By Dave Orban
Commvault’s quarterly cadence of Feature Releases allows us to continually bring new functionality and general awesomeness to our award-winning data protection platform. This constant innovation is the basis for our suite of Intelligent Data Services that help our customers solve their toughest, most business-critical data challenges. And while great technology is certainly nice to have, it’s nothing if it doesn’t actually improve the user experience. And Feature Release 11.25 does just that. Generally available since November 15, it’s already proving useful to some of our early adopter customers, and here’s why: This round of enhancements is all about helping to reduce cloud costs while streamlining deployment and management of cloud-based workloads, along with expanded workload support, new Command Center functionality, and powerful security enhancements.
Data Management & Protection
As with each Feature Release, FR 11.25 delivers on both market needs and customer requests. Our modernized CommServe for Linux allows organizations to take advantage of the cost-saving benefits of the Linux operating system. Additionally, we facilitate the deployment and migration of cloud-based database workloads with Cloud AWS PaaS enhancements for Oracle RDS & MS SQL. For our Service Provider partners, we’ve greatly simplified data protection and management for their customers with robust, unified, single-pane-of-glass management through the Commvault Command Center™. Here’s a closer look at some of the new features.
- CommServe® software on Linux – Some organizations choose Linux over Windows in order to take advantage of reduced cost, enhanced performance, and, given that Linux is targeted less frequently by cyber threats, increased security. CommServe for Linux also helps organizations in Financial Services; Federal; and State, Local, and Education (SLED) remain in compliance in scenarios that require Linux-based environments.
Cloud and Virtualization
- V2 Indexing for Hyper-V and Azure Stack Hub provides admins with greater control and enables backup, recovery, aging, and reporting at the Virtual Machine level, particularly useful in helping customers meet aggressive SLAs. We’ve also simplified migration from V1 to V2 hypervisors, allowing customers to take full advantage of this new feature.
- VirtualizeMe to Azure Stack Hub allows a user to convert physical computers into a virtual machine instance within the hypervisor platform. This enables a fully-automated disaster recovery and migration solution for both physical servers and virtual machines, via File System Agent, directly into Azure Stack Hub.
- Amazon EBS Direct-Read Support enables users to protect and recover Amazon EC2 and Elastic Block Store (EBS) data in the most efficient manner. This simplifies recovery of files and folders without the need for labor-intensive indexing and searching. It’s also been extended to allow for live browse for Linux Guest Instances, along with Direct Write volume restores for both EC2 and EBS. With this new API-driven capability, you’re able to recover data directly to wherever you need it, without the need for access nodes or additional infrastructure.
- AWS Graviton2 Support for MediaAgents (for M6g and R6g instances) and Cloud Access Nodes (for C6g, M6g, and R6g instances) enables improved performance and cost savings over Intel or AMD-based offerings within Amazon EC2. This is just the latest example of Commvault investing in cost-optimization through modernized infrastructure for our customers’ cloud environments.
Commvault Disaster Recovery is a comprehensive solution for meeting the DR needs of customers with workloads both on-prem and in the cloud, as well as in hybrid environments, helping them to meet their cloud transformation and business continuity needs. Enhancements in FR 11.25 include:
- Continuous Replication Enhancements such as block-level filtering for faster sync times and reduced storage consumption on the source-side storage pool.
- Support for VMware to GCP Replication for better on-prem application portability for customers of both VMware and Google Cloud.
- Test Failover Capability for AWS Replication enabling periodic failovers for DR testing without impacting the production environment.
- Replication Using Multiple Access Nodes to allow optimal throughput and improved scalability within larger environments.
- Enhancements to the Disaster Recovery Dashboard including contextual views that highlight your Environment, your SLAs, your prior month’s Stats, your Replication Status, and your largest Hypervisors, allowing you to work more quickly and with greater accuracy.
- Disaster Recovery as a Services (DRaaS) for Managed Service Providers allowing MSPs to offer Commvault Disaster Recovery as a Service. Their customers can now take full advantage of Commvault’s robust disaster recovery technology, including sub-minute Recovery Point Objectives and near-zero Recovery Time Objectives for continuous or periodic replication at virtually any scale, in on-prem, cloud, multi-cloud, and hybrid environments. Enhanced metering allows an MSP to keep track of consumption, while Utility and Subscription billing options allow them to better meet the unique financial requirements of their customers.
Enhancements to the Commvault Command Center™ and the overall User Experience
Search functionality has been expanded to include the Entity Search Bar and Breadcrumbing, helping to simplify and speed up navigation across the entire application. Additionally, many “right-side fly-in” menu items have been replaced by full-page “wizards,” again providing both uniformity and optimizing screen real estate to simplify the creation and management of many routine tasks.
Metallic Backup as a Service (SaaS) linkage for Service Providers
This allows Service Providers to link individual Metallic subscriptions to their Tenants within the Commvault Command Center™, and extends Metallic BaaS as another service that can be offered – and rapidly deployed – by our Service Provider Partners. It provides for intuitive, single-pane-of-glass workload management, regardless of where they reside: on-prem, in the cloud, in multiple clouds, or in hybrid environments. Tenants can now consume Metallic services as well as on-prem services, all directly through the Commvault Command Center™
With ransomware on the rise – the FBI reports a 300% increase in documented cybercrimes since the start of the Covid pandemic – at least 75% of IT organizations are expected to face a ransomware attack within the next 3 years. And since it’s only going to get worse, Commvault takes data security very seriously… and so should you. While it’s prudent to be doing everything possible to protect against cyberattacks, the assumption is that you’re likely to experience an attack regardless of how much protection you have. So the real question is, how quickly – and how thoroughly – can you recover from an attack? Because being able to recover – and quickly – is the difference between a minor business disruption and a potentially catastrophic business failure. Accordingly, here are some of the security enhancements that we’re bringing to you with Feature Release 11.25:
- CIS Level 1 Hardening for Microsoft Office Validation Assistant (OVA) – The Center for Internet Security (CIS) provides the global IT community with recognized best practices for securing data and IT systems. CIS Benchmarks are consensus-based security configuration guides that have been developed and accepted as the benchmark of choice within government, business, industry, and academia. CIS Level 1 provides a foundational hardening of the IT environment, reduces the potential attack surface while minimizing adverse impacts on performance. In 11.25, we’ve introduced a pre-hardened image of the CommServe, an easy-to-deploy virtual image. This reduces the attack surface for Commvault infrastructure and helps mitigate against common threat tactics including lateral movements and malicious execution of code. It also helps organizations remain compliant with policies centered around other security standards, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), as well as ISO 27000, PCI DSS, HIPPA, and others.
- Ransomware protection enhancements for Windows Media Agents is designed to help ensure that backups are protected from common, newly-identified methods used to gain access to and destroy backups that might be used in a recovery scenario. By using Commvault’s immutable framework to reject unauthorized changes to network and local attached storage on the Media Agent, we’re able to provide an additional level of protection and help ensure that you’ve got a clean backup from which you can recover. Taken in conjunction with air-gapping and a 3-2-1 backup strategy, this provides both excellent protection and a path to recoverability in the event of a cyberattack.
- Encryption Key Management enhancements. Exfiltration has become a frequently-employed tactic used by cyber criminals to steal data and credentials. Mitigation techniques include encrypting data and maintaining encryption keys securely. Commvault’s built-in Key Management System (KMS) stores all keys in the CommServe® database. However, we recognize that might not satisfy security requirements for certain types of customers. New key management features in Feature Release 11.25 include enhanced protection for Encryption Keys to restrict unauthorized access to backup data.
We’ve also decoupled the KMS credentials from the CommServe database to limit access to unauthorized personnel. And we’ve added new options that enable a higher level of control and security. Other enhancements around Key Management include:
- Identity and Access Management (IAM) role for AWS Key Management System (KMS)
- Managed Identity Authentication for Azure Key Vault
- Ability to configure Access Nodes for KMS Authentication
- Ability to use credential files for AWS KMS configurations
- Ability to Bring Your Own Key (BYOK)
- One-way forwarding gateway topology isolates and segments data storage targets, reducing access to critical systems and services. Our new network topology forwards in only one direction through the proxy or gateway, instead of requiring both sides into the gateway. This provides greater flexibility in how we architect network topologies for service providers. Data isolation is an effective strategy for mitigating against lateral moving threats. Commvault’s methodology allows for a simple, policy-driven approach to isolating data.
- Restricted mode for workloads adds multi-factor authentication as well as dual authorization controls around the deletion or disabling of workflows. This reduces risks posed by insider threats (or even a simple user error) gaining access to valid credentials and subsequently deleting or disabling workflows.
- Platform security optimizations including an upgrade to Python 3.9.2, along with automated internal texting for ransomware, and optimization of encryption key lookups increase security, help to validate our protection mechanisms, and improve performance of restores.
Data Compliance & Governance
As the volume of electronic content that organizations generate, receive and store continues to grow rapidly, the challenge of eDiscovery and maintaining regulatory compliance expands with it. In 2020, the SEC alone brought more than 7 enforcement actions for non-compliance, totaling nearly $4.7 billion USD in penalties – the highest amount on record. To help our customers meet these challenges, Commvault helps to streamline collection and identification of electronically-stored information for investigations, legal and compliance matters, and Freedom of Information Act (FIOA) and Open Records requests. In FR 11.25, Compliance Archiver is now available from directly within the Commvault Command Center™. We’ve also added support for Customer Data Management (CDM) for Oracle. There are new data governance entities in support of data privacy and security initiatives. There’s File Storage Optimization for AWS, Azure, and Google Cloud. And we’ve added file system immutability to complement and extend our ability to protect customer data, regardless of how – and where – you’re using Commvault: On-prem, with Commvault HyperScale™, in the cloud, across multiple clouds, or in hybrid environments.
Modernization of data infrastructure is on everyone’s mind these days, with nearly 75% of those surveyed telling us that at least 1 out of 4 applications are currently undergoing modernization, with 65% saying that they are in the midst of an active digital transformation journey. To help facilitate those initiatives, enhancements in Feature Release 11.25 include:
- Google Cloud Spanner Protection – Cloud Spanner is a fully-managed, mission-critical relational database service that offers transactional consistency at global scale. It’s used by banks and financial services institutions for transaction tracking; in the gaming industry for micro-transactions; and in retail for dynamic pricing and just-in-time fulfillment. By expanding our Database as a Service (DBaaS portfolio through support of Google Cloud Spanner, we’re giving DB admins a simple user interface for initiating, managing, and monitoring backups and restores, with multiple options for retention and scheduling.
- Commvault Command Center support for Gluster and Lustre Backup. TheGluster file system is a scalable network file system suitable for data-intensive tasks such as cloud storage and media streaming.The Lustre file system is a high-performance clustered file system that enables parallel data access across multiple cluster nodes for workloads requiring speed, such as in Machine Learning or video processing.
We’ve provided the ability to archive GPFS, HDFS, and Lustre data these for some time within our CommCell Console, but by bringing them into the Commvault Command Center™, we’re providing a much simpler, more efficient way to manage them all.
- IBM Spectrum Scale (General Parallel File System or GPFS) is a large-scale network file system suitable for advanced workloads such as high-performance computing and Big Data.
- Hadoop (HDFS) is a distributed file system that handles large data sets and be run on commodity hardware. It has a wide variety of use cases, such as data analytics.
- Lustre file system is a high-performance clustered file system that enables parallel data access across multiple cluster nodes for workloads requiring speed, such as in Machine Learning or video processing.
With these agents already available for backup within the Commvault Command Center, it was only natural for users to want Command Center File Archiving, putting all of these under control of a single interface.
- Commvault VTL 2.0 Support for IBMi – The Commvault Virtual Tape Library (VTL) 2.0 is a direct replacement for tape storage, reducing the cost of both physical storage and transport. It’s useful for off-site copies for Disaster Recovery, and when coupled with Fiber Channel connections, provides fast backup, with built-in deduplication to reduce the storage footprint. And it circumvents the standard IBM “save while active” limitations that accompany the standard streaming backup methodology.
- Optimized licensing and reporting for Kubernetes – Feature Release 11.25 introduces optimized Kubernetes Reporting around container licensing. The new License Summary Report is now available within the Commvault Command Center™.
Databases are at the heart of enterprise IT infrastructure. With the wide array of databases in use today, you need a unified approach that allows you to migrate workloads to the cloud faster, back up your databases more efficiently, and streamline data access, all while supporting things like copy data management. Commvault makes it easy with support for a wide range of databases, including Oracle, Microsoft SQL Server, SAP, MySQL, IBM DB2, PostgreSQL, Informix, and Sybase, as well as protection for distributed applications such as MongoDB, Cassandra, Greenplum, Hadoop, and IBM Spectrum Scale. In FR 11.25, we’ve added:
- Full-instance backups and restores of MySQL databases using Percona XtraBackup. This allows a user to perform a hot backup even while the system is running. This enables faster backups of MySQL InnoDB databases and DB instances when using mixed storage engines, particularly useful if your MySQL instance is comprised of many smaller InnoDB databases.
- Performance enhancements to IntelliSnap® snapshots include enabling multi-stream restores from each snapshot mount point. This allows files restores to be distributed across multiple streams for any given mount point, helping to improve SLAs.
- Extent-Based Backups for SAP HANA® divides large data files into smaller-sized chunks (extents) to enable parallel backups across streams, for quicker recovery times and improved SLAs. Additional enhancements for SAP HANA® include buffering of non-uniform-sized data blocks and deduplication to optimize writes to a backup target, as well as progress tracking of backup and restore operations.
These are just some of the highlights of the many new features that have arrived with Feature Release 11.25, providing a powerful incentive for customers to keep their Commvault deployments up-to-date.
Commvault Intelligent Data Services
It’s no secret: Data and workloads have expanded and evolved over time, leading to multi-generational data sprawl that introduces new risks to your business. The result? A business integrity gap, the gap between where organizations’ data environments are today – hampered by the challenges of data sprawl – and where their data environments should be, in order to thrive, accelerate, and modernize how data is utilized in their business.
Commvault’s Intelligent Data Services platform provides a variety of tools to help meet these challenges, closing that business integrity gap and enabling organizations to accelerate business growth. From data management and protection to data security, data compliance and governance, data transformation, and data insights, Commvault delivers a flexible, future-proof architecture that provides unprecedented customer choice in consumption models: As an on-prem solution, via SaaS with Metallic, through an integrated appliance with HyperScale X, as enterprise software, or as a fully managed service through one of our global partners.
Commvault Intelligent Data Services help solve real customer challenges and deliver tangible benefits. Our relentless focus on the user experience is why we’re investing every quarter in expanding our workload coverage, bringing multi-cloud to the edge, and constantly evolving our strategies around ransomware defense and recovery.
Need a deeper dive? Check out the official documentation for FR 11.25 at https://documentation.commvault.com/11.25/essential/index.html