Rubrik Polaris User Guide 755-0072-01 Reva12 PDF

Rubrik Polaris User Guide
Version v20190402
755-0072-01 Rev A12
Rubrik Headquarters: Palo Alto, California 94304

1-844-4RUBRIK www.rubrik.com
Rubrik Polaris User Guide - Copyright © 2018 - 2019 Rubrik Inc.
All rights reserved. This document may be used free of charge. Selling without prior written consent is prohib-
ited. Obtain permission before redistributing. In all cases, this copyright notice and disclaimer must remain
intact.
Published April, 2019
THE CONTENTS OF THIS DOCUMENT ARE PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO
REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR
TITLE; THAT THE CONTENTS OF THE DOCUMENT ARE SUITABLE FOR ANY PURPOSE; THAT THE
IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS,
TRADEMARKS OR OTHER RIGHTS.
COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL
DAMAGES ARISING OUT OF ANY USE OF THE DOCUMENT OR THE PERFORMANCE OR IMPLEMENTATION OF
THE CONTENTS THEREOF.
Registered in the U.S. Trademark Office

Rubrik, the Rubrik graphic, Rubrik Polaris, Polaris GPS, Polaris Radar, Rubrik Envision, Rubrik Edge, and Datos
IO are trademarks or registered trademarks of Rubrik, Inc. in the U.S. and/or other countries. All other
trademarks are the property of their respective owners.
Rubrik Polaris User Guide 2

Contents
Preface 8
Document purpose .............................................................................................. 8
Revision history .................................................................................................. 8
Support ............................................................................................................ 10
Related documentation ..................................................................................... 11
Comments and suggestions ............................................................................... 11
Product ............................................................................................................ 11
Product documentation ..................................................................................... 11
Chapter 1 Introduction 12
Rubrik Polaris ......................................................................................................... 13
Polaris GPS ............................................................................................................. 14
Polaris Radar .......................................................................................................... 14
Common questions ................................................................................................. 14
Chapter 2 Security 16
Security overview ................................................................................................... 17
Security questions ................................................................................................... 18
Chapter 3 Getting started with Polaris 19

Overview ................................................................................................................ 20
Polaris domain user accounts ................................................................................... 20
Adding the initial account .................................................................................. 20
Polaris password constraints .............................................................................. 21
Adding additional accounts ................................................................................ 21
Logging out ...................................................................................................... 23
Changing your password ................................................................................... 23
Rubrik clusters on Polaris ........................................................................................ 24
Adding a Rubrik cluster to your Polaris domain .................................................... 24

Chapter 4 Single Sign-On 26
Single Sign-On overview ......................................................................................... 27
Authentication process ............................................................................................ 27
ADFS Prerequisite ............................................................................................. 28
Configuration workflow for ADFS ............................................................................. 28
Uploading the identity provider metadata file ............................................................ 28
Retrieving the Rubrik Polaris metadata file ............................................................... 29
Adding a relying party trust on ADFS ....................................................................... 30
Creating Active Directory security groups ................................................................. 31
Creating custom claim rules on ADFS ....................................................................... 32
Group membership custom rule ......................................................................... 32
Adjusting the trust settings on ADFS ........................................................................ 34
Configuration workflow for Okta .............................................................................. 34
Configuring a SAML application on Okta ................................................................... 35
Downloading the identity provider metadata file on Okta ........................................... 37
Uploading the identity provider metadata file for Okta ............................................... 37
Retrieving the Rubrik Polaris metadata file for Okta .................................................. 37
Editing the SAML application on Okta ....................................................................... 38
Assigning an Okta SAML application ......................................................................... 40
Configuration workflow for Azure Active Directory ..................................................... 40
Configuring a SAML application on Azure SAML enterprise application ........................ 41
Downloading the Azure metadata file ....................................................................... 42
Uploading the Azure metadata file ........................................................................... 42
Retrieving the Rubrik Polaris service provider metadata file for Azure ......................... 43
Configuring single sign-on for Azure Active Directory ................................................. 43
Editing the SAML application on Azure ..................................................................... 44
Creating roles for Azure .......................................................................................... 45
Assigning an Azure SAML application ....................................................................... 45
Testing Single sign-on connection ............................................................................ 46
Disabling Single sign-on .......................................................................................... 47
Chapter 5 User Management 48

User management overview .................................................................................... 49

Roles and permissions ...................................................................................... 49
Authorization .................................................................................................... 52
Managing users ................................................................................................ 52
SSO users ........................................................................................................ 52
Creating a role ....................................................................................................... 53
Creating a role with a role template ................................................................... 53
Creating a role without a role template .............................................................. 54
Changing cluster permissions ............................................................................ 55
Changing inventory permissions ........................................................................ 55
Editing a role .......................................................................................................... 56
Deleting a role ....................................................................................................... 57
Managing local users .............................................................................................. 58
Adding a local user ........................................................................................... 58
Assigning new roles to a local user .................................................................... 58
Changing role assignment for a local user .......................................................... 59
Deleting users .................................................................................................. 60
Changing account ownership ............................................................................. 60
Deactivating a local user ................................................................................... 61
Managing SSO groups ............................................................................................. 61
Authorizing an SSO group ................................................................................. 61
Assigning new roles to an SSO group ................................................................. 62
Changing role assignment for SSO groups .......................................................... 63
Removing a role from an SSO group .................................................................. 63
Chapter 6 Dashboard 65
Dashboard overview ............................................................................................... 66
Viewing dashboard information ............................................................................... 66
Viewing events information ............................................................................... 67
Viewing compliance information ......................................................................... 68
Viewing protection information .......................................................................... 69
Viewing global map information ......................................................................... 69

Chapter 7 Clusters 71
Clusters overview ................................................................................................... 72
Viewing information on a Rubrik cluster page ..................................................... 72
Viewing information on a Rubrik cluster details page ........................................... 72
Adding a Rubrik cluster to Polaris ............................................................................ 74
Visiting a Rubrik cluster .......................................................................................... 74
Chapter 8 Events 75
Events overview ..................................................................................................... 76
Events page ........................................................................................................... 76
Viewing events information ..................................................................................... 77
Viewing the Events page from the Dashboard ..................................................... 77
Viewing the Events page from the Events tab ..................................................... 78
Viewing the Events page from the Clusters tab ................................................... 78
Viewing audit log information .................................................................................. 79
Searching an event ................................................................................................. 80
Canceling an event ................................................................................................. 80
Chapter 9 Reporting 81
Reporting overview ................................................................................................. 82
Types of reports ............................................................................................... 82
Report filters .................................................................................................... 84
Groupings ........................................................................................................ 87
Limitations ....................................................................................................... 88
Report customization ........................................................................................ 88
Customizing a report .............................................................................................. 89
Displaying a report ................................................................................................. 90
Editing a report ...................................................................................................... 90
Downloading a report ............................................................................................. 91
Deleting a report .................................................................................................... 91
Creating a report schedule ...................................................................................... 92
Editing a report schedule ........................................................................................ 93
Deleting a report schedule ...................................................................................... 94

Chapter 10 Polaris Radar 95
Polaris Radar overview ............................................................................................ 96
Behavioral model .............................................................................................. 96
Radar features ................................................................................................. 97
Configuring Radar .................................................................................................. 98
Viewing details of an anomaly event ........................................................................ 99
Viewing a detected anomaly event from the Dashboard ...................................... 99
Viewing an anomaly event from the Events tab ..................................................100
Viewing object details from the Critical Alert email .............................................101
Viewing anomaly reports ..................................................................................102
Anomaly incident ...................................................................................................103
Viewing the Browse snapshot changes page ......................................................104
Recovering a snapshot .....................................................................................104
Obtaining Rubrik Backup Service connector .......................................................105
Using guest OS credentials ...............................................................................106
Managing anomaly reports .....................................................................................108
Creating an anomaly report ..............................................................................108
Editing an anomaly report ................................................................................108
Downloading an anomaly report .......................................................................109
Deleting an anomaly report ..............................................................................109
Creating an anomaly report schedule ................................................................110
Editing an anomaly report schedule ..................................................................111
Deleting an anomaly report schedule ................................................................111

Preface
Welcome to Rubrik. We appreciate your interest in our products. Rubrik is continually working to
improve its products and regularly releases revisions and new versions. Some information
provided by this guide may not apply to a particular revision or version of a product. Review the
release notes for the product to see the most up-to-date information about that product.
Document purpose
The purpose of this guide is to provide information about how to use Rubrik Polaris to enhance
data management and administration when working with Rubrik clusters.
Revision history
Table 1 provides the revision history of this guide.
Table 1 Documentation revision history (page 1 of 3)
Revision Date Description
Rev. A0 May, 2018 General Availability release, Rubrik Polaris 1.0.
Rev. A1 May, 2018 Polaris release v20180515:
• Document numbering changed to match Polaris
release numbering.
• Added information about the Audit Log feature to
“Events”.
Rev. A2 June, 2018 Polaris release v20180605:
• Added information about critical system events,
severity of events, and other event enhancements
to “Events”.
Rev. A3 July, 2018 Polaris release v20180703:
• Added information about cluster version to
“Clusters”.
• Added information about the Report Schedule
feature to “Reporting”.
• Added information about the Single Sign-On
feature to “Single Sign-On”.

Rev. A4 July, 2018 Polaris version v20180725
• Added “Others” as a new filter to “Object type” and
“Event type” to “Reporting”.
• Added information on “Test SSO” to “Single
Sign-On”.
• Added information about the Radar feature to
“Polaris Radar”.
Rev. A5 August, 2018 Polaris version v20180806
feature for Okta to “Single Sign-On”.
• Added information about the Agents & Downloads
feature to “Polaris Radar”.
Rev. A6 September, 2018 Polaris version v20180904
Updated Radar instructions in “Polaris Radar”.
Rev. A7 September, 2018 Polaris version v20180917
feature for Azure to “Single Sign-On”.
Rev. A8 November, 2018 Polaris version v20181127
• Added information about Radar report in “Polaris
Radar”.
Rev. A9 December, 2018 Polaris version v20181218
• Added information about the User Management
feature to “User Management”.
• Added information about canceling events in
“Events”.
Rev. A10 February, 2019 Polaris version v20190129
• Added information about the object types in
“Reporting”.
• Added information about inventory and SLA
permissions in “User Management”.
• Added clarifications to Active Directory setup in
“Single Sign-On”.

Rev. A11 March, 2019 Polaris version v20190305
• Added information about the event types in
“Events”.
• Added information about event types in
“Reporting”.
• Added information about suspicious files in “Polaris
Radar”.
• Updated ADFS and Okta configuration details in
“Single Sign-On”.
Rev. A12 April, 2019 Polaris version v20190402
• Added information about deleting users and adding
multiple roles in “User Management”.
• Added information about the cluster and inventory
permissions in “User Management”.
Support
Use one of the following methods to contact Rubrik Support:
Web https://support.rubrik.com
Phone 1-844-4RUBRIK, option 2

1-844-478-2745, option 2
Email support@rubrik.com

Related documentation
The following Rubrik publications provide additional information:
 Rubrik Release Notes
 Rubrik User Guide
 Rubrik Install and Upgrade Guide
 Rubrik Security Guide
 Rubrik Cloud Cluster Setup Guide
 Rubrik Edge Setup Guide
 Rubrik Hardware Guide
 Rubrik CLI Reference Guide
 Rubrik CDM Compatibility Matrix
Comments and suggestions

We welcome your comments and suggestions about our products and our product documentation.
Product
To provide comments and suggestions about the product, contact Rubrik Support by using the
information provided in “Support” on page 10.
Product documentation
To provide comments and suggestions about the product documentation, please send your
message by email to:
techpubs@rubrik.com
To help us find the documentation content that is the subject of your comments, please include
the following information:
 Full title
 Part number
 Revision
 Relevant pages

Chapter 1
Introduction
This chapter provides an introduction to Rubrik Polaris, Polaris GPS, and Polaris Radar.
 Rubrik Polaris ........................................................................................................... 13
 Polaris GPS............................................................................................................... 14
 Polaris Radar ............................................................................................................ 14
 Common questions ................................................................................................... 14
Rubrik Polaris User Guide Introduction 12

Introduction
Rubrik Polaris
Rubrik® Polaris™ is a suite of cloud-based services that provide centralized analysis and
management of data on Rubrik clusters.
Rubrik Polaris is a software as a service (SaaS) product suite for managing and analyzing the data
that resides on your Rubrik clusters. Rubrik delivers the Polaris suite of services through a
cloud-based central management interface.
Figure 1 depicts the global nature of Polaris administration of Rubrik clusters.
Figure 1 Global administration of Rubrik clusters
VPC
VPC
Rubrik cloud cluster
VPC
VPC
Data Center
Branch Site
Rubrik Polaris
Rubrik Edge
Rubrik clusters
Branch Site Data Center

Branch Site
Rubrik Edge
Rubrik Edge
Rubrik clusters
Rubrik Polaris User Guide Rubrik Polaris 13

Introduction
Polaris GPS
Rubrik Polaris includes Polaris GPS™, a monitoring and reporting service.
Polaris GPS provides a global management view of the daily operations of your Rubrik clusters.
Through the Polaris GPS interface, you can monitor protection and compliance status on the
Rubrik clusters. You can also generate a wide variety of reports and charts using current and
historical data about the health, protection and compliance status of all of the objects that the
Rubrik clusters protect.
Your Polaris GPS runs in your Polaris domain, a virtual cloud that you can access through the
Internet. Polaris GPS consists of the components described in Table 2.
Table 2 Major components of Polaris GPS
Component Description
Dashboard Top-down view of all of your Rubrik clusters using aggregated summary information.
Provides a large screen-type view of overall events, compliance, capacity, and alerts.
Clusters Status-at-a-glance summary view of each of your Rubrik clusters and the ability to take a
closer look at a selected cluster.
Events Continually updating view of all events on all of your Rubrik clusters, with filters to
enable you to focus in on a specific Rubrik cluster, event, protection object, or user.
Reports Customizable reports and charts. Use reports for audit work and planning and to get a
snapshot view of specific events on your Rubrik clusters.
Polaris Radar
Rubrik Polaris also includes Polaris Radar™, an anomaly detection and data recovery service.
Polaris Radar provides a simple, reliable, immutable, and speedy anomaly detection and data
recovery in the events of potential ransomware attacks. Polaris Radar detects and analyzes
potential anomaly events on your protected resources. If the detection threshold is met, Polaris
Radar generates and sends an alert to notify users of the detected anomaly events. Users can
select the snapshot to be analyzed, the files or folders to be recovered, and the recovery
destination.
Common questions
Answers to some of the common questions about Rubrik Polaris and Polaris GPS.
Rubrik Polaris User Guide Polaris GPS 14

Introduction
Is my source data available to Polaris?

No. Only the Rubrik cluster that protects a data source, and the specified replication and archival
targets, has access to the data from that source. After you grant Polaris access to your Rubrik
cluster, Polaris only has access to the events, reports, and other metadata from that Rubrik cluster.
What is Polaris?
Polaris is software as a service (SaaS). That means that your licensed use of the service provides
all of the functionality of the product without any maintenance requirements.
Is outbound Internet access required?

Yes. In order to manage a Rubrik cluster through Polaris, the Rubrik cluster must establish an
outbound connection over the Internet to Polaris.
Can the Support Tunnel proxy configuration be used by a Rubrik cluster to connect
with Polaris?
No. The Rubrik cluster connects directly to Polaris through the Internet.
Is there a maximum number of Rubrik clusters that can be managed through

Polaris?
No. The Polaris service is designed to be scaled out and does not have a limit on the number of
Rubrik clusters that can be managed.
Where is Polaris located?

The Polaris service runs in the Rubrik cloud located in the United States of America and Europe.
Other geographical regions are under consideration as additional locations for Polaris.
How are new features added to Polaris?

Since Polaris is a SaaS product, Rubrik maintains and improves the service without any effort on
your part. You see new features and upgrades to the service the first time that you log in to your
Polaris domain after Rubrik deploys a service change.
How is my data secured?

“Security” describes data security in Polaris.
Rubrik Polaris User Guide Common questions 15

Chapter 2
Security
This chapter describes data security in Rubrik Polaris.

 Security overview ..................................................................................................... 17
 Security questions .................................................................................................... 18
Rubrik Polaris User Guide Security 16

Security
Security overview
Rubrik Polaris provides end-to-end security for your data management information.
Polaris offers a multi-layered security approach that ensures the safety and privacy of your
applications and data.
Table 3 describes the security benefits Polaris provides for your data management information.
Table 3 Security Benefit
Benefit Description
Secure access • All user authentication requires and enforces the use of strong passwords.
• Detects brute-force attacks and blocks credentials identified in security breaches.
• Protects customer data from common SaaS security issues, such as session
hijacking, script insertion and cross-site-request-forgery.
Secure connection • Allows users the access from Polaris to manipulate the data on your Rubrik
clusters, exclusively over HTTPS using TLS v1.2 only.
• Requires strong ciphers with forward secrecy for all connections and uses a
strong access key for authentication with your Rubrik clusters.
Encryption-in-flight • All communication internally in Polaris and externally with CDM is encrypted with
the use of TLS v1.2 and strong ciphers with forward secrecy.
• Each request is individually authenticated and authorized with a strong
permission model.
Data security • Does not access the data on your Rubrik clusters or the objects that are protected
by your Rubrik clusters.
• Exclusively works with metadata from your Rubrik clusters, for example: object
size, type, location, and time. No customer data leaves the data center.
• Meets strict data compliance requirements.
Encryption-at-rest • Stores and encrypts data with AES-256 encryption using symmetric key algorithm
and keys sized at 256 bits.
• Protects customer data against physical security breaches.
• Encrypts and decrypts data and files.
Data isolation • Isolates individual customer data into logically partitioned databases.
• Prevents potential data leakage and preserves data privacy among different
customers.
Data residency • Provisions Polaris instance based on the geographical location of customer data
or data center.
• Addresses strict regulatory and compliance requirements different geographical
locations require.
Rubrik Polaris User Guide Security overview 17

Security
Security questions
What are the outbound ports and endpoints that must be opened to Polaris?
Polaris requires that each Rubrik cluster opens an outbound connection through port 443 to get
access to https://<subdomain>.my.rubrik.com, https://accounts.google.com, and
https://googleapis.com.
Enable these outgoing connections in your proxy and/or firewall settings.
What protocol (s) for data transmissions between Polaris and your Rubrik
clusters?
Polaris uses HTTPS to transmit data between Polaris and your Rubrik clusters.
If SSL proxy is enabled, HTTPS traffic might be intercepted and provides an invalid certificate.
Configure your proxy settings to bypass the domains that are connected to Polaris.
How is my data in Polaris kept secure?

Polaris stores and encrypts customer data in separate databases. Polaris also adds in-flight
encryption to all communication between Polaris and your Rubrik clusters, including back-end
services.
What user account does Polaris use to connect to your Rubrik clusters?
Polaris creates a special system user with full privileges on your Rubrik clusters. Polaris makes
Rest API calls as this system user. The system user events are considered system internal
events and are not shown in Polaris events.
Rubrik Polaris User Guide Security questions 18

Chapter 3
Getting started with Polaris
This chapter describes the tasks that will get you started with Polaris.
 Overview ................................................................................................................. 20
 Polaris domain user accounts..................................................................................... 20
 Rubrik clusters on Polaris .......................................................................................... 24
Rubrik Polaris User Guide Getting started with Polaris 19

Overview
Getting started with Rubrik Polaris involves two simple tasks: adding authorized user accounts and
adding Rubrik clusters.
Rubrik sets up the initial user account for your Polaris domain and sends an email invitation to the
primary administrator on your account. After setting up the first account, the administrator can
invite other users to set up accounts on the domain.
Any account in your Polaris domain can then add Rubrik clusters to the domain. Adding Rubrik
clusters involves copying a single-use token from the Polaris UI and providing it as part of Polaris
setup on the Rubrik cluster being added.
Polaris uses HTTPS to transmit data between Polaris and your Rubrik clusters. Polaris requires that
each Rubrik cluster opens an outbound connection through port 443 to get access to
https://<subdomain>.my.rubrik.com, https://accounts.google.com, and https://googleapis.com.
Enable these outgoing connections in your proxy and/or firewall settings.
Polaris domain user accounts

Only authorized user accounts can access your Polaris domain. There are two methods of adding a
user account, but all accounts have the same level of administrative privileges.
To get things started, Rubrik sends an email to the email address of the person who is listed in our
records as the primary technical administrator for your company. The email contains a link to your
new Polaris domain and instructions on how to set up the first account.
The FQDN of your new domain takes the form:
<your_domain>my.rubrik.com
where <your_domain> is the unique name selected for your Polaris domain.
Rubrik selects a domain name that represents your company and is unique in the my.rubrik.com
parent domain.
After setting up the initial account, the administrator can add additional accounts. Each account
that is added has the same privileges as the initial administrator account.
Adding the initial account

Use the instructions in the email sent from Rubrik to set the initial account for your Polaris domain.
Before you begin — Contact Rubrik and request a Polaris account for your company; wait for the
set up email.
1. In the Polaris set up email, click Continue.
The ‘Welcome to Polaris’ login page appears.
Rubrik Polaris User Guide Overview 20

2. In Email, type the email address of the primary technical administrator for your company.
Type the same email address that the Polaris set up email was sent to.
3. In Password, type a password for the new account.
Information on password constraints can be found at “Polaris password constraints”.
Polaris accepts the password and activates the Login button.
4. Click Login.
The Rubrik Polaris end user license agreement (EULA) appears.
5. Read the EULA, scrolling through to the end of the document.
The accept button becomes active.
6. Click I accept these terms and conditions.
Every user of Rubrik Polaris must accept the terms and conditions of the EULA.
To decline, click I decline and would like to be logged out. If you decline the EULA, Polaris
does not create your user account.
After you accept the EULA, Polaris stores your account credentials, opens your Polaris domain, and
the dashboard page appears.
Polaris password constraints

Polaris requires that the password have at least eight characters, with at least three of the
following character types:
 Lower case letters
 Upper case letters
 Integers
 ASCII special characters
Adding additional accounts

Your initial Polaris user account, and every subsequently added user account, can use the Invite
users process to add additional users.
Before you begin — Add at least one user account to your Polaris domain.
1. Log in to your Polaris domain.
2. Click the silhouette icon in the upper-right corner.
The account menu appears.
Rubrik Polaris User Guide Polaris domain user accounts 21

3. Click Invite users.

The Invite users dialog box appears.
4. In Email, type an email address.
The email address must be syntactically correct, using the basic form: bob@example.com
5. Click Invite.
When a Polaris user account with the specified email address already exists, or when an
invitation has already been sent to the specified email address, the following message appears:
‘User exists or has already been invited’.
Polaris sends the invitation to the specified email address and the following message appears:
‘Invitation sent’.
The recipient receives an email from support@rubrik.com with the title: ‘Polaris Password
Reset’.
6. In the email, click Continue.
The ‘Welcome to Polaris’ login page appears.
7. In Email, type the email address.
Type the same email address that the Polaris Password Reset email was sent to.
8. In Password, type a password for the new account.
Polaris accepts the password and activates the Login button.
9. Click Login.
The Rubrik Polaris end user license agreement (EULA) appears.
10.Read the EULA, scrolling through to the end of the document.
The accept button becomes active.
11.Click I accept these terms and conditions.
Every user of Rubrik Polaris must accept the terms and conditions of the EULA.
To decline, click I decline and would like to be logged out. If you decline the EULA, Polaris
does not create your user account.
Polaris stores the account credentials, opens your Polaris domain, and the dashboard page
appears.

Logging out
Log out of your Polaris session to ensure that Polaris immediately closes the session.
1. In the Polaris web UI, click the silhouette icon in the upper-right corner.
2. Click Logout.
Polaris closes the session and logs you out.
Changing your password

Change your password regularly to protect your Polaris account. You can also change your
password when you have forgotten what it is.
1. Open your Polaris login page.
Use the URL: <your_domain>my.rubrik.com
where <your_domain> is the unique name selected for your Polaris domain.
2. On the Login page, click Forgot Password.
The Reset Password view appears.
3. In Email, type your email address.
4. Click Submit.
Polaris sends a password reset email.
5. Open the email and click Continue.
The New password page appears in your browser.
6. In New Password, type a new password for your account.
7. In Confirm Password, type the same password.
8. Click the continue icon.
Polaris stores the new password, opens your Polaris domain, and the dashboard page appears.

Rubrik clusters on Polaris

Polaris GPS provides you the ability to monitor any of your Rubrik clusters through your Polaris
domain.
Add your Rubrik clusters to your Polaris domain to enable Polaris features for the Rubrik clusters.
Rubrik clusters include all of the following Rubrik CDM instance types describe in Table 4.
Table 4 Rubrik CDM instance types supported by Polaris GPS
Instance type Rubrik CDM host
Rubrik cluster appliance Hardware cluster
Rubrik Edge vSphere virtual machine
Rubrik Air vSphere virtual machine
Rubrik cloud cluster on AWS Cluster of four or more Amazon Machine Images running on AWS
Rubrik cloud cluster on Azure Cluster of four or more virtual machines running on Azure
By adding a Rubrik cluster to your Polaris domain, you establish a secure, authenticated,
connection between the Rubrik cluster and the Polaris domain. The Rubrik cluster always initiates
the connection, so inbound access from the Polaris domain is not required. The connection
provides the Polaris domain with read-only access to the data management information on the
Rubrik cluster.
Adding a Rubrik cluster involves two simple tasks. First, obtain a single-use token from your
Polaris domain. Then, configure the Rubrik cluster to use the token to authenticate and secure an
ongoing connection with your Polaris domain.
Adding a Rubrik cluster to your Polaris domain

Add a Rubrik cluster to your Polaris domain to enable Polaris features for that Rubrik cluster.
1. Log in to your Polaris domain.
2. Click Clusters in the navigation bar.
The Clusters page appears.
3. Click +.
The Add a new cluster dialog box appears.
4. In the Copy single-use token section, click Copy to clipboard.
The Copy single-use token section provides a single-use token. The Copy to clipboard control
simplifies the process of selecting and copying the token.
The browser copies the token to the clipboard of your computer.
Rubrik Polaris User Guide Rubrik clusters on Polaris 24

5. Click Done.
The Add a new cluster dialog box closes.
6. Log in to the Rubrik cluster using an administrator account.
Use the administrator account or one with equal privileges.
7. Click  on the top bar of the web UI.
The Settings menu appears.
8. Click Cluster Settings.
The Cluster Settings page appears.
9. In Global Cluster Manager Token, paste the token from your clipboard.
10.In Cluster Location, type a location for the Rubrik cluster.
The field takes a string value. To permit mapping of the location on the Polaris dashboard map,
provide an address-type value that can be interpreted by a mapping application.
11.Click Update.
The Rubrik cluster saves the values and begins to establish a secure connection with your
Polaris domain.
After a secure connection is established with your Polaris domain, the Rubrik cluster appears on
the Polaris Clusters page. Polaris begins to pull statistical data from the Rubrik cluster as soon as
the connection is established and continues to update the displayed information as the data is
pulled.
Rubrik Polaris User Guide Rubrik clusters on Polaris 25

Chapter 4
Single Sign-On
This chapter describes how to configure Single Sign-On in Rubrik Polaris.

 Single Sign-On overview............................................................................................ 27
 Authentication process .............................................................................................. 27
 Configuration workflow for ADFS ............................................................................... 28
 Configuration workflow for Okta ................................................................................ 34
 Configuration workflow for Azure Active Directory ....................................................... 40
 Testing Single sign-on connection .............................................................................. 46
 Disabling Single sign-on ............................................................................................ 47
Rubrik Polaris User Guide Single Sign-On 26

Single Sign-On
Single Sign-On overview

Rubrik Polaris provides a single sign-on feature that simplifies user authentication. Single sign-on
allows users to log in to one software system and to securely gain access to other independent
software systems, without further log in.
With Polaris single sign-on (SSO), users logging in to your Polaris domain are authenticated
through your LDAP or Active Directory servers. Single sign-on simplifies user authentication with a
single user name and password to grant access to Rubrik Polaris. Single sign-on SAML v2.0
ensures a secure exchange of user security information. Rubrik Polaris uses XML-based encryption
and decryption to protect authentication responses and requests between the Identity Provider
(IdP) and Service Provider (SP).
Rubrik Polaris uses the identity provider services of either an Active Directory Federation Services
(ADFS), Okta system, or Microsoft Azure Active Directory, to resolve authentication requests.
Rubrik Polaris acts as the service provider that provides web services to users.
Authentication process
Rubrik Polaris works with an identity provider system to enable single sign-on through an
authentication process.
Rubrik Polaris supports SAML web single sign-on profile with HTTP POST bindings to manage user
authentication between the identity provider system and Rubrik Polaris.
Rubrik Polaris works with identity provider systems to provide single sign-on through the following
process.
1. The user accesses Rubrik Polaris.
2. Rubrik Polaris identifies the user’s origin and sends a redirect to the user’s browser.
3. Rubrik Polaris generates an encoded SAML authentication request and includes it in the redirect
URL.
4. When the browser has an active session with the identity provider system, the identity provider
system decodes the SAML authentication request and extracts the user’s destination URL.
5. The identity provider system requests the user for his credentials and authenticates the user.
6. The identity provider system sends Rubrik Polaris an authentication response containing a
signed and encoded SAML assertion.
7. Rubrik Polaris retrieves and verifies the authentication response using the certificate
fingerprint.
8. Rubrik Polaris grants access and redirects the browser to the requested destination URL.
Rubrik Polaris User Guide Single Sign-On overview 27

Single Sign-On
ADFS Prerequisite
Check that the version of the ADFS system installed on your server is supported on your Windows
Server version, as described in Table 5.
Table 5 describes ADFS version supported on different Windows Server version.
Table 5 Supported ADFS version on Window Server
ADFS version Windows Server version
ADFS 2.0 Windows Server 2008 and Windows Server 2008 R2
ADFS 2.1 Windows Server 2012
Configuration workflow for ADFS

To configure single sign-on with Rubrik Polaris, complete each configuration workflow task.
The configuration workflow involves tasks on the identity provider server and on Rubrik Polaris.
Complete the tasks in the order specified in this workflow. Each workflow stage references a
detailed task, complete the steps in a task before moving to the next stage in the workflow.
To configure and set up ADFS, complete the tasks in the following order:
1. “Uploading the identity provider metadata file”
2. “Retrieving the Rubrik Polaris metadata file”
3. “Adding a relying party trust on ADFS”
4. “Creating custom claim rules on ADFS”
5. “Adjusting the trust settings on ADFS”
6. “Testing Single sign-on connection”
Uploading the identity provider metadata file

Upload the identity provider metadata file to Rubrik Polaris to provide information for establishing
a secure connection.
Rubrik Polaris User Guide Configuration workflow for ADFS 28

Single Sign-On
The identity provider metadata file contains the issuer’s name, expiration information, and keys
that can be used to validate the SAML authentication response that are received from the identity
provider.
1. Log in to the Polaris web UI.
3. Click System preferences.
The System preferences page appears.
4. On the left pane of the Polaris web UI, click SAML.
The SAML configuration page appears.
Note: To avoid interruption of the single sign-on service, in the next step, ensure that the upload
occurs before the expiration specified for the metadata file.
5. Drag and drop a new identity provider metadata file onto the page to start the upload.
Alternatively, you can browse for and select the file to replace an existing file.
The browser uploads the file to Rubrik Polaris, and the information appears on the page.
Next task — Retrieve the Rubrik Polaris metadata file, as described in “Retrieving the Rubrik
Polaris metadata file”.
Retrieving the Rubrik Polaris metadata file

Use the Polaris web UI to download the Rubrik Polaris metadata file to add Rubrik Polaris as a
trusted entity.
Rubrik Polaris User Guide Retrieving the Rubrik Polaris metadata file 29
Single Sign-On
5. Click Download to download the Rubrik metadata file.

Rubrik Polaris downloads the selected file and saves it to your computer.
When the file download is ready, a message that links to the download appears. Rubrik Polaris
displays the entity ID, Rubrik security token consumer URL, and Rubrik public certificate.
Next task — Add a relying party trust on ADFS, as described in “Adding a relying party trust on
ADFS”.
Adding a relying party trust on ADFS

The ADFS system creates a relying party trust which enables Rubrik Polaris to establish a secure
connection with the ADFS system.
Rubrik recommends using an issuance authorization rule that allows all users to access Rubrik
Polaris through single sign-on, as described in step 8. Alternatively, create an access control policy
with more restrictive rules to permit or deny users based on an incoming claim. Microsoft
reference in how to create a rule to permit or deny users can be found at Create a Rule to Permit
or Deny Users Based on an Incoming Claim.
Before you begin — Make sure you have the following:
• An Active Directory domain administrator account.
• ADFS installed and running on your server. Refer to the ADFS documentation for
information on how to install ADFS on your server.
• The value for the FederationMetadata.xml URL noted in the Endpoint section of the ADFS
management console.
1. On the server running ADFS, launch the ADFS management console.
2. From the navigation pane, expand Trust Relationships.
3. Right-click on Relying Party Trust, and select Add Relying Party Trust.
The Welcome page appears.
4. Click Start.
The Select Data Source page appears.
5. Select Import data about the relying party from a file, and click Browse to find and
select the metadata file location.
The ADFS system imports the Rubrik metadata file.
6. Click Next.
The Specify Display Name page appears.
Rubrik Polaris User Guide Adding a relying party trust on ADFS 30

Single Sign-On
7. Type a Display name, such as Rubrik_Polaris, and click Next.

The Choose Issuance Authorization Rules page appears.
Optionally, you can add information to the Notes section.
8. Select Permit all users to access this relying party, and click Next.
This issuance authorization rule allows all users to access Rubrik Polaris through single sign-on.
The Ready to Add Trust page appears.
9. Review your settings, and click Next.
When the relying party trust is added successfully to the ADFS configuration database, the
Finish page appears.
10.Select Open the Edit Claim Rules dialog for this relying party trust when the wizard
closes, and click Close.
The Edit Claim Rules dialogue appears, with the Issuance Transform Rules tab selected.
Next task — Create custom claim rules on ADFS, as described in “Creating custom claim rules on
ADFS”.
Creating Active Directory security groups

To integrate SSO authentication with Polaris, create dedicated security groups on the Active
Directory.
Create generic security groups or Rubrik-specific security groups by naming them with the prefix
“rubrik” to identify these groups easily. Then, assign users who require access to Polaris to the
appropriate groups. Once Polaris identifies the groups and their users, Polaris applies access
control to these users. Microsoft reference on how to configure Active Directory security groups
can be found in Active Directory Groups.
Rubrik Polaris User Guide Creating Active Directory security groups 31

Single Sign-On
Creating custom claim rules on ADFS

Create custom rules from claim rule templates available in the Add Transform Claim Rule Wizard.
Group membership custom rule

Rubrik recommends using custom rules to create group memberships to avoid situations when
users are denied access to resources if the SID for the group which allows them access was not
successfully included in the packet. Configure a custom rule to create a subset of groups as claims
and to create a filter with a group-specific filter, as described in step 12.
Microsoft reference in how to configure a custom rule to send claims can be found at:
Create a Rule to Send Claims Using a Custom Rule
Before you begin — Note the following three rules that are required:
 Custom email rule, as described in step 1 to 6.
 Custom group rule, as described in step 7 to 15.
 Custom group filter rule, as described in step 16 to 19.
“Adding a relying party trust on ADFS” is a prerequisite to create custom claim rules on ADFS.
1. In the Edit Claim Rules dialogue, under the Issuance Transform Rules tab, click Add Rule.
The Select Rule Template page appears.
2. Select Send Claims Using a Custom Rule from the Claim rule template drop-down and click
Next.
The Configure Rule page appears.
3. Type a Claim rule name, such as “email” as the rule name for the email rule.
Rubrik Polaris uses the email rule to identity users with their email addresses.
4. In Custom rule, add a custom rule. Rubrik provides a recommended rule in the “Custom
email rule” string available on GitHub at SSO ADFS configuration strings.
5. Click Finish.
6. In the Edit Claim Rules dialog, click OK to save the rule.
7. Click Add Rule.
The Select Rule Template page appears.
Alternatively, you can create an all-group attribute statement to include all groups
Rubrik Polaris User Guide Creating custom claim rules on ADFS 32

Single Sign-On
8. Select Send Claims Using a Custom Rule from the Claim rule template drop-down, and
click Next.
The Configure Rule page appears.
9. Type a Claim rule name, such as “all-groups” as the rule name for the all groups rule.
10.Click Finish.
11.In the Edit Claim Rules dialog, click OK to save the rule.
12.To configure a subset of groups as claims, create custom rules to define a subset of groups.
For instance, create a subset of groups with the prefix “RubrikGroup” to identify groups that
have access to Rubrik Polaris.
13.In Custom rule, add a custom rule. Rubrik provides a recommended “Custom group rule”
string available on GitHub at SSO ADFS configuration strings.
Make sure the entire value is copied and pasted as a single line without additional line breaks
14.Click Finish.
16.When a custom rule for a subset of groups is configured, create a rule to filter rubrik-only
groups, type a Claim rule name, such as “rubrik-groups” as the rule name for the rubrik-only
groups rule.
17.If you have created a security group with the prefix “rubrik”, in Custom ru;’le, copy and paste
the “Custom group filter rule security group with ‘rubrik’ prefix” string available on GitHub at
SSO ADFS configuration strings.
If you do not have a specific security group, in Custom rule, copy and paste the “Custom
group filter rule generic security group” string available on GitHub at SSO ADFS configuration
strings.
The "^" denotes the inclusion of values beginning with the set value.
Rubrik recommends the creation of dedicated security groups on Active Directory for SSO
integration with Polaris. Information on Rubrik’s recommendation on creating Active Directory
security groups can be found at “Creating Active Directory security groups”.
18.Click Finish.
The Edit Claims Rule pages appears.
20.Click Apply > OK.
The ADFS system applies the claims rules and returns to the Relying Party Trusts page.
Rubrik Polaris User Guide Creating custom claim rules on ADFS 33

Single Sign-On
Rubrik Polaris identifies the claims from the ADFS system and establishes the trust between Rubrik
Polaris and the ADFS system.
Next task — Adjust trust settings on ADFS, as described in “Adjusting the trust settings on ADFS”.
Adjusting the trust settings on ADFS

Adjust trust settings to ensure the relying party trust functions properly.
This configuration continues from the last step in “Creating custom claim rules on ADFS”.
1. Right-click your relying party trust and select Properties.
The Properties page appears.
2. Select the Advanced tab.
3. Accept the default SHA-256 from the Secure hash algorithm drop-down and click OK.
4. Select the Signature tab and verify that the Rubrik public certificate is imported and listed,
then click OK.
5. Select the Endpoints tab.
6. Verify that the SAML Assertion Consumer Endpoints is set to the Rubrik Polaris endpoint.
For instance, the endpoint can be https://rubrik.auth0.com/login/callback?connection=xxxxxx.
7. Verify that the SAML Logout Endpoints is set to the Rubrik Polaris endpoint.
For instance, the endpoint can be https://rubrik.auth0.com/logout.
Next task — Test single sign-on connection, as described in “Testing Single sign-on connection”.
Configuration workflow for Okta

Rubrik Polaris User Guide Adjusting the trust settings on ADFS 34

Single Sign-On
To configure and set up Okta, complete the tasks in the following order:
1. “Configuring a SAML application on Okta”
2. “Downloading the identity provider metadata file on Okta”
3. “Uploading the identity provider metadata file”
4. “Retrieving the Rubrik Polaris metadata file for Okta”
5. “Editing the SAML application on Okta”
6. “Assigning an Okta SAML application”
Configuring a SAML application on Okta

The Okta system creates a SAML application which enables Rubrik Polaris to establish a secure
connection with the Okta system.
On the Okta administration console, creates a SAML application to enable Rubrik Polaris to
establish a secure connection with the Okta system.
Before you begin — Make sure you have an Okta administrator account. Make sure you are on
the Classic UI configuration page.
1. In a web browser, go to the Okta administration portal.
2. Click the gear icon on the top bar of the web UI to select Classic UI.
3. On the top menu of the Okta administration portal, click Applications.
The Add Application menu appears.
4. Click Create New App.
The Create a New Application Integration page appears.
5. Select Web from the Platform drop-down.
6. Select SAML 2.0 as the Sign on method.
7. Click Create.
The General Settings page appears.
8. Type an App name, and click Next.
The SAML Settings page appears.
Rubrik Polaris User Guide Configuring a SAML application on Okta 35

Single Sign-On
9. Under General, in Single sign on URL, type a URL.

The single sign on URL can be a placeholder value, which will be replaced with the value
extracted from the identity provider metadata file after the file is downloaded at a later step.
10.Check that the Use this for recipient URL and destination URL option is selected.
11.In Audience URI, type a URL.
The Audience URI is the service provider entity ID that identifies Rubrik as the service provider.
The Audience URI can be a placeholder value, which will be replaced with the value extracted
from identity provider metadata file after the file is downloaded at a later step.
12.Click Show Advanced Settings.
The Advanced Settings expand.
13.In Enable Single Logout, select Allow application to initiate Single Logout.
The Single Logout URL and SP Issuer fields become available.
14.In Single Logout URL, type a URL.
The Single logout URL can be a placeholder value, which will be replaced with the value
extracted from the identity provider metadata file after the file is downloaded at a later step.
15.In SP Issuer, type a name.
The SP issuer name can be a placeholder value, which will be replaced with the value extracted
from the identity provider metadata file after the file is downloaded at a later step.
16.Copy the certificate, without formatting, and paste it into a plain text editor.
Include the BEGIN and END lines in the copied text.
The “CA certificate” is available on GitHub at SSO Okta configuration strings.
17.Save the plain text file as polaris.pem.
18.In Signature Certificate, browse for polaris.pem, select it, and click Upload Certificate.
A success message appears when the certificate upload is successful.
19.Click Next.
The Feedback page appears.
20.Provide an answer for Are you a customer or partner.
21.Click Yes, my app integration is ready for public use in the Okta Application
Network.
22.Click Finish.
Rubrik Polaris User Guide Configuring a SAML application on Okta 36

Single Sign-On
Okta creates the SAML application with the configured general settings, the new application
appears on the Applications list.
Next task — Download the metadata file on Okta, as described in “Downloading the identity
provider metadata file on Okta”.
Downloading the identity provider metadata file on Okta

Use the Okta administration console to download the Okta metadata file.
that can be used to validate the SAML authentication response received from the identity provider.
3. Click the Sign On tab.
The Settings page with the link: “Identity Provider metadata is available if this application
supports dynamic configuration” appears.
4. Click Identity Provider metadata to download the Okta metadata file.
The browser downloads the metadata file to your computer.
Next task — Upload the identity provider metadata file for Okta, as described in “Uploading the
identity provider metadata file for Okta”.
Uploading the identity provider metadata file for Okta

Upload the identity provider metadata file to Rubrik Polaris to provide information for establishing
a secure connection, as described in “Uploading the identity provider metadata file”.
Polaris metadata file”.
Retrieving the Rubrik Polaris metadata file for Okta

trusted entity, as described in “Retrieving the Rubrik Polaris metadata file”.
Next task — Make changes to the SAML settings on Okta, as described in “Editing the SAML
application on Okta”.
Rubrik Polaris User Guide Downloading the identity provider metadata file on Okta 37
Single Sign-On
Editing the SAML application on Okta

Make changes to the SAML settings to replace the initial placeholder values used, as described in
“Uploading the identity provider metadata file”.
3. Click on the application that was previously created for Polaris.
The application details page appears.
4. Click the General tab.
5. Scroll down to SAML Settings, and click Edit.
The Edit SAML Integration page appears.
6. From the Rubrik Polaris metadata file, use the XPath element to extract the Single sign on
URL.
7. Replace the placeholder value using the “Single sign on URL” query available on GitHub at SSO
Okta configuration strings.
8. From the Rubrik Polaris metadata file, use the xPath element to extract the Audience URL
(SP Entity ID).
9. Replace the placeholder value using the “Audience URL” query available on GitHub at SSO Okta
configuration strings.
10.In Name ID format, select EmailAddress.
11.Click Show Advanced Settings.
The Advanced Settings expand.
12.In Application username, select Email.
13.From the Rubrik Polaris metadata file, use the XPath element to extract the Single Logout
URL.
14.Replace the placeholder value using the Single logout URL” query available on GitHub at SSO
15.From the Rubrik Polaris metadata file, use the xPath element to extract the SP Issuer and
replace the placeholder value. Use the “SP issuer” query available on GitHub at SSO Okta
configuration strings.
16.From the Rubrik Polaris metadata file, use the xPath element to extract the Signature
Certificate.
Rubrik Polaris User Guide Editing the SAML application on Okta 38

Single Sign-On
17.Replace the placeholder value using the “Signature certificate” query available on GitHub at
SSO Okta configuration strings.
18.Copy the certificate, without formatting, and paste it into a plain text editor.
Include the BEGIN and END lines in the copied text.
19.Save the plain text file as signature_certificate.pem.
20.In Signature Certificate, browse for signature_certificate.pem, select it, and click Upload
Certificate.
A success message appears when the certificate upload is successful.
21.Under Attribute Statements, in Name, copy and paste the value “Attribute statement”
available on GitHub at SSO Okta configuration strings.
This is a mandatory attribute statement for Rubrik Polaris to identify users with their email
addresses.
22.In Value, type user.email as the name for this email attribute statement.
23.Under Group Attribute Statements, in Name, copy and paste the “Group attribute
statements” string to create a group-specific attribute statement available on GitHub at SSO
Rubrik recommends configuring a group-specific attribute statement to create group
memberships to avoid situations when users are denied access to resources if the SID for the
group which allows them access was not successfully included in the packet. Configure a
custom rule to create a subset of groups as claims and to create a filter with a group-specific
filter.
24.In Filter, select Matches regex and type "^rubrik.*".
Rubrik recommends configuring a filter with a group-specific parameter to filter claims based
on group membership.
25.Under Group Attribute Statements, in Name, copy and paste the string to create an
all-group attribute statement available on GitHub at SSO Okta configuration strings.
Alternatively, you can create an all-group attribute statement to include all groups.
26.In Filter, select Matches regex and type ".*".
Alternatively, you can configure a filter that include values matching the all-group attribute
statement.
27.Click Next.
28.Provide an answer for Are you a customer or partner.
29.Click Yes, my app integration is ready for public use in the Okta Application
Network.
Rubrik Polaris User Guide Editing the SAML application on Okta 39

Single Sign-On
30.Click Finish.
Okta updates the SAML application with the new settings.
Once the SAML application is updated successfully, the application page appears.
Next task — Assign the SAML application to users or groups on Okta, as described in “Assigning an
Okta SAML application”.
Assigning an Okta SAML application

You can assign an Okta SAML application to users or groups in order to grant them access to the
Rubrik Polaris using single sign-on access to Rubrik Polaris.
Only assigned users and groups can access Rubrik Polaris using single sign-on.
3. Click on the application created earlier.
The application details page appears.
4. Click the Assignments tab.
5. Click Assign to People or Assign to Groups.
Configuration workflow for Azure Active Directory

To configure and set up Azure Active Directory, complete the tasks in the following order:
1. “Configuring a SAML application on Azure SAML enterprise application”
2. “Downloading the Azure metadata file”
3. “Uploading the Azure metadata file”
4. “Retrieving the Rubrik Polaris service provider metadata file for Azure”
5. “Configuring single sign-on for Azure Active Directory”
6. “Editing the SAML application on Azure”
Rubrik Polaris User Guide Assigning an Okta SAML application 40

Single Sign-On
7. “Creating roles for Azure”

8. “Assigning an Azure SAML application”
Configuring a SAML application on Azure SAML enterprise

application
The Azure system creates a SAML application which enables Rubrik Polaris to establish a secure
connection with the Microsoft Azure system.
On the Microsoft Azure Portal, create a SAML application to enable Rubrik Polaris to establish a
secure connection with the Azure system.
Before you begin — Make sure you have an Azure account with an appropriate subscription that
supports single sign-on configuration.
1. In a web browser, go to the Azure Portal.
2. On the Azure Portal menu, select Azure Active Directory.
The Default Directory - Overview page appears.
3. On the left-side menu, click Enterprise applications.
The Enterprise applications - All applications page appears.
4. Select the active directory to use as the identity provider.
5. On the left-side menu, click Enterprise Applications.
The Enterprise applications overview blade appears.
6. On the top menu, click + New application to create a new SAML application.
The Categories blade appears.
7. Click Non-gallery application to add the SAML application that is not available in the gallery.
The Add your own application blade appears.
8. Type a name for the application, such as Polaris.
9. Click Add.
Once the SAML application is created successfully, the application overview page appears.
Next task — Download the metadata file on Azure, as described in “Downloading the Azure
metadata file”.
Rubrik Polaris User Guide Configuring a SAML application on Azure SAML enterprise application 41
Single Sign-On
Downloading the Azure metadata file

Use the Azure Portal to download the Azure metadata file.
that can be used to validate the SAML authentication response received from the identity provider.
5. On the left-side menu, click Single sign-on.
The Single sign-on page appears.
6. Select SAML-based Sign-on from the Single Sign-on Mode drop-down.
7. Scroll down to SAML Signing Certificate, and click Metadata XML to download the Azure
metadata file.
The browser downloads the metadata file to your computer.
Next task — Upload the identity provider metadata file for Azure, as described in “Uploading the
Azure metadata file”.
Uploading the Azure metadata file

Upload the Azure metadata file to Rubrik Polaris to provide information for establishing a secure
connection, as described in “Uploading the identity provider metadata file”.
Polaris service provider metadata file for Azure”.
Rubrik Polaris User Guide Downloading the Azure metadata file 42

Single Sign-On
Retrieving the Rubrik Polaris service provider metadata file

for Azure
trusted entity, as described in “Retrieving the Rubrik Polaris metadata file”.
Next task — Set up single sign-on for Azure, as described in “Configuring single sign-on for Azure
Active Directory”.
Configuring single sign-on for Azure Active Directory

Configure single sign-on between Azure Active Directory and Polaris.
The Single Sign-on page appears.
6. In Domain and URLs, click Upload metadata file.
The Upload a configuration file page appears.
7. Browse for the Rubrik Polaris metadata file, and click Upload.
Once the upload is successful, Azure extracts and fills in the identifier and reply URL.
Next task — Make changes to the SAML settings on Azure, as described in “Editing the SAML
application on Azure”.
Rubrik Polaris User Guide Retrieving the Rubrik Polaris service provider metadata file for Azure 43
Single Sign-On
Editing the SAML application on Azure

Make changes to the SAML settings to replace the initial placeholder values used in attributes, as
described in “Uploading the identity provider metadata file”.
The Single Sign-on page appears.
6. Under User Attributes, select the View and edit all other user attributes option.
The SAML Token Attributes section appears with several placeholder attributes.
7. Click on the placeholder “emailaddress” attribute, click the silhouette icon to the right, and click
Delete.
8. Click Add Attribute to create a new email address attribute.
The Add Attribute blade appears.
9. Type emailaddress as the Name, user.userprincipalname as the Value, and
http://schemas.xmlsoap.org/ws/2005/05/identity/claims as the Namespace, and
click Ok.
Azure creates the email address attribute and returns to the single sign-on page.
10.Click Add Attribute to create a new group attribute.
The Add Attribute blade appears.
11.Type Group as the Name, user.assignedroles as the Value, and
http://schemas.xmlsoap.org/claims as the Namespace, and click Ok.
Azure creates the group attribute and returns to the single sign-on page.
12.On the top menu, click Save.
Once the SAML application is updated successfully, a success message appears.
Next task — Create custom roles for better access control, as described in “Creating roles for
Azure”.
Rubrik Polaris User Guide Editing the SAML application on Azure 44

Single Sign-On
Creating roles for Azure

To enhance access control, create custom roles to be passed back from Azure Active Directory to
Polaris.
This configuration is mandatory for role-based access control (RBAC) in Azure single sign-on
services.
Rubrik recommends creating custom application roles in the Azure Active Directory for roles
created on Polaris, such as Polaris administrator, Polaris auditor. Microsoft reference in how to
configure a role claim issued in the SAML token can be found at:
How to: Configure the role claim issued in the SAML token for enterprise applications
Use the suggested “Role template” to create the roles, replace the values listed as <placeholder>
using the value available on GitHub at SSO Azure configuration strings.
Once roles are added, assign users or groups that you want to have access to Polaris to the
appropriate roles.
Next task — Assign an Azure SAML application to users or groups, as described in “Assigning an
Azure SAML application”.
Assigning an Azure SAML application

Assign an Azure SAML application to users or groups in order to grant them access to the Rubrik
Polaris using single sign-on access.
Only assigned users and groups can access Rubrik Polaris using single sign-on. Azure only grants
access to Polaris by issuing a token to users or groups, either directly or through a group
membership.
1. In a web browser, go to the Azure portal.
5. On the left-side menu, click Users and groups.
The Users and groups page appears.
Rubrik Polaris User Guide Creating roles for Azure 45

Single Sign-On
6. On the top menu, click + Add user to create new users.

The Add Assignment blade appears.
7. Click Users and groups and select the user or group to be granted access to Polaris.
8. Click Select.
The selected member appears in the Selected members section.
9. Click Select Role.
The Select Role blade appears.
10.Click Assign.
Azure assigns the role to the selected user.
The users and groups page appears and lists the object type and role assigned to the assigned
user or group.
Testing Single sign-on connection

Initiate testing of the single sign-on configuration. Rubrik Polaris requires a successful test before
enabling single sign-on.
When the uploading of the identity provider metadata file is successful, the Test SSO button
becomes active.
Rubrik Polaris User Guide Testing Single sign-on connection 46

Single Sign-On
5. Click the Test SSO button.

Rubrik Polaris tests the single sign-on connection.
Rubrik Polaris initiates a new tab on the browser. The identity provider system login page
appears.
6. Type the user name and password for the registered account on the identity provider system.
When the credentials entered match the identity provider credentials, the identity provider
system displays the SSO test successful status.
If the connection test fails, verify your configuration and retry the test. If the connection test
failure persists, contact Rubrik Support for assistance.
Disabling Single sign-on

Disable single sign-on by removing the configured identity provider from Rubrik Polaris.
Once single sign-on is disabled, the issued token will expire in 24 hours. Users who are logged in
to Rubrik Polaris can access Rubrik Polaris as long as the current session is active within those 24
hours.
5. Click Disable SSO.
Rubrik Polaris removes the configured identity provider and its associated data from Rubrik Polaris.
Rubrik Polaris User Guide Disabling Single sign-on 47

Chapter 5
User Management
This chapter describes the Polaris User Management feature.

 User management overview ...................................................................................... 50
 Creating a role.......................................................................................................... 54
 Managing local users................................................................................................. 59
 Managing SSO groups ............................................................................................... 62
Rubrik Polaris User Guide User Management 49

User Management
User management overview

The Polaris User Management feature provides user management and access control for users.
Polaris offers role-based access control (RBAC) that restricts user access based on the role of
individual users within an organization. Based on the assigned user role, users have access rights
restricted to the information and resources that pertain to them. Instead of assigning permissions
to users directly, permissions are assigned to specific roles. Users assigned a role have the
permissions that are granted to that role.
Polaris provides RBAC that enables administrators to restrict access to authorized users and to
facilitate administration of users and permissions. Polaris grants subsets of Rubrik functionality or
customer infrastructure to specific roles. Role-based permissions control the ability to configure
different Rubrik cluster functionalities on Polaris.
Polaris user management also helps preserve organizational hierarchy and maintains default
security by limiting the functionalities of different accounts that the user can access. Role-based
access control user management restricts access to features and resources within a Rubrik cluster
to authorized users or groups.
Roles and permissions

Polaris grants permissions to users only if they are assigned the role with the associated
permissions. Role authorization restricts the roles that a given user can be assigned. Permission
authorization ensures that users can exercise only the permissions for which they are authorized.
A role is a list of permissions through which the same set of resources must be authorized or
revoked based on the permissions.
Table 6 describes roles and permissions and their correlations.
Table 6 Correlations between roles and permissions
Filter Description
Role • A role is a set of permissions.
• Local users can only have one role.
• SSO users can have several roles when they belong to different SSO groups.
• A role can have multiple permissions.
• Available role templates are Auditor, Help Desk, and Backup Administrator.
Permission • A permission is the rights to perform a certain operation or task.
• A permission can be assigned to many roles.
• An operation or task can be assigned to many objects or targets.
• A permission can be assigned to many operations or tasks.
Rubrik Polaris User Guide User management overview 50

User Management
Polaris offers a default Administrator role that has full access rights to all operations or tasks on
Polaris. Polaris creates this default role automatically for all existing and new accounts. Authorized
users can assign default roles directly to other users in the system. However, the default role
cannot be edited or deleted. The administrator retains full access to the Rubrik cluster even when
the Active Directory is unavailable.
Table 7 describes the full set of permissions available.
Table 7 Polaris role permissions
Task Description Permission
Dashboard • Enables users to view the dashboard. • View Dashboard – Enables users to view the
• When users only have the View dashboard.
Dashboard permission and does not
have access to the events tab, the
number of Events will not be available.
Cluster • Enables users to manage • Add cluster – Enables users to add a new
cluster-related permissions. cluster from the Clusters page. When
• Applies these permissions to some or selecting the Add cluster permission, also
all the existing clusters, or cluster that select the View Cluster permission to view the
is added for future use. newly added cluster.
• View cluster – Enables users to view the
Clusters page. Users with the View Cluster
permission and without the View Events
permission cannot view events on the
Clusters page.
Inventory • Enables users to manage and view • View – Enables users to view inventory details
inventory settings. page.
• Enables users to assign or remove • Manage – Enables users to edit inventory
SLA to protect objects. settings, add or remove objects from the
• Enables users to recover and restore. inventory page.
• Protect – Enables users to assign and remove
SLA Domain to an inventory item and take
on-demand snapshots.
• Recover – Enables users to perform
mounting, export, instant recovery, and
restore to an inventory item.
SLA • Enables users to view and manage • View SLA domains – Enables users to view
domains SLA domains. the SLA domain pages.
• Manage SLA domains – Enables users to
create, edit, or delete SLA domains.

User Management
Table 7 Polaris role permissions

Task Description Permission
Events • Enables users to manage permissions • View non-system events – Enables users to
on the Events page and different types view events related to configuration, backup,
of events. recovery, archival, and replication jobs that
• Polaris applies selected permission to are running in the system.
all non-system events for all objects, • View system events – Enables users to view
whether the user has access to the events that are related to hardware,
object. diagnostics, and system.
• View audit log – Enables users to view the
audit log.
• Cancel running job – Enables users to stop a
running Rubrik cluster job that can be
canceled either from the Rubrik cluster or the
Polaris Events tab.
Report • Enables users to manage • View report – Enables users to view all
Report-related permissions. reports.
• When users have the View permission • Modify report – Enables users to modify report
to Reports but do not have access to configurations. When selecting the Modify
the Events, the Events Report Report permission, also select the View
becomes unavailable to the users. Report permission.
• Create report – Enables users to create
reports on Polaris.
• Delete report – Enables users to delete
reports on Polaris.
System Enables users to manage permissions • View system preferences – Enables users to
preferences related to Polaris system preferences view System Preferences and User
menu. Management settings.
• Edit system preferences – Enables users to
edit System Preferences and User
Management settings. Users having this
permission can promote themselves to
Administrator.
To provide easier and customized role creation, Polaris supports role templates that contain a
pre-selected set of permissions associated to the specific role being created. Administrators can
add permissions to or remove particular permissions from the specific role while selecting the role
template. Authorized users can create a new role by copying permissions from a role template.
Role templates cannot be edited, deleted, or assigned directly to users as roles.

User Management
Authorization
When a user is assigned a role, the user is explicitly authorized to perform actions on the specific
resources. When a resource contains other resources, the user is implicitly granted authorization
on all the descendant objects. Similarly, granting an authorization to an SSO group grants an
implicit authorization to all SSO users within that group.
Managing users
Polaris manages different types of users, as describes in Table 8.
Table 8 Polaris RBAC users
User type Description
Account owner • Owns the Polaris account.
• Has full permissions to all objects in the account.
• Is the sole owner of a Polaris account.
• Can transfer ownership to local users only.
• Cannot be deleted, deactivated, nor assigned another role by an account
administrator.
Local users • Are created and managed on Polaris.
• Have accounts in the local directory on the Rubrik cluster.
• Log in to Polaris with their local account credentials.
• Can only have one role.
SSO users • Are authenticated by a SAML identity provider.
• Are managed as an SSO group.
• Log in to Polaris through single sign-on.
SSO users
SSO users log in through single sign-on. When authenticated by the SAML identity provider, the
SSO user identity is established and their identity information is being shared to Polaris. Polaris
then manages SSO users as an SSO group. SSO user information is not stored on Polaris. Polaris
creates a mapping between the users or groups as defined in the customer database and as
defined by the customer SAML identity provider.
Polaris grants permissions to SSO users based on the role assigned through the IdP group they
belong to. The group-role mapping ensures that once the SSO users log in to Polaris as the
members of a specific IdP group, they are assigned the specific role assigned to the IdP group.
SSO users can log in to Polaris regardless of the SSO groups they belong to. Polaris restricts role
assignment and user deactivation of SSO users.

User Management
Creating a role
Create a role with a role template that contains a pre-selected set of permissions. Or, create a role
by selecting individual permission from the full list of permissions, as described in Table 7.
Creating a role with a role template

Create a role from a role template.
Role templates provide a pre-selected set of permissions that enable quick and simple creation of
roles.
Add or remove permissions from the role template for specific use cases.
3. Click User Management.
The User management page appears, with the Users tab selected.
4. Click Roles.
The Roles page appears.
5. Click Add in the upper-right corner.
6. Select Create role from the drop-down.
The Name role page appears.
7. Click Create with a template.
8. Select a role template from the drop-down.
9. Type a Role name.
10.(Optional) Type a Role description.
11.Click Next.
The Set Permissions page appears.
12.Accept the pre-selected permissions associated to the role created by this role template.
13.(Optional) Select more or clear some permissions.
Rubrik Polaris User Guide Creating a role 54

User Management
14.(Optional) Click Change to change the cluster permissions as described in “Creating a role
without a role template”.
15.(Optional) Click Change to change the inventory permissions as descried in “Changing
inventory permissions”.
16.Click Save.
Polaris creates the new role and returns to the Roles page.
Creating a role without a role template

Create a role by selecting individual permission from the full list of permissions.
The User Management page appears, with the Users tab selected.
4. Click Roles.
5. Click Add.
6. Select Create role from the drop-down.
The Name Role page appears.
7. Click Create without a template.
8. Type a Role name.
9. (Optional) Type a Role description.
10.Click Next.
The Set permissions page appears.
11.Select the permissions.

User Management
13.(Optional) Click Change to change the inventory permissions as descried in “Changing
14.Click Save.
Polaris creates the new role and refreshes the roles details page.
Changing cluster permissions

Modify cluster permissions to specific, all current, and future clusters.
1. Follow the steps in either “Creating a role with a role template” or “Creating a role without a
role template” to create the role.
2. Select the role to change cluster permissions and click Next.
3. In the Set permissions page, click Change to change the cluster permissions.
The Select specific clusters page appears.
By default, All current and future clusters is selected.
4. To grant cluster permissions to a specific cluster, clear Select all clusters (include future
added clusters).
5. Select the specific cluster from the list.
6. Click Save.
The Create a new role page appears.
7. Click Save.
Polaris saves the changes to the cluster permissions.
Changing inventory permissions

Modify inventory permissions to specific, all current, and future inventory types.
1. Follow the steps in either “Creating a role with a role template” or “Creating a role without a
role template” to create the role.
2. Select the role to change inventory permissions and click Next.
3. In the Set permissions page, click Change to change the inventory permissions.
The Inventory permission page appears.
4. To grant inventory permissions to all inventory types, select Select all inventory objects
(current and future).

User Management
Note: To view events and reports of all inventories and clusters, select Select all inventory
objects (current and future).
5. (Optional) To grant inventory permissions to a subset of specific inventory types, select the
inventory type. By default, all objects in the inventory type are selected.
6. (Optional) To select specific objects in the inventory type, click change in the specific
inventory type card.
The list of objects appears.
7. Select the objects.
8. Click Save.
The Change inventory selection page appears.
9. Click Save.
Polaris saves the changes to the inventory permissions.
Editing a role
Add additional permissions to or remove particular permissions from the role.
4. Click Roles.
5. Select a role.
The role details page appears.
6. Click Edit.
The Edit an existing role page appears.
7. (Optional) Edit the Role Name.
8. (Optional) Edit the Role description.
Rubrik Polaris User Guide Editing a role 57

User Management
9. Click Next.
The Set permissions page appears.
10.(Optional) Modify the permissions.
(Optional) Click Change to change the inventory permissions as described in “Changing
12.Click Save.
Polaris makes changes to the role and refreshes the roles details page.
Deleting a role
Remove a role from Polaris.
Users can no longer be assigned the set of permissions defined by that role.
Before deleting a role from Polaris, remove the role from users that are assigned to that role.
Otherwise, Polaris displays a warning when attempting to delete a role that is currently assigned
to any users.
4. Click Roles.
5. Select a role.
The role details page appears.
6. Click Delete.
7. When prompted, click Delete to confirm the role deletion.
Polaris removes the role and refreshes the roles details page.
Rubrik Polaris User Guide Deleting a role 58

User Management
Managing local users

Add local users to Polaris and assign roles to local users to authorize them to access protected
resources.
From the User Management page, add, assign a new role to, or deactivate local users.
Adding a local user

Creates local users and grants them access to Polaris.
4. Click Add.
5. Select Add local user from the drop-down.
The Add local user page appears.
6. Type a user email in Email.
7. Select one or more Role from the Roles menu.
8. Click Add.
Polaris creates the local user account and sends an invitation email to invite the users to complete
the account creation and reset the account password.
Assigning new roles to a local user

Polaris assigns roles to a local user and grants the user access to the protected resources
associated with the role.
4. Select a user or multiple users from the list.
Rubrik Polaris User Guide Managing local users 59

User Management
5. Click Edit role assignment from the bottom-right menu.

The Assign a new role page appears.
7. Click Assign.
8. When prompted to confirm the role assignment, click Assign.
Polaris assigns the new role to the user and grants the user access to the protected resources
associated with this new role.
Changing role assignment for a local user

Change the role assigned to local users.
The Edit role assignment menu appears.
6. Click Select new roles to replace with to replace the existing roles assigned.
This option replaces all existing assigned roles with the new roles. Select both new roles and
any existing roles before updating the role assignment.
7. (Optional) Click Select roles to add to add one or more new roles to the existing role
assignment.
This option adds new roles to the existing role assignment without replacing the current roles.
8. In Role, select one or more roles.
9. Click Update.
Polaris replaces the user original role or adds new roles to the current role assignment. Polaris
grants the user access to the protected resources associated with the new roles.
Polaris either replaces original roles or adds new roles to the current role assignment.

User Management
Deleting users
Remove local or SSO users from Polaris.
For local users, Polaris removes all data associated with the deleted local users.
For SSO users, Polaris only removes the SSO users locally. Deleted SSO users can still log in to
Polaris. To deny access of deleted SSO users to Polaris after they are being deleted, disable them
on the identity provider.
Users cannot delete the user with the account owner permission nor their own user account.
4. Select one or more users to delete.
5. Click Delete from the bottom-right menu.
The confirmation prompt appears.
6. Click Delete.
Polaris removes the user and user-related data from the database and stores the user audit log.
Changing account ownership

The initial Polaris user can transfer account ownership to another local user. Only the current
account owner can transfer the ownership to another user.
4. Select the user to assume the ownership of the account.
5. Click Make owner from the bottom-right menu.
The confirmation prompt appears.
6. Click Make owner to confirm the change of ownership.

User Management
Polaris transfers the account ownership to the selected user. The original owner reverts to an
administrator role.
Deactivating a local user

Polaris deactivates a local user from Polaris.
Deactivated users lose access to the protected resources associated with their assigned role.
5. Click Deactivate from the bottom-right menu.
The Deactivate prompt appears.
6. Click Deactivate to confirm the deactivation.
Polaris deactivates the local user from Polaris and prohibits the local user from accessing any
protected resources assigned to the role.
Managing SSO groups

Polaris grants permissions to SSO users based on the role assigned through the IdP groups to
which they belong.
Authorizing an SSO group

Polaris creates an SSO group and grants permissions to SSO users that belong to this SSO group.
Polaris automatically grants the SSO user the SSO group role the next time the SSO user signs in.
4. Click Add, and select Authorize SSO group from the drop-down.
Rubrik Polaris User Guide Managing SSO groups 62

User Management
The Authorize SSO group page appears.

5. Type an SSO group name.
Use the same SSO group name as it appears in the SAML identity provider.
7. Click Add.
Polaris creates the SSO group with the assigned roles.
Assigning new roles to an SSO group

Assign new roles to replace the initial role of an SSO group.
4. Select the SSO groups tab.
5. Select an SSO group.
6. Click Edit role assignment.
The Authorize SSO group page appears.
8. (Optional) Click Select roles to add to add one or more new roles to the existing role
assignment.
9. Select one or more new roles from the menu.
10.Click Update.
Polaris assigns the new role to the SSO group.

User Management
Changing role assignment for SSO groups

Change or add roles for SSO groups.
The SSO group list appears.
5. Select one or more SSO groups from the list.
The Edit role assignment menu appears.
8. (Optional) Click Select roles to add.
9. In Roles, select the roles to replace the original roles or add new roles.
10.Click Update.
Polaris either replaces original roles or adds new roles to the current role assignment.
Removing a role from an SSO group

From the SSO group page, remove a role from an SSO group.
When Polaris removes a role from an SSO group, the SSO users of that group lose this role. Since
the SSO users of an SSO group inherit the role from the group, removing the role from the SSO
group also removes the role from the SSO users.

User Management
5. Select an SSO group.
6. Click Remove role.
Polaris removes the role from the SSO group associated to the Polaris account. The SSO group will
be removed from the list.

Chapter 6
Dashboard
This chapter describes the Dashboard in Polaris.

 Dashboard overview ................................................................................................. 66
 Viewing dashboard information.................................................................................. 66
 Viewing events information ....................................................................................... 67
 Viewing compliance information................................................................................. 68
 Viewing protection information .................................................................................. 69
 Viewing global map information ................................................................................. 69
Rubrik Polaris User Guide Dashboard 65

Dashboard
Dashboard overview
The Dashboard provides information about the current state of the Rubrik clusters connected to
Polaris.
The Dashboard is an aggregated view of all events and compliances across all Rubrik clusters in
their respective regions. The dashboard provides aggregated Events, Compliance Overview,
Protection Overview, and global map information of all connected Rubrik clusters associated with
the authenticated user.
Users can apply dynamic filters to the dashboard.
The Dashboard shows all setup events aggregated over a configurable time range.
Polaris web UI regularly refreshes the information that appears in the dashboard. Polaris refreshes
event data every five minutes, Rubrik cluster and SLA domain data every 15 minutes, and global
object data every four hours.
Viewing dashboard information

Rubrik Polaris provides a comprehensive summary of all events and SLA protection compliance of
all the Rubrik clusters connected to Polaris.
Access the Dashboard to view information about the current state of the Rubrik clusters connected
to Polaris.
2. Click the Rubrik snowflake in the upper-left corner.
The Dashboard appears, as shown in Figure 2.
Rubrik Polaris User Guide Dashboard overview 66

Dashboard
Figure 2 Polaris Dashboard page
Viewing events information

Polaris provides information of events aggregated over the last 24 hours or last 7 days.
Access the Events to view information of aggregated events over the specified time.
Table 9 describes the information Polaris provides on the Events summary.
Rubrik Polaris User Guide Viewing dashboard information 67

Dashboard
Table 9 Event information

Information type Description
Time Displays one of the following time ranges for the displayed events aggregated over
the specified time.
• in the last 24 hours
• in the last 7 days
Critical system Displays the combined total number of hardware events and diagnostic events that
events have a severity of “critical”.
Events Displays the following event information.
• Replication events completed out of the total number of replication events and
the increase or decrease in percentage of completed events.
• Backup events completed out of the total number of completed events and the
increase or decrease in percentage of backup events.
• Archive events completed out of the total number of archive events and the
increase or decrease in percentage of archive events.
• Anomaly events detected over the specified time.

The Dashboard appears.
3. Click an event to view.
The Events page appears.
4. (Optional) Select filters to apply to the Events page.
Polaris populates the Events page with the aggregate values based on the selected filter.
Viewing compliance information

The Compliance Overview provides information about compliance status at a specified point in
time and over a specified time period. Polaris organizes the information according to Rubrik cluster
type and application type for all connected Rubrik clusters.
The Compliance Overview displays the total number of data objects that are in compliance or out
of compliance for the set time range.
3. Click within the Compliance Overview section.
The Compliance Report appears.

Dashboard
4. (Optional) Select filters to apply to the Compliance Report page.

Polaris populates the Compliance Report page with the aggregate values based on the selected
filter.
Viewing protection information

The Protection Overview provides information about protection status of applications and objects
and backup and replication events on all connected Rubrik clusters for the specified time range.
The dashboard appears.
3. Click within the Protection Overview section.
The Protection Report appears.
4. (Optional) Select filters to apply to the Protection Report page.
Polaris populates the Protection Report page with the aggregate values based on the selected
filter.
Viewing global map information

Polaris provides a location-specific display of all connected Rubrik clusters.
The global map displays granular metrics for all connected Rubrik clusters by site aggregated over
the last 24 hours or last 7 days. It also displays a static view of Snapshot Overview, Capacity, and
System information.
3. Click the + or - sign to zoom in or out of the global map.
4. Click on a connected Rubrik cluster on the global map.
The summary of the selected Rubrik cluster appears to show the Rubrik cluster name, Rubrik
cluster type, number of failure events, and available capacity.
5. Click on the name of the selected Rubrik cluster.
The Cluster details page appears.
6. (Optional) Click within the Events section.
The Events page of the selected Rubrik cluster appears.

Dashboard
7. (Optional) Click within the Compliance section.

The Compliance Report of the selected Rubrik cluster appears.
8. (Optional) Click within the Protection section.
The Protection Report of the selected Rubrik cluster appears.

Chapter 7
Clusters
This chapter describes how to use the Polaris Clusters feature.

 Clusters overview ..................................................................................................... 72
 Viewing information on a Rubrik cluster page ............................................................. 72
 Viewing information on a Rubrik cluster details page ................................................... 72
 Adding a Rubrik cluster to Polaris............................................................................... 74
 Visiting a Rubrik cluster............................................................................................. 74
Rubrik Polaris User Guide Clusters 71

Clusters
Clusters overview
The Polaris Clusters feature presents a list of all Rubrik clusters connected to Polaris.
As a global management interface, Polaris adds and manages Rubrik clusters.
Viewing information on a Rubrik cluster page

Polaris displays an aggregate view of all connected Rubrik clusters on the Clusters page.
For each Rubrik cluster, Polaris displays the Rubrik cluster name, appliance type, number of
protected objects, available capacity, and Events highlights.
Polaris displays different status of connected clusters as follows:
 A connected cluster appears black.
 A connected cluster in a synchronization state displays a Syncing progress bar.
When in this state, Polaris performs an initial synchronization between Polaris and the
connected cluster. This initial synchronization stops when the first Events and Reports data has
been synchronized between Polaris and the connected cluster.
 A disconnected cluster becomes unavailable when Polaris cannot reach the cluster.
3. Click a Rubrik cluster.
The Cluster Details page appears.
Viewing information on a Rubrik cluster details page

Polaris displays the cluster name, type, and version. It also provides a high-level metrics on
Events, Compliance, Protection, Snapshot Overview, Capacity, and System.
Polaris dynamically links and displays the detailed Events, Compliance, and Protection reports
when users click on the desired section.
Polaris displays a static view of Snapshot Overview, Capacity, and System.
Rubrik Polaris User Guide Clusters overview 72

Clusters
3. (Optional) Click a Rubrik cluster.

The Clusters Details page appears showing cluster-specific details, as described in Table 10.
Table 10 Cluster details page
Metric Description
Events Displays the system status and the number of failed events aggregated over
the selected time range.
• Critical system events
• Replication events failed
• Backup events failed
• Archive events failed
Compliance Displays the total number of objects, number of compliant objects and
number of non-compliant objects.
Protection Displays the total number of objects, number of protected objects and
number of do-not-protect objects.
Snapshot Overview Displays the number of total snapshots, the data reduction ratio, the size of
archive data in TB, and the size of replication data in TB.
Capacity Displays the total, available, and used capacity.
Used capacity includes the capacity used for system, live mount, and
snapshots.
Systems Displays the number of nodes, SSD, and HDD.
4. (Optional) Click an event.

(When the Events page appears) Select filters to apply to the Events page.
5. (Optional) Click within the Compliance section.
The Compliance Report appears.
6. (When the Compliance Report appears) Select filters to apply to the Compliance Report page.
Polaris populates the Compliance Report page with the aggregate values based on the selected
filter.
7. (Optional) Click within the Protection Overview section.
The Protection Report appears.
8. (When the Protection Report appears) Select filters to apply to the Protection Report page.
Polaris populates the Protection Report page with the aggregate values based on the selected
filter.
Rubrik Polaris User Guide Clusters overview 73

Clusters
Adding a Rubrik cluster to Polaris

Rubrik Polaris manages and analyzes data that resides on all Rubrik clusters connected to Polaris.
Add Rubrik clusters to Polaris using an authenticated and secure connection to ensure the
communication between the Rubrik clusters with Polaris is secure.
“Adding a Rubrik cluster to your Polaris domain” on page 24 describes how to add a Rubrik cluster
to Polaris.
Visiting a Rubrik cluster

Polaris allows easy and direct access to connected Rubrik clusters from the Polaris UI Clusters
page.
Polaris takes users directly to the configuration details on the Rubrik cluster setup.
3. Select a Rubrik cluster.
4. Click Visit cluster.
Polaris opens a secure connection to the connected Rubrik cluster. Polaris redirects the
connection to the IP address of the connected Rubrik cluster.
Rubrik Polaris User Guide Adding a Rubrik cluster to Polaris 74

Chapter 8
Events
This chapter describes the Polaris Events feature.

 Events overview ....................................................................................................... 76
 Events page ............................................................................................................. 76
 Viewing events information ....................................................................................... 77
 Viewing audit log information .................................................................................... 79
 Searching an event ................................................................................................... 80
 Canceling an event ................................................................................................... 80
Rubrik Polaris User Guide Events 75

Events
Events overview
The Polaris Events feature identifies, isolates, and prioritizes incidents with a unified view of global
Rubrik events.
The Events feature enables users to find point-in-time events with easy-to-use filters and real-time
search.
The Events tab shows information on system events by event types and object types.
The Audit log tab shows log messages for system events on the connected Rubrik clusters and for
the Polaris domain.
Events page
The Events page displays the events of all connected Rubrik clusters in the local time zone.
Polaris tracks, monitors, and displays all events of all connected Rubrik clusters when no filter is
applied.
Change filters to dynamically change the Events page view.
Polaris displays all possible values for a filter category.
Table 11 describes the available filters and values.
Table 11 Event filters (page 1 of 2)
Filter Description
Time range Displays events aggregated over the specified time.
• Past 24 hours
• Past 7 days
• Past 30 days
Clusters Displays events on Rubrik clusters connected to Polaris or Polaris native events.
Severity Displays the severity of the events.
• Critical - System event that requires attention, such as failed backup, archival, as well as
replication.
• Warning - System event finished with a warning, such as backup, archival, or recovery.
• Informational - System event for information only.
Status Displays events based on the status of the event.
• Failure
• Running
• Completed
• Canceled
• Queued
Rubrik Polaris User Guide Events overview 76

Events
Table 11 Event filters (page 2 of 2)

Filter Description
Event Type Displays events based on the specified type.
• Backup
• Replication
• Archive
• Hardware
• Recovery
• Instantiate
• Diagnostic
• Configuration
• System
• Maintenance
• Anomaly
• Failover
• Others
Object Types Displays events of the specified object types respective to the connected Rubrik clusters on
Polaris, such as virtual machines, servers and applications.
Viewing events information

Polaris displays the Events page in three ways.
Polaris can display the Events page from the Dashboard, Events tab or Clusters tab.
Viewing the Events page from the Dashboard

View the Events page from the Dashboard for a global view of the events of the Rubrik clusters
connected to Polaris.
3. Click on any of the aggregated event numbers in the Events section.
The Events page appears.This page displays the object, severity, event status, event type, and
the last update for events of the Rubrik clusters connected to Polaris.
4. Click an event.
The Events series card appears.
Rubrik Polaris User Guide Viewing events information 77

Events
This page displays the series of events associated with the top-level event, such as cluster
name, object type, event type, duration of the event, start time of the event, and the details of
each event within the event timeline.
Viewing the Events page from the Events tab

View the Events page from the Events tab for a global view of the events of the Rubrik clusters
2. Click Events in the navigation bar.
3. Click an event.
The Events series page appears.
Viewing the Events page from the Clusters tab

View the Events page from the Clusters tab to get a global view of all events of the selected Rubrik
cluster connected to Polaris.
Polaris displays a static view of Snapshot Overview, Capacity, and System.
3. On a Rubrik cluster, click within the Events section.
The selected Cluster page appears.
4. Click within the Events section.
The cluster Events page appears.
Rubrik Polaris User Guide Viewing events information 78

Events
5. Click an event.
This page displays the series of events associated to the top-level event, such as cluster name,
object type, event type, duration of the event, start time of the event, and the details of each
event within the event timeline.
6. (Optional) Apply filters to view the Events page with the aggregate values based on the
selected filter.
Viewing audit log information

Polaris displays the Audit log page and lists user-initiated events by user names.
The Audit log tab captures information on user-initiated events from all connected Rubrik clusters
and user events of users logged in to Polaris.
2. On the top menu, click Events.
3. Click Audit log.
The Audit log page appears.
4. (Optional) Select filters to apply to the Audit log page.
Polaris populates the Audit log page with the aggregate values based on the selected filter.
Table 12 Audit log filters
Filter Description
Time range Displays a sequential view of the events that occur during the
selected period.
• Past 24 hours
• Past 7 days
• Past 30 days
Clusters Lists all connected Rubrik clusters. Selecting a value changes the
display to only show audit log messages for the selected Rubrik
cluster.
Status Displays events with the selected status. Clear selection to see all
events.
• Failure
• Completed
Rubrik Polaris User Guide Viewing audit log information 79

Events
Searching an event
Polaris searches a specific event by object name.
Enter a search string in the Search object name field to display a list of objects that match the
search string.
Polaris begins a predictive search and updates the results as letters are typed in. The search
matches the characters entered in the search field with the same sequence of characters
anywhere in an object name.
Canceling an event
Cancel Rubrik cluster events from the Events tab or from the Rubrik cluster.
4. Click an event.
5. Click Cancel job.
Polaris cancels the running event.
Rubrik Polaris User Guide Searching an event 80

Chapter 9
Reporting
This chapter describes how to use the Polaris Reporting feature.

 Reporting overview ................................................................................................... 82
 Customizing a report................................................................................................. 89
 Displaying a report.................................................................................................... 90
 Editing a report ........................................................................................................ 90
 Downloading a report................................................................................................ 91
 Deleting a report ...................................................................................................... 91
 Creating a report schedule ........................................................................................ 92
 Editing a report schedule........................................................................................... 93
 Deleting a report schedule......................................................................................... 94
Rubrik Polaris User Guide Reporting 81

Reporting
Reporting overview
Polaris reporting feature provides customizable reports about application data protection and
Polaris underlying infrastructure.
Rubrik Polaris offers a comprehensive view of physical, virtual, and cloud topologies. The
Reporting feature enables users to create views of the most commonly used system metrics. Use
the data gathered in the reports to perform audits and data management planning.
Types of reports
For each report category, Polaris provides a report template as a default report. Polaris also
provides preconfigured reports for each report category.
Default reports have no filters or groupings. Use default reports as basic templates and modify
them to create new reports.
Preconfigured reports use commonly applied filters and groupings. Modify or remove these
reports, as needed.
Depending on the reporting needs, the Polaris reporting feature also supports extensive
customization to the graphs displayed, as well as custom filters.
Table 13 describes the template reports.
Table 13 Template reports (page 1 of 3)
Report Type Description
Infrastructure report Displays infrastructure-related attributes:
• Cluster name
• Cluster type
• Location
• Node count
• Capacity
• Used capacity per Rubrik cluster
• Available capacity % per Rubrik cluster
• Estimated Runway
• Encryption Enabled (or not) for the Rubrik cluster
Rubrik Polaris User Guide Reporting overview 82

Reporting

Object Capacity report Displays the over time or point-in-time (PIT) information on the amount of
application data:
• Object name
• Object type
• Logical size
• Physical size
• Bytes transferred
• Data reduction
• Archive storage
• Replica storage
• Cluster name
• Location
Compliance report Displays the over time and PIT compliance status of protected objects by
Rubrik cluster types and applications:
• Object name
• Object type
• Compliance status
• Local snapshots
• Replica snapshots
• Archive snapshots
• Total snapshots
• Missed snapshots
• Last snapshot
• Cluster name
Protection report Displays the over time protection status of applications and objects with
properties:
• Object name
• Object type
• SLA Domain status
• Protection Status
• Last snapshot
• Cluster name
• Location

Reporting

Event report Displays the status of specific event or event associated with a specific object:
• Event type
• Status
• Object name
• Object type
• Start time
• Last updated
• Cluster name
• Location
Anomaly report Displays the over time or PIT information on the amount of application data:
• Snappable name
• Object type
• Snapshot date
• Number of bytes changed
• Is anamoly
• Number of files added
• Number of files removed
• Number of files modified
Failover report Displays the over time or PIT information on the amount of application data:
• Blueprint name
• Source
• Target site
• Start time
• End time
• Failover status
• Duration
• Failover type
• Last test time
• Last test status
Report filters
Global filters apply to the entire report, including the table and charts.
Only filters applicable to the chart type are applied.
Polaris displays all possible values for a filter category.
Select a filter from the Filters sidebar, the following global filters are available:

Reporting

Table 14 Report filters (page 1 of 2)
Filter Description
Time range Sets one of the following time ranges for the report:
• Past 24 hours
• Past 7 days
• Past 30 days
• Past 12 months
Clusters Displays the Rubrik clusters connected to Polaris. Multi-selection is supported.
Object Types Displays the object types respective to the connected Rubrik clusters on
Polaris. Multi-selection is supported. The filter supports the following object
types:
• Virtual machines: vSphere VM, Hyper-V VM, and AHV VM
• Servers and applications: Office 365 Mailbox, Linux Host, Windows Fileset,
NAS Fileset, SQL Server DB, Managed Volume, Oracle DB, Windows
Volume, EC2 instance, and vCD vApp.
• Others
Cluster type The filter supports the following Rubrik cluster types:
• Appliance (Rubrik cluster appliance)
• Virtual cluster (Rubrik Edge and Rubrik Air)
• Cloud cluster (Rubrik CDM on AWS and Rubrik CDM on Azure).
This filter supports multi-selection.
Event type This filter supports the following types:
• Backup
• Replication
• Archive
• Recovery
• Hardware
• Instantiate
• Diagnostic
• Configuration
• System
• Maintenance
• Anomaly
• Failover
• Others
This filter is only applicable to Event report.

Reporting
Table 14 Report filters (page 2 of 2)

Filter Description
Status This filter supports the following statuses:
• Completed
• Running
• Failure
• Canceled
• Queued
This filter is only applicable to Event report.
Failover type This filter supports the following types:
• Failover
• Test failover
This filter is only applicable to Failover report.
Failover status This filter supports the following statuses:
• Failover succeeded
• Failover failed
• Test failover succeeded
• Test failover failed
• Ongoing
• Paused
Source site The location where the Blueprint fails over from.
Target site The location where the Blueprint fails over to.

Reporting
Groupings
Apply groupings to a report to view aggregate values for the selected groups.
Table 15 summarizes groupings by Rubrik clusters and the corresponding default report actions.
Table 15 Groupings by Rubrik clusters and corresponding reports
Grouping Description
Cluster • Infrastructure: Not applicable
• Compliance: Number of objects compliant and non-compliant per Rubrik
cluster name
• Protection: Number of objects protected, unprotected, do-not-protect per
Rubrik cluster name
• Capacity: Capacity used per Rubrik cluster name
• Number of events per Rubrik cluster name
Table 16 summarizes groupings by Rubrik cluster types and the corresponding default report
actions.
Table 16 Groupings by cluster types and corresponding reports
Cluster type • Infrastructure: Number of Rubrik clusters per cluster type
• Compliance: Number of objects compliant and non-compliant per cluster
type
cluster type
• Capacity: Capacity used per cluster type
• Event: Number of events per cluster type
Table 17 summarizes groupings by object types and the corresponding report actions.
Table 17 Groupings by object types and corresponding reports
Object type • Infrastructure: Not applicable
• Compliance: Number of objects compliant and non-compliant per object
type
object type
• Capacity: Capacity used per object type
• Event: Number of events per object type

Reporting
Table 18 summarizes groupings by event and the corresponding default report actions.
Table 18 Groupings by event and corresponding reports
Events • Infrastructure: Not applicable
• Compliance: Not applicable
• Protection: Not applicable
• Capacity: Not applicable
• Event: Number of events per event type
Table 19 summarizes groupings by time and the corresponding default report actions.
Table 19 Groupings by time and corresponding reports
Time Number or sum of column values based on time.
Time granularity for charts is fixed or inferred by Polaris based on the
selected time range.
Limitations
Polaris reporting has the following limitations:
 Polaris only manages reports for Rubrik clusters with access to Polaris.
 Polaris synchronizes most data with connected Rubrik clusters in real time. Report
synchronization between Rubrik clusters and Polaris can take a few hours.
 For reporting purposes, Polaris retains metadata from the data synchronization instance with
Rubrik clusters.
Report customization
Report customizations are available to allow better reporting experience.
Polaris changes chart data, such as compliance, protection, infrastructure, and event by
customizing reports.
Change filters or groupings to customize default, preconfigured, or previously customized reports.

Reporting
Polaris provides the following report customizations:

 Customize charts and tables with pre-defined groups (such as Cluster Type, Cluster, Object
Type, and Time). Groupings vary based on the report type.
 Apply and save filters (such as Time range, Clusters, Object Type).
 Convert charts/tables into time-based or PIT-based format, with the exception of the
Infrastructure report/chart.
Polaris manages reports based on account-level permissions.
Creation, deletion or edition of reports in a given account impacts users within the same account.
Customizing a report
Polaris provides report customizations for each of the default report types.
You can customize any of the Polaris report types: default reports, preconfigured reports, and
previously customized reports.
2. Click Reports in the navigation bar.
The Reports page appears.
3. Click Create.
4. When prompted to choose a template, select a template.
The report creation page appears.
5. Enter or edit the name of the report.
Use a report name that is unique.
6. Depending on the type of report selected, select an available filter.
7. (Optional) Edit the selected filter.
Rubrik Polaris User Guide Customizing a report 89

Reporting
8. Select a Group By parameter on the top right corner of the table.

Polaris populates the table with the aggregate values based on a group.
(Optional) Edit the selected Group By parameter.
9. Click Create.
The Reports page appears, showing the newly created report.
Displaying a report
View Polaris reports from the different report types available.
3. Click a report type.
A list of all available reports of that type appears.
4. Click the name of a report.
The selected report appears.
Editing a report
Edit a default report, preconfigured report, or an existing report for Polaris.
4. Click and edit the name of a report.
The selected report page appears.
5. (Optional) Click and edit the name of the report.
6. (Optional) Modify any filters.
Rubrik Polaris User Guide Displaying a report 90

Reporting
7. (Optional) To make changes to a schedule, click the ellipsis on the top bar of the Polaris web
UI, and click Schedule.
The Schedule pane appears.
Follow step 7 to 8 as described in “Editing a report schedule”.
8. Click Save in the upper-right corner.
If there is no schedule configured, the Reports page refreshes.
If there is a configured schedule, a prompt appears to confirm if the schedule changes should
be saved to the report.
Downloading a report
Download reports from Polaris for monitoring or audit purposes.
5. Click the ellipsis on the top bar of the Polaris UI.
6. (Optional) Click Download CSV.
7. (Optional) Click Download PDF.
The report is downloaded from the browser.
Deleting a report
Since Polaris reports are managed based on account-level permissions, deleting a report from a
given account impacts users within the same account.
1. Log in to the Polaris UI.
Rubrik Polaris User Guide Downloading a report 91

Reporting

6. Click Delete.
7. When prompted to confirm the deletion, click Yes.
Creating a report schedule

Create a report schedule to configure when Polaris captures report information.
Polaris uses the local time zone when creating report schedules. The events captured in the
scheduled report email are in the Coordinated Universal Time (UTC) time zone.
Polaris sends an HTML email containing the scheduled report. Polaris provides all data from the
report table in an attached CSV file.
The list of email addresses includes all addresses that are registered for the current Polaris
domain. Polaris sends scheduled reports to the selected email address. To stop receiving the
scheduled report email on a particular email account, hover over the email address, and click
Remove user. The default creator of the Polaris domain cannot be removed.
5. Click the ellipsis on the top bar of the Polaris web UI.
6. Click Add schedule.
The New schedule pane appears.
7. In Schedule name, type a name for the schedule.
8. On the email frequency drop-down menu, select a period.
Rubrik Polaris User Guide Creating a report schedule 92

Reporting
9. (For Daily) Select a time of the day.

Polaris sends an email on the selected time of the day.
10.(For Weekly) Select the day of the week and the time of the selected day.
Polaris sends an email on the selected day of the week at the selected time.
11.(For Monthly) Select the day of the month and the time of the selected day.
Polaris sends an email on the selected day of the month at the selected time.
12.To add an email recipient, click Add user and select an email address from the drop-down
menu.
A confirmation message appears once the email address is successfully added as the recipient.
13.Click Add.
A confirmation notification appears.
Polaris creates and stores the schedule information for the scheduled report email.
Editing a report schedule

Modify an existing report schedule to change the name of the report schedule, subscription
frequency and time, and the email recipient.
6. Click Schedules.
The Schedules pane appears.
7. Hover over the schedule you want to edit.
8. Click the edit icon to make changes to the selected report.
The Editing pane appears.
9. Make changes to any of the fields, as needed.
Rubrik Polaris User Guide Editing a report schedule 93

Reporting
10.To stop receiving the scheduled report email on a particular email account, hover over the
email address, click Remove user.
The default creator of the Polaris domain cannot be removed.
11.Click Update.
Polaris updates and stores the edited report schedule.
Deleting a report schedule

Delete a report schedule to stop Polaris from sending that report.
6. Click Schedules.
7. Hover over the schedule you want to delete.
8. Click the trash can icon to delete the selected report.
Polaris deletes the report scheduling information.
Rubrik Polaris User Guide Deleting a report schedule 94

Chapter 10
Polaris Radar
This chapter describes how to configure and use the Polaris Radar feature.
 Polaris Radar overview .............................................................................................. 96
 Configuring Radar..................................................................................................... 98
 Viewing details of an anomaly event .......................................................................... 99
 Anomaly incident .................................................................................................... 103
 Recovering a snapshot ............................................................................................ 104
 Obtaining Rubrik Backup Service connector .............................................................. 105
 Using guest OS credentials ...................................................................................... 106
 Managing anomaly reports ...................................................................................... 108
Rubrik Polaris User Guide Polaris Radar 95

Polaris Radar
Polaris Radar overview

Polaris Radar provides anomaly detection and data recovery services on protected resources, such
as VMware virtual machines, NAS, Linux, and Windows.
Radar identifies and analyzes anomaly events that can indicate a ransomware attack has taken
place, and it provides a way to recover non-infected files directly through the Polaris UI. Radar fits
into an existing security stack and provides an additional layer of protection.
For each protected resource, Radar captures the changes in file system behavior and file content
behavior that occur between snapshots. Radar analyzes this information and provides a view of
the changed behavior and changed content over time, whether an incident has occurred.
From the Polaris web UI, users can enable and disable Radar events (anomaly detection events).
When events are enabled, Radar sends an alert email when an anomaly is detected, the alert
email contains a link to the Polaris web UI, where users can perform further investigation and,
when necessary, recover files. Users can select the snapshot to be analyzed, the files or folders to
be recovered, and the recovery destination. During recovery, users only need to restore the
affected data; there is no need to scan and analyze the entire data set.
When users click on an event, they can view the timeline of snapshots that were taken for a time
range, examine the file system of a series of snapshots, and determine approximately when the
ransomware attack occurred. From there, users can select the snapshot with the latest clean
version of the infected files and use it as the starting point for file recovery. Users can even choose
to do an “inplace recovery” and use the latest infected snapshot as the recovery destination.
Behavioral model
Radar uses machine learning techniques to build behavioral models that define normal baseline
behavior.
With the baseline established, the model examines a range of file system behavioral statistics to
check for anomalies. These statistics correspond to file system usage patterns. The model learns
to detect anomalies like ransomware by examining the usage patterns surfaced by Radar.
Moreover, the accuracy of the model improves over time as Radar observes more data.
For each snapshot, Radar records how many files were added, deleted, and modified since the
previous snapshot. Radar analyzes this type of file system behavior as the method of detecting
anomalous behavior. For example, when many files are added and deleted unexpectedly, this can
indicate that a ransomware attack has replaced important files with encrypted versions.
Radar also computes the amount of entropy in files to determine the level of encryption in a file
system. Entropy is a measure of the randomness of the bytes in a file. An increase in entropy can
signal the possibility that a ransomware attack has encrypted the file. When encryption occurs,
bytes in a file becomes highly random. A large number of files that have an increased level of
randomness when compared to previous versions of those files can be a strong indication of a
ransomware attack.
Rubrik Polaris User Guide Polaris Radar overview 96

Polaris Radar
Radar features
Radar protects your data by performing file system behavioral and content analysis.
Table 20 describes the benefits Radar provides for your data.
Table 20 Security benefits
Benefit Description
File system behavior • Analyzes each snapshot that is indexed inside the Rubrik cluster.
analysis • Identifies and compares changes in the file system since the last
snapshot.
• Computes metadata that describes the changes that occurred in the file
system, such as the number of files added, deleted, or moved.
• Provides machine learning-based analysis of normal file system behavior.
• For every snapshot, determines how likely it is that an anomaly event
could occur.
• Generates anomaly alerts for further analysis.
File system content analysis • Examines the content of changed files after an anomaly alert occurs.
• Performs all content examination on the associated Rubrik cluster without
moving data into Polaris.
• Identifies and displays changes in file content between the current
snapshot and the previous snapshot.
• Looks for signs of encryption in the file system content.
• Computes entropy to measure the level of encryption in the file system.
• Computes probability of encryption, an indicator of a possible attack.
• Provides a detailed alert message when the anomaly threshold is
exceeded.
Snapshot recovery • Selects a post-incident snapshot and compares with the pre-incident
snapshot to identify impacted files.
• Provides users with a browse view of the file system hierarchy to enable
the selection of folders and files for recovery.
Recovery reports • Reports changes that occurred in every analyzed snapshot across every
machine.
• Displays details, such as snapshot date, resource name, resource type,
change in byte size, anomaly indicator, number of files added, number of
files removed, and number of files modified.
Rubrik Polaris User Guide Polaris Radar overview 97

Polaris Radar
Configuring Radar
Configure Radar to perform file system behavioral and content analysis before an incident occurs.
Radar provides two settings that users can configure:
 Whether Radar events are enabled or disabled globally.
 Whether Radar is enabled or disabled on a cluster.
When users enable Radar events, Radar sends a critical alert email to specified email recipients
and notifies them of any detected anomaly incidents. Radar must be enabled on a cluster to
perform file system behavioral and content analysis.
4. On the left pane of the Polaris web UI, click Add-ons.
When users have a valid license for Radar, the add-ons page appears.
If users do not have a license for Radar, the Get in touch option becomes available. Once users
click Get in touch, a licensing request is sent to Rubrik. Contact Rubrik account team for
additional help.
After receiving a license key from Rubrik, return to this task.
5. Move the toggle to the right to enable Radar events globally.
6. For each Rubrik cluster, choose whether to enable or disable Radar by moving the toggle to the
left to disable or to the right to enable.
If a cluster is unreachable, the toggle is not displayed.
Radar begins file system behavioral and content analysis on each Radar-enabled cluster.
Rubrik Polaris User Guide Configuring Radar 98

Polaris Radar
Viewing details of an anomaly event

Radar provides important information from the object snapshot of an anomaly event.
The information is available on the Events tab as described in “Viewing an anomaly event from the
Events tab”, or by clicking the link supplied in the critical alert email as described in “Viewing
object details from the Critical Alert email”.
Viewing a detected anomaly event from the Dashboard

Radar provides information about detected anomaly events aggregated over the previous 24 hours
or previous seven days in the Polaris dashboard.
The Polaris dashboard displays detected anomaly events only when the Polaris account has an
active Radar subscription.
Table 21 describes the information of an anomaly event details page.
Table 21 Anomaly event details
Column Description
Detection time Displays the time when the suspect snapshot is detected.
Files changes Displays the number of files added, modified, and deleted in the anomaly
event.
Suspicious files Displays the number of suspicious files created and detected in the last
snapshot taken. These files were deemed suspicious using various
heuristics, such as file type and extension.
Encryption Displays the likelihood that a majority or minority of files being encrypted.
• High
• Low
Confidence Displays the likelihood of an identified anomaly as predicted by Radar.
• High
• Low
Snapshot Displays the time the last snapshot is taken.
Suggested actions Provides the option to investigate snapshots and recover files.
Event timeline Displays the series of events associated with the top-level event.
Object name Displays the overview and events page of the protected object.

Rubrik Polaris User Guide Viewing details of an anomaly event 99

Polaris Radar
3. Click Anomaly events detected.

The anomaly events page appears. Table 21 provides details about the anomaly events page.
Viewing an anomaly event from the Events tab

View an anomaly event page from the Events tab for an anomaly event series on a Rubrik cluster
Once the alert threshold is met, Radar sends an anomaly alert and triggers a series of anomaly
events. This anomaly event series shows different events at each point in the event timeline.
Table 22 describes the messages that appears for each event in the anomaly event series.
Table 22 Anomaly event messages
Anomaly event stages Message
File system anomaly alert Detected anomalous filesystem activity with high confidence.
triggered
File system content analysis Detected little to no indication of encrypted files.
in progress
Confidence and encryption Detected anomalous filesystem activity with low levels of encryption.
indicators concluded

3. On the left-side menu, in Event type, click Anomaly.
A list of anomaly events appears.
4. Click an anomaly event.
The anomaly event details page appears.
5. (Optional) Click the Object name.
The Snapshots page appears, as described in Table 23.

Polaris Radar
Table 23 Snapshots page

Information Description
Chart • Displays the change rate for the resource over time.
Calendar • Displays the number of snapshots taken on each day of the specified duration of
time.
Snapshot list • Displays the snapshot type, time when the snapshot is taken, consistency, and
snapshot status.
• Initiates the recovery workflow when the user selects a snapshot in the list.
6. (Optional) Click Recover to recover a snapshot, as described in “Recovering a snapshot”.

The Recover files page appears.
Viewing object details from the Critical Alert email

View details of an anomaly event from the link provided in the Critical Alert email.
In the Critical Alert email, Radar captures the event status, start time, event category, cluster
name, object type, object name, suggested actions and event timeline.
1. In the Radar Critical Alert email, click View in app to view the anomaly event details page on
Radar.
2. (Optional) In Suggested actions, click Investigate snapshot.
The Select files page appears.
3. (Optional) Select one or more File changes or Suspicious filter to filter files.
4. (Optional) Recover a snapshot, as described in “Recovering a snapshot”.
When the recovery successfully completes, the Rubrik cluster notifies Radar.

Polaris Radar
Viewing anomaly reports

Anomaly reports contain information about anomaly snapshots and object anomalies captured by
Polaris Radar.
Table 24 describes the information of the Anomaly report page.
Table 24 Analogy report page
Information Description
Chart • Displays the number of anomaly snapshots against the number of total snapshots
taken.
Graph • Displays the number of no anomaly and anomaly snapshots taken on each day of the
specified duration of time.
Object Displays the over time or PIT information on the amount of application data:
anomalies • Snappable name
• Object type
• Snapshot date
• Number of bytes changed
• Is anomaly
• Number of files added
• Number of files removed
• Number of files modified
Global filters apply to the entire report, Polaris displays all possible values for a filter category.
3. Click an anomaly report.
The selected anomaly report appears.
Table 24 describes the information of the Anomaly report page.
Polaris populates the Anomaly report page with the aggregate values based on the selected filter.

Polaris Radar

Table 25 Anomaly report filters
Filter Description
Time range Sets one of the following time ranges for the report:
• Past 24 hours
• Past 7 days
• Past 30 days
• Past 12 months
Clusters Displays the Rubrik clusters connected to Polaris. Multi-selection is supported.
Anomaly incident
When Radar detects a potentially anomalous incident, Radar identifies and compares changes in
the file system since the last snapshot.
Radar offers a comprehensive Browse Snapshot view of how the file system changed around the
time of an incident. Radar captures the changes that occur over time for each protected resource.
Radar displays information about the changes in the Browse Snapshot Changes view. This view
provides a comparison between the selected snapshot and the previous snapshot.
Table 26 describes the information of the Browse Snapshot and Browse Snapshot Changes views.
Table 26 Browse Snapshot and Browse Snapshot Changes view details
View Description
Browse Displays changes that occur over time for each protected resource.
Snapshot view • Total size of the protected resource
• Time stamp when the protected resources was last modified.
Browse Displays information about the changes in the file system and provides a comparison
Snapshot between the selected snapshot and the previous snapshot.
Changes view • Changes in the number of files that are added, modified, or deleted,
• Changes in size of the protected resources, the total size of the protected resource
• Total size of the protected resource
• Time stamp when the protected resources was last modified.
Rubrik Polaris User Guide Anomaly incident 103

Polaris Radar
Viewing the Browse snapshot changes page

View the Browse snapshot changes page to see the changes that were detected from an anomaly
event.
Radar also displays the number of added, modified, or deleted files and folders that are potentially
impacted by the anomaly event.
3. Click within the Anomaly event detected section.
The anomaly events page appears.
4. Click the Object name.
The Snapshots page appears.
5. Click a date on the calendar to view the list of snapshots taken on that day.
6. Click Recover to start the recovery of a snapshot.
7. Choose Browse snapshot changes and click Next.
On the left-side menu, Radar displays the time stamp of the selected snapshot and the previous
snapshot.
Next step — Recover a snapshot.
Recovering a snapshot
Select the files or folders from the browse view of the folder hierarchy for recovery.

Polaris Radar
7. Choose Browse snapshot, click Next.
Alternatively, choose Browse snapshot changes and recover a file or folder as described in
“Viewing the Browse snapshot changes page”.
8. Choose the file or folder to be recovered and click Next.
The Recover page appears.
9. Choose Inplace recovery to use the latest infected snapshot as the recovery destination.
Alternatively, choose Restore to separate folder and type the Path to the recovery location.
10.Select Rubrik Backup Service to download the Rubrik Backup Service software as described
in “Obtaining Rubrik Backup Service connector”. Then, click Register to install the Rubrik
Backup Service software package on the host.
Alternatively, select Guest OS credentials to enable direct restore of files and folders as
described in “Using guest OS credentials”.
11.Click Recover.
Radar notifies the Rubrik cluster to start the recovery.
The event appears on the Events page of the associated anomaly incident.
Obtaining Rubrik Backup Service connector

The Rubrik Backup Service connector enables connected Rubrik clusters to restore folders and files
over corrupted data in the file system on the host.
When the Rubrik Backup Service connector is already installed on the connected Polaris cluster,
skip this step.
! IMPORTANT
The Rubrik Backup Service connector can only be used with the Rubrik cluster from which
the software is obtained.

Polaris Radar
Rubrik provides automatic upgrade of the Rubrik Backup Service connector as part of a general
upgrade of the Rubrik cluster software. After upgrading the Rubrik cluster software, the Rubrik
cluster automatically upgrades the Rubrik Backup Service connector on all protected hosts in the
Polaris domain.
4. On the left pane of the Polaris web UI, click Connectors.
5. Select a cluster from the drop-down.
6. Click Download to download the Rubrik Backup Service package specific to the cluster.
A browser-specific dialogue box appears to enable saving the package file.
Next task — Install the Rubrik Backup Service software package on the host to provide the Rubrik
cluster with the ability to manage data on the host.
Information on how to install the Rubrik Backup Service software package can be found in the
Rubrik User Guide.
Using guest OS credentials

Use guest OS credentials to enable direct restore of files and folders to guest operating systems
that do not have the Rubrik Backup Service installed.
This also provides access to guest operating system.

Polaris Radar

7. Choose Browse snapshot, click Next.
Alternatively, choose Browse snapshot changes and recover a file or folder as described in
“Viewing the Browse snapshot changes page”.
8. Choose the file or folder to be recovered and click Next.
The Recover page appears.
9. Choose Inplace recovery to use the latest infected snapshot as the recovery destination,
after removing all the infected files.
Alternatively, choose Restore to separate folder and type the Path to the recovery location.
10.Select Guest OS credentials to enable direct restore of files and folders.
11.Type the Domain of the Active Directory domain associated with the connected Rubrik cluster.
12.Type the Username and Password of the Active Directory domain.
13.Click Recover.
Radar notifies the Rubrik cluster to start the recovery.
Information on guest OS credentials can be found in the Rubrik User Guide.

Polaris Radar
Managing anomaly reports

Create, download, and delete anomaly reports.
Polaris also creates anomaly report schedule that determines when an email containing an
anomaly report is sent.
Creating an anomaly report

Create an anomaly report from Polaris for monitoring or audit purposes.
3. Click Create.
4. When prompted to choose a template, select Anomaly.
The report creation page appears.
5. Enter a name of the report.
Use a report name that is unique.
6. (Optional) Select the available filters.
Polaris populates the table with the aggregate values based on the selected filters.
7. Click Create.
Polaris creates and displays the new anomaly report.
Editing an anomaly report

Modify an existing anomaly report to change the name of the report or report schedule.
4. (Optional) Click and edit the name of the report.
5. (Optional) Modify any filters.
Rubrik Polaris User Guide Managing anomaly reports 108

Polaris Radar
6. (Optional) To make changes to a schedule, click the ellipsis on the top bar of the Polaris web
UI, and click Schedule.
The Schedule pane appears.
Follow the steps as described in “Editing an anomaly report schedule”.
7. Click Save in the upper-right corner.
If there is no schedule configured, the Reports page refreshes.
If there is a configured schedule, a prompt appears to confirm if the schedule changes should
be saved to the report.
Downloading an anomaly report

Download anomaly reports from Polaris for monitoring or audit purposes.
5. Click Download CSV.
The report is downloaded from the browser.
Deleting an anomaly report

Since Polaris reports are managed based on account-level permissions, deleting a report from a
given account impacts users within the same account.
1. Log in to the Polaris UI.
5. Click Delete.

Polaris Radar
6. When prompted to confirm the deletion, click Yes.

Polaris removes the anomaly report. The Reports page appears.
Creating an anomaly report schedule

Create an anomaly report schedule to configure when Polaris captures anomaly report
information.
5. Click Add schedule.
The New schedule pane appears.
6. In Schedule name, type a name for the schedule.
7. On the email frequency drop-down menu, select a period.
8. (For Daily) Select a time of the day.
Polaris sends an email on the selected time of the day.
9. (For Weekly) Select the day of the week and the time of the selected day.
Polaris sends an email on the selected day of the week at the selected time.
10.(For Monthly) Select the day of the month and the time of the selected day.
Polaris sends an email on the selected day of the month at the selected time.
11.To add an email recipient, click Add user and select an email address from the drop-down
menu.
A confirmation message appears once the email address is successfully added as the recipient.
12.Click Add.
Polaris creates and stores the schedule information for the scheduled report email.

Polaris Radar
Editing an anomaly report schedule

Modify an existing anomaly report schedule to change the name of the report schedule,
subscription frequency and time, and the email recipient.
5. Click Schedules.
6. Hover over the schedule you want to edit.
7. Click the edit icon to make changes to the selected report.
The Editing pane appears.
8. Make changes to any of the fields, as needed.
9. To stop receiving the scheduled report email on an email account, hover over the email
address, click Remove user.
The default creator of the Polaris domain cannot be removed.
10.Click Update.
Polaris updates and stores the edited anomaly report schedule.
Deleting an anomaly report schedule

Delete an anomaly report schedule to stop Polaris from sending that report.

Polaris Radar
5. Click Schedules.
6. Hover over the schedule you want to delete.
7. Click the trash can icon to delete the selected report.
Polaris deletes the anomaly report scheduling information.

Rubrik Polaris User Guide 755-0072-01 Reva12 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Rubrik Polaris User Guide 755-0072-01 Reva12 PDF

Загружено:

Авторское право:

Доступные форматы

Rubrik Polaris User Guide

755-0072-01 Rev A12

Rubrik Headquarters: Palo Alto, California 94304

Registered in the U.S. Trademark Office

Rubrik Polaris User Guide 2

Chapter 3 Getting started with Polaris 19

Rubrik Polaris User Guide 3

Chapter 5 User Management 48

Rubrik Polaris User Guide 4

Rubrik Polaris User Guide 5

Rubrik Polaris User Guide 6

Rubrik Polaris User Guide 7

Rubrik Polaris User Guide 8

Rubrik Polaris User Guide 9

Phone 1-844-4RUBRIK, option 2

Rubrik Polaris User Guide 10

Comments and suggestions

Rubrik Polaris User Guide 11

Rubrik Polaris User Guide Introduction 12

Rubrik cloud cluster

Branch Site Data Center

Rubrik Polaris User Guide Rubrik Polaris 13

Rubrik Polaris User Guide Polaris GPS 14

Is my source data available to Polaris?

Is outbound Internet access required?

Is there a maximum number of Rubrik clusters that can be managed through

Where is Polaris located?

How are new features added to Polaris?

How is my data secured?

Rubrik Polaris User Guide Common questions 15

This chapter describes data security in Rubrik Polaris.

Rubrik Polaris User Guide Security 16

Rubrik Polaris User Guide Security overview 17

How is my data in Polaris kept secure?

Rubrik Polaris User Guide Security questions 18

Rubrik Polaris User Guide Getting started with Polaris 19

Polaris domain user accounts

Adding the initial account

Rubrik Polaris User Guide Overview 20

Polaris password constraints

Adding additional accounts

Rubrik Polaris User Guide Polaris domain user accounts 21

3. Click Invite users.

Rubrik Polaris User Guide Polaris domain user accounts 22

Changing your password

Rubrik Polaris User Guide Polaris domain user accounts 23

Rubrik clusters on Polaris

Adding a Rubrik cluster to your Polaris domain

Rubrik Polaris User Guide Rubrik clusters on Polaris 24

Rubrik Polaris User Guide Rubrik clusters on Polaris 25

This chapter describes how to configure Single Sign-On in Rubrik Polaris.

Rubrik Polaris User Guide Single Sign-On 26

Single Sign-On overview

Rubrik Polaris User Guide Single Sign-On overview 27

Configuration workflow for ADFS

Uploading the identity provider metadata file

Rubrik Polaris User Guide Configuration workflow for ADFS 28

Retrieving the Rubrik Polaris metadata file

5. Click Download to download the Rubrik metadata file.

Adding a relying party trust on ADFS

Rubrik Polaris User Guide Adding a relying party trust on ADFS 30

7. Type a Display name, such as Rubrik_Polaris, and click Next.

Creating Active Directory security groups