Skip to main content

Hi,

We would like to implement an airgapped environment for critical backup copies to remain isolated.

This environment must be controlled completely on its own (from inside) so instead of Commvault’s airgap approach, we are thinking of using hardware replication provided by our backup storage appliance in which the disk library resides (OceanProtect).

I understand that a Replica Library would let me use the hardware replicated disk library as read-only.

  • Will this work even if the replication is not continuous, but configured to run only at a specific time? (meaning that the replicated disk library won’t always have the latest data).
  • Would we be able to use the same or a standby MediaAgent to access that data?
  • In case the original disk library is compromised and cannot be recovered, would there be a way of using the Replica Library as the main disk library (like replicating everything back to the source backup appliance and restarting normal operations)?
  • Can we use the Commserve’s DR backup (which would be stored in the Replica Library and be from some days before) to start a new Commserve and have the Replica Library as the main disk library? 
  • If we had a standby CommServe (livesync) and a MediaAgent inside the isolated environment, would it be supported to attach the Replica Library to these and use it as read-write for normal operations?

Thanks in advance.

Sergio.

 

Hello @Sergio V 

 

Here are some answers to your questions: 

 

  • Will this work even if the replication is not continuous, but configured to run only at a specific time? (meaning that the replicated disk library won’t always have the latest data).

Commvault would have no understanding or control on your hardware level replication. So from a question around if the data is replicated on the schedule outlined i am assuming that would be achieved. 

  • Would we be able to use the same or a standby MediaAgent to access that data.

In the Java console we will have a library with mount paths where we write data. Each mount path will have a list of MA’s that can access the data and how to access it. If the data is a true mirror and you change the way a MA accesses the data to the replica copy, Commvault wont know anything changed and carry on. 

 

  • In case the original disk library is compromised and cannot be recovered, would there be a way of using the Replica Library as the main disk library (like replicating everything back to the source backup appliance and restarting normal operations)?

Same as question 2. Just update the access path for the MA of the mount path to the replica. 

  • Can we use the Commserve’s DR backup (which would be stored in the Replica Library and be from some days before) to start a new Commserve and have the Replica Library as the main disk library? 

You can stand a new Commserve where ever you like using the CS DR backup and read the data. You would have to update the mount path settings to point to the replicate once the CS is online. 

  • If we had a standby CommServe (livesync) and a MediaAgent inside the isolated environment, would it be supported to attach the Replica Library to these and use it as read-write for normal operations?
     

No, if we are not replicating the data then it will become comprised almost immediately. 


Please note that doing any operation outside of Commvault and expecting Commvault to just work is most of the time not going to work. The CSDB has a list of every item in the Mount path’s and knows what to expect. In the case a issue occurs and you go ahead and use the replicate copy but it was not 100% up-to-date you could result in a large scale issue if you are deduping your data. 

On paper it could be done, but it should not be done. Support will not be able to help you if you have any problems and the possible risk vs reward in my opinion is not worth it. 

 

Kind regards

Albert Williams


Reply