Hitachi NEXT 2018 Data Protection with Hitachi Content Platform Anywhere Contents Page 2: Guided Demonstration: Data Recovery Using HCP Anywhere Page 2: Review and Update File Versioning Policy Page 3: Restore a File Infected by Ransomware Page 4: Restore All Data/Folders Infected by Ransomware HITACHI IS A TRADEMARK OR REGISTERED TRADEMARK OF 1 HITACHI, LTD.
Guided Demonstration: Data Recovery Using HCP Anywhere Introduction In this guided demonstration, you will recover files that are affected by ransomware and set the HCP Anywhere file versioning policy. Objectives After completing this guided demonstration, you will be able to: • Define a file versioning policy • Restore a previous version of a file infected by ransomware • Recover any files/folders from a previous date based on file versioning policy (daily, weekly, monthly) Review and Update File Versioning Policy (defined by the Admin) In this section, you will review and modify the current File versioning policy. 1. Login to HCP Anywhere Admin Console : https://hcpaw1.hcpdemo.com:8000 Username: next Password: 2018 2. Review the File versioning policy: a) Navigate to File Sync and Share-> Configuration . b) Select File and Capacity . c) In the Versioning pane, review current file versioning policy: • Lastet Versions – how many previons versions are available to users • Automatic Deletion – when to empty Recycle Bin • Extended Versions – Restore points for time based recovery 3. The File versioning policy can be customized for different environments and users: a) In the Versioning pane, update any of the settings. b) Click on Update Settings or Canel button. HITACHI is a trademark or registered trademark of Hitachi, Ltd. 2
Restore a File Infected by Ransomware You will restore a pervious version of a file that has been infected by ransomware using file versioning. 1. Login to HCP Anywhere Portal for users: https://hcpaw1.hcpdemo.com/userportal Username: next Password: 2018 2. You should see 2 different folders: • Pre-Ransomware – regular files • Post-Ransomware – files are encrypted 3. Open one of the files in the Pre-Ransomware folder: a) Click on Pre-Ransomware folder. b) Open the file by clicking on the filename or select the file and then select Download . c) View the file contents to confirm you can read the file. d) Close file. 4. Open the same file in the Post-Ransomware folder a) Clcik on Post-Ransomware folder. b) Open the same file by clicking on the filename or select the file and then select Download . c) Confirm that the file contents cannot be viewed. d) Close file. Note: You should be able to view the content of the file in the Pre-Ransonware folder, but not the content of the file in the Post-Ransonware folder. 5. Now, review the file versions: a) In the Post-Ransomware folder, select a file and right-click on it (using the mouse). b) Select Show file history . Note: You should see at least 2 file versions in the History window . 6. Next, restore the infected files using file versioning: a) Locate the previous file version (prior to the current version) in the History window. b) Click on Date and Time stamp field to download and open the file. HITACHI is a trademark or registered trademark of Hitachi, Ltd. 3
c) Make sure it is viewable. d) Close the file. e) In the History window, select Make Current for the previous file version. f) See that a new file version appears in the History . g) The file has been restored, select Done . 7. Verify that you can view or open the restored file: a) Open the file by clicking on the filename. b) It should be viewable now. c) Close the file. Restore All Data/Folders Infected by Ransomware Now, you will restore a folder that has been infected by ransomware using a restore point (similar to snapshot based recovery). 1. Login to HCP Anywhere Portal for users: https://hcpaw1.hcpdemo.com/userportal Username: next Password: 2018 2. Now, let’s recover files that were saved previously using the Daily/Weekly/Monthly versioning policy : a) Click the icon with 3 horizontal lines on bottom right corner of the screen. b) Select Recover Files. i. Select a date from the previous week in the calendar or any available date in the last month (based on policy) that was prior to the ransomware attack. ii. Select View to look at the contents of your HCP Anywhere folder on the date selected. c) Click on the Post-Ransomware folder. i. Open a file by clicking on the filename or select the file and then select Download . ii. If the file is still encrypted, you need to repeat this entire step and pick an earlier date. HITACHI is a trademark or registered trademark of Hitachi, Ltd. 4
iii. Click Retun to present on top right corner. 3. Recover the folders that were infected by ransomware now: a) Go to the top level folder by selecting Home . b) Select to Post-Ransomware folder (do NOT click on the name) c) Click on Download to download a ZIP file of that folder. d) Go to the Downloads folder in Windows Explorer and open the ZIP file. e) Select the Post-Ransomware folder and then select Extract All. f) Select the folder path where you want to extract the Post-Ransomware folder: Select “ HCP Anywhere ” folder and then select OK. g) Then select Extract . 4. Verify that the files were recovered: a) Navigate to the folder where you extracted the Post-Ransomware folder. b) Go into the Post-Ransomware folder and click on one of the files to open it. c) Confirm you can view the contents. d) Close the file. You have successfully restored the infected folder. Thank you for attending this guided lab demonstration! End Lab HITACHI is a trademark or registered trademark of Hitachi, Ltd. 5
HITACHI is a trademark or registered trademark of Hitachi, Ltd. 6
Recommend
More recommend
