Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Use On-Demand Backup and Restore for Google Cloud Filestore Instances

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: High (not acceptable risk)

To ensure data protection, disaster recovery, and regulatory compliance, use the on-demand backup and restore functionality for your Google Cloud Filestore instances. The backup and restore process does not consume provisioned capacity and has no impact on the performance and availability of your Filestore applications.

Reliability

On-demand Filestore backups are external resources stored independently from the instance, utilizing their own dedicated capacity. The initial backup captures a full copy of the instance's data, while subsequent backups only use the storage needed to record incremental or differential changes since the last backup. On-demand backups provide essential data protection and disaster recovery features. They allow point-in-time recovery from accidental data deletion, corruption, or application errors, reducing application downtime. In disaster scenarios, these backups enable quick restoration of file data to a new Filestore instance in another zone or region, ensuring business continuity.

Audit

To determine whether the on-demand backup feature is in use for your Google Cloud Filestore instances, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Filestore console available at https://console.cloud.google.com/filestore/.

04 In the left navigation panel, choose Instances to access the list of Google Cloud Filestore instances provisioned for the selected GCP project.

05 Click on the ID (link) of the Filestore instance that you want to examine. A Filestore instance is a fully-managed, network-attached storage system that you can use with Compute Engine and Kubernetes Engine instances.

06 Select the BACKUPS tab to view the backups created for the selected instance.

07 Check the Backups attribute value to identify the number of instance backups available. If the Backups attribute value is set to 0 (zero), no backups are available for your instance. Therefore, the on-demand backup and restore functionality is not in use for the selected Google Cloud Filestore instance.

08 Repeat step no. 5 - 7 for each Filestore instance available within the selected GCP project.

09 Repeat steps no. 2 - 8 for each GCP project deployed within your Google Cloud account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom output filters to list the ID of each project available in your Google Cloud Platform (GCP) account: 

gcloud projects list
	--format="table(projectId)"

02 The command output should return the requested GCP project IDs: 

PROJECT_ID
cc-web-project-123123
cc-cloudai-project-112233

03 Run filestore instances list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom output filters to list the Google Cloud Filestore instances deployed to the selected project: 

gcloud filestore instances list
	--project cc-web-project-123123
	--format="default(name)"

04 The command request should return the requested instance IDs (i.e., fully qualified identifiers): 

name: projects/cc-web-project-123123/locations/us-central1-a/instances/cc-gce-filestorage-instance
name: projects/cc-web-project-123123/locations/us-central1-a/instances/cc-web-filestorage-instance

05 Run filestore backups list command (Windows/macOS/Linux) with the ID of the Filestore instance that you want to examine as the identifier parameter, to list the backups created for the specified instance. Use the --filter command parameter as shown in the example below to specify the ID of the Filestore instance that you want to examine: 

gcloud filestore backups list
	--filter='"sourceInstance":"projects/cc-web-project-123123/locations/us-central1-a/instances/cc-gce-filestorage-instance"'
	--format="json(name,createTime)"

06 The command output should return the name and creation date of each backup available for the selected instance: 

[]

If the filestore backups list command output returns an empty array, i.e., [], there are no backups created for your Filestore instance. Consequently, the on-demand backup and restore functionality is not in use for the selected Google Cloud Filestore instance.

07 Repeat steps no. 5 and 6 for each Filestore instance available in the selected GCP project.

08 Repeat steps no. 3 – 7 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To use Filestore's on-demand backup and restore functionality, create instance backups and restore them as needed. The following section demonstrates how to back up and restore a Filestore instance:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

03 Navigate to Filestore console available at https://console.cloud.google.com/filestore/.

04 In the left navigation panel, choose Instances to access the list of Google Cloud Filestore instances provisioned for the selected GCP project.

05 Click on the ID (link) of the Filestore instance that you want to back up.

06 Select the BACKUPS tab, choose CREATE BACKUP, and perform the following actions to create an instance backup:

  1. Enter a unique name for the new backup in the Backup ID box.
  2. For Region, choose the same cloud region as the source file share.
  3. For Description, provide a short description for your backup.
  4. (Optional) Choose whether to configure tags and labels for resource management.
  5. Choose CREATE to create a new backup for the selected Google Cloud Filestore instance.

07 To restore your on-demand backup, click on the ID (link) of your newly created instance backup, and choose RESTORE.

08 For Choose a target instance to restore the backup, choose whether to create a new instance and restore the backup to that instance, restore the backup to the source instance, or to restore the backup to another existing instance. Select the suitable option for your use case, choose RESTORE, and follow the required steps to restore your backup. As an example, this section demonstrates how to create a new Filestore instance and restore the backup to that instance:

  1. Choose RESTORE from the New instance box.
  2. Provide a unique ID for the new instance in the Instance ID box.
  3. Select the appropriate VPC network from the Network dropdown list.
  4. Enter the name of your file share in the File share name box.
  5. Choose RESTORE to restore your Filestore instance backup.

09 Repeat step no. 5 - 8 for each Filestore instance that you want to backup and restore, available within the selected GCP project.

10 Repeat steps no. 2 - 9 for each GCP project available within your Google Cloud account.

Using GCP CLI

01 Run the filestore backups create command (OSX/Linux/UNIX) to create a new backup for the specified Google Cloud Filestore instance: 

gcloud filestore backups create cc-gce-filestorage-backup
	--instance="cc-gce-filestorage-instance"
	--file-share="cc_fileshare"
	--instance-zone="us-central1-a"
	--region="us-central1"
	--description="GCE Filestore Instance Backup"

02 The command output should return the backup operation status: 

Waiting for operation [projects/cc-web-project-123123/locations/us-central1/operations/operation-1234-abcd-1234-abcd] to complete... done.
Created backup.

03 Run the filestore instances restore command (OSX/Linux/UNIX) to restore a instance from the specified backup. As an example, the following command restores the backup to the source instance. IMPORTANT: Restoring a Filestore instance from a backup will overwrite the data currently available on the instance and will delete all existing snapshots: 

gcloud filestore instances restore cc-gce-filestorage-instance
	--zone="us-central1-a"
	--file-share="cc_fileshare"
	--source-backup="cc-gce-filestorage-backup"
	--source-backup-region="us-central1"

04 Type Y and press Enter for confirmation: 

You are about to override existing data in [cc-gce-filestorage-instance].

Do you want to continue (Y/n)?  Y

Request issued for: [cc-gce-filestorage-instance]
Waiting for operation [projects/cc-web-project-123123/locations/us-central1-a/operations/operation-abcd-1234-abcd-1234] to complete... done.

05 The command output should return the configuration information available for the updated instance: 

fileShares:
- capacityGb: '1024'
	name: cc_fileshare
	sourceBackup: projects/cc-web-project-123123/locations/us-central1/backups/cc-gce-filestorage-backup
name: projects/cc-web-project-123123/locations/us-central1-a/instances/cc-gce-filestorage-instance
networks:
- connectMode: DIRECT_PEERING
	ipAddresses:
	- 10.20.30.45
	modes:
	- MODE_IPV4
	network: cc-project5-network
	reservedIpRange: 10.20.30.40/29
state: READY
tier: BASIC_HDD

06 Repeat steps no. 1 - 5 for each Filestore instance that you want to backup and restore, available in the selected GCP project.

07 Repeat steps no. 1 – 6 for each GCP project available in your Google Cloud account.

References

Publication date Jan 17, 2025

Related Filestore rules