> Commvault Cloud > Cleanroom Recovery > Planning

System Requirements for Cleanroom Recovery

Verify that your source and Azure cleanroom recovery environments meet the system requirements for recovering entities using the Cleanroom recovery operation.

Source Environment Requirements

Azure has the following requirements for the source VMs that are restored into Azure.

  • Add a secondary or tertiary copy of data to Air Gap Protect utilizing either Hot or Cool tiers.

    For more information, see Air Gap Protect.

  • Before you back up source VMs, verify the following:

    • The source VM name must conform to the following format restrictions. This can be addressed in the recovery options in Cleanroom recovery or on the source VM, whichever is the most convenient:

      • Cannot contain special characters and whitespaces.

      • Cannot begin with an underscore (_) and does not end with a period (.) and a dash (-).

    • The Remote Desktop Protocol (RDP) is enabled on the source VM. For Linux, verify that SSH is also enabled.

    • For Linux VMs, if you want to automatically power on the source VMs after the conversion, enable integration services on the source VMs.

    • Verify that Linux VMs have the required Hyper-V drivers for the VMs. For more information, see Installing Hyper-V Drivers for Linux VMs.

  • To recover an Active Directory, install the Active Directory agent on the source VM.

    If you are unable to access your AD user account for recovery, use a break glass account from a domain that is different from the current one, or use a local account. This will provide emergency access to AD in situations such as a cyber-attack or a compromised on-premises AD server.

Azure Cleanroom Recovery Site Requirements

  • Verify that the cleanroom recovery site is isolated from the production site.

  • Verify that the Air Gap Protect region and the Cleanroom target region are the same.

  • Verify that the source entities to recover are supported by Azure. For more details, see the Support Matrix.

  • Set up IAM to access Azure resources.

  • You must have an Azure subscription and tenant that have never been accessed by production accounts or connections.

  • Create resource groups, storage accounts, and network watcher resource groups in the cleanroom recovery site.

    • Azure Standard or Azure Premium general-purpose storage accounts are required for auto VM conversion.

  • Verify that identity management, such as AD, is configured in the cleanroom recovery site.

  • Verify that the following network resources are configured to prevent outbound communication:

    • Gateway

    • IPv4/IPv6 ranges defined

    • DNS

    • Firewall policies

    • DNS updates

    • TTL

    • Public and private IP registration

    • Network encapsulation

  • If your source data is encrypted, you must have the key management service and encryption key configured in the cleanroom recovery site. Also, verify that the key management service is added in Commvault Cloud. For more information, see Managing a Key Management Server

Loading...