Use protection summary

This page provides an overview of the protection summary view, benefits and limitations, and how to access it.

For information about protection summary in the Backup and DR API see API Reference.

Protection summary provides a view into the state of backup configurations for Compute Engine instances and Cloud SQL instances across the regions supported by the service within the current project. This information lets you make informed decisions and implement centralized backup management strategies.

Some of the key benefits of protection summary include the following:

  • Holistic protection summary visibility: A protection summary provides a centralized overview of your entire backup configuration across all your workloads in one place.
  • Gap identification: A protection summary pinpoints gaps in coverage, misconfigurations, and deviations from data protection best practices.
  • Seamless integration: A protection summary works with your existing Google Cloud environment and running workloads, and provides value without requiring complex configurations or impacting the workloads.

Protection summary is supported for the following resource types:

  • Compute Engine
  • Cloud SQL

Before you begin

Enable the Backup and DR API in the project where you are viewing the protection summary. Ensure that the Backup and DR API is enabled at least three hours before viewing the protection summary.

Required IAM permissions

The following permissions are required to view protection summary:

  • IAM Role: Backup and DR Backup Config Viewer
  • IAM permissions:
    • backupdr.resourceBackupConfigs.list
    • backupdr.resourceBackupConfigs.get
    • backupdr.locations.list

Protection summary supported regions

Protection summary is supported in the following regions.

Geographic Area Region Name Region Description
Americas
us-central1 Iowa leaf icon Low CO2
us-east1 South Carolina
us-east4 Northern Virginia
us-east5 Columbus
us-west1 Oregon leaf icon Low CO2
us-west2 Los Angeles
us-west4 Las Vegas
southamerica-east1 São Paulo leaf icon Low CO2
Europe
europe-west1 Belgium leaf icon Low CO2
europe-west2 London leaf icon Low CO2
europe-west3 Frankfurt leaf icon Low CO2
europe-west4 Netherlands leaf icon Low CO2
Asia Pacific
asia-east1 Taiwan
asia-northeast1 Tokyo
asia-southeast1 Singapore
asia-southeast2 Jakarta
australia-southeast1 Sydney
India
asia-south1 Mumbai
asia-south2 Delhi

View protection summary for a project and region

To view the protection summary for a project and region, do the following:

  1. In the Google Cloud console, go to the Backup and DR page.
  2. In the left navigation, select Protection summary.
  3. Select the Region and the Resource type. The resources in that region are listed in two tabs, Backups not configured and Backups configured:

    Not configured: shows a list of resources not configured for backups.

    Configured resources are further categorized into the following statuses:

    • Vaulted: shows a list of resources being backed up in a backup vault.
    • Not vaulted: shows a list of all resources that are backed up without backup vault.
  4. Click View. The following fields are displayed for the selected project and region:

    • Resource name: the display name of the resource.
    • Resource type: the type of resource. It can be a Compute Engine instance or Cloud SQL instance.
    • Backup schedule type: the type of backup schedule applied to a resource. For example backup template or snapshot schedules.
    • Backup plan name: the name of the resource that is providing backup scheduling configuration. For automated, unnamed backup schedules, this field is empty.
    • Configuration state: values are Not configured, Not vaulted, and Vaulted.
    • Backup schedule state: the status of the backup schedule. It can be Active or Inactive.
    • Backup scope: the scope of the specific resource considered for backup, either Full instance or Disk name.
    • Backup location: the zonal regional or multi-regional locations where the backups are located.
    • Latest successful backup: for example, mediumLongdate Feb 14, 2024, 6:29:27 AM.
    • Backup vault: the name of the backup vault used for backups.
    • PITR Configuration: the name of the point-in-time-recovery configuration used for backups.
    • Public IP address: the public IP address assigned to a resource.
    • Private IP address: the private IP address assigned to a resource.

Limitations

The limitations of the protection summary view are as follows:

  • It is only compatible with resources located in regions supported by Backup and DR Service. See Supported regions for a list of supported regions.
  • You can access it only from a project where Backup and DR Service is enabled.
  • Data is periodically refreshed starting about 3 hours after you enable the API, but in some cases it can take up to 24 hours.

Sort and filter protection summary backup configuration information

This section describes how you can sort and filter the backup configurations that are returned by the ListResourceBackupConfigs API call in the protection summary service.

Sorting support

Sort (ASC, DESC) is supported only for target_resource_display_name. By default, the ListResourceBackupConfigs API call returns the resource backup configurations ordered alphabetically by the resource name.

Filtering support

The following fields can be used for filtering the resource backup configurations returned by the ListResourceBackupConfigs API call:

Field Name Field Type Supported Filtering operators
target_resource_display_name string both : and =
target_resource_type string :
backup_configs_details.backup_config_source_display_name string :
backup_configs_details.type string :
backup_configured bool =
vaulted bool =

Wildcard matching (using *) is supported only for the target_resource_display_name field.

Filtering syntax

The filtering syntax is following the API filtering guidance set in AIP 160 with the following limitations:

  • Only the AND operator and nesting are supported. Everything else is not supported (including OR, NOT and any combination of these operators).

    Examples

    Valid: Filter uses AND operator: target_resource_display_name=\"vm-instance1\" AND target_resource_type=CLOUDSQL_INSTANCE

    Valid: Filter uses nesting and only AND operator: (target_resource_display_name=\"vm-instance1\" AND target_resource_type=CLOUDSQL_INSTANCE) AND backup_configured=true

    Invalid: Filter uses OR operator: target_resource_display_name=\"vm-instance1\" OR target_resource_type=CLOUDSQL_INSTANCE

  • Prefix match is supported only for target_resource_display_name

    Examples

    Valid: Filter using prefix match: target_resource_display_name:\"vm-instance1*\"

    Invalid: Filter compares a suffix match: target_resource_display_name:\"*vm-instance1\"

    Invalid: Filter compares a suffix match: target_resource_display_name=\"vm-instance1*\"