Protecting instances

HYCU for Google Cloud enables you to protect your instance data with fast and reliable backup and restore operations.

Prerequisites

  • The HYCU Managed Service Account (HMSA) must have the following roles granted on the projects with the instances that you plan to protect:

    • Compute Admin (roles/compute.admin)

    • Service Account User (roles/iam.serviceAccountUser)
    • Storage Admin (roles/storage.admin)

    For instructions on how to grant permissions to service accounts, see Google Cloud documentation.

  • Cloud Resource Manager API, Compute Engine API, Cloud Identity and Access Management API, Cloud Billing API, and Cloud Storage API must be enabled on the Google Cloud projects that contain the instances that you want to protect. For instructions on how to enable APIs, see Google Cloud documentation.
  • Only if you plan to back up and restore instances that use Shared VPC networks. Your user account or the HYCU Managed Service Account (HMSA) must be granted the following permissions in the Shared VPC host project: compute.firewalls.list, compute.networks.list, compute.networks.get, compute.subnetworks.list, compute.subnetworks.use, and compute.subnetworks.get.

Limitations

  • Local SSDs are not protected.

  • Instance memory is not protected.

  • Crash consistency of backup data is guaranteed only for each disk individually.

Recommendation

Only if you delete an instance from Google Cloud. If an instance that you delete from Google Cloud still has at least one valid restore point available in HYCU for Google Cloud, it is considered protected and its status is PROTECTED_DELETED. If you create a new instance with the same name, project, and zone in Google Cloud, HYCU for Google Cloud will recognize this instance as the old one during instance synchronization and change its status from PROTECTED_DELETED to PROTECTED. Using the restore points of such an instance for a restore could result in data corruption. Therefore, it is recommended that you create the new instance with a different name, project, or zone, or that you mark the restore points of the old instance as expired before performing a restore. For details on marking restore points as expired, see “Expiring backups manually”.

Considerations

  • Keep in mind that the role you have assigned determines what kind of actions you can perform. For details on roles, see “Managing roles”.

  • HYCU for Google Cloud uses an external IP address to access Google Cloud APIs if Private Google Access is disabled on subnets. If your data protection environment requires the use of an internal IP address, make sure Private Google Access is enabled on subnets. For details, see Google Cloud documentation.

  • Data in instance backup images, copies of backup images, and data archives that HYCU for Google Cloud creates is crash‑consistent, but it may not always be application‑consistent. If pre‑snapshot scripts are not provided, the application consistency of backup data is limited to applications that store their data on a single disk, and instances and applications that comply with the restrictions for creating a Windows Volume Shadow Copy Service (VSS) snapshot. For details, see Google Cloud documentation. For more information about Windows VSS snapshot prerequisites, see “Backing up instances”.

For details on how to efficiently protect instance data, see the following topics: