Using DataCore Swarm with Commvault v11.36 Backup & Recovery Deployment Guide
CommVault Backup & Recovery software can be easily configured to use S3 compatible object storage such as DataCore Swarm for backups. For additional safeguards against ransomware and accidental deletions, backups can be object locked using their WORM option.
Prerequisites
CommVault 11.36 or higher
DataCore Swarm object storage v17 or above
DataCore Swarm Gateway v8.2.1 or above
CommVault requires TLS connections to object storage. See our KB article https://caringo.atlassian.net/wiki/spaces/KB/pages/36930810/Configuring+haproxy+SSL+offloading+with+a+Self+Signed+Certificate+on+Content+Gateway)
S3 Access Key and Secret Key for the bucket. CommVault will create the needed bucket if it doesn’t exist.
Setting up an S3 compatible object store for CommVault
Swarm Content Portal
To generate an access token, navigate to the Swarm storage domain and select settings, then tokens sub-menu
On the domain settings view, press the “+Add” button to generate a new S3 token
Copy the Token ID and Secret Key to the clipboard for later pasting into the Commvault form.
Commvault Console
Setup credentials for Cloud Account
Go to the Manage -> Security -> Credentials Vault in the Web UI
then click Add
For Account Type, choose Cloud Account, for Cloud vendor type choose S3 Compatible Storage.
Enter the Credential name, Access Key ID, and Secret Access Key. The Access Key ID is the Swarm Token ID generated in the earlier step.
Click the Save button to add the credentials.
That’s it. At this point you can use the DataCore Swarm as an s3 object storage destination for Commvault backups.
You can find this information on the official CommVault documentation here:
https://documentation.commvault.com/v11/essential/configuring_cloud_storage.html
Example steps to setup a new backup job
Pre-requirement is your endpoint must have a valid trusted SSL certificate and be DNS resolvable
For a POC, if you wish to use the built-in self-signed certificate you will need to modify the following parameter :
Navigate to Manage → server groups → Media Agents → Configurations → Settings
Add the configuration parameter called “Cloud Storage Server Certificate Identity Check” and set it to “VERIFY SELF-SIGNED CERTIFICATE (NOT WITH ROOT CA)
Example:
Navigate to Storage → Cloud and press Add
Create a Storage Policy ( now called a new Plan ) by navigating to Manage → Plan and press Create Plan → server backup
Define the backup destination
Define the RPO
Once completed it will look like this
Now we need to enable WORM if you want to use the new immutability features.
This is now done via the UI natively; you no longer need a workflow for this functionality.
Enable Policy Versioning for the Swarm Cluster first
In the Swarm UI (not the Content Portal), select Settings from the side navigation bar.
Select “allowed” corresponding to
policy.versioningthen click Save.Then you need to enable versioning at the domain level as well. Navigate to the domain properties and unclick “Apply Evaluated Policy” then toggle Content Versioning to “Enabled”
Navigate to Storage → Cloud → Plan → Configuration Tab and edit the Worm Section.
This is what enabling WORM storage lock looks like:
Choose what you want to protect, in my example test environment I selected VM’s in a specific resource group on a VMware vCenter 7.0
Once you have added your source you can start backing any VM assigned to your VM Group.
Don't forget to assign the storage plan to the VM Group.
Example backup job , as seen in the gateway audit log
2025-01-29 12:04:59,959 INFO [E1281B72836212DC] 4 10.166.2.5 commvault.certlab.datacore.com S3 MULTIPART_PUT admin @ 200 18980096 0 277.00 - commvault.certlab.datacore.com cvbackupsimmutable AFTJ59_01.29.2025_10.36/CV_MAGNETIC/V_3/CHUNK_1/SFILE_CONTAINER_064 - ?partNumber=2&uploadId=2cdafe93f17f562d2e6bbfad8d917e9c346f8e38d27a58103737c15d19416a9b6599a50bbd962a47709bd24043bbb2390P PutObject [auth:3]
2025-01-29 12:05:01,117 INFO [6C35C6B17DA21ADD] 4 10.166.2.5 commvault.certlab.datacore.com S3 MULTIPART_COMPLETE admin @ 200 305 477 1155.00 - commvault.certlab.datacore.com cvbackupsimmutable AFTJ59_01.29.2025_10.36/CV_MAGNETIC/V_3/CHUNK_1/SFILE_CONTAINER_064 6599a50bbd962a47709bd24043bbb239 ?uploadId=2cdafe93f17f562d2e6bbfad8d917e9c346f8e38d27a58103737c15d19416a9b6599a50bbd962a47709bd24043bbb2390P PutObject [auth:4,refresh:-1]
2025-01-29 12:05:01,135 INFO [59D9804123545A35] 4 10.166.2.5 commvault.certlab.datacore.com S3 HEAD admin @ 200 0 0 16.00 20.20.20.12:80 commvault.certlab.datacore.com cvbackupsimmutable AFTJ59_01.29.2025_10.36/CV_MAGNETIC/V_3/CHUNK_1/SFILE_CONTAINER_064 6599a50bbd962a47709bd24043bbb239 - GetObject [auth:4]
2025-01-29 12:05:01,444 INFO [A0DDB194CAA5F9A8] 4 10.166.2.5 commvault.certlab.datacore.com S3 PUT admin @ 200 1048576 0 107.00 20.20.20.12:80 commvault.certlab.datacore.com cvbackupsimmutable AFTJ59_01.29.2025_10.36/CV_MAGNETIC/V_3/CHUNKMAP_TRAILER_1.FOLDER/0 0b36eae538bd9712e0de34170888c52e - PutObject [auth:4,OBJLCK:RETENTION:COMPLIANCE:2025-02-06T12:05:01.000Z,indexing:9]
2025-01-29 12:05:01,459 INFO [86D1B8DBE904780B] 4 10.166.2.5 commvault.certlab.datacore.com S3 HEAD admin @ 200 0 0 13.00 20.20.20.12:80 commvault.certlab.datacore.com cvbackupsimmutable AFTJ59_01.29.2025_10.36/CV_MAGNETIC/V_3/CHUNKMAP_TRAILER_1.FOLDER/0 0b36eae538bd9712e0de34170888c52e - GetObject [auth:3]
2025-01-29 12:05:01,505 INFO [F5C79DA756EFCA3B] 4 10.166.2.5 commvault.certlab.datacore.com S3 PUT admin @ 200 64 0 44.00 20.20.20.12:80 commvault.certlab.datacore.com cvbackupsimmutable AFTJ59_01.29.2025_10.36/CV_MAGNETIC/V_3/CHUNKMAP_TRAILER_1.SIZE 62b132c2576e3544d62069e59b566c31 - PutObject [auth:3,OBJLCK:RETENTION:COMPLIANCE:2025-02-06T12:05:01.000Z,indexing:12]
Tuning parameters
Navigate to Manage -> server groups -> media agents
Add a setting called “configure number of upload threads”
Related content
© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.