N2WS-22828 & N2WS-22849 - Fix handling of disk encryption set during backup & recovery

N2WS-22828 & N2WS-22849 - Fix handling of disk encryption set during backup & recovery

Issue:

Azure recovery for encrypted disks fails with DiskEncryptionSet was not found error
Info Recovery session started < type: virtual_machine, policy: AZ_DR_Encrypt, account: AzureMainAcct >
info Starting recovery of virtual machine's disks
Error Failed recovering disk (original: TestVM_OsDisk_1_12345, snapshot: cpm-policy-14-1-2023-9-26-11-18-38-447003_copy_2023-9-26-11-18-54-14613). Error: DiskEncryptionSet '/subscriptions/f29fac-8853-43a5-a4m7d-7d9cc1/resourceGroups/myRG/providers/Microsoft.Compute/diskEncryptionSets/myCMK' was not found. (HttpResponseError)


Solution:

Patch for v4.2.1 is available and attached to this KB. 

This patch include two fixes,  one is for issue with Encryption Set Selection During VM Recovery Process
Second is adding support for custom encryption during Disk DR, after deploying the patch, when doing DR backup you can pass a Disk Encryption Set id to be used for target location. 
We are using tags to do it. Custom tags can be add to specific disk, or to VM (to encrypt all snapshots with same key).

Tag format:
name: cpm_dr_disk_encryption or cpm_dr_disk_encryption:LOCATION
value: Disk Encryption Set ID.

    • Related Articles

    • 4.1.1a Fix pack

      Issue: This patch bundle include the following fixes. N2WS-21693 - Enable modification to Preserve Tags checkbox on root volumes N2WS-21639 - Recovery scenario doesn't restore the instance role of a backed up instance N2WS-21638 - After upgrade, ...

    • CPM supports custom encryption keys for DR

      To support the usage of a custom encryption key for DR, you will need to perform the following: In the account where the custom key resides: Go to KMS and browse to the key you wish to share. Go to the "Other AWS accounts" at the bottom of the page ...

    • cpmdata volume disk usage growth due to binlog

      Background: In version 4.2.x, we have upgraded MySQL DB from version 5 to version 8, this changed the default parameter that determines how many binlog file to keep from 10 days to 30 days. This might result in increase in the size the MySQL DB take ...

    • EBS/RDS DR & Recovery with KMS key

      When copying cross account an EBS/RDS Volume encrypted with custom KMS, a KMS key should also be available in the other account. There are 2 ways that CPM uses for checking KMS key - Alias & Tag KMS Tag When using custom tag, you are telling CPM to ...

    • N2WS-13434 - Backup archived to Glacier disappears from the Backup Monitor

      Issue summary Archive backups records might be deleted before their retention period. Issue description A backup record that contains Only archived backup(s), and Does not contain AWS snapshots nor S3 backups or cleanup process deleted all the ...