Embedded Files
Overview:
Business continuity and disaster recovery are critical for sustaining operations after a security incident, disaster, or system disruption. In this project, I worked with Google Cloud Backup and DR Service to protect and restore Compute Engine instances for Cymbal Bank following a security incident. I followed a structured process to connect to the management console, create backup templates, onboard VMs, and restore instances both within the same project and to an alternate project.
Task 1. Connect to the Backup and DR console
Task 1. Connect to the Backup and DR console
I began by accessing the Backup and DR management console:
Searched for Backup and DR in the Google Cloud console and pinned it for quick access.
Logged into the management console using my Google Cloud credentials.
Verified that the management server and Backup and Recovery server were successfully installed and connected (Connectivity status: green check).
Task 2: Create a Backup Plan Template
Task 2: Create a Backup Plan Template
Next, I created a backup plan template to define the schedule and policies for backing up Compute Engine instances:
Navigated to Backup Plans > Templates and created a template named vm-backup.
Added a snapshot backup policy named Daily VM snapshot with continuous scheduling every 2 hours.
Saved the template to ensure it was ready to be applied to Compute Engine instances.
Task 3. Validate the backup and recovery appliance service account permissions
Task 3. Validate the backup and recovery appliance service account permissions
I verified that the Backup and DR appliance had the correct IAM roles:
Located the service account attached to the appliance in IAM & Admin > IAM.
Confirmed that the service account had the Backup and DR Cloud Storage Operator role assigned, ensuring it could perform backups and restores.
Task 4. Discover and add Compute Engine instances to the management console
Task 4. Discover and add Compute Engine instances to the management console
I onboarded the Compute Engine instances to the Backup and DR console:
Used the onboarding wizard to attach the backup template (vm-backup) to the instance lab-vm.
Verified that the template was successfully applied, triggering backups according to the defined schedule.
Monitored the progress of the backup job in the Jobs section to confirm successful completion.
Task 5. Restore a Compute Engine instance
Task 5. Restore a Compute Engine instance
With a backup image ready, I restored the Compute Engine instance:
Selected the backup image of lab-vm in the console.
Mounted it as a new instance, named lab-vm-recovered, specifying the region and zone.
Monitored the restore job to ensure the new VM was successfully created and functional.
Task 6. Restore a Compute Engine instance to an alternate project
Task 6. Restore a Compute Engine instance to an alternate project
Finally, I restored a VM to a different Google Cloud project to simulate cross-project recovery:
Added the service account from Project 1 as a principal in Project 2 and assigned it the required Backup and DR roles.
Selected lab-vm and mounted it as a new instance named lab-vm-project2.
Confirmed the instance was restored in Project 2, maintaining the backup template and policies from the original project.
task 5
CONCLUSION:
This project demonstrated my ability to use Google Cloud Backup and DR Service to ensure business continuity and resilience after a security incident. I successfully created backup templates, validated IAM permissions, onboarded Compute Engine instances, and restored VMs both within the same project and across projects. These steps reinforced best practices in disaster recovery, secure access management, and system availability—key skills for maintaining a reliable cloud environment in real-world scenarios.
Page updated
Google Sites
Report abuse