Link Search Menu Expand Document
Elastio Docs

Policies

Table of Contents

Elastio offers two types of policies: protection policies, which safeguard your assets by backing them up and scanning them for cyber threats and corruption, and retention policies, which are used for managing the duration and granularity of the recovery points to align with the business retention and data compliance requirements.

The Elastio Tenant Policies page is accessible either through the left-hand menu of the Elastio Tenant or through the On Boarding page.

Figure 1: Policies Page layout

Figure 1: Policies Page layout

Protection Policies

A Protection Policy is a way of scheduling Elastio backups for certain assets in your AWS account enabled with Elastio.

Elastio policies are divided into Default policies and Custom policies. Default policies are preselected policies with enabled by default Integrity Scan that can run daily, weekly and monthly. They are editable, though cannot be deleted. Custom policies are flexible Policies in which you can define schedule for your backups and select Integrity Scan to be run against the recovery point(s) after the completion of the backups. They are created either for specific Assets or for Assets with associated tags. For now it is possible to create a policy for AWS EC2 and AWS EBS.

Policies can be reused and applied to different assets by their IDs or associated tags.

A protection policy can be paused, resumed, edited, executed and deleted from this page. To modify your Policy, press the 3 dots button on the right of the Policies table row.

Create a Custom Protection Policy

To add a new policy to your account, please follow the steps below:

  • Press the “+New Policy” button.

Figure 2.1: Add Custom Policy

Figure 2.1: Add Custom Policy

  • Add a name to your policy and define the schedule for it.

Elastio backup policy may run every 15 minutes, 30 minutes, every hour, 12 hours, as well as daily, weekly and monthly. It can be started immediately or at a set time.

Please note: if you have selected the “Run now” option, you should be aware that the first backup will run at its earliest availability, which for now is every 15 minutes. So, a Policy created at HH:25 with the “Run now” option on will run at HH:30 and then according to schedule.

Figure 2.2: Add Policy schedule

Figure 2.2: Add Policy schedule

  • Step 2 - Integrity Scan - provides you with an option of running Ransomware or Malware detection scan against the recovery points that are created when the policy is executed. You can select either or both options.

Figure 2.3: Add New Policy - Integrity Scan

Figure 2.3: Add New Policy - Integrity Scan

  • On step 3 select the assets you would like to protect.

There are quick options for your convenience such as: Protect all EC2 instances, Protect all EBS volumes and Protect all EC2 and EBS. When selecting these, you can be sure that all assets of the selected kind in the AWS accounts linked to the Tenant will be protected. Thanks to Elastio inventory service, new assets are discovered dynamically and added to the policies without any manual intervention.

Import AWS snapshots selector allows you to additionally import the existing AWS snapshots as Elastio recovery points to increase protection. This would give you ability to then scan those for malware and ransomware.

Protect immediately allows to automatically include the newly created assets that match this policy into it to keep your environment continuously protected.

Figure 2.4: Policy options

Figure 2.4: Add new Policy - policy options

You can select specific Assets from the table below and add them to the Policy.

Figure 2.5: Add new Policy - specific Assets

Figure 2.5: Add new Policy - specific Assets

You can also select Assets by tags. Enter the tag to identify which assets to protect when the Policy is executed.

Please note: an asset must have a tag to be backed up with a Policy. Each time the Policy is executed, the assets are identified by tag dynamically meaning that the assets and tags don’t need to exist when this Policy is created.

Figure 2.6: Add new Policy - Assets by tags

Figure 2.6: Add new Policy - Assets by tags

  • Press the “Save and Activate” button to start your Policy.

Please note: asset count in the Policies table on Policies page will be 0 until the first run of the Policy. Once it was run, the assets count will be updated with appropriate number.

Launch a default Protection Policy

Default Policies are policies pre-configured by Elastio upon tenant creation. There are three frequency options: daily, weekly or monthly. Integrity scan for malware and ransomware are included into each Policy.

To select a default policy, navigate to the On Boarding page and follow the steps below.

  • Choose Protect all EC2 assets from ransomware using a default Policy section.

Figure 3.1: Select Default Policy

Figure 3.1: Select Default Policy

  • Select a policy from the list. Elastio default policy may run daily, weekly and monthly.

Figure 3.2: Define a Schedule for a Policy

Figure 3.2: Define a Schedule for a Policy

  • Single out the assets you would like to back up and press “Protect” button. You can select specific Assets or Assets by tags and include them into the default Policy.

Figure 3.3: Protect your Assets

Figure 3.3: Protect your Assets

Pause/Resume a Protection Policy

Figure 4.1: Pause/Resume Policy

Figure 4.1: Pause/Resume Policy

To pause/resume your Policy, press the “Pause/Resume” sign on the right. Depending on the current status of the policy the status will change: for Started policies it should become Paused and the Policy will not be executed until re-enabled, for Paused the status becomes Started and the Policy will continue to run as scheduled.

Edit a Protection Policy

Once you press the “Edit” button in the drop-down list under the three-dots button on the right of the policy row, the Edit policy page opens.

Figure 5.1: Edit Policy

Figure 5.1: Edit Policy

To edit the schedule for the policy, go to the Protection Policy section and modify the schedule.

Figure 5.2: Schedule Policy

Figure 5.2: Schedule Policy

Three threat detection options are available in policies. Malware and ransomware scans to determine if there is any activity on your systems from malicious actors. Additionally, a file system check is available for the recovery points to ensure that the file system of the backed up systems is intact.

Figure 5.3.1: Threat Detection

Figure 5.3.1: Select threat Detection

In case the version of your stack is less than 0.22 the file system check option will not be available. You’ll need to upgrade all of our sources to access it.

Figure 5.3.2: Threat Detection disabled

Figure 5.3.2: Select threat Detection disabled

To change the assets for a certain Policy, go to the Assets section and select (or unselect) the assets.

Figure 5.4: Change Asset

Figure 5.4: Change Asset

Once all the modifications are in place, press the “Renew” button to save changes.

Execute a Protection Policy

Elastio’s execute functionality allows you to start the policy on demand. To perform the operation, press the “Execute” button in the drop-down list under the three-dots button on the right of the Policy row. Currently, the policy will run as configured, in future more granularity will be added.

Figure 6: Execute Policy

Figure 6: Execute Policy

Delete a Protection Policy

To delete a policy, follow to the Edit policy page. Press the “Delete” button and confirm the action by selecting “Yes” in the confirmation pop-up. Pressing “No” will cancel policy deletion.

Figure 7.1: Delete Confirmation

Figure 7.1: Delete Confirmation

You can also delete your Policy by pressing “Delete” on the right of the policies table row in the three-dots button drop-down.

Figure 7.2: Delete Policy

Figure 7.2: Delete Policy

Please note: Default policies are editable only and cannot be deleted.

In case you want to backup some assets manually, you can install the Elastio CLI and back up your assets through it.

Retention Policies

Retention policies page carries a list of retention policies, provides option to create a new retention policy, enable, disable, edit and delete the existing ones.

Figure 8: Retention Policies Page

Figure 8: Retention Policies Page

Add a New Retention Policy

To add a new retention policy press the “+ New Policy” button in the top right corner of the screen. A new page will open.

Figure 10: Retention Policy creation

Figure 10: Retention Policy creation

Enter a name for the new retention policy. Then select assets to include the recovery points for in the “Recovery point types” section. After that set a recovery period.

For recovery period you can set specific rules for:

  • All
  • Hourly
  • Daily
  • Weekly
  • Monthly
  • Yearly

Once you have set up all rules, press “Save” to save the retention policy.

Edit Order

To edit the ordering of the retention policies, press the “Edit Order” button on the right. You will be able to drag and drop the retention policies to change the priority of their application.

Figure 9: Retention Policies ordering

Figure 9: Retention Policies ordering

Please note: Only custom retention policies can be reordered. The default policy wil always stay on top.

Edit Retention Policy

Both default and custom retention policies can be edited. The difference is, default policy is applicable to all recovery points within a tenant, while custom policy can only be created for specific ones. As a result, when editing the default policy you an only control the recovery period, while in custom retention policies assets can be edited as well.

Figure 11: Edit Default Retention Policy

Figure 11: Edit Default Retention Policy