Veritas CloudPoint Administrator's Guide
- Getting started with CloudPoint
- Section I. Installing and configuring CloudPoint
- Preparing for installation
- Deploying CloudPoint
- Deploying CloudPoint in the AWS cloud
- About CloudPoint support for AWS IAM roles
- About the CloudPoint AWS CloudFormation template
- Using plug-ins to discover assets
- Configuring off-host plug-ins
- AWS plug-in configuration notes
- Google Cloud Platform plug-in configuration notes
- Microsoft Azure plug-in configuration notes
- HPE RMC plug-in configuration notes
- NetApp plug-in configuration notes
- Hitachi plug-in configuration notes
- InfiniBox plug-in configuration notes
- About CloudPoint plug-ins and assets discovery
- Configuring the on-host agents and plug-ins
- Oracle plug-in configuration notes
- Protecting assets with CloudPoint's agentless feature
- Preparing for installation
- Section II. Configuring users
- Setting up email and adding users
- Assigning roles to users for greater efficiency
- Section III. Protecting and managing data
- User interface basics
- Indexing and classifying your assets
- Protecting your assets with policies
- Tag-based asset protection
- Replicating snapshots for added protection
- Managing your assets
- About snapshot restore
- Single file restore requirements and limitations
- Additional steps required after a SQL Server snapshot restore
- Monitoring activities with notifications and the job log
- Protection and disaster recovery
- Section IV. Maintaining CloudPoint
- CloudPoint logging
- Troubleshooting CloudPoint
- Working with your CloudPoint license
- Managing CloudPoint agents and plug-ins
- Upgrading CloudPoint
- Uninstalling CloudPoint
- Section V. Reference
- Storage array support
- Dell EMC Unity arrays
- Pure Storage FlashArray
- Working with CloudPoint using APIs
- Storage array support
About tag-based asset protection
The process of deploying a workload in the cloud is getting easier than in the past. Whether it is a development environment, a simple application instance, or a complex production deployment, virtual instances can be up and running within a few clicks. This ease of provisioning has led to a proliferation in the kinds of workloads and also the number of instances that are getting deployed in the cloud. The challenge is limited not only to the management of such a diverse environment, but also in the implementation of data protection policies in an ever expanding cloud footprint.
CloudPoint makes it easier by automatically discovering all the assets in your cloud environment. The periodic discovery ensures that any addition or deletion of workloads does not go unnoticed and all asset changes remain accounted for. You can easily configure a CloudPoint protection policy and assign it to the desired workloads.
The responsibility of data protection is entirely on the backup and data protection administrators. They need to monitor the number of workloads, determine the kind of data protection that is needed, and ensure that the required workloads are protected by assigning the correct protection policy. Also, if any of the protected workloads no longer exist or are no longer required to be protected, the task of removing that asset from the assigned protection policies also remains with the administrators.
CloudPoint introduces a feature called as Tag-based asset protection that is designed to automate data protection process using protection policies. Tag-based asset protection provides an intelligent and automated mechanism to protect assets based on user-defined tags. Tagging is a method where you can use descriptive text labels and assign them to the assets, either during the asset creation or at any time during the active life of the asset. When CloudPoint discovers the assets, it also scans the tags that are associated with those assets. A matching pre-defined CloudPoint protection policy then automatically starts protecting the assets based on the associated tags.
During each protection policy run, CloudPoint queries the matching assets based on the tags and protects them dynamically. If a tag is removed from an asset, it gets reported during the CloudPoint discovery cycle and then the corresponding asset is no longer protected from the next policy run. Tag-based asset protection allows you to use protection policies on a large number of assets simultaneously. This eliminates the manual task of navigating through the CloudPoint UI and choosing a protection policy for an asset individually.
CloudPoint stores all the information about configured policies, discovered assets and their associated tags in a MongoDB database. The CloudPoint coordinator service and the policy engine service together make use of this information to control and manage data protection using the tag-based asset protection.
The CloudPoint coordinator keeps a track of all the changes to the assets and their tags. During the CloudPoint discovery cycle, the CloudPoint plug-in sends all the assets data to the coordinator. The coordinator compares this information with the records in the MongoDB database and identifies all the assets and asset tags that are added, modified, or removed since the last discovery. During each policy run, the policy engine queries the database through the coordinator for the list of assets and their tags and uses that information to determine which assets are to be protected and which assets no longer need to be protected.
When using tag-based asset protection, you do not have to manually assign or unassign policies to the assets. Asset data protection is determined more dynamically based on the tags information. CloudPoint performs the following actions after each discovery cycle:
If a new tagged asset is added and if the tag matches an existing CloudPoint policy name, CloudPoint automatically starts protecting that asset through the matching protection policy as per the policy schedule.
If a tagged asset is deleted, CloudPoint stops protecting that asset from the next policy run.
If an existing tag value is modified such that an existing policy name is replaced by another, CloudPoint stops protecting that asset as part of the removed policy and starts protecting that asset through the new matching policy, in the next policy run.
If a new policy name is appended to the existing asset tag, CloudPoint starts protecting that asset using the new policy. The same asset is now protected by the existing as well as the new protection policy.
If an existing tag is removed from an asset or if the tag does not include a policy name, CloudPoint stops protecting that asset from the next policy run. The asset is then no longer being protected and is excluded from future policy runs.
If an asset tag contains a policy name that does not exist or if a policy exists but has a different protection level than the asset, CloudPoint generates a notification alert. As and when a matching policy with an appropriate protection level is created, CloudPoint automatically starts protecting that asset through the matching policy as per the policy schedule.