Features and enhancements that we want to highlight in this platform release are listed here, with a link to full documentation for the feature.
Artificial Intelligence
Arlie API Code Assist
Arlie API Code Assist feature allows users to use natural language interaction to get step-by-step coding assistance on using Commvault APIs. This valuable tool streamlines the Commvault APIs, making it faster and easier for engineers to implement integrations and automation.
Arlie Active Insights
The Arlie Active Insights feature provides accurate recommendations based on previously resolved tickets, allowing you to quickly resolve job errors and paused jobs.
Additionally, this feature reduces your downtime by helping you resolve issues faster and reducing your dependence on customer service for assistance.
Arlie Chatbot
The Arlie Chatbot feature enables you to ask questions using natural language about configuring and using the Command Center. The Arlie Chatbot lists answers derived from the Commvault product documentation, saving you time and effort by providing the necessary information in the same Command Center browser window. The Arlie Chatbot also lists relevant walk-throughs and Commvault store contents.
Custom Walk-Through
Use the custom walk-through feature to receive step-by-step guidance on using the Command Center to complete common tasks. In a walk-through, in-product suggestions appear in message boxes to guide you through different steps of a task.
Cloud Native Workloads
AWS Canada West (Calgary) Region is now protected
Today, Commvault is announcing protection for supported workloads in a new Region in Canada. AWS Canada West (Calgary), also known as ca-west-1, is the thirty-third AWS Region. Commvault supports deployment to, integration with, and protection of the following AWS services: Amazon Aurora, Aurora PostgreSQL, AWS CloudFormation, Amazon DynamoDB, Amazon Elastic Block Storage (Amazon EBS), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), AWS Identity and Access Management (IAM), AWS Key Management Service (AWS KMS), AWS Organizations, Amazon Redshift, Amazon Relational Database Service (Amazon RDS), AWS Security Token Service, Amazon Simple Storage Service (Amazon S3), AWS Systems Manager, Amazon Virtual Private Cloud (Amazon VPC), and VM Import/Export. Commvault also protects additional AWS Global Infrastructure in AWS Local Zones in Toronto and Vancouver. You can get started today by deploying Commvault from the AWS Marketplace.
Amazon EBS volume restore now supports customization
Commvault Cloud restores for Amazon EC2 and Amazon EBS now allow you to customize volume type, encryption keys, throughput, and IOPS. You can tune your recovered EBS volumes to meet your security, performance, and cost objectives. You can intelligently recover your instances and volumes with original settings or customize on a per-volume basis. True cyber resilience includes the ability to perform reliable cost-aware recovery testing, which custom EBS volume recovery delivers.
Amazon S3 object backup support in Canada West Region
Amazon S3 backup support is now available in the Canada West Region. You can now protect your Amazon S3 and S3 Express resources in this region, ensuring your data is safe from unplanned data loss or corruption events.
Announcing Amazon EBS io2 Block Express Volume protection
Commvault Cloud now protects your Amazon EBS io2 Block Express volumes when protecting your large, I/O intensive, mission-critical applications. io2 Block Express volumes deliver up to 4x higher throughput, IOPS, and capacity than io2 volumes, and are designed to deliver sub-millisecond latency and 99.999% durability.
You can protect your volumes with EBS snapshots and service-independent backup copies stored in cost-optimized Amazon S3. Commvault protects and recovers your EBS volume data and configuration settings (capacity, throughput, and IOPS), ensuring that your recovered applications meet your business performance and cost objectives.
Enable fine-grained permission controls with service control policies in AWS Organizations
Starting today, you can use Commvault-provided service control policies (SCPs) to set data protection-aware permission guardrails with the fine-grained access controls. This makes it easier to ensure that you have met Commvault Cloud IAM permission requirements and that your workloads can be protected. AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Commvault integrates with your organization by providing least-priviledge SCPs for your central security administrators to deploy, ensuring cross-account protection occurs reliably.
Google Cloud Platform Customer Managed Encryption Keys across Projects Support
The Virtual Server Agent for GCP now offers support for Compute Instances that are encrypted with a Key Management Service (KMS) located in a different Google Cloud Platform project. This means that customers can easily select and restore their Compute Instances with the desired KMS key from any GCP project, enhancing flexibility and security for their encrypted data.
Introducing Commvault Cloud account customization with AWS Control Tower Account Factory Customization
Commvault Cloud now helps customers effortlessly customize and generate new AWS accounts for their organizations, complete with Commvault-required IAM permissions and policies. Leveraging AWS Control Tower Account Factory, Commvault-provided account customizations are provided to streamline your multi-account landing zone setup, and creation of service and worker accounts, guaranteeing efficient deployment with assured protection by Commvault Cloud.
OCI Dedicated Region Support
OCI Dedicated Region Support allows customers to seamlessly integrate and operate their on-premise OCI Dedicated Region environment, including VM and storage, from within Commvault. This provides the convenience of managing all cloud infrastructure and data backup and recovery processes within a single platform, improving efficiency and streamlining operations.
Protecting Encrypted etcd Databases on Red Hat OpenShift Container Platform Clusters
Commvault now protects encrypted etcd databases for the Red Hat OpenShift Container Platform (RHOCP) clusters, ensuring that sensitive data such as secrets and config maps remain protected even if an etcd backup is compromised. The encrypted etcd backup provides an added layer of data security and prevents possible loss of sensitive data.
Release Commvault AMIs in Calgary Region
The new Calgary Region for AWS Canada West is now available, and Commvault AMIs can be easily deployed in this region. By deploying Commvault AMIs in the Calgary Region, users can effectively protect and recover their AWS workloads, ensuring the safety of their data and enabling efficient disaster recovery processes.
Simplified Licensing for Kubernetes with Capacity License
Commvault software has simplified the Kubernetes metering with the Capacity license allowing you to streamline cost management by paying only for the data space you use. You can also choose to use the Virtual Operating Instance (VOI) license which consumes one VOI per workload protected.
Support for Azure Trusted Launch VMs
Commvault now supports Trusted Launch VMs, adding a robust layer of security to protect your Azure virtual machines. This feature provides peace of mind with the integrity of your VMs during the launch process, safeguarding your critical data.
Support for Google Cloud Platform Key Management Service
Commvault Cloud now supports GCP Key Management Service (KMS), allowing users to protect their encryption keys with GCP KMS before storing them in the CommServe database, ensuring enhanced data security and control.
Common Platform
Tape management enhancements in CC
The tape management enhancements in CC bring additional properties and operations for Tape Storage in the Command Center. This allows end customers to have a more comprehensive and efficient management of their tape storage, leading to improved organization and ease of access to data.
On Prem Protection
Backup and Restore Huawei Gauss DB (DWS) Using XBSA Interface
The backup and restore feature allows the administrators to easily orchestrate the backup and restore of Huawei Gauss DB (DWS) databases using the XBSA interface. It simplifies the process of backing up and restoring data, making it more efficient and reliable for administrators.
FS: Backup CIFS shares using Linux Access Nodes
Feature: Backup CIFS shares using Linux Access Nodes
Value to the end customer: The CIFS Share Backup feature empowers organizations to conveniently back up their critical data stored on Windows file servers (CIFS shares) directly from their existing Linux access nodes. This eliminates the need for separate backup infrastructure or processes, especially beneficial for businesses with primarily Linux environments.
Migrate IBM Spectrum Protect Historical Data to Commvault
This feature allows administrators to efficiently and securely migrate IBM Spectrum protect (formerly Tivoli Storage Manager) historical and long-term data to Commvault with improved performance and scalability. It also enables seamless browse and restore of the migrated data from the Command Center.
Migrate Veritas Netbackup Historical Data to Commvault
This feature allows administrators to efficiently and securely migrate Veritas NetBackup historical and long-term data to Commvault with improved performance and scalability. It also enables seamless browse and restore of the migrated data from the Command Center.
Orchestrate SAP HANA Log Backup to Support Fivetran HVR Replication
This feature allows administrators to orchestrate and support Fivetran HVR replication using SAP HANA logs on the filesystem that is protected with backint by enabling log dump to disk. This capability allows customers to ensure the availability of databases in case of disaster and other use cases beyond HVR replication.
PostgresSQL Cluster Backup Support
The Postgres SQL Cluster Backup Support feature allows database adminnistrators to easily backup and restore multi-node Postgres clusters without any manual intervention. This ensures that the backups and restores continue seamlessly in the event of failover or failure, providing peace of mind for the customer.
Protect SAP/Sybase ASE databases in HADR deployment
The Sybase High Availability Disaster Recovery (HADR) feature allows the administrators to ensure the protection of SAP/Sybase ASE databases in high availability disaster recovery (HADR) deployments. By automatically detecting the primary node and facilitating uninterrupted database and log backup during failover events, it helps to minimize downtime and data loss, ensuring the continuity of critical business operations.
Support SAP MaxDB Instance Configuration from Command Center
SAP MaxDB instance configuration feature enables the administrators to configure and schedule MaxDB from the Command Center. Also, it provides a more streamlined and user-friendly experience for setting up MaxDB instances.
Support for DB2 and Informix on Ubuntu
The feature provides support for DB2 and Informix on the Ubuntu platform, allowing database administrators to protect the DB2 and Informix databases effectively.
VMware Region-based Backups in vSphere Environment
Region-based backups for your VMware hypervisor can now be performed easily using an access node within the same region as your vSphere environment. This feature provides a more efficient and optimized backup process, enhances data security, and reduces transfer time for faster data recovery.
Partner Ecosystem
Amazon S3 Cloud Library support in AWS Canada West (Calgary)
Commvault now supports the AWS Canada West (Calgary) region to be used as an S3 cloud library backup target. This helps customers remain protected from data loss or corruption events while also maintaining a copy of data in-region for fast recovery and compliance with data sovereignty requirements.
Cleanroom Utility Usage Tracking and Billing for Software MSPs
Commvault Cleanroom Recovery is now available for MSPs, providing a secure, automated cloud environment designed for testing cyber recovery, conducting forensic analysis, and ensuring business continuity following a security breach. With ransomware-free recovery, MSPs can restore client systems quickly and confidently, minimizing downtime and preventing the reintroduction of threats.
Recovery Orchestration
Auto-scale Infrastructure for Cleanroom Recovery
Auto-scale infrastructure for Cleanroom recovery allows you to easily create and customize auto-scaling policies or plans for virtual machines. This ensures that the infrastructure automatically scales up to handle increased workloads and data volumes during recovery. It provides a flexible and efficient on-demand infrastructure for cyber recovery and recovery testing.
Cleanroom Recovery for Commvault Cloud SaaS
Commvault has launched Cleanroom Recovery for Commvault Cloud SaaS, allowing users to manage cyber recovery through the SaaS control plane. With dynamic resource adjustments for efficient restoration, receive consistent functionality across software and SaaS offerings. Cleanroom Recovery supports multi-tenancy and can be accessed via APIs for task automation and integration with other systems.
Repave VMs Using “Golden Image”
Cleanroom Recovery of VMs using a Golden Image enables you to use templates (both public marketplace and private custom templates) to create the Azure VM in the cleanroom before restoring data to the VM. This simplifies and accelerates the recovery process and allows you to recover applications from cyberattacks to a known good state.
Single Domain Controller Active Directory Recovery in Cleanroom Recovery
Users can include a single domain controller in the Cleanroom recovery group to streamline the recovery process and integrate Active Directory seamlessly. This allows for the seamless recovery of Active Directory alongside other workloads into a Cleanroom target for the recovery of directory services
Support for DB Recovery in Cleanroom Using VM Backups
You can now recover Microsoft SQL Server, Oracle, and DB2 databases running inside virtual machines (VMs). This facilitates the easy restoration and recovery of databases, thus ensuring business continuity and reducing downtime in the event of cyberattacks or system failures.
SaaS Applications and Active Directory
Bulk Restore of Overwritten or Corrupt AD Attributes
The Bulk Restore feature helps administrators quickly rectify issues of overwritten or corrupt attributes in AD. By identifying and reverting these specific attributes to their original values across numerous objects in the directory at once, users can efficiently recover from unforeseen disasters such as poorly executed scripts or troublesome application upgrades.
Interactive, Domain-Wide AD Comparison Reporting
This feature provides an interactive, comprehensive comparison report between two points in time, helping AD administrators easily identify deleted or modified directory objects. Admininistrators can compare all changes between two backups or identify all changes that have taken place between a backup and the live state of AD. With the option to filter, search, and directly restore objects from the report, businesses experience minimal disruption, reducing downtime.
Protection of Conditional Access Policies
The protection of Conditional Access Policies feature in Entra ID offers increased security by ensuring that critical policies can be quickly recovered or reverted to previously safe configurations. This fortifies user access control, safeguards sensitive data, and maintains an optimum cloud security environment.
Protection of Entra ID Roles
The protection of Entra ID roles offers administrators the ability to locate, select, and restore roles and role properties, including memberships. This benefits customers by safeguarding crucial data from accidental deletion or inadvertent alterations, thereby enhancing security and operational efficiency.
Protection of Group Policy Objects
The Protection of Group Policy Objects feature empowers Active Directory administrators with enhanced security controls. It helps detect, recover, and rollback unwanted changes to Group Policy Objects (GPOs). Consequently, this facilitates robust protection of user and computer settings from potential breaches, ensuring elevated security across the Active Directory environment.
Recovery Points Calendar for AD Backups
The Recovery Points Calendar feature in AD offers a visual representation of backup dates for easy and accurate selection. It enables quicker, precise decision-making while restoring, maximizing uptime, and reducing potential errors for a hassle-free admin experience.
Restore Mailboxes and OneDrive Users using Active Directory Groups
M365 Restore by Active Directory Group allows you to restore the most recent data set for many users as a group. This feature streamlines the restoration process by providing a mechanism for logical groupings of users to be restored together
Track and Manage Salesforce GDPR Requests Using Compliance Manager
The Compliance Manager feature in Commvault Cloud allows Salesforce administrators to efficiently monitor and manage the data subject requests in compliance with General Data Protection Regulation (GDPR) mandates. Only an authorized personnel can access and manage GDPR requests and an audit trail is generated for all actions, providing a clear record for compliance purposes. This feature supports the following subject requests of GDPR:
- Right to forget
- Right to rectify and
- Right of access
Security
Acante Integration
The Acante Integration feature allows end customers to view AWS RDS database threat insights directly within the Threat Indicators dashboard. This valuable feature enables quick identification and response to potential threats, ensuring the security and integrity of the database. With this feature, customers can easily monitor and address risks to their database, enhancing overall data protection and maintaining regulatory compliance.
Amazon S3 Express One Zone protection using AWS Security Token Service
Commvault Cloud now supports protecting Amazon S3 Express One Zone directory buckets using temporary credentials from AWS Security Token Service (AWS STS). The new S3 Express One Zone storage class is purpose-built to deliver the fastest cloud object storage for performance-critical applications that demand consistent single-digit millisecond request latency. AWS Security Token Service is a web service that enables you to request temporary, limited-privilege credentials you can use to access your AWS resources. Commvault Cloud also supports AWS STS issued credentials to perform cross-account protection of S3 One Zone buckets and objects.
Amazon VPC Network Address Control List (NACL) protection
Commvault Cloud now protects your network access control lists (NACLs) as part of Amazon EC2 protection. NACLs allow or deny specific inbound or outbound traffic at the subnet level and are a key security control for protecting your AWS workloads. Commvault protects, recovers, and allows network forensic auditing of NACL changes for your protected compute instances.
Announcing Amazon Linux 2023 support
Commvault Cloud now supports Amazon Linux 2023 (AL2023) for a broad array of cyber resilience functions. AL2023 is designed to provide a secure, stable, high-performance environment to develop and run cloud applications. Commvault Cloud supports AL2023 for your MediaAgents, access nodes, autonomous recovery replication, and Linux-based agent-in-guest protection. Commvault Cloud supports AL2023 running on arm64 (AWS Graviton) and x86 processors.
AL2023 takes a secure-by-default approach to help improve your security posture with preconfigured security policies, SELinux in permissive mode, IMDSv2 enabled by default, and kernel live patching.
AL2023 can be used to protect the following AWS and hybrid workloads: Amazon Aurora, Amazon DocumentDB, Amazon DynamoDB, Amazon EC2, Amazon EBS, Amazon EFS, Amazon EKS (Kubernetes), Amazon FSx, Amazon RDS, Amazon Redshift, Cassandra, CockroachDB, Couchbase, Lustre, MongoDB, MySQL, PostgreSQL, YugabyteDB, Laptops, and Salesforce.
Announcing Amazon S3 dual-layer server-side encryption (DSSE-KMS) support
Customers can now apply two independent layers of server-side encryption to Commvault Cloud backups stored in Amazon S3. Dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS) is designed to meet National Security Agency CNSSP 15 for FIPS compliance and Data-at-Rest Capability Package (DAR CP) Version 5.0 guidance for two layers of CNSA encryption. S3 features such as DSSE-KMS are vetted and accepted for use on top-secret workloads, which benefits all customers globally.
CIS Level 1 Images for Cloud Marketplace
CIS Level 1 hardened images provide a simple and secure deployment method for CommServe servers based on Rocky Linux in the cloud marketplace. Images are available for Azure, AWS, GCP, and VMWare, and provide a secure and cost-effective deployment of the CommServe server. These images help eliminate deployment complexity and ensure a smooth and protected environment for your data management needs, while remaining compliant with organizational and governing regulations that require CIS hardening.
Enable Delete Authorization Workflows by default
Enabling Delete Authorization workflows by default provides customers with an extra layer of protection for their data. This feature prevents insider threats and accidental deletion by requiring a built-in approval process before any bulk data deletion can occur. This maintains the integrity and safety of the backup data.
PQC: Post-Quantum Enhancements for secure communication
The Post-Quantum Enhancements for secure communication feature updates the key components of secure communication to protect against quantum attacks. By implementing post-quantum encryption algorithms approved by NIST (such as CRYSTALS-Kyber and CRYSTALS-Dilithium3/Falcon), it ensures secure and authenticated communication within the Commvault Cloud platform, safeguarding customer data from potential cyber threats.
Protecting Amazon Elastic Kubernetes Service (EKS) Using Amazon Linux 2023 Access Node
Commvault now supports Amazon Linux 2023 (AL2023) based access node to protect Amazon Elastic Kubernetes Service (EKS) thereby enabling backup administrators to reduce cyber resilience TCO with best price-performance in AWS.
Scan VM backups For Malware Threats with Threat Scan
Commvault Threat Scan now supports scanning of VM backups for malware threats. With native support for VM Threat Scan operations, threats can be detected by file activity or size anomalies, providing early warning and quicker incident response. To further simplify response, scanned jobs can be flagged as suspicious or marked as corrupt, allowing for quick recovery of the last known good version.
Self Serviceable KMS Configuration
Commvault Cloud tenants can now self-service their Key Management System (KMS) configuration with support for various authentication types, bring your own keys (BYOK), and access node configuration. This enables customers to have more control and flexibility over their KMS configuration, ensuring data security and streamlined access management.
Splunk SOAR Integration
The Splunk SOAR (Security Orchestration, Automation and Response) integration provides two-way interoperability between Splunk SOAR and Commvault. Commvault provides backup threat insights to Splunk SOAR so that Security Operations (SecOps) have another form of intel for enrichment purposes. Actions can be executed from Splunk SOAR that protect the Commvault Cloud assets. For example, suppose a server is detected as compromised, and disabling data-aging operations in Commvault Cloud helps protect backups from premature deletion while SecOps investigate the root cause. By sending threat indicators to Splunk SOAR, Commvault Cloud can take necessary actions to protect its platform.
Use Machine Learning to Detect Suspicious Extension Changes
Use machine learning algorithms and historical behaviors to detect suspicious file extension changes occurring within backups. This provides timely, accurate alerts of changes that could indicate threat activity, which may impact your ability to recover clean data. Anomalies are shown on the Threat Indicators dashboard and can be scanned with Threat Scan for deeper analysis, or data can be recovered to a pre-anomalous clean state. This capability enhances Commvault's overall anomaly and threat detection and helps organizations secure their data faster to remain resilient to attack.
Storage Solutions
Air Gap Protect for Oracle Cloud Infrastructure Software Customers (OCI Cyber Recovery solution)
Introducing Air Gap Protect on Oracle Cloud Infrastructure Infrequent Access for Software customers. This OCI Cyber Recovery solution enables customers using Commvault software to protect their on-premises data using secure cloud storage offered by OCI. This expands the Air Gap Protect options to include OCI Infrequent Access, providing customers with more flexibility in choosing their preferred cloud storage provider. With this solution, customers can protect any application data and benefit from the simplicity and predictability advantages of Air Gap Protect on OCI.
The solution also enforces a minimum retention of 90 days for data copies and maintains the same user experience for licensing, configuration, and monitoring usage as the Azure AGP option.
All regions supported by SaaS OCI AGP are available for the software option as well.
Default Compliance Lock on all Air Gap Protect Storage Pools
The Compliance Lock feature is introduced for all Air Gap Protect (AGP) storage pools to provide enhanced data protection by enabling a security lock on new and existing AGP Storage pools. Users can benefit from self-service support for resetting locks, which is equipped with a 24-hour auto re-enable functionality, promoting better cyber resilience.
HyperMetro Support for Huawei Storage Array
Huawei HyperMetro Support allows customers to protect their active-active storage configurations with IntelliSnap. In the event of a storage array malfunction, services will automatically switch to another storage system without any data loss or interruption. It provides uninterrupted service availability to the end customer.
HyperScale X support for HPE DL380 Gen 11 Hardware
The HyperScale X support for N12 HPE DL380 Gen 11 hardware allows for seamless and planned transitions to new hardware, providing flexibility for customers to obtain new or capacity expansion nodes for HyperScale X. It detects hardware components, alerts for failures, and enables recovery without requiring customer input, ensuring a smooth and uninterrupted user experience.
IntelliSnap - Fan-out support for Pure storage array
IntelliSnap - Fan-out support for Pure storage array enables customers to replicate snapshots to multiple arrays instead of just one, fulfilling customer demands for fan-out asynchronous replication. This feature provides more flexibility and scalability in data replication, ensuring better data protection and disaster recovery capabilities.
IntelliSnap - Immutable Snapshot support for INFINIDAT
IntelliSnap now supports an immutable snapshot feature for the INFINIDAT storage arrays. This feature ensures that the snapshots are secured by compliance lock and remain unchanged and protected from accidental or intentional deletions or modifications until the set retention time.
IntelliSnap - Immutable snapshot support for NetApp
IntelliSnap now supports an immutable snapshot feature for Vault/Replica copies on NetApp storage arrays starting from ONTAP version 9.13.1. This feature ensures that Vault/Replica snapshots remain unchanged and protected from accidental or intentional deletions or modifications until the set retention time.
IntelliSnap - Thin Image Advanced support for Hitachi
IntelliSnap's Thin Image Advanced provides Hitachi customers with a more efficient, space-saving solution. A lower load on the storage system offers improved performance and reliability. Upgrading from Thin Image to Thin Image Advanced ensures seamless operation and maximizes the benefits of the new technology.
NDMP Credential Manager
The NDMP Credential Manager allows a storage admin to easily manage NDMP credentials without the need to wait for a backup admin or modify client configurations. This feature simplifies the way you handle periodic password modifications. Also, the support for CIFS has been enhanced to use the Credential Manager, providing a streamlined approach to manage domain logins and passwords for subclients.
Support for Lenovo HS350X V3 - N24 server
The new feature provides support for Lenovo HS350X V3 - N24 server and allows easy configuration on supported hardware designs. It can detect and alert hardware component failures, such as power supplies and storage devices, and automatically recover from component failure upon replacement. This saves time and effort for the end customer and ensures smooth operation of their servers.
Support for Lenovo SR650 V3 - N12 server
The feature enables support for the Lenovo SR650 V3 - N12 server and allows for the automatic and manual configuration of supported hardware designs. It includes detection and alerting of hardware components and failure monitoring, with the ability to recover from component failure seamlessly. This provides the end customer with a more efficient and hassle-free experience in managing their server infrastructure.