Commvault Cleanroom Technology

GrahamMay 5, 2024May 7, 2024no commentCleanroom Disaster Recovery

Contents

Commvault, a leading provider of cyber resilience and data protection solutions, has recently introduced updates to their portfolio. Cleanroom Recovery technology, significantly enhancing the capabilities of organizations to recover from cyber attacks and ensure the security of their data. These latest updates, announced on April 29, 2024, as part of the Commvault Platform Release 2024, are set to redefine the way organizations approach cyber recovery.

What is a cleanroom?

A cyber security cleanroom is a protected and segregated space created to restore data and systems following a cyber attack. It guarantees that the data and systems undergoing restoration are pristine, free from contamination, and devoid of any malicious software or other security risks that could have played a role in the initial breach. This method offers a controlled and regulated environment.

What’s new in Commvault Cleanroom Recovery?

Commvault has designed a platform, in the cloud which allows for recovery after a security event into a new, isolated location which hasn’t be accessed by the threat and subsequently been contaminated.

The main benefit of Commvault Cleanroom Recovery is orchestration. Disaster recovery events are orchestrated into isolated cleanrooms within Microsoft Azure. This solution is designed to be used for real disaster recovery situations. The Cleanroom Recovery solution goes beyond data recovery, it also focuses on enabling organizations to uphold business continuity amidst cyber threats. By allowing businesses to test their cyber recovery plans frequently, it gives businesses the confidence that their disaster recovery plans work both operationally swiftly.

Commvault’s Cleanroom Recovery technology is a major advancement in the realm of cyber resilience. By making state-of-the-art recovery solutions more accessible, Commvault is empowering businesses of various scales to strengthen their security measures and safeguard their critical data. Through the Cleanroom Recovery solution, companies can securely evaluate their cyber recovery strategies, perform tests, and restore data to a secure location seamlessly.

How does it work?

Business should typically host a backup of data and also store a copy of it in an air-gapped location, this is necessary since attackers are increasingly targeting both your primary and secondary data (including your control planes!), to ensure you cannot recover and force you into paying a ransom.

With Cleanroom Recovery, when a disaster recovery event is trigged, a new control plane is created in Commvault’s cloud. New credentials are presented to the administrator which provides access to the latest clean copy of the customers control plane.

Next, a new recovery target (cleanroom) is configured by the customer. This includes details such as Azure region, default virtual machine sizes etc.

Following on from this, a new recovery group is created along with a recovery point. Virtual machines, SQL servers and other workload types can be added to the recovery group. Post recovery actions can also be configured within the recovery group. (Such as applying security patches to your virtual machines, or changing IP addresses of your workloads)

Other standard features such as re-ordering which workloads are booted up can also be created within the recovery group.

When it comes to SQL databases, it’s possible to create a new VM for resorting SQL databases into, or select a pre-created VM for restoring.

Adding SQL Databases to Commvault Cleanroom Recovery Groups

With all recovery groups created, a recovery is simple. Pressing the Recovery button is all that’s needed.

Initiating a Commvault Cleanroom Recovery

The important of testing your disaster recovery plan

While most organizations have disaster recovery procedures in practice, it is often difficult to simulate those in reality. Challenges such as bringing up large volumes of workloads within specific RTO times are hard to overcome. Combine this with technical challenges such as ensuring there is no IP space overlapping between production and DR testing, and ensuring your test recovery of your mail server does not start to process live mail, are real issues and often results in testing infrequently.

With Commvault Cleanroom Recovery, DR testing can be completed in isolated resource pools, meaning that you can test the recovery of a single application, or multiple at the same time, without any risk to them connecting back to or disrupting production workloads. This means you do not need to necessarily re-ip all workloads, which is time consuming and introduces more risk especially while dealing with a disaster.

This kind of functionality means you can test DR as often as you like, weekly or monthly there is no limit on how often you can test the recovery of critical workloads. The cloud consumption model also means you pay for what you use and can orchestrate DR as often as your business demands.

What workload types are supported?

Commvault currently support a number of workload types, starting with the most popular:

Virtual Machines
SQL Databases
Unstructured data on Fileservers

Coming Soon: Active Directory with physical machines, application and other database types to follow.

Final notes

The simplified UI for Cleanrooms reflects how much of the complexity Commvault are removing from the DR process. The potential this kind of solution has for businesses is huge, with promises to expanding the types of supported workloads. Although we don’t have visibility of the roadmap Commvault could also allow customers to use different cloud providers for recovery, or to this on a per resource group basis.

Finally, given that cleanroom creation is within the cloud, it allows for saleable recovery rather than having to workaround limited compute and storage within a traditional on-prem or service provider environment.