Commvault Adds Features to Fortify Ransomware Security

By David Orban

With ransomware and other cyber threats being headline news around the globe, Commvault Feature Release 11.26 includes numerous security enhancements to our best-in-class Intelligent Data Management Platform that help to harden infrastructure against attack and enhance recoverability. And since multi-cloud is the name of the game, we’ve made it easier to take full advantage of the major cloud providers for the utmost in flexibility and cost-efficiency. Generally available on Feb 15, 2022, here’s a partial list of new features that that make good on our ongoing commitment to providing a future-proof platform for protecting, managing, and recovering your data and workloads. 

Data Protection is all about protecting your data and workloads and helping to ensure rapid recoverability… whether it’s on-prem, in hybrid environments, in the cloud, and even across multiple clouds. Enhancements include:

  • Taking full advantage of cloud-native APIs like Amazon Elastic Block Store (EBS) direct write and Azure Stack Changed Block Tracking (CBT) incremental snapshots helps to increase performance and reduce reliance on cloud access nodes
  • Extending Commvault® Disaster Recovery orchestration to include Object Storage and Big Data File Systems like Hadoop
  • Protecting and preserving cloud metadata tagging of workloads to simplify conversion and migration across Microsoft Azure and Amazon Web Services (AWS)

Data Security is all about hardening your defenses to detect, prevent, and recover from ransomware attacks and other data breaches. Enhancements include:

  • Utilizing hardware-based security tokens like those offered though YubiKey and the U.S. Department of Defense, along with common access card support, helps to strengthen your security posture
  • Leveraging highly secure cloud authentication methods, including the AWS Key Management System (KMS) and Azure Key Vault

Data Compliance & Governance is all about providing new tools manage data access and enable compliance with a continually-evolving regulatory landscape. Enhancements include:

  • Enabling the use of external classifiers like Azure Form Recognizer to simplify data governance
  • Driving operational efficiency by migrating and leveraging existing indexes across Data Governance and eDiscovery solutions 

Data Transformation provides the ability to seamlessly move data across disparate environments for app modernization as well as enabling new workloads and processes. Enhancements include:

  • Accelerating cross-region disaster recovery in the AWS cloud through the use of Amazon EBS direct-write APIs
  • Allowing Service Providers to easily deliver Commvault® Disaster Recovery as a Service (DRaaS) to their clients

Data Insights applies artificial intelligence (AI) and machine learning (ML) to your data to help drive cost savings and operational efficiencies. Enhancements include:

  • An upgraded entity extraction engine reduces memory requirements and increases performance of eDiscovery and compliance operations 
  • Utilizing ML-driven data insights within Data Governance to calculate sensitive data risk assessments and identify anomalies in user behavior

Here’s a deeper drill-down on some additional features of note:

Data Protection

  • Disaster Recovery for Amazon EC2 Using EBS Direct APIs. Commvault® Disaster Recovery now leverages Amazon Elastic Block Store (EBS) direct APIs when performing Amazon EC2 instance replications. This eliminates the need to create and attach volumes to a cloud access node in the destination region. Periodic replication powered by EBS direct APIs allows for full-instance Amazon EC2 restores and Attach Volume restores both within the same region and across multiple regions, optimizing throughput speeds for greater efficiency.
  • MetroCluster Solution and Replication for the Dell EMC TimeFinder SnapVX (SYMCLI) Snapshot Engine. Dell EMC’s SnapVX provides the ability to manage consistent point-in-time copies for Storage Groups with a single operation. You can now create TimeFinder SnapVX snapshots on PowerMax/VMAX3/VMAX arrays in standalone, metro cluster, and replication configurations using the TimeFinder SnapVX (SYMCLI) engine.
  • Restarting NDMP Multi-Stream Backups on Isilon File Servers. When multi-stream backup fail on Dell EMC Isilon/PowerScale OneFS file servers, Commvault software can quickly complete those multi-stream backups. During the initial backup job, the OneFS software creates checkpoints that Commvault utilizes in order to automatically restart the failed backup.

Data Security 

  • Utilizing a Security Key for Two-Factor Passwordless Authentication. Users can now use FIDO2-compliant (Fast Identity Online 2-factor authentication protocol) hardware security keys (such as Yubico’s YubiKey) as a multifactor authentication method for logging on to local networks and to Active Directory. Fast Identity Online 2-Factor (FIDO2) Authentication enables a user to log-on without having to enter a password. Once two-factor authentication has been enabled in Commvault, users can use the PIN-generation tool or they can set-up their hardware security key as their primary multifactor authentication method. If Security Assertion Markup Language (SAML) has been configured through the authentication provider, you can also use YubiKey for SAML-based logons.
  • Common Access Card (CAC) Authentication. CAC authentication is now supported for logging onto both the Commvault Command Center™ and the Java Console. CAC authentication complies with U.S. Department of Defense security guidance, and users can now use their card for a passwordless authentication experience.

Data Transformation 

  • Cataloging Snapshots on a NetApp Storage Array Uses SnapDiff v3. For NetApp storage arrays with ONTAP enterprise data management software (beginning with version 9.8), SnapDiff v3 is utilized for cataloging snapshots. SnapDiff is an internal ONTAP engine that quickly identifies the file and directory differences between two snapshot copies, to streamline snapshot management.
  • Deploying a VMware Access Node or FREL for Linux. You can now deploy a VMware Linux Access Node or a VMware File Recovery Enabler (FREL) directly from within the Commvault Command Center™. You can add a VMware Linux Access Node to a hypervisor and use it for both backup and restore operations. When you initiate the deployment of a FREL, the Commvault software uses its Open Virtual Appliance (OVA) template to create a VM that contains the FREL. You can then use the FREL to browse Virtual Machine (VM) data from a backup of a source Linux VM. This simplifies backup and restore operations.
  • Using Oracle Linux as a VMware Access Node or FREL for Linux. You can now use an Oracle Linux 8 machine to create a VMware Access Node or FREL directly from within the Commvault Command Center™. This simplifies backup and restore operations.
  • New Configuration Tool for Object Storage and Big Data Replication. You can now configure replication for object storage and big data destination sites using a tool that simplifies and streamlines the entire process. The configuration tool guides you through setting-up both source and destination sites for DR, helping you manage storage, network settings, data transport, and secondary copies.

Data Insights

  • Adding Data Sources in Bulk for File Storage Optimization. You can now add file server data sources in bulk for data analysis using File Storage Optimization. You can specify and add data sources individually from within the Commvault Command Center™, or by specifying and adding data sources in bulk via a CSV file. 
  • Improved Resource Management When Analyzing Sensitive Data in Microsoft Exchange. You can now use the same index server when Content Indexing Exchange data sources both within Sensitive Data Governance and during a backup operation. Repurposing the index server reduces hardware costs and increases operational efficiency.

As Commvault celebrates more than 25 years of data management success and innovation in helping businesses of all size protect and manage their data, our regular cadence of Feature Releases demonstrates our commitment to innovation. This innovation is what enables our customers to meet their ever-changing data protection and recovery needs through the continuous evolution of our Intelligent Data Management Platform – a suite of tools that help organizations manage enterprise data and accelerate business growth. These ongoing enhancements provide a powerful incentive for customers to keep their Commvault deployments up-to-date. Complete documentation of all the features and capabilities included with this release can be found at https://documentation.commvault.com/11.26/essential/143030_feature_release_1126.html