This page provides an overview of the protection summary view, benefits and limitations, and how to access it.
For information about protection summary in the Backup and DR API see API Reference.
Protection summary provides a view into the state of backup configurations for Compute Engine instances and Cloud SQL instances across the regions supported by the service within the current project. This information lets you make informed decisions and implement centralized backup management strategies.
Some of the key benefits of protection summary include the following:
- Holistic protection summary visibility: A protection summary provides a centralized overview of your entire backup configuration across all your workloads in one place.
- Gap identification: A protection summary pinpoints gaps in coverage, misconfigurations, and deviations from data protection best practices.
- Seamless integration: A protection summary works with your existing Google Cloud environment and running workloads, and provides value without requiring complex configurations or impacting the workloads.
Protection summary is supported for the following resource types:
- Compute Engine
- Cloud SQL
Before you begin
Enable the Backup and DR API in the project where you are viewing the protection summary. Ensure that the Backup and DR API is enabled at least three hours before viewing the protection summary.
Required IAM permissions
The following permissions are required to view protection summary:
- IAM Role: Backup and DR Backup Config Viewer
- IAM permissions:
- backupdr.resourceBackupConfigs.list
- backupdr.resourceBackupConfigs.get
- backupdr.locations.list
Protection summary supported regions
Protection summary is supported in the following regions.
| Geographic Area | Region Name | Region Description | |
|---|---|---|---|
| Americas | |||
us-central1 |
Iowa |
 Low CO2
|
|
us-east1 |
South Carolina | ||
us-east4 |
Northern Virginia | ||
us-east5 |
Columbus | ||
us-west1 |
Oregon |
Low CO2 |
|
us-west2 |
Los Angeles | ||
us-west4 |
Las Vegas | ||
southamerica-east1 |
São Paulo |
Low CO2
|
|
| Europe | |||
europe-west1 |
Belgium |
Low CO2
|
|
europe-west2 |
London |
Low CO2
|
|
europe-west3 |
Frankfurt |
Low CO2
|
|
europe-west4 |
Netherlands |
Low CO2
|
|
| Asia Pacific | |||
asia-east1 |
Taiwan | ||
asia-northeast1 |
Tokyo | ||
asia-southeast1 |
Singapore | ||
asia-southeast2 |
Jakarta | ||
australia-southeast1 |
Sydney | ||
| India | |||
asia-south1 |
Mumbai | ||
asia-south2 |
Delhi |
View protection summary for a project and region
To view the protection summary for a project and region, do the following:
- In the Google Cloud console, go to the Backup and DR page.
- In the left navigation, select Protection summary.
Select the Region and the Resource type. The resources in that region are listed in two tabs, Backups not configured and Backups configured:
Not configured: shows a list of resources not configured for backups.
Configured resources are further categorized into the following statuses:
- Vaulted: shows a list of resources being backed up in a backup vault.
- Not vaulted: shows a list of all resources that are backed up without backup vault.
Click View. The following fields are displayed for the selected project and region:
- Resource name: the display name of the resource.
- Resource type: the type of resource. It can be a Compute Engine instance or Cloud SQL instance.
- Backup schedule type: the type of backup schedule applied to a resource. For example backup template or snapshot schedules.
- Backup plan name: the name of the resource that is providing backup scheduling configuration. For automated, unnamed backup schedules, this field is empty.
- Configuration state: values are Not configured, Not vaulted, and Vaulted.
- Backup schedule state: the status of the backup schedule. It can be Active or Inactive.
- Backup scope: the scope of the specific resource considered for backup, either Full instance or Disk name.
- Backup location: the zonal regional or multi-regional locations where the backups are located.
- Latest successful backup: for example,
mediumLongdate Feb 14, 2024, 6:29:27 AM. - Backup vault: the name of the backup vault used for backups.
- PITR Configuration: the name of the point-in-time-recovery configuration used for backups.
- Public IP address: the public IP address assigned to a resource.
- Private IP address: the private IP address assigned to a resource.
Limitations
The limitations of the protection summary view are as follows:
- It is only compatible with resources located in regions supported by Backup and DR Service. See Supported regions for a list of supported regions.
- You can access it only from a project where Backup and DR Service is enabled.
- Data is periodically refreshed starting about 3 hours after you enable the API, but in some cases it can take up to 24 hours.
Sort and filter protection summary backup configuration information
This section describes how you can sort and filter the backup configurations that
are returned by the ListResourceBackupConfigs API call in the protection
summary service.
Sorting support
Sort (ASC, DESC) is supported only for target_resource_display_name.
By default, the ListResourceBackupConfigs API call returns the resource backup
configurations ordered alphabetically by the resource name.
Filtering support
The following fields can be used for filtering the resource backup configurations
returned by the ListResourceBackupConfigs API call:
| Field Name | Field Type | Supported Filtering operators |
|---|---|---|
| target_resource_display_name | string | both : and = |
| target_resource_type | string | : |
| backup_configs_details.backup_config_source_display_name | string | : |
| backup_configs_details.type | string | : |
| backup_configured | bool | = |
| vaulted | bool | = |
Wildcard matching (using *) is supported only for the target_resource_display_name field.
Filtering syntax
The filtering syntax is following the API filtering guidance set in AIP 160 with the following limitations:
Only the AND operator and nesting are supported. Everything else is not supported (including OR, NOT and any combination of these operators).
Examples
Valid: Filter uses AND operator:
target_resource_display_name=\"vm-instance1\" AND target_resource_type=CLOUDSQL_INSTANCEValid: Filter uses nesting and only AND operator:
(target_resource_display_name=\"vm-instance1\" AND target_resource_type=CLOUDSQL_INSTANCE) AND backup_configured=trueInvalid: Filter uses OR operator:
target_resource_display_name=\"vm-instance1\" OR target_resource_type=CLOUDSQL_INSTANCEPrefix match is supported only for target_resource_display_name
Examples
Valid: Filter using prefix match:
target_resource_display_name:\"vm-instance1*\"Invalid: Filter compares a suffix match:
target_resource_display_name:\"*vm-instance1\"Invalid: Filter compares a suffix match:
target_resource_display_name=\"vm-instance1*\"