to an SLA Domain, or remove the individual assignment of Do Not
Protect to permit it to inherit protection.
Related tasks
Selecting a snapshot or an archival snapshot
Use the Rubrik CDM web UI to select a snapshot before applying a recovery action.
Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before applying a
recovery action.
Procedure
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
2. On the left-side menu, click Live Mounts.
The Live Mounts page appears.
3. Select a recovered virtual machine with the Powered On status.
4. Open the ellipsis menu for the recovered virtual machine.
5. Click Power Off.
A confirmation message appears.
6. Click Power Off.
The Rubrik cluster gracefully powers down the selected virtual machine.
Result
The virtual machine is powered off.
Procedure
1. Log in to the Rubrik CDM web UI on the local Rubrik cluster.
2. On the left-side menu, click Live Mounts.
The Live Mounts page appears.
3. Select a recovered virtual machine.
4. Open the ellipsis menu for the recovered virtual machine.
5. Click Unmount.
The confirmation message includes the option Remove local entry even if Rubrik cannot
confirm Hyper-V configuration. Enable this option to remove a stale entry for a recovered virtual
machine that was live migrated.
A confirmation message appears.
6. Click Unmount.
The Rubrik cluster removes the selected virtual machine from the Hyper-v host (or cluster) and
deletes the recovered virtual machine files from the Rubrik cluster datastore. This action does not
remove data protection objects.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also
records the final result of the task in the Activity Log.
7. (After all live mounts are removed) Detach the Rubrik cluster datastore devices from the associated
Hyper-V host (or cluster).
Result
The Rubrik cluster names the datastore devices using the following format:
IP_NODE_sdmount
where IP_NODE is the IPv4 address of one of the nodes of the Rubrik cluster.
Related tasks
Removing a virtual machine entry after live migration
After live migration of a recovered virtual machine the Rubrik cluster maintains an entry for the recovered
and migrated virtual machine on the Live Mounts page. Perform this task to remove the entry from the
Live Mounts page.
Procedure
1. Log in to the Rubrik CDM web UI on the local Rubrik cluster.
2. On the left-side menu, click Live Mounts.
The Live Mounts page appears.
3. Select a recovered virtual machine that was live migrated.
4. Open the ellipsis menu for the recovered virtual machine.
Result
The Rubrik cluster removes the metadata associated with the selected virtual machine and removes the
entry for the virtual machine from the Live Mounts page. This action does not remove data protection
objects and does not unmount the recovered and migrated virtual machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also records
the final result of the task in the Activity Log.
Live Migration
After a recovery, the recovered virtual machine use Live Migration.
After live migration of a virtual machine recovered by the Instant Recovery or Live Mount actions, the
Rubrik cluster maintains metadata for the recovered virtual machine which should be removed.
Delete the metadata for the recovered virtual machine through the Live Mounts page of the Rubrik CDM
web UI by using the Force Delete option.
Related tasks
Removing a virtual machine entry after live migration
After live migration of a recovered virtual machine the Rubrik cluster maintains an entry for the recovered
and migrated virtual machine on the Live Mounts page. Perform this task to remove the entry from the
Live Mounts page.
Instant Recovery
An Instant Recovery replaces the source virtual machine with a fully functional point-in-time copy.
The Rubrik cluster powers off and renames the source virtual machine and assigns the name of the source
virtual machine to the recovered virtual machine. The Rubrik cluster powers on the recovered virtual
machine and connects the recovered virtual machine to the source network. The Rubrik cluster is the
datastore for the recovered virtual machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also records
the final result of the task in the Activity Log. The Rubrik cluster lists the recovered virtual machine on the
Live Mounts page of the Rubrik CDM web UI.
Optionally, move the recovered virtual machine back to the cluster. Use Hyper-V Manager to move the
instantly recovered virtual machine to any host in the cluster except the host of the source virtual machine.
Once moved, re-add the virtual machine to the cluster, using the Failover Cluster Manager, which returns
the virtual machine to its original state. The instantly recovered virtual machine derives protection from
parent objects. When the recovered virtual machine does not obtain protection from any parent objects,
add it to an SLA Domain. To protect it using the same SLA rules and policies as the source virtual machine,
add the recovered virtual machine to the original SLA Domain. Alternatively, add the recovered virtual
machine to another SLA Domain. By default Instant Recover uses dynamic virtual disks, even if the original
disk was a fixed virtual disk. During storage migration, the disk can be reconfigured as a fixed virtual disk.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. On the Snapshots card, type the name of the file or folder in the search field.
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file and
folder pathnames.
Matches are based on file or folder names that start with the characters typed. Continue to type
characters until the file or folder appears in the results.
5. Select the file or folder.
The Download File Version dialog box appears. A cloud icon appears next to files or folders that are on
archival snapshots.
6. Select a version of the file or folder.
Result
Rubrik CDM searches for the file or folder.
Related tasks
Viewing a local host page
Access a local host page to view information about a local virtual machine.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines, and then select a virtual machine type from the list.
The VMs page appears with the VMs tab selected and displays all the virtual machines of that type.
3. Click a virtual machine.
The local host page for the selected virtual machine appears.
4. Select a snapshot, archival snapshot, or replica.
5. Open the ellipsis menu for the snapshot or replica.
6. Click Recover Files.
The Recover Files dialog box appears.
Result
Rubrik CDM web UI recovers a file or folder for a data protection object.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Search or browse for a file or folder.
5. Select a file or folder.
6. Open the ellipsis menu for the file or folder.
C:\Users\jsmith\work
/home/jsmith/work
13. Optional: (If available) Select Store as service credential for all VMs.
Choose this setting to have the Rubrik cluster store the credential. The stored credential can be
managed through the Service Credentials page.
14. Click Restore.
Result
The Rubrik cluster restores the file or folder to the specified location.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Search or browse for a file or folder.
5. Select the file or folder.
6. Open the ellipsis menu for the file or folder.
7. Click Download.
8. Click OK.
For a folder, the Rubrik cluster retrieves the folder and creates a zip file with the folder and all files and
folders within the selected folder. The zip file preserves the folder hierarchy. In the Rubrik CDM web UI
Activity Log, a ‘Downloaded’ message appears for the selected file or folder.
9. Click the message.
The Save As dialog box appears in the web browser.
10. Select a download location for the file, and click Save.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
11. (Folder only) Extract the folder using a zip utility.
Result
The Rubrik cluster restores the selected files or folders.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Search or browse for a file or folder.
5. Select the file or folder.
6. Open the ellipsis menu for the file or folder.
7. Click Download.
For a folder, the Rubrik cluster retrieves the folder and creates a ZIP file with the folder and all files
and folders within the selected folder. The ZIP file preserves the folder hierarchy.
8. Open the local host page for the virtual machine.
9. On the messages card, select the ‘Link ready for download’ message.
Result
The Rubrik cluster restores the selected files or folders.
Context
By default, Chrome saves downloaded files to the following locations:
• Windows: \Users\username\Downloads
• Mac: /Users/username/Downloads
• Linux: home/username/Downloads
To download files and folders to a specified location, change the default Chrome Download setting.
Procedure
1. In Chrome, click the customize icon.
The Chrome menu appears.
2. On the menu, click Settings.
The Chrome Settings page appears.
3. Click Show Advanced Settings.
Additional settings appear on the Settings page.
4. In the Downloads section, enable Ask where to save each file before downloading.
Result
Chrome applies the new setting and opens a Save As dialog box for selecting a download location when a
file is downloaded.
A Rubrik cluster provides data management and protection for virtual machines deployed in a Nutanix
Acropolis (AHV) environment.
The Rubrik cluster can manage and protect virtual machines in an environment with multiple Nutanix
clusters and virtual machines. SLA Domain policies can be applied at both the cluster and virtual machine
levels of the AHV hierarchy.
Rubrik integrates with AHV features including Acropolis Block Services (ABS) and Challenge-Handshake
Authentication Protocol (CHAP) support for connecting to iSCSI targets for data ingest.
The REST API is utilized to interact with Nutanix Changed Region Tracking (CRT) to query the changed
metadata regions given any two snapshots of a virtual disk or virtual machine. CRT is used for incremental
and full backups. The API identifies regions that are zeroed, therefore saving on read operations. Rubrik
integration also leverages Nutanix VSS snapshots with Nutanix Guest Tools to quiesce virtual machines as a
part of the snapshot.
Nutanix prerequisites
Rubrik CDM support for Nutanix has specific prerequisites.
• AHV based environment listed in the Rubrik Compatibility Matrix
• Nutanix REST API version 3.0 or later
• IP configured for iSCSI Data Services. Rubrik CDM uses iSCSI with CHAP for data ingest and export
from Nutanix
• iSCSI ports 860, 3205, and 3260 are verified as open
• Permissions within Nutanix for the Rubrik cluster to create and delete volume groups, copy containers,
create virtual machines, and create and delete snapshots
• TLS/SSL public key certificate is generated for the Nutanix Cluster
• Highly available IP for Prism
• Obtain the Nutanix Cluster IP address or FQDN
• Obtain the Nutanix Cluster UUID
Where IP is the IP address of the Nutanix cluster and port is the web port of the Nutanix cluster.
Nutanix limitations
Nutanix has limitations that impact Rubrik backup and restore functionality. These limitations apply to
export operations; they do not apply to live mount operations.
Limitation Description
Exported virtual machine Even when you export a Nutanix virtual machine that has a disk bus type
disks always have the SCSI other than SCSI, the exported virtual machine disk has the SCSI bus type.
bus type
When you restore the export to a virtual machine that does not support
the SCSI bus type, the virtual machine might fail to boot after the restore
operation.
Exported CD-ROM drives Even when you export a Nutanix virtual machine that has a CD-ROM drive
always have the IDE bus bus type other than IDE, the exported CD-ROM drive has the IDE bus
type type.
When you restore the export to a virtual machine that does not support
the IDE bus type for CD-ROM drives, the virtual machine might fail to boot
after the restore operation.
Related Concepts
AHV virtual machines
A Rubrik cluster provides data management and protection for virtual machines deployed in a Nutanix
Acropolis (AHV) environment.
Nutanix cluster management
Adding a Nutanix Cluster to the Rubrik cluster establishes a secure connection between the Rubrik cluster
and the Rubrik Backup Service.
Related reference
Nutanix prerequisites
Rubrik CDM support for Nutanix has specific prerequisites.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
Result
The Rubrik cluster checks connectivity with the specified Nutanix Cluster and adds the Nutanix Cluster.
Context
Protect a set of virtual machines by assigning the selected set to an SLA Domain. Assigning virtual
machines to an SLA Domain protects the virtual machines by applying the data protection policies of the
SLA Domain.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected.
2. Select a virtual machine.
Select multiple virtual machines to assign the same setting to all of the selected virtual machines.
To help find virtual machines, use the filters, sort the entries by column heading, or use the search
field. Finding protection objects describes these tools.
3. Click Manage Protection.
A dialog box with one or more warnings may appear.
The Manage Protection wizard appears.
4. Select an SLA Domain.
5. Click Next.
The Review Impact page of the Manage Protection dialog box appears.
6. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
7. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand snapshots. The summary information
describes the effect of the changes on existing, new, on-demand, and downloaded snapshots.
8. Click Submit.
Result
The Rubrik cluster assigns the selection group to the SLA Domain.
Related Concepts
Retention policy for existing snapshots
Choose the retention policy for existing snapshots after removing the SLA Domain setting.
Related reference
Manage Protection options
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected.
2. Select Clusters.
The Cluster tab appears.
3. Select a Nutanix cluster.
4. Click Manage Protection.
The Manage Protection dialog box appears.
5. Select an SLA Domain.
6. Click Next.
The Review Impact page of the Manage Protection dialog box appears.
7. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
8. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand snapshots. The summary information
describes the effect of the changes on existing, new, on-demand, and downloaded snapshots.
9. Confirm the summary information and click Submit.
If the summary information appears incorrect, click Back to return to the previous screen or Cancel
to cancel the change.
The automatic protection rules determine the application of the selected setting to virtual machines
contained by the selected objects.
Result
The Rubrik cluster applies the selected setting to the selected objects and resolves conflicts as specified.
The automatic protection rules determine the application of the setting to the virtual machines that are
contained by the selected objects.
Related Concepts
Automatic protection rules
To provide consistency when applying automatic protection the Rubrik cluster adheres to a specific set of
rules.
Related reference
Manage Protection options
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
Result
The Rubrik cluster removes the individual assignments for the selected group. Each virtual machine in the
selection group derives a protection setting based on the automatic protection rules.
Related Concepts
Retention policy for existing snapshots
Choose the retention policy for existing snapshots after removing the SLA Domain setting.
Find protection objects
The Rubrik CDM web UI provides several tools for finding protection objects.
Name Description
Pre-Backup • Use a pre-backup script to prepare for a backup by quiescing the applications on the
Script virtual machine.
• The pre-backup script requires that a timeout value be specified.
• The Rubrik CDM web UI provides an option to cancel the backup task when the pre-
backup script does not complete successfully.
Post-Snap Must be idempotent, script may be invoked several times during a single backup task.
Script
• Use a post-snap script to minimize stun time and resume all applications on the
virtual machine.
• Also, use a post-snap script to perform clean-up tasks if a backup task fails.
• The post-snap script requires that a timeout value be specified.
• The post-snap script runs immediately after the host snapshot task completes.
Post-Backup Must be idempotent, script may be invoked several times during a single backup task.
Script
• Use a post-backup script to perform custom post-processing at the end of the
backup process.
• The post-backup script requires that a timeout value be specified.
• The post-backup script runs after: the snapshot is copied to the Rubrik cluster and
released on the virtual machine host, and the Rubrik cluster completes all data and
metadata processing tasks.
Prerequisites
Rubrik Backup Service (RBS) must be installed to enable the Rubrik cluster to run scripts.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected.
3. Select a virtual machine.
To help find virtual machines, use the filters, sort the entries by column heading, or use the search
field. Finding protection objects describes these tools.
4. In Name, click the name of a virtual machine.
The local host page for the selected virtual machine appears.
5. Open the ellipsis menu, and select Configure Pre/Post Scripts.
The Configure Pre/Post Scripts dialog box appears.
6. (Optional) In Pre-Backup Script Path, type the full path for the pre-backup script.
The full path is relative to the root of the guest OS file system.
7. (Optional) Select Cancel Backup if Pre-Backup Scripts Fails.
Any script exit status other than 0 is considered a script failure. When this box is selected, the Rubrik
CDM displays a notification of the script failure and the value of the exit status in the Activity Log.
8. (Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the pre-backup
script because the script cannot be completed.
9. (Optional) In Post-Snap Script Path, type the full path for the post-snap script.
The full path is relative to the root of the guest OS file system.
10. (Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the post-snap script
because the script cannot be completed.
11. (Optional) In Post-Backup Script Path, type the full path for the post-backup script.
The full path is relative to the root of the guest OS file system.
12. (Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the post-snap script
because the script cannot be completed.
13. Click Apply.
Result
The Rubrik cluster stores the information and runs the specified scripts for all subsequent backups of the
selected virtual machine. The Rubrik cluster provides entries in the Activity Log for errors that occur when
running the scripts as specified.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected.
3. In the Name column, click the name of a virtual machine.
To help find virtual machines, use the filters, sort the entries by column heading, or use the search
field.
The local host page for the selected virtual machine appears.
4. Open the ellipsis menu on the top bar of the local host page and select Exclude Disks.
The Exclude Disks dialog box appears.
5. Select the disks to exclude.
6. Click Exclude.
Result
The Rubrik cluster excludes the selected virtual machine disk files from all future backups of the virtual
machine.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected.
Result
The Rubrik CDM web UI Dashboard displays all unprotected virtual machines.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
To go directly to the page for a single virtual machine, type the name of the virtual machine in the
search box on the top bar of the Rubrik CDM web UI and select the virtual machine from the results
list.
The Virtual Machines page appears, with the VMs tab selected.
2. Click the Filter SLA drop-down menu.
3. On the Filter SLA drop-down menu, select one of the following filters:
• All Unprotected – Displays all unprotected virtual machines, both No SLA and Do Not Protect.
• No SLA – Displays virtual machines that have not inherited an SLA Domain setting.
• Do Not Protect – Displays virtual machines that have inherited the Do Not Protect setting, or
have Do Not Protect individually assigned.
Result
The Rubrik CDM web UI displays the virtual machines that belong to the selected protection state.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Virtual Machines > AHV VMs.
The Virtual Machines page appears, with the VMs tab selected.
2. Click the Filter SLA drop-down menu.
3. On the Filter SLA drop-down menu, select one of the named SLA Domains, or select a protection
state, either Inherited or Do Not Protect.
Result
The Rubrik CDM web UI displays the virtual machines that belong to the selected SLA Domain or to the
selected protection state.
Procedure
1. In the Rubrik CDM web UI, in the Search field, type the name of the virtual machine. Continue to type
characters to narrow down the results until the virtual machine appears.
Result
The Rubrik CDM web UI displays the local host page for the virtual machine.
Procedure
1. In the left-pane of the Rubrik CDM web UI, click Virtual Machines > AHV VMs.
The AHV VMs page appears, with the VMs tab selected, and displays all the virtual machines present
in the system.
2. In the tab bar, select one of the following tabs.
• VMs – Provides a virtual machines only view, with the hierarchical location of each virtual machine
displayed in the location column.
• Clusters– Provides the Nutanix clusters.
3. (Search Only) In the tab search field, begin typing an entity name.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
4. (Browse Only) Click the name of a top-level entity.
The Rubrik CDM web UI displays the entities within the selected entity.
5. (Browse Only) Continue clicking entity names to browse down the hierarchy to a specific entity.
Result
Rubrik CDM displays the search results.
Procedure
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, select the protectable object type.
Option Description
Hyper-V VMs Click Virtual Machines > Hyper-V VMs .
vSphere VMs Click Virtual Machines > vSphere VMs.
AHV VMs Click Virtual Machines > AHV VMs.
The selected page appears, with the VMs tab selected, and displays all the virtual machines present in
the system.
3. Use one of the search or sort methods to display the entities to be selected.
4. Select the entities.
A check mark appears next to each selected entity.
5. Click Manage Protection.
Protected warning
The Rubrik CDM web UI displays the protected warning when the Rubrik cluster detects that an SLA
Domain setting is already associated with a selected virtual machine.
The protected warning is:
“These VM(s) are already protected”
When the protected warning appears, do one of the following:
• Continue the operation to assign the selected SLA Domain to the protected virtual machines.
• Cancel the operation and remove the virtual machines from the selection set.
Changing the SLA Domain of a virtual machine may result in immediate expiration of some snapshots.
Related Concepts
Changing the assigned SLA Domain
A protected virtual machine may be assigned to another SLA Domain in order to satisfy specific business
requirements (for example, data governance policy changes or space management requirements).
Protection consequences
The SLA rules defined by an SLA Domain impact the protection of virtual machines in several ways. SLA
rules specify when snapshots are created, when snapshots expire, and where snapshot data is stored.
A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an SLA
Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same SLA Domain
that created the snapshot.
Sometimes, the source virtual machine for a snapshot is assigned to another SLA Domain after the
snapshot is created. When this occurs the new SLA Domain becomes the managing SLA Domain for the
policy driven snapshot.
A policy driven snapshot can require manual management when it loses an association with the SLA
Domain.
Replication Retention Determines how long replicas are retained on a replication target cluster.
Period
Maximum Retention Determines how long snapshots are retained by the system. The Rubrik
Period cluster automatically expires policy driven snapshots that are older than the
Maximum Retention Period.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Virtual Machines > AHV VMs.
Result
The local host page displays information about a local virtual machine.
Action bar
Choose actions for a selected virtual machine from the Action bar.
Action Description
Take On Demand Snapshot Adds an on-demand snapshot of the virtual
machine to the task queue.
Backup Window settings defined for the SLA
Domain of the virtual machine do not apply to on-
demand snapshots. Only the maximum retention
and remote configuration settings of the associated
SLA Domain apply to on-demand snapshots.
Ellipsis menu > Delete All Snapshots Only appears for an unprotected virtual machine.
Deletes all snapshots for the virtual machine,
including local snapshots, archival snapshots, and
replicas.
Ellipsis menu > Configure Application Consistency Provides access to the Configure Application
Consistency dialog box.
Register Rubrik Backup Service Establishes a connection between the Rubrik cluster
and the Rubrik Backup Service (RBS) software
running on the guest OS of the virtual machine.
Related Tasks
Specifying crash consistent backups
Overview card
The Overview card displays information about AHV SLA Domains and snapshots.
Field Description
Cluster The Nutanix cluster that manages the virtual
machines.
SLA Domain Name of the SLA Domain that manages the
protection of the selected virtual machine.
Oldest Snapshot Timestamp for the oldest snapshot associated with
the selected virtual machine.
When the SLA Domain has an active archival policy,
the oldest snapshot resides at the archival location.
Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the snapshots that
reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views. Each view
uses color spots to indicate the presence of snapshots on a date and to indicate the status of SLA Domain
compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the virtual
machine.
Snapshots in the calendar view are color coded by status.
Color Status
Green All snapshots required by SLA Domain policy were successfully created.
Orange All snapshots required by SLA Domain policy were successfully created but at least one
snapshot caused a warning.
Red At least one snapshot required by SLA Domain policy was not successfully created.
Category Description
Created Time Creation time of the snapshot.
Location For a snapshot that resides only on local storage the indicator field is empty.
The following icon indicates a snapshot that resides at an archival location.
The following icon indicates a snapshot that resides locally and at an archival
location.
The following icon indicates a replica of the snapshot was sent to the target
Rubrik cluster.
Status The following icon indicates a warning for the snapshot entry. Hover over the
icon to see additional information.
The following icon indicates the policy driven snapshot represented by the
entry was not completed successfully.
Local Expiration Date The date when this snapshot will expire.
Archive Location The archive location for the snapshot that was set in the SLA Domain.
Command Description
Search by File Name Use the predictive search field to find file by typing the name.
Export Use the snapshot to create a new virtual machine and to mount that virtual
machine on an AHV host.
The new virtual machine is uniquely named within the virtualization
management system. The name of the recovered virtual machine is
constructed as follows: name of source virtual machine + timestamp of
snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The AHV host is the datastore for the new virtual machine.
Related Tasks
Restoring from notification link
Search or browse for a file or folder and restore that file or folder by download from a link in the
notification message.
Changing the retention policy for snapshots
Command Description
Download Transfer a copy of the selected snapshot to the local Rubrik cluster so that
it is available for additional local actions. The local Rubrik cluster provides a
notification when the download is completed.
Recover Files Open a file browser view on the selected snapshot.
Use this view to find, select, and download a file or folder from the snapshot.
Related Tasks
Restoring from notification link
Search or browse for a file or folder and restore that file or folder by download from a link in the
notification message.
Changing the retention policy for snapshots
Change the retention policy for specified snapshots of a protectable object on the Snapshot Management
page.
Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines the
period in a day the Rubrik cluster can initiate policy-driven snapshots of the objects that the SLA Domain
protects.
When using the snapshot window policy, the specified window must be long enough to accommodate the
number of objects that are assigned to the SLA Domain. Monitor the snapshot activity of the SLA Domain
to ensure that all policy-driven snapshots are successfully completed. When necessary, lengthen the period
to permit all snapshots to be completed successfully.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Virtual Machines > AHV VMs.
The All VMs page appears with the VMs tab selected.
2. Click a virtual machine name.
The local host page for the selected virtual machine appears.
3. Open the ellipsis menu and select Configure Snapshot Consistency.
The Configure Snapshot Consistency dialog box appears.
4. Select a consistency level.
Option Description
Automatic Rubrik CDM uses the highest level of consistency
possible.
Crash Consistent Rubrik CDM captures snapshots that are crash
consistent.
5. Click Update.
On-demand snapshots
In addition to policy-based snapshots, create virtual machine snapshots by using the on-demand snapshot
process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically, according to
the SLA rules of the associated SLA Domain.
Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines can be
created by using the on-demand snapshot process.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. On the local host page, click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
4. Select an SLA Domain.
The Rubrik cluster bases the retention period of the on-demand snapshot on the retention period and
frequency of the assigned SLA Domain. The Rubrik cluster uses the remote configuration settings of
the associated SLA Domain to manage the on-demand snapshot. The selected SLA Domain can be
different from the SLA Domain that protects the virtual machine.
5. Click Next.
6. Review the selected SLA Domain details.
7. Click Next to complete the task.
Result
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log tracks the
status of the on-demand backup task.
Related Concepts
Retention management
Assign retention policies to existing scheduled snapshots, on-demand snapshots, and snapshots retrieved
from an archival location.
Snapshot Management page
The Snapshot Management page provides access to snapshot and backup information for protected
objects and relic objects
Snapshot expiration
A Rubrik cluster always retains the latest snapshot of a protected object at locations specified in the SLA
Domain, even when the retention period for all snapshots has expired.
When the retention period for a snapshot ends, the cluster marks the snapshot as expired. Expired
snapshots are no longer listed as a Snapshot Management object in the Rubrik CDM user interface.
Archival snapshots
Archival snapshots provide long term storage of snapshot data outside of the local Rubrik cluster.
The Rubrik cluster deduplicates and compresses the data in archival snapshots. The Rubrik cluster uses
client-side encryption to encrypt the archival snapshot data stored on all archival locations except NFS
exports.
Retention
The retention period assigned to the archival snapshot by the associated SLA Domain determines the
expiration of an archival snapshot. After the expiration of the retention period, the Rubrik cluster marks
the archival snapshot as expired and moves the snapshot data to garbage collection. To ensure that
existing snapshots are always fully functional, the Rubrik cluster combines any required data from expired
incremental snapshots into the chain of existing incremental snapshots. This permits each retained archival
snapshot to be mounted as a fully functional virtual machine.
Unmanaged data
Manage file system and application data that is not subject to a retention policy through the Snapshot
Management page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as unmanaged
snapshot objects. Unmanaged snapshot objects can be managed through the Snapshot Management page
of the Rubrik CDM web UI.
View the Snapshot Management page for information about tasks with unmanaged snapshot objects.
Related Concepts
Retention management
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected and displays all the virtual machines in the
system.
3. To work with data from an unmanaged virtual machine, on the left-side menu, click Snapshot
Management.
The Snapshot Management page appears, with the Snapshot Retention tab displaying all the objects.
4. Click the name of a virtual machine.
Alternatively, use the search box on the top bar of the Rubrik CDM web UI to directly access the local
host page when you know the name of the source virtual machine.
The local host page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
6. (Only for Recovering archival snapshot) Open the ellipsis menu for the snapshot.
7. (Only for Recovering archival snapshot) On the ellipsis menu, click Download.
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot. You have to
manually delete a downloaded archival snapshot that is no longer required on local storage.
The Rubrik cluster retrieves the archival snapshot. Status of the retrieval appears on the Activity Log.
8. Perform one of the available recovery actions on the selected snapshot or restore files and folders
from the selected snapshot.
Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before applying a
recovery action.
Procedure
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
2. On the left-side menu, click SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. Select a remote SLA Domain.
The page for the selected SLA Domain appears.
4. In the Virtual Machines section of the remote SLA Domain page, click the name of a virtual machine.
Searching with the source virtual machine name using the search box on the top bar of the Rubrik
CDM web UI provides direct access to the Remote VM Details page.
The Remote VM Details page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a replica.
6. Perform one of the available recovery actions on the selected replica or restore files and folders from
the selected replica.
Result
A replication target Rubrik cluster is selected for a recovery action.
Context
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The Rubrik
cluster does not connect the recovered virtual machine to a network. The Rubrik cluster sets the protection
state of the new virtual machine to Do Not Protect.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Select a snapshot, an archival snapshot, or a replica.
5. Open the ellipsis menu for the snapshot or replica.
6. Click Export.
The Export Snapshot dialog box appears with a list of the containers that are associated with each
Nutanix Cluster.
7. Select a Nutanix cluster.
A list of the datastores of the selected Nutanix cluster appears.
8. In Choose a Datastore, select a datastore.
9. Click Export.
Result
The Rubrik cluster creates a new virtual machine from the snapshot on the selected Nutanix cluster,
transfers the virtual machine files to the datastore, and powers up the recovered virtual machine. During
the process, messages about the status appear in the Activity Log. The Rubrik cluster also records the final
result of the task in the Activity Log.
The Rubrik cluster initially sets the protection state of the exported virtual machine to Do Not Protect. To
protect the new virtual machine, add it to an SLA Domain, or remove the individual assignment of Do Not
Protect to permit it to inherit protection.
Operation Live mount without Live mount with immediate Live mount with delayed
migration migration migration
Data source Not allowed Occurs immediately after Initiated manually
migration mounting completes
Unmounting Initiated manually Occurs immediately after Occurs immediately after
data source migration data source migration
completes completes
Changing power Allowed at the time of Allowed only at the time of Allowed at the time of
status initiating the Live Mount initiating the Live Mount initiating the Live Mount
and from the Live Mounts and from the Live Mounts
page, after the mounting is page until migration is
complete initiated
Related Tasks
Creating a Live Mount without migration
Live Mount an AHV virtual machine on a Nutanix cluster from a snapshot on the Rubrik cluster without
migrating the data source to the Nutanix cluster.
Creating a Live Mount with optional migration
Creating a Live Mount of an AHV virtual machine with optional migration involves immediate or delayed
migration of the data source.
Migrating a live mounted virtual machine
Prerequisites
Select a local, archived, or a replicated snapshot to Live Mount the virtual machine, as described in
Selecting a snapshot or archival snapshot and Selecting a replica.
Context
Creating a Live Mount without migration eliminates the ability to migrate the Live Mounted virtual machine
to a Nutanix AOS cluster after the recovery. The local Rubrik cluster serves as the data store for the live
mounted virtual machine, and the original virtual machine is not impacted.
Procedure
1. On the Snapshots card, from the ellipsis menu of the selected snapshot, click Mount Virtual
Machine.
The Select Cluster page of the Mount Virtual Machine wizard appears.
2. Select Live Mount without Migration.
3. Optional: In Mounted Virtual Machine Name, type a name for the live mounted virtual machine.
The Rubrik cluster will assign a name to the mounted virtual machine if this field is not configured.
4. In Choose a cluster, select a Nutanix cluster to Live Mount the virtual machine.
5. Configure the following settings.
Setting Description
Power on mounted virtual machine Use this setting to determine the power status of
the mounted virtual machine.
Remove virtual network device Use this setting when networking changes or
issues prevent the virtual machine from starting.
6. Click Next.
A Confirmation screen appears with a summary of the Live Mount configuration.
7. Click Mount.
Result
The Rubrik cluster initiates a job to mount the AHV virtual machine without migrating the data source. The
Activity Log and the Activities card display the job status. An entry for the Live Mounted virtual machine
appears on the Live Mounts page.
Next task
Verify the Live Mount on the AHV Live Mounts page and perform the available operations.
Related Tasks
Unmounting a virtual machine
Prerequisites
Select a local, archived, or a replicated snapshot to Live Mount the virtual machine, as described in
Selecting a snapshot or archival snapshot and Selecting a replica.
Context
The Live Mounted virtual machine uses the Rubrik cluster as its storage initially, but leverages the selected
Nutanix container for all subsequent writes.
Procedure
1. On the Snapshots card, from the ellipsis menu of the selected snapshot, click Mount Virtual
Machine.
The Select Cluster page of the Mount Virtual Machine wizard appears.
2. Select Live Mount with Optional Migration.
3. Optional: In Mounted Virtual Machine Name, type a name for the live mounted virtual machine.
The Rubrik cluster will assign a name to the mounted virtual machine if this field is not configured.
4. In Choose a cluster, select a Nutanix cluster to Live Mount the virtual machine.
5. Configure the following settings.
Setting Description
Power on mounted virtual machine Use this setting to determine the power status of
the mounted virtual machine.
Remove virtual network device Use this setting when networking changes or
issues prevent the virtual machine from starting.
6. Click Next.
The Select Container screen of the Mount Virtual Machine wizard appears with a list of Nutanix storage
containers.
7. In Container Name, select a Nutanix storage container.
8. Optional: Select the Migrate Immediately checkbox to automatically initiate the data source
migration immediately after the mounting operation is complete.
You can clear the checkbox to manually initiate the migration the data source at a later time from the
Live Mounts page.
9. Click Next.
A Confirmation screen appears with a summary of the Live Mount configuration.
10. Click Mount.
Next task
Verify the Live Mount on the AHV Live Mounts page. Optionally, initiate the migration for the mounted
virtual machine if it was not migrated immediately, as described in Migrating a live mounted virtual
machine.
Related Tasks
Migrating a live mounted virtual machine
Migrate the data source of a live mounted AHV virtual machine from the Rubrik cluster to a Nutanix
storage container.
Related reference
Virtual machine Live Mount operations
The operations available for a Live Mounted AHV virtual machine on the Live Mounts page vary depending
on the type of the Live Mount.
Live Mounts page for AHV virtual machines
The Live Mounts page for AHV virtual machines displays the details of the mounted virtual machines and
provides options to unmount, change the power status, and migrate the data source.
Detail Description
Name Name assigned to the mounted virtual machine.
Status Status of the mounted virtual machine:
• Powered On
• Powered Off
• Migrating
Snapshot Time Time at which the snapshot that is selected to Live Mount the virtual machine was
taken.
Mount Time Time at which the Live Mount was initiated.
Source VM The AHV virtual machine whose snapshot is selected to perform the Live Mount.
IP Address The IP address assigned to the mounted virtual machine on the Nutanix cluster.
Cluster The Nutanix cluster where the Live Mount is created.
Related Tasks
Migrating a live mounted virtual machine
Migrate the data source of a live mounted AHV virtual machine from the Rubrik cluster to a Nutanix
storage container.
Unmounting a virtual machine
Context
The Nutanix storage container used for migration is selected at the time of initiating the Live Mount of the
virtual machine with optional migration. When the data source migration completes, the Rubrik cluster
automatically unmounts the mounted virtual machine.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Live Mounts > AHV VMs.
The AHV Live Mounts page appears with the details of existing Live mounted AHV virtual machines.
3. From the ellipsis menu for a virtual machine that was mounted with optional migration, select
Migrate Datasource.
The Storage migration dialog box appears with the migration details.
4. Click Migrate.
Result
The Rubrik cluster initiates a job to migrate the data source for the selected virtual machine. The Activity
Log displays the status of the migration job.
The virtual machine entry disappears from the Live Mounts page when migration and unmounting are
complete.
Related reference
Virtual machine Live Mount operations
The operations available for a Live Mounted AHV virtual machine on the Live Mounts page vary depending
on the type of the Live Mount.
Live Mounts page for AHV virtual machines
The Live Mounts page for AHV virtual machines displays the details of the mounted virtual machines and
provides options to unmount, change the power status, and migrate the data source.
Context
The Rubrik cluster automatically unmounts the virtual machines whose data sources are migrated after the
Live Mount operation.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Live Mounts > AHV VMs.
The AHV Live Mounts page appears with the details of existing Live Mounted AHV virtual machines.
Result
The Rubrik cluster initiates a job to unmount the selected virtual machine from the Rubrik cluster. The
Activity Log displays the status of the unmounting job.
The virtual machine entry disappears from the Live Mounts page when the virtual machine is unmounted.
Related reference
Virtual machine Live Mount operations
The operations available for a Live Mounted AHV virtual machine on the Live Mounts page vary depending
on the type of the Live Mount.
Live Mounts page for AHV virtual machines
The Live Mounts page for AHV virtual machines displays the details of the mounted virtual machines and
provides options to unmount, change the power status, and migrate the data source.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
Option Description
Servers & Apps > Linux & Unix Hosts The Linux & Unix Hosts tab of the Linux & Unix
Hosts page appears.
Servers & Apps > Windows Hosts The Windows Hosts tab of the Windows Hosts
page appears.
Servers & Apps > NAS Shares The Shares tab of the NAS Shares page appears.
3. Depending on the host type, do one of the following:
• For Linux, Unix, and Windows hosts, in the Name column, click a host name.
• For NAS hosts, in the Path column, click the path for a share.
The local page for the host appears.
4. Optional: To limit the search to a single host fileset, on the Filesets card, click the name of a fileset.
The fileset page appears and the search is confined to the selected fileset.
5. On the Snapshots card, type the name of the file or folder in the search field.
Result
Search finds the data to restore from a backup.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines, and then select a virtual machine type from the list.
The VMs page appears with the VMs tab selected and displays all the virtual machines of that type.
3. Click a virtual machine.
The local host page for the selected virtual machine appears.
4. Select a snapshot, archival snapshot, or replica.
5. Open the ellipsis menu for the snapshot or replica.
6. Click Recover Files.
The Recover Files dialog box appears.
7. Select a file or folder.
For supported Windows and Linux guest operating systems, the selection can be restored to the
original file system, or downloaded from a generated link. For other guest operating systems, the
selection can be downloaded from a generated link.
Result
Rubrik CDM web UI recovers a file or folder for a data protection object.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Search or browse for a file or folder.
5. Select a file or folder.
6. Open the ellipsis menu for the file or folder.
C:\Users\jsmith\work
/home/jsmith/work
13. Optional: (If available) Select Store as service credential for all VMs.
Choose this setting to have the Rubrik cluster store the credential. The stored credential can be
managed through the Service Credentials page.
14. Click Restore.
Result
The Rubrik cluster restores the file or folder to the specified location.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Search or browse for a file or folder.
5. Select the file or folder.
6. Open the ellipsis menu for the file or folder.
7. Click Download.
8. Click OK.
For a folder, the Rubrik cluster retrieves the folder and creates a zip file with the folder and all files and
folders within the selected folder. The zip file preserves the folder hierarchy. In the Rubrik CDM web UI
Activity Log, a ‘Downloaded’ message appears for the selected file or folder.
9. Click the message.
The Save As dialog box appears in the web browser.
10. Select a download location for the file, and click Save.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
11. (Folder only) Extract the folder using a zip utility.
Result
The Rubrik cluster restores the selected files or folders.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > AHV VMs.
The AHV VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Search or browse for a file or folder.
5. Select the file or folder.
6. Open the ellipsis menu for the file or folder.
7. Click Download.
For a folder, the Rubrik cluster retrieves the folder and creates a ZIP file with the folder and all files
and folders within the selected folder. The ZIP file preserves the folder hierarchy.
8. Open the local host page for the virtual machine.
9. On the messages card, select the ‘Link ready for download’ message.
Result
The Rubrik cluster restores the selected files or folders.
A Rubrik cluster provides data management and protection for virtual machines that are deployed in
a VMware vSphere environment. The Rubrik cluster can manage and protect virtual machines in an
environment with multiple vCenter Servers and multiple ESXi hosts.
The Rubrik cluster provides a variety of methods to recover virtual machines and to restore protected data.
Recover virtual machines and restore data by using snapshots, replicas, and archival snapshots.
Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA Domain
assigned to a parent object.
Objects from which a virtual machine can inherit are the following virtualization system entities:
• Folders
• Clusters
• Hosts
The automatic protection mechanism simplifies assigning protection to large numbers of virtual machines
and provides an easy method to uniformly assign specific SLA Domains to groups of functionally similar
virtual machines.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
During SLA Domain assignment, the Rubrik cluster displays the objects that have individual assignments
which conflict with the new assignment. For each conflicting object, the Rubrik cluster permits an
administrator to choose to retain the individual setting or apply the new setting.
To show the impact of automatic protection on the protection settings of a virtual machine, consider the
following fictitious virtual machine environment:
• Virtual machine is newly discovered and no protection has been assigned.
• Virtual machine resides on vSphere cluster C, cluster C has not been assigned protection.
• Virtual machine is contained by folder F1, and F1 is contained by top-level folder F2. Neither folder has
been assigned protection.
Administrator assigns the SLA Domain named ClusterProtection to C:
The virtual machine inherits the ClusterProtection assignment (Rule Two).
Administrator assigns the SLA Domain named Folder2Protection to F2:
The virtual machine inherits the Folder2Protection assignment (Rule Three). The expiration settings of
Folder2Protection apply to the snapshots taken while under ClusterProtection. Some snapshots may be
immediately marked as expired.
Administrator assigns the SLA Domain named Folder1Protection to F1:
The virtual machine inherits the Folder1Protection assignment (Rule Two). The expiration settings
of Folder1Protection apply to snapshots taken while under ClusterProtection and while under
Folder2Protection. Some snapshots may be immediately marked as expired.
Administrator changes the SLA Domain setting of folder F1 to Do Not Protect:
The virtual machine inherits the Do Not Protect setting and is unprotected (Rule Two).
Administrator individually assigns the virtual machine to the Gold SLA Domain:
The virtual machine is protected by the Gold SLA Domain (Rule One).
Administrator changes the SLA Domain setting of folder F1 to the Silver SLA Domain:
A conflict occurs between the individually assigned setting for the virtual machine and the setting selected
for F1. The Rubrik cluster displays the conflict. The administrator chooses to remove the individually
assigned setting and have the virtual machine inherit the new SLA Domain setting of F1. The virtual
machine is protected by the Silver SLA Domain.
Note: When virtual machines are linked, the retention periods for snapshots in the Computing state are
evaluated based on the snapshots of the linked VM. These retention policies will be retained if virtual
machines are later unlinked, even though the original snapshots used to determine the retention period
are no longer linked to the virtual machine.
To provide data management and protection for virtual machines in a vSphere environment, the vCenter
Server role assigned to the Rubrik cluster requires minimum privileges.
To access objects and perform operations on them, the Rubrik cluster account requires access permission
for the vCenter Server and child objects. Propagation of child objects ensures operations succeed.
Rubrik CDM provides vCenter Server diagnostic information on the vCenter Server page. This information
can help to determine whether the assigned account has the required vCenter Server access permissions.
Related tasks
Using vCenter Server diagnostics
vCenter Server diagnostics are used to confirm the access permissions of the vCenter Server account
assigned to the Rubrik cluster and to troubleshoot vCenter Server access permission issues.
Adding a vCloud Director instance
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click the + icon.
The Add vCenter dialog box appears.
5. In vCenter IP, type the resolvable hostname or IP address of the vCenter Server.
For an IPv6 address, enclose the address in square brackets.
[fd9d:22d3:cd28:7257::]
6. In vCenter Username and vCenter Password, type the user name and password assigned to the
Rubrik cluster.
7. Optional: To turn on the automatic linking feature, select Automatically link discovered virtual
machines.
8. Optional: To enable export of snapshots using HotAdd transport mode, select Enable HotAdd
transport mode for on-premise vCenter (Export only).
HotAdd transport mode bypasses the throughput bottleneck of the ESXi host by hot-adding one or
more virtual disks to a proxy virtual machine. This significantly reduces the latency that can occur
when exporting a large virtual machine.
An additional task to add the proxy network to enable HotAdd transport must be completed at the
conclusion of this task.
9. Optional: Enable Set Compute Resource Visibility and select a compute cluster in Compute
cluster.
When this toggle is enabled, you can specify which resources on the vCenter Server are visible to the
Rubrik cluster. Any resources not specified are hidden.
10. Click Advanced Setting to add a Certificate Authority (CA) certificate for TLS validation.
The dialog box expands to show the Trusted Root Certificate field.
11. Paste the text of the trusted CA root certificate for the vCenter Server into the Trusted Root Certificate
field.
When a trusted CA root certificate is not provided, the Rubrik cluster uses the trust on first use (TOFU)
standard to authenticate the vCenter Server.
12. Click Add.
Result
The Rubrik cluster tests the connection and adds the server information to the CDM web UI.
Context
The Rubrik cluster attempts to initiate a connection with the vCenter Metro Storage Cluster using vCenter
Server 6.0 or newer protocols, which require a trusted root certificate.
When a trusted root certificate is not provided, the Rubrik cluster uses the trust on first use (TOFU)
standard to authenticate the vCenter Metro Storage Cluster. Depending on the network environment, this
might not ensure secure operation.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click +.
The Add vCenter dialog box appears.
5. In vCenter IP, type the resolvable hostname or IP address of the vCenter Metro Storage Cluster.
For an IPv6 address, enclose the address in square brackets. For example:
[fd9d:22d3:cd28:7257::1]
Prerequisites
Add information about the vCenter Server to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Select a vCenter Server.
Select multiple vCenter Servers to refresh all of the selected entries.
5. Open the ellipsis menu at the top of the page.
6. Click Refresh vCenter.
Result
The Rubrik cluster starts a task to refresh the selected vCenters.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears with the list of known vCenter Servers.
4. Open the ellipsis menu for a vCenter Server.
5. Click Edit.
The Edit dialog box appears.
6. Make changes to the information.
7. Optional: To turn on the automatic linking feature, select Automatically link discovered virtual
machines.
8. Optional: To enable export of snapshots using HotAdd transport mode, select Enable HotAdd
transport mode for on-premise vCenter (Export only).
HotAdd transport mode bypasses the throughput bottleneck of the ESXi host by hot-adding one or
more virtual disks to a proxy virtual machine. This significantly reduces the latency that can occur
when exporting a large virtual machine.
An additional task to add the proxy network to enable HotAdd transport must be completed at the
conclusion of this task.
9. Click Update.
Result
The Rubrik cluster tests the connection and saves the updated information to the CDM web UI.
Prerequisites
Ensure that Enable HotAdd transport mode for on-premise vCenter (Export only) was selected
while adding or editing the vCenter Server connection information.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears, displaying the list of already added vCenter Servers.
4. Open the ellipsis menu for a vCenter Server, and click Edit Proxy VM Network.
The Edit Proxy VM Network dialog box appears.
5. Select a network segment for HotAdd proxy virtual machines.
6. Choose one of the following IP address assignment methods.
Assignment method Description
DHCP Automatically configures the network
parameters.
Static IP Requires manual configuration of the network
parameters.
7. (Static IP only) Provide values for the IP connection parameters.
The following parameters must have values specified: IP address, subnet mask, gateway address, and
DNS server address.
8. Click Update.
Result
The Rubrik cluster tests the connection and enables HotAdd transport mode for the selected vCenter
Server.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
Result
The Rubrik cluster deletes the information for the selected vCenter Server.
The Rubrik cluster provides management access to the data from the virtual machines of that vCenter
Server through the Snapshot Management page.
Prerequisites
Confirm the vCenter Server is correctly configured on the Rubrik cluster and in a connected state.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Select a vCenter Server.
5. From the vCenter Server ellipsis menu, click Refresh vCenter.
6. From the vCenter Server ellipses menu, click Dignostics.
The Diagnostics for the vCenter Server page appears.
7. On the left side of the screen, select a vCenter Server resource to review.
8. Optional: Turn on the Show only errors toggle.
Use this option to focus on any access permission errors.
Result
The Rubrik cluster displays a list of the required Rubrik cluster access permissions and their status.
Category Requirement
PowerShell Minimum required version is version 3, preferred is
version 4 or newer.
To determine the current version, open a
PowerShell window on the guest and type:
$PSVersionTable
When the ‘icacls’ script cannot be run, and Rubrik RBS is not installed on the virtual machine, the Rubrik
cluster can still restore objects in the Windows guest file system, but the ACL values of the source objects
will not be preserved in the restored objects.
Related concepts
Rubrik Backup Service
Context
Protect a set of virtual machines by assigning the selected set to an SLA Domain. Assigning virtual
machines to an SLA Domain protects the virtual machines by applying the data protection policies of the
SLA Domain.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Select a virtual machine.
Select multiple virtual machines to assign the same setting to all of the selected virtual machines.
To help find virtual machines, use the filters, sort the entries by column heading, or use the search
field.
4. Click Manage Protection.
A dialog box with one or more warnings may appear.
The Manage Protection dialog box appears.
5. Select an SLA Domain.
6. Click Next.
The Review Impact of the Manage Protection dialog box appears.
7. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
8. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand snapshots. The summary information
describes the effect of the changes on existing, new, on-demand, and downloaded snapshots.
9. Confirm that the Frequency and Retention settings are correct and click Submit.
If the summary information appears incorrect, click Back to return to the previous screen or Cancel
to cancel the change.
Result
The Rubrik cluster assigns the selection group to the SLA Domain.
Related concepts
Finding protection objects
The Rubrik CDM web UI provides several tools for finding protection objects.
Warning messages
As part of the task of assigning SLA Domains, the Rubrik cluster may display warning messages.
Related reference
Manage Protection options
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Select Folders.
The Folders tab appears.
4. Select an object within the vCenter Server folder hierarchy.
Click a value in the Name column to move down in the folder hierarchy.
5. Select multiple objects to apply the setting to more than one object in the folder hierarchy.
6. Click Manage Protection.
A dialog box with one or more warnings may appear.
7. Click Continue Anyway to proceed
Click Cancel to return to the Folders tab.
The Manage Protection dialog box appears.
8. Select an SLA Domain.
9. Click Next.
The Review Impact of the Manage Protection dialog box appears.
10. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
11. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand snapshots. The summary information
describes the effect of the changes on existing, new, on-demand, and downloaded snapshots.
12. Confirm that the Frequency and Retention settings are correct and click Submit.
If the summary information appears incorrect, click Back to return to the previous screen or Cancel
to cancel the change.
When the SLA Domain selection will cause a change in the individual setting of a object that is
contained by one of the selected objects, the SLA Conflicts dialog box appears.
When there are no SLA conflicts, the Rubrik cluster applies the selected setting to the selected objects.
The automatic protection rules determine the application of the selected setting to virtual machines
contained by the selected objects.
13. (SLA conflicts only) After resolving all SLA conflicts, click Done.
The Rubrik cluster applies the selected setting to the selected objects and resolves conflicts as
specified.
Result
The automatic protection rules determine the application of the setting to the virtual machines that are
contained by the selected objects.
Related concepts
Warning messages
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Select Clusters/Hosts.
The Clusters/Hosts tab appears.
4. Select an object within the vCenter Server hosts hierarchy.
To browse down the hosts hierarchy, click a value in the Name column.
5. Select multiple objects to apply the setting to more than one object in the hosts hierarchy.
6. Click Manage Protection.
A dialog box with one or more warnings may appear.
7. Click Continue Anyway to proceed.
Click Cancel to return to the Folders tab.
The Manage Protection dialog box appears.
8. Select an SLA Domain.
9. Click Next.
The Review Impact of the Manage Protection dialog box appears.
10. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
11. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand snapshots. The summary information
describes the effect of the changes on existing, new, on-demand, and downloaded snapshots.
12. Click Submit.
If the summary information appears incorrect, click Back to return to the previous screen or Cancel
to cancel the change.
When the SLA Domain selection will cause a change in the individual setting of a object that is
contained by one of the selected objects, the SLA Conflicts dialog box appears.
When there are no SLA conflicts, the Rubrik cluster applies the selected setting to the selected objects.
Result
The automatic protection rules determine the application of the setting to the virtual machines that are
contained by the selected objects.
Related concepts
Warning messages
As part of the task of assigning SLA Domains, the Rubrik cluster may display warning messages.
Automatic protection rules
To provide consistency when applying automatic protection the Rubrik cluster adheres to a specific set of
rules.
Related tasks
Resolving SLA conflicts
The Manage Protection setting of a selected object can conflict with the setting that is individually assigned
to an object contained by the selected object.
Related reference
Manage Protection options
Select virtualization hierarchy entities and click Manage Protection to view the Manage Protection dialog
box for the selected entities. The Manage Protection dialog box provides several options for the selected
entities.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Select Tags to filter by tag assignment.
4. Select one or more tags from the list.
5. Click Manage Protection.
A dialog box with one or more warnings may appear.
6. Click Continue Anyway to proceed.
Click Cancel to return to the Folders tab.
The Manage Protection dialog box appears.
7. Select an SLA Domain.
8. Click Next.
The Review Impact of the Manage Protection dialog box appears.
9. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
Result
The SLA Domain projection rules are applied to all virtual machines with the assigned tag.
Related concepts
Warning messages
As part of the task of assigning SLA Domains, the Rubrik cluster may display warning messages.
Related tasks
Resolving SLA conflicts
The Manage Protection setting of a selected object can conflict with the setting that is individually assigned
to an object contained by the selected object.
Related reference
Manage Protection options
Select virtualization hierarchy entities and click Manage Protection to view the Manage Protection dialog
box for the selected entities. The Manage Protection dialog box provides several options for the selected
entities.
Context
When a conflict is detected, the Rubrik cluster opens the SLA Conflicts dialog box to permit the conflict to
be resolved.
When the SLA Conflicts dialog box appears, it lists each object that has an individual SLA setting that
conflicts with the setting being applied to a selected containing object. The SLA Conflicts dialog box initially
lists these objects in the Keep Current SLA column.
Procedure
1. Assign an SLA Domain setting to an object.
2. When the SLA conflicts dialog box appears, choose an action for each listed object.
Option Description
Leave that object in the Keep Current SLA Retains the individual setting of the listed object.
column
Move the object to the Inherit column The individual setting of the listed object is
removed, and the object inherits the setting
selected in the Manage Protection dialog box.
The setting that the object inherits can be a
specific SLA Domain assignment, the Inherit SLA
setting, or the Do Not Protect setting.
3. Click Done.
Result
The Rubrik cluster resolves the conflicts as specified.
Related concepts
Assignment Conflicts
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Select a virtual machine.
Select multiple virtual machines to remove the individual setting of every virtual machine in the
selection group.
To help find virtual machines, use the filters, sort the entries by column heading, or use the search
field.
4. Click Manage Protection.
A dialog box with one or more warnings may appear.
The Manage Protection dialog box appears.
5. Choose one of the following options.
Option Description
Inherit The SLA Domain is assigned based on
inheritance rules.
Do Not Protect The virtual machine is excluded from all further
SLA Domain assignments.
Choose the retention policy for the existing
snapshots
• Preserve retention from previous SLA
• Keep forever
This is the default choice.
• Expire immediately
Name Description
Pre-Backup • Use Pre-Backup Script to prepare for a backup by quiescing the applications on the
Script virtual machine.
• Requires that a timeout value be specified.
• The Rubrik CDM web UI provides an option to cancel the backup task when the Pre-
Backup Script does not complete successfully.
Post-Snap Must be idempotent, script may be invoked several times during a single backup task.
Script
• Use Post-Snap Script to minimize stun time and resume all applications on the
virtual machine.
Post-Backup Must be idempotent, script may be invoked several times during a single backup task.
Script
• Use Post-Backup Script to perform custom post-processing at the end of the backup
process.
• Requires that a timeout value be specified.
• Post-Backup Script runs after: the snapshot is copied to the Rubrik cluster and
released on the virtual machine host, and the Rubrik cluster completes all data and
metadata processing tasks.
Related concepts
Guest OS settings
Enable the administration of guest OS credentials for virtual machines and fileset hosts.
Enabling scripts
Configure the Rubrik cluster to run scripts when a virtual machine is backed up.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Select a virtual machine.
To help find virtual machines, use the filters, sort the entries by column heading, or use the search
field. Finding protection objects describes these tools.
4. In Name, click the name of a virtual machine.
The local host page for the selected virtual machine appears.
5. Open the ellipsis menu, and select Configure Pre/Post Scripts.
The Configure Pre/Post Scripts dialog box appears.
6. (Optional) In Pre-Backup Script Path, type the full path for the Pre-Backup Script.
The full path is relative to the root of the guest OS file system.
7. (Optional) Select Cancel Backup if Pre-Backup Scripts Fails.
Any script exit status other than 0 is considered a script failure. When this box is selected, the Rubrik
CDM displays a notification of the script failure and the value of the exit status in the Activity Log.
8. (Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the Pre-Backup
Script because the script cannot be completed.
9. (Optional) In Post-Snap Script Path, type the full path for the Post-Snap Script.
The full path is relative to the root of the guest OS file system.
10. (Required when available) In Timeout, type an integer value.
The value represents the number of seconds before the Rubrik cluster terminates the Post-Snap Script
because the script cannot be completed.
11. (Optional) In Post-Backup Script Path, type the full path for the Post-Backup Script.
The full path is relative to the root of the guest OS file system.
12. (Required when available) In Timeout, type an integer value.
Result
The Rubrik cluster stores the information and runs the specified scripts for all subsequent backups of the
selected virtual machine. The Rubrik cluster provides entries in the Activity Log for errors that occur when
running the scripts as specified.
Prerequisites
• Ensure the datastores of the virtual machine reside on supported storage arrays.
• Add the storage arrays to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. In the Name column, click the name of the virtual machine.
The local host page for the selected virtual machine appears.
4. Optional: Open the ellipsis menu on the top bar of the local host page and select Configure Pre/
Post Scripts.
The Configure Pre/Post Scripts dialog box appears.
5. Optional: Enable the pre-backup script and the post-snap script for the virtual machine.
6. Open the ellipsis menu on the top bar of the local host page and select Enable Array Integration.
The Enable Array Integration menu item is available when the virtual machine is eligible for storage
array integration. After adding a storage array, the Rubrik cluster scans all virtual machines to
determine eligibility for storage array integration. The menu item does not appear until the scanning
period completes.
The message “Enabled array integration” appears in the Activity Log.
Result
The Rubrik cluster stores the information and uses storage array integration for all subsequent backups of
the virtual machine.
Related tasks
Adding a storage array
Add a storage array to the CDM web UI to permit the Rubrik cluster to interact directly with the storage
array.
Enabling scripts
Configure the Rubrik cluster to run scripts when a virtual machine is backed up.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
Result
The Rubrik cluster excludes the selected VMDK files from all future backups of the virtual machine.
Related concepts
Finding protection objects
The Rubrik CDM web UI provides several tools for finding protection objects.
Local host page
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the Virtual Machines card, in the view Unprotected.
Result
The Virtual Machines page opens, with the VMs tab selected, and filters the view to show All Unprotected
virtual machines.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Click Filter SLA.
Result
The Rubrik CDM web UI displays the virtual machines that belong to the selected protection state.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Click Filter SLA.
4. Select a filter.
• A named SLA Domain
• No SLA
• Do Not Protect
Result
The Rubrik CDM web UI displays the virtual machines that belong to the selected SLA Domain or to the
selected protection state.
Procedure
1. Log in to the Rubrik CDM web UI.
2. In the Search field, at the top of all Rubrik CDM web UI pages, type the name of the virtual machine.
The search matches the characters entered in the search field with the same sequence of characters
anywhere in a name. Continue to type characters to narrow down the results until the virtual machine
appears.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
3. When the name of the virtual machine appears in the displayed list, select the name.
Result
The Rubrik CDM web UI displays the local host page for the virtual machine.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Choose a tab.
Option Description
VMs Provides a virtual machines only view, with the
hierarchical location of each virtual machine
displayed in the location column.
Folders Provides the vCenter Server folder hierarchy
view, starting at the vCenter Server.
Clusters/Hosts Provides the vCenter Server cluster and host
hierarchy view, starting at the vCenter Server.
4. Choose to search or browse for an entity.
Method Next Step
Search 5
Browse 7
5. Type characters in the tab search field.
The search matches the characters in the search field with entities that have that sequence of
characters anywhere in the entity name.
The Rubrik cluster begins a predictive search and updates the results as letters are typed.
6. Stop typing when the name of the entity appears on the page.
Go to step 9.
7. Click the name of a top-level entity.
The Rubrik CDM web UI displays the entities within the selected entity.
8. Continue clicking entity names to browse down the hierarchy to a specific entity.
9. Select the entity.
Result
Search results are displayed in the object tab.
Procedure
1. Log in to the Rubrik CDM web UI.
2. In the left-side menu, select the protectable object type.
Option Description
Hyper-V VMs Click Virtual Machines > Hyper-V VMs .
vSphere VMs Click Virtual Machines > vSphere VMs.
Result
Rubrik CDM selects the data protection entities.
Related concepts
SLA Domain assignment
Provide protection for a virtual machine through an SLA Domain.
Warning messages
As part of the task of assigning SLA Domains, the Rubrik cluster may display warning messages.
For each type of warning, the Rubrik cluster offers the option to continue or to cancel the task.
The Rubrik cluster may display the following warning messages, individually or in combination:
• Assignment Conflicts
• These VM(s) are already protected
• VMware Tools not installed
Each warnings can appear separately or together in a Multiple Warnings dialog box.
Assignment Conflicts
The Rubrik CDM web UI displays the Assignment Conflicts warning when the Rubrik cluster detects a
conflict in the SLA Domain setting for a selected object.
An Assignment Conflict appears when a virtual machine inherits SLA Domains from a vCenter Server
cluster or host as well as from a vCenter Server folder. When an Assignment Conflict occurs, the SLA
Domain inherited from the vCenter Server folder applies unless the virtual machine has an individually
assigned SLA Domain.
When the Assignment Conflicts warning appears, do one of the following:
• Retain the current SLA Domain assignment.
• Inherit the SLA Domain from a parent.
• Cancel the operation and remove the selected objects from the selection set.
Assigning an SLA Domain can have retroactive effects on existing snapshots depending on the source of
the assignment.
To prevent the Assignment Conflicts warning from appearing again, select Don’t show this again.
Protection consequences
The SLA rules defined by an SLA Domain affect the protection of virtual machines in several ways. SLA
rules specify when snapshots are created, when snapshots expire, and where snapshot data is stored.
A policy driven snapshot is a snapshot that is created automatically based on the SLA rules of an SLA
Domain. In most cases, the SLA Domain that manages a policy driven snapshot is the same SLA Domain
that created the snapshot.
When the source virtual machine for a snapshot is assigned to another SLA Domain after the snapshot is
created, the new SLA Domain becomes the managing SLA Domain for the policy driven snapshot.
A policy driven snapshot can require manual management when the snapshot loses an association with the
SLA Domain.
Replication Retention Determines how long a replication target cluster retains replicas.
Period
Maximum Retention Determines how long the system retains snapshots. The Rubrik cluster
Period automatically expires policy driven snapshots that are older than the Maximum
Retention Period.
Assume that a virtual machine was assigned to the SLA Domain D1 and later was assigned to the SLA
Domain D2. At the time of the reassignment, the virtual machine had existing policy driven snapshots.
After the reassignment, those existing policy driven snapshots are managed based on the policies set in
SLA Domain D2.
When the base snapshot frequency for D1 is higher than the frequency for D2, then existing policy-driven
snapshots that are not required by the policies of D2 are deleted from the system.
By doing this, the Rubrik cluster brings the snapshot history for the virtual machine into compliance with
the frequency and retention periods defined by D2.
When D2 specifies a higher base frequency of snapshots, the virtual machine initially appears in the SLA
Compliance reports as out of compliance with the D2 SLA Domain because the existing snapshots were
insufficient to meet the new SLA Domain rules.
Assume that a virtual machine is protected under SLA Domain D1, the virtual machine is removed from D1,
and then the virtual machine is protected again by assigning the virtual machine to SLA Domain D2.
In this example, when the virtual machine is removed from protection, all policy driven snapshots for that
virtual machine must be managed manually.
When the virtual machine is assigned to SLA Domain D2, the policy driven snapshots for the virtual
machine are managed based on the policies defined in D2.
All existing and future snapshots for the virtual machine are subject to the rules of the D2 SLA Domain
regarding local cluster retention period, replication retention period and maximum retention period.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Virtual Machines > vSphere VMs.
To go directly to the page for a single virtual machine, type the name of the virtual machine in the
search box on the top bar of the Rubrik CDM web UI and select the virtual machine from the results
list.
The vSphere VMs page appears with the VMs tab selected.
2. In Name, click the name of a virtual machine.
Result
The local host page for the selected virtual machine appears.
Action Description
Take On Demand Snapshot Adds an on-demand snapshot of the virtual machine to the task queue.
Backup Window settings defined for the SLA Domain of the virtual machine
do not apply to on-demand snapshots. Only the maximum retention and
remote configuration settings of the associated SLA Domain apply to on-
demand snapshots.
Manage Protection Opens the Manage Protection page where the virtual machine can be
assigned to an SLA Domain for protection.
When the virtual machine is already assigned to an SLA Domain, a warning
appears. Click Continue to open the Manage Protection page. Click Cancel to
return to the local host page.
Ellipsis menu > Delete All Only appears for an unprotected virtual machine. Deletes all snapshots
Snapshots for the virtual machine, including local snapshots, archival snapshots, and
replicas.
Ellipsis menu > Exclude Provides access to the Exclude VMDK dialog box.
VMDKs
Ellipsis menu > Configure Provides access to the Configure Application Consistency dialog box.
Application Consistency
Ellipsis menu > Configure Provides access to the Configure Pre/Post Scripts dialog box.
Pre/Post Scripts
Ellipsis menu > Enable Only appears when the virtual machine is eligible for storage array
Array Integration integration. Enables storage array integration for all subsequent backups of
the virtual machine.
Register Rubrik Backup Establishes a connection between the Rubrik cluster and the Rubrik Backup
Service Service (RBS) software running on the guest OS of the virtual machine.
Related concepts
Snapshots
The Rubrik cluster provides protection for virtual machines by combining native snapshot technology with
the fast and scalable cloud data management platform of the Rubrik cluster.
Storage array integration
A Rubrik cluster can integrate with a storage array to further reduce the time that a virtual machine is
quiescent during a snapshot operation. To qualify for storage array integration, all datastores assigned to
the virtual machine must reside on storage arrays.
Related tasks
Excluding VMDK files of a virtual machine
When backups are not required for some of the VMDK files of a virtual machine, exclude those VMDK files
from backups.
Specifying crash consistent backups
Overview card
Information available on the Overview card.
Field Description
vCenter IP address of the vCenter Server that manages the virtual machine.
Host–For virtual machines that are assigned to an SLA Domain
Host
without an Archival policy, shows the IP address of the hypervisor
or
that hosts the virtual machine.
Cloud Conversion
Cloud Conversion–For virtual machines that are assigned to an SLA
Domain with an Archival policy, shows the Configure button and
either:
• Disabled
• Name of the archival location
SLA Domain Name of the SLA Domain that manages the protection of the selected
virtual machine.
Live Mounts Number of live mounts for snapshots associated with the selected
virtual machine.
Oldest Snapshot Timestamp for the oldest snapshot associated with the selected
virtual machine.
When the SLA Domain has an active archival policy, the oldest
snapshot resides at the archival location.
Latest Snapshot Timestamp for the most recent successful snapshot of the selected
virtual machine.
Total Snapshots Total number of retained snapshots for the selected virtual machine,
including both the local Rubrik cluster and any archival location.
Missed Snapshots Number of policy driven snapshots that did not complete successfully.
A missed snapshot is included in the count until the period since
the SLA Domain policy required the snapshot exceeds the retention
period of the SLA Domain.
Snapshots card
For the selected local virtual machine, the Snapshots card provides the ability to browse the snapshots that
reside on the local Rubrik cluster and on the archival location.
The Snapshots card provides access to snapshot information through a series of calendar views. Each view
uses color spots to indicate the presence of snapshots on a date and to indicate the status of SLA Domain
compliance for the virtual machine on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the virtual
machine.
Snapshots in the calendar view are color coded by status.
View Description
Year The Year view displays snapshot creation information for an entire year. A color spot
indicator on a specific date indicates snapshot activity, and displays the SLA Domain
compliance status for that day.
Month The Month view displays snapshot creation information for an entire month. A color spot
indicator on a specific date indicates snapshot activity, and displays the SLA Domain
compliance status for that day.
Day The Day view displays the individual snapshots that were created on the selected day.
The Day view also provides the additional information and actions described in the
following section.
Category Description
Created Creation time of the snapshot.
Time
Location For a snapshot that resides only on local storage the indicator field is empty.
The following icon indicates a snapshot that resides at an archival location.
The following icon indicates a snapshot that resides locally and at an archival location.
The following icon indicates a replica of the snapshot was sent to the target Rubrik cluster.
Status The following icon indicates a warning for the snapshot entry. Hover over the icon to see
additional information.
The following icon indicates the policy driven snapshot represented by the entry was not
completed successfully.
Command Description
Search by File Use the predictive search field to find file by typing the name.
Name
Mount Virtual Use the snapshot to create and mount a new virtual disk on a hypervisor host.
Disk
Mount Virtual Use the snapshot to create and mount a new virtual machine on a hypervisor host.
Machine
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows: name of
source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The local Rubrik cluster is the datastore for the new virtual machine.
Instantly Restore a virtual machine into the production environment by using the selected
Recover snapshot.
The new virtual machine is given the same name as the source virtual machine and is
powered on and connected to the network. The source virtual machine is powered off
and renamed.
The local Rubrik cluster serves as the datastore for the new virtual machine.
Export Use the snapshot to create and mount on an hypervisor host a new virtual machine,
that is a copy of the local virtual machine.
The new virtual machine is uniquely named within the virtualization management
system. The name of the recovered virtual machine is constructed as follows: name of
source virtual machine + timestamp of snapshot + incremented integer.
The new virtual machine is powered on but is disconnected from the network.
The hypervisor host is the datastore for the new virtual machine.
Archival Description
snapshot
action
Download Transfer a copy of the selected snapshot to the local Rubrik cluster so that it is available for
additional local actions. The local Rubrik cluster provides a notification when the download is
completed.
Recover Open a file browser view on the selected snapshot.
Files
Use this view to find, select, and download a file or folder from the snapshot.
Restoring from notification link describes how to download a file or folder.
Backup processes
A Rubrik cluster backs up a virtual machine by creating a snapshot of the virtual machine by using vMware
APIs for Data Protection. For Windows guests, the Rubrik cluster uses the Rubrik Backup Service software
to pass a request to the Volume Shadow copy Service component of the Windows OS.
When a Rubrik cluster begins protecting a virtual machine, the Rubrik cluster starts by creating a first full
snapshot of the virtual machine. This first full snapshot is a complete backup of the virtual machine.
After the first full snapshot, the Rubrik cluster continues protection of the virtual machine by creating
incremental snapshots based on the change information provided by Changed Block Tracking (CBT). Each
incremental snapshot on the Rubrik cluster only includes the data blocks that have changed since the last
snapshot.
The vSphere environment transmits the snapshot data to the Rubrik cluster using the most efficient
available transport mode. Normally, the vSphere environment uses the Network Block Device protocol
with Secure Socket Layer encryption (NBDSSL). The high efficiency of the Rubrik cluster eliminates data
bottlenecks, enabling data transmission rates that minimize the time that a virtual machine is quiescent.
For virtual machine disks (VMDKs) that are stored on a storage-attached network (SAN), the Rubrik cluster
can use the SAN transport mode. In this mode, the Rubrik cluster uses the Internet Small Computer Serial
Interface (iSCSI) protocol to obtain snapshot data over a direct connection to the storage array resulting in
very fast data transmission.
Snapshot window
An SLA Domain can be configured to include a snapshot window. A snapshot window determines the
period in a day the Rubrik cluster can initiate policy-driven snapshots of the objects that the SLA Domain
protects.
When using the snapshot window policy, the specified window must be long enough to accommodate the
number of objects that are assigned to the SLA Domain. Monitor the snapshot activity of the SLA Domain
to ensure that all policy-driven snapshots are successfully completed. When necessary, lengthen the period
to permit all snapshots to be completed successfully.
Protection exceptions
The Rubrik cluster cannot protect data when protection exceptions exist.
Protection exceptions include:
• VMDKs that are set to Independent-Persistent mode or to Independent-Nonpersistent mode.
• Network drives that are mounted on the file system of a protected virtual machine.
• Any virtual machine for which the Rubrik cluster does not have snapshot creation permission because of
settings on the virtual machine or on a vSphere folder that contains the virtual machine.
• Any virtual machine data that resides on raw disk mappings (RDMs), where the RDMs are set to
Physical compatibility mode.
File system A point-in-time snapshot with Provided when the guest OS has an up-to-
consistent quiescence. date version of VMware Tools and:
• Timestamps are consistent. • Application consistency is not supported
• Pending updates for open files are for the guest OS.
saved. • Guest OS is Windows.
• In-flight I/O operations are
completed
• Application-specific operations may
not be completed.
The Rubrik cluster determines whether a guest OS is running the current version of VMware Tools.
The Rubrik cluster requests the status of VMware Tools on a virtual machine from the vSphere
environment. When the vSphere environment replies that a virtual machine is not running the current
version of VMware Tools, the Rubrik cluster displays a warning message. Warning messages provides
information about the warning message.
To ensure file system consistent snapshots or application consistent snapshots for a virtual machine,
always install the most up-to-date version of VMware Tools.
For information on installing VMware Tools on a guest OS, see How to install VMware Tools.
Application consistency
The Rubrik cluster supports application-consistent snapshots for many guest OS types and application
types.
The Rubrik cluster supports application-consistent snapshots for applications such as:
• Microsoft Exchange Server
• Microsoft SQL Server
• Microsoft Active Directory
• Microsoft SharePoint
• Oracle Database (RDBMS) running through Managed Volume protection
To enable application-consistent snapshots for the Microsoft applications, RBS must be installed on the
guest OS.
For Windows, if RBS is not installed, but VMware Tools is installed, the Rubrik cluster attempts to quiesce
the Windows virtual machine using VMware Tools. The cluster attempts application consistency, but cannot
guarantee this outcome.
The Rubrik cluster does not support restore of an application-consistent snapshot into an availability group.
Cluster consistency for the availability group cannot be ensured in this situation and problems may occur.
Related concepts
Rubrik Backup Service
The Rubrik Backup Service provides enhanced integration with protected resources and host systems.
Context
Specify crash consistent backups to prevent application consistent backups and minimize the effects of
virtual machine stun.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears with the VMs tab selected.
2. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
3. Open the ellipsis menu, and select Configure Application Consistency.
The Configure Application Consistency dialog box appears.
Result
The Rubrik cluster applies the setting to all future backups of the virtual machine.
On-demand snapshots
In addition to policy-based snapshots, create virtual machine snapshots by using the on-demand snapshot
process.
A Rubrik cluster creates policy-based snapshots of protected virtual machines automatically, according to
the SLA rules of the associated SLA Domain.
Additional snapshots of protected virtual machines, and snapshots of unprotected virtual machines can be
created by using the on-demand snapshot process.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Select one or more virtual machines from the list.
4. Open the ellipsis menu and click Take On Demand Snapshot.
When taking an on-demand snapshot for the number of virtual machines selected would result in a
cluster load that affects the compliance of existing SLA Domains, a warning appears. Click Continue
Anyway to dismiss the warning or Cancel to return to the virtual machines list and select fewer
virtual machines.
The Take On Demand Snapshot wizard appears, set to the Assign SLA step.
5. Select an SLA Domain and click Next.
The Rubrik cluster bases the retention period of the on-demand snapshot on the retention period and
frequency of the assigned SLA Domain. The Rubrik cluster uses the remote configuration settings of
the associated SLA Domain to manage the on-demand snapshot. The selected SLA Domain can be
different from the SLA Domain that protects the virtual machine.
The Take On Demand Snapshot wizard advances to the Review Impact step.
6. Review the retention settings of the selected SLA Domain and click Take On Demand Snapshot.
Result
The Rubrik cluster adds the specified on-demand snapshot tasks to the task queue. The Activity Log tracks
the status of the on-demand backup tasks.
Related concepts
Retention management
Assign retention policies to existing scheduled snapshots, on-demand snapshots, and snapshots retrieved
from an archival location.
Snapshot Management page
Snapshot expiration
A Rubrik cluster always retains the latest snapshot of a protected object at locations specified in the SLA
Domain, even when the retention period for all snapshots has expired.
When the retention period for a snapshot ends, the cluster marks the snapshot as expired. Expired
snapshots are no longer listed as a Snapshot Management object in the Rubrik CDM user interface.
The Rubrik cluster periodically deletes expired snapshots, but retains expired snapshots that meet specific
criteria.
Unmanaged data
Manage file system and application data that is not subject to a retention policy through the Snapshot
Management page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as unmanaged
snapshot objects. Unmanaged snapshot objects can be managed through the Snapshot Management page
of the Rubrik CDM web UI.
View the Snapshot Management page for information about tasks with unmanaged snapshot objects.
Related concepts
Retention management
Assign retention policies to existing scheduled snapshots, on-demand snapshots, and snapshots retrieved
from an archival location.
The name of the recovered virtual machine is constructed as follows: name of source virtual machine +
timestamp of snapshot + incremented integer. For example, the first mount of the snapshot of the virtual
machine “NitroN1” that was created at “08-04 06:48” is named “NitroN1 08-04 06:48 0”.
Related concepts
Minimum vCenter Server privileges
Archival Initiated from the local Rubrik cluster after the archival snapshot is downloaded to the
local Rubrik cluster:
• Instant Recovery
• Live Mount
• Export
• In-Place Recovery
Context
Use the search box on the top bar of the Rubrik CDM web UI to directly access the local host page when
the name of the source virtual machine is known.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. (Unmanaged virtual machines only) Select Snapshot Management.
4. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
6. (Recovering archival snapshot only) Open the ellipsis menu for the snapshot and click Download.
The Rubrik cluster retrieves the archival snapshot. Status of the retrieval appears in the Activity Log.
The Rubrik cluster does not apply a retention setting to a downloaded archival snapshot. Archival
snapshots downloaded to local storage must be manually deleted.
Result
Any of the available recovery actions can be performed on the selected snapshot.
Related concepts
Local host page
Selecting a replica
Select a replica from the replication target Rubrik cluster to use for a recovery action.
Procedure
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
Use the search box on the top bar of the Rubrik CDM web UI to directly access the Remote VM Details
page when the name of the source virtual machine is known.
2. On the left-side menu of the Rubrik CDM web UI, select SLA Domains > Remote Domains.
The Remote SLA Domains page appears.
3. Select a remote SLA Domain.
The page for the selected SLA Domain appears.
4. In the Virtual Machines section of the remote SLA Domain’s page, click the name of a virtual machine.
The Remote VM Details page for the selected virtual machine appears.
5. Use the Snapshots card to navigate to a replica.
Result
Any of the available recovery actions can be performed on the selected replica.
Live migration
A recovered virtual machine can be live migrated using a process such as vSphere Storage vMotion.
After live migration of a virtual machine that was recovered by the Instant Recovery or Live Mount actions,
metadata for the recovered virtual machine remains on the Rubrik cluster. Delete the metadata for the
recovered virtual machine through the Live Mounts page of the Rubrik CDM web UI by using the Force
Delete option.
Related concepts
Minimum vCenter Server privileges
Related tasks
Removing a virtual machine entry after live migration
Context
During an Instant Recovery, the Rubrik cluster powers off and renames the source virtual machine, then
assigns the original name of the source virtual machine to the recovered virtual machine. The Rubrik
cluster powers on the recovered virtual machine and connects it to the source network.
The Rubrik cluster acts as the datastore for the recovered virtual machine. Migrate the recovered virtual
machine to another datastore managed by a vCenter Server to prevent data loss when the Rubrik cluster
unmounts the Live Mount.
Perform an instant recovery of a virtual machine to these resources:
• A cluster of ESXi hosts
• An individually managed vSphere or ESXi host
• A vSphere resource pool
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > vSphere VMs.
Result
The Rubrik cluster instantly recovers the virtual machine with a fully functional point-in-time copy.
Related concepts
Local host page
Activity Log
The Activity Log contains log messages about standard tasks and notifications that are considered time
sensitive.
Related tasks
Selecting a snapshot or an archival snapshot
Use the Rubrik CDM web UI to select a snapshot before applying a recovery action.
Powering off after Instant Recovery or Live Mount
Power off a recovered virtual machine from the Live Mounts page of the Rubrik CDM web UI.
Unmounting after Instant Recovery or Live Mount
Unmount a recovered virtual machine from the Live Mounts page of the Rubrik CDM web UI. The Live
Mounts page lists all recovered virtual machines that were recovered by using Instant Recovery or Live
Mount from the local Rubrik cluster.
Context
The Rubrik cluster Live Mounts a virtual machine from a snapshot. The Live Mounted virtual machine has a
new name and can be optionally:
• Connected to the network
• Limited to ESXi subnet IP addresses
• Powered on
The Live Mount can be mounted on any of the following:
• ESXi cluster
• Single ESXi host
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > vSphere VMs.
To work with data from an unmanaged virtual machine on the Snapshot Management page, click
Snapshot Management from the left pane. Then, continue with the following steps from the
Snapshot Management page instead of the Virtual Machines page.
The vSphere VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
Search the list by entering a text string in the Search field.
The local host page for the selected virtual machine appears.
4. Use the Snapshots card to navigate to a snapshot or an archival snapshot.
5. Open the ellipsis menu for the snapshot or replica.
6. Click Mount Virtual Machine.
The Mount Virtual Machine wizard appears with the Select Destination page, displaying a list of
compute clusters and standalone hosts.
7. In Select Destination, select the target resource to mount the virtual machine snapshot.
Option Description
Mount on a compute cluster Select a compute cluster.
Mount on a vSphere resource pool Select a resource pool, or click the name of
a resource pool to choose from the children
resource pools.
Mount on a host Select a standalone host, or click the name of a
compute cluster to select a vSphere host.
To search the list of hosts or resource pools, type a search string in the search field.
8. Optional: In Advanced Settings, type the name of the mounted virtual machine.
9. Optional: Select one or more of the following Advanced Settings.
Option Description
Power on mounted virtual machine Select this option to start the virtual machine
when the mount is completed.
Remove Tags Select this option to skip attempts to re-associate
vSphere tags with the virtual machine.
10. Click Next.
The Mount Virtual Machine wizard progresses to the Select Network page.
11. Optional: Switch on the Customize network selection toggle to connect the virtual network
adapter to a specific virtual network configured on the vCenter.
By default, the virtual network adapter connects to the virtual network matching with the name
recorded in the snapshot. The snapshot contains the details of the adapter on the virtual machine and
the corresponding virtual network.
12. (Customize network selection only) In Network, select a network from the list for every network
adapter.
13. Optional: In Advanced network options, select an option.
More than one option can be selected.
Result
The Rubrik cluster creates the Live Mount and makes it available through the specified management host.
The Rubrik cluster sets the protection state of the Live Mounted virtual machine to Do Not Protect.
Next task
When necessary, enable networking for the virtual machine and power it on. Protect the virtual machine
by assigning it to an SLA Domain, or by removing the Do Not Protect assignment that blocks derived
protection.
Related concepts
Local host page
Related tasks
Selecting a snapshot or an archival snapshot
Use the Rubrik CDM web UI to select a snapshot before applying a recovery action.
Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before applying a
recovery action.
Related information
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/
GUID-290AE852-1894-4FB4-A8CA-35E3F7D2ECDF.html
Context
A Live Mount mounts the VMDKs of a virtual machine on the Rubrik cluster. The Rubrik cluster acts as the
datastore for the virtual machine, and appears as a datastore in the vSphere web client.
During migration, the Rubrik cluster uses Storage vMotion to migrate the VMDKs to a non-Rubrik
datastore. The vCenter Server that controls the virtual machine directly manages the non-Rubrik datastore.
Rubrik can export a VMDK as Thick Provisioned or Thin Provisioned. When selecting the destination
storage for the virtual machine migration in the VMware environment, consider whether to keep the same
format as the source.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the Rubrik CDM web UI, select Live Mounts > vSphere VMs.
The vSphere VM Live Mounts page appears.
3. Open the ellipsis menu next to a vSphere VM Live Mount and select Migrate Datastore.
The Migrate Datastore dialog box appears.
4. Select the target datastore from the list and click Migrate.
Result
The Rubrik cluster completes the migration.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the Rubrik CDM web UI, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears with the VMs tab selected.
3. Click the name of the migrated virtual machine.
The Local host page appears.
4. Review the Activities card for the virtual machine and check for a message that indicates the virtual
machine was migrated successfully.
Result
The Rubrik CDM web UI verifies the migration of a virtual machine to a vCenter Server datastore.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. From the list, select virtual machines.
Select up to 10 virtual machines to include in the batch. After the first selection, an ellipsis menu
appears in the upper-right of the page.
4. Open the ellipsis menu and click Mount.
The Snapshot pane of the Mount Virtual Machines wizard appears.
5. Select a snapshot time frame:
• Latest snapshot - The batch uses the most recent snapshot of each selected virtual machine.
• Closest snapshot - Select either before or after and specify a time. From each selected virtual
machine, the batch uses the snapshot that meets this specification.
6. Click Next.
The Target pane of the wizard appears.
7. Select an ESXi host.
8. Optional: Select one or more of the following Advanced Settings.
Option Description
Remove virtual network devices Select this option when networking changes or
issues prevent the virtual machine from starting
Preserve MAC addresses Select this option to use the MAC addresses
from the snapshot instead of assigning new MAC
addresses.
Power on mounted virtual machines Select this option to start the virtual machine
when the mount is completed.
Remove Tags Skip attempts to re-associate vSphere tags with
the virtual machine.
9. Click Finish.
Result
The virtual machines are created.
Context
The Rubrik cluster mounts the virtual disk to an existing virtual machine. The Rubrik cluster sets the
protection state of the new virtual disk to Do Not Protect.
Procedure
1. Select a snapshot, an archival snapshot, or a replica.
For archival snapshots, complete the download steps.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Mount.
The Mount Snapshot dialog box appears.
4. Select Virtual Disk.
A list of disks on the virtual machine appears.
5. Select a disk to mount from the list of disks.
To search the list of disks, enter a search string in the ‘Search by Name’ field.
6. Click Next.
The Mount Snapshot dialog box advances to the ‘Target’ state. A list of virtual machine hosts appears.
7. Select a restore target for the virtual disk from the list of hosts.
To search the list of hosts, enter a search string in the ‘Search by Name’ field.
8. Click Mount.
Result
The Rubrik cluster mounts virtual disks on the selected virtual machine. During the process, messages
about the status appear in the Activity Log. The Rubrik cluster also records the final result of the task in
the Activity Log.
The Rubrik cluster sets the protection state of the Live Mount recovered virtual disk to Do Not Protect. To
protect the new virtual disk, add the virtual disk to an SLA Domain or remove the individual Do Not Protect
assignment to enable the virtual disk to inherit protection settings.
Related tasks
Selecting a snapshot or an archival snapshot
Use the Rubrik CDM web UI to select a snapshot before applying a recovery action.
Selecting a replica
Use the Rubrik CDM web UI of the replication target Rubrik cluster to select a replica before applying a
recovery action.
Administrator uses the network static_route add command to add an entry to the kernel routing
table. At
the prompts, the administrator enters 12.42.0.0 as the subnet, 255.255.255.0 as the netmask,
bond0.1000 as the interface, and 12.42.1.12 as the gateway:
The CLI command prompts for the entries.
===================
Adding static route
===================
Network: 12.42.0.0
Subnet Mask: 255.255.255.0
Device: bond0.1000
Gateway: 12.42.1.12
Context
This task does not support snapshot exports to Virtual Volume (vVol) datastores. For vVol datastores,
create a Live Mount of the snapshot and perform a live migration using vMotion storage.
Procedure
1. Open the ellipsis menu for vSphere virtual machine snapshot or replica.
2. Click Export.
The Export Snapshot wizard appears.
3. Select a host.
4. Click Next.
The Select Storage page appears.
5. Select a datastore.
6. Optional: In Advanced Settings, type a name to assign to the exported virtual machine.
7. Optional: Select Remove Tags to skip attempts to re-associate vSphere tags with the virtual
machine.
8. Optional: Click Use HotAdd Transport Mode to use HotAdd transport mode for the snapshot.
HotAdd transport mode bypasses ESXi hosts throughput bottleneck by hot-adding virtual disks to a
proxy virtual machine. This significantly reduces the latency of exporting a large virtual machine.
9. Click Next.
The Export Snapshot wizard progresses to the Select Network page.
10. Optional: Enable Customize network selection to connect the virtual network adapter to a virtual
network other then the original.
By default, the virtual network adapter connects to the virtual network matching with the name
recorded in the snapshot. The snapshot contains the details of the adapter on the virtual machine and
the corresponding virtual network.
11. Optional: Select advanced network options.
Option Description
Remove virtual network devices Select this option when networking changes or
issues might prevent the virtual machine from
starting.
Preserve MAC addresses Select this option to use the original MAC
addresses instead of automatically assigning new
MAC addresses.
12. Click Export.
Result
The Rubrik cluster assigns a new name to the recovered virtual machine and powers it up. The Rubrik
cluster does not connect the recovered virtual machine to a network. The Rubrik cluster sets the protection
state of the new virtual machine to Do Not Protect.
Related concepts
Live Migration
After a recovery, the recovered virtual machine use Live Migration.
Related tasks
Creating a Live Mount of a vSphere virtual machine
Prerequisites
Select an archival snapshot.
Context
Snapshot exports to Virtual Volume (vVol) datastores are not supported. For vVol datastores, create a Live
Mount of the snapshot and perform a live migration using vMotion storage.
Procedure
1. Open the ellipsis menu for the archival snapshot.
2. Click Export with Download.
The Export Snapshot wizard appears.
3. Select a host or cluster from the list.
Type a string into the search field to search for a host or cluster by name, or click the + icon to add a
new ESXi host.
A list of the datastores that are associated with the selected resource appears. The Export Snapshot
wizard advances to the Storage step.
4. Select a datastore from the list.
Type a string into the search field to search for a datastore by name.
5. Optional: Select one or more of the following Advanced Settings.
Option Description
Remove virtual network devices Select this option when networking changes or
issues prevent the virtual machine from starting.
Preserve MAC addresses Use the MAC addresses from the snapshot
instead of assigning new MAC addresses.
Remove Tags Skip attempts to re-associate vSphere tags with
the virtual machine.
6. Click Export.
Result
The Rubrik cluster downloads the selected snapshot from the archive location to the selected datastore.
The Rubrik cluster assigns a new name to the recovered virtual machine and powers on the virtual
machine. The Rubrik cluster does not connect the recovered virtual machine to a network. The Rubrik
cluster sets the protection state of the recovered virtual machine to Do Not Protect.
Related concepts
Live Migration
Context
Snapshots of an existing vCenter server can be recovered by temporarily using a standalone ESXi host
when the vCenter server is unavailable. The initial steps are the same as for exporting to a known ESXi
host.
Procedure
1. Select a snapshot, an archival snapshot, or a replica.
For archival snapshots, complete the download steps.
2. Open the ellipsis menu for the snapshot or replica.
3. Click Export.
The Export Snapshot dialog box appears.
4. In Choose an ESXi Host, click the plus sign near the upper right to add a standalone ESXi host for
the virtual machine.
The Add ESXi Host dialog box appears.
5. Enter the credentials for the new ESXi host:
• IP address or hostname
• Username
• Password
6. Click Submit to authenticate the new ESXi host.
The new host appears in the alphabetical list of ESXi hosts.
7. Select the ESXi host.
A list of the datastores associated with the new ESXi host appears.
8. In Choose a Datastore, select a datastore.
9. Optional: Select Remove virtual network devices.
Select this option when networking changes or issues prevent the virtual machine from starting.
10. Click Export.
Result
The Rubrik cluster creates a new virtual machine from the snapshot on the selected ESXi host, transfers
the virtual machine files to the datastore, and powers up the recovered virtual machine. During the
process, messages about the status appear in the Activity Log. The Rubrik cluster also records the result of
the task in the Activity Log.
Context
The Live Mounts page lists all recovered virtual machines that were recovered by using Instant Recovery or
Live Mount from the local Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI on the replication target Rubrik cluster.
2. On the left-side menu of the Rubrik CDM web UI, select Live Mounts.
3. Select a recovered virtual machine with the Powered On status.
4. Open the ellipsis menu for the recovered virtual machine.
5. Click Power Off.
A confirmation message appears.
6. Click Power Off.
Result
The Rubrik cluster gracefully powers down the selected virtual machine.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the Rubrik CDM web UI, select Live Mounts.
The Live Mounts page appears.
3. Open the ellipsis menu for a recovered virtual machine.
4. Click Unmount.
The confirmation message includes the option Remove local entry after Storage vMotion. Enable
this option to remove a stale entry for a recovered virtual machine that was live migrated.
A confirmation message appears.
5. Click Unmount.
The Rubrik cluster removes the selected virtual machine from the ESXi host and deletes the recovered
virtual machine files from the Rubrik cluster datastore. This action does not remove data protection
objects.
Result
The Rubrik cluster names the datastore devices using the format IP_NODE_sdmount, where IP_NODE is
the IPv4 address of one of the nodes of the Rubrik cluster.
The VMware knowledge base article How to unmount a LUN or detach a datastore device from ESXi hosts
(2004605) describes how to detach a datastore device from an ESXi 5.0 or newer host.
Related tasks
Removing a virtual machine entry after live migration
The Live Mounts page of a Rubrik cluster retains entries for recovered and migrated virtual machines until
manually removed.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the Rubrik CDM web UI, select Live Mounts.
The Live Mounts page appears.
3. Select a recovered virtual machine that was live migrated.
4. Open the ellipsis menu for the recovered virtual machine.
5. Click Unmount.
A confirmation message appears.
6. Select Remove local entry after Storage vMotion.
7. Click Unmount.
Result
The Rubrik cluster removes the metadata associated with the selected virtual machine and removes the
entry for the virtual machine from the Live Mounts page. This action does not remove data protection
objects and does not unmount the recovered and migrated virtual machine.
During the process, messages about the status appear in the Activity Log. The Rubrik cluster also records
the final result of the task in the Activity Log.
Context
Rubrik CDM allows In-Place Recovery with local and archived snapshots. In-Place Recovery does not work
with replicated snapshots because the original ESXi host and datastores may not exist on the replication
target cluster to write the data in-place to the original VMDK files in the original datastore.
Note: The In-Place Recovery job of vSphere against VMware vCenter will not proceed as the vCenter
shuts down before taking a snapshot.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > vSphere VMs.
Result
The Rubrik cluster initiates the In-Place Recovery of the virtual machine with the selected snapshot. The
recovery process does not change the name or location of the virtual machine.
Note: VMware snapshots do not support recovery of reparse point files. Use fileset snapshots to protect
reparse points.
The options used for file and folder recovery types are defined in the following table.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > Hyper-V VMs.
The Hyper-V VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. On the Snapshots card, type the name of the file or folder in the search field.
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file and
folder pathnames.
Matches are based on file or folder names that start with the characters typed. Continue to type
characters until the file or folder appears in the results.
5. Select the file or folder.
The Download File Version dialog box appears. A cloud icon appears next to files or folders that are on
archival snapshots.
6. Select a version of the file or folder.
Result
Rubrik CDM searches for the file or folder.
Related tasks
Viewing a local host page
Context
Note: The Rubrik cluster must download an archival snapshot before it can be browsed. Searching
by name for a file or folder on an archival snapshot does not require that the archival snapshot be
downloaded first.
Procedure
1. Select a snapshot, an archival snapshot, or a replica.
Selecting a snapshot or an archival snapshot describes the selection task for snapshots and archival
snapshots. For archival snapshots, complete the download steps.
Selecting a replica describes the selection task for replicas.
2. Open the actions menu for the snapshot or replica by clicking the ellipsis icon.
3. Click Browse Files.
The browse dialog box appears.
4. Select a file or folder.
Result
For supported Windows and Linux guest operating systems, the selection can be restored to the original
file system, or downloaded from a generated link. For other guest operating systems, the selection can be
downloaded from a generated link.
Prerequisites
This task requires source system root access credentials.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. On the Snapshots card, type the name of the file or folder in the search field.
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file and
folder pathnames.
Matches are based on file or folder names that start with the characters typed. Continue to type
characters until the file or folder appears in the results.
5. Select a file or folder.
6. Click Restore.
The Restore button only appears for supported hosts. When the Rubrik cluster has previously accepted
the guest host OS credentials, the credential fields do not appear.
The Restore Files dialog box appears.
7. (Windows only) In Domain, enter the resolvable hostname or IP address of the authentication server
for the credential.
Option Description
Windows guest Use the administrator credentials.
Unix/Linux guest Use the root credentials.
When the Windows guest OS performs Workstation Authentication of credentials instead of Domain
Authentication, leave the Domain field empty.
Note: With some ESXi hypervisors, the VMware API requires a single period character in the Domain
field to correctly pass the Workstation Authentication value to the Windows guest. When an empty
Domain field does not provide successful Workstation Authentication with the Windows guest, add a
period character in the Domain field.
Option Description
Windows guest Use the administrator credentials.
Unix/Linux guest Use the root credentials.
8. In Username, type a guest OS username for an account with sufficient privileges on the host.
9. In Password, type the password for the account.
10. Select one of the restore methods.
Result
The file or folder is successfully restored to the specified location.
Related concepts
Restore files and folders directly to a guest file system
For supported Windows and Unix/Linux guest operating systems, the Rubrik cluster can restore files and
folders directly to the source file system.
Guest OS settings
Enable the administration of guest OS credentials for virtual machines and fileset hosts.
Related tasks
Searching for a file or folder
Use the Rubrik CDM web UI to browse for a file or folder in a snapshot, replica, or archival snapshot.
Context
Restore files and folders by download provides an overview of this feature.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. On the Snapshots card, type the name of the file or folder in the search field.
Result
The selected files or folders are restored.
Related tasks
Configuring Chrome to ask for download location
Use the Google Chrome web browser to access the Rubrik CDM web UI and download recovered files and
folders. Change the default setting of the Chrome web browser to permit specifying the local download
location.
Context
Restore files and folders by download provides an overview of this feature.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears with the VMs tab selected, and displays all the virtual machines in the
system.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. On the Snapshots card, type the name of the file or folder in the search field.
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file and
folder pathnames.
Matches are based on file or folder names that start with the characters typed. Continue to type
characters until the file or folder appears in the results.
5. Select the file or folder.
6. Click Download.
For a folder, the Rubrik cluster retrieves the folder and creates a ZIP file with the folder and all files
and folders within the selected folder. The ZIP file preserves the folder hierarchy.
7. Open the local host page for the virtual machine.
Result
The selected files or folders are restored.
Related tasks
Viewing a local host page
Access a local host page to view information about a local virtual machine.
Configuring Chrome to ask for download location
Use the Google Chrome web browser to access the Rubrik CDM web UI and download recovered files and
folders. Change the default setting of the Chrome web browser to permit specifying the local download
location.
Context
By default, Chrome saves downloaded files to the following locations:
• Windows: \Users\username\Downloads
• Mac: /Users/username/Downloads
• Linux: home/username/Downloads
To download files and folders to a specified location, change the default Chrome Download setting.
Procedure
1. In Chrome, click the customize icon.
The Chrome menu appears.
2. On the menu, click Settings.
The Chrome Settings page appears.
3. Click Show Advanced Settings.
Additional settings appear on the Settings page.
4. In the Downloads section, enable Ask where to save each file before downloading.
Result
Chrome applies the new setting and opens a Save As dialog box for selecting a download location when a
file is downloaded.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Select the vCenter > Datacenter > Cluster for the CDP Filter.
The CDP Filter Status will be listed as Not Installed.
5. Click the ellipsis to the right of the Rubrik cluster.
6. Click Install CDP Filter.
Result
After the filter is installed, the CDP Filter Status is listed as Up to Date.
Prerequisites
To uninstall a CDP Filter that is not part of a DRS cluster, confirm the following:
• The VMware compute cluster is configured in DRS mode or the virtual machine is powered off
• The virtual machine is not a part of an SLA Domain
To automate uninstalling the CDP Filer on a DRS cluster, confirm the following:
• DRS is configured to use Fully Automated Mode
• All associated virtual machines are using shared storage
• All hosts have the vMotion Traffic Tag enabled
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. From the vCenter Servers list, select a vCenter Server.
A list of datacenters on that vCenter Server appears.
5. Select a datacenter.
A list of clusters attached to that datacenter appears with the value of the CDP filter in the CDP Filter
Status column.
6. Click the ellipsis to the right of the cluster.
7. Click Uninstall CDP Filter.
A confirmation message appears.
8. Click Uninstall.
An Uninstalling status message appears. This can take a significant period of time on a very large
cluster.
Result
After the filter is uninstalled, the CDP Filter Status is listed as Not Installed.
Procedure
1. Log in to the Rubrik CDM web UI on the local or replicated Rubrik cluster.
2. On the left-side menu of the Rubrik CDM web UI, select vSphere VMs.
The vSphere VMs page appears, with the VM tab selected by default.
3. Click on the virtual machine to restore.
Result
Use the vSphere Client to access the latest PIT virtual machine.
Procedure
1. Log in to the Rubrik CDM web UI on the local or replicated Rubrik cluster.
2. On the left-side menu of the Rubrik CDM web UI, select vSphere VMs.
The vSphere VMs page appears, with the VM tab selected by default.
3. Select the virtual machine to restore.
4. In the Recovery Points pane, select the current date.
5. Use the slider bar (within the blue range) to select the specific PIT for recovery.
6. Click the ellipsis.
The Recover Latest Recovery Point dialog box appears.
7. Select Mount Virtual Machine.
8. Click Next.
The Mount Virtual Machine dialog box appears.
9. Choose an ESXi host.
10. Check any applicable options for the new virtual machine.
11. Click Mount
Result
Use the vSphere Client to access the latest PIT virtual machine.
Rubrik CDM provides SLA Domain protection and data management for VMware vCloud Director vApps.
When a vCloud Director instance is added to a Rubrik cluster, the Rubrik cluster automatically discovers all
of the components of the vCloud Director deployment, including:
• Organizations
• Organization virtual datacenters
• vApps
• Virtual machines
The components appear in the Rubrik CDM web UI and provide the basis for assigning SLA Domain
protection to the vApps. Rubrik CDM manages and protects the data in vApps using the same SLA Domain
approach that it provides for vSphere virtual machines.
The SLA Domain assignment of a vApp can be derived from a higher level component or the assignment
can be directly specified. Assigning an SLA Domain at a higher level in the organizational hierarchy,
automatically assigns the policies of that SLA Domain to all vApps and virtual machines that are beneath
that level. Assigning an SLA Domain at a lower level in the hierarchy overrides an assignment made at a
higher level.
The Rubrik cluster provides full protection of vApps, backing up not just virtual machine data but also vApp
data and metadata, including networks, boot order, and access lists.
Rubrik CDM offers the option to enable or disable synchronized snapshots for a vApp. When enabled, the
Rubrik cluster attempts synchronization across the vApp by initiating snapshots of all virtual machines in a
vApp at the same time.
Related concepts
Protection hierarchy
SLA Domain protection can be applied to virtual machines within vApps by assigning the SLA Domain at
several different levels in the vCloud Director hierarchy. Protection can also be applied by assigning an SLA
Domain to an individual virtual machine within a vApp.
Feature Description
Automatic protection vApps automatically derive the SLA Domain assignment made to vCloud
Director objects that are higher in the vCloud Director hierarchy, such as:
organizations and organization virtual datacenters.
Synchronization When the synchronization setting is enabled, the Rubrik cluster requests that
the associated ESXi host initiate snapshots of the vApp virtual machines at the
same time. Actual snapshot start time depends on the availability of ESXi host
resources and the number of virtual machines in the vApp.
Exclude virtual machines Optionally, individual virtual machines within a vApp can be excluded from
snapshots of the vApp.
Exclude VMDKs Optionally, individual VMDKs within a vApp can be excluded from snapshots of
the vApp.
Script support Pre-snapshot and post-snapshot scripts can be set up individually on each
virtual machine in a protected vApp.
File level download and Browse or search for files within a vApp snapshot and restore to the original
restore source location or download from the Rubrik cluster.
Custom reports Custom object reports and task reports can be filtered for a specific vCloud
Director organization.
On-demand snapshots On-demand snapshots can be initiated for a vApp or for individual virtual
machines within the vApp.
Migration Virtual machine in a vApp that are protected individually can be migrated to
protection through the vApp. Migrating to vApp protection does not require
a new full snapshot of a virtual machine that was previously protected
individually.
RBAC support End-users can select only organization virtual datacenters that have been
assigned to them.
Multitenancy support Multitenancy rules only permit tenant organization administrators to work
with assigned vCloud Director hierarchy components. For example, to assign
an SLA Domain to a vApp or to use a organization virtual datacenter as
a recovery target those components must first be assigned to the tenant
organization administrator.
Metadata Description
Networks Protects both isolated and routed networks. Also, can reconnect restored virtual
machines to the virtual datacenter network if the same network is available at restore
time.
Boot order Protects the order that the virtual machines in the vApp are configured to start and
stop.
Access list Protects the access list for the vApp.
Limitations
Rubrik CDM support for vApps works within specific limitations.
Protection hierarchy
SLA Domain protection can be applied to virtual machines within vApps by assigning the SLA Domain at
several different levels in the vCloud Director hierarchy. Protection can also be applied by assigning an SLA
Domain to an individual virtual machine within a vApp.
The protection hierarchy represents the hierarchical levels in a vCloud Director deployment at which SLA
Domain protection can be specified.
1. Protection at the vCloud Director instance level - The Rubrik cluster applies the policies of the specified
SLA Domain to all virtual machines within the organizations controlled by the vCloud Director instance.
2. Protection at the organization level - The Rubrik cluster applies the policies of the specified SLA
Domain to all virtual machines within the organization. Assigning an SLA Domain at this level overrides
an SLA Domain assignment at the vCloud Director instance level
3. Protection at the organization virtual datacenter level - The Rubrik cluster applies the policies of the
specified SLA Domain to all virtual machines within the organization virtual datacenter. Assigning an
SLA Domain at this level overrides an SLA Domain assignment at the vCloud Director instance level
and the organization level.
4. Protection at the vApp level - The Rubrik cluster applies the policies of the specified SLA Domain to
all virtual machines within the vApp. Assigning an SLA Domain at this level overrides an SLA Domain
assignment at the vCloud Director instance level, the organization level, and the organization virtual
datacenter level.
5. Protection at the virtual machine level - The Rubrik cluster applies the policies of the derived or
individually assigned SLA Domain assignment to the specified virtual machine. Essentially, the Rubrik
cluster ignores that the virtual machine is part of a vApp. To do this, delete the vCloud Director
instance from the Rubrik cluster.
Action Description
Refresh Use the refresh action to request that the Rubrik cluster query the vCloud Director
instance for the most recent vApp information.
Edit Use edit to make changes to the account information for the selected vCloud Director
instance.
Delete Use delete to remove a vCloud Director instance. The Rubrik cluster marks the vApps
from that vCloud Director instance as relics. The Rubrik cluster no longer protects the
vApps.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCD Instances.
The vCD Instances page appears.
4. Click the + icon.
The Add vCD Account dialog box appears.
5. In vCD Server Hostname, type the FQDN of the computer that hosts the vCloud Director instance.
Use the format: vcdhost.example.com
6. In Username, type the name of an administrator account on the vCloud Director instance.
7. In Password, type the account password.
8. Optional: Click Advanced Setting to add a certificate for TLS validation.
The dialog box expands to show the Trusted Root Certificate box.
9. In Trusted Root Certificate, paste the trusted root certificate of the vCloud Director instance.
10. Click Add.
Result
The Rubrik cluster adds the vCloud Director instance. After establishing a connection and successfully
completing authentication, the Rubrik cluster queries the vCloud Director instance for all vApp information.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCD Instances.
The vCD Instances page appears.
4. Select one or more vCloud Director instances.
5. Click the ellipsis on the title bar of the vCD Instance page.
6. Click Refresh vCD Instances.
Result
The Rubrik cluster queues a task to refresh each selected vCloud Director instance.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
Result
The Rubrik cluster stores the new account information and queues a task to refresh the selected vCloud
Director instance.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCD Instances.
The vCD Instances page appears.
4. Click the ellipsis next to a vCloud Director instance.
5. Click Delete.
A confirmation dialog box appears.
6. Click Delete.
Result
The Rubrik cluster deletes the account information for the vCloud Director instance and marks all vApps
from that instance as relics.
vApp management
After a vCloud Director instance is added, the Rubrik cluster provides methods for finding, viewing, and
protecting the vApps.
When the Rubrik cluster finishes querying the vCloud Director instance, the vApps and hierarchical
information appear on the vCD vAps page. From the vCD vApps page, or the local page for a vApp, the
Rubrik cluster can perform the tasks listed in the following table.
Task Description
Find a vApp View the listing for a specific vApp and use the listing to access the local
page for the vApp.
View the hierarchy View each part of the vCloud Director hierarchy that leads to any vApp.
Enable synchronization Enable synchronization for a vApp to request that the Rubrik cluster initiate
snapshots of all of the virtual machines in a vApp at the same time.
Exclude a virtual machine Select a vApp virtual machine and exclude it from all snapshots of the vApp.
Protect a vApp Assign the data protection policies of an SLA Domain to the vApp. The SLA
Domain can be inherited from any of the levels of the hierarchy or directly
assigned to the vApp.
Take an on-demand Initiate an on-demand snapshot of the selected vApp and assign the policies
snapshot of any SLA Domain to that snapshot.
Procedure
1. Log in to the Rubrik CDM web UI.
2. In Search by Name or Location, at the top of the Rubrik CDM web UI, type the name of the vApp.
A portion of the name can be typed. The Rubrik cluster lists all objects that have a name that matches
the string that is typed.
3. When the name of the vApp appears in the search results, click the name.
Result
The local page for the selected vApp appears.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > vCD vApps.
The vApps page appears with the vApps tab selected.
3. Type the name of the vApp in the Search by Name field.
A portion of the name can be typed. The Rubrik cluster lists all vApps that have a name that matches
the string that is typed.
Result
The local page for the selected vApp appears.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > vCD vApps.
The vApps page appears with the vApps tab selected.
3. Click vCD Organizations.
The vCD Organizations tab appears.
4. In the Name column, click each object in the hierarchy of the vApp until the vApp appears.
Result
The local page for the selected vApp appears.
Context
The local page also provide access to actions for the vApp and the virtual machines in the vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
Result
The local page for the vApp appears.
Enabling synchronization
Synchronization enables the Rubrik cluster to simultaneously initiate snapshots for all virtual machines
within a vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the local page of the vApp that contains the virtual machine.
3. Click the ellipsis on the title bar of the local vApp page.
4. Click Enable Synchronization.
A confirmation dialog box appears.
5. Click Enable.
Result
The Rubrik cluster enables synchronization for the vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the local page of the vApp that contains the virtual machine.
3. Click the ellipsis on the title bar of the local vApp page.
4. Click Exclude VMs.
The Exclude VMs dialog box appears.
5. Select a virtual machine.
Multiple virtual machines can be selected.
6. Click Exclude.
Result
The selected virtual machines are excluded from snapshots of the vApp. After being excluded from the
vApp snapshots, the virtual machines start deriving SLA Domain protection through the vSphere hierarchy.
Related tasks
Opening the local page for a vApp
The local page of a vApp provides information about the SLA Domain assignment, virtual machines,
activities, and snapshots for a vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the local page of the vApp that contains the virtual machine.
3. Click the ellipsis on the title bar of the local vApp page.
4. Click Exclude VMs.
The Exclude VMs dialog box appears.
5. Clear the selection for a virtual machine.
Multiple virtual machines can be cleared.
6. Click Update.
Result
The selected virtual machines are included in snapshots of the vApp.
Related tasks
Opening the local page for a vApp
Procedure
1. Log in to the Rubrik CDM web UI.
2. Open the local page of the vApp that contains the virtual machine.
Opening the local page for a vApp describes how to open the local page for the vApp.
3. On the Virtual Machines card, click the ellipsis menu next to a virtual machine entry.
4. Select one of the virtual machine tasks.
Choose one of the following tasks:
• Configure Application Consistency
• Configure Pre/Post Scripts
• Exclude VMDKs
• Register the Rubrik Backup Service
5. Complete the selected task.
Related tasks
Opening the local page for a vApp
The local page of a vApp provides information about the SLA Domain assignment, virtual machines,
activities, and snapshots for a vApp.
Specifying crash consistent backups
By default, the Rubrik cluster initiates application consistent backups for a virtual machine when the
environment of the virtual machine meets the requirements of application consistent backups.
Enabling scripts
Configure the Rubrik cluster to run scripts when a virtual machine is backed up.
Excluding VMDK files of a virtual machine
When backups are not required for some of the VMDK files of a virtual machine, exclude those VMDK files
from backups.
Registering a guest OS install of RBS
After installing the Rubrik Backup Service software on a virtual machine guest OS, register the Rubrik
Backup Service with a Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > vCD vApps.
The vApps page appears with the vApps tab selected.
3. Click vCD Organizations.
The vCD Organizations tab appears.
4. In the Name column click each object in the hierarchy until the object appears.
5. Select the object.
6. Click Manage Protection.
Result
The Rubrik cluster assigns the SLA Domain to the vApp.
Related concepts
Protection hierarchy
SLA Domain protection can be applied to virtual machines within vApps by assigning the SLA Domain at
several different levels in the vCloud Director hierarchy. Protection can also be applied by assigning an SLA
Domain to an individual virtual machine within a vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Virtual Machines > vCD vApps.
The vApps page appears with the vApps tab selected.
3. Select a vApp.
Multiple vApps can be selected to apply a single SLA Domain assignment to the group.
4. Click Manage Protection.
The Manage Protection dialog box appears.
5. Select an SLA Domain.
Manage Protection options describes the options that are available in this dialog box.
6. Click Submit.
Result
The Rubrik cluster assigns the SLA Domain to the selected vApps.
Procedure
1. Log in to the Rubrik CDM web UI.
Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
2. In the Name column, click the name of the vApp.
The local page for the vApp appears.
3. Click Manage Protection.
The Manage Protection dialog box appears.
4. Select an SLA Domain.
Manage Protection options describes the options that are available in this dialog box.
Result
The Rubrik cluster assigns the SLA Domain to the vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
The local page for the vApp appears.
4. Click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
5. Select an SLA Domain.
To manually manage the snapshot as an unmanaged object, select Forever.
6. Click Take On Demand Snapshot.
Result
The Rubrik cluster creates an on-demand snapshot of the vApp and assigns it to the selected SLA Domain.
Related reference
Manage Protection options
Select virtualization hierarchy entities and click Manage Protection to view the Manage Protection dialog
box for the selected entities. The Manage Protection dialog box provides several options for the selected
entities.
Procedure
1. In a Web browser, open the URL https://RubrikCluster/docs/internal/playground/.
RubrikCluster is the resolvable hostname or IP address of the Rubrik cluster.
The Rubrik REST API Explorer appears.
2. Click Authorize.
The Available authorizations dialog box appears.
3. In the Basic Authorization section, type the user name and password for an administrator account.
4. Click Authorize.
The Rubrik REST API Explorer opens a session and stores the session token.
5. Click /config.
The listing expands to show all operations for that endpoint.
{
"name":"name"
"catalogID":"catalog ID"
"orgVdcId":"vDC Organization ID"
"storagePolicyId":"Storage Policy ID"
}
Result
The Rubrik cluster schedules a job to export a snapshot of the vApp template.
IP assigned from a static IP pool: Restores the MAC address. The vCD
assigns the IP address when adding
the NIC to the virtual machine.
Recovery workflow
Recovery provides a way to replace a virtual machine in a vApp with a snapshot of the virtual machine
from a snapshot of the vApp.
An entire vApp or one or more virtual machines in a vApp can be replaced through recovery.
Recovery of a vApp can be either:
• Full – all of the vApp virtual machines and metadata are restored to replace the source vApp.
• Partial – one or more selected virtual machines and their metadata are restored to the source vApp.
Recovery can only be used to replace a virtual machine that exists in the target vApp. To restore a virtual
machine that does not exist in the target vApp, use Export.
To recover a virtual machine, the Rubrik cluster follows this workflow:
1. Remove the virtual machine from the inventory of the vCenter Server.
vCloud Director lists the removed virtual machine as missing from the vApp.
2. The Rubrik cluster mounts the snapshot of the virtual machine using the Rubrik cluster as the
datastore and adds the virtual machine to the vCenter Server.
Using the cloud.uuid field, the vCloud Director recognizes the mounted virtual machine and establishes
the link to the vApp.
3. The Rubrik cluster configures the network connections for the virtual machine.
4. The Rubrik cluster powers on the virtual machine.
5. When the virtual machine is powered on, the Rubrik cluster initiates Storage vMotion to move the
datastore to a datastore in the vCloud Director.
If the Storage vMotion fails and the virtual machine was powered on after being mounted, the Rubrik
cluster maintains the Live Mount of the virtual machine and sends an email to the global admin.
If there is a failure anywhere in the process, other than during Storage vMotion, the Rubrik cluster adds
the source virtual machine back to the vCenter Server. Normally, vCloud Director will link the source virtual
machine back into the vApp.
Prerequisites
Ensure that the vApp datastore contains at least one virtual machine.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
The local page for the vApp appears.
4. On the snapshots card, select a date with a snapshot.
5. In the Day view, open the ellipsis menu for a snapshot.
6. Click Instantly Recover.
The Instantly Recover Snapshot dialog box appears.
7. In Type, select Full vApp.
8. Click Next.
The Recovery Options panel appears.
9. Optional: Click Manually power on vApp.
The Rubrik cluster powers on all of the virtual machines in the recovered vApp.
10. In NIC Mapping, choose one of the available options.
• No Mapping
• Delete NICs of all VMs
• Advanced
11. (Advanced only) In Network, for each virtual machine NIC, select a network.
12. Click Finish.
Result
The Rubrik cluster performs the recovery actions.
Related concepts
Recovery workflow
Recovery provides a way to replace a virtual machine in a vApp with a snapshot of the virtual machine
from a snapshot of the vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
Result
The Rubrik cluster performs the recovery actions.
Related concepts
Recovery workflow
Recovery provides a way to replace a virtual machine in a vApp with a snapshot of the virtual machine
from a snapshot of the vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
The local page for the vApp appears.
4. On the snapshots card, select a date with a snapshot.
5. In the Day view, open the ellipsis menu for a snapshot.
6. Click Export.
The Export Snapshot dialog box appears.
7. In Type, select Full vApp.
8. Click Next.
9. On the Destination pane, select the vCloud Director instance for the new vApp.
10. Select the organization for the new vApp.
11. Select the organization virtual datacenter for the new vApp.
12. Click Next.
The Recovery Options panel appears.
Result
The Rubrik cluster uses the data in the selected vApp snapshot to create the new vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
The local page for the vApp appears.
4. On the snapshots card, select a date with a snapshot.
5. In the Day view, open the ellipsis menu for a snapshot.
6. Click Export.
The Export Snapshot dialog box appears.
7. In Type, select Partial vApp.
8. In Target, select one of the following options:
• New vApp
• Existing vApp
9. Click Next.
10. On the Destination pane, select the vCloud Director instance for the export.
11. Select the organization for the export.
12. Select the organization virtual datacenter for the export.
13. (Export to existing vApp only) Select the existing vApp.
14. Click Next.
The Recovery Options panel appears.
15. (Optional) Click Manually power on vApp.
The Rubrik cluster powers on all of the virtual machines in the recovered vApp.
16. In NIC Mapping, choose one of the options.
Result
The Rubrik cluster uses the data in the selected vApp snapshot to create a new vApp or to add to the
selected existing vApp.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
The local page for the vApp appears.
4. On the snapshots card, select a date with a snapshot.
5. In the Day view, open the ellipsis menu for a snapshot.
6. Click Recover Files.
The Choose the VM to browse dialog box appears.
7. Select a virtual machine to browse for files.
8. Click Recover Files.
The Recover Files dialog box appears.
9. Optional: In the list view, select folders and files at the top level of the virtual machine.
10. Optional: Use the Search field to find and select folders and files at any level in the file system.
Selected folders and files appear in Selected and can be removed by clicking X next to a selection.
11. Click Next.
12. On the Recover Files pane, in Recovery Type, select Download.
13. Click Finish.
The Rubrik cluster creates a ZIP file with the selected folder and files.
In the Rubrik CDM web UI Notifications area, a ‘Downloaded’ message appears.
14. Click the message.
The Save As dialog box appears in the web browser.
15. Select a download location for the file, and click Save.
Result
The web browser retrieves the zip file from the Rubrik cluster and saves it to the selected location.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
The local page for the vApp appears.
4. On the snapshots card, select a date with a snapshot.
5. In the Day view, open the ellipsis menu for a snapshot.
6. Click Recover Files.
The Choose the VM to browse dialog box appears.
7. Select a virtual machine to browse for files.
8. Click Recover Files.
The Recover Files dialog box appears.
9. Optional: In the list view, select folders and files at the top level of the virtual machine.
10. Optional: Use the Search field to find and select folders and files at any level in the file system.
Selected folders and files appear in Selected and can be removed by clicking X next to a selection.
11. Click Next.
12. On the Recover Files pane, in Recovery Type, select Overwrite original.
13. In Recovery Method, choose an option.
• Use Rubrik Backup Service
• Use VM tools
14. (Use VM tools only) In Service Credential, provide the domain, username, and password for an
account on the source virtual machine that has write permissions for the recovery paths.
15. Optional: (Use VM tools only) Select Store as Service Credentials for All VMs.
16. Click Finish.
Result
The Rubrik cluster writes the recovered folders and files from the snapshot into the specified folder,
preserving the hierarchy.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Use one of the provided methods to locate the listing for the vApp.
An alternative method, to go directly to the local page for a vApp, is to type the name of the vApp in
the global search box on the top bar of the Rubrik CDM web UI and select the vApp from the results
list.
3. In the Name column, click the name of the vApp.
Result
The Rubrik cluster writes the recovered folders and files from the snapshot into the specified folder,
preserving the hierarchy.
A Rubrik cloud cluster can protect virtual machines deployed on VMware Cloud on AWS (VMC).
VMC provides a software-defined data center, or SDDC, that hosts virtual machines in the AWS cloud.
Rubrik cloud clusters protect VMC data by ingesting the data from the SDDC using HotAdd proxy virtual
machines.
A HotAdd proxy virtual machine loads the Virtual Machine Disk, or VMDK, that is in use by the source
virtual machine. The Rubrik cloud cluster takes snapshots of the VMDK from the proxy virtual machine.
When the Rubrik cloud cluster discovers a new SDDC, the cluster launches jobs to instantiate a number of
HotAdd proxies determined by the size of the SDDC data store and the total number of protected virtual
machines. The Rubrik cloud cluster increases or decreases the number of HotAdd proxies as the inventory
of protected virtual machines increases or decreases.
Rubrik CDM does not support Instant Recovery, Live Mount for virtual machine, or Live Mount for virtual
disk for virtual machines on VMC.
Once configured, manage protected virtual machines in the same manner as any other vSphere virtual
machine. See Recovery of virtual machines for details.
Related Concepts
Recovery of virtual machines
For a Rubrik cluster, recovery of a source virtual machine means to mount a point-in-time copy of the
source virtual machine.
Adding an SDDC
Add an SDDC to the Rubrik cloud cluster to protect the virtual machines on the SDDC.
Prerequisites
The Rubrik cluster uses dedicated ports to access SDDC. The required ports are listed in HotAdd proxy port
requirements.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click the + icon.
The Add vCenter dialog box appears.
5. In vCenter (IP or FQDN), type the resolvable hostname or IP address of the SDDC.
For an IPv6 address, enclose the address in square brackets. For example:
[fd9d:22d3:cd28:7257::1]
Result
The Rubrik cloud cluster discovers the SDDC and assembles an inventory of protectable virtual machines.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click Monitor Proxy VMs.
Result
The Proxy VMs page appears.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click the ellipsis next to the SDDC in the displayed list of vCenter Servers.
The ellipsis menu appears.
5. Select Edit Proxy VM Network.
The Edit Proxy VM Network Settings dialog appears.
6. Select a network segment for use by the HotAdd proxy virtual machines.
7. Choose an IP address method.
• DHCP
• Static IP
8. (Static IP only) Enter values for the IP connection parameters listed.
• IP address or CIDR block
• Subnet mask
Result
The Rubrik cluster saves the configuration.
A Rubrik cluster can protect virtual machines deployed on the Microsoft Azure VMware Solution (AVS).
AVS provides a software-defined data center, or SDDC, that hosts virtual machines in the Azure cloud.
Rubrik clusters protect AVS data by ingesting the data from the SDDC using HotAdd proxy virtual
machines.
A HotAdd proxy virtual machine mounts a copy of the Virtual Machine Disk (VMDK) that is in use by the
source virtual machine. The Rubrik cluster takes snapshots of the VMDK mounted on the proxy virtual
machine.
When the Rubrik cluster discovers a new SDDC, it launches jobs to deploy HotAdd proxies. The number
of proxies deployed is determined by the number of ESXi hosts and the number of nodes in the Rubrik
cluster. The Rubrik cloud cluster increases or decreases the number of HotAdd proxies as the number of
ESXi hosts or nodes in the Rubrik cluster change.
Rubrik CDM does not support the following operations for virtual machines on AVS:
• Instant Recovery
• Live Mount for virtual machines
• Live Mount for virtual disk
After associating an SDDC with a Rubrik cluster, manage protected virtual machines in the same manner as
any other vSphere virtual machine.
Related Concepts
vSphere virtual machines
A Rubrik cluster provides data management and protection for virtual machines that are deployed in
a VMware vSphere environment. The Rubrik cluster can manage and protect virtual machines in an
environment with multiple vCenter Servers and multiple ESXi hosts.
Adding an SDDC
Add an SDDC to the Rubrik cloud cluster to protect the virtual machines on the SDDC.
Prerequisites
The Rubrik cluster uses dedicated ports to access SDDC. The required ports are listed in HotAdd proxy port
requirements.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click the + icon.
The Add vCenter dialog box appears.
5. In vCenter (IP or FQDN), type the resolvable hostname or IP address of the SDDC.
For an IPv6 address, enclose the address in square brackets. For example:
[fd9d:22d3:cd28:7257::1]
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click Monitor Proxy VMs.
Result
The Proxy VMs page appears.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click the ellipsis next to the SDDC in the displayed list of vCenter Servers.
The ellipsis menu appears.
5. Select Edit Proxy VM Network.
The Edit Proxy VM Network Settings dialog appears.
6. Select a network segment for use by the HotAdd proxy virtual machines.
7. Choose an IP address method.
• DHCP
• Static IP
8. (Static IP only) Enter values for the IP connection parameters listed.
• IP address or CIDR block
• Subnet mask
• Gateway
• DNS Server
9. Optional: Click Network Throttling to enter network usage thresholds in Mbps.
10. Click Set.
Result
The Rubrik cluster saves the configuration.
A Rubrik cluster can protect virtual machines deployed on the Google Cloud VMware Engine (GCVE).
GCVE provides a software-defined data center, or SDDC, that hosts virtual machines in the Google cloud.
Rubrik clusters protect GCVE data by ingesting the data from the SDDC using HotAdd proxy virtual
machines.
A HotAdd proxy virtual machine mounts a copy of the Virtual Machine Disk (VMDK) that is in use by the
source virtual machine. The Rubrik cluster backs up the VMDK mounted on the proxy virtual machine.
When the Rubrik cluster discovers a new SDDC, it launches jobs to deploy HotAdd proxies. The number
of proxies deployed is determined by the number of ESXi hosts and the number of nodes in the Rubrik
cluster. The Rubrik cloud cluster increases or decreases the number of HotAdd proxies as the number of
ESXi hosts or nodes in the Rubrik cluster change.
Rubrik CDM does not support the following operations for virtual machines on GCVE:
• Instant Recovery
• Live Mount for virtual machines
• Live Mount for virtual disk
After associating an SDDC with a Rubrik cluster, manage protected virtual machines in the same manner as
any other vSphere virtual machine.
Related Concepts
vSphere virtual machines
A Rubrik cluster provides data management and protection for virtual machines that are deployed in
a VMware vSphere environment. The Rubrik cluster can manage and protect virtual machines in an
environment with multiple vCenter Servers and multiple ESXi hosts.
Prerequisites
The Rubrik cluster uses dedicated ports to access SDDC. The required ports are listed in HotAdd proxy port
requirements.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click the + icon.
The Add vCenter dialog box appears.
5. In vCenter (IP or FQDN), type the resolvable hostname or IP address of the SDDC.
For an IPv6 address, enclose the address in square brackets. For example:
[fd9d:22d3:cd28:7257::1]
Result
The Rubrik cloud cluster discovers the SDDC and assembles an inventory of protectable virtual machines.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click Monitor Proxy VMs.
Result
The Proxy VMs page appears.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click vCenter Servers.
The vCenter Servers page appears.
4. Click the ellipsis next to the SDDC in the displayed list of vCenter Servers.
The ellipsis menu appears.
5. Select Edit Proxy VM Network.
The Edit Proxy VM Network Settings dialog appears.
6. Select a network segment for use by the HotAdd proxy virtual machines.
7. Choose an IP address method.
• DHCP
• Static IP
8. (Static IP only) Enter values for the IP connection parameters listed.
• IP address or CIDR block
• Subnet mask
• Gateway
• DNS Server
9. Optional: Click Network Throttling to enter network usage thresholds in Mbps.
10. Click Set.
Result
The Rubrik cluster saves the configuration.
Rubrik CloudOn for AWS provides the ability to convert a local snapshot, an archived snapshot, or a replica
into an Amazon Machine Image, and then run that image on an Amazon virtual private cloud.
Rubrik CloudOn for AWS can be used in various scenarios, such as:
• Instantiating VMware virtual machines for test and development.
• Migrating on-premises virtual machines to AWS.
• Using an archived snapshot to fail over to AWS when the on-premises data center fails.
Prerequisite Description
AWS VM Import Service Rubrik CDM uses its own native converter to convert a virtual machine to an
Amazon Machine Image (AMI). If the conversion is not successful, Rubrik CDM
uses the AWS VM Import Service instead. To prepare for this possibility, the
prerequisites and limitations that apply to the AWS VM Import service must
also be applied to CloudOn for AWS. See AWS documentation on VM Import/
Export Requirements for more information.
Windows virtual machine If the source virtual machine is a Windows system that uses Microsoft KMS for
activation licensing, that virtual machine must have access to a Microsoft KMS server for
activation. One option is to use the Microsoft KMS service hosted by AWS. See
AWS documentation for more information.
Linux virtual machine For optimal performance, Linux source virtual machines must have network
ENA and NVMe drivers drivers installed that support the AWS Elastic Network Adapter (ENA).
In order to access the converted EBS volumes, Linux source virtual machines
must also have NVMe disk drivers installed before using CloudOn for AWS.
Most modern Linux distributions have both types of drivers installed already.
Consult AWS documentation to verify the specific Linux distributions and
versions that will be used with CloudOn for AWS.
Cloud Compute settings CloudOn for AWS uses information from the Cloud Compute settings that
were configured for the Archival location. See Archiving for information on
configuring Cloud Compute settings.
VPC connectivity The Rubrik cluster must have IP connectivity to the VPC specified in the Cloud
Compute settings for the archival location. Any one of the following ways can
establish connectivity between the on-premises network and the VPC:
• Private IP address and NAT instance
• Private IP address and NAT gateway
• Public IP address and internet gateway
Connectivity to AWS
Rubrik CloudOn for AWS requires specific configuration actions.
• If internet access is not available on the VPC, configure an Amazon S3 VPC endpoint to the VPC. This
VPC endpoint secures the access to Amazon S3 without internet access.
• If the Amazon S3 bucket is encrypted with KMS and VPC does not have internet connectivity, Rubrik
recommends adding the KMS endpoint to the VPC.
• When a VPC is configured to provide access from the Rubrik cluster to Amazon S3, the Rubrik cluster
prompts for the VPC ID of the VNet and the subnet ID of a subnet within the VPC.
Security group
Create a security group with appropriate rules.
Creating a security group enables secure access to the transient instance within the VPC that the customer
specified.
Related tasks
Creating a security group for AWS CloudOn
The security group enables secure access to the transient instance within the VPC.
IAM roles
Create IAM with the required permissions.
• Create one IAM role for all AWS CloudOn permissions.
Amazon AWS online documentation provides information about IAM roles.
• Create a virtual machine import service role to download disk images from an Amazon S3 bucket.
Amazon AWS online documentation provides information on how to create a virtual machine import
service role.
Related concepts
VM Import service role
To permit an AWS account to use the VM Import/Export service to create AMIs from the VMDK files, AWS
requires that the account have an IAM policy that is attached to the VM Import service role.
Setting Description
Linux configuration • Enable secure shell for remote access.
• Ensure that the host firewall (for example, Linux iptables) grants access to
SSH.
• Ensure that the Linux virtual machine has GRUB or GRUB2 as its
bootloader.
• Ensure that there is 500 MB space on the root disk.
Setting Description
Supported disk Master Boot Record (MBR) and GUID partition table on both Windows and
partitioning scheme Linux.
Supported file systems • Windows - NTFS
• Linux - EXT3, EXT4, XFS
Dual boot volumes A virtual machine configured to dual boot with two operating systems is not
supported.
Supported non-boot Non-boot volumes using GPT cannot exceed 4 TB.
volume
Supported single disk Cannot exceed 4 TB for instantiations.
size
Supported number of Virtual machines with up to 10 disks can be instantiated.
disks on virtual machines
Supported Windows English
language packs
Supported multiple NICs • For Linux virtual machines: Supported if source virtual machine has eth*
NICs but not supported if source virtual machines have ens* NICs.
• For Windows virtual machines: Supported
Unsupported encryption For Windows and Linux virtual machines: Encryption is not supported for
virtual machines located on the OS disk using any encryption method other
than VMware vSphere virtual machine encryption.
Tag Description
rk_cluster_id The user friendly name of the source virtual machine. This name is the same for all
resources that are launched within the same cluster. However, this does not include
instances launched by another Rubrik reader cluster or promoted owner cluster.
rk_job_id The job ID used when launching the resources.
rk_instance_class Transient Rubrik Bolt Instance
rk_version The cluster version when the resource is launched.
rk_host_name The name of the vCenter Server, SCVMM host, or Hyper-V host.
rk_snapshot_time The 13 digit Unix Epoch timestamp for the time at which the AMI was created.
rk_snappable_id The ID of the data source.
rk_object_name The name of the data source.
snappable_type The type of the data source.
The CloudOn for AWS feature also adds tags to transient compute instances that are launched in the AWS
account to perform conversion of virtual machines.
Related reference
Prerequisites for CloudOn for AWS
There are certain prerequisites for configuring CloudOn for AWS.
Context
Answer the questions in the Create Stack wizard, and edit the default values and descriptions as
necessary.
Prerequisites
AWS CloudOn requires a Virtual Private Cloud (VPC). The VPC can be the default VPC for the AWS region
or a custom VPC. Set up a subnet inside the VPC where AWS CloudOn can launch its compute resources.
The Rubrik cluster uses dedicated ports to access the subnet via VPN, Direct Connect, or public IP address.
The required ports are listed in AWS ports. Update the firewall to allow outbound traffic from the Rubrik
cluster to these ports.
Procedure
1. Log in to the AWS Management Console as a user with cloud administrator privileges.
2. From the top bar of the AWS Management Console, select the AWS region where the CloudFormation
stack will be created.
3. Open the Services menu and select CloudFormation.
Result
AWS starts the stack creation process. The CloudFormation Stack details page appears, with a status
message about the progress. To see the current status of the stack, click the refresh icon next to Stacks.
To see an activity log for each event in the stack creation process, click the refresh icon next to Events.
Next task
Once the stack is created, click the Outputs tab to obtain the following information:
• AWSBucketName
• IAMUserAccessKey
• IAMUserSecretKey
• KMSKeyId
• Region
• SecurityGroupId
• SubnetId
• VPCId
Provide this information in the Rubrik CDM web UI when configuring the cloud compute settings for an
archival location.
Related tasks
Adding an Amazon S3 archival location
Configure a Rubrik cluster to use an Amazon S3 archival location.
Managing consolidation for Amazon S3
Enable or disable snapshot consolidation for an Amazon S3 archival location.
Related reference
CloudFormation template output
Key Description
AWSBucketName S3 bucket name.
IAMUserAccessKey Access key for the new IAM user. This only appears
when a new user account is requested.
IAMUserSecretKey Secret key for the new IAM user. This only appears
when a new user account is requested.
KMSKeyId KMS encryption key ID.
Region AWS region of the stack.
SecurityGroupId ID of the security group.
SubnetId ID of the subnet.
VPCId ID for the VPC used for the archival location. This is
where the Rubrik Bolt instance is created.
Permissions
AWS CloudOn requires a bucket level and site level security policy, and a user account with access to the
specified bucket.
The process of preparing the required AWS objects is similar to the process described in Prepare to use
Amazon S3 as an archival location. The difference is an additional set of permissions granted by the
security policy used for cloud instantiation.
Alternatively, a bucket that is already in use as an archival location can be used for instantiation. To use an
existing bucket, modify the security policy that is applied to the existing bucket and provide the additional
permissions.
Related tasks
Creating a security policy for AWS CloudOn
Create a security policy for the selected AWS bucket. Include the permissions that are required for cloud
instantiation.
Procedure
1. Log in to an AWS account.
2. In the AWS Services list, in the Storage section, select S3.
The Amazon S3 page appears.
3. Click + Create bucket.
The Create bucket modal appears.
4. In Bucket name, type a name for the new bucket.
To see the bucket naming requirements, click the information icon next to the Bucket name.
5. In Region, select the region for the bucket.
6. Click Create.
AWS creates the new bucket, and the bucket appears in the list.
7. Select the new bucket.
A dialog box with the properties, permissions, and management values for the bucket appears.
8. Click Copy Bucket ARN.
9. Paste the Bucket ARN into a plain text scratch file.
Keep this scratch file for use in later tasks.
10. Close the dialog box.
Result
Amazon creates the S3 bucket.
Formatting
Pay close attention to the JSON formatting, including opening and closing braces and brackets.
EBS encryption
When using EBS encryption in the AWS region, add the following actions to the IAM policy utilized by
the CloudOn IAM user. Specify the Amazon Resource Name of the default EBS key for the region in the
resource block of this statement, or use the wild card character (*) to allow this action on all KMS keys.
"Action":[
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
]
KMS encryption
When using a KMS key, copy the following permission set into the IAM Policy for AWS CloudOn.
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"VisualEditor0",
"Effect":"Allow",
"Action":[
"kms:Encrypt",
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:GenerateDataKey",
"kms:DescribeKey",
"ec2:DescribeInstances",
"ec2:CreateKeyPair",
"ec2:CreateImage",
"ec2:CopyImage",
"ec2:DescribeSnapshots",
"ec2:DeleteVolume",
"ec2:StartInstances",
"ec2:DescribeVolumes",
"ec2:DescribeExportTasks",
"ec2:DescribeAccountAttributes",
"ec2:ImportImage",
"ec2:DescribeKeyPairs",
"ec2:DetachVolume",
"ec2:CancelExportTask",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:CreateVolume",
"ec2:DescribeImportSnapshotTasks",
RSA encryption
When using an RSA key, copy the following permission set into the IAM Policy for AWS CloudOn.
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"VisualEditor0",
"Effect":"Allow",
"Action":[
"ec2:DescribeInstances",
],
"Resource":"*"
},
{
"Sid":"VisualEditor1",
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:RestoreObject"
],
"Resource":[
"arn:aws:s3:::*"
Procedure
1. Log in to an AWS account.
2. In the AWS Services list, in the Security, Identity & Compliance section, select IAM.
The Identity and Access Management page appears.
3. On the left-side menu, click Users.
The list of users appears.
4. Click Add user.
The Add user page appears.
5. In the Set user details section, in User name, type a name for the user account.
The user account will be used by the Rubrik cluster to access the bucket.
6. In the Select AWS access type section, in Access type, select Programmatic access.
7. Click Next: Permissions.
The Set Permissions page appears with various methods for setting the permissions of the user
account.
8. Click Attach existing policies directly.
A list of the available policies appears.
9. Select the security policy that was created for the bucket, and click Next: Review.
The Review page appears.
10. Click Create user.
AWS creates the user, and a success message appears.
11. Click Download CSV.
The web browser opens a Save As dialog box.
12. Save the file credentials.csv.
Result
The file contains the Access key ID and Secret access key for the user account and should be securely
stored. Use these values when configuring the Rubrik cluster to use this AWS bucket as an archival
location. The file can be renamed.
Related tasks
Creating a security policy for the bucket
Create a security policy for the bucket.
Prerequisites
• Decide on the correct JSON content for the bucket security policy. AWS CloudOn security policy
describes the JSON content choices and provides content that can be copied for this task.
• Select a bucket that does not have versioning enabled. Rubrik CDM does not support immutable object
storage.
Result
Amazon AWS creates the security policy and returns to the policy list page.
Related reference
AWS CloudOn security policy
Use a JSON formatted security policy file when creating a security policy for AWS CloudOn. For both KMS
and RSA encryption, add EBS encryption information when using EBS encryption. Then use the JSON file
that is appropriate for the encryption type, either KMS or RSA.
Security group
Create an AWS security group and assign the ID of the security group to the archival location that will be
used for the instantiation in the cloud.
The Rubrik cluster assigns the security group ID to the transient Rubrik working instance each time it is
instantiated.
To provide the ID of the AWS security group to a Rubrik cluster:
1. Create the security group by using the AWS console.
2. Assign the security group ID to the archival location on the Rubrik cluster.
Alternatively, contact Rubrik Support and provide the security group ID. Rubrik Support then attaches the
security group ID to the selected Rubrik cluster archival location.
Context
Use the AWS console to create a security group with the required limited inbound access.
Procedure
1. Log in to the AWS console.
2. On the AWS services page, click EC2.
The EC2 dashboard appears.
3. On the left-side menu, under Network & Security, click Security Groups.
The Security Groups page appears.
4. Click Create Security Group.
The Create Security Group modal appears.
5. In Security group name, type a name for the group.
6. Optional: In Description, type a description.
7. In VPC, select the virtual private cloud for the archival location.
8. With the Inbound tab selected, click Add Rule.
The rule fields appear.
9. In Type, select Custom TCP Rule.
10. In Port Range, type a port number.
Review the required ports for AWS CloudOn.
11. In Source, select Custom.
12. In the Source text field, type a CIDR, IP, or security group ID that includes the Rubrik cluster.
AWS creates the security group, and displays the security group page.
13. Click Create.
14. Find the new security group and copy the group ID.
15. Paste the group ID into a plain text scratch file.
Keep this scratch file for use in later tasks.
Result
The security group for AWS CloudOn is created.
Related concepts
Ports
Configuring S3 Endpoints
Configure specific endpoints in the VPC to address situations when public internet connection is not
available. This ensures that the subnet that the Bolt is configured to launch in can still be used when no
public internet connection is available.
When Rubrik cluster reads data from the S3 archive, the Rubrik cluster launches transient instances within
a VPC over public internet. Launch AWS resources into a specified subnet. When a public subnet for
resources is used but the subnet is not connected to the internet, use an S3 VPC endpoint to gain secure
access to S3 without public internet access. Amazon AWS online documentation provides information on
how to configure an S3 VPC endpoint.
If public internet is not available on the VPC, the Rubrik cluster cannot perform AWS CloudOn for
snapshots on a KMS-encrypted S3 archive. Configure an AWS KMS endpoint to connect directly to AWS
KMS through a private endpoint in the VPC instead of connecting over the internet. Amazon AWS online
documentation provides information on how to configure an AWS KMS endpoint.
The following permissions are used to configure VCP endpoints.
{
"Version":"2008-10-17",
"Statement":[
{
"Sid":"Access-to-specific-bucket-only",
"Effect":"Allow",
"Principal":"*",
"Action":[
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource":[
"arn:aws:s3:::<bucket-name>",
"arn:aws:s3:::<bucket-name>/*"
]
}
]
}
Cloud conversion with keeping The Rubrik cluster starts converting the most recent virtual machine
older AMIs snapshot as soon as it has been archived.The Rubrik cluster
combines the chain of incremental snapshots leading to the last full
snapshot and the AMI is created from the resulting snapshot. The
Rubrik cluster does not automatically remove previously created AMIs
from cloud storage. Removing those AMIs requires user action.
This setting normally does not require the creation of an AMI from
the VMDKs of the selected snapshot after instantiation is initiated.
Since the AMI already exists, the instantiation task is much faster.
Convertor Instance Reads incremental data from Bolt and writes • Linux Converter Instance
to EBS volumes. xlarge - OS disk gp2 8 GB
It also copies drivers for Windows or Linux • Windows Converter Instance -
virtual machines required on the user virtual OS disk gp2 30 GB
machine in AWS.
Temporary Instance For Windows or Linux virtual machines, xlarge - OS disk gp2 30 GB
drivers are installed as a temporary instance
as they are required for online installation in
AWS.
Related reference
Prerequisites for CloudOn for AWS
There are certain prerequisites for configuring CloudOn for AWS.
Prerequisites
• Complete the AWS CloudOn virtual machine deployment described in Configuring AWS CloudOn using
the CloudFormation template.
• Configure an SLA Domain to use an archival location bucket that was created for cloud instantiation.
• Assign at least one vSphere virtual machine to the selected SLA Domain.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to configure cloud conversion settings.
2. On the left-side menu, click Virtual Machines > vSphere.
The vSphere VMs page appears, with the VMs tab selected.
3. In Name, click the name of a virtual machine.
The local host page for the selected virtual machine appears.
Result
The Rubrik cluster applies the specified configuration to the selected virtual machine.
Context
An Amazon Machine Instance (AMI) for the snapshot can exist or can be created during the task.
Note: Windows virtual machines with BitLocker-enabled volumes cannot instantiate on AWS CloudOn.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the required privileges to instantiate a virtual machine in the cloud.
2. On the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. In Name, click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Browse to a snapshot.
5. Open the ellipsis menu for the snapshot, and select Launch on Cloud.
The Launch on Cloud modal appears.
6. In Location Name, select the name of an archival location.
The virtual machine will be instantiated in the storage for the selected location.
7. In Instance Type, select the type of AMI instance to use for the instantiated virtual machine.
The Rubrik cluster examines the source virtual machine and provides a recommended AMI instance
type.
The Rubrik cluster makes a AMI instance type recommendation based on a 64-bit operating system.
The recommendation, from the m4 series, will be unsuitable for a 32-bit operating system. When the
instantiated virtual machine has a 32-bit operating system, choose Custom Instance Type and specify
a 32-bit AMI instance type.
8. Optional: In Instance Type, select Custom Instance Type.
The Custom Instance Type field appears.
9. Optional: In Custom Instance Type, type the name of an AMI instance type.
The name must be typed in the exact form that Amazon uses. Be sure that the selected instance type
is appropriate for the operating system of the instantiated virtual machine.
10. In Subnet (VPC), select a virtual private cloud.
The field lists the virtual private cloud subnets that are available at the selected archival location. To
see a list in this field, first select an archival location.
11. In Security Group, select an available security group.
Result
The Rubrik cluster begins the instantiation task. When the task completes, the instantiated virtual machine
appears on the Cloud Mounts page of the Rubrik CDM web UI.
Note: A Windows virtual machine in AWS may fail to launch due to “Windows activation failures”, which
is caused by licensing issues. A Windows License obtained from the data center is not transferable to
Windows instance launched in the cloud. Windows instances launched on cloud obtain their licenses from
AWS KMS Servers. Amazon AWS online documentation provides information for troubleshooting this issue.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to power off a cloud instance.
2. On the left-side menu, click Virtual Machines > vSphere VMs.
The cloud mounts page appears, with the Instances tab selected.
3. Open the ellipsis menu next to the selected instance.
4. Click Power Off.
Result
The Rubrik cluster powers off the selected instance. The instance remains as a powered down instance on
the AWS account.
Removing entry
Use the Cloud Mounts page of the Rubrik CDM web UI to remove the virtual machine.
Context
Rubrik cluster stops managing the virtual machine once it has been removed. Manage this virtual machine
from the AWS console.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to remove a virtual machine entry.
2. On the left-side menu, click Virtual Machines > vSphere VMs.
The cloud mounts page appears, with the Instances tab selected.
3. Open the ellipsis menu next to the selected instance.
4. Click Remove entry.
Result
The Rubrik cluster removes the selected virtual machine instance.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to launch an Amazon Machine Image (AMI).
2. On the left-side menu, click Virtual Machines > vSphere VMs.
The cloud mounts page appears, with the Instances tab selected.
3. Click the AMIs tab.
The list of available AMIs appears.
4. Open the ellipsis menu next to a selected AMI.
5. Click Launch AMI.
Result
The Rubrik cluster launches the selected AMI.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to remove an instantiated virtual machine.
2. On the left-side menu, click Virtual Machines > vSphere VMs.
The cloud mounts page appears, with the Instances tab selected.
3. Open the ellipsis menu next to the selected instance.
4. Click Power Off.
The Rubrik cluster powers off the selected instance.
5. Open the ellipsis menu next to the selected instance again.
6. Click Terminate.
Result
The Rubrik cluster removes the selected virtual machine instance.
Removing AMIs
Virtual machine snapshots that have been converted to AMIs appear on the Cloud Mounts page of the
Rubrik CDM web UI. Remove an individual AMI from the AWS Cloud Mount page.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to remove an Amazon Machine Image (AMI).
2. On the left-side menu, click Virtual Machines > vSphere VMs.
The cloud mounts page appears, with the Instances tab selected.
3. Click the AMIs tab.
The list of available AMIs appears.
Result
The Rubrik cluster removes the selected AMI.
Rubrik CloudOn for Azure converts a local or archived snapshot of a vSphere virtual machine into a Virtual
Hard Disk (VHD) or a managed disk snapshot. The VHD or managed disk snapshot can then be used to
launch an Azure virtual machine.
Rubrik supports instantiating on-premises vSphere virtual machines to Azure.
Rubrik CloudOn for Azure supports the following scenarios:
• Instantiating vSphere virtual machines for testing and development – Launch on-premises virtual
machines to enable sandbox testing and development needs in Azure.
• Migrating on-premises virtual machines to Azure – Lift-and-shift migration of virtual machines to Azure.
• Disaster recovery (DR) to Azure – Failover to Azure using archived data when the on-premises data
center fails.
Prerequisites
For successful deployment of Azure CloudOn, ensure that the following prerequisites are met. These
prerequisites are applicable to on-premises VMware virtual machines, Rubrik cluster, and Azure Archive.
Component Settings
Bolt Network Security Group Bolt Network Security Group (NSG) must be configured to allow
(NSG) Storage Service Tags outbound on port 443.
Azure ExpressRoute connection Configure the Azure ExpressRoute with Microsoft Peering.
Microsoft Azure online documentation provides information
configuring Microsoft peering.
VPN or ExpressRoute The firewall routing must send Rubrik Archival (CloudOut) traffic
over VPN or ExpressRoute.
Microsoft Azure online documentation provides information on the
right solution in connecting an on-premise network to Azure.
• Connectivity to Blob Store
When Rubrik cluster reads data from the Azure archive, the Rubrik cluster launches transient instances
within a VNet over public internet in the same region.
Since Azure storage is available over public endpoints over public internet, if public internet is not
available on the VNet, it is recommended to use Azure VNet endpoint to securely access the Azure
storage. Information on how to configure VNet endpoints can be found in the Microsoft Azure
documentation.
Resource group
Create a resource group that can be used to launch the transient compute instance and the user instance.
In the Rubrik CDM web UI, specify the resource groups from the "Launch on cloud" option in the Virtual
Machines > vSphere VMs menu.
When upgrading from previous Rubrik CDM version that does not have a resource group specified in the
archival location, Rubrik cluster creates a default resource group which is used to launch the transient
compute instance, as described in Creating a resource group. Alternatively, edit the archival location and
specify a different resource group to be used for such instances.
Note: Ensure backward compatibility with Rubrik CDM version earlier than 5.0.
Configuration Description
Azure CloudOn on Windows virtual Refer to the Rubrik CDM Compatibility Matrix provides operating
machines systems supported by Rubrik for Azure CloudOn on Windows virtual
machines.
Virtual Machine Disk (VMDK) The maximum size of a Virtual Machine Disk (VMDK) that can be
successfully converted by CloudOn is up to 1 TB.
VMware virtual machine with up to 10 disks are supported by Azure
CloudOn.
Required settings
Azure CloudOn has supported and unsupported virtual machine configurations.
Setting Description
Supported disk partitioning scheme Master Boot Record (MBR) and GUID partition table on Windows.
Supported file systems Windows - NTFS
Supported OS disk formats • Standard
• LDM
Supported boot volume Boot volume using MBR partitioning cannot exceed 1 TB
Supported non-boot volume Non-boot volumes using GPT cannot exceed 1 TB
Supported single disk size Cannot exceed 1 TB for instantiations
Supported number of disks on Virtual machines with up to 10 disks can be instantiated
virtual machines
Supported Windows language English
packs
Unsupported virtual machine • Virtual machines with 32-bit configuration
configurations • Desktop OS
• UEFI/EFI boot partitions
• Multiple network interfaces
• Virtual machines with encrypted root disk
Procedure
1. Access the Rubrik Support Portal at https://support.rubrik.com/.
2. Select Docs & Downloads.
3. Select Rubrik CDM version.
4. Select version (Cloud Compute).
5. Click Download.
The Accept EULA page appears.
6. Review the EULA.
7. Select Accept and Download.
8. Click Accept and Download.
The file download page appears.
9. Click the zip file.
A browser-specific download of the zip file begins. The browser downloads the zip file to the default
download folder or to the location you select.
10. Extract the contents of the zip file.
Result
The package includes the rkazurecli_cloud_compute.ps1 script and the rkazurecli_util.ps1
script.
Context
The PowerShell is supported on Windows platform.
As part of this task, copy values into a temporary file for later use.
Procedure
1. Log in to the Azure Portal.
2. On the top menu of the Azure Portal, click the Cloud Shell Icon.
Result
The PowerShell is configured in the Cloud Shell
Procedure
1. Type the following command to navigate to the cloud drive to check if all files were uploaded:
cd $home\clouddrive
The working directory changes to the cloud drive directory.
2. At the prompt, type:
.\rkazurecli_cloud_compute.ps1
The Azure CloudOn CLI starts and a numbered setup menu appears.
3. At the prompt, type 1.
4. Decide on a region for the resource group and at the prompt, type the number of that region.
Use this region throughout this task.
5. At the prompt, type the number of that storage account.
Alternatively, type 0 and a storage account name to create a new storage account.
6. At the prompt, type the number of that resource group.
Alternatively, type 0 and a resource group name to create a new resource group for the storage
account.
7. At the prompt, type the name of a container group from the list of available container groups.
The container group is where converted VHDs of VMware virtual machines converted by CloudOn are
stored.
Result
The rkazurecli_cloud_compute.ps1 script checks and creates the CloudOn configuration
prerequisites. The script generates a JSON text file to capture the configuration prerequisites. The text of
this JSON is used in later configuration to complete Azure CloudOn configuration steps in the Rubrik CDM
web UI.
When the script completes the configuration, it closes.
Context
For information on all necessary ports for CloudOn see Ports.
All other inbound ports must be closed and outbound access must be enabled.
Microsoft Azure online documentation provides information on creating a virtual network and subnet by
using the Azure Portal.
As part of this task, values will be saved in a temporary file for later use.
Procedure
1. Log in to the Azure Portal.
2. On the Azure Portal menu, select Virtual networks.
The Virtual networks page appears with a list of all available subnets.
3. In the resource groups filter, clear all resource groups except the resource group created for Azure
CloudOn.
Clear Select All to clear all selections, then select only the resource group that was copied to the
temporary file in Configuring Azure Objects.
4. Copy the name into your temporary file as the subnet ID.
5. Click the name of the subnet.
The blade for that subnet opens.
6. In the subnet blade menu, select Properties.
7. In Resource ID, click the copy button to copy the resource ID value.
8. Paste the resource ID value into your temporary file.
9. Configure the new subnet to have VPN access to the Rubrik cluster.
Result
The subnet is configured.
Context
The rkazurecli_cloud_compute.ps1 script creates a JSON file that contains the Application ID,
Subscription ID, Region, General Purpose Storage name, General Purpose Storage Container Name, Virtual
Network ID, Subnet ID and Security Group name.
As part of this task, values will be saved in a temporary file for later use.
Procedure
1. Log in to the Azure Portal.
2. On the Azure Portal menu, click Azure Active Directory.
The Azure Active Directory page for your account appears.
3. Click App Registrations.
The App Registrations blade appears.
4. On the App Registrations blade, click +New application registration.
The Create blade appears.
5. In Name, type a name for the Rubrik cluster application.
6. In Application type, select Web app / API.
7. In Sign-on URL, type a valid URL.
Type any valid URL value. The Sign-on URL value is not used by the Rubrik cluster.
8. Click Create.
The Registered app blade for the Rubrik cluster application appears.
9. On the Registered app blade, find the Application ID value.
10. Copy the application ID value into your temporary file.
11. Click Settings.
The Settings panel appears.
12. Click Keys.
The Keys blade appears.
13. In Key Description, type a description for this key.
The key is assigned to the Rubrik cluster application. The description should identify this purpose.
14. In Duration, select a duration.
Rubrik recommends that you select Never expires to avoid problems with changing the key at the
end of a specified duration period.
15. Click Save.
The key value cannot be retrieved after leaving the Keys blade. Store the key value in a secure
location.
The Azure portal generates a key value and the key value appears in the Value field.
16. Select and copy the key value.
17. Paste the key value into your temporary file.
18. On the Azure Portal menu, click Azure Active Directory.
Result
The Rubrik cluster is registered in Azure AD.
Context
Rubrik CDM works with contributor role-based access on your Azure subscription. However, when
contributor access cannot be provided, create a custom role with the minimum required permissions.
Procedure
1. Copy the following JSON structure, including beginning and ending braces, to a plain text editor.
{
"Name":"Rubrik CloudOn 5_0",
"IsCustom":true,
"Description":"Can Launch VMs from archived snapshots",
"Actions":[
"Microsoft.Compute/snapshots/*",
"Microsoft.ClassicCompute/virtualMachines/detachDisk/action",
"Microsoft.ClassicCompute/virtualMachines/attachDisk/action",
"Microsoft.Compute/images/read",
"Microsoft.Compute/images/write",
"Microsoft.Compute/images/delete",
"Microsoft.Compute/disks/*",
"Microsoft.Compute/locations/*/read",
"Microsoft.Compute/skus/read",
],
"AssignableScopes":[
"/subscriptions/subscription-id"
]
}
2. Near the end of the JSON structure, replace subscription-id with the Azure Subscription ID for the App
Registration subscription.
3. Copy the resulting JSON structure.
4. Open the Azure Cloud Shell for the associated account.
5. Change the current working directory to the account home directory.
Type: cd $home.
6. At the Azure Cloud shell prompt, type nano RubrikCloudOnMinimalPermissions.json.
The nano editor opens and starts a new empty file named
RubrikCloudOnMinimalPermissions.json in the home directory of the account.
7. Paste the JSON structure into the new file in the editor.
Press Ctrl + U to paste into the editor.
8. Save the new file.
Press Ctrl + O, and then press Enter to save the file
9. Close nano.
Pres Ctrl + X to close nano.
10. At the Cloud Shell prompt, type a command to create a role definition.
Result
Azure creates a role with minimal permissions and assigns the role to the Rubrik application.
Context
This task uses values obtained from the tasks Configuring Azure Objects, Configuring the subnet, and
Setting up permissions on Azure and stored in a temporary file.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Archival Location.
The Archival Locations page appears.
4. On the card for an existing Azure archival location, open the ellipsis menu and click Edit.
The Edit Archival Location dialog box appears.
5. Click Advanced Settings.
The Advanced Settings page appears with the Cloud Compute Settings menu selected.
Result
The Rubrik cluster modifies the archival location configuration to add support for Azure CloudOn.
Setting Description
Disabled The Rubrik cluster converts the snapshots from
the virtual machine into VHDs only when cloud
instantiation is requested. This setting requires the
creation of a VHD from the VMDKs of the selected
snapshot after instantiation is initiated and so takes
longer to complete.
This is the default value.
Cloud conversion with Keep older VHDs The Rubrik cluster starts converting the most
recent virtual machine snapshot as soon as it has
been archived. The Rubrik cluster combines the
chain of incremental snapshots leading to the last
full snapshot and the VHD is created from the
resulting snapshot. The Rubrik cluster does not
automatically remove previously created VHDs from
cloud storage. Removing those VHDs requires user
action.
This setting normally does not require the creation
of a VHD from the VMDKs of the selected snapshot
after instantiation is initiated. Since the VHD
already exists, the instantiation task is much faster.
Context
The compute instances are launched in the same Azure region as the Azure storage. The Archive Location
is configured in the same location the Rubrik cluster uses to archive the virtual machine data. The network
and firewall settings for these instances are configured based on the CloudCompute settings that are
configured on the Archival location.
Procedure
1. Rubrik CDM prepares the selected snapshot to be converted in the cloud.
2. If the snapshot has not already been archived, Rubrik CDM uploads delta changes to the archive
location where the prior snapshots in the chain reside.
3. Rubrik CDM checks if a Bolt and a Converter instance has already launched that can be reused. If
none exists, Rubrik CDM will launch new Bolt and Converter instances.
4. New disks are created, corresponding to the VHD disks and are attached to the Converter instance.
Bolt instance reads data from the Archive location and copies data from the archived snapshot to the
volumes attached at the Converter instance.
5. After all changes have been written to the attached volumes, Rubrik CDM creates snapshots out of the
volumes.
Result
An image is created after successful verification which completes the conversion process.
Prerequisites
• Configure an SLA Domain to use an Azure container that was created for cloud instantiation.
• Assign at least one vSphere virtual machine to the selected SLA Domain.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to configure cloud conversion settings.
2. On the left-side menu, click Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. In Name, click the name of a virtual machine.
The local host page for the selected virtual machine appears.
When the Overview card does not contain the Cloud Conversion field shown here, the possible causes
are:
• The SLA Domain is not correctly configured for cloud instantiation.
• The selected virtual machine is not a vSphere virtual machine.
• The guest OS of the virtual machine is not Windows.
4. On the Overview card, in the Cloud Conversion field, click Configure.
5. Assign a configuration.
Result
The Rubrik cluster applies the specified configuration to the selected virtual machine.
Context
Note: Windows virtual machines with BitLocker-enabled volumes cannot instantiate on Azure CloudOn.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the required privileges to instantiate a virtual machine in the cloud.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. Click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Browse to a snapshot.
5. Open the ellipsis menu for the snapshot, and select Launch on Cloud.
The Launch on Cloud dialog box appears.
6. Under Cloud Provider, select Azure.
7. In Location Name, select the name of an archival location.
The virtual machine will be instantiated in the storage for the selected location.
Result
The Rubrik cluster launches the Rubrik Bolt cloud instance in the resource group associated with the
archive location to create a full snapshot.
The Rubrik cluster begins the instantiation task. When the task completes, the instantiated virtual machine
appears on the Cloud Mounts page of the Rubrik CDM web UI.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the required privileges to instantiate a virtual machine in the cloud.
2. On the left-side menu, select Virtual Machines > vSphere VMs.
The vSphere VMs page appears, with the VMs tab selected.
3. In Name, click the name of a virtual machine.
The local host page for the selected virtual machine appears.
4. Browse to a snapshot.
5. Open the ellipsis menu for the snapshot, and select Launch on Cloud.
The Launch on Cloud dialog box appears.
6. In Location Name, select the name of an archival location.
The virtual machine will be instantiated in the storage for the selected location.
7. In Virtual Machine Size, select the type of VHD instance to use for the instantiated virtual machine.
The Rubrik cluster examines the source virtual machine and provides a recommended VHD instance
type.
8. Optional: In Virtual Machine Size, select Custom Instance Type.
The Custom Instance Type field appears.
Result
The Rubrik cluster begins the instantiation task. When the task completes, the instantiated virtual machine
appears on the Cloud Mounts page of the Rubrik CDM web UI.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to power off an instantiated virtual machine.
2. On the left-side menu, click Cloud Mounts > Azure.
The cloud mounts page appears, with the VMs tab selected.
3. Open the ellipsis menu next to the selected instance.
4. Click Power Off.
Result
The Rubrik cluster powers off the selected instance. The instance remains as a powered down instance on
the Azure account.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to terminate an instantiated virtual machine.
2. On the left-side menu, click Cloud Mounts > Azure.
The cloud mounts page appears, with the VMs tab selected.
3. Open the ellipsis menu next to the selected instance.
4. Click Power Off.
The Rubrik cluster powers off the selected instance.
Result
The Rubrik cluster removes the resources created by instantiation from the resource group once the virtual
machine is terminated.
Context
Rubrik cluster stops managing the virtual machine once it has been removed. Manage this virtual machine
from the Azure Portal.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to remove a virtual machine entry.
2. On the left-side menu, click Cloud Mounts > Azure.
The cloud mounts page appears, with the VMs tab selected.
3. Open the ellipsis menu next to the selected instance.
4. Click Remove entry.
Result
The Rubrik cluster removes the selected virtual machine from Rubrik cluster metadata and stops managing
it.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to launch a virtual machine image.
2. On the left-side menu, click Cloud Mounts > Azure.
The cloud mounts page appears, with the VMs tab selected.
3. Click the VM Images tab.
The list of available virtual machine images appears.
4. Open the ellipsis menu next to a selected virtual machine image.
5. Click Launch VM Image.
Result
The Rubrik cluster launches the selected virtual machine image.
Procedure
1. Log in to the Rubrik CDM web UI as either an administrative user or an organization administrator.
Only the administrative user for the Rubrik cluster or the administrator of a tenant organization have
the privileges required to remove a virtual machine image.
2. On the left-side menu, click Cloud Mounts > Azure.
The cloud mounts page appears, with the VMs tab selected.
3. Click the VM Images tab.
The list of available virtual machine images appears.
4. Open the ellipsis menu next to a selected virtual machine image.
5. Click Delete VM Image.
Result
The Rubrik cluster removes the selected virtual machine image from the Azure account.
Resource groups
Resources can be grouped into a resource group.
To assign resources to a resource group, either assign all the resources or only those to be managed as
a group. To ensure the ease of deployment, update, or deletion of a resource group, Rubrik recommends
that resources added to a resource group share the same lifecycle.
A maximum of 800 resource groups can be created per Azure account subscription. Each resource group,
in turn, can contain a maximum of 800 deployments.
With a configured resource group, a virtual machine will be launched and instantiated in the
selected resource group. The Rubrik cluster launches the Rubrik Bolt cloud instance in the resource
group associated with the archive location to create a full snapshot. When an existing archival
location does not have a resource group, the local Rubrik cluster creates a resource group called
DefaultRubrikStormResourceGroup and uses it to launch Azure Storm instances. For more information, see
Creating a resource group.
As part of the garbage collection tasks, Rubrik cluster deletes deployments with a prefix import-vm*
from the resource group being used to launch the transient compute instance and user instances. Rubrik
cluster deletes these deployments to avoid reaching the maximum number of deployments per resource
group and prevent instantiation failures. Rubrik cluster also deletes non-Rubrik deployments with the same
prefix of import-vm* in the same resource group used for CloudOn that are already in a terminated
state. To determine the impact of deleting deployments, review the Microsoft online documentation. For
more information, see Removing a resource group.
Procedure
1. Log in to the Azure Portal.
2. On the left-side menu, click Resource groups.
The Resource groups page appears.
3. On the top menu bar, click +Add.
The Resource groups blade appears.
Result
The Rubrik cluster begins the instantiation task. When the task completes, the instantiated virtual machine
appears on the Cloud Mounts page of the Rubrik CDM web UI. When launched successfully, the Rubrik
cluster names the virtual machine with the local VMware as the prefix and appends a disambiguation string
to the prefix, such as SQL-server-001-disambiguation string.
Rubrik recommends using a disambiguation string to avoid potential conflicts that arise when a string is
ambiguous.
Context
Removing a resource group deletes all resources associated in the resource group.
Before removing a resource group, verify that this resource group does not contain a resource that other
resource group depends upon.
Procedure
1. Log in to the Azure Portal.
2. On the left-side menu, click Resource groups.
The Resource groups page appears.
3. Select a resource group to remove and from the top bar of the Resource groups page click Delete.
Result
Azure removes the selected resource group from the Azure account.
Rubrik clusters enable the management and protection of Amazon Elastic Compute Cloud (Amazon EC2)
instances.
Feature Description
Amazon EC2 instance Takes snapshots of Amazon EC2 instances.
backup
Indexing Enables file search and download within snapshots of Amazon EC2 instances.
Restore to different Enables restoring an Amazon EC2 instance snapshots to regions other than
region their original region.
Note: Amazon EC2 instances created by using a disk deployed from the AWS Marketplace do not support
indexing.
Protecting Amazon EC2 instances requires the AWS credentials for the account that owns the instances.
Automatic protection
A Rubrik cluster provides automatic protection of Amazon EC2 instances through inheritance of the SLA
Domain assigned to a parent object.
The automatic protection mechanism simplifies assigning protection to large numbers of Amazon EC2
instances and provides an easy method to uniformly assign specific SLA Domains to groups of functionally
similar Amazon EC2 instances.
The Rubrik cluster uses a specific set of automatic protection rules in the application of automatic
protection.
To show the impact of automatic protection on the protection settings of an Amazon EC2 instance,
consider the following fictitious environment:
• Amazon EC2 instance is newly discovered and no protection has been assigned.
• Amazon EC2 instance is owned by AWS account A. AWS account A has no assigned protection.
Administrator assigns the SLA Domain named ClusterProtection to A:
The Amazon EC2 instance inherits the ClusterProtection assignment (Rule Two).
Administrator individually assigns the Amazon EC2 instance to the Gold SLA Domain:
The Amazon EC2 instance is protected by the Gold SLA Domain (Rule One).
Context
If indexing is enabled for EC2 instances but VPN is not available, indexing fails after creating an Apache
Storm cluster in the AWS environment due to connectivity issues. Instead, connect to the Apache Storm
cluster using a public IP address to start indexing for EC2 instances.
Procedure
1. Connect to the Apache Storm cluster using SSH.
2. Type this command.
Result
The public IP address provides connectivity for EC2 indexing.
Procedure
1. Log in to the AWS account.
2. In the AWS Services list, in the Security, Identity & Compliance section, select IAM.
The Identity and Access Management page appears.
3. On the left-side menu, select Policies.
4. Click Create policy.
The Create Policy workspace opens with the Visual Editor tab active.
5. Click the JSON tab.
The JSON text editor appears.
In the next step, pay close attention to the JSON formatting, including opening and closing braces and
brackets.
6. Paste the following text into the JSON editor:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"VisualEditor1",
"Effect":"Allow",
"Action":[
"ec2:AttachVolume",
"ec2:CopyImage",
"ec2:CreateImage",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteKeyPair",
"ec2:DeleteSnapshot",
"ec2:DeleteVolume",
"ec2:DeregisterImage",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeImportImageTasks",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
7. Optional: For an Amazon EC2 instance that contains encrypted volumes, add the following section
immediately following the "Statement": [ line:
{
"Sid":"VisualEditor0",
"Effect":"Allow",
"Action":[
"kms:Decrypt",
"kms:Encrypt",
"kms:GenerateDataKey",
"kms:ReEncryptTo",
"kms:DescribeKey",
"kms:CreateGrant",
"kms:ReEncryptFrom"
],
"Resource":[
"arn:aws:kms:region:accountId:key/keyId",
"arn:aws:kms:region:accountId:key/keyId"
]
},
Enter the correct region, account ID, and key ID for each encrypted volume in the “Resource”:
section.
8. Click Review Policy.
9. In Name, type a name for the policy.
10. Optional: In Description, type a description for the policy.
11. Click Create policy.
Result
AWS creates the security policy and returns to the policy list page.
Procedure
1. Log in to the AWS account.
2. In the AWS Services list, in the Security, Identity & Compliance section, select IAM.
The Identity and Access Management page appears.
3. Click Users.
The list of users appears.
4. Click Add user.
Result
The browser downloads a CSV file that contains the Access Key and Secret Key for the new user.
The Rubrik user account is now ready to provide the Rubrik cluster with access to the Amazon EC2
instances to protect.
Related tasks
Configuring the AWS account security policy
The AWS account that owns the Amazon EC2 instances requires a specific security policy to enable Rubrik
to protect the instances.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Workloads.
3. Under Cloud Workloads, click EC2 Instances.
The Instances tab appears.
4. Click Add AWS Account.
The Add Cloud Source dialog box appears.
5. In the Credentials tab, enter the following information:
• A name for the cloud source
• The AWS access key
• The AWS secret key
6. Select the regions that contain the instances to protect.
7. Optional: Click the Indexing tab.
Searching for a file within a cloud native snapshot and file-level recovery from a cloud native snapshot
requires indexing.
8. Optional: Move the slider to the right to enable indexing for a region.
9. Optional: For each region with indexing enabled, select a VPC ID, Subnet ID, and Security Group ID.
The Rubrik cluster must be able to connect to instances in the selected VPC. Verify that ports 2002 is
open.
10. Click Add.
Column Description
Instance ID The unique identifier of the instance.
Instance Name The instance name.
Instance Type The Amazon EC2 type of the instance
Account The account that owns the instance.
Region The region of the instance.
SLA Domain The name of the SLA protecting the instance.
Assignment Specifies whether the SLA was assigned directly or
inherited from an account-wide SLA.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Workloads.
3. Under Cloud Workloads, click EC2 Instances.
The Instances tab appears.
4. Click Accounts.
The Accounts tab appears.
5. Select the account to manage.
To search for a specific account, enter a search string in the ‘Search by Name or Instance ID’ field. To
filter the list of accounts by assigned SLA or SLA assignment type, select a filter from the drop-downs
at the top right of the list.
6. Optional: To manage the account, click the ellipsis at the top right of the page.
The list of management options appears.
7. Optional: Select a management option:
Option Description
Edit Update the account information
Delete Remove the account from the Rubrik cluster.
Refresh Refresh the list of instances that are associated
with the account.
Result
The selected AWS accounts are updated with the new information.
Related concepts
Custom SLA Domains
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Workloads.
3. Under Cloud Workloads, click EC2 Instances.
The Instances tab appears.
4. Select an Amazon EC2 instance.
To search for a specific instance, enter a search string in the ‘Search by Name or Instance ID’ field.
To filter the list of instances by region, assigned SLA, or SLA assignment type, select a filter from the
drop-downs at the top right of the list.
5. Click Manage Protection.
6. The Manage Protection dialog box appears.
7. Select an SLA from the list.
To search for a specific SLA, enter a search string in the ‘Search SLA domains’ field.
8. To create a new SLA Domain, click the + button.
9. Click Submit.
Result
The instance is now protected by the selected SLA Domain.
Related concepts
Custom SLA Domains
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Cloud Workloads > EC2 Instances.
Note: To go directly to the page for a specific Amazon EC2 instance, type the name of the instance in
the search box on the top bar of the Rubrik CDM web UI and select the instance from the results list.
Result
The Rubrik cluster excludes the selected EBS volumes from all future backups of the Amazon EC2 instance.
Related concepts
Finding protection objects
The Rubrik CDM web UI provides several tools for finding protection objects.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Workloads.
3. Under Cloud Workloads, click EC2 Instances.
The Instances tab appears.
4. In the Name column, click an instance name.
The Overview, Snapshots, and Status cards appear for that instance.
5. Click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
6. Select an SLA from the list.
Result
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log tracks the
status of the on-demand backup task. The Rubrik cluster manages the snapshot based on the rules and
policies of the selected SLA Domain.
Related concepts
Custom SLA Domains
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Workloads.
3. Under Cloud Workloads, click EC2 Instances.
The Instances tab appears.
4. In the Name column, click an instance name.
The Overview, Snapshots, and Status cards appear for that instance.
5. In the Snapshots card, use one of the following methods to select a snapshot to restore.
• Click the date of the snapshot.
• Search in indexed snapshots by entering a filename string in the Search by File Name field.
A list of snapshots appears in the Snapshots card.
6. Click the ellipsis menu next to the snapshot and click Restore.
The instance is restored, effectively rolling the instance back to the time of the snapshot.
Result
The Rubrik cluster queues the restore of the Amazon EC2 instance snapshot.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Workloads.
3. Under Cloud Workloads, click EC2 Instances.
The Instances tab appears.
4. In the Name column, click an instance name.
The Overview, Snapshots, and Status cards appear for that instance.
5. In the Snapshots card, use one of the following methods to select a snapshot to export.
• Click the date of the snapshot.
• Search in indexed snapshots by entering a filename string in the Search by File Name field.
Result
The Rubrik cluster queues the export of the Amazon EC2 instance snapshot.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Cloud Workloads.
3. Under Cloud Workloads, click EC2 Instances.
The Instances tab appears.
4. In the Name column, click an instance name.
The Overview, Snapshots, and Status cards appear for that instance.
5. In the Snapshots card, click on the date of the snapshot to restore.
Search in indexed snapshots by entering a filename string in the Search by File Name field.
After selecting a date, a list of snapshots taken on that date appears in the Snapshots card.
6. Click the ellipsis next to the snapshot to restore.
7. Select Recover Files.
The Recover Files dialog box appears.
8. Select the files to restore.
To search for files, enter a string in the ‘Search Files’ field.
9. Click Finish.
A download link for the files or folders appears.
10. Click the download link.
Result
The files or folders are downloaded to the local system.
File systems
A Rubrik cluster provides management and protection of file system data for supported Linux, Unix, and
Windows hosts, and for NAS shares.
For Linux and Windows hosts, the supported operating systems can be running on physical hardware or
on a supported virtual machine. For Unix, the supported operating systems can be running on physical
hardware.
Feature Description
Filesets Define the data to manage and protect by specifying paths, path segments, and
file types to include, exclude and exempt from exclusion.
Valid fileset path statements must begin with one of the following:
• Slash (/)
• Backslash (\)
• A single uppercase or lower case alpha character followed immediately by a
colon. For example, C: and e: .
Use wildcard characters to represent one or more characters in a path or path
segment.
Multiple filesets per Refine protection by creating several different filesets for a host and assigning
host each host fileset to an individually selected SLA Domain.
Filesets stored on Backup filesets stored on Pure Storage FlashArray volumes on AIX hosts.
Pure Storage volumes
on AIX hosts
SLA Domains Protect host filesets with the same SLA Domain functionality that is provided for
other workload types, including SLA rules and policies.
Backup indexing Backup indexes data from a host fileset during ingest. This enables full file level
search and browse of the backed up data when it is on the local Rubrik cluster,
on the replication target, or at the archival location.
Fileset Cluster Backup Fileset backups from clustered hosts.
Replication Assign a host fileset to an SLA Domain that has a replication policy and the data
backed up from that fileset is replicated according to that policy.
Archiving Assign a host fileset to an SLA Domain that has an archival policy and the data
backed up from that fileset is archived according to that policy.
Restore to original Search or browse the indexed host fileset backup to find and restore files and
location folders to the original location on the source host.
Export to a new Search or browse the indexed host fileset backup to find and export files and
location folders to a known host running the same operating system variant (Linux, Unix,
or Windows), or NAS type.
Open files
The operating system of the host determines how a Rubrik cluster handles files that are open at the time
of a fileset backup.
For Linux and Unix hosts, the Rubrik cluster backs up open files in the open state. Files that are backed up
in an open state can potentially be inconsistent.
For Windows hosts, the Rubrik cluster uses the Volume Shadow Copy Service (VSS). When the Rubrik
cluster successfully uses VSS, open files are backed up in a consistent state. When the Rubrik cluster is
unable to successfully use VSS, open files are not included in the backup.
Modified files
Files that have been modified between metadata scan and the backup task will still be backed up, but with
an error message indicating the discrepancy in size.
Files that have increased in size since metadata scan will be backed up to the size of the initial scan. The
additional data is not backed up. Files that have decreased in size since metadata scan will also be backed
up. The discrepancy in file size will be indicated by an error message in the Activity log, but the backup
task will not be affected.
Note: The replication policies of SLA Domains assigned to data sources that use Direct Archive do not
apply to snapshots of those data sources. Replication for snapshots that use Direct Archive is not available
because the Rubrik cluster does not store such snapshots in cluster storage. As a best practice, create
separate SLA Domains specifically for use with data sources that use Direct Archive and do not use those
SLA Domains for data sources that do not use Direct Archive.
Direct Archive is only available for filesets that are protected by an SLA Domain that specifies an archival
location. Archival consolidation is a best practice for optimizing the storage use at the archival location.
Rubrik CDM does not support Direct Archive for the following Rubrik CDM deployments:
• Rubrik Edge
• Rubrik Air
• Rubrik Cloud Cluster
• Rubrik e1000
Related concepts
Archival Consolidation
Archival Consolidation frees archival storage by deleting expired snapshots.
Host management
After installing RBS software on a Linux, Unix, or Windows host, add the host to the Rubrik cluster.
Adding a host to the Rubrik cluster establishes a secure connection between the Rubrik cluster and the
Rubrik Backup Service that is running on the host. After the host is added, an entry for the host appears in
the Rubrik CDM web UI.
Adding a host
To begin managing and protecting a Linux, Unix, or Windows host, add the host to the Rubrik cluster.
Prerequisites
Obtain and install the Rubrik Backup Service software on each host that will be added.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
Option Description
Linux, AIX, or Solaris Click Servers & Apps > Linux & Unix Hosts.
Windows Click Servers & Apps > Windows Hosts.
The Hosts tab page appears based on the selected operating system.
3. Click the button that is appropriate for the host operating system.
Option Description
Linux, AIX, or Solaris click Add Hosts.
Windows Click Add Windows Hosts.
The Add Hosts dialog box for the chosen operating system appears.
4. In IPs or Hostnames, type a comma-separated list of IPv4 addresses or resolvable hostnames for
the hosts being added.
The list can contain a mix of IPv4 addresses and hostnames. The Rubrik cluster requires one IPv4
address or one hostname for each host being added.
Linux and Unix hosts must be added in the Add Hosts dialog box. Windows hosts must be added in
the Add Windows Hosts dialog box.
5. Click Add.
Result
The Rubrik cluster checks connectivity with the specified hosts and adds the hosts.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
Option Description
Linux, AIX, or Solaris Click Servers & Apps > Linux & Unix Hosts.
Result
The Rubrik cluster checks connectivity using the new host information and stores the information.
Removing a host
Delete a Linux, Unix, or Windows host from the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
Option Description
Linux, AIX, or Solaris Click Servers & Apps > Linux & Unix Hosts.
Windows Click Servers & Apps > Windows Hosts.
3. Click the selection box next to a host.
4. Open the ellipsis menu and select Delete.
A warning dialog box appears.
5. Click Delete.
Result
The Rubrik cluster removes the host from the Linux & Unix Hosts tab or the Windows Hosts tab. The
Rubrik cluster moves all the existing filesets for the host to the Snapshot Management page.
The Rubrik cluster retains the backups and archival backups for filesets on the Snapshot Management page
for the length of time specified by the retention policy. The Rubrik cluster removes a host fileset from the
Snapshot Management page when all the backups associated with the host fileset have been manually
deleted.
Related tasks
Deleting snapshots for a data source
Remove snapshots that have a Retain Forever policy.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > NAS Shares.
The NAS Shares page appears, with the Shares tab selected.
3. Click the Hosts tab.
The All NAS Hosts view appears.
4. Click Add NAS Host.
The Add NAS Host dialog box appears, with the IP or Hostname menu selected.
5. In IP or Hostname, type the IPv4 address or resolvable hostname of the NAS host.
6. On the left-side menu, click Share Credentials.
Use this option to provide credentials for all the shares on the host.
Rubrik CDM allows overriding the share credentials during the addition of individual shares to the
Rubrik cluster.
Result
The Rubrik cluster adds the Isilon host.
Next task
Add NAS shares from the Isilon host to the Rubrik cluster, either manually or by auto-discovery.
Related tasks
Adding individual NAS shares to a host
Add an individual NAS share to a host.
Adding NAS shares in batches
Add a batch of NAS shares to the Rubrik cluster.
View the current settings for a role in the NetApp GUI , or use the security login command from the CLI to
view the current permissions for a specific role.
This example uses the security login command to view the current settings for the test_role role.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > NAS Shares.
The NAS Shares page appears, with the Shares tab selected.
3. Click the Hosts tab.
The All NAS Hosts view appears.
4. Click Add NAS Host.
The Add NAS Host dialog box appears, with the IP or Hostname menu selected.
5. In IP or Hostname, type the IPv4 address or resolvable hostname of the NAS host.
6. On the left-side menu, click Share Credentials.
Use this option to provide credentials for all the shares on the host.
Rubrik CDM allows overriding the share credentials during the addition of individual shares to the
Rubrik cluster.
7. In Domain, type the authentication domain for the user account that provides access to the NAS
host.
8. In Username, type the name of a user account that provides access to the NAS host.
9. In Password, type the password for the specified user account.
10. On the left-side menu, click Vendor API Credentials.
11. In Host Type, select NetApp.
12. Optional: Enable SnapDiff API Integration.
SnapDiff API integration allows for faster file scan speeds and is applied to all shares belonging to the
host.
When enabled, snapshots can be restored only to NetApp API enabled hosts. Additionally, only public
cloud, NetApp S3, or NetAPP NFS storages are supported as archival destinations.
13. In NetApp Username, enter the name of the user account to access the NetApp API.
14. In NetApp Password, enter the password for the user account to access the NetApp API.
15. Optional: In Management Hostname or IP, type a hostname or IP address of a NetApp interface
that supports storage virtual machine (SVM) management.
When Management Hostname or IP is not configured, the value of IP or Hostname is used as
both the management and the data logical interface (LIF) of the SVM.
16. Optional: In CA Certificate, provide the certificate of the Certificate Authority (CA) obtained from the
NetApp host for TLS certificate validation.
17. Click Add.
Result
The Rubrik cluster adds the NAS host.
Next task
Select NAS shares from the NAS host to add to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > NAS Shares.
The NAS Shares page appears, with the Shares tab selected.
3. Click the Hosts tab.
The All NAS Hosts view appears.
4. Click Add NAS Host.
The Add NAS Host dialog box appears, with the IP or Hostname menu selected.
5. In IP or Hostname, type the IPv4 address or resolvable hostname of the NAS host.
6. On the left-side menu, click Share Credentials.
Use this option to provide credentials for all the shares on the host.
Rubrik CDM allows overriding the share credentials during the addition of individual shares to the
Rubrik cluster.
7. In Domain, type the authentication domain for the user account that provides access to the NAS
host.
8. In Username, type the name of a user account that provides access to the NAS host.
9. In Password, type the password for the specified user account.
10. On the left-side menu, click Vendor API Credentials.
11. In Host Type, select Nutanix.
12. In Nutanix API Username, type the name of a user account.
The user account must have REST API access privileges on the Nutanix host.
13. In Nutanix API Password, type the password for the account.
14. Optional: In CA Certificate, provide the certificate of the Certificate Authority (CA), obtained from
the Nutanix host.
Rubrik CDM automatically obtains the certificate from the Nutanix host when one is not provided.
15. Click Add.
Result
The Rubrik cluster adds the Nutanix host.
Next task
Manually add NAS shares to the Rubrik cluster or use auto-discovery to find and add shares.
NAS shares
To provide backup for file-level shared storage of a NAS host, Rubrik CDM requires NAS shares to be added
to the Rubrik cluster from the NAS hosts.
Protection of data on NAS hosts requires selecting and adding NAS shares to the Rubrik cluster, either
individually or as a batch. Batch jobs can include NAS shares selected manually or NAS shares selected
using the auto-discovery feature. The auto-discovery feature supports only NetApp, Isilon, and Nutanix API
enabled hosts.
With the auto-discovery feature, Rubrik CDM allows either manual selection of shares to be protected, or
automatic addition of all discovered shares for protection. When automatic addition is selected, the Rubrik
cluster periodically queries the auto-discoverable hosts for NAS shares and automatically adds the newly
discovered shares if the shares have valid API credentials.
The Rubrik cluster does not automatically protect the newly discovered and added shares. When a new
share becomes available protection must be manually configured. Shares deleted after discovery can be
manually re-added if needed.
Access to SMB share accounts requires credentials for those accounts. When the credentials for an SMB
share account are required, the following message appears:
Wrong Credentials
Providing the correct credentials for the SMB share allows access to the share and removes the message.
Related tasks
Adding NAS shares in batches
Add a batch of NAS shares to the Rubrik cluster.
Adding an Isilon NAS host
Add an Isilon NAS host to the Rubrik cluster to manage and protect the data in the Isilon host shares.
Adding a NetApp NAS host
Add a NetApp NAS host to the Rubrik cluster to manage and protect the data in the NetApp host share.
Related reference
Required privileges for the NetApp ONTAP REST API
The privileges required for the NetApp ONTAP REST API are listed in the following table.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > NAS Shares.
The NAS Shares page appears, with the Shares tab selected.
3. Click Add NAS Share.
The Add Share wizard starts and the Select Host page appears.
4. Select a host and click Next.
The Add Details page appears in the wizard.
Result
The Rubrik cluster adds the specified NAS share.
Related tasks
Adding an Isilon NAS host
Add an Isilon NAS host to the Rubrik cluster to manage and protect the data in the Isilon host shares.
Adding a NetApp NAS host
Add a NetApp NAS host to the Rubrik cluster to manage and protect the data in the NetApp host share.
Adding a Nutanix NAS host
Add a Nutanix host to the Rubrik cluster to manage and protect the data in the shares on the Nutanix host.
Prerequisites
NAS shares can be added in batches only for shares on NetApp, Isilon, and Nutanix API enabled hosts.
Rubrik CDM does not support adding NAS shares in batches for shares on Pure API enabled hosts. Instead,
individually add shares on Pure API enabled hosts.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > NAS Shares.
The NAS Shares page appears, with the Shares tab selected.
3. Click Add NAS Share.
The Add Share wizard starts and the Select Host page appears.
4. Select a host and click Next.
The Add Details page appears in the wizard.
5. Click Auto.
The Add Share page displays all the discoverable shares.
6. Optional: Click Refresh Shares to update the list of shares.
The Rubrik cluster updates the Share Name column with shares on the NAS server that have recently
changed.
7. In the Share Name column, select the shares to be added.
Auto-discovery does not add the shares back once the user deletes them from the Rubrik cluster. Such
shares can be manually added back to the Rubrik cluster from the NAS host. Shares that are deleted
from the NAS host but not from the Rubrik cluster remain in the Rubrik cluster.
Result
The Rubrik cluster adds the specified NAS shares to the host.
Related concepts
NAS shares
To provide backup for file-level shared storage of a NAS host, Rubrik CDM requires NAS shares to be added
to the Rubrik cluster from the NAS hosts.
Related tasks
Adding a Nutanix NAS host
Add a Nutanix host to the Rubrik cluster to manage and protect the data in the shares on the Nutanix host.
Adding individual NAS shares to a host
Add an individual NAS share to a host.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > NAS Shares.
The NAS Shares page appears, with the Shares tab selected.
3. Click the Hosts tab.
The All NAS Hosts view appears.
4. Open the ellipsis menu, and select Delete.
A warning dialog box appears.
5. Click Hosts.
SnapDiff usage
Rubrik CDM integrates with SnapDiff to expedite several functions.
Category Description
Support SnapDiff v1 is supported for all FlexVols but is not supported for
FlexGroups.
Backups The first backup is a traditional scan and a snapshot is retained. The
subsequent incremental backups use SnapDiff and are compared with
previous snapshots.
Similarly, when SnapDiff is enabled for an existing fileset where
incremental backups exist, the first backup after enabling SnapDiff is
a regular scan. This NetApp snapshot is retained on the NetApp NAS
and is used for comparison with the subsequent incremental backups.
The subsequent incremental backups use SnapDiff and are compared
with previous snapshots.
Scans • When using SnapDiff v1, if a scan fails or does not work as
expected a traditional metadata scan is initiated.
• When using SnapDiff v2, if a scan fails or does not work as
expected a restart of the SnapDiff v2 session is attempted before
initiating a traditional metadata scan.
Related tasks
Adding a NetApp NAS host
Add a NetApp NAS host to the Rubrik cluster to manage and protect the data in the NetApp host share.
Editing the SnapDiff setting for a share
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > NAS Shares.
The NAS Shares page appears, with the Shares tab selected.
3. Click the Hosts tab.
The All NAS Hosts view appears.
4. Click a NAS host.
The file shares of the NAS host appear.
5. Open the ellipsis for a file share and click Edit SnapDiff.
The Edit SnapDiff dialog appears.
6. Choose the SnapDiff setting for the file share.
7. Click Update.
Result
The Rubrik cluster updates the SnapDiff setting for the selected file share.
Related reference
SnapDiff usage
Rubrik CDM integrates with SnapDiff to expedite several functions.
NetApp SnapMirror
The Rubrik cluster can protect a NetApp volume that uses the SnapMirror snapshot replication feature.
The SnapMirror shares detected on SnapMirror replica volumes can be viewed by clicking on a NetApp host
from Servers & Apps > NAS Shares > Hosts.
SnapMirror volumes are read-only and cannot be the target of restore operations. When a SnapMirror
volume changes types and becomes a normal volume, Rubrik CDM generates an event for the event log.
Rubrik CDM does not display any information about the SnapMirror relationship between the NetApp
source and NetApp target. Also, Rubrik CDM does not control or manage the SnapMirror relationship
between the NetApp source and NetApp target. For example, Rubrik CDM does not control the snapshot
replication, replication frequency, or retention period from the NetApp SnapMirror source to the target.
Related concepts
NAS shares
To provide backup for file-level shared storage of a NAS host, Rubrik CDM requires NAS shares to be added
to the Rubrik cluster from the NAS hosts.
Prerequisites
Add the SnapMirror volume to the Rubrik cluster as a NAS share.
Result
The Rubrik cluster protects the fileset on the SnapMirror volume as required by the SLA Domain assigned
to the fileset.
Related concepts
NAS shares
To provide backup for file-level shared storage of a NAS host, Rubrik CDM requires NAS shares to be added
to the Rubrik cluster from the NAS hosts.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > NAS Shares.
The NAS shares page appears, set to the Shares tab. SnapMirror volumes are listed with a Share Type
of SnapMirror.
3. Select a SnapMirror volume and click Manage Protection.
The Manage Protection wizard appears.
4. Choose the type of label to modify.
• Full
• Incremental
The label for the chosen label type appears in the Current Label field.
5. In the SnapMirror label section, click Modify Label.
The SnapMirror Label pane appears.
6. In New Label, type the new label to use for the protected fileset.
To use the most recent snapshot, do not specify a new label.
7. Click Save Changes.
The Manage Protection wizard appears.
8. Click Next.
9. Click Finish.
Result
Protection for the specified fileset uses the snapshots specified by the new labels. When no label is
specified, protection uses the most recent snapshot.
Filesets
Rubrik CDM protects folders and files on host computers and NAS shares through filesets.
A fileset defines a set of files and folders on a host computer or NAS share. The Rubrik cluster uses the
filesets that are assigned to a host or share to determine the data to manage and protect.
Enable Linux, For Linux and Unix hosts, this option appears when Follow Network Shares is
Backup Unix, selected, and is enabled by default.
of and NAS
For Linux and Unix hosts, and for NAS, clear this setting to exclude hidden folders
Hidden
from the fileset.
Folders
Note: On a Windows host, the Rubrik cluster backs up all hidden files and system
files that are within a fileset description.
Enable Linux, Select to configure a script to run before the backup and a script to run after the
Pre/Post Unix, backup.
Scripts and
Windows
Rule Description
Character set UTF-8
Wildcard – single asterisk: * Directory level wildcard. Substitute for zero or more characters up to
a directory delimiter.
Wildcard – double asterisk: ** Recursive wildcard, includes files in the specified directory and all
sub-directories. Substitute for zero or more characters including
directory delimiter characters.
Multiple wildcards in a path Allowed
description
Space characters in folder names Allowed
Single dot Not allowed. Indicates a reference to the current directory.
Double dot Not allowed. Indicates a reference to the parent directory.
Rule Linux, Unix, and NAS (NFS) Windows and NAS (SMB)
Case Case sensitive Case insensitive
sensitivity
A file name extension indicates the file
type, but does not determine the file type
with certainty. The Rubrik cluster does not
look at file signatures (magic numbers) to
ascertain file type.
End of a file Paths that do not end with a single asterisk Paths that do not end with a single asterisk
path (specifying all the contents of the last (specifying all the contents of the last
named folder) are modified to add /** to named folder) are modified to add \** to
the end of the path. This includes all files the end of the path. This includes all files
and folders beneath the last specified folder. and folders beneath the last specified folder.
Network Linux and Unix hosts – Select Follow Windows host – Specify the UNC path
mounts Network Shares and specify the full path to for a network share. For example,
the mount point. \\networkshare\folder or \
\192.168.1.64\folder. To get all
NAS share (NFS) – Does not apply.
shares of a host, specify the host directly.
For example, \\hostname\\**.
NAS share (SMB) – Does not apply.
The mount or mount.cifs command can
include the ‘nocase’ option. This option
causes case insensitive path name matching
for the paths on the network share. Fileset
rules applicable to a network share with the
‘nocase’ option should account for the case
insensitivity.
Category Linux, Unix, and NAS (NFS) Windows and NAS (SMB)
Paths Path description of a specified directory. Path description of a specified directory.
Paths that end in a directory include Paths that end in a folder include the
the specified directory and everything specified folder and everything hierarchically
hierarchically beneath it. beneath it.
Path descriptions must use the forward Path descriptions must use the backslash
slash character as the directory delimiter. character as the directory delimiter. Paths
Paths cannot include the single dot (.) or cannot include the single dot (.) or double
double dot (..) elements. dot (..) elements.
Path descriptions can include multiple Path descriptions can include multiple
single, or double, asterisk wildcards. single, or double, asterisk wildcards.
Path Path description that does not start with a Path description that does not start with
Segments forward slash. The Rubrik cluster matches a backslash. The Rubrik cluster matches
the path segment wherever it occurs in the the path segment wherever it occurs in the
directory hierarchy and presumes the full directory hierarchy and presumes the full
path from root to each occurrence. path from the root of the system drive to
each occurrence.
Path segments that end in a directory
include the specified directory and Path segments that end in a directory
everything hierarchically beneath it. include the specified directory and
everything hierarchically beneath it.
Path segments must:
Path segments must:
• Start without a forward slash character.
• Use the forward slash character as the • Start without a backslash character.
directory delimiter. • Use the backslash character as the
directory delimiter.
Path segments can include multiple single,
or double, asterisk wildcards. Path segments can include multiple single,
or double, asterisk wildcards.
File matching Use a portion of a filename with wildcards Use a portion of a filename with wildcards
to match specific groups of filenames. to match specific groups of file names.
Specify a file type by using a single asterisk Specify a file type by using a single asterisk
wildcard and a file name extension. For wildcard and a file name extension. For
example, to include all PDF files, add *.pdf example, to include all PDF files, add *.pdf
as an entry in the Include field. as an entry in the Include field.
A file name extension indicates the file
type, but does not determine the file type
with certainty. The Rubrik cluster does not
look at file signatures (magic numbers) to
ascertain file type.
Related information
https://www.boost.org/doc/libs/1_32_0/libs/regex/doc/syntax.html
Error Response
Zero files fetched during a job The Rubrik cluster marks the job as failed and
generates a UI notification and email alert.
High rate of change detected during incremental When the total number of files or the total size
backup of files decrease by 50% or more from the
previous backup, the Rubrik cluster generates a UI
notification and an email alert.
High rate of file fetch failures When more than 50% of the total number of files
in the fileset fail to fetch or when 50% of the total
size of the fileset fails to fetch, the Rubrik cluster
cancels the job.
Related concepts
Email notifications
Enable the Rubrik cluster to send email notifications.
Creating a fileset
Create a fileset to define a set of data in a file system. A fileset can be assigned to a host to protect the
data set specified by the fileset on that host.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
Option Description
Servers & Apps > Linux & Unix Hosts The Linux & Unix Hosts tab of the Linux & Unix
Hosts page appears.
Servers & Apps > Windows Hosts The Windows Hosts tab of the Windows Hosts
page appears.
Servers & Apps > NAS Shares The Shares tab of the NAS Shares page appears.
3. Click Filesets.
The Filesets tab appears.
4. Click Add Fileset.
The Add Fileset dialog box appears.
5. In Fileset Name, type a unique name for the fileset.
6. (NAS shares only) In Share Type, select either NFS or SMB.
7. In Include, type a comma-separated list of values.
8. Optional: In Exclude, type a comma-separated list of values.
Result
The Rubrik cluster creates and stores the fileset.
Related reference
Fileset fields, rules, and value types
The Rubrik cluster interprets a fileset based on the values provided in the Include, Exclude, and Do Not
Exclude fields. The Rubrik cluster applies a set of rules to the values provided in these fields and permits
several types of values to be added to the fields.
Editing a fileset
Edit a fileset to change the set of data that the fileset defines. The Rubrik cluster applies the changes to
the fileset backups that are created after the change.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
Option Description
Servers & Apps > Linux & Unix Hosts The Linux & Unix Hosts tab of the Linux & Unix
Hosts page appears.
Servers & Apps > Windows Hosts The Windows Hosts tab of the Windows Hosts
page appears.
Servers & Apps > NAS Shares The Shares tab of the NAS Shares page appears.
3. Click Filesets.
The Filesets tab appears.
4. (Linux, Unix, and Windows) Select a fileset entry, open the ellipsis menu at the top of the page, and
select Edit.
5. (NAS) Open the ellipsis menu next to a fileset entry, and select Edit.
The Edit Fileset dialog box appears.
6. Make changes to the values of the fields.
7. Click Update.
Context
Choose whether to move the host fileset or share fileset and all associated backups to the Snapshot
Management page, or to permanently delete the fileset and all associated backups.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
Option Description
Servers & Apps > Linux & Unix Hosts The Linux & Unix Hosts tab of the Linux & Unix
Hosts page appears.
Servers & Apps > Windows Hosts The Windows Hosts tab of the Windows Hosts
page appears
Servers & Apps > NAS Shares The Shares tab of the NAS Shares page appears.
3. In the Name column, click a host or share name.
The local page for the host or share appears.
4. On the Filesets card, select a fileset.
The local fileset page for the selected host fileset or share fileset appears.
5. Open the ellipsis menu, and select Delete.
The Delete Fileset dialog box appears.
6. Choose how to handle the existing backups of the host fileset or share fileset.
• Select Transfer Snapshots to Relic to move the fileset and associated backups to the Snapshot
Management page.
• Select Expire Snapshots Immediately to delete the fileset and all associated backups.
7. Click Delete.
Result
The Rubrik cluster deletes the fileset from the host or share and handles the backups as specified.
Context
Choose whether to move the associated filesets and associated backups to the Snapshot Management
page or to permanently delete the associated filesets and associated backups.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
3. Click Filesets.
The Filesets tab appears.
4. Select a fileset.
5. Open the ellipsis menu, and select Delete.
The Delete Fileset dialog box appears.
6. (For assigned filesets only) Choose how to handle the existing backups of all associated host filesets.
• Select Transfer Snapshots to Relic to move the host filesets and associated backups to the
Snapshot Management page.
• Select Expire Snapshots Immediately to delete the host filesets and all associated backups.
7. Click Delete.
Result
The Rubrik cluster deletes the fileset from all associated hosts or shares and handles the backups as
specified.
Prerequisites
• Add the Linux, Unix, Windows, or NAS host to the Rubrik cluster.
• Add a Linux, Unix, Windows, or NAS fileset to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
Result
The Rubrik cluster creates the selected host filesets or share filesets and assigns them to the selected SLA
Domain.
Related concepts
Retention policy for existing snapshots
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
Option Description
Linux, AIX, or Solaris Click Servers & Apps > Linux & Unix Hosts.
Windows Click Servers & Apps > Windows Hosts.
NAS Shares Click Servers & Apps > NAS Shares.
The Hosts tab page appears based on the selected operating system.
3. In the Name column, click a host name or share name.
The local cards for the host appear, Overview, Snapshots, and Filesets.
4. Click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
5. Select the fileset to use for the on-demand backup, and click Next.
The Take On Demand Snapshot dialog box changes to show the second step of the task indicated in
the task flow at the top of the dialog box: Assign SLA.
6. Select an SLA Domain.
The Rubrik cluster uses the maximum retention and the remote configuration settings of the selected
SLA Domain to manage the on-demand snapshot. The selected SLA Domain can be different from the
SLA Domain that protects the associated host fileset or share fileset. The on-demand snapshot can be
manually managed through the Snapshot Management page.
7. Click Take On Demand Snapshot.
Result
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log tracks the
status of the on-demand backup task.
An error message in the Activity Log will indicate files that have been modified between metadata scan and
the backup task, but the files will still be backed up.
Related concepts
Modified files
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select the path that is appropriate for the host operating system.
Option Description
Linux, AIX, or Solaris Click Servers & Apps > Linux & Unix Hosts.
Windows Click Servers & Apps > Windows Hosts.
NAS Shares Click Servers & Apps > NAS Shares.
The Hosts tab page appears based on the selected operating system.
3. Depending on the host type, do one of the following:
• For Linux, Unix, and Windows hosts, in the Name column, click a host name.
• For NAS hosts, in the Path column, click the path for a share.
The local page for the host appears.
4. In Filesets, click the name of a fileset.
The fileset page appears.
5. Click Manage Protection.
The Manage Protection wizard appears.
6. Select Do Not Protect.
The Existing Snapshot Retention options appear.
7. Choose the retention for existing snapshots:
• Preserve retention from previous SLA
• Keep forever
This is the default choice.
• Expire immediately
8. Click Next.
The wizard advances to the next step.
9. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
10. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand snapshots. The summary information
describes the effect of the changes on existing, new, on-demand, and downloaded snapshots.
11. Confirm the summary information and click Submit.
If the summary information appears incorrect, click Back to return to the previous screen or Cancel
to cancel the change.
Result
The Rubrik cluster removes SLA Domain protection from the selected host fileset or share fileset.
Note: All nodes in a protected cluster must run the same OS type. For example, Rubrik CDM does not
support a cluster with both Windows and Linux based hosts.
For more information about supported environments, refer to the Rubrik Compatibility Matrix.
Context
Use the following steps to set up a Windows cluster for Rubrik CDM protection.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Servers & Apps > Windows Hosts.
2. Select the Clusters tab.
3. Select Create Cluster.
4. Enter a Cluster Name and select the hosts to include in the cluster.
5. Click Submit.
Result
The Rubrik cluster creates the specified cluster object.
Prerequisites
Create a cluster object using the steps in Creating a Windows cluster.
Context
Use the following steps to set up a Windows cluster for Rubrik CDM protection.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Servers & Apps > Windows Hosts.
2. Select the Clusters tab and select the cluster.
A list of services provided by the selected cluster appears.
3. Click Create Service.
The Create Service dialog box appears.
4. In Service Name, enter a name for the new service.
5. In Virtual IP, enter a virtual IP address (VIP) for the new service and click Submit.
Result
The Rubrik cluster applies the specified protection options to the fileset.
Related concepts
Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA Domain
assigned to a parent object.
Related reference
Manage Protection options
Select virtualization hierarchy entities and click Manage Protection to view the Manage Protection dialog
box for the selected entities. The Manage Protection dialog box provides several options for the selected
entities.
Context
Use the following steps to set up a Linux or Unix cluster for Rubrik CDM protection.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Servers & Apps > Linux and Unix Hosts.
2. Select the Clusters tab.
3. Select Create Cluster.
Result
The Rubrik cluster creates the specified cluster object.
Prerequisites
Create a cluster object using the steps in Creating a Linux or Unix cluster.
Context
Use the following steps to set up a Linux or Unix cluster for Rubrik CDM protection.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, select Servers & Apps > Linux and Unit Hosts.
2. Select the Clusters tab and select the cluster.
3. Select the app to work with and select one of the following options.
Option Description
Set default SLA to this application Select an SLA domain.
Select a fileset to protect Select specific folders and files to protect.
4. Click Next.
5. Configure the protection options and click Finish.
Manage Protection options describes this task.
Result
The Rubrik cluster protects the specified cluster based on the assigned SLA Domain.
Related concepts
Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA Domain
assigned to a parent object.
Context
Note: A fileset logical volumes must belong to volume groups whose physical volumes map to storage
array volumes.
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Servers & Apps > Linux & Unix Hosts.
2. Select the host from the list.
The host can be the primary host or an alternate backup host.
3. Click Manage Protection.
The Manage Protection dialog box appears.
4. Click the + icon to create a new fileset to apply to this host.
5. In Fileset of Array Volume Groups, select Fileset.
6. In the Fileset Name field, enter a name for the fileset.
7. Click the slider switch for Array Snapshots to indicate that the fileset is stored in a storage array.
8. In the Include field of the Rules section, provide a comma-separated list of the mount points for all
logical volumes to be protected.
Get the mount points by opening a terminal window and entering lsvg -l volume_group_name
9. Optional: Click Enable Pre/Post Scripts and specify paths to the scripts.
10. Optional: Choose whether to cancel the backup if the pre-backup script fails.
11. Click Add.
Result
The array-enabled fileset is added.
Context
Procedure
1. In the Rubrik CDM web UI, on the left-side menu, click Servers & Apps > Linux & Unix Hosts.
2. Select the host from the list.
The host can be the primary host or an alternate backup host.
3. Click Manage Protection.
The Manage Protection dialog box appears.
4. Click the + icon to create a new Array Volume Group to apply to this host.
5. In Fileset of Array Volume Groups, select Array Volume Groups.
The Add Volume Group dialog box appears.
6. In the Volume Group Name field, enter a name for the Volume Group Name.
7. In Arrays, click on the Pure array to indicate the volumes stored on the Volume Array.
Result
The array-enabled Array Volume Group is added.
The Pure Flash Array API protects the configured volumes. Configured volumes are protected through on-
demand snapshots or the specified SLA.
Note: The Rubrik cluster does not require a post-backup script with a pre-backup script; however, a post-
backupscript cannot be specified without a pre-backup script.
The pre-backup script and the post-backup script can consist of any sequence of operations that can be
run by the command line interpreter of the host operating system. On a Windows system, for example,
the script filename must have the .cmd or .bat extension, and the Windows command line interpreter,
cmd.exe, must be able to execute the script.
The Rubrik cluster associates host scripts with a fileset. This way, a different set of pre-backup and post-
backupscripts can be assigned to each fileset that is assigned to a host. The Rubrik cluster applies the
script settings of a fileset to all the hosts that are paired with the fileset.
Prerequisites
Create a pre-backup script and, optionally, a post-backup script. Place the scripts at the same full path
location on each host that is associated with the script settings of the fileset.
Context
Pre-backup and post-backup script support does not apply to NAS hosts.
Procedure
1. Open the Add Fileset dialog box or the Edit Fileset dialog box by starting the task of creating or editing
a fileset.
2. Click Enable Pre/Post Scripts.
The script fields appear.
3. In Pre-Backup Script Path, type the full path for the pre-backup script.
The full path is relative to the root of a Linux or Unix host file system or to the specified drive letter of
a Windows file system.
4. Optional: Select Cancel Backup if Pre-Backup Script Fails.
When Cancel Backup if Pre-Backup Script Fails is selected, the Rubrik cluster only runs a backup when
the pre-backup script finishes with a zero exit status.
5. Optional: In Post-Backup Script Path, type the full path for the post-backup script.
The full path is relative to the root of a Linux or Unix host file system or to the specified drive letter of
a Windows file system.
6. Complete the other fields on the dialog box, and click Add or Update.
Result
The Rubrik cluster stores the information and runs the scripts for all subsequent backups of hosts that are
paired with the fileset. The Rubrik cluster provides entries in Notifications for any errors that occur when
running the scripts.
Related tasks
Creating a fileset
Create a fileset to define a set of data in a file system. A fileset can be assigned to a host to protect the
data set specified by the fileset on that host.
Editing a fileset
Edit a fileset to change the set of data that the fileset defines. The Rubrik cluster applies the changes to
the fileset backups that are created after the change.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
Option Description
Servers & Apps > Linux & Unix Hosts The Linux & Unix Hosts tab of the Linux & Unix
Hosts page appears.
Servers & Apps > Windows Hosts The Windows Hosts tab of the Windows Hosts
page appears.
Servers & Apps > NAS Shares The Shares tab of the NAS Shares page appears.
The Shares tab of the NAS Shares page appears.
3. Depending on the host type, do one of the following:
Option Description
For Linux, Unix, and Windows hosts In the Name column, click a host name.
For NAS hosts In the Path column, click the path for a share.
Result
The local page for the host appears.
Field Description
Oldest Snapshot Timestamp for the oldest backup associated with the filesets of the host or share.
When the SLA Domain has an active archival policy, the oldest backup resides at the
archival location.
Latest Snapshot Timestamp for the most recent successful backup for the filesets of the host or
share.
Total Snapshots Total number of retained backups for the filesets of the host or share, including
both the local Rubrik cluster and any archival location.
Missed Snapshots Number of policy-driven backups that did not complete successfully for the filesets
of the host or share. A missed backup is included in the count until the period since
the SLA Domain policy required the backup exceeds the retention period of the SLA
Domain.
Filesets card
In the local view, the Fileset card provides fileset related information.
Field Description
Name Name of the fileset. Click the name to open the fileset view for that fileset.
Snapshots card
The Snapshots card provides the ability to browse the backups that reside on the local Rubrik cluster and
on the archival location.
In the local view, the Snapshots card shows the backups for all filesets of the host or share. In the fileset
view, the Snapshots card shows only the backups for the selected fileset.
The Snapshots card provides access to backup information through a series of calendar views. Each view
uses color spots to indicate the presence of backups on a date and to indicate the status of SLA Domain
compliance for that date.
The Snapshots card also provides the ability to search for files across all the backups of the filesets or
fileset in the current view.
Snapshots in the calendar view are color coded by status.
Color Status
Green All backups required by SLA Domain policy were successfully created.
Orange All backups required by SLA Domain policy were successfully created but at
least one backup caused a warning.
Red At least one backup required by SLA Domain policy was not successfully
created.
View Description
Year The Year view displays backup creation information for an entire year. A color
spot indicator on a specific date indicates backup activity, and displays the SLA
Domain compliance status for that day.
Month The Month view displays backup creation information for an entire month. A
color spot indicator on a specific date indicates backup activity, and displays
the SLA Domain compliance status for that day.
Day The Day view displays the individual backups that were created on the
selected day.
Item Description
Status Icon representing the state of the task. The possible task states are:
• Canceled
• Failure
• In Progress
• Success
• Warning
• Queued
• Scheduled
The Status column also includes Pause or Resume buttons for pausing or resuming
fileset tasks while the data retrieval is in progress. These buttons can also be used
for pausing and resuming recovery tasks while writing data to the NAS shares and
hosts.
Message Message that provides a detailed description about the task and the task status.
Date Month, day, and time when the Rubrik cluster generated the message. The format
is MONTH DD, YYYY H:MM:SS{AM|PM} in the time zone of the Rubrik cluster.
Activity Detail Provides the status, the log message, and the timestamp of each task involved in
the selected activity and a link to download server logs.
Clicking on an activity row opens the Activity Detail dialog box.
Filter Status An option to filter the activity logs according to the status such as canceled, failure,
in progress, success, warning, and scheduled.
Unmanaged data
Manage file system and application data that is not subject to a retention policy through the Snapshot
Management page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as unmanaged
snapshot objects. Unmanaged snapshot objects can be managed through the Snapshot Management page
of the Rubrik CDM web UI.
View the Snapshot Management page for information about tasks with unmanaged snapshot objects.
Related concepts
Retention management
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
Option Description
Servers & Apps > Linux & Unix Hosts The Linux & Unix Hosts tab of the Linux & Unix
Hosts page appears.
Servers & Apps > Windows Hosts The Windows Hosts tab of the Windows Hosts
page appears.
Servers & Apps > NAS Shares The Shares tab of the NAS Shares page appears.
3. Depending on the host type, do one of the following:
• For Linux, Unix, and Windows hosts, in the Name column, click a host name.
• For NAS hosts, in the Path column, click the path for a share.
The local page for the host appears.
4. Optional: To limit the search to a single host fileset, on the Filesets card, click the name of a fileset.
The fileset page appears and the search is confined to the selected fileset.
5. On the Snapshots card, type the name of the file or folder in the search field.
As characters are typed, the Rubrik CDM web UI immediately begins to display matching file and
folder pathnames.
Matches are based on file or folder names that start with the characters typed. Continue to type
characters until the file or folder appears in the results.
6. Select the file or folder.
The Choose Version dialog box appears.
7. Find a file or folder version to recover.
Result
Search finds the data to restore from a backup.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click a choice based on the host type:
Option Description
Servers & Apps > Linux & Unix Hosts The Linux & Unix Hosts tab of the Linux & Unix
Hosts page appears.
Servers & Apps > Windows Hosts The Windows Hosts tab of the Windows Hosts
page appears
Servers & Apps > NAS Shares The Shares tab of the NAS Shares page appears.
3. Depending on the host type, do one of the following:
• For Linux, Unix, and Windows hosts, in the Name column, click a host name.
• For NAS hosts, in the Path column, click the path for a share.
The local page for the host appears.
4. Optional: To limit the search to a single host fileset, on the Filesets card, click the name of a fileset.
The fileset page appears and the available backups are confined to the selected fileset.
5. Use the Snapshots card to navigate to a specific backup.
6. Open the ellipsis menu next to the backup, and click Recover Files.
The Recover Files dialog box appears. The initial view shows the fileset.
7. Optional: Click the fileset name to navigate to the files and folders in the fileset.
Result
A hierarchical display of selectable files and folders appears.
Context
Use search to find a file version or a folder version to restore. Or use browse to find a file, a folder, or a
fileset to restore.
To restore an entire fileset, use the browse method to find and select a specific backup of the host fileset
or share fileset.
Procedure
1. Open the ellipsis menu for the selected data, and select Restore.
The selected data can be a file, a folder, or a complete fileset.
The Restore dialog box appears.
2. Choose where to restore the data.
• Select Overwrite original to restore the folder or file to the original location, replacing the
existing source file, folder, or fileset data.
• Select Restore to separate folder to restore the file, folder, or fileset data to another folder on
the source host. This option does not replace the existing folder or file.
3. (Restore to separate folder only) In Folder Name, type the full path for a folder on the source host.
The restore path must exist on the source host. The Rubrik cluster will create a specified target folder
but will not create intermediary folders on the specified path.
4. Optional: Select Continue on restore errors.
• Select this option to instruct the Rubrik cluster to continue the restore job after encountering a
restore error. A restore error occurs when a file, folder or symlink cannot be restored.
• Clear this option to instruct the Rubrik cluster to end the restore job when a restore error occurs.
Files that were successfully restored before the error occurred remain on the restore target.
5. Click Restore.
Result
The Rubrik cluster restores the selected object to the specified location. The Activity Log tracks the status
of the task. When a fileset is restored, the fileset is restored first, then the ACL.
Export path
When a backup copy of a file, folder, or fileset is exported, the Rubrik cluster writes the exported data to a
location on the target host.
The location where the data is written consists of the path on the target that is provided through the
Export Path value combined with the path of the exported object relative to the root of the backup.
The path specified in Export Path must already exist on the target. The Rubrik cluster will create the rest of
the path, starting at the specified Export Path value, if it does not already exist.
For a Linux or Unix host, or for a NAS share (NFS), the root directory can be specified by a single forward
slash character.
For a Windows host, the root directory of a drive can be specified by the drive letter, a colon, and a
backslash. For example, specify the root of the ‘D’ drive with: D:\
For a NAS share (SMB), the root directory of the share can be specified by a single backslash character.
Prerequisites
Prior to exporting the Windows fileset snapshot at the drive level, change the following settings on your
Windows system to show the hidden target directory. This action allows you to view the target directory
drive where the Windows fileset snapshot is exported to the drive level.
Procedure
1. Navigate to the Windows Control Panel > File Explorer Options > View
2. Clear the Hide protected operating system files (Recommended) option.
3. When prompted, click Yes to confirm.
4. Click OK.
Result
View the target directory drive where the Windows fileset snapshot is exported.
Prerequisites
Use search to find a file version or a folder version to export. Or use browse to find a file, a folder, or a
fileset to export.
Note: To export an entire fileset, use the browse method to find and select a specific backup of the host
fileset or share fileset.
Procedure
1. Open the ellipsis menu for the selected data, and select Export.
The selected data can be a file, a folder, or a complete fileset.
The Export dialog box appears and lists the available export targets.
2. In the Name section, select a host or share.
3. In Export Path, type the full path for a folder on the selected host or share.
The folder must already exist. The Rubrik cluster writes the exported data into the specified folder.
Result
The Rubrik cluster writes the selected data to the export target at the location indicated by the export
path. The Activity Log tracks the status of the task.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Search or browse for a set of files, a folder, or a fileset.
3. Select the files, folder, or fileset.
The local page for the fileset appears.
4. Click a date with a snapshot from the calendar. Dates with snapshots are marked with a dot.
The Snapshots card displays the list of snapshots for the selected date.
5. Click the ellipsis next to the snapshot to restore and select Recover Files.
The Recover Files dialog box appears at the first task: Select files.
6. Click the name of the fileset
The root directory of the fileset appears.
7. Navigate the fileset directory tree to the files to download.
8. Select the files to download.
The selected items appear in the right hand pane of the Recover Files dialog box.
9. Click Next.
The Recover Files dialog box advances to the next task: Recover Files.
10. Select Download as the recovery type.
11. Click Finish.
The local page for the fileset appears. A message in the Activity Log pane at the bottom appears when
the download link is ready.
12. Click the download link message in the Activity Log pane.
The Activity Detail dialog box appears.
13. Click the download icon.
The Save As dialog box appears in the web browser.
14. Select a download location for the file, and click Save.
The web browser retrieves the file from the Rubrik cluster and saves it to the selected location.
15. (Folder or multiple files only) Extract the folder using a ZIP utility.
Result
The files are available in the selected location.
Note: Refer to the Rubrik CDM Compatibility Matrix for a list of the operating systems that the Volume
Protection feature supports.
Prerequisites
• Communication between the Rubrik Backup Service and the Rubrik cluster uses the SMB protocol. Port
445 must be open to permit inbound SMB connections to the Rubrik cluster.
• Windows 2016 and 2019 hosts must be joined to a domain.
• Windows 2012 hosts must be joined to a domain, or the local administrator account can be used for
RBS.
• Add the Windows host to the Rubrik cluster.
Note: Volumes can only be restored to an identical or newer OS. For example, Windows Server 2016
volumes cannot be restored to a Windows Server 2012 host.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears, listing the Windows hosts on the Rubrik
cluster.
3. Select the selection box next to a host.
4. Click Manage Protection.
The Manage Protection dialog box appears with the first step of the task indicated in the task flow at
the top of the dialog box: Volumes & Filesets.
5. Click Volumes.
6. Select the volumes to protect and click Next.
Volumes cannot exceed 64 TB in size. The selected volumes are collectively referred to as a volume
group. To search for a specific volume, enter a string in the Search by Name field.
Result
The selected volume group is protected as a VHD.
Related concepts
Custom SLA Domains
Related tasks
Adding a host
To begin managing and protecting a Linux, Unix, or Windows host, add the host to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. In the Name column, select a host name.
4. Click the ellipsis menu and select Install VFD.
The Rubrik cluster installs the VFD to the Windows host.
5. Reboot the Windows host.
Result
The VFD runs in the background to monitor changes in the protected volume.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. In the Name column, click a host name.
The Overview, Snapshots, and Status cards appear for that host.
4. Click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears with the first step of the task indicated in the task
flow at the top of the dialog box: Volumes or Files.
5. Click Volumes.
6. Select the volumes to protect and click Next.
Result
The selected volume group is protected as a VHD. The Rubrik cluster adds the specified on-demand
backup to the task queue. The Activity Log tracks the status of the on-demand backup task. The Rubrik
cluster manages the snapshot based on the rules and policies of the selected SLA Domain.
An error message in the Activity Log will indicate files that have been modified between metadata scan and
the backup task, but the files will still be backed up.
Related concepts
Custom SLA Domains
Modified files
Files that have been modified between metadata scan and the backup task will still be backed up, but with
an error message indicating the discrepancy in size.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. In the Name column, click a host name.
The Overview, Snapshots, and Status cards appear for that host.
4. In the Snapshots calendar, select a date with a snapshot.
The list of snapshots for that date appears.
5. Click the ellipsis next to the volume group to restore.
6. Click Mount.
The Mount Snapshot dialog box appears.
7. Select the volumes in the volume group to restore and click Next.
A list of Window hosts appears.
8. Select the host for the Live Mount.
9. Click Finish.
Procedure
1. Open the Rubrik Support Portal in a browser by navigating to support.rubrik.com.
2. Log in to the support portal.
3. Click DOCS & DOWNLOADS.
The Documentation and Downloads page appears.
4. Click the Misc Documentation and Software (Kroll, Compatibility Matrix, etc.) link for the
WinPE Recovery Tool.
5. Under Software section, click Download next to WinPE Recovery Tool.
The EULA acceptance window appears.
6. Select the box next to Accept and Download.
7. Click Accept and Download.
A window containing the file link appears.
8. Click the file link.
Result
The browser downloads the ZIP file containing the recovery tools.
Prerequisites
Download the Windows recovery tools.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Windows Hosts.
The Windows Hosts tab of the Windows Hosts page appears.
3. In the Name column, click a host name.
The Overview, Snapshots, and Status cards appear for that host.
4. In the Snapshots calendar, select a date with a snapshot.
The list of snapshots for that date appears.
5. Click the ellipsis next to the volume group to restore.
6. Click Mount.
The Mount Snapshot dialog box appears.
7. Select the volumes in the volume group to restore and click Next.
A list of Window hosts appears.
8. Select No Host to create an SMB share without a Live Mount, then click Next.
A prompt that requests IP addresses appears.
9. (SMB security disabled) Type the IP addresses of the hosts that require access to the SMB share.
10. (SMB security enabled) In the corresponding fields, type the domain name, a comma-separated list
of user names, a comma-separated list of Active Directory groups, and a comma-separted list of the
Result
The volume group is restored to the Windows host.
Related tasks
Downloading the Windows recovery tools
Rubrik provides a set of recovery tools that enable restore operations for volume groups that target hosts
without an existing Windows or RBS installation.
Configuring SMB Security
Configure security for a Server Message Block share to enforce user authentication through Active
Directory.
Prerequisites
Download the Windows recovery tools. Verify that the snapshot of the volume group being restored
was generated by a cluster running release 5.0.0 or earlier of the Rubrik CDM. To restore a snapshot
of a volume group generated by a cluster running a release of Rubrik CDM later than 5.0.0, follow the
procedure described in Restoring a basic boot volume group to a host without Windows.
Context
Only volume groups with a volume that contains a supported Windows OS installation can be restored to
a host without a Windows OS installed. The license for the OS being restored must be available during this
process.
Creating the WinPE image requires a computer with a licensed installation of the Windows Server operating
system that is 2012 R2 or later. The computer must have the Windows Assessment and Deploment Kit
(ADK) installed. Download the Windows ADK from:
https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
Procedure
1. Copy the BMR and WinPEImageCreation folders from the recovery tools ZIP file to the C:\ drive of
the Windows Server computer.
2. Change to the WinPEImageCreation folder.
3. Run the create command.
.\CreateWinPEImage.ps1 -version version -isopath C:\WinPEISO -utilitiespath C:
\BMR
Replace version with the version of the Windows ADK. The version of the ADK installed on a system is
the name of the folder in C:\Program Files (x86)\Windows Kits\.
The command creates the WinPE image is created in the C:\WinPEISO directory.
4. Copy the WinPE image from C:\WinPEISO to boot media.
5. Load the boot media on the target host.
6. Power on the target host.
The host boots from the WinPE image and a command prompt appears.
7. Run the net use command.
net use Z: SMB /user:username password.
• Replace SMB with the SMB share path to the volume group.
• Replace username with the username for the volume group.
• Replace password with the password for the volume group.
On clusters with SMB security disabled, enter the IP addresses of the hosts that require access to the
Samba share.
On clusters with SMB security enabled, enter the domain name, user name, and IP addresses of the
hosts that require access to the Samba share. The domain name must be configured for secure SMB
access.
8. Run powershell.
To restore a volume with no data volumes on dynamic disks, go to step 22.
A Powershell environment initiates.
9. Run diskpart.
The disk partition command environment loads.
10. Run list disk.
A list of the disks on the host appears.
11. Run select disk N.
Use the listed number of the disk that will host the volume as the value of N.
12. Run clean to clean the selected disk.
13. Run convert mbr.
14. Run convert dynamic to enable dynamic volumes.
15. Run create volume simple size=N.
Use the size of the volume in megabytes as the value of the N variable.
The system creates a volume with the specified size.
16. Run retain.
17. Run format fs=filesystem quick.
Where filesystem is the file system format for the volume.
The system formats the volume with the specified file system format.
Result
The host boots with the restored operating system and volumes.
Related tasks
Downloading the Windows recovery tools
Prerequisites
Download the Windows recovery tools. Verify that the snapshot of the volume group being restored was
generated by a cluster running release 5.0.1 or later of the Rubrik CDM. To restore a snapshot of a volume
group generated by a cluster running a release of Rubrik CDM earlier than 5.0.1, follow the procedure
described in Restoring a legacy snapshot of a basic boot volume group to a host without Windows.
Context
Only volume groups with a volume that contains a supported Windows OS installation can be restored to
a host without a Windows OS installed. The license for the OS being restored must be available during this
process.
Creating the WinPE image requires a computer with a licensed installation of the Windows Server operating
system that is 2012 R2 or later. The computer must have the Windows Assessment and Deployment Kit
(ADK) installed. Download the Windows ADK from:
https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install.
Use the WinPE image to restore volume groups from any supported operating system version. Determine
the SMB path of the mounted snapshot of the volume group to restore.
Procedure
1. Copy the BMR and WinPEImageCreation folders from the recovery tools ZIP file to the C:\ drive of
the Windows Server computer.
2. Change to the C:\WinPEImageCreation folder.
3. Run the create command.
.\CreateWinPEImage.ps1 -version version -isopath C:\WinPEISO -utilitiespath
C:\BMR
Use the version of the Windows ADK for the value of the version parameter. The version of the ADK
installed on a system is the name of the folder in C:\Program Files (x86)\Windows Kits\.
The WinPE image is created in the C:\WinPEISO directory.
4. Copy the WinPE image from C:\WinPEISO to boot media.
5. Load the boot media on the target host.
6. Power on the target host.
The host boots from the WinPE image and a command prompt appears.
7. Run the net use command.
net use Z: SMB /user:username password.
• Replace SMB with the SMB share path to the volume group.
• Replace username with the username for the volume group.
• Replace password with the password for the volume group.
Result
The host is ready to boot with the restored operating system and volumes.
Related tasks
Downloading the Windows recovery tools
Rubrik provides a set of recovery tools that enable restore operations for volume groups that target hosts
without an existing Windows or RBS installation.
Configuring SMB Security
Configure security for a Server Message Block share to enforce user authentication through Active
Directory.
Restoring a volume group on a Windows host without RBS
A host with a supported Windows OS installed restores a volume group through the OS functionality.
Restoring a volume group using Rubrik CDM v4.2 MBR dynamic volumes
Restoring volume groups to a host that uses dynamic volumes with a MBR partition created in Rubrik CDM
4.2 requires additional steps to manually configure the volumes.
Context
Only volume groups with a volume that contains a supported Windows OS installation can be restored to
a host without a Windows OS installed. The license for the OS being restored must be available during this
process.
Creating the WinPE image requires a computer with a licensed installation of the Windows Server operating
system that is 2012 R2 or newer. The computer must have the Windows Assessment and Deployment Kit
(ADK) installed. Download the Windows ADK from:
https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
Use the downloaded tools to create a bootable Windows Preinstallation Environment (WinPE) image.
The WinPE image can be used to restore volume groups from any supported operating system version.
Determine the SMB path of the mounted snapshot of the volume group to restore.
Procedure
1. Copy the BMR and WinPEImageCreation folders from the recovery tools ZIP file to the C:\ drive of
the Windows Server computer.
2. Change to the C:\WinPEImageCreation folder.
Result
The host is ready to boot with the restored operating system and volumes.
Related tasks
Downloading the Windows recovery tools
Prerequisites
Determine the SMB path of the mounted snapshot of the volume group to restore.
Context
Only volume groups with a volume that contains a supported Windows OS installation can be restored to
a host without a Windows OS installed. The license for the OS being restored must be available during this
process.
Creating the WinPE image requires a computer with a licensed installation of the Windows Server operating
system that is 2012 R2 or newer. The computer must have the Windows Assessment and Deployment Kit
(ADK) installed. Download the Windows ADK from:
https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
The recovery tools can be downloadedThe WinPE image can be used to restore volume groups from any
supported operating system version. Determine the SMB path of the mounted snapshot of the volume
group to restore.
Procedure
1. Copy the BMR and WinPEImageCreation folders from the recovery tools ZIP file to the C:\ drive of
the Windows Server computer.
2. Change to the C:\WinPEImageCreation folder.
3. Run the following command to create the image.
.\CreateWinPEImage.ps1 -version version -isopath C:\WinPEISO -utilitiespath
C:\BMR
The value of the version parameter is the version of the Windows ADK. The version of the ADK
installed on a system is the name of the folder in C:\Program Files (x86)\Windows Kits\.
The WinPE image is created in the C:\WinPEISO directory.
4. Copy the WinPE image from the C:\WinPEISO to boot media.
5. Load the boot media on the target host.
6. Power on the target host.
The host boots from the WinPE image and a command prompt appears.
7. Run the following command.
net use Z: SMB /user:username password
• Replace SMB with the SMB share path to the volume group.
• Replace username with the username for the volume group.
• Replace password with the password for the volume group.
Result
The host is ready to boot with the restored operating system and volumes.
Related tasks
Downloading the Windows recovery tools
Rubrik provides a set of recovery tools that enable restore operations for volume groups that target hosts
without an existing Windows or RBS installation.
Configuring SMB Security
Configure security for a Server Message Block share to enforce user authentication through Active
Directory.
Restoring a volume group on a Windows host without RBS
A host with a supported Windows OS installed restores a volume group through the OS functionality.
Context
Only volume groups with a volume that contains a supported Windows OS installation can be restored to
a host without a Windows OS installed. The license for the OS being restored must be available during this
process.
Creating the WinPE image requires a computer with a licensed installation of the Windows Server operating
system that is 2012 R2 or newer. The computer must have the Windows Assessment and Deployment Kit
(ADK) installed. Download the Windows ADK from:
https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
Use the downloaded tools downloaded to create a bootable Windows Preinstallation Environment (WinPE)
image.
The WinPE image can be used to restore volume groups from any supported operating system version.
Determine the SMB path of the mounted snapshot of the volume group to restore.
Procedure
1. Copy the BMR and WinPEImageCreation folders from the recovery tools ZIP file to the C:\ drive of
the Windows Server computer.
2. Change to the C:\WinPEImageCreation folder.
3. Create the WinPE image by typing the following command.
.\CreateWinPEImage.ps1 -version version -isopath C:\WinPEISO -utilitiespath
C:\BMR
The version parameter is the version of the Windows ADK. The version of the ADK installed on a
system is the name of the folder in C:\Program Files (x86)\Windows Kits\.
The WinPE image is created in the C:\WinPEISO directory.
4. Copy the WinPE image from the C:\WinPEISO to boot media.
5. Load the boot media on the target host.
6. Power on the target host.
The host boots from the WinPE image and a command prompt appears.
7. Type powershell at the prompt.
A Powershell environment initiates.
Result
The host is ready to boot with the restored operating system and volumes.
Related tasks
Downloading the Windows recovery tools
Rubrik provides a set of recovery tools that enable restore operations for volume groups that target hosts
without an existing Windows or RBS installation.
Configuring SMB Security
Configure security for a Server Message Block share to enforce user authentication through Active
Directory.
Restoring a volume group on a Windows host without RBS
A host with a supported Windows OS installed restores a volume group through the OS functionality.
Oracle databases
Use Rubrik CDM to back up, archive, replicate, and migrate Oracle databases.
With Rubrik CDM, Oracle databases are automatically discovered and protected by an SLA Domain. RMAN
script or catalog management is eliminated and Automated Live Mount and Instant Recovery features are
enabled.
How do I set up my Oracle databases for auto • Automated Oracle Data Protection
discovery? • Discovering Oracle databases
How do I protect Oracle Databases using Managed Managed Volumes with Oracle databases
Volumes?
How do I migrate Oracle databases from the Migrating from Managed Volumes
Managed Volumes solution to auto discovery?
How do I protect Oracle databases with SLA Assigning an SLA Domain to a host or database
Domains?
How do I create a live mount for development or Mounting a database backup using Live Mount
testing?
Related concepts
Managed Volumes with Oracle databases
Oracle configuration
Initial configuration of Rubrik CDM for Oracle requires at least one open or mounted Oracle database and a
user account with SYSDBA privileges.
After initial configuration, a database administrator account may be created with the ability to manage,
protect, and recover selected Oracle databases. The permissions granted to this account can be limited to
specific databases.
Auto discovery requires a host with at least one database in the OPEN or MOUNTED state. If no database is
available, create an empty /etc/oratab file.
Related concepts
Create an empty oratab file
If the Oracle host has no databases running, create an empty /etc/oratab file before installing Rubrik
Backup Service (RBS) software.
Related tasks
Creating an Oracle query user account on non-CDB databases
Create an Oracle query user account with privileges to query an Oracle non-CDB database instead of the
SYSDBA user.
Discovering Oracle databases
Add an Oracle host to the Rubrik cluster to permit discovery of the databases on that host.
System requirements
Rubrik cluster system requirements for Oracle databases.
Requirement Description
RMAN Rubrik clusters use RMAN to perform backup and recovery of Oracle
databases. The required RMAN scripts are generated automatically.
Databases must be in ARCHIVELOG mode and in an OPEN state for the Rubrik
cluster to perform backups. Oracle databases in a MOUNTED state are not
scheduled for database or log backups.
Shared storage For Oracle RAC systems, Rubrik CDM only supports shared storage
configuration on Automatic Storage Management (ASM). Archived redo logs
must also be on shared storage (ASM).
Storage system Rubrik CDM protection supports the following restore types :
• Oracle data files in Oracle file systems, but not Oracle RAC systems that
have storage on the file system.
• Automatic Storage Management (ASM) manages Oracle data files on
standalone Oracle and Oracle RAC systems.
For successful restore of Oracle data files, the restore type must be the same
as the original backup type.
NFS share with read/ To perform Oracle backups, Rubrik CDM mounts an NFS share with a default
write size = 512KB read/write size of 512KB. The Oracle host must have the NFS client software
installed and available. In an AIX environment, the default maximum size is
64KB, which is not sufficient. To avoid performance degradation, increase the
maximum size to 512KB by installing the IBM provided patch.
Database mode To enable Oracle database, Rubrik CDM requires that the database be in
configuration ARCHIVELOG mode.
CDM auto discovery A host must have at least one database in the OPEN or MOUNTED state, or an
empty /etc/oratab file for CDM discovery.
dNFS Depending on the Oracle version, Oracle patch 20720667 may be required.
Review the patch version requirements described in Direct NFS support.
Note: For Oracle instances on Linux hosts, the ~/.bashrc file is processed each time Rubrik CDM
interacts with the Oracle data source. Make sure the host ~/.bashrc file does not contain processes that
cannot be run at high frequency.
Note: RMAN does not support backing up Oracle databases with datafiles larger than 16TB hosted on the
AIX operating system. Use Managed Volumes to protect Oracle databases with datafiles larger than 16TB
hosted on the AIX operating system.
Related concepts
Create an empty oratab file
If the Oracle host has no databases running, create an empty /etc/oratab file before installing Rubrik
Backup Service (RBS) software.
For Oracle database version 12.1.0, if an ORA-19744 error occurs when trying to unmount NFS mount
point, even when all the files stored there were removed, apply Patch 23126410 to resolve the error.
Related tasks
Creating an Oracle query user account on non-CDB databases
Create an Oracle query user account with privileges to query an Oracle non-CDB database instead of the
SYSDBA user.
touch /etc/oratab
chown oracle:oinstall /etc/oratab
chmod 664 /etc/oratab
The following command creates an Oracle RAC database entry in the /etc/oratab file.
N indicates the database does not start up with the instance.
DB_UNIQUE_NAME:ORACLE_HOME:N
INSTANCE_SID:ORACLE_HOME:N
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Servers & Apps > Oracle DBs.
3. Select Add Hosts/Nodes.
The Add Hosts/Nodes dialog box appears.
4. In the text of the dialog box, select the package needed based on the host operating system.
Option Description
rpm Select the rpm link for hosts running on:
• RHEL 6, 7
• CentOS 6, 7
• SUSE Linux 11, 12
The web browser downloads the Rubrik agent file to the defined download location.
5. Navigate to the download directory and double click the downloaded file to initiate installation.
Result
The package manager installs RBS on each host. RBS is upgraded as part of each CDM upgrade applied to
each host.
Related tasks
Removing RBS from a Linux or Unix host
The Rubrik Backup Service can be removed by using standard package manager commands.
Procedure
1. Create a separate regular operating system account.
This example adds the user rubrik to the oinstall group.
passwd rubrik
3. Using SQL*Plus, connect to the Oracle CDB using an account with SYSDBA privileges.
The SQL> prompt appears.
4. Use the following SQL command to retrieve the host account name.
The system displays the value of the os_authent_prefix string. On most systems, the value is ops
$.
5. Type the following SQL command to create an Oracle user account with the minimum privileges
required to query a database.
Replace ops$ with the os_authent_prefix returned in Step 4, if needed. rubrik can be replaced
with any string to represent the created user name.
The Oracle query account is created.
6. Use the following command to assign the required query account privileges.
Result
The Oracle query user account, with OS authentication, is ready to use with Rubrik CDM.
Next task
Verifying the functionality of the Oracle query user account.
Related concepts
Role based access
Rubrik CDM provides role-based access control (RBAC), along with options for integrating with existing
directory services. RBAC allows multiple tenants to access a restricted set of resources on a shared cluster.
Rubrik Backup Service
RBS is required in order to perform automated discovery of Oracle hosts, Oracle RAC systems, and Oracle
databases.
Related information
Oracle Base article: OS Authentication
Procedure
1. Create a separate regular operating system account.
This example adds the user rubrik to the oinstall group.
2. Create and confirm a new account password for the new user.
This example sets the password for the rubrik account.
passwd rubrik
3. Using SQL*Plus, connect to the Oracle CDB using an account with SYSDBA privileges.
The SQL> prompt appears.
4. Type the SQL command show CON_NAME to retrieve the current container name.
The system displays the value of the CON_NAME string. On most systems, the value is CDB$ROOT.
5. Type the SQL command sequence show parameter prefix to retrieve the prefix values.
7. Type the SQL command sequence startup force; to force a database restart.
8. Type the following SQL command to create an Oracle user account with the minimum privileges
required to query a database.
Use the actual value of os_authent_prefix returned by the show parameter prefix command
sequence, if it is not ops$. Replace rubrik with the string name of the query account being created
The SQL*Plus tool creates the Oracle query account using the specified name.
9. Type this command to grant execute permission to the ops$rubrik user account on the dbms_dnfs
package.
Replace rubrik with the actual name of the Oracle query account.
10. Type the following command to grant connect and select_catalog_role privileges to the query
account.
The select_catalog_role privilege grants users select privileges on data dictionary views.
Result
The Oracle query user account, with OS authentication, is ready to use with Rubrik CDM.
Prerequisites
Create the Oracle user account using the procedure in Creating an Oracle query user account on non-CDB
databases.
Context
This procedure is optional.
Procedure
1. Log in to SQL as the Oracle query user.
The SQL> prompt appears.
2. Type the command show user at the SQL> prompt.
The following system prompt appears:
USER is string$username
where string is the os_authent_prefix string and username is the name of the currently logged-in user.
3. Type the command SELECT VERSION FROM V$INSTANCE; at the SQL> prompt.
The system displays the Oracle version.
Result
The Oracle user account successfully retrieves information about the Oracle instance, confirming the
account has the correct privileges.
Prerequisites
Verify that an Oracle query user exists, or create one as described in Creating an Oracle query user
account on non-CDB databases.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon and select Hosts.
The Hosts page appears.
3. Open the ellipsis menu next to the host and select Edit.
The Edit Host dialog box appears.
4. Activate the Discover Oracle slider.
The SYSDBA and Discovery User fields appear.
Result
The query user is enabled on the host.
Note: For Oracle instances on Linux hosts, the ~/.bashrc file is processed each time Rubrik CDM
interacts with the Oracle data source. Make sure the host ~/.bashrc file does not contain processes that
cannot be run at high frequency.
The smallest unit to which an SLA Domain can be applied is the database. Tablespaces can be recovered
but not individually protected. Oracle records transactions in redo logs before committing to the database.
Redo logs are archived periodically, and backed up to enable point-in-time recovery.
Connected instances are organized by Host/Clusters and All DBs. Toggle the view by selecting either
tab. The following describes the information available on each tab.
Tab Details
Hosts/ This page displays:
Clusters
• Name - Name of the single instance Oracle host or RAC
• Nodes - Number of nodes on the RAC
• Databases - Number of databases on the single instance Oracle host or RAC
• SLA Domain - Name of the assigned SLA Domain
• RBS Status - The connection status (connected, disconnected, partially connected)
Note: For Oracle hosts that include a running ASM instance, the OSASM group members must be granted
the SYSASM system privileges to administer storage. The OSASM group is named asmadmin. The SYSDBA
user must be a member of the OSASM group to ensure successful discovery of the Oracle host.
Related concepts
Instant Recovery for Oracle
Replace an Oracle database with a fully functional point-in-time copy.
Same Host Recovery
Recover a database to the source Oracle host or Oracle RAC.
Live Migration
After a recovery, the recovered virtual machine use Live Migration.
Automatic protection
A Rubrik cluster provides automatic protection of virtual machines through inheritance of the SLA Domain
assigned to a parent object.
Related tasks
Migrating from Managed Volumes
Migrate existing Managed Volume instances to use RBS.
Procedure
1. Stop any currently running Managed Volume backup scripts.
2. Delete the existing Managed Volume.
Result
All Managed Volume snapshots become inactive objects and are no longer updated. The Oracle Database
can be protected with automated Oracle Database protection.
Related concepts
Rubrik Backup Service
RBS is required in order to perform automated discovery of Oracle hosts, Oracle RAC systems, and Oracle
databases.
Related tasks
Deleting a Managed Volume
Procedure
1. As the Oracle Home owner (typically Oracle), connect to the Oracle host using SSH.
2. To verify the okvutil command line utility is available, type which okvutil at the command line.
This example lists the location of the okvutil utility.
/u01/app/oracle/admin/cdb197/wallet/okv/bin/okvutil
3. To verify that the Oracle Key Vault (OKV) is installed and configured, type okvutil list at the
command line.
This example lists the contents of the OKV wallet on the okv-197 host.
4. To verify the ORACLE_BASE, ORACLE_HOME, and OKV_HOME environment variables are exported in
the login profile of the ORACLE_HOME owner, type echo environment_variable at the command line.
This example shows a sample verification command.
echo $ORACLE_BASE
echo $ORACLE_HOME
5. For Oracle database versions 18c and 19c, add the WALLET_ROOT parameter to the pfile to start the
recovery instance.
The Oracle documentation includes information about adding parameters to the pfile.
6. Log into the Oracle database using SQLPLUS.
7. At the SQLPLUS prompt, type this to verify the OKV wallet is set to AUTOLOGIN and the status of the
OKV wallet is open.
select wrl_type,wrl_parameter,status,wallet_type from v$encryption_wallet
This example verifies the status of the OKV wallet:
-------------------------------------------------------------------------------------
FILE /u01/app/oracle/admin/cdb197/wallet/tde/ OPEN AUTOLOGIN
OKV OPEN OKV
Result
The OKV is correctly configured for the Rubrik cluster.
Prerequisites
Confirm that all requirements are completed as described in System requirements.
Confirm that the RBS software is installed on the Oracle host, or on each node of the Oracle RAC, as
described in Installing Rubrik Backup Service software on Oracle.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click Add Hosts/Nodes.
The Add Hosts/Nodes dialog box appears.
4. In IPs or Hostnames, enter an IPv4 address or a resolvable hostname for the Oracle host.
For multiple IP addresses or hostnames use CSV syntax.
5. Configure user access privileges and click Add.
Option Description
SYSDBA User Enter the SYSDBA authorized user (default is
oracle).
Discovery User Add a host query user.
The Rubrik cluster saves the configuration and the new Oracle host appears on the Hosts/Clusters
page.
Result
The Rubrik cluster discovers the databases on the Oracle host and lists the databases on the All DBs page.
Context
The Rubrik cluster also supports using the oracle_home and SGA API to validate the Oracle database for
backups.
Validation is a memory intensive operation, and Rubrik recommends running it on hosts other than the
source hosts.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click the All DBs tab.
All connected database instances are listed.
4. In the Name column, click the name of a database.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview page showing database details.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates a successful snapshot taken on that day.
The Recovery Points card displays the Day view.
6. Open the ellipsis menu and select Validate.
The Validate dialog box appears.
7. Select the name of the Oracle target host or cluster for recovery validation.
Alternatively, enter a name in the search field to search within the list of compatible hosts.
Use the source host or the alternative host for validation. Choose from the list of compatible
standalone hosts and clusters.
8. Optional: In Number of RMAN Channels (Optional), enter the number of Oracle Recovery
Manager (RMAN) recovery channels.
By default, the number of RMAN channels used for recovery is the same as the number of channels
used in the database and the number of log snapshots being recovered.
9. Click Next.
10. Review the caution message.
11. Click Finish.
Result
The Rubrik cluster validates the data in the database snapshot.
Context
To refresh an Oracle RAC, refresh each host on the system.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the gear icon on the top bar of the Rubrik CDM web UI.
The gear menu appears.
3. Click Hosts.
The Hosts page appears.
4. Open the ellipsis menu on the host to select Refresh.
5. Click Refresh.
Result
The Rubrik cluster discovers new Oracle databases or marks removed databases as archived.
Prerequisites
Before starting this task, complete the tasks described in Oracle configuration and Discovering Oracle
databases.
Context
The SLA Domain assignment governs database backups and SLA retention policy governs database backup
retention. When an SLA Domain is assigned to database host or to an Oracle RAC, all databases on that
host or Oracle RAC inherit the assigned SLA Domain. A direct or inherited SLA Domain assignment enables
the policy-driven management of the backups of a database.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. From the navigation menu, click Servers & Apps > Oracle DBs.
Result
The SLA Domain assigned to a database determines backup frequency and retention for that database. An
SLA Domain can be directly assigned or inherited from a parent object.
Note:
Rubrik recommends performing a database backup after a failover, failback, or switchover operation.
Rubrik clusters perform database and log backups for both primary or standby databases. Offloading the
backup task to the standby helps to free resources for the production environment.
Rubrik clusters delete logs from the database performing the backup operation, not from all members of
the Data Guard group.
Context
After Oracle hosts are added to Rubrik clusters, they appear in the Data Guard groups.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. In the Overview card, hover over the Databases field.
The database members are displayed.
Result
The Rubric CDM UI displays the database name, Data Guard group name, the name of the host, and
whether the host is a primary or a standby node.
Related tasks
Discovering Oracle databases
Context
Rubrik clusters also support using the ORACLE_HOME parameter and SGA API to validate the Oracle
database for backups.
Validation is a memory intensive operation, and Rubrik recommends running it on hosts other than the
source host.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates a successful snapshot taken on that day.
The Recovery Points card displays the Day view.
6. Open the ellipsis menu and select Validate.
The Validate dialog box appears.
7. Select the name of the Oracle target host or cluster for recovery validation.
Alternatively, enter a name in the search field to search within the list of compatible hosts.
Use the source host or the alternative host for validation. Choose from the list of compatible
standalone hosts and clusters.
8. Click Next.
9. Review the caution message.
The caution message states that when a selected target Host/Cluster is a part of the source Host/
Cluster, validation uses a connection to the source database instance. Otherwise, validation uses 30
percent of the target host's total memory as the SGA to instantiate a temporary database instance.
10. Click Finish.
Result
The Rubrik cluster validates the data in the database snapshot.
Prerequisites
Meet the configuration requirements specified in Oracle database management.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. Click Take DB Backup.
The Take DB Backup dialog box appears.
6. Select an SLA Domain.
Rubrik clusters use the rules and policies of the selected SLA Domain to manage the on-demand
snapshot. The selected SLA Domain can be different from the SLA Domain assigned to the Data Guard
group.
7. Select Forever to manually manage the on-demand snapshot through the Snapshot Management
page.
8. Optional: Click Retain Forever.
The snapshots are retained till they are manually deleted.
9. Optional: For a full backup, switch on Take Full Database Backup.
The default backup method takes an incremental snapshot.
10. Click Next.
The DB Backup dialog box appears.
11. Click Backup DB.
Result
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log tracks the
status of the on-demand backup task. The Rubrik cluster manages the snapshot based on the rules and
policies of the selected SLA Domain.
Prerequisites
Meet all of the requirements described in Database clone prerequisites.
Result
The Rubrik cluster adds the specified log backup to the task queue. The Activity Log tracks the status of
the log backup task.
Prerequisites
Clear the log_archive_config parameter from the original SPILE or from the custom PFILE that will
be used for recovery. Additionally, Rubrik recommends removing any other Data Guard configuration
parameters. Parameters that remain can cause the Rubrik cluster to inadvertently discover the database
you want to recover using backups extracted from a member of a Data Guard group.
Context
Restoring a Data Guard group supports the files-only recovery method.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates a successful snapshot taken on that day.
The Recovery Points card displays the Day view.
6. Open the ellipsis menu and select Restore.
An informational message appears specifying that Restore for Data Guard Group is supported only
through a database administrator (DBA) managed restore.
7. Click OK.
The Restore dialog box appears.
8. In Hosts/Clusters, select an Oracle host.
Result
The Rubrik cluster recovers the files from an Oracle Data Guard group using a fully functional point-in-time
copy.
Next task
Perform the manual steps to create a database using the backup files. The RMAN documentation describes
the process to manually create a database.
Prerequisites
Clear the log_archive_config parameter from the original SPILE or from the custom PFILE that will
be used for recovery. Additionally, Rubrik recommends removing any other Data Guard configuration
parameters. Parameters that remain can cause the Rubrik cluster to inadvertently discover the database
you want to recover using backups extracted from a member of a Data Guard group.
Context
Instant Recovery requires performing a files-only operation.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates a successful snapshot taken on that day.
The Recovery Points card displays the Day view.
6. Open the ellipsis menu and select Instant Recovery.
An informational message appears specifying that Instant Recovery for Data Guard Group is supported
only through a database administrator (DBA) managed recovery.
7. Click OK.
The Mount Database dialog box appears.
8. Click Cancel.
Result
The Rubrik cluster recovers an Oracle Data Guard group with a fully functional point-in-time copy.
Next task
Perform the manual steps to create a database using the backup files. The RMAN documentation describes
the process of manually creating a database.
Prerequisites
To live mount a recovery point that is between snapshots, successfully complete archived redo log backups
that cover the recovery point period.
Live Mount requires a database backup containing all data files.
Context
With Live Mount, the database is instantiated from a copy stored on Rubrik CDM. Live Mount brings up the
database with data files present on storage but redo logs and control files are left on the host (FS/ASM) to
allow live migration.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
Result
The Rubrik cluster mounts the NFS share to the specified Oracle host and creates a primary database using
data files stored on Rubrik CDM. This database is not discovered as a member of a Data Guard group.
Note:
The Rubrik cluster does not perform a log switch during log backups on the standby host. Instead,
the Rubrik cluster backs up the logs that are available on the standby host. The standby host must
be configured to switch logs at the same frequency as the log backup. Log switching is set with the
ARCHIVE_LAG_TARGET parameter or by forcing log switches on the primary host.
The Oracle Data Guard documentation includes information about setting ARCHIVE_LAG_TARGET.
Prerequisites
Meet the requirements described in Oracle configuration.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. Click Manage Protection.
The Manage Protection dialog box appears.
6. Choose from the following protection options.
Option Description
Set host archived redo log retention ___ hours Enter an integer value to specify the number
of hours after a log backup completes that the
backed up archived log files should be retained
on the host.
Skip archived redo log deletion on the host Prevents the Rubrik cluster from deleting the
backed up archived logs from the host.
10. Optional: Switch on Choose a backup option.
Indicate the database to backup.
Option Description
Use primary database Backup the primary database.
The Rubrik cluster always performs a backup
of the database that is currently the primary
database.
Result
The Rubrik cluster assigns the selected SLA Domain and the other settings to all databases within the Data
Guard group.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates a successful snapshot taken on that day.
The Recovery Points card displays the Day view.
6. Open the ellipsis menu and select Place on Legal Hold.
The Place on Legal Hold dialog box opens.
7. Select Hold snapshot(s) in-place box.
Selecting this option holds the snapshot on the cluster until the Legal Hold is removed.
8. Click Submit.
Result
The Rubrik cluster displays a message saying the snapshot was placed in Legal Hold. Snapshots with a
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates a successful snapshot taken on that day.
Result
Rubrik CDM updates the retention policy for the selected Data Guard group snapshots.
Context
• If a single instance clone fails, some manual cleanup may be required. For more information, see
Managing failed clones.
• The fast recovery area (FRA) is not set for a cloned or live mounted database on other hosts.
Cloning a database uses pre-recovery and post-recovery scripts. These scripts must exist at the provided
path on all the target nodes for an Oracle Real Application Clusters (RAC) and must be executable by the
Oracle user defined for the target host. The Rubrik cluster considers a script exit status other than zero to
be a script failure. The Rubrik cluster displays notifications of script failures in the Activity Log.
Clear the log_archive_config parameter to use a custom PFILE for an automated clone, ensuring that
the Rubrik cluster does not create a Data Guard group database after the clone operation completes.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click DG Groups.
The DG Groups page appears.
4. In the Name column, click the name of a Data Guard group.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view and
the Overview card showing database details.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates a successful snapshot taken on that day.
The Recovery Points card displays the Day view.
6. Open the ellipsis menu and select Clone.
7. Click OK.
The Clone Database dialog box appears.
Result
The Rubrik cluster clones the specified database recovery point and creates a primary database using data
files stored on the selected Oracle host. This database is not discovered as a member of a Data Guard
group.
Backing up databases
Database backups on a Rubrik cluster use incremental RMAN merge.
Prerequisites
Before starting this task, confirm that all of the requirements described in Oracle configuration are met.
Context
Through the network file system (NFS), the Oracle Recovery Manager (RMAN) reads the previous snapshot
and aggregates the changes to form a new snapshot.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the navigation menu, click Servers & Apps > Oracle DBs.
The Oracle DBs Hosts/Clusters tab appears.
3. Click the selection box next to a host.
4. Optional: Select multiple hosts to apply the same SLA Domain to databases on all of the selected
hosts.
5. Click Manage Protection.
The Manage Protection dialog box appears.
Skip archived redo log deletion on the host The backed up archived logs are not deleted
from the host.
10. Click Next.
11. Optional: Click Advanced Settings to configure additional backup options.
Option Description
Number of RMAN Channels By default, the number of RMAN channels is set
to four or to the number of nodes in the Rubrik
cluster, whichever is smaller.
Distribute backups across RAC nodes When selected, the Rubrik cluster distributes
automatically backups evenly across all registered RAC nodes,
based on the number of backups that are
currently running on each node.
Nodes Specifies the node order for the backups.
12. Click Next.
13. Optional: Enable Apply to existing snapshots to apply changes made for managing protection to
existing snapshots.
14. Optional: Select Include on-demand and downloaded snapshots to apply the Advanced Setting
changes to on-demand and downloaded snapshots.
15. Click Submit.
Result
The Rubrik cluster assigns the selected SLA Domain and the other settings to the host and all databases
within the selection group.
Related tasks
Assigning an SLA Domain to a host or database
Oracle Enterprise version is required to grant the permissions to support parallel streaming via all channels.
Important: If a database is restored from storage or virtual machine snapshots, the system change
number (SCN) of the database may be older than the snapshots on the Rubrik cluster, which may cause
subsequent backups to fail. Rubrik recommends that customers perform a full database backup after
restoring the database from storage or virtual machine snapshots.
For clusters, assign node backup priority to each node of an Oracle RAC system using the up or down
arrows.
Backing up logs
Create an archived redo log backup of a database.
Prerequisites
A log backup job is triggered automatically when a database backup job completes. Confirm that the
requirements described in Database clone prerequisites have been met.
Context
RMAN can selectively apply archived redo logs and recover to any point in time.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the navigation menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click All DBs.
The All Databases page appears.
4. In the Name column, click the name of a database.
The Local page for the database appears.
5. Click Take Log Backup.
A notification regarding the backup job being scheduled appears.
Status Policy
Log snapshot job fails No archived logs are deleted.
Log snapshot job succeeds with no missing logs All backed up logs are deleted.
Log snapshot job succeeds with one or more Only the successfully backed up logs are deleted.
missing logs
The Rubrik cluster cleans up archived logs upon backup on a best effort basis. Failure to delete a log is
not considered as overall backup job failure. Continue to perform log management, based on the Oracle
guidelines, for logs not cleared by backup jobs.
Procedure
1. Log in to the Rubrik CDM web UI and navigate to a snapshot for an active database or a snapshot for
a relic database.
Option Description
Active database snapshot From the left-side menu, click Servers & Apps
> Oracle DBs and select the All DBs tab.
Relic database snapshot From the left-side menu, click Snapshot
Management.
A list of the available protected database objects appears or a list of relic objects appears.
2. In the Name column, click a database name.
The Local page for the database appears, including the Recovery Points card.
3. Click Log Mount.
The Log Mount dialog box appears.
4. For From, enter the start date and time of the archive log range.
The start date and time entered must be in the timezone of the cluster.
5. For To, enter the end date and time of the archive log range.
6. In Hosts/Clusters, select an Oracle host or RAC cluster.
Result
The Rubrik cluster mounts the archived log files to the specified Oracle host or RAC cluster.
After scheduling the log mount, the details of the mount job appear in the Activity Log. Once the log
mount job has completed, the mount is listed on the Live Mounts page with the suffix _Log_Mount
appended to the mounted database name.
Procedure
1. As the Oracle user, connect to the Oracle target host or the Oracle Real Application Clusters (RAC)
node.
2. Start Recovery Manager (RMAN).
3. Catalog the target host path specified in the Activity Log.
This example catalogs the f043289a-9579-45ca-
a7e7-4e0c2ec9e076_b5d3279a-1248-4eba-9deb-42083776de12 host path:
catalog start with '/var/rubrik/oracle/f043289a-9579-45ca-
a7e7-4e0c2ec9e076_b5d3279a-1248-4eba-9deb-42083776de12';
4. Restore the logs by providing the start and end date from the time range used for the Log Mount.
Specify times in the database timezone, not the cluster timezone.
This example specifies the time period between 2021-07-20 15:20:00 and 2021-07-20 15:22:00
restore archivelog from time "to_date('2021-07-20 15:20:00','YYYY-MM-
DD HH24:MI:SS')" until time "to_date('2021-07-20 15:22:00','YYYY-MM-DD
HH24:MI:SS')";
Result
RMAN restores the archived logs.
Prerequisites
Confirm the configuration is complete as defined in Oracle database management.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the navigation menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
Result
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log tracks the
status of the on-demand backup task. The Rubrik cluster manages the snapshot based on the rules and
policies of the selected SLA Domain.
Related concepts
SLA Domain assignment
Use SLA Domains to apply the data protection policies to an individual virtual machine or a selected set of
virtual machines.
Point-in-time recovery
Point-in-time recovery restores database and log snapshots to the defined point in time.
Recover to a specific point-in-time by selecting a recovery time, from the recoverable range, in the Rubrik
CDM web UI.
Recovery points are based on the last snapshot created before the selected point in time and the archived
redo log backups created between the time of the snapshot and the selected recovery point. The Rubrik
cluster recovers the database from the snapshot and the log content is unrolled and applied up to the
selected point in time.
Assign a database to an SLA Domain with frequent snapshots to ensure quick recovery. The closer the
snapshot to the selected recovery point, the shorter the recovery time objective (RTO) the process
requires.
Supported recovery options are:
• Database recovery to a different single instance Oracle host or Oracle RAC with RBS installed
• Database recovery to a different single instance ASM-managed Oracle host with RBS installed
• Tablespace recovery to the same single instance Oracle host or Oracle RAC with a database configured
• Files only (data files, archived logs and control files)
• The Export files only option copies all the files to the host
• The Live Mount files only option keeps the files on the mounted (via NFS) Rubrik CDM storage
• Live Mount recovery to a different single instance Oracle host or Oracle RAC system
• Live Mount recovery to a different single instance ASM-managed Oracle host
• Instant Recovery to the same single instance Oracle host or Oracle RAC where the original database is
destroyed
• Instant Recovery to the same single instance ASM-managed Oracle host where the original database is
destroyed
Option Description
During the Live Mount of an Oracle database backup, Rubrik CDM automatically
Fully-automated Live
mounts the data files, creates the database instance, and adds the new database
Mount
to the /etc/oratab file on the Oracle host.
As part of the Live Mount task, Rubrik CDM also provides the alternative to mount
the backup image, the datafiles, and the control files at a specified location on the
Oracle host. The data remains on the Rubrik cluster with a specified mount point
DBA-managed Live on the Oracle host. This method permits the DBA to perform the actual recovery
Mount using custom scripts.
If the recovery point is a snapshot that is not the most recent snapshot, the
Rubrik cluster automatically runs a full backup after the recovery.
Related concepts
SPFILE requirements
The Rubrik cluster uses the original SPFILE of the source database for recovery during clone and Live
Mount operations unless an alternate custom PFILE is specified.
Advanced Oracle database clone and mount parameters
A parameters file provides the ability to specify advanced recovery options for live mount and cloning
tasks.
Related tasks
Backing up databases
Database backups on a Rubrik cluster use incremental RMAN merge.
Important: To avoid shutting down the database do not use force unmount.
Requirement Description
Rubrik Backup Service (RBS) RBS must be installed on the single instance server
or each Oracle RAC system node.
Home path and target version The Oracle installation must have the same Oracle
Home path and Oracle software version as the Live
Mount instance.
Source and target paths Before initiating a restore, the destination file
system directories must be available and identical
to the file system of the clone source. The access
permissions must also be the same.
Unique SIDs The target host must not contain another instance
with the same SID and database ID. The Live
Mount script checks if there is any instance with the
same SID already running on the target host. The
live mounted database is created with the same
database name and database SID.
Memory requirements The target host must have enough memory to run
the database and perform recovery. A successful
recovery requires 30% of the source total memory
and 10% of the target total memory.
Permissions The Oracle host or Oracle RAC and databases must
be assigned restore permission.
Database availability At least one snapshot of the database must be
completed.
Clean target Any stale backup files on the target host (including
the FRA) that belong to the database being
restored must be removed.
Related concepts
Directories created before a recovery operation
The Rubrik cluster automatically attempts to create the most common directories before the recovery
operation.
Related tasks
Installing Rubrik Backup Service software on Oracle
Download and install the Rubrik Backup Service software on selected Oracle hosts/nodes.
Prerequisites
Complete the prerequisites as described in Live Mount prerequisites.
Context
With Live Mount the database is instantiated from a copy stored on Rubrik CDM. Live Mount brings up the
database with data files present on storage but redo logs and control files are on the host (FS/ASM) to
allow live migration. Only the data files are migrated. Redo logs and control files are not migrated.
Mounting a database uses pre-recovery and post-recovery scripts. All the target nodes for a Real
Application Clusters (RAC) must have these scripts at the provided path, and the Oracle user defined for
the target host must be able to execute these scripts. The Rubrik cluster considers a script exit status
other than 0 to be a script failure. The Rubrik cluster displays notifications of script failures in the Activity
Log.
Procedure
1. Log in to the Rubrik CDM web UI and navigate to the active or relic data object.
Option Description
Active database navigation From the navigation menu, click Servers &
Apps > Oracle DBs > All DBs.
Relic database navigation From the navigation menu, click Snapshot
Management.
The Hosts/Clusters or All Objects page lists all available data objects.
2. In the Name column, click the name of a database.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view.
3. On the Recovery Points card, select a day that has a green dot.
The green dot indicates a successful snapshot taken on that day.
The Recovery Points card displays the Day view.
4. Move the Recovery point slider to select a recovery point.
To select a snapshot, move the slider to a snapshot indicator or click the snapshot indicator dot. The
selected time icon changes.
To select a recovery point other than a snapshot time, move the slider to choose that time. The time
appears in the time field and the selected time icon changes. Alternatively, type a specific time in the
time field.
5. Open the ellipsis menu and select Mount.
The target Oracle hosts or Oracle RAC systems are shown in the dialog box.
6. In Hosts/Clusters, select an Oracle host.
The selected host will be the target of the database mount.
7. Optional: Select Do not restore, make RMAN backup files available for manual recovery.
Select this option to mount the recovery point, and recover files by using RMAN on the target host.
8. Optional: In Backup Image Path, type a full path on the target host.
Use this optional field to specify where to place the datafiles during the mount operation.
9. Optional: In Number of RMAN Channels (Optional), enter the number of Oracle Recovery
Manager (RMAN) recovery channels.
By default, the number of RMAN channels used for recovery is the same as the number of channels
used in the database and the number of log snapshots being recovered.
10. Optional: Expand Advanced Mount Options.
Additional option fields appear.
Result
The Rubrik cluster mounts the NFS share to the specified Oracle host and brings up the Oracle database
using datafiles stored on Rubrik CDM.
The Live Mount will fail if any of the following reboots: the live mounted host, the RAC, or the Rubrik
cluster. If a Live Mount fails, go to the Live Mounts page, find the failed Live Mount entry, and use the
Unmount command with the Force option. This removes the metadata from the failed Live Mount. Then
retry the Live Mount.
Related concepts
Local host page
Recovery Points card
The Recovery Points card provides access to the available snapshots and log backups of the database.
Direct NFS
Available in Oracle 11g and newer, Direct NFS (dNFS) runs in the database kernel and provides an
optimized NFS client.
Backups and archived redo logs
Rubrik CDM protects Oracle databases with backups and archived redo log backups, running as separate
jobs and at different frequencies in the Rubrik cluster.
Advanced Oracle database clone and mount parameters
A parameters file provides the ability to specify advanced recovery options for live mount and cloning
tasks.
Procedure
1. Use SSH to connect to the Oracle host.
2. Change to the Oracle user.
3. Create the pfile.
Type this command:
echo 'db_name=DB_NAME' > /tmp/initDB_NAME.ora
Where DB_NAME is name of the database being recovered.
This example specifies a database named orcl.
echo 'db_name=orcl' > /tmp/initorcl.ora
Result
The echo command creates a pfile with the specified properties.
Procedure
1. As the Oracle user, connect to the Oracle host.
run
{
set controlfile autobackup format for device type disk to
'file_only_live_mount_path/%F';
Where file_only_live_mount_path is the file only live mount path, and pit_date_time is the latest date
for the restore.
This example specifies a controlfile named controlfile_%F.
run
{
set controlfile autobackup format for device
type disk to '/u02/lm/665e5d60-7a51-4409-9a61-
e3fa38736fd2_5bf14eb6-9f89-4c35-8a91-5c5d6c76f630/c0/controlfile_%F';
restore until time "to_date('2020-04-05', 'YYYY-MM-DD HH24:MI:SS')"
spfile from autobackup;
}
run
{
set controlfile autobackup format for device type disk to
'file_only_live_mount_path/%F';
restore until time "to_date('pit_date_time', 'YYYY-MM-DD HH24:MI:SS')"
spfile from autobackup;
}
Where file_only_live_mount_path is the file only live mount path, and pit_date_time is the latest date
for the restore.
This example specifies a controlfile named controlfile_%F.
run
{
set controlfile autobackup format for device
type disk to '/u02/lm/665e5d60-7a51-4409-9a61-
e3fa38736fd2_5bf14eb6-9f89-4c35-8a91-5c5d6c76f630/c0/controlfile_%F';
restore until time "to_date('2010-040-05', 'YYYY-MM-DD HH24:MI:SS')"
controlfile from autobackup;
}
RMAN cleans the RMAN repository from the restore operation changes.
18. Catalog the RMAN repository.
From RMAN, type this command:
catalog start with file_only_live_mount_path noprompt;
RMAN catalogs the RMAN repository.
19. Switch databases.
From RMAN, type this command:
switch database to copy;
Oracle switches database files.
20. From RMAN, type the run command.
RMAN prompts for media recovery information.
21. Perform the media recovery.
The syntax is:
run
{
set until time "to_date('PIT DATE TIME', 'YYYY-MM-DD HH24:MI:SS')";
recover database;
}
run
{
set until time "to_date('2020-04-05', 'YYYY-MM-DD HH24:MI:SS')";
recover database;
}
Procedure
1. As the Oracle user, connect to the Oracle host.
2. Start SQLPLUS.
3. At the SQLPLUS prompt, type: select dbid,name,open_mode,log_mode,controlfile_type
from v$database;
SQLPLUS displays the database ID, name, mode, log mode, type of control file of the Rubrik backup
image database file copy.
4. At the SQLPLUS prompt, type: select name from v$datafile;
SQLPLUS displays the name of the Rubrik backup image database file copy.
5. At the SQLPLUS prompt, type: select member from v$logfile;
SQLPLUS displays the location of the log files.
6. At the SQLPLUS prompt, type: select name from v$tempfile;
SQLPLUS displays the location of the temp files.
7. At the SQLPLUS prompt, type: select name,value from v$parameter where
name='spfile';
SQLPLUS displays the name of the spfile.
8. At the SQLPLUS prompt, type:select name,value from v$parameter where
name='control_files';
SQLPLUS displays the name of the control file.
Result
The Oracle user verifies the Live Mount.
Important: Do not use dbca or similar tooling that deletes the entire database including the base
directories.
• An Instant Recovery does not change the location for redo logs but does consolidate the multiple
members of redo log groups into a single member for each group.
Related concepts
On-demand snapshots
Related tasks
Dropping a database
Before performing an instant recovery, drop the Oracle RAC or standalone Oracle database.
Dropping a database
Before performing an instant recovery, drop the Oracle RAC or standalone Oracle database.
Context
This task describes steps to delete and unregister (drop) a database on the Oracle RAC system. Oracle
online documentation provides information specific to standalone databases.
Procedure
1. Set the cluster database to FALSE.
The system responds with the message ORACLE instance started. When the mount completes
successfully, the following message appears: Database mounted.
4. Optional: Verify that the database is mounted with logins restricted.
7. Manually remove the database entry in /etc/oratab on each individual node of the Oracle RAC.
Result
The system deletes and unregisters the Oracle RAC or standalone Oracle database.
Related information
Oracle Help Database Backup and Recovery Reference - DROP DATABASE
Prerequisites
• Oracle restore permissions must be set before recovery. Oracle Help Center - Credentials Required to
Perform Backup and Recovery describes Oracle restore permissions.
• Before recovering a RAC database drop the existing RAC database as described in Dropping a database.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the navigation menu, click Snapshot Management.
3. In the Name column, click the name of a database.
Alternatively, enter a name in the search field or use the filters at the top right of the list.
The Local page for the database appears, with the Recovery Points card showing the month view.
4. Select a snapshot or an archival snapshot.
5. Open the ellipsis menu for the snapshot.
6. Click Instantly Recover.
The Instantly Recover Snapshot dialog box appears.
7. Optional: In Number of RMAN Channels (Optional), enter the number of Oracle Recovery
Manager (RMAN) recovery channels.
By default, the number of RMAN channels used for recovery is the same as the number of channels
used in the database and the number of log snapshots being recovered.
Result
The Rubrik cluster instantly recovers the database back to the source Oracle server or cluster. Recovered
datafiles are mounted on the Rubrik cluster and the database instance is created on the server.
Next task
Migrate the database off of the Rubrik cluster and unmount the Live Mount before adding SLA Domain
protection.
Related tasks
Dropping a database
Before performing an instant recovery, drop the Oracle RAC or standalone Oracle database.
Mounting a database backup using Live Mount
Use Live Mount to create a new database from a point-in-time copy of a source Oracle database.
Clone configuration for an Oracle RAC database with four nodes, n1, n2, n3, and n4, and a database
running on two of those nodes, n3 and n4. The Oracle RAC database is cloned to a target Oracle RAC
system with nodes t1, t2, t3, and t4. Rubrik CDM brings up the database on nodes t1 and t2.
The configuration can be manually changed to match the configuration of the original Oracle RAC.
The following table describes the available clone configuration options.
Related concepts
Advanced Oracle database clone and mount parameters
A parameters file provides the ability to specify advanced recovery options for live mount and cloning
tasks.
Requirement Description
A clean target host Any stale backup files on the target host (including the FRA) that belong to
the database being restored must be removed.
Database availability At least one database must be managed and protected.
Log Archive Destination During a clone operation, the archive logs can be restored to the log
archive destination on the Oracle host, enabling the database to be
recoverable to any recovery point. If the source log_archive_dest is
used, it must exist on the host. An ACO parameter can be used to specify a
different log_archive_dest destination.
Log backups (Optional) To clone a recovery point that is between snapshots, successfully complete
log backups that cover the recovery point period.
Memory requirements The target host must have enough memory to run the database and
perform recovery. A successful recovery requires 30% of the source total
memory and 10% of the target total memory.
Permissions The Oracle host or Oracle RAC and databases must be assigned restore
permission.
Register nodes The single instance host or the nodes of the target Oracle RAC must
be registered on the Rubrik cluster. For an Oracle RAC, if only a subset
of nodes are registered, the cloning task succeeds. However, only the
registered nodes have a running instance of the cloned database.
Rubrik Backup Service RBS must be installed on the single instance server or each Oracle RAC
(RBS) system node. For recovery, RBS must be installed on the recovery target
host.
Snapshots At least one snapshot of the Oracle database and logs must be completed.
Source and target paths Before initiating a restore, the destination file system directories must be
available and identical to the file system of the clone source. The access
permissions must also be the same.
Related concepts
Directories created before a recovery operation
The Rubrik cluster automatically attempts to create the most common directories before the recovery
operation.
Rubrik Backup Service
RBS is required in order to perform automated discovery of Oracle hosts, Oracle RAC systems, and Oracle
databases.
Create an empty oratab file
If the Oracle host has no databases running, create an empty /etc/oratab file before installing Rubrik
Backup Service (RBS) software.
Point-in-time recovery
Point-in-time recovery restores database and log snapshots to the defined point in time.
SPFILE requirements
The Rubrik cluster uses the original SPFILE of the source database for recovery during clone and Live
Mount operations unless an alternate custom PFILE is specified.
Using the original SPFILE during the recovery includes these requirements.
• The target of the clone or Live Mount must have sufficient memory to support the memory parameters
of the original SPFILE.
• The necessary storage requirements listed in the SPFILE must be already configured on the target.
• The target listener configuration must be complete. If any of the listener parameters are set in the
source SPFILE, for example local_listener, the corresponding value must be included in the
tnsnames.ora file in the target.
Cloning databases
Restore an Oracle database or recover datafiles by cloning a database snapshot.
Prerequisites
Confirm the configuration requirements as defined in Database clone prerequisites.
Context
• If a single instance clone fails, some manual cleanup may be required. For more information, see
Managing failed clones.
• The FRA is not set for a cloned or live mounted database on other hosts.
Cloning a database uses pre-recovery and post-recovery scripts. These scripts must exist at the provided
path on all the target nodes for a RAC and must be executable by the Oracle user defined for the target
host. The Rubrik cluster considers a script exit status other than 0 to be a script failure. The Rubrik cluster
displays notifications of script failures in the Activity Log.
Procedure
1. Log in to the Rubrik CDM web UI and navigate to a snapshot for an active database or a snapshot for
a relic database.
Option Description
Active database snapshot From the left-side menu, click Servers & Apps
> Oracle DBsand select the All DBs tab.
Relic database snapshot From the left-side menu, click Snapshot
Management.
A list of the available protected database objects appears or a list of relic objects appears.
2. In the Name column, click a database name.
The Local page for the database appears, including the Recovery Points card.
3. On the Recovery Points card, select a day with a green dot.
The green dot indicates that at least one successful snapshot was created on that day.
The Recovery Points card displays the Day view.
4. Move the Recovery point slider to select a recovery point.
Result
The Rubrik cluster clones the specified database recovery point to the selected Oracle host.
Related concepts
Local host page
Snapshots card or Recovery Points card
Location Description
Any datafile or archived log file location as on the Remove the datafiles and archived log files placed
source database during the failed clone task.
Audit directory Remove the audit directory created during the
failed clone task.
$ORACLE_HOME/dbs/SID_control1 and Remove any control files placed during the failed
$ORACLE_HOME/dbs/SID_control2, where SID clone task.
is the Oracle SID of the source database.
/etc/oratab Remove any database entries placed during the
failed clone task.
Important: The location directories must already exist on the target Oracle host or Oracle RAC and be
accessible by the Oracle SYSDBA user. Existing files at the locations specified in the configuration file are
overwritten during the recovery.
Memory parameters
The memory parameters can be used to account for differences in resource limitations between the source
and target hosts or Oracle RAC.
DB_CREATE_ONLINE_LOG_DEST_NSpecifies where the online redo String equal to the ASM disk
log members are located on the group name or file system
N = 1-5
target. Create one member, in directory path.
each location, with the same
number of groups that existed on
the source database for ASM.
This field is required.
On the file system, all online
redo log members will be put
into the first location and can be
reconfigured after the recovery
is complete. Redo log files with
duplicate names will be renamed.
On ASM, all online redo logs are
Oracle-managed files on the
target even if there were alias
redo logs on the source database.
Up to five locations may be
specified.
Each one may be an ASM disk
group name or a file system
directory.
The inputs must be all ASM
disk groups or all file system
directories.
DB_RECOVERY_FILE_DEST Default location for the String equal to the full destination
flash recovery area (FRA). path.
The size of the FRA must
be specified with the
DB_RECOVERY_FILE_DEST_SIZE
parameter. This field is required
when performing recovery of
dissimilar disk groups.
For successful recovery to a
standalone database on ASM
LOG_ARCHIVE_DEST_N Specifies locations for log archival String equal to the full path of the
operations of the database. file.
N = 1-10
Archived logs will be multiplexed
to the locations.
Up to ten locations may be
specified.
Each entry must begin with
LOCATION= (case insensitive).
Each one may be an ASM disk
group name or a file system
directory.
SPFILE_LOCATION Location for the minimal spfile String equal to the full path of the
with which the database is spfile.
recovered. This must be a
complete path to the spfile
located in the file system or ASM
path. Do not use the disk group
name or a directory path. This
field is required when performing
dissimilar disk group recovery.
If the specified file already
exists, it is overwritten during
the recovery, even if the Oracle
SYSDBA user does not have
permissions to modify the existing
file.
SGA_MAX_SIZE=1234M
SGA_TARGET=1234M
PGA_AGGREGATE_TARGET=568M
USE_LARGE_PAGES=TRUE
SPFILE_LOCATION=/u01/app/oracle/product/dbhome/spfilerbk.ora
CONTROL_FILES=+DG1,+DG2
DB_CREATE_ONLINE_LOG_DEST_1=+DG1
LOG_ARCHIVE_DEST_1=+DG1
DB_RECOVERY_FILE_DEST=+FRA
DB_RECOVERY_FILE_DEST_SIZE=1000000
DB_CREATE_FILE_DEST=/u01/app/oracle/oradata
AUDIT_FILE_DEST=/u01/app/oracle/audit
ORACLE_HOME=/u01/app/oracle/product/rdbms/12.2.0.2/db_1/
DB_FILE_NAME_CONVERT='+DG1','+TG1','/u01/data','/u02/data'
LOG_FILE_NAME_CONVERT='+DG1','+TG1','/u01/data','/u02/data'
PARAMETER_VALUE_CONVERT='orcl','newdb','dg1','tg1'
During a Same Host Recovery all existing archived logs are deleted and a new set of archived logs are
generated for the new instance, unless the logs from the host are not applied. The feature supports
options to point to a specific archived log path from which the archived logs are applied during the
recovery. The original spfile of the source database is used during the recovery. Any additional
parameters must be set after the restore job is completed. Before running a recovery, ensure that the
parent directories of the required parameters exist on the Oracle host or each node of the Oracle RAC. This
applies to both local file system paths and ASM paths. A Same Host Recovery does not change the location
for redo logs but does consolidate the multiple members of redo log groups into a single member for each
group.
The Rubrik cluster supports automated recovery only for databases created using an SPFILE file.
Databases created using a PFILE must use DBA managed recovery.
Important:
If a database is a relic, and if the cluster is upgraded to the latest version, the metadata of the database
being recovered must be edited on the Rubrik cluster by Rubrik Support.
Related concepts
Instant Recovery for Oracle
Replace an Oracle database with a fully functional point-in-time copy.
Related tasks
Dropping a database
Important: If a database became a relic while running on Rubrik CDM version 5.0.2 or older, and if the
cluster was upgraded to 5.0.3 or newer, contact Rubrik support before performing a Same Host recovery.
All stale backup files on the target host (including the FRA) that belong to the database being restored
must be removed
During a Same Host recovery or Instant Recovery, the original spfile from the backup is used for the
database recovery. Configure any required custom parameters before making the database operational.
Dropping the database on the source host and performing host refresh moves the database status from
Live to Relic.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Snapshot Management.
3. In the Name column, click the name of a database.
Alternatively, enter a name in the search field or use the filters at the top right of the list.
The Local page for the database appears and confirms that the database status is Relic.
4. On the Recovery Points card, click any green point on the recovery timeline.
5. Click the ellipsis next to the Expiration Date and select Restore.
The Restore operation restores a point-in-time copy of the database to the original host. When the
database is recovered using a snapshot earlier than the most recent one, the Rubrik cluster forces a
full backup for the next database backup.
6. Optional: In Number of RMAN Channels (Optional), enter the number of Oracle Recovery
Manager (RMAN) recovery channels.
By default, the number of RMAN channels used for recovery is the same as the number of channels
used in the database and the number of log snapshots being recovered.
7. Confirm the recovery point and click Restore.
The activity log appears and tracks the restore task to completion.
Result
The Same Host recovery task completes, the database is open, and the assigned SLA Domain is in place.
Related concepts
Instant Recovery for Oracle
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Snapshot Management.
3. In the Name column, click the name of a database.
Alternatively, enter a name in the search field or use the filters at the top right of the list.
The Local page for the database appears and confirms that the database status is Relic.
4. On the Overview card, select Latest Recovery Point next to the clock icon.
5. Open the ellipsis menu next to the expiration date and click Restore.
6. Optional: Toggle on Apply Logs from Host.
The Rubrik cluster applies the host logs as part of the recovery.
7. (Apply Logs from Host) Select a location for the logs or type the full path of a custom location.
The Rubrik cluster renames the archived host logs and writes them to the subdirectory rubrik at the
specified location.
8. Click Confirm.
9. Click OK.
Result
The Rubrik cluster performs the roll forward recovery as specified.
Tablespace recovery
Restore a tablespace in place to the same database.
Recovery tasks use the tablespaces protected in the nearest database snapshot before the selected point-
in-time.
Adding single or multiple tablespaces to a databases involves changing multiple components in the
database. Changes are written to the Rubrik Cluster as scheduled by the assigned SLA Domain. However,
Rubrik recommends taking an on-demand snapshot after dropping or adding a tablespace to ensure
immediate availability of changes for recovery operations.
Before restoring tablespaces, confirm the preliminary requirements listed in the following table.
Component Description
Oracle Edition Tablespace recovery requires an Oracle Database Enterprise Edition license with the
RMAN TSPITR feature.
Permissions A file system where the oracleuser has the permission to create a directory.
Free storage The tablespace datafile recovery target device must meet the minimum storage space
space requirements:
• AIX - The host must have free disk space equal to at least twice the size of the
tablespace datafiles.
• Other Linux distributions - The host must have free disk space equal to the at least
the size of the tablespace datafiles.
RMAN Before starting a tablespace recovery, take the tablespace offline, then manually drop
it. This ensures a clean and complete RMAN operation.
Related concepts
Database clones for Oracle
Select a recovery point on the Oracle database to clone to a target location.
Related tasks
Creating an on-demand snapshot
Manually initiate a database snapshot in addition to the policy-based snapshots of the database. Assign an
SLA Domain to manage that snapshot.
Dropping a tablespace
Before performing a recovery of a tablespace, drop the existing tablespace from the recovery target.
Context
If a table and its indexes are stored in different tablespaces, the indexes must be dropped before
performing a tablespace point-in-time recovery (TSPITR).
Procedure
1. On the Oracle host, run the following command.
This command takes the tablespace offline immediately without a database checkpoint of any of the
datafiles.
Result
The datafiles clause instructs the database to delete the associated operating system files. The database
writes a message to the alert log for each operating system file deleted.
Next task
Take an on-demand snapshot to ensure immediate availability of changes for recovery operations.
Related tasks
Creating an on-demand snapshot
Manually initiate a database snapshot in addition to the policy-based snapshots of the database. Assign an
SLA Domain to manage that snapshot.
Restoring tablespaces
Rubrik CDM restores tablespaces by exporting in-place on the same database.
Prerequisites
Set the database to ARCHIVELOG mode before attempting a tablespace recovery.
Context
To initiate a tablespace recovery, select a snapshot or any point-in-time point target from the available
range. The Rubrik cluster restores tablespaces in-place only to the same database.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side navigation menu, click Servers & Apps > Oracle DBs.
The Hosts/Clusters page appears.
3. Click All DBs.
The All DBs tab appears.
4. In the Name column, click the name of a database.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the database appears, with the Recovery Points card showing the month view.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates that at least one successful snapshot was created on that day.
The Recovery Points card displays the Day view.
6. Move the Recovery point slider to select a recovery point.
To select a snapshot, move the slider to a snapshot indicator or click the snapshot indicator dot. The
selected time icon changes.
To select a recovery point other than a snapshot time, move the slider to choose that time. The time
appears in the time field and the selected time icon changes. Alternatively, type a specific time into the
time field.
Result
The Rubrik cluster exports the tablespace and restores the tablespace to the selected point-in-time on the
same database.
Next task
Take an on-demand snapshot to ensure immediate availability of changes for recovery operations.
Related concepts
Local host page
Recovery Points card
The Recovery Points card provides access to the available snapshots and log backups of the database.
Related tasks
Creating an on-demand snapshot
Manually initiate a database snapshot in addition to the policy-based snapshots of the database. Assign an
SLA Domain to manage that snapshot.
A Rubrik cluster provides data management and protection for Microsoft SQL Server databases.
A Rubrik cluster can manage and protect SQL Server databases that are configured to use the full recovery
model, bulk-logged recovery model, or the simple recovery model.
For a database that uses the full recovery model or the bulk-logged recovery model, the Rubrik cluster
performs policy-driven VSS snapshots of the database and frequent interim backups of the transaction log.
The combination of a snapshot of the database and transaction log backups, permits granular restore of a
database to a specified recovery point.
For a database that uses the simple recovery model, the Rubrik cluster performs policy-driven snapshots of
the database. The snapshots permit recovery of the database to its state at the time of a snapshot.
The following table describes the data management features provided for SQL Server databases.
Feature Description
Physical and virtual The Rubrik cluster supports SQL Server databases running on physical installations
instances of Windows Server, and on guest OS installations of Windows Server that are
running in a virtual environment.
Windows Server The Rubrik cluster supports SQL Server databases running on Windows Failover
Failover Clustering Clustering (WSFC) instances of SQL Server.
Full, bulk-logged, The Rubrik cluster provides protection for full recovery model, bulk-logged
and simple recovery recovery model, and simple recovery model databases.
models
Automatic discovery After installing the Rubrik Backup Service software on a Windows Server, the
Rubrik connector automatically discovers all instances of SQL Server and all SQL
Server databases on the Windows Server. The Rubrik connector provides this
information to the Rubrik cluster and the objects appear in the Rubrik CDM web
UI.
Automatic upgrade When new versions of the Rubrik Backup Service software are available, the
Rubrik cluster automatically upgrades the software on all Windows Server hosts.
SLA Domains SLA Domains provide simplified management of SQL Server database protection.
Setting the snapshot frequency and retention, snapshot window, replication policy,
and archival policy for a database can be accomplished by assigning the database
to an SLA Domain.
Derived protection Databases can derive SLA Domain protection through an SLA Domain assignment
made to the SQL Server database or the Windows Server host. Databases added
at a later date automatically derive the protection of the parent entity.
Configurable log For any database, the log backup frequency setting can be derived from the
backups system defaults, or the log backup frequency and retention can be configured
through an SLA Domain assignment. Log backups can also be disabled entirely.
Copy Only backups When a database is assigned to an SLA Domain, Copy Only backups can be
specified for that database.
Point-in-time recovery
For a database that uses the full recovery model or the bulk-logged recovery model, the Rubrik cluster
uses a combination of a snapshot of the database and the database transaction log backups to recover a
database.
The Rubrik Backup Service obtains the snapshot of the database by using the VSS writer on the SQL
Server host to create a full backup of the database.
The combination of a snapshot of the database and the transaction log backups from the database permits
the Rubrik cluster to recover a database to the state it was in at a selected point in time.
To recover to a selected point in time, the Rubrik cluster uses two pieces of information:
• Last snapshot created before the selected point in time
• Log backups created between the time of the snapshot and the selected point in time
The Rubrik cluster first recovers the database from the snapshot. Then the Rubrik cluster unrolls and
applies the contents of the logs until the selected point in time is reached.
The closer that the snapshot is to the selected point in time, the shorter the Recovery Time Objective
(RTO) that is achieved by the process. To minimize RTO, assign a database to an SLA Domain with
frequent snapshots.
Requirement Description
Operating system Refer to the Rubrik Compatibility Matrix for current
version support.
Database management system Refer to the Rubrik Compatibility Matrix for current
version support.
Windows service SQL Server VSS Writer (running)
Network protocol TCP/IP or Shared Memory protocol enabled for
each SQL Server database
Assigning sysadmin permission grants full administrative rights to the SQL Server instance, similar to root
permissions. It is unnecessary to grant additional permissions once sysadmin is granted.
Because the model database is the template used to create new databases on the instance, any
permissions granted to the model database are applied to any new databases created after those
permissions are assigned.
Prerequisites
Obtain and install the Rubrik Backup Service software on the Windows Server host.
Result
The Rubrik cluster checks connectivity with the Rubrik Backup Service on each specified Windows Server
host and adds the Windows Server hosts that are successfully connected.
Next task
Do the following:
• Set the default database management properties.
• Set the individual database management properties.
• Manage and protect a database by adding it to an SLA Domain.
Context
Removing a Windows Server host removes the following from the SQL Server DBs page:
• All SQL Server databases of that host
• All databases of that host
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Select a Windows Server host.
4. Open the ellipsis menu and select Delete.
A warning dialog box appears.
5. Click Delete.
Result
The Rubrik cluster removes the selected Windows Server host.
When there is at least one existing snapshot for a SQL Server database on the removed Windows Server
host, the database appears on the Snapshot Management page. The snapshots and log backups from a
database on the Snapshot Management page can be used for recovery and export.
Removing individual snapshots for a data source describes how to use the Snapshot Management page to
remove the unmanaged snapshot objects of a database.
Per-host configurations
There are a number of per-host configurations available to configure hosts.
Procedure
1. As admin, open a Rubrik cluster SSH session.
2. Type the cluster rubrik_tool create_mssql_host_configuration command.
For boolean data types, use the Enabled, Disabled, or Default parameters. For numeric types,
use the literal value.
The CLI command creates the per-host configuration.
Example
This is an example of creating a per-host configuration for the host.
Procedure
1. As admin, open a Rubrik cluster SSH session.
Example
This is an example of updating a per-host configuration for the host.
Procedure
1. As admin, open a Rubrik cluster SSH session.
2. Type the cluster rubrik_tool get_mssql_host_configuration command.
The CLI command retrieves the per-host configuration for the specified host.
Example
This is an example of retrieving a per-host configuration for host ce828b9e-490f-4f68-bf1a-b645021fbe02.
Procedure
1. As admin, open a Rubrik cluster SSH session.
2. Type the cluster rubrik_tool list_mssql_host_configurations host1, host2,
host3 command.
The CLI command lists the per-host configuration for the specified hosts.
Example
Context
rubrik_tool cannot delete individual numerical per-host configurations. Instead, deleting individual per-
host configurations requires deleting all configurations for a host.
Procedure
1. As admin, open a Rubrik cluster SSH session.
2. Type the cluster rubrik_tool delete_mssql_host_configuration command.
The CLI command deletes all per-host configurations.
Example
This is an example of deleting per-host configurations from host ce828b9e-490f-4f68-bf1a-b645021fbe02.
This example deletes a boolean per-host configuration with the UPDATE/PATCH call by setting the value
for enableVdi to Default and then sets the value for data to a null set.
Context
Perform these steps for Rubrik CDM versions earlier than version 7.0. In Rubrik CDM versions 7.0 and later,
the log backup frequency is configured with the SLA Domain.
The default value applies to a database unless an override value is directly set for the database or an
override value is set through an SLA Domain assignment.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
Result
The Rubrik cluster updates the default frequency and applies the new setting to log backups for databases
that use the default value.
Related tasks
Editing an SLA Domain
Edit an existing local SLA Domain to change the specified data protection.
Prerequisites
• Install the Rubrik Backup Service software on the Windows Server host of the database.
• Add the Window Server host to the Rubrik cluster.
Context
A derived assignment applies to the databases that exist at the time of the assignment and to databases
that are added after the assignment.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click the selection box next to a Windows Server host or a SQL Server database.
Click the name of a Windows Server host to view the SQL Server databases on that host.
Select multiple hosts or SQL Server databases to apply the same SLA Domain protection to databases
on all of the selections.
4. Click Manage Protection.
When a database within the selection is already assigned to an SLA Domain, a warning dialog box
appears.
Click Continue Anyway to change the existing assignment to a new selection or click Cancel to
return to the Hosts/Instances tab.
The Manage Protection dialog box appears.
5. In the SLA Domain section, select an SLA Domain.
6. Optional: Select Take Copy Only Backups.
The Rubrik cluster will perform Copy Only backups for the policy-driven backups of the databases in
the selection group.
Selecting Take Copy Only Backups closes the Log Backup Frequency and Log Backup Retention fields.
7. Optional: In Log Backup Frequency, type an integer value.
Result
The Rubrik cluster assigns the SLA Domain and other settings to all existing databases within the selection
group.
Prerequisites
Complete these tasks:
• Install the Rubrik Backup Service software on the Windows Server host of the database.
• Add the Window Server host to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
Alternatively, select a database through the Hosts/Instances tab by clicking values in the Name field to
move down in the hierarchy of a Windows Server host.
The All DBs tab appears.
4. Click the selection box next to a database.
Select multiple databases to apply the same SLA Domain protection settings to all of the selected
databases.
5. Click Manage Protection.
When a database within the selection group is already assigned to an SLA Domain, a warning dialog
box appears. Click Continue Anyway to change the existing assignment to a new selection. Or, click
Cancel to return to the All DBs tab.
The Manage Protection dialog box appears.
6. In the SLA Domain section, select an SLA Domain.
7. Optional: Select Take Copy Only Backups.
The Rubrik cluster will perform Copy Only backups for the policy-driven backups of the databases in
the selection group.
Selecting Take Copy Only Backups closes the Log Backup Frequency and Log Backup Retention fields.
8. Optional: To disable log backups entirely, select Disable Log Backups.
9. Optional: In Log Backup Frequency, type an integer value.
Type an integer value from 5 to 99. The integer value sets the number of minutes between backups of
the transaction log. This value overrides the default log backup frequency value.
10. Optional: In Log Backup Retention, type an integer value.
The integer value sets the number of days to retain the transaction log.
11. Click Submit.
Context
Removing an assigned SLA Domain from a database does not block that database from a derived or
individual assignment to an SLA Domain at a later point.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Select a tab to view specific protection objects.
• To view Windows Server hosts, SQL Server databases, or databases, click Hosts/Instances.
• To view databases, click All DBs.
4. Select a parent object or a database by clicking the selection box next to the object.
• Select a Windows Server host to remove the derived SLA Domain assignments for all SQL Server
databases and databases on that host.
• Select a SQL Server database to remove the derived SLA Domain assignments for all databases on
that instance.
• Select a database to individually remove the SLA Domain assignment of that database.
Select multiple objects in any of these groups to remove the SLA Domain assignment for all databases
covered by the selected group.
5. Click Manage Protection.
A warning appears.
6. Click Continue Anyway.
The Manage Protection dialog box appears.
7. Select No SLA.
8. Click Submit.
Result
The Rubrik cluster removes the SLA Domain assignments for all databases within the selection group.
Databases within the selection group that have unexpired snapshots appear on the Snapshot Management
page.
Prerequisites
• Install the Rubrik Backup Service software on the Windows Server host of the database.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
The All DBs tab appears.
4. In the Name column, click the name of a database.
The Local page for the database appears.
5. Click Take On Demand Snapshot.
The Take On Demand Snapshot dialog box appears.
6. Select an SLA Domain.
The Rubrik cluster uses the rules and policies of the selected SLA Domain to manage the on-demand
snapshot. The selected SLA Domain can be different from the SLA Domain that protects the database.
To manually manage the on-demand snapshot through the Snapshot Management page, select
Forever.
7. Click Take On Demand Snapshot.
Result
The Rubrik cluster adds the specified on-demand backup to the task queue. The Activity Log tracks the
status of the on-demand backup task. The Rubrik cluster manages the snapshot based on the rules and
policies of the selected SLA Domain.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Optional: Select one or more Windows hosts and go to step 7.
4. Optional: Click the name of a Windows host.
A list of the SQL Server instances on the Windows host appears.
5. Select one or more SQL Server instances.
6. Optional: Click the name of a single instance to list the databases under that instance. Then, select
one or more SQL Server databases for the group on demand snapshot task.
7. Open the ellipsis menu at the upper-right of the page and select Take On Demand Snapshot.
The Take On Demand Snapshot page appears.
8. Select the SLA level to assign to the on-demand snapshots.
9. Click Take On Demand Snapshot.
Result
The group on-demand snapshot task is scheduled and executed. When the task completes, each SQL
Server database in the selected Windows hosts or SQL Server instances has an individual on-demand
snapshot.
Context
Tail-log backups are only available for databases protected with the Full recovery model.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
The All DBs tab appears.
4. In the Name column, click the name of a database protected with the Full recovery model.
The Local page for the database appears.
5. Click Take T-Log Backup.
A notification regarding the backup job being scheduled appears.
Result
The Rubrik cluster adds the specified tail-log backup to the task queue. The Activity Log tracks the status
of the tail-log backup task.
Context
Once the backups are downloaded, administrators can use the snapshot and transaction logs for audit
operations.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Clusters tab of the SQL Server DBs page appears.
3. Open the ellipsis menu for the snapshot.
4. Click Download files.
The Select Files page displays a list of transaction logs and files for the most recent snapshot that
occurred prior to the selected time.
5. Check the box for each file to download.
6. Click Next.
7. Click OK to download the files.
Result
Rubrik CDM downloads backups of snapshot and transaction logs.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Select Hosts and click the Windows Host tab.
4. Open the ellipsis menu at the upper-right of the page, and select Edit Default CBT.
The Edit Default CBT dialog box appears.
5. Click the On or Off button to enable or disable the default CBT settings.
6. Click Update.
Result
The default CBT settings are applied to the Windows hosts.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Check the Windows host to configure CBT.
4. Open the ellipsis menu at the upper-right of the page, and select Edit CBT.
The Edit CBT dialog box appears.
5. Select On.
6. Select Update.
Result
CBT is enabled or disabled for the specified Windows host.
Context
By default, the Rubrik cluster uses CBT if the failover cluster is configured for CBT.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click Failover Clusters.
The Failover Clusters tab appears. The page lists by name each failover cluster. For each failover
cluster, the page provides the number of instances, the number of SQL Server databases, and the SLA
Domains that are assigned.
4. Click the name of a failover cluster.
The databases on the selected SQL Server database system appear. For each database, the page
lists whether log backup is enabled, whether the database is protected through Copy Only, and the
assigned SLA Domains.
5. Click the name of a SQL Server database.
The SQL Server database systems on the failover cluster appear. For each SQL Server database
system, the page provides the number of databases and the assigned SLA Domains.
6. Click the name of a database.
The Recovery Points card for the selected database appears.
7. Click Take on Demand Snapshot.
8. Click Retain Forever.
9. Click Next.
10. Click OK.
The Rubrik cluster takes the snapshot.
11. Optional: Click the status message for the snapshot.
The Activity Detail screen appears.
If the failover cluster is configured for CBT, the Activity Detail includes a line stating the backup uses
CBT.
Unmanaged data
Manage file system and application data that is not subject to a retention policy through the Snapshot
Management page of the Rubrik CDM web UI.
The Rubrik cluster defines backups and snapshots that do not have a retention policy as unmanaged
snapshot objects. Unmanaged snapshot objects can be managed through the Snapshot Management page
of the Rubrik CDM web UI.
View the Snapshot Management page for information about tasks with unmanaged snapshot objects.
Related concepts
Retention management
Assign retention policies to existing scheduled snapshots, on-demand snapshots, and snapshots retrieved
from an archival location.
Overview card
The Overview card on the Recovery Points card page for a database provides general protection
management information for the database.
Field Description
Windows Host The FQDN or IPv4 address of the Windows Server that is the host of the
SQL Server database that manages the database.
SQL Instance The name assigned to the SQL Server database that manages the
database.
SLA Domain The name of the SLA Domain that manages the protection of the
database.
Recovery Model Type of recovery model that controls how the transactions of the
database are logged, either: Full or Simple.
Oldest Recovery Point Timestamp of the oldest retained recovery point for the database.
Latest Recovery Point Timestamp of the most recent retained recovery point for the database.
Local Storage Amount of storage on the Rubrik cluster that is occupied by data from the
database.
Missed Snapshots Number of policy-driven snapshots that did not complete successfully. A
missed snapshot is counted until the period since the SLA Domain policy
required the snapshot exceeds the retention period of the SLA Domain.
Database recovery
The Rubrik cluster provides recovery of a database through snapshots of the database. When transaction
logs for the database have been backed up, the Rubrik cluster also provides the ability to recover the
database to any point in time that is within the backed up data.
For each protected database, and for each database on the Snapshot Management page, the Rubrik
cluster provides a Recovery Points card. Use the Recovery Points card to select a recovery point and to
start the recovery process.
A database can be exported as a new database from a recovery point on the Recovery Points card.
The export can be to the same SQL Server database or to another SQL Server database on any known
Windows Server host.
A database recovery point on the Recovery Points card can be used to create a Live Mount. Live Mounts
are shared directly from the Rubrik storage layer over the SMB/CIFS protocol. The Live Mount feature does
not support SQL Server databases that use filestreams or in-memory tables.
Note: The Rubrik cluster can back up SQL Server system databases, such as: ‘master’, ‘model’, and
‘msdb’, but backups of these system databases cannot be directly restored from the Rubrik cluster. System
database backups can be exported or created as Live Mounts.
Recovering a database
Restore a selected database to a specific recovery point.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
Result
The Rubrik cluster replaces the existing database with a copy of the database from the selected recovery
point. When the recovery point is between snapshots, the Rubrik cluster uses the log to bring the database
from the closest prior snapshot to the selected recovery point.
Context
The Rubrik cluster shares the Live Mount over the SMB/CIFS protocol and sets the protection state of the
new database to Do Not Protect.
Note: Live Mount is not supported with SQL Server 2008 databases or with SQL Server databases that
use filestreams or in-memory tables.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
To work with the unmanaged snapshots for a database that is listed on the Snapshot Management
page, On the left-side menu, click Snapshot Management. Then, continue with the following steps
from the Snapshot Management page instead of the SQL Server DBs page.
Result
The Rubrik cluster mounts the share to the specified Windows Server host and attaches the Live Mount
database to the specified SQL Server database.
Force Unmount
Use Force Unmount to remove the Live Mount entry and the associated storage and metadata from the
Rubrik cluster, when a normal unmount cannot be completed.
A normal unmount can be prevented by:
• A lost connection with the host of a Live Mount.
• Manually deleting the Live Mount database from the SQL Server database.
When this occurs, use Force Unmount to remove all storage and metadata for the database from the
Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI on the local Rubrik cluster.
2. On the left-side menu of the Rubrik CDM web UI, click Live Mounts > SQL Server DBs.
The SQL Server DB Live Mounts page appears.
3. Open the ellipsis menu next to the entry for a Live Mount database.
4. Click Unmount.
A confirmation message appears.
Result
The Rubrik cluster detaches the database from the SQL Server database and unmounts the share from the
Windows Server host.
Exporting a database
Export a copy of a selected recovery point of a database to a SQL Server database on the same Windows
Server host or on another known Windows Server host.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
To work with the unmanaged snapshots for a database that is listed on the Snapshot Management
page, on the left-side menu, click Snapshot Management. Then, continue with the following steps
from the Snapshot Management page instead of the SQL Server DBs page.
The All DBs tab appears.
4. In the Name column, click the name of a database.
The Local page for the database appears, with the Recovery Points card showing the month view.
5. On the Recovery Points card, select a day that has a green dot.
The green dot indicates that at least one successful snapshot was created on that day.
The Recovery Points card displays the Day view.
6. Move the Recovery point slider to select a recovery point.
To select a snapshot, move the slider to a snapshot indicator or click the snapshot indicator dot. The
selected time icon changes.
To selected recovery point other than a snapshot time, move the slider to choose that time. The time
appears in the time field and the selected time icon changes. Alternatively, type a specific time into the
time field.
7. Open the ellipsis menu and select Export.
The Export Database dialog box appears.
8. In Host, select a Windows Server host for the exported database copy.
9. Click Next.
The second view of the Export Database dialog box appears.
10. In Name, select a SQL Server database.
The Export Database dialog box shows only the SQL Server databases on the selected Windows
Server host that are a SQL Server version that is qualified to receive the exported database.
11. In Exported Database Name, type a name for the exported database recovery point.
12. In Export Path, select a method for providing the export paths.
• Default Method to provide a single path for the data files and a single path for the log files.
• Advanced Method to provide a separate path for each of the database files. The Rubrik cluster
assigns a logical name to each file and lists each file with a logical name and a path entry field.
The specified export path cannot point to existing database files. If the specified export path does not
exist, the Rubrik cluster creates it.
Note: When using the Advance export option if the database is kept in a restoring state, the files are
stored in a sub-folder of the intended path.
For example, the files are stored in folder\filename\filename instead of folder\filename,
where folder is the target path and filename is the file name used for the restore process.
To avoid creating the sub-folder, choose the target file names to be the same as the original database
file names.
Result
The Rubrik cluster exports the database recovery point to the selected SQL Server database.
Prerequisites
Procedure
1. Log in to the web UI.
2. On the left-side menu, select Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
The All DBs tab appears.
4. Optional: Enter a string in the “Search by Name” field to search for a specific database.
5. In the Name column, click the name of a database.
The Local page for the database appears.
6. Open the ellipsis menu at the upper-right of the page and select Add Log Shipping Secondary.
The Add Log Shipping Secondary dialog box appears, displaying a list of compatible hosts. Only hosts
that have been registered on the Rubrik cluster appear in the list.
7. Select a host.
A list of compatible instances appears.
8. Click Next.
9. Select an instance from the list of compatible instances.
10. Enter a name for the secondary database in the Secondary Database Name field.
11. Select a method for providing the export paths.
• Simple Method to provide a single path for the data files and a single path for the log files.
• Advanced Method to provide a separate path for each of the database files. The Rubrik cluster
assigns a logical name to each file and lists each file with a logical name and a path entry field.
The specified export path cannot point to existing database files. If the specified export path does not
exist, the Rubrik cluster creates it.
Each export path must point to a location that has sufficient free storage to accommodate the data
files. The Rubrik cluster checks the available space before exporting the data.
The specified location must be accessible by the selected SQL Server instance.
12. (Simple Method only) In Data Files Export Path, type a full path on the selected Windows Server
host.
During the export task, the Rubrik cluster places the data files for the database recovery point at the
specified location.
13. (Simple Method only) In Log Files Export Path, type a full path on the selected Windows Server
host.
During the export task, the Rubrik cluster configures the database to store the database transaction
logs at the specified location.
14. (Advanced Method only) Type a full path for each logically named file in the text entry field next to
each logical name.
The path must be a full Windows path including a valid drive letter, or a valid UNC path for a network
share.
15. Select a state for the secondary database.
• A database in the Restoring state cannot be read or written to.
• A database in the Standby state cannot be written to.
16. Optional: For a secondary database in the Standby state, select the Automatically disconnect
users when restoring backups box to disconnect users reading the secondary database when
shipped transaction logs are being applied to the secondary database.
17. Click Add.
Procedure
1. Log in to the Rubrik web UI.
2. On the left-side menu, select Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click Log Shipping Targets.
The Log Shipping Targets tab appears.
4. Open the ellipsis menu next to the log shipping configuration to delete and click Remove.
The Remove Secondary dialog box appears.
5. Optional: Check Delete from Windows host.
Option Description
Checked The Rubrik cluster deletes the secondary
database and the log shipping configuration.
Unchecked The Rubrik cluster leaves the secondary database
in place, but it removes the log shipping
configuration.
6. Click Remove.
Result
The Rubrik cluster deletes the log shipping configuration and the secondary database, if that check box
was selected. The activity logs and events for the deletion job are available on the details page for the
primary or secondary database.
Failover events
A Rubrik cluster handles WSFC failover events automatically.
When an active WSFC node fails and a secondary WSFC node becomes the active node, the Rubrik Backup
Software detects the failover and communicates the change to the Rubrik cluster. The Rubrik cluster
automatically continues to manage and protect the databases in the FCI through the new active WSFC
node.
The Rubrik cluster continues to provide for each database in the FCI:
• Same SLA Domain protection
• Access to existing backup history
• Access to existing backups
Procedure
1. Install the Rubrik Backup Service software on each node in the failover cluster.
Rubrik Backup Service describes the Rubrik Backup Service software, the permissions required to run
the software, and how to install the software.
2. For the account running the Rubrik Backup Service, enable the View server state permission at the
server scope level for each SQL Server database in the failover cluster.
3. Log in to the Rubrik CDM web UI.
4. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears. Failover clusters are listed on this page
only for hosts, not for instances.
5. Click Failover Clusters.
The Failover Clusters tab appears.
6. Open the ellipsis menu at the upper-right of the page, and select Add Windows Hosts.
The Add Windows Hosts dialog box appears.
7. In IPs or Hostnames, type a comma-separated list of the IPv4 addresses or the resolvable
hostnames of each of the Windows Server hosts that is a node in the cluster.
Add all WSFC nodes to the Rubrik cluster to ensure continuous protection of SQL Server databases
in the event of a failover. The Rubrik cluster cannot protect the databases of a SQL Server database
when the active instance is on a WSFC node that has not been added to the Rubrik cluster.
The list can contain both IPv4 addresses and hostnames. The Rubrik cluster requires one IPv4 address
or one resolvable hostname for each Windows Server host.
8. Click Add.
The Rubrik cluster checks connectivity with the Rubrik Backup Service on each specified Windows
Server host and adds the Windows Server hosts that are successfully connected.
Result
The Rubrik Backup Service communicates the failover cluster information to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click Failover Clusters.
The Failover Clusters tab appears. The page lists by name each failover cluster. For each failover
cluster, the page provides the number of SQL Server databases and the SLA Domains that are
assigned.
4. Click the name of a failover cluster.
The page lists by name each SQL Server database on the failover cluster. For each SQL Server
database, the page provides the assigned IP address, the number of databases, and the assigned SLA
Domains.
5. Click the name of a SQL Server database.
The page lists by name the databases on the SQL Server database. For each database, the page lists
whether it is an availability replica, whether log backup is enabled, whether the database is protected
through Copy Only, and the assigned SLA Domains.
6. Click the name of a database.
Result
The Recovery Points card for the selected database appears.
Prerequisites
Add each Window Server host that is a node in the failover cluster to the Rubrik cluster.
Context
A derived assignment only applies to the FCI databases that exist at the time of the assignment.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click Failover Clusters.
The Failover Clusters tab appears.
4. Click the selection box next to a failover cluster or a SQL Server database.
Click the name of a failover cluster to view the SQL Server databases on that failover cluster.
Select failover clusters or SQL Server databases to apply the same SLA Domain protection to
databases on all of the selections.
5. Click Manage Protection.
When a database within the selection is already assigned to an SLA Domain, a warning dialog box
appears.
Result
The Rubrik cluster assigns the SLA Domain and other settings to all existing databases within the selection
group.
Prerequisites
Add each Window Server host that is a node in the failover cluster to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
Alternatively, select a database through the Failover Cluster tab by clicking values in the Name field to
move down in the hierarchy of a failover cluster.
The All DBs tab appears.
4. Click the selection box next to an FCI database.
Select multiple databases to apply the same SLA Domain protection settings to all of the selected
databases.
5. Click Manage Protection.
When a database within the selection group is already assigned to an SLA Domain, a warning dialog
box appears.
6. Click Continue Anyway.
The Manage Protection dialog box appears.
7. In the SLA Domain section, select an SLA Domain.
8. Optional: Select Select Take Copy Only Backups.
Selecting Take Copy Only Backups closes the Log Backup Frequency and Log Backup Retention fields.
The Rubrik cluster performs Copy Only backups for the policy-driven backups of the databases in the
selection group.
9. Optional: In Log Backup Frequency, type an integer value.
Result
The Rubrik cluster assigns the selected SLA Domain and the other settings to all databases within the
selection group.
Context
Removing an assigned SLA Domain from a database does not block that database from a derived or
individual assignment to an SLA Domain at a later point.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Select a tab to view specific protection objects.
• To view failover clusters, SQL Server databases, or FCI databases, click Failover Clusters.
• To view databases, click All DBs.
4. Select a parent object or a database by clicking the selection box next to the object.
• Select a failover cluster to remove the derived SLA Domain assignments for all SQL Server
databases and FCI databases on that failover cluster.
• Select a SQL Server database to remove the derived SLA Domain assignments for all databases on
that instance.
• Select a database to individually remove the SLA Domain assignment of that database.
Select multiple objects in any of these groups to remove the SLA Domain assignment for all databases
covered by the selected group.
5. Click Manage Protection.
A warning appears.
6. Click Continue Anyway.
The Manage Protection dialog box appears.
7. Select No SLA.
8. Click Submit.
Result
The Rubrik cluster removes the SLA Domain assignments for all databases within the selection group.
Databases within the selection group that have unexpired snapshots appear on the Snapshot Management
page.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click All DBs.
The All DBs tab appears.
4. In the Name column, click the name of an FCI database.
The Local page for the FCI database appears.
5. Click Take On Demand Snapshot.
Result
The Rubrik cluster adds the on-demand snapshot task to the task queue. Task messages for the on-
demand snapshot appear in the Activity Log.
For details on managing these settings, refer to the Microsoft SQL Server documentation.
In order to prevent unauthorized access to database replicas, Rubrik clusters rely on the availability groups
information in the sys.availability_databases_cluster table during the discovery process. Restrict the
visibility of the group_id and group_database_id identifiers to the smallest practicable number of people to
further reduce the risk of unauthorized access.
Related reference
SQL Server permissions required for backups
Permissions required to perform Rubrik CDM backups on SQL Server.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Servers & Apps > SQL Server DBs.
The Hosts/Instances tab of the SQL Server DBs page appears.
3. Click Availability Groups.
The Availability Groups tab appears.
4. Optional: Enter a string in the Search by Name field to display availability groups matching that
string.
5. Optional: Choose an SLA Domain from the Filter SLA drop-down to display availability groups
protected by the chosen SLA Domain.
6. In the Name column, click the name of an availability group.
The databases in the selected availability group display.
7. Click the name of a database in the availability group.
The Local page for the database appears, with the Recovery Points card showing the month view.
8. On the Recovery Points card, select a day that has a green dot.
The green dot indicates that at least one successful snapshot was created on that day.
The Recovery Points card displays the Day view.
9. Move the Recovery point slider to select a recovery point.
10. Export or restore the database recovery point.
11. Choose a recovery method:
Result
Rubrik CDM exports or restores an availability database recovery point.
Procedure
1. Remove the databases from the AAG.
2. Drop the databases from each member.
3. Use the Rubrik CDM web UI to refresh the hosts.
4. Export the databases using the steps described in Exporting a database to each member in the AAG,
using the same point in time for each export.
For all secondary members of the AAG, select Keep database in Restoring state.
5. Add the databases back to the AAG, selecting "Join Only" for the data synchronization option.
Result
The database is restored into an Always On Availability Group.
Note: To obtain information about using SAP HANA Studio and SAP HANA Cockpit, go to: SAP HANA Help
Portal.
Rubrik recommends using the native SAP HANA protection instead of using managed volumes and NFS.
For more information, see SAP HANA protection in the Rubrik Polaris User Guide.
Related tasks
Restoring an SAP HANA database
The SAP HANA Studio client or SAP HANA Cockpit is used to restore SAP HANA databases. Any database
that was configured with Rubrik Backup by running sap_hana_bootstrap_main program can be restored.
Important: Before the RBS software is upgraded, pause any SAP HANA backups. RBS software upgrade
can occur automatically whenever the Rubrik CDM software is upgraded on the associated Rubrik cluster.
For example, this JSON file contains all parameters necessary to configure a SAP HANA system named
DB_SP2.
{
"port_number": "30115",
"hana_sid": "SP2",
"rubrik_prefix": "abcd",
"rubrik_node_ip": "10.0.38.71",
"action_number": "2",
"num_backint_channels": "1",
"sla_to_be_assigned": "Bronze",
"DB_SP2": {
"data_mv_size": "20",
"log_mv_size": "10",
"ip_subnet": "",
"client_name_patterns": "10.0.89.224,localhost",
"num_mv_channels": "1"
},
"SYSTEMDB": {
"data_mv_size": "200",
"log_mv_size": "10",
"ip_subnet": "",
"client_name_patterns": "10.0.89.224,localhost",
"num_mv_channels": "2"
}
}
If any of these are not included at the command line, sap_hana_bootstrap_main prompts for them
during the session.
Parameter Description
--secure Enable SSL and TLS encryption.
--crypto_provider Specify commoncrypto*, sapcrypto (if installed), or openssl.
CRYPTO_PROVIDER
--trust_store Specify the path to the trust store file that contains the server’s public
TRUST_STORE certificates.
--key_store KEY_STORE Specify the path to the keystore file that contains the private key.
--host_name_in_cert Specify the host name used to verify SAP HANA's identity. This host
HOST_NAME name verifies the identity of the server instead of the host name that
established the connection.
--validate_cert Specify whether to validate the server's certificate.
commoncrypto requires dynamic libraries. Issue the following before running the
sap_hana_bootstrap_main script bootstrap script if commoncrypto is used:
export LD_LIBRARY_PATH=path_to_libsapcrypto.so:$LD_LIBRARY_PATH
export SECUDIR=certificate_directory_path
Context
The sap_hana_bootstrap_main accepts a series of inputs until you enter the admin password, after
which it starts the installation (see the sample session below).
Procedure
1. Open an SSH session on the host running SAP HANA.
2. Change the working directory to /usr/bin/rubrik/sap_hana.
3. As root, run sap_hana_bootstrap_main.
4. Enter the username for the SAP HANA system.
The user need not be the SYSTEM user.
5. Type the password for the SAP HANA user and press Enter.
6. Type the port number for the SAP HANA database and press Enter.
7. Type the HANA SID and press Enter.
The HANA SID is a three-character ID.
8. Type the Rubrik prefix and press Enter.
sap_hana_bootstrap_main displays a list of configuration options.
9. Type 1 to install Rubrik Backup Service on one or more SAP nodes, and press Enter.
10. Type the resolvable hostname or IPv4 address of the Rubrik node and press Enter.
11. Type the name of the Rubrik cluster administrator and press Enter.
The name of the cluster administrator is typically "admin".
12. Type the account password and press Enter.
Result
A message appears saying the setup was successful.
Example
Setup successful
[root@linux-vm sap_hana]#
Related concepts
Requirements for using sap_hana_bootstrap_main
Requirements for running SAP HANA with a Rubrik cluster include appropriate permissions, passwords port
numbers, the SAP HANA SID, and the Rubrik prefix.
Prerequisites
Install RBS on the node containing the SAP HANA database.
Context
The sap_hana_bootstrap_main accepts a series of inputs until you enter the admin password, after
which it starts the installation.
Procedure
1. Open an SSH session on the host running SAP HANA.
2. Change the working directory to /usr/bin/rubrik/sap_hana.
3. As root, run sap_hana_bootstrap_main.
4. Type the password for the SYSTEM database user and press Enter.
5. Type the port number for the SAP HANA database and press Enter.
6. Type the HANA SID and press Enter.
The HANA SID is a three-character ID.
7. Type the Rubrik prefix and press Enter.
A list of configuration options appears.
8. Type 2 to configure Rubrik Backup Service for one or more database instances, and press Enter.
9. Type the resolvable hostname or IPv4 address of the Rubrik node and press Enter.
10. Type the name of the Rubrik cluster administrator and press Enter.
The name of the cluster administrator is typically "admin".
11. Type the account password and press Enter.
sap_hana_bootstrap_main verifies the host registration.
12. At the Enter number of MV channels to use prompt, type the number of Managed Volume
channels.
Important: This selection also sets the parallel Backint data backup configuration values to the same
value.
The managed volume channels are created, and sap_hana_bootstrap_main displays the database
state details.
13. Type the number of Backint channels per managed volume channel and press Enter.
Result
The setup successful message appears.
Related concepts
Requirements for using sap_hana_bootstrap_main
Requirements for running SAP HANA with a Rubrik cluster include appropriate permissions, passwords port
numbers, the SAP HANA SID, and the Rubrik prefix.
Managed Volume Channels
Setting up of Managed Volume channels should follow the specific requirements.
Prerequisites
Install and configure RBS on the SAP HANA database.
Context
The following instructions use the SAP HANA Studio client to backup SAP HANA databases.
Procedure
1. Right-click the database for backup.
2. Select Backup and Recovery > Backup Tenant Database (or System).
The Specify Tenant (or System) database dialog box appears.
3. Select the database for backup and click Next.
The Specify Backup Settings dialog box appears.
4. Select the Backup Type.
Option Description
Complete Data Backup Contains a backup of all data.
Differential Backup Contains only the data that is new or has
changed since the last full backup.
Incremental Backup Contains only data that is new or has changed
since the last backup
5. Select the Backint Destination Type.
6. Accept the Backup Destination.
7. Click Next.
The Review Backup Settings dialog box appears.
8. Confirm the settings are correct and click Finish.
Result
When the backup is complete, the Backup Execution Summary confirms the backup is complete.
Prerequisites
Create backups of SAP HANA databases.
Procedure
1. Right-click on a database name and select Backup Console.
2. In the Backup Console, choose the Backup Catalog tab.
Result
The Backup Catalog tab displays all of the backups for the selected database.
Prerequisites
Backup a SAP HANA database.
Context
The following instructions use the SAP HANA Studio client to restore SAP HANA databases.
Procedure
1. Right click on the HANA SID.
2. Select Backup and Recovery and Specify Tenant database (or System).
The Specify Tenant database (or System) dialog box appears.
3. Select the database for restore and click Next.
The Specify Recovery Type dialog box appears.
4. In Recovery Type, select a type of recovery.
Option Description
Recover the database to its most recent state Recovers the database to as close as possible to
the current time.
Recover the database to a specific data backup The database is initialized with the specified data
listed backup.
5. Select a backup for recovery.
6. Click Check Availability to confirm that all of the files that were backed up are available in the
Managed Volume.
7. Click Next.
The Other Settings dialog box appears.
8. In Check Availability of Delta and Log Backups, select Third-Party Backup Tool (Backint).
Result
The recovery process is complete.
Prerequisites
The target database must be configured for RBS, and the source database must have backups in a Rubrik
cluster.
Context
If the target and source system have the same SID, the database name on the source and the target
database must be different, and the source and target system cannot be connected to different Rubrik
clusters.
Procedure
1. Open an SSH session on the host running SAP HANA.
2. Change the working directory to /usr/bin/rubrik/sap_hana.
3. As root, run sap_hana_bootstrap_main.
4. Type the password for the SYSTEM database user and press Enter.
5. Type the port number for the SAP HANA database and press Enter.
6. Type the HANA SID and press Enter.
The HANA SID is a three-character ID.
7. Type the Rubrik prefix and press Enter.
A list of configuration options appears.
8. Type 4 to select Configure system to copy remote database (Press 4).
9. Type the resolvable hostname or IPv4 address of the Rubrik node and press Enter.
10. Type the name of the Rubrik cluster administrator and press Enter.
The name of the cluster administrator is typically "admin".
The Enter ‘admin’ password for Rubrik cluster prompt appears
11. Type the account password and press Enter.
12. Type the SID of the source system and press Enter.
13. Type the Rubrik Prefix of the source system and press Enter.
14. Type N to not restore the SID database.
15. Type Y to restore the specified external database.
16. For each database that needs to be copied to in target system, type the corresponding database for
source system and press Enter.
17. Type N.
Result
After the sap_hana_bootstrap_main process is complete, use SAP HANA Studio or SAP HANA Cockpit
to copy the database.
Example
Related concepts
Requirements for using sap_hana_bootstrap_main
Requirements for running SAP HANA with a Rubrik cluster include appropriate permissions, passwords port
numbers, the SAP HANA SID, and the Rubrik prefix.
Prerequisites
The snapshots (both data and log) to be restored should be exported on the Rubrik Cluster. Ensure
that the correct log and data Mounted Volume snapshots are exported based on the time of snapshot.
Restoring to any backup not present in the snapshot will fail. If multiple snapshots are mounted for the
same database, the database is restored from the most recently exported snapshot.
Procedure
1. Open an SSH session on the host running SAP HANA.
2. Change the working directory to /usr/bin/rubrik/sap_hana.
3. As root, run sap_hana_bootstrap_main.
4. Type the password for the SYSTEM database user and press Enter.
5. Type the port number for the SAP HANA database and press Enter.
6. Type the HANA SID and press Enter.
The HANA SID is a three-character ID.
7. Type the Rubrik prefix and press Enter.
A list of configuration options appears.
8. Type 5 to restore the database from an exported managed-volume snapshot, and press Enter.
9. Type the resolvable hostname or IPv4 address of the Rubrik node and press Enter.
10. Type the name of the Rubrik cluster administrator and press Enter.
The name of the cluster administrator is typically "admin".
11. Type the account password and press Enter.
12. Type Y for replication and N for archival.
13. Type Y for each database you want to restore from a Managed Volume.
A setup successful message appears.
Example
Related concepts
Requirements for using sap_hana_bootstrap_main
Requirements for running SAP HANA with a Rubrik cluster include appropriate permissions, passwords port
numbers, the SAP HANA SID, and the Rubrik prefix.
Related tasks
Configuring Rubrik backup for SAP HANA databases
Context
Managed volumes are usually in a busy state because log backups are triggered frequently. This can cause
a Rubrik CDM upgrade to fail. Before an upgrade, pause the Backint backup. Once the backup is complete,
resume the Backint backup.
Procedure
1. Open an SSH session on the host running SAP HANA.
2. Change the working directory to /usr/bin/rubrik/sap_hana.
3. As root, run sap_hana_bootstrap_main.
4. Type the password for the SYSTEM database user and press Enter.
5. Type the port number for the SAP HANA database and press Enter.
6. Type the HANA SID and press Enter.
The HANA SID is a three-character ID.
7. Type the Rubrik prefix and press Enter.
A list of configuration options appears.
8. Type 6 to pause or resume a backup, and press Enter.
9. Press P to pause the SAP Backup.
sap_hana_bootstrap_main writes the paramfile file and starts terminating the backup process.
10. Type the resolvable hostname or IPv4 address of the Rubrik node and press Enter.
11. Type the name of the Rubrik cluster administrator and press Enter.
The name of the cluster administrator is typically "admin".
12. Type the account password and press Enter.
Result
sap_hana_bootstrap_main pauses Backint backups.
Example
Related concepts
Requirements for using sap_hana_bootstrap_main
Requirements for running SAP HANA with a Rubrik cluster include appropriate permissions, passwords port
numbers, the SAP HANA SID, and the Rubrik prefix.
Context
Managed volumes are usually in a busy state because log backups are triggered frequently. This can cause
a Rubrik CDM upgrade to fail. Before an upgrade, pause the Backint backup. Once the backup is complete,
resume the Backint backup.
Procedure
1. Open an SSH session on the host running SAP HANA.
2. Change the working directory to /usr/bin/rubrik/sap_hana.
3. As root, run sap_hana_bootstrap_main.
4. Type the password for the SYSTEM database user and press Enter.
5. Type the port number for the SAP HANA database and press Enter.
6. Type the HANA SID and press Enter.
The HANA SID is a three-character ID.
7. Type the Rubrik prefix and press Enter.
A list of configuration options appears.
8. Type 6 to pause or resume a backup, and press Enter.
9. Press R to resume the SAP Backup.
Result
sap_hana_bootstrap_main resumes Backint backups.
Example
Related concepts
Requirements for using sap_hana_bootstrap_main
Requirements for running SAP HANA with a Rubrik cluster include appropriate permissions, passwords port
numbers, the SAP HANA SID, and the Rubrik prefix.
Procedure
1. Open an SSH session on the host running SAP HANA.
2. Change the working directory to /usr/bin/rubrik/sap_hana directory.
3. As root, run sap_hana_bootstrap_main.
4. Type the password for the SYSTEM database user and press Enter.
5. Type the port number for the SAP HANA database and press Enter.
6. Type the HANA SID and press Enter.
The HANA SID is a three-character ID.
7. Type the Rubrik prefix and press Enter.
A list of configuration options appears.
8. Type 7 to configure the SLA for database Managed Volumes, and press Enter.
9. Type the resolvable hostname or IPv4 address of the Rubrik node and press Enter.
10. Type the name of the Rubrik cluster administrator and press Enter.
The name of the cluster administrator is typically "admin".
11. Type the administrator password and press Enter.
12. Type the comma-separated list of numbers corresponding to the databases to be modified.
13. Type the number corresponding to the SLA to be assigned.
Result
The Managed Volume protection is assigned to the specified databases.
Related concepts
Requirements for using sap_hana_bootstrap_main
Requirements for running SAP HANA with a Rubrik cluster include appropriate permissions, passwords port
numbers, the SAP HANA SID, and the Rubrik prefix.
Note: Existing can be retained for restore operations, but a different RID (Rubrik prefix) must be
entered to create new Managed Volumes for the same database.
Note: In CDM version 5.0.3 and newer, the number of channels per floating IP is limited to 16, including
main and live mounts. If the limit is exceeded, exporting of the newly created Managed Volume fails with
an error message about an insufficient number of available floating IPs.
SAP HANA parallel backint requires that the database size is greater than 128 GB.
For every backint channel, SAP HANA recommends a minimum of 512 MiB for RAM usage. The
data_backup_buffer_size value, in the global.inifile, should be set to:
512 MiB * the number of backint streams
If the database size is larger than 500 GiB, configure the number of channels based on the smaller of the
two following values:
number of nodes in the Rubrik cluster and database size divided by 500 GiB
Consider the following when migrating to multichannel Managed Volumes:
• Once channels are configured for Managed Volumes, they cannot be changed and used for other
purposes.
• New Managed Volumes must be created with the correct number of channels, and must be configured
for SAP backups.
• Existing Managed Volumes may be kept to restore databases from backups, but a different Rubrik Prefix
must be entered to create new Managed Volumes for the same database.
• A complete backup must be taken initially in new Managed Volumes for subsequent differential and
incremental backups to work properly.
Floating IPs
SAP HANA should use floating IPs for all nodes in the Rubrik cluster.
SAP HANA should use floating IPs for all nodes in the Rubrik cluster to enable seamless movement of
Managed Volume exports from one node to another without impacting the NFS mount on the SAP HANA
Server. However, floating IPs are not supported on Rubrik cloud clusters. If floating IPs are not enabled,
rerun sap_hana_bootstrap_main to resolve stale NFS mount issues after node failures or node IP
changes.
Managed Volumes
The Managed Volume feature in Rubrik CDM protects and manages data.
Managed Volumes provide hosts with a backup target location on a Rubrik cluster. The Rubrik cluster
manages snapshots of the data that a host backs up to a Managed Volume through the policies of a
specified SLA Domain.
Note: Encrypting application backups can lead to ineffective deduplication. Files encrypted with different
encryption keys do not trigger content-based matching.
Configuration workflow
Establishing a Managed Volume protected by an SLA Domain uses a specified workflow. Once established,
the Managed Volume is treated as any other protected data source.
Complete the tasks in the order specified in this workflow. Each stage references a detailed task. Complete
the steps in a task before moving to the next stage in the workflow. Enable secure SMB connections to use
secure SMB for live mounts of Managed Volumes.
1. Set up floating IP addresses for the Rubrik cluster.
2. Create a Managed Volume.
3. Assign the Managed Volumes to SLA Domains.
The network protocols used by Managed Volumes have the following restrictions:
• Managed volumes that use the secure SMB protocol cannot map the IP address of a client to more
than one domain. A given client IP address can only access managed volumes from within a single
fdomain. Reusing a client IP as an agent-based host as part of another domain can result in conflicts.
• Managed volumes that use the NFS protocol do not support NFSv4.
• Floating IP addresses must be set up before creating any Managed Volumes. Floating IP addresses
provide a consistent connection to the Rubrik cluster even when a cluster node becomes unavailable.
• Configure the same number of floating IP addresses as the number of nodes on the Rubrik cluster. An
equal distribution of floating IP addresses between the nodes ensures efficient distribution of the work
between the nodes.
• After the floating IP addresses are configured, the Rubrik cluster assigns each node a floating IP
address. The nodes handle communication through the assigned floating IP address.
• When a node cannot handle communication on its assigned floating IP address, the Rubrik cluster
assigns (floats) that address to another node. This functionality prevents disruption of data transmission
over the floating IP address and maintains the availability of the Managed Volumes.
• To ensure fault tolerance, Managed Volumes require a minimum of four nodes in the Rubrik cluster.
Related concepts
Secure SMB
Floating IP addresses
Floating IP addresses provide a consistent connection to the Rubrik cluster even when a cluster node
becomes unavailable.
Note: The number of channels per floating IP is limited to 16, including main and live mounts. If the
limit is exceeded, exporting of the newly created Managed Volume fails with an error message about an
insufficient number of available floating IPs.
After the floating IP addresses are configured, the Rubrik cluster assigns each node a floating IP address.
The nodes handle communication through the assigned floating IP address. When a node cannot handle
communication on its assigned floating IP address, the Rubrik cluster assigns (floats) that address to
another node. This functionality prevents disruption of data transmission over the floating IP address and
maintains the availability of the Managed Volumes.
Requirement Description
Number Same number of floating IP addresses as the number of nodes on the Rubrik
cluster.
Subnet Same subnet as the static data IP addresses of the Rubrik cluster.
Uniqueness Each IP address must be unique within the subnets and cannot be the same
as the management IP address or the data IP address.
Network bonding Configure the floating IP addresses on bond0.
Context
One floating IP address must be defined for each Rubrik node, and the floating IP address should be on
the same subnet as the static data IP addresses of the Rubrik nodes.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. Click Network Settings.
The Network Settings page appears.
Result
The Rubrik cluster stores the floating IP addresses and assigns the floating IP addresses to the nodes.
Managed volume Create the Managed Volume with enough For example, a 1 TB data source with a
size space to contain all of the data from 5% change rate requires approximately
the recovery period, and provide some 1.3 TB for a 7 day recovery period and
additional space for unexpected data 1.6 TB for a 14 day recovery period.
growth.
Managed volumes can be increased in
For Managed Volumes created on size as needed, but cannot be decreased
versions of the Rubrik CDM earlier than in size.
5.0, the requested provision size is used
to calculate an optimal number of disks
and Managed Volume size.
This results in an actual volume size
that could be up to 15% larger than the
provision size.
SLA Domain Assign a Managed Volume to an SLA Assigning a Managed Volume to an SLA
assignment Domain before directing any backups Domain ensures that the correct data
into that Managed Volume. management policies are applied to the
snapshots in that managed volume.
When the Managed Volume is not
assigned to an SLA Domain, the Rubrik
cluster assigns the snapshots to the
Unmanaged policy group and does not
expire the snapshots.
When the data in the managed volume does not correspond to a listed application tag, select a tag that
most closely corresponds to the properties of the data to apply suitable settings. Use the default setting for
data with a high deduplication potential. For data with infrequent backups and low deduplication potential,
use the Oracle Incremental Merge tag, which applies low deduplication and high performance.
Prerequisites
Set up floating IP addresses for the Rubrik cluster.
Context
Depending on the settings and size of the Managed Volume, the volume creation process can take up to
one hour.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. Click Add Volume.
The Add Volume dialog box appears.
4. In Volume Name, enter a name to identify the managed volume.
To simplify identification, use the name of the database being protected.
5. In Provisioned Size, type a size, in gigabytes.
The actual size allotted could be up to 15% larger as the result of an automatically applied optimizing
calculation.
6. Select a communications protocol for the Managed Volume.
Option Description
NFS Use the NFS protocol for live mounts of
snapshots for this managed volume.
SMB Use the secure SMB protocol for live mounts
of snapshots for this managed volume. To use
secure SMB for live mounts of Managed Volumes,
enable secure SMB connections.
7. Optional: Select an application tag from the Applications Tags drop-down.
Application tags specify the type of application content in the Managed Volume. The Rubrik cluster
optimizes the use of CPU and memory during data reduction based on the selected type. When no tag
is selected, data reduction uses more CPU and memory.
8. Optional: In Client Name Patterns, type an IPv4 address or FQDN.
Managed volumes using the NFS protocol support multiple FQDNs, IPv4 addresses, a range of IPv4
addresses, or an IPv4 subnet. The SMB protocol allows only IPv4 addresses.
Managed volumes using the NFS protocol use these IPv4 addresses as a client whitelist for filtering
and authentication. Managed volumes using the secure SMB protocol map these IPv4 addresses to a
domain. Ensure that each IPv4 address is mapped to exactly one domain.
The Rubrik cluster only allows hosts that are identified in the client name patterns to mount the shares
from the Managed Volume and the Managed Volume snapshots.
When this field is empty or contains a single asterisk (*), the Rubrik cluster allows any host to mount
the shares from the NFS-protocol Managed Volume. Managed volumes using SMB do not support a
Client Name Patterns field that is empty or contains an asterisk.
9. Optional: With VLAN tagging enabled, in Subnet type a subnet mask value, in CIDR format.
For example, to use the subnet range 10.128.45.0 - 10.128.45.63, type 10.128.45.0/26.
Note: The first snapshot taken for a Managed Volume might show a Data Transferred value in the
Activity Detail that is larger than the actual amount of ingested data. This is due to internal, one-time
filesystem metadata initialization, such as inode tables and extent maps.
Result
The Rubrik cluster saves the configuration information and the new Managed Volume appears on the
Managed Volumes page.
Related concepts
Secure SMB
When the Rubrik cluster enforces SMB security, SMB clients must authenticate through Active Directory
before gaining access to SMB shares.
Related reference
Floating IP addresses
Floating IP addresses provide a consistent connection to the Rubrik cluster even when a cluster node
becomes unavailable.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. Select a Managed Volume.
4. Open the ellipsis menu at the upper-right corner of the page and click Edit.
The Edit SLA Managed Volume dialog box appears.
5. In Volume Name, type a new name for the Managed Volume.
6. Skip Provisioned Size.
Managed Volume sizes are changed using the Provisioned Size dialog box.
7. Optional: To use a new subnet on an SLA Domain Managed Volume, in Subnet type the new subnet
IP address.
8. To modify client access to the Managed Volume, type a resolvable hostname or IPv4 address in Client
Name Patterns.
Multiple hostnames and IPv4 addresses can be added.
The Rubrik cluster only allows hosts that are identified in the client name patterns to mount the shares
from the Managed Volume and the Managed Volume snapshots.
When this field is empty or contains a single asterisk (*), the Rubrik cluster allows any host to mount
the shares from the Managed Volume.
9. Click Edit.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. In the Name column, click the name of the Managed Volume you want to resize.
Alternatively, enter a name in the search field or use the filters at the top left of the list.
The Local page for the Managed Volume appears, with the Snapshots card showing the month view.
4. From Provisioned Size in the Overview card, click Resize.
The Provisioned Size dialog box appears.
5. In Provisioned Size, type the new size of the Managed Volume in gigabytes.
The new size of the Managed Volume must be greater than the old size.
Note: A Managed Volume can only be resized to 1024 times its original size.
Note: When editing Managed Volumes for Rubrik CDM versions older than 5.0, an automatically
applied optimizing calculation enables the user to increase the Managed Volume up to 15 percent over
its original size.
6. Click Submit.
Result
The Rubrik cluster resizes the Managed Volume as a background task. The Managed Volume remains in the
read-only state and is inaccessible until the resizing operation completes.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. Select a Managed Volume.
4. Open the ellipsis menu at the upper-right of the page and click Delete.
The Delete Managed Volume screen appears.
5. Choose how to handle the existing snapshots of the Managed Volume.
Choose from the following options.
Result
The Rubrik cluster deletes the specified Managed Volume and applies the selected choice to the existing
snapshots.
Option Description
rw Mounts the Managed Volume channel with read and write capability.
bg Background mount option. When an initial attempt to mount the managed
volume channel fails, this option causes mount to create a copy of the mount
process as a subprocess that continues to attempt to mount the channel.
hard Requires that the NFS client wait for the NFS server to return to availability rather
that failing with an error, when the NFS server becomes unavailable.
Option Description
rw Mounts the Managed Volume channel with read and write capability.
hard Requires that the NFS client wait for the NFS server to return to availability rather
that failing with an error, when the NFS server becomes unavailable.
intr Prevents system signals from interrupting file operations on the Managed Volume
channel.
llock Uses local file locking instead of sending lock requests to the NFS server.
cio Enables concurrent IO, providing significant performance improvement.
rsize=524288 Requires a larger block size (524,288 bytes) to speed up reads from the Managed
Volume.
wsize=524288 Requires a larger block size (524,288 bytes) to speed up writes to the Managed
Volume.
proto=tcp Requires that the NFS mount use the TCP protocol.
vers=3 Sets the NFS protocol version that is used by the NFS client to NFS version 3.
Option Description
rw Mounts the Managed Volume channel with read and write capability.
bg Background mount option. When an initial attempt to mount the managed
volume channel fails, this option causes mount to create a copy of the mount
process as a subprocess that continues to attempt to mount the channel.
hard Requires that the NFS client wait for the NFS server to return to availability rather
that failing with an error, when the NFS server becomes unavailable.
nointr Prevents system signals from interrupting file operations on the Managed Volume
channel.
rsize=1048576 Requires a larger block size (1,048,576 bytes) to speed up reads from the
Managed Volume.
wsize=1048576 Requires a larger block size (1,048,576 bytes) to speed up reads from the
Managed Volume.
proto=tcp Requires that the NFS mount use the TCP protocol.
forcedirectio Copies data directly to a buffer in user space, instead of caching the data in the
kernel.
vers=3 Sets the NFS protocol version that is used by the NFS client to NFS version 3.
Procedure
1. Log in to the application host as root.
As an alternative to logging in as root, use sudo to provide root permissions.
2. Create a mount point by entering the command sudo mkdir mount_point.
Replace mount_point with the full path to a location on the application host file system to use as the
mount point of an NFS exported channel. Repeat this step for each channel of the Managed Volume.
3. On the application host, open /etc/fstab with write access.
Write access to /etc/fstab typically requires root or sudo permissions.
4. Edit /etc/fstab and add an entry for each channel, placing each entry on a separate line.
Use the following form for each entry:
Replace channel_ip with the IPv4 address for the channel, provided through the Channel Details
dialog box. Replace channel_path with the export path for the channel, provided through the Channel
Details dialog box. Replace mount_point with the mount point for the channel that was created earlier
in this task.
Repeat this step for each channel of the Managed Volume.
Result
The operating system reads the /etc/fstab file and mounts the channels as specified.
Procedure
1. Log in to the application host as root.
As an alternative to logging in as root, use sudo to provide root permissions.
2. Create a mount point by entering the command sudo mkdir mount_point.
Replace mount_point with the full path to a location on the application host file system to use as the
mount point of an NFS exported channel. Repeat this step for each channel of the Managed Volume.
3. On the application host, open /etc/fstab with write access.
Write access to /etc/fstab typically requires root or sudo permissions.
4. Edit /etc/fstab and add an entry for each channel, placing each entry on a separate line.
Use the following form for each entry:
Replace channel_ip with the IPv4 address for the channel, provided through the Channel Details
dialog box. Replace channel_path with the export path for the channel, provided through the Channel
Details dialog box. Replace mount_point with the mount point for the channel that was created earlier
in this task.
Repeat this step for each channel of the Managed Volume.
5. Save and close /etc/fstab.
6. Run the mount -a command.
Result
The operating system reads the /etc/fstab file and mounts the channels as specified.
Procedure
1. Log in to the application host as root.
As an alternative to logging in as root, use sudo to provide root permissions.
2. Create a mount point by entering the command sudo mkdir mount_point.
Replace mount_point with the full path to a location on the application host file system to use as the
mount point of an NFS exported channel. Repeat this step for each channel of the Managed Volume.
3. On the application host, open /etc/fstab with write access.
Write access to /etc/fstab typically requires root or sudo permissions.
4. Edit /etc/fstab and add an entry for each channel, placing each entry on a separate line.
Replace channel_ip with the IPv4 address for the channel, provided through the Channel Details
dialog box. Replace channel_path with the export path for the channel, provided through the Channel
Details dialog box. Replace mount_point with the mount point for the channel that was created earlier
in this task.
Repeat this step for each channel of the Managed Volume.
5. Save and close /etc/fstab.
6. Run the mount -a command.
Result
The operating system reads the /etc/fstab file and mounts the channels as specified.
Context
Use the NFS export paths of a channel when mounting the channel on a host.
Procedure
1. Log in to the Rubrik web UI using an account with administrator privileges.
2. From the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. Click the name of a Managed Volume.
The local page for the selected Managed Volume appears.
4. On the Overview card, in the Channels section, click View.
Use the values in the IP Address column and in the Path column to mount the channels on the host.
The Channel Details dialog box appears.
5. Optional: Click Download CSV.
A browser-specific dialog box for saving the file appears. Save the file to a temporary location.
6. After obtaining the channel details, click OK.
Result
The Rubrik web UI provides the IP addresses and NFS export paths for the channels of a Managed
Volume.
Next task
Use the channel details to mount the channels on the host.
Related tasks
Mounting the channels from the command line
Procedure
1. Log in to the application host as root.
As an alternative to logging in as root, use sudo to provide root permissions.
2. Create a mount point.
where mount_point is the full path to a location on the application host file system to use as the
mount point of an NFS exported channel.
3. Repeat step 2 for each channel of the Managed Volume.
Use the mount command to mount a channel at the mount point.
mount -F nfs -o
rw,bg,hard,nointr,rsize=32768,wsize=32768,tcp,actimeo=0,vers=3,timeo=600
channel_ip:channel_path mount_point
where:
• channel_ip is the IPv4 address for the channel, provided through the Channel Details dialog box.
• channel_path is the export path for the channel, provided through the Channel Details dialog box.
• mount_point is the mount point for the channel, created in step 2 of this task.
On AIX hosts, use proto=tcp in place of tcp.
4. Repeat the mount command described in step 3 for each channel.
Result
The operating system mounts the channels as specified.
Setting Description
RMAN frequency Determines how often RMAN creates a backup of the specified database.
RMAN retention For RMAN incremental merge backups, determines how many days of incremental
backups are kept. Using this setting, RMAN controls the maximum number of
incremental backups that exist in the Managed Volume at any point.
SLA Domain base For Managed Volumes, this represents how often the Rubrik cluster selects an
frequency available Managed Volume snapshot to ensure compliance with the SLA policies.
• When the base frequency is the same as the RMAN frequency, the Rubrik cluster
manages each RMAN backup snapshot according to the SLA policies.
• When the base frequency is less than the RMAN frequency, the Rubrik cluster
selects the most recent backup snapshot from the current period, and expires
the remaining snapshots from that period.
• When the base frequency is more than the RMAN frequency, gaps in available
backup snapshots occur and the Managed Volume is out of compliance.
SLA Domain Determines how long the Rubrik cluster manages the backup snapshots.
retention
The frequency of RMAN backups should normally be the same as the base frequency of the SLA Domain.
The RMAN frequency can be configured to be more frequent, but should never be less frequent than the
SLA Domain base frequency.
In order to enable the Rubrik cluster to provide restore points outside of the RMAN retention period, the
SLA Domains used with RMAN backups must provide longer retention periods than the RMAN backups.
The following example shows RMAN settings appropriately matched to SLA Domain settings.
• RMAN frequency and retention: One backup per day with seven days retention.
• SLA Domain base frequency and retention: One snapshot per day with 31 days retention.
• Result: The Rubrik cluster retains each daily snapshot for 31 days. Each daily snapshot contains seven
days of RMAN incremental merge backups.
Example: Managing backups through SLA Domains with unmatched RMAN backups
• RMAN frequency and retention: One backup per hour with seven days retention.
• SLA Domain base frequency and retention: One snapshot every four hours with 14 days retention.
• The Rubrik cluster selects the latest of the four backups taken by RMAN during the four hour base
frequency period. The Rubrik cluster retains each selected snapshot for the 14 days retention period.
Each snapshot contains seven days of RMAN incremental backups.
Related concepts
SLA Domain assignment
Use SLA Domains to apply the data protection policies to an individual virtual machine or a selected set of
virtual machines.
Snapshots card or Recovery Points card
For a selected remote data source, the Snapshots card or Recovery Points card provides the ability to
browse and work with the replicas that reside on the local Rubrik cluster.
Direct NFS
Available in Oracle 11g and newer, Direct NFS (dNFS) runs in the database kernel and provides an
optimized NFS client.
The dNFS client uses less memory, provides faster performance, and automatically balances load across
available channels.
Oracle online documentation provides information about enabling dNFS on Oracle hosts.
Related information
Setting Up NFS Services
Best practice NFS mount options used with the performance database parameters vary by operating
system. The guidelines are derived from Rubrik internal testing in conjunction with feedback from existing
users. These mount options are recommended unless they conflict with the needs of the application or
host.
These guidelines set the value for read and write operations to one megabyte. Do not exceed 1 megabyte
for these settings.
For AIX systems, use the following command to set the mount options:
mount -o bg,rw,dio,noac,hard,intr,llock,proto=tcp,rsize=524288,
wsize=524288,vers=3 hostname:device path mount path
Where:
• hostname is the name of the source host.
• device path is the path to the Managed Volume to mount.
• mount path is the file system path to the mount point.
Solaris systems require kernel tuning to support large read and write operations over NFS. Use the
following command to make changes in the kernel:
Use the following command to make the kernel change persist across machine reboots:
set nfs:nfs3_bsize=0x100000
Where:
• hostname is the name of the source host.
• device path is the path to the Managed Volume to mount.
• mount path is the file system path to the mount point.
For Linux systems, use the following command to set the mount options:
Where:
• hostname is the name of the source host.
• device path is the path to the Managed Volume to mount.
• mount path is the file system path to the mount point.
Where:
• hostname is the name of the source host.
• device path is the path to the Managed Volume to mount.
• mount path is the file system path to the mount point.
Related concepts
Direct NFS
Available in Oracle 11g and newer, Direct NFS (dNFS) runs in the database kernel and provides an
optimized NFS client.
RUN
{RECOVER COPY OF DATABASE WITH TAG
'incr_update' UNTIL TIME 'SYSDATE - 7';
BACKUP INCREMENTAL LEVEL 1 FOR RECOVER OF COPY WITH TAG
'incr_update' DATABASE;}
Related information
RMAN Incremental Backups
Prerequisites
Update curl on the Oracle host to the most recent version. Older versions of curl may encounter errors.
Procedure
1. On the Oracle host, open a new plain text file as the script file.
2. Log in to the Rubrik web UI.
3. From the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
4. Click the name of a Managed Volume.
The local page for the selected Managed Volume appears.
5. From the URL displayed in the web browser address field, save the Rubrik host and the Managed
Volume ID.
If the URL is:
https://172.17.28.11/web/bin/index.html#/object_details/managed_volume/
ManagedVolume:::167bbf90-d0af-4685-b694-cee369536c6e
https://172.17.28.11
ManagedVolume:::167bbf90-d0af-4685-b694-cee369536c6e
6. Type the begin snapshot API call into the script file.
Where:
• username is the name for a Rubrik cluster user account with admin privileges or an account that
has the Managed Volume user role.
• password is the password for the account.
• rubrik_cluster is the resolvable hostname or the IPv4 address of the Rubrik cluster.
• mv_id is the Managed Volume ID.
Authenticate the Rubrik REST API calls using a base64 hash of the user name and password when the
credentials contain special characters or to obscure the credentials in API calls.
7. Type the RMAN merged incremental command block into the script.
Replace the placeholders in this example to suit the deployment, type:
Where:
• ch_0_mnt_pt is the full path to the mount point of channel 0.
• ch_1_mnt_pt is the full path to the mount point of channel 1.
• ch_2_mnt_pt is the full path to the mount point of channel 2.
• ch_3_mnt_pt is the full path to the mount point of channel 3.
• db_name is the name of the database.
This step includes a template example of the RMAN command block. Modify the command block to
adjust to the requirements for the specific database. For example, add or remove ‘allocate channel’
lines so that the command block includes the correct number of channels for the Managed Volume.
8. Type the end snapshot API call.
Where:
• username is the name for a Rubrik cluster user account with admin privileges or an account that
has the Managed Volume user role.
• password is the password for the account.
• rubrik_cluster is the resolvable hostname or the IPv4 address of the Rubrik cluster.
• mv_id is the Managed Volume ID.
9. Save the RMAN script file.
10. Make the RMAN script executable.
11. Add a cron entry that calls the RMAN script with the correct frequency.
Result
A combined RMAN backup script is ready for use to back up an Oracle database using a Rubrik CDM
Managed Volume.
Related concepts
Managed Volume settings
Managed Volume settings change depending on the channel, size, subnet, and the SLA domain assignment
component.
Related tasks
Authenticating Rubrik API calls with a base64 hash
Authenticate Rubrik REST API calls using a base64 hash of the user name and password.
Viewing a Managed Volume local page
Context
Use this method when the credentials contain special characters or to obscure the credentials in API calls.
Procedure
1. Open a terminal session on a computer that has the OpenSSL software library installed.
OpenSSL is included on standard Linux distributions.
2. Type the following command.
Where:
• username is the name for a Rubrik cluster user account with admin privileges or an account that
has the Managed Volume user role.
• password is the password for the account.
• rubrik_cluster is the resolvable hostname or the IPv4 address of the Rubrik cluster.
• encoded_string is the base64 encoded value of the string formed from username:password.
• mv_id is the Managed Volume ID.
Result
The Rubrik REST API server authenticates the request.
Related tasks
Preparing a combined RMAN backup script
http_response=''
n=0
while [[ $http_response != "200" && $n<3 ]]
do
http_response=$(curl -w "%{http_code}" -k -s -o /dev/null -X POST -u
"admin:<password>" "https://10.0.86.72/api/internal/managed_volume/
ManagedVolume:::734afa7c-87f6-4094-b938-866fcf8dd0c7/end_snapshot")
(( n = n+1 ))
sleep 300
done;
Setting Description
Scripted frequency Determines how often the third-party script creates a backup of the specified
database.
Scripted retention Specifies the maximum number of incremental backups that exist in the Managed
Volume at any point.
SLA Domain base For Managed Volumes, this represents how often the Rubrik cluster selects an
frequency available Managed Volume snapshot to ensure compliance with the SLA policies.
• When the base frequency is the same as the scripted frequency, the Rubrik
cluster manages each backup snapshot according to the SLA policies.
• When the base frequency is less than the scripted frequency, the Rubrik cluster
selects the most recent backup snapshot from the current period, and expires
the remaining snapshots from that period.
• When the base frequency is more than the scripted frequency, gaps in available
backup snapshots occur and the Managed Volume is out of compliance.
SLA Domain Determines how long the Rubrik cluster manages the backup snapshots.
retention
The frequency of scripted backups should normally be the same as the base frequency of the SLA Domain.
The scripted frequency may exceed but cannot be less than the SLA Domain base frequency.
To enable the Rubrik cluster to provide restore points outside of the scripted retention period, SLA Domains
used with scripted backups must provide longer retention periods than the scripted backups.
The following example shows scripted backup settings appropriately matched to SLA Domain settings.
• Scripted frequency and retention: One backup per day with seven days retention.
• SLA Domain base frequency and retention: One snapshot per day with 31 days retention.
• Result: The Rubrik cluster retains each daily snapshot for 31 days. Each daily snapshot contains seven
days of scripted backups.
The next example provides shows a case where RMAN frequency is greater than the base frequency of the
SLA Domain.
• Scripted frequency and retention: One backup per hour with seven days retention.
• SLA Domain base frequency and retention: One snapshot every four hours with 14 days retention.
• The Rubrik cluster selects the latest of the four backups taken by the third-party backup script during
the four hour base frequency period. The Rubrik cluster retains each selected snapshot for the 14 day
retention period. Each snapshot contains seven days of scripted backups.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears with two tabs, SLA Managed Volumes and Managed Volumes.
3. Select an SLA Managed Volume or a Managed Volume.
4. Click Manage Protection.
The Manage Protection dialog box appears.
5. Select an SLA Domain.
To create an SLA Domain, click + and create the SLA Domain.
6. Click Next.
7. Review the SLA Domain settings.
8. Click Submit.
Result
The Rubrik cluster saves the settings and begins managing the snapshots of the Managed Volume or SLA
Managed Volume.
Snapshot-level protection
Individual on-demand snapshots of a Managed Volume can be managed using SLA policies that are
different from the associated Managed Volume.
For some business purposes, specific Managed Volume snapshots should be managed differently from the
other snapshots of the Managed Volume. Business requirements may be satisfied by specifying a longer
retention period, a different replication policy, or a different archival policy.
To assign SLA policies to a Managed Volume snapshot that are different from those assigned to the
Managed Volume, the snapshot must be an on-demand snapshot initiated from the Rubrik CDM web
UI. On-demand snapshots of Managed Volumes can be assigned SLA Domains different from the SLA
Domain set for the Managed Volume as a whole. These individual SLA Domain assignments override the
assignments made on the Managed Volume.
To set an on-demand snapshot of a Managed Volume as unmanaged, specify Forever at the time the
snapshot is taken. The Rubrik cluster handles a snapshot with the Forever setting as follows:
• Snapshot labeled as On Demand
• No automatic expiration of the snapshot
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. Click the name of a Managed Volume.
The local page for the Managed Volume appears.
4. Click Manage Snapshot Operations.
The Managed Snapshot Operations dialog box appears.
5. Click Begin Snapshot.
The Rubrik cluster sets the Managed Volume to read-write and the Managed Snapshot Operations
dialog box changes.
6. Click Take Snapshot.
The Take On Demand Snapshot dialog box appears.
7. Select an SLA Domain for the snapshot, or select Forever.
Optionally, to create an SLA Domain for the snapshot, click +.
8. Click Take On Demand Snapshot.
The Rubrik cluster creates a snapshot of the files in the managed volume.
The Activity Log message for the job includes the timestamp for the backup that is the basis for the
snapshot.
Result
The Rubrik cluster lists the snapshot on the Snapshots card of the Managed Volume local page.
Prerequisites
• Manage and protect at least one Managed Volume.
• Successfully complete at least one snapshot of the Managed Volume.
Context
The Rubrik cluster shares the Live Mount over the SMB/CIFS protocol. Because live mounts are optimized
for faster read operations, restoring from a live mount can offer performance advantages over other
recovery methods.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. Click the name of a Managed Volume.
The local page for the Managed Volume appears.
Result
The Rubrik cluster creates the Live Mount of the selected snapshot. Active Live Mounts are listed in Live
Mounts > Managed Volumes.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
3. Click the name of a Managed Volume.
The local page for the Managed Volume appears.
4. In the Snapshots card, navigate to the Day view that shows the on-demand snapshot.
The Rubrik CDM web UI uses a camera icon to represent an on-demand snapshot.
5. Open the ellipsis menu for the snapshot and click Delete.
A warning dialog box appears.
6. Click Delete.
Result
The Rubrik cluster removes the selected on-demand snapshot.
Context
Access the Managed Volume local page to view information about a managed volume.
Procedure
1. From the left-side menu of the Rubrik CDM web UI, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears.
Result
The local host page for the selected Managed Volume appears.
Action bar
The Action bar provides the actions available for the selected Managed Volume.
Action Description
Manage When the Managed Volume is in a read-only state, changes the state to writable in
snapshot order to receive backup data. When the Managed Volume is in a writable state, takes a
operations snapshot and changes the state to read-only.
Manage Opens the Manage Protection dialog box to assign a Managed Volume to an SLA
Protection Domain.
Overview card
The Overview card provides a summary of the Managed Volumes.
Field Description
Total Snapshots Total number of retained snapshots for the selected managed volume,
including snapshots stored locally and at archival locations.
Channels The number of channels configured for the Managed Volume. Click View
for additional details.
Provisioned Size The amount of space that was provisioned for the managed volume.
Used Size The current amount of space used by the Managed Volume.
SLA Domain The name of the SLA Domain for the Managed Volume.
Live Mount The number of active Live Mounts.
Oldest Snapshot Timestamp for the oldest snapshot associated with the managed volume.
When the SLA Domain has an active archival policy, the oldest snapshot
resides at the archival location.
Latest Snapshot Timestamps for the most recent successful snapshot of the managed
volume.
Snapshots card
The Snapshots card provides the ability to browse the snapshots that reside on the local Rubrik cluster and
on the archival location for the selected Managed Volume.
The Snapshots card provides access to snapshot information through a series of calendar views. Each
calendar view uses color spots to indicate the presence of snapshots on a date and to indicate the status
of SLA Domain compliance for the Managed Volume on that date.
The Snapshots card also provides the ability to search for files across all of the snapshots of the Managed
Volume.
An SLA Managed Volume is associated with an SLA Domain that schedules and initiates the backups that
go to the Managed Volume.
An SLA Managed Volume provides a service-level agreement that orchestrates the backups that go into a
Managed Volume. SLA Managed Volumes consist of two primary components: a backup script or command
to run on the data host and an SLA Domain assignment to provide backup management. The SLA Domain
schedules and manages the backups.
Rubrik CDM controls the mount management of the SLA Managed Volumes on the Rubrik cluster as well as
the hosts.
Rubrik CDM has greater flexibility with the sizing of SLA Managed Volumes which means that a Rubrik
cluster can support a greater number of SLA Managed Volumes than Managed Volumes.
The following table describes the differences between Managed Volumes and SLA Managed Volumes.
An SLA Managed Volume is visible to user accounts with a custom role, only if the role includes access to
the Windows or Linux host associated with the SLA Managed Volume.
Related Tasks
Adding a custom role
Create a custom role and add privileges to access resources and to perform administrative tasks.
Number of Channels (optional) NFS and SMB SLA Managed Volumes have the
following requirements:
• Number of channels per SLA
Managed Volume cannot
exceed the number of nodes
in the Rubrik cluster.
• The recommendation is for
one channel per SLA Managed
Volume.
• To support SLA Managed
Volumes over 128 TB in size,
create more than one channel.
When backing up Oracle
databases to an SLA Managed
Volume, the recommendation
is to use the same number of
SLA Managed Volume channels
as RMAN channels. An RMAN
channel must write to the same
SLA Managed Volume channel on
all backup jobs.
Command to run on the host NFS and SMB The command or full path to the
script to perform backup on the
host.
Enable pre-backup and post- NFS and SMB Enables pre-backup and post-
backup commands backup options for:
• Command to run before
backup
• Option to cancel backup if pre-
backup command fails
• Command to run after
successful backup
• Command to run after failed
backup
The commands and scripts
have an associated timeout
value. Rubrik CDM terminates
the commands or scripts if the
runtime exceeds the timeout
value.
The pre-backup and post-backup
scripts have limited access to
the SLA Managed Volume. The
Related Tasks
Creating NFS SLA Managed Volumes
Create an SLA Managed Volume for a Linux host running the NFS file sharing protocol.
Creating SMB SLA Managed Volume
Create an SLA Managed Volume for a Windows host running the SMB file sharing protocol.
Related reference
Prohibited mount points and script directories for SLA Managed Volumes
For SLA Managed Volumes, Rubrik CDM prevents the use of some paths as mount points and host-side
script locations.
Prerequisites
Install the Rubrik Backup Service (RBS) on the NFS host and add the host to the Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears with SLA Managed Volumes tab selected.
3. Click Add Volume.
The Add SLA Managed Volume wizard starts with the Managed Volume Settings page highlighted.
4. In Volume Name, type the volume name.
5. In Provisioned Size (GB), type the provisioned size in gigabytes.
6. Optional: In Subnet, configure the subnet mask value in CIDR format.
This step is required when VLAN tagging is enabled.
7. Optional: In Number of Channels, type an integer.
Complete this optional step when multiple channels are required.
8. Click on IP or Hostname.
A list of available IP addresses and hostnames appears.
9. Select the host.
10. Optional: In Applications Tags, select a tag.
11. Click Next and provide the protocol settings.
The Rubrik cluster automatically identifies the protocol as NFS. Type a username and the full path to
mount the NFS export on the export target.
If the full path value that is provided is /mnt/nfs/xyz, the parent folders /mnt/nfs/ must already
exist. Rubrik CDM creates folder xyz as part of the backup and removes it when the backup is
complete.
12. Click Next.
The Backup Command Settings page appears.
13. In Command to run on the host, type the name of an OS command or the full path of a script.
The command or the backup script can run on the data host with applicable parameters.
14. Optional: Select Enable pre-backup and post-backup commands.
Use this option to enable fields for setting actions that occur before and after the backup.
Additional backup options appear.
15. Optional: In Command to run before backup, type a text string and an integer.
The text string represents the full path to the script on the host or a single OS command that will run
before the backup runs. The integer represents the timeout in seconds.
Result
The Rubrik cluster creates the SLA Managed Volume and the new volume appears on the SLA Managed
Volumes tab.
Next task
Assign an SLA Domain to the SLA Managed Volume.
Related Tasks
Installing RBS on Linux and Unix hosts
Install the Rubrik Backup Service software on Linux and Unix hosts.
Adding a host
To begin managing and protecting a Linux, Unix, or Windows host, add the host to the Rubrik cluster.
Creating a custom SLA Domain
Create a custom SLA Domain with policies that meet specific SLA requirements.
Assigning an SLA Domain to Managed Volumes
To provide SLA policy based management of the snapshots of a Managed Volume, assign an SLA Domain
to the Managed Volume or SLA Managed Volume.
Related reference
SLA Managed Volume settings
The SLA Managed Volume settings change with file sharing protocol of the host.
Prohibited mount points and script directories for SLA Managed Volumes
For SLA Managed Volumes, Rubrik CDM prevents the use of some paths as mount points and host-side
script locations.
Procedure
1. Add the Windows host to the domain controller. Enter the name and password of a user account with
permission to join the domain. Restart the host to apply the changes.
2. Grant administrator privileges to the domain user account.
The domain user account corresponds to the Active Directory user account responsible for taking
backups of SLA Managed Volumes.
3. Install the Rubrik Backup Service (RBS) on the Windows host and add the host to the Rubrik cluster.
4. Change the logon user of RBS running on the host, to the domain user.
5. In the Rubrik cluster, configure SMB security.
Add the domain controller and domain user account details to the Rubrik cluster.
6. Optional: Enable Kerberos Authentication for SMB shares.
Result
The Windows host is set up for SLA Managed Volumes.
Next task
Create an SMB SLA Managed Volume on the Rubrik cluster and mount snapshots on the Windows host.
Related Tasks
Installing RBS on Windows
Install the Rubrik Backup Service software on a computer or virtual machine that is running the Windows
Server operating system.
Adding a host
To begin managing and protecting a Linux, Unix, or Windows host, add the host to the Rubrik cluster.
Configuring SMB Security
Configure security for a Server Message Block share to enforce user authentication through Active
Directory.
Enabling Kerberos authentication for SMB shares
Configure Kerberos clients to support IPv4 and IPv6 hostnames in SPNs.
Creating SMB SLA Managed Volume
Create an SLA Managed Volume for a Windows host running the SMB file sharing protocol.
Prerequisites
Prepare the Windows host before creating SMB SLA Managed Volumes.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears with SLA Managed Volumes tab selected.
3. Click Add Volume.
The Add SLA Managed Volume wizard starts with the Managed Volume Settings page highlighted.
4. In Volume Name, type the volume name.
5. In Provisioned Size (GB), type the provisioned size in gigabytes.
6. Optional: In Subnet, configure the subnet mask value in CIDR format.
This step is required when VLAN tagging is enabled.
7. Optional: In Number of Channels, type an integer.
Complete this optional step when multiple channels are required.
8. Click on IP or Hostname.
A list of available IP addresses and hostnames appears.
9. Select the IP address of the SMB client.
Using the SMB protocol to back up to, and restore from SLA Managed Volumes, requires the IP
address of the SMB client for the first backup. After the first backup is successfully completed, the
identification of the Windows host can be changed from the IP address to a DNS short name or a Fully
Qualified Domain Name (FQDN) for subsequent backups.
powershell C:\ps_script.ps1
Result
The Rubrik cluster creates the SLA Managed Volume and the new volume appears on the SLA Managed
Volumes tab.
Next task
Assign an SLA Domain to the SLA Managed Volume.
Related Tasks
Preparing Windows hosts for SLA Managed Volumes
Complete the required tasks for preparing Windows hosts to use SLA Managed Volumes.
Editing the stored information for a host
Related Tasks
Creating a custom SLA Domain
Create a custom SLA Domain with policies that meet specific SLA requirements.
Assigning an SLA Domain to Managed Volumes
Context
In a recovery workflow, specify a host and a mount point for mounting the channel of an SLA Managed
Volume snapshot.
Procedure
1. Log in to the Rubrik CDM web UI using an account with administrator privileges.
2. On the left-side menu, click Servers & Apps > Managed Volumes.
The Managed Volumes page appears with SLA Managed Volumes tab selected.
3. In the Name column, click the name of the SLA Managed Volume whose snapshots need to be
recovered.
The Overview, Snapshots, and Activities cards for the SLA Managed Volume appear.
4. In the calendar view of the Snapshots card, click the date of the snapshot to restore. Alternatively,
search for a file by entering a file name string in Search by File Name.
After selecting a date, a list of snapshots taken on that date appears in the Snapshots card.
5. Open the ellipsis menu next to a snapshot and click Mount Snapshot.
The Mount Snapshot dialog box appears.
6. Optional: In Subnet, configure the subnet mask value in CIDR format.
This step is required when VLAN tagging is enabled.
7. Click on IP or Hostname.
A list of available IP addresses and hostnames appears.
8. Select a host to mount the snapshot.
9. In Full path to mount point, type the full path to the location.
10. Click Export.
Result
The SLA Managed Volume snapshot mount appears in the Live Mounts section of the host.
Next task
Manually run the recovery script on the snapshot mount.
Rubrik CDM Version 5.3 Technical Note, SLA Managed Volume Restores using the API, describes how to
restore an SLA Managed Volume snapshot using the Rubrik REST API framework.
The following script takes the backup of the file /root/backup.tar on to the /mnt/rubrik location on
the host machine.
#!/bin/bash
Note that the script does not include any error handling logic. Consider a scenario where the command
to take the backup fails but the command to list the contents of the mount succeeds. In this scenario,
although the backup fails, yet the script returns the exit code value of 0 due to the success of the ls
command.
As a result, the Rubrik cluster wrongly considers the failed backup attempt as successful.
The following script adds the logic to handle errors that might occur while taking the backup of the file /
root/backup.tar on to the /mnt/rubrik location on the host machine.
#!/bin/bash
In this case, if the backup command fails, the above script will exit with a non-zero exit code causing the
backup to be marked as failed. At this point, the Rubrik cluster will retry the backup.
Retention management
Assign retention policies to existing scheduled snapshots, on-demand snapshots, and snapshots retrieved
from an archival location.
The Snapshot Management page of the web UI displays the retention SLA Domains for all scheduled
snapshots associated with relic, replicated relic, or unprotected data sources. The Snapshot Management
page also displays the combined number of on-demand snapshots and retrieved snapshots in a separate
column. The Snapshot Management page enables changes to the retention policy or deletion of a given
snapshot.
Snapshots are included in the count on the Snapshot Management page in the following situations:
• When the status of a data source is changed from protected to unprotected.
When the SLA Domain of a data source is changed to Do Not Protect, the status of the data source
changes to Unprotected. The choices for handling existing snapshots include expire immediately, keep
forever, and assign to the current SLA Domain for retention. If snapshots are kept forever or assigned
to the current SLA Domain, they can be managed from the Snapshot Management page.
• When a snapshot is taken on demand, independent of the schedule specified in the assigned SLA
Domain.
When the on-demand snapshot job is created, the retention period is specified by assigning an SLA
Domain or by choosing Forever. If an SLA Domain is assigned, the maximum retention period from that
SLA Domain is applied to the snapshot. If the Forever option is selected, the snapshot is retained until it
is manually deleted. All on-demand snapshots can be managed from the Snapshot Management page.
• When a data source or the data source configuration is deleted from the Rubrik cluster.
In this case, the data source becomes a relic. No new snapshots are taken of this data source. The
retention period for the existing snapshots is derived from the original SLA Domain. Any snapshots
taken before the data source was disconnected are moved to the Snapshot Management page, where a
retention policy can be assigned.
• When a snapshot resides on a replication target that is no longer associated with the replication source.
Once the replication relationship is broken, the data source becomes a replication relic. Snapshots of
replicated relics can be managed from the Snapshot Management page.
• When the snapshot is retrieved from an archival location.
An SLA Domain specifies data management policies for protected objects, including the retention period.
The retention period is the length of time snapshots or backups of protected objects are retained. A Rubrik
cluster stores a snapshot or a backup until the specified retention period expires. A retention period is
affected by the specified calendar period as well as the length of time set.
An on-demand snapshot is assigned an SLA Domain with a retention period of 45 days and a snapshot
frequency of 30 days, or monthly. Assuming the on-demand snapshot is assigned to this SLA Domain on
July 1, the 45-day period ends August 15.
Because the frequency of the assigned SLA Domain is monthly, the on-demand snapshot does not expire
until the end of the month. The on-demand snapshot expires September 1.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
Result
The data source level of the Snapshot Management page provides information about snapshots listed by
their data sources.
Related reference
Types of snapshots
Each snapshot is a fully functional, current copy of the source object.
Types of snapshots
Each snapshot is a fully functional, current copy of the source object.
Type Description
Protected A snapshot created according to the rules and policies defined by the SLA
Domain that is associated with a protected object.
Relic A snapshot of an object that is managed by, but is no longer accessible to the
Rubrik cluster.
On-demand A snapshot of an object that the Rubrik cluster creates at the direction of an
authorized user. The user initiates the snapshot through the UI of the Rubrik
cluster that is associated with the object, or through an API call to the Rubrik
cluster that is associated with the object.
Downloaded A snapshot downloaded from an archival location.
Field Description
Name The value in the Name column depends on the type of data source:
• Virtual machine–Name of the data source virtual machine. Click a name
value to open the associated local host page.
• Application–Application reference name for the data source; for example,
the name assigned to a database. Click a name value to open the
associated Recovery Points card page.
• Fileset–Fileset name for the data source host fileset. Click a name value
to open the local host page associated with the selected fileset and host
pairing.
Location The value in the Location column depends on the type of data source:
• Virtual machine–vCenter Server cluster/host path of the data source virtual
machine. Click a location value to open the Clusters/Hosts tab of the Virtual
Machines page.
• Application–IPv4 address or host name of the application host and name of
the application instance for the data source. Click a location value to open
the Hosts/Instances tab of the SQL Server DBs page.
• Fileset–IPv4 address of the host for the data source host fileset. Click a
location value to open the Hosts page.
Retention SLA Name of the SLA Domain that is assigned to the data source. The Retention
SLA refers to the portion of the SLA Domain that specifies the retention policy.
Snapshots The total number of snapshots of all types .
Hovering over the snapshot count shows the last time this data source was
refreshed.
If snapshots from a remote unprotected data source have not been refreshed,
this column displays 'Refresh'.
Local Storage Total local storage space occupied by the snapshots associated with the
selected data source.
Archival Storage Total archival storage space occupied by the snapshots associated with the
selected data source.
Related tasks
Refreshing reader location objects
Use the Rubrik CDM web UI to update a reader cluster with the latest snapshot metadata.
Prerequisites
Connect to a reader archival location, as described in Connecting to a reader archival location.
Context
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. On the left-side menu, click Snapshot Management.
The object level of the Snapshot Management page appears.
3. Select objects and click Refresh from Remote.
The Refresh from Remote dialog appears.
4. Click Refresh.
The Rubrik cluster creates a background job.
Result
After the refresh, the reader cluster is synchronized with the latest content for the selected object
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The Snapshot Management page appears.
3. Click a number in the Snapshots column to view the snapshots for that data source.
Result
For the selected data source, the object level of the Snapshot Management page appears.
Field Description
Snapshot Date & Date and time that the snapshot was taken.
Time
Type Type of snapshot. Type can be one of the following:
Local Expiration Date The expiration date for the snapshot as determined by the SLA Domain.
Archival Location
The archival location and the expiration date for the snapshot on that archival
Archival Expiration location.
Date
Replication Location 1
The replication location and the expiration date for the snapshot on that
Replication Expiration replication location.
Date
Replication Location 2
The replication location and the expiration date for the snapshot on that
Replication Expiration replication location.
Date
Filter View
On Demand Filter for On Demand snapshots.
Retrieved Snapshot retrieved from the archival location.
Policy based Snapshots created by the SLA Domain policies applied to the data source.
application A user manually deletes the Scan the application instance for an identical
application host in the web UI, then data source.
a user adds the application host in
the web UI. If a data source that is identical to the pre-relic
data source is found, then assign the original
UUID and associate the pre-relic history and
data with the discovered data source.
application An issue during a host side scan of If the data source is identical to the pre-relic
the application instances causes the data source, then assign the original UUID and
data source instance to be missed, associate the pre-relic history and data with
then the data source appears in a the discovered data source.
subsequent host side scan.
file system The Rubrik cluster loses connection If the host is identical to the pre-relic host,
with the file system host, then then assign the original UUID and associate
the Rubrik cluster regains the the pre-relic fileset, history, and data with the
connection. discovered host.
file system For a host and fileset pair, a user The original host and fileset pair remains a
manually deletes the host in the web relic. The Rubrik cluster treats the added host
UI, then a user adds the host in the and fileset pair as new, assigns a new UUID,
web UI and pairs it with the same and does not associate pre-relic history and
fileset. data with the new host and fileset pair.
file system A user manually deletes the fileset The original host and fileset pair remains a
that is paired with a host in the web relic. The Rubrik cluster treats the added host
UI, then a user creates an identical and fileset pair as new, assigns a new UUID,
fileset in the web UI and pairs it with and does not associate pre-relic history and
the same host. data with the new host and fileset pair.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
3. Click Legal Hold.
The Legal Hold page appears, and includes three columns.
Result
Rubrik CDM displays the legal hold summary information.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
3. Click the name of a data object.
The local host page for the selected data object appears.
4. On the calendar, select a snapshot date.
The Snapshots card displays the snapshots taken for that date.
5. From the ellipsis menu next to the snapshot to place on legal hold, select Place on Legal Hold.
6. Select Hold snapshot(s) in-place box.
7. Click Submit.
8. On the Submit Two-Person Rule Request dialog box, click Submit.
The Submit Two-Person Rule Request dialog box appears only when Enabling Two-Person Rule for
Changes to Legal Hold Status is enabled. Otherwise, you will not see this dialog box.
The Two-Person Rule generates a review request. After the request is approved, the Rubrik cluster
applies the legal hold.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
3. Select the Legal Hold tab.
4. From the Legal Hold list, select an object.
The local page for the object appears.
5. On the calendar, select a snapshot date.
The Snapshots card displays the snapshots taken for that date. Snapshots with a legal hold include a
scale icon on their listing.
6. Click the ellipsis next to the snapshot to download.
7. Click Recover Files.
Rubrik CDM displays Recover Files.
8. Select the box next to the snapshot to download.
9. Click Next.
10. Click Download with Checksum.
Use the SHA1 checksum to authenticate the snapshot after download.
11. Click Finish.
Result
Rubrik CDM displays legal hold summary information.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
3. Select the Legal Hold tab.
Rubrik CDM displays the Legal Hold page, listing information about all snapshots that have a legal
hold.
4. Click the number next to the snapshot in the Legal Hold Snapshots column.
5. Select the box associated with the legal hold to remove.
6. Click the Remove Legal Hold button.
Rubrik CDM displays a message asking for confirmation of the removal.
Result
Rubrik CDM removes the legal hold from the snapshot.
Related concepts
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related reference
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
3. Click the name of a snapshot.
4. Click the snapshot date.
The Snapshots card displays the snapshots taken for that date. Snapshots with a legal hold include a
scale icon on their listing.
5. Click the ellipsis next to the snapshot.
6. Click Remove Legal Hold.
Rubrik CDM displays a message asking for confirmation of the removal.
7. Click Remove.
A confirmation message appears.
8. On the Submit Two-Person Rule Request dialog box, click Submit.
The Submit Two-Person Rule Request dialog box appears only when Enabling Two-Person Rule for
Changes to Legal Hold Status is enabled. Otherwise, you will not see this dialog box.
The Two-Person Rule generates a review request. After the request is approved, the Rubrik cluster
applies the legal hold.
Result
The Rubrik cluster removes the legal hold from the snapshot.
Related concepts
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related reference
TPR Approver role details
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
3. In the Name column, click the name of the data source.
The local host page or Recovery Points card page appears with the Manage Protection button
activated.
4. Click Manage Protection.
The Manage Protection dialog box appears.
5. Select Do Not Protect.
The Existing Snapshot Management section appears.
6. Select an option for Existing Snapshot Retention.
• Preserve retention from previous SLA
• Keep forever
• Expire immediately
7. Click Next.
The impact of the SLA assignment change are provided.
8. Optional: Click Apply to existing snapshots.
The changes made to the SLA Domain are applied to the existing snapshots. The summary
information describes the impact of the changes on existing and new snapshots.
9. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand snapshots. The summary information
describes the effect of the changes on existing, new, on-demand, and downloaded snapshots.
10. Click Submit.
Result
The snapshot is no longer protected.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The Snapshot Management page appears, set to the Snapshot Retention tab.
3. In the line corresponding to the protectable object, click the number listed in the Snapshots column.
The Snapshot Management page displays a list of the snapshots for the protectable object.
4. Select a set of snapshots and click Change Retention.
The Change Retention wizard appears.
Result
Rubrik CDM updates the retention policy for the selected snapshots.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The Snapshot Management page appears, set to the Snapshot Retention tab.
3. Select a set of protectable objects and click Change Retention.
The Change Retention wizard appears.
4. Choose the retention policy.
Choose one of the following:
• SLA Domain
The snapshots are retained at all locations for the maximum retention period specified by the
chosen SLA Domain.
• Retain Forever
The snapshots are retained till they are manually deleted.
5. Click Next.
The wizard advances to the next step.
6. Optional: Select Include on-demand and downloaded snapshots.
The changes made to the SLA Domain also apply to on-demand and downloaded snapshots.
The summary information describes the effect of the changes on existing, new, on-demand, and
downloaded snapshots.
7. Review the effects of the change and click Submit.
Result
Rubrik CDM updates the retention policy for snapshots of the selected protectable objects.
Context
Only snapshots with the Retain Forever retention policy can be manually deleted. A snapshot cannot be
deleted if it is protected by an SLA Domain
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
3. Select a data source.
Select multiple data source entries to remove all snapshots whose Retention SLA is Forever for every
data source in the selection group.
The Delete Snapshots button becomes active.
4. Click Delete Snapshots.
A confirmation dialog box appears.
5. Click Delete.
6. On the Submit Two-Person Rule Request dialog box, click Submit.
The Submit Two-Person Rule Request dialog box appears only when the Two-Person Rule for Delete
Snapshots is enabled. Otherwise, you will not see this dialog box.
The Two-Person Rule generates a review request. When the request is approved, the Rubrik cluster
applies the requested edits. When the request is denied, the Rubrik cluster rejects the requested edits.
Result
Rubrik CDM removes all the snapshots associated with the selected data source.
Related concepts
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related reference
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The data source level of the Snapshot Management page appears.
3. Click a number in the Snapshots column corresponding to a data source.
For the selected data source and snapshot type, the object level of the Snapshot Management page
appears.
4. Select a snapshot with a Retention SLA set to Forever.
Select multiple snapshots to remove all snapshots in the selection group.
Result
The Rubrik cluster removes all the selected snapshots.
Related concepts
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related reference
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Context
The Rubrik cluster removes the snapshot data from local storage and from the archival location.
A retrieved snapshot cannot be deleted unless it has the Forever retention setting. To delete a snapshot
with a specific retention period, first change the retention setting to Forever.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Snapshot Management.
The object level page of Snapshot Retention appears.
3. Click Filter Object and select the type of protected object to search for.
4. In the Snapshots column, click the number associated with a particular protected object.
The object level page of the selected protected object appears.
5. Select a snapshot with a retention setting of Forever.
Select multiple snapshots to remove the retrieved content for all snapshots in the selection group.
The Delete Snapshots button becomes active.
6. Click Delete Snapshots.
A confirmation dialog box appears.
Deleting a snapshot permanently deletes both the local copy and the archived copy of that snapshot.
7. Click Delete.
Result
The Rubrik cluster deletes all the retrieved content for the selected group of snapshots.
Reports
The Rubrik CDM web UI provides a reports summary and a gallery of reports. The gallery includes default
reports and custom reports created from templates.
The Reports section of the Rubrik CDM web UI offers two views: a Summary view and a Gallery view.
The Summary view provides a graphical representation of the current status of various tasks, divided into
cards. Each card contains a link to a report with more details.
The Gallery view displays both default and custom reports. Any of the default reports can be used as
templates to create customized reports with different fields and graphs, as well as custom filtering along
several different dimensions.
Summary view
The Reports Summary page provides a high-level view of statistics for key areas of the Rubrik cluster. The
statistics are collected from the default reports.
Statistics Description
Daily Protection Tasks by Status Indicates the number of protection tasks that succeeded, the
number that were canceled, and the number that failed. Links
to the Protection Tasks Details report.
Local Snapshot Storage Shows a time series graph of storage used on a daily basis.
Links to the System Capacity report.
SLA Compliance Shows the number of objects in compliance and the number
of objects out of compliance. Links to the SLA Compliance
Summary report.
System Capacity Summarizes the amount of storage used and estimates how
long it will take to reach full capacity at the current rate. Links
to the System Capacity report.
Weekly Protection Tasks by SLA Domain Summarizes the status (Successful, Failed, or Canceled) of
each protection task associated with a given SLA Domain.
Links to the Protection Tasks Summary report.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Reports > Summary.
Rubrik CDM displays summary information collected from the default reports.
3. Click View Report in any individual tile.
Displaying a report
Use the Rubrik CDM web UI to display default and custom reports.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Reports > Gallery.
A list of all available reports appears.
3. Optional: To search the list, type a string into the Search by Name field.
• To filter the list by template, select a template type from the Filter Template menu.
• To filter the list by type, select Default or Custom from the Filter Type menu.
4. Click the name of a report.
The selected report appears.
Result
The Gallery view includes eight default reports. Each report consists of two charts and a information. The
information in the reports is refreshed every hour.
Default reports
The Gallery view includes eight default reports. Each report consists of two charts and a table of
information. The information in the reports is refreshed every hour.
Note: This report does not include information for the current day.
Object Indexing Summary Provides the indexing status for the latest local snapshot, the time
stamp of the latest successfully indexed snapshot, and the number
of indexed local snapshots. Includes charts that display the indexing
summary by SLA Domain, and the indexing summary by object name.
Protection Tasks Summary Displays the weekly number of backup and replication tasks by
status, the status of weekly tasks by SLA Domain, and a summary
table with more detailed information.
Protection Tasks Details Displays the daily number of protection tasks by status, daily failed
tasks by object name, and a summary table with more detailed
information.
System Capacity Displays the usage of local storage by SLA Domain, the usage growth
over time by SLA Domain, and a summary table with more detailed
information.
Custom reports
Each default report can be used as a template for creating customized reports. Customized reports include
two charts, a table, and optional filters.
For each chart, select an attribute and a measure, and the type of chart used to visualize the data (such
as a donut chart, vertical chart, horizontal chart, or line chart). For the table, select any combination of
measures and attributes as column headings.
A measure is something that can be counted or calculated; for example, the number of successful tasks, or
the effective throughput.
An attribute is a characteristic of the data that does not change; for example, the name or location of an
object.
Types of charts
Charts provide a graphical representation of the data gathered in a report.
Chart measures
The measures available for custom report charts. Each chart has one measure.
Archive Effective Data Transferred Total amount of data transferred • System Capacity
by the task. • Capacity Over Time
• Object Protection Summary
Archive Effective Logical Data Total size of protected data • System Capacity
calculated on the basis of full • Capacity Over Time
backups instead of incremental
• Object Protection Summary
differences.
Archive Logical Data Reduction The percentage of reduction • System Capacity
in the size of the backup • Capacity Over Time
calculated on the basis of full
• Object Protection Summary
backups instead of incremental
differences.
Archive Logical Dedup Ratio The deduplication ratio • System Capacity
calculated on the basis of full • Capacity Over Time
backups instead of incremental
• Object Protection Summary
differences.
Archive Storage Amount of cluster storage used • System Capacity
by archived snapshots. • Capacity Over Time
• Object Protection Summary
Data Transferred vs Stored The ratio of data transferred over • Protection Tasks Summary
the network compared to the • Protection Tasks Details
amount of data stored on the
Rubrik cluster.
Dedup Ratio The ratio of data transferred • Protection Tasks Summary
to data stored, expressed as a • Protection Tasks Details
fraction.
Effective Throughput The ratio of the number of bytes • Protection Tasks Summary
received during a backup divided • Protection Tasks Details
by the length of time for the
backup.
Expected Tasks Number of expected tasks, based • Object Backup Task Summary
on the snapshot schedule defined
in the SLA Domain.
Failed tasks Number of failed tasks. • Protection Tasks Summary
• Protection Tasks Details
• Recovery Tasks Details
• Object Backup Task Summary
Local Data Transferred The sum of the data transferred • System Capacity
for each active snapshot, both • Capacity Over Time
policy-based and on-demand.
• Object Protection Summary
The data transfer size of expired
snapshots is not counted towards
this value.
The size of the data transferred
is measured before deduplication,
compression, and global linking.
Local Effective Logical Data Total size of protected data • System Capacity
calculated on the basis of full • Capacity Over Time
backups instead of incremental
• Object Protection Summary
differences.
Local Storage Growth Amount of Rubrik cluster storage • SLA Compliance Summary
used in a specified time period. • Capacity Over Time
• Object Protection Summary
Logical Data Protected The total logical size of the • Protection Tasks Summary
protected object for all active • Protection Tasks Details
snapshots, both policy-based and
on-demand.
Logical Data Reduction The ratio of logical data protected • Protection Tasks Summary
to data stored, expressed as a • Protection Tasks Details
percentage.
Logical Dedup Ratio The ratio of logical data protected • Protection Tasks Summary
to data stored, expressed as a • Protection Tasks Details
fraction.
Missed Objects Number of files and folders that • Protection Tasks Summary
failed to back up. • Protection Tasks Details
Missed Tasks Number of tasks that should have • Object Backup Task Summary
been scheduled in a calendar day
according to the SLA, but were
not.
Object Count Total number of objects. • Recovery Task Details
• SLA Compliance Summary
• Object Protection Summary
Object Logical Size The logical size of the most • Object Protection Summary
recent unexpired snapshot. • Capacity Over Time
• System Capacity
Replica Storage Growth Amount of cluster storage used • SLA Compliance Summary
by replicas in a specified time • Capacity Over Time
period.
• Object Protection Summary
Storage Growth by Data Location A stack chart of storage growth • System Capacity
for local, replica, and archive • Object Protection Summary
snapshots.
Successful Tasks Number of successful tasks. • Protection Tasks Summary
• Protection Tasks Details
• Recovery Tasks Details
• Object Backup Task Summary
Total Files Transferred Total number of files ingested by • Protection Tasks Summary
the Rubrik cluster. • Protection Tasks Details
• Recovery Tasks Details
Total Storage by Data Location A stack chart of local, replica, • System Capacity
and archive physical storage • Object Protection Summary
consumed.
Used Size Actual amount of data consumed • System Capacity
within an object. For example, if • Capacity Over Time
a virtual machine is provisioned
• Object Protection Summary
with 100GB of disk space but only
10GB of data has been written to
disk, 10GB is the Used Size.
Chart attributes
The attributes available for custom report charts. Each chart has one attribute.
Location The definition of location varies by All, except Capacity Over Time
object:
• Virtual machines – The IPv4 address
or FQDN of the vCenter Server.
• SQL Server DBs – The FQDN of the
Window Server and the SQL Server
instance.
• Linux & Unix Hosts – The IPv4
address or FQDN of the Linux or Unix
host.
• Windows Hosts – The IPv4 address or
FQDN of the Windows host.
• Nutanix Cluster – The name of the
cluster.
• Hyper-V Cluster – The name of the
cluster.
• Managed Volume – The name of the
volume.
Task Status Icon representing the state of the task at • Protection Tasks Summary
the time of the entry. The status can be: • Protection Tasks Details
• Succeeded • Recovery Tasks Details
• Failed
• Canceled
Task Type Restricts the report to information about • Protection Tasks Summary
tasks of the specified types. Supported • Protection Tasks Details
task types are: • Recovery Tasks Details
• Backup
• Archival
• Replication
Table measures
In addition to charts, reports feature a data table that can be customized with specific measures.
Table attributes
In addition to charts, reports feature a data table that can be customized with specific attributes.
Report filters
Filters restrict the content that appears in a report.
Cluster Location Restricts the report to information from All, except Object Backup Task Summary
local or remote clusters.
Compliance Status Restricts the report to objects with one SLA Compliance Summary
of these statuses:
• In Compliance
• Out of Compliance.
Object Index Type Restricts the report to information about Object Indexing Summary
objects of the specified index type. Index
types include:
• Indexable
• Unindexable
• Unprotected
Object Name Restricts the report to information from All, except Object Task Backup Summary
selected objects. Search for specific
objects by typing a portion of the object
name in Search by Name.
To add an object, click Add next to the
entry for the object.
Task Types Restricts the report to information about • Protection Tasks Summary
tasks of the specified types. Supported • Protection Tasks Details
task types are:
• Recovery Tasks Details
• Backup • Object Protection Summary
• Archival
• Replication
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Reports > Gallery.
A list of all available reports appears.
3. From the Gallery, click Create Report in the top right corner.
4. Enter a name for the report.
5. Select one of the default reports as a report template, then click Next.
6. Configure the top left chart by assigning a chart name, then choose the attribute and the measure
that will appear in the chart.
7. Choose the chart type, then click Next.
8. Repeat step 6 and step 7 for the top-right chart.
9. Select all the attributes and measures that should appear in the table for the report, then click Next.
10. In the left column, select a filter type.
Result
The customized report appears.
Context
Change each chart’s attribute from Month to Day to see the daily amounts of local data transferred and
storage used. Include the SLA Domain and Object Name attributes in the table to provide an additional
level of sorting. Limit the report data to the last seven days and limit the SLA Domains to a select group.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Reports > Gallery.
A list of all available reports appears.
3. From the Gallery, click Create Report in the top right corner.
The Name & Template pane of the Create Report wizard appears.
4. Enter a name for the report, such as Daily Capacity Over Time.
5. Select Capacity Over Time as the report template, then click Next.
The Top Left Chart pane appears.
6. Keep the chart name as Local Data Transferred, choose Day for the attribute, and keep Local
Data Transferred as the measure.
Alternatively, choose a different measure and change the name of the chart to match.
7. Choose Vertical or Line for the chart type, then click Next.
The Top Right Chart pane appears.
8. Keep the chart name as Total Capacity, choose Day for the attribute, and keep Local Storage for
the measure.
Alternatively, choose a different measure and change the name of the chart to match.
9. Choose Vertical or Line for the chart type, then click Next.
The Table pane appears.
10. Select all the attributes and measures that should appear in the table for the report, then click Next.
Clear Month, then select Day, SLA Domain and Object Name in addition to the other default
choices already selected
The Filter pane appears.
11. In the left column, select the Date filter.
12. In the right column, select Past 7 Days to limit the data in the report to the past seven days.
13. In the left column, select SLA Domain.
14. In the right column, select the SLA Domains to include in the report.
15. Click Finish.
Result
The customized report, Daily Capacity Over Time, appears.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the web UI, click Reports > Gallery.
A list of all available reports appears.
3. Optional: To search the list, type a string in the Search by Name field.
4. From the Gallery, click the name of a custom report.
5. Open the ellipsis menu and select Edit Report.
6. Select options for the charts, data table, and filters, then click Update.
Result
The report is updated with the new information.
Procedure
1. Log in to the web UI.
2. Open the account menu in the upper right corner and select API Token Manager.
3. On the API Token Manager page, click +.
4. Complete the Duration and tag fields and click Generate.
5. Click Copy.
6. Paste the token in a scratch file.
7. In a new browser window, navigate to https://cluster_address/docs/v1/playground.
Replace cluster_address with the hostname or IPv4 address of the Rubrik cluster.
The Rubrik REST API Explorer page appears.
8. Click Authorize.
The authorization dialog appears.
9. Paste the token into the value field and click Authorize.
The authorization dialog closes.
10. Click /reports.
A list of API endpoints for reports appear.
11. Click PATCH /report/config.
12. Click Try it out.
Result
Metadata for jobs to protect database transaction logs are retained for the specified number of days.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the web UI, click Reports > Gallery.
A list of all available reports appears.
3. Optional: To search the list, type a string into the Search by Name field.
4. Click the name of a report.
5. At the top of the report, click CSV.
Depending on the Download settings of the web browser, one of the following occurs:
• The browser downloads the report to the default download folder.
• The browser opens a Save As dialog box.
6. (Save As dialog box) Select a location on the computer that is running the web browser.
7. (Save As dialog box) Click Save.
Result
The browser downloads the CSV table to the selected location.
Report schedules
The Rubrik cluster can send reports to a list of email recipients according to a set schedule.
The schedule can specify daily reports and monthly reports based on specified requirements.
Scheduling reports
Schedule a report to specify times for the Rubrik cluster to send an HTML email containing the report
charts and the first 100 lines of the report table. The email includes all data from the report table in an
attached CSV file.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the web UI, click Reports > Gallery.
A list of all available reports appears.
3. Optional: To search the list, type a string into the Search by Name field.
Result
The Rubrik cluster sends reports to the listed email addresses according to the specified schedule.
Procedure
1. Log in to the Rubrik CDM web UI as a user with administrative privileges over the cluster.
2. On the left-side menu of the web UI, select Reports > Gallery.
A list of all available reports appears.
3. Optional: To search the list, type a string into the “Search by Name” field.
4. Click the name of a report.
5. At the top of the report, click Schedule.
The Schedule Report dialog box appears.
6. Click the Owned By menu.
7. Select the current user.
8. Click Schedule.
Result
The assigned user is now the owner of the subscription.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the web UI, click Reports > Gallery.
3. Optional: To search the list, type a string into the Search by Name field.
4. Click the name of a report.
Result
The Rubrik cluster sends report emails to the recipients listed at the frequency specified in the modified
schedule.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu of the web UI, click Reports > Gallery.
A list of the reports available on the cluster appears.
3. Optional: To search the list, type a string into the Search by Name field.
4. Click the name of a report.
5. At the top of the report, click Schedule.
The Schedule Report pane appears.
6. Click X to delete the schedule from the Schedule Report pane.
7. Click Schedule to confirm changes and return to the report.
Result
The Rubrik cluster removes the report scheduling information.
The system and task information that the Rubrik CDM web UI provides through dashboards, notifications,
and alerts.
The Rubrik CDM web UI provides administrative information about the status of protection tasks, protected
objects, Rubrik cluster system status, and Rubrik cluster system tasks.
The Rubrik CDM web UI uses a variety of delivery methods to provide information in the most useful
format based on the type of information, the time-sensitivity of the information, and the historical value of
the information.
The table describes Rubrik CDM web UI information delivery methods.
Method Description
Dashboard Uses graphical elements and text to provide current state information.
The Rubrik CDM web UI refreshes dashboard information automatically.
Dashboards also provide links to reports, logs, and additional dashboards.
Notification message Task message that the Rubrik cluster classifies as time-sensitive, either
because the message indicates a possible issue or because the message
indicates the completion of a manually initiated task.
Activity message Task state message.
Task state is one of the following:
• Canceled
• Failure
• In Progress
• Success
• Warning
• Queued
Data measurements
The Rubrik CDM web UI depicts data values using the decimal definition for the prefixes used with bits and
bytes.
The Rubrik cluster uses the standards promulgated in the Système international d'unités (International
System of Units or SI) for all expressions of data measurements. Under those standards, the prefixes used
with bits (b) and bytes (B) represent decimal multiples of those units, not binary multiples.
Rubrik Non-Rubrik
Decimal value SI prefix Binary value ISO/IEC prefix JEDEC prefix
1000 k - kilo 1024 ki - kibi K- kilo
2 2
1000 M - mega 1024 Mi - mibi M- mega
Dashboards
Dashboards provide information about the current state of various aspects of the Rubrik cluster.
The Rubrik CDM web UI regularly refreshes the information that appears in a dashboard.
The following dashboards are available under the main dashboard in the left-side menu:
• Summary
• Monitoring
• Compliance
• CDP Performance
• System Performance
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the left-side menu of the Rubrik CDM web UI, select Dashboard > Summary.
Result
The Summary page appears.
Related reference
Summary Dashboard Details
The Summary dashboard provides information on the activities and status of the local Rubrik cluster.
Data reduction and snapshot • Local Data Reduction – Total local storage space reduction for the
statistics data ingested.
• Archival Data Reduction – Total archival storage space reduction for
the data ingested.
• Snapshots – Total number of snapshots ingested.
Cluster health Provides a simple visual indicator of the health of the Rubrik cluster:
green means healthy, orange means one or more nodes needs
attention, and red means unhealthy (contact Rubrik Support). Also
shows the number of healthy nodes.
Live Mounts and Cloud Mounts Displays the current number of Live Mounts and Cloud Mounts for the
local Rubrik cluster.
• Selected protected object: For the selected type of protected object, the Overview card provides
• vSphere VMs the number of objects that are protected and the number of objects
that are unprotected.
• vCD vApps
• Hyper-V VMs Includes the following links:
• AHV VMs • See all – Links to the page for the specified object type.
• Linux & Unix Hosts • No SLA – Links to page for the specified object type with the No
• Windows Hosts SLA filter applied. This displays objects that have the SLA Domain
• NAS Shares setting of No SLA.
• SQL Server DBs • Do Not Protect – Links to page for the specified object type with
• Oracle DBs the Do Not Protect filter applied. This displays objects that have the
• Managed Volumes SLA Domain setting of Do Not Protect.
• EC2 Instances
SLA Domains Provides the total number of protected objects for the three local SLA
Domains with the most protected objects.
Capacity The System doughnut graph is a graphical representation of total
storage based on snapshot storage usage and available storage. The
Rubrik cluster available storage percentage is provided in the middle
of the donut graph. Mouse over events to reveal storage usage and
capacity details. This view also links to the System Capacity report.
Context
The In Progress tab shows all tasks that are in progress across the cluster. The Failed, Canceled, and
Completed tabs show tasks from the previous 24 hours. The Scheduled tab shows all upcoming tasks.
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the left-side menu, select Dashboard > Monitoring.
Result
The Monitoring dashboard appears.
Related reference
Monitoring dashboard details
The Monitoring dashboard displays information for in-progress tasks, failed tasks, canceled tasks,
completed tasks, and scheduled tasks, with a summary tab at the top.
Context
Each tab on the monitoring dashboard offers the option to write table values to a CSV file.
Note: For in-progress tasks, the CSV file does not include the following UI table columns by design:
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the left-side menu, select Dashboard > Monitoring.
3. Select a tab corresponding to task status.
Tabs include In Progress, Failed, Canceled, Completed, and Scheduled.
4. Optional: Apply one or more filters.
Filters restrict the number of rows in the output table.
5. Click Download CSV.
Result
The Rubrik cluster writes the values in the table to a CSV file, which is downloaded to the specified
download location.
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the left-side menu, select Dashboard > Monitoring.
3. Click Schedule.
The Schedule Monitoring dialog box appears.
4. In Email Address, type a valid email address.
To specify multiple recipients, use commas to separate each address.
5. Under Choose Monitoring Data, check the boxes specifying the task status the emails contain.
6. Optional: Clear the CSV box to omit the CSV file of report data from the report emails.
When configuring email schedules for monitoring information, each selected task status results in a
separate CSV file.
7. Specify the email schedule.
Rubrik CDM allows for multiple schedules.
• Daily emails, click Every Day at and select the time of day to send an email to each selected
recipient.
• Emails on specific days of the week, click Every Week on and select the days of the week.
• Monthly emails, select the date of the month and the time of day to send an email to each selected
recipient. Only one date can be selected.
8. Click + to add another schedule.
9. Click Schedule.
Failed Provides the following information for each failed task in the last 24 hours:
• Status (Failed)
• Task Type (Recovery, Backup, Archival, Replication, Conversion, Log Archival, Log
Shipping, Log Backup, Log Replication)
• Name
• Location
• SLA Domain
• Activity Details (with a link to view a list of activities and a link to download
server logs)
• Start Time
• End Time
• Duration
• Last Successful
• Next Task
• Object Logical Size
• Node Name
Canceled Provides the following information for each canceled task in the last 24 hours:
• Status (Canceled)
• Task Type (Recovery, Backup, Archival, Replication, Conversion, Log Archival, Log
Shipping, Log Backup, Log Replication)
• Name
• Location
• SLA Domain
• Activity Details (with a link to view a list of activities and a link to download
server logs)
• Start Time
• End Time
• Duration
• Last Successful
• Next Task
• Object Logical Size
• Node Name
• Source Cluster
• Start Method (SLA Driven or On-Demand)
Completed Provides the following information for each completed task in the last 24 hours:
• Status (Success, Warning)
• Task Type (Recovery, Backup, Archival, Replication, Conversion, Log Archival, Log
Shipping, Log Backup, Log Replication)
• Name
• Location
• SLA Domain
• Activity Details (with a link to view a list of activities and a link to download
server logs)
• Start Time
• End Time
• Duration
• Data Transferred
• Throughput
• Object Logical Size
• Node Name
• Source Cluster
• Start Method (SLA Driven or On-Demand)
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the left-side menu, select Dashboard > Compliance.
Result
The Compliance dashboard appears.
Related reference
Compliance dashboard details
The Compliance dashboard provides summary information across all objects, as well as information for
individual objects.
Individual data Provides the following information for each data source on the local Rubrik cluster:
source
• Status, where green indicates in compliance and red indicates out of compliance.
• Name
• Location
• SLA Domain
• Latest Local Snapshot
• Snapshot Present
• Awaiting First Full
• Next Scheduled Snapshot
• Latest Replicated Snapshot
• Latest Archived Snapshot
• Replication Snapshot Lag
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the left-side menu of the Rubrik CDM web UI, select Dashboard > CDP Performance.
Result
The CDP Performance Monitoring page appears.
Related reference
CDP Performance dashboard details
Information provided by the CDP Performance dashboard.
Replication Target The remote cluster specified in the SLA Domain with CDP enabled.
Local Recovery The most recent point to which a virtual machine can be recovered on a local
Point cluster.
When the recovery point is less than 60 seconds old, the display shows relative
times; for example, 10 seconds ago, or 35 seconds ago. Once the recovery point is
more than 60 seconds old, the display shows absolute time; for example, 6/24/19
3:20 PM.
Remote Recovery The most recent point to which a virtual machine can be recovered on a remote
Point cluster. This field is empty if replication is not enabled.
When the recovery point is less than 60 seconds old, the display shows relative
times; for example, 10 seconds ago, or 35 seconds ago. Once the recovery point is
more than 60 seconds old, the display shows absolute time; for example, 6/24/19
3:20 PM.
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the left-side menu, select Dashboard > System Performance.
Result
The System Performance dashboard appears.
Individual Node Provides the following information for each node on the local Rubrik cluster:
• Status
• Name
• IP address
• Brik ID
• CPU Utilization
• Data Received
• Data Transferred
• IOPS
• IO Throughput
In the Status column, the health of each node is represented by a simple visual
indicator: green means healthy, orange means needs attention, and red means
unhealthy.
In the upper-right corner, select Average or Maximum to filter the information for
CPU Utilization, Data Received, Data Transferred, IOPS, and IO Throughput. Select
a time range of Last Hour or Last 10 Minutes.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, select Dashboard > System Performance.
The System Performance page appears.
3. Click the name of a node.
Procedure
1. Log in to the Rubrik CDM web UI.
2. From the left-side menu, select Dashboard > Databases.
3. Optional: Filter the log backups according to object type, object name, SLA Domain, and log backup
delay.
Result
The Log backup status dashboard appears.
For example, for a backup frequency of 10 minutes, if the current time is 5:00 pm and the last backup was
taken at 4:00 pm, the log backup delay equals 50 minutes, which is one hour minus 10 minutes. In this
situation, backups were missed during the 50 minute period at: 4:10 pm, 4:20 pm, 4:30 pm, 4:40 pm,
Activity Log
The Activity Log contains log messages about standard tasks and notifications that are considered time
sensitive.
The Rubrik cluster creates notifications about tasks that the Rubrik cluster classifies as potentially time-
sensitive. Factors that determine this classification are:
• Task status indicates a possible issue
• Task was manually initiated
Notifications provide information in three status categories: Success, Warning, and Failure. Click on a
warning notification or on a failure notification to open an associated Rubrik CDM web UI dialog box or
Rubrik CDM web UI page that can be helpful in addressing the underlying issue.
The Rubrik CDM web UI provides Activity Log messages that describe the current state of tasks on the
local Rubrik cluster.
Activity Log messages furnish information about every task that is started on the local Rubrik cluster over
the past 90 days, including tasks that result in a notification.
The top bar of the Rubrik CDM web UI has a globe icon that links to the Activity log page. The globe icon
displays the number of messages added to the Activity Log since the last time the page was accessed.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the globe icon on the top bar of the Rubrik CDM web UI.
The recent messages list of the Activity Log appears.
3. Scroll the list to see all of the most recent notifications.
4. On the recent messages list, click See all.
The Activity Log page appears.
5. Scroll the page to see the messages that the Rubrik cluster generated during the past 90 days.
6. Optional: Filter the Activity Log messages.
7. Optional: In Search by Name, type the name of a notification object.
For example, to view all Activity Log entries for a particular user account, type the name of the user
account in Search by Name.
Note: While partial word search is available when searching by object name, the full user name
should be entered to search by user name in the Activity Log page.
Result
The Rubrik CDM web UI shows matching results as characters are typed. Select one of the displayed
matches to view the Activity Log entries for that object.
Related tasks
Filtering messages
Context
When available, the web UI includes an error chain for messages with a Failure status.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the globe icon on the top bar of the Rubrik CDM web UI.
The recent messages list of the Activity Log appears.
3. On the recent messages list, click See all.
The Activity Log page appears.
4. From the Status filter menu, select Failure.
5. Optional: In Search by Name, type the name of a notification object.
For example, to view all Activity Log entries for a particular user account, type the name of the user
account in Search by Name.
Note: While partial word search is available when searching by object name, the full user name
should be entered to search by user name in the Activity Log page.
The Rubrik CDM web UI shows matching results as characters are typed.
6. Click on an activity in the log.
The Activity Detail dialog box for that activity appears.
7. Click the link under the Possible Cause heading.
The View chain of errors dialog box appears.
Result
The View chain of errors dialog box describes the sequence of errors that caused the event to fail.
Filtering messages
Filter the messages that appear on the Activity Log by status, data source type, message type, and date.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the globe icon on the top bar of the Rubrik CDM web UI.
The recent messages list of the Activity Log appears.
3. On the recent messages list, click See all.
The Activity Log page appears.
4. Click one of the filter menus and select a filter.
The Activity Log displays only messages that match the selected filter.
5. Optional: Select filters from more than one filter menu to further refine the visible notifications.
Result
The Activity Log displays messages that match the selected filters.
Related reference
Activity Log filters
The Activity Log provides filters on four filter menus.
Context
The Activity Detail dialog box provides the status, the log message, and the timestamp of each task
involved in a selected activity.
Procedure
1. Log in to the Rubrik CDM web UI.
2. Click the globe icon on the top bar of the Rubrik CDM web UI.
The recent messages list of the Activity Log appears.
3. On the recent messages list, click See all.
The Activity Log page appears.
4. Scroll the page to see the activity log.
5. Optional: Filter the Activity Log messages.
6. Optional: In Search by Name, type the name of a notification object.
For example, to view all Activity Log entries for a particular user account, type the name of the user
account in Search by Name.
Note: While partial word search is available when searching by object name, the full user name
should be entered to search by user name in the Activity Log page.
The Rubrik CDM web UI shows matching results as characters are typed. Select one of the displayed
matches to view the Activity Log entries for that object.
7. Click on an activity in the log.
The Activity Detail dialog box for that activity appears.
8. Optional: On the Activity Detail dialog box, click Download Logs.
The Rubrik cluster collects the logs that are relevant to the message, combines the logs in a zip file,
and provides a download link for that file.
Result
The Activity Detail dialog box provides detailed information for individual Activity Log messages.
Related tasks
Filtering messages
Filter the messages that appear on the Activity Log by status, data source type, message type, and date.
Related reference
Information provided by Activity Log messages
Category Description
Status Icon representing the state of the task. The possible task states are:
• Canceled
• Failure
• In Progress
• Success
• Warning
• Queued
The Status column also includes Pause or Resume buttons for pausing or resuming
fileset tasks while the data retrieval is in progress. These buttons can also be used for
pausing and resuming recovery tasks while writing data to the NAS shares and hosts.
Object Select a type of object to show only notifications for that type.
Date Select a specified date range or configure a custom date range to show messages
generated during that date range.
• Last 2 Hours - Notifications that were generated in the previous 2 hours.
• Last 24 Hours – Notifications that were generated in the previous 24 hours.
• Last 7 Days – Notifications that were generated in the previous 7 days.
• Last 30 Days – Notifications that were generated in the previous 30 days.
• Custom Range – Notifications that were generated within a specified date range.
Related tasks
Specifying a custom date range
The Rubrik CDM web UI provides a custom date range filter in several views. Use this filter to show the
information that was generated during a specified date range.
Procedure
1. Access the Notifications page, the Activity Log, or another view.
2. Click Filter Date > Custom Range.
The Filter By Custom Range dialog box appears:
Result
The Rubrik CDM web UI displays only the information that was generated after the From Date at From
Time and before the To Date at To Time.
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
The two-person rule (TPR) prevents an individual from independently performing actions that affect critical
data on Rubrik clusters. For performing a proposed action on the Rubrik cluster, TPR requires the approval
of a secondary user with required privileges. This enforces additional security of valuable backup data on a
Rubrik cluster.
TPR configuration and enforcement requires user accounts with the following roles.
• Global administrator
• TPR Admin
• TPR Approver
TPR enforcement begins when the global administrator configures TPR by enabling the feature on the
Rubrik cluster and creating a user account with the TPR Admin role. The global administrator can enable
TPR protection for a set of predefined actions.
While the global administrator can enable TPR protection for actions, disabling TPR protection requires an
approval from a TPR administrator. The TPR administrator is also responsible for creating additional user
accounts with the TPR Approver and TPR Admin roles.
Initiating a TPR-protected action generates a TPR request. A user account with the TPR Approver or TPR
Admin role can review, approve, or deny TPR requests.
Related Concepts
Initial TPR configuration
Configuring the two-person rule for the first time involves creating the first user account with the TPR
Admin role and enabling a policy that enforces the two-person rule on selected actions.
TPR roles
Enforcing the two-person rule on a Rubrik cluster requires assigning multiple roles that have specific
permissions.
Related reference
Actions protected by TPR
A global administrator can enable or disable the two-person rule protection for a predefined set of actions
on a Rubrik cluster. Disabling TPR protection for an action is subject to approval from a TPR administrator.
Changing legal hold status Removing or changing the legal hold status of
snapshots
Deleting or expiring snapshots Deleting or expiring snapshots
Changing NTP configuration Adding or removing NTP servers to the Rubrik
cluster
Editing SLA Domains Changing the configuration of an SLA Domain
assigned to an object
Related Concepts
Initial TPR configuration
Enabling TPR
Process of enabling the two-person rule on a Rubrik cluster and creating a user account with the TPR
administrator role.
Context
Only a global administrator can enable the two-person rule (TPR) on a Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. From Access Management, click Two-Person Rule.
The Two-Person Rule page appears.
4. Click Enable Two-Person Rule.
The Enable Two-Person Rule wizard starts and the Assign First Two-Person Rule Admin page appears.
5. Optional: In Username, edit the default username for the TPR administrator account.
Rubrik CDM provides a default value for the username that you can change when enabling TPR on the
Rubrik cluster.
6. In Email address, type an email address for the account.
7. In Password, type a secure password.
8. In Confirm Password, type the same password.
9. Optional: Click Enforce MFA Options.
Select this option to enable multi-factor authentication (MFA) for the TPR administrator account.
10. Click Next.
The Select Actions to Protect page of the Enable Two-Person Rule wizard appears.
11. Optional: Select an action to protect using TPR.
The Rubrik cluster allows the selection of actions even after TPR bootstrapping is complete.
Multiple actions can be selected.
12. Click Finish.
The Two-Person Rule Controlled Action page appears with a list of actions and the status of TPR for
each action.
Result
Rubrik CDM creates a new user account with the TPR administrator role and enables the two-person rule
protection for the selected actions.
Related Concepts
Initial TPR configuration
Context
Only a TPR administrator can assign the TPR Admin and TPR Approver roles to user accounts.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. In Access Management, click Users.
The Users and Groups page appears.
4. Click Add Local User.
The Add Local user dialog box appears.
5. In Username, type a user name.
6. In Email Address, type a valid email address.
The Rubrik cluster uses the email address for notifications and alerts.
7. In Password, type a password for the new user account.
8. In Re-Enter Password, type the same password.
9. In Roles (optional), select a role.
Role Description
TprAdmin Assigns the TPR Admin role to the user account.
TprApprover Assigns the TPR Approver role to the user
account.
10. Optional: Enable Enforce Multifactor Authentication.
Select this option to enable multi-factor authentication (MFA) for the new user account.
11. Click Add.
Result
The Rubrik cluster adds a new user account with the selected role to monitor and manage TPR requests.
Related Concepts
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
TPR roles
TPR roles
Enforcing the two-person rule on a Rubrik cluster requires assigning multiple roles that have specific
permissions.
Rubrik CDM uses three different roles to enforce the two-person rule (TPR) on a Rubrik cluster. These roles
can be assigned to individual user accounts or groups.
A user account with the global administrator role configures TPR on a Rubrik cluster for the first time by
creating a user account with the TPR Admin role along with the first TPR policy. Once TPR is configured,
only a TPR administrator can grant the TPR Admin role to additional user accounts.
The global administrator can also configure notification settings to send email notifications to user
accounts with TPR roles when TPR-related events occur on the Rubrik cluster. By default, the global
administrator receives all email notifications related to TPR events.
A user account with the TPR Admin role is responsible for configuring TPR options and managing TPR
policy change requests initiated by the global administrator. The TPR administrator also creates and
manages user accounts with the TPR Approver and TPR Admin roles.
A user with the TPR Approver role can review, approve, or deny the TPR requests that are initiated when a
TPR-protected action is performed by an RBAC user account.
User accounts with the TPR Admin or TPR Approver roles cannot have any other roles assigned to them.
User accounts with all other roles, except the TPR administrator, TPR approver, and the global
administrator, can request to perform actions protected by TPR on the Rubrik cluster.
The following guidelines can help achieve maximum security from TPR enforcement:
• A user account with the TPR Admin role should not have the TPR Approver role as well, and vice versa.
• At any time, the Rubrik cluster should have at least one user account with the TPR Admin role.
• At any time, the Rubrik cluster should have at least one user account with the TPR Approver role.
• The global administrator should configure the notification settings for the user accounts with TPR roles
to receive notifications about all TPR events.
Related Concepts
The two-person rule
The two-person rule provides additional data security on Rubrik CDM by ensuring that no individual user
can perform key operations on data without the approval of a secondary user.
Related Tasks
Configuring event email settings
Specify the types of events and the recipients for event notifications that are sent through email.
Related reference
Global administrator role details
A user account with the global administrator role has specific permissions in the two-person rule context.
Related Tasks
Enabling TPR
Process of enabling the two-person rule on a Rubrik cluster and creating a user account with the TPR
administrator role.
Managing actions protected by TPR
Process of enabling or disabling the two-person rule for selected actions on a Rubrik cluster.
Disabling TPR
Process of disabling the two-person rule on a Rubrik cluster.
Related reference
TPR Admin role details
A user account with the TPR Admin role has specific permissions in the two-person rule context.
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Prerequisites
Enable two-person rule (TPR) on the Rubrik cluster, as described in Enabling TPR.
Context
Only a global administrator can enable TPR protection for selected actions. To disable TPR protection for
actions, a global administrator must submit a TPR request that only a TPR administrator can approve.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. From Access Management, select Two-Person Rule.
The Two-Person Rule Controlled Actions page appears.
Result
Based on the selections, the global administrator enables TPR or submits a TPR request to disable TPR for
the selected actions. The Activity Log lists the events associated with the request.
Related Concepts
Activity Log
The Activity Log contains log messages about standard tasks and notifications that are considered time
sensitive.
Related reference
Global administrator role details
A user account with the global administrator role has specific permissions in the two-person rule context.
Disabling TPR
Process of disabling the two-person rule on a Rubrik cluster.
Context
Only a global administrator can request the TPR administrator to disable the two-person rule (TPR) on a
Rubrik cluster.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. From Access Management, select Two-Person Rule.
The Two-Person Rule Controlled Actions page appears.
4. From the ellipsis menu on the page bar, click Disable Two-Person Rule.
The Manage Two-Person Rule dialog box appears.
5. Click Disable.
The Submit Two-Person Rule Request dialog box appears.
6. Optional: Type additional comments to describe the TPR request.
7. Click Submit.
Result
The global administrator submits a TPR request to disable TPR on the Rubrik cluster. The Activity Log lists
the events associated with the request.
Related Tasks
Enabling TPR
Permission Grant
Enable TPR on the Rubrik cluster Not permitted
Disable TPR on the Rubrik cluster Permitted to approve request from global
administrator
Enable TPR protection for actions Not permitted
Disable TPR protection for actions Permitted to approve request from global
administrator
Perform actions protected by TPR Not permitted
Approve TPR request Permitted
Assign TPR roles Permitted
Update TPR options Permitted
Bypass TPR requirement on actions Not permitted
Related reference
TPR Approver role details
A user account with the TPR Approver role is responsible for approving or denying TPR requests.
Global administrator role details
A user account with the global administrator role has specific permissions in the two-person rule context.
Permission Grant
Enable TPR on the Rubrik cluster Not permitted
Disable TPR on the Rubrik cluster Permitted to approve request from global
administrator
Enable TPR protection for actions Not permitted
Disable TPR protection for actions Permitted to approve request from global
administrator
Perform actions protected by TPR Not permitted
Approve TPR request Permitted
Assign TPR roles Not permitted
Update TPR options Not permitted
Related reference
TPR Admin role details
A user account with the TPR Admin role has specific permissions in the two-person rule context.
Global administrator role details
A user account with the global administrator role has specific permissions in the two-person rule context.
TPR requests
Performing an action that is protected by the two-person rule on a Rubrik cluster creates a two-person rule
request.
Only user accounts that are not assigned the TPR Admin and TPR Approver roles can create two-person
rule (TPR) requests by initiating actions protected by TPR. TPR administrators and approvers can only
approve or deny the TPR requests.
The Rubrik CDM web UI lists all the TPR requests on a page, with their details such as the requester, the
time at which the request was made, the expiry time, the description of the request, and the request
status.
The TPR Requests page provides options to approve or deny the requests when a TPR administrator or
approver is logged in to the Rubrik CDM web UI. For all other user accounts, the page provides an option
to cancel a request if the request was generated by the currently logged-in user account.
By default, TPR requests expire after seven days. Global administrators and TPR administrators have the
ability to change this configuration.
Related Tasks
Viewing TPR requests
Process of viewing detailed information about all the TPR requests on the Rubrik cluster.
Managing TPR requests
Only user accounts with TPR Admin or TPR Approver roles can approve or deny TPR requests.
Canceling TPR requests
The user that initiated a TPR request can cancel that request while the request is pending.
Updating the TPR options
Process of updating the number of days for which a TPR request can stay in the pending state before it
expires.
Related reference
TPR request details
The TPR Requests page displays detailed information about the TPR requests on the Rubrik cluster.
Related Tasks
Viewing TPR requests
Process of viewing detailed information about all the TPR requests on the Rubrik cluster.
Updating the TPR options
Process of updating the number of days for which a TPR request can stay in the pending state before it
expires.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Two Person Rule > TPR Requests.
The TPR Requests page appears.
3. In Action, click on a TPR request entry.
The TPR Request Detail page appears, with the details of the request submission and the status
changes.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Two Person Rule > TPR Requests.
The TPR Requests page appears.
3. From the ellipsis menu of the TPR request, select an action.
Action Description
Approve Approves the pending TPR request. The
requested action or change is then performed.
Deny Denies the pending TPR request.
Based on the selected action, the Approve TPR Request or the Deny TPR Request dialog box appears.
4. Optional: In Additional comments, type the reason for the action selected.
5. (For Approve TPR Request) Click Approve Request.
6. (For Deny TPR Request) Click Deny Request.
Result
The Rubrik cluster performs the requested action for the TPR request and updates the status on the TPR
Requests page. The Activity Log also lists the action taken by the TPR administrator or TPR approver on
the TPR request.
Related Concepts
TPR requests
Performing an action that is protected by the two-person rule on a Rubrik cluster creates a two-person rule
request.
Procedure
1. Log in to the Rubrik CDM web UI.
2. On the left-side menu, click Two Person Rule > TPR Requests.
The TPR Requests page appears.
3. From the ellipsis menu of the TPR request, click Cancel Request.
The Cancel TPR Request dialog box appears.
4. Optional: In Additional comments about the request, type the reason for cancellation.
5. Click Yes.
Result
The Rubrik cluster cancels the TPR request and updates the status on the TPR Requests page. The Activity
Log also lists the action taken on the TPR request.
Context
User accounts with global administrator or TPR administrator roles can configure TPR options.
Procedure
1. Log in to the Rubrik CDM web UI using the admin account.
2. Click the gear icon.
3. From Access Management, select Two-Person Rule.
The Two-Person Rule Controlled Actions page appears.
4. From the ellipsis menu on the page bar, click TPR Options.
The TPR Options dialog box appears.
5. In Enter custom time, enable the toggle.
The Set new time field appears.
6. In Set new time, type a number.
The number specifies the number of days for which the TPR request can stay in the pending state
without reaching expiration.
7. Click Save.
Result
The Rubrik cluster saves the new value of the duration for which the TPR request remains valid. The
Activity Log also lists the summary of the configuration change.
Related Concepts
TPR requests
Performing an action that is protected by the two-person rule on a Rubrik cluster creates a two-person rule
request.
Ports
Rubrik CDM has specific port requirements.
123 UDP Rubrik cluster NTP server Provides access to network time
protocol (NTP) servers for time
synchronization.
123 UDP Rubrik cluster Rubrik cluster Allows NTP synchronization across
nodes of a cluster.
137 UDP 1. Rubrik cluster Rubrik cluster For the respective item in the Source
2. SQL Live Mount column:
host 1. Required for NTLM
3. Hyper-V Server authentication.
4. Windows host 2. Required for Live Mount SQL
databases.
3. Supports communication with
SMB.
4. Supports Volume Group backup
using SMB.
Provides access to Samba share
during backup, export, and live
mounts. However, these are
necessary for Samba only for
NetBIOS over TCP.
138 UDP 1. Rubrik cluster Rubrik cluster For the respective item in the Source
2. SQL Live Mount column:
host 1. Required for NTLM
3. Hyper-V Server authentication.
4. Windows host 2. Required for Live Mount SQL
databases.
3. Supports communication with
SMB.
4. Supports Volume Group backup
using SMB.
Provides access to Samba share
during backup, export, and live
mounts. However, these are
necessary for Samba only for
NetBIOS over TCP.
139 TCP 1. Rubrik cluster Rubrik cluster For the respective item in the Source
2. SQL Live Mount column:
host 1. Required for NTLM
3. Hyper-V Server authentication.
4. Windows host 2. Required for Live Mount SQL
databases.
3. Supports communication with
SMB.
4. Supports Volume Group backup
using SMB.
Provides access to Samba share
during backup, export, and live
mounts. However, these are
necessary for Samba only for
NetBIOS over TCP.
161 UDP SNMP manager Rubrik cluster Allows the Rubrik cluster to receive
SNMP requests.
464 TCP/UDP Rubrik cluster Active Directory server Permits Kerberos password set/
change communication for SMB
security.
465 TCP Rubrik cluster Email server Allows the Rubrik cluster to send
email alerts to administrators. Only
required when the email server
supports this port.
514 TCP Rubrik cluster Syslog server Allows syslog communication to send
system notifications to a remote
syslog server.
587 TCP Rubrik cluster Email server Allows the Rubrik cluster to send
email alerts to administrators. Only
required when the email server
supports this port.
623 UDP Remote management IPMI on Rubrik node Provides access to the IPMI system
tool on a Rubrik node.
636 TCP Rubrik cluster Active Directory server Permits secure LDAP (LDAPS)
or LDAP server communication for SMB security and
LDAP servers.
860 TCP/UDP Rubrik cluster iSCSI targets Permits iSCSI data transfers for
Nutanix AHV.
902 TCP Rubrik cluster VMware ESXi hosts Permits network block device (NBD)
data transfers.
1514 TCP CDP Filter Rubrik cluster Used by the CDP Filter to transmit
IOs from the virtual disks to the
Rubrik cluster.
1515 TCP CDP Log Receiver CDP Metadata Service Used by CDP LRS to call APIs
Service (LRS) (MDS) provided by CDP MDS. Used for
internal communication on the Rubrik
cluster.
2013 TCP Rubrik cluster Rubrik cluster Allows sharing of statistics between
the nodes of a Rubrik cluster.
2014 TCP Rubrik cluster Rubrik cluster Allows sharing of statistics between
the nodes of a Rubrik cluster.
2015 TCP Rubrik node Rubrik node Used in restoring metadata from
backups.
2200 TCP Rubrik node Rubrik node Allows node-to-node SSH
communication during upgrade.
2049 TCP Rubrik cluster NFS server Permits communication with a NAS
device that is being used as an
archival location.
2049 TCP/ 1. VMware ESXi hosts 1. Rubrik cluster 1. Allows contact with the NFS
UDP 2. Oracle database 2. Rubrik cluster daemon running on the Rubrik
host 3. Rubrik cluster cluster for Live Mount operations.
3. SAP HANA 2. Allows contact with the NFS
database host daemon running on the Rubrik
cluster for Live Mount of
Managed Volume snapshots.
3. Allows contact with the NFS
daemon running on the Rubrik
cluster for Live Mount of
Managed Volume snapshots.
8080 TCP Rubrik node Isilon Allows communication for NAS vendor
API integration.
8081 TCP Rubrik node Rubrik node Allows node-to-node communication
to the Graphite web server.
9440 TCP Nutanix cluster Rubrik cluster Permits communication between
Nutanix Cluster and the Rubrik
cluster.
9638 TCP Rubrik Node Rubrik Node Allows node-to-node communication
for the Rubrik data service to perform
maintenance operations for SAP
HANA workloads, for example,
snapshot expiry or cleanup.
9639 TCP SAP HANA host Rubrik cluster Allows data ingestion from the SAP
HANA host to the Rubrik data service.
10000 TCP Rubrik cluster Rubrik cluster Allows sharing of Rubrik cluster file
system (SDFS) data between the
nodes of a Rubrik cluster.
10001 TCP Rubrik node Rubrik node Allows node-to-node SDFS
communication.
12800-12801 Rubrik cluster 1. Physical Linux or 1. Allows contact with the Rubrik
TCP Unix host Backup Service software on the
2. Windows Server Linux or Unix host.
host 2. Allows contact with the Rubrik
3. Hyper-V host Backup Service software on the
Windows Server host.
3. Allows contact with the Rubrik
Backup Service software on the
Hyper-V host.
18082 TCP Rubrik cluster QStar host Required for archiving to QStar tape
archive. Remote Admin (C:\qstar
\bin\admin.exe) listens on the
QStar host.
26257 Rubrik cluster Rubrik cluster Allows process arbitration for
TCP (also CockroachDB encrypted traffic
5766-5767) between the nodes of a Rubrik
cluster.
58000 TCP Compute gateway Rubrik cluster IPs or Rubrik HotAdd Proxy IPs or subnet.
subnet
To provide the full range of Rubrik cluster features, the Rubrik cluster must be allowed to connect to
the ports listed in Uses for secure port 443 TCP. This list excludes communication for replication and
communication for archival activity.
Related reference
Uses for secure port 443 TCP
Rubrik CDM uses TCP port 443 for secure transmissions in a number of contexts.
Rubrik cluster Pure Storage array Invoking Pure Storage REST APIs for
snapshots and queries about volumes.
Rubrik cluster blob-acct.blob.core.windows.net Required for CloudOut to Azure. Replace
blob-acct with the Azure archive blob
For Azure Government, use: storage account name.
blob.core.usgovcloudapi.net.
2049 TCP/UDP 1. VMware ESXi hosts Permits contact with the NFS
2. Oracle Server daemon running on the Rubrik
cluster for Live Mount operations.
3. SAP HANA host
4. Managed Volumes
9639 TCP SAP HANA host Allows data ingestion from the
SAP HANA host to the Rubrik data
service.
9440 TCP Nutanix cluster Permits communication between
a Nutanix cluster and a Rubrik
cluster.
12800-12801 TCP 1. Oracle Server 1. Required for the Rubrik
2. SAP HANA host Backup Service Software
3. SQL Server installed on the Oracle Server
to communicate with the
Rubrik cluster.
2. Required for the Rubrik
Backup Service Software
installed on the SAP HANA
host to communicate with
the Rubrik cluster.
3. Required for the Rubrik
Backup Service Software
installed on the SQL Server
to communicate with the
Rubrik cluster.
32764-32769 TCP/UDP 1. Managed Volume hosts 1. Required for all NFS protocol
2. VMware ESXi hosts Live Mounts of:
3. Oracle Server • Managed Volumes on a
4. SAP HANA host Rubrik cluster
• Oracle Server
Rubrik clusters limit the
allocated port range for the
mountd, statd, lockd and
Archiving ports
The Rubrik cluster requires a number of outbound ports for archiving.
2049 TCP NFS server Permits communication with a NAS device that is
being used as an archival location.
CloudOn 443 TCP Rubrik Bolt blob- You must replace blob-acct
acct.blob.core.windows.net with the Azure archive blob
storage account name.
CloudOn 443 TCP Rubrik cluster 1. management.azure.com Required URL access from
2. Rubrik to Azure.
management.core.windows.net
3. login.microsoftonline.com
4. graph.windows.net
GCP ports
The Rubrik cluster requires specific ports to be configured for GCP virtual machines.
AWS ports
The Rubrik cluster requires the following ports to be configured for AWS virtual machines.
CloudOn 443 TCP Rubrik cluster ec2.region.amazonaws.com You must replace region with
an AWS region name. For
example: us-west-1.
CloudOn 2002 Rubrik cluster Bolt-subnet You must replaceBolt-subnet
TCP with the CIDR range of the
network subnet used by Bolt.
CloudOn 8077 Rubrik cluster Bolt-subnet You must replace Bolt-subnet
TCP with the CIDR range of the
network subnet used by
Bolt. Only required when
troubleshooting over SSH.
CloudOn 443 TCP Rubrik Bolt s3.region.amazonaws.com You must replace region with
an AWS region name. For
example: us-west-1.
CloudOn 443 TCP Rubrik Bolt kms.region.amazonaws.com You must replace region
with an AWS region name.
For example: us-west-1.
Required only when AWS KMS
encryption keys are used with
the archive.
CloudOn 443 TCP Rubrik Bolt sts.region.amazonaws.com Required for CloudOn with
AWS only when the BOLT and
Converter image is shared.
The variable region refers to
an AWS region name.
Privilege Description
Allocate space Used by Rubrik to create virtual machines for export. Also used by Rubrik to
provide space for delta files on the datastore when creating a snapshot.
Browse datastore Allows Rubrik to find and download the vmware.log file for a virtual machine
after a failed snapshot and to send the vmware.log file out for support.
Configure datastore Allows Rubrik to connect the datastore on a Rubrik cluster to the vCenter
Server for Live Mount and Instant Recovery.
Low level file operations Allows Rubrik to ingest and to export the contents of snapshot VMDKs.
Move datastore Allows Rubrik to place a Live Mount datastore into a vCenter Server folder to
enhance manageability.
Remove datastore Used by Rubrik to detach a Live Mount datastore that is no longer in use.
Privilege Description
Manage custom Allows Rubrik to create custom attributes on virtual machines.
attributes
Set custom attributes Allows Rubrik to assign custom attributes to virtual machine objects.
Configuration Query patch Allows Rubrik CDM to deploy the Rubrik CDP Filter
to the host.
Configuration Maintenance Used by VMware when moving hosts automatically
to maintenance mode to uninstall CDP filter.
Configuration Image configuration Allows changes to the image associated with a host
to support the Rubrik CDP Filter.
Privilege Description
Assign network Allows Rubrik to connect Instant Recovery virtual machines to a network when
powering on the virtual machines.
Privilege Description
Assign virtual machine to resource pool Allows Rubrik to allocate resources on an ESXi host for
powering on virtual machines that are created through the
Export, Live Mount, and Instant Recovery features.
Migrate powered on virtual machine Allows Rubrik to migrate a powered on virtual machine
from the Rubrik datastore to a datastore managed by a
vCenter Server.
Migrate powered off virtual machine Allows Rubrik to migrate a powered off virtual machine
from the Rubrik datastore to a datastore managed by a
vCenter Server.
Query vMotion Allows Rubrik to query a virtual machine to see if it is in
vMotion before starting the snapshot process. Required for
datastore migration.
Privilege Description
Validate session Used by Rubrik to discover, cache, and reuse previous vCenter Server
sessions.
View and stop sessions Used by Rubrik to discover, cache, and reuse previous vCenter Server
sessions.
Configuration Change resource Allows Rubrik to configure virtual machine resources that are
created in resource pools.
Configuration Disk change Used by Rubrik to enable incremental snapshots, and to
tracking (6.5) reset CBT when required. Resetting CBT is required when a
known VMware issue occurs that results in vSphere failing to
Toggle disk change maintain the setting.
tracking (6.7)
Configuration Disk lease (6.5) Allows Rubrik to acquire leases to permit using VADP for
transferring VMDK contents.
Acquire disk lease
(6.7)
Configuration Remove disk Used by a Rubrik cluster to unmount virtual disks that were
mounted during a Live Mount operation.
Configuration Rename Allows Rubrik to rename the virtual machines during Instant
Recovery.
Configuration Set annotation Allows Rubrik to set a custom attribute on virtual machines to
indicate the time at which the most recent successful backup
completed.
Configuration Settings (6.5) Used by Rubrik to configure virtual machines that are created
through the Export, Live Mount, and Instant Recovery
Modify device features.
Settings (6.7)
Configuration Swapfile placement Allows Rubrik to power on virtual machines that are created
(6.5) through the Export, Live Mount, and Instant Recovery
features.
Change Swapfile
placement (6.7)
Interaction Guest operating Allows Rubrik to manage a guest operating system along with
system the Rubrik VSS agent when creating application-consistent
management by snapshots.
VIX API
Interaction Power Off Allows Rubrik to power off Live Mount virtual machines and
Instant Recovery virtual machines before deleting the virtual
machine.
Interaction Power On Allows Rubrik to power on Export virtual machines, Live
Mount virtual machines, and Instant Recovery virtual
machines after creating the virtual machine.
Interaction Reset Allows Rubrik to manage Export virtual machines, Live Mount
virtual machines and Instant Recovery virtual machines after
creating the virtual machine.
Interaction Suspend Allows Rubrik to manage Export virtual machines, Live Mount
virtual machines, and Instant Recovery virtual machines after
creating the virtual machine.
Interaction VMware Tools install Allows Rubrik to upgrade VMware Tools on a guest OS as
needed to prevent the guest OS from hanging or crashing
when quiescing for the purpose of taking a snapshot.
Inventory Create new Used by Rubrik to create Export virtual machines, Live Mount
virtual machines, and Instant Recovery virtual machines.
Inventory Move Allows Rubrik to move an original virtual machine into a
“deprecated” folder before replacing the original with an
Instant Recovery virtual machine.
Inventory Register Used by Rubrik to create Export virtual machines, Live Mount
virtual machines, and Instant Recovery virtual machines.
Inventory Remove Allows Rubrik to remove Export virtual machines, Live Mount
virtual machines, and Instant Recovery virtual machines.
Inventory Unregister Allows Rubrik to remove Export virtual machines, Live Mount
virtual machines, and Instant Recovery virtual machines.
Provisioning Allow disk access Allows Rubrik to write to the VMDK files of Export virtual
machines, Live Mount virtual machines, and Instant Recovery
virtual machines.
Provisioning Allow read-only disk Allows Rubrik to read the VMDK contents of Export virtual
access machines, Live Mount virtual machines, and Instant Recovery
virtual machines when backing up the virtual machines.
Provisioning Allow virtual Allows Rubrik to download non-VMDK files of protected
machine download source virtual machines, including configuration files and
support logs.
Privilege Description
Profile-driven storage update Allows Rubrik to create and update Storage profiles in order to enable
Continuous Data Protection for virtual machines.
Profile-driven storage view Allows Rubrik to view of defined storage capabilities and storage
profiles in order to manage Continuous Data Protection.
Privilege Description
Assign or Unassign Used by Rubrik to reapply tags when recovering virtual machines.
vSphere Tag
Assign or Unassign Used by Rubrik to reapply tags when recovering virtual machines. Required for
vSphere Tag on Object vSphere 7.0 and later.
(7.0)
Access Applies to
Change password Descendant Computer objects
Reset password Descendant Computer objects
Create Computer objects Rubrik account object and Descendant Computer objects
Special > List contents Descendant Computer objects
Special > Read all properties Descendant Computer objects
Special > Write all properties Descendant Computer objects
Special > Read permissions Descendant Computer objects
Procedure
1. Open the Active Directory Users and Computers MMC snap-in.
2. In the left-side hierarchy, right-click a folder for the new user account.
3. Click New > User.
4. Configure a user account by filling in the fields and click Next.
5. Type a password and confirm the password.
6. Select User cannot change password and Password never expires.
7. Click Next.
8. Click Finish.
The Active Directory Users and Computers MMC creates the new user account.
9. In the left-side hierarchy, right-click Computers.
10. On the context menu, click Delegate Control.
The Delegation of Control Wizard appears.
11. Click Next.
12. On the Users or Groups pane, click Add.
13. Type the name of the user account.
14. Click Check Names.
The wizard finds the user account.
15. Click OK.
16. Select the name of the user account, and click Next.
17. Select Create a custom task to delegate, and click Next.
18. In Delegate control of, select Only the following objects in the folder.
19. In the selection window, select Computer objects.
20. Select Create selected objects in this folder, and click Next.
21. On the Permissions pane, select General and Property-specific.
22. In the selection window, select each of the following permissions:
• Read
• Write
• Read All Properties
• Write All Properties
• Change Password
• Reset Password
23. Click Next.
24. Click Finish.
Result
The Delegation of Control wizard delegates the selected permissions to the initialization account.
Procedure
1. Open the Active Directory Users and Computers MMC snap-in.
2. Select View > Advanced Features > Computers > Properties.
3. The Computers Properties dialog box appears.
4. Select the Security tab.
5. In Group or user names, select the name of the user account.
6. Use the Permissions for selection window to view the permissions that are assigned to the user
account.
Result
The Windows Server Active Directory Users and Computers MMC snap-in confirms that the correct
permissions are delegated to the initialization account.
Archive preparation
Archive preparation provides supplemental information about the initial preparation required to use specific
types of archival locations.
Prerequisites
Use a secure computer that has the OpenSSL toolkit installed. For most Linux and Unix distributions,
the standard operating system packages include the OpenSSL toolkit. The OpenSSL toolkit can also be
downloaded and installed on Windows computers.
Procedure
1. On a secure computer, open a terminal window.
2. At the command prompt, type the OpenSSL key generation command.
Type
Result
The command generates an RSA key in the current working directory.
Note: Rubrik CDM does not provide a mechanism to recover the RSA key used during archival location
creation. If the RSA key is lost, another Rubrik cluster cannot connect to this archival location as a reader
to enable data recovery. Rubrik recommends that you save the RSA key in a secure location for use during
configuration of an archival location.
Procedure
1. In the AWS Services list, in the Storage section, select S3.
The Amazon S3 page appears.
2. Click + Create bucket.
The Create bucket modal appears.
3. In Bucket name, type a name for the new bucket.
4. Click the information icon next to the Bucket name field to see the requirements for a bucket name.
5. In Region, select the region in which the bucket should be created.
6. Verify that Rubrik supports the selected region.
7. Click Create.
AWS creates the new bucket, and the bucket appears in the list.
8. Select the new bucket.
A page for the bucket appears. The page has tabs for Properties, Permissions, and Management.
9. Click Copy Bucket ARN.
10. Paste the Bucket ARN into a plain text scratch file.
Keep this scratch file for use in later tasks.
11. Close the dialog box.
Result
Amazon creates the Amazon S3 bucket.
The following JSON object supports AWS archiving using KMS encryption with no consolidation.
{
"Version": "2012-10-17",
"Statement": [
{
The following JSON object supports AWS archiving using KMS encryption with consolidation.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:GenerateDataKey",
"kms:DescribeKey",
"ec2:DescribeInstances",
"ec2:CreateKeyPair",
"ec2:CreateImage",
"ec2:CopyImage",
"ec2:DescribeSnapshots",
"ec2:DeleteVolume",
"ec2:StartInstances",
"ec2:DescribeVolumes",
"ec2:DescribeExportTasks",
"ec2:DescribeAccountAttributes",
"ec2:ImportImage",
"ec2:DescribeKeyPairs",
The following JSON object supports AWS archiving using RSA encryption with no consolidation.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads",
"s3:RestoreObject",
"s3:CreateBucket",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::", { "Ref": "S3BucketName" }, "/*"
]
}
]
}
The following JSON object supports AWS archiving using RSA encryption with consolidation.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:CreateKeyPair",
"ec2:CreateImage",
"ec2:CopyImage",
"ec2:DescribeSnapshots",
"ec2:DeleteVolume",
"ec2:StartInstances",
"ec2:DescribeVolumes",
"ec2:DescribeExportTasks",
"ec2:DescribeAccountAttributes",
"ec2:ImportImage",
"ec2:DescribeKeyPairs",
"ec2:DetachVolume",
"ec2:CancelExportTask",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:GetConsoleScreenshot",
"ec2:GetConsoleOutput",
"ec2:CreateVolume",
Prerequisites
Select a JSON object from the choices described in AWS permissions for archiving.
Context
Create a security policy with a pre-existing bucket.
Procedure
1. Log in to the AWS account.
2. In the AWS Services list, in the Security, Identity & Compliance section, select IAM.
The Identity and Access Management page appears.
3. On the left-side menu, select Policies.
4. Click Create policy.
The Create Policy workspace opens with the Visual Editor tab active.
5. Click the JSON tab.
The JSON text editor appears.
In the next step, pay close attention to the JSON formatting, including opening and closing braces and
brackets.
6. Copy and paste the JSON text for the selected configuration.
7. From Resources section, to the right of bucket, click Add ARN.
8. In the Specify ARN for bucket field, remove the placeholder arn:aws:3::: and paste the bucket
ARN.
9. Click Add.
10. From Resources section, to the right of object, click Add ARN.
11. In the Specify ARN for object field, remove the placeholder arn:aws:3::: and paste the bucket ARN
and add /* at the end of the string.
Remove the placeholder arn:aws:3::: and paste the bucket ARN.
12. Click Add.
13. At the bottom of the page, click Review Policy.
14. In the Name field, type a policy name.
15. At the bottom of the page, click Create policy.
Result
AWS creates the bucket policy and returns to the policy list page.
Related reference
AWS permissions for archiving
The AWS permissions that are required for archiving depend on the encryption method, either KMS or RSA,
and whether consolidation is enabled.
Procedure
1. Log in to an AWS account.
2. In the AWS Services list, in the Security, Identity & Compliance section, select IAM.
The Identity and Access Management page appears.
3. On the left-side menu, click Users.
The list of users appears.
4. Click Add user.
The Add user page appears.
5. In the Set user details section, in User name, type a name for the user account.
The user account will be used by the Rubrik cluster to access the bucket.
Result
The file contains the Access key ID and Secret access key for the user account and should be securely
stored. Use these values when configuring the Rubrik cluster to use this AWS bucket as an archival
location. The file can be renamed.
Related tasks
Creating a security policy for the bucket
Create a security policy for the bucket.
Procedure
1. In a web browser, access the Google Cloud Platform portal at https://console.cloud.google.com/.
2. Log in with a Google account username and password.
The Google Cloud Platform page appears.
3. Click the Google Cloud Platform menu icon.
4. From the left side of the pane, select IAM & admin.
The IAM & admin page appears.
5. From the left side of the pane, select Service accounts, then click + Create service Account.
The Create service account page appears.
6. In Service account name, specify the service account name.
7. Click Create.
The Service account permissions page appears.
8. In Select a role, click Storage > Storage Admin.
9. Click Continue.
10. In the Create key (optional) section, click + Create Key.
The Create key page appears.
11. In Key Type, select JSON.
12. Click Create.
The Download Save As page appears.
13. Save the JSON file to a folder.
A message appears confirming the Private key is saved.
14. Click Close.
15. Click Done.
{
"Name": "Rubrik CloudOut",
"IsCustom": true,
"Description": "Can upload snapshot data to container",
"Actions": [
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/read"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/<subscription_id>"
]
}
{
"Name": "Rubrik CloudOut",
"IsCustom": true,
"Description": "Can upload snapshot data to container and use compute
for
consolidation",
"Actions": [
"Microsoft.ClassicCompute/virtualMachines/detachDisk/action",
"Microsoft.ClassicCompute/virtualMachines/attachDisk/action",
"Microsoft.Compute/disks/",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.Compute/virtualMachines/extensions/",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/virtualMachines/powerOff/action",
"Microsoft.Compute/virtualMachines/read",
Basics tab
Networking tab
You may accept the default settings or configure them as per your requirements.
Encryption tab
Setting Description
Encryption type The type of keys used for data encryption in the
storage account.
You can accept the default option of using
Microsoft-managed keys for encryption.
Enable infrastructure encryption Rubrik CDM does not require this setting to be
enabled.
Related information
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal
Procedure
1. Ensure the /etc/exports listing for the exported file system has the minimum required settings
described in NFS Export settings.
For best results, use the recommended settings.
/expath rsub(rw,secure,root_squash,no_subtree_check)
In this example, /expath is the export point and rsub is the Rubrik cluster subnet, expressed in
Classless Inter-Domain Routing (CIDR) notation. For example, the subnet could be 192.168.2.0/24
for IPv4, or 2001:db8::/32 for IPv6.
2. Set the export point ownership to the anonymous uid/gid of the operating system and permissions
to 755.
In this example, anongid is the anonymous group ID of the operating system and expath is the export
point.
3. Optional: To use NFS with Kerberos, add the Rubrik cluster to the Active Directory domain.
The Rubrik cluster can only be added to one Active Directory domain. NFS with Kerberos does not
support multiple Active Directory domains.
Result
NFS is configured for use by Rubrik CDM as an archival location.
Procedure
1. Join the Isilon to the Active Directory domain.
a. In the OneFS UI, select the Access tab and select Authentication Providers.
b. Create an Active Directory provider and click Enable Secure NFS.
Selecting Enable Secure NFS sets the service principal names for the account and enables mutual
authentication.
2. Set the EMC Isilon SmartConnect zone to the FQDN of the Isilon.
3. Set up DNS to provide both forward, address (A), resolution and reverse, pointer record (PTR),
resolution of the FQDN of the Isilon SmartConnect zone.
Kerberos requires both A and PTR resolution of the FQDN.
4. On the OneFS UI, use the Add an NFS share screen to set up an NFS mount point.
5. Select Enable mount access to subdirectories.
6. Optional: For Security Type(s), select Use Custom and set the Kerberos levels.
7. In Clients, add the IP address range of the Rubrik cluster.
8. Click Always Read-Write Clients.
9. In Map Root User, assign a user with read/write permissions for the exported directory.
10. Add the Rubrik cluster to the Active Directory domain.
11. Optional: Enable Kerberos authentication.
When Kerberos is enabled, add a Rubrik cluster that uses an NFS archival location to only one Active
Directory domain. Multiple Active Directory domains are not supported with an NFS archival location
when using Kerberos.
Result
Isilon NFS is configured for use by Rubrik CDM as an archival location.
QStar requirements
Complete the QStar initial requirements before setting up a QStar Integral Volume as an archival location.
This table lists the Rubrik cluster requirements for using a QStar Manager instance as an archival location.
Tape library Any tape library that is supported by the QStar Archive Manager must be visible
to the Windows Server and available to the QStar Archive Manager instance.
The tape library must have at least two tape drives per Integral Volume to
support concurrent archive and retrieval operations. If more than one Integral
Volume is configured on the server, the total number of tape drives can be fewer
than twice the number of Integral Volumes. In that case, one tape drive per
Integral Volume must be reserved for archival purposes.
Procedure
1. As an administrator, open the QStar Archive Manager application.
2. On the left-side menu, select Server.
The server screen appears. The QStar Server Status field displays the status of the server. The status
must be Installed - Running.
3. (If the server is not running) Click Start.
4. On the server screen, start all other services.
5. On the server screen, start QWSD.
6. On the left-side menu, select Media > Online Media.
The online media view appears.
7. In Library Name, select the library that will be used for the archival location.
8. In Characteristics, select a slot that will be assigned to the archival location.
The slot must have a value of Tape in the Type column and have no value in the Set Name column.
Tape indicates that the media in the slot is a tape. An empty value in the Set Name column indicates
that the slot is not assigned to an Integral Volume set.
9. Click Erase.
The QStar Archive Manager erases and initializes the tape.
10. Add any additional slots that will be assigned to the archival location.
11. On the left-side menu, select Integral Volumes > Volume Management.
12. Click Create New Integral Volume.
The New Integral Volume Parameters dialog box appears.
13. Configure the new Integral Volume using the following values.
Field Action
Result
QStar is configured for use by Rubrik CDM as an archival location.
Context
Nodes can have statuses of UNKNOWN, OK, BAD, PRE_MAINTENANCE, MAINTENANCE, BOOTSTRAPPING,
UPGRADE, REMOVED. The Rubrik CDM CLI Reference provides information about the node statuses.
Procedure
1. Open an SSH session on the host.
2. Type the cluster get_node_statuses command to determine the status of the node.
Example
This example shows the status of a node.
Procedure
1. Open an SSH session on the host.
2. Type the cluster poweroff_node command to shut down the node hosting the current session.
To shut down all nodes in the cluster at the same time, use the cluster poweroff_cluster
command.
A warning that this operation powers off the node and terminates running jobs appears along with a
request to "Type yes to continue". See the example, below.
3. Type Yes to confirm.
Result
The node hosting the current session shuts down, and all jobs running on the node are terminated.
Example
This example shuts down a node.
Procedure
1. Open an SSH session on the host.
2. Type cluster poweroff_cluster.
Option Description
cluster poweroff_cluster with no option Performs a node status check before shutting
down all nodes in the Rubrik cluster.
During the shutdown period terminates all jobs
running.
The Rubrik cluster cannot send commands to nodes it cannot reach or communicate with.
Result
All nodes running in the Rubrik cluster are shut down and all jobs running on the nodes are terminated.
Example
This example shuts down a cluster.
Procedure
1. Open an SSH session on the host.
2. Type the cluster reboot command to reboot the cluster or the node.
The syntax is:
The command cluster reboot cluster reboots all the reachable nodes in the cluster. The
command cluster reboot node reboots only the node from which the command was executed.
A warning that this operation reboots the cluster or node and terminates running jobs appears along
with a request to "Type yes to continue".
3. Type Yes.
The Rubrik cluster or the current node begins a shutdown and reboot.
Result
The Rubrik cluster or the node that hosts the current Rubrik CDM Web UI session reboots.
Procedure
1. As admin, connect to the node that is getting a new hostname.
2. At the Rubrik CLI prompt, type cluster node_hostname_change newname.
Where newname is the new name of the Rubrik cluster node.
Result
The node runs the command and changes its hostname to the new name.
source Optional String Select an option from the drop-down list. The
response will include the configuration parameters
whose values were changed due to the selected
option.
Choose from:
• Unknown
• CustomerApi
• Upgrade
• ResetNode
• Software
• Init
after_time Optional String Specify a time. The response will include the
configuration values that were updated between
the specified time and the time the request was
made.
If before_time is also specified, the response will
include the configuration values that were updated
between the two timestamps.
Format: YYYY-MM-DDTHH:MM:SS.SSSZ
Timezone: UTC
Format: YYYY-MM-DDTHH:MM:SS.SSSZ
Timezone: UTC
Prerequisites
Create an authorized Rubrik REST API session. To use the Rubrik REST API playground for this task,
authorize the session on the "v1" API branch.
Context
The steps in this task describe how to view the old value and the new value of the configuration
parameters for a Rubrik cluster or node. Use the after_time and before_time filters to narrow down the
results to a specific period of time.
Procedure
1. Open https://$RubrikCluster/docs/v1/playground/.
2. Click /config/history.
The listing expands to show all the operations for that endpoint.
3. Click GET /config/history/list_updates.
The endpoint listing displays a list of parameters that can be used to filter the results.
4. Click Try it out.
The parameters become editable.
5. Optional: To filter the results of the GET operation, provide appropriate values for the parameters.
6. Click Execute to send the request.
A successful request returns a list of JSON objects representing the configuration updates that are
narrowed down by the filter values.
{
"data": [
{
"nodeId": "cluster",
"namespace": "managedVolume",
"name": "managedVolumeSnapshotExportJobRetries",
"oldValue": "None",
"newValue": "3",
"apiUser": "",
"modifiedDateTime": "2021-02-07T19:32:44.619Z",
"source": "RESET_NODE"
}
]
Result
The Rubrik REST API server responds with a JSON object for a specific configuration parameter if the
configuration name is specified. If the configuration name is not specified, the response contains a list of
the configuration values that meet all specified filters.
Related Tasks
Authorizing a Rubrik REST API session
Obtain an authorization token and create an authorized session in the Rubrik REST API playground.
Related reference
Parameters to filter the list of configuration updates
The results of a GET request to the /config/history/list_updates endpoint can be filtered using the following
parameters.
HTTP status codes
HTTP status codes provide information on the results of the /config/history API requests.
on_date Required String Specify a time. The response will include the
configuration values that were in place at the
specified time.
Format: YYYY-MM-DDTHH:MM:SS.SSSZ
Timezone: UTC
Prerequisites
Create an authorized Rubrik REST API session. To use the Rubrik REST API playground for this task,
authorize the session on the "v1" API branch.
Context
The steps in this task describe how to get the values of the configuration parameters in a given
namespace, on a specific date, for a Rubrik cluster or node. Provide the name of a configuration parameter
to get the value of the specific parameter.
Procedure
1. Open https://$RubrikCluster/docs/v1/playground/.
2. Click /config/history.
The listing expands to show all the operations for that endpoint.
3. Click GET /config/history/ondate.
The endpoint listing displays a list of parameters that can be used to filter the results.
4. Click Try it out.
The parameters become editable.
5. In namespace, type the namespace of the configuration parameter.
namespace is a required parameter.
6. In on_date, type the timestamp to retrieve the value of the configuration parameter at that time.
on_date is a required parameter.
7. Optional: To further filter the results of the GET operation, provide appropriate values for the other
parameters.
8. Click Execute to send the request.
A successful request returns a list of JSON objects representing the configuration parameters that are
narrowed down by the filter values.
Result
The Rubrik REST API server responds with a JSON object for a specific configuration parameter if the
configuration name is specified along with the namespace and the on_date values. If the configuration
name is not specified, the response contains a list of all the configuration values in the specified
namespace, on the given date.
Related Tasks
Authorizing a Rubrik REST API session
Obtain an authorization token and create an authorized session in the Rubrik REST API playground.
Related reference
Parameters to filter configuration values by date
The results of a GET request to the /config/history/ondate endpoint can be filtered using the following
parameters.
HTTP status codes
HTTP status codes provide information on the results of the /config/history API requests.