PowerProtect Data Manager 19.

11
Administration and User Guide

October 2022
Rev. 02
Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 2016 - 2022 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its
subsidiaries. Other trademarks may be trademarks of their respective owners.
 Contents
Preface.........................................................................................................................................................................................8

Chapter 1: Getting Started...........................................................................................................12

Introducing the PowerProtect Data Manager software...........................................................................................12
Supported Internet Protocol versions...........................................................................................................................13
Unsupported file-system modifications........................................................................................................................ 13
References...........................................................................................................................................................................13
Terminology......................................................................................................................................................................... 14
Access the PowerProtect Data Manager UI............................................................................................................... 15
Get Started window.................................................................................................................................................... 16
UI tools and options ....................................................................................................................................................16
Export data......................................................................................................................................................................... 20
Exported fields.............................................................................................................................................................. 21
Customer feedback...........................................................................................................................................................22
Provide general feedback.......................................................................................................................................... 22
Security configuration...................................................................................................................................................... 23
Role-based security.................................................................................................................................................... 24

Chapter 2: System Maintenance..................................................................................................25

Deploying and maintaining the health of PowerProtect Data Manager.............................................................. 25
Deploying and updating PowerProtect Data Manager.............................................................................................25
Licensing PowerProtect Data Manager.......................................................................................................................25
License types................................................................................................................................................................26
Add a license.................................................................................................................................................................26
Specifying the PowerProtect Data Manager host.................................................................................................... 27
Specify a vCenter server as the PowerProtect Data Manager host.............................................................. 27
vCenter server PowerProtect Data Manager host privileges.......................................................................... 27
Memory optimization........................................................................................................................................................28
Adjust the virtual machine memory.........................................................................................................................28
Restricted mode................................................................................................................................................................ 29
System support..................................................................................................................................................................29
Configuring SupportAssist for PowerProtect Data Manager...........................................................................29
Telemetry Collector ................................................................................................................................................... 33
CloudIQ reporting........................................................................................................................................................ 34
Set up the email server.............................................................................................................................................. 34
Add AutoSupport.........................................................................................................................................................35
Enabling automatic update package checks and downloads............................................................................ 35
Add a log bundle.......................................................................................................................................................... 35
Audit logging and monitoring system activity.......................................................................................................36
Monitor system state and system health.............................................................................................................. 37
Access the open source software package information....................................................................................38
Security certificates....................................................................................................................................................38
Restarting PowerProtect Data Manager.....................................................................................................................39
System maintenance troubleshooting.......................................................................................................................... 39

Contents 3
 Chapter 3: Managing Storage...................................................................................................... 40
Protection storage............................................................................................................................................................ 40
PowerProtect DD Management Center automatic discovery..........................................................................40
High Availability PowerProtect DD support...........................................................................................................41
Smart Scale system pools.......................................................................................................................................... 41
Add protection storage.............................................................................................................................................. 42
Edit protection storage.............................................................................................................................................. 43
Storage units...................................................................................................................................................................... 44
Storage unit limitations.............................................................................................................................................. 45
Storage unit considerations for PowerProtect DD............................................................................................. 45
Create a storage unit..................................................................................................................................................46
Edit a storage unit....................................................................................................................................................... 47
Change a storage unit password............................................................................................................................. 48
View the storage unit password.............................................................................................................................. 49
Differences in storage system and storage unit space reporting..........................................................................49
Monitoring storage capacity thresholds...................................................................................................................... 50

Chapter 4: Using the PowerProtect Search Engine...................................................................... 51

Introducing the PowerProtect Search Engine............................................................................................................ 51
Set up and manage indexing........................................................................................................................................... 51
Search Engine node deletion.......................................................................................................................................... 53
Delete operational Search Engine nodes............................................................................................................... 53
Redeploy or delete failed Search Engine nodes...................................................................................................54
Edit the network configuration for a Search Engine node......................................................................................54
Perform a search...............................................................................................................................................................55
Troubleshooting Search Engine issues........................................................................................................................ 55

Chapter 5: Managing Assets........................................................................................................60

About asset sources, assets, and storage.................................................................................................................. 60
About other asset sources..............................................................................................................................................60
Prerequisites for discovering asset sources................................................................................................................61
Discovering asset sources in a GCVE environment............................................................................................ 62
Full discovery of application asset sources...........................................................................................................62
Enable an asset source.................................................................................................................................................... 62
Disable an asset source..............................................................................................................................................63
Delete an asset source.....................................................................................................................................................63
Adding a Cloud Snapshot Manager tenant................................................................................................................. 64
Add a Cloud Snapshot Manager Tenant................................................................................................................ 64

Chapter 6: Managing Protection Policies.....................................................................................65

Protection policies............................................................................................................................................................ 65
Before you create a protection policy..........................................................................................................................66
Replication triggers..................................................................................................................................................... 69
Overview of PowerProtect Data Manager Cloud Tier............................................................................................. 69
Add a Cloud Tier objective to a protection policy............................................................................................... 69
Manage Cloud Tier asset copies.............................................................................................................................. 70
Restore Cloud Tier backups to protection storage.............................................................................................. 71
Recall and restore from Cloud Tier.......................................................................................................................... 71

4 Contents
 Manual backups of protected assets............................................................................................................................72
Manual backups of a single protected asset.........................................................................................................72
Manual replication of protected assets........................................................................................................................73
Manual Cloud Tiering of protected assets.................................................................................................................. 74
Editing a protection policy...............................................................................................................................................74
Modify a policy name and description, objectives, or options.......................................................................... 74
Changing storage targets.......................................................................................................................................... 75
Replication to shared protection storage.............................................................................................................. 76
Add or remove assets in a protection policy......................................................................................................... 77
Viewing a summary of protection policies................................................................................................................... 78
View assets assigned to a protection policy......................................................................................................... 78
View the status of the last-run job of a protection policy.................................................................................78
Extended retention........................................................................................................................................................... 79
Edit the retention period for backup copies................................................................................................................81
Delete backup copies........................................................................................................................................................ 81
Retry a failed backup copy deletion........................................................................................................................82
Export data for deleted backup copies.................................................................................................................. 83
Remove backup copies from the PowerProtect Data Manager database.................................................... 83
Removing expired backup copies.................................................................................................................................. 84
Removing assets from PowerProtect Data Manager...............................................................................................84
Remove assets and associated protection copies.............................................................................................. 85
Run an asset-protection report..................................................................................................................................... 85
Disable a protection policy.............................................................................................................................................. 86
Protection jobs running for a disabled policy........................................................................................................86
Enable a disabled protection policy......................................................................................................................... 87
Customize the default behavior of disabled policies...........................................................................................87
Delete a protection policy................................................................................................................................................87
Add a service-level agreement.......................................................................................................................................88
Run a compliance report................................................................................................................................................. 90
Protecting client assets after a client hostname change.........................................................................................91
ifGroup configuration and PowerProtect Data Manager policies.......................................................................... 91

Chapter 7: Preparing for and Recovering From a Disaster............................................................94

About server disaster recovery......................................................................................................................................94
Differences between server DR methods............................................................................................................. 95
System recovery for server DR..................................................................................................................................... 95
Server DR protection storage types.......................................................................................................................95
Automatic server DR.................................................................................................................................................. 96
Prepare the DD system recovery target (NFS)...................................................................................................96
Manually configure server DR backups.................................................................................................................. 97
Record settings for server DR................................................................................................................................. 98
Manage PowerProtect Data Manager server DR backups............................................................................... 99
Restore PowerProtect Data Manager from server DR backups..................................................................... 99
Change the IP address or hostname of a DD system....................................................................................... 102
Troubleshooting NFS backup configuration issues........................................................................................... 103
Troubleshoot recovery of PowerProtect Data Manager................................................................................. 104
Recover a failed PowerProtect Data Manager restore.................................................................................... 104
Disable server DR backups...................................................................................................................................... 104
Quick recovery for server DR.......................................................................................................................................105
Quick recovery prerequisites...................................................................................................................................107

Contents 5
 Identifying a remote system....................................................................................................................................108
Add a remote system for quick recovery.............................................................................................................108
Edit a remote system................................................................................................................................................109
Quick recovery remote view................................................................................................................................... 109
Overview of PowerProtect Data Manager Cloud Disaster Recovery................................................................. 110

Chapter 8: Managing Alerts, Jobs, and Tasks.............................................................................. 111

Configure Alert Notifications..........................................................................................................................................111
View and manage alerts.................................................................................................................................................. 112
View and manage Audit Logs........................................................................................................................................ 112
Monitoring jobs and tasks...............................................................................................................................................113
Monitor and view jobs............................................................................................................................................... 113
View details for protection jobs.............................................................................................................................. 115
View details for system jobs and tasks..................................................................................................................117
Filter, group, and sort jobs....................................................................................................................................... 118
Restart a job or task manually...................................................................................................................................... 120
Restart a job or task automatically...............................................................................................................................121
Resume misfire jobs after a PowerProtect Data Manager update......................................................................122
Cancel a job or task.........................................................................................................................................................123
Exporting logs................................................................................................................................................................... 124
Export logs for jobs................................................................................................................................................... 124
Export logs for assets or tasks...............................................................................................................................125
Limitations for alerts, jobs, and tasks......................................................................................................................... 125

Chapter 9: Modifying the System Settings.................................................................................126

System settings............................................................................................................................................................... 126
Modify the network settings...................................................................................................................................126
Synchronize time on PowerProtect Data Manager and other systems....................................................... 128
Modify the appliance time zone............................................................................................................................. 128
Enable replication encryption..................................................................................................................................128
Backup and restore encryption.............................................................................................................................. 129
Server monitoring with syslog................................................................................................................................ 130
Additional system settings.......................................................................................................................................132
Modifying the PowerProtect Data Manager virtual machine disk settings.......................................................132
Modify the data disk size......................................................................................................................................... 132
Modify the system disk size.................................................................................................................................... 133
Configure the DD system...............................................................................................................................................134
Virtual networks (VLANs)..............................................................................................................................................134
Virtual network traffic types................................................................................................................................... 136
Virtual network topologies.......................................................................................................................................138
Supported scenarios.................................................................................................................................................. 141
Virtual network prerequisites.................................................................................................................................. 142
Configuring virtual networks................................................................................................................................... 142
Virtual network asset assignment..........................................................................................................................146
Syslog server disaster recovery .................................................................................................................................. 147
Troubleshooting the syslog connection......................................................................................................................148
No messages are transmitted to the syslog server...........................................................................................148

Chapter 10: Managing Reports................................................................................................... 149

6 Contents
 PowerProtect Data Manager reporting..................................................................................................................... 149
Provide feedback on PowerProtect Data Manager reporting.............................................................................. 149
Port requirements........................................................................................................................................................... 150
Server requirements....................................................................................................................................................... 150
Known issues with the reporting engine and Report Browser........................................................................... 151
Configure and deploy the reporting engine................................................................................................................151
Updating the reporting engine from version 19.10.................................................................................................. 152
Report Browser................................................................................................................................................................ 152
Backup Jobs Summary............................................................................................................................................. 156
Restore Jobs Summary.............................................................................................................................................157
Replication Jobs Summary.......................................................................................................................................157
Filter and customize reports................................................................................................................................... 158
Deleting the reporting engine....................................................................................................................................... 159
Managing disaster recovery of the reporting engine..............................................................................................159

Chapter 11: Configuring and Managing the PowerProtect Agent Service ................................... 160
About the PowerProtect agent service..................................................................................................................... 160
Start, stop, or obtain the status of the PowerProtect agent service................................................................. 161
Register the PowerProtect agent service to a different server address........................................................... 161
Recovering the PowerProtect agent service from a disaster.............................................................................. 162
Restore the PowerProtect Data Manager agent service datastore............................................................. 162
Troubleshooting agent registration ............................................................................................................................163

Contents 7
 Preface
As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of
the software or hardware currently in use might not support some functions that are described in this document. The product
release notes provide the most up-to-date information on product features.
If a product does not function correctly or does not function as described in this document, contact Customer Support.
NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this document,
go to the Customer Support website.

Product naming
Data Domain (DD) is now PowerProtect DD. References to Data Domain or Data Domain systems in this documentation, in the
user interface, and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many cases
the user interface has not yet been updated to reflect this change.

Language use
This document might contain language that is not consistent with Dell Technologies current guidelines. Dell Technologies plans
to update the document over subsequent future releases to revise the language accordingly.
This document might contain language from third-party content that is not under Dell Technologies control and is not consistent
with the current guidelines for Dell Technologies own content. When such third-party content is updated by the relevant third
parties, this document will be revised accordingly.

Website links
The website links used in this document were valid at publication time. If you find a broken link, provide feedback on the
document, and a Dell Technologies employee will update the document as necessary.

Purpose
The Dell PowerProtect Data Manager Administration and User Guide describes how to configure, use, and administer
PowerProtect Data Manager software.

Audience
This document is intended for the host system administrator who is involved in managing, protecting, and reusing data across
the enterprise by deploying PowerProtect Data Manager software.

Revision history
The following table presents the revision history of this document.

Table 1. Revision history

Revision Date Description
02 October 18, 2022 Updated instructions on changing the PowerProtect Data
Manager hostname or IP address.

8 Preface
Table 1. Revision history (continued)
Revision Date Description
01 June 21, 2022 Initial release of this document for PowerProtect Data
Manager version 19.11.

Compatibility information
Software compatibility information for the PowerProtect Data Manager software is provided by the E-Lab Navigator.

Related documentation
The following publications are available at Customer Support and provide additional information:

Table 2. Related documentation

Title Content
PowerProtect Data Manager Administration and User Guide Describes how to configure the software.
PowerProtect Data Manager Deployment Guide Describes how to deploy the software.
PowerProtect Data Manager Licensing Guide Describes how to license the software.
PowerProtect Data Manager Release Notes Contains information about new features, known limitations,
environment, and system requirements for the software.
PowerProtect Data Manager Security Configuration Guide Contains security information.
PowerProtect Data Manager Amazon Web Services Describes how to deploy the software to Amazon Web
Deployment Guide Services (AWS).
PowerProtect Data Manager Azure Deployment Guide Describes how to deploy the software to Microsoft Azure.
PowerProtect Data Manager Google Cloud Platform Describes how to deploy the software to Google Cloud
Deployment Guide Platform (GCP).
PowerProtect Data Manager Cloud Disaster Recovery Describes how to deploy Cloud Disaster Recovery (Cloud DR),
Administration and User Guide protect virtual machines in the AWS or Azure cloud, and run
recovery operations.
PowerProtect Data Manager Cyber Recovery User Guide Describes how to install, update, patch, and uninstall the
PowerProtect Cyber Recovery software.
PowerProtect Data Manager File System User Guide Describes how to configure and use the software with the File
System agent for file-system data protection.
PowerProtect Data Manager Kubernetes User Guide Describes how to configure and use the software to back up
and restore namespaces and PVCs in a Kubernetes cluster.
PowerProtect Data Manager Microsoft Exchange Server User Describes how to configure and use the software to back
Guide up and restore the data in a Microsoft Exchange Server
environment.
PowerProtect Data Manager Microsoft SQL Server User Describes how to configure and use the software to back up
Guide and restore the data in a Microsoft SQL Server environment.
PowerProtect Data Manager Oracle RMAN User Guide Describes how to configure and use the software to back up
and restore the data in an Oracle Server environment.
PowerProtect Data Manager SAP HANA User Guide Describes how to configure and use the software to back up
and restore the data in an SAP HANA Server environment.
PowerProtect Data Manager Storage Direct User Guide Describes how to configure and use the software with the
Storage Direct agent to protect data on VMAX storage arrays
through snapshot backup technology.

Preface 9
Table 2. Related documentation (continued)
Title Content
PowerProtect Data Manager Network Attached Storage User Describes how to configure and use the software to protect
Guide and recover the data on network-attached storage (NAS)
shares and appliances.
PowerProtect Data Manager Virtual Machine User Guide Describes how to configure and use the software to back
up and restore virtual machines and virtual-machine disks
(VMDKs) in a vCenter Server environment.
VMware Cloud Foundation Disaster Recovery With Provides a detailed description of how to perform an end-to-
PowerProtect Data Manager end disaster recovery of a VMware Cloud Foundation (VCF)
environment.
PowerProtect Data Manager Public REST API documentation Contains the Dell Technologies APIs and includes tutorials to
guide you in their use.
vRealize Automation Data Protection Extension for Data Describes how to install, configure, and use the vRealize Data
Protection Systems Installation and Administration Guide Protection Extension.

Typographical conventions
The following type style conventions are used in this document:

Table 3. Style conventions

Formatting Description
Bold Used for interface elements that a user specifically selects or clicks, for example, names of
buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page,
pane, screen area with title, table label, and window.
Italic Used for full titles of publications that are referenced in text.
Monospace Used for:
● System code
● System output, such as an error message or script
● Pathnames, file names, file name extensions, prompts, and syntax
● Commands and options
Monospace italic Used for variables.
Monospace bold Used for user input.
[] Square brackets enclose optional values.
| Vertical line indicates alternate selections. The vertical line means or for the alternate
selections.
{} Braces enclose content that the user must specify, such as x, y, or z.
... Ellipses indicate non-essential information that is omitted from the example.

You can use the following resources to find more information about this product, obtain support, and provide feedback.

Where to find product documentation

● The Customer Support website
● The Community Network

10 Preface
Where to get support
The Customer Support website provides access to product licensing, documentation, advisories, downloads, and how-to and
troubleshooting information. The information can enable you to resolve a product issue before you contact Customer Support.
To access a product-specific page:
1. Go to the Customer Support website.
2. In the search box, type a product name, and then from the list that appears, select the product.

Knowledgebase
The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx)
or by keyword.
To search the Knowledgebase:
1. Go to the Customer Support website.
2. On the Support tab, click Knowledge Base.
3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by
typing a product name in the search box, and then selecting the product from the list that appears.

Live chat
To participate in a live interactive chat with a support agent:
1. Go to the Customer Support website.
2. On the Support tab, click Contact Support.
3. On the Contact Information page, click the relevant support, and then proceed.

Service requests
To obtain in-depth help from a support agent, submit a service request. To submit a service request:
1. Go to the Customer Support website.
2. On the Support tab, click Service Requests.
NOTE: To create a service request, you must have a valid support agreement. For details about either an account or
obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the
Service Request Number field, type the service request number, and then click the right arrow.

To review an open service request:

1. Go to the Customer Support website.
2. On the Support tab, click Service Requests.
3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.

Online communities
For peer contacts, conversations, and content on product support and solutions, go to the Community Network. Interactively
engage with customers, partners, and certified professionals online.

How to provide feedback

Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to
[email protected].

Preface 11
 1
Getting Started
Topics:
• Introducing the PowerProtect Data Manager software
• Supported Internet Protocol versions
• Unsupported file-system modifications
• References
• Terminology
• Access the PowerProtect Data Manager UI
• Export data
• Customer feedback
• Security configuration

Introducing the PowerProtect Data Manager software

PowerProtect Data Manager software is an enterprise solution that provides software-defined data protection, deduplication,
operational agility, self-service, and IT governance.
PowerProtect Data Manager key features include the following:

Table 4. Key features

Software-defined data protection with integrated deduplication, replication, and reuse
Data backup and recovery self-service operations from native applications that are combined with central IT governance
Multicloud optimization with integrated Cloud Tiering
SaaS-based monitoring and reporting
Modern services-based architecture for ease of deployment, scaling, and updating

PowerProtect Data Manager integrates multiple data-protection products within the Data Protection portfolio to enable data
protection as a service, providing the following benefits:

Table 5. Benefits
Enables data-protection teams to create data paths with provisioning, automation, and scheduling to embed protection
engines into their data-protection infrastructure for high-performance backup and recovery
Enables backup administrators of large-scale environments to schedule backups for the following asset types from a central
location on the PowerProtect Data Manager server:
● VMware virtual machines
● File systems
● VMAX storage groups
● Kubernetes clusters
● Microsoft Exchange Server and Microsoft SQL Server databases
● Oracle databases
● SAP HANA databases
● Network-attached storage (NAS) shares
Provides an agent-based approach to automatically discover and protect databases on an application server
Enables self-service and centralized protection by:
● Monitoring service-level objectives (SLOs)
● Identifying violations of recovery-point objectives (RPOs)

12 Getting Started
Table 5. Benefits (continued)
Supports deploying an external VM Direct appliance that moves data with a VM Direct Engine that is optimized for performing
high-capacity backup streams
Comes with a basic embedded VM Direct Engine that has the following functions and capabilities:
● It is automatically used as a fallback proxy for performing backup and restore operations when an external VM Direct
Engine fails, is disabled, or is unavailable
● It has a limited capacity for performing backup streams
● It can work with virtual-machine crash-consistent protection policies that use the Transparent Snapshot Data Mover
(TSDM) protection mechanism
● It enables the Search Service used by PowerProtect Search
Supports PowerProtect Search, which enables backup administrators to quickly search for and restore VM and NAS file copies
Supports the vRealize Automation DP extension, which enables the automatic provisioning of virtual machines and on-demand
backups and restores
Integrates with Cloud Disaster Recovery (Cloud DR), including workflows for Cloud DR deployment, protection, and recovery
operations in the AWS and Azure clouds
Integrates with PowerProtect Cloud Snapshot Manager to view PowerProtect Cloud Snapshot Manager jobs, alerts, and
reports from a consolidated PowerProtect Data Manager dashboard
Integrates with PowerProtect Cyber Recovery to protect the integrity of a PowerProtect Data Manager environment from
cyber threats
Provides a RESTful API interface that allows PowerProtect Data Manager to be monitored, configured, and orchestrated:
● Existing automation frameworks can be integrated
● New scripts can be quickly written
● Easy-to-follow tutorials are provided

Supported Internet Protocol versions

PowerProtect Data Manager only supports the use of IPv4 addresses.
Using an IPv6 address can result in errors or other unexpected behavior. When configuring devices to connect over the network
with PowerProtect Data Manager, use only IPv4 addresses.

Unsupported file-system modifications

Files and directories on PowerProtect Data Manager and PowerProtect DD systems should only be modified according to
documentation and guidance.
Performing any of the following file-system operations that have not been documented in a product guide or communicated by
Customer Support is unsupported:
● Adding, removing, editing, or otherwise modifying a file or directory
● Manually mounting a DD file system with anything other than read-only permissions
● Altering a file-system procedure
● Replacing a command in the step of a file-system procedure with a different command

References
Some procedures in this document reference other publications for further details.
For a list of PowerProtect Data Manager publications, see "Related documentation" in the preface.
For information about DD Virtual Edition, see the following publications at Customer Support:

Table 6. Related PowerProtect DD Virtual Edition documentation

PowerProtect DD Virtual Edition in VMware Cloud Installation and Administration Guide

Getting Started 13
Table 6. Related PowerProtect DD Virtual Edition documentation (continued)
PowerProtect DD Virtual Edition in Google Cloud Platform Installation and Administration Guide
PowerProtect DD Virtual Edition on Premise Installation and Administration Guide
PowerProtect DD Virtual Edition in Azure Installation and Administration Guide
PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide

Terminology
Familiarize yourself with the terminology for the PowerProtect Data Manager user interface and documentation.
The following table provides more information about names and terms that you should know to use PowerProtect Data
Manager:

Table 7. Term list

Term Description
Application agent Application agents are installed on application or database host servers to manage protection
using PowerProtect Data Manager. These agents are commonly known as DD Boost
Enterprise Agents (DDBEAs) for databases and applications.
Application-aware A virtual machine protection policy that includes additional application-aware data protection
for Microsoft SQL Servers. An application-aware virtual machine protection policy provides
the ability to quiesce the application during virtual machine image backup to perform a full
backup of Microsoft SQL Server databases. You can also schedule Microsoft SQL Server log
backups for the virtual machines in the policy.
Asset Assets are objects in PowerProtect Data Manager for which you want to manage protection,
including virtual machines, databases, and file systems.
Asset source Assets that PowerProtect Data Manager protects reside within asset sources, which include
vCenter servers, application or database hosts, and file servers.
Cloud Tier storage Cloud Tier storage can be added to a protection storage system to expand the deduplication
storage capacity onto less expensive object storage in public or private object storage clouds,
including secure Elastic Cloud Storage appliances.
Copy A PowerProtect Data Manager copy is a point-in-time backup copy of an asset.
Copy Map The PowerProtect Data Manager Copy Map is a visual representation of backup copy
locations on your protection storage and is available for all protected assets that have copies.
Discovery Discovery is an internal process that scans asset sources to find new assets to protect and
scans infrastructure components to monitor their health and status.
Instant Access PowerProtect Data Manager virtual machine backup copies can be accessed, mounted,
and booted directly from the protection storage targets as running virtual machines. This
operation is called Instant Access. Copies can also be moved to a production VMware
datastore using vMotion. PowerProtect Data Manager Virtual machine application-aware
backup copies can be mounted directly from protection storage as running Microsoft SQL
Server databases, which includes the ability to roll forward log backups. These Microsoft SQL
Server database disks can also be moved to a production VMware datastore using vMotion.
PowerProtect Data Manager An agent that is included in PowerProtect Data Manager and installed on each application
agent agent host server so that you can monitor and manage the application agent through
PowerProtect Data Manager.
Protection policy Protection policies configure and manage the entire life cycle of backup data, which includes
backup types, assets, backup start and stop times, backup devices, and backup retention.
Service-level agreement (SLA) An optional policy that you can layer on top of a protection policy. An SLA performs additional
checks on protection activities to ensure that protection goals meet the standards of an
organization. SLAs are made up of one or more service-level objectives.

14 Getting Started
Table 7. Term list (continued)
Term Description
Service-level objective (SLO) A definable rule that sets the criteria for recovery-point objectives (RPOs), encryption, and
the location of backups according to company requirements.

Access the PowerProtect Data Manager UI

PowerProtect Data Manager provides a web-based UI that you can use to manage and monitor system features and settings
from any location over a network.

Steps
1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:
https://<appliance_hostname>
NOTE: You can specify the hostname or the IP address of the appliance.

2. Log in with your username and password.

Usernames follow the format user[@domain], where domain is an optional identifier that associates the user with a
particular identity provider.
For example: jsmith or administrator@test-lab.
● If you do not supply a domain, the authentication service checks the default identity provider.
● If you supply a domain, the authentication service consults the external identity provider for that domain and determines
whether to allow the login.
Domains are case-sensitive. Supply the domain with the same capitalization that was used when configuring the identity
provider. Otherwise, you may receive error messages such as 500: Resources cannot be retrieved.

NOTE:

If the user interface is left unattended for more than 30 minutes and times out, the login page might display with the
error 503: Unknown Error. If this occurs, dismiss the error and log in again with your username and password.

If you log in with an expired password, reset the password immediately. Clicking Cancel, closing the browser, or
navigating away from the page before changing your password disables your credentials for subsequent logins. To
re-enable your credentials, the PowerProtect Data Manager Security Configuration Guide contains instructions to reset
your password using the REST API.
When the identity provider validates the credentials, the authentication service issues a user token. The PowerProtect Data
Manager UI uses the token information to authorize activities.
Unless you have changed the system configuration, the default identity provider is the local identity provider.
The PowerProtect Data Manager Security Configuration Guide provides more information about the available user roles and
their associated permissions. The associated roles for an account determine what parts of the UI a user can see and use, and
what operations a user can perform.

If this is your first time accessing the PowerProtect Data Manager UI, an unsigned certificate warning might appear in the
web browser.
The security certificate that encrypts communication between the PowerProtect Data Manager UI and the web browser is
self-signed. A self-signed certificate is signed by the web server that hosts the secure web page. There is nothing wrong
with this certificate. This certificate is sufficient to establish an encrypted channel between the web browser and the server.
However, it is not signed by a trusted authority.

The Get Started window appears with configuration options that are required upon first deployment. To skip this window
and go right to the Dashboard, click Launch.
From the Dashboard window:
● The left pane provides links to the available menu items. Expand a menu item for more options.
● The icons in the PowerProtect Data Manager banner provide additional options.

Getting Started 15
Get Started window
The Get Started window provides configuration options that are required when the PowerProtect Data Manager system is first
deployed. This window continues to display by default each time you log in until you click Launch.
You can access the Get Started window at any time, or view any getting started options that have yet to be configured, by

clicking , and then selecting Getting Started.

The Get Started window enables you to configure or edit the following menu items:

Table 8. PowerProtect Data Manager Get Started menu items

Options Description
License Launches the License window, which prompts you to add a license file to PowerProtect Data
Manager. Once a license is uploaded, you can view license details, such as capacity usage and
software ID.
Support Launches the Support window, which enables you to configure SupportAssist, AutoSupport,
and set up the email server for application notifications and messages.
Assets Launches the Asset Sources window, where you can enable any of the asset source types
that PowerProtect Data Manager supports. Upon enabling an asset source, you can add and
register the source for the protection of assets.
Storage Launches the Add Storage window, where you can add a PowerProtect DD System or
PowerProtect DD Management Center as protection storage for primary backup and replicated
copies.

UI tools and options

Learn about the tools, windows, and banner options available in the PowerProtect Data Manager UI.

Dashboard
The Dashboard is visible when you log in to the PowerProtect Data Manager UI, and can be accessed from the left navigation
pane. This window provides a high-level view of the overall state of the PowerProtect Data Manager system through six
widgets. The following table describes each widget.

Figure 1. Dashboard widgets

16 Getting Started
Table 9. PowerProtect Data Manager Dashboard
Dashboard widget Description
Jobs | Protection, Jobs | This widget provides a color-coded status of backup, restore, and system jobs that are in
Restore and Jobs | System progress or have been performed in PowerProtect Data Manager over a specified period. Jobs
| Protection displays by default, showing jobs performed over the last 24 hours.
Click the three vertical dots at the top of the widget to:
● Select Protection, Restore, or System to switch the jobs view in the widget.
● Choose the time period for the jobs that you want to view (last 24 hours, last 3 days,
last 7 days, or all). Once a time period is selected, the widget updates to display only jobs
performed within that time period.
Click a color in the chart to view details about jobs with a specific status, or click the links next
to each status. This will open the Jobs > Protection Jobs or Jobs > System Jobs window,
which is filtered to display the jobs that match the selected status and time period. From this
window, you can manage jobs, view more details, and search jobs.

Assets | Count and Assets | Details in this widget include the number of protected assets, unprotected assets, and
Size excluded assets for each asset source that has been added and enabled in PowerProtect
Data Manager. You can also view the total number of assets for each asset source, and the
total size of these assets. Assets | Count displays by default, and the asset types are sorted
based on the percentage of the total asset count that are unprotected, or the total size of the
unprotected assets for the asset source, depending on the view.
Click the three vertical dots at the top of the widget to:
● Select Count or Size to switch the assets view in the widget.
● Select one or more asset sources from the list. You can display asset statistics for a single
asset source, multiple asset sources, or all asset sources.
Hover over a color to view the exact number of protected, unprotected, and excluded assets
and the total size of these assets. Click a color to open the Infrastructure > Assets window,
which is filtered to display the assets that match the selected status.

Health This widget provides a score for the overall PowerProtect Data Manager system health (Good,
Fair, or Poor). Health details and status are provided for the following categories:
● Components: Identifies the state of hardware and software services, such as Running or
Failed.
● Configuration: Identifies whether any aspects of the PowerProtect Data Manager
configuration are incomplete, such as System Support configuration.
● Capacity: Identifies the provisioned and currently allocated size of the associated storage
system.
● Performance: Identifies key performance indicators, such as memory use.
● Data Protection: Identifies key protection indicators, such as service-level agreements not
being met and disaster-recovery backup copies not being present.
Click View All to view more details about the system health issues for all categories.

Compliance This widget provides compliance verification statistics for protection policies that are linked to
a Service Level Agreement (SLA). The widget also identifies the number of assets within these
policies that are compliant and non-compliant.
Click the three vertical dots at the top of the widget to select one or more asset sources from
the list. You can display compliance statistics for a single asset source, multiple asset sources,
or all asset sources. By default, the total count and number of protection policies for compliant
and non-compliant assets displays for all asset sources.
Click View All to open the Protection > SLA Compliance window, where you can view more
details about the specific policies and assets that are non-compliant.

Capacity | Active Tier and This widget displays the capacity status of the DD protection storage systems that are
Capacity | Cloud Tier associated with this instance of PowerProtect Data Manager for the active tier and cloud
tier. Based on the available capacity on each DD system, a color coded bar graph displays the
number of systems that are Good (>20% available), Fair (<20% available), or Poor (<10%).

Getting Started 17
Table 9. PowerProtect Data Manager Dashboard (continued)
Dashboard widget Description

Click the three vertical dots at the top of the widget to:
● Select Active Tier or Cloud Tier to switch between a view of protection storage systems
for the active tier and cloud tier in the widget. By default, the widget displays Capacity |
Active Tier.
● Select a DD system from the list. The widget updates to display capacity statistics for the
selected DD system. You can only display capacity statistics for one system at a time.
Click View All to open the Infrastructure > Storage window, where you can view more
details about specific protection storage systems.

Space Optimization This widget provides information about how efficient the active tier storage capacity is on
individual DD systems associated with this instance of PowerProtect Data Manager. Efficiency
is determined based on the size of pre-compression data compared with the size of post-
compression data on the system.
Click the three vertical dots at the top of the widget to select a DD system from the list. The
widget updates to display space optimization statistics for the selected DD system.

PowerProtect Data Manager UI tools and windows

The following table describes the tools and windows in the PowerProtect Data Manager UI left navigation pane.

Table 10. PowerProtect Data Manager tools

Menu item Description
Click Dashboard to view the overall state of the PowerProtect Data Manager system.

Dashboard

Click Health to view a score for the overall PowerProtect Data Manager system health (Good,
Fair, or Poor).
Health

Click Infrastructure to:

● View and manage all assets:
○ VMware virtual machines
Infrastructure
○ File systems
○ VMAX storage Groups
○ Kubernetes clusters
○ Microsoft Exchange Server databases
○ Network Attached Storage (NAS)
○ Microsoft SQL Server databases
○ Oracle databases
○ SAP HANA databases
● Add vCenter and application and File System host asset sources.
● View and manage Integrated Storage.
● Add a VM Direct appliance with the VM Direct protection engine for virtual machine data
protection.
● Manage the vSphere Installation Bundle (VIB) for virtual machine crash-consistent data
protection performed with the Transparent Snapshot Data Mover (TSDM) protection
mechanism.
● Manage registration of Oracle RMAN agent, Microsoft application agent, SAP HANA agent,
and File System agent.
● View and manage Cloud Disaster Recovery.
● Create and manage a Search Cluster.

18 Getting Started
Table 10. PowerProtect Data Manager tools (continued)
Menu item Description
● Add PowerProtect Cloud Snapshot Manager tenants as asset sources for jobs, alerts, and
reports.
Click Protection to:
● Add protection policies to back up assets.
● Manage service-level agreements (SLAs).
Protection
● Add, edit, and delete protection rules for asset inclusion in policies.
● Add, edit, and delete file exclusion templates for File System protection policies.
Click Restore to:
● View asset copy location details and initiate a Restore operation.
Restore ● Manage Instant Access Sessions.
● Use the File Search feature to find and restore virtual machine file copies.
Click Alerts to:
● View and acknowledge alerts and events.
Alerts ● Filter alerts by critical, warning, and informational status, and specify the time range.
● View and examine Audit logs.
● Export audit logs to CSV files.
● Set audit log boundaries.
● Configure alert notifications.

There is also a banner UI option, represented by the icon, which provides links that enable
you to view all unacknowledged alerts.

Click Administration to:

● Configure users and roles.
● Set password credentials and manage key chains.
Administration
● View and replace certificates.
● Add external identity providers.
● View and manage resource groups.

Click Reports to access the PowerProtect Data Manager Report Browser and Reporting
Engine.
Reports

Click Jobs to manage jobs, view by protection or system, filter, and view details.

Jobs

Banner UI options
The following table describes the icons in the PowerProtect Data Manager UI banner.

Table 11. Banner UI options

Option Description
Click to enter search criteria to find assets, jobs, logs, and alerts.

The number next to this icon indicates the critical unacknowledged alerts over the last 24
hours.
Click to expand for more information about unacknowledged alerts, including:

Getting Started 19
Table 11. Banner UI options (continued)
Option Description
● The total number of alerts (all statuses — critical, warning, or informational) that have yet
to be acknowledged, or just the unacknowledged alerts from the last 24 hours (marked
with the New tag).
● The number of critical alerts that have yet to be acknowledged, or just the unacknowledged
critical alerts from the last 24 hours (marked with the New tag).
Within this menu, click any of these links to open the Alerts window, where you can view
specific details about these unacknowledged alerts.

Click to restore assets from replicated copies through quick recovery. This icon only appears
when this system receives replicated metadata from a source system.
Click to configure and manage PowerProtect Data Manager system network, time zone, and
NTP settings, DR backups, security, licenses, updates, authentication, agent downloads, and
support, and to access the Get Started window.
Click to log out, and log in as a different user, or change the current user password.

Click to see PowerProtect Data Manager version information.

Click to obtain more information about PowerProtect Data Manager, access Customer
Support, send feedback, or view the REST API documentation.
Click to launch CloudIQ, APEX Backup Services, and Cloud Snapshot Manager.

Export data
PowerProtect Data Manager enables you to export and save table data in CSV format.

Prerequisites
In the PowerProtect Data Manager UI, browse to a window that includes the Export All functionality.

About this task

The following table lists the windows that support the Export All functionality.

Table 12. Supported windows

Menu item Window
Health Health
Infrastructure Assets
Application Agents
Protection Protection Policies
You can also export records for assets that are assigned to a protection
policy. Select a protection policy to view its details, and then click the asset
count link next to Assets.

SLA Compliance
Protection Rules
You can also export records for assets that are applied to a protection rule.
Click the link in the Assigned Assets Count column for the protection rule.

Restore Assets
Alerts System

20 Getting Started
Table 12. Supported windows (continued)
Menu item Window
Administration Access Control > Users/Groups
Access Control > Resource Groups
You can also export records for assets that are assigned to a resource group.
Click next to the resource group, and then click View Assets in the right
pane.

Audit Logs
Jobs Protection Jobs
System Jobs

Steps
1. (Optional) Filter and sort the information that appears in the table.
2. In the window, click Export All to export the data to a CSV file.
If you apply any filters in the table, the exported records include only the records that satisfy the filter conditions.
NOTE: In this release, filters applied to the table in the Protection Policy window are not applied to the exported CSV
file. Exported protection records include all data that is shown in the table. Download the Excel file to sort and filter the
protection results.

Exported fields
The following tables list the fields that are exported using the Export All functionality. The fields are exported in CSV format.

Table 13. Exported fields

Resource Exported fields
Jobs Job ID, Status, Description, Job Type, Sub Type, Asset Type,
Assets, Start Time, End Time, Duration, Next Scheduled,
Policy Name, Data Transferred, Storage System, Asset Size,
Data Compressed, Average Throughput, Total Compression
Factor, Reduction Percentage

Application Agents Host Name, IP, Registration Status, OS, Agent Type, Current
Version, Update Status, Port, Application Version, Created
Date, Registered Date

Alerts Message ID, Details, Recommended Action, Severity, Date,

Summary, Category, Status

Protection Policies Name, Category, Asset Type, Asset Count, Protected Asset
Size, Last Run Status, Violations, State

Resource Groups Name, Description, Created At, Number of Resources

SLA Compliance Name, Compliance Type, Policies At Risk, Objectives out of

Compliance, Impacted Assets

System Health Issues Deduction, Issue, Category, Component, Remediation, Date

Users User/Group Name, Type, First Name, Last Name, Email Address,
Roles and Resources, Added Date

The following fields are common to each asset type:

ID, Status, Asset Type, Sub Type, Protection Policy ID, Protection Policy, Protection,
Size, Protection Capacity Size, Protection Capacity Time, Last Copy, Network, Protection
Rule Name, Resource Group Name

Getting Started 21
The following table lists the fields that are unique to each asset type.

Table 14. Exported fields for asset types

Resource (asset type) Exported fields
VMware Virtual Machines Name, Tags, Operating System, Apps, Disk Excluded, vCenter,
Protection Mechanism, ESX Host Name, VM BIOS Uuid, Resource
Pool, VM Folder, Data Center

Kubernetes Namespace, Labels, Age, Cluster, PVCs Excluded, Storage Class

Name, Volume Mode, PVC Namespace

Microsoft SQL Server Name, Protection Engine Flow, Host Type, Host/Cluster/Group
Name, Application Server ID, Application Server Name

Oracle Name, Host/Cluster/Group Name, Host Type, OS Type,

Application Server Name, Application Server ID, SID

Microsoft Exchange Server Name, Host/Cluster/Group Name, Host Type, Application Server
Name, Application Server ID

SAP HANA Name, Host/Cluster/Group Name, Host Type, Application Server

Name, Application Server ID

File System Name, OS Type, File System Type, Host Name, Host Operating
System

NAS Name, Asset Source, Appliance Name, Array Type, Server

Name/IP, Protocol, File Stubs, File System Path, File System
Name

VMAX storage group Name, VMAX Serial No, Host

Customer feedback
Use the customer feedback feature in the PowerProtect Data Manager UI to report your satisfaction with PowerProtect
Data Manager, provide feedback, and send requests for enhancements. Customer feedback is used to improve the customer
experience.

Provide general feedback

Use the following procedure to report your satisfaction with PowerProtect Data Manager and provide feedback.

Steps
1. Log in to the PowerProtect Data Manager UI.

2. From the banner, click , and then select Send Feedback.

The customer feedback survey opens in a new window, as shown in the following figure:

22 Getting Started
 Figure 2. Customer feedback survey

NOTE: In environments with limited external connectivity, such as dark sites, an error appears in the web browser and
the customer feedback survey is not displayed.

3. (Optional) Complete the fields in the customer feedback survey, and when finished, click Send My Comment.
You have the option to rate your satisfaction with PowerProtect Data Manager and make a recommendation for how to
improve the customer experience. You also have the option to provide an email address so that can follow up with you
regarding your feedback.
NOTE: Customer contact information is not be used for marketing purposes.

Security configuration
A separate guide provides some server configuration tasks which are intended specifically for security administrators, whose
role may be separate from the host system administrator.
The PowerProtect Data Manager Security Configuration Guide provides detailed instructions for all security-related tasks,
including but not limited to:
● Port requirements
● Configuring identity providers
● Managing local and external user accounts
● Changing and resetting passwords
● Assigning users and groups to roles and associated privileges
● Managing credentials for local and remote components
● Creating resource groups to define scopes of authority
● Managing security certificates, where applicable

Getting Started 23
Role-based security
PowerProtect Data Manager provides predefined user roles that control access to areas of the user interface and to protected
operations. Some of the functionality in this guide is reserved for particular roles and may not be accessible from every user
account.
By using the predefined roles, you can limit access to PowerProtect Data Manager and to backup data by applying the principle
of least privilege.
The PowerProtect Data Manager Security Configuration Guide provides more information about user roles, including the
associated privileges and the tasks that each role can perform.

24 Getting Started
 2
System Maintenance
Topics:
• Deploying and maintaining the health of PowerProtect Data Manager
• Deploying and updating PowerProtect Data Manager
• Licensing PowerProtect Data Manager
• Specifying the PowerProtect Data Manager host
• Memory optimization
• Restricted mode
• System support
• Restarting PowerProtect Data Manager
• System maintenance troubleshooting

Deploying and maintaining the health of PowerProtect

Data Manager
In order for PowerProtect Data Manager to function as efficiently as possible, you should deploy and maintain it according to
recommended guidelines.

Deploying and updating PowerProtect Data Manager

You can deploy PowerProtect Data Manager, update it to the latest version, and install other important package updates.

Update paths
CAUTION: If recommended guidelines are not followed, the update of PowerProtect Data Manager or one of its
components can fail.
When deploying or updating PowerProtect Data Manager, see the PowerProtect Data Manager Deployment Guide. It contains
detailed instructions and guidelines that must be followed in certain environments and configurations.
Updating from PowerProtect Data Manager versions 19.7 through 19.10 to version 19.11 is supported.

Security advisories
CAUTION: If the latest Dell security advisories (DSAs) are not followed, PowerProtect Data Manager can be
exposed to security vulnerabilities.
To review the latest DSAs, search for PowerProtect Data Manager at the Dell Technologies Security Advisories and
Notices website.

Licensing PowerProtect Data Manager

PowerProtect Data Manager can be licensed in several different ways. This section describes the different types of available
licenses and how to install a license.
For more information about licensing, see the PowerProtect Data Manager Licensing Guide.

System Maintenance 25
License types
There are several different types of licenses, and they can provide licensing for different periods of time.
The available license types are described in the following table.

Table 15. License types

License type Description
Trial The license applied by default when PowerProtect Data Manager is deployed. It
enables full use of the product without applying a license key for up to 90 days.
When the trial period ends, PowerProtect Data Manager continues to operate with
full functionality so that you can apply a permanent license.
NOTE: A trial license does not allow the use of SupportAssist.

Front-end protected capacity by The primary model of licensing, which is based on the capacity that you want to
terabyte (FETB) protect. For example, you can purchase a 100-TB license, which enables you to
protect up to 100 TB of data.
Socket-based Licensed per CPU socket on virtual machine hosts that are being backed up or
replicated.

Perpetual and term-based (subscription) licenses

Licensed software is offered with perpetual or term-based licenses. Your quote identifies whether your license rights are
perpetual or term-based.
A perpetual license enables you to use the software while you are in compliance with the terms of the license agreement.
A term-based license enables you to use the software for a specified time, while you are in compliance with the terms of the
license agreement. At the end of the license term, you must stop using the software, extend the license term, or purchase a
new license.

Add a license
You can add a license file to PowerProtect Data Manager and view license details, such as capacity usage and software ID
number.

Prerequisites
To obtain the XML license file from the license management website, you must have the License Authorization Code (LAC),
which is emailed from . If you have not received the LAC, contact your Customer Support representative.

About this task

To review existing license information, go to Settings > License.
To add a license, perform the following steps:

Steps

1. From the PowerProtect Data Manager user interface, click , and then select License.
2. On the License window, perform one of the following actions:
● Copy and paste the text from the license file into the text box.
● Click Upload File, browse to the location of the license file and select the file, and then click Open.
The license file content appears in the License window.
3. Click Save.

Results
A message appears in the License window to confirm that the license is successfully added.

26 System Maintenance
Specifying the PowerProtect Data Manager host
When you specify a vCenter server as the PowerProtect Data Manager host, it allows the vCenter server to perform operations
unique to PowerProtect Data Manager.
The PowerProtect Data Manager host performs several operations, including the following:
● Virtual-machine configuration and other system activities.
● Taking a PowerProtect Data Manager snapshot, if required during a software update.
● Allowing memory that is assigned to PowerProtect Data Manager to be automatically increased as necessary when
performing a software update.
● Enabling Cloud Disaster Recovery (Cloud DR) in order to increase required PowerProtect Data Manager CPU and memory.
A vCenter host is a prerequisite for Cloud DR, as specified in the Cloud Disaster Recovery tab of the Infrastructure >
Asset Sources window in the PowerProtect Data Manager user interface.

Specify a vCenter server as the PowerProtect Data Manager host

You select a vCenter server to be used as the PowerProtect Data Manager host from those already added or discovered.

About this task

Perform the following operations:

Steps

1. From the PowerProtect Data Manager user interface, click , and then select Hosting vCenter.
The Hosting vCenter window appears.
2. Choose from one of the following options:
● Enter FQDN/IP—Select this option to manually enter the fully qualified domain name or IP of the vCenter server, the
port number, and to select the vCenter Host Credentials. The Host Credentials list is populated with vCenter servers
that have already been added and discovered in PowerProtect Data Manager. If the host vCenter credentials do not
appear in the list, select Add Credentials to enter this information.
● Select FQDN/IP from asset sources—Select this option to obtain the host vCenter server information automatically
from a vCenter asset source that has already been added and discovered in PowerProtect Data Manager.
3. Click Save.

Results

If the host vCenter server is added as an asset source in PowerProtect Data Manager, a icon displays next to this vCenter
server in the Infrastructure > Asset Sources window.

vCenter server PowerProtect Data Manager host privileges

In order for the vCenter server that is specified as the PowerProtect Data Manager host to have the ability to take snapshots,
the user account associated with it must have certain privileges.

Setting vCenter 6.0 and later required privileges PowerCLI equivalent required privileges
Global ● Manage custom attributes ● Global.ManageCustomFields
● Set custom attributes ● Global.SetCustomField
Virtual Machine Snapshot Management ● Create snapshot ● VirtualMachine.State.CreateSnapshot
● Revert to snapshot ● VirtualMachine.State.RevertToSnapshot
● Remove snapshot ● VirtualMachine.State.RemoveSnapshot
● Rename snapshot ● VirtualMachine.State.RenameSnapshot

NOTE: A complete list of the privileges required for a dedicated vCenter user account is provided in the PowerProtect Data
Manager Virtual Machine User Guide.

System Maintenance 27
Memory optimization
You can use adjust the amount of memory that is assigned to the PowerProtect Data Manager virtual machine in order to
optimize server performance.
The following table indicates the default amount of memory assigned to the PowerProtect Data Manager virtual machine in a
standard environment. The default values are the minimum recommended values.

Table 16. PowerProtect Data Manager memory requirements

Deployment type Memory Swap space Cores
Default 24 GB 8 GB 10
With the Cloud Disaster Recovery (Cloud DR) 28 GB 8 GB 10
Add-On

The recommended number of cores is 10. Also consider the following:

● Depending on the environment, increasing the amount of memory can increase performance.
● If low-memory alerts are seen, increase the amount of memory.
● Do not increase the amount of memory beyond 32 GB of RAM. PowerProtect Data Manager is not designed to support more
than 32 GB of RAM.
● If you are deploying PowerProtect Data Manager to a virtual machine in a cloud Marketplace environment, it is automatically
assigned 32 GB of RAM. This amount of memory should not be changed after it is deployed.
● Most of the services from PowerProtect Data Manager are memory intensive. When the available physical memory drops to
a certain threshold value, these services start leveraging swap memory. If swap memory resides on a slow disk, then there
can be significant impact on the Java Garbage Collection activity from each of these services when memory that has not
been recently used needs to be swapped into physical memory.
Therefore, it is highly recommended to configure swap memory on a solid-state drive (SSD). During deployment of the
PowerProtect Data Manager server, use the SSD data store to avoid the high latency disk impact from swap and metadata
operations.

NOTE: For help with optimizing memory, contact your Customer Support representative.

Memory and updating from an earlier version of PowerProtect Data

Manager
Features in the current version of PowerProtect Data Manager might require more memory than required in previous versions.
When updating from an earlier version of PowerProtect Data Manager, ensure that you increase the amount of assigned
memory as necessary.

Adjust the virtual machine memory

Adjust the amount of memory assigned to the PowerProtect Data Manager virtual machine to support changes in the protection
environment.

Steps
1. Log in to the vSphere Web Client.
2. Right-click the appliance and select Edit Settings.
The Edit Settings window appears with the Virtual Hardware button selected.
3. In the Memory field, specify the new memory value.
Ensure that the value you specify does not exceed 32 GB of memory and that it is a multiple of 4 GB.
4. Click OK.

28 System Maintenance
Restricted mode
You can enable restricted mode to prevent scheduled writes to storage. You might want to enable restricted mode to limit
access to storage during a storage upgrade.
Enabling restricted mode during a storage upgrade provides the following benefits:
● Storage writes can be eliminated in a controlled manner. Once writes have stopped, storage can be upgraded.
● Storage writes can be tested after storage has been upgraded. Once testing is complete, storage can be returned to full
production.
Restricted mode prevents the following scheduled operations:
● Backups and replication
● Backup-copy deletion
● Server disaster-recovery backups
Restricted mode allows the following operations:
● Any jobs in progress or queued to run
● Manual backups and restores
● Discovery jobs

To enable restricted mode from the PowerProtect Data Manager user interface, click , select System Settings >
Restricted Mode, and then click Enable Restricted Mode.

System support
You can use the PowerProtect Data Manager user interface to manage and modify support settings that are typically configured
during deployment. Typically configured support settings include the mail server setup and Secure Remote Services registration.

To access the Support window, click , and then select Support.

Configuring SupportAssist for PowerProtect Data Manager

SupportAssist is a support tool that communicates with PowerProtect Data Manager to monitor your environment, automatically
detect current and potential issues, and collect and store diagnostic data. SupportAssist securely sends the data that is required
for troubleshooting an issue to Customer Support for diagnostic purposes and customer support.
SupportAssist is at heart of the connectivity platform as a unified communication point between PowerProtect Data Manager
and Customer Support.
SupportAssist provides the following features and benefits:
● Proactive monitoring and issue prevention
● Facilitates update package downloads
● Automatic health checks
● Communicates telemetry data
● Real-time troubleshooting
● Customer support
Configure SupportAssist to receive automated support capabilities for your PowerProtect Data Manager system.
SupportAssist cannot be configured when PowerProtect Data Manager uses a trial license.

Migrating to SupportAssist
SupportAssist provides automated support capabilities for PowerProtect Data Manager systems. SupportAssist replaces Secure
Remote Services (SRS) and SupportAssist Enterprise (SAE) in this release of PowerProtect Data Manager
If you have configured the SRS or SAE gateway previously, you must update the SRS or SAE gateway to Secure Connect
Gateway (SCG) version 5.0 or higher.

System Maintenance 29
The PowerProtect Data Manager system automatically migrates SCG to SupportAssist when you update PowerProtect Data
Manager.
If you do not have the SRS or SAE gateway configured, you can configure SupportAssist directly.
Use the following procedures to configure SupportAssist.

Generate SupportAssist access key and PIN

An access key and PIN are required to configure a secure connection between PowerProtect Data Manager and SupportAssist.
You only need to apply the access key and PIN once.

About this task

Use the following procedure to generate your SupportAssist access key and PIN:

Steps
1. Go to the Customer Support website and log in to your account.
2. In the search box, type PowerProtect Data Manager and click Search.
3. Click Generate Access Key in the Quick links pane.
4. Enter the product ID (serial number) in the search box.
5. In the Create PIN field, enter a 4-digit PIN.
Record the PIN for later use.
6. Click Generate Access Key.
The access key is sent to the email address for your account.
NOTE: It might take up to 5 minutes to receive the access key in your email.

Connect to support services through SupportAssist

Establish a connection through SupportAssist to ensure access to Customer Support. SupportAssist enables PowerProtect Data
Manager to connect to support services directly or through a gateway server.

Prerequisites
● Apply a valid PowerProtect Data Manager license.
● If you are connecting through the gateway server, the SCG gateway version must be 5.0 or later.
● Apply a valid access key and PIN.
● HTTPS port 443 of esrs3-core.emc.com and esrs3-coredr.emc.com is not blocked by the network firewall.

Steps

1. From the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist.
The Support window opens to the SupportAssist page.
2. On the Connection tab, click Connect Now.
3. Select one of the following options:
● Connect Directly
Select this option to connect PowerProtect Data Manager directly, and then enter the SupportAssist Access Key and
PIN.
NOTE: Remote Support functionality is currently not supported for PowerProtect Data Manager systems using a
direct connection
● Connect via Gateway
Select this option to connect PowerProtect Data Manager through a gateway server, and then enter the gateway server
IP address and port number.

4. Enter the SupportAssist Access Key and PIN.

30 System Maintenance
5. Click Enable Connect.

Results
PowerProtect Data Manager is connected to support services.

Update or configure contact data

Provide contact information for the person that Customer Support will contact with diagnostic reports. You can add or update
contact data for SupportAssist at any time.

Steps

1. From the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist.
The Support window opens to the SupportAssist page.
2. Select the Contacts tab.
3. To add a primary contact, complete the following steps:
a. Enter the following information:
● First Name
● Last Name
● Email
● Phone
b. Select the Preferred Language from the list.
c. Click Save.
4. To add a secondary contact, click + Add Secondary Contact and enter the required information.

Add AutoSupport
When AutoSupport is enabled, automated support information, telemetry reports, alert summaries, and CloudIQ reports are sent.

About this task

If SupportAssist and SMTP are both configured, this information is sent using the option that you choose in the System
Settings > Support > AutoSupport window.

Steps

1. From the PowerProtect Data Manager UI, click , select Support, and then click AutoSupport.
The AutoSupport window appears.
2. Change the Enable AutoSupport option to Disabled or Enabled, and click Save.
When you enable AutoSupport, select whether to receive the AutoSupport communications through SupportAssist or email
server.
When you enable AutoSupport, the Telemetry Software Terms page displays. Review and scroll down to the bottom of
the page to accept the terms, and then click Save to save your changes.
When you disable AutoSupport, PowerProtect Data Manager stops sending error and telemetry data to SupportAssist or the
SMTP server. PowerProtect Data Manager continues to send information for updates and other information.

NOTE: To disable SupportAssist, clear the SupportAssist option in the AutoSupport window.

System Maintenance 31
Change SupportAssist connection settings
Use the following procedure to change SupportAssist connection settings.

Steps

1. From the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist.
The Support window opens to the SupportAssist page.
2. Select one of the following connection options:
● Connect Directly
● Connect via Gateway
To add a new gateway connection, complete the following steps:
a. Enter the gateway IP address and port number.
b. Click Test.
Wait until the connection test is complete. If the connection is successful, a green check mark is displayed next to the
gateway IP address and port number.
3. Enter the SupportAssist Access Key and PIN.
NOTE: If you are not connecting with a new access key, skip this step.

4. Click Reconnect.

Enable or disable SupportAssist

Enable the SupportAssist feature to automatically detect issues and collect diagnostic and usage data. You can also disable
SupportAssist at any time.

Steps

1. From the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist.
The Support window opens to the SupportAssist page.
2. To enable SupportAssist, move the Connect to SupportAssist slider to the right. To disable SupportAssist, move the
Connect to SupportAssist slider to the left.
The operation might take up to 5 minutes to complete.

Troubleshooting SupportAssist
Review the following information that is related to troubleshooting SupportAssist.

Failed to establish a SupportAssist connection

If you are connecting to SupportAssist with an access key and PIN that is already in use, the connection fails with error:
Connection is failed: Get universalkey error: Access Key and Pin used
If this issue occurs, obtain a new access key and PIN from Customer Support. Generate SupportAssist access key and PIN
provides instructions.
The following error might display if the SWID is not added to the PowerProtect Data Manager back-end: Connection is
failed: Get universalkey error: Invalid Access Key and Pin
If this issue occurs, contact Customer Support and ask them to check whether the SWID has been added to the PowerProtect
Data Manager back-end.

32 System Maintenance
Test gateway connection failed
If you are using a gateway that is not Secure Connect Gateway (SCG), the connection to the gateway might fail. As a result,
the SCG gateway configuration is not transferred to SupportAssist after you update PowerProtect Data Manager.
When updating PowerProtect Data Manager, the precheck dialog box displays a warning indicating that the SCG gateway
version 5.0 or higher is required. Make sure that you update the Secure Remote Services (SRS) or SupportAssist Enterprise
(SAE) gateway to a version compatible with the SCG version.
If you are using a SCG or SAE gateway, the update fails with the following error:

SYS0034
Unable to upgrade from Secure Remote Services to SupportAssist.

Details
The upgrade to SupportAssist is unsuccessful for one or more of the following reasons:
1) The SupportAssist service cannot start. 2) The gateway is not accessible. 3) An issue
occurs during Gen3 key upgrade.

Recommended Action
In the PowerProtect Data Manager UI: 1) To open the Support dialog, click Settings and
select Support. 2) In the left pane, select SupportAssist to set up SupportAssist.
If this issue occurs, perform the following:
1. Check that you are using the SCG gateway and that the version is 5.0 or higher.

2. Set up SupportAssist. In the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist.

Connection status changes to "Not Connected"

If the connection status changes to "Not Connected":
1. Ensure that all prerequisites are met in Connect to support services through SupportAssist .
2. If the issue persists, contact Customer Support.

Telemetry Collector
Telemetry Collector gathers information related to this system, including configuration, usage characteristics, performance, and
deployment location information. Telemetry Collector manages remote access and the exchange of system data with Dell Inc. or
its subsidiaries. The information that is gathered by Telemetry Collector is confidential and this data cannot be shared.
When you enable SupportAssist, you also enable Telemetry Collector, which allows Customer Support engineers to collect data
that is related to troubleshooting device and PowerProtect Data Manager software issues. Telemetry Collector does not collect
any personal information.
Telemetry Collector populates three reports—a telemetry report, an alert summary report, and a CloudIQ report. Telemetry
Collector collects details about the following objects:
● Alerts
● Assets
● Asset sources
● Audit logs
● Cloud Data Recovery
● Cloud Disaster Recovery metrics
● Compliance details
● Compliance in the last 24 hours
● Data targets
● DD inventory
● Host information
● Integrated storage
● Licensing
● PowerProtect Data Manager operational inventory
● Protection details

System Maintenance 33
● Protection policies
● Quick-recovery synchronization information
● Service-level agreements
● Storage systems
● Time spent on generating reports
● Traffic metrics
● Update summaries
● Usage

CloudIQ reporting
When you enable AutoSupport, you also enable reporting. CloudIQ is a no-cost SaaS/cloud-based management application that
proactively monitors and measures the overall health of systems through intelligent, comprehensive, and predictive analytics.
The data reported to CloudIQ includes configuration data, historical metrics and health score data.
Ensure that the following requirements are met:
● Add a valid license in System Settings > License.
● Set up SupportAssist in System Settings > Support > SupportAssist.
● Enable AutoSupport and select SupportAssist.

When AutoSupport is enabled, CloudIQ reports are sent automatically. To log in to CloudIQ, click , and then click CloudIQ.
You can also go to https://cloudiq.dell.com. For more information on CloudIQ, refer to the CloudIQ Online Support site.

Set up the email server

The Email Setup page of the PowerProtect Data Manager Support window enables you to configure SMTP email server
settings that control sending and receiving email related to resetting local user passwords and customizing alert notifications.

Steps

1. From the PowerProtect Data Manager user interface, click , select Support, and then click Email Setup.
2. Populate the following fields:
a. Mail Server
The SMTP mail server.
b. Email from:
The email address at which you would like to receive PowerProtect Data Manager AutoSupport email.
c. [Optional] Recipient for Test Email:
The email address to which you would like to send PowerProtect Data Manager test email.
d. [Optional] Port:
The default port is 25. PowerProtect Data Manager supports using non-default ports.
If the email setup is deleted, you must manually choose any non-default port that is not in use anywhere else.
e. User Name:
The user name associated with thePowerProtect Data Manager SMTP email server.
f. Password:
The password associated with the PowerProtect Data Manager SMTP email server.
3. Click Send Test Email.
PowerProtect Data Manager sends a test email.
4. Click Save.

34 System Maintenance
Add AutoSupport
When AutoSupport is enabled, automated support information, telemetry reports, alert summaries, and CloudIQ reports are sent.

About this task

If SupportAssist and SMTP are both configured, this information is sent using the option that you choose in the System
Settings > Support > AutoSupport window.

Steps

1. From the PowerProtect Data Manager UI, click , select Support, and then click AutoSupport.
The AutoSupport window appears.
2. Change the Enable AutoSupport option to Disabled or Enabled, and click Save.
When you enable AutoSupport, select whether to receive the AutoSupport communications through SupportAssist or email
server.
When you enable AutoSupport, the Telemetry Software Terms page displays. Review and scroll down to the bottom of
the page to accept the terms, and then click Save to save your changes.
When you disable AutoSupport, PowerProtect Data Manager stops sending error and telemetry data to SupportAssist or the
SMTP server. PowerProtect Data Manager continues to send information for updates and other information.

NOTE: To disable SupportAssist, clear the SupportAssist option in the AutoSupport window.

Enabling automatic update package checks and downloads

If SupportAssist is enabled, you can configure PowerProtect Data Manager to automatically check for update packages, and
either alert you or automatically download them.
For more information about these options, see the PowerProtect Data Manager Deployment Guide

Add a log bundle

Use the following procedure to add a log bundle.

About this task

NOTE: You can add a maximum of 10 log bundles.

Steps

1. From the PowerProtect Data Manager user interface, click , and then click Logs.
2. Click Add to add a log bundle.
The Add Log Bundle window appears.
3. Select the systems for the log bundle (Data Manager, VM Direct Engines, or, if Cloud DR is deployed, CDRS), set the log
bundle duration, and click Save.
The Jobs window displays the progress of the log bundle creation. Also, a green banner in the UI indicates that the log
bundle has successfully been created. If you want to dismiss the banner, click X.
4. To delete the log bundle, select the box to the left of log bundle and click Delete.
The Log Capacity indicates how much space (in GB) remains on the disk for logs and the percentage of the disk in use for
log storage.
5. To download the log bundle, click the bundle name in the Bundle Name column.

System Maintenance 35
Audit logging and monitoring system activity
The Linux audit daemon (auditd) tracks and logs security-relevant events on the PowerProtect Data Manager system.
Users with the Administrator role can use auditd to monitor the following events:
● File access
● System calls
● Login and logout activity of users
Audit logging enables you to discover access violations, changed or deleted files, failed authentication, and so on.

Viewing audit events in the UI

With the Administrator, Backup Administrator, Restore Administrator, and User roles, you can view audit events to monitor
system activity.

About this task

The following actions generate an audit event:
● User login and logout
● Creating, deleting, or updating a user
● Assigning or unassigning a role to a user
To view audit events in the UI, perform the following steps.

Steps
1. Log in to the PowerProtect Data Manager UI with an account that has one of the indicated roles.
2. Go to Alerts > Audit Logs.

View and manage alerts

Alerts enable you to track the performance of data protection operations in PowerProtect Data Manager so that you can
determine whether there is compliance to service level objectives. With the Administrator, Backup Administrator, Restore
Administrator, or User role, you can access the alerts from the Alerts window. However, only some of these roles can manage
alerts.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Alerts.

You can also click the icon in the top banner, and then click the links to view unacknowledged alerts of all statuses
(critical, warning, and informational), or only the unacknowledged critical alerts.
NOTE: Clicking the New tag displays only the unacknowledged alerts that have been generated within the last 24 hours.

The number that appears next to the is the total number of unacknowledged critical alerts over the last 24 hours.

The Alerts window displays.

2. Select the System tab. A table with an entry for each applicable alert displays.
By default, only unacknowledged critical alerts from the last 24 hours display, unless you selected to view all

unacknowledged alerts from the links under the icon.

If filter tags have already been applied, the window displays these filter tags. Click X next to any of these filter tags to clear
a filter, and the table view updates with the applicable selections. You can sort the alerts in the table by Severity (Critical,
Warning, Informational), Date, Category, or Status (Acknowledged or Unacknowledged).
3. Select the time (last 24 hours, last 3 days/7 days/30 days), a specific date, or a time range for the alerts that you want to
view. You can also select All Alerts from this list to display information for all alerts that match the filter tags.
4. Optionally, clear the Show only unacknowledged alerts checkbox if you want to view both acknowledged and
unacknowledged alerts. If you clear this checkbox, the Unacknowledged filter tag is also cleared.

36 System Maintenance
5. To view more details about a specific entry, click next to the entry in the table.
6. For the following steps, log in to the PowerProtect Data Manager UI with an account that has the Administrator, Backup
Administrator, or Restore Administrator role.
7. To acknowledge one or more alerts, select the alerts and then click Acknowledge.
8. To add or edit a note for the alert, click Add/Edit Note, and when finished, click Save.
9. To export a report of alert information to a .csv file which you can download for Excel, click Export All.

NOTE: If you apply any filters in the table, exported alerts include only those alerts that satisfy the filter conditions.

Export audit logs

With the Administrator or Security Administrator role, you can export audit log records to a CSV file of audit data that you can
download and open in Excel. Only the Administrator role can change the retention period.

Steps
1. Go to Administration > Audit Logs.
The list of audit logs appears, which displays the following information:
● Changed at
● Audit Type
● Description
● Changed By
● Object Changed
● Previous Values
● New Values
2. To set the retention period (in days) for the audit log, select Set Boundaries and update the retention period.
Only the Administrator role can perform this step.
3. To add a note for the audit log, click >, enter a note in the Note field, and click Save.
4. Click Export All.

Monitor system state and system health

The status of system components can be monitored from the System Health pane, and system health information can be
monitored from the Health pane.

Monitor system status

You can monitor the status of each system component from the System Health pane.

To view the status of system components, click , select Support, and then click System Health.
The following table provides a summary of the status of each system component:

Table 17. Component status

Status Description
Running This state appears when the associated service or component is running with full functionality. When all
components are in running state, the state of the appliance is operational.
Initializing This state appears when the component is starting. When the component successfully starts, the state
changes to Running.
Maintenance This state appears when the associated service is in maintenance. In the maintenance state, components
have limited functionality. Infrastructure services do not go into maintenance state. When other
components are in maintenance, the appliance state is also maintenance.
Quiesce This state appears when the service that is associated with the component is stopping.

System Maintenance 37
Table 17. Component status (continued)
Status Description
Shut down This state appears when the service has stopped.
No response This state appears when the service that is associated with the component is running, but the service is
not responding.

Monitor system health

You can monitor system health information from the Health pane.
To view a summary of any issues affecting the health of PowerProtect Data Manager, select Health from the navigation pane
or View All from the Dashboard health widget.
PowerProtect Data Manager automatically performs a health check every two minutes. If an issue is detected, it is assigned
a category and a deduction value based on its severity. All issues are displayed on the Health pane. Issues that have been
resolved are automatically removed the next time a health check is performed.
The categories of Components, Configuration, Capacity, Performance, and Data Protection each start with a score of 100. If a
category is affected by an issue, its score is reduced by the deduction value assigned to the issue. If a category is affected by
more than one issue, its score is only reduced by the most severe issue.

Click next to an entry to see the details of the issue.

In the Health pane, you can export health data by using the Export All functionality.
The overall health score of the system is represented by the most severe issue and the category with the lowest score.

Table 18. Health score

Health score Indicates
95–100 System is in good health.
71–94 System is in fair health.
0–70 System is in poor health.

Access the open source software package information

All open source software (OSS) package information used by PowerProtect Data Manager is stored in a common directory.
To access this information, SSH login to PowerProtect Data Manager and retrieve the OSS reports from the /usr/
local/brs/puppet/licenses directory.

Security certificates
A default deployment of PowerProtect Data Manager creates self-signed security certificates that secure communication with
other components. As you configure the server and add assets, PowerProtect Data Manager stores additional certificates for
each component.
The Administrator and Security Administrator roles can review the Administration > Certificates page in the UI. This page
contains three tabs that list the installed security certificates. Each tab provides information about certificate uses, expiry dates,
issuers, and so forth.
The certificates on the Internal tab secure access to components that are part of the PowerProtect Data Manager server,
such as the UI and REST API. The certificates on the Application Agents tab secure access to the agents, which are under
the control of PowerProtect Data Manager but exist outside the server. The certificates on the External Servers tab secure
access to components or systems that are beyond the control of the server, but where you have approved the communication.
The PowerProtect Data Manager Security Configuration Guide contains more information about cryptography and security
certificates. This guide provides instructions for how to manage the installed certificates, including important prerequisites,
operational considerations, associated tasks, and troubleshooting. For example, you can replace the default self-signed security
certificates for PowerProtect Data Manager with certificates from an approved certificate authority. This guide also contains
instructions for establishing certificate-based trust with external components and systems.

38 System Maintenance
Restarting PowerProtect Data Manager
When a PowerProtect Data Manager restart is required, Dell Technologies recommends that you avoid directly powering off the
virtual machine unless it is necessary.
To ensure that PowerProtect Data Manager is able to properly restart, use the reboot or shutdown command. For example,
on Linux, run the command shutdown -r or shutdown -h now.

System maintenance troubleshooting

Services do not start after restarting PowerProtect Data Manager
If the operating system root password expires and you do not change the password before you restart PowerProtect Data
Manager, some scripts fail to obtain root privileges. In this situation, the PowerProtect Data Manager services cannot start.
Follow the guidance in the PowerProtect Data Manager Security Configuration Guide for operating system expired password
behavior to change the root password. Then, restart PowerProtect Data Manager again.

System Maintenance 39
 3
Managing Storage
Topics:
• Protection storage
• Storage units
• Differences in storage system and storage unit space reporting
• Monitoring storage capacity thresholds

Protection storage
Protection storage is the set of configured storage systems where PowerProtect Data Manager stores backup copies,
replicated copies, and other important information. Protection storage can include any of the following:
● A DD system, including High Availability PowerProtect DD mode
● An instance of PowerProtect DD Management Center (DDMC) that manages multiple DD systems
● A DDMC Smart Scale system pool
NOTE: Data Domain is now PowerProtect DD. References to Data Domain or DD systems in this documentation, in the UI,
and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many cases the UI has
not yet been updated to reflect this change.
The most up-to-date software compatibility information for PowerProtect Data Manager is provided by the E-Lab Navigator.
Observe the following information before you configure protection storage:
● Adding and configuring protection storage requires the Administrator role.
● You cannot add protection storage that runs incompatible versions of DDOS.
● You can only add the same protection storage system once, whether you specify the hostname, FQDN, or IP address.
● You cannot add a PowerProtect DD Management Center instance which has no managed DD systems.
● The first time that you add protection storage, PowerProtect Data Manager automatically configures and enables server DR.
The first protection storage system is the default target. System recovery for server DR provides more information.
Protection storage is further divided into logical groupings that are called storage units, which hold related data and apply more
detailed configuration options.

Click to open the Details pane and see more information about an existing protection storage system.

NOTE: Adding a PowerProtect DD Management Center instance is not required for the Storage Direct agent.

PowerProtect DD Management Center automatic discovery

When you add an instance of PowerProtect DD Management Center, PowerProtect Data Manager automatically discovers all
the supported DD systems which that PowerProtect DD Management Center instance manages.
PowerProtect Data Manager displays the discovered DD systems on the Protection Storage tab of the Infrastructure >
Storage window after discovery finishes. It may take a few minutes for the discovered systems to appear.
For each DD system, the Managed By column in the table indicates the PowerProtect DD Management Center instance that
manages the DD system.
If you add a DD system directly to PowerProtect Data Manager, the Managed By column displays the name that you provided
for the DD system.

40 Managing Storage
High Availability PowerProtect DD support
PowerProtect Data Manager supports DD systems with High Availability (HA) enabled. The Active-Standby configuration
provides redundancy in the event of a system failure. HA keeps the active and standby systems synchronized, so that if the
active node were to fail, the standby node can take over services and continue where the failing node left off.
When an active High Availability PowerProtect DD system fails over to its standby High Availability PowerProtect DD system, all
in progress PowerProtect Data Manager operations including backup, restore, replication, and Cloud Tier continue unaffected.
To add a High Availability PowerProtect DD configuration as a storage target in PowerProtect Data Manager, select
Infrastucture > Storage in the PowerProtect Data Manager UI. Add protection storage provides more information.
Virtual machine application-aware protection are only be supported with DDOS version 7.0 or later for HA. The most up-to-date
software compatibility information for PowerProtect Data Manager is provided by the E-Lab Navigator.
For details on DD systems with HA enabled, see the DDOS Administration Guide.

Smart Scale system pools

A system pool is a logical group of DD systems with one interface to flexible storage options. PowerProtect Data Manager can
use a system pool as protection storage.
The DDOS Administration Guide and PowerProtect DD Management Center Installation and Administration Guide provide more
information about Smart Scale, system pools, and the available features. The DDMC instance must be Smart Scale-enabled to
use system pools.
After you add the DDMC instance, PowerProtect Data Manager automatically discovers any available system pools. The Model
column on the Protection Storage tab indicates that the protection storage system is a system pool.
PowerProtect Data Manager groups system pools under a separate heading in the list for protection storage selection when
working with protection policies.
NOTE:

Adding a DDMC instance with system pools also discovers the individual systems within the system pool. PowerProtect
Data Manager includes these systems in lists of available storage targets, such as for protection policy creation. As with
a non-Smart Scale DDMC instance, the Infrastructure > Storage page groups and identifies these systems through the
Managed By column in the list of protection storage systems.

Some roles do not allow you to view the Infrastructure > Storage page to identify the relationships between systems
and system pools. If your role does not allow you to view this information, coordinate storage target assignments with your
system administrator.
Protection policies that target a system pool can replicate to another system pool or to a stand-alone protection storage
system. Conversely, policies that target a stand-alone protection storage system can replicate to another protection storage
system or to a system pool.

System pool reporting

Protection storage reporting differs slightly between individual protection storage systems and system pools. These differences
are visible on the Storage page and the protection storage details pane.
The following table describes how specific columns in the list of protection storage systems behave for system pools.

Table 19. System pool reporting

Column Description
Total The total capacity of the system pool.
Available The largest available space for storage unit placement on a single system in the system pool.
Free The remaining unused space in the pool.
Encryption On if any DD system in the system pool has enabled encryption.

Adding the values for Available and Free yields the total amount of unused space within the system pool.

Managing Storage 41
Mobile DD Boost users
Smart Scale mobile DD Boost users own mobile storage units on system pools. This concept extends the association between
DD Boost users and ordinary storage units to the system pool scope.
Mobile DD Boost users provide a unique user ID within a DDMC data center and control access to the associated mobile storage
units. These users are centrally managed and unique across data centers.
Mobile DD Boost users send their requests to the DDMC instance which manages the entire system pool. DDMC, in turn,
forwards the request to the correct system within the system pool.
As with other storage units, PowerProtect Data Manager associates a mobile DD Boost user with each mobile storage unit under
the control of PowerProtect Data Manager.
Storage units provides more information about mobile storage units.

System pool limitations

Before you use system pools, review the following information:
● If the primary backup or retention targets a system pool, PowerProtect Data Manager removes this system pool and
the individual pool members from the list of available replication targets. This limitation prevents a protection policy from
inadvertently replicating to the same protection storage system that holds the primary copies.
● Storage Direct policies do not support system pools. The storage target list shows all protection storage systems, regardless
of membership, but does not show system pools.
● Cloud Tiering does not support system pools. If the primary backup or retention targets a system pool, you cannot add a
Cloud Tiering objective to the protection policy. If the replication objective targets a system pool, you cannot add a Cloud
Tiering objective to the replication objective.
● Server disaster recovery (DR) does not support system pools for protection policies. Protection policies that target system
pools do not synchronize to the remote server.
● Server DR does not support system pools as a recovery target. The list of target protection storage systems does not
include system pools.
● When automatically creating a mobile storage unit on a system pool for a protection policy:
○ If the policy encryption setting is enabled, PowerProtect Data Manager requests placement on a pool member where DD
Boost file replication encryption is enabled.
○ If the policy encryption setting is disabled, PowerProtect Data Manager makes no specific placement request. The mobile
storage unit may reside on a pool member where DD Boost file replication encryption could be either enabled or disabled.
○ The retention lock setting for the system pool and pool members must match the retention lock setting for the
protection policy. If retention lock is disabled for the system pool or pool members but enabled for the protection policy,
or conversely, mobile storage unit creation fails.

Add protection storage

Add and configure a storage system to use as a target for protection policies. Only the Administrator role can add protection
storage.

Prerequisites
NOTE:

When adding a High Availability PowerProtect DD system, observe the following points:

● Do not add the individual active and standby DD systems to PowerProtect Data Manager.
● In the Address field, use the hostname that corresponds to the floating IP address of the High Availability PowerProtect
DD system.
● The High Availability PowerProtect DD system is verified with the root certificate.

Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. In the Protection Storage tab, click Add.

42 Managing Storage
3. In the Add Storage dialog box, select a storage system (PowerProtect DD System or PowerProtect DD Management
Center).
For a system pool, select DDMC.
4. To add a High Availability PowerProtect DD system, select the checkbox.
5. Specify the storage system attributes:
a. In the Name field, specify a storage name.
b. In the Address field, specify the hostname, fully qualified domain name (FQDN), or the IP address.
c. In the Port field, specify the port for SSL communication. Default is 3009.
6. Under Host Credentials click Add, if you have already configured protection storage credentials that are common across
storage systems, select an existing password. Alternatively, you can add new credentials, and then click Save.
7. If a trusted certificate does not exist on the storage system, a dialog box appears requesting certificate approval. Click
Verify to review the certificate, and then click Accept.
8. Click Save to exit the Add Storage dialog and initiate the discovery of the storage system.
A dialog box appears to indicate that the request to add storage has been initiated.
9. In the Storage window, click Discover to refresh the window with any newly discovered storage systems.
When a discovery completes successfully, the Status column updates to OK.
10. To modify a storage system location, complete the following steps:
A storage system location is a label that is applied to a storage system. If you want to store your copies in a specific location,
the label helps you select the correct storage system during policy creation.
a. In the Storage window, select the storage system from the table.
b. Click More Actions > Set Location.
The Set Location window appears.
c. Click Add in the Location list.
The Add Location window appears.
d. In the Name field, type a location name for the asset, and click Save.

Results
PowerProtect Data Manager displays the available protection storage systems. For each protection storage system, the
Managed By column contains one of the following:

Table 20. Managed By column values

Protection storage type Value
A stand-alone protection storage system. The name of the protection storage system.
A protection storage system or a system pool that is managed The name of the DDMC instance.
by DDMC.

Edit protection storage

You can change the name, port number, and credentials for an existing protection storage system. You cannot change the
address. Only the Administrator role can edit protection storage.

Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. In the Protection Storage tab, select a protection storage system and then click the link in the Managed By column.
Edit Storage dialog box appears.
3. In the Edit Storage dialog box, specify the storage system attributes:
a. In the Name field, specify a new storage name.
b. In the Port field, specify the port for SSL communication. Default is 3009.
c. Under Host Credentials, select a new set of credentials or click Add.
4. If a trusted certificate does not exist for the protection storage system, a dialog box appears requesting certificate approval.
Click Verify to review the certificate, and then click Accept.
5. Click Save to exit the Edit Storage dialog box.

Managing Storage 43
Storage units
PowerProtect Data Manager can create, configure, and reuse storage units on a protection storage system. These storage units
are the targets for protection and replication policies.
The term "storage unit under the control of PowerProtect Data Manager" describes a storage unit that was created through
one of the methods that are discussed here.
Review the applicable limitations before you create or change a storage unit, or change the protection or replication target for
a policy. The PowerProtect DD Virtual Edition Installation and Administration Guide for the appropriate platform provides more
information about storage units (MTrees).

Mobile storage units

For Smart Scale, mobile storage units extend the concept of a storage unit to the scope of an entire system pool. A mobile
storage unit has the potential to move from one pool member to another. Thus:
● When you browse the storage units in a system pool, PowerProtect Data Manager displays only mobile storage units.
● When you browse the storage units on a DD system, PowerProtect Data Manager displays only regular (non-mobile) storage
units.
● You must work with mobile storage units at the system pool level.
Aside from scope differences, PowerProtect Data Manager treats mobile storage units and regular storage units as equivalent.

Storage unit creation and configuration

PowerProtect Data Manager provides two ways to create storage units on the protection storage system:
● If you do not select an existing storage unit when you create a protection policy, PowerProtect Data Manager automatically
creates a storage unit for you.
● Through the PowerProtect Data Manager UI, you can directly create storage units as required.
You can use the UI to configure the quotas and credentials for storage units under the control of PowerProtect Data Manager.

Click to open the Details pane and see more information about an existing storage unit, including configuration values.

Storage unit selection

When you create or edit a protection policy, PowerProtect Data Manager provides the option to select a storage unit as the
protection or replication target. The storage unit can be on the same or another protection storage system.
The Storage page lists all storage units that were discovered on a protection storage system. Only storage units under the
control of PowerProtect Data Manager are available to select for a protection policy. Other storage units are not available to
select, even if known.
A storage unit under the control of PowerProtect Data Manager can be the target for multiple protection policies. When you
select an existing storage unit as a policy target, the policy inherits the storage unit's quota settings.
Managing Protection Policies provides more information about using storage units with policies.

Security
All protection policies and applications that share a storage unit can access any data in that storage unit. Reuse a storage unit
only for policies and applications that belong to the same organizational unit or which share a trusted relationship. Policies and
applications for different organizational units should use different storage units.
Any other external applications that also use the storage unit should protect and restrict access to the DD Boost credentials.
These credentials provide access to the PowerProtect Data Manager data.

44 Managing Storage
Automatic storage unit maintenance
For automatically-created storage units, automatic maintenance removes the storage unit when both the following conditions
are true:
● No protection policies target the storage unit for backups or replication.
● The storage unit contains no backups.
Automatic maintenance removes these empty, unused storage units even if retention lock is enabled.
For directly-created storage units, automatic maintenance does not remove the storage unit even when these conditions are
true. In this case, contact the protection storage system administrator to remove the storage units.

Updating from previous releases

Any protection policy can use storage units that were automatically created for policies in a previous release of PowerProtect
Data Manager. Policies that were created in a previous release continue to function as before.
Previous releases of the Oracle agent do not support storage units with multiple protection policies. The PowerProtect Data
Manager Oracle RMAN User Guide provides more information.

Storage unit limitations

When using storage units with multiple protection policies, the following limitations apply:
● PowerProtect Data Manager cannot target or configure storage units that were not created through PowerProtect Data
Manager.
● PowerProtect Data Manager cannot target storage units that were configured elsewhere for Cloud Tiering.
● Moving a protection policy to another storage unit or protection storage system may require a full backup.
○ For virtual machines, file system backups, Kubernetes, and Microsoft Exchange Server backups, the next backup is
automatically promoted to a full backup.
○ For Microsoft SQL Server, Oracle, and SAP HANA backups, complete a manual full backup of these assets with the new
storage unit.
● Protection policies for Storage Data Management cannot share a storage unit with other protection policies.
● Retention lock on a storage unit is disabled if any protection policy on that storage unit has retention lock disabled.
● Previous releases of the Oracle agent do not support sharing a storage unit between protection policies. The PowerProtect
Data Manager Oracle RMAN User Guide provides more information.

Storage unit considerations for PowerProtect DD

With respect to PowerProtect DD, storage units have certain restrictions and best practices. Be aware of the following
considerations:
● In order to avoid synchronization issues with PowerProtect Data Manager, any storage units that PowerProtect Data
Manager is managing or using should not be deleted directly from the DD.
● Storage units that you create in PowerProtect Data Manager must not be changed by the DD administrator to set up
storage unit replication.
● Storage units that you create in PowerProtect Data Manager must not be configured for Cloud Tiering.
● The following limitations apply to the number of supported storage units by PowerProtect DD model:

Table 21. Supported storage units for PowerProtect DD Operating System (DDOS) versions
PowerProtect DD DDOS version Maximum number Supported configurable concurrently active
system of storage units storage units
supported
DD9800 6.0 and later 256 256
DD9500 5.7 and later 256 256
DD6800, DD9300 6.0 and later 128 128
DD6300 6.0 and later 100 32

Managing Storage 45
Table 21. Supported storage units for PowerProtect DD Operating System (DDOS) versions (continued)
PowerProtect DD DDOS version Maximum number Supported configurable concurrently active
system of storage units storage units
supported
DD990, DD4200, DD4500, 5.7 and later 128 128
DD7200
All other DD systems 5.7 and later 100 Up to 32, based on the model
DD9500 5.6 100 64
DD990, DD890 5.3 and later 100 Up to 32, based on the model
DD7200, DD4500, 5.4 and later 100 Up to 32, based on the model
DD4200
All other DD systems 5.2 and later 100 Up to 14, based on the model

Table 22. Supported storage units in PowerProtect DD Virtual Edition (DDVE) by TB

Number of TBs Maximum number of Supported configurable concurrently active storage units
storage units
4 100 6
6
8
32 100 14
48
64 100 32
96

Create a storage unit

Directly create a storage unit through the PowerProtect Data Manager UI for use with protection policies.

Prerequisites
Add at least one protection storage system for PowerProtect Data Manager.

Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. On the Protection Storage tab, select a storage system, and then select More Actions > Manage Storage Units.
The Storage Units page opens and displays a list of the storage units under the control of PowerProtect Data Manager.
3. Select Add.
The Create Storage Unit or Create Mobile Storage Unit dialog box opens.
4. Type a name for the new storage unit.
5. For mobile storage units in system pools, select a Network Group.
Network groups are configured in DDMC to provide access to the system pool over different physical or virtual networks.
A network group contains information about the IP addresses for the pool members and the IP address that clients use for
access to the system pool.
6. Set the capacity and stream quotas that restrict the storage unit resource consumption.
There are two kinds of quota limits—hard limits and soft limits. You can set either a soft or hard limit or both a soft and hard
limit. Both values must be integers, and the soft value must be less than the hard value.
NOTE: When you set a soft limit and the limit is reached, an alert is generated but data can still be written. When you
set a hard limit and the limit is reached, data cannot be written. All data protection operations fail until data is deleted

46 Managing Storage
 from the storage unit. The PowerProtect DD Virtual Edition Installation and Administration Guide for the appropriate
platform provides more information about quota configuration.

a. Capacity Quota—Controls the total size of precompression data that is written to the protection storage.
b. Stream Quota—The number of concurrent streams allowed during data protection operations. Setting a Stream Quota
limit can help ensure that performance is not impacted negatively when a data protection operation consumes too many
resources.
7. Select Save.

Results
PowerProtect Data Manager creates the storage unit on the selected protection storage system.

Edit a storage unit

Configure the settings for an existing storage unit through the PowerProtect Data Manager UI. You can also view a list of
protection policies that target the storage unit.

About this task

Any changes to these storage unit attributes that you make directly on the protection storage system are also reflected in
PowerProtect Data Manager.

Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. On the Protection Storage tab, select a storage system, and then select More Actions > Manage Storage Units.
The Storage Units page opens and displays a list of the storage units under the control of PowerProtect Data Manager.
3. To view the details or usage for a storage unit, select for that storage unit.
The Details pane opens and displays the name, type, capacity, quota information, and a list of protection policies that
currently target the storage unit.
The storage unit may contain copies from protection policies that no longer target the storage unit.
4. Select a storage unit from the list, and then select Edit.
The Edit Storage Unit or Edit Mobile Storage Unit dialog box opens.
5. For mobile storage units in system pools, select a Network Group.
Network groups are configured in DDMC to provide access to the system pool over different physical or virtual networks.
A network group contains information about the IP addresses for the pool members and the IP address that clients use for
access to the system pool.
6. Set the capacity and stream quotas that restrict the storage unit resource consumption.
There are two kinds of quota limits—hard limits and soft limits. You can set either a soft or hard limit or both a soft and hard
limit. Both values must be integers, and the soft value must be less than the hard value.
NOTE: When you set a soft limit and the limit is reached, an alert is generated but data can still be written. When you
set a hard limit and the limit is reached, data cannot be written. All data protection operations fail until data is deleted
from the storage unit. The PowerProtect DD Virtual Edition Installation and Administration Guide for the appropriate
platform provides more information about quota configuration.

a. Capacity Quota—Controls the total size of precompression data that is written to the protection storage.
b. Stream Quota—The number of concurrent streams allowed during data protection operations. Setting a Stream Quota
limit can help ensure that performance is not impacted negatively when a data protection operation consumes too many
resources.
7. Select Save.

Results
PowerProtect Data Manager updates the storage unit settings.

Managing Storage 47
Change a storage unit password
It is recommended that you change passwords periodically for security purposes. Change the password for an existing storage
unit through the PowerProtect Data Manager UI. The change synchronizes automatically with the protection storage system.

Prerequisites
Before changing a password, verify that recent backup operations have successfully completed by checking the backup status
history in the Jobs window. You can also perform a new backup of the applicable protection policies.
The default password policy for storage units is:
● Must be between 16 and 20 characters in length
● At least one numeric character (0-9)
● At least one uppercase character (A-Z)
● At least one lowercase character (a-z)
● At least one of the following special characters: \~!@#$%^&*()+={}|:";<>?[]-_.,^'/
● A maximum of three consecutive identical characters
You can modify the password policy for storage units. Modify the password policy for storage units provides more information.

Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. On the Protection Storage tab, select a protection storage system, and then select Manage Storage Units.
The Storage Units page opens and displays a list of the storage units under the control of PowerProtect Data Manager.
3. Select one or more storage units from the list for which you would like to change the password, and then click Update
Password.
You can only update the password for storage units that are under the control of PowerProtect Data Manager. For other
storage units, the Update Password button is disabled.
The Update Password for Storage Unit(s) dialog box opens.
4. To automatically create a password for the storage unit:
a. Select Automatically generate a new password.
b. Click Save.
If you selected multiple storage units, PowerProtect Data Manager creates a unique password for each storage unit.
The storage unit password updates and synchronizes automatically with the protection storage system.
5. To create your own password:
a. Select Enter a new password.
b. In the Password field, type a new password for the storage unit according to the password policy.
c. Click Save.
If you selected multiple storage units, PowerProtect Data Manager uses the same password for each storage unit.
The storage unit password updates and synchronizes automatically with the protection storage system.
6. Go to the Jobs window to monitor the progress of the password change operation.
7. Perform another backup of the protection policy and verify that the backup completes successfully.

Modify the password policy for storage units

You can change the rules for passwords that PowerProtect Data Manager applies to storage units.

Steps
1. Connect to the PowerProtect Data Manager console as an admin user.
2. Locate the password policy file at /usr/local/brs/lib/cbs/config/
powerprotect_dd_password_policy.properties.
3. Modify the password policy.
NOTE: Ensure that the modified password policy complies with the DD password policy.

48 Managing Storage
4. Restart the cbs service:
cbs restart
5. Verify that the cbs service started successfully.

Results
The modified password policy takes effect when the cbs service successfully starts.

View the storage unit password

PowerProtect Data Manager provides a script to retrieve the password for a storage unit that you configured as a backup
target.

Prerequisites
This task requires the name of the PowerProtect DD MTree where the storage unit resides.

Steps
1. Connect to the PowerProtect Data Manager console as an admin user.
2. Navigate to the /usr/local/brs/puppet/scripts directory.
3. Obtain the storage unit password by typing the following command:
python get_dd_mtree_credential.py MTree-name
For example:

python get_dd_mtree_credential.py ppdm-1910-blrv034d018-75914

==============PowerProtect DD MTree credential==============
Full MTree path: /data/col1/ppdm-1910-blrv034d018-75914
User name: ppdm-1910-blrv034d018-75914
Password: IwWXT#DC93m={XV+K
========================================================

Differences in storage system and storage unit space

reporting
Review the following sections for information about differences in the manner that storage space is reported in PowerProtect
Data Manager.

Base 10 standard used for size calculations in the PowerProtect Data

Manager UI
For size calculations (for example, asset size, storage system capacity), the PowerProtect Data Manager UI uses the Base 10
standard, which specifies the size in MB, GB, and TB.
Other components, however, might use the Base 2 standard, which specifies the size in MiB, GiB, and TiB. When there is a
discrepancy in reported size, use the UI to obtain the most correct information.

How storage unit capacity is reported in PowerProtect Data Manager and

DD Virtual Edition
Due to differences in space calculation (physical capacity vs logical capacity), there is a discrepancy between how storage unit
capacity is reported in PowerProtect Data Manager and DD Virtual Edition.

Managing Storage 49
For example, because PowerProtect Data Manager displays the DD storage unit logical capacity, the value that is reported when
you select More Actions > Manage Storage Units in the PowerProtect Data Manager UI Infrastructure > Storage window
might be greater than the amount reported in DDVE, which displays the physical capacity.
To determine the physical storage unit capacity, use DDVE instead.

Monitoring storage capacity thresholds

PowerProtect Data Manager periodically monitors protection storage usage and reports alerts when a system reaches two
capacity thresholds. As a best practice, check for these alerts and respond before the system exhausts storage capacity.
At 80% capacity, PowerProtect Data Manager generates a weekly warning alert. At this threshold, you should develop a
strategy to add capacity or move protection policies to another storage target. Managing Protection Policies provides more
information about moving policies.
At 95% capacity, PowerProtect Data Manager generates a daily critical alert. At this threshold, capacity exhaustion is imminent.
Changing the capacity alerting thresholds requires contacting Support.

50 Managing Storage
 4
Using the PowerProtect Search Engine
Topics:
• Introducing the PowerProtect Search Engine
• Set up and manage indexing
• Search Engine node deletion
• Edit the network configuration for a Search Engine node
• Perform a search
• Troubleshooting Search Engine issues

Introducing the PowerProtect Search Engine

When you deploy PowerProtect Data Manager, the PowerProtect Search Engine software is installed by default.
The PowerProtect Search Engine indexes virtual machine file metadata to enable searches based on configurable parameters.
To use this feature, add at least one Search Engine node to the Search Engine to form a cluster. Adding a Search Engine node
enables the indexing feature.
You can enable the indexing option when creating protection policies so that the assets are indexed while they are backed up.
Recovering indexes from a disaster is a manual process. The indexing recovery process will be automated in a future release.
When a DR backup is run, scheduled, or manually triggered, the cluster backup workflow backs up the cluster index data. A
backup task is created, and you can view the individual status of the Search Component backup under Details.
NOTE: Scheduled backups with Search cluster integration appear in the Jobs pane as two identical jobs: an initialization job,
which runs immediately, and the backup job, which runs both server DR and Search cluster backups.
Deploy Search Engine nodes with fully qualified domain names (FQDNs) only. PowerProtect Data Manager verifies that the
hostname is an FQDN before deployment.

Limitations
● PowerProtect Search Engine is an optional feature that can be enabled, set up, and configured for virtual machine backups
and protection policies. When you enable this feature, a backup of the Search Engine is taken as part of the server backup
process. As of this release, you cannot disable these backups. Therefore, when Search is enabled, you must add the Search
Engine node on the DD system that contains the ServerBackup MTree to the Allow list. If you use NFS for server DR, add
the Search Engine node IP address or hostname to the client list for the NFS export.
● After an update to PowerProtect Data Manager, with the Search Engine already configured, and the first time that you use
the Networks page to add a virtual network to an environment, PowerProtect Data Manager does not automatically add
the virtual network to the Search Engine. Instead, manually edit each node to add the virtual network. This action makes
the Search Engine aware of virtual networks. Any subsequent new virtual networks are automatically added to the Search
Engine.

Set up and manage indexing

Set up a Search Engine node and configure indexing.

Prerequisites
Ensure that:
● A vCenter datastore has been configured. The PowerProtect Data Manager Virtual Machine User Guide provides detailed
steps for adding a vCenter server as an asset source.
● PowerProtect Data Manager has discovered the networks for the vCenter server.

Using the PowerProtect Search Engine 51

● The following requirements for the PowerProtect Search Engine are met:
NOTE: Each Search Engine node must meet the system requirements.

○ CPU: 4 * 2 GHz (4 virtual sockets, 1 core for each socket)

○ Memory: 8 GB RAM
○ Disks: 3 disks (50 GB each) and 1 disk (1 TB)
○ Internet Protocol: Only IPv4
○ NIC: One vmxnet3 NIC with one port
● The PowerProtect Data Manager system is configured to use an NTP server. NTP server configuration is required to
synchronize the time across the Search Engine nodes in a multi-node cluster.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine, and then click Add Node.
2. In the Add Search Engine Node wizard, provide the required parameters.
● Hostname, IP Address, Gateway, DNS, and Netmask—Note that only IPv4 addresses are supported.
● vCenter—If you have added multiple vCenter server instances, select the vCenter server on which to deploy the Search
Engine node.
NOTE: Ensure that you do not select the internal vCenter server.
● ESX Host/Cluster—Select on which cluster or ESXi host you want to deploy the Search Engine node.
● Network—Displays all the networks that are available under the selected ESXi Host/Cluster. For virtual networks
(VLANs), this network carries management traffic.
● Data Store—Displays all datastores that are accessible to the selected ESXi Host/Cluster.
3. Click Next.
The Networks Configuration page displays.
4. On the Networks Configuration page:
The Networks Configuration page configures the virtual network (VLAN) to use for Data for Management Components
traffic. To continue without virtual network configuration, leave the Preferred Network Portgroup selection blank and
then click Next.

a. From the Preferred Network Portgroup list, select a Virtual Guest Tagging (VGT) group.
VST (Virtual Switch Tagging) groups are not supported.
The list displays all virtual networks within the trunk range. If you select a portgroup that contains multiple networks,
PowerProtect Data Manager automatically selects all networks. Individual networks cannot be selected.
A Search Engine node requires an IP address from the static IP pool for each selected virtual network. If there are not
enough IP addresses in a pool, the wizard prompts you to supply additional addresses for that network.
Ensure that the selected virtual networks support a traffic type that is compatible with Search Engine nodes.
b. If required, type an available static IP address or IP address range in the Additional IP Addresses column for the
indicated virtual network.
For convenience when working with multiple virtual networks, you can also use one of the Auto Expand options:
● Expand Last IP—The wizard increments the host portion of the last IP address in the static IP pool. Click Apply.
● Same Last Digit—The wizard adds the network portion of the IP address to the specified value. Type the host
portion of the IP address and then click Apply.
The wizard updates the value in the Additional IP addresses column for each network. Verify the proposed IP
addresses.

c. Click Next.
5. On the Summary page, review the information and then click Finish.
The new Search Engine node is deployed, and details are displayed in the lower panel.
6. (Optional) Repeat the previous steps to deploy additional Search Engine nodes to the cluster.
NOTE: Ensure that the previous Search Engine node successfully deploys before you add another.

7. In the Configure Search Engine dialog box, enable or disable indexing, accept or change the expiration period, and then
click OK.
NOTE:

52 Using the PowerProtect Search Engine

 ● When the index cluster reaches 70 percent, an alert is generated. When it reaches 90 percent, an alert is generated
and indexing is suspended. Specify a global index expiry interval to periodically clean up indexes, which frees up
space.
● To turn off or modify indexing, select Infrastructure > Search Engine, select the cluster, and click Configure
Cluster. From the Configure Search Cluster dialog box, you can enable/disable the service or change the number
of expiration days.
● Indexes expire according to the global setting or when the associated copies expire, whichever occurs first.
● To stop indexing assets that have been added to a protected protection policy, disable the indexing option during
protection policy configuration.
● You can add up to a maximum of 5 Search Engine nodes.

Next steps
NOTE:

When you edit or retry an operation that failed and there are additional IP addresses in the address pool, PowerProtect Data
Manager marks the last failed IP address as abandoned. PowerProtect Data Manager does not try to reuse any IP addresses
that are marked as abandoned. The UI does not display this condition.

KB article 000181120 provides more information about how to use the REST API to detect when an IP address is marked as
abandoned. The article also provides steps to correct this condition so that the IP address can be used again.

Search Engine node deletion

PowerProtect Data Manager supports the deletion of a Search Engine node from a multi-node cluster in the PowerProtect Data
Manager UI.
You can delete an operational node from a Search Engine cluster to decrease cluster capacity if the space is no longer required.
You can also redeploy or delete nodes that could not be successfully added to the Search Engine.
When you delete an operational node, PowerProtect Data Manager moves the index data to the remaining nodes to avoid data
loss.
When you delete a node, the operation is triggered and a new job is created, which you can view in the Jobs > System Jobs
window to track its progress.

Delete operational Search Engine nodes

You can delete Search Engine nodes that have been added to the Search Engine and are in an operational state.

About this task

CAUTION: Deleting the primary node deletes the index data and makes the cluster inactive. Add a node to make
the cluster operational.
Before you can delete the primary node, you must delete all other nodes.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine.
2. Select the node from the list that you want to delete and click More Actions > Delete Node.
In the Delete Search Engine Node window, choose one of the following options:
CAUTION: When you delete a node and its data, the Search Engine deletes the node without redistributing
the data to the remaining nodes in the cluster. If the index data is deleted, the cluster becomes inactive.

● Delete the node without data loss.

To delete the node and move the index data to the remaining nodes in the cluster, click Delete Node.

Using the PowerProtect Search Engine 53

 ● Delete the node and its data.
To allow the Search Engine to delete the node along with the index data it holds, select the check box and click Delete
Node.

3. Go to the Jobs > System Jobs window to monitor the progress of the node deletion operation.

Results
The node is deleted from the cluster.

Redeploy or delete failed Search Engine nodes

PowerProtect Data Manager enables you to redeploy or delete Search Engine nodes that could not be successfully deployed.

About this task

The Redeploy Node functionality is only enabled for nodes that could not be successfully added to the Search Engine.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine.
2. Select the failed node that you want to either redeploy or delete from the cluster.
3. Do one of the following:
● To redeploy the failed node, click More Actions > Redeploy Node.
The Redeploy Search Engine Node wizard opens. The Search Engine populates the fields with the information that you
supplied when you added the node. Verify that the information is correct.
● To delete the failed node, click More Actions > Delete Node.

Results
You can view the details for the operation in the Jobs > System Jobs window.

Next steps
Optionally, if you want to update the DNS and/or gateway during the Search Engine node redeployment, you can use one of the
following commands:
● To update both the gateway and DNS, run ./infranodemgmt redeploy -node_id Search Node ID
-updateDns DNS IPv4 address -updateGateway Gateway IPv4 address
● To update the gateway only, run ./infranodemgmt redeploy -node_id Search Node ID -updateGateway
Gateway IPv4 address
● To update DNS only, run ./infranodemgmt redeploy -node_id Search Node ID -updateDns DNS IPv4
address

Edit the network configuration for a Search Engine

node
To change the virtual network configuration, perform the following steps. To change any other network configuration settings,
contact Customer Support.

Prerequisites
Before you remove a network, disable indexing. Set up and manage indexing provides instructions.

About this task

If Search Engine node deployment failed because of a virtual network configuration problem, you can update the configuration
to add additional IP addresses to the static IP pool. If you did not configure a virtual network during initial deployment, you can
also add the Search Engine node to a virtual network in the same Virtual Guest Tagging (VGT) port group.

54 Using the PowerProtect Search Engine

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine and then select the applicable Search
Engine node.
2. Select More Actions > Edit Networks.
The Edit Search Engine Node wizard opens to the Network Configuration page.
3. If applicable, from the Preferred Network Portgroup list, select a VGT network to carry Data for Management
Components traffic.
The list displays all virtual networks within the trunk range. If you select a portgroup that contains multiple networks,
PowerProtect Data Manager automatically selects all networks. Individual networks cannot be selected.
A Search Engine node requires an IP address from the static IP pool for each selected virtual network. If there are not
enough IP addresses in a pool, the wizard prompts you to supply additional addresses for that network.

Virtual networks with a warning symbol ( ) beside the network name require attention and review. For example, if you
changed the network configuration, the configured traffic types may not support Search Engine nodes. Clear any interfaces
which no longer apply to the Search Engine node.
4. If required, type an available static IP address or IP address range in the Additional IP Addresses column for the indicated
virtual network.
For convenience when working with multiple virtual networks, you can also use one of the Auto Expand options:
● Expand Last IP—The wizard increments the host portion of the last IP address in the static IP pool. Click Apply.
● Same Last Digit—The wizard adds the network portion of the IP address to the specified value. Type the host portion
of the IP address and then click Apply.
The wizard updates the value in the Additional IP addresses column for each network. Verify the proposed IP addresses.

5. Click Next.
6. On the Summary page, review the information and then click Finish.

Next steps
If you disabled indexing, re-enable indexing. Set up and manage indexing provides instructions.

Perform a search
When the Search Engine is deployed and configured, you can use the File Search functionality in the PowerProtect Data
Manager UI to search across all indexed data to locate protected files and folders within backup copies. When asset types are
set up for index searching, the File Search button appears in the Restore menu for assets.
Before performing a search, ensure that:
● A Search Engine node is set up.
● Search indexing is enabled.

Troubleshooting Search Engine issues

This section lists troubleshooting for Search Engine issues.
Some Search Engine troubleshooting procedures require the credentials for individual Search Engine nodes. Search Engine
nodes have admin and root user accounts that are used for troubleshooting software issues. The PowerProtect Data Manager
Security Configuration Guide provides instructions to manage Search Engine node credentials.

Error displays during Search Engine node failure

The following error might display during a search when a Search Engine node fails:
Not able to deploy search-node.com. Another session "<host_name>" is already configured
with the same hostname. Would you like to redeploy search node or delete the node?
If this error occurs, delete the Search Engine node, and then retry the operation. If you choose to edit, delete the node. The new
mode modal then appears with your previous inputs. The input that caused the error is marked as critical.

Using the PowerProtect Search Engine 55

Certificate issues
Issues with indexing backups and/or performing search queries might result when certificates that were deployed on the Search
Engine node were corrupted.
Perform one of the following tests to determine certificate issues:
● Use the log bundle download utility in PowerProtect Data Manager to examine the Backup VM logs in VM Direct, and look
for a log entry like the following:

ERROR: Failed to Upload File: /opt/emc/vproxy/runtime/tmp/vproxyd/

plugin/search/e6c356a1-fbaf-4231-9f6f-a0166b74909a/<search
node>-e081fdea-3599-4a6c-abc4-1b5487cb9a32-e523a94c-2d01-5234-ab3c-
7771cfab3c58-7f16bcbb72d7b49ea073356f0d7388ac08461827.db.zip to
https://<search node>:14251/upload, Error sending data chunk. Post
https://<search node>:14251/upload: x509: certificate signed by unknown authority
(possibly because of "crypto/rsa: verification error" while trying to verify
candidate authority certificate "PPDM Root CA ID-d5ec56b8-69ec-4183-9c94-7c0230408765"

● Examine the REST engine logs in the Search Engine node (/opt/emc/search/logs/rest-engine/*.log), and look
for certificate verification errors.
● Run a search either through the UI or through the API <PowerProtect Data Manager>/api/v2/file-instances
and look for a certification verification error.
Examine the certificate files on each Search Engine node to investigate further. If necessary, regenerate the certificate files.

Verify certificates
Use this procedure to verify that certificates are valid and uncorrupted:
1. Verify that the rootca.pem file is the same in all the relevant nodes (Search Engine node, PowerProtect Data Manager,
and VM Direct node).
NOTE: The rootca.pem file name is different on each node:
● PowerProtect Data Manager—/etc/ssl/certificates/rootca/rootca.pem
● Search Engine node—/var/lib/dellemc/vmboot/trust/thumbprint
● VM Direct—/var/lib/dellemc/vmboot/trust/thumbprint
2. Run the following OpenSSL command to find out whether the root certificate file is corrupt or invalid: openssl verify
<rootca.pem>

Response:

/var/lib/dellemc/vmboot/trust/thumbprint: C = US,
O = DELL Corporation,
CN = PPDM Root CA ID-4c9de850-24ab-42ec-a9a7-6080849d0d24

error 18 at 0 depth lookup:self signed certificate

OK

Ensure that the CN values match.

Certificate verification fails

If the certificate verification steps fail, you must re-create the certificates on the Search Engine node or VM Direct node:
1. Connect to the PowerProtect Data Manager console and change to the root user.
2. Use the Get command in the infranodemgmt utility to determine the Search Engine node FQDN.
3. Run /usr/local/brs/puppet/scripts/generate_certificates.sh -n -c -b <node FQDN>

A properties file is created in the /root directory called <node FQDN>.properties.

4. Open this file to determine the location of the generated certificates. They should be located in /etc/ssl/
certificates/<node FQDN>.

56 Using the PowerProtect Search Engine

5. Obtain the Search Engine node credentials. The PowerProtect Data Manager Security Configuration Guide provides
instructions.
6. From a separate terminal, SSH into the Search Engine node.
7. Change directory to /var/lib/dellemc/vmboot/trust and move the key, cert, and thumbprint files over.
8. Copy the certificate files that were generated in PowerProtect Data Manager as follows:
● rootca.pem to thumbprint
● <search node FQDN>key.pem to key
● <search node FQDN>.pem to cert
9. Paste the files to /var/lib/dellemc/vmboot/trust.
10. Set the permissions for the key, cert, and thumbprint files to 0644, and then set the ownership of these files to
root:app.
11. Restart the REST engine service to pick up the new certificates: systemctl restart search-rest-engine.
12. Check the REST engine log file (/opt/emc/search/logs/rest-engine/rest-engine-daemon-<fqdn>.log) to
verify that the service started successfully.
Ensure that the following message appears:
A valid Root CA certificate of backup server was provided during deployment
Result: Backup with indexing executes successfully and the Search Engine is functional.

Search Engine cluster is full

If the Search Engine is full, you can deploy additional nodes by following the steps in Set up and manage indexing.
If the Search Engine runs out of space and you do not want to deploy an additional node, you have the following options:
● Disable the service
● Shorten the expiration time to remove indexes sooner
● Remove indexes manually
To disable the service, complete the following steps:
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine.
2. Select the cluster, and then click Configure Cluster.
3. In the Configure Search Cluster dialog box, switch the Search Indexing button to turn it off, and then click Save.
NOTE: This setting applies to all indexes in all protection policies in the Search Cluster.

To shorten the expiration time to remove indexes sooner, complete the following steps:
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine.
2. Select the cluster, and then click Configure Cluster.
3. In the Configure Search Cluster dialog box, modify the Search Index Expiration and click Save. A recommended formula
to determine the expiration time is: Delete Index when Today = Backup-Date + Expiration Days + 1 day.
That is, one day after the backup expires.
NOTE: This setting applies to all indexes in all protection policies in the Search Engine.

To remove indexes manually, complete the following steps:

1. Use SSH to log in to the Search Engine.
2. Create a snapshot of the cluster using the following format:

{
Command: "APP_SNAPSHOT",
Title: "Initiate Index/Search Cluster Snapshot Process",
AsyncCmd: false,
Properties: {
"Name": {
Description: "Used to uniquely identify a particular snapshot",
Type: STRING
},
"Action": {
Description: "Action to perform, 'Create', 'Delete', 'Restore' or
'Cancel' a Snapshot",
Type: STRING
},

Using the PowerProtect Search Engine 57

 "NFSHost": {
Description: "NFS Host serving snapshot backup area.",
Type: STRING
},
"NFSExport": {
Description: "NFS Export path to mount too.",
Type: STRING
},
"NFSDirPath": {
Description: "NFS directory path to write too.",
Type: STRING
}
}
}

For example:

{
"Command": "APP_SNAPSHOT",
"Title": "",
"AsyncCmd": false,
"Properties": {
"Action": {
"Description": "",
"Required": false,
"Type": "string",
"IsArray": false,
"Value": "Create",
"Default": null
},
"Name": {
"Description": "",
"Required": false,
"Type": "string",
"IsArray": false,
"Value": "DataManager_Catalog_Cluster_snapshot_2019-10-16-12-57-16",
"Default": null
},
"NFSHost": {
"Value": "10.25.87.88"
},
"NFSExport": {
"Value": "/mnt/shared"
},
"NFSDirPath": {
"Value": ""
}
}
}

3. You can delete indexes by protection policy or by asset. If the JSON command is stored at /home/admin/remove-
plc.json, run the command, ./searchmgmt -I /home/admin/remove-plc.json.
● Use the following format to delete indexes by protection policy:

{
"Command": "APP_REMOVE_ITEMS",
"AsyncCmd": false,
"Properties": {
"Action": {
"Description": "Action to perform,
'AssetDelete', 'PLCDelete'",
"Required": true,
"Value": "PLCDelete",
}
"PLCID": {
"Description": "PLC ID of item(s) to delete.",
"Required": true,
"Value": "7676d753-b57e-a572-6daf-33689933456d",
}
}
}

58 Using the PowerProtect Search Engine

 ● Use the following format to delete indexes by asset type:

{
"Command": "APP_REMOVE_ITEMS",
"AsyncCmd": false,
"Properties": {
"Action": {
"Description": "Action to perform,
'AssetDelete', 'PLCDelete'",
"Required": true,
"Value": "AssetDelete",
},
"AssetID": {
"Description": "Optional, Asset ID of item(s)
to delete.",
"Required": false,
"Value": "503dd753-b57e-a572-6daf-44680033755f",
},
"PLCID": {
"Description": "PLC ID of item(s) to delete.",
"Required": true,
"Value": "7676d753-b57e-a572-6daf-33689933456d",
}
}
}

NOTE:
● The time to complete the execution of these procedures depends on the number of backup copy asset indexes being
deleted.
● This procedure does not impact regular operation of the cluster.

Troubleshooting a locked Search Engine node

The PowerProtect Data Manager Security Configuration Guide provides information about Search Engine node user accounts
and credentials, including password management policies. The password management policies for these accounts are set to lock
the admin user account after three failed attempts within five minutes. If you try to access the node while the admin user
account is locked, the amount of time that the account remains locked increases.
A Search Engine node might become locked for the following reasons:
● A user or program makes three failed attempts to SSH into the Search Engine node.
● Running monitoring software that tries to log in to the Search Engine node with the wrong admin credentials.
● Running penetration testing on the virtual machines in a vCenter server.
The Search Engine node admin user accounts enable PowerProtect Data Manager to perform operations on each node, such as
obtaining the health status of the node. If the account is locked, the health status of the node is reported as "Failed." When one
of the nodes in the cluster is in a failed state, the entire cluster becomes unavailable. As a result, the cluster is unable to perform
any indexing or search operations.
Workaround
To work around this issue, reset the Search Engine node admin credentials. Before you reset the credentials, determine why the
admin account is locked.
Obtain the Search Engine node root credentials. Then, reset the Search Engine node admin credentials. The PowerProtect Data
Manager Security Configuration Guide provides instructions.

Using the PowerProtect Search Engine 59

 5
Managing Assets
Topics:
• About asset sources, assets, and storage
• About other asset sources
• Prerequisites for discovering asset sources
• Enable an asset source
• Delete an asset source
• Adding a Cloud Snapshot Manager tenant

About asset sources, assets, and storage

In PowerProtect Data Manager, assets are the basic units that PowerProtect Data Manager protects. Asset sources are the
mechanism that PowerProtect Data Manager uses to manage assets and communicate with the protection storage where
backup copies of the assets are stored.
PowerProtect Data Manager supports PowerProtect DD Management Center (DDMC) as the storage and programmatic
interface for controlling protection storage systems.
Asset sources can be a vCenter server, Kubernetes cluster, application host, SMIS server, or Cloud Snapshot Manager tenant.
Assets can be virtual machines, Microsoft Exchange Server databases, Microsoft SQL Server databases, Oracle databases, SAP
HANA databases, file systems, Kubernetes namespaces, or storage groups.
Before you can add an asset source, you must enable the source within the PowerProtect Data Manager user interface.
In the Assets window, you can export asset records by using the Export All functionality.
CAUTION: Maximum number of characters that are allowed for an asset or a storage group name is 25. If it
exceeds, the protection policy configuration fails.

About other asset sources

In addition to vCenter server asset sources, PowerProtect Data Manager provides the option to enable the following asset
sources to protect other asset types.
NOTE: The PowerProtect Data Manager Administration and User Guide does not provide instructions for Kubernetes
clusters or agent asset source management. Refer to the PowerProtect Data Manager online help or individual Kubernetes
and agent user guides for more information.

File System agent

After the File System agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager
integrates with the agent to enable an application administrator to protect and recover data on the File System host, and to
check and monitor backup compliance against protection policies.

Kubernetes cluster
After the Kubernetes cluster asset source is added and registered in the PowerProtect Data Manager UI, PowerProtect Data
Manager enables protection of PVCs and namespace data on the Kubernetes or Tanzu Kubernetes cluster.

60 Managing Assets
NAS agent
After the NAS asset source is added and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager enables
protection of NAS assets.

Microsoft application agent for Microsoft Exchange Server

After the Microsoft application agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data
Manager integrates with the agent to enable an application administrator to protect and recover the Microsoft Exchange Server
application data on the application host, and to check and monitor backup compliance against protection policies.

Microsoft application agent for Microsoft SQL Server

After the Microsoft application agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data
Manager integrates with the agent to enable an application administrator to protect and recover the Microsoft SQL Server
application data on the application host, and to check and monitor backup compliance against protection policies.

Oracle RMAN agent

After the Oracle RMAN agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager
integrates with the agent to enable an application administrator to protect and recover the Oracle application data on the
application host, and to check and monitor backup compliance against protection policies.

SAP HANA agent

After the SAP HANA agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager
integrates with the agent to enable an application administrator to protect and recover the SAP HANA application data on the
application host, and to check and monitor backup compliance against protection policies.

Storage Direct agent for Storage Data Management

Storage Data Management uses snapshot backup technology to protect data on VMAX and PowerMax storage arrays by
moving storage group data from the array to a DD system. After the Storage Direct agent is approved and registered in the
PowerProtect Data Manager UI, and the DD system and the SMIS server are added and discovered, the Storage Direct agent
enables you to discover the storage groups in the storage arrays, and assign unprotected storage groups to a protection policy
for backup and recovery operations.

Prerequisites for discovering asset sources

Perform these tasks before you discover an asset source.
● Ensure that the PowerProtect Data Manager is deployed and configured in the environment. The PowerProtect Data
Manager deployment guides provide information.
● Log in as a user with the Administrator role. Only the Administrator role can manage asset sources.
● For a new system, enable one or more asset sources for the types of assets that you want to protect. Enable an asset
source provides more information.
● Configure all asset sources with an NTP server.
● Before you register a Microsoft SQL Server application, ensure that the DD system has been discovered successfully.
● For discovery of application agents and File System asset sources:
○ Ensure that all clocks on the application and File System hosts and PowerProtect Data Manager are time-synchronized to
the local NTP server to ensure discovery of the backups.
○ Ensure that the application and File System hosts and the PowerProtect Data Manager network can see and resolve
each other.
○ Ensure that port 7000 is open on the application and File System hosts.

Managing Assets 61
● Discovery of a vCenter Server asset source excludes the following:
○ Virtual machines with a status of Inaccessible, Invalid, or Orphaned.
○ The virtual machine template
○ The shadow or standby virtual machine created by RecoverPoint for Virtual Machines, also referred to as the vRPA copy.
Prior to performing the vCenter discovery, verify the status of any virtual machines that you want to discover.

Discovering asset sources in a GCVE environment

There are special discovery considerations in a GCVE environment. Discovery fails unless GCVE-located vCenter servers have
additional permissions.
Ensure the following permissions of any GCVE-located vCenter server:
● The GVE.LOCAL\CloudOwner user is mapped to the Cloud-Owner-Role role at the vCenter level.
● The GVE.LOCAL\CloudOwner to Cloud-Owner-Role mapping is not restricted to a lower-level container object in the
vSphere object hierarchy.

Full discovery of application asset sources

If some application assets are not discovered, you can perform an immediate full discovery of application asset sources by using
the on-demand discovery feature in the PowerProtect Data Manager UI.
Full discovery is available for the following application asset sources:
● Microsoft SQL Server
● Microsoft Exchange Server
● Oracle
● SAP HANA
● File System
To initiate a full discovery of application asset sources, complete the following steps:
1. Select Infrastructure > Asset Sources.
2. Select an application asset source and click Discover.
3. Select the Initiate a full discovery option, and then click Yes.

Enable an asset source

An asset source must be enabled in PowerProtect Data Manager before you can add and register the asset source for the
protection of assets.

About this task

Only the Administrator role can manage asset sources.
In some circumstances, the enabling of multiple asset sources is required. For example, a vCenter Server and a Kubernetes
cluster asset source must be enabled for Tanzu Kubernetes guest cluster protection.
There are other circumstances where enabling an asset source is not required, such as the following:
● For application agents and other agents such as File System and Storage Direct, an asset source is enabled automatically
when you register and approve the agent host. For example, if you have not enabled an Oracle asset source but have
registered the application host though the API or the PowerProtect Data Manager user interface, PowerProtect Data
Manager automatically enables the Oracle asset source.
● When you update to the latest version of PowerProtect Data Manager from an earlier release, any asset sources that were
previously enabled appear in the PowerProtect Data Manager user interface. On a new deployment, however, no asset
sources are enabled by default.

Steps
1. From the PowerProtect Data Manager user interface, select Infrastructure > Asset Sources, and then click + to reveal
the New Asset Source tab.

62 Managing Assets
2. In the pane for the asset source that you want to add, click Enable Source.
The Asset Sources window updates to display a tab for the new asset source.

Results
You can now add or approve the asset source for use in PowerProtect Data Manager. For a vCenter server, Kubernetes cluster,
SMIS Server, or PowerProtect Cloud Snapshot Manager tenant, select the appropriate tab in this window and click Add. For an
application host, select Infrastructure > Application Agents and click Add or Approve as required.
NOTE: Although you can add a Cloud Snapshot Manager tenant to PowerProtect Data Manager in order to view its health,
alerts, and the status of its protection, recovery, and system jobs, you cannot manage the protection of its assets from
PowerProtect Data Manager. To manage the protection of its assets, use Cloud Snapshot Manager. For more information,
see the PowerProtect Cloud Snapshot Manager Online Help.

Disable an asset source

If you enabled an asset source that you no longer require, and the host has not been registered in PowerProtect Data Manager,
perform the following steps to disable the asset source.

About this task

NOTE: An asset source cannot be disabled when one or more sources are still registered or there are backup copies of the
source assets. For example, if you registered a vCenter server and created policy backups for the vCenter Server virtual
machines, then you cannot disable the vCenter Server asset source. But if you register a vCenter server and then delete it
without creating any backups, you can disable the asset source.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Asset Sources, and then select the tab of the asset
source that you want to disable.
If no host registration is detected, a red Disable button appears.
2. Click Disable.

Results
PowerProtect Data Manager removes the tab for this asset source.

Delete an asset source

If you want to remove an asset source that you no longer require, perform the following steps to delete the asset source in the
PowerProtect Data Manager UI.

About this task

Only the Administrator role can manage the asset sources.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Asset Sources, and then select the tab for the type of
asset source that you want to delete.
2. Select the asset source name in the asset source list, and then click Delete.
3. At the warning prompt that appears, click Continue.
The asset source is deleted from the list.

Results
PowerProtect Data Manager removes the specified asset source in the Asset Sources window.
For all asset sources except the vCenter Server, any associated assets that are protected by the protection policy are removed
from the protection policy and their status is changed to deleted. These assets are removed automatically as part of daily
PowerProtect Data Manager cleanup after all associated backup copies have been deleted. These assets can also be removed

Managing Assets 63
manually. The PowerProtect Data Manager Administration and User Guide provides details on how to remove assets from
PowerProtect Data Manager.
The copies of assets from the asset source are retained (not deleted). You can delete the copies from the copies page, if
required.

Adding a Cloud Snapshot Manager tenant

After you enable the Cloud Snapshot Manager tenant asset-source with PowerProtect Data Manager, you use the Asset
Sources window in PowerProtect Data Manager to add a Cloud Snapshot Manager tenant to the PowerProtect Data Manager
environment.
Adding a Cloud Snapshot Manager tenant is required if you want to view Cloud Snapshot Manager jobs, alerts, and reports from
a consolidated PowerProtect Data Manager dashboard.

Add a Cloud Snapshot Manager Tenant

Perform the following steps to add a Cloud Snapshot Manager tenant as an asset source in the PowerProtect Data Manager UI.

Prerequisites
● Ensure that the asset source is enabled. Enable an asset source provides instructions.
● Log in as a user with the Administrator role. Only the Administrator role can manage asset sources.
● The PowerProtect Data Manager server has Internet access and is able to reach https://ssgosge.emc.com.
NOTE: If this access is removed during normal operation, any existing Cloud Snapshot Manager information will continue
to be displayed in the Dashboard window, but there will be no updates until Internet access is restored.
● This procedure requires the entry of values specific to Cloud Snapshot Manager. For more information, see the
PowerProtect Cloud Snapshot Manager Online Help.

Steps
1. From the left navigation pane, select Infrastructure > Asset Sources.
The Asset Sources window appears.
2. Select the Cloud Snapshot Manager tab.
3. Click Add.
The Add Cloud Snapshot Manager Account Details dialog displays.
4. In the Name field, enter a descriptive name for the Cloud Snapshot Manager tenant.
5. In the Tenant ID field, enter the Cloud Snapshot Manager tenant ID.
6. Click the drop-down control next to Cloud Snapshot Manager Credentials, and then click Add Credentials.
a. In the Name field, enter the name of the Cloud Snapshot Manager tenant credentials.
b. In the Client ID field, enter the ID of the Cloud Snapshot Manager tenant.
c. In the Client Secret field, enter the secret of the Cloud Snapshot Manager tenant.
d. Click Save.
7. Click Save.

64 Managing Assets
 6
Managing Protection Policies
Topics:
• Protection policies
• Before you create a protection policy
• Overview of PowerProtect Data Manager Cloud Tier
• Manual backups of protected assets
• Manual replication of protected assets
• Manual Cloud Tiering of protected assets
• Editing a protection policy
• Viewing a summary of protection policies
• Extended retention
• Edit the retention period for backup copies
• Delete backup copies
• Removing expired backup copies
• Removing assets from PowerProtect Data Manager
• Run an asset-protection report
• Disable a protection policy
• Delete a protection policy
• Add a service-level agreement
• Run a compliance report
• Protecting client assets after a client hostname change
• ifGroup configuration and PowerProtect Data Manager policies

Protection policies
Protection policies define sets of objectives that apply to specific periods of time. These objectives drive configuration, active
protection, and copy-data-management operations that satisfy the business requirements for the specified data. Each policy
type has its own set of user objectives.
Only the Administrator role can create or edit protection policies.
You can create protection policies for the following asset types:
● VMware virtual machines
● Microsoft Exchange Server databases
● Microsoft SQL Server databases
● Oracle databases
● SAP HANA databases
● File systems
● Kubernetes clusters
● Storage groups
● Network-attached storage (NAS)
For each policy type, refer to the individual user guides.
In the Protection Policies window, you can export protection policy data by using the Export All functionality.

Managing Protection Policies 65

Before you create a protection policy
Consider the following best practices before creating a protection policy.
● You can only protect an asset with one policy at a time. Protection rules do not automatically move assets that were
manually added to a policy to a different policy.
NOTE: If a Microsoft SQL Server is installed on a virtual machine, you can protect the Microsoft SQL Server database
with an application-consistent backup without interfering with the Microsoft SQL Server agent-based backup.
● When creating a policy, limit the number of database assets within the policy to under 500 and stagger the start time of
replication policies. These actions prevent potential replication failures.
● Before adding replication to a protection policy, ensure that you add remote protection storage as the replication location.
Add protection storage provides detailed instructions about adding remote protection storage.
● Before scheduling weekly or monthly backups, ensure that the PowerProtect Data Manager time zone is set to the local time
zone.

Understanding backup technologies

PowerProtect Data Manager uses block-based backup technology when performing full or synthetic-full backups. The File
System agent scans a volume or disk and backs up every block on the file system that is allocated to it. If only data that has
changed is backed up, the block-based backup uses Changed Block Tracking.
Block-based backups support the following capabilities:
● High-performance backups with a predictable backup window
● Efficient backups of the deduplicated file systems used by PowerProtect DD
● Mounting of a backup as a file system
● Support for sparse-file backups
PowerProtect Data Manager uses traditional file-based backup technology when backing up a specific set of files or directories.
During these backups, the entire directory structure of the file system is traversed. These backups take longer to complete than
block-based backups.
NOTE: Applying an exclusion filter to a protection policy automatically results in a file-based backup. If you are backing up a
large file system, it might be more efficient to back up all the data instead. Alternatively, move the assets being filtered to a
different protection policy, allowing the remaining unfiltered assets to use a block-based backup.

Understanding backup terminology and managing backup frequency

When scheduling backups in a protection policy, be aware of the following:
● Different protection-policy types can use different terminology to describe available backup levels. This terminology can
differ not only between ptotection-policy types, but also from traditional terminology.
● To avoid high CPU usage that can lead to failure issues, do not schedule backups more often than recommended.
To understand the different backup levels to manage backup frequencies, see the following table.

Table 23. Backup terminology and frequency

Protection-policy Available backup Description Equivalent Minimum frequency
types levels traditional recommendation
terminology
VMware Full All the data is backed up. Full Monthly
application-aware
Synthetic Full Only the data that has A differential backup is 12 hours
changed since the last performed, followed by
synthetic-full or full backup a merge operation that
is backup up. An operation produces a full backup
to merge these changes with in storage.
the last synthetic-full or full
backup produces a full backup
in storage. Only the changed
blocks are copied over the

66 Managing Protection Policies

Table 23. Backup terminology and frequency (continued)
Protection-policy Available backup Description Equivalent Minimum frequency
types levels traditional recommendation
terminology
network, but the result is still
a full backup in storage.
Log The transaction logs are 30 minutes
backed up.
VMware crash- Full All the data is backed up. Full Monthly
consistent
Synthetic Full Only the data that has A differential backup is 12 hours
changed since the last performed, followed by
synthetic-full or full backup a merge operation that
is backed up. An operation produces a full backup
to merge these changes with in storage.
the last synthetic-full or full
backup produces a full backup
in storage. Only the changed
blocks are copied over the
network, but the result is still
a full backup in storage.
Kubernetes crash- Full The namespace metadata and Full Daily
consistent persistent volumes are backed
up.
Synthetic Full Only the data that has A combination 12 Hours
changed for persistent of full and
volumes on VMware first- differential backups
class disks since the last are performed,
synthetic-full or full backup followed by a
is backed up. The namespace merge operation that
metadata and all other produces a full backup
persistent volumes are backed in storage.
up in full. Although not all
the data is copied over the
network, the result is still a full
backup in storage.
File System Full All the data is backed up. Full Monthly
centralized
Synthetic Full Only the data that has A differential backup is 12 hours
changed since the last performed, followed by
synthetic-full or full backup a merge operation that
is backed up. An operation produces a full backup
to merge these changes with in storage.
the last synthetic-full or full
backup produces a full backup
in storage. Only the changed
blocks are copied over the
network, but the result is still
a full backup in storage.
Microsoft Full All the data is backed up. Full Weekly
Exchange Server
centralized Synthetic Full Only the data that has A differential backup is 12 hours
changed since the last performed, followed by
synthetic-full or full backup a merge operation that
is backed up. An operation produces a full backup
to merge these changes with in storage.
the last synthetic-full or full
backup produces a full backup
in storage. Only the changed
blocks are copied over the

Managing Protection Policies 67

Table 23. Backup terminology and frequency (continued)
Protection-policy Available backup Description Equivalent Minimum frequency
types levels traditional recommendation
terminology
network, but the result is still
a full backup in storage.
Microsoft SQL Full All the data is backed up. Full Daily
Server centralized
Differential Only the data that has A differential backup is 12 hours
changed since the last performed, followed by
differential backup or the last a merge operation that
full backup if there are no produces a full backup
other differential backups is in storage.
backed up.
Log The transaction logs are 30 minutes
backed up.
Oracle centralized Full All the data is backed up. Full Daily
Incremental Only the data that has Differential 12 hours
Cumulative changed since the last full
backup is backed up.
Incremental Only the data that Incremental 6 hours
Differential has changed since the
last incremental differential
backup or the last full
backup if there are no
other incremental differential
backups is backed up.
Log The archived logs are backed 30 minutes
up.
SAP HANA Full All the data is backed up. Full Daily
centralized
Differential Only the data that has Differential 12 hours
changed since the last full
backup is backed up.
Incremental Only the data that has Incremental 6 hours
changed since the last
incremental backup or the last
full backup if there are no
other incremental backups is
backed up.
VMAX storage Full All the data is backed up. Full Daily
group centralized
Synthetic Full Only the data that has A differential backup is 12 hours
changed since the last performed, followed by
synthetic-full or full backup a merge operation that
is backed up. An operation produces a full backup
to merge these changes with in storage.
the last synthetic-full or full
backup produces a full backup
in storage. Only the changed
blocks are copied over the
network, but the result is still
a full backup in storage.

NOTE: In some situations, a full backup might be performed even though a synthetic-full backup was scheduled. Possible
reasons for a full backup include the following:
● There is no existing full backup.
● The size of a volume has changed.

68 Managing Protection Policies

 ● There has been a file path change.
● The asset host has been rebooted.

Replication triggers
PowerProtect Data Manager orchestrates protection policy replication objectives independently of the primary backup or
retention. When you add a replication objective to a policy, select one of the available triggers.
The default replication trigger is a schedule window that you define by setting a recurrence period plus start and end times.
Replication occurs during the defined window. For example, every day between 8 p.m. and 12 a.m.
You can also trigger replication immediately after the completion of the associated primary backup or retention, whether
scheduled or manual. At the start of the primary backup, PowerProtect Data Manager generates an associated replication
job that remains queued until the end of the protection job. If the backup fails or completes with exception, the associated
replication job is skipped. Restarting the protection job queues the associated replication job again.
NOTE:

Replication after backup completion is only supported for centralized protection policies. This feature is not yet available for
self-service protection policies or for replication objectives that are based on extended retention.

Older application agents may not support replication after backup completion. Update the applicable application agents to
the current version before configuring this trigger.
Using a schedule can help you manage network traffic by replicating during off-peak hours. However, for larger backup sets,
the primary backup or retention may not finish before the start of the replication schedule, which creates a replication backlog.
Replication after backup completion prevents a replication backlog from forming.
To prevent data loss, the replication after backup completion trigger replicates new backups from the primary objective and any
outstanding backups that have not yet replicated.

Overview of PowerProtect Data Manager Cloud Tier

The PowerProtect Data Manager Cloud Tier feature works in tandem with the Cloud Tier feature of DD systems to move
PowerProtect Data Manager backups to the cloud. This provides long-term storage of PowerProtect Data Manager backups by
seamlessly and securely tiering data to the cloud.
From the PowerProtect Data Manager UI, you configure Cloud Tier to move PowerProtect Data Manager backups from
protection storage to the cloud, and you can perform seamless recovery of these backups.
Cloud storage units must be pre-configured on the protection storage system before they are configured for Cloud Tier in the
PowerProtect Data Manager UI. The DDOS Administration Guide provides further information.

Add a Cloud Tier objective to a protection policy

For some protection policy types, you can add a Cloud Tier objective to a protection policy in order to perform backups to Cloud
Tier.

Prerequisites
Ensure that a protection storage system is set up for Cloud Tiering.

About this task

You can create the Cloud Tier objective from Primary Backup, Replicate, and Extend Retention objectives. Objectives must
have a retention time of 14 days or more.
Cloud Tiering happens at 00:00 UTC each day. Depending on your time zone, this time may be within business hours and thus
Cloud Tiering may impact available network bandwidth. Cloud Tiering applies to both centralized and self-service protection
policies.

Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

Managing Protection Policies 69

2. From the PowerProtect Data Manager UI, select Protection > Protection Policies, and then click Add.
The Add Policy wizard appears.
3. On the Type page, enter a name and description, select the type of system to back up, and click Next.
The following protection policy types support Cloud Tiering:
● Virtual machine
● Microsoft SQL Server
● Microsoft Exchange Server
● Network Attached Storage (NAS)
● Oracle
● SAP HANA
● File System
● Kubernetes
4. On the Purpose page, select from the available options to indicate the purpose of the new protection policy, and then click
Next.
5. On the Assets page, select the assets that you want to protect with this policy, and then click Next.
6. On the Objectives page, click Add under Primary Backup if the primary backup objective is not already created, and fill
out the fields in the Target and Schedules panes on the Add Primary Backup dialog.
NOTE: There is no minimum recurrence required for the Cloud objective, however, the Cloud Tier objective requires a
minimum retention period of 14 days in the Retain for field.

7. Click Cloud Tier next to Primary Backup or Extend Retention or, if adding a Cloud objective for a replication objective
that you have added, click Cloud Tier under Replicate.
An entry for Cloud Tier is created to the right of the primary backup or extended retention objective, or below the
replication objective.
8. Under the entry for Cloud Tier, click Add.
The Add Cloud Tier Backup dialog appears, with summary information for the parent node. This information indicates
whether you are adding this Cloud Tier objective for the primary backup objective, the extended retention objective, or the
replication objective.
9. In the Add Cloud Tier Backup dialog box, set the following parameters and then click Save:
● Select the appropriate storage unit from the Cloud Target list.
● For Tier After, set a time of 14 days or more.
The protection policy is now enabled with Cloud Tiering.
10. Click Next to proceed with the remaining pages of the Add Policy wizard, verify the information, and then click Finish.
A new job is created, which you can view under the Jobs tab after the job completes.

Manage Cloud Tier asset copies

You can manage Cloud Tier copies of assets by changing copy retention time, deleting copies, and recalling copies.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. Select an asset and click View Copies.
3. Click an asset copy icon.
Cloud Tier backups are listed by cloud storage in the Location column.
4. To change how long copies remain in cloud storage, complete the following steps:
a. Select a Cloud Tier backup and click Edit Retention.
b. Choose one of the following options:
● To select a calendar date as the expiration date for backups, select Retention Date.
● To define a fixed retention period in days, weeks, months, or years after the backup is performed, select Retention
Value. For example, you could specify that backups expire after 6 months.
c. When satisfied with the changes, click Save.
The asset is displayed in the list with the changes. The Retention column displays both the original and new retention
period, and indicates whether the retention period has been extended or shortened.

70 Managing Protection Policies

 NOTE: When you edit the retention period for copies that are retention locked, you can only extend the retention
period.

5. To delete the copy in cloud storage, select a Cloud Tier backup and click Delete. To delete the copy records from
the PowerProtect Data Manager database while the copy remains in the protection storage, select Remove from
PowerProtect.
Delete backup copies and Remove backup copies from the PowerProtect Data Manager database provides more information.
6. Select a Cloud Tier backup and click Recall from Cloud to return the cloud backup to your local protection storage for
recovery or backup.
NOTE: If you use Amazon's network to copy data from AWS storage, Amazon charges you for the data transfer.

7. To extend the date to retier the copy back to the cloud, select Edit Recall Retention.
8. To manually move a copy back to cloud storage, select Retier.

Restore Cloud Tier backups to protection storage

Once a Cloud Tier backup is recalled, restore operations of these backups are identical to normal restore operations.
The PowerProtect Data Manager software recalls a copy of the backup from the Cloud unit to the local (active) tier of
protection storage, which then allows you to perform a restore of the backup from the active tier to the client. The status
appears as Cloud, and changes to Local Recalled after cloud recall completes. After the restore, the backup copy is removed
from Cloud Tier, and is stored on the active tier of protection storage for a minimum of 14 days, after which the backup may be
returned to the cloud depending on your protection policy.

Recall and restore from Cloud Tier

Perform the following steps to recall a backup on Cloud Tier to the active tier on protection storage and restore this backup.

Prerequisites

NOTE: When a backup is recalled from Cloud Tier to the active tier, the copy is removed from Cloud Tier.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. On the Assets window, select the tab that contains the asset you want to recall from Cloud Tier, and then click View
Copies.
3. Click DD, and then select from one of the available copies that appear in the table.
4. Click Recall.
The Recall from Cloud dialog box appears.
5. In the Retain until box, specify how long you want to keep the copy on the active tier, and then click OK.
6. Go to the Jobs window to monitor the recall operation.
When the copy has been moved successfully, the Location changes from Cloud to Local.
7. Select Restore > Assets, and then select the tab that contains the recalled asset.
8. Select the recalled asset, and then click Restore.
NOTE: If you are unsure whether the asset has been recalled, click View Copies and select DD to view the available
backup copies. If the asset backup is a recalled copy, the Status column indicates Local Recalled.

9. Select the recalled copy to re-tier the copy to the active tier.

Managing Protection Policies 71

Manual backups of protected assets
Once assets have been added to a protection policy, you can perform manual backups by using the Protect Now functionality
in the PowerProtect Data Manager UI.

About this task

You can use a single manual backup from the Protection > Protection Policies window to back up multiple assets that are
protected in the designated protection policy. The protection policy must be enabled, and its purpose must not be Exclusion or
Self-Service Protection.
When a virtual machine is part of an application-aware protection policy, the manual backup is a full application-aware backup.
The manual backup is managed by other configured objectives (extended retention backup, replication, Cloud Tier, Cloud DR)
of the parent protection policy. Other properties, such as retention lock, storage target, quotas, and network interfaces, are
inherited from the parent protection policy. Jobs managed by this protection policy, such as replication, cloud tiering, and Cloud
DR, continue to run after the manual backup job completes.

Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window appears.
2. Select the protection policy that contains the assets that you want to back up, and click Protect Now.
The Protect Now wizard appears.
3. On the Assets Selection page, select whether you want to back up all assets or choose individual assets that are defined in
the protection policy, and then click Next.
If you selected the option to choose individual assets for manual backup instead of all assets, the Assets page appears with
the individual assets available for selection.
a. Select the assets that you want to include in the manual backup, and then click Next to display the Configuration page.
If you selected to back up all assets, the Configuration page appears.
4. On the Configuration page, select Back up now, and then select from the available backup types.
5. Edit the retention period if you want to change the default settings, and then click Next.
The default settings are inherited from the primary backup objective of the parent protection policy.
6. On the Summary page, review the settings and then click Protect Now.
A notification appears indicating whether the request was processed successfully.

Manual backups of a single protected asset

You can also perform a manual backup from the Infrastructure > Assets window, but only for one asset at a time.

About this task

Review the information at Manual backups of protected assets. The protection policy must be enabled, and its purpose must not
be Exclusion or Self-Service Protection. This task creates a full backup for the selected asset.

Steps
1. From the left navigation pane, select Infrastructure > Assets.
The Assets window appears.
2. Select the tab for the asset type you want to back up.
A list of assets appears.
3. Select an asset from the table that has an associated protection policy.
4. Click Protect Now.
A notification appears indicating whether the request was processed successfully.

72 Managing Protection Policies

Manual replication of protected assets
You can replicate one or more protected assets within a protection policy by using the Protect Now functionality in the
PowerProtect Data Manager UI. Replication can include all assets which are defined on the protection policy or a subset of
these assets. After you select assets, you can replicate all backups or a subset of backups.

Prerequisites
The protection policy purpose must not be Exclusion, and the policy must already be configured with a replication objective.
You can only manually replicate the replication objectives for the primary backup.
NOTE: VMAX storage groups only support MTree replication, which is performed and scheduled from the DD system.
Therefore, manual replication for assets in a VMAX storage group is not supported.

About this task

Replicating a subset of backups is useful when the replication backlog is too large to catch up. For example, when the
destination was offline for an extended period or where bandwidth and capacity issues prevent a full replication during the
available window.
If the backlog is too large, you can ensure that the destination receives the most recent backups first. You can also reduce the
backlog by skipping the future replication of backups that are too old to match the selection criteria.

Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
2. Select the protection policy that contains the assets that you want to replicate, and click Protect Now.
The Protect Now wizard opens to the Assets Selection page.
3. Select whether you want to replicate All Assets or a Custom selection of assets.
● If you selected All Assets, click Next.
● If you selected Custom, a list appears from which you can select individual assets. You can see these assets in tree view
or list view.
a. Select the assets that you want manually replicate, and then click Next.
The Configuration page appears.
4. Select Replicate Now.
5. Select a destination storage target from the Storage Name and Storage Unit drop-down lists.
The selection of storage system and storage unit from these drop-down lists corresponds to the associated replication
objective for the primary backup. In some cases, a protection storage system may have more than one storage unit for this
policy.
The wizard loads the default settings from the protection policy.
6. If you want to change the default settings:
● You can configure different retention periods for all applicable backup types, or configure the same retention period for
all backup types.
● The default retention period settings are inherited from the settings in the corresponding replication objective of the
protection policy.
● For VMDM, File System, Microsoft Exchange Server, and NAS assets, the retention period for full and synthetic full
backups should be the same value.
a. Select or clear Set the same retention time for all replicated copies.
b. Edit the retention period for all applicable backup types.
c. Resolve any conflicts or errors, as indicated by the and symbols.
7. Select whether you want to replicate All Copies or a Custom subset of backups.
If you selected Custom, additional options appear:
a. To replicate recent backups by time, select the first option and then type the number of days.
b. To replicate a specific number of recent backups, select the second option and then type the number of backups.
c. (Optional) To remove all nonmatching backups from the replication backlog for this objective, select Do not replicate
copies outside the selection and mark them as skipped.
PowerProtect Data Manager excludes any skipped backups from future replication activities by this objective. This
decision is permanent and the wizard prompts for confirmation.

Managing Protection Policies 73

 If the chain for the selected backups has not already replicated, the resulting activity replicates the chain from the last full
backup to the selection.
NOTE: Manual replication of a FULL backup for any asset type with a dependency chain (for example, a backup that
includes transaction logs) is skipped when the FULL copy has already been replicated, even if the dependencies have
not yet been replicated. To replicate any of these dependencies in the backup chain, wait for the scheduled replication,
or perform a manual replication with the All Copies option selected instead of the Custom option.

8. (Optional) Click Select Replication and then repeat the previous steps to configure manual replication for additional
replication policy objectives.
9. Click Next.
10. On the Summary page, review the settings and then click Protect Now.
A notification appears indicating whether the request was processed successfully.

Manual Cloud Tiering of protected assets

Once you add assets to a protection policy that contains a Cloud Tier objective, you can perform a manual tiering of these
assets by using the PowerProtect Data Manager UI.

NOTE: Manual Cloud Tiering of a copy set requires the related protection policy to have a Cloud Tier objective.

To perform on-demand Cloud Tiering:

1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. On the Assets window, select the tab for the asset type you want to tier. A list of assets appears.
3. Select an asset from the table that has an associated protection policy, and then click View Copies.
NOTE: You can only select one asset at a time, and the protection policy that is associated with the asset cannot be an
exclusion policy.
4. Click the DD icon to display the available backup copies in the right pane.
5. Select a backup copy, and then click Tier. A notification appears indicating whether the request was processed successfully.
Go to the Jobs window to monitor the progress of the tiering operation.

Editing a protection policy

You can use the PowerProtect Data Manager UI to change any of the following information for an existing enabled or disabled
protection policy:
● Policy name and description
● Adding or removing assets from the policy
● Backup and replication schedule
● Backup optimization mode
● Settings for network interface, storage target, and retention lock
You cannot modify a protection policy type or purpose. For these actions, add a policy. Storage quotas cannot be changed by
editing a policy.
NOTE: Once you save changes for an enabled or disabled policy, most changes take effect immediately. For a disabled
policy's primary backup schedules, however, the changes do not take effect until you reenable the policy, since these
schedules do not run in Disabled state.

Modify a policy name and description, objectives, or options

The following procedure describes how to change an existing policy name and description, schedule and objectives, or additional
backup options in the PowerProtect Data Manager UI.

Prerequisites
If applicable, complete all of the virtual network configuration tasks before you assign any virtual networks to the protection
policy.

74 Managing Protection Policies

About this task
NOTE: You can also edit a protection policy to add or remove assets. Detailed instructions for adding assets to a policy or
removing assets from a policy are provided in the section Add or remove assets in a protection policy.

Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window appears.
2. Select the protection policy that you want to modify, and click Edit.
The Edit Policy window opens on the Summary page. From this page, you can click edit next to any available row to
change specific policy details.
3. In the Name or Description rows, click Edit.
The Type page displays.
NOTE: You cannot change the type or purpose of an existing policy.
4. In the Objectives row, click Edit.
The Objectives page displays. From this page, you can change the backup schedule, modify the settings for the network
interface, and enable or disable the retention lock.
You can also change the storage targets by selecting a new Storage Name in the Primary Backup and Replicate rows.
For more information about changing storage targets, see the section Changing storage targets.
5. In the Options row, click Edit.
The Options page displays. From this page, you can change the backup optimization mode (for example, from Performance
to Capacity), select whether to include or exclude swap files from the backup, and select whether to quiesce the guest file
system during the backup.
NOTE: For virtual machine protection policies, two types of protection mechanisms are used—Transparent Snapshot
Data Mover (TSDM), and VMware vStorage API for Data Protection (VADP). Updates to the policy options can result
in changes to the protection mechanism used to move virtual machine data. When the protection mechanism changes, a
new, full backup is performed, which might take awhile to complete.
6. After making your changes, click Next to save the changes and return to the Summary page.
7. On the Summary page, click Finish.
An informational dialog displays.
8. Click OK to exit the dialog, or click Go to Jobs to open the Jobs window to monitor the backup of the new protection
policy.

Changing storage targets

A storage target consists of a protection storage system and associated storage unit. You can change the selected storage
target elements for each protection policy.
When you edit the primary backup and replication objectives for protection policies:
● The Storage Name drop-down list shows the current protection storage system. The drop-down list also contains other
protection storage systems that are available. Select Add to configure more protection storage.
● The Storage Unit drop-down list shows the storage unit that PowerProtect Data Manager targets on the selected
protection storage system. From this drop-down list, you can select other storage units under the control of PowerProtect
Data Manager. Select New to create a storage unit.
When you change the storage target, appropriately configure any dependencies. For example, configure a cloud provider to use
the new protection storage system or storage unit.

Impacts
Changing the primary objective storage target for some asset types may cause skipped backups until the next scheduled full
backup:
● VMware virtual machine application-aware
● SAP HANA
● Oracle RMAN

Managing Protection Policies 75

Perform a manual full backup for these policies. Manual backups of protected assets provides instructions.
The following asset types do not require additional action:
● VMware virtual machine crash-consistent
● Kubernetes
● Network Attached Storage (NAS)
● Storage Group
● Microsoft Exchange Server
● Microsoft SQL Server
● File systems
For these asset types, the next backup automatically becomes a full backup.
Replication objectives do not require additional action.

Protection storage
Managing Storage provides more information about working with protection storage, including configuring additional protection
storage systems and changing quota settings.
When reviewing the list of selected and available protection storage systems, consider the following:
● It is not recommended that policy objectives share protection storage systems because this configuration does not
increase data availability. However, some environments may require replicas with different retention periods, where multiple
objectives share a protection storage system.
● Only protection storage that has been licensed and configured for use by the current protection policy appears in the
drop-down list.
● Changing protection storage systems for Storage Group protection policies is not supported.

Storage units
Storage units provides more information about working with storage units, including applicable limitations and maintenance
considerations.
If you select New, PowerProtect Data Manager creates a storage unit for this protection policy. The new storage unit name
is based on the protection policy name plus an identifier. Storage units provides more instructions for changing the quota
configuration.
You can also select an existing storage unit under the control of PowerProtect Data Manager. The drop-down list displays the
available storage units on the selected protection storage system. If the storage unit name is truncated due to space limitations,
hover over the list entry to see the full storage unit name and quota information.
Changing storage units for Storage Group protection policies is not supported.

Replication to shared protection storage

To improve flexibility for external workflows and reduce infrastructure costs, PowerProtect Data Manager supports sharing
protection storage across multiple objectives.
To service workflows outside of PowerProtect Data Manager, you may require different retention periods for different replicas.
Since retention periods are set at the objective level, configuring different retention periods requires additional replication
objectives.
Under most circumstances, additional replication objectives target storage units that reside on different protection storage
systems. Replicating to separate protection storage provides additional data availability.
To support external workflows without requiring separate protection storage systems for each additional objective,
PowerProtect Data Manager supports targeting different storage units on the same protection storage system. To further
reduce costs, you can target the same protection storage system where the primary backup resides. In this case, the external
workflow provides the additional data safety. When replicating an extended retention, select a storage unit that also holds a
replica of the primary backup.

NOTE:

76 Managing Protection Policies

 Because PowerProtect Data Manager is unaware of external workflows, the UI issues a warning when you configure a
policy with multiple objectives that share the same protection storage system. This configuration is uncommon, so verify the
storage targets and the use case before you continue.

The UI also issues a warning where the selected storage unit is the source for any MTree replication workflow. This
workflow may belong to another application. Verify the storage targets before you continue. These notifications require
DDOS 7.7 or later.

Add or remove assets in a protection policy

Perform the following steps in the PowerProtect Data Manager UI to add or remove an asset in a protection policy.

About this task

When a protection policy is edited and new assets are added, backups for the new assets start from the next scheduled FULL
backup job for the protection policy.

Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window appears.
2. Select the protection policy that you want to modify, and click Edit.
The Edit Policy window opens on the Summary page.
3. In the Assets row, click Edit.
The Assets page appears.
NOTE: For virtual machine protection policies, the view that you selected when creating the policy is retained in
this page, and cannot be changed. For example, if you set up this policy with View Asset Table selected, all assets
protected by this policy will display in a table on this page, and the option to select View by Host will be disabled. Both
views provide additional information about the virtual machines, such as any currently associated tags, protection rules,
and whether the virtual machine is already assigned to another policy, to help you identify which assets you want to add
or remove from this policy.
4. To remove containers or assets from the protection policy, select the object and click Remove.
The Assets page updates with the changes.
5. To add a container or asset to the protection policy:
a. Click + Add.
The Add Unprotected Assets dialog displays any objects that are unprotected.
b. Select the individual unprotected assets that you want to add to the policy, or select a container level within the
hierarchy to add all assets within that level, and then click Add.
The Assets page updates with the changes.
6. Optionally, if you want to exclude non-production VMDKs such as network shares or test disks from a protection policy:
a. Select the virtual machine asset from the list, and then click Manage Exclusions in the Disk Excluded column.
The Exclude Disks dialog box appears. By default, the slider next to each VMDK is set to Included.
b. For each disk that you want to exclude, move the slider to the right. The status updates to Excluded.
c. Click Save. The Assets page updates to indicate the number of disks for that particular asset that will be excluded from
the protection policy.
7. Click Next to save the changes and go to the Summary page.
8. In the Summary page, click Finish
An informational dialog box appears.
9. Click OK to exit the dialog box, or click Go to Jobs to open the Jobs window to monitor the backup of the new protection
policy.

Managing Protection Policies 77

Viewing a summary of protection policies
You can use the PowerProtect Data Manager UI to view a summary of information about a protection policy.
From the left navigation pane, select Protection > Protection Policies to view the Protection Policies window.
The Protection Policies window displays the following columns of information for each protection policy.
● Name
● Category
● Asset Type
● Protected Asset Size
● Last run status
● Violations
● State
The entries in the Name and Last Run Status columns are links to additional information about the related protection policy.

View assets assigned to a protection policy

You can view assets that are assigned to a protection policy. If assets move from one protection policy to another, you can
verify the results from the details window for the protection policy.

About this task

To view the assets that are assigned to a protection policy, complete the following steps:

Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window opens.
2. Click the name link of the protection policy to view its details.
The details window for the selected protection policy opens and displays information about the policy.
3. Click the asset count link next to Assets.
The Assets window appears and displays the assets that are assigned to the protection policy.
4. To export asset records for the protection policy, in the Assets window, click Export All.

View the status of the last-run job of a protection policy

You can use the Protection Policies window to determine if the last-run job of a protection policy was successful.

About this task

To view the status of the last-run job of a protection policy, complete the following steps:

Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window opens.
2. Review the information displayed in the Last Run Status column for the protection policy.
3. Optionally, click the last-run status link of the protection policy to view the Protection Jobs window for more information
about the job .
NOTE: The Protection Jobs window displays only the most recently run protection jobs. To view the most recently run
system jobs, select Jobs > System Jobs from the left navigation pane to view the System Jobs window.

78 Managing Protection Policies

Extended retention
You can extend the retention period for the primary backup copy for long-term retention. For example, your regular schedule for
daily backups can use a retention period of 30 days, but you can extend the retention period to keep the full backups taken on
Mondays for 10 weeks.
Both centralized and self-service protection policies support weekly, monthly, and yearly recurrence schedules to meet the
demands of your compliance objectives. For example, you can retain the last full backup containing the last transaction of a
fiscal year for 10 years. When you extend the retention period of a backup in a protection policy, you can retain scheduled full
backups with a repeating pattern for a specified amount of time.
For example:
● Retain full yearly backups that are set to repeat on the first day of January for 5 years.
● Retain full monthly backups that are set to repeat on the last day of every month for 1 year.
● Retain full yearly backups that are set to repeat on the third Monday of December for 7 years.

Preferred alternatives
When you define an extended retention objective for a protection policy, you define a set of matching criteria that select
preferred backups to retain. If the matching criteria do not identify a matching backup, PowerProtect Data Manager
automatically retains the preferred alternative backup according to one of the following methods:
● Look-back—Retain the last available full backup that was taken before the matching criteria.
● Look-forward—Retain the next available full backup that was taken after the matching criteria.
For example, consider a situation where you configured a protection policy to retain the daily backup for the last day of the
month to extended retention. However, a network issue caused that backup to fail. In this case, look-back matching retains the
backup that was taken the previous day, while look-forward matching retains the backup that was taken the following day.
By default, PowerProtect Data Manager uses look-back matching to select the preferred alternative backup. A grace period
defines how far PowerProtect Data Manager can look in the configured direction for an alternative backup. If PowerProtect
Data Manager cannot find an alternative backup within the grace period, extended retention fails.
You can use the REST API to change the matching method or the grace period for look-forward matching. The PowerProtect
Data Manager Public REST API documentation provides instructions. If there are no available backups for the defined matching
period, you can change the matching method to a different backup.
For look-forward matching, the next available backup can be an ad-hoc backup or the next scheduled backup.

Selecting backups by weekday

This section applies to centralized protection policies. Self-service protection policies have no primary backup objective
configuration.
When you configure extended retention to match backups by weekday, PowerProtect Data Manager may identify a backup that
was taken on one weekday as being taken on a different weekday. This behavior happens where the backup window does not
align with the start of the day. PowerProtect Data Manager identifies backups according to the day on which the corresponding
backup window started, rather than the start of the backup itself.
For example, consider a backup schedule with an 8:00 p.m. to 6:00 a.m. backup window:
● Backups that start at 12:00 a.m. on Sunday and end at 6:00 a.m. on Sunday are identified as Saturday backups, since the
backup window started on Saturday.
● Backups that start at 8:01 p.m. on Sunday and end at 12:00 a.m. on Monday are identified as Sunday backups, since the
backup window started on Sunday.
● Backups that start at 12:00 a.m. on Monday and end at 6:00 a.m. on Monday are identified as Sunday backups, since the
backup window started on Sunday.
In this example, when you select Sunday backups for extended retention, PowerProtect Data Manager does not retain backups
that were taken between 12:00 a.m. and 8:00 p.m. This behavior happens even though the backups occurred on Sunday.
Instead, PowerProtect Data Manager selects the first available backup that started after 8:00 p.m. on Sunday for extended
retention.
If no backups were created between 8:01 p.m. on Sunday and 6:00 a.m. on Monday, PowerProtect Data Manager retains the
next alternative to extended retention. In this example, the alternative was taken after 6:00 a.m. on Monday.

Managing Protection Policies 79

Extended retention backup behavior
When PowerProtect Data Manager identifies a matching backup, automatic extended retention creates a job at the beginning of
the backup window for the primary objective. This job remains queued until the end of the backup window and then starts.
The following examples describe the behavior of backups with extended retention for centralized and self-service protection.

Centralized protection
For an hourly primary backup schedule that starts on Sunday at 8:00 p.m. and ends on Monday at 6:00 p.m. with a weekly
extended retention objective that is set to repeat every Sunday, PowerProtect Data Manager selects the first available backup
starting after 8:00 p.m. on Sunday for long-term retention.
The following diagram illustrates the behavior of backups with extended retention for a configured protection policy. In this
example, full daily backups starting at 10:00 p.m. and ending at 6:00 a.m. are kept for 1 week. Full weekly backups are set to
repeat every Sunday and are kept for 1 month.

Figure 3. Extend retention backup behavior

Self-service protection
For self-service backups, PowerProtect Data Manager uses a default backup window of 24 hours. For a backup schedule that
starts on Sunday at 12:00 p.m and ends on Monday at 12:00 p.m. with a weekly extended retention objective that is set to
repeat every Sunday, PowerProtect Data Manager selects the first available backup that is taken between 12:00 p.m. on Sunday
and 12:00 p.m. on Monday for long-term retention.

Replication of extended retention backups

You can change the retention time of selected full primary backups in a replication objective by adding a replication objective to
the extended retention backup. The rules in the extended retention objective define the selected full primary backups. Review
the following information about replication of extended retention backups.
● Before you configure replication of extended retention backups, create a replication objective for the primary backup.
● Configure the replication objective of the extended retention and match this objective with one of the existing replication
objectives based on the primary backup. Any changes to a new or existing storage unit in the extended retention replication
objective or the replication objective of the primary backup is applied to both replication objectives.
● The replication objective of extended retention backups only updates the retention time of replicated backup copies and
does not create any new backup copies in the replication storage.

80 Managing Protection Policies

Edit the retention period for backup copies
You can edit the retention period of one or more backup copies to extend or shorten the amount of time that backups are
retained.

About this task

You can edit retention for all asset types and backup types.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. On the Assets window, select the tab for the asset type for which you want to edit retention. If a policy has been assigned,
the table lists the assets that have been discovered, along with the associated protection policy.
NOTE: For virtual machine assets, you can click the link in the Disk Excluded column next to a virtual machine asset to
view VMDKs that have been excluded from the protection policy. You cannot, however, edit disk inclusion or exclusion
from this window. To change the disks that are excluded for a protected asset, select the policy from the Protection
Policies window and click Edit.

3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the
backups are stored.
4. In the left pane, click the storage icon to the right of the icon for the asset, for example, DD. The table in the right pane lists
the backup copies.
5. Select one or more backup copies from the table and click Edit Retention.
6. Choose one of the following options:
● To select a calendar date as the expiration date for backups, select Retention Date.
● To define a fixed retention period in days, weeks, months, or years after the backup is performed, select Retention
Value. For example, you could specify that backups expire after 6 months.
NOTE: When you edit the retention period for copies that are retention locked, you can only extend the retention
period.

7. When satisfied with the changes, click Save.

The asset is displayed in the list with the changes. The Retention column displays both the original and new retention
period, and indicates whether the retention period has been extended or shortened.

Delete backup copies

In addition to deleting backups upon expiration of the retention period, PowerProtect Data Manager enables you to manually
delete backup copies from protection storage.

About this task

If you no longer require a backup copy and the retention lock is not enabled, you can delete backup copies prior to their
expiration date.
You can perform a backup copy deletion that deletes only a specified part of a backup copy chain, without impacting the ability
to restore other backup copies in the chain. When you select a specific backup copy for deletion, only that backup copy and the
backup copies that depend on the selected backup copy are deleted. For example, when you select to delete a full backup copy,
any other backup copies that depend on the full backup copy are also deleted.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to delete copies. If a policy has been
assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the
backups are stored.
4. In the left pane, click the storage icon to the right of the icon for the asset, for example, DD. The table in the right pane lists
the backup copies.

Managing Protection Policies 81

5. Select one or more copies from the table that you want to delete from the DD system, and then click Delete.
A preview window opens and displays the selected backup copies.
NOTE: For assets with backup copies that are chained together such as Microsoft SQL Server databases, Oracle
databases, SAP HANA databases, and application-aware virtual machines, the preview window lists all the backup copies
that depend on the specified backup copy. If you delete a backup copy, PowerProtect Data Manager deletes the
specified backup copy and all backup copies that depend on the specified backup copy.
6. For all asset types, you can choose to keep the latest backup copies or delete them. By default, PowerProtect Data Manager
keeps the latest backup copies. To delete the latest backup copies, clear the checkbox next to Include latest copies.
For VMAX storage group backup copies, you can choose to delete copies that are grouped together in the same protection
transaction or delete only selected copies. By default, PowerProtect Data Manager deletes copies that are grouped together
in the same protection transaction. To delete only selected copies, clear the checkbox next to Include copies in the same
protection transaction.
7. To delete the backup copies, in the preview window, click Delete.
NOTE: The delete operation may take a few minutes and cannot be undone.

An informational dialog box opens to confirm the copies are being deleted. To monitor the progress of the operation, click Go
to Jobs. To view the list of backup copies and their status, click OK.
NOTE: If the data deletion is successful but the catalog deletion is unsuccessful, then the overall deletion job status
appears as Completed with Exceptions.

When the job completes, the task summary provides details of each deleted backup copy, including the time that each copy
was created, the backup level, and the retention time. The time of copy creation and the retention time are shown in UTC.
An audit log is also generated and provides details of each deleted backup copy, including the time that each copy was
created, the backup level, and the retention time. The time of copy creation and the retention time are shown in UTC. Go to
Alerts > Audit Logs to view the audit log.
8. Verify that the copies are deleted successfully from protection storage. If the deletion is successful, the deleted copies no
longer appear in the table.

Retry a failed backup copy deletion

If a backup copy is not deleted successfully, you can manually retry the operation.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to delete copies. If a policy has been
assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the
backups are stored.
4. In the left pane, click the storage icon to the right of the icon for the asset, for example, DD. The table in the right pane lists
the backup copies.
5. Select one or more backup copies with the Deletion Failed status from the table, and then click Delete.
You can also filter and sort the list of backup copies by status in the Copy Status column.
The system displays a warning to confirm that you want to delete the selected backup copies.
6. Click OK.
An informational dialog box opens to confirm that the copies are being deleted. To monitor the progress of the operation,
click Go to Jobs. To view the list of backup copies and their status, click OK.
7. Verify that the copies are successfully deleted from protection storage. If the deletion is successful, the deleted copies no
longer appear in the table.

82 Managing Protection Policies

Export data for deleted backup copies
This option enables you to export results of deleted backup copies to a .csv file so that you can download an Excel file of the
data.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to export results of deleted backup copies. If
a policy has been assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select one or more protected assets from the table, and then select More Actions > Export Deleted Copies.
If you do not select an asset, PowerProtect Data Manager exports the data for deleted backup copies for all assets for the
specific asset type.
4. Specify the following fields for the export:
a. Time Range
The default is Last 24 Hours.
b. Copy Status
In order to export data for deleted backup copies, the backup copies must be in one of the following states:
● Deleted—The copy is deleted successfully from protection storage, and, if applicable, the agent catalog is deleted
successfully from the agent host.
● Deleting—Copy deletion is in progress.
● Deletion Failed—Copy deletion from protection storage is unsuccessful.
● Deletion Failed (Agent Catalog)—The copy is deleted successfully from protection storage, but is not deleted
from the agent host.
NOTE: This state is not applicable to virtual machine and Kubernetes backup copies.

NOTE: You cannot export data for backup copies that are in an Available state.

5. Click Download.
If applicable, the navigation window appears for you to select the location to save the .csv file.
6. Save the .csv file in the desired location and click Save.

Remove backup copies from the PowerProtect Data Manager

database
This option enables you to delete the backup copy records from the PowerProtect Data Manager database, but keep the backup
copies in protection storage.

About this task

For backup copies that could not be deleted from protection storage, you can remove the backup copies from the PowerProtect
Data Manager database. Removing the backup copies from PowerProtect Data Manager does not delete the copies in
protection storage.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to delete copies. If a policy has been
assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the
backups are stored.
4. In the left pane, click the storage icon to the right of the icon for the asset, for example, DD. The table in the right pane lists
the backup copies.
5. Select one or more backup copies with the Deletion Failed status from the table, and then click Remove from
PowerProtect.
The system displays a warning to confirm that you want to delete the selected backup copies.
6. Click OK.

Managing Protection Policies 83

 An informational dialog box opens to confirm that the copies are being deleted. To monitor the progress of the operation,
click Go to Jobs. To view the list of backup copies and their status, click OK.
7. Verify that the copies are deleted from the PowerProtect Data Manager database. If the deletion is successful, the deleted
copies no longer appear in the table. The backup copies remain in protection storage.

Removing expired backup copies

PowerProtect Data Manager deletes the backup copies of an asset automatically when the retention period of the copy expires.
Information about specifying retention periods for a protection policy objective is provided within the user guide for each asset
type.
In order for an expired copy to be deleted, the asset must be managed by PowerProtect Data Manager and in one of the
following states:
● Exclusion – The asset is assigned to an exclusion protection policy.
● Disabled – The asset is assigned to a disabled protection policy.
● Protected – The asset is assigned to an enabled protection policy.
● Previously Protected – The asset has been unassigned from a protection policy and has not yet been reassigned to
another policy or assigned to an Exclusion policy.
For an asset assigned to either an exclusion or disabled protection policy, PowerProtect Data Manager deletes the expired
backup copies for the asset when the following settings are set to true:
● expiredCopyDeletionEnabledForAssetInExclusionPolicy
● expiredCopyDeletionEnabledForAssetInDisabledPolicy
The expired copy deletion settings for exclusion and disabled protection policies are set to true by default. If either setting is
set to false, PowerProtect Data Manager skips deletion of the expired backup copies. The PowerProtect Data Manager Public
REST API documentation provides more information.
Expired copy cleanup occurs at 00:00 AM UTC each day. If a copy deletion fails, a warning alert appears in the audit log under
Alerts > System.
You can monitor the progress of the expired copy removal job from the Jobs window.

Removing assets from PowerProtect Data Manager

PowerProtect Data Manager automatically removes assets if certain conditions are met. However, some assets can be manually
removed.
Assets are automatically removed if the following conditions are met:
● The status of the asset is Deleted.
● The asset has no backup copies.
● The asset has existed for longer than the value of the asset TTL setting. This is 0 minutes by default, but it can be changed
with the REST API. For more information, see PowerProtect Data Manager Public REST API documentation.
NOTE: This value has changed from earlier versions of PowerProtect Data Manager.

The manual removal of assets allows for the following increased control over the process:
● The asset can be removed on demand.
● The status of the asset can be Not Detected.
● All protection copies of the asset, including replicated and cloud tiered copies, can be manually removed, followed by the
manual removal of the asset.
● All protection copies of the asset can be automatically removed, if this option is selected during manual asset removal from
PowerProtect Data Manager,

84 Managing Protection Policies

Remove assets and associated protection copies
In the PowerProtect Data Manager UI, you can manually remove some assets ahead of their scheduled removal, or remove
assets that have not been automatically removed.

Prerequisites
● The asset has a status of Deleted or Not Detected.
● The asset has no protection copies. If copies still exist in the storage system for the asset, you can delete these copies
before following the steps in this procedure or select an option to automatically delete the copies when the asset is
removed. For information on deleting backup copies, see Delete backup copies.

Steps
1. Select Infrastructure > Assets.
2. Select the tab that corresponds to the type of assets that you want to remove. For example, for vCenter virtual machine
assets, click Virtual Machine.
Assets that are associated with protection copies of this type are listed. By default, only assets with Available or Not
Detected status display. You can also search for assets by name.
3. Select one or more assets from the list. and then click More Actions > Remove Asset.
The Remove Assets dialog displays.
4. Select from one of the following options:
NOTE: All of these options might not display for the selected assets. The available options depend upon the protection
copy status of the selected assets.

● Remove assets and associated protection copies—removes these assets from PowerProtect Data Manager, and
automatically removes any protection copies for these assets from storage.
● Only remove assets with no associated protection copies—these assets will not be deleted if PowerProtect Data
Manager detects that protection copies for these assets still exist in the storage system.
● Mark "Not Detected" assets as "Deleted" but keep associated protection copies—mark assets with Not
Detected status as Deleted in the PowerProtect Data Manager UI, but retain protection copies for these assets in the
storage system. You can view assets marked as Deleted from the Infrastructure > Assets pane.
5. Click OK to confirm the asset removal.

Run an asset-protection report

This option enables you to run an asset-protection report and save the report in CSV format so that you can download an Excel
file of protection results data.

Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
2. Select the protection policy for which you would like to export the protection records.
If you do not select a protection policy, PowerProtect Data Manager exports the protection records for all the protection
policies.
3. Click Run Asset Protection Report.
The Export Asset Protection window appears.
4. Specify the following fields for the export:
a. The Time Range.
The default is Last 24 hours.
This refers to the last complete midnight-to-midnight 24-hour period; that is, yesterday. So, any events that have
occurred since the most recent midnight are not in the CSV export. For example, if you run the CSV export at 9am, any
events that have occurred in the last 9 hours are not in the CSV export. This is to prevent the overlapping of or partial
exporting when queried mid-day on a regular or irregular basis.
b. The Job Status.
c. Click Download.
If applicable, the navigation window appears for you to select the location to save the CSV file.

Managing Protection Policies 85

5. If applicable, save the .CSV file in the desired location and then click Save.

Disable a protection policy

From the PowerProtect Data Manager UI, you can disable a protection policy to temporarily stop running certain backup
objectives of this policy.

About this task

There are several reasons why you might want to disable a protection policy. For example, by disabling a policy, you can:
● Edit the policy and determine the impact of your changes before these changes take effect.
● Stop backup activity on primary storage if the storage is in maintenance or is temporarily unavailable (for example, during a
storage upgrade).
By default, disabling a centralized protection policy stops the primary backup objectives of this policy, including synthetic full
backups, full backups, and so on. Any replication, cloud tier, and extended retention objectives, however, continue to run while
the policy is disabled. You can also perform manual primary backups of a policy that is in Disabled state by using the Protect
Now functionality in the PowerProtect Data Manager UI. Protection jobs running for a disabled policy provides information
about jobs that continue to run when a policy is disabled.
You can modify the default behavior to make changes regarding which jobs continue to run when a policy is disabled by
using System Level overwrites in the REST API. The PowerProtect Data Manager Public REST API documentation provides
instructions.
When a protection policy is disabled, you can edit the policy in the same manner that you would edit an enabled policy. The
advantage of editing a policy in Disabled state is that you can preview the changes before resuming primary backups of the
policy. Editing a protection policy provides more information about modifying the details of an existing policy.

Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window opens.
2. Select one or more policies in Enabled state. You can also select the checkbox at the top of the table to select all policies on
the current page.
3. Click Disable.

Results
The policy status changes to Disabled. In Disabled state:
● In progress primary backup jobs that are associated with this policy continue to run until complete. If primary backups are
scheduled to run during the time that the policy is disabled, those backups do not run, even when you enable the policy
again. When you re-enable the policy, future scheduled backups resume.
● All other protection jobs for the policy continue to run according to schedule, unless no primary backup copy exists for the
policy. In this case, protection jobs are skipped.
● Manual backups of primary objectives can still be performed.

Protection jobs running for a disabled policy

When a protection policy is disabled, only protection jobs related to the primary backup objectives stop running.
The following table provides information about the types of protection jobs that continue to run when a policy is in Disabled
state. The column System level ovewrite? indicates whether the default behavior for this job can be overwritten by using the
API command. Note, however, that when a policy is disabled, the setting for at least one of these jobs must remain disabled.
NOTE: If no primary backup copy exists for the disabled policy, other scheduled protection jobs such as replication will
display as Skipped in the Protection Jobs window of the PowerProtect Data Manager UI.

86 Managing Protection Policies

Table 24. Protection jobs running when a policy is disabled
Job category Purpose Runs when policy is System level overwrite?
disabled?
Centralized scheduled primary Create a primary backup No Yes
protection
Manual backup and replication ● Create a primary backup Yes No
(Protect Now, Replicate (Protect Now)
Now) ● Replicates primary backup
(Replicate Now)
Self-service protection Create a primary backup Yes No
Policy and asset configuration Prepare for protection or Yes No
copy management jobs
Replication Copy management (location) Yes Yes
Cloud DR Copy management (location) Yes Yes
Extended Retention Copy management (retention) Yes Yes
Cloud Tier Copy management (location) Yes Yes
SLA compliance verification Copy management (report Yes Yes
and alert)
Delete expired copy Copy management (reclaiming Yes Yes
space on DD)

Enable a disabled protection policy

To reenable a disabled policy, perform the following steps:

Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
2. Select one or more policies in Disabled state. You can also select the checkbox at the top of the table to select all policies
on the current page.
3. Click Enable.

Results
The status changes to Enabled. Primary backups for the reenabled policies resume according to the protection policy schedule.

Customize the default behavior of disabled policies

By default, a protection policy in Disabled state prevents the primary backup objectives of this policy from running, but does
not stop other protection jobs. You can, however, change the default behavior to also stop other activities, such as replication
and cloud tiering, by using the REST API.
The PowerProtect Data Manager Public REST API documentation provides instructions.

Delete a protection policy

Perform the following steps to delete a protection policy that is not protecting any assets.

Prerequisites
If the policy you want to delete protects assets, you must associate those assets with a different protection policy before you
can delete the policy.

Managing Protection Policies 87

Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
2. Select the policy that you want to delete, and then click Delete.

Results
After you delete a policy, clean-up of unnecessary components within protection storage occurs automatically according to
schedule. Clean-up includes storage units under the control of PowerProtect Data Manager and the corresponding DD Boost
users, according to the rules for storage units.

Add a service-level agreement

SLA Compliance in the PowerProtect Data Manager UI enables you to add a service-level agreement (SLA) that identifies your
service-level objectives (SLOs). You use the SLOs to verify that your protected assets are meeting the service-level agreements
(SLAs).

About this task

NOTE: When you create an SLA for Cloud Tier, you can include only full backups in the SLA.

In the SLA Compliance window, you can export compliance data by using the Export All functionality.

Steps
1. From the PowerProtect Data Manager UI, select Protection > SLA Compliance.
The SLA Compliance window appears.
2. Click Add or, if the assets that you want to apply the SLA to are listed, select these assets and then click Add.
The Add Service Level Agreement wizard appears.
3. Select the type of SLA that you want to add, and then click Next.
● Policy. If you choose this type, go to step 4.
● Backup. If you choose this type, go to step 5.
● Extended Retention. If you choose this type, go to step 6.
● Replication. If you choose this type, go to step 7.
● Cloud Tier. If you choose this type, go to step 8.
You can select only one type of Service Level Agreement.
4. If you selected Policy, specify the following fields regarding the purpose of the new Policy SLA:
a. The SLA Name.
b. If applicable, select Minimum Copies, and specify the number of Backup, Replication, and Cloud Tier copies.
c. If applicable, select Maximum Copies, and specify the number of Backup, Replication, and Cloud Tier copies.
d. If applicable, select Available Location and select the applicable locations. To add a location, click Add Location.
Options include the following:
● In—Include locations of all copies in the SLO locations. Selecting this option does not require every SLO location to
have a copy.
● Must In—Include locations of all copies in the SLO locations. Selecting this option requires every SLO location to
have at least one copy.
● Exclude—Locations of all copies must be non-SLO locations.
e. If applicable, select Allowed in Cloud through Cloud Tier/Cloud DR.
f. Click Finish, and then go to step 9.
5. If you selected Backup, specify the following fields regarding the purpose of the new Backup SLA:
a. The SLA Name.
b. If applicable, select Recovery Point Objective required (RPO), and then set the duration. The purpose of an RPO is
business continuity planning, and indicates the maximum targeted period in which data (transactions) might be lost from
an IT service due to a major incident.
NOTE: You can select only Recovery Point Objective required to configure as an independent objective in the
SLA, or select both Recovery Point Objective required and Compliance Window for copy type. If you select
both, the RPO setting must be one of the following:

88 Managing Protection Policies

 ● Greater than 24 hours or more than the Compliance window duration, in which case RPO validation occurs
independent of the Compliance Window.
● Less than or equal to the Compliance Window duration, in which case RPO validation occurs within the
Compliance Window.

c. If applicable, select Compliance Window for copy type, and then select a schedule level from the list, for example,
All, Full, Cumulative, and set the duration. Duration indicates the amount of time necessary to create the backup
copy. Ensure that the Start Time and End Time of backup copy creation falls within the Compliance Window duration
specified.
This window specifies the time during which you expect the specified activity to take place. Any specified activity that
occurs outside of this Start Time and End Time triggers an alert.
d. If applicable, select the Verify expired copies are deleted option.
Verify expired copies are deleted is a compliance check to see if PowerProtect Data Manager is deleting expired
copies. This option is disabled by default.
e. If applicable, select Retention Time Objective, and specify the number of Days, Months, Weeks, or Years.
NOTE: For compliance validation to pass, the value set for the Retention Time Objective must match the lowest
retention value set for the backup levels of this policy's target objectives. For example, if you set the synthetic full
backup Retain For to 30 days but set the full backup Retain For to 60 days, the Retention Time Objective must be
set to the lower value, in this case, 30 days.

f. If applicable, select the Verify Retention Lock is enabled for all copies option. This option is disabled by default.
g. Click Finish, and go to step 9.
The SLA Compliance window appears with the new SLA.
6. If you selected Extended Retention, specify the following fields regarding the purpose of the new Extended Retention SLA:
a. The SLA Name.
b. If applicable, select Recovery Point Objective required (RPO), and then set the duration. The purpose of an RPO is
business continuity planning, and indicates the maximum targeted period in which data (transactions) might be lost from
an IT service due to a major incident.
NOTE: By default, the RPO provides a grace period of 1 day for SLA compliance verification. For example, with
a weekly extended retention schedule, PowerProtect Data Manager provides 8 days for the RPO to pass the SLA
Compliance verification.

c. If applicable, select the Verify expired copies are deleted option.

Verify expired copies are deleted is a compliance check to see if PowerProtect Data Manager is deleting expired
copies. This option is disabled by default.
d. If applicable, select Retention Time Objective, and specify the number of Days, Months, Weeks, or Years.
e. If applicable, select the Verify Retention Lock is enabled for all copies option. This option is disabled by default.
f. Click Finish, and go to step 9.
The SLA Compliance window appears with the newly added SLA.
7. If you selected Replication, specify the following fields regarding the purpose of the new Replication SLA:
a. The SLA Name.
b. If applicable, select the Compliance Window, and specify the Start Time and End Time.
This window specifies the times that are permissible and during which you can expect the specified activity to occur. Any
specified activity that occurs outside of this start time and end time triggers an alert.
c. If applicable, select the Verify expired copies are deleted option.
Verify expired copies are deleted is a compliance check to see if PowerProtect Data Manager is deleting expired
copies. This option is disabled by default.
d. If applicable, select Retention Time Objective, and specify the number of Days, Months, Weeks, or Years.
NOTE: For compliance validation to pass, the value set for the Retention Time Objective must match the lowest
retention value set for the backup levels of this policy's target objectives.

e. If applicable, select the Verify Retention Lock is enabled for all copies option. This option is disabled by default.
f. Click Finish, and go to step 9.
The SLA Compliance window appears with the newly added SLA.
8. If you selected Cloud Tier type SLA, specify the following fields regarding the purpose of the new Cloud Tier SLA:
a. The SLA Name.
b. If applicable, select the Verify expired copies are deleted option.

Managing Protection Policies 89

 This option is a compliance check to determine if PowerProtect Data Manager is deleting expired copies. This option is
disabled by default.
c. If applicable, select Retention Time Objective and specify the number of Days, Months, Weeks, or Years.
NOTE: For compliance validation to pass, the value set for the Retention Time Objective must match the lowest
retention value set for the backup levels of this policy's target objectives.

d. If applicable, select the Verify Retention Lock is enabled for all copies option. This option is disabled by default.
e. Click Finish.
9. If the SLA has not already been applied to a protection policy:
a. Go to Protection > Protection Policies.
b. Select the policy, and then click Edit.
10. In the Objectives row of the Summary window, click Edit.
11. Do one of the following, and then click Next:
● Select the added Policy SLA from the Set Policy Level SLA list.
● Create and add the SLA policy from the Set Policy Level SLA list.
The Summary window appears.
12. Click Finish.
An informational message appears to confirm that PowerProtect Data Manager has saved the protection policy.
13. Click Go to Jobs to open the Jobs window to monitor the backup and compliance results, or click OK to exit.
NOTE: Compliance checks occur automatically every day at 2 a.m. Coordinated Universal Time (UTC). If any objectives
are out of compliance, an alert is generated at 2 a.m. UTC. The Validate job in the System Jobs window indicates the
results of the daily compliance check.
For a backup SLA with a required RPO setting that is less than 24 hours, PowerProtect Data Manager performs real-time
compliance checks. If you selected Compliance Window for copy type and set the backup level to All, the real-time
compliance check occurs every 15 minutes only within the compliance window. If the backup level is not All, or if a
compliance window is not specified, the real-time compliance check occurs every 15 minutes without stop.
NOTE: If the backup SLA has a required RPO setting of 24 hours or greater, compliance checks occur daily at 2 a.m.
UTC. Real-time compliance checks do not occur for backup SLAs with an RPO setting of 24 hours or greater.
Real-time compliance-check behavior
If the interval of time between the most recent backup of the asset and the compliance check is greater than the RPO
requirement, then an alert indicates the RPO of the asset is out of compliance. This alert is generated once within an RPO
period. If the same backup copy is missed when the next compliance check occurs, no further alerts are generated.
If the interval of time between the most recent backup of the asset and the compliance check is less than the RPO
requirement, the RPO of the asset is in compliance.
If multiple assets in a policy are out of compliance at the same time when a compliance check occurs, a single alert is
generated and includes information for all assets that are out of compliance in the policy. In the Alerts window, the asset
count next to the alert summary indicates the number of assets that are out of compliance in the policy.

14. In the Jobs window, click next to an entry to view details on the SLA Compliance result.

Run a compliance report

This option enables you to run a compliance report and save the report in CSV format so that you can download an Excel file of
compliance results data.

Steps
1. From the PowerProtect Data Manager UI, select Protection > SLA Compliance.
The SLA Compliance window appears. The PowerProtect Data Manager SLA Compliance window displays the following
information:
● SLA Name
● Stage Type
● Policies At Risk
● Objectives Out of Compliance

90 Managing Protection Policies

 ● Impacted Assets
2. Select the SLA for which you would like to export the compliance records.
3. Click Run Compliance Report.
The Run Compliance Report window appears.
4. Specify the following fields for the export:
a. The Time Range.
The default is Last 24 hours.
This refers to the last complete midnight-to-midnight 24 hour period; that is, yesterday. So, any events that have
occurred since the most recent midnight are not included in the CSV export. For example, if you run the CSV export
at 9am, any events that have occurred in the last 9 hours are not included in the CSV export. This is to prevent the
overlapping of or partial exporting when queried mid-day on a regular or irregular basis.
b. The Job Status.
c. Click Download.CSV.
If applicable, the navigation window appears for you to select the location to save the CSV file.
5. If applicable, save the CSV file in the desired location and click Save.

Protecting client assets after a client hostname

change
If the hostname of a client is changed, its assets are no longer protected without further action.
When changing a client hostname, you must delete its existing lockbox files and generate new ones. For more information, see
the documentation of the relevant application agent.

ifGroup configuration and PowerProtect Data

Manager policies
If an ifGroup is configured on the DD, the IP address selected in the PowerProtect Data Manager protection policy is only
used for the initial connection, and redirection (for example, for load balancing) occurs according to the ifGroup setting
on the DD. LACP and other failover options on the DD work independently from what is selected in the PowerProtect Data
Manager policy.
The following examples and diagrams demonstrate common scenarios in PowerProtect Data Manager when an ifGroup is
configured on the DD.
PowerProtect Data Manager policy with no ifGroup
DD configuration:
● eth1/eth2 1G
● eth3/eth4/eth5/eth6 10G
● No ifGroup

Managing Protection Policies 91

PowerProtect Data Manager policy with one ifGroup
DD configuration:
● eth1/eth2 1G
● eth3/eth4/eth5/eth6 10G
● ifGroup * eth3/eth4/eth5/eth6

PowerProtect Data Manager policy with multiple ifGroups

DD configuration:
● eth1/eth2 1G
● eth3/eth4/eth5/eth6 10G
● ifGroup VLAN-VM eth3/eth4
● ifGroup VLAN-SQL eth5/eth6

92 Managing Protection Policies

Managing Protection Policies 93
 7
Preparing for and Recovering From a
Disaster
Topics:
• About server disaster recovery
• System recovery for server DR
• Quick recovery for server DR
• Overview of PowerProtect Data Manager Cloud Disaster Recovery

About server disaster recovery

The PowerProtect Data Manager system protection service enables you to protect the persistent data of a PowerProtect Data
Manager system from catastrophic loss by creating a series of server disaster recovery (DR) backups.
Preparing for server DR requires the consideration of two scenarios: loss of the PowerProtect Data Manager server and loss
of the entire site. Some of the information that you record during the server DR configuration process may only apply to one
scenario or the other. As a best practice, you should gather and record all applicable information for both scenarios.
PowerProtect Data Manager supports three methods of server DR:

System recovery
System recovery creates point-in-time snapshots of the PowerProtect Data Manager server in protection storage. During a DR
activity, recover the server from protection storage and then restore protected assets.
System recovery for server DR provides more information.

Quick recovery
Quick recovery makes a remote PowerProtect Data Manager replication destination aware of replicated backups and enables
the recovery view. During a DR activity, you can restore assets from these replicated backups at the destination without first
restoring the source server.
Quick recovery for server DR provides more information.

Cloud Disaster Recovery

Cloud DR enables you to restore to a DR site in a supported public cloud environment. During a DR activity, restore virtual
machines to a Cloud DR server and recover those workloads in the cloud.
Overview of PowerProtect Data Manager Cloud Disaster Recovery provides more information.

94 Preparing for and Recovering From a Disaster

Differences between server DR methods
The following table highlights the differences between the three server DR methods,

Table 25. Server DR comparison

Criteria System recovery Quick recovery Cloud DR
Requires another running PowerProtect Data Manager No a Yes No
server
Requires additional configuration after setup Optional b No No
Requires configuration outside of the PowerProtect Data Yes No No
Manager UI during recovery
Preserves backup workflows Yes No No
Supports server DR replication Yes Automatic Automatic
Recovery time objective (RTO) for backup infrastructure >1 hour a N/A N/A

a. Optionally, you can configure a second server and leave this server unconfigured to decrease the RTO for system
recovery. However, the RTO for system recovery cannot match the RTO for quick recovery or Cloud DR.
b. Configuration of server DR replication.

System recovery for server DR

The system recovery process creates periodic backups of a PowerProtect Data Manager server, from which you can restore the
server after a disaster. Each backup is considered a full backup although it is created in an incremental manner.
System recovery backups include persistent data such as the lockbox and the PostgreSQL and ElasticSearch databases. The
backup operation quiesces the server and creates a point-in-time snapshot of the databases. This quiescent state limits user
functionality. After the snapshot completes and while PowerProtect Data Manager copies the snapshot to protection storage,
the server restores full user functionality. System recovery backups also include File Search indexes and other component DR
backups.
The system protection service enables you to manage the frequency and retention of an automated server DR backup. You
can also perform manual backups. However, the system protection service does not manage the retention of manual backups
and you must delete any outdated manual backups yourself. Manage PowerProtect Data Manager server DR backups provides
instructions.
You can select one protection storage system as a server DR backup target and one protection storage system as a replication
target. Replication provides an extra layer of protection for server DR backups. Manually configure server DR backups provides
instructions for configuring server DR replication, while Restore PowerProtect Data Manager from server DR backups contains
instructions for restoring from a replica.
Since only one backup target and one replication target are supported at a time, when you specify a new protection storage
system, you overwrite the existing selection. If you have more protection storage systems, you can change which protection
storage system holds the server DR backup or receives the replica.
PowerProtect Data Manager server DR replication is independent of any legacy methods, such as MTree replication on an
individual DD system. Backups and configuration from legacy methods are not detected or migrated.

Server DR protection storage types

PowerProtect Data Manager supports two types of protection storage for server DR: NFS and DD Boost.
DD Boost is the recommended storage type for PowerProtect Data Manager server DR. NFS is the legacy storage type for
PowerProtect Data Manager server DR.
Updating the PowerProtect Data Manager server does not automatically change the storage type. Instead, select the
appropriate storage type and manually configure server DR backups. Do not alternate between storage types.
Switching from NFS to DD Boost creates new server DR backups, rather than migrating existing backups. The previous NFS
backups are no longer visible in the list of DR backups. However, you can still recover from older NFS server DR backups even
after switching to DD Boost, should you experience a disaster before the initial DD Boost system backup completes.

Preparing for and Recovering From a Disaster 95

DD Boost
DD Boost provides security and efficiency advantages over NFS, including password-protected authentication. When you use
DD Boost, PowerProtect Data Manager creates and manages a storage unit on the DD system and a corresponding user
account.
● The storage unit and user account name are based on the PowerProtect Data Manager hostname. For example,
SysDR_<hostname>.
● The DD Boost user password is based on the PowerProtect Data Manager predefined administrator account (admin)
password.
NOTE: The password is based on the admin account even if you use other accounts with the Administrator role, such
as external identity provider users, to administer PowerProtect Data Manager.
Changes to the PowerProtect Data Manager predefined administrator password prompt corresponding updates to the DD Boost
user password. If you configured server DR replication, password changes also prompt corresponding updates to the credentials
on the replication target. Recovery from server DR backups requires the PowerProtect Data Manager predefined administrator
password. If you do not know this password, contact Customer Support.
If you plan to use DD Boost, add the DD system as protection storage before you configure server DR. Protection storage
provides instructions.
The DD Boost storage type allows for automatic server DR configuration. Automatic server DR provides more information.
Only the DD Boost storage type supports server DR replication.

NFS
To store backups over NFS, you must configure and assign a private storage unit for the PowerProtect Data Manager system.
Then, prepare the DD recovery target by creating an NFS export. With the DD system address and the NFS export path, you
can configure PowerProtect Data Manager to perform server DR backups.
NFS storage is deprecated in favor of DD Boost.

Automatic server DR
New installations of PowerProtect Data Manager automatically configure and enable server DR with minimal input. This process
ensures that the server is protected as soon as you add protection storage.
Automatic server DR detects when you first add a protection storage system. The automatic configuration mechanism uses
the recommended DD Boost storage type and default settings to create a managed storage unit for server DR. This process
generates server DR jobs that you can track through the Jobs page.
Automatic configuration selects the first protection storage system that you add to PowerProtect Data Manager. However, you
can configure server DR to change the target to another protection storage system or enable replication. Manually configure
server DR backups provides instructions. Manual configuration of the backup target is not recommended unless you must target
a different protection storage system.
If automatic server DR fails, Manually configure server DR backups provides an alternate method to configure server DR. The
job details provide information that you can use to troubleshoot the configuration process.

Prepare the DD system recovery target (NFS)

If you plan to use NFS for system backup storage, configure the NFS export on the DD target system and select the required
permissions. Configuring PowerProtect Data Manager for backup and recovery requires this NFS export path.

About this task

NOTE: NFS is the legacy storage type for PowerProtect Data Manager server DR.

Steps
1. Use a web browser to log in to DD System Manager as the system administrator user.
2. On the Summary tab in the Protocols pane, select NFS Exports > Create Export.

96 Preparing for and Recovering From a Disaster

3. In the Create NFS Export window, provide the following information, and then click OK.
● Export Name—the name of the DD MTree.
● Directory Path—the full directory path for DD MTree that you created. Ensure that you use the same name for the
directory.
NOTE: For an external DD system, specify a path similar to the following, /data/col1/<path>, where <path> is
the MTree that stores the system backups.
4. Add PowerProtect Data Manager by hostname or IP address to the NFS client list.
To configure DR protection for an existing Search cluster, add the IP address or hostname of the Search cluster to the NFS
client list.
5. Ensure that the Current Selection list includes no_root_squash, which is required for permission for PowerProtect Data
Manager to change the directory structure on the NFS share.
6. When the progress message indicates that the save operation is complete, click Close.

Manually configure server DR backups

For new installations, PowerProtect Data Manager automatically configures and enables server DR. However, you can manually
configure DR protection for the PowerProtect Data Manager system and the system metadata.

Prerequisites
If you plan to use NFS for protection storage, prepare the target DD system as described in Prepare the DD system recovery
target (NFS).
If you plan to use DD Boost for protection storage, add the DD system as protection storage. Protection storage provides
instructions. If you plan to replicate server DR backups, the replication target must be a different protection storage system.

Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. Click , select Disaster Recovery, and then click Configuration.

3. Select Enable backup.
4. For DD Boost, configure the backup with the following attributes:
a. For Protocol, select DDBoost.
b. From the PowerProtect DD System drop-down list, select a backup destination from the list of existing protection
storage systems, or select Add to add a system and complete the details in the Add Storage window.
For initial DR configuration, the Storage Unit field is empty. If DR was already configured, the Storage Unit field
displays the name of the storage unit that holds server DR backups.
5. For NFS, configure the backup with the following attributes:
a. For Protocol, select NFS.
b. In the PowerProtect DD System field, type the IP address or hostname of the DD system for the backup.
c. In the NFS Export Path field, type the NFS path where server DR backups are stored on the target DD system.
6. Configure the backup frequency and duration:
a. Type an interval between server DR backups, in hours.
This setting controls backup frequency, and the allowed values are 1 to 24 hours.
b. Type the number of days for which PowerProtect Data Manager should retain server DR backups.
The allowed values are 2 to 30 days.
7. To enable server DR replication:
a. Check Enable Replication.
b. From the Replicate Backup To drop-down list, select a target from the list of existing protection storage systems, or
select Add to add a system and complete the details in the Add Storage window.
The replication target cannot be the backup destination.
The replication frequency and retention time are the same as for the backup.
8. Click Save.

Preparing for and Recovering From a Disaster 97

Results
For DD Boost, PowerProtect Data Manager creates system jobs to prepare the new storage unit and to configure the server DR
protection policy.
For both storage types, PowerProtect Data Manager creates a system job for the first server DR backup.
If you configured replication, PowerProtect Data Manager creates a DD Boost user and storage unit on the destination. Server
DR backups begin replicating according to the protection schedule.

Next steps
Verify that the system jobs succeed.

Record settings for server DR

Plan for DR by recording vital information. In the event of a major outage, you will need this information to recover your
systems. Some items are only required for particular DR scenarios. Record the following information on a local drive outside
PowerProtect Data Manager:

Steps
1. If PowerProtect Data Manager is deployed to vSphere, record the port groups:
a. Log in to the vSphere client.
b. Right-click the appliance name and select Edit Settings.
c. Record the port group settings that are assigned to PowerProtect Data Manager.
This information is useful when restoring to the same VMware environment.
2. Record the PowerProtect Data Manager FQDN.
3. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
4. Record the PowerProtect Data Manager version and build numbers.
Customer Support can provide this information, which is not mandatory.

5. Click , select Disaster Recovery, and then click Configuration.

6. Record whether server DR storage uses NFS or DD Boost.
7. Record the protection storage system IP address or FQDN.
8. If you configured server DR replication, record the FQDN for the replication target.
9. If you use NFS for server DR storage, record the NFS export path.
10. If you use DD Boost for server DR storage, perform the following substeps:
a. Connect to the PowerProtect Data Manager console and change to the root user.
b. Change directory:
cd /usr/local/brs/puppet/scripts
c. Obtain and record the server DR DD Boost credentials:
./get_dd_mtree_credential.py SysDR_$(hostname -s)
d. Connect to the protection storage system console.
e. Obtain and record the user ID (UID) for the server DR DD Boost user:
user show list

Results

Table 26. Recorded DR settings

System Setting or Property Example Recorded Value
PowerProtect Version and build 19.11
Data Manager
FQDN server1.example.com

Backup protocol NFS or DD Boost

Server DR FQDN dd-replica.example.com
replica

98 Preparing for and Recovering From a Disaster

Table 26. Recorded DR settings (continued)
System Setting or Property Example Recorded Value
Protection FQDN dd.example.com
storage system
NFS export path N/A
DD Boost username SysDR_server1

DD Boost password zD0_56c-b4e-ad4-dbb-

DD Boost UID 501

Manage PowerProtect Data Manager server DR backups

View PowerProtect Data Manager server DR backups and perform manual backups. You can view the last 5 server DR backups.

About this task

For DR backups, PowerProtect Data Manager supports a default retention period of 7 days plus the last 3 hourly backup copies
for the current day. You can change the frequency and retention of DR backups from the Disaster Recovery > Configuration
tab.
The system protection service automatically deletes scheduled backups according to the configured retention policy. You cannot
manually delete scheduled backups. However, you can delete manual backups.

Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. Click , select Disaster Recovery, and then click Manage Backups.

3. To perform a manual backup:
a. Click Backup Now.
The Enter a name for your backup dialog appears.
b. [Optional] Type a name for your backup.
You can leave the backup name blank, and PowerProtect Data Manager provides a name for the backup by using the
naming convention UserDR-. If you provide a name with the convention that PowerProtect Data Manager uses for
scheduled backups, which is SystemDR, PowerProtect Data Manager displays an error.
c. Click Start Backup.
The backup appears as an entry in the table. To view details for the backup, click the arrow icon.
If the Search Engine is deployed,PowerProtect Data Manager also backs up the Search Engine. The backup details
provide the status of the Search Engine backup.
To monitor the status of the backup, select Jobs > Protection and look for a job with the name Protect the server
datastore.

4. To delete a backup:
a. Select a backup from the list.
b. Click for that row.
The system displays a warning to confirm you want to delete the backup. Click Yes to proceed.
5. Click Cancel.

Restore PowerProtect Data Manager from server DR backups

You can restore PowerProtect Data Manager from a server DR backup on a protection storage system.

Prerequisites
● Only the Administrator role can carry out the restore.
● Ensure that all the information listed in Record settings for server DR is available.

Preparing for and Recovering From a Disaster 99

● Ensure that the FQDN of the PowerProtect Data Manager is the same as the host name.
● To restore from NFS, ensure that you have set up the recovery target system. See Prepare the DD system recovery target
(NFS).
● To restore from DD Boost, ensure that you have the current password for the PowerProtect Data Manager UI predefined
administrator account. If you do not know this password, contact Customer Support.
● To restore from a server DR replica, ensure that you have the IP address or FQDN for the replication target, the
PowerProtect Data Manager hostname, and the current password for the PowerProtect Data Manager UI predefined
administrator account.
● If the Search Engine nodes from the previous PowerProtect Data Manager deployment are still hosted on the vCenter,
server, delete the Search Engine nodes from the vCenter server before you restore the PowerProtect Data Manager system.
The recovery process redeploys the Search Engine nodes as part of the restore operation.
● The recovery process does not automatically redeploy protection engines. After recovery, redeploy the protection engines.

About this task

When a primary PowerProtect Data Manager system fails because of a major event, deploy a new PowerProtect Data Manager
system and recover the backup from the external DD system.

NOTE: If the recovery system is on a different FQDN, see Troubleshoot recovery of PowerProtect Data Manager.

If a Search Engine is present in the recovery backup when you restore the PowerProtect Data Manager system, the Search
Engine is automatically restored.

Steps
1. Deploy a new PowerProtect Data Manager virtual appliance.
The PowerProtect Data Manager Deployment Guide for the appropriate platform provides instructions.
2. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:
https://<appliance_hostname>
NOTE: You can specify the hostname or the IP address of the appliance.

3. On the Install window under Welcome, select Restore Backup.

4. Select After restore, keep the product in recovery mode so that scheduled workflows are not triggered.
Recovery mode provides more information.
5. To restore from NFS:
a. For Protocol, select NFS.
b. Under Select File, enter the DD System and NFS Export Path where the backup is located, and then click Connect.
A list of the available recovery backups appears.
6. To restore from DD Boost:
a. For Protocol, select DDBoost.
b. Type the hostname or IP address for the protection storage system that stores server DR backups.
c. If the hostname is not already populated, type the hostname for the PowerProtect Data Manager system.
d. To restore from a server DR replica, append /R to the hostname.
For example, system1.example.com/R.
e. Type the password for the predefined administrator account (admin).
f. Click Connect.
A list of the available recovery backups appears. If restoring from a replica, the list of backups includes those on the replica.
7. Select the backup from which to recover the system, and then click Recover.
The recovery starts. Recovery can take a few minutes.

Results
When recovery is complete, the PowerProtect Data Manager login page appears.
The time zone of the PowerProtect Data Manager instance is set to that of the backup.
If restoring from a replica, the replication target protection storage system is configured as the new server DR backup target.
All preloaded accounts are reset to default passwords, as described in the PowerProtect Data Manager Security Configuration
Guide. The preloaded UI administrator account is an exception and retains its password. Change the passwords for all preloaded
accounts as soon as possible.

100 Preparing for and Recovering From a Disaster

 NOTE: Backup copies that are created after a Server DR restore point will be discovered after the server is restored to
a state when these backup copies did not exist. Replication and cloud tier copies, however, do not follow this behavior.
Any backup copies that had replication or cloud tier copies before the restore will be replicated/cloud tiered upon the next
manual or scheduled job for this objective.

Recovery mode
If you select After restore, keep the product in recovery mode so that scheduled workflows are not triggered during
deployment, PowerProtect Data Manager enables recovery mode.
With recovery mode active, when you log in to PowerProtect Data Manager:
● A red banner appears at the top of the PowerProtect Data Manager UI. The banner indicates that the PowerProtect Data
Manager system is operational but scheduled workflows are disabled.
● All jobs defined by your protection policies that modify the backup storage (for example, backup creation, backup deletion,
and PowerProtect Data Manager Server DR jobs) are not triggered.
● All operations that write to the backup storage are disabled.
To return PowerProtect Data Manager to full operational mode and enable scheduled workflows, click Return to full
operational mode.

Recovering the Search Engine from a DR backup

PowerProtect Data Manager automatically restores the Search cluster after disaster recovery of the PowerProtect Data
Manager system is complete. If the PowerProtect Data Manager system could not restore the Search cluster automatically, use
the steps in this procedure to restore only the Search cluster through the REST API. Recovery of a Search cluster must be
performed on an operational PowerProtect Data Manager system. Only the Administrator role can restore the Search cluster.

Prerequisites
Obtain the name of the Search cluster backup from System Settings > Disaster Recovery > Manage Backups.

Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
Use the same credentials that you used before PowerProtect Data Manager was restored.
2. Locate the backup manifest file:
a. Connect to the PowerProtect Data Manager console as an admin user.
b. Browse the directory path /data01/server_backups/<PowerProtect Data Manager
Hostname>_<NodeID>.
c. Run grep -Rnwa -e '<Name>' --include=*.manifest
3. Open the backup manifest file.
4. Locate the Components section, which contains Search Cluster.
The values for the following fields that are listed in the Search Cluster section are needed for the POST call in the next
step.
● Name=id
● BackupPath, which contains <NFSHost>:/data/col1/<NFSExportFolder>/<NFSDirPath>/
SearchCluster

For example:

"Components": [
{ "name": "SearchCluster",
{{ "id": "c25290d9-a88c-4a15-9e7c-656f186209ae", }}
{{ "version": "v2", }}
{{ "backupPath": "10.25.12.74:/data/col1/serverdr_backup/vm-
qa-0091_6ce36793-3379-45d2-84bd-d8bde69e52d4/SearchCluster", }}
{{ "backupStatus": "SUCCESSFUL", }}
{{ "backupsEnabled": true }}
{

{ }

Preparing for and Recovering From a Disaster 101

 }}
{{ ]}}

where:
○ NFSHost = "10.25.12.74"
○ NFSExport = "/data/col1/serverdr_backup"
○ NFSDirPath = "vm-qa-0091_6ce36793-3379-45d2-84bd-d8bde69e52d4/SearchCluster"
○ Name = "c25290d9-a88c-4a15-9e7c-656f186209ae"
5. Use the REST API to run the following POST call:

https://<PowerProtect Data Manager IP>:8443/api/v2/search-clusters/component-backups/

<Name>/restore

"ddDirectoryPath" : "<NFSDirPath>",

"ddHost" : "<NFSHost>",

"ddNfsExportName" : "<NFSExport>"

6. To monitor the status of the restore process, in the PowerProtect Data Manager UI, select Jobs > System Jobs and look
for a job with the description, Restoring backup Search Node.

Change the IP address or hostname of a DD system

You can change the IP address or hostname of a DD system without affecting server DR.

About this task

Before changing the IP address or hostname of a DD system, perform the following steps.
NOTE: If you have changed the IP address or hostname of a DD system without following these steps, you can recover DR
functionality. For more information, see Recover from a changed DD system IP address or hostname.

Steps
1. Disable Server DR backups.
2. Log in to the PowerProtect Data Manager server by using SSH.
3. Run the following command:
sudo umount /data01/server_backups
4. For each Search Engine node, perform the following substeps:
a. Log in to the Search Engine node by using SSH.
b. Run the following command:
sudo umount /mnt/PPDM_Snapshots
5. Remove the DD system from PowerProtect Data Manager:
a. From the PowerProtect Data Manager UI, select Infrastructure > Storage.
b. Select the DD system to remove.
c. Click Delete.
6. Change the IP address or hostname of the DD system.
7. Add the DD back to PowerProtect Data Manager.
8. Enable server DR backups.

102 Preparing for and Recovering From a Disaster

Recover from a changed DD system IP address or hostname
If you changed the IP address or hostname of a DD system without following the supported procedure, you can recover your
server DR functionality.

About this task

Steps
1. Disable Server DR backups.
2. Log in to the PowerProtect Data Manager server by using SSH.
3. Run the following command:
ps aux | grep /data01/server_backups | grep boostfs
Make a note of the process ID next to the boostfs entry in the command output.

4. Run the following command, replacing <processID> with the process ID obtained in step 3:
sudo kill -9 <processID>
5. Run the following command:
sudo umount /data01/server_backups
6. For each Search Engine node, perform the following substeps:
a. Log in to the Search Engine node by using SSH.
b. Run the following command:
sudo umount /mnt/PPDM_Snapshots
7. Remove the DD system from PowerProtect Data Manager:
a. From the PowerProtect Data Manager UI, select Infrastructure > Storage.
b. Select the DD system to remove.
c. Click Delete.
8. Add the DD back to PowerProtect Data Manager.
9. Enable server DR backups.

Troubleshooting NFS backup configuration issues

The following sections provide a list of error messages that might appear when you configure a server DR backup configuration
that uses NFS.

DD storage unit mount command failed with error: 'Cannot mount full path: Access
is denied'
This error message appears when an NFS export does not exist on the DD system for the full path to the server DR storage
unit. This error message also appears when the redeployed virtual appliance was not added as a client for access to the NFS
export.
To resolve this issue, ensure that you have configured an NFS export for the full path of the DD Boost storage unit and that the
appliance is an Export client.

DD storage unit mount command failed with error: 'Cannot resolve FQDN: The name
or service not known'
This error message appears when PowerProtect Data Manager cannot contact the DD system by using the specified FQDN. To
resolve this issue, ensure that you can resolve the FQDN and IP address of the DD system.

Preparing for and Recovering From a Disaster 103

Troubleshoot recovery of PowerProtect Data Manager
When the FQDN of the recovery site is different from the FQDN of the primary site, a mount error might occur and the
recovery process requires a few extra steps.

About this task

If a mount error occurs during recovery, follow this work-around procedure.

Steps
1. On the DD system where the backup is located, delete the replication pair and mount it for PowerProtect Data Manager.
2. When recovery is complete, on PowerProtect Data Manager, regenerate the certificates using the following command.
sudo -H -u admin /usr/local/brs/puppet/scripts/generate_certificates.sh -c
3. Restart the system and select the URL of the primary PowerProtect Data Manager system.
The https://PowerProtect Data Manager IP/#/progress page appears and recovery resumes.
4. Log in to the primary PowerProtect Data Manager.
The PowerProtect Data Manager VM vCenter console shows an error, which you can ignore.
5. Open the primary PowerProtect Data Manager using the original IP address and log in.

Results
Recovery is complete.

Recover a failed PowerProtect Data Manager restore

Steps
1. Deploy a new PowerProtect Data Manager virtual appliance.
The PowerProtect Data Manager Deployment Guide for the appropriate platform provides instructions.
2. Contact Customer Support.

Disable server DR backups

Some maintenance procedures may require you to disable server DR backups during the procedure. Use this task only when
referenced elsewhere.

Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. Click , select Disaster Recovery, and then click Configuration.

3. Record the existing server DR settings on the Configuration page.
4. Deselect Enable backup.
5. Click Save.

Next steps
After completing the maintenance procedure, re-enable server DR backups. Manually configure server DR backups provides
instructions.

104 Preparing for and Recovering From a Disaster

Quick recovery for server DR
After a disaster, the quick recovery feature enables you to restore assets and data that you replicated to a destination system at
a remote site.
NOTE: Quick recovery does not re-create the original backup environment and source system which protected the restored
assets. Thus, quick recovery is not a substitute for a server DR restore. To continue backing up the restored assets at the
remote site, add the restored assets to a protection policy on the destination system.
Quick recovery is supported for the protected assets of the following PowerProtect Data Manager asset sources:
● Virtual machines
● Kubernetes
● File system
Quick recovery sends metadata from the source system to the destination system, following the flow of backup copies. This
metadata makes the replication destination aware of the copies and enables the recovery view. You can recover your workloads
at the remote site before you have the opportunity to restore the source PowerProtect Data Manager system.
For example, the following figures show two sites that are named A and B, with independent PowerProtect Data Manager
and DD systems for protection storage. Each site contains unique assets. Figure Separate datacenters, before disaster shows
the initial configuration with both sites replicating copies to each other. Figure Separate datacenters, after disaster shows the
aftermath, with site A down. The site A assets have been restored with quick recovery into the site B environment from the
replicated copies.

Figure 4. Separate datacenters, before disaster

Preparing for and Recovering From a Disaster 105

Figure 5. Separate datacenters, after disaster

PowerProtect Data Manager supports quick recovery for alternate topologies. You can configure quick recovery for one-to-
many and many-to-one replication. For example, the following figure shows a source PowerProtect Data Manager replicating to
a standby DD system with its own PowerProtect Data Manager, all in the same data center. If the source system fails, the quick
recovery feature ensures that you can still restore from those replicated copies before you restore the source.

106 Preparing for and Recovering From a Disaster

Figure 6. Standby DD system

The following topics explain the prerequisites, how to configure PowerProtect Data Manager to support quick recovery, and
how to use the recovery view to restore assets.

Quick recovery prerequisites

Before you configure quick recovery, complete the following items:
● Ensure that the source system and the destination system can ping each other using the same method: hostname or IPv4
address.
● Ensure that the version of PowerProtect Data Manager is the same for both the source system and the remote (destination)
system.
● Attach at least two protection storage systems to the source system: one for local protection storage and one for
replication.
● Register asset sources with the source system and configure protection policies to protect those assets.
● Configure protection policies to replicate backup copies to the protection storage system at the remote site.
● Back up the protected assets and confirm that backup data successfully replicates to the destination protection storage
system.
● Ensure that the replication protection storage is discovered in the remote (destination) system.
● Add and enable the asset source on the remote PowerProtect Data Manager instance.

Preparing for and Recovering From a Disaster 107

● For agent quick recovery operations, ensure that the agent version on the destination client is 19.9 or later.
● For Kubernetes quick recovery operations, ensure that the same Kubernetes cluster is not managed by more than one
PowerProtect Data Manager instance.
Before you use the quick recovery remote view, add the destination system to the list of remote systems on the source.

Identifying a remote system

Remote systems added to PowerProtect Data Manager for quick recovery can be identified using either a fully qualified domain
name (FQDN) or an Internet protocol (IP) address. If the incorrect identification is used, quick recovery fails with a certificate
error.
If a remote system is already identified in the PowerProtect Data Manager certificate list, it must be added to PowerProtect
Data Manager for quick recovery with the same identification.
If you always use either FQDNs or IP addresses for all remote systems, do the same for quick recovery.
If a certificate entry for the remote system exists, you must use the same identification when adding it for quick recovery. If you
are unsure if a remote system you want to add for quick recovery is already in the PowerProtect Data Manager certificate list,
perform the following steps:
● Log in to the console as the root user.
● Type keytool -list -keystore.
● Review the output and look for a certificate entry that corresponds to either the FQDN or IP address of the remote system.

Add a remote system for quick recovery

Configure PowerProtect Data Manager to send metadata to another system to which you have replicated backups. Only the
Administrator role can add remote systems.

Steps

1. Click , select Disaster Recovery, and then click Remote Systems.

The Remote Systems tab opens and displays a table of configured remote PowerProtect Data Manager systems.
2. Click Add.
The Add Remote PowerProtect System window opens.
3. Complete the Name and FQDN/IP fields.
The Name field is a descriptive name to identify the remote system. To determine if you should enter the FQDN or IP
address of the remote system, see Identifying a remote system.
4. In the Port field, type the port number for the REST API on the remote system.
The default port number for the REST API is 8443.
5. From the Credentials field, select an existing set of credentials from the list.
Alternatively, you can click Add Credentials from this list to add new credentials. Provide a descriptive name for the
credentials, a username, and a password. Then, click Save to store the credentials.
6. Click Verify.
PowerProtect Data Manager contacts the remote system and obtains a security certificate for identity verification.
The Verify Certificate window opens to present the certificate details.
7. Review the certificate details and confirm each field against the expected value for the remote system. Then, click Accept
to store the certificate.
The Certificate field changes to VERIFIED and lists the server's identify.
8. Click Save.
PowerProtect Data Manager returns to the Remote Systems tab of the Disaster Recovery window. The configuration
change may take a moment to complete.
9. Click Cancel.
The Disaster Recovery window closes.

10. Click , select Disaster Recovery, and then click Remote Systems.
The Remote Systems tab opens.

108 Preparing for and Recovering From a Disaster

11. Verify that the table of remote systems contains the new PowerProtect Data Manager system.
12. Click Cancel.
The Disaster Recovery window closes.

Next steps
On the remote system, enable the same asset sources that are enabled on this system. Enable an asset source provides more
information. Enabling an asset source on the remote system makes replicated backups of that type visible and accessible.
On the remote system, open the recovery view and verify that backups are visible and accessible. It is recommended that you
perform a test restore.
Metadata synchronizes between source and destination systems every three hours. If backups are not visible, allow sufficient
time for the first synchronization before troubleshooting.

Edit a remote system

You can use the PowerProtect Data Manager user interface to change the descriptive name of the remote system, as well as
the REST API port number and credentials. You can also enable or disable synchronization with the remote system. Only the
Administrator role can edit remote systems.

Steps

1. Click , select Disaster Recovery, and then click Remote Systems.

The Remote Systems tab opens and displays a table of configured remote PowerProtect Data Manager systems.
2. Locate the row that corresponds to the appropriate remote system, and then select the checkbox for that row.
The PowerProtect Data Manager enables the Edit button.
3. Click Edit.
The Edit Remote PowerProtect System window opens.
4. Modify the appropriate parameters, and then click Save.
To enable or disable synchronization, select or deselect Enable sync. If you change the port number, you may need to
re-verify the remote system security certificate.
PowerProtect Data Manager returns to the Remote Systems tab of the Disaster Recovery window. The configuration
change may take a moment to complete.
5. Click Cancel.
The Disaster Recovery window closes.

Quick recovery remote view

Use the remote view to work with replicated copies on the destination system after the source is no longer available. For
example, to restore critical assets before you are able to restore the source system.
On the destination system, log in as a user with the Administrator role. The remote server contains an additional Remote

Systems icon in the banner.

When you click Remote Systems, PowerProtect Data Manager presents a drop-down that contains the names of the local
system and any connected systems. Each entry has the identifying suffix (Local) or (Remote).
Select the source system from which you have replicated backups. PowerProtect Data Manager opens the remote view and
presents a subset of the regular UI navigation tools:
● Restore
○ Assets— Shows replicated copies.
○ Running Sessions— Allows you to manage and monitor Instant Access sessions.
● Alerts— Shows alert information in a table, including audit logs.
● Jobs— Shows the status of any running restore jobs.
Each tool has the same function as for the local system. However, since the remote view is intended only for restore operations,
the scope is limited to the replicated copies from the selected source system. While in remote view, a banner identifies the
selected system.

Preparing for and Recovering From a Disaster 109

 NOTE: For virtual machines, the quick recovery restore workflow does not include the Restore VM Tags option to restore
vCenter tags and categories from the backup.
Use Restore > Assets to locate copies. The instructions for restoring each type of asset provide more information about
restore operations.
When the recovery is complete, click Remote Systems and select the name of the local system to exit remote view.

Overview of PowerProtect Data Manager Cloud

Disaster Recovery
The Cloud Disaster Recovery (DR) feature enables you to utilize a cloud DR site by deploying the Cloud DR Server in the public
cloud. You can use the PowerProtect Data Manager UI for the purpose of running VM protection and DR workflows in the cloud.
Examples of Cloud DR workflows include the following:
● Cloud DR site copy management—Set the Cloud DR site by creating a VM protection policy in the PowerProtect Data
Manager UI.
● VM copy failover validation—Before a disaster occurs, you can validate the failover of a VM copy to the cloud within
PowerProtect Data Manager by running a DR test and then monitoring the test progress.
● Fail over a production VM—You can fail over a production virtual machine within PowerProtect Data Manager by running
a DR failover operation and then verifying that the restored VM appears within Amazon Web Services (AWS) or Microsoft
Azure cloud.
The PowerProtect Data Manager Cloud Disaster Recovery Administration and User Guide provides more information about
Cloud DR workflows within PowerProtect Data Manager.

110 Preparing for and Recovering From a Disaster

 8
Managing Alerts, Jobs, and Tasks
Topics:
• Configure Alert Notifications
• View and manage alerts
• View and manage Audit Logs
• Monitoring jobs and tasks
• Restart a job or task manually
• Restart a job or task automatically
• Resume misfire jobs after a PowerProtect Data Manager update
• Cancel a job or task
• Exporting logs
• Limitations for alerts, jobs, and tasks

Configure Alert Notifications

The Alert Notifications window of the PowerProtect Data Manager UI enables you to configure email notifications for
PowerProtect Data Manager alerts.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Alerts, and then select the Alert Notifications tab.
The Alert Notifications window appears with a table that displays the details for existing notifications.
2. Click Add.
The Add Alert Notification dialog appears.
NOTE: The Add button is disabled until you set up the email server. To add an alert notification, set up the email server
in System Settings > Support > Email Setup. Set up the email server provides more information.

3. In the Name field, type name of the individual or group who will receive the notification email.
4. In the Email field:
a. Specify the email address or alias to receive notifications. This field is required in order to create an alert notification.
Separate multiple entries with a comma.
b. Click Test Email to ensure that a valid SMTP configuration exists.
5. From the Category list, select the notification category.
6. From the Severity list, select the notification severity.
7. In the Duration field, specify how often the notification email will be sent out. For example, you can set the duration to 60
minutes in order to send out a notification email every 60 minutes. If you set the duration to 0, PowerProtect Data Manager
does not send out an email notification.
8. In the Subject field, optionally type the subject that you would like to attach to the notification email.
9. Click Save to save your changes and exit the dialog.

Results
The Alert Notifications window updates with the new alert notification. At any time, you can Edit, Delete, or Disable the
notification by selecting the entry in the table and using the buttons in this window.

Managing Alerts, Jobs, and Tasks 111

View and manage alerts
Alerts enable you to track the performance of data protection operations in PowerProtect Data Manager so that you can
determine whether there is compliance to service level objectives. With the Administrator, Backup Administrator, Restore
Administrator, or User role, you can access the alerts from the Alerts window. However, only some of these roles can manage
alerts.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Alerts.

You can also click the icon in the top banner, and then click the links to view unacknowledged alerts of all statuses
(critical, warning, and informational), or only the unacknowledged critical alerts.
NOTE: Clicking the New tag displays only the unacknowledged alerts that have been generated within the last 24 hours.

The number that appears next to the is the total number of unacknowledged critical alerts over the last 24 hours.

The Alerts window displays.

2. Select the System tab. A table with an entry for each applicable alert displays.
By default, only unacknowledged critical alerts from the last 24 hours display, unless you selected to view all

unacknowledged alerts from the links under the icon.

If filter tags have already been applied, the window displays these filter tags. Click X next to any of these filter tags to clear
a filter, and the table view updates with the applicable selections. You can sort the alerts in the table by Severity (Critical,
Warning, Informational), Date, Category, or Status (Acknowledged or Unacknowledged).
3. Select the time (last 24 hours, last 3 days/7 days/30 days), a specific date, or a time range for the alerts that you want to
view. You can also select All Alerts from this list to display information for all alerts that match the filter tags.
4. Optionally, clear the Show only unacknowledged alerts checkbox if you want to view both acknowledged and
unacknowledged alerts. If you clear this checkbox, the Unacknowledged filter tag is also cleared.
5. To view more details about a specific entry, click next to the entry in the table.
6. For the following steps, log in to the PowerProtect Data Manager UI with an account that has the Administrator, Backup
Administrator, or Restore Administrator role.
7. To acknowledge one or more alerts, select the alerts and then click Acknowledge.
8. To add or edit a note for the alert, click Add/Edit Note, and when finished, click Save.
9. To export a report of alert information to a .csv file which you can download for Excel, click Export All.

NOTE: If you apply any filters in the table, exported alerts include only those alerts that satisfy the filter conditions.

View and manage Audit Logs

Audit logs enable you to view specific information about jobs that are initiated in PowerProtect Data Manager so that you
can determine compliance to service level objectives. You can access the audit logs from the Administration > Audit Logs
window.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Administration > Audit Logs.
The Audit Logs window displays audit information in a table.
2. (Optional) Sort and filter audit information:

● To filter audits by Audit Type, Changed By, or Object Changed, click .

● To sort audits by Changed At, Audit Type, Changed By, or Object Changed, click a column heading.
● To filter audits based on a search string, type a keyword in the Search field.

3. To view more details about a specific entry, click next to the entry in the table.
● Review the information for the audit log.

112 Managing Alerts, Jobs, and Tasks

 ● Optionally, add a note for this audit log in the Notes field.
4. To export an audit log report to a .csv file which you can download as an Excel file, click Export All.

NOTE: If you apply any filters in the table, exported audit logs include only those logs that satisfy the filter conditions.

5. To change the retention period for audit logs, click Set Boundaries, select the number of days from the Days of Retention
menu, and then click Save.

Monitoring jobs and tasks

Use the Protection Jobs and System Jobs windows in the PowerProtect Data Manager UI to monitor the status of certain
data protection, system, and maintenance jobs and to view details about failed, in progress, or recently completed jobs. To
perform analysis or troubleshooting, you can view a detailed log of a failed job or task. Jobs are categorized as protection jobs or
system jobs.
You can also view details for a job group and individual jobs and tasks. When you click the job ID next to the job entry, the
Job ID Summary window displays the information for only this job group, job, or task, so that you can monitor the status of
individual jobs and tasks, view job and task details, and perform certain operations on jobs and tasks.
Use the filtering and sorting options in each window to find specific jobs or tasks, and to organize the information that you see.
Filter, group, and sort jobs provides more information.
NOTE: The Protection Jobs and System Jobs windows have been optimized for a screen resolution of at least 1920 x
1080 pixels with 100% scaling. Display issues might occur for smaller screens. Set your screen resolution to at least 1920 x
1080 pixels with 100% scaling.

Monitor and view jobs

Use the Protection jobs and System jobs windows to monitor and view status information for PowerProtect Data Manager
operations.
In the Protection jobs and System jobs windows, you can export job records by using the Export All functionality.

Protection jobs
To view protection jobs and job groups, from the PowerProtect Data Manager UI left navigation pane, select Jobs >
Protection Jobs.
The Protection Jobs window opens to display a list of protection jobs and job groups.
Protection jobs include:
● Cloud Tier
● Cloud Protect
● Consolidated Cloud Snapshot Manager jobs
NOTE: This job type does not apply to SAP HANA databases.
● Export Reuse
● Protect
● Replicate
● Restore
You can monitor and view detailed information for both centralized and self-service backup and restores of database application
assets.
NOTE: The Cancel and Retry options are not available for self-service jobs that are created by database application
agents.
For application assets, the Protect, Restore, and Replicate job types can be monitored at the host or individual asset level.
For all other asset types, the Protect and Replicate job types can be monitored at the host or individual asset level.

Managing Alerts, Jobs, and Tasks 113

System jobs
To view system jobs and job groups, from the PowerProtect Data Manager UI left navigation pane, select Jobs > System Jobs.
The System Jobs window opens to display a list of system jobs and job groups.
System jobs include:
● Config
● Console
● Delete
● Disaster Recovery
● Cloud Disaster Recovery
● Cloud Copy Recovery
● Discovery
● Manage
● Notify
● System
● Validate
System jobs can be monitored at the job group or job level.

Job information
The main Protection Jobs and System Jobs windows lists basic job information.
The following information is available in the Protection Jobs and System Jobs windows.

Table 27. Job information

Column Description
Job ID The unique and searchable identifier for the job.
Status Indicates the current state of the job. A job can be in one of the following states:
● Success
● Completed with Exceptions
● Failed
● Canceled
● Unknown
● Skipped
● Running
● Queued
● Canceling
For jobs that do not have a Success status, a count of jobs is shown next to the status.

Description Description of the job.

Policy Name Name of the protection policy that started the job.
Assets Number of individual assets or tasks within the job group.
Job Type Type of protection job or system job.
Asset Type Type of asset.
Start Time Date and time that the job is scheduled to begin.
End Time Date and time that this job completed.
This column is not shown by default. To see a complete list of filtering and sorting columns,
click .

114 Managing Alerts, Jobs, and Tasks

Table 27. Job information (continued)
Column Description
Duration Overall duration of the job.
This column is not shown by default. To see a complete list of filtering and sorting columns,
click .

View details for protection jobs

In the Job ID Summary window for protection jobs, you can view details and status of specific jobs. For application protection
jobs, you can view details and status of specific jobs and assets. This information can be helpful when troubleshooting to
determine whether one or more assets caused a job to fail.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs.
2. Click the job ID next to the job name.
The Job ID Summary window opens and lists all jobs as entries in the table.
You can filter, group, and sort the information that appears in the window. Filter, group, and sort jobs provides more
information.
The policy name, job type, and asset type appear at the top of the Job ID Summary window.
The overall job group metrics and details also appear, as shown in the following figure.

Figure 7. Job Metrics and Job Details

The Job Metrics section displays the number of assets, the total size of the data transferred, and the overall duration of
the job group. The total duration of jobs within the job group is shorter than the duration indicated in the job metrics. When

Managing Alerts, Jobs, and Tasks 115

 you restart a protection job that is part of a completed job group, the duration that is indicated in the job metrics does not
include the time that is elapsed between when the job group completed and when the job was restarted. In addition, it does
not include the time that it takes for the retried job to run.
The Job Details section displays more specific information such as the job start and end time, the protection storage target,
the average data transfer rate, the amount of data changed since the last protection job, the average throughput, and the
rate of compression applied. For restore jobs of Microsoft SQL Server databases, some fields are either not applicable or set
to zero.
Job metrics and details do not display or might be incomplete for job groups that contain the following:
● Application agent assets from a protection job that was performed for an application agent previous to version 19.7. To
display the correct information for these assets, update the application agent on these assets to the current version.
● Oracle database assets.
Click Hide Summary to hide job metrics and details, or click Show Summary to view job metrics and details.
When you hover over a job, the Job ID Summary displays a message for the job to indicate its progress. Depending on the
job and if any issues are detected, one of the following statuses is shown:
● No reported issues—No issues affecting the job.
● Timeout issues—Timeout issues might be affecting the job.
● Connectivity issues—Network connectivity issues might be affecting the job.
● Stats stall issues—Progress for this job is stalled.
The Job ID Summary window provides summary data for specific jobs and assets in a table view. For grouped assets, the
host-level entry indicates the sum of the values of a given metric for every asset on the host.
The following table describes the columns that might appear in the window. Not all columns appear in the Job ID Summary
window of every asset type.

Table 28. Job ID Summary window details

Column Description

Details Click in the Details column to view job statistics and summary information.
Asset Name of the job for the asset.
Status Indicates the current state of the job. A job can be in one of the following states:
● Success
● Completed with Exceptions
● Failed
● Canceled
● Unknown
● Skipped
● Running
● Queued
● Canceling
Size Size of job for the asset.
Data Transferred Total data that is transferred to storage.
Reduction % Total reduction percentage of storage capacity for the job.
Start Time Date and time that the job is scheduled to begin.
End Time Date and time that this job completed.
Error Code If the job did not successfully complete, a numeric error code appears. To view a detailed
explanation, double-click the error code.
Host/Cluster/Group Name The hostname, cluster, or group name that is associated with the asset.
Duration Overall duration of the job. This column only appears for Protect and Replicate job types
for application assets.
Asset Size Total size of the asset in bytes.

116 Managing Alerts, Jobs, and Tasks

 Table 28. Job ID Summary window details (continued)
Column Description
Data Compressed Capacity that is used after client compression of the data in bytes. This column only
appears for Protect and Replicate job types for application assets.
Download log Detailed log for an asset or task that you can export and download.

3. To view job details and summary information, click in the Details column next to the job, or expand the entry for the job
group by clicking .
For grouped assets, the Job ID Summary window lists the individual jobs for each asset within the job group.
The right pane appears and displays the following information about the job or task:
● Step Log—Displays a list of steps that have been completed for the job or task, and indicates the amount of time that
was required to complete each step.
● Details—Displays statistics and summary information, such as the start time and end time, asset size, duration, and so
forth.
● Error—Displays error details for failed jobs.
● Canceled—Displays details for canceled jobs.
● Skipped—Displays details for skipped jobs.
● Unknown—Displays details for jobs with an unknown status.

View details for system jobs and tasks

In the Job ID Summary window for system jobs, you can view details and status of specific jobs and tasks. This information can
be helpful when troubleshooting to determine whether one or more jobs or tasks caused a job to fail.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > System Jobs.
2. Click the job ID next to the job name.
The Job ID Summary window opens to display a list of all system jobs or tasks.
You can filter, group, and sort the information that appears in the window. Filter, group, and sort jobs provides more
information.
For jobs and tasks, a table appears at the bottom of the window. The success or failure of individual tasks is indicated in the
Status column. If a failed job or task requires action, a status of Critical appears.
You can view job status and summary information for scheduled discovery of application assets and application systems.
If a discovery job fails, PowerProtect Data Manager displays error details and steps to resolve the issue. An alert is also
generated in the Alerts window.
When you hover over a job or task, the Job ID Summary displays a message for the job to indicate its progress. Depending
on the job and if any issues are detected, one of the following statuses is shown:
● No reported issues—No issues affecting the job.
● Timeout issues—Timeout issues might be affecting the job.
● Connectivity issues—Network connectivity issues might be affecting the job.
● Stats stall issues—Progress for this job is stalled.
The Job ID Summary window provides summary data for specific jobs and tasks in a table view. The following table
describes the columns that might appear in the window. Not all columns will appear in the Job ID Summary window of
every asset type.

Table 29. Job ID Summary window details

Column Description

Details Click in the Details column to view job or task statistics and summary information.
Task Name Name of the task.

Managing Alerts, Jobs, and Tasks 117

 Table 29. Job ID Summary window details (continued)
Column Description
Status Indicates the current state of the job or task. A job or task can be in one of the following
states:
● Success
● Completed with Exceptions
● Failed
● Canceled
● Unknown
● Skipped
● Running
● Queued
● Canceling
Asset Name of the asset.
Start Time Date and time that the job or task is scheduled to begin.
Duration Overall duration of the job or task.
Data Transferred Total data that is transferred to storage.

3. To view job or task details and summary information, click in the Details column next to the individual job or task.
The right pane appears and displays the following information about the job or task:

● Step Log—Displays a list of steps that have been completed for the job or task and indicates the amount of time that
was required to complete each step.
● Details—Displays statistics and summary information, such as the start time and end time, asset size, duration, and so
forth.
● Error—Displays error details for failed jobs.
● Canceled—Displays details for canceled jobs.
● Skipped—Displays details for skipped jobs.
● Unknown—Displays details for jobs with an unknown status.

Filter, group, and sort jobs

The Protection Jobs and System Jobs windows provide options to filter, group, and sort the information that appears. Select
a job to display its Job ID Summary window.

Filter jobs by status

Use the quick filters at the top of the window to filter jobs by status. By default, all jobs are shown regardless of status. To
display only jobs with a specific status, at the top of the window, select one of the following options:
● Failed
● Completed with Exceptions
● Success
● Canceled
● In Progress
In Progress jobs include Running, Queued, and Canceling jobs.
When you select a quick filter to filter jobs by a certain status, the window displays the filter above the table. To stop filtering by
the selected status, click x.

Filter jobs by start time

Use the Start Time filter to display jobs that started in a specified period. Select from one of the following options:

118 Managing Alerts, Jobs, and Tasks

● All jobs
● Last 24 hours
● Last 3 days
● Last 7 days
● Last 30 days
● Specific date
● Custom date range

Group jobs
The Group by feature in the Job ID Summary window provides options to group assets within a protection job.
The following asset types support the Group by feature:
● Microsoft SQL Server databases
● Microsoft Exchange Server databases
● Oracle databases
● File Systems
● SAP HANA databases
● Kubernetes clusters
● Network-attached storage (NAS) shares
● VMware Virtual Machines
To group assets in a protection job, in the Job ID Summary window for the job, select an option from the Group By drop-down
list. To display all assets, select Group by > None. For example, to group virtual machine assets by ESX host, click Group by >
ESX Host.
The following table lists the available Group by options:

Table 30. Group by options

Asset type Options
Microsoft SQL Server database SQL Host
SQL Instance
Oracle database Oracle Host
Oracle Instance
File System File System Host
File System Host OS
Microsoft Exchange Server database Exchange Host
SAP HANA database SAP HANA Host
Kubernetes Kubernetes Cluster
Kubernetes Namespace
NAS NAS Server
NAS Appliance
VMware Virtual Machine Datastore
ESX Host
Virtual Datacenter
VM Guest OS
VMware Cluster

NOTE: Currently, the Group by filter is only available for the Protect job types.

Managing Alerts, Jobs, and Tasks 119

Search filter
Use the Search field to filter jobs based on a search string. When you type a keyword in the Search field, the PowerProtect
Data Manager UI filters the results as you type. To clear the search filter, remove all keywords from the Search field.

Filter and sort information in tables

You can filter and sort the information that appears in table columns. Click in the column heading to filter the information in
a table column, or click a table column heading to sort that column.

To see a complete list of filtering and sorting columns, click . Depending on the type of job, the available filtering and sorting
columns might differ.
The following filtering and sorting options are available for jobs and tasks:

Table 31. Protection and System Jobs windows

Filtering options Sorting options
Filter jobs or tasks by Job ID, Status, Description, Policy Sort jobs or tasks by Job ID, Description, Policy Name, Job
Name, Job Type, End Time, and Asset Type. Type, Asset Type, Start Time, and End Time.

Table 32. Job ID Summary window for protection jobs

Filtering options Sorting options

Filter jobs by Asset, Status, Error Code, Start Time, or Sort jobs by Asset, Status, Error Code, Size, Data
End Time. Transferred, Reduction %, Start Time, End Time, or
For application assets, you can also filter jobs by Host/ Duration.
Cluster/Group Name. For application assets, you can also sort jobs by Host/
Cluster/Group Name.
NOTE: For application assets, these options are only
available when you select Group by > None. NOTE: For application assets, these options are only
available when you select Group by > None.

Table 33. Job ID Summary window for system jobs

Filtering options Sorting options
Filter jobs or tasks by Task Name, Status, Asset, or Start Sort jobs or tasks by Task Name, Status, Asset, Start
Time. Time, Duration, or Data Transferred.

Restart a job or task manually

You can manually restart a failed virtual machine backup.

About this task

When you click Restart, the job or task restarts immediately, regardless of the scheduled activity window.
NOTE:
● If a policy with both protection and Cloud Data Recovery objectives fails, the Cloud Data Recovery job is canceled and
cannot be restarted.
● Cloud Native Entity jobs cannot be restarted.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs or Jobs > System Jobs.
The Protection Jobs or Systems Jobs window appears, displaying all completed and running jobs.
2. To restart a failed job or job group, select the failed job or job group from the list, and then click Restart.
3. To restart a failed job or task from the Job ID Summary window:

120 Managing Alerts, Jobs, and Tasks

 a. Click the job ID next to the name of the job or job group.
The Job ID Summary window opens to display a list of all jobs or tasks.
b. Select the job or task from the list, and then click Restart.

Results
After the job or task has been restarted, the status indicates Running or Queued.
NOTE: When you restart a protection job that is part of a completed job group, the duration indicated in the Job Metrics
includes the time that elapsed between when the job group completed and when the job was restarted, in addition to the
time it takes for the retried job to run.

Restart a job or task automatically

If a backup job fails or one of the tasks within the job fails, you can enable automatic restart of the failure by configuring auto
retry in the entrypoint.sh file. Auto retry can be useful in situations where the failure is due to an intermittent issue, such as
a network or service interruption.

Prerequisites
In PowerProtect Data Manager, some services that are required for auto retry, such as the workflow service, have been moved
into a docker container. In order to enable auto retry, ensure that the workflow service is running in a docker.

About this task

Auto retry is only supported for daily, weekly, or monthly schedules for virtual machine and File System agent protection
operations.

Steps
1. Log in to the PowerProtect Data Manager server by using SSH.
2. Copy the entrypoint.sh file from the workflow container by typing the following:
docker cp workflow:/workflow/bin/entrypoint.sh .
3. Configure auto retry by adding a line to entrypoint.sh:
a. Type vi entrypoint.sh
b. Before the last line in the output, -jar /${APP_NAME}/lib/workflow-manager.jar), add the following:
-Denable.auto.retry.scheduler=true \
NOTE: Auto retry is disabled by default. After adding this line, if you want to disable this setting at any point, change
the entry to -Denable.auto.retry.scheduler=false \

4. Optionally, add the following application properties to the file to specify a maximum number of auto retries and a time
interval at which subsequent auto retry attempts will occur:
-Dfailed.job.retry.max.count=2 \
-Dfailed.job.retry.interval=PT30M \
NOTE: The values specified above are the recommended default values. Auto retries will only occur during the activity
window. If you perform a manual retry in the PowerProtect Data Manager UI, this retry will not count towards the auto
retry max count.

For the interval duration, the value must be specified in ISO-8601 format.

5. Save the entrypoint.sh file to the workflow container by typing the following:
docker cp entrypoint.sh workflow:/workflow/bin/
6. Restart the workflow service by using one of the following methods:
● Type docker container restart workflow
NOTE: For the configuration to be applied successfully using this method, you can only restart the container. If you
restart your workflow service or your PowerProtect Data Manager operating system, the configuration will be lost.
● Type the following to save the docker image and restart the workflow service. For example:
docker commit workflow dpd/ppdm/ppdmc-workflow:PowerProtect Data Manager version

Managing Alerts, Jobs, and Tasks 121

 workflow restart
where PowerProtect Data Manager version is the PowerProtect Data Manager version that is deployed on your system.
You can use this method to permanently apply the configuration change after restoring the docker image.

Results
Upon configuration, the workflow service is scheduled to run every 30 minutes to determine if any jobs or tasks have failed. If a
restart occurred, the status will indicate Running or Queued. To view whether a failed job or task has been restarted, go to the
Jobs window in the PowerProtect Data Manager UI and select Running or Queued.

Resume misfire jobs after a PowerProtect Data

Manager update
During an update, the PowerProtect Data Manager system enters maintenance mode. Any job that is not in queue and is
scheduled to run during the time that the PowerProtect Data Manager system is in maintenance mode will be missed. These
missed jobs are known as misfires. As of this release, PowerProtect Data Manager uses the Quartz Scheduler to resume
scheduled workflows when the service recovers or when the schedule resumes.

About this task

The trigger and firing data of jobs are stored in a PostgreSQL database application. If the schedule service is down, such as
during an update, the Quartz Scheduler recovers this data and resumes the jobs when the PowerProtect Data Manager system
is operational again.

NOTE: In the current release, this feature is enabled by default.

You can enable or disable the misfire feature by configuring the entrypoint.sh file.

Steps
1. Log in to the PowerProtect Data Manager server by using SSH.
2. Copy the entrypoint.sh file from the scheduler container by typing the following:
docker cp scheduler:/scheduler/bin/entrypoint.sh .
3. Configure the misfire conditions in the entrypoint.sh file:
NOTE: Before the last line in the output, -jar /${APP_NAME}/lib/scheduler-core.jar), add the lines for
each misfire condition.

a. To enable misfire and trigger each job once, add the following properties and corresponding values:
-Dspring.quartz.properties.misfire.cron.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION_FIR
E_AND_PROCEED \

NOTE: This condition is enabled by default.

-Dspring.quartz.properties.misfire.calendar.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION
_FIRE_AND_PROCEED \

b. To enable misfire and trigger each job as many times as misfire happens, add the following properties and corresponding
values:
-Dspring.quartz.properties.misfire.cron.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION_IGN
ORE_MISFIRES \
-Dspring.quartz.properties.misfire.calendar.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION
_IGNORE_MISFIRES \

c. To disable misfire, add the following properties and corresponding values:

-Dspring.quartz.properties.misfire.cron.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION_DO_
NOTHING \

122 Managing Alerts, Jobs, and Tasks

 -Dspring.quartz.properties.misfire.calendar.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION
_DO_NOTHING \

4. Save the entrypoint.sh file to the scheduler container by typing the following:
docker cp entrypoint.sh scheduler:/scheduler/bin/
5. Restart the scheduler service by using one of the following methods:
● Type docker container restart scheduler
NOTE: For the configuration to be applied successfully using this method, you can only restart the container. If you
restart your scheduler service or your PowerProtect Data Manager operating system, the configuration will be lost.
● Type the following to save the docker image and restart the scheduler service:
docker commit scheduler dpd/ppdm/ppdmc-scheduler:PowerProtect Data Manager version
scheduler restart
where PowerProtect Data Manager version is the PowerProtect Data Manager version that is deployed on your system.
You can use this method to permanently apply the configuration change after restoring the docker image.
NOTE: Ensure that the PowerProtect Data Manager version specified in the commit command matches the
PowerProtect Data Manager version that is deployed on your system.

Cancel a job or task

From the PowerProtect Data Manager UI, you can cancel a backup or restore that is still in progress, or any asset protection
and replication activities when the tasks are queued.

About this task

NOTE: The Cancel operation is available for the following supported jobs and tasks only:
● Backup and restore of:
○ Virtual machine assets
○ Kubernetes assets
○ NAS assets
○ File System assets
○ Microsoft SQL Server assets
○ Server DR
○ Cloud DR
● Backup (only) of:
○ Microsoft Exchange Server assets
○ Oracle assets
○ SAP HANA assets
○ Transaction logs of application-aware asset backups
● Replication
● Compliance
○ Copy deletion
○ Compliance verification
○ Auto promotion to full backup
○ Cleaning MTree or deleting user
○ On-demand update retention
● Support
○ Communication of telemetry data
○ Export of job and job group logs
○ Adding log bundles

Managing Alerts, Jobs, and Tasks 123

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs or Jobs > System Jobs.
The Protection Jobs or Systems Jobs window appears, displaying all completed and running jobs.
2. To cancel a job or job group, select a job or job group that is in-progress, and then click Cancel.
NOTE: If a job is almost complete, the cancellation might fail. If the cancellation fails, a message displays indicating that
the job cannot be canceled.

The Protection Jobs or System Jobs window displays the status of the canceled job or job group. If the cancellation is
successful, then the status eventually changes to Canceled. If the cancellation is not successful, then the status might
indicate either Success or Critical.
3. To cancel an individual job or task from the Job ID Summary window:
a. Click the job ID next to the name of the job or job group.
The Job ID Summary window opens to display a list of all jobs or tasks.
b. Select a job or task that is in-progress, and then click Cancel.
NOTE: If a job or task is almost complete, the cancellation might fail. If the cancellation fails, a message displays
indicating that the task cannot be canceled.

c. Click Close.
The Job ID Summary window displays the status of the canceled job or task. If the cancellation is successful, then the
status eventually changes to Canceled. If the cancellation is not successful, then the status might indicate either Success
or Critical.

Exporting logs
The PowerProtect Data Manager UI enables you to export and download a detailed log of a job, asset, or task to perform
analysis or troubleshooting.
You can export and download a log for a job, asset, or task with any status. After you export a log, you can download it by
clicking .

Export logs for jobs

You can export and download a log for a protection job or system job by using the PowerProtect Data Manager UI.

About this task

PowerProtect Data Manager restricts the log export function in the following situations:
● The job contains more than 1000 asset jobs.
● The job is from a different PowerProtect Data Manager tenant.
● The job supports exporting an external log at the current stage for the following asset sources:
○ Virtual machines
○ Kubernetes
○ Microsoft SQL Server
○ Microsoft Exchange Server
○ File Systems
○ Oracle
○ SAP HANA
○ Network-attached storage (NAS)
In these situations, create a log bundle instead. In the PowerProtect Data Manager UI, select Settings > Support > Logs to
add a log bundle.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs or Jobs > System Jobs.
The Protection Jobs or Systems Jobs window appears, displaying all jobs.

124 Managing Alerts, Jobs, and Tasks

2. Select a job from the list, and then click Export Log.

indicates the log export operation is in progress, and is shown next to the asset or task in the Download Log column.
Hover over the icon to display the progress. When the log export is complete, you can download the log.

3. Click next to the ID for the job to download the exported log.

Export logs for assets or tasks

You can export and download a log for an individual asset or task.

Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs or Jobs > System Jobs.
The Protection Jobs or Systems Jobs window appears, displaying all jobs.
2. Click the job ID next to the name of the job.
The Job ID Summary window opens.
3. Select the asset or task from the list, and then click Export Log.

indicates the log export operation is in progress, and is shown next to the asset or task in the Download Log column.
Hover over the icon to display the progress. When the log export is complete, you can download the log.

4. Click in the Download Log column to download the exported log.

Limitations for alerts, jobs, and tasks

Review the following limitations that are related to alerts, jobs, and tasks.

For in-progress jobs, the details pane displays the "Error" tab and indicates
"Failed"
When you open the Details pane for in-progress jobs, the Error tab appears and incorrectly indicates Failed in the error details.
Workaround
Ignore the Error tab for in-progress jobs.

Self-service jobs are not showing on PowerProtect Data Manager

Protection Jobs window after recreating lockbox entry
On both Windows and Linux, self-service jobs do not appear on PowerProtect Data Manager Protection Jobs window after
recreating a lockbox entry.
Workaround
Restart the agent service or change the system time (+24 hrs).

Total protection jobs count on the PowerProtect Data Manager dashboard

does not include skipped jobs
The Total Jobs count shown in the Jobs | Protection widget on the dashboard does not include skipped jobs. As a result, this
count does not reflect the total count of protection jobs that is shown in the Protection Jobs window.

Managing Alerts, Jobs, and Tasks 125

 9
Modifying the System Settings
Topics:
• System settings
• Modifying the PowerProtect Data Manager virtual machine disk settings
• Configure the DD system
• Virtual networks (VLANs)
• Syslog server disaster recovery
• Troubleshooting the syslog connection

System settings
You can use the PowerProtect Data Manager UI to modify system settings that are typically configured during PowerProtect
Data Manager deployment.

To access System Settings, click .

Modify the network settings

Perform the following steps if you want to change the IP address of the PowerProtect Data Manager appliance, or modify other
network settings such as the hostname, subnet mask, gateway, or DNS servers.

About this task

CAUTION: If you change the hostname or IP address, ensure you follow all the steps in Change the hostname or
IP address.

Steps

1. From the PowerProtect Data Manager UI, click , and then click Default Network.
2. Update the following fields as necessary:
● Hostname
● Primary DNS
● Secondary DNS
3. In the Configuration Details pane, click Edit, and then update the following fields for the IP address as necessary:
● IP Address
● Subnet Mask
● Gateway
4. Click Save.

Change the hostname or IP address

Perform the following steps to change the hostname or IP address of the PowerProtect Data Manager appliance.

About this task

CAUTION: If you do not follow all these steps, PowerProtect Data Manager can become unstable and perform
unpredictably.

126 Modifying the System Settings

Steps
1. Change the hostname or IP address from the PowerProtect Data Manager user interface.
2. Perform the following substeps on each enabled Search Engine node:
a. Connect to the Search Engine node console.
b. Open /opt/emc/search/conf/search.cfg in a text editor.
c. Look for the PPDMServer section, and edit the value of Value, replacing <hostname> with the new hostname:

"PPDMServer": {
"Description": "PowerProtect Data Manager server name",
"Required": true,
"Type": "string",
"IsArray": false,
"Value": "<hostname>",
"Default": null
},

d. Look for the PPDMUrl section, and edit the value of Value, replacing <ip_address> with the new IP address:

"PPDMUrl": {
"Description": "PowerProtect Data Manager server URL with port, for backup
synchronization, (<URL>:9200)",
"Required": true,
"Type": "string",
"IsArray": false,
"Value": "https://<ip_address>:8443",
"Default": null
},

e. Run the command sudo systemctl restart search-monitor.service.

f. Run the command sudo systemctl restart search-rest-engine.service.
3. If DD Boost is used, perform the following substeps:
NOTE: If NFS is used, skip this step.

a. Connect to the PowerProtect Data Manager console and change to the root user.
b. Run the command service elasticsearch status. If the service is running, wait 5 minutes and run the command
again. If the service is still running, run the command service elasticsearch stop.
c. From the vSphere Client user interface, select the PowerProtect Data Manager appliance, click ACTIONS > Power, and
then select Restart Guest OS.
NOTE: Use the vSphere Client to restart the PowerProtect Data Manager appliance instead of the normal
procedure.

d. After the appliance has restarted, connect to the PowerProtect Data Manager console and change to the root user.
e. Run the following commands:

sudo rm /opt/emc/boostfs/lockbox/*.bak
sudo mv /opt/emc/boostfs/lockbox/boostfs.lockbox.FCD /opt/emc/boostfs/lockbox/
boostfs.lockbox.FCD.bak
sudo mv /opt/emc/boostfs/lockbox/boostfs.lockbox /opt/emc/boostfs/lockbox/
boostfs.lockbox.bak
sudo umount -l /data01/server_backups

f. From the PowerProtect Data Manager user interface, click System Settings > Disaster Recovery and select Manage
Backups.
NOTE: Viewing the Manage Backups pane triggers a necessary server process, and no further action is required.

Modifying the System Settings 127

Synchronize time on PowerProtect Data Manager and other
systems
The PowerProtect Data Manager system time is synchronized with the ESXi host system.
The PowerProtect Data Manager system time must match the systems with which it interfaces or compliance checks fail. It is
recommended that all systems be configured to use an NTP server.
NOTE: Times in the UI are always displayed as local to the users time zone based on their browser or system settings.
The PowerProtect Data Manager system might be in a different time zone but when viewing the UI it always shows the
times local to the user. All log-file entries use the UTC time zone except those entries that are related to client browser
connections, which use the server time zone.

Modify the appliance time zone

Use this procedure to modify the time zone for the PowerProtect Data Manager appliance.

Steps

1. From the PowerProtect Data Manager UI, click , select System, and then click Timezone.
2. From the Timezone list, select the applicable time zone.
3. Click Save.

Enable replication encryption

You can ensure that replicated content is encrypted while in-flight to the destination storage, and then decrypted before it is
saved on the destination storage.

About this task

The encryption settings on both the source and destination systems must match to ensure successful replication.
For example, if you enable in-flight encryption in PowerProtect Data Manager, the setting must be enabled on each source and
destination server before defining the PowerProtect Data Manager replication objective. If encryption is enabled after the initial
definition of replication objectives, any replication jobs that were initiated during the period when the source and destination
server encryption settings did not match will fail.

Steps

1. From the PowerProtect Data Manager UI, click , and then select Security.
The Security dialog box appears.
2. Click the Replication Encryption switch so it is enabled, and then click Save.

Next steps
The Infrastructure > Storage window of the PowerProtect Data Manager UI displays the status of the in-flight encryption
setting for all attached storage systems.
NOTE: For systems with DDOS version 6.2 and earlier installed, the status might display as Unknown. DDOS version 6.3
and later supports authentication mode. DDOS versions earlier than version 6.3 support only anonymous authentication
mode. PowerProtect Data Manager supports only anonymous and two-way authentication modes. Ensure that both source
and destination system servers use the same authentication mode.
You can take additional steps on your PowerProtect Data Manager server to enable in-flight encryption on connected DD
systems by using DD System Manager, as described in the DDOS Administration Guide.

128 Modifying the System Settings

Backup and restore encryption
Using Transport Layer Security (TLS), you can encrypt backup or restore data that is in transit for centralized and self-service
operations with DD Boost encryption. Encryption of backup and restore data in-flight is available for agent host assets,
Kubernetes cluster assets and Network-attached storage (NAS) assets only.
By default, PowerProtect Data Manager supports an encryption strength of HIGH and uses DD Boost anonymous authentication
mode. The DD Boost encryption software uses the ADH-AES256-SHA cipher suite. The DD Boost for OpenStorage
Administration Guide provides more information about the cipher suite for high encryption.
The following table lists the workloads and operations that support encryption of data in-flight:
NOTE: Refer to the agent user guides for more information about the centralized and self-service operations that are
supported.

Table 34. Supported workloads

Workload Centralized backup Centralized restore Self-service backup Self-service restore
File System with Yes Yes (image-level Yes Yes (image-level restore
Application Direct restore only) only)
Kubernetes cluster Yes Yes N/A Yes (from the most recent
backup)
Microsoft SQL Server Yes Yes (database-level Yes Yes (database-level restore
with Application Direct restore only) ● only)

Microsoft Exchange Yes N/A Yes Yes

Server with
Application Direct
NAS Yes Yes N/A N/A
Oracle with Yes N/A Yes Yes
Application Direct
SAP HANA with Yes N/A Yes Yes
Application Direct

Enabling encryption imposes additional overhead. Backup and restore performance for any client could be affected by 5-20%
with encryption enabled.
You can enable or disable backup and restore encryption in the PowerProtect Data Manager UI.
PowerProtect Data Manager supports backup and restore encryption for all supported DD Boost and DDOS versions. The most
up-to-date software compatibility information for PowerProtect Data Manager is provided by the E-Lab Navigator.
NOTE: You do not need to enable in-flight encryption on connected DD systems. If DD encryption settings exist, the higher
setting takes precedence.

Enable backup and restore encryption

You can ensure that the backup and restore content is encrypted when read on the source system, transmitted in encrypted
form, and then decrypted before it is saved on the destination storage.

Prerequisites
Review the information in Backup and restore encryption to learn more about backup and restore encryption.
The encryption settings determine if the data transfer is encrypted while in-flight during backup and restore operations.
● For Microsoft SQL Server, Microsoft Exchange Server, File System, SAP HANA, and Oracle workloads, backup and restore
encryption is only supported for Application Direct hosts.
● When a new host is added to PowerProtect Data Manager, host configuration is run to push the encryption settings to the
host.
● Only hosts that have the same version of PowerProtect Data Manager application agents installed support the host
configuration.

Modifying the System Settings 129

About this task

Steps

1. From the PowerProtect Data Manager UI, click , and then select Security.
The Security dialog box appears.
2. Click the Backup/Restore Encryption switch so it is enabled, and then click Save.

Next steps
The Jobs > System Job window of the PowerProtect Data Manager UI creates a job to enable protection encryption. This job
pushes encryption settings to the hosts to be used for self-service operations. Within the system job, a host configuration job is
created for each host. If an error occurs, you can retry the system job or individual host configuration job.
NOTE: For centralized backup and restore operations, PowerProtect Data Manager sends the encryption settings to the
application agents on the Application Direct hosts and network-attached storage (NAS).
You can disable encryption for backup and restore content by clicking the Backup/Restore Encryption switch. PowerProtect
Data Manager creates a system job in the Jobs > System Job window to disable protection encryption.

Additional considerations
Review the following additional considerations for backup and restore encryption.
To validate whether encryption is being used, you can check the status of existing connections on the DD system by running the
ddboost show connections command in the DD Boost CLI:
● The value in the Encrypted column is set to Yes if a connection has been established with encryption.
● If a client establishes a connection with encryption, and establishes another connection without encryption, the value in the
Encrypted column is set to Mixed. This might occur for one of the following reasons:
○ Encryption settings that are defined on a per-client basis remain in place for a while after the client has disconnected. If
the client previously established a connection without encryption and then later established a connection with encryption,
the value shows as Mixed.
○ Encryption settings are not specified for the DD Boost connections that are created on the application agent. Refer to
the individual user guides for more information.
● If encryption settings exist on the DD and are also enabled in PowerProtect Data Manager, the higher encryption setting
takes precedence. As a result, the Encrypted column will always show Mixed or Yes.

Server monitoring with syslog

The syslog system logging feature collects system log messages and writes them to a designated log file. You can configure the
PowerProtect Data Manager server to send event information in syslog format.
PowerProtect Data Manager serves as a syslog client to send diagnostic and monitoring data to the syslog server. You can
access this data to perform audits, monitoring, and troubleshooting tasks.
The syslog server firewall is configured to receive data from PowerProtect Data Manager using the required ports listed in
the PowerProtect Data Manager Security Configuration Guide. If your syslog server uses a port that is not listed, open the
corresponding port on the PowerProtect Data Manager system.
Refer to the PowerProtect Data Manager Security Configuration Guide for the following information:
● Port usage
● Instructions for modifying firewall rules to add custom ports
It is recommended that you configure the PowerProtect Data Manager system to use an NTP server. NTP configuration is
required to synchronize the PowerProtect Data Manager system time with the syslog server.
The selected severity level applies to all selected components. You cannot apply independent severity levels to each component.
For example, selecting Critical forwards critical messages from all selected components. An exception is when you select OS
Kernel or PPDM Alert and Audit, the corresponding audit log is forwarded by default, regardless of the selected severity
level.

130 Modifying the System Settings

If no log messages are transmitted during a 24-hour period, PowerProtect Data Manager generates an alert to check the
PowerProtect Data Manager and syslog server connection to verify that there are no problems preventing the exchange of
messages.

Configure the syslog server

Use the following procedure to enable the syslog server, change the syslog server, change which events are forwarded, and
disable syslog forwarding.

Prerequisites
To use TLS for the syslog connection:
● Import the syslog server security certificate into PowerProtect Data Manager. The PowerProtect Data Manager Security
Configuration Guide provides instructions.
● By default, PowerProtect Data Manager uses anon authentication. If your syslog server uses another form of
authentication, contact Customer Support.

Steps

1. From the PowerProtect Data Manager UI, click , select Logs, and then click Syslog.
The Logs window opens to the Syslog page.
To enable syslog forwarding:
2. Move the Syslog Forwarding slider to the right to enable syslog forwarding.
3. Provide the following information:
● IP Address / FQDN—IP address or fully qualified domain name of the syslog server.
● Port—Port number for PowerProtect Data Manager and syslog server communications.
● Protocol—Protocol to use for communications (TLS, UDP, or TCP).
● Components—Syslog message components.
● Severity Level—Specify the scope of the messages to forward to the syslog server.
To change the syslog server:

4. From the PowerProtect Data Manager UI, click , select Logs, and then click Syslog.
The Logs window opens to the Syslog page.
5. Change the following syslog configuration details:
● IP Address / FQDN—IP address or fully qualified domain name of the syslog server.
● Port—Port number for PowerProtect Data Manager and syslog server communications.
● Protocol—Protocol to use for communications (TLS, UDP, or TCP).
To change which events are forwarded:

6. From the PowerProtect Data Manager UI, click , select Logs, and then click Syslog.
The Logs window opens to the Syslog page.
7. Change the Components and Severity Level.
To disable syslog forwarding:

8. From the PowerProtect Data Manager UI, click , select Logs, and then click Syslog.
The Logs window opens to the Syslog page.
9. Move the Syslog Forwarding slider to the left to disable syslog forwarding.
To apply the changes:
10. Click Save.

Next steps
Once the syslog configuration is complete, check the connection status. Go to System Settings > Logs > Syslog and verify
that the syslog server connection status indicates Connected. If the syslog server is not connected, the status indicates Not
Connected.

Modifying the System Settings 131

Additional system settings
Some system settings directly relate to the deployment and maintenance of PowerProtect Data Manager.
For detailed information about the following topics, see System Maintenance.
● Licensing PowerProtect Data Manager
● Specifying a PowerProtect Data Manager host

Modifying the PowerProtect Data Manager virtual

machine disk settings
Follow the steps in this section, under the guidance and recommendations of Customer Support, to expand the size of the data
disk and system disk.

Modify the data disk size

Follow these steps to expand the size of a data disk that is single partitioned and has the log partition is on the system disk.

Steps
1. Perform the following steps from the vSphere Web Client:
a. Right-click the VM Direct appliance and select Shut Down Guest OS.
b. After the power off completes, right-click the appliance and select Edit Settings.
The Edit Settings window appears with the Virtual Hardware button selected.
c. Increase the provisioned size of Hard disk 2 to the desired size, and then click OK.
NOTE: You cannot decrease the provisioned size of the disk.

d. Right-click the VM Direct appliance and select Power On.

2. Perform the following steps from the appliance console, as the root user.
NOTE: If you use ssh to connect to the appliance, log in with the admin account, and then use the su command to
change to the root account.

a. Reboot the appliance by typing reboot.

b. On the GNU GRUB menu, press Esc to edit the GNU GRUB menu.
c. In the edit screen, search for the line that starts with Linux, and then add word single before the entry splash=0
The following figure provides an example of the edit screen with the updated text.

132 Modifying the System Settings

 Figure 8. Editing the GNU GRUB menu

d. Press Ctrl-x to reboot into single-user mode.

e. When prompted, type the password for the root account.
f. Unmount the data disk, by typing umount /data01.
g. Start the partition utility, by typing parted, and then perform the following tasks:
i. Type select /dev/sdb.
ii. Type print. If you are prompted to fix issues, type fix at each prompt. The output displays the new disk size in the
Size field and the current size in the table.
iii. Type resize 1 new_size. Where new_size is the value that appears in the Size field in the output of the print
command.

For example, to resize the disk to 700 GB, type: resize 1 752GB
iv. Type quit.
3. Reboot the VM Direct appliance by typing systemctl reboot.
4. Log in to the console as the root user.
NOTE: If you use ssh protocol to connect to the VM Direct appliance, log in with the admin account, and then use the
su command to change to the root account.

5. Grow the xfs file system by typing xfs_growfs -d /data01.

6. Confirm the new partition size by typing df -h.

Modify the system disk size

Follow these steps to expand the size of a data disk when the log partition is the last partition on the system disk.

Steps
1. Perform the following steps from the vSphere Web Client:
a. Right-click the VM Direct appliance and select Shut Down Guest OS.
b. After the power off completes, right-click the appliance and select Edit Settings.
The Edit Settings window appears with the Virtual Hardware button selected.
c. Increase the provisioned size of Hard disk 1 to the desired size, and then click OK.

Modifying the System Settings 133

 NOTE: You cannot decrease the provisioned size of the disk.

d. Right-click the VM Direct appliance and select Power On.

2. Boot from a SuSE Linux Enterprise Server (SLES) version 12 CD.
3. Start the partition utility, by typing parted, and then perform the following tasks.
a. Type select /dev/sdx.
b. Type print. If you are prompted to fix issues, type fix at each prompt. The output displays the new disk size in the
Size field and the current size in the table.
c. Type quit.
4. Reboot the VM Direct appliance by typing systemctl reboot.
5. Log in to the console as the root user.
NOTE: If you use ssh protocol to connect to the VM Direct appliance, log in with the admin account, and then use the
su command to change to the root account.

6. Grow the xfs file system by typing xfs_growfs -d /data01.

7. Confirm the new partition size by typing df -h.

Configure the DD system

Prerequisites
Before you can use DD to protect the system, use NFS to export the MTree that PowerProtect Data Manager uses on the DD
system. The setup on the DD system requires that you add the PowerProtect Data Manager client with no_root_squash.

Steps
1. Use a web browser to log in to the DD System Manager as the system administrator.
2. In the Summary tab, Protocols pane, select NFS export > create export.
The Create NFS Exports window appears.
3. In the Create NFS Exports window:
a. In the Export Name field, specify the name of the DD MTree.
b. If you have not yet created the DD MTree, follow the prompts to create the MTree and click Close.
c. In the Directory path field, specify the full directory path for DD MTree that you created. Ensure that you use the same
name for the directory.
d. Click OK.
A message appears to indicate that the NFS export configuration save is in progress and then complete.
e. Click Close.

Virtual networks (VLANs)

PowerProtect Data Manager can separate management and backup traffic onto different virtual networks (VLANs). Virtual
networks help to improve data traffic routing, security, and organization.
The default configuration routes the management traffic over the same network as backup traffic. All assets are part of the
same network.

134 Modifying the System Settings

Figure 9. Flat network

You can also configure virtual networks to separate management traffic from backup traffic. This configuration can also
separate traffic that originates from different networks. In that case, you can use the same virtual network for management and
backup traffic, or separate virtual networks for each.

Figure 10. Virtual networks

To use virtual networks with PowerProtect Data Manager, you must configure the DD and network infrastructure before you
configure the PowerProtect Data Manager or assign networks to assets.
Configuration follows a multistep workflow:
1. Configure the virtual network on the DD.
2. Add the DD as storage and name the network interface.
3. Add the virtual network to the PowerProtect Data Manager.
4. Register the assets with the PowerProtect Data Manager.
5. Create a protection policy (or edit an existing policy) and assign the preferred virtual network.

Modifying the System Settings 135

6. Optionally, assign the virtual network to individual assets. This action overrides any preferred virtual network that you may
have specified through a protection policy.
The initial steps to configure and add each virtual network are one-time events. The subsequent steps to assign virtual networks
to protection policies or assets happen as required.
Configuration is nondisruptive. You can add, edit, or delete virtual networks without affecting background activities,
disconnecting network interfaces, or affecting the PowerProtect Data Manager user interface.
PowerProtect Data Manager logs network changes in the audit log. Failed network changes appear in the System alerts.

Virtual network traffic types

PowerProtect Data Manager supports virtual networks for the following traffic types:

Table 35. Traffic types

Type Description
Management Control traffic, typically HTTPS REST API operations; small file transfers, such as logs and update
packages; other essential traffic, such as identity provider authentication.
Data Large amounts of customer data, such as backup and restore traffic, cloud tiering, and CloudDR
traffic.
Replication DD Boost replication traffic.
Data for Management Customer data that is related to management and control operations, such as ServerDR, indexing
Components and searching, replication monitoring, and copy deletion.

Replication traffic flows between protection storage systems. Where required, configure virtual networks for replication traffic
directly on the protection storage systems.
The Data for Management Components type carries traffic which relates to management operations but which can contain
customer information. Where required, you can separate this traffic from either the Management network, the Data network, or
both.
For example, some environments may support different speeds for each network: a 1 Gbps network for management and a 10
Gbps network for data. Other environments may have policies or rules that govern whether customer data can flow across
the Management network. Separating the Data for Management Components traffic enables you to optimize flow for security,
speed, and other priorities.

Virtual network planning

When you plan your virtual network configuration, observe the following requirements:

Table 36. Component traffic type requirements

Component Compatible types Incompatible types
PowerProtect Data Manager Management, Data for Management Data
Components
Protection engines Data for Management Components, Data Management
Search Engine nodes Data for Management Components Management, Data

While the table indicates compatible traffic types, protection engines can operate without virtual networks.
Separating the Data for Management Components traffic from the Management traffic requires you to name the virtual
networks for protection storage. Name virtual networks for protection storage provides instructions. If you do not name the
virtual networks for protection storage, this traffic defaults to the Management network.

136 Modifying the System Settings

Parallel virtual networks
Your environment may have more than one virtual network for each traffic type, such as different Data networks for different
departments. Where parallel virtual networks exist, all protection engines require an interface to at least one virtual network of
each required type. However, each protection engine does not require connections to all virtual networks of the required types.
For example:
● Your environment has Finance and Engineering departments with their own assets.
● Your environment has the following virtual networks: Management, Finance Data, and Engineering Data.
The following table describes the connections to each virtual network for scenarios where both departments share a protection
engine and where departments have private protection engines.

Table 37. Example: virtual network interfaces

Virtual network name Shared protection engine Private protection engines
Finance protection engine Engineering protection
engine
Management Yes Yes Yes
Finance Data Yes Yes No
Engineering Data Yes No Yes

Even though protection engines require connections for Data traffic, the private protection engines maintain separation
between the virtual networks for each department.
Several of the diagrams for supported virtual network topologies include parallel virtual networks.

Modifying the System Settings 137

Virtual network topologies
The following diagrams illustrate the supported virtual network topologies and how they relate to traffic types:

Single network
This topology assigns all traffic types to the same network. There is no separation between Management and Data or between
agents which belong to different logical organizations.

Figure 11. Single network

Data for Management Components traffic on Management network

This topology separates Management traffic from Data traffic but keeps the Data for Management Components traffic with the
Management traffic.
This tradeoff operates well in environments where the Management network can support frequent large data transfers and
which allow customer data on the Management network.
Thick lines indicate paths that transfer comparatively more data, such as files and update packages. Thin lines indicate paths
that transfer comparatively less data, such as HTTPS API traffic only.

138 Modifying the System Settings

Figure 12. Data for Management Components traffic on Management network

Data for Management Components traffic on Data network

This topology separates Management traffic from Data traffic but keeps the Data for Management Components traffic with the
Data traffic.
This tradeoff operates well in environments where the Management network cannot support frequent large transfers or which
do not allow customer data on the Management network. However, there is no separation between backup data and control
data, and Data for Management Components traffic competes with other traffic.
Thick lines indicate paths that transfer comparatively more data, such as files and update packages. Thin lines indicate paths
that transfer comparatively less data, such as HTTPS API traffic only.

Modifying the System Settings 139

Figure 13. Data for Management Components traffic on Data network

Full separation
This topology implements complete separation between all traffic types for maximum throughput and security. Customer data
does not flow across the Management network.
Thick lines indicate paths that transfer comparatively more data, such as files and update packages. Thin lines indicate paths
that transfer comparatively less data, such as HTTPS API traffic only.

140 Modifying the System Settings

Figure 14. Full separation

Supported scenarios
PowerProtect Data Manager supports virtual networks for the following use cases:
● Virtual machine backups
● Kubernetes backups
● Database backups
● Microsoft Exchange Server backups
● File system backups
● Replication
● Disaster recovery
● Cloud DR
● Storage Data Management
● Search Engine
NOTE: The first time that you use the Networks page to add a virtual network to an environment with existing Search
Engine nodes, PowerProtect Data Manager does not automatically add the virtual network to the Search Engine. Instead,
manually edit each Search Engine node to add the virtual network. This action makes the Search Engine aware of virtual
networks. Any subsequent new virtual networks are automatically added to the Search Engine.

Modifying the System Settings 141

Virtual network prerequisites
Before you configure a virtual network, complete the following actions:
● Register the vCenter server on which PowerProtect Data Manager is deployed. You can verify this on the vCenter tab of
the Asset Sources page. You can also add a hosting vCenter. Specifying the PowerProtect Data Manager host provides
instructions.
● Configure the network switch port for trunk mode. This setting allows the port to carry traffic for multiple VLANs.
● Enable Virtual Guest Tagging (VGT) or Virtual Switch Tagging (VST) mode on the VMware ESXi virtual network switch port
for PowerProtect Data Manager. You can use a standard port group or a distributed port group.
○ VGT—For standard port groups, configure the virtual switch port for VLAN ID 4095, which makes all VLANs accessible.
Alternatively, you can use VLAN trunking, which supports specifying multiple VLANs by ID or range. The VMware ESXi
documentation provides more information.
○ VST—You can configure the port group with a VLAN ID from 1-4094.
● Configure a VLAN interface for the DD through the Interfaces tab on the Hardware > Ethernet window in the DD System
Manager. The DD documentation provides more information.
Dell Technologies recommends that you choose an interface name that incorporates the VLAN ID. For example, the interface
name ethV1.850 for VLAN ID 850.

● Add the DD as protection storage for PowerProtect Data Manager.

PowerProtect Data Manager does not verify the network switch configurations. If the physical or virtual network switch is
incorrectly configured, then virtual network configuration fails.

Configuring virtual networks

The following topics create and maintain virtual networks in PowerProtect Data Manager for use with assets on different
VLANs.
PowerProtect Data Manager names each virtual network in two places: the interface to the protection storage system and the
interface to the protected assets. These names are not required to match. However, Dell Technologies strongly recommends
that you use the same network name in both locations for each virtual network. Record each network name for later use.
Dell Technologies also recommends that you choose network names that incorporate the VLAN ID. For example, sales-
vlan850 for VLAN ID 850.
Adding a virtual network includes creating a pool of static IP addresses. PowerProtect Data Manager uses these addresses for
the local interfaces to the virtual network and for any VM Direct protection engines or Search Engine nodes that you deploy on
this network.
Each VM Direct protection engine or Search Engine node requires an IP address on the virtual network. The PowerProtect Data
Manager interface requires one IP address. Ensure that you have enough IP addresses available on each network to meet this
requirement. To prepare for future expansion, you can add more IP addresses than are initially required.

When you review the list of virtual networks, rows that require attention are indicated with a beside the name. View the
network details for more information.

Name virtual networks for protection storage

After you add protection storage, name the virtual network or networks between the PowerProtect Data Manager and the
protection storage system. To rename a virtual network (edit the network name), repeat these steps.

About this task

Separating the Data for Management Components traffic from the Management traffic requires you to name the virtual
networks for protection storage. If you do not name the virtual networks for protection storage, components such
PowerProtect Data Manager and Search Engine nodes have no route to protection storage over the Data for Management
Components network. This traffic defaults to the Management network.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Storage.
The Storage window appears.

142 Modifying the System Settings

2. On the Protection Storage tab, select the storage system, and then select More Actions > Name Network.
The Name Network window opens and displays a list of known network interfaces, assigned IP addresses, link speeds, and
supported traffic types.
3. Identify the interfaces for each new virtual network, and then select or type names for the virtual networks in the
corresponding fields.
Each interface indicates IP address, link speed, and the supported traffic types.
NOTE: If the storage system is DDVE 7.9, the interface displays undefined-bit/s. To determine the speed of the
virtual interface, refer to the settings of the ESXi host and its physical network adapter.

4. Click Save.
The PowerProtect Data Manager stores the network names.

Add a virtual network

Configure a new virtual network for use with assets and protection policies.

About this task

Each new virtual network requires at least one IP address for each PowerProtect Data Manager network interface. Review the
Number of IP addresses needed field before you supply the required static IP addresses.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Networks.
The Networks window appears.
2. Click Add.
The Add Network wizard opens.
3. For Purpose, select one or more traffic types.
Virtual network traffic types provides more information.
4. In the Network Name field, type the name of the new virtual network.
Dell Technologies recommends that you keep the network names consistent for each VLAN.
5. In the VLAN ID field, type the numeric value 1 through 4094 that corresponds to the VLAN which this virtual network
represents.
6. Provide the applicable Subnet Mask and MTU (maximum transmission unit) values for the virtual network.
Allowable MTU values range from 1500 to 9000.
7. For the Static IP Pools field, provide the indicated number of reserved IP addresses for PowerProtect Data Manager to use
for communication on this virtual network.
To add values to the pool, type an IP address or range, and then click Save. To remove values from the pool, select a value
from the pool, and then click Delete.
You can type each IP address separately, or you can provide an IP address range in the form 10.1.1.4-10.1.1.10.

8. Verify that the static IP address pool contains enough addresses to add the virtual network.
9. Click Next.
The Add Network wizard moves to the Routes page.
10. If applicable, click Add to define any required routes.
The Add Routes page opens. Complete the following substeps:
a. Select a route type:
● If you select Subnet, define the subnet in CIDR format. For example, 10.0.0.0/24.
● If you select Host, type the IP address.
b. Type the IP address of the default gateway through which PowerProtect Data Manager should reach the subnet or host.
c. Click Add.
The Add Routes page closes. The Routes list displays the new route.
d. Review the route information.
If any parameters are incorrect, select the checkbox for that route and then click Delete.
e. Repeat these substeps for any additional required routes.
11. Click Next.

Modifying the System Settings 143

 The Add Network wizard moves to the Summary page.
12. Verify the network configuration information, and then click Finish.
The Add Network wizard closes. The Networks page displays the new network with the Initiating status.

Next steps
PowerProtect Data Manager may take a short time to configure the virtual network.
If the virtual network status changes to Failed, then a corresponding system alert contains more information about the cause
of the failure. Troubleshoot the failure and then complete one of the following actions:
● If the failure was caused by a configuration issue, click Edit to update the network configuration.
● If the failure was transient or had an external cause, and the configuration is correct, click Retry to use the same settings.
NOTE:

When you edit or retry a virtual network operation that failed and there are additional IP addresses in the address pool,
PowerProtect Data Manager marks the last failed IP address as abandoned. PowerProtect Data Manager does not try to
reuse any IP addresses that are marked as abandoned. The UI does not display this condition.

KB article 000181120 provides more information about how to use the REST API to detect when an IP address is marked as
abandoned. The article also provides steps to correct this condition so that the IP address can be used again.

View the details of a virtual network

If the virtual network name is ambiguous, you can view the details to further identify the virtual network before making changes.
You can also identify components that require attention after a change.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Networks.
The Networks window appears.
2. Locate the row that corresponds to the appropriate virtual network.
The columns for each row indicate the associated VLAN ID and network status. Rows that require attention are indicated
with a beside the name.
3. Click for that row.
The Details pane opens to the right.
This pane contains information about the virtual network configuration, such as the static IP address pool details, assigned
traffic types, and configured routes. This pane also lists any components that are configured with an interface on this
network, their types, and their assigned IP addresses.
4. Click X to close the details pane.

Changing virtual network traffic types after configuration

Under normal operation, you configure a virtual network and then assign the interface to new or existing components which
support the selected traffic types. However, should your environment change, you can later change the traffic type settings for
a virtual network.
After you reconfigure a virtual network, the new traffic type settings may no longer align with the interface assignments for
existing components on that virtual network. In these cases, PowerProtect Data Manager notifies you about conflicts between
traffic types and interface assignments, but does not take automatic action.

Instead, the UI marks conflicts with a warning symbol ( ). Administrators should review any warnings and edit the indicated
components to manually remove the incompatible network interfaces. For example:
● Search Engine node interfaces to virtual networks that carry Data traffic, but not Data for Management Components traffic.
● Protection engine interfaces to virtual networks that carry Data for Management Components traffic.
● PowerProtect Data Manager interfaces to virtual networks that carry Data traffic, but not Data for Management
Components traffic.
Under these circumstances, PowerProtect Data Manager continues to operate normally. However, resolving the conflict returns
the IP address to the address pool.

144 Modifying the System Settings

Edit a virtual network
You can change any parameter for a virtual network without deleting the network. For example, to add more IP addresses to the
static IP pool.

Prerequisites
If an IP address from the static IP pool is already in use, you cannot remove the address from the pool.
Before you change the traffic types for a network, disable indexing. Set up and manage indexing provides instructions.

About this task

After deployment, the default network has all traffic types enabled. You can remove the Data and Data for Management
Components types from this network, but not the Management type.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Networks.
The Networks window appears.
2. Locate the row that corresponds to the appropriate virtual network, and then click the radio button to select that row.
The PowerProtect Data Manager enables the Edit and Delete buttons.
3. Click Edit.
The Edit Network wizard opens to the Summary page.
4. Click Edit for the Configuration or Routes sections.
The Edit Network wizard moves to the Configuration or Routes page.
5. Modify the appropriate network parameters, and then click Next.
If you modify the virtual network in a way that requires more IP addresses, you cannot continue until you add more
addresses to the static IP address pool.
The Edit Network wizard moves to the Summary page.
6. Verify the network configuration information, and then click Finish.
The Edit Network wizard closes. The Networks page reflects the updated information, where applicable.
You may need to view the details for the virtual network to verify some changes.

Next steps
If you disabled indexing, re-enable indexing. Set up and manage indexing provides instructions.

Delete a virtual network

Although optional, Dell Technologies recommends that you delete virtual networks when they are no longer required.

Prerequisites
● Unassign the virtual network from any applicable assets.
● Disable indexing. Set up and manage indexing provides instructions.
● Disable every VM Direct Engine that is configured to use the virtual network.
● Disable every Search cluster that uses the virtual network.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Networks.
The Networks window appears.
2. Locate the row that corresponds to the appropriate virtual network, and then click the radio button to select that row.
PowerProtect Data Manager enables the Edit and Delete buttons.
3. Click Delete.
4. Verify the network information, and then click OK to acknowledge the deletion warning.
The PowerProtect Data Manager removes the virtual network from the list on the Networks page.

Modifying the System Settings 145

Next steps
Re-enable indexing, VM Direct Engines, and Search clusters.

Virtual network asset assignment

Assignments identify which assets should use each virtual network. There are two methods to associate an asset with a virtual
network:
● By protection policy

You can configure the PowerProtect Data Manager to choose a preferred virtual network for all assets on a protection
policy.
● By asset
You can assign virtual networks to individual assets. This method is optional and overrides any virtual network assignment
from a protection policy. Assets which are not individually assigned automatically use the preferred virtual network.
You can use this method to specify a virtual network for any asset. However, this method is especially suited to configuring
assets which are exceptions to the rule. You can also split assets on the same application host across multiple virtual
networks. For example, when an asset has its own network interface or belongs to another department.
Dell Technologies recommends that you assign assets to virtual networks by protection policy, where possible.
Before you assign an asset, perform the following actions:
● Test connectivity from the asset host to the PowerProtect Data Manager by pinging the PowerProtect Data Manager IP
address on that virtual network.
● Register the asset source with the PowerProtect Data Manager.
● Approve the asset source.

Assign a virtual network by protection policy

The following steps apply a virtual network to an existing protection policy. You can also assign a virtual network when you
create a protection policy.

About this task

The Network Interface field selects the network interface for communication with the destination protection storage system.
This network carries the backup data.

Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
The Protection Policies window appears.
2. Locate an existing protection policy for which you want to configure a virtual network.
3. Select the radio button for the protection policy, and then click Edit.
The Edit Policy wizard opens to the Summary page.
4. In the Objectives block, click Edit.
The Edit Policy wizard moves to the Objectives page.
5. Select the checkbox for the appropriate schedule.
6. In the Network Interface field, select the correct virtual network from the list.
Each list entry indicates the interface name, interface speed, and virtual network name.
If the network was not named, a combination of the interface name and VLAN ID replaces the virtual network name. For
example, ethV1.850. An interface without a virtual network name behaves as if a virtual network was not configured.

7. Click Next.
The Edit Policy wizard moves to the Summary page.
8. Verify the policy information, and then click Finish.
Ensure that the selected assets are part of the virtual network.
The Edit Policy wizard closes.
9. Click OK to acknowledge the update, or click Go to Jobs to monitor the update.

146 Modifying the System Settings

Assign a virtual network by asset
This procedure is optional. You can assign a virtual network for individual assets or for all assets on a particular application host.

About this task

This setting overrides the network assignment from the protection policy. If PowerProtect Data Manager cannot use this
network assignment for any reason, the setting falls back to the assignment from the protection policy.
NOTE: You cannot back up individual assets across different networks on the same protection policy and application host.
Instead, create a separate protection policy for the assets on each network.

Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
The Assets window appears.
2. Locate the appropriate assets from the list on any tab.
Use the checkbox to select each asset. You can select more than one asset at a time.
3. Click More Actions > Assign Network.
The Associated Assets window opens.
4. To use the virtual network for all assets on the same application host, click Include.
Otherwise, to use the virtual network for only the selected assets, click Do Not Include. Consider whether you require a
separate protection policy for assets on different networks.
The Assign Network window opens.
5. Select a virtual network from the Network Label list, and then click Save.

Results
The PowerProtect Data Manager applies the network selection to the selected assets. The Network column in the list of assets
for each tab now indicates the selected virtual network.

Syslog server disaster recovery

Use the following procedure to restart the log manager service for the syslog server in a server disaster recovery (DR) scenario.

Prerequisites
After disaster recovery of the PowerProtect Data Manager system is complete, perform the following steps on the restored
PowerProtect Data Manager system.

Steps
1. Verify that all PowerProtect Data Manager services are running in System Settings > Support > System Health.
2. Restart the logmgr service by running the command logmgr restart, and then wait for a few seconds for the service
to restart.

Next steps
If your syslog server uses a custom port, open the corresponding port on the restored PowerProtect Data Manager system. The
PowerProtect Data Manager Security Configuration Guide provides more information.

Modifying the System Settings 147

Troubleshooting the syslog connection
Review the following information that is related to troubleshooting the syslog connection.

No messages are transmitted to the syslog server

Log messages are generated in the PowerProtect Data Manager services log files, however these messages are not transmitted
to the syslog server. If this issue occurs, complete the following tasks:
1. Verify that the PowerProtect Data Manager firewall is using the required ports. If your syslog server uses a different port,
open the corresponding port on the PowerProtect Data Manager system.
2. Verify the syslog server firewall. Ensure that the ports are configured to accept data.
3. Verify that the protocol is the same for both PowerProtect Data Manager and the syslog server. If you are using TLS,
PowerProtect Data Manager uses anon authentication by default. If your syslog server uses another form of authentication,
contact Customer Support.

148 Modifying the System Settings

 10
Managing Reports
Topics:
• PowerProtect Data Manager reporting
• Provide feedback on PowerProtect Data Manager reporting
• Port requirements
• Server requirements
• Known issues with the reporting engine and Report Browser
• Configure and deploy the reporting engine
• Updating the reporting engine from version 19.10
• Report Browser
• Deleting the reporting engine
• Managing disaster recovery of the reporting engine

PowerProtect Data Manager reporting

PowerProtect Data Manager comes with a reporting engine that offers reporting capabilities from within the PowerProtect Data
Manager user interface. You can access built-in report templates that you can directly run to generate reports. Feedback can be
provided for future releases.
These reports help you retrieve information about the data protection activities in your environment. Using these reports, you
can diagnose problems, plan to mitigate risks, and forecast future trends. You can also run reports on-demand and export
reports in CSV format.
PowerProtect Data Manager reporting is available for on-premises PowerProtect Data Manager deployments.

NOTE: PowerProtect Data Manager reporting is not supported with PowerProtect Data Manager in cloud environments.

Configure the reporting engine to set up reporting capabilities for PowerProtect Data Manager. After the reporting engine is
configured, you can run reports from Reports > Report Browser.
NOTE: If you are using another reporting tool such as CloudIQ, you can choose not to configure PowerProtect Data
Manager reporting.

Provide feedback on PowerProtect Data Manager

reporting
Use the following procedure to report your satisfaction with the PowerProtect Data Manager reporting feature and provide
feedback. Customer feedback is used to improve the customer experience.

Steps
1. Log in to the PowerProtect Data Manager UI.

2. From the Report Browser window, click in the bottom of the window.
NOTE: The feedback button is only visible if the reporting engine is configured.

The customer feedback survey for the reporting feature opens in a new window, as shown in the following figure:

Managing Reports 149

 Figure 15. Customer feedback survey for reports

NOTE: In environments with limited external connectivity, such as dark sites, an error appears in the web browser and
the customer feedback survey is not displayed.

3. (Optional) Complete the customer feedback survey, and when finished, click Submit.
You have the option to rate your satisfaction with the PowerProtect Data Manager reporting feature and provide details
about your rating.

Port requirements
The following table summarizes the port requirements for PowerProtect Data Manager and the reporting engine. The
PowerProtect Data Manager Security Configuration Guide provides more information about ports for PowerProtect Data
Manager. Read this table in conjunction with the port usage topic for PowerProtect Data Manager.

Table 38. Reporting engine port requirements

Source system Destination system Port Protocol TLS Notes
supported
PowerProtect Data Reporting engine 9002 TCP TLS 1.2 REST API service.
Manager
Reporting engine PowerProtect Data 8443 TCP TLS 1.2 REST API service for collecting
Manager reporting data.

Server requirements
Observe the following requirements for the reporting engine.
● SUSE Linux Enterprise Server (SLES) version 12 SP5
● 8 vCPUs, 16 GB RAM
● Disk 01: 48 GB to install the operating system and Reporting Application Server
● Disk 02: 512 GB to store the reporting data
● Disk 03: 8 GB to store log information

150 Managing Reports

Known issues with the reporting engine and Report
Browser
Administrators should familiarize themselves with the known issues of the new reporting feature before using it. Understanding
the known issues will help with the maintenance of the feature and interpretation of the reports.
The following table describes the known issues of the new reporting feature.

Table 39. Known issues with the reporting engine and Report Browser
Issue
In the Backup Jobs Summary report, the search functionality for the Jobs Distribution table only supports an "equals" filter
type.
The reporting engine status indicates the configuration is successful for failed deployments.
In the Backup Jobs Summary report, the Start Time column in the Jobs Distribution table cannot be sorted.
The Jobs Distribution table for reports displays a long entry for the Job ID whereas the Jobs page displays a short entry for
the Job ID.

When a report is exported to a CSV file, the timestamp in the Last Copy column is displayed in an unreadable format.
Workaround
To convert the timestamp to a regular date and time format, copy the value into an Excel cell, and then complete the following
steps:
1. Assuming the timestamp is in cell A2, use the following formula to generate the GMT Excel time value:
=(A2/86400)+DATE(1970,1,1)

2. Format the cell to use one of the following date formats, or create a custom date format.
● dd-mmm-yy
● dd-mmm-yyyy

The reported sizes of backups and data transfers are incorrect. To determine the correct sizes of backups and data transfers,
perform the following steps:
1. If not already displayed in megabytes, convert the value displayed into megabytes.
2. Divide the value by (1024*1024).
3. If desired, this corrected value in megabytes can be converted to a different unit.
Jobs reports display only the first 10,000 backup jobs retrieved from a data-collection request.

Configure and deploy the reporting engine

Perform the following steps in the PowerProtect Data Manager UI to configure and deploy the reporting engine.

Prerequisites
● You must deploy the reporting engine on a separate virtual machine.
● The vCenter server must be added as an asset source from Infrastructure > Asset Sources.
● The virtual machine requires 500 GB to function properly.
● Configure your firewall so that the reporting engine IP address is only accessible using the PowerProtect Data Manager IP
address.

About this task

It is recommended that you deploy the reporting engine to the vCenter server that hosts PowerProtect Data Manager. To verify
the hosting vCenter:
1. Click the Settings > Hosting vCenter link.
2. Provide the details for the vCenter server that hosts PowerProtect Data Manager or select the hosting vCenter server from
asset sources.

Managing Reports 151

Steps
1. From the PowerProtect Data Manager UI, select Reports > Reporting Engine.
2. Click Configure.
The Configure Reporting Engine dialog box opens.
3. In the Configure Reporting Engine dialog box, complete the required fields:
● vCenter server to deploy—Specify the vCenter server on which to deploy the reporting engine.
If you specified the hosting vCenter server, PowerProtect Data Manager populates the fields with the required
information.
● ESX host or cluster—Select on which cluster or ESXi host you want to configure the reporting engine.
● Host FQDN—Specify the fully qualified domain name (FQDN).
● IP address, Gateway, Netmask, and Primary DNS—Note that only IPv4 addresses are supported.
● Network—Displays all the networks that are available under the selected ESXi host or cluster.
● Data Store—Displays all datastores that are accessible to the selected ESXi host or cluster. Select the datastore.
4. Click Deploy.

Results
PowerProtect Data Manager starts the configuration process. Go to Reporting Engine to check the status. You can also go to
the System Jobs window to monitor the progress of the configuration job.
When the process is complete, a notification appears in the Reporting Engine window to indicate that the configuration is
successful. You can now access reports from Reports > Report Browser.

Updating the reporting engine from version 19.10

Unless certain procedures are followed when updating PowerProtect Data Manager from version 19.10, any deployed reporting
engine fails to update.
If you have deployed the reporting engine and are updating from PowerProtect Data Manager version 19.10, you must decide if
you want to keep existing reporting data or delete it.

Keep reporting data

To update PowerProtect Data Manager and keep reporting data, see KB article 000199837: PowerProtect Data Manager
(PPDM) 19.10 Reporting update procedure.

Delete reporting data

To update PowerProtect Data Manager and delete reporting data, follow these steps:
1. Delete the reporting engine. For more information, see Deleting the reporting engine.
2. Install the PowerProtect Data Manager update package.
3. Reconfigure and redeploy the reporting engine.

Report Browser
Use the Report Browser to view detailed reports for the data protection activities in your environment. When you open the
Report Browser, the reports are displayed in the window.
Go to Reports > Report Browser to access the reports.
Each report displays as a card. When you click a report, the report displays as one tab in the Reports Browser view.

152 Managing Reports

Reports
Learn about the reports that are available in the Report Browser.
The following table describes the reports:

Table 40. Reports

Report Description
Backup Jobs Summary Provides key performance indicators on backup jobs, based on
the selected filters of status, assets, and duration. Information
includes success and failure metrics (total and per asset
type), job success, data transfer rates, and a list of top
offenders.
Restore Jobs Summary Provides key performance indicators on restore jobs, based on
the selected filters of status, assets, and duration. Information
includes success and failure metrics (total and per asset
type), job success, and data transfer rates.
Replication Jobs Summary Provides key performance indicators on replication jobs,
based on the selected filters of status, assets, and duration.
Information includes success and failure metrics (total and per
asset type), job success, and data transfer rates.

The following figure provides an example Backup Jobs Summary report. The Backup Jobs Summary, Restore Jobs
Summary, and Replication Jobs Summary reports display the same widget types.

Managing Reports 153

Figure 16. Backup Jobs Summary report

For each report, you can:

● Filter reports by choosing specific metrics.
● Customize reports by hiding and showing columns in tables, or hiding and showing widgets.
● Export individual widgets in CSV format.
● Remove widgets from a report.

154 Managing Reports

Add a report
To add a report for the first time, in the Report Browser view, click the report type that you want to add.
To add another report, click + next to the existing tab. A new report tab is added.

Data collection frequency

PowerProtect Data Manager collects report data at regular intervals. The following table provides information about the type of
data that PowerProtect Data Manager collects and the data collection frequency.

Table 41. Data collection frequency

Type of data Description Data collection frequency
Status Overall status of the PowerProtect Data Manager Every 15 minutes.
server.
Configuration Information about assets. Every 12 hours.
Protection jobs Information about data protection activities, including Every 5 minutes.
Protect, Restore, and Replicate jobs.

NOTE: Report data is not live and is as up-to-date as the last successful data collection request. Therefore, reports should
be used for historical purposes only.
● To view live jobs data, go to Jobs > Protection Jobs.
● To view live asset data, go to Infrastructure > Assets.
● For a high-level view of the overall state of the PowerProtect Data Manager system, go to Dashboard.

Filters and customization options for reports

Click Edit at the top of the Report Browser view. The filters and layout pane opens.
Use the Filters and Layout tabs to filter and sort the content that you want to include in a report:
● Filters—Select and apply filters.
● Layout—Show or hide widgets and show or hide table columns:
○ Visualizations—Select the widgets that you want to include in the report. Clear the checkbox next to the widget name
to hide it from the report.
○ Show / Hide Columns (Data Table)—Select the columns that you want to see in the table. Clear the checkbox next to
the column name to hide it.
When satisfied with your selections, click Apply.
To reset the filters and settings, click Reset. This action ensures that filters and settings are reset to the default value.

You can also filter and sort the information that appears in table columns. Click in the column heading to filter the
information in a table column, or click a table column heading to sort that column.

To see a complete list of filtering and sorting columns, click at the bottom left of the window.
Filter and customize reports provides more information.

More report options

In the Report Browser view, a report icon (three vertical dots) appears in the upper right corner of a widget. Clicking this icon
opens a menu and allows you to perform more actions on your reports.
The following table describes the menu items for a widget:

Managing Reports 155

Table 42. More report options
Menu item Select the menu item to:
Export to CSV Export the content of a selected widget to a CSV file.
Remove Delete the selected widget from the report.
NOTE: You can add the widget again by clicking Edit
> Layout, selecting the widget, and then clicking Apply.
This action displays the selected widget in the report.

Backup Jobs Summary

Backup Jobs Summary provides key performance indicators on backup jobs that are based on the asset type and scope, job
status, and duration. The report includes success and failure metrics in total and per asset type, as well as information about job
success or failure, data transfer rates, and a top 10 list of backups with the highest consecutive failure count.
Click Backup Jobs Summary in the Report Browser to open the report. The report displays as one tab in the Report
Browser.
The following table describes the widgets that are available in the Backup Jobs Summary report.

Table 43. Backup Jobs Summary widgets

Widget Description
Total Jobs Summary Displays the total number of successful and failed backup jobs, along with a percentage summary.

Asset Types Displays the total number of successful and failed backup jobs, based on asset type.

Job Success and Fail Rate Displays the number of successful and failed backup jobs over a period of time.

Data Transfer Rate Displays the rate of data transfer over a period of time.

3 Strike Summary Displays the total number of assets that have not been backed up for one or more days
consecutively:
● One Strike—Count of the number of assets that have one protection job failure.
● Two Strikes—Count of the number of assets that have two consecutive protection job
failures.
● Three Strikes—Count of the number of assets that have three consecutive protection job
failures.
NOTE: Assets on the strike summary are reported once in the strike category for which it has
the most strikes. Assets are not double counted in the specific categories for fewer strikes
even if that might match the criteria.

Top 10 Offenders Displays the assets with the highest count of consecutive primary backup failures, indicating the
number of failures along with the time of the last successful backup.
Jobs Distribution Displays details and status of all jobs, including:
● Backup Job ID
● Asset Name
● Asset Type
● Host
● Start Time
● Job Status
● Policy Name
● Data Transferred

156 Managing Reports

Restore Jobs Summary
Restore Jobs Summary provides key performance indicators on restore jobs that are based on the asset type and scope, job
status, and duration. The report includes success and failure metrics in total or by asset type, as well as information about job
success or failure, data transfer rates, and a top 10 list of restores with the highest consecutive failure count.
Click Restore Jobs Summary in the Report Browser to open the report. The report displays as one tab in the Report
Browser.
The following table describes the widgets that are available in the Restore Jobs Summary report.

Table 44. Restore Jobs Summary widgets

Widget Description
Total Jobs Summary Displays the total number of successful and failed restore jobs, along with a percentage summary.

Asset Types Displays the total number of successful and failed restore jobs, based on asset type.

Job Success and Fail Rate Displays the number of successful and failed restore jobs over a period of time.

Data Transfer Rate Displays the rate of data transfer over a period of time.

3 Strike Summary Displays the total number of assets that have not been backed up for one or more days
consecutively:
● One Strike—Count of the number of assets that have one restore job failure.
● Two Strikes—Count of the number of assets that have two consecutive restore job failures.
● Three Strikes—Count of the number of assets that have three consecutive restore job
failures.
NOTE: Assets on the strike summary are reported once in the strike category for which it has
the most strikes. Assets are not double counted in the specific categories for fewer strikes
even if that might match the criteria.

Top Offenders Displays the assets with the highest count of consecutive primary backup failures, indicating the
number of failures along with the time of the last successful restore.
Jobs Distribution Displays details and status of all jobs, including:
● Backup Job ID
● Asset Name
● Asset Type
● Host
● Start Time
● Job Status
● Policy Name
● Data Transferred

Replication Jobs Summary

Replication Jobs Summary provides key performance indicators on replication jobs that are based on the asset type and
scope, job status, and duration. The report includes success and failure metrics in total or per asset type, as well as information
about job success or failure, data transfer rates, and a top 10 list of backups with the highest consecutive failure count.
Click Replication Jobs Summary in the Report Browser to open the report. The report displays as one tab in the Report
Browser.
The following table describes the widgets that are available in the Replication Jobs Summary report.

Table 45. Replication Jobs Summary widgets

Widget Description
Total Jobs Summary Displays the total number of successful and failed replication jobs, along with a percentage
summary.

Managing Reports 157

Table 45. Replication Jobs Summary widgets (continued)
Widget Description
Asset Types Displays the total number of successful and failed replication jobs, based on asset type.

Job Success and Fail Rate Displays the number of successful and failed replication jobs over a period of time.

Data Transfer Rate Displays the rate of data transfer over a period of time.

3 Strike Summary Displays the total number of assets that have not been backed up for one or more days
consecutively:
● One Strike—Count of the number of assets that have one replication job failure.
● Two Strikes—Count of the number of assets that have two consecutive replication job
failures.
● Three Strikes—Count of the number of assets that have three consecutive replication job
failures.
NOTE: Assets on the strike summary are reported once in the strike category for which it has
the most strikes. Assets are not double counted in the specific categories for fewer strikes
even if that might match the criteria.

Top 10 Offenders Displays the assets with the highest count of consecutive primary backup failures, indicating the
number of failures along with the time of the last successful backup.
Jobs Distribution Displays details and status of all jobs, including:
● Backup Job ID
● Asset Name
● Asset Type
● Host
● Start Time
● Job Status
● Policy Name
● Data Transferred

Filter and customize reports

The Report Browser provides options to filter and customize report data.
The following table provides steps to filter and customize the Backup Jobs Summary, Restore Jobs Summary, and
Replication Jobs Summary reports.
NOTE: Filters that are applied to reports are retained for the duration of the browser session. When a report is closed and
then reopened during the same browser session, the applied filters are retained.

Table 46. Filtering and customizing the Backup Jobs Summary, Restore Jobs Summary, and Replication
Jobs Summary reports
Options Steps
(Optional) Filter based on 1. Click Edit at the top of the report.
asset type, asset scope,
The filters and layout pane opens to the Filters tab.
job status, and duration.
2. Select one or more asset types from the list.
3. Select whether to include all assets or custom assets:
● Select All to include all assets.
● Select Custom to choose specific assets. If you select Custom, click the Select assets
link and select one or more assets from the list. When complete, click Next, and then click
OK.
4. Select one or more job statuses that you want to filter on. Status types include:
● Successful
● Partially Successful

158 Managing Reports

Table 46. Filtering and customizing the Backup Jobs Summary, Restore Jobs Summary, and Replication
Jobs Summary reports (continued)
Options Steps
● Failed
● In Progress
● Canceled & Skipped
5. Duration—Select the time range for the report:
● All
● Last 24 hours
● Last 7 days (default)
● Last 30 days
● Specific date
● Custom date range
NOTE: The report data reflects the data that is collected during the specified period. If
you select All, the report populates all available data.
6. Click Apply.
7. To reset the filters and settings, click Reset.
(Optional) Hide or show 1. Click the Layout tab.
widgets, and hide or show 2. Expand Visualizations and select the widgets that you want to include in the report. Clear
table columns the checkbox next to the widget to hide it from the report.
By default, all widgets 3. Expand Show / Hide Columns (Data Table) and select the table columns that you want to
and table columns are appear in the report. Clear the checkbox next to the table column to hide it from the report.
selected. Alternatively, click at the bottom of the table to show or hide table columns.
4. Click Apply.
5. To reset the filters and settings, click Reset.

Deleting the reporting engine

Review the following information about deleting the reporting engine.
CAUTION: Deleting the reporting engine deletes all report data.

It is recommended that you do not delete the reporting engine.

To delete the reporting engine from PowerProtect Data Manager, go to Reports > Reporting Engine and click Delete. A
notification appears in the window to indicate that deleting the reporting engine results in data loss.

Reconfiguring the reporting engine after deletion

To reconfigure the reporting engine, go to Reports > Reporting Engine and click Configure. For detailed steps on how to
configure the reporting engine, go to Configure and deploy the reporting engine.

Managing disaster recovery of the reporting engine

As an administrator, you want to ensure that the reporting engine is protected from a disaster.
When the reporting engine is deployed, the following occurs:
● The reporting engine and all reporting data are automatically backed up with configured server DR backups.
● If PowerProtect Data Manager is recovered from a server DR backup, the reporting engine and all reporting data are also
recovered.
NOTE: After the first recovery of the reporting engine and all reporting data, the reporting engine and all reporting data
are no longer backed up with subsequent server DR backups. If another recovery is performed, the reporting engine and all
reporting data are recovered to the state of the first recovery. To resolve this issue, contact Customer Support.

Managing Reports 159

 11
Configuring and Managing the PowerProtect
Agent Service
Topics:
• About the PowerProtect agent service
• Start, stop, or obtain the status of the PowerProtect agent service
• Register the PowerProtect agent service to a different server address
• Recovering the PowerProtect agent service from a disaster
• Troubleshooting agent registration

About the PowerProtect agent service

The PowerProtect agent service is a REST API based service that is installed by the application agent on the application host.
The agent service provides services and APIs for discovery, protection, restore, instant access, and other related operations.
The PowerProtect Data Manager uses the agent service to provide integrated data protection for the application assets.
This section uses <agent_service_installation_location> to represent the PowerProtect agent service installation
directory. By default, the agent service installation location is C:\Program Files\DPSAPPS\AgentService on Windows
and /opt/dpsapps/agentsvc on Linux. All files that are referenced in this section are the relative paths to the agent service
installation location.
The PowerProtect agent service performs the following operations:
● Addon detection—An addon integrates the application agent into the agent service. The agent service automatically detects
the addons on the system for each application asset type and notifies the PowerProtect Data Manager. While multiple
addons can operate with different asset types, only one agent service runs on the application host. Specific asset types can
coexist on the same application host.
● Discovery—The agent service discovers both stand-alone and clustered database servers (application systems), databases
and file systems (assets), and their backup copies on the application agent host. After the initial discovery, when the agent
service discovers any new application systems, assets, or copies, the agent service notifies the PowerProtect Data Manager.
● Self-service configuration—The agent service can configure the application agent for self-service operations by using
information that is provided by the PowerProtect Data Manager. When you add an asset to a protection policy for
self-service or centralized protection, or modify the protection policy, including changing the DD Boost credentials, the
PowerProtect Data Manager automatically pushes the protection configuration to the agents.
NOTE: If you change the DD Boost credentials to include \ in the password, the protection policy configuration will not
be pushed to the agents unless you also select the protection policy from the Protection Policies window, and then
click Set LockBox.
● Centralized backups—The agent service performs the centralized backups as requested by the PowerProtect Data
Manager.
● Centralized restores—The agent service performs the centralized restores as requested by the PowerProtect Data
Manager.
NOTE: In the current release, the centralized restores are only available for the File System agent, Microsoft SQL
Server agent, and Storage Direct agent.
● Backup deletion and catalog cleanup—The PowerProtect Data Manager deletes the backup files directly from the protection
storage when a backup expires or an explicit delete request is received and no dependent (incremental or log) backups exist.
The PowerProtect Data Manager goes through the agent service to delete the catalog entries from the database vendor's
catalog and the agent's local datastore.
NOTE: Deletion of any backup copies manually or through the command line is not recommended. PowerProtect Data
Manager deletes all the expired copies as needed.
The agent service is started during the agent installation by the installer. The agent service runs in the background as a service
and you do not interact with it directly.

160 Configuring and Managing the PowerProtect Agent Service

The config.yml file contains the configuration information for the agent service, including several parameter settings that
you can change within the file. The config.yml file is located in the <agent_service_installation_location>
directory.
The agent service periodically starts subprocesses to perform the discovery jobs. You can see the type and frequency of these
jobs in the jobs: section of the config.yml file. The job interval unit is minutes.
The agent service maintains a datastore in the <agent_service_installation_location>/dbs/v1 directory, which
contains information about the application system, assets, and backups discovered on the system. The size of the datastore files
depends on the number of applications and copies on the host. The agent service periodically creates a backup of its datastore
in the <agent_service_installation_location>/dbs/v1/backups directory, as used to recover the datastore if
this datastore is lost.
NOTE: The size of each datastore backup is the same as the datastore itself. By default, a backup is created every hour.
To save space on the file system, you can reduce this datastore backup frequency for large datastores. By default, the
datastore backup is retained for one week. You can change the datastore backup frequency, retention period, and backup
location in the config.yml file.

Start, stop, or obtain the status of the PowerProtect

agent service
The PowerProtect agent service is started during the agent installation by the installer. If needed, you can use the appropriate
procedure to start, stop, or obtain the status of the agent service.
On Linux, you can start, stop, or obtain the status of the agent service by running the register.sh script that is found in the
<agent_service_installation_location> directory.
● To start the agent service:

# register.sh --start

Started agent service with PID - 1234

● To stop the agent service:

# register.sh --stop

Successfully stopped agent-service.

● To obtain the status when the agent service is running:

# register.sh --status

Agent-service is running with PID - 1234

● To obtain the status when the agent service is not running:

# register.sh --status

Agent-service is not running.

On Windows, you can start, stop, or obtain the status of the PowerProtect agent service from the Services Manager, similar to
other Windows services. The name of the service in Services Manager is PowerProtect Agent Service.

Register the PowerProtect agent service to a

different server address
The PowerProtect agent service is registered to a particular PowerProtect Data Manager server during the agent installation by
the installer. If needed, you can register the agent service to a different PowerProtect Data Manager server address.
The agent service can only be registered to a single PowerProtect Data Manager server. When you register the agent service to
a new server, the agent service will automatically unregister from the previous server address.

Configuring and Managing the PowerProtect Agent Service 161

On Linux, you can register the agent service to a different server address by running the register.sh script that is found in
the <agent_service_installation_location> directory.

NOTE: The register.sh script stops the currently running agent service.

● The following command prompts for the new IP address or hostname:

# register.sh

Enter the PowerProtect Data Manager IP address or hostname: 10.0.01

Warning: Changing IP of PowerProtect Server from 192.168.0.1 to 10.0.0.1

Started agent service with PID - 1234

● The following command includes the new IP address on the command line:

# register.sh --ppdmServer=10.0.0.1

Warning: Changing IP of PowerProtect Server from 192.168.0.1 to 10.0.0.1

Started agent service with PID - 1234

On Windows, you can change the PowerProtect Data Manager server address by launching the agent installer and selecting the
change option. Change the PowerProtect Data Manager service address from the Configuration Install Options page.

Recovering the PowerProtect agent service from a

disaster
You can perform self-service restores of application assets by using a file system or application agent, regardless of the state of
the agent service or PowerProtect Data Manager. The information in this section describes how to bring the agent service to an
operational state to continue if a disaster occurs and the agent service datastore is lost.
The agent service periodically creates a backup of its datastore in the
<agent_service_installation_location>/dbs/v1/backups repository. If all of these backups are lost, the agent
service can still start. The agent service discovers all the application systems, assets, and backup copies on the system again,
and notifies PowerProtect Data Manager. Depending on when the failure occurred, the agent service might not be able to
find older backup copies for some asset types. As a result, the centralized deletion operations might fail when cleaning up the
database vendor catalog or removing older backups that are taken before the asset is added to PowerProtect Data Manager.
By default, the agent service backs up consistent copies of its datastore files to the local disk every hour and keeps the
copies for 7 days. Each time the agent service backs up the contents of the datastore, it creates a subdirectory under
the <agent_service_installation_location>/dbs/v1/backups repository. The subdirectories are named after the
time the operation occurred, in the format YYYY-MM-DD_HH-MM-SS_epochTime.
By default, the datastore repository is on the local disk. To ensure that the agent service datastore and its local backups are not
lost, it is recommended that you back up the datastore through file system backups. You can also change the datastore backup
location to a different location that is not local to the system. To change the datastore backup location, update the values in the
config.yml file.

Restore the PowerProtect Data Manager agent service datastore

Prerequisites

NOTE: Ensure that the agent service is powered off. Do not start the agent service until disaster recovery is complete.

About this task

You can restore the datastore from the datastore backup repository. If the repository is no longer on the local disk, restore the
datastore from file system backups first.
To restore the datastore from a backup in the datastore backup repository, complete the following steps:

162 Configuring and Managing the PowerProtect Agent Service

Steps
1. Move the files in the <agent_service_installation_location>/dbs/v1 directory to a location for safe keeping.
NOTE: Do not move or delete any <agent_service_installation_location>/dbs/v1 subdirectories.

2. Select the most recent datastore backup.

The directories in the datastore backup repository are named after the time the backup was created.
3. Copy the contents of the datastore backup directory to the <agent_service_installation_location>/dbs/v1
directory.
After the copy operation is complete, the <agent_service_installation_location>/dbs/v1 directory should
contain the following files:
● copies.db
● objects.db
● resources.db
● sessions.db
4. Start the agent service.

Troubleshooting agent registration

Review the following information that is related to troubleshooting agent registration issues.
On Windows, if the agent fails to establish a connection with the PowerProtect Data Manager server, agent registration might
fail with the following error message:

During a network connectivity test, the agent is unable to reach the PowerProtect Data
Manager server by using ping.

1. If the ping command is blocked in the environment, the agent registration can
still complete successfully.
Review the agent service logs at INSTALL_DIR\DPSAPPS\AgentService\logs to verify that
the registration is successful. If the registration is successful, the status of the
agent host indicates Registered in the PowerProtect Data Manager UI.
2. If the ping command is not blocked in the environment, the agent registration
might not complete successfully because a network connection cannot be started. If this
occurs, complete the following steps to troubleshoot the issue:

On Linux or AIX, if the agent fails to establish a connection with the PowerProtect Data Manager server, agent registration
might fail with the following error message:

During a network connectivity test, the agent is unable to reach the PowerProtect Data
Manager server by using ping and curl.

1. If the ping command is blocked in the environment and curl is not installed, the
agent registration can still complete successfully.
Review the agent service logs at /opt/dpsapps/agentsvc/logs to verify that the
registration is successful. If the registration is successful, the status of the agent
host indicates Registered in the PowerProtect Data Manager UI.
2. If the ping command is not blocked in the environment, the agent registration
might not complete successfully because a network connection cannot be started. If this
occurs, complete the following steps to troubleshoot the issue:

If agent registration fails with these error messages, complete the following operation:
1. Use any network packet tracing tool to trace the packets from the agent system to PowerProtect Data Manager.
2. Start the packet tracing between the source IP of the agent system and the destination IP of PowerProtect Data Manager.
3. Start the network traffic between the agent system and PowerProtect Data Manager.
Wait 10 to 15 seconds.
4. Analyze the captured packets.
5. Look for SYN and SYN_ACK packets to see if a 3-way handshake is being performed.
Determine whether the source agent or the destination PowerProtect Data Manager is blocking the connection.
If network traffic is blocked, contact your network security team to resolve the port communication issue.

Configuring and Managing the PowerProtect Agent Service 163