🛡️ Clarkware HAE

Health Assessment Engine - Rubrik CDM 8.0 Analysis
Customer: TechCorp Solutions
Environment: Production Cluster
Assessment Date: May 26, 2025
Cluster Version: Rubrik CDM 8.0.2
Total Nodes: 4
Protected Workloads: 247

Overall Health Score

82%
Good

Critical Issues

3
Action Required

Warnings

7
Attention Needed

Compliance Rate

94%
Excellent
Overview
Network & Foundation
Security
Data Protection
Agents & Services
Monitoring

📊 Executive Summary

🎯 Top Priority Recommendations

1. Critical: 3 RBS agents have blocked firewall ports (12800/12801) preventing backups

2. Warning: Replication success rate at 87% due to bandwidth constraints during peak hours

3. Warning: 2 SQL Server databases have broken log chain affecting PITR capability

🔐 Security Posture

MFA enabled, encryption active, RBAC properly configured

Score: 95% Excellent

🌐 Network Health

DNS/NTP configured but single points of failure detected

Score: 78% Needs Attention

💾 Storage Management

32% free space, good capacity planning in place

Score: 92% Healthy

🤖 Agent Status

87% of RBS agents connected, firewall issues detected

Score: 65% Critical

🌐 Network & Foundation Assessment

DNS Configuration

Primary DNS: 10.1.1.10 (Response: 45ms)
Secondary DNS: Not configured

99.2% uptime Optimal

NTP Configuration

Single NTP server configured (pool.ntp.org)
Time drift: 150ms

Single point of failure Warning

Network Throttling

Replication: 100Mbps (7785), Archival: 50Mbps (443)
Non-overlapping schedules

Properly configured Optimal

Required Ports

Critical RBS ports (12800/12801) blocked on 3 hosts
UI/API access: Functional

3 hosts affected Critical

Floating IPs

4 Floating IPs distributed across 4 nodes
All within proper subnets

Balanced distribution Healthy
🔧 Network Recommendations

High Priority: Configure secondary DNS server for redundancy

High Priority: Add secondary NTP server and reduce time drift

Critical: Open RBS firewall ports on affected hosts immediately

🔐 Security Assessment

Authentication Method

MFA enabled via TOTP
LDAP integration with AD (redundant servers)

2FA active Excellent

Service Accounts

3 dedicated service accounts with API tokens
Last rotation: 30 days ago

Best practice Optimal

Role-Based Access Control

Custom roles aligned to job functions
Last access review: 15 days ago

12 custom roles Well Configured

Encryption Status

AES-256 encryption active
KEK rotation: 90 days ago

Fully encrypted Secure

Active Directory Integration

Status: Configured
SMB features: Operational

Connected to 2 DCs Healthy

💾 Data Protection Assessment

SLA Configuration

247 workloads protected
Compliance rate: 94.2%

8 SLA policies Excellent

Snapshot Windows

Configured to avoid business hours (6PM-6AM)
Load balanced across nodes

Optimized scheduling Well Planned

Replication Status

Success rate: 87%
Bandwidth constraints during peak hours

DR site connectivity Needs Attention

Archival Configuration

AWS S3 target with lifecycle rules
Policies aligned with Rubrik retention

Cost optimized Optimal

Retention Management

15 orphaned snapshots consuming 2.3TB
Last cleanup: 45 days ago

Cleanup needed Maintenance Due

🤖 Agents & Service Management

RBS Service Status

32 of 37 RBS agents connected (87%)
5 agents with connectivity issues

5 agents offline Critical

RBS Firewall Rules

Ports 12800/12801 blocked on 3 hosts
Backup failures on affected systems

3 hosts affected Action Required

Host Maintenance Procedures

Documented procedures exist
Last validation: 6 months ago

Needs testing Review Required
🚨 Critical Actions Required

Immediate: Open firewall ports 12800/12801 on affected hosts

Immediate: Investigate and reconnect 5 offline RBS agents

This Week: Test and update host maintenance procedures

📊 Monitoring & Operations

Activity Log Review

Last manual review: 7 days ago
47 warnings, 12 failures in past week

Weekly reviews Needs Improvement

Dashboard Metrics

Dashboards available but not actively monitored
No trending analysis configured

Passive monitoring Underutilized

External Monitoring

No SNMP/Syslog integration
No automated alerting configured

Isolated system Missing Integration

Support Bundle Generation

Successfully tested last month
Process documented and verified

Ready for support Prepared

Operational Procedures

Basic runbooks exist
Last update: 6 months ago

Documentation aging Update Needed
📈 Monitoring Improvements

High Priority: Implement daily Activity Log reviews with trending

Medium Priority: Configure SNMP/Syslog integration for enterprise monitoring

Medium Priority: Set up automated dashboard alerts for key metrics

Generated by Clarkware Health Assessment Engine (HAE)

Visit clarkware.app for more information

This assessment is based on Rubrik CDM 8.0 best practices and current system telemetry