Recovering a Safeguarded backup

Edit online

After you configure Safeguarded Copy function on your system, ensure to regularly test the configuration to ensure that Safeguarded backups can be recovered and restored if necessary.

If a cyberattack occurs, a Safeguarded source volume can be compromised for an indefinite amount of time until the breach is detected. In this situation, the most recent Safeguarded backups are not useful for restoring data on the production volume. Effective testing includes identifying versions of Safeguarded backups that can be used to restore the compromised data. Follow the guidelines and direction of your business continuity plan and your recovery point objectives to determine the frequency of testing your configuration.

In IBM Copy Services Manager provides automation for testing with the Recover Backup action. The Recover Backup action creates new host-addressable volumes with the data from a specified Safeguarded backup. These volumes can be mapped to a host or host cluster to verify that the host applications run correctly and do not contain corrupted data. For a response to an actual cyberattack, IBM Copy Services Manager supports a Restore Backup action. The Restore Backup action is meant to be used after recovered volumes are tested and verified. The Restore Backup operation copies the tested version of the recovered volume back to the original parent pool and replaces the corrupted version of the source volume.

To test Safeguarded backups, complete these steps:
  1. Log in to https://<IP address or domain name>:9559/CSM where <IP address or domain name> is the IP address or domain name of IBM Copy Services Manager instance. Use the Administrator username and password that you created during the configuration of Safeguarded Copy function.
  2. On the Sessions Overview page, select Sessions.
  3. On the Sessions page, select the volume group that contains Safeguarded backup copies that you want to recover.
  4. On the details page for the selected volume groups, select Session Actions > View/Modify > Properties.
  5. On the View/Modify Properties page, select the Recover Options tab, and specify the following options:
    Background copy rate
    Enter the rate at which Safeguarded backups are restored to the retention pool. Default value is 50.
    Retention pool
    Select the pool where recovery volumes of the Safeguarded backups are placed after the recovery operation. By default, IBM Copy Services Manager uses the pool in which the source volumes are located for the retention pool. You can also select a different pool for the recovery volumes. IBM Copy Services Manager checks the selected pool to determine whether a provisioning policy is assigned to the pool. If a pool uses a provisioning policy, IBM Copy Services Manager uses the capacity saving methods that are defined in the policy to allocate capacity for recovery volumes. If a provisioning policy is not set for the selected pool, IBM Copy Services Manager creates all recovery volumes as thin-provisioned volumes.
  6. Click OK.
  7. Select Session Actions > Command > Recover Backup.
  8. On the Recover Backup page, select the version of the Safeguarded backup copy that you want to recover. Safeguarded backups are displayed by their backup time from the most recent to the latest version.
  9. Ensure that the recover operation completes successfully. After the copy is recovered to the recovery volumes, the session state displays Target Available. You can also monitor the progress of the recover action by selecting Console to display all the command operations that were run during the action.
  10. After the recover operation completes, select the Recover Backup Info tab. Select Recovered Backup Time to display details on the recovery volume backup.
  11. On the View Recovered Backup page, verify the original source volume (H1 column) and the recovered volume (R1 column) and the currently mapped hosts. Each recovery volume is named with the original source volume name and appended with the timestamp when the backup was created. You can use the management GUI on the system to view and filter these recovery volumes. In the management GUI, select Volumes > Volumes and filter the volume list on the timestamp to show all the recovery volumes.
  12. To test the recovered version (R1 volume) of the Safeguarded backup, assign the recovered volume to a host or host cluster that you use for testing. Select Assign R1 to host.
  13. On the Map volume to host page, select the host or host cluster to assign to the recovered version of the Safeguarded backup. Click Yes.
  14. Validate that host application runs as expected to the recovered Safeguarded backup. Testing host application depends on the data and purpose of each application and the data that is stored on the volumes.
  15. After you complete testing, the Terminate H1R1 command can be used to delete the recovery relationship and recovery volume. Select Session Actions > Command > Terminate H1R1. You can also select Terminate H1 Keep R1 to delete the relationship between the source volume (H1) and recovered volume but keep the recovered volume (R1).