Cyber Resilient Database Protection with Commvault Cloud

  • 8 December 2023
  • 0 replies
Cyber Resilient Database Protection with Commvault Cloud
Userlevel 2
Badge +3

This article is co-authored with Sudha Iyer, Principal Product Manager



In the digital era, enterprise infrastructure is a key building block to the connected business, and application workload protection is the need of the hour for business continuity. As per Gartner®**, database workloads contribute to 17.5% share of infrastructure market with the steep rise in the use of the cloud databases.

Databases are of paramount importance to enterprises as they serve as the foundational backbone for managing, organizing, and leveraging vast amounts of critical information. Databases have evolved over the years from hierarchical tree like single node datacenter deployments to multi-node, distributed cloud environments. Commvault has been part of this evolution and has continued to protect database workloads through their digital transformation.

Cloud databases have revolutionized the way businesses manage and utilize their data, offering a dynamic and scalable solution that transcends traditional on-premises limitations. Hosted on cloud platforms, these databases provide organizations with the flexibility to scale resources up or down as needed, optimizing performance and cost-efficiency. They eliminate the need for complex hardware provisioning and maintenance, allowing businesses to focus on innovation rather than infrastructure management. 

Per the Gartner report** on Market Share analysis for DBMS49% of enterprises have adopted cloud databases, and the rest have continued with an on-premises or hybrid deployment of their database workloads for data compliance and data sovereignty reasons. 

Commvault offers an extremely comprehensive cyber resilient database protection solution, and this whitepaper details how you can leverage Commvault software to secure your database workloads irrespective of their deployment models and configuration.





Commvault's cyber resilience platform, Commvault Cloud, is an end-to-end enterprise-class solution, delivering the highest security, most intelligence, and fastest recovery, using a holistic approach that is scalable and provides outstanding control of your data and information.

It supports a very wide variety of database types and is built on a distributed pluggable architecture. A modern UI designed with input from DBAs makes it easy to use, configure, monitor, and manage data management operations.  

As enterprises turn to cloud databases to streamline business operations and update their technology, they require complementary cloud-based data management security systems that reduces infrastructure costs and management overhead. Commvault Cloud, powered by Metallic AI delivers enterprise-grade data protection as a simple cloud-delivered SaaS solution.


Commvault Cloud Software Architecture

CommCell environment

The Commvault Cloud CommCell is the basic unit and consists of a CommServe host, one or more MediaAgents, and one or more Clients.

The CommServe host is the central management component of the CommCell. It coordinates and executes all CommCell operations and maintains a Microsoft SQL Server database that stores all configuration, security, and operational history for the CommCell. 

The MediaAgent is the data transmission manager of the CommCell. It is responsible for data movement and management of data storage libraries. CommServe coordinates MediaAgent tasks and manages multiple MediaAgents in a CommCell.

A Client host is a resource where the application workloads are deployed and configured. For on-premise or IaaS virtual machines, Commvault Cloud software agents facilitate the protection, management, and movement of data associated with the client. Different agent software packages are available to manage various database and “Big Data” workload types.

CommCells can be controlled through Command Center (Commvault Cloud’s UI interface) as well as secure CLI/APIs interfaces (qCommands, REST APIs) for integration with DBA workflows.


Commvault Cloud Software deployment to protect database workloads

Example of in-guest agent-less deployment models via Oracle and PaaS database in Cloud

With a distributed and pluggable architecture, Commvault has several deployment options available to protect workloads:

  1. Agent In-Guest Deployment (agent Installed in compute VM) - With this deployment, the agent is installed inside the virtual or physical machine. The agent uses the database vendor's capabilities to protect the database and is application-consistent.
  2. Agentless Backup - With this deployment, a proxy host (called an access node or VSA) connects to the virtualization or cloud infrastructure to create a VM-level snapshot for a crash-consistent backup or use the native export/import functionality to backup/restore PaaS databases to/from the cloud storage.




Configuring Database Backups

Commvault Cloud makes configuring database backups easy and intuitive with the Command Center. With a few clicks, users can define what needs to be backed up (instance/subclient) and the 3Ws defined in the server plan - Where to backup (Target Destinations), When to backup (Schedules/RPO), and Who is authorized to backup (Personas) – with other database archive log and snapshot options.


Auto Discovery of Databases

DBAs often create databases and commission new database servers. Traditionally, protecting a newly created database requires the DBA to have the backup administrator, install appropriate backup software and adjust it for optimal backup settings.

Commvault Cloud’s auto discovery feature eases the administrative burden on backup administrators and automatically finds databases on servers and installs agents to backup newly created databases. Smart software defaults avoid the need for backup administrators to have intimate knowledge of database technologies. Auto-discovered databases are automatically associated with a preconfigured plan.

Databases can be auto-discovered on single node, multi-node, multi-tenant, multi-region environments.


Backup of Databases


Application-consistent backups

Application-consistent backups ensure that database backups are transactionally consistent so that a database starts up seamlessly post restore. To achieve application-consistency, Commvault Cloud leverages native APIs interfaces and tools like Oracle RMAN, SAP backint, XBSA, etc. to perform backup, restore, and data aging operations.


Backup methods – Stream, Export, IntelliSnap

Commvault Cloud provides various options for database backups. Customers can configure these options based on their workload size, deployment type, and required RPO/RTO.

One option for protecting database instances in VMs/cloud infrastructure/physical servers is via streaming data backupswhich leverage native tools like Oracle RMAN, SAP backint, pg_dump as well as many others. 

Another option is the Commvault Cloud IntelliSnap, which integrates with storage-level snapshots and virtual disk snapshots. IntelliSnap backup is an application-aware, zero downtime backup for database/application servers and provides rapid restore for aggressive RTO and faster replication for DR readiness. IntelliSnap currently supports multiple on-premises storage vendors like NetApp, Pure Storage, HPE, Dell as well as many others. It also provides fully automated snapshot lifecycle management and cloning of databases and applications for dev/test purposes.

In addition, for cloud infrastructure, Commvault Cloud supports snapshot-based backups for AWS RDS and Azure virtual disk snapshots. These snapshots can be replicated across regions and accounts. For PaaS databases like AWS RDS, Azure SQL, and GCP SQL, Commvault Cloud provides export backups wherein the database backup is directly exported to cloud storage.


Database Log backups

Log backups are a critical component to restore databases to a point-in-time (PIT) in case of a disaster. Commvault Cloud supports frequent log backups to meet aggressive RPO needs. Logs can be backed up on-demand or with pre-configured automatic schedules.

Commvault Cloud supports log backups even when the CommServe is down for maintenance mode and when the network connectivity to CommServe is lost, allowing for continuous protection of logs to meet the RPO.


Restore and Recovery

Restore and recovery leverage native APIs or snapshot restore techniques to get businesses up and running with minimal downtime. 

In the event of database failure, DBAs can restore the entire database or pick and choose granular items (table) to restore back to the source or to a different destination. As databases are hierarchically organized into instance, databases, tablespaces, and tables, supporting granular level restores helps DBAs overcome accidental human errors or logical corruptions to minimize downtime.



Example of cloning architecture

During day-to-day operations, there is often a need to create database copies (clones) for training environments or dev/test systems. Setup and decommissioning of these database copies need to be quick and easy. 

Commvault Cloud supports creating clones from IntelliSnap snapshots as well as from streaming backups. Clones can be attached to the source VM or a different VM and assigned a lifetime attribute. Once its lifetime value is met, the software automatically decommissions the clone, avoiding costly data and storage sprawl. 


Disaster Recovery

Being prepared for a disaster is not just limited to on-premises environment. Disasters can also happen in the cloud. As a result, it’s common to distribute data environments across multiple regions or hybrid architecture. If one region goes down, you can start the database and application services in the DR region. For building a meaningful DR concept, you should ask yourself these critical questions:

  • How can I replicate my application data between the regions?
  • How can I meet my SLAs?
Example of disaster recovery mode using auxiliary or aux copy for stream and snapshot data backups

Commvault Cloud supports multiple options to help customers be recovery ready. One of the simplest options is to use the auxiliary or aux copy for stream and snapshot data backups. An aux copy is another backup copy stored on a different backup destination. This copy can leverage Commvault Cloud's deduplication, compression, and encryption technologies, which help reduce network bandwidth, storage consumption and enforce data security. The aux copy backup can be run to move infrequently accessed data to cold storage for long-term retention for compliance and governance purposes.

A second option is to leverage cloud storage replication such as Azure geo-redundant blob storage containers (like RA-GZRS) to build a cloud library that is shared between multiple regions.

Alternatively, Commvault Cloud’s auto recover capabilities, where log shipping keeps the database at the DR site in sync with the source database, can be used to get the database up and running with minimal downtime in case of a disaster. 


Automate and Orchestrate with DBA workflow

DBAs automate database operations with pipeline workflows to orchestrate and align with their business services. Additionally, DBAs create personas for different operations with varying roles and privileges in multi-tenant deployments. This is error-prone, time-consuming, and needs advanced scripting knowledge. 

Commvault Cloud provides developer tools (such as REST APIs, Ansible, Terraform, Python scripts as well as many others) to facilitate the development of business services with RBAC at every step of execution process. In scenarios where the DBA must deploy and configure for example 25 or more database workloads in the Commvault Cloud ecosystem - using automated scripts will save the DBA time and efforts as well as get the database rapidly protected. API-driven automation exposes custom APIs, making it easier for backup administrators to quickly deploy scripts.

In addition, Commvault Cloud workflow solution or Pre/Post script execution capability can have a custom workflow while integrating with the backup ecosystem. For example, the Commvault Cloud workflow solution can be used for things like multi-level authorization, custom events, and custom notifications.


Cloud Database support

As more and more enterprises migrate their databases to the cloud, Commvault continues to evolve with them by adding support for the most popular databases on the most popular hyperscalers (AWS, Azure, GCP, OCI, Alibaba). From PaaS, NoSQL to NewSQL databases, Commvault protects cloud databases with storage efficiency, air-gapped immutability, and auto-scaling of infrastructure which keeps cloud costs down.


Cross Cloud (Hybrid Cloud) workload mobility

Large enterprises often have database deployments duplicated across multiple cloud providers and datacenters. This allows them to be DR-ready in the event of a cloud outage or data center outage. Commvault Cloud supports this cross-cloud and hybrid cloud mobility by efficiently moving de-duplicated data as part of an aux copy or restore operation.

An alternative option is to leverage Commvault Cloud Auto Recovery for databases (Oracle, MS SQL) for critical production systems or landscapes. After creating the baseline in the cloud via full and incremental backups, DBAs can enable log shipping. Once the secondary system has caught up, DBAs can stop the production environment. Then, after applying the final set of archive logs, DBAs can open the virtual system in the cloud as the new production environment. 



Enterprises manage diverse workloads like file servers, databases, VMs, and SaaS apps across on-premises and various clouds. Without a centralized management pane, administration of these workloads would require specialized personnel equipped with functional knowledge and advanced scripting skills. DBAs may need to navigate different interfaces and tools for various data management tasks, causing delays in identifying and resolving issues. This lack of real-time insights and streamlined workflows can result in extended downtime during data recovery scenarios.

The Command Center provides a single pane of glass for centralized data management and protection. By providing a unified view of an organization's entire data ecosystem, Command Center simplifies complex tasks such as backup, recovery, and data migration across diverse environments. Its user-friendly interface empowers DBAs with real-time insights, enabling proactive monitoring and efficient management of data policies. With automated workflows, customizable dashboards, and advanced reporting, Command Center enhances operational efficiency while ensuring compliance and reducing risks.



To be production ready, enterprises need a comprehensive and secure data protection solution that meets the required RPO/RTO, cross-cloud (hybrid cloud) mobility and provides built-in disaster recovery capabilities.

With Commvault Cloud, you can easily safeguard your data and database logs across on-premises and cloud platforms through seamless integration and user-friendly automation features. Commvault's integration with storage vendors and advanced snapshot orchestration delivers low-impact backup and recovery of database environments, both on-premises and in the cloud. 



You can read further about our integration ecosystem and supported technologies here.


**Gartner, "Market Share Analysis: Database Management Systems, Worldwide, 2021", June 10, 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally.

0 replies

Be the first to reply!