Академический Документы
Профессиональный Документы
Культура Документы
Version v20190402
Preface 8
Document purpose .............................................................................................. 8
Revision history .................................................................................................. 8
Support ............................................................................................................ 10
Related documentation ..................................................................................... 11
Comments and suggestions ............................................................................... 11
Product ............................................................................................................ 11
Product documentation ..................................................................................... 11
Chapter 1 Introduction 12
Rubrik Polaris ......................................................................................................... 13
Polaris GPS ............................................................................................................. 14
Polaris Radar .......................................................................................................... 14
Common questions ................................................................................................. 14
Chapter 2 Security 16
Security overview ................................................................................................... 17
Security questions ................................................................................................... 18
Chapter 6 Dashboard 65
Dashboard overview ............................................................................................... 66
Viewing dashboard information ............................................................................... 66
Viewing events information ............................................................................... 67
Viewing compliance information ......................................................................... 68
Viewing protection information .......................................................................... 69
Viewing global map information ......................................................................... 69
Chapter 8 Events 75
Events overview ..................................................................................................... 76
Events page ........................................................................................................... 76
Viewing events information ..................................................................................... 77
Viewing the Events page from the Dashboard ..................................................... 77
Viewing the Events page from the Events tab ..................................................... 78
Viewing the Events page from the Clusters tab ................................................... 78
Viewing audit log information .................................................................................. 79
Searching an event ................................................................................................. 80
Canceling an event ................................................................................................. 80
Chapter 9 Reporting 81
Reporting overview ................................................................................................. 82
Types of reports ............................................................................................... 82
Report filters .................................................................................................... 84
Groupings ........................................................................................................ 87
Limitations ....................................................................................................... 88
Report customization ........................................................................................ 88
Customizing a report .............................................................................................. 89
Displaying a report ................................................................................................. 90
Editing a report ...................................................................................................... 90
Downloading a report ............................................................................................. 91
Deleting a report .................................................................................................... 91
Creating a report schedule ...................................................................................... 92
Editing a report schedule ........................................................................................ 93
Deleting a report schedule ...................................................................................... 94
Welcome to Rubrik. We appreciate your interest in our products. Rubrik is continually working to
improve its products and regularly releases revisions and new versions. Some information
provided by this guide may not apply to a particular revision or version of a product. Review the
release notes for the product to see the most up-to-date information about that product.
Document purpose
The purpose of this guide is to provide information about how to use Rubrik Polaris to enhance
data management and administration when working with Rubrik clusters.
Revision history
Table 1 provides the revision history of this guide.
Table 1 Documentation revision history (page 1 of 3)
Revision Date Description
Rev. A0 May, 2018 General Availability release, Rubrik Polaris 1.0.
Rev. A1 May, 2018 Polaris release v20180515:
• Document numbering changed to match Polaris
release numbering.
• Added information about the Audit Log feature to
“Events”.
Rev. A2 June, 2018 Polaris release v20180605:
• Added information about critical system events,
severity of events, and other event enhancements
to “Events”.
Rev. A3 July, 2018 Polaris release v20180703:
• Added information about cluster version to
“Clusters”.
• Added information about the Report Schedule
feature to “Reporting”.
• Added information about the Single Sign-On
feature to “Single Sign-On”.
Support
Use one of the following methods to contact Rubrik Support:
Web https://support.rubrik.com
Email support@rubrik.com
Product
To provide comments and suggestions about the product, contact Rubrik Support by using the
information provided in “Support” on page 10.
Product documentation
To provide comments and suggestions about the product documentation, please send your
message by email to:
techpubs@rubrik.com
To help us find the documentation content that is the subject of your comments, please include
the following information:
Full title
Part number
Revision
Relevant pages
This chapter provides an introduction to Rubrik Polaris, Polaris GPS, and Polaris Radar.
Rubrik Polaris ........................................................................................................... 13
Polaris GPS............................................................................................................... 14
Polaris Radar ............................................................................................................ 14
Common questions ................................................................................................... 14
Rubrik Polaris
Rubrik® Polaris™ is a suite of cloud-based services that provide centralized analysis and
management of data on Rubrik clusters.
Rubrik Polaris is a software as a service (SaaS) product suite for managing and analyzing the data
that resides on your Rubrik clusters. Rubrik delivers the Polaris suite of services through a
cloud-based central management interface.
Figure 1 depicts the global nature of Polaris administration of Rubrik clusters.
Figure 1 Global administration of Rubrik clusters
VPC
VPC
Rubrik cloud cluster
VPC
Rubrik cloud cluster
VPC
Data Center
Branch Site
Rubrik Polaris
Rubrik Edge
Rubrik clusters
Rubrik clusters
Polaris GPS
Rubrik Polaris includes Polaris GPS™, a monitoring and reporting service.
Polaris GPS provides a global management view of the daily operations of your Rubrik clusters.
Through the Polaris GPS interface, you can monitor protection and compliance status on the
Rubrik clusters. You can also generate a wide variety of reports and charts using current and
historical data about the health, protection and compliance status of all of the objects that the
Rubrik clusters protect.
Your Polaris GPS runs in your Polaris domain, a virtual cloud that you can access through the
Internet. Polaris GPS consists of the components described in Table 2.
Table 2 Major components of Polaris GPS
Component Description
Dashboard Top-down view of all of your Rubrik clusters using aggregated summary information.
Provides a large screen-type view of overall events, compliance, capacity, and alerts.
Clusters Status-at-a-glance summary view of each of your Rubrik clusters and the ability to take a
closer look at a selected cluster.
Events Continually updating view of all events on all of your Rubrik clusters, with filters to
enable you to focus in on a specific Rubrik cluster, event, protection object, or user.
Reports Customizable reports and charts. Use reports for audit work and planning and to get a
snapshot view of specific events on your Rubrik clusters.
Polaris Radar
Rubrik Polaris also includes Polaris Radar™, an anomaly detection and data recovery service.
Polaris Radar provides a simple, reliable, immutable, and speedy anomaly detection and data
recovery in the events of potential ransomware attacks. Polaris Radar detects and analyzes
potential anomaly events on your protected resources. If the detection threshold is met, Polaris
Radar generates and sends an alert to notify users of the detected anomaly events. Users can
select the snapshot to be analyzed, the files or folders to be recovered, and the recovery
destination.
Common questions
Answers to some of the common questions about Rubrik Polaris and Polaris GPS.
What is Polaris?
Polaris is software as a service (SaaS). That means that your licensed use of the service provides
all of the functionality of the product without any maintenance requirements.
Can the Support Tunnel proxy configuration be used by a Rubrik cluster to connect
with Polaris?
No. The Rubrik cluster connects directly to Polaris through the Internet.
Security overview
Rubrik Polaris provides end-to-end security for your data management information.
Polaris offers a multi-layered security approach that ensures the safety and privacy of your
applications and data.
Table 3 describes the security benefits Polaris provides for your data management information.
Table 3 Security Benefit
Benefit Description
Secure access • All user authentication requires and enforces the use of strong passwords.
• Detects brute-force attacks and blocks credentials identified in security breaches.
• Protects customer data from common SaaS security issues, such as session
hijacking, script insertion and cross-site-request-forgery.
Secure connection • Allows users the access from Polaris to manipulate the data on your Rubrik
clusters, exclusively over HTTPS using TLS v1.2 only.
• Requires strong ciphers with forward secrecy for all connections and uses a
strong access key for authentication with your Rubrik clusters.
Encryption-in-flight • All communication internally in Polaris and externally with CDM is encrypted with
the use of TLS v1.2 and strong ciphers with forward secrecy.
• Each request is individually authenticated and authorized with a strong
permission model.
Data security • Does not access the data on your Rubrik clusters or the objects that are protected
by your Rubrik clusters.
• Exclusively works with metadata from your Rubrik clusters, for example: object
size, type, location, and time. No customer data leaves the data center.
• Meets strict data compliance requirements.
Encryption-at-rest • Stores and encrypts data with AES-256 encryption using symmetric key algorithm
and keys sized at 256 bits.
• Protects customer data against physical security breaches.
• Encrypts and decrypts data and files.
Data isolation • Isolates individual customer data into logically partitioned databases.
• Prevents potential data leakage and preserves data privacy among different
customers.
Data residency • Provisions Polaris instance based on the geographical location of customer data
or data center.
• Addresses strict regulatory and compliance requirements different geographical
locations require.
Security questions
What are the outbound ports and endpoints that must be opened to Polaris?
Polaris requires that each Rubrik cluster opens an outbound connection through port 443 to get
access to https://<subdomain>.my.rubrik.com, https://accounts.google.com, and
https://googleapis.com.
Enable these outgoing connections in your proxy and/or firewall settings.
What protocol (s) for data transmissions between Polaris and your Rubrik
clusters?
Polaris uses HTTPS to transmit data between Polaris and your Rubrik clusters.
If SSL proxy is enabled, HTTPS traffic might be intercepted and provides an invalid certificate.
Configure your proxy settings to bypass the domains that are connected to Polaris.
What user account does Polaris use to connect to your Rubrik clusters?
Polaris creates a special system user with full privileges on your Rubrik clusters. Polaris makes
Rest API calls as this system user. The system user events are considered system internal
events and are not shown in Polaris events.
This chapter describes the tasks that will get you started with Polaris.
Overview ................................................................................................................. 20
Polaris domain user accounts..................................................................................... 20
Rubrik clusters on Polaris .......................................................................................... 24
Overview
Getting started with Rubrik Polaris involves two simple tasks: adding authorized user accounts and
adding Rubrik clusters.
Rubrik sets up the initial user account for your Polaris domain and sends an email invitation to the
primary administrator on your account. After setting up the first account, the administrator can
invite other users to set up accounts on the domain.
Any account in your Polaris domain can then add Rubrik clusters to the domain. Adding Rubrik
clusters involves copying a single-use token from the Polaris UI and providing it as part of Polaris
setup on the Rubrik cluster being added.
Polaris uses HTTPS to transmit data between Polaris and your Rubrik clusters. Polaris requires that
each Rubrik cluster opens an outbound connection through port 443 to get access to
https://<subdomain>.my.rubrik.com, https://accounts.google.com, and https://googleapis.com.
Enable these outgoing connections in your proxy and/or firewall settings.
2. In Email, type the email address of the primary technical administrator for your company.
Type the same email address that the Polaris set up email was sent to.
3. In Password, type a password for the new account.
Information on password constraints can be found at “Polaris password constraints”.
Polaris accepts the password and activates the Login button.
4. Click Login.
The Rubrik Polaris end user license agreement (EULA) appears.
5. Read the EULA, scrolling through to the end of the document.
The accept button becomes active.
6. Click I accept these terms and conditions.
Every user of Rubrik Polaris must accept the terms and conditions of the EULA.
To decline, click I decline and would like to be logged out. If you decline the EULA, Polaris
does not create your user account.
After you accept the EULA, Polaris stores your account credentials, opens your Polaris domain, and
the dashboard page appears.
Logging out
Log out of your Polaris session to ensure that Polaris immediately closes the session.
1. In the Polaris web UI, click the silhouette icon in the upper-right corner.
The account menu appears.
2. Click Logout.
Polaris closes the session and logs you out.
By adding a Rubrik cluster to your Polaris domain, you establish a secure, authenticated,
connection between the Rubrik cluster and the Polaris domain. The Rubrik cluster always initiates
the connection, so inbound access from the Polaris domain is not required. The connection
provides the Polaris domain with read-only access to the data management information on the
Rubrik cluster.
Adding a Rubrik cluster involves two simple tasks. First, obtain a single-use token from your
Polaris domain. Then, configure the Rubrik cluster to use the token to authenticate and secure an
ongoing connection with your Polaris domain.
5. Click Done.
The Add a new cluster dialog box closes.
6. Log in to the Rubrik cluster using an administrator account.
Use the administrator account or one with equal privileges.
7. Click on the top bar of the web UI.
The Settings menu appears.
8. Click Cluster Settings.
The Cluster Settings page appears.
9. In Global Cluster Manager Token, paste the token from your clipboard.
10.In Cluster Location, type a location for the Rubrik cluster.
The field takes a string value. To permit mapping of the location on the Polaris dashboard map,
provide an address-type value that can be interpreted by a mapping application.
11.Click Update.
The Rubrik cluster saves the values and begins to establish a secure connection with your
Polaris domain.
After a secure connection is established with your Polaris domain, the Rubrik cluster appears on
the Polaris Clusters page. Polaris begins to pull statistical data from the Rubrik cluster as soon as
the connection is established and continues to update the displayed information as the data is
pulled.
Authentication process
Rubrik Polaris works with an identity provider system to enable single sign-on through an
authentication process.
Rubrik Polaris supports SAML web single sign-on profile with HTTP POST bindings to manage user
authentication between the identity provider system and Rubrik Polaris.
Rubrik Polaris works with identity provider systems to provide single sign-on through the following
process.
1. The user accesses Rubrik Polaris.
2. Rubrik Polaris identifies the user’s origin and sends a redirect to the user’s browser.
3. Rubrik Polaris generates an encoded SAML authentication request and includes it in the redirect
URL.
4. When the browser has an active session with the identity provider system, the identity provider
system decodes the SAML authentication request and extracts the user’s destination URL.
5. The identity provider system requests the user for his credentials and authenticates the user.
6. The identity provider system sends Rubrik Polaris an authentication response containing a
signed and encoded SAML assertion.
7. Rubrik Polaris retrieves and verifies the authentication response using the certificate
fingerprint.
8. Rubrik Polaris grants access and redirects the browser to the requested destination URL.
ADFS Prerequisite
Check that the version of the ADFS system installed on your server is supported on your Windows
Server version, as described in Table 5.
Table 5 describes ADFS version supported on different Windows Server version.
Table 5 Supported ADFS version on Window Server
ADFS version Windows Server version
ADFS 2.0 Windows Server 2008 and Windows Server 2008 R2
ADFS 2.1 Windows Server 2012
ADFS 3.0 Windows Server 2012
ADFS 4.0 Windows Server 2016
The identity provider metadata file contains the issuer’s name, expiration information, and keys
that can be used to validate the SAML authentication response that are received from the identity
provider.
1. Log in to the Polaris web UI.
2. Click the silhouette icon in the upper-right corner.
The account menu appears.
3. Click System preferences.
The System preferences page appears.
4. On the left pane of the Polaris web UI, click SAML.
The SAML configuration page appears.
Note: To avoid interruption of the single sign-on service, in the next step, ensure that the upload
occurs before the expiration specified for the metadata file.
5. Drag and drop a new identity provider metadata file onto the page to start the upload.
Alternatively, you can browse for and select the file to replace an existing file.
The browser uploads the file to Rubrik Polaris, and the information appears on the page.
Next task — Retrieve the Rubrik Polaris metadata file, as described in “Retrieving the Rubrik
Polaris metadata file”.
Rubrik Polaris User Guide Retrieving the Rubrik Polaris metadata file 29
Single Sign-On
8. Select Send Claims Using a Custom Rule from the Claim rule template drop-down, and
click Next.
The Configure Rule page appears.
9. Type a Claim rule name, such as “all-groups” as the rule name for the all groups rule.
10.Click Finish.
11.In the Edit Claim Rules dialog, click OK to save the rule.
12.To configure a subset of groups as claims, create custom rules to define a subset of groups.
For instance, create a subset of groups with the prefix “RubrikGroup” to identify groups that
have access to Rubrik Polaris.
13.In Custom rule, add a custom rule. Rubrik provides a recommended “Custom group rule”
string available on GitHub at SSO ADFS configuration strings.
Make sure the entire value is copied and pasted as a single line without additional line breaks
14.Click Finish.
15.In the Edit Claim Rules dialog, click OK to save the rule.
16.When a custom rule for a subset of groups is configured, create a rule to filter rubrik-only
groups, type a Claim rule name, such as “rubrik-groups” as the rule name for the rubrik-only
groups rule.
17.If you have created a security group with the prefix “rubrik”, in Custom ru;’le, copy and paste
the “Custom group filter rule security group with ‘rubrik’ prefix” string available on GitHub at
SSO ADFS configuration strings.
If you do not have a specific security group, in Custom rule, copy and paste the “Custom
group filter rule generic security group” string available on GitHub at SSO ADFS configuration
strings.
The "^" denotes the inclusion of values beginning with the set value.
Rubrik recommends the creation of dedicated security groups on Active Directory for SSO
integration with Polaris. Information on Rubrik’s recommendation on creating Active Directory
security groups can be found at “Creating Active Directory security groups”.
18.Click Finish.
The Edit Claims Rule pages appears.
19.In the Edit Claim Rules dialog, click OK to save the rule.
20.Click Apply > OK.
The ADFS system applies the claims rules and returns to the Relying Party Trusts page.
Rubrik Polaris identifies the claims from the ADFS system and establishes the trust between Rubrik
Polaris and the ADFS system.
Next task — Adjust trust settings on ADFS, as described in “Adjusting the trust settings on ADFS”.
To configure and set up Okta, complete the tasks in the following order:
1. “Configuring a SAML application on Okta”
2. “Downloading the identity provider metadata file on Okta”
3. “Uploading the identity provider metadata file”
4. “Retrieving the Rubrik Polaris metadata file for Okta”
5. “Editing the SAML application on Okta”
6. “Assigning an Okta SAML application”
7. “Testing Single sign-on connection”
Okta creates the SAML application with the configured general settings, the new application
appears on the Applications list.
Next task — Download the metadata file on Okta, as described in “Downloading the identity
provider metadata file on Okta”.
Rubrik Polaris User Guide Downloading the identity provider metadata file on Okta 37
Single Sign-On
17.Replace the placeholder value using the “Signature certificate” query available on GitHub at
SSO Okta configuration strings.
18.Copy the certificate, without formatting, and paste it into a plain text editor.
Include the BEGIN and END lines in the copied text.
19.Save the plain text file as signature_certificate.pem.
20.In Signature Certificate, browse for signature_certificate.pem, select it, and click Upload
Certificate.
A success message appears when the certificate upload is successful.
21.Under Attribute Statements, in Name, copy and paste the value “Attribute statement”
available on GitHub at SSO Okta configuration strings.
This is a mandatory attribute statement for Rubrik Polaris to identify users with their email
addresses.
22.In Value, type user.email as the name for this email attribute statement.
23.Under Group Attribute Statements, in Name, copy and paste the “Group attribute
statements” string to create a group-specific attribute statement available on GitHub at SSO
Okta configuration strings.
Rubrik recommends configuring a group-specific attribute statement to create group
memberships to avoid situations when users are denied access to resources if the SID for the
group which allows them access was not successfully included in the packet. Configure a
custom rule to create a subset of groups as claims and to create a filter with a group-specific
filter.
24.In Filter, select Matches regex and type "^rubrik.*".
Rubrik recommends configuring a filter with a group-specific parameter to filter claims based
on group membership.
25.Under Group Attribute Statements, in Name, copy and paste the string to create an
all-group attribute statement available on GitHub at SSO Okta configuration strings.
Alternatively, you can create an all-group attribute statement to include all groups.
26.In Filter, select Matches regex and type ".*".
Alternatively, you can configure a filter that include values matching the all-group attribute
statement.
27.Click Next.
28.Provide an answer for Are you a customer or partner.
29.Click Yes, my app integration is ready for public use in the Okta Application
Network.
30.Click Finish.
Okta updates the SAML application with the new settings.
Once the SAML application is updated successfully, the application page appears.
Next task — Assign the SAML application to users or groups on Okta, as described in “Assigning an
Okta SAML application”.
Rubrik Polaris User Guide Configuring a SAML application on Azure SAML enterprise application 41
Single Sign-On
Rubrik Polaris User Guide Retrieving the Rubrik Polaris service provider metadata file for Azure 43
Single Sign-On
Polaris offers a default Administrator role that has full access rights to all operations or tasks on
Polaris. Polaris creates this default role automatically for all existing and new accounts. Authorized
users can assign default roles directly to other users in the system. However, the default role
cannot be edited or deleted. The administrator retains full access to the Rubrik cluster even when
the Active Directory is unavailable.
Table 7 describes the full set of permissions available.
Table 7 Polaris role permissions
Task Description Permission
Dashboard • Enables users to view the dashboard. • View Dashboard – Enables users to view the
• When users only have the View dashboard.
Dashboard permission and does not
have access to the events tab, the
number of Events will not be available.
Cluster • Enables users to manage • Add cluster – Enables users to add a new
cluster-related permissions. cluster from the Clusters page. When
• Applies these permissions to some or selecting the Add cluster permission, also
all the existing clusters, or cluster that select the View Cluster permission to view the
is added for future use. newly added cluster.
• View cluster – Enables users to view the
Clusters page. Users with the View Cluster
permission and without the View Events
permission cannot view events on the
Clusters page.
Inventory • Enables users to manage and view • View – Enables users to view inventory details
inventory settings. page.
• Enables users to assign or remove • Manage – Enables users to edit inventory
SLA to protect objects. settings, add or remove objects from the
• Enables users to recover and restore. inventory page.
• Protect – Enables users to assign and remove
SLA Domain to an inventory item and take
on-demand snapshots.
• Recover – Enables users to perform
mounting, export, instant recovery, and
restore to an inventory item.
SLA • Enables users to view and manage • View SLA domains – Enables users to view
domains SLA domains. the SLA domain pages.
• Manage SLA domains – Enables users to
create, edit, or delete SLA domains.
To provide easier and customized role creation, Polaris supports role templates that contain a
pre-selected set of permissions associated to the specific role being created. Administrators can
add permissions to or remove particular permissions from the specific role while selecting the role
template. Authorized users can create a new role by copying permissions from a role template.
Role templates cannot be edited, deleted, or assigned directly to users as roles.
Authorization
When a user is assigned a role, the user is explicitly authorized to perform actions on the specific
resources. When a resource contains other resources, the user is implicitly granted authorization
on all the descendant objects. Similarly, granting an authorization to an SSO group grants an
implicit authorization to all SSO users within that group.
Managing users
Polaris manages different types of users, as describes in Table 8.
Table 8 Polaris RBAC users
User type Description
Account owner • Owns the Polaris account.
• Has full permissions to all objects in the account.
• Is the sole owner of a Polaris account.
• Can transfer ownership to local users only.
• Cannot be deleted, deactivated, nor assigned another role by an account
administrator.
Local users • Are created and managed on Polaris.
• Have accounts in the local directory on the Rubrik cluster.
• Log in to Polaris with their local account credentials.
• Can only have one role.
SSO users • Are authenticated by a SAML identity provider.
• Are managed as an SSO group.
• Log in to Polaris through single sign-on.
SSO users
SSO users log in through single sign-on. When authenticated by the SAML identity provider, the
SSO user identity is established and their identity information is being shared to Polaris. Polaris
then manages SSO users as an SSO group. SSO user information is not stored on Polaris. Polaris
creates a mapping between the users or groups as defined in the customer database and as
defined by the customer SAML identity provider.
Polaris grants permissions to SSO users based on the role assigned through the IdP group they
belong to. The group-role mapping ensures that once the SSO users log in to Polaris as the
members of a specific IdP group, they are assigned the specific role assigned to the IdP group.
SSO users can log in to Polaris regardless of the SSO groups they belong to. Polaris restricts role
assignment and user deactivation of SSO users.
Creating a role
Create a role with a role template that contains a pre-selected set of permissions. Or, create a role
by selecting individual permission from the full list of permissions, as described in Table 7.
14.(Optional) Click Change to change the cluster permissions as described in “Creating a role
without a role template”.
15.(Optional) Click Change to change the inventory permissions as descried in “Changing
inventory permissions”.
16.Click Save.
Polaris creates the new role and returns to the Roles page.
12.(Optional) Click Change to change the cluster permissions as described in “Creating a role
without a role template”.
13.(Optional) Click Change to change the inventory permissions as descried in “Changing
inventory permissions”.
14.Click Save.
Polaris creates the new role and refreshes the roles details page.
Note: To view events and reports of all inventories and clusters, select Select all inventory
objects (current and future).
5. (Optional) To grant inventory permissions to a subset of specific inventory types, select the
inventory type. By default, all objects in the inventory type are selected.
6. (Optional) To select specific objects in the inventory type, click change in the specific
inventory type card.
The list of objects appears.
7. Select the objects.
8. Click Save.
The Change inventory selection page appears.
9. Click Save.
Polaris saves the changes to the inventory permissions.
Editing a role
Add additional permissions to or remove particular permissions from the role.
1. Log in to the Polaris web UI.
2. Click the silhouette icon in the upper-right corner.
The account menu appears.
3. Click User Management.
The User Management page appears, with the Users tab selected.
4. Click Roles.
The Roles page appears.
5. Select a role.
The role details page appears.
6. Click Edit.
The Edit an existing role page appears.
7. (Optional) Edit the Role Name.
8. (Optional) Edit the Role description.
9. Click Next.
The Set permissions page appears.
10.(Optional) Modify the permissions.
11.(Optional) Click Change to change the cluster permissions as described in “Creating a role
without a role template”.
(Optional) Click Change to change the inventory permissions as described in “Changing
inventory permissions”.
12.Click Save.
Polaris makes changes to the role and refreshes the roles details page.
Deleting a role
Remove a role from Polaris.
Users can no longer be assigned the set of permissions defined by that role.
Before deleting a role from Polaris, remove the role from users that are assigned to that role.
Otherwise, Polaris displays a warning when attempting to delete a role that is currently assigned
to any users.
1. Log in to the Polaris web UI.
2. Click the silhouette icon in the upper-right corner.
The account menu appears.
3. Click User Management.
The User Management page appears, with the Users tab selected.
4. Click Roles.
The Roles page appears.
5. Select a role.
The role details page appears.
6. Click Delete.
7. When prompted, click Delete to confirm the role deletion.
Polaris removes the role and refreshes the roles details page.
Deleting users
Remove local or SSO users from Polaris.
For local users, Polaris removes all data associated with the deleted local users.
For SSO users, Polaris only removes the SSO users locally. Deleted SSO users can still log in to
Polaris. To deny access of deleted SSO users to Polaris after they are being deleted, disable them
on the identity provider.
Users cannot delete the user with the account owner permission nor their own user account.
1. Log in to the Polaris web UI.
2. Click the silhouette icon in the upper-right corner.
The account menu appears.
3. Click User Management.
The User Management page appears, with the Users tab selected.
4. Select one or more users to delete.
5. Click Delete from the bottom-right menu.
The confirmation prompt appears.
6. Click Delete.
Polaris removes the user and user-related data from the database and stores the user audit log.
Polaris transfers the account ownership to the selected user. The original owner reverts to an
administrator role.
The User Management page appears, with the Users tab selected.
4. Select the SSO groups tab.
5. Select an SSO group.
6. Click Remove role.
Polaris removes the role from the SSO group associated to the Polaris account. The SSO group will
be removed from the list.
Dashboard overview
The Dashboard provides information about the current state of the Rubrik clusters connected to
Polaris.
The Dashboard is an aggregated view of all events and compliances across all Rubrik clusters in
their respective regions. The dashboard provides aggregated Events, Compliance Overview,
Protection Overview, and global map information of all connected Rubrik clusters associated with
the authenticated user.
Users can apply dynamic filters to the dashboard.
The Dashboard shows all setup events aggregated over a configurable time range.
Polaris web UI regularly refreshes the information that appears in the dashboard. Polaris refreshes
event data every five minutes, Rubrik cluster and SLA domain data every 15 minutes, and global
object data every four hours.
Clusters overview
The Polaris Clusters feature presents a list of all Rubrik clusters connected to Polaris.
As a global management interface, Polaris adds and manages Rubrik clusters.
Events overview
The Polaris Events feature identifies, isolates, and prioritizes incidents with a unified view of global
Rubrik events.
The Events feature enables users to find point-in-time events with easy-to-use filters and real-time
search.
The Events tab shows information on system events by event types and object types.
The Audit log tab shows log messages for system events on the connected Rubrik clusters and for
the Polaris domain.
Events page
The Events page displays the events of all connected Rubrik clusters in the local time zone.
Polaris tracks, monitors, and displays all events of all connected Rubrik clusters when no filter is
applied.
Change filters to dynamically change the Events page view.
Polaris displays all possible values for a filter category.
Table 11 describes the available filters and values.
Table 11 Event filters (page 1 of 2)
Filter Description
Time range Displays events aggregated over the specified time.
• Past 24 hours
• Past 7 days
• Past 30 days
Clusters Displays events on Rubrik clusters connected to Polaris or Polaris native events.
Severity Displays the severity of the events.
• Critical - System event that requires attention, such as failed backup, archival, as well as
replication.
• Warning - System event finished with a warning, such as backup, archival, or recovery.
• Informational - System event for information only.
Status Displays events based on the status of the event.
• Failure
• Running
• Completed
• Canceled
• Queued
This page displays the series of events associated with the top-level event, such as cluster
name, object type, event type, duration of the event, start time of the event, and the details of
each event within the event timeline.
5. (Optional) Select filters to apply to the Events page.
Polaris populates the Events page with the aggregate values based on the selected filter.
5. Click an event.
The Events series page appears.
This page displays the series of events associated to the top-level event, such as cluster name,
object type, event type, duration of the event, start time of the event, and the details of each
event within the event timeline.
6. (Optional) Apply filters to view the Events page with the aggregate values based on the
selected filter.
Searching an event
Polaris searches a specific event by object name.
Enter a search string in the Search object name field to display a list of objects that match the
search string.
Polaris begins a predictive search and updates the results as letters are typed in. The search
matches the characters entered in the search field with the same sequence of characters
anywhere in an object name.
Canceling an event
Cancel Rubrik cluster events from the Events tab or from the Rubrik cluster.
1. Log in to the Polaris web UI.
2. Click Events in the navigation bar.
The Events page appears.
3. (Optional) Select filters to apply to the Events page.
Polaris populates the Events page with the aggregate values based on the selected filter.
4. Click an event.
The Events series page appears.
This page displays the series of events associated with the top-level event, such as cluster
name, object type, event type, duration of the event, start time of the event, and the details of
each event within the event timeline.
5. Click Cancel job.
Polaris cancels the running event.
Reporting overview
Polaris reporting feature provides customizable reports about application data protection and
Polaris underlying infrastructure.
Rubrik Polaris offers a comprehensive view of physical, virtual, and cloud topologies. The
Reporting feature enables users to create views of the most commonly used system metrics. Use
the data gathered in the reports to perform audits and data management planning.
Types of reports
For each report category, Polaris provides a report template as a default report. Polaris also
provides preconfigured reports for each report category.
Default reports have no filters or groupings. Use default reports as basic templates and modify
them to create new reports.
Preconfigured reports use commonly applied filters and groupings. Modify or remove these
reports, as needed.
Depending on the reporting needs, the Polaris reporting feature also supports extensive
customization to the graphs displayed, as well as custom filters.
Table 13 describes the template reports.
Table 13 Template reports (page 1 of 3)
Report Type Description
Infrastructure report Displays infrastructure-related attributes:
• Cluster name
• Cluster type
• Location
• Node count
• Capacity
• Used capacity per Rubrik cluster
• Available capacity % per Rubrik cluster
• Estimated Runway
• Encryption Enabled (or not) for the Rubrik cluster
Report filters
Global filters apply to the entire report, including the table and charts.
Only filters applicable to the chart type are applied.
Polaris displays all possible values for a filter category.
Select a filter from the Filters sidebar, the following global filters are available:
Groupings
Apply groupings to a report to view aggregate values for the selected groups.
Table 15 summarizes groupings by Rubrik clusters and the corresponding default report actions.
Table 15 Groupings by Rubrik clusters and corresponding reports
Grouping Description
Cluster • Infrastructure: Not applicable
• Compliance: Number of objects compliant and non-compliant per Rubrik
cluster name
• Protection: Number of objects protected, unprotected, do-not-protect per
Rubrik cluster name
• Capacity: Capacity used per Rubrik cluster name
• Number of events per Rubrik cluster name
Table 16 summarizes groupings by Rubrik cluster types and the corresponding default report
actions.
Table 16 Groupings by cluster types and corresponding reports
Grouping Description
Cluster type • Infrastructure: Number of Rubrik clusters per cluster type
• Compliance: Number of objects compliant and non-compliant per cluster
type
• Protection: Number of objects protected, unprotected, do-not-protect per
cluster type
• Capacity: Capacity used per cluster type
• Event: Number of events per cluster type
Table 17 summarizes groupings by object types and the corresponding report actions.
Table 17 Groupings by object types and corresponding reports
Grouping Description
Object type • Infrastructure: Not applicable
• Compliance: Number of objects compliant and non-compliant per object
type
• Protection: Number of objects protected, unprotected, do-not-protect per
object type
• Capacity: Capacity used per object type
• Event: Number of events per object type
Table 18 summarizes groupings by event and the corresponding default report actions.
Table 18 Groupings by event and corresponding reports
Grouping Description
Events • Infrastructure: Not applicable
• Compliance: Not applicable
• Protection: Not applicable
• Capacity: Not applicable
• Event: Number of events per event type
Table 19 summarizes groupings by time and the corresponding default report actions.
Table 19 Groupings by time and corresponding reports
Grouping Description
Time Number or sum of column values based on time.
Time granularity for charts is fixed or inferred by Polaris based on the
selected time range.
Limitations
Polaris reporting has the following limitations:
Polaris only manages reports for Rubrik clusters with access to Polaris.
Polaris synchronizes most data with connected Rubrik clusters in real time. Report
synchronization between Rubrik clusters and Polaris can take a few hours.
For reporting purposes, Polaris retains metadata from the data synchronization instance with
Rubrik clusters.
Report customization
Report customizations are available to allow better reporting experience.
Polaris changes chart data, such as compliance, protection, infrastructure, and event by
customizing reports.
Change filters or groupings to customize default, preconfigured, or previously customized reports.
Customizing a report
Polaris provides report customizations for each of the default report types.
You can customize any of the Polaris report types: default reports, preconfigured reports, and
previously customized reports.
1. Log in to the Polaris web UI.
2. Click Reports in the navigation bar.
The Reports page appears.
3. Click Create.
4. When prompted to choose a template, select a template.
The report creation page appears.
5. Enter or edit the name of the report.
Use a report name that is unique.
6. Depending on the type of report selected, select an available filter.
7. (Optional) Edit the selected filter.
Displaying a report
View Polaris reports from the different report types available.
1. Log in to the Polaris web UI.
2. Click Reports in the navigation bar.
The Reports page appears.
3. Click a report type.
A list of all available reports of that type appears.
4. Click the name of a report.
The selected report appears.
Editing a report
Edit a default report, preconfigured report, or an existing report for Polaris.
1. Log in to the Polaris web UI.
2. Click Reports in the navigation bar.
The Reports page appears.
3. Click a report type.
A list of all available reports of that type appears.
4. Click and edit the name of a report.
The selected report page appears.
5. (Optional) Click and edit the name of the report.
6. (Optional) Modify any filters.
7. (Optional) To make changes to a schedule, click the ellipsis on the top bar of the Polaris web
UI, and click Schedule.
The Schedule pane appears.
Follow step 7 to 8 as described in “Editing a report schedule”.
8. Click Save in the upper-right corner.
If there is no schedule configured, the Reports page refreshes.
If there is a configured schedule, a prompt appears to confirm if the schedule changes should
be saved to the report.
Downloading a report
Download reports from Polaris for monitoring or audit purposes.
1. Log in to the Polaris web UI.
2. Click Reports in the navigation bar.
The Reports page appears.
3. Click a report type.
A list of all available reports of that type appears.
4. Click the name of a report.
The selected report page appears.
5. Click the ellipsis on the top bar of the Polaris UI.
6. (Optional) Click Download CSV.
7. (Optional) Click Download PDF.
The report is downloaded from the browser.
Deleting a report
Since Polaris reports are managed based on account-level permissions, deleting a report from a
given account impacts users within the same account.
1. Log in to the Polaris UI.
2. Click Reports in the navigation bar.
The Reports page appears.
10.To stop receiving the scheduled report email on a particular email account, hover over the
email address, click Remove user.
The default creator of the Polaris domain cannot be removed.
11.Click Update.
A confirmation notification appears.
Polaris updates and stores the edited report schedule.
This chapter describes how to configure and use the Polaris Radar feature.
Polaris Radar overview .............................................................................................. 96
Configuring Radar..................................................................................................... 98
Viewing details of an anomaly event .......................................................................... 99
Anomaly incident .................................................................................................... 103
Recovering a snapshot ............................................................................................ 104
Obtaining Rubrik Backup Service connector .............................................................. 105
Using guest OS credentials ...................................................................................... 106
Managing anomaly reports ...................................................................................... 108
Behavioral model
Radar uses machine learning techniques to build behavioral models that define normal baseline
behavior.
With the baseline established, the model examines a range of file system behavioral statistics to
check for anomalies. These statistics correspond to file system usage patterns. The model learns
to detect anomalies like ransomware by examining the usage patterns surfaced by Radar.
Moreover, the accuracy of the model improves over time as Radar observes more data.
For each snapshot, Radar records how many files were added, deleted, and modified since the
previous snapshot. Radar analyzes this type of file system behavior as the method of detecting
anomalous behavior. For example, when many files are added and deleted unexpectedly, this can
indicate that a ransomware attack has replaced important files with encrypted versions.
Radar also computes the amount of entropy in files to determine the level of encryption in a file
system. Entropy is a measure of the randomness of the bytes in a file. An increase in entropy can
signal the possibility that a ransomware attack has encrypted the file. When encryption occurs,
bytes in a file becomes highly random. A large number of files that have an increased level of
randomness when compared to previous versions of those files can be a strong indication of a
ransomware attack.
Radar features
Radar protects your data by performing file system behavioral and content analysis.
Table 20 describes the benefits Radar provides for your data.
Table 20 Security benefits
Benefit Description
File system behavior • Analyzes each snapshot that is indexed inside the Rubrik cluster.
analysis • Identifies and compares changes in the file system since the last
snapshot.
• Computes metadata that describes the changes that occurred in the file
system, such as the number of files added, deleted, or moved.
• Provides machine learning-based analysis of normal file system behavior.
• For every snapshot, determines how likely it is that an anomaly event
could occur.
• Generates anomaly alerts for further analysis.
File system content analysis • Examines the content of changed files after an anomaly alert occurs.
• Performs all content examination on the associated Rubrik cluster without
moving data into Polaris.
• Identifies and displays changes in file content between the current
snapshot and the previous snapshot.
• Looks for signs of encryption in the file system content.
• Computes entropy to measure the level of encryption in the file system.
• Computes probability of encryption, an indicator of a possible attack.
• Provides a detailed alert message when the anomaly threshold is
exceeded.
Snapshot recovery • Selects a post-incident snapshot and compares with the pre-incident
snapshot to identify impacted files.
• Provides users with a browse view of the file system hierarchy to enable
the selection of folders and files for recovery.
Recovery reports • Reports changes that occurred in every analyzed snapshot across every
machine.
• Displays details, such as snapshot date, resource name, resource type,
change in byte size, anomaly indicator, number of files added, number of
files removed, and number of files modified.
Configuring Radar
Configure Radar to perform file system behavioral and content analysis before an incident occurs.
Radar provides two settings that users can configure:
Whether Radar events are enabled or disabled globally.
Whether Radar is enabled or disabled on a cluster.
When users enable Radar events, Radar sends a critical alert email to specified email recipients
and notifies them of any detected anomaly incidents. Radar must be enabled on a cluster to
perform file system behavioral and content analysis.
1. Log in to the Polaris web UI.
2. Click the silhouette icon in the upper-right corner.
The account menu appears.
3. Click System preferences.
The System preferences page appears.
4. On the left pane of the Polaris web UI, click Add-ons.
When users have a valid license for Radar, the add-ons page appears.
If users do not have a license for Radar, the Get in touch option becomes available. Once users
click Get in touch, a licensing request is sent to Rubrik. Contact Rubrik account team for
additional help.
After receiving a license key from Rubrik, return to this task.
5. Move the toggle to the right to enable Radar events globally.
6. For each Rubrik cluster, choose whether to enable or disable Radar by moving the toggle to the
left to disable or to the right to enable.
If a cluster is unreachable, the toggle is not displayed.
Radar begins file system behavioral and content analysis on each Radar-enabled cluster.
Global filters apply to the entire report, Polaris displays all possible values for a filter category.
1. Log in to the Polaris web UI.
2. Click Reports in the navigation bar.
The Reports page appears.
3. Click an anomaly report.
The selected anomaly report appears.
Table 24 describes the information of the Anomaly report page.
4. (Optional) Select filters to apply to the Events page.
Polaris populates the Anomaly report page with the aggregate values based on the selected filter.
Anomaly incident
When Radar detects a potentially anomalous incident, Radar identifies and compares changes in
the file system since the last snapshot.
Radar offers a comprehensive Browse Snapshot view of how the file system changed around the
time of an incident. Radar captures the changes that occur over time for each protected resource.
Radar displays information about the changes in the Browse Snapshot Changes view. This view
provides a comparison between the selected snapshot and the previous snapshot.
Table 26 describes the information of the Browse Snapshot and Browse Snapshot Changes views.
Table 26 Browse Snapshot and Browse Snapshot Changes view details
View Description
Browse Displays changes that occur over time for each protected resource.
Snapshot view • Total size of the protected resource
• Time stamp when the protected resources was last modified.
Browse Displays information about the changes in the file system and provides a comparison
Snapshot between the selected snapshot and the previous snapshot.
Changes view • Changes in the number of files that are added, modified, or deleted,
• Changes in size of the protected resources, the total size of the protected resource
• Total size of the protected resource
• Time stamp when the protected resources was last modified.
Recovering a snapshot
Select the files or folders from the browse view of the folder hierarchy for recovery.
1. Log in to the Polaris web UI.
2. Click the Rubrik snowflake in the upper-left corner.
The Dashboard appears.
3. Click within the Anomaly event detected section.
The anomaly events page appears.
4. Click the Object name.
The Snapshots page appears.
5. Click a date on the calendar to view the list of snapshots taken on that day.
6. Click Recover to start the recovery of a snapshot.
The Recover files page appears.
7. Choose Browse snapshot, click Next.
The Select files page appears.
Alternatively, choose Browse snapshot changes and recover a file or folder as described in
“Viewing the Browse snapshot changes page”.
8. Choose the file or folder to be recovered and click Next.
The Recover page appears.
9. Choose Inplace recovery to use the latest infected snapshot as the recovery destination.
Alternatively, choose Restore to separate folder and type the Path to the recovery location.
10.Select Rubrik Backup Service to download the Rubrik Backup Service software as described
in “Obtaining Rubrik Backup Service connector”. Then, click Register to install the Rubrik
Backup Service software package on the host.
Alternatively, select Guest OS credentials to enable direct restore of files and folders as
described in “Using guest OS credentials”.
11.Click Recover.
Radar notifies the Rubrik cluster to start the recovery.
When the recovery successfully completes, the Rubrik cluster notifies Radar.
The event appears on the Events page of the associated anomaly incident.
! IMPORTANT
The Rubrik Backup Service connector can only be used with the Rubrik cluster from which
the software is obtained.
Rubrik provides automatic upgrade of the Rubrik Backup Service connector as part of a general
upgrade of the Rubrik cluster software. After upgrading the Rubrik cluster software, the Rubrik
cluster automatically upgrades the Rubrik Backup Service connector on all protected hosts in the
Polaris domain.
1. Log in to the Polaris web UI.
2. Click the silhouette icon in the upper-right corner.
The account menu appears.
3. Click System preferences.
The System preferences page appears.
4. On the left pane of the Polaris web UI, click Connectors.
5. Select a cluster from the drop-down.
6. Click Download to download the Rubrik Backup Service package specific to the cluster.
A browser-specific dialogue box appears to enable saving the package file.
Next task — Install the Rubrik Backup Service software package on the host to provide the Rubrik
cluster with the ability to manage data on the host.
Information on how to install the Rubrik Backup Service software package can be found in the
Rubrik User Guide.
6. (Optional) To make changes to a schedule, click the ellipsis on the top bar of the Polaris web
UI, and click Schedule.
The Schedule pane appears.
Follow the steps as described in “Editing an anomaly report schedule”.
7. Click Save in the upper-right corner.
If there is no schedule configured, the Reports page refreshes.
If there is a configured schedule, a prompt appears to confirm if the schedule changes should
be saved to the report.
5. Click Schedules.
The Schedules pane appears.
6. Hover over the schedule you want to delete.
7. Click the trash can icon to delete the selected report.
A confirmation notification appears.
Polaris deletes the anomaly report scheduling information.