0% found this document useful (0 votes)

28 views871 pages

Compilado PowerProtect DES-DD23

The document provides an overview of PowerProtect DD, a data protection appliance designed to reduce storage requirements while ensuring data security and compliance. It details the system's architecture, features, and current models, highlighting capabilities such as deduplication, replication, and cloud integration. Additionally, it outlines management tools and operational features that enhance data protection and recovery processes.

Uploaded by

luigichacon10

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

28 views871 pages

Compilado PowerProtect DES-DD23

Uploaded by

luigichacon10

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 871

POWERPROTECT DD

CONCEPTS AND
FEATURES

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Internal Use - Confidential
Table of Contents

PowerProtect DD Concepts and Features ........................................................................... 1

Introduction to PowerProtect DD.............................................................................. 2

PowerProtect DD System Overview ..................................................................................... 3
PowerProtect DD System Overview ..................................................................................... 4
PowerProtect DD System Overview ..................................................................................... 6
PowerProtect DD System Overview ..................................................................................... 7
Current Models .................................................................................................................... 9
Hardware Features ............................................................................................................ 12
PowerProtect DD Virtual Edition (DDVE) Features ............................................................ 13
Feature and Capacity Licensing ......................................................................................... 17

Architecture and Technology Overview................................................................. 18

Data Paths and Supported Protocols ................................................................................. 19
DDOS File System ............................................................................................................. 20
DDOS Deduplication .......................................................................................................... 21
Stream Informed Segment Layout (SISL) .......................................................................... 22
Data Invulnerability Architecture (DIA) ............................................................................... 24

DD Operating System Features and Capabilities .................................................. 25

DD Boost ........................................................................................................................... 26
Replication ......................................................................................................................... 27
Cloud Tier .......................................................................................................................... 28
BoostFS ............................................................................................................................. 29
PowerProtect DD High Availability ..................................................................................... 31
DD Retention Lock ............................................................................................................. 32
Secure Multi-Tenancy (SMT) ............................................................................................. 34
DD Virtual Tape Library (DD VTL) ...................................................................................... 35
Data Security ..................................................................................................................... 36
System Access Features ................................................................................................... 37
Dell Secure Remote Service .............................................................................................. 39
Storage Migration............................................................................................................... 40

PowerProtect DD Concepts and Features

Page ii © Copyright 2020 Dell Inc.

Minimally Disruptive Upgrade (MDU) ................................................................................. 41

PowerProtect DD Management Overview .............................................................. 43

Command Line Interface (CLI) ........................................................................................... 44
DD System Manager (DDSM) ............................................................................................ 46
PowerProtect DD Management Center (DDMC) ................................................................ 47

Appendix ................................................................................................. 49

Glossary ................................................................................................ 101

PowerProtect DD Concepts and Features

Internal Use - Confidential

PowerProtect DD Concepts and Features

Introduction to PowerProtect DD

PowerProtect DD Concepts and Features

Internal Use - Confidential

Page 2 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

PowerProtect DD System Overview

What is a PowerProtect PowerProtect DD Replication3

DD system?1 Deduplication and
Encryption2

1PowerProtect DD systems are purpose-built, data protection appliances that are

designed to reduce the amount of disk storage that is required to retain and protect
data.

2 One of the key differentiators PowerProtect DD systems offers is the ability to

deduplicate and encrypt data inline as it is written to disk. Furthermore
PowerProtect DD systems meet various US and international compliance
regulations.

3All data sent to a PowerProtect DD system can be efficiently replicated to a

secondary site for disaster recovery. Also, data can be sent to the public, private, or
hybrid cloud for long-term protection.

PowerProtect DD Concepts and Features

PowerProtect DD System Overview

Challenges4 1: Clients and 2: Backup 3: Tape 4: Tape

Servers5 Server6 Transport7 Restore
Process8

4 The diagram here illustrates the conventional process of handling backups

through backup servers. Increasing the storage speed and capacity for the data
that is generated along with the cost-effectiveness is a perpetual challenge. One of
the most expensive and resource-intensive tasks are gathering, storing, and
protecting data backups. Writing data to tapes and shipping them offsite for storage
is one of the largest financial and labor resource challenges in the conventional
tape-centric environment.

5 Clients and servers store data on the primary storage device.

6The conventional process of handling backups is through backup servers. The

backup servers preserve the data on the primary storage device by copying it to
disk-based storage or a tape library.

7 Tapes are physically transported and stored offsite for archival and disaster
recovery purposes. If there is a negative event in the data center, moving tapes
offsite prevents the loss of backup data.

8Data recovery requires a manual process of transporting the tapes back to the
primary storage device in the data center.

PowerProtect DD Concepts and Features

Internal Use - Confidential

Page 4 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

Backup Environment Without PowerProtect DD

Challenges Data Center Data Recovery Site

Clients

Primary
Storage

Speed

Restore
Process

Capacity Backup
Servers Management
Server

Tape
Cost
Transport

PowerProtect DD Concepts and Features

PowerProtect DD System Overview

Introducing PowerProtect DD systems

Scalability and Efficient Resource Reliable Access Seamless

Performance9 Utilization10 and Recovery11 Integration12

9Reduces required storage by 50-65x. Protects up to 211.2 PB of logical capacity,

and completes backups faster – up to 94 TB per hour on the high end appliance
(DD9900).

10 Sends only deduplicated data across the network to reduce bandwidth required

11 End-to-end data verification, fault detection, and self-healing

12 Integrates with leading backup, archiving, and enterprise applications

PowerProtect DD Concepts and Features

Internal Use - Confidential

Page 6 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

PowerProtect DD System Overview

Applications13 1: Clients and 2: Data 3: Data 4: Data

Servers14 Center15 Replication16 Recovery17

13PowerProtect DD systems support many backup, archive, and enterprise

applications. The list includes not only Dell EMC NetWorker and Avamar,
PowerProtect Data Manager(PPDM) but also products by Quest, Veritas, Oracle,
HP, IBM, SAP Hana, and others.

14When a PowerProtect DD appliance is added to a backup environment, clients

and servers still store data on the primary storage device. However, if NetWorker or
Avamar are used to backup clients, the clients may also backup data directly to the
PowerProtect DD appliance.

15If clients do not back up directly to the PowerProtect DD appliance using Avamar
or Networker, the backup servers preserve the data on the PowerProtect DD
appliance. Deduplication greatly reduces the data footprint before the data is
backed up. Global compression technology combines an exceptionally efficient
high-performance inline deduplication technology with a local compression
technique. The reduced data footprint allows data to be retained on-site for longer
periods and allows transfer across the network for archival. If regulatory or
corporate policies require tape backups, tape backups can be incorporated into a
PowerProtect DD environment.

16 DD Replicator software transfers only the deduplicated and compressed unique

changes across any IP network. PowerProtect DD appliances use replication
methods that require a fraction of the bandwidth, time, and cost, compared to
traditional replication methods. “Time-to-DR readiness” is greatly reduced when
compared to other replication methods.

PowerProtect DD Concepts and Features

Backup Environment with PowerProtect DD

Backup Applications Data Center Data Recovery Site

Clients

Disaster Recovery PowerProtect DD

Primary PowerProtect DD System
System

Archive Applications

Servers

Enterprise Applications WA
N

Backup
Management
Server

17The elimination of time-consuming and resource-intensive handling of tape

similarly transforms the data recovery process.

PowerProtect DD Concepts and Features

Internal Use - Confidential

Page 8 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

Current Models

3 5
2 4

1: PowerProtect DD Virtual Edition (DDVE) is a customer-deployable virtual

deduplication appliance that provides data protection for entry, enterprise, and
service provider environments.

DDVE is agile, it is designed for use with VMware, it is exceptionally quick to set up
and run. You can start with a small capacity configuration and scale as large as 96
TB.

It is flexible as it offers a flexible deployment environment that includes

deduplication, replication, DD Boost, and scalable storage capacity. Users can take
advantage of the same powerful deduplication feature available in all PowerProtect
DD hardware products along with the security of full replication capabilities.
Optional use of DD Boost to further speed-up data transfers to your own scalable
storage configurations, making DDVE efficient.

2: The DD3300 is a small and robust protection storage platform, ideal for both
SMBs, and branch or departmental data protection for larger enterprises. The
DD3300 with Cloud Tier can back up a logical capacity up to 4.8 PB in the cloud
with extensive API support.

3: The DD6900 offers 1.3 times greater system scale than its predecessors and
can backup up to 288 TB usable capacity. That usable capacity is expanded to up
to 576 TB with Cloud Tier.

PowerProtect DD Concepts and Features

4: The DD9400 has a throughput up to 57 TB per hour and delivers scalability 2.5
times greater than previous generations. It can backup up to 768 TB of usable
capacity, with up to 1.54 PB usable with Cloud Tier.

5: The DD9900 has a throughput of up to 94 TB per hour. It can backup up to 1.25

PB of usable capacity and up to 2.02 PB usable when using Cloud Tier.

Expansion Shelves
Listed are the capacities and compatibilities of the options for the expansion
shelves.

1. ES40

ES40 can accommodate 15, 4 TB or 8 TB drives and supports the DD6900,

DD9400, and DD9900.

2. DS60

The DS60 (Dense Storage) shelf supports 3 TB, 4 TB, or 8 TB SAS drives in
15 drive increments, up to 60 drives per shelf. DS60 supports DD6900,
DD9400, and DD9900 systems. 8 TB SAS drives are only supported on the
DD9400 and DD9900.

PowerProtect DD Concepts and Features

Internal Use - Confidential

Page 10 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

3. FS25

The FS25 (Flash Storage) SSD shelf is a solid-state expansion shelf that is
used exclusively for the metadata cache in a PowerProtect DD system. The
FS25 is supported on the DD6900, DD9400, and DD9900. The FS25 is only
supported on the DD6900 and DD9400 in a DD high availability (DD HA)
configuration.

PowerProtect DD Concepts and Features

Hardware Features

PowerProtect DD appliances are based on basic hardware architecture.

Head Unit and Expansion Shelves

Connectivity and Redundancy

Documents for specific hardware models are published on the Dell EMC support
site.

PowerProtect DD Concepts and Features

Internal Use - Confidential

Page 12 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

PowerProtect DD Virtual Edition (DDVE) Features

DDVE Evaluation18

18 Dell EMC offers a DDVE evaluation license for a limited 500 GB capacity. The
evaluation license includes DD Boost, Replication, and Encryption with no set
expiration. This license can be replaced with larger capacity licenses if needed – up
to a maximum of 96 TB. Other limited time evaluation licenses are also available.

PowerProtect DD Concepts and Features

Features DDVE Optimized Features20 Other

only on DDOS
DDVE19 features21

DD Operating System (DDOS) Features

DDOS is the intelligence that powers Dell EMC PowerProtect DD appliances.

DDOS provides the agility, security, and reliability that enables the PowerProtect
DD platform to deliver scalable, high-speed, and cloud-enabled protection storage
for backup, archive, and disaster recovery.

DDOS has a wide range of features to protect sensitive data. Most of the features
that are listed are covered in more detail later in the course.

4. BoostFS

19 Features that are supported only on DDVE are the deployment assessment tool,
virtual resource monitoring, and RAID-On-LUN.

20Features that are optimized for use with DDVE are stream counts, MTree counts,
the DD System Manager, IPv4, and IPv6.

21Features that are supported on DDVE include DD Boost, CIFS, NFS, Encryption,
and Replication.

PowerProtect DD Concepts and Features

Internal Use - Confidential

Page 14 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

BoostFS is a virtual file system running on a Linux or Windows client. It is

based on the DDBoost SDK and the open-source software FUSE (file system
in user space). BoostFS exports a storage-unit from a PowerProtect DD
system to create a mount point on the client system. BoostFS collects the
results of the file system operations that are conducted on the mount points by
the kernel on the client system. BoostFS then translates them into DD Boost
SDK APIs to communicate with the PowerProtect DD system. As a result, files
and directories that are created on the mount point are stored in the storage
unit on the PowerProtect DD system.

5. Dell EMC Cloud Tier

The Cloud Tier feature enables the movement of inactive data from the active
tier to a low-cost and a high-capacity object storage like a public, private, or
hybrid cloud. This mechanism is highly efficient for long-term data retention.
During the process of data movement, only the unique and deduplicated data
is sent from the PowerProtect DD system to the cloud. This process ensures
that the data being sent to the cloud occupies as little space as possible. Using
less space in the cloud results in a lower TCO over time for long-term storage.

6. DD Replicator

DD Replicator provides automated, policy-based, network efficient, and

encrypted replication for Disaster Recovery and multi-site backup and archive
consolidation. DD Replicator asynchronously replicates only compressed,
deduplicated data over a Wide Area Network (WAN) This eliminates up to 99%
of the bandwidth required compared to standard replication methods.

7. DD Boost

DD Boost is a private protocol that is more efficient than CIFS or NFS. DD

Boost has a private and efficient data transfer protocol with options to increase
efficiencies.

8. Encryption

Encryption software option encrypts all data on the system using an internally
generated encryption key. Optionally, an external key manager may be used.

9. DD Retention Lock

DD Retention Lock enables IT organizations to efficiently store and manage

PowerProtect DD Concepts and Features

different types of governance and compliance archive data on a single

PowerProtect DD system. Retention Lock helps to ensure that data integrity is
maintained. Any data that is locked cannot be overwritten, modified, or deleted
for a user-defined retention period of up to 70 years.

10. Secure Multi-Tenancy (SMT)

SMT for PowerProtect DD systems is a feature that enables secure isolation of

many users and workloads on a shared system. As a result, the activities of
one tenant are not visible or apparent to other tenants. This capability
improves cost efficiencies through a shared infrastructure while providing each
tenant with the same visibility, isolation, and control that they would have with
their own system.

11. Storage Migration

Storage migration supports the replacement of an existing storage enclosure

with new enclosure. The replacement of existing storage enclosures usually
offers higher performance, higher capacity, and a smaller data footprint.

12. PowerProtect DD VTL (DD VTL)

DD VTL software eliminates the challenges of physical tape. The DD VTL

software can emulate up to 60 or more virtual tape libraries with up to 1,080
virtual tape drives, and unlimited tape cartridges.

13. PowerProtect DD High Availability (DD HA)

If there is a system failure, the DD HA feature lets you configure two protection
systems as an Active-Standby pair, providing redundancy. DD HA keeps the
NVRAM of the active and standby systems synchronized. If the active node
were to fail due to hardware or software issues, the standby node can take
over services and continue where the failing node left off.

14. Management Features

PowerProtect DD systems can be managed using the Command Line

Interface, or through the DD System Manager (DDSM) user interface. The
PowerProtect DD Management Center (DDMC) can be used to manage
multiple PowerProtect DD systems.

PowerProtect DD Concepts and Features

Internal Use - Confidential

Page 16 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

Feature and Capacity Licensing

PowerProtect DD appliances can have extra features, and capacity added by

adding the appropriate license.

Electronic Licensing
Management
System

Features and Capacity

Contact your sales representative for specific information about which

feature and capacity licenses may be required for specific
implementations.

PowerProtect DD Concepts and Features

Architecture and Technology Overview

PowerProtect DD Concepts and Features

Page 18 © Copyright 2020 Dell Inc.

Architecture and Technology Overview

Data Paths and Supported Protocols

PowerProtect DD appliances support several protocols over both Ethernet and

Fibre Channel.

1: 2: Clients 2a: Client 3: Backup 4: Fibre 5:

Administrativ and Direct and Channel Replication
e Access Servers Archive
Servers

Data Center Data Recovery Site

Backup
Management
Administration
Server

Clients

Servers LAN

WAN

PowerProtect DD Concepts and Features

DDOS File System

The DDOS has a file system for system and administrative files and another for
storing backup data. System files are stored in the /ddvar directory, and backup
data is stored in an MTree in the /data/col1 folder.

/data
/ddvar

/col1
/core

/backup
/log

/HR
/support
/Sales

/releases
/Support

PowerProtect DD Concepts and Features

Page 20 © Copyright 2020 Dell Inc.

Architecture and Technology Overview

DDOS Deduplication

DDOS Deduplication Process

1: The DD operating system (DDOS) implements inline deduplication, where

variable-length segments are examined when they arrive in the system. This
deduplication method determines if the segments are new, or duplicates of
segments that are stored. Data deduplication occurs in RAM, before the data is
written to disk. Approximately 99% of data segments are analyzed in RAM without
disk access, which reduces disk seek time. Writes from RAM to disk are done in
full-stripe batches to increase the efficiency of disk usage.

2: The stream is divided into variable-length segments, and each is given a unique
ID or fingerprint.

3: If a segment is redundant, a reference to the stored segment is created.

4: If a segment is unique, it is compressed and stored.

PowerProtect DD Concepts and Features

Stream Informed Segment Layout (SISL)

Deduplication Using SISL

1: Segment: The data is split into variable-length segments.

2: Fingerprint: Each segment is given a fingerprint or hash for identification.

3: Filter: Summary vector and segment locality techniques in RAM (inline) are
used to identify 99% of the duplicate segments before storing to disk. If a segment
is a duplicate, it is referenced and discarded. If a segment is new, the data is
grouped and compressed.

4: Compress: New segments are grouped and compressed using common

algorithms: lz, gz, gzfast, or off (no compression). The gzfast algorithm is used by
default.

5: Write: Writes data (segments, fingerprints, metadata, and logs) to containers

stored on disk.

6: The DD Operating System (DDOS) uses SISL to implement inline deduplication.

SISL uses fingerprints and RAM to identify segments already on disk.

PowerProtect DD Concepts and Features

Page 22 © Copyright 2020 Dell Inc.

Architecture and Technology Overview

SISL scaling architecture provides faster, and more efficient deduplication by

minimizing excessive disk accesses to check if a segment is on disk:
• 99% of duplicate data segments are identified inline in RAM before the data is
stored to disk.
• Scales with PowerProtect DD appliances using newer and faster CPUs and
RAM.
• Increases the throughput-rate of newly added data.

PowerProtect DD Concepts and Features

Data Invulnerability Architecture (DIA)

DIA is an important DDOS technology that provides safe and reliable storage. It
protects data from loss due to hardware and software failures.

1. Inline Data 2. Fault 3. Continuous Fault

4. Recovery/Access
Verification Avoidance and Detection and Self-
and Verification
Containment Healing

Stores Stays Recheck Stays Recovers

Correctly Correctly Correctly Correctly

DDOS is built to ensure that you can reliably recover your data with confidence. Its
elements consist of an architectural design which provides data invulnerability.

PowerProtect DD Concepts and Features

Page 24 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

PowerProtect DD Concepts and Features

DD Boost

What is DD Boost?22 PowerProtect App Direct23 DD Boost for Backup

Applications24

Avam NetWork NetBack Backup vRang NetVa Veea VDP Data Greenpl RMA SAP SAP DB2 SQL
Exec Advance Protect HAN

App
Server

Backu Supported over

p
Server Supported over

Supported over

Dell EMC Avamar and NetWorker support DD Boost over LAN, SAN, and WAN. Other leading
backup and enterprise applications support DD Boost over LAN or SAN.

22 DD Boost is a private protocol that is more efficient than CIFS or NFS. DD Boost
distributes parts of the deduplication process out of the PowerProtect DD system
and into the backup or application server enabling client-side deduplication. DD
Boost can speed backups by up to 50% and enables more efficient resource
utilization, including reducing the impact on the server by 20% to 40%. DD Boost
also reduces the impact on the network by 80% to 99%.

23PowerProtect App Direct provides application owners control and visibility of their
own backups to PowerProtect DD systems using their native utilities.

24DD Boost for backup applications allows the application to control the replication
process with full catalog awareness of both the local and remote copies of the
backup.

PowerProtect DD Concepts and Features

Page 26 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

Replication

Destination
Source PowerProtect
PowerProtect DD
DD

Replication provides automated, policy-based, network efficient, and encrypted

replication for Disaster Recovery (DR) and multisite backup and archive
consolidation. The PowerProtect DD system asynchronously replicates only
compressed, deduplicated data over a Wide Area Network (WAN). DD Replication
eliminates up to 99 percent of the bandwidth required compared to standard
replication methods.

Replication Managed File Directory MTree Collection

Features Replication Replication Replication Replication

PowerProtect DD Concepts and Features

Cloud Tier

What is Cloud
Tier?

DD Retention
Lock Support

Encryption
with Cloud
Tier

Replication
Support

Supported
Cloud
Providers

PowerProtect DD Concepts and Features

Page 28 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

BoostFS

What is BoostFS?25

Application Support26

Boost FS Profiler27

25BoostFS is a virtual file system running on a Linux or Microsoft Windows client.

BoostFS is based on the DD Boost SDK and the open-source software FUSE (file
system in user space). BoostFS exports a storage-unit from a PowerProtect DD
system to create a mount point on the client system. BoostFS collects the results of
the file system operations that are conducted on the mount points by the kernel on
the client system and translates them into DD Boost SDK APIs to communicate
with the PowerProtect DD system. As a result, files and directories that are created
on the mount point are stored in the storage unit on the PowerProtect DD system.

26Third-party backup applications can avoid the cost and effort of integration with
the DD Boost APIs by directly accessing the mount points. This method allows the
customers to use the DD Boost feature without integrating their applications with
DD Boost APIs. The third-party applications that are supported in this release are:
CommVault, MySQL, and MongoDB.

27 BoostFS Profiler is a software tool that is designed to help users evaluate or

qualify backup applications for the BoostFS file system using comparative
performance analysis against NFS. It is an interactive terminal that guides users
through the evaluation process which includes, setting up the environment for the
test, performing the test, cataloging the test artifacts, and compiling the test results
for analysis.

PowerProtect DD Concepts and Features

Benefits of integrating backup applications with BoostFS28

28 The benefits of integrating the backup application with BoostFS are:

Improvement in backup performance up to 50%; Reduction in bandwidth
consumption up to 99%; Load on the server that is reduced up by 20% to 40%;
Provides access to DD Boost capabilities such as link aggregation with Dynamic
Interface Groups and backup application control of replication; Application owners
have control of backups that are created using BoostFS.

PowerProtect DD Concepts and Features

Page 30 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

PowerProtect DD High Availability

PowerProtect DD High Availability (DD HA) uses dual Dell EMC PowerProtect DD
nodes that are loosely coupled into a single highly available system. When there
are software or hardware failures on individual nodes, the overall system and its
services remain available to external applications. DD HA reduces (and sometimes
eliminates) down time in the event of a failure.

DD HA uses:
• Dual head units.
• A single set of shared storage.
• Both head units and nodes that are configured in an active/passive setup.

One of the nodes is active and running an instance of DD File System (DDFS)
handling all ingests, restores, replication, and cleaning. The second node is a
standby and in normal operation remains almost idle. If the active node
experiences a fault, such as a DDFS panic, failover occurs automatically, to the
standby node.

DD HA is a flagship feature that is aimed at environments which cannot tolerate

down time. DD HA is supported on the following PowerProtect DD systems:
DD6900, DD9400, and DD9900.

PowerProtect DD Concepts and Features

DD Retention Lock

DD Retention Lock enables organizations to efficiently store and manage different

types archive data on a single Dell EMC PowerProtect DD system. DD Retention
Lock helps to ensure that data integrity is maintained. Any data that is locked
cannot be overwritten, modified, or deleted for a user-defined retention period of up
to 70 years. DD Retention Lock enables secure file locking of archive data at an
individual file level. Locked files can intermix with unlocked files on the same
PowerProtect DD system. DD Retention Lock uses industry-standard protocols
such as Network File System (NFS) and Common Internet File System (CIFS) for

PowerProtect DD Concepts and Features

Page 32 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

time-based retention of files. As a result, it can be integrated seamlessly with

industry-leading archive applications providing customers with a secure archiving
function.

DD Retention Lock is supported on all PowerProtect DD systems. Retention Lock

is not supported on PowerProtect DD Virtual Edition systems.

DD Retention Lock Governance Edition DD Retention Lock Compliance Edition

PowerProtect DD Concepts and Features

Secure Multi-Tenancy (SMT)

The SMT feature for the DD Operating System allows enterprises and service
providers to deliver data protection-as-a-service.

Overview Terminology Architecture Benefits

PowerProtect DD Concepts and Features

Page 34 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

DD Virtual Tape Library (DD VTL)

DD VTL software eliminates the challenges of physical tape storage. DD VTL can
emulate up to 60 or more virtual tape libraries with up to 1080 virtual tape drives,
and unlimited tape cartridges.

Dell EMC has qualified DD VTL with leading open systems and IBM enterprise
backup applications. It integrates without disrupting existing Fibre Channel storage
area network (SAN) backup environments.

Any Dell EMC PowerProtect DD system running VTL protocol can also run other
backup operations simultaneously using NAS, NDMP, and DD Boost protocols.

Using PowerProtect Data Domain Replication software that you can vault virtual
tape cartridges over a wide area network (WAN). Replicate your data to a remote
site for disaster recovery, remote office backup and recovery, or multisite tape
consolidation.

Disk-based network storage provides a shorter RTO by eliminating the need for
handling, loading, and accessing tapes from a remote location.

DD VTL Tape Out to Cloud feature offers the ability to store offsite and retrieve
tapes for long-term retention (LTR) use cases.

PowerProtect DD Concepts and Features

Data Security

PowerProtect DD systems can keep data secure using data encryption, data
sanitization, and Cyber Recovery solution.

Encryption Data Cyber Recovery

Sanitizatio
n

PowerProtect DD Concepts and Features

Page 36 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

System Access Features

System access management features can allow PowerProtect DD system

administrators to define different access levels for users, and control the protocols
that are used to access the system.

DDOS can be configured for user access to the system for administrative tasks.
Access can be configured to use the FTP, FTPS, HTTP, HTTPS, SSH, SCP, and
Telnet protocols. Only SSH and HTTPS are active by default.

There are six different user access roles in DDOS. To learn more, click each user.

1 2 3 6
4 5

1: The Admin role is used to administer the entire PowerProtect DD system. The
Admin role is designed so you can create and destroy data that is stored on Dell
EMC PowerProtect DD systems. This design does not include any function to
recover data that was removed through the Admin role.

2: Users with the Security role can monitor the system, set up security officer
configurations, and manage other security officer operators.

3: The User role can monitor Dell EMC PowerProtect DD systems.

4: All administrative privileges except the ability to perform data delete operations
are included with the Limited-Admin role. This exception prevents a potentially
malicious administrator from deleting any data from Dell EMC PowerProtect DD
systems.

5: Users assigned the Backup Operator role can monitor Dell EMC PowerProtect
DD systems and create snapshots. Backup Operator role can import and export
tapes to a VTL library, and move tapes within a VTL library.

PowerProtect DD Concepts and Features

6: The None role is used to authenticate DD Boost operations, tenant-admins, and

tenant-users. A user with the None role can log in to a Dell EMC PowerProtect DD
system. The None role can change their own password, but cannot monitor or
configure the primary system.

PowerProtect DD Concepts and Features

Page 38 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

Dell Secure Remote Service

Overview ConnectEMC PowerProtect DD High

Availability

Click each link to view the description and image.

PowerProtect DD Concepts and Features

Storage Migration

Storage Migration is a licensed feature for use with a PowerProtect DD system.

When you replace existing storage enclosures with new enclosures, storage
migration moves the existing data to the new hardware. Migrating existing data to
newer model enclosures offers higher performance, and higher capacity, in a
smaller data footprint.

Storage Migration Details Storage Migration Process Overview

PowerProtect DD Concepts and Features

Page 40 © Copyright 2020 Dell Inc.

DD Operating System Features and Capabilities

Minimally Disruptive Upgrade (MDU)

PowerProtect DD Concepts and Features

What is an DDOS Versions30 MDU Functionality31

MDU29

29The minimally disruptive upgrade (MDU) feature lets you upgrade specific
software components or apply issue fixes without a system reboot. Only those
services that depend on the component being upgraded are disrupted, so the MDU
feature can prevent significant downtime during certain software upgrades. Not all
software components qualify for a minimally disruptive upgrade; such components
must be upgraded as part of a regular DDOS software upgrade. A DDOS software
upgrade uses a large Red-hat Package Manager (RPM) upgrade bundle, which
performs upgrade actions for all DDOS components. MDU uses smaller component
bundles, which upgrade specific software components individually.

30 Before DDOS 6.0, most upgrades of a PowerProtect DD system require

complete system reboots. Starting with DDOS 6.0, Dell EMC tries to minimize
complete system reboots, the solution for that is Minimally Disruptive Upgrade
(MDU). An MDU is similar to the Linux atomic upgrade, but is made of stand-alone
component RPMs like ddsh.rpm or vtl.rpm. These stand-alone components come
in smaller packages to facilitate faster delivery to the system.

31 When an administrator upgrades the system using a specific component (e.g.:

vtl.rpm), it triggers an MDU. The effect of the new component takes place as in an
atomic upgrade, but only the processes relating to the specific component restarts.
The overall PowerProtect DD system remains unaffected by the upgrade.

PowerProtect DD Concepts and Features

Page 42 © Copyright 2020 Dell Inc.

PowerProtect DD Management Overview

PowerProtect DD Concepts and Features

Command Line Interface (CLI)

The DD command-line interface (CLI) enables you to manage PowerProtect

systems.

Direct Access

The initial installation and configuration of the DDOS is done using direct access to
the hardware. Access the system through a serial connection or directly attaching a
keyboard and monitor to the system.

Initial Access to the System

More Support

PowerProtect DD Concepts and Features

Page 44 © Copyright 2020 Dell Inc.

PowerProtect DD Management Overview

Remote Access

After the initial configuration is done, you can use the SSH or Telnet (if enabled),
IPMI, or SOL utilities to access the system using remote CLI commands.

Remote Power Management

Serial Over LAN - SOL

PowerProtect DD Concepts and Features

DD System Manager (DDSM)

Movie:

The web version of this content contains a movie.

System administrators use sophisticated tools like DDSM to configure and manage
Data Domain systems.

What is DDSM?32

What does DDSM do?33

You can access the System Manager from many popular web browsers 34.

32The DD System Manager is a browser-based UI, available through Ethernet

connections, for managing one system from any location.

33DDSM provides a single, consolidated management interface that allows for

configuration and monitoring of many system features and system settings. It
provides simple configuration wizards which guide you through a simplified
configuration of your system to get your system operating quickly.

34 You can use web browsers such as Google Chrome™, and Mozilla Firefox™.

PowerProtect DD Concepts and Features

Page 46 © Copyright 2020 Dell Inc.

PowerProtect DD Management Overview

PowerProtect DD Management Center (DDMC)

Movie:

The web version of this content contains a movie.

DDMC is a scalable framework that

streamlines the management and monitoring
of PowerProtect DD systems. It integrates
complex workflows into a single interface
which eliminates the overhead of managing
devices across large data centers or remote
sites.

Avamar Server

DDMC Key Features DDMC and DDSM Comparison

PowerProtect DD Concepts and Features

Head Unit and Expansion Shelves

Hardware features common to most models include:

• Rack mountable in 4-post racks

• Hot-swappable disks with redundant hot-swappable fans and redundant hot-
swappable power modules
• Dual In-line Memory Module (DIMM) modules for Random Access Memory
(RAM)
• A battery backed NVRAM (nonvolatile RAM) card, Persistent RAM (PRAM), or
virtual NVRAM
• Ports that can be connected to a monitor, keyboard, and mouse
• Front panel Light Emitting Diodes (LEDs) that provide system status indicators

Most PowerProtect DD systems support the addition of one or more storage

expansion shelves to increase capacity.

PowerProtect DD Concepts and Features

Page 50 © Copyright 2020 Dell Inc.

Appendix

Connectivity
Connectivity features include USB ports for connecting a keyboard and mouse, a
VGA port for connecting a monitor, and serial and Ethernet connectivity. Many
systems include mini-SAS ports to connect expansion shelves to increase capacity
and Fibre Channel for SAN connections.

For repairs in the field, access to the command line interface to shut down, restart,
and run diagnostics is usually through the serial port.

All PowerProtect DD systems may be connected to Ethernet networks for TCP/IP-

based data transfer and system management. All models have a minimum of five
integrated ports. One Ethernet port is used for what is known as lights-out
management or iDRAC . Some models may be configured with additional ports by
adding optional Ethernet expansion cards. Interface cards are added to provide
additional network capacity.

Connecting to a Fibre Channel-based storage area network is supported by adding

a host bus adapter card. In these environments, the PowerProtect DD VTL
software license or DD Boost software license is also required.

Click the highlighted section to view more.

6
1 3 4 5 2

1: iDRAC management port -

2: Network daughter card Ethernet ports - provide network connectivity.

3: Serial port - Enables you to connect a serial device to the system.

4: VGA port - Enables you to connect a display device to the system.

5: USB ports - This ports are 9 pins and 3.0 complaint and enable you to connect
USB devices to the system.

6: Power Supply Unit - Supports up to two AC or DC power supply units (PSUs).

PowerProtect DD Concepts and Features

7: PCIe expansion card slots

PowerProtect DD Concepts and Features

Page 52 © Copyright 2020 Dell Inc.

Appendix

Redundancy
Components under high mechanical or electrical stress such as spinning drives,
fans, and power supplies are provided with N+1 redundant configuration. N+1
redundancy is a system configuration where certain components have at least one
backup component so that the system functionality continues if a part fails. This
configuration allows for uninterrupted operation at full capacity and operational
status if one component fails. For data, RAID 6 technology provides additional
protection of data integrity when up to two disks fail.

PowerProtect DD Concepts and Features

ELMS
Electronic Licensing Management System (ELMS) electronically represents feature
and capacity licenses.

ELMS on PowerProtect DD appliances, both physical and virtual, use one license
file per system. The license file contains entries for all purchased features and
capacities.

There are two categories of licenses: served and unserved. Served licenses are on
a license server, and the PowerProtect DD appliance has to check in with the
server to verify which features are licensed. Served licenses are supported only
with DDVE. Unserved licenses are the licenses that are applied directly to a
PowerProtect DD appliance.

PowerProtect DD Concepts and Features

Page 54 © Copyright 2020 Dell Inc.

Appendix

Features and Capacity

Most DD Operating System (DDOS) features do not require licensing, however,
some features do.

The following are some of the features that require additional licensing:

• DD Boost
• PowerProtect DD VTL
• Encryption
• DD Retention lock
• Dell EMC Cloud Tier

PowerProtect DD appliances can require licensing for specific capacities.

Depending on the license applied, the capacity can be used for either the active or
archive tier on the system.

The new PPDD "HIGH_DENSITY CAPACITY ACTIVE" requires a license for 8TB
drives DS60 / ES40.

PowerProtect DD Concepts and Features

Administrative Access
PowerProtect DD appliances can be administered remotely over Ethernet using
various protocols.

• SSH and Telnet can be used to run CLI commands for management and setup.
Telnet is disabled by default.
• HTTPS and HTTP can be used to access the Data Domain System Manager to
perform management and setup tasks. HTTP access is disabled by default.

PowerProtect DD Concepts and Features

Page 56 © Copyright 2020 Dell Inc.

Appendix

Clients and Servers

Clients to be backed up use the protocols that are supported by the backup
software. The protocols that are supported could be standard TCP/IP protocols,
such as CIFS and NFS, or proprietary protocols, such as DD Boost.

PowerProtect DD Concepts and Features

Client Direct
Some backup appliances and applications, such as Dell EMC NetWorker and
Avamar, have a client direct feature allowing direct access to the PowerProtect DD
appliance over Ethernet. Both NetWorker and Avamar use the DD Boost protocol
with their client direct feature.

PowerProtect DD Concepts and Features

Page 58 © Copyright 2020 Dell Inc.

Appendix

Backup and Archive Servers

Backup and archive media servers send data from clients to the PowerProtect DD
appliance on the network. A direct connection between a dedicated port on the
backup management server and a dedicated port on the PowerProtect DD
appliance may also be used.

Backup and archive media servers can use the following protocols to send data to
a PowerProtect DD appliance over Ethernet:

• CIFS
• NFS
• DD Boost
• NDMP

PowerProtect DD Concepts and Features

Fibre Channel
If a supported FC HBA is installed on the PowerProtect DD appliance, the system
can be connected to a vDisk (Virtual Disk Device) for Storage Direct solution or a
Fibre Channel system attached network and use the PowerProtect DD VTL and DD
Boost protocols for backup operations.

If the DD VTL option is licensed, the backup or archive server sees the
PowerProtect DD appliance as one or multiple DD VTLs.

If the DD Boost option is licensed, any supported backup, archive, or enterprise

application can perform backup and restore operations using the DD Boost protocol
over Fibre Channel. See the DD Boost Compatibility Guide and DD Boost
Administrator Guide (available on the Dell EMC support portal) for backup
applications that support DD Boost over Fibre Channel.

PowerProtect DD Concepts and Features

Page 60 © Copyright 2020 Dell Inc.

Appendix

Replication
The data is written to the backup file system on the PowerProtect DD appliance.
Physical separation of the replication traffic from backup traffic can be achieved by
using two separate Ethernet interfaces on the PowerProtect DD appliance. This
separation allows backups and replication to run simultaneously without network
conflicts.

Replication traffic between two PowerProtect DD appliances can be sent over

either a LAN or WAN connection.

PowerProtect DD Concepts and Features

ddvar
The /ddvar file system is a ext3 (Third Extended file system) which stores
administrative files, core and log files, generated support upload bundles,
compressed core files, and .rpm (Red Hat package manager) upgrade package
files.

The /ddvar file system keeps the administrative files that are separated from data
storage files.

The /ddvar file system:

• Stores core files, logfiles, support upload bundles, and upgrade packages.
• Cannot be renamed or deleted.
• Does not provide access to all subdirectories.

PowerProtect DD Concepts and Features

Page 62 © Copyright 2020 Dell Inc.

Appendix

MTree
The Managed Tree (MTree) file structure is the destination to store user data. It
provides a root directory for user data. You can configure your backup application
to a specific MTree and organize backup files. MTree provides more granular
space management and reporting. MTrees simplify management of several
features including replication, snapshots, quotas, and retention lock. These
operations can be performed on a specific MTree rather than on the entire file
system.

PowerProtect DD Concepts and Features

Replication Features

Replication

Destination
Source PowerProtect
PowerProtect DD
DD

When replicating over untrusted networks, Replication can encrypt sensitive data.
This encryption can be enabled on all or for only a selected portion of the replicated
dataset.

For fast time-to-DR readiness, Replication provides logical throughput performance

of up to 52 TB per hour over a 10-Gb network in replication deployments. Compare
replication to one PowerProtect DD system is mirroring its data to another.

You can also consolidate data from up to 270 remote sites by simultaneously
replicating data to a single, large PowerProtect DD system.

Replication offers flexibility by providing multiple replication topologies such as full-

system mirroring, bi-directional, many-to-one, one-to-many, and cascaded. Also,
you can replicate either all or a subset of data on the PowerProtect DD system. For
the highest level of security, Replication can encrypt data being replicated between
PowerProtect DD systems using the standard Secure Socket Layer (SSL) protocol.

To manage network utilization, you can set up a schedule to throttle Replication

WAN utilization at different times of the day.

You can set up a PowerProtect DD system for managed file, directory, MTree, or
collection replication. DDVE supports only managed file and MTree replication.

PowerProtect DD Concepts and Features

Page 64 © Copyright 2020 Dell Inc.

Appendix

Manage File Replication

DD Boost Managed File Replication (MFR) is a type of replication where backup
software manages and controls the process. With MFR, backup images are directly
transferred from one PowerProtect DD system to another, one at a time, at the
request of the backup software.

Dell EMC PowerProtect DD systems and DDVE support managed file replication.

PowerProtect DD Concepts and Features

Directory Replication
Directory replication transfers deduplicated data within a Data Domain file system
directory that is configured as a replication source. Data is copied to a directory
configured as a replication destination on a different PowerProtect DD system.

PowerProtect DD systems support directory replication. DDVE does not support

directory replication.

PowerProtect DD Concepts and Features

Page 66 © Copyright 2020 Dell Inc.

Appendix

MTree Replication
MTree replication is used to replicate MTrees between PowerProtect DD systems.
Periodic snapshots are created on the source. The differences between the
snapshots are transferred to the destination by using the same cross-site
deduplication mechanism used for directory replication.

PowerProtect DD systems and DDVE both support MTree replication.

PowerProtect DD Concepts and Features

Collection Replication
Collection replication performs whole-system mirroring in a one-to-one topology.
Collection replication continuously transfers changes in the underlying collection,
including all logical directories and files of the file system.

Collection replication does not have the flexibility of the other replication types.
Collection replication can provide higher throughput and support more objects with
less overhead, which may work better for high-scale enterprise cases.

PowerProtect DD systems support collection replication. DDVE does not support

collection replication.

PowerProtect DD Concepts and Features

Page 68 © Copyright 2020 Dell Inc.

Appendix

What is Cloud Tier?

The Cloud Tier feature of DDOS enables the movement of inactive data from an
active tier of a PowerProtect DD system to low-cost and high-capacity object
storage like a public, private, or hybrid cloud. This mechanism is highly efficient for
long-term data retention. During the process of data movement, only the unique
and deduplicated data is sent from the PowerProtect DD system to the cloud. This
process ensures that the data being sent to the cloud occupies as little space as
possible. This results in a lower TCO over time for long-term storage.

PowerProtect DD Concepts and Features

DD Retention Lock
The Cloud Tier feature supports the DD Retention Lock feature, and meets all the
regulatory and compliance policies.

PowerProtect DD Concepts and Features

Page 70 © Copyright 2020 Dell Inc.

Appendix

Encryption with Cloud Tier

Encryption can be enabled at three levels:

1. PowerProtect DD system level

2. Active tier level
3. Cloud tier level

Encryption at the active tier level is applicable only if encryption is enabled at the
system level. The system level encryption is a licensed feature.

The cloud units have separate controls for enabling encryption. The encryption of
Data at Rest is enabled by default in the cloud. If needed, users can disable
encryption.

Once the data is in the cloud tier, the encryption status cannot be changed. So the
decision to encrypt the data or not to encrypt must be made before sending any
data to the cloud.

The complete process of data transfer between a PowerProtect DD system and the
cloud is done over a secure HTTP connection.

PowerProtect DD Concepts and Features

Replication Support
Cloud tier can be enabled on both source and target PowerProtect DD systems. If
the source system is cloud tier-enabled and the data is migrated to the cloud, then
data must be read from the cloud for replication. A replicated file is always written
on the active tier on the destination system even if cloud tier is enabled.

Managed file replication and MTree replication can be implemented on cloud tier-
enabled systems with latest DDOS. Directory replication works only on the
/backup MTree, thus the cloud tier feature does not effect directory replication.
Collection replication is not supported on cloud tier-enabled PowerProtect DD
systems.

The Replication to Cloud feature supports DDVE instances set up in the cloud
replicate from one DDVE system to another.

Data that is backed up to a DDVE instance in one region can be replicated to

DDVE instances in the same or other regions.

PowerProtect DD Concepts and Features

Page 72 © Copyright 2020 Dell Inc.

Appendix

Supported Cloud Providers

The supported cloud storage providers include Dell EMC Elastic Cloud Storage
(ECS), Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform
(GCP). Check the PowerProtect DD System Administration Guide for additional
supported cloud storage providers.

PowerProtect DD Concepts and Features

DD Retention Lock Governance Edition

DD Retention Lock Governance Edition meets the strict requirements of regulatory
standards for electronic records. The regulations include SEC 17a-4(f), and other
standards that are practiced worldwide.The following are some of the administrative
features of Retention Lock Governance.

Click each icon for more information.

1 2

3 4

1: Apply retention policies at an individual file level of the dataset on the

governance enabled MTree for a specific period.

2: Delete an archive file using an archiving application after the retention period
expires.

PowerProtect DD Concepts and Features

Page 74 © Copyright 2020 Dell Inc.

Appendix

Locked files cannot be modified on the PowerProtect DD system even after the
retention period for the file expires. Archive data that is retained on the
PowerProtect DD system is not deleted automatically when the retention period
expires. An archiving application must delete the file.

3: Update the default values of minimum and maximum retention periods per
MTree. The default values of minimum and maximum retention periods are 12
hours and 5 years respectively.

With Retention Lock Governance edition, IT administrators can meet secure data
retention requirements. If corporate governance policies change, administrators
keep the ability to update the retention period. For example, an administrator could
revert the locked state of a file on a specified path name inside an MTree. They
could also delete an MTree enabled with Retention Lock Governance.

4: Extend the retention time of locked archive files.

PowerProtect DD Concepts and Features

DD Retention Lock Compliance Edition

The DD Retention Lock Compliance Edition meets the strict requirements of
regulatory standards for electronic records. The regulations include SEC 17a-4(f),
and other standards that are practiced worldwide.DD Retention Lock Compliance,
when enabled on an MTree, maintains file locks with an archiving application for a
time-based retention period. Retention Lock Compliance edition cannot be deleted
or overwritten under any circumstances until the retention period expires.The
following are some of the administrative features of Retention Lock Compliance.

Click each icon for more information.

2 3 4
1

1: The Retention Lock Compliance edition meets the strict requirements of

regulatory standards for electronic records. The regulations include SEC 17a-4(f),
and other standards that are practiced worldwide.

2: Retention Lock Compliance, when enabled on an MTree, ensures an archiving

application locks all files for a time-based retention period. These files cannot be
deleted or overwritten under any circumstances until the retention period expires.

3: Requiring dual sign-on for certain administrative actions. Before engaging

Retention Lock Compliance edition, the System Administrator must create a
Security Officer role. The DD System Administrator can create the first Security
Officer, but only the Security Officer can create other Security Officers on the
system.

Use dual sign-on to extend the retention periods for an MTree, rename the MTree.

PowerProtect DD Concepts and Features

Page 76 © Copyright 2020 Dell Inc.

Appendix

You can also use dual sign-on to delete the Retention Lock Compliance license
from the PowerProtect DD system. Use dual sign-on to secure the system clock
from illegal updates.

4: DD Retention Lock Compliance implements an internal security clock to prevent

malicious tampering with the system clock. The security officer closely monitors
and records the system clock. Only the security officer may resume a DD File
System (DDFS) that is disabled by a skew in both clocks.

PowerProtect DD Concepts and Features

Overview

SMT for the DDOS is a software feature that enables secure isolation of many
users and workloads on a shared system. As a result, the activities of one tenant
are not visible or apparent to other tenants. This capability improves cost
efficiencies through a shared infrastructure. SMT provides each tenant with the
same visibility, isolation, and control that they would have with their own stand-
alone Dell EMC PowerProtect DD system.

A tenant may be one or more business units, or departments hosted onsite for an
enterprise or large enterprise. For example, Finance and Human Resources
sharing PowerProtect DD system. Each department would be unaware of the
presence of the other.

A tenant may be one or more remotely hosted applications. A service provider

might host the applications on behalf of a client.

PowerProtect DD Concepts and Features

Page 78 © Copyright 2020 Dell Inc.

Appendix

SMT features:

• Enables enterprises to deploy DDVE systems in a private cloud

• Enables service providers to deploy DDVE systems in a hybrid or public cloud
• Allows different cloud models for protection storage which include: Local backup
(Backup as a Service (BaaS) for hosted applications), replicated backup
(Disaster Recovery as a Service (DRaaS)) and, remote backup (BaaS over
WAN)

PowerProtect DD Concepts and Features

Terminology

SMT components, also known as management objects, provide security and

isolation within a shared infrastructure. Administrators initially create the SMT
components during the basic provisioning sequence. Administrators can also
create SMT components manually as needed.

In SMT terms, the landlord is the storage admin or the DD Administrator. The
landlord is responsible for managing the PowerProtect DD system. The landlord
sets up the file systems, storage, networking, replication, and protocols. They are
also responsible for monitoring overall system health and replace any failed
hardware as necessary.

A tenant is responsible for scheduling and running the backup application for the
tenant customer. A tenant also manages their own tenant-units including
configuring backup protocols and monitoring resources and stats within their
tenant-unit.

Tenant-units are logical containers for MTrees. They also contain important
information, such as users, notification groups, and other configuration elements.
Other tenants cannon view or detect tenant-units not belonging to them. This type
of privacy ensures security and isolation of the control path, when running multiple
tenants simultaneously on the shared infrastructure.

PowerProtect DD Concepts and Features

Page 80 © Copyright 2020 Dell Inc.

Appendix

Architecture

This example shows two companies Red and Blue share the same PowerProtect
DD system. Tenant units and individual data paths are logically and securely
isolated from each other and are managed independently. Tenant users can
backup using their application servers to Data Domain storage in secure isolation
from other tenants on the PowerProtect DD system.

Tenant administrators can perform self-service fast copy operations within their
tenant units for data restores as needed. Tenant administrators can monitor data
capacity and associated alerts for capacity and stream use.

The landlord responsible for the system monitors and manages all tenants in the
system, and has visibility across the entire system. They set capacity and stream
quotas on the system for the different tenant units, and report on tenant unit data.

PowerProtect DD Concepts and Features

Benefits

Logical data isolation allows providers to spread the capital expenditure and
operational expenditure of a protection storage infrastructure across multiple
tenants. Data isolation is achieved by using separate DD Boost users for different
MTrees or by using the access mechanisms of NFS, CIFS, and DD VTL.

A tenant-unit is a logical partition of a Power Protect DD system that serves as a

unit of administrative isolation between tenants. Multiple roles with different
privilege levels combine to provide the Administrative isolation on a multitenant
Power Protect DD system. The Tenant Admin and Tenant User can be restricted
only to certain tenant-units on a PowerProtect DD system. Tenant Admins and
Tenant Users can run a subset of the commands that a DD Administrator is
allowed. Both of these roles enable tenant self-service.

The DD Boost protocol allows creation of multiple DD Boost users on a Power

Protect DD system. Each tenant has one or more DD Boost user credentials.
These credentials provide access to one or more MTrees in a tenant-unit that is
defined for a particular tenant. These credentials allow secure access to different

PowerProtect DD Concepts and Features

Page 82 © Copyright 2020 Dell Inc.

Appendix

tenant data-sets using their separate DD Boost credentials by restricting access

and visibility.

Metering and Reporting enable a provider to ensure that they are running a
sustainable business model. Reporting is important in a multitenant environment so
the provider can track usage on the shared PowerProtect DD system.

Similarly, for other protocols such as CIFS, NFS, and DD VTL, the native protocol
level access control mechanisms can be used to provide isolation.

PowerProtect DD Concepts and Features

Encryption

The Encryption software option encrypts all data on the system using an internally
generated encryption key. This encryption key is static, and the user cannot change
it.

For environments requiring encryption keys to be changed on a periodic basis to

meet compliance regulation, you can manage the life cycle of the encryption key for
each PowerProtect DD system individually with encryption key rotation. If an
external encryption key manager is needed, then the PowerProtect DD system can
be integrated with Gemalto for an enterprise-wide external encryption
management.

In addition to the preceding features, it also provides inline encryption, which

means as the data is being ingested, the data stream is deduplicated, compressed,
and encrypted using an encryption key before being written to the RAID group.

PowerProtect DD Concepts and Features

Page 84 © Copyright 2020 Dell Inc.

Appendix

PowerProtect DD system offers two types of encryption:

• Encryption of data at rest35

• Encryption of data in-flight36

35 Encryption of data at rest protects user data if the PowerProtect DD system is

lost or stolen. It also eliminates accidental exposure if a failed drive needs
replacements. When the file system is intentionally locked, an intruder who
circumvents the network security controls and gains access to the PowerProtect
DD system will be unable to read the file system without the proper administrative
control, passphrase, and cryptographic key.

36Encryption of data in-flight encrypts data being transferred using DD Boost or DD

Replicator software. It uses OpenSSL AES 256-bit encryption to encapsulate the
data over the wire. The encryption encapsulation layer is immediately removed
when it lands on the destination PowerProtect DD system. Data within the payload
can also be encrypted with DD Encryption software.

PowerProtect DD Concepts and Features

Data Sanitization

Data sanitization, also referred as electronic shredding, is

performed when classified or sensitive data is written to any
system that is not approved to store such data. System
sanitization was designed to remove all traces of deleted files
without any residual remains and to restore the system to its
state prior to the file's existence. Normal file deletion provides
residual data that allows recovery.

The system sanitization command exists to enable the

administrator to delete files at the logical level, whether a
backup set or individual files. The primary use of the system
sanitization command is to resolve Classified Message
Incidents (CMIs) that occur when classified data is copied inadvertently onto a non-
secure system. System sanitization is typically required in government installations.

The system sanitize command erases content in the locations as mentioned:

• Segments of deleted files not used by other files

• Contaminated metadata
• All unused storage space in the file system
• All segments used by deleted files that cannot be globally erased, because
some segments might be used by other files

PowerProtect DD Concepts and Features

Page 86 © Copyright 2020 Dell Inc.

Appendix

Cyber Recovery solution with PowerProtect DD

Cyber Recovery solution with PowerProtect DD minimize the impact of a cyber-
attack and provides a higher likelihood of success in the recovery of business-
critical systems.

The Cyber Recovery software runs in a secure, air-gapped 'vault' environment. The
Cyber Recovery Vault (CR Vault) is physically isolated from an unsecure system or
network. It provides management tools and technology to automate the creation of
restore points that are used for recovery or security analytics. The software is built
on a secure microservices architecture.

A primary storage system replicates its data over an air-gapped link to the Cyber
Recovery environment. The data that is in the CR Vault can be analyzed and
checked for signs of tampering. If the copied data is deemed to be good, it is saved
as an independent full backup copy that can be restored if needed. If this data must
be restored, data can be sent out of the Cyber Recovery environment and back to
the production environment.

With the Cyber Recovery software, you can create, run, and monitor policies that
protect your data.

Cyber Recovery reference architecture base

PowerProtect DD Concepts and Features

Overview
Customer Environment Dell EMC Backend Environment

Web ServiceLink Application

Servers Servers

Custome Firewall Firewall

r Firewall

Support Analyst
Public
Internet
(https)

Dell EMC Secure Remote Services, is a two-way remote connection between Dell
Customer Service and Dell products. This connection enables remote monitoring,
diagnosis, and repair. Secure Remote Services assures availability and
optimization of the Dell EMC infrastructure, and is a key component of Dell EMC
industry-leading Customer Service. The connection is secure, high speed, and
operates 24x7.

Secure Remote Services is the remote service solution application that is installed
on one or more customer-supplied dedicated servers. For devices associated with
a particular service, Secure Remote Services is the single point of entry and exit for
all IP-based remote service activities.

Secure Remote Services functions as a communication broker between the

managed devices, the Policy Manager, and the Dell enterprise. Secure Remote
Services sets permissions for devices using the Policy Manager. Secure Remote
Services is an HTTPS handler. All messages are encoded using standard XML and
Simple Object Access Protocol (SOAP) application protocols. Secure Remote
Services message types include:

• Device state heartbeat polling

• Connect homes
• Remote access session initiation

PowerProtect DD Concepts and Features

Page 88 © Copyright 2020 Dell Inc.

Appendix

• User authentication requests.

• Device management synchronization

PowerProtect DD Concepts and Features

ConnectEMC

ConnectEMC is a standardized method that Dell EMC products use to transport

system event files (ASUPs, Alerts) securely to Dell EMC support.

The ConnectEMC method sends messages in a secure format using FTP or

HTTPS. ConnectEMC through a Secure Remote Services gateway, benefits by a
single gateway to forward messages from multiple systems. It allows you to
configure network security for only the Secure Remote Services gateway instead of
for multiple systems.

In general, the system sends Autosupport alerts and alert-summaries to Dell EMC
Support. An e-License is required if the system is a physical Dell EMC
PowerProtect DD system or DDVE.

Configure network security only for Secure Remote Services gateway instead of
multiple systems.

PowerProtect DD Concepts and Features

Page 90 © Copyright 2020 Dell Inc.

Appendix

PowerProtect DD High Availability (DD HA)

The Secure Remote Services GUI supports DD HA. The configuration is similar to
the non-HA systems with the addition of the HA Peer IP which is a required field.

DD HA uses a floating IP address to provide data access to the DD HA pair

regardless of which physical node is the active node.

PowerProtect DD Concepts and Features

Storage Migration Details

Storage Migration requires numerous system resources and can slow certain
processes. Throttle settings control the migration process to limit or increase
system processing power. You can manually suspend a migration to make the
resources available for other processes and later resume the migration when
resource demand is lower.

When migrating storage to new storage, system processes such as data access,
expansion, cleaning, and replication are unaffected.

PowerProtect DD Concepts and Features

Page 92 © Copyright 2020 Dell Inc.

Appendix

Storage Migration process Overview

The migration process on a PowerProtect DD system occurs at the shelf level and
not at the logical data level. As a result of shelf level migration, all disks present on
the source shelf are accessed and copied over regardless of whether it contains
any data. This process cannot be used to shrink logical data.

PowerProtect DD Concepts and Features

Initial Access to the System

To initially access the PowerProtect DD system, use the default administrator
username and password. The default administrator name is sysadmin. The initial
password for the sysadmin user on a physical PowerProtect DD system is the
system serial number. The initial password for the sysadmin user on a DDVE
instance is changeme.

PowerProtect DD Concepts and Features

Page 94 © Copyright 2020 Dell Inc.

Appendix

More Support
The DDOS Command Reference Guide provides information for using the
commands to accomplish specific administration tasks. Each command also has an
online help page that gives the complete command syntax. Help pages are
available at the CLI using the help command.

PowerProtect DD Concepts and Features

Remote Power Management

PowerProtect DD systems support remote power management using the Dell
Remote Access Controller (iDRAC). iDRAC enables remote monitoring of the boot
sequence using Serial over LAN (SOL).

Some of the capabilities of remote power management that are supported through
iDRAC are:

• Powering on the PowerProtect DD system after power outage

• Power cycle after a DDOS crash
• Powering off to save power on the systems that are not in use at the time
• Obtaining the power status

PowerProtect DD Concepts and Features

Page 96 © Copyright 2020 Dell Inc.

Appendix

Serial Over LAN - (SOL)

The console activities that are supported through SOL are:

• Running diagnostics
• Installing, upgrading, or reconfiguring the DDOS
• Accessing the BIOS
• Viewing valuable POST and boot messages

PowerProtect DD Concepts and Features

DDMC Key Features

Some of the key features of the DDMC include:

• Health and Status Resource Monitoring

• Capacity and Replication Management
• Aggregated System Management
• Simultaneously manages up to 150 PowerProtect DD systems across Data
centers or remote sites - per instance
• Ability to manage PowerProtect DD systems with High Availability, Cloud Tier,
and DDVE instances
• Provides Administrative roles with limited responsibilities
• Group and Property-based Administration
• Perform upgrade on groups of PowerProtect DD systems simultaneously

PowerProtect DD Concepts and Features

Page 98 © Copyright 2020 Dell Inc.

Appendix

DDMC and DDSM Comparison

The DDMC is designed for customers with multiple PowerProtect DD systems who
are seeking to aggregate management and reporting from a single interface.

In contrast, the DDSM is primarily a single system management tool. DDSM does
not aggregate storage or performance data from multiple systems, as provided by
DDMC.

PowerProtect DD Concepts and Features

RAID
Redundant Array of Independent Disks

PowerProtect DD Concepts and Features

PARTICIPANT GUIDE

PARTICIPANT GUIDE
PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page i

Table of Contents

Preparing to Install ......................................................................................................2

Systems Overview ................................................................................................................. 3
Basic Topology ...................................................................................................................... 5
Installation Checklist .............................................................................................................. 6
Cables and Tools ................................................................................................................... 7
Site Requirements ................................................................................................................. 9
Safety Precautions .............................................................................................................. 11
Documentation Resources .................................................................................................. 12

Installing Hardware ...................................................................................................13

Preconfigured System Options ............................................................................................ 14
AC Power Distribution ......................................................................................................... 16
Unpacking and Verifying Contents ...................................................................................... 19
Types of Mounts .................................................................................................................. 21
Rack Mounting Controllers .................................................................................................. 22
Expansion Shelves .............................................................................................................. 23
Expansion Shelf Cables ...................................................................................................... 25
Shelf Cabling ....................................................................................................................... 29
Drive Slot Allocations ........................................................................................................... 33

Initial Configuration ..................................................................................................36

System Setup Information ................................................................................................... 37
Pre-Engagement Questionnaire (PEQ) ............................................................................... 39
Locate PowerProtect DD Serial Number ............................................................................. 40
Emulator Settings ................................................................................................................ 41
Initial Configuration Wizard .................................................................................................. 42
System Configuration Wizard .............................................................................................. 43
Licensing Shelf Capacity ..................................................................................................... 44
Activating Expansion Shelf .................................................................................................. 45
Initiating the File System ..................................................................................................... 46
Verifying the Expansion Shelves ......................................................................................... 47

PowerProtect DD Hardware Installation-Participant Guide

Page ii © Copyright 2021 Dell Inc.

Other Configuration ..................................................................................................49
Remote Management Through IPMI, SOL, and iDRAC ...................................................... 50
Remote Management Hardware Setup ............................................................................... 52
Use Ethernet Port Access for IPMI and SOL ....................................................................... 53
DD System Manager IPMI Configuration ............................................................................ 54
Configure iDRAC ................................................................................................................. 55
DDOS Configuration ............................................................................................................ 62
Autosupport and Alerts ........................................................................................................ 63

Hardware Verification ...............................................................................................64

Hardware Verification .......................................................................................................... 65
Verify Hardware ................................................................................................................... 66
Disk Verification ................................................................................................................... 67
Enclosures: Hardware Storage ............................................................................................ 69
Disks: Disks State ................................................................................................................ 70
Reconstruction: Hardware Storage ..................................................................................... 71

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page iii

Preparing to Install

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 1

Preparing to Install

PowerProtect DD Hardware Installation-Participant Guide

Page 2 © Copyright 2021 Dell Inc.

Preparing to Install

Systems Overview

5
2 3 4

1: PowerProtect DD Virtual Edition (DDVE) is a customer-deployable virtual

deduplication appliance that provides data protection for entry, enterprise, and
service provider environments.

DDVE is agile, it is designed for use with VMware, it is exceptionally quick to set up
and run. You can start with a small capacity configuration and scale as large as 16
TB.

It is flexible as it offers a flexible deployment environment that includes

2: The DD3300 is a small and robust protection storage platform, ideal for both
SMBs, and branch or departmental data protection for larger enterprises. The
DD3300 with DD Cloud Tier can back up a logical capacity up to 4.8 PB in the
cloud with extensive API support.

3: The DD6900 offers 1.3 times greater system scale than its predecessors and
can backup up to 288 TB usable capacity. That usable capacity is expanded to up
to 864 TB with DD Cloud Tier.

4: The DD9400 has a throughput up to 57 TB per hour and delivers scalability 2.5
times greater than previous generations. It can backup up to 768 TB of usable
capacity, with up to 2.3 PB usable with DD Cloud Tier.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 3

Preparing to Install

5: The DD9900 has a throughput of up to 94 TB per hour. It can backup up to 1.25

PB of usable capacity and up to 3.25 PB usable when using DD Cloud Tier.

See the PowerProtect DD Hardware Overview and Installation Guide

for detailed descriptions for each model.

PowerProtect DD Hardware Installation-Participant Guide

Page 4 © Copyright 2021 Dell Inc.

Preparing to Install

Basic Topology

Topology
Expansion Shelf

Racked Units

Fibre Channel
SAS

PowerProtect DD
Controller

Serial

Expansion Shelf Ethernet Media Server

Management

Third-Party Switches

LAN Clients Backup and Archive Servers

The PowerProtect DD appliance, including the controller and any additional

expansion shelves, is connected to storage applications using Ethernet or Fibre
Channel. Fibre Channel is used for PowerProtect DD VTL, and DD Boost over
Fibre Channel. Fibre Channel can also be used for vDisk and ProtectPoint Block
Services, and anything that has a target LUN (logical unit number) on a
PowerProtect DD appliance. Ethernet is used for CIFS, NFS, and DD Boost
applications.

In the exploded view, the PowerProtect DD controller is at the center of the

topology that is implemented through other connectivity and system configuration,
including:
• Expansion shelves for extra storage, depending on the model and site
requirements
• Fibre Channel for DD VTL and DD Boost
• LAN environments for connectivity for Ethernet based data storage, for basic
data interactions, and for Ethernet-based system management

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 5

Preparing to Install

Installation Checklist

Before installing a PowerProtect DD appliance, collect all

necessary tools and documentation for the specific model you
are installing. Then, unpack and verify the contents of the
shipped components to ensure the system that you received
matches what was ordered.

With preconfigured systems, the job of rack-mounting the

hardware has already been taken care of. If the system is not preconfigured, you
must rack mount the hardware units and connect any expansion shelves to the
controller.

When the PowerProtect DD appliance is racked and expansion shelves are

attached, connect it to the network using Ethernet or Fibre Channel. Also, attach a
terminal to the system and power on the system to perform the initial setup and
verify the status of the hardware.

PowerProtect DD Hardware Installation-Participant Guide

Page 6 © Copyright 2021 Dell Inc.

Preparing to Install

Cables and Tools

VGA Cable

There are various tools, supplies, and cables that you must use to install the
PowerProtect DD hardware.

For initial network connectivity, an Ethernet cable is required. Use a null modem
cable or USB-to-DB9 serial male connector for initial connection.

Log in to the system and run DDOS CLI commands with your laptop. The
recommended terminal emulation program is SecureCRT®, configured with a
5,000 line or larger buffer. Any version of SecureCRT works. If SecureCRT is not
available, use PuTTY version 0.58 or later. A 2 GB or greater USB flash memory
drive is also recommended.

Other tools that might be needed include:

• Wrist strap
• Screwdrivers
• Flashlight
• Wire cutters
• Pliers

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 7

Preparing to Install

• Tie wraps
• Cable wraps

PowerProtect DD Hardware Installation-Participant Guide

Page 8 © Copyright 2021 Dell Inc.

Preparing to Install

Site Requirements

• The width dimension

of the rack should be
a standard 48.25 cm
(19 inches).
• The depth dimension
can range from 59.7
cm (23.5 inches) to
110.5 cm (43.5
inches).
• The height dimension depends on the number of PowerProtect DD enclosures.
For example, a PowerProtect DD controller with three expansion shelves would
use an 11U space, where 1U is 4.5 cm (1.75 inches). With this example, a 15U
rack would meet the requirements.

For specific model information, see the PowerProtect DD Install Guide,

PowerProtect DD Systems Rail Installation and System Mounting Procedures, or
Expansion Shelf Hardware Guide found on the Dell EMC support site.

Large Capacity System Considerations

Most PowerProtect DD systems support the hot addition of expansion shelves.
Some models support up to 24 shelves. These large capacity systems require
additional planning and resources for installation.

Here are some general requirements for a large capacity installation:

1. Rack

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 9

Preparing to Install

The physical rack height requirement is often 40U or greater. 2U or 3U is

needed for the controller, depending on the model, and 3U is needed for each
expansion shelf.

If necessary, installation may be split across more than one rack, but requires
advance site-specific planning to determine appropriate SAS or interconnect
cable lengths. Whenever possible, grouping shelves in logical sets within
contiguous rack spaces simplify the shelf-to-shelf SAS cabling.

The logical shelf spacing is divided into three or more shelf sets, labeled 1, 2,
and 3, and so forth.

The shelf order should alternate between shelf sets.

2. Cables

The three recommended cable lengths for connection among expansion

shelves and the controller are 0.5, 1.0. and 2.0 meter cables. Use 1 or 2 meter
head-to-shelf cables and 0.5 meter shelf-to-shelf cables.

3. Space

Plan ahead by leaving space in the rack for additional shelves based on the
maximum amount of expected storage. Leaving space enables simple,
predictable upgrades, if the site expects further expansion of storage capacity
in the future,

PowerProtect DD Hardware Installation-Participant Guide

Page 10 © Copyright 2021 Dell Inc.

Preparing to Install

Safety Precautions

General safety precautions must be taken for any installation.

Safety precautions include:
• Electrical safety procedures that reduce the risk of
electrical shock.
• Lifting and handling safety procedures that reduce risk of
injury. For most installations, a minimum of two people is
required to mount the units.
• PowerProtect DD electrostatic safety procedures that help
avoid damage to components due to electrostatic
discharge.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 11

Preparing to Install

Documentation Resources

PowerProtect DD documentation is your

most important resource. Each model
(controllers and expansion shelves) has
specific documentation for installing and
configuring the system.

Before installing a particular model in the

field, review the following documentation:
• PowerProtect DD Install Guide
• PowerProtect DD Systems Rail
Installation and System Mounting
Procedures
• Expansion Shelf Hardware Guide

All documentation for PowerProtect DD appliances is on the Dell EMC support site.

PowerProtect DD Hardware Installation-Participant Guide

Page 12 © Copyright 2021 Dell Inc.

Installing Hardware

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 13

Installing Hardware

Preconfigured System Options

PowerProtect DD appliances, including controller and expansion shelves, are

shipped to the customer site in one of two possible ways:
• The appliance is preinstalled and cabled in Dell EMC 40 Rack Unit racks.
o Typically AC power cables are already plugged into the power distribution
unit (PDU). SAS cables are preconnected within each rack.
o At the site, installers install the rack-to-rack cabling and perform some
adjustment to cabling within racks two to five as necessary.
• Units are shipped in separate boxes for installation into Dell EMC or third-party
racks.

PowerProtect preconfigured racks are available for most currently shipping models.
Depending on the model, the preconfigured rack can contain ES40, or DS60, and
FS25 shelves. See the Dell EMC PowerProtect DD Hardware Features and
Specifications Guide for detailed information, including performance, capacity, and
physical specifications about preconfigured systems.

Pre-Configured Rack Details

Rack one is the main rack with the controller and is

installed in U 13 through 16. Shelves are loaded
from bottom of the rack first with expansion shelves
that are cabled in groups of four. For shelf counts
not in increments of four, the last group will contain
fewer than four shelves.

Racks two through five contain expansion shelves

only. Shelves are loaded from the bottom of the rack
first with shelves that are connected in groups of
four. For shelf counts not in increments of four, the
last contain fewer than four shelves. There is always
a gap in U 13 through 16 for manufacturing
economy of scale. Racks two through five are
connected to rack one at the customer site.

See the Dell EMC PowerProtect DD Rail Kit documentation for further rail kit
information. For specific model information, see the System Mounting Procedures

PowerProtect DD Hardware Installation-Participant Guide

Page 14 © Copyright 2021 Dell Inc.

Installing Hardware

Guide and the Dell EMC PowerProtect DD System Install Guide available on the
Dell EMC support page.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 15

Installing Hardware

AC Power Distribution

PowerProtect DD Hardware Installation-Participant Guide

Page 16 © Copyright 2021 Dell Inc.

Installing Hardware

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 17

Installing Hardware

Ensure the racked systems and not overload the power distribution system as the
breakers would trip. Doing so would shut down all the systems that are connected
to the power distribution system.

Preconfigured racks are shipped with one set of Power Distribution Panels (PDPs)
supporting four Power Distribution Units (PDUs). The second PDP set must be
used when power exceeds the power capacity of a single PDP. Also, an additional
Power Cord kit must be ordered and connected to building AC circuits. Using the
second set of PDPs doubles the power available to the rack.

To determine the amount of power that a rack requires, check the Dell EMC power
calculator.

PowerProtect DD Hardware Installation-Participant Guide

Page 18 © Copyright 2021 Dell Inc.

Installing Hardware

Unpacking and Verifying Contents

When you open the box containing the PowerProtect DD appliance you will see a
screwdriver, product documentation, power cables, and a null modem cable.

You should also see an accessory kit box, and the controller or expansion shelf.

Once onsite, verify the received equipment against the order. Ask the customer for
the purchase order, if it is not in the shipping box.

Accessory Kit Box

An accessory kit box includes several items that are required to install the
PowerProtect DD hardware:
• Various cables
• Rail adapters
• Keys
• Bezel
• Bezel clips
• Velcro strips

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 19

Installing Hardware

An additional, extended length screwdriver may also be included for some specific
screw locations. A console null modem serial cable is included for serial console
connection.

Verify Correct Shipment

Open and compare the components in the box with the P.O.

Check that the following are correct:

• System model
• Cards (HBA, NICs)
• System Cables
• Power Cables
• Licenses

In a shipment with multiple appliances, each appliance may have different licenses.
Install the correctly licensed appliance for its function. If for any reason the
equipment is not correct, immediately contact Dell EMC Support.

PowerProtect DD Hardware Installation-Participant Guide

Page 20 © Copyright 2021 Dell Inc.

Installing Hardware

Types of Mounts

There are
three types of
possible
racks; a
round, a
square, or a
tapped hole
rack. The
screws that
you use to fasten the outer rails to the rack will depend on which type of rack is
used.

Each screw type is clearly labeled with the equipment kit. Use the labeled screws
provided with the appropriate rack. Use the correct mount based on the unit size,
provided rail types (sliding or nonsliding), and chassis release mechanisms.

Square Hole Racks and Cage Nuts

Cage
nuts
are
only
require
d when
fasteni
ng a rail to a square holed rack. Cage nuts are not required when using a round or
tapped hole rack. Use a cage nut tool to attach the cage nut to the rack post.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 21

Installing Hardware

Rack Mounting Controllers

There are several basic

steps common to all units
when rack mounting
PowerProtect DD
controllers. Prepare the
rack holes working with
the correct screws or
applying adapters for the
correct type of hole.

Next, install the slide rails

or the outer rails to the rack itself. Then attach rails to each side of the controller.
Once all rails are in place, mount the chassis, secure it to the rack, and finally
attach the front bezel.

To help with the rack mounting process, some systems have red D-shaped pull
handles1.

1
D-shaped pull handles are low profile, flip-down handles used for sliding the
system in and out of the rack. The handles retract against the face of the fan tray.

PowerProtect DD Hardware Installation-Participant Guide

Page 22 © Copyright 2021 Dell Inc.

Installing Hardware

Expansion Shelves

PowerProtect DD appliances can use ES40, and DS60 expansion shelves to add
capacity.

The ES40 can accommodate 15 four or eight TB drives, and supports the DD6900,
DD9400, and DD9900.

DS60 (Dense Storage) shelf supports 3 TB and 4 TB SAS drives in 15 drive

increments, up to 60 drives per shelf. DS60 is available for the DD6900, DD9400,
and DD9900.

The FS25 is a solid-state expansion shelf. The FS25 is used exclusively for the
metadata cache in the active or extended retention tiers of a PowerProtect DD
appliance. The FS25 contains either 10, or 15 four TB SSD drives and is used only
for metadata. On the DD6900 and DD9400, the FS25 is only supported with a high
availability configuration.

Description ES40 DS60 FS25

Number of Drives 15 15, 30, 45, or 602 10 or 15

Drive Size 4 TB, or 8 TB 3 TB, or 4 TB SAS 4 TB SSD

Drives Drives

2
The DS60 ships with 60 drives installed. Depending on the capacity license
applied to the PowerProtect DD system either 15, 30, 45, or 60 drives will be
accessible.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 23

Installing Hardware

Spare Drives 1 hot spare 1, 2, 3, or 4 hot 1

drive spare drives
2 parity drives 2, 4, 6, or 8 parity
drives

Compatible Systems DD6900 DD6900 DD6900 (HA

DD9400 DD9400 only)
DD9900 DD9900 DD9400 (HA
only)
DD9900

PowerProtect DD Hardware Installation-Participant Guide

Page 24 © Copyright 2021 Dell Inc.

Installing Hardware

Expansion Shelf Cables

ES40 Cables DS60 Cables FS25 Cables

ES40 Cables

Expansion shelves are connected to each other and to the controller with SAS
(serial-attached SCSI) cables.

There are two different types of ES40 cables:

• An ES40 has the same type of connector at both ends and is used to connect
ES40s to each other. The same cable is also used to connect ES40s to
controllers with SAS HBAs.
• The other type of cable has a different connector on one end and is used to
connect ES40s to controllers that have SAS I/O modules.

The connector on the ES40 is called mini-SAS. The I/O module connector is called
HD-mini-SAS. The cables with HD-mini-SAS at one end are available in 2M, 3M,
and 5M lengths. The cables with mini-SAS connectors at both ends are available in
1M, 2M, 3M, and 5M lengths.

The mini-SAS connectors are keyed and labeled with an identifying symbol: a dot
for the host port and a diamond for the expansion port.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 25

Installing Hardware

1: ES40 Cables

2: Connect to Expansion Port (Out) on ES40.

3: Connect to Host Port (In) on ES40.

DS60 Cables

The DS60 shelves use cables with HD-mini-SAS connectors at both ends to
connect the shelves to the controllers.

The DS60 connector is a HD-mini-SAS connector. The mini-SAS connector is the

same as the I/O module connectors. These cables are available in 3M, 4M, and 5M
lengths. Use the appropriate length for the connections being made:

• Use the 3M cable in the same rack either to connect to a controller or shelf-to-
shelf.
• Use a 3M, 4M, or 5M cable when connecting a DS60 from one rack to another.
• Use the 3M shelf-to-shelf cables to connect shelves to other shelves within a
shelf set in the same rack.
• Use a 3M, 4M, or 5M cable to connect shelves to other shelves when the set
spans racks.
• Special cables must be used when attaching an ES40 to a chain with a DS60.

PowerProtect DD Hardware Installation-Participant Guide

Page 26 © Copyright 2021 Dell Inc.

Installing Hardware

3
1

2 4

1: DS60 Cables

2: SAS Ports

3: DS60 backpanel

4: SAS Ports

FS25 Cables

The cable used to include the FS25 in a SAS chain is the mini-SAS type. The cable
is keyed and labeled with different host and expansion connectors in the SAS
chain. These cables are available in 1M, 2M, 3M, and 5M lengths.

The connectors are keyed and labeled with an identifying symbol: a dot for the host
port and a diamond for the expansion port. The expansion shelves are 3U in size
and the controllers that support the FS25 shelf are either 2U or 4U. When a 2U
controller is mounted in a 4U gap, it can be mounted in any of the three positions in
that gap. For more information, see the PowerProtect DD System Hardware Guide
for your specific model.

When used, an FS25 shelf is cabled on a separate, private chain.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 27

Installing Hardware

1: FS25 Cables

2: Connect to Expansion Port (Out) on FS25.

3: Connect to Host Port (In) on FS25.

PowerProtect DD Hardware Installation-Participant Guide

Page 28 © Copyright 2021 Dell Inc.

Installing Hardware

Shelf Cabling

Rules and Guidelines Cabling Basics Cabling Order

PowerProtect DD

Rules and Guidelines

The PowerProtect DD appliance rediscovers newly

configured shelves after it restarts. You can power
off the system and recable shelves to any other
position in a set, or to another set.

Follow these rules before making any cabling

changes:
• Do not exceed the maximum shelf configuration
values for your model.
• For redundancy, the two connections from a
controller to one or more shelves must use ports on different SAS HBAs or I/O
modules.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 29

Installing Hardware

• A PowerProtect appliance cannot exceed its maximum raw external shelf

capacity, regardless of added shelf capacity.
• If ES40 SAS shelves are on the same chain as a DS60, the maximum number
of shelves on that chain is five.
• When used, an FS25 shelf is cabled on a separate, private chain.

Use the PowerProtect DD Install Guide for your PowerProtect DD appliance to

minimize the chance of a cabling error. For more information, see the PowerProtect
DD System Hardware Guide for your specific model.

Cabling Basics

PowerProtect DD controller

PowerProtect DD Hardware Installation-Participant Guide

Page 30 © Copyright 2021 Dell Inc.

Installing Hardware

Here is an example of A controller with two expansion shelves. There are some
general cabling rules for connecting expansion shelves to a PowerProtect DD
controller:

• The controller HBA port should always connect to the host port of an expansion
shelf. In other words, the host port on the expansion shelf connects upstream to
the Controller.
• The expansion port on the expansion shelf is used to connect downstream to
another expansion shelf.
• The expansion port on the last shelf should be empty. It does not connect back
to the controller.

In this example:

• Cable 1 (C1) connects from Port A on the SAS controller in Slot 7 (right) to Port
A of storage controller S-B on the first shelf.
• Cable 2 (C2) connects from Port A on the SAS controller in Slot 3 (left) to Port A
of shelf controller S-A on the last shelf.
• Cable 3 (C3) connects from Port B of S-B on the first shelf to Port A of S-B on
the last shelf.
• Cable 4 (C4) connects from Port B of S-A on the last shelf connects to port A of
S-A on the first shelf.

For more information, see the PowerProtect DD System Hardware Guide for your
specific model.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 31

Installing Hardware

Cabling Order

For systems that

do not come
preconfigured,
there is a
recommended
order for the hot
addition of
expansion shelves
over time.

This installation
order runs as
shown:
• In steps 1, 2, 3,
and 4 in this
example,
establish the
first expansion
shelf at the
bottom of each
shelf set.
Positioning
each shelf in
the rack according to the diagram shipped with the specific system. This
positioning establishes the full range of space in the racks that are required for
future expansion of capacity as needs require. It also allows for easy installation
of extra shelves into any shelf set. Install the shelf and recable so that the B
side cable from the controller is connected to the host port on the new shelf.
Interconnect cables are also added between the two shelves.
• In steps 5, 6, 7, and 8 add additional shelves from the bottom up in each shelf
set.
• Continue to add shelves in step 9, 10, and so forth, up to the maximum capacity
of the system. In this example, the system supports a maximum of 18 shelves
that are installed and positioned in two racks as shown.

PowerProtect DD Hardware Installation-Participant Guide

Page 32 © Copyright 2021 Dell Inc.

Installing Hardware

Drive Slot Allocations

ES40 Slot Allocations DS60 Slot Allocations

ES40 Slot Allocations

When you unlock and remove the snap-on bezel from the front panel, the 15 disks
are visible. Disk numbers range from 1 to 15 as reported by system commands.
When facing the front of the panel, disk 1 is the leftmost disk and 15 is the far right
disk.

Indicators on the appliance will show disk slot numbering from 0 to 14, but the
software uses logical numbering of 1 to 15.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 33

Installing Hardware

1 2

1: Disk 1

2: Disk 15

DS60 Slot Allocations

The following diagram is a top view diagram of the DS60 labeled drive locations.
Drives installed in the DS60 are only visible when the enclosure is pulled out of the
rack. To access the drives, pull the chassis forward from the rack, and remove the
top cover. The drives are installed in packs of 15. Packs are color coded within the
enclosure. Purple is Pack 1, yellow is Pack 2, green is Pack 3, and pink is Pack 4.

Slots are identified in columns of 12 (0 through 11) and rows of five (A through E).
There is room in the DS60 for 60 drives or 4 packs, total. A pack must contain the

PowerProtect DD Hardware Installation-Participant Guide

Page 34 © Copyright 2021 Dell Inc.

Installing Hardware

same drive size. Packs of different drive sizes can be mixed within the DS60. For
example, Pack 1 may contain 15, 4 TB drives while Pack 2 may contain 15, 3 TB
drives.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 35

Initial Configuration

PowerProtect DD Hardware Installation-Participant Guide

Page 36 © Copyright 2021 Dell Inc.

Initial Configuration

System Setup Information

You can create a system setup worksheet to document the minimum configuration
information necessary to complete the initial configuration of the PowerProtect DD
appliance.

In order to fulfill the requirements of the system setup wizard, be prepared to

provide the following information:

• Hostname and domain of the PowerProtect DD system

• Gateway IP and DNS servers
• CIFS and NFS protocol details
• SMTP mail server data
• WWPNs and initiators for use with DD Boost or virtual tape libraries in Fibre
Channel environments

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 37

Initial Configuration

• System serial number

• Licensed features
• DHCP requirements
• Ethernet port IP addresses and netmask

Once the network information has been saved, you can provide additional
information in the CLI or the DD System Manager (DDSM).

PowerProtect DD Hardware Installation-Participant Guide

Page 38 © Copyright 2021 Dell Inc.

Initial Configuration

Pre-Engagement Questionnaire (PEQ)

Installation professionals
are strongly encouraged
to use the Pre-
Engagement
Questionnaire (PEQ).
This is a comprehensive
spreadsheet available to
all field personnel and
internal Dell EMC
employees from the Dell
EMC Global Services
Tools Information
website under the
Licensed Tools tab.

It serves as a shared document between Dell EMC and authorized customers and
partners. The spreadsheet is available for download from the internal Dell EMC
website: https://psapps.emc.com/central/solution/PEQ.

This spreadsheet provides sections for collecting comprehensive configuration

information from the site as well as for gathering important details such as contact
information. It includes sections like engagement details, solution diagrams,
implementation details, data center readiness checklist, and project details.

The PEQ also contains important reference charts and deliverable checklists to
help in managing the installation.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 39

Initial Configuration

Locate PowerProtect DD Serial Number

Some PowerProtect DD systems have a PSNT tag located on the rear of the
system, attached to the arm in the center of the chassis. If this tag is not present,
the product serial number is always available from the service tag located on the
front of the system.

The SN is the 14 digit alphanumeric string that accompanies the part number. This
serial number is the default system password for serial console, system manager,
and iDRAC access.

PowerProtect DD Hardware Installation-Participant Guide

Page 40 © Copyright 2021 Dell Inc.

Initial Configuration

Emulator Settings

To begin the emulator configuration:

A. Connect to the serial port on the PowerProtect DD appliance.

B. Launch the terminal emulation program from the administrative console or
computer.
C. Enable logging of the session and configure the communication settings to log
in to the system.

• BAUD Rate: 115200

• Data Bits: 8
• Stop Bits: 1
• Parity: None
• Flow Control: None
• Emulation: VT-100

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 41

Initial Configuration

Initial Configuration Wizard

When the PowerProtect DD system boots up for the first time, the CLI configuration
wizard script starts automatically. You can also start the script manually using the
config setup command.

The first prompt asks if you want to use the GUI wizard. This is to determine if the
shortened version of the CLI wizard will be started, followed by the System
Manager Configuration wizard, or the complete CLI wizard will be used.

If the choice is yes, as shown here, the bare minimum configuration data is
collected to configure network access. The shortened CLI wizard prompts you for
the data collected in the system setup worksheet. At the end of the section, a
prompt to accept or reject the changes appears.

Once the configuration data is saved, the wizard requests the user launch the
System Manager Configuration Wizard to finalize the setup.

PowerProtect DD Hardware Installation-Participant Guide

Page 42 © Copyright 2021 Dell Inc.

Initial Configuration

System Configuration Wizard

If you
choose not
to use the
GUI wizard
as shown
here, the
CLI wizard
starts with
the section
for license
configuration and continues to network, file system, and system configuration.

Most of the information provided in the shortened version of the configuration

wizard is entered in the Network Configuration section. The initiator and WWPNs
collected in the system setup worksheet is entered in the VTL and DD Boost
configuration sections.

Each section will display a summary and prompt to either accept or reject the
changes just as it would in the shortened version.

The DD System Manager (DDSM) can be used to configure the same information.
The DDSM is used once the initial configuration is completed from the CLI. Using a
web browser, open the DDSM and find the wizard by selecting Maintenance >
System > Configure System.

The individual sections are listed on the left and the details of the sections are on
the right. You may skip sections if you want, with the exception of the License
Configuration section. Both configuration wizards will suggest a reboot when
complete. If the time zone is changed during the configuration, then the reboot is
mandatory.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 43

Initial Configuration

Licensing Shelf Capacity

For each expansion shelf installed in the rack, such as the DS60, you must apply a
shelf capacity license.

The Expanded-Storage license may also be required depending on the

PowerProtect DD system.

The Electronic Licensing Management System (ELMS) is used to manage all

feature and capacity licenses for a PowerProtect DD appliance.

ELMS on PowerProtect DD systems use one license file per system. The license
file contains a single license for all purchased features.

PowerProtect DD Hardware Installation-Participant Guide

Page 44 © Copyright 2021 Dell Inc.

Initial Configuration

Activating Expansion Shelf

Addi
tiona
l
stora
ge
requi
res
the
appr
opria
te
licen
ses
and sufficient memory to support the new storage capacity. The system generates
error messages if more licenses or memory is needed.

When the licenses are added, the expansion shelf enclosures must be added and
licensed with a DD Expansion Storage license. This procedure is performed in the
System Manager GUI.

From the home screen navigate to Hardware > Storage > Overview and click
Configure. Recently installed shelves will appear in the Addable Storage section
where they can be added to the appropriate tier.

In the CLI, use the storage add enclosure command to add storage to either
the active or cloud tier. For additional information read the Dell EMC DDOS
Administration Guide.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 45

Initial Configuration

Initiating the File System

From the command line, display the RAID group information for the active tier of
each shelf by entering the storage show all command. The rest of the disks
should report that they are either available or spare disks.

In order for the file system to make use of all of the available space in the active
tier, enter the command filesys expand. Begin the file system operations with
the filesys enable command.

PowerProtect DD Hardware Installation-Participant Guide

Page 46 © Copyright 2021 Dell Inc.

Initial Configuration

Verifying the Expansion Shelves

Verify that the

PowerProtect DD
appliance recognizes
the shelves by
entering the
enclosure show
summary command.

This command shows

each recognized enclosure ID, model number, serial number, and slot capacity, as
well as state of the enclosure and information about the manufacturer.

Verify the state of the file system and disks by entering the filesys status
command. It should show as available and running.

After a shelf is added to the file system, enter the filesys show space
command to view the total size, amount of space used, and available space for
each file system resource, such as data, metadata, and index.

The resources are listed as pre-compression (virtual data stored), post-

compression (physical space), and /ddvar (log and core files).

Verifying the Disk State

Once the expansion shelf is installed and online, perform a few steps to verify the
state of the file system and disks. Check the status of the SAS HBA cards by
entering the disk port show summary command.

The output will

show the port for
each SAS
connection and the
online status. After
the shelves are
connected, the
disk port show
summary

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 47

Initial Configuration

command displays the connected enclosure IDs for each port, such as 2 and 3,
and the status changes to online.

After adding expansion shelves, verify the state of the disks with the command
disk show state. See the legend in the command output for disk state
definitions. Some disk states include spare, available, unknown, and
reconstructing. The progress and time remaining will also be displayed for disks
that are in a reconstructing state.

For disks labeled unknown instead of spare in the output of the disk show
state command, enter the disk unfail command for each unknown disk. For
example, if disk 2.1 is labeled unknown, enter the command: disk unfail 2.1

PowerProtect DD Hardware Installation-Participant Guide

Page 48 © Copyright 2021 Dell Inc.

Other Configuration

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 49

Other Configuration

Remote Management Through IPMI, SOL, and iDRAC

All PowerProtect DD appliances can use two industry-standard specifications,

Intelligent Platform Management Interface (IPMI) and Serial Over LAN (SOL), to
enable remote powering and console management capabilities, from a remote site.

All PowerProtect DD appliances also support remote management through

Integrated Dell Remote Access Controller (iDRAC).

IPMI and SOL

Remote power management capabilities The console activities that are

that are supported through IPMI are: supported through SOL are:
• Power up the PowerProtect DD • Run system diagnostics.
appliance on after a power outage. • Install, upgrade, or reconfigure
• Power cycle the system after an DDOS.
operating system crash. • Access the BIOS for updating the
• Turn the power off when system is not system settings.
in use.
• View valuable POST and boot
• Obtain power status of the system. messages.

To learn more about the IPMI and SOL specifications, go to

http://www.intel.com/design/servers/ipmi.

iDRAC

iDRAC gives system administrators the ability to configure a system as if they were
at the local console.

PowerProtect DD Hardware Installation-Participant Guide

Page 50 © Copyright 2021 Dell Inc.

Other Configuration

Key features of iDRAC include:

• Power Management
• Virtual media access
• Remote console

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 51

Other Configuration

Remote Management Hardware Setup

IPMI and SOL access requires either two PowerProtect DD appliances or a

PowerProtect DD appliance and any Linux-based system with IPMI tools installed.

To access one PowerProtect DD appliance from another, you can use the DD
System Manager. Go to Maintenance > IPMI and select Login to Remote
System. Enter the IPMI IP address or DNS name, username, and password for an
IPMI user and click Connect.

To access a PowerProtect DD appliance from a non-PowerProtect DD appliance,

you can use the ipmitool. ipmitool is an open-source program for management of
systems that support IPMI v2.0. To enable a Linux-based system to be used as an
initiator, locate a compatible copy of the open-source ipmitool, and download and
install it.

The current PowerProtect

DD appliances support the
iDRA Integrated Dell Remote
C Port Access Controller (iDRAC)
with Lifecycle Controller to
remotely power the system
off or on. Set up iDRAC by
attaching an Ethernet
cable to the dedicated
iDRAC port. The iDRAC port is on the back panel of the PowerProtect DD
appliance.

When connected, you can use an HTML web interface to go to the default iDRAC
IP address 192.168.0.120.

PowerProtect DD Hardware Installation-Participant Guide

Page 52 © Copyright 2021 Dell Inc.

Other Configuration

Use Ethernet Port Access for IPMI and SOL

All shipping PowerProtect DD models have a dedicated IPMI management

Ethernet port. An Ethernet cable is connected to the dedicated Ethernet port and
then to the LAN.

The dedicated Ethernet port is configured with any available IPMI IP address.
Configure IPMI on a separate management network in case the data LAN goes
down. The separate management network should be used only for IPMI and SOL
access3. The dedicated Ethernet port name is bmc0a. The other Ethernet ports like
eth0 and eth1 on the system are used only for data and normal operations.

3
Enabling SOL disables the serial console.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 53

Other Configuration

DD System Manager IPMI Configuration

You can perform IPMI configuration in the DD

System Manager. On the target PowerProtect
DD appliance, go to Maintenance > IPMI,
select the port you want to enable, and click
Enable.

To configure the port, select the port and click

Configure. In the Configure Port dialog, you
can configure the port for either DHCP or a static IP address, netmask, and
gateway.

Add IPMI users by clicking the Add button in the IPMI Users section. The IPMI
users are independent of other users on the appliance. Usernames and passwords
that are used for IPMI users can be different from any other users who are created
on the system.

You can also configure the target PowerProtect DD appliance using the CLI with
the ipmi config and ipmi user commands. See the Dell EMC DDOS
Command Reference Guide for complete information about using these
commands.

PowerProtect DD Hardware Installation-Participant Guide

Page 54 © Copyright 2021 Dell Inc.

Other Configuration

Configure iDRAC

The current PowerProtect DD appliances support the Integrated Dell Remote

Access Controller (iDRAC) with Lifecycle Controller to remotely power the system
off or on.

To access iDRAC, ensure that you connect the Ethernet cable to the iDRAC
dedicated network port on the back panel of the system to your network.

To configure iDRAC, use web browser to connect to the default iDRAC IP address
192.168.0.120. Alternatively, you can connect directly to the iDRAC direct USB port
with a USB cable and a laptop.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 55

Other Configuration

Configure iDRAC

Log in with the default username: admin. The default password is the system serial
number that is printed on the product serial number tag (PSNT).

PowerProtect DD Hardware Installation-Participant Guide

Page 56 © Copyright 2021 Dell Inc.

Other Configuration

Change IP Settings

You can change the iDRAC IP address in iDRAC Settings | Connectivity | IPv4
Settings.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 57

Other Configuration

Dashboard

The iDRAC GUI

dashboard displays key
system and health
information outside of
DDOS. iDRAC monitors
and reports health status
for components such as
batteries, cooling, CPUs,
and memory.

PowerProtect DD Hardware Installation-Participant Guide

Page 58 © Copyright 2021 Dell Inc.

Other Configuration

Power Off System

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 59

Other Configuration

PowerProtect DD Hardware Installation-Participant Guide

Page 60 © Copyright 2021 Dell Inc.

Other Configuration

Power the system off with iDRAC by selecting Dashboard > Graceful Shutdown
or by using one of these selections:
• Power Off System
• Reset System (warm boot)
• Power Cycle System (cold boot)

Note: The NM (Non-Masking Interrupt) menu item is not supported on the DD3300
appliance.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 61

Other Configuration

DDOS Configuration

You can configure DDOS using the config

setup command. You can also configure the
system using the DD System Manager
Configuration Wizard.

The Configuration Wizard performs an “initial”

configuration, which means it configures only
basic system setup. After the configuration, the DD System Manager or CLI can be
used to change or update the configuration.

The DD System Manager Configuration Wizard provides a user interface that

includes configuration options. After a network connection is configured, you can
use the DD System Manager Configuration Wizard to modify or add configuration
data.

PowerProtect DD Hardware Installation-Participant Guide

Page 62 © Copyright 2021 Dell Inc.

Other Configuration

Autosupport and Alerts

Autosupport reports
and alert messages
help identify and solve
PowerProtect DD
system problems.

Autosupport reports
and alerts provide
timely notification of
significant issues.

Autosupport sends
system administrators,
and Dell EMC Support
a daily report of system information and consolidated status output. Information is
gathered from various system commands and entries from various logfiles. The
autosupport report contains extensive and detailed internal statistics and log
information to aid Dell EMC Support in identifying and debugging system problems.

Autosupport reports are simple text logs sent by email. Autosupport report
distribution can be scheduled, with the default time being 6:00 a.m.

In the DD System Manager, Autosupport setting can be configured by going to

Maintenance > Support > Autosupport. You can also configure Autosupport
settings from the CLI using the autosupport family of commands. To test
Autosupport delivery, you can use the autosupport test command.

During normal operation, a PowerProtect DD appliance may produce warnings or

encounter failures whereby the administrators must be informed immediately. This
communication is performed with an alert.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 63

Hardware Verification

PowerProtect DD Hardware Installation-Participant Guide

Page 64 © Copyright 2021 Dell Inc.

Hardware Verification

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 65

Hardware Verification

Verify Hardware

After your PowerProtect DD system is installed, you should verify that you have the
correct model number, DDOS version, and serial number to ensure that they match
what you ordered.

You can verify system information in the DD System Manager by navigating to

Maintenance > System. You can also verify system information using the system
show command in the CLI.

To verify other hardware using the DD System Manager, navigate to the Hardware
section. There you can view and modify settings for the system’s storage, Ethernet,
Fibre Channel, and chassis.

Click Chassis to verify the system number, chassis number, and enclosure status.
These settings can also be monitored through the CLI.

For details on using DDOS CLI commands, see the DDOS Command Reference
Guide found on the Dell EMC Support site.

PowerProtect DD Hardware Installation-Participant Guide

Page 66 © Copyright 2021 Dell Inc.

Hardware Verification

Disk Verification

Hardware Storage presents Overview, Enclosures, Disks, and Reconstruction

information. The Overview tab contains the disk details.

You can also expand the summaries for Active Tier, Addable Storage,
Failed/Foreign/Absent Disks, and System Disks

Active Tier

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 67

Hardware Verification

When you expand the Active Tier item in the Overview tab, it displays the
information about disks in use and disks not in use.

Disks not in use could be listed as Failed, Spare, Foreign, or Rebuilding

Addable Storage

Also in the Overview tab, expand Addable Storage to see details about optional
enclosures that are available to add to the system.

PowerProtect DD Hardware Installation-Participant Guide

Page 68 © Copyright 2021 Dell Inc.

Hardware Verification

Enclosures: Hardware Storage

The Hardware Storage section under the Enclosures tab displays a table
summarizing the details of the enclosures connected to the system.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 69

Hardware Verification

Disks: Disks State

The Disks tab displays the Disk State table with information about each of the
system disks. You can filter the disks viewed to display all disks, disks in a specific
tier, or disks in a specific group.

If you have trouble determining which physical disk corresponds to a disk displayed
in the table, you can use the beacon feature to flash an LED on the physical disk.

Disk fail functionality allows you to manually set a disk to a failed state to force
reconstruction of the data stored on the disk. Disk Unfail functionality allows you to
take a disk in a failed state and return it to operation.

PowerProtect DD Hardware Installation-Participant Guide

Page 70 © Copyright 2021 Dell Inc.

Hardware Verification

Reconstruction: Hardware Storage

The Reconstruction tab displays any disk undergoing reconstruction in response to

a disk fail command or when directed from the RAID/SSM.

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 71

PowerProtect DD Hardware Installation-Participant Guide

© Copyright 2021 Dell Inc. Page 72

CLOUD TIER
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

Cloud Tier Implementation and Administration ..................................................................... 1

Dell EMC Cloud Tier Overview .................................................................................. 2

Dell EMC Cloud Tier Overview............................................................................................. 3
Model Sizing ........................................................................................................................ 4
Cloud Tier Components and Platform Support ..................................................................... 6
Cloud Tier Capacity Options ................................................................................................ 7
Cloud Tier Protocol Support ................................................................................................. 8
Deduplication and Cleaning ................................................................................................. 9
Retention Lock and Encryption .......................................................................................... 11
Replication ......................................................................................................................... 13
Cloud Tier Migration........................................................................................................... 15

Configuring Cloud Tier ............................................................................................ 16

Configure Storage .............................................................................................................. 17
Enable the Cloud Tier ........................................................................................................ 19
Viewing Active and Cloud Tier Statistics ............................................................................ 20
Cloud Unit Status Details ................................................................................................... 21
Cloud Tier Unit Preconfiguration ........................................................................................ 22
Create Cloud Units............................................................................................................. 23
S3 Authentication with Signature Version 4........................................................................ 24
Configuring Cloud Tier Demonstration ............................................................................... 26

Data Movement ........................................................................................................ 27

Data Movement Policies and Schedules ............................................................................ 28
Efficient File Recall ............................................................................................................ 29
Tape Out to Cloud.............................................................................................................. 30
Cloud Tier Data Movement Demonstration ........................................................................ 31

Appendix ................................................................................................. 33

Cloud Tier Implementation and Administration

Page ii © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 1

Dell EMC Cloud Tier Overview

Cloud Tier Implementation and Administration

Page 2 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

Dell EMC Cloud Tier enables the movement of data from the active tier of a
PowerProtect DD appliance to low-cost, high-capacity object storage in the public,
private, or hybrid cloud. Data is moved to the cloud for long-term data retention.
Only unique, deduplicated data1 is sent from the PowerProtect DD appliance to the
cloud or retrieved from the cloud.

Backup Data
Cloud storage in the public, private,
Cloud Tier Architecture
or hybrid cloud for long-term data
retention.

Active Tier Cloud Tier Benefits

Cloud Tier
Cloud Tier
Cloud Unit 1
Considerations
Cloud Unit 2

Only unique data is sent to the

cloud.

1Sending only deduplicated data ensures that the data being sent to the cloud
occupies as little space as possible.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 3

Dell EMC Cloud Tier Overview

Model Sizing

Here the supported physical memory and storage requirements for each
PowerProtect DD model.

Model Memory Cloud Number Supported Number Capacity

(GB) Capacity of SAS Disk Shelf of ES40 for
(TB) I/O Types for Shelves Metadata
Modules Metadata or DS60 Storage
Storage Disk
Packs
Required

DD3300 16 8 N/A N/A N/A 1 x 1 TB

(4 TB virtual disks
Capacity) = 1 TB

DD3300 48 16
(8 TB
Capacity)

DD3300 48 32
(16 TB
Capacity)

DD3300 64 64
(32 TB
Capacity)

DD6900 288 576 2 DS60 or 2 30 x 4 TB

ES40 HDDs =
120 TB

DD9400 576 1536 2 DS60 or 4 60 x 4 TB

ES40 HDDs =
240 TB

Cloud Tier Implementation and Administration

Page 4 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

DD9900 1152 2016 2 DS60 or 5 75 x 4 TB

ES40 HDDs =
300 TB

DDVE* 32 32 N/A N/A N/A 1 x 500 GB

(16 TB virtual disk
Capacity) = 500 GB2

DDVE* 60 128
(64 TB
Capacity)

DDVE* 80 192
(96 TB
Capacity)
* Dell EMC Cloud Tier is supported on DDVE for on-premises implementations only.

2The minimum metadata size is a hard limit. Dell Technologies recommends that
you start with 1 TB for metadata storage and expand in 1 TB increments. The
DDVE Installation and Administration Guide provides more details about using
Cloud Tier with DDVE.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 5

Dell EMC Cloud Tier Overview

Cloud Tier Components and Platform Support

Backup Data Single namespace

Supported cloud storage (Long-term

retention)

Active Tier

Data Movement
Policy Cloud Tier

Cloud Unit 1

Requires extra storage for metadata Cloud Unit 2

The Dell EMC Cloud Tier is managed through a single namespace. There is no
separate cloud gateway or virtual appliance required. The native PowerProtect DD
policy management framework supports the data movement.

Cloud storage supports Dell EMC Elastic Cloud Storage (ECS), Alibaba, Amazon
Web Services S3, Google Cloud Provider, S3 Flexible provider cloud unit, and
Microsoft Azure. Extra storage is required to hold metadata associated with the
data in the cloud tier. Deduplication, cleaning, and replication operations use
metadata.

Cloud Tier is supported on physical PowerProtect DD systems with expanded

memory configurations. Cloud Tier can be used with DDVE 3.0 or later in 16 TB, 64
TB, and 96-TB storage options.

Extra metadata storage is required to support the cloud tier. The amount of
required metadata storage is based on the PowerProtect DD model.

Cloud Tier is supported in PowerProtect DD High Availability (DD HA)

configurations. Both nodes must be running DDOS 6.0 or higher with DD HA
enabled.

Cloud Tier Implementation and Administration

Page 6 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

Cloud Tier Capacity Options

Active Tier

Data Movement
Policy Cloud Tier

Cloud Unit 1

Cloud Unit 2

Dell EMC Cloud Tier supports one or two cloud units on each PowerProtect DD
appliance.
• Each cloud unit has the maximum capacity of the active tier3.
• Each cloud unit maps to a cloud provider4.
• Metadata shelves5 store metadata for both cloud units.

This example shows a system with an active tier and two cloud units. Each cloud
unit has a capacity equal to that of the active tier. Data that is stored on the active
tier provides local access to data and can be used for operational recoveries. The
cloud tier provides long-term retention for data that is stored in the cloud.

3You can scale the cloud tier to maximum capacity without scaling the active tier
any larger.

4 Each cloud unit can write to a separate supported cloud provider.

5The number of metadata shelves you need depends on the cloud unit physical
capacity.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 7

Dell EMC Cloud Tier Overview

Cloud Tier Protocol Support

The NFS, CIFS, and DD Boost protocols are supported for data movement to and
from the cloud tier.

PowerProtect DD VTL Tape Out to Cloud is supported with DDOS version 6.1 and
later. DD VTL Tape Out to Cloud supports storing the VTL vault on Cloud Tier
storage.

There is no support for vDisk pools as used with Dell EMC ProtectPoint.

Cloud Tier Implementation and Administration

Page 8 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

Deduplication and Cleaning

PowerProtect DD Appliance

Deduplication is not allowed

Active Tier across tiers.

Cloud Tier
Cloud units each have their own
deduplication pools.

Cloud Unit 1

The cloud tier uses the same Cloud Unit 2

compression algorithm as the active tier.

• Each cloud unit has its own segment index and metadata and thus each cloud
is a deduplication unit by itself6.
• The cloud tier uses the same compression algorithm7 as the active tier.
• Cloud deduplication does not do the packing phase.
• Cloud tier cleaning can be schedule-based or on demand8.
• The schedule for cloud tier cleaning is set relative to active tier cleaning9.

6 There is no deduplication across tiers: active tier and cloud tier.

7On most PowerProtect DD appliances, the default compression algorithm is

gzfast. For legacy Data Domain systems and the PowerProtect DD3300, the lz
compression algorithm is used by default.

8 Cleaning of the active tier and the cloud tier cannot take place simultaneously.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 9

Dell EMC Cloud Tier Overview

• On-demand cleaning is invoked from the user interface10 on a specific cloud

unit.
• Cloud tier cleaning does not do partial copy forward11 to avoid unnecessary
reads from the cloud.
• Most of the work of cleaning happens locally12 using local cloud metadata
information.

9 The schedule specifies to run cloud tier cleaning after every Nth run of active tier
cleaning. By default, cloud tier cleaning runs after every 4th scheduled active tier
cleaning.

10 On-demand cleaning can be run from either the DD System Manager or CLI.

11 When all segments within a region are dead, the entire object is deleted.

12 The cloud storage is accessed to delete objects in the cloud with no live data and
to perform some copy forward of container metadata-related activities.

Cloud Tier Implementation and Administration

Page 10 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

Retention Lock and Encryption

DD Retention Lock is supported by Dell EMC Cloud Tier.

• Files that are locked on the active tier using retention lock can be moved to
the cloud.
• You can apply retention lock on files that are already in the cloud tier.
• Deleting files in the cloud unit is prevented on PowerProtect DD appliances
using DD Retention Lock Compliance.

Secure HTTP (HTTPS) is used for the transfer of data between a PowerProtect
DD appliance and the cloud.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 11

Dell EMC Cloud Tier Overview

Encryption can be enabled13 at three levels:

• The PowerProtect DD appliance
• The active tier14
• The cloud tier

A license for encryption is required.

Encryption of data at rest is enabled by default15 on data in the cloud.

Active tier encryption is not required to enable encryption on the cloud tier.

Cloud units have separate controls for enabling encryption.

Using an external key manager is not supported.

13You are prompted for the security officer username and password to enable
encryption.

14Encryption of the active tier is only applicable if encryption is enabled for the
system.

15 Users can disable encryption.

Cloud Tier Implementation and Administration

Page 12 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

Replication

You can enable Dell EMC Cloud Tier on one or both systems in a replication pair.

If the source system is Cloud Tier-enabled, data may be read from the cloud if the
file was already migrated to the cloud tier from the active tier. A replicated file is
always placed first in the active tier on the destination system even when Cloud
Tier is enabled.

Using Cloud Tier with

different replication types:
Active Tier

• MTree replication and

Cloud Tier managed file
Cloud Unit 1 replication are
Cloud Unit 2
supported on Cloud
Tier-enabled
PowerProtect DD
appliances.
• Collection replication is
not supported on cloud
tier-enabled systems.
• Cloud Tier does not
affect directory
replication16.

16Directory replication works only on the /backup directory which cannot be

configured for cloud data movement.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 13

Dell EMC Cloud Tier Overview

Once data is in the cloud,

the encryption status
cannot be changed17.

The use of an embedded

key manager is supported.

17
Before sending any data to the cloud the decision to encrypt data or not must be
made.

Cloud Tier Implementation and Administration

Page 14 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

Cloud Tier Migration

It is possible to migrate the system data from and older appliance that is configured
with Dell EMC Cloud Tier to a newer appliance. Migrating to a newer appliance can
improve performance, add additional capacity, and provide access to new features.

Active Tier Active Tier

Cloud Tier Cloud Tier

Cloud Unit 1 Cloud Unit 1

Cloud Unit 2 Cloud Unit 2

Cloud Tier migration consists of the following steps:

1. Copy active tier data from the existing system to the new system.
2. Copy cloud tier metadata from the existing system to the new system.
3. Disconnect the cloud bucket from the existing system.
4. Connect the cloud bucket to the new system.
5. Commit the migration operation.

Several prerequisites must be met before starting the migration procedure.

The migration process migrates the active tier storage, and the locally stored cloud
tier metadata from the existing system to a new system. During the migration, the
source system operates in a restricted mode.

The procedure to initiate the Cloud Tier migration is only available through the CLI.
See the Dell EMC DDOS Administration Guide, available on the Dell EMC Support
site for more information about migrating Cloud Tier.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 15

Configuring Cloud Tier

Cloud Tier Implementation and Administration

Page 16 © Copyright 2021 Dell Inc.

Configuring Cloud Tier

Configure Storage

Expand Cloud Tier and click

Configure.

Select the device you want

to add from the Addable
Storage list.

With Dell EMC Cloud Tier storage, the PowerProtect DD appliance holds the
metadata for the files residing in the cloud18.

To configure storage for the cloud tier:

1. Select Hardware > Storage.
2. In the Overview tab, expand Cloud Tier and click Configure.
3. In the Addable Storage section, select the checkbox for the shelf you want to
add.
4. Click Add to Tier.
5. Click Next.

18 A copy of the metadata resides in the cloud for disaster recovery.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 17

Configuring Cloud Tier

6. Select an assessment option to determine if the devices meet performance

recommendations.
a. Using only DD Boost for backup
b. Using CIFS or NFS for backup
c. Skip Assessment
7. Click Done.

Cloud Tier Implementation and Administration

Page 18 © Copyright 2021 Dell Inc.

Configuring Cloud Tier

Enable the Cloud Tier

When the file system is disabled, click

Enable Cloud Tier.

Disable the file system before enabling

Cloud Tier

The cloud tier requires a local store for a local copy of the cloud metadata. To
configure Cloud Tier, you must meet the storage requirement for the licensed
capacity.

To enable the cloud tier on a PowerProtect DD appliance:

1. Go to Data Management > File System.
2. To disable the file system, click Disable at the bottom of the screen.
3. Click OK to proceed.
4. When the file system is disabled select, Enable Cloud Tier.
5. Select Enable file system after creation. The cloud tier is now enabled with
designated storage.

If creating a file system, the cloud tier can be enabled at the time that the new file
system is created. To create a file system, select Create File System and then
configure the active tier of the system.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 19

Configuring Cloud Tier

Viewing Active and Cloud Tier Statistics

In Data Management > File System, the main panel displays statistics for the
active and cloud tiers.

The statistics viewable in the DD System Manager for both the active and cloud tier
are:
• Size
• Used
• Available
• Pre-Compression
• Total Compression Factor (Reduction %)
• Cleanable
• Space Usage

Cloud Tier Implementation and Administration

Page 20 © Copyright 2021 Dell Inc.

Configuring Cloud Tier

Cloud Unit Status Details

To provide more information to the user, the DD System Manager displays the
reasons why the cloud storage is in error state.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 21

Configuring Cloud Tier

Cloud Tier Unit Preconfiguration

Before configuring a cloud unit on a PowerProtect DD appliance, perform the

following actions:

1. Configure your firewall19.

2. Download the appropriate certificates for your cloud provider.
3. Convert the downloaded certificate to .pem format20.
4. Add the certificate using the DD System Manager or CLI.

19You must have Port 443 or Port 80 open to the cloud provider networks for both
endpoint IPs and provider authentication IP for bi-directional traffic. Remote cloud
provider destination IP and access authentication IP address ranges must be
enabled through the firewall.

20 Downloaded certificate files have a .crt extension. Use OpenSSL to convert the
file from .crt format to .pem. For additional information, see that the Dell EMC
DDOS System Administration Guide on the Dell EMC support site.

Cloud Tier Implementation and Administration

Page 22 © Copyright 2021 Dell Inc.

Configuring Cloud Tier

Create Cloud Units

The links on
this page
contain
configuration
information
Alibaba Cloud Amazon Web Services Flexible Cloud
and the
S3 Tier Provider
procedure to
Framework for
create cloud
S3
units on
supported
cloud
platforms.

Google Cloud Storage Microsoft Azure

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 23

Configuring Cloud Tier

S3 Authentication with Signature Version 4

Overview

All interactions with cloud providers are authenticated with a signature protocol.

Support for S3 flexible cloud providers that support S3 authentication with signature
V4 is now part of DDOS.

The customer benefits are:

• Support for a more secure authentication protocol.

• Continuing the support for signature V2 along with addition of support for
signature V4.
• Automatically detect the signature version supported by the S3 flexible cloud
providers.

Cloud Tier Implementation and Administration

Page 24 © Copyright 2021 Dell Inc.

Configuring Cloud Tier

Command Line Interface Changes

A new field S3 Signature Version is added to display the cloud profile version.

In the output of cloud profile show, DDOS displays two possible values: s3v2
or s3v4.

Once set, the signature version of the cloud profile cannot be modified.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 25

Configuring Cloud Tier

Configuring Cloud Tier Demonstration

Movie:

Configuring Cloud Tier

Cloud Tier Implementation and Administration

Page 26 © Copyright 2021 Dell Inc.

Data Movement

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 27

Data Movement

Data Movement Policies and Schedules

There are three types of

data movement policies.
1. Age-based threshold21
2. Age-range threshold22
3. App-driven policy23
Data Movement Schedule

Data movement can be

initiated manually or set
up automatically using a
schedule.

21Used for all files older than a set number of days. For example, all files older than
90 days.

22All files older than X days, but younger than Y days. For example, all files older
than 30 days but younger than 365 days.

23 Set by applications using REST APIs.

Cloud Tier Implementation and Administration

Page 28 © Copyright 2021 Dell Inc.

Data Movement

Efficient File Recall

Agent

Recall is the act of bringing data from the cloud to the active tier. Restore is the act
of recovering data from the active tier and making it available to the client.

Data can be recalled from the cloud tier using the DD System Manager (DDSM) or
the CLI.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 29

Data Movement

Tape Out to Cloud

Tape Out to cloud storage offers the ability to store offsite and retrieve tapes for
long-term retention (LTR) use cases.

Requirements Backup and End-to-End Policies Configuring Tape Recall

Restore Workflow Tape Out to from the
Workflow for Cloud Cloud
Long-Term
Retention

Cloud Tier Implementation and Administration

Page 30 © Copyright 2021 Dell Inc.

Data Movement

Cloud Tier Data Movement Demonstration

Movie:

Cloud Tier Data Movement

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 31

Appendix

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 33

Appendix

Architecture

Policy Data CC: Cloud Connector

MTree movement

Metadata
Data
Active Unit Cloud Unit

Active CP Cloud CP
(metadata)
Index, container metadata,
directory manager

Conceptually, cloud storage is treated as a storage tier attached to a PowerProtect

DD appliance. The cloud tier is implemented within the cloud volume. The cloud
volume has one or two cloud units. With cloud tier, active data is stored locally,
while data for long-term retention is stored on the cloud. Some MTree data may be
located in the active tier with older data residing in the cloud.

Metadata to support the cloud is maintained in the cloud tier shelf of the local
storage. This metadata is used in operations such as deduplication, cleaning, and
replication. Using local storage for metadata minimizes writes to the cloud. The
metadata includes the index, the Directory Manager (DM) for managing the
namespace and container metadata. Some metadata, including container
metadata, is also stored with the data in the cloud for disaster recovery purposes.

Data is sent to the cloud in compressed regions within a container as a unique

object. The local metadata container stores the metadata that describes each
compressed data region that is sent to the cloud.

The cloud architecture isolates tier-related issues.

Cloud Tier Implementation and Administration

Page 34 © Copyright 2021 Dell Inc.

Appendix

Benefits
Cloud Tier provides a scalable
solution for long-term data
storage. With Cloud Tier, users
can store up to two times the
maximum active tier capacity in
the cloud for long-term
retention of data. With cloud
tiering policies, data is in the
right place at the right time.
Data is scheduled to be moved
to the cloud using policies
based on the age of the data.

When data is moved from the

active tier to the cloud tier, it is
deduplicated and stored in
object storage in the native
format. Moving data to the cloud results in a lower total cost of ownership (TCO)
over time for long term, cloud storage. The cloud tier supports encryption of data at
rest and the DD Retention Lock feature, thus ensuring the ability to satisfy
regulatory and compliance policies.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 35

Appendix

Considerations
Here are a few considerations when deciding to implement Cloud Tier:
• A cloud capacity license is required for Cloud Tier. Use the Dell EMC Electronic
License Management System (ELMS) file to apply the license.
• The Cloud Tier feature may consume all available bandwidth in a shared WAN
link, especially in a low-bandwidth configuration (1 Gbps). The Cloud Tier
feature may impact other applications sharing the WAN link.
• On systems with a dedicated management interface, reserve that interface for
system management traffic (using protocols such as HTTP and SSH). Backup
and cloud tier data traffic should be directed to other interfaces, such as eth1a.

Cloud Tier Implementation and Administration

Page 36 © Copyright 2021 Dell Inc.

Appendix

Prerequisites

Complete the following tasks on the new system before beginning the migration
operation:
1. Verify both the source and destination systems are running DDOS 7.3.0.5 or
higher. Cloud Tier migration is not supported on DDVE instances.
2. Add a Cloud Tier license on the new system.
3. Add other feature licenses as required on the new system.
4. If a passphrase is configured on the existing system, set the same passphrase
on the new system. The passphrase store-on-disk setting should not be less
secure on the destination than on the source.
5. If encryption is configured on the existing system, set the same encryption
values including key manager settings and FIPS compliance on the new
system.
6. If automatic key rotation is configured on the existing system, disable it before
starting the migration. Reenable it on the new system after the migration.
7. If encryption is configured on the existing system, back up the key export files
from the existing system.
8. If Retention Lock Compliance is enabled on the existing system, enable RLC on
the new system.
9. Record the cloud profile and cloud unit information from the existing system.
10. Create the file system on the new system, but do not enable it.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 37

Appendix

Restricted Mode
While the PowerProtect DD appliance is in restricted mode, the active tier storage
is available for backup operations, but I/O on the cloud tier storage is not permitted.

The following operations are not permitted while the migration is in progress:
• Sending active tier data to cloud tier storage.
• Recalling data from cloud tier storage.
• Cleaning the cloud tier storage.
• Restoring files directly or reading from the cloud tier storage.
• File system cleaning on the source system.
• System sanitization cannot be performed on the source system.
• Enabling or disabling file system encryption.
• Enabling, disabling, or setting the embedded key manager or an external key
manager.
• Creating, destroying, deleting, or syncing keys from the embedded key manager
or an external key manager.

Cloud Tier Implementation and Administration

Page 38 © Copyright 2021 Dell Inc.

Appendix

Cloud Provider Certificates

Import certificate authority (CA) certificates before adding cloud units for Alibaba,
Amazon Web Services S3 (AWS), Azure, Elastic Cloud Storage (ECS), and Google
Cloud Provider (GCP).
• For Alibaba download the GlobalSign Root R1 certificate from
https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-
certificates.
• For AWS and Azure24, root CA certificates can be downloaded from:
https://www.digicert.com/digicert-root-certificates.htm.
• For ECS, the root certificate authority varies by customer. Contact the load
balancer provider for details. For ECS private cloud, local ECS authentication,
and web storage (S3), access to ports 9020 (HTTP) and 9021 (HTTPS) must be
enabled through the firewall. ECS private cloud load balancer IP access and
port rules must be configured.
• For GCP download the GlobalSign Root R2 certificate from
https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-
certificates.
• For an S3 Flexible provider, import the root CA certificate. Contact your S3
Flexible provider for details.

24For AWS and Azure cloud providers, download the Baltimore CyberTrust root
certificate.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 39

Appendix

Adding a Certificate
After downloading a certificate file, add the CA Certificate:
1. Go to Data Management > File System > Cloud Units.
2. Click Manage Certificates from the tool bar.
3. Click Add, and select one of the options from the Add CA Certificate for Cloud
screen.
4. Click Add.

Cloud Tier Implementation and Administration

Page 40 © Copyright 2021 Dell Inc.

Appendix

Creating Cloud Units for Alibaba Cloud

Configuration

Regions are configured at the bucket level instead of the object level. All objects
that are contained in a bucket are stored in the same region. A region is specified
when a bucket is created, and cannot be changed once it is created.

The Alibaba Cloud user credentials must have permissions to create and delete
buckets and to add, modify, and delete files within the buckets they create.

AliyunOSSFullAccess is preferred, but the minimum requirements are:

• ListBuckets
• GetBucket
• PutBucket
• DeleteBucket
• GetObject
• PutObject
• DeleteObject

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 41

Appendix

Procedure

To create a cloud unit for Alibaba Cloud:

1. Select Data Management > File System > Cloud Units.
2. Click Add. The Add Cloud Unit dialog is displayed.
3. Enter a name for this cloud unit. Only alphanumeric characters are supported.
4. For Cloud provider, select Alibaba Cloud from the drop-down list.

Cloud Tier Implementation and Administration

Page 42 © Copyright 2021 Dell Inc.

Appendix

5. Enter the provider Access key as password text.

6. Enter the provider Secret key as password text.
7. Ensure that port 443 (HTTPS) is not blocked in firewalls. Communication with
the Alibaba cloud provider occurs on port 443.
8. If an HTTP proxy server is required to get around a firewall for this provider,
click Configure for HTTP Proxy Server.
9. Click Add.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 43

Appendix

Creating Cloud Units for Amazon Web Services S3

Configuration

AWS offers a range of storage classes. The Cloud Providers Compatibility Matrix,
available from https://elabnavigator.emc.com/eln/elnhome provides up-to-date
information about the supported storage classes.

For enhanced security, the Cloud Tier feature uses Signature Version 4 for all AWS
requests. Signature Version 4 signing is enabled by default.

The AWS user credentials must have permissions to create and delete buckets and
to add, modify, and delete files within the buckets they create.

S3FullAccess is preferred, but the minimum requirements are:

• CreateBucket
• ListBucket
• DeleteBucket
• ListAllMyBuckets
• GetObject
• PutObject
• DeleteObject

Cloud Tier Implementation and Administration

Page 44 © Copyright 2021 Dell Inc.

Appendix

Procedure

To create a cloud unit for Amazon Web Services S3:

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 45

Appendix

5. Select the Storage class from the drop-down list.

6. Select the appropriate Storage region from the drop-down list.
7. Enter the provider Access key as password text.
8. Enter the provider Secret key as password text.
9. Ensure that port 443 (HTTPS) is not blocked in firewalls. Communication with
the AWS cloud provider occurs on port 443.
10. If an HTTP proxy server is required to get around a firewall for this provider,
click Configure for HTTP Proxy Server. Enter the proxy hostname, port, user,
and password.
11. Click Add.

Cloud Tier Implementation and Administration

Page 46 © Copyright 2021 Dell Inc.

Appendix

Creating a Cloud Unit for Flexible Cloud Tier Provider

Framework for S3

Configuration

The Cloud Tier feature supports qualified S3 cloud providers under an S3 Flexible
provider configuration option.

The S3 Flexible provider option supports the standard and standard-infrequent-

access storage classes. The endpoints vary depending on cloud provider, storage
class, and region. Be sure that DNS can resolve these hostnames before
configuring cloud units.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 47

Appendix

Procedure

To create a cloud unit for a qualified S3 cloud provider:

Cloud Tier Implementation and Administration

Page 48 © Copyright 2021 Dell Inc.

Appendix

5. Enter the provider Access key as password text.

6. Enter the provider Secret key as password text.
7. Specify the appropriate Storage region.
8. Enter the provider endpoint in this format: http://<ip/hostname>:<port>.
If you are using a secure endpoint, use https:// instead.
9. For Storage class, select the appropriate storage class from the drop-down list.
10. Ensure that port 443 (HTTPS) is not blocked in firewalls. Communication with
the S3 cloud provider occurs on port 443.
11. If an HTTP proxy server is required to get around a firewall for this provider,
click Configure for HTTP Proxy Server. Enter the proxy hostname, port, user,
and password.
12. Click Add.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 49

Appendix

Creating Cloud Units for Google Cloud Storage

Configuration

The Google Cloud Provider user credentials must have permissions to create and
delete buckets and to add, modify, and delete files within the buckets they create.

The minimum requirements are:

• ListBucket
• PutBucket
• GetBucket
• DeleteBucket
• GetObject
• PutObject
• DeleteObject

Cloud Tier Implementation and Administration

Page 50 © Copyright 2021 Dell Inc.

Appendix

Procedure

To create a cloud unit for Google Cloud Storage:

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 51

Appendix

5. Enter the provider Access key as password text.

6. Enter the provider Secret key as password text.
7. Storage class is set as Nearline by default. If a multiregional location is
selected (Asia, EU or US), and then the storage class and the location
constraint is Nearline Multiregional. All other regional locations have the
storage class set as Nearline Regional.
8. Select the Storage region.
9. Ensure that port 443 (HTTPS) is not blocked in firewalls. Communication with
Google Cloud Provider occurs on port 443.
10. If an HTTP proxy server is required to get around a firewall for this provider,
click Configure for HTTP Proxy Server. Enter the proxy hostname, port, user,
and password.
11. Click Add.

Cloud Tier Implementation and Administration

Page 52 © Copyright 2021 Dell Inc.

Appendix

Creating Cloud Unit for Microsoft Azure

Configuration

Microsoft Azure offers a range of storage account types. The Cloud Providers
Compatibility Matrix, available from
http://compatibilityguide.emc.com:8080/CompGuideApp/ provides up-to-date
information about the supported storage classes.

The Azure cloud provider uses the endpoint account

name.blob.core.windows.net. The account name is obtained from the Azure
cloud provider console. Be sure that DNS can resolve these hostnames before
configuring cloud units.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 53

Appendix

Procedure

To create a cloud unit for Microsoft Azure Storage:

Cloud Tier Implementation and Administration

Page 54 © Copyright 2021 Dell Inc.

Appendix

5. For Account type, select Government or Public.

6. Select the Storage class from the drop-down list.
7. Enter the provider Account name.
8. Enter the provider Primary key as password text.
9. Enter the provider Secondary key as password text.
10. Ensure that port 443 (HTTPS) is not blocked in firewalls. Communication with
the Azure cloud provider occurs on port 443.
11. If an HTTP proxy server is required to get around a firewall for this provider,
click Configure for HTTP Proxy Server. Enter the proxy hostname, port, user,
and password.
12. Click Add.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 55

Appendix

Data Movement Schedule

Frequency can be set to

Can be manual or Daily, Weekly, Monthly, or
scheduled Never

Data movement can be initiated manually or set up automatically using a schedule.

The schedule can be viewed at Data Management > File System > Summary.

The data movement schedule is set at Data Management > File System > Cloud
Units > Settings > Data Movement.

If a cloud unit is inaccessible when cloud tier data movement runs, the cloud unit is
skipped in that run. Data movement on that cloud unit occurs in the next run if the
cloud unit becomes available. The data movement schedule determines the
duration between two runs. If the cloud unit becomes available and you cannot wait
for the next scheduled run, you can start the data movement manually.

Cloud Tier Implementation and Administration

Page 56 © Copyright 2021 Dell Inc.

Appendix

Recall Data from the Cloud

For nonintegrated backup applications, you must recall the data to the active tier
before you can restore it. Backup administrators must trigger a recall or backup
applications must perform a recall before cloud-based backups can be restored.
Once a file is recalled, aging is reset and starts again from 0, and the file is eligible
based on the age policy set. A file can be recalled on the source MTree only.
Integrated applications can recall a file directly.

Recall fails if there is no space in the active tier to move the file. This decision is
made before any movement is started. Recall is per file. Dell EMC Cloud Tier
checks for existing data segments on the active tier. Only segments not present in
the active tier are invoked for recall from the cloud.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 57

Appendix

Recall Data Using DDSM

Select Data Management > File System > Summary. In the Cloud Tier section of
the Space Usage panel, click Recall, or expand the File System status panel at
the bottom of the screen. Click Recall.

The Recall link is available only if a cloud unit is created and has
data. The Recall File from Cloud dialog is displayed.

In the Recall File from Cloud dialog, enter the exact file name (no wildcards) and
full path of the file, for example: /data/col1/mt11/ file1.txt. Click Recall to
start the recall process.

Only four recall jobs are active at any given time. uUp to 1,000 recall jobs can be
queued up to run automatically as previous jobs complete. The recall queue is
automatically regenerated, so if the system is restarted during a recall the recall
continues when the system is back up.

Once the file has been recalled to the active tier, you can restore the data.

Cloud Tier Implementation and Administration

Page 58 © Copyright 2021 Dell Inc.

Appendix

Recall Data Using the CLI

Check the Location of the File

Use the filesys report generate file-location [path {<path-

name> | all}] [output-file <filename>] command to check the location
of the file to recall.

The path-name can be a file or directory; if it is a directory, all files in the directory
are listed.

Recall the File

Recall the file using the data-movement recall path <path-name>

command.

This command is asynchronous, and it starts the recall.

Monitor the Status of the Recall

Monitor the status of the recall using the data-movement status [path
{pathname | all | [queued] [running] [completed] [failed]} |
to-tier cloud | all}] command.

If the status shows that the recall is not running for a given path, the recall may
have finished, or it may have failed.

Verify the Location of the File

Verify the location of the file using the filesys report generate file-
location [path {<path-name> | all}] [output-file <filename>]
command.

Once the file has been recalled to the active tier, you can restore the data.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 59

Appendix

Requirements
The Dell EMC Cloud Tier feature must be licensed and enabled on either a physical
or virtual PowerProtect DD appliance. A cloud profile and cloud unit name should
be configured before using the DD VTL Tape Out to Cloud feature.

Both DD VTL and Cloud Tier Capacity licenses are required to use the DD VTL
Tape Out to Cloud feature.

Cloud Tier Implementation and Administration

Page 60 © Copyright 2021 Dell Inc.

Appendix

Backup and Restore Workflow for Long-Term Retention

The workflow for backing up and restoring data using the PowerProtect DD VTL
Tape Out to Cloud feature is as follows:
1. Perform the backup server or client configuration and user application setup.
2. Back up to primary disk storage pools
3. During backup, the data is copied while the backup server maintains the
necessary backup catalog and tracking metadata.
4. Data replicates to the DD VTL vault.
5. This replication can be onsite or geographically separated sites. The backup
server tracks the tapes in a “mountable” state.
6. Once the tapes are ready for long-term retention, they are ejected from the tape
storage pool.
7. The backup server tracks tapes in the “nonmountable” state.
8. The backup server continues to monitor the tape while the Long-Term Retention
to Cloud functionality moves the tapes to the cloud tier.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 61

Appendix

9. Once in the cloud tier vault, the backup server maintains the tape status to be
“Offsite.”
10. Restore process: The PowerProtect DD appliance recalls the tapes from the
cloud tier vault and places them in the DD VTL vault. Once the tapes are in the
vault, they can be moved to the library where the backup application can use
them.

You can manage a DD VTL using the DD System Manager (DDSM) or the
command-line interface (CLI).

Cloud Tier Implementation and Administration

Page 62 © Copyright 2021 Dell Inc.

Appendix

End-to-End Workflow

The DD VTL Tape Out to Cloud feature uses these components in the
PowerProtect DD appliance. The user interacts with the system using the DDSM or
CLI. The DD VTL service uses the Tape Out to Cloud functionality built on the DD
file system Long-Term Retention service.

The DD file system uses NFS v3 APIs to access the DD VTL tape pool and send
the virtual tapes in the vault to the cloud tier.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 63

Appendix

Tape Out to Cloud Policies

There are two types of policies that Tape Out to Cloud is built upon.

The Tape selection policy is applied at the pool level and sets the age threshold for
data moving to the cloud. The minimum setting is 14 days. If the policy is set to
user-managed, the user uses a command to select one or more tapes to move at
the next scheduled data movement. If the setting is set to none, no tapes are
moved to the cloud.

Only tapes in the vault are eligible to move to the cloud.

The cloud data movement schedule defines how frequently vaulted tapes are
moved to the cloud. The cloud data movement schedule can be set to never, to any
number of days/weeks, or run manually.

You can find specific commands that are used to set the tape selection policy, and
cloud data movement schedule in the DDOS Command Reference Guide on the
Dell EMC Support site.

Cloud Tier Implementation and Administration

Page 64 © Copyright 2021 Dell Inc.

Appendix

Configuring Tape Out to Cloud

Prepare the VTL Pool for Data Movement

Data movement for VTL occurs at the tape volume level. Individual tape volumes or
collections of tape volumes can be moved to the cloud tier but only from the vault
location. Tapes in other elements of a VTL cannot be moved.

1. Select Protocols > DD VTL.

2. Expand the list of pools, and select a pool on which to enable migration to
Cloud Tier.
3. In the Cloud Data Movement pane, click Create under Cloud Data Movement
Policy.
4. In the Policy drop-down list, select a data movement policy: Age of tapes in
days or Manual selection.
5. Set the data movement policy details.
a. For Age of tapes in days, select an age threshold after which tapes are
migrated to Cloud Tier, and specify a destination cloud unit.
b. For Manual selection, specify a destination cloud unit.
6. Click Create.

Remove Tapes from the Backup Application Inventory

Use the backup application verify the tape volumes that will move to the cloud are
marked and inventoried according to the backup application requirements.

Select Tape Volumes for Data Movement

Manually select tapes for migration to the cloud tier (immediately or at the next
scheduled data migration), or manually remove tapes from the migration schedule.

1. Select Protocols > DD VTL.

2. Expand the list of pools, and select the pool which is configured to migrate
tapes to the cloud tier.
3. In the pool pane, click the Tape tab.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 65

Appendix

4. Select tapes for migration to the cloud tier.

5. Click Select for Cloud Move to migrate the tape at the next scheduled
migration, or Move to Cloud Now to immediately migrate the tape.
Note: If the data movement policy is based on tape ages, the Select for Cloud
Move is not available, as the protection system automatically selects tapes for
migration.
6. Click Yes at the confirmation dialog.

Cloud Tier Implementation and Administration

Page 66 © Copyright 2021 Dell Inc.

Appendix

Tape Recall from the Cloud

From the DD System Manager:
1. Select Protocols > DD VTL.
2. Expand the list of pools, and select the pool which is configured to migrate
tapes to the cloud tier.
3. In the pool pane, click the Tape tab.
4. Select one or more tapes that are located in a cloud unit.
5. Click Recall Cloud Tapes to recall tapes from Cloud Tier.

After the next scheduled data migration, the tapes are recalled from the cloud unit
to the vault. From the vault, the tapes can be returned to a library.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 67

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 68

POWERPROTECT DD
IMPLEMENTATION WITH
APPLICATION SOFTWARE

PARTICIPANT GUIDE

PARTICIPANT GUIDE
PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page i

Table of Contents

Implementation Concepts ......................................................................................... 2

Supported Applications and Protocols.................................................................................. 3
Concepts and Terms............................................................................................................ 4
Backup and Recovery Without PowerProtect DD ............................................................... 10
Backup and Recovery with PowerProtect DD .................................................................... 11
PowerProtect DD Implementation Advantages .................................................................. 13
Ethernet and Fibre Channel Environments......................................................................... 14
Ethernet and Fibre Channel Tradeoffs ............................................................................... 17
Implementation Workflows ................................................................................................. 18

CIFS and NFS Implementation Best Practices ...................................................... 24

CIFS Install and Configure ................................................................................................. 25
NFS Install and Configure .................................................................................................. 27
NFS Implementation with IBM Spectrum Protect................................................................ 30
CIFS Server Best Practices ............................................................................................... 34
CIFS Troubleshooting ........................................................................................................ 36
Tuning TCP/IP Performance Shares .................................................................................. 37

DD Boost Implementation ....................................................................................... 40

DD Boost Implementation - Configuration .......................................................................... 41

VTL Implementation ................................................................................................. 45

VTL Implementation Task List ............................................................................................ 46
Install and Configure Task List ........................................................................................... 49
VTL Administer and Operate Task List............................................................................... 50
VTL Multiplexing ................................................................................................................ 51
SAN and VTL Best Practices ............................................................................................. 52
Implementation as SAN or VTL with IBM Spectrum Protect Task List ................................ 53
Install and Configure Task List ........................................................................................... 54
Administer and Operate Task List ...................................................................................... 55
IBM Spectrum Protect Policies ........................................................................................... 56
Device Class Configurations .............................................................................................. 57

PowerProtect DD Implementation with Application Software-Participant Guide

Page ii © Copyright 2021 Dell Inc.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page iii

Implementation Concepts

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 1

Implementation Concepts

PowerProtect DD Implementation with Application Software-Participant Guide

Page 2 © Copyright 2021 Dell Inc.

Implementation Concepts

Supported Applications and Protocols

The following table is an overview of several supported backup applications and the protocols they
support for backup and recovery operations. They combine backup software solutions that support
backups over Ethernet and Fibre Channel. The table shows the protocols that are supported on
PowerProtect DD appliances for each backup application.

For a complete listing of all backup applications PowerProtect DD supports, consult the Dell
Technologies e-Lab Interoperability Navigator.

Product CIFS NFS DD Boost DD Boost VTL

Ethernet Fibre Channel

Dell EMC Yes Yes Yes Yes Yes

NetWorker

Dell EMC No No Yes No No

Avamar

Veritas Yes Yes Yes No Yes

NetBackup

Veritas Yes No Yes No Yes

Backup Exec

Quest Yes No Yes No No

vRanger

IBM Spectrum Yes Yes Using No Yes

Protect BoostFS

CommVault Yes Yes Using No Yes

Simpana BoostFS

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 3

Implementation Concepts

Concepts and Terms

PowerProtect DD

Metadata

Backup Server

Backup Data

PowerProtect DD
Storage Node
Backup Clients

Data Center

The diagram provides a brief review of basic terminology that is associated with the backup
environment. In all configurations, there are clients, backup management servers, and a read/write
server. In some environments, the backup management and read/write functions are performed on
a single server. Networking connectivity can be Ethernet LAN or Fibre Channel SAN.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 4 © Copyright 2021 Dell Inc.

Implementation Concepts

• Backup clients1

• Backup server2

• Storage node3

• PowerProtect DD4

1A node within a backup process that holds data to be backed up. A backup client
can be desktop, laptop, application server, file server, or a storage device in a
backup environment.

2The backup server is an application that schedules, manages, and operates data
backup processes on a backup client.

3The storage node is used with the backup manager in obtaining and storing
backup data. In some environments, the backup server and storage node functions
are performed on a single system.

4In a PowerProtect DD backup environment, the PowerProtect DD appliance is the

active tier storage that receives data from the backup clients.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 5

Implementation Concepts

Dell EMC Avamar

Avamar Clients

Backup Data

Avamar Data
Metadata Store

Avamar PowerProtect DD
Server
Backup Clients
Data Center

Avamar clients5 are the machines that contain the data to be backed up to the Avamar server.
Avamar Client software is installed and running on each client. Avamar provides client software for
various computing platforms.

Avamar Administrator is a user management console software application that is used to remotely
administer an Avamar system.

5Avamar clients backup clients accessing the Avamar server through an Ethernet
connection. Avamar clients are usually file servers and database servers in an IT
environment, or employee desktops and laptops.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 6 © Copyright 2021 Dell Inc.

Implementation Concepts

The Avamar Server stores backup metadata for restores and activity reporting, and provides
services that are required for client access and remote system administration.

Dell EMC NetWorker

NetWorker Clients
Client-Direct
NetWorker
Server

Metadata

Backup Server

NetWorker
Storage Node
Backup Data
Read/

PowerProtect DD
Storage Node

Backup Clients
Data Center

A NetWorker Data Zone is composed of a single NetWorker server, its storage nodes, and clients.
In a NetWorker Data Zone the NetWorker server, storage nodes, and clients can write backups to a
PowerProtect DD appliance. When a client writes backup data directly do a PowerProtect DD
appliance, bypassing the storage node, it is known as a Client-Direct backup.

Multiple NetWorker servers might back up the same NetWorker client. Clients may belong to
multiple data zones. NetWorker servers and storage nodes may belong to only one data zone.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 7

Implementation Concepts

Veritas NetBackup and Backup Exec

Master Server

Metadata

Backup Server

Media Server

Backup Backup Target

Data

Storage Node PowerProtect DD

Backup Clients

Data Center

In Veritas NetBackup and Backup Exec environments, the server managing backups is called the
Master Server, and Media Servers write to and read from backup targets.

IBM Spectrum Protect

Client Nodes Spectrum

Protect Server

Metadata

Backup Server
Media
Agent
Storage Pool
Backup
Data

PowerProtect DD
Storage Nodes
Backup Clients

Data Center

PowerProtect DD Implementation with Application Software-Participant Guide

Page 8 © Copyright 2021 Dell Inc.

Implementation Concepts

The diagram shows some product-specific terms that apply to IBM Spectrum Protect
implementations.

The main function of the Spectrum Protect server is to coordinate movement of the backup data
from the Client Nodes to the PowerProtect DD appliance.

The Spectrum Protect server holds the Spectrum Protect database. This database tracks each new
transaction in its recovery logs. If there was a sudden outage of the Spectrum Protect server,
recovery logs help revert changes to an operational state.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 9

Implementation Concepts

Backup and Recovery Without PowerProtect DD

Increasing the storage speed and capacity for the data that is generated along with the cost-
effectiveness is a perpetual challenge. One of the most expensive and resource-intensive tasks are
gathering, storing, and protecting data backups. Writing data to tapes and shipping them offsite for
storage is one of the largest financial and labor resource challenge in a conventional tape-centric
environment. The diagram illustrates the conventional tape-based process of handling backups.

Data Center Disaster Recovery

Site
Media
Server

Backup Restore Process

Server
Tape
Library

Backup Clients
Tape Transport

1. The conventional process of handling backups is through backup servers. The backup servers
preserve the data from backup clients on the media server then copying it to disk-based storage
or a tape library.
2. Tapes are physically transported and stored offsite for archival and disaster recovery purposes.
If there is a negative event in the data center, moving tapes offsite prevents the loss of backup
data.
3. Data recovery requires a manual process of transporting the tapes back to the data center.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 10 © Copyright 2021 Dell Inc.

Implementation Concepts

Backup and Recovery with PowerProtect DD

PowerProtect DD systems support several backup, archive, and enterprise applications.

Data Replication

Backup Server

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

1. When a PowerProtect DD appliance is added to a backup environment, backup clients may still
store data on the storage node. However, if NetWorker or Avamar are used to backup clients,
the clients may also back up data directly to the PowerProtect DD appliance.
2. If clients do not back up directly to the PowerProtect DD appliance, the backup servers store the
data on the PowerProtect DD appliance.
3. Deduplication greatly reduces the data footprint before the data is backed up.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 11

Implementation Concepts

4. The PowerProtect DD replication feature transfers only the unique changes6 across any IP
network.
5. The elimination of time-consuming handling of tape transforms the data recovery process. If
regulatory or corporate policies require tape backups, tape backups can be performed in parallel
to backups to a PowerProtect DD appliance.

6PowerProtect DD appliances use replication methods that require a fraction of the

bandwidth, time, and cost compared to traditional replication methods. RTO is
greatly reduced when compared to other replication methods.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 12 © Copyright 2021 Dell Inc.

Implementation Concepts

PowerProtect DD Implementation Advantages

Consider replacing some or all reliance on tape backups with deduplicated storage of data on disk.
By doing so, you reduce cost, complexity, and the risks associated with tape.

DD Boost

Data Replication

Backup Server

DD Boost DD Boost
DD Boost

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

The key advantages of implementing PowerProtect DD are:

• Reducing the number of tracked copies, reducing backup server database sizes while
increasing performance

• Reducing the overall size and scope of the backup and recovery infrastructure

• Increased speed of disaster recovery

• Elimination or reduction of the time and resources that are associated with physical tape

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 13

Implementation Concepts

Ethernet and Fibre Channel Environments

PowerProtect DD

Ethernet: CIFS, NFS, and

DD Boost

Data Replication
Backup Server

Data Recovery

Fibre Channel: DD Boost

and VTL
Storage Node

Backup Clients
Data Center Disaster Recovery Site

PowerProtect DD appliances can perform backups over both Ethernet and Fibre Channel
concurrently. Flexibility in configuring a PowerProtect DD appliance affords a great number of
integration scenarios.

Over Ethernet, the backup software addresses the PowerProtect DD appliance through native NFS
mounts or CIFS shares.

Over Fibre Channel, prior investments in backup and recovery systems have been in tape.
Administrators familiar with Fibre Channel administration can adopt the PowerProtect DD appliance
as a Virtual Tape Library, or perform backups using DD Boost over Fibre Channel.

Dell EMC NetWorker

Ethernet: CIFS, NFS, and DD

Boost

Data Replication

Backup Server

Data Recovery

Fibre Channel: DD Boost and VTL

Storage Node

Backup Clients

Data Center Disaster Recovery Site

PowerProtect DD Implementation with Application Software-Participant Guide

Page 14 © Copyright 2021 Dell Inc.

Implementation Concepts

In NetWorker, administrators already using NetWorker Advanced File Type Devices (AFTDs) can
adopt the PowerProtect DD appliance as a file system. Adopting the PowerProtect DD file system
can be done without significant infrastructure or mindset change. NetWorker AFTDs accept
concurrent streams, writing the streams into separate files in the directory structure of the AFTD.

For VTL implementations, use the NetWorker Device Manager drivers to interface with the VTL
library changer with minor changes.

Veritas NetBackup and Backup Exec

Ethernet: CIFS, NFS, and DD

Boost

Basic Device

Data Replication

Backup Server

Data Recovery

Fibre Channel: DD Boost and

VTL

Storage Node
RESTORER-L180 emulation DDVTL drive
emulation Minor policy change

Backup Clients
Data Center Disaster Recovery Site

For VTL implementations, use the RESTORER-L180 or DDVTL drive emulation. Drive emulation
enables the backup software to interface with the VTL Library changer. There are few policy and
procedural changes if the PowerProtect DD appliance is used to replace a physical tape library.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 15

Implementation Concepts

IBM Spectrum Protect

Ethernet: CIFS, NFS, and DD Boost

Configure file class device using CIFS or

NFS

Data Replication

Backup Server

Data Recovery

Fibre Channel: DD Boost and VTL

Storage Node
RESTORER-L180 emulation Primary or copy
pool target Minor policy change

Backup Clients

Data Center Disaster Recovery Site

For NAS configuration of IBM Spectrum Protect, configure FILE CLASS DEVICE through NFS
exports of CIFS shares from the PowerProtect DD appliance. You cannot use the DISK device class
type in Spectrum Protect with a PowerProtect DD appliance. Use FILE device class type.

In a VTL configuration, the PowerProtect DD appliance can be a primary or copy pool target and
uses L180 emulation.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 16 © Copyright 2021 Dell Inc.

Implementation Concepts

Ethernet and Fibre Channel Tradeoffs

This table shows trade-offs when the PowerProtect DD appliance is configured as a NAS compared
to SAN.

Ethernet (CIFS, NFS, and DD Boost) Fibre Channel (VTL and DD Boost)

The backup server does not require changer and Install and load a tested and supported changer
tape driver installation and loading. driver and tape driver on the backup server.

A Fibre Channel HBA is not required. Install a tested and supported Fibre Channel
HBA on the storage node.

Tape mounts, loads, labeling and other tape In the VTL environment, the backup software
emulation tasks are not needed. must perform tape mounts, loads, labeling and
other tape-emulation tasks.

Expired backup images are cleaned up on the In the VTL environment, expired backup images
PowerProtect DD appliance: are not cleaned up on the PowerProtect DD
Pro: Expired disk space recycles immediately appliance:
when garbage collection and cleaning kicks off. Pro: Backup software can start its tape import
Con: Backup software is not able to recover and procedure to quickly recover and restore backup
restore backup images as quickly. images.
Con: Expired disk space may not be reclaimed
when file system cleaning is performed.

On the backup server, configure CIFS or NFS There is no need to configure CIFS access or
mounts of the PowerProtect DD with the proper NFS access to the backup-to-disk (B2D) folder.
mount options.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 17

Implementation Concepts

Implementation Workflows

Administrative Console

Data Replication

Backup Server

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

There are five workflows in PowerProtect DD implementation with software applications:

• Installation and configuration

• Administration and operation

• DD Boost implementation

• BoostFS implementation

• VTL implementation

PowerProtect DD Implementation with Application Software-Participant Guide

Page 18 © Copyright 2021 Dell Inc.

Implementation Concepts

Installation and Configuration

Administrative Console

Data Replication

Backup Server

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

PowerProtect DD implementations all follow a similar workflow. To successfully integrate the

PowerProtect DD appliance into a backup environment, perform the install and configure tasks that
are listed:
1. Install all application software as necessary on the clients, and read/write server.
2. Start the PowerProtect DD appliances, and perform the initial configuration.
3. Set up network access for clients and backup servers.
4. Create a backup user on the PowerProtect DD appliances.
5. Create directories, MTrees, and storage units to store backup data on the PowerProtect DD
appliances as needed.
6. Configure the backup management server with the necessary credentials, and other settings, as
necessary.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 19

Implementation Concepts

Administration and Operation

Administrative Console

Data Replication

Backup Server

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

After the installation and initial configuration tasks are complete, you can begin administering the
implementation. Start by validating the implementation by creating, running, and verifying a backup
job.

1. Create a backup job using the administrative console in your backup system.
2. Run and monitor the backup job from the administrative console.
3. From the administrative console, you can recover backups and test a recovery to a client.
4. Monitor space usage and throughput on the PowerProtect DD appliance using the DD System
Manager (DDSM), command-line interface, or PowerProtect DD Management Center (DDMC).

PowerProtect DD Implementation with Application Software-Participant Guide

Page 20 © Copyright 2021 Dell Inc.

Implementation Concepts

DD Boost Implementation

Administrative Console

Data Replication

Backup Server

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

To implement DD Boost, prepare the PowerProtect DD appliances, and the backup application.
1. Enable DD Boost on both the local and the disaster recovery PowerProtect DD appliances.
a. Set the DD Boost user for each system.
b. Create any storage units that might be needed7.
2. Using the administrative console, configure the backup software to use the PowerProtect DD
appliances as backup targets.
3. From the administrative console, configure backup and clone operations.
4. Perform and monitor backup and clone activity.

7When configuring them for DD Boost, Dell EMC Avamar and NetWorker will, by
default, create their own storage units on PowerProtect DD appliances.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 21

Implementation Concepts

5. Check that the backup data on the local PowerProtect DD appliance is also available on the
disaster recovery PowerProtect DD appliance.
6. When needed, restore files using the administrative console from the disaster recovery
PowerProtect DD appliance.

BoostFS Implementation

DD Boost Filesystem (BoostFS) provides a general file-system interface to the DD Boost library.
BoostFS enables backup applications that do not natively support DD Boost to take advantage of
DD Boost features.

Administrative Console

Data Replication

Backup Server

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

The BoostFS plug-in resides on the storage node, presenting a standard file system mount point to
the backup clients. With direct access to a BoostFS mount point, the application can leverage the
storage and network efficiencies of the DD Boost protocol for backup. By using DD Boost
technology, BoostFS helps reduce bandwidth, can improve backup times, offers load-balancing, and
in-flight encryption.

BoostFS is supported on both Windows and Linux platforms. BoostFS supports physical
PowerProtect DD appliances, high-availability (HA) systems, and PowerProtect DD Virtual Edition.

Consult the Dell EMC BoostFS for Windows Configuration Guide or Dell EMC BoostFS for Linux
Configuration Guide for supported platforms and applications, and installation and configuration
instructions.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 22 © Copyright 2021 Dell Inc.

Implementation Concepts

VTL Implementation

Administrative Console

Data Replication

Backup Server

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

1. If it has not already been completed, install and configure and HBA card in the PowerProtect DD
appliance.
2. Configure Fibre Channel zoning for use with the PowerProtect DD appliance. Configure zoning
on the FC switch so that each initiator is configured for the needed Fibre Channel ports.
3. Configure the PowerProtect DD appliance for VTL.
a. License and enable the VTL service.
b. Create a VTL with its components and virtual tapes using the DD System Manager or
command-line interface.
4. Use the administrative console to discover the VTL on the PowerProtect DD appliance. Create
the configuration for the tape library, slots, and tapes.
5. Initiate a backup, monitor, and verify VTL backup jobs using the administrative console.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 23

CIFS and NFS Implementation Best Practices

PowerProtect DD Implementation with Application Software-Participant Guide

Page 24 © Copyright 2021 Dell Inc.

CIFS and NFS Implementation Best Practices

CIFS Install and Configure

Data Replication

Backup Server

Data Recovery

Storage Node

Backup Clients

Data Center Disaster Recovery Site

To successfully integrate a PowerProtect DD appliance into a backup environment, review these

configuration steps.
1. Install backup software on the backup clients and backup server. Install application software as
necessary throughout the environment.
2. Verify the installation and initial configuration of the PowerProtect DD appliance for proper
network access by client systems and backup servers.
3. Configure the PowerProtect DD appliance with the appropriate networking and CIFS
parameters. Create a backup operator user and a CIFS share on the PowerProtect DD
appliance.
4. Configure the backup server with the necessary credentials or other settings as necessary.
Access the CIFS share created on the PowerProtect DD appliance.
5. Administer and operate the backup application software and PowerProtect DD appliance.

Install Backup Software

Start by installing the backup management server component. Optionally install any media server
that you may want to use. Lastly, install all the required backup client components.

1. All backup application software should have previously been installed. If necessary, complete all
installations. Install the backup server component first.
2. Install any required backup software on the read/write server.
3. Install any required backup client software on the client machines.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 25

CIFS and NFS Implementation Best Practices

Verify CIFS Access

Verify that the CIFS configuration of the PowerProtect DD appliance meets the basic requirements
enabling proper access. For example, backup systems could map a network drive to the
PowerProtect DD backup directory or an MTree.

• The PowerProtect DD appliance must use either Active Directory (AD) or Workgroup in
authentication mode.

• The PowerProtect DD appliance must have a valid CIFS user account that is configured as a
domain backup operator. If the account is part of a domain or Active Directory, it should have
local administrator permissions. If the account is in a workgroup, it must have at least, backup
operation group permissions.

• Assign a group or user and backup server name when setting the permissions to ensure that
CIFS is only accessed through backup server for security.

Administer and Operate

Verify communication between the backup environment and the PowerProtect DD appliance.
Validate the implementation in the following steps:
1. From the administrative console, create a configuration for your backup. Create a backup job
that can be run manually or automatically.
2. Run and monitor the backup job.
3. Recover from a backup for a client system.
4. Validate and analyze the backups within the DD System Manager, where you can view statistics
and reports.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 26 © Copyright 2021 Dell Inc.

CIFS and NFS Implementation Best Practices

NFS Install and Configure

Clients

Backup Management

WAN

Local PowerProtect DD Disaster Recovery PowerProtect DD

Servers

Read/Write Server

Establish communication between the PowerProtect DD appliance and the backup server in an NFS
environment.
1. If needed, install all application software and configure the PowerProtect DD appliance with an
initial configuration.
2. Establish communication between the PowerProtect DD appliance and the backup
management server in an NFS environment.
3. Configure the PowerProtect DD appliance for networking with NFS.
4. Configure the backup management server with NFS mounts. Create, configure, and mount the
backup directory or custom MTree.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 27

CIFS and NFS Implementation Best Practices

PowerProtect DD Networking with NFS

The listed steps are tasks for configuring the PowerProtect DD appliance for network connectivity
and enabling the backup transport protocol for NFS.
1. Establish an SSH session to the PowerProtect DD appliance.
2. Run config setup to launch the installation wizard.

3. Configure networking parameters based on your environment.

4. Configure NFS parameters and set the backup server list8.
5. Verify access to any directories or MTrees required for backup data or administration tasks
through an NFS mount.

Backup Server NFS Configuration

The following is an overview of creating a mount on a backup server and copying a test file to the
PowerProtect DD appliance.

1. Create the NFS directories (mount points).

2. Mount the PowerProtect DD directories or MTrees on the new mount points,
3. Modify the /etc/fstab to mount directories at every boot.

4. Create a backup directory on the backup server.

Once the NFS Mount procedure is completed, create and copy a file from the media server to the
PowerProtect DD appliance to validate functionality.

8 Setting a wildcard (*) enables any host on the network to connect to the
PowerProtect DD appliance using NFS. To restrict access to specific hosts, replace
the asterisk with a specific hostname or an IP Address.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 28 © Copyright 2021 Dell Inc.

CIFS and NFS Implementation Best Practices

Specific commands differ depending on the platform you are using. Look up
documentation for the specific commands for each platform.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 29

CIFS and NFS Implementation Best Practices

NFS Implementation with IBM Spectrum Protect

Install and Configure Administer and Operate

Install and Configure

1
1

Spectrum Protect Server (Backup Server)

PowerProtect DD
Media Agent (Storage
Node)

Client Nodes (Backup Clients)

The goal is to integrate the PowerProtect DD appliance using the NFS protocol to IBM Spectrum
Protect on a Linux server. To successfully integrate the PowerProtect DD appliance into the backup
environment, install and configure the IBM Spectrum Protect as explained.

1. Install the Spectrum Protect application.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 30 © Copyright 2021 Dell Inc.

CIFS and NFS Implementation Best Practices

2. Configure the PowerProtect DD appliance for NFS networking.

3. Configure the Spectrum Protect server for backups with an NFS mount export. Create a
directory for the device class.

Device Class Configurations

IBM Spectrum Protect enables disk type device classes to be defined as either FILE or DISK type.
FILE device classes are commonly used in IBM Spectrum Protect for virtual volume management.
Most IBM Spectrum Protect administrators define disk storage pools using DISK device class
definitions and associate formatted *.dsm files as storage pool volumes.

FILE type device classes are recommended for use with a PowerProtect DD appliance. FILE device
classes enable IBM Spectrum Protect to perform sequential read/write activity to files within a file
system. The system writes incoming backup data to a file. When a file is filled, Spectrum Protect
creates a scratch file and fills the file with more incoming backup data.

Capacity planning and measurement ensure that the PowerProtect DD capacity is adequate for
each folder.

The default IBM Spectrum Protect MaxCapacity value for a FILE device class is 2 GB. Depending
on the operating system of the IBM Spectrum Protect server, maximum capacity parameters vary.
This parameter is sized from 200 GB to 400 GB for PowerProtect DD implementations. The default
Mount Limit value is 20 and the maximum value for this parameter is 4096. Up to 4096 individual
files can be opened at a single time. Each PowerProtect DD instance supports up to 20 concurrent
I/O threads, so the default Mount Limit value is recommended.

The following is a summary of device class configurations:

Device Class Configuration Details

Directory Create a separate folder for each Spectrum Protect device class
(FILE TYPE).
Create a separate file system mount point or folder for each
Spectrum Protect instance using the same PowerProtect DD
instance.

Maximum Capacity The Spectrum Protect MaxCapacity parameter should be sized

200 GB–400 GB for PowerProtect DD implementations (default
value is 2 GB).

Mount Limit The default Mount Limit value is 20 and is the recommended
value for PowerProtect DD instances.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 31

CIFS and NFS Implementation Best Practices

Administer and Operate

Once the communication between the backup environment and the PowerProtect DD appliance is
established, you can validate the implementation by performing operations.

2
3

Spectrum Protect Server (Backup Server)

PowerProtect DD
Media Agent (Storage
Node)

Client Nodes (Backup Clients)

1. Create a policy using the backup management software. For Spectrum Protect, do the following:
a. Define a FILE device class.
b. Define a primary pool.
c. Define a domain and policy.
d. Validate and activate the policy.
e. Register the new node (client).
2. Configure backup clients, and verify the node name for correct access.
3. Run and monitor a backup job from the Spectrum Protect administrative console.
4. You can also perform a data recovery for a client system. You can also validate and analyze the
backups using statistics and reports in the DD System Manager.

Policies

IBM Spectrum Protect policies are rules that determine how the client data is stored and managed.
The rules include where the data is initially stored, how many backup versions are kept, how long
archive copies are kept and so on.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 32 © Copyright 2021 Dell Inc.

CIFS and NFS Implementation Best Practices

The following is an overview of the process:

1. A client initiates a backup, archive, or migration operation. The file in the operation is bound to a
management class. The management class is either the default or one specified for the file in
client options (the client's include-exclude list).
2. If the management class of the policy indicates that the file is a candidate for backup, the client
sends the file and metadata to the server.
3. The server checks the management class that is bound to the file. The check is to determine the
destination, and the name of the IBM Spectrum Protect storage pool where the server initially
stores the file. For backed-up and archived files, destinations are assigned in the backup and
archive copy groups, which are within management classes. For space-managed files,
destinations are assigned in the management class itself.
4. The server stores the file in the storage pool that is identified as the storage destination.

Spectrum Protect
Server
Storage Pools
Client Data

Backup Clients

Migration Backup or Archive

Database

Policy Domain

Policy Set

Management Class

Copy Group

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 33

CIFS and NFS Implementation Best Practices

CIFS Server Best Practices

When using CIFS on a PowerProtect DD appliance, Dell Technologies recommends making

adjustments on Microsoft Windows Servers for session timeout values and TCP/IP parameters.

Session Timeout Tuning TCP/IP

Session Timeout

Certain internal activities on a PowerProtect DD appliance can take longer than the default CIFS
timeout on the servers. Longer times can cause error messages during a backup.

To avoid a timeout, Dell Technologies recommends changing the SESSTIMEOUT value from the
default 45 to 3600 seconds.

1. Open REGEDIT and go to HKEY_LOCAL_MACHINE > SYSTEM > CURRENTCONTROLSE >

SERVICES > LANMANWORKSTATION > PARAMETERS.
2. In the Parameters folder, add a new DWORD value.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 34 © Copyright 2021 Dell Inc.

CIFS and NFS Implementation Best Practices

3. Set the Value name to SESSTIMEOUT.

4. Set the Value data to 3600.

Tuning TCP/IP

If you are having problems with poor network performance and link utilization is under 100%, you
can increase the TCP window size on your server. Using the Registry Editor, create two new
registry entries, DefaultSendWindow and DefaultReceiveWindow. Also, create a
TCPWindowSize entry for the active network interface.

Steps are as follows:

1. Open REGEDT32 and go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet >

Services > AFD > Parameters.
2. Create a DWORD value with the name DefaultSendWindow and set the value to 262144
(decimal).
3. Create a DWORD value with the name DefaultReceiveWindow and set the value to 262144
(decimal).
4. Navigate HKEY_LOCAL_MACHINE > SYSTEM > CURRENTCONTROLSET > SERVICES >
Tcpip > Parameters > Interfaces.
5. A list of NIC IDs is displayed. To the active interface, create a DWORD value with the name
TCPWindowSize value to 262144 (decimal).
6. Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Tcpip >
Parameters.
7. Add a new DWORD value with the name TcpWindowSize and set the value to 262144
(decimal).
8. Add a new DWORD value with the name GlobalMaxTcpWindowSize and set the value to
262144 (decimal).
9. Add a new DWORD value with the name Tcp1323Opts and set the value to 3.
10. Restart the Windows server.

For more information about configuring and managing CIFS on a PowerProtect DD appliance, see
the Dell EMC DDOS Administration Guide available from Dell EMC Support.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 35

CIFS and NFS Implementation Best Practices

CIFS Troubleshooting

Kerberos
Authentication

Backup Server/
Storage Node

Domain (AD)

In a CIFS Active Directory (AD) environment, a common issue occurs when the PowerProtect DD
appliance has trouble joining the AD domain. Another issue occurs when the backup server or
storage node are unable to access the PowerProtect DD appliance to perform a backup.

1. To troubleshoot issues with joining the AD domain, check physical and transport connectivity
between the two components. On the PowerProtect DD appliance, check to ensure that the
clock on the PowerProtect DD appliance is within 300 seconds (five minutes) of the AD server.
Verify that the backup user who is specified on the PowerProtect DD appliance is a valid user
on the AD domain with, at minimum, operator privileges.
The command, cifs troubleshooting list-users helps narrow down user validation.

2. To troubleshoot client access issues, check physical and transport connectivity between the
PowerProtect DD appliance and the backup server, mainly TCP connectivity.

On the PowerProtect DD appliance, check to ensure that the media server host is enabled as a
backup client. Also check to ensure that there are no stale Kerberos tickets.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 36 © Copyright 2021 Dell Inc.

CIFS and NFS Implementation Best Practices

Tuning TCP/IP Performance Shares

Server tuning is recommended for new PowerProtect DD appliance implementations using NFS.
NFS mounting configurations depend on the NFS server type whether in an HP, Linux, AIX, or
Solaris environment. Also, Dell Technologies recommends hard-mounts to ensure availability of the
server after reboots or outages.

The following examples describe NFS tuning for Dell EMC NetWorker. For general about
configuring and managing NFS on a PowerProtect DD appliance, read the current Dell EMC DDOS
Administration Guide found at Dell EMC Support.

AIX 5.2 and Later

When mounting an NFS share on AIX 5.2 and later, use the nfso -o
nfs_use_reserved_ports=1mount –o timeo=600 {nfs_server}:/{export path}
/{mountpoint} command. This mount command does not persist across AIX reboots. For AIX 5.2
or later, use the -p option to mount the share permanently.

To show the list of file systems that PowerProtect DD appliance exports, use the nfs show
clients command.

To optimize TCP/IP performance on the AIX host, set large_send to no for each NIC interface.

Other commands that might increase TCP/IP performance:

• no -p -o sack=1

• no -p -o tcp_newreno=0

• chdev -l {ethernet_device_on_storage_node} -a rfc1323=1

• chdev -l {ethernet_device_on_storage_node} -a tcp_nodelay=1

• chdev -l {ethernet_device_on_storage_node} -a tcp_recvspace=262144

• chdev -l {ethernet_device_on_storage_node} -a tcp_sendspace=262144

• nfso –p -o nfs_rfc1323=1

HP-UX 11i

If you are using NFSv3, use the mount –F nfs –o rsize=32768,wsize=32768,hard

{nfs_server}:/{export path}/{mountpoint} command to mount the NFS share.

To show the list of file systems exported by the PowerProtect DD appliance, use the nfs show
clients command.

Other HP-UX NFS tuning parameters:

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 37

CIFS and NFS Implementation Best Practices

• Add the following line to the /etc/rc.config.d/nfsconf file: NFS_CLIENT='1',

NUM_NFSIOD=24

• Stop and restart the NFS daemons with the /sbin/init.d/nfs.client stop and
/sbin/init.d/nfs.client start commands.

Set the TCP send and receive sizes for HP-UX 11.0 and 11i backup servers. To make the changes
persistent over system reboots, create a startup script that runs before the NFS automount. The
numbering in the script name and location depends on how startup scripts are set up on your
system.

The following is only an example of creating a file: /sbin/rc3.d/S99dd ndd -set /dev/tcp
tcp_recv_hiwater_def 262144ndd -set /dev/tcp tcp_xmit_hiwater_def 262144

Linux

Mount the NFS share using the mount -T nfs -o

hard,intr,nfsvers=3,tcp,rsize=32768,wsize=32768,bg {nfs_server}:/{export
path}/{mountpoint} command.

To show the list of file systems exported by the PowerProtect DD appliance, use the nfs show
clients command.

Solaris

Mount the NFS share using the mount -F nfs –o

hard,intr,vers=3,proto=tcp,rsize=32768, wsize=32768{nfs_server}:/{export
path}/{mountpoint} command.

To show the list of file systems that are exported by the PowerProtect DD appliance use the nfs
show clients command.

Solaris system settings to improve TCP/IP NFS performance:

• Create the file /etc/rc3.d/S90ddr and enter the following two lines:

1. –ndd -set /dev/tcp tcp_recv_hiwat 131072

2. –ndd -set /dev/tcp tcp_xmit_hiwat 131072

• In the file /etc/system, add the following lines:

1. set nfs:nfs3_max_threads=16

2. set nfs:nfs3_async_clusters=4

3. set nfs:nfs3_nra=16

PowerProtect DD Implementation with Application Software-Participant Guide

Page 38 © Copyright 2021 Dell Inc.

CIFS and NFS Implementation Best Practices

4. set rpcmod:clnt_max_conns=1

5. set fastscan=131072

6. set handspreadpages=131072

7. set maxpgio=65536

The SUN T-processors, which are known as "coolthreads" servers have poor NFS performance.
The only adequate resolution is to use jumbo frames.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 39

DD Boost Implementation

PowerProtect DD Implementation with Application Software-Participant Guide

Page 40 © Copyright 2021 Dell Inc.

DD Boost Implementation

DD Boost Implementation - Configuration

Local PowerProtect DD Disaster Recovery PowerProtect DD

Appliance Appliance

DD Boost

DD Boost DD Boost

DD Boost

Backup Server

Backup Clients

DD Boost

Storage Node

This topic covers options and procedures for PowerProtect DD implementation with the DD Boost
option in environments using several common backup applications.

1. Use the command line or the DD System Manager to enable the PowerProtect DD system for
storage operations with DD Boost devices. 9
2. Use the backup application console to configure the backup application for use with the
PowerProtect DD system10.

You can implement a similar configuration using an Avamar server.

Continue the DD Boost implementation by verifying backup and clone functionality.

9 On the PowerProtect DD system, enable DD Boost, set the DD Boost user, and
storage unit.

10Configure PowerProtect DD systems as devices for DD Boost.

Configure the local PowerProtect DD as the backup target.
Configure the disaster recovery PowerProtect DD as the backup clone.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 41

DD Boost Implementation

Configuration with Avamar

Data

DD Boost DD Boost

DD Boost
Local PowerProtect DD Disaster Recovery PowerProtect DD

DD Boost

Backup Clients

Metadata

Data

Avamar Disaster
Avamar Data Store
Recovery Data Store

DD Boost increases performance by distributing parts of the deduplication process to Avamar

clients.11

Avamar clients send most data directly to the PowerProtect DD appliance. Some datatypes are sent
to the Avamar data store.12

1. During a backup, the Avamar server sends a backup request to the Avamar client.
2. If the backup request includes the option to use a PowerProtect DD system as the target, the
Avamar client sends the backup data directly to the PowerProtect DD system. 13

11When the DD Boost library is integrated in Avamar clients, the client sends
unique data segments directly to the PowerProtect DD system.

12Sending some datatypes enables users to deploy the optimal approach to

deduplication and manage the entire infrastructure from a single interface.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 42 © Copyright 2021 Dell Inc.

DD Boost Implementation

3. Metadata for the backup is sent from the backup client to the Avamar server 14.
4. The backup data is sent to and stored on the PowerProtect DD system.
5. Datatypes that are not suited for DD Boost processing, are sent to the Avamar data store.

Verification

Local
Disaster Recovery PowerProtect DD
PowerProtect DD

Backup Server

Clients

Storage Node

Follow these steps to verify DD Boost implementation by verifying backup and clone functionality.

1. Configure backup operations using the backup application console.

2. Monitor backup activity from the backup server console.

13The backup data is not staged on the Avamar server before it is sent to the
PowerProtect DD system.

14Sending and storing metadata to the Avamar server allows Avamar to manage
the backup even though the data is stored on a PowerProtect DD system.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 43

DD Boost Implementation

3. When the backup is complete, verify the presences of backed-up files on the PowerProtect DD
appliances.
4. Using the backup server console, restore files from the disaster recovery PowerProtect DD to
the client.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 44 © Copyright 2021 Dell Inc.

VTL Implementation

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 45

VTL Implementation

VTL Implementation Task List

Administrative Console

Backup Server Local PowerProtect DD

System / DD VTL

Backup
Fibre Channel
Switch

Storage
Node

To implement PowerProtect DD as a Virtual Tape Library (PowerProtect DD VTL) using NetWorker

backup software, perform the listed steps.

In most environments, Fibre Channel zoning and HBA card installation and configuration are
already completed. These steps include configuration of the PowerProtect DD system, device
discovery, and configuration on the administrative console. The system administrator completes the
backup, monitoring, and validation operations.

1. Install and configure the HBA card. Installation and configuration are completed before system
operation.
2. Configure Fibre Channel zoning on the FC switch. FC zoning is also completed before system
operation.
3. Configure the PowerProtect DD and NetWorker for DD VTL. The local PowerProtect DD can be
linked to a second PowerProtect DD over WAN for archiving and disaster recovery.
4. From the administrative console, locate the FC zone that connects to the PowerProtect DD and
configure it in DD VTL.
5. From the administrative console, run, monitor, and validate the backup job.

Install and Configure DD VTL

The main steps required to prepare the FC network and the DD VTL for use with NetWorker on a
backup server (host) system are:

PowerProtect DD Implementation with Application Software-Participant Guide

Page 46 © Copyright 2021 Dell Inc.

VTL Implementation

Connect all cables between the FC switch, the

backup host, and PowerProtect DD.15

Configure the FC zoning.16

Create VTL libraries and groups on the

PowerProtect DD system.17

Discover and configure the VTL devices on the

NetWorker backup host.18

15The standard configuration uses a single dual-port FC adapter card in your

PowerProtect DD system. Three different speeds (2Gb, 4Gb, and 8Gb) of FC
adapter cards are available, depending on the PowerProtect DD model. Connect
these interfaces to the FC switch.

16Use a single backup host or filler HBA port in a zone with a single PowerProtect
DD system port. This technique is called the single-initiator single-target zoning. It
can reduce message traffic around the switch when configuration changes occur.

17 DD VTL supports a maximum of 64 libraries per system, that is, 64 concurrently

active virtual tape library instances on each PowerProtect DD system. You can
configure DD VTL default options when you add a license, create a library, or any
time thereafter.

18During library configuration, the NetWorker software automatically attempts to

detect if a library is a VTL.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 47

VTL Implementation

Configure NetWorker to recognize and operate

with DD VTL.19

19NetWorker requires an additional license for VTL operations. The EMC

NetWorker Licensing Guide provides information about NetWorker licensing
support for a Virtual Tape Library.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 48 © Copyright 2021 Dell Inc.

VTL Implementation

Install and Configure Task List

PowerProtect DD Appliance

Backup
Management

Backup Clients

Read/Write Server

1. Make certain that all installations have occurred, including all application software on the backup
clients, backup management server, and read/write server.
2. Configure the PowerProtect DD appliance as a virtual tape library. This includes creating a
backup user, verifying all networking and FC settings, and creating all the necessary VTL
resources on the PowerProtect DD appliance.
3. Configure the backup management server with the necessary credentials and other settings
necessary to perform tape backups to the PowerProtect DD appliance.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 49

VTL Implementation

VTL Administer and Operate Task List

When the backup management server and PowerProtect DD appliance establish communication,
operations can begin. Run backup and recovery operations with the PowerProtect DD system:

1. Configure and create a backup job from the administrative console.

2. Run, monitor, and validate the backup job.
3. Perform data recovery from a backup stored on the local PowerProtect DD appliance for a
backup client.
4. Validate and analyze backup statistics and reports that are found on the PowerProtect DD
system and backup software.

Administrative Console

Local PowerProtect DD Appliance

Backup
Server

Backup Switch
Clients

Storage Node

PowerProtect DD Implementation with Application Software-Participant Guide

Page 50 © Copyright 2021 Dell Inc.

VTL Implementation

VTL Multiplexing

Multiplexing20 interleaves backup streams.

Multiplexing ensures that none of the clients sending save sets wait for the other
clients to finish. Multiplexing allows multiple data streams simultaneously to the same storage
device. It is often more efficient for the NetWorker server to multiplex multiple save sets to the same
device.

Multiplexing causes a significant impact 21 on deduplication efficiency when the PowerProtect DD

appliance is used as a virtual tape library (VTL).

Use the target sessions, max sessions, and pool parallelism attributes to limit the number of data
streams that NetWorker writes to a PowerProtect DD appliance to a single stream.

20The multiplexing process writes a portion of save set 1, and then a portion of
save set 2, and so on.

21Multiple backup streams interfere with the deduplication process from efficiently
identifying blocks of common data.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 51

VTL Implementation

SAN and VTL Best Practices

PowerProtect DD systems can be configured with two, or four 16-gigabit Fibre Channel (FC) ports.
All connections to these ports are made using a Fibre Channel switch. PowerProtect DD systems
also support direct attachment of devices to these ports. The following recommendations apply
when connecting the PowerProtect DD system to a backup server through a Fibre Channel switch.

Best Practices When Implementing PowerProtect DD with SAN and VTL

Three hops through fabric Limit Fibre Channel extended fabric (ISL link)
configurations to three hops between the backup
server/storage node and the PowerProtect DD
system.

Persistent binding Use persistent binding at the operating system

level. Persistent binding guarantees that the
operating system always uses the same SCSI
target ID for SAN devices, regardless of reboots
or other events.

Port zoning Since DD VTL provides LUN masking

capabilities, consider using port zoning on the
SAN switch.

Switch encryption Running PowerProtect DD systems with Dell

EMC NetWorker systems does not support
switch encryption.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 52 © Copyright 2021 Dell Inc.

VTL Implementation

Implementation as SAN or VTL with IBM Spectrum Protect Task List

Adsministrative Console

Local PowerProtect DD
FC Switch System
Backup Server

Backup Clients

Storage Node

The following describes implementation as SAN or VTL with IBM Spectrum Protect™.

The workflow for a VTL implementation varies.

1. Install and configure the HBA card and all cables.

2. Configure Fibre Channel (FC) zoning on the FC switch.
3. Configure the VTL libraries and groups on PowerProtect DD appliance.
4. Discover and configure devices on the host.
5. Configure the backup application to recognize and operate with the VTL.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 53

VTL Implementation

Install and Configure Task List

Local PowerProtect DD Appliance

Backup Server

Backup
Clients

Storage Node

1. Install the Spectrum Protect application on the clients, the backup server, and the read/write
server.
2. Configure the PowerProtect DD appliance as a virtual tape library (VTL). This configuration
includes creating a backup user, verifying all networking and FC settings. It creates all the
necessary VTL resources and access groups on the PowerProtect DD appliance.
3. Configure the backup server with the necessary credentials and other settings necessary to
perform tape backups to the PowerProtect DD appliance.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 54 © Copyright 2021 Dell Inc.

VTL Implementation

Administer and Operate Task List

Administrative Console

Local PowerProtect DD
Backup Management System

Clients

Read/Write Server

1. On the administrative console:

a. Define the FILE device class.
b. Define a primary pool.
c. Define the domain and policy.
d. Validate and activate the policy.
e. Register a new client node.
2. On the clients, configure and verify a node name for each client.
3. From the administrative console, run the backup job.
4. On the local PowerProtect DD appliance, validate the backup job contents.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 55

VTL Implementation

IBM Spectrum Protect Policies

Clients Server Client Data Storage Pools

Migration
Backup or Archive

Database

Policy Domain

Policy Set

Management Class

Copy Group

1. A client initiates a backup, archive, or migration operation. The file that is involved in the
operation is bound to a management class. The management class is either the default or one
specified for the file in the client's include-exclude list.
2. The system checks the file against information in the management class. If the file is a
candidate for backup, archive, or migration, the client copies the file and file information to the
server.
3. The server checks the management class that is bound to the file to determine the destination.
The server also checks the name of the Spectrum Protect storage pool where the server initially
stores the file.

• For backed-up and archived files, destinations are assigned in the backup and archive copy
groups within management classes.

• For space-managed files, destinations are assigned in the management class itself.
4. The server stores the file in the storage pool that is identified as the storage destination.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 56 © Copyright 2021 Dell Inc.

VTL Implementation

Device Class Configurations

The following table describes considerations for configuring device classes when implementing IBM
Spectrum Protect with PowerProtect DD systems:

Device Class Detail

Configuration

Directory • Create a separate folder for each Spectrum Protect device class
(FILE type).

• Create a separate file system mount point or folder for each Spectrum
Protect instance using the same PowerProtect DD system instance.

Maximum Capacity The Spectrum Protect MaxCapacity parameter should be sized 200 GB–
400 GB for PowerProtect DD implementations (default value is 2 GB).

Mount Limit The default mount limit value is 20. The default mount limit is the
recommended value for PowerProtect DD system instances.

Spectrum Protect enables disk type device classes to be defined as either FILE or DISK type 22.

FILE type device classes are recommended for use with a PowerProtect DD system.23

22FILE device classes are commonly used in Spectrum Protect for virtual volume
management. Most Spectrum Protect administrators define disk storage pools
using DISK device class definitions and associate formatted *.dsm files as storage
pool volumes.

23FILE device classes enable Spectrum Protect to perform sequential read/write

activity to files within a file‐system. Incoming backup data is written to a file. When

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 57

VTL Implementation

To ensure that the PowerProtect DD system capacity is adequate for each folder, plan appropriate
capacity24.

The default mount limit value is 20 and the maximum value for this parameter is 4096. 25

the file is filled, a new scratch file is automatically created and is filled with more
incoming backup data.

24The default Spectrum Protect MaxCapacity value for a FILE device class is 2
GB. Depending on the operating system of the Spectrum Protect server, maximum
capacity parameters vary. This parameter is sized from 200 GB to 400 GB for
PowerProtect DD implementations.

25 The maximum value means that up to 4096 individual files can be opened at a
single time. Each PowerProtect DD system instance supports up to 20 concurrent
I/O threads, so the default mount limit value is recommended.

PowerProtect DD Implementation with Application Software-Participant Guide

Page 58 © Copyright 2021 Dell Inc.

PowerProtect DD Implementation with Application Software-Participant Guide

© Copyright 2021 Dell Inc. Page 59

POWERPROTECT DD
BASIC ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

PowerProtect DD Basic Administration ................................................................................ 1

Accessing a PowerProtect DD System .................................................................... 2

Administration Interfaces...................................................................................................... 3
Accessing a PowerProtect DD System Demonstration ........................................................ 4
Password Policy .................................................................................................................. 5
Default Passwords ............................................................................................................... 7
Password Changes Due to the DDOS Upgrade ................................................................... 8

Hardware Verification .............................................................................................. 10

Verifying System Information ............................................................................................. 11
Verify Hardware and Settings Demonstration..................................................................... 12

System Access ......................................................................................................... 13

Managing Local Users ....................................................................................................... 14
LDAP ................................................................................................................................. 15
AD over LDAP ................................................................................................................... 17
Command Line Interface Changes ..................................................................................... 19
Common Issues ................................................................................................................. 22
Managing Administrator Access Protocols ......................................................................... 23
Managing Local Users and Administrator Access Protocols Demonstration ....................... 24

System Monitoring ................................................................................................... 25

Log Files ............................................................................................................................ 26
Autosupport Reports .......................................................................................................... 28
Alert Messages .................................................................................................................. 30
Configuring Autosupport Reports and Alerts Demonstration .............................................. 32
Support Bundles ................................................................................................................ 33
SNMP ................................................................................................................................ 35
Remote Logging ................................................................................................................ 37
Remote Monitoring of a PowerProtect DD System Demonstration ..................................... 38

PowerProtect DD Basic Administration

Page ii © Copyright 2021 Dell Inc.

Licensed Features.................................................................................................... 39
Licensing ........................................................................................................................... 40
PowerProtect DD Licensed Features ................................................................................. 42

System Upgrades ..................................................................................................... 45

DD Operating System Releases ........................................................................................ 46
Why Upgrade? ................................................................................................................... 49
Preparing for a DDOS Upgrade ......................................................................................... 50
Compatibility Check ........................................................................................................... 51
Performing a System Upgrade ........................................................................................... 52
Managing System Upgrades Demonstration ...................................................................... 53
Performing a System Upgrade Using DDMC Scheduled Updates...................................... 54

Appendix ................................................................................................. 57

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page iii

Accessing a PowerProtect DD System

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 1

Accessing a PowerProtect DD System

PowerProtect DD Basic Administration

Page 2 © Copyright 2021 Dell Inc.

Accessing a PowerProtect DD System

Administration Interfaces

DD System PowerProtect DD
Command Line
Manager Management
Interface (CLI)
(DDSM) Center (DDMC)

There are three interfaces that can be used to administer a PowerProtect DD

system:
• Command Line Interface (CLI)
• The DD System Manager (DDSM) user interface
• The PowerProtect DD Management Center (DDMC) user interface

Dell EMC also offers the Integrated Data Protection Appliance (IDPA) which uses a
PowerProtect DD appliance as part of a converged, all-in-one data appliance that
combines complete backup, replication, recovery, instant access and restore,
search and analytics, and seamless VMware integration – plus, cloud readiness
with disaster recovery and long-term retention to the cloud.

Through the IDPA interface, you can access and control PowerProtect DD
functions within the overall system. For more information about IDPA, refer to the
Integrated Data Protection Appliance (IDPA) documents through Dell Technologies
Support.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 3

Accessing a PowerProtect DD System

Accessing a PowerProtect DD System Demonstration

Movie:

Accessing a PowerProtect DD System

PowerProtect DD Basic Administration

Page 4 © Copyright 2021 Dell Inc.

Accessing a PowerProtect DD System

Password Policy

Description

The default password policy has been strengthened in DDOS.

The table below shows the new password requirements.

Option Old Value New Description

Value

Minimum Password 6 9 The local user password must be at least

Length nine characters long.

At least one Disabled Enabled The local user password must have at
lowercase character least one lowercase character.

At least one Disabled Enabled The local user password must have at
uppercase character least one uppercase character.

At least one digit Disabled Enabled The local user password must have at
least one digit.

At least one special Disabled Enabled The local user must have at least one
character special character.

Minimum character 1 4 Since the password requirement is to

classes have at least a lowercase, an uppercase,
a digit, and a special character, the
minimum character classes value is
always four.

Maximum three Disabled Enabled Enables the requirement for a maximum

consecutive of three consecutive repeated
characters characters. For example, Ab!111111 is
not allowed.

Passwords 6 6 Specify the number of remembered

remembered passwords.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 5

Accessing a PowerProtect DD System

Configuration Options

You cannot change the minimum length for a password to be fewer than nine
characters long. The minimum length can be set from 9 to 31 characters long.

You cannot disable the rules below:

• At least one lowercase character

• At least one uppercase character
• At least one digit
• At least one special character

You can configure the passwords remembered option.

You can disable the maximum three consecutive characters option.

PowerProtect DD Basic Administration

Page 6 © Copyright 2021 Dell Inc.

Accessing a PowerProtect DD System

Default Passwords

PowerProtect DD

For PowerProtect DD series appliances, the default

password for sysadmin is PSNT.

On the first login, you are forced to set a new password,

which should comply with the new password strength
policy.

DDVE

System Description

DD3300 The default password for sysadmin is changeme.

On the first login, you are forced to set a new password,
which must comply with the new password strength
policy.

AWS and GCP The default password for sysadmin is the Instance-ID.
On the first login, you are forced to set a new password,
which must comply with the new password strength
policy.

Azure During the deployment, customer is required to set a

complex password.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 7

Accessing a PowerProtect DD System

Password Changes Due to the DDOS Upgrade

The default strength policy is applied automatically with upgrades as follows for
DDOS version 7.6 and later:

• The system upgrade status displays a precheck warning about this change to
the default password strength policy.
• After the upgrade, there is an unmanaged alert for the password policy change.
• If you log in using a password that does not meet the password strength policy,
the following message appears: "Password for sysadmin does not comply with
minimum requirements for passwords. Change your password to comply with
current requirements".
• If the customer is using a password that meets or exceeds the password
strength policy, the values are retained.

PowerProtect DD Basic Administration

Page 8 © Copyright 2021 Dell Inc.

Accessing a PowerProtect DD System

DDOS Upgrade Status

Unmanaged Alert for the Password Policy Change

See the DDOS Administration Guide for additional password policy

details.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 9

Hardware Verification

PowerProtect DD Basic Administration

Page 10 © Copyright 2021 Dell Inc.

Hardware Verification

Verifying System Information

You can verify system information using:

• DD System Manager (DDSM)

• DDOS command line interface (CLI)

You can verify storage using:

• DDSM
• CLI

You can also verify chassis components and status using:

• DDSM
• CLI

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 11

Hardware Verification

Verify Hardware and Settings Demonstration

Movie:

Verify Hardware and Settings

PowerProtect DD Basic Administration

Page 12 © Copyright 2021 Dell Inc.

System Access

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 13

System Access

Managing Local Users

List of
Assigned
Current
Roles
Users

You manage local users under Administration > Access > Local Users. Here
you can name the user, grant user privileges, make users active, disabled, or
locked. You can learn the user's management role, and current status. You can
also learn a user's last login date, time, and location.

You can also manage local users with CLI commands.

To comply with security policies, it is also important to know that the

PowerProtect DD usernames/roles can be tied into Active Directory
or an LDAP service.

PowerProtect DD Basic Administration

Page 14 © Copyright 2021 Dell Inc.

System Access

LDAP

Lightweight Directory Access Protocol (LDAP) can be used to authenticate users

who can manage a PowerProtect DD system. LDAP configuration is used to
authenticate users to access PowerProtect DD systems through DDSM, DDMC
and CIFS/NFS.

Network Information System (NIS) can be used to authenticate users. LDAP

functionality and user interface are similar to those already present for NIS. LDAP
and NIS cannot be enabled simultaneously. Active Directory (AD) can be used with
either NIS or LDAP.

LDAP can be configured for both the DD System Manager (DDSM) and
PowerProtect DD Management Center (DDMC).

To configure LDAP in the DDSM:

1. Select Administration > Access > Authentication.
2. Expand the LDAP Authentication panel and click Configure.
3. Configure the details in the LDAP Authentication pane and click OK.
4. To enable or disable LDAP Authentication, click Enable next to LDAP Status.
5. Click OK.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 15

System Access

An LDAP server and a valid base-suffix must exist before enabling

LDAP authentication.

PowerProtect DD Basic Administration

Page 16 © Copyright 2021 Dell Inc.

System Access

AD over LDAP

PowerProtect DD series appliances communicate with Active Directory (AD)1 over

Lightweight Directory Access Protocol (LDAP)2 provides:

1 Active Directory (AD) is a directory service developed by Microsoft for Windows

domain networks. It authenticates and authorizes all users and systems in a
Windows domain type network. Assign and enforce security policies for all systems
installing or updating software.

2 The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral,

industry-standard application protocol for accessing and maintaining distributed
directory information services over an Internet Protocol (IP) network.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 17

System Access

• Single sign-on support with AD inline with other PowerProtect DP series

appliance components (DPC and Avamar)
• FIPS compliance3 that is required for APL certification4 by using FIPS-compliant
cipher-suites with TLS 1.2 to communicate with AD
• Easier configuration and administration

This feature should not be used:

• By customers who require CIFS5 data access with AD users.

• If a production PowerProtect DD system was already joined to an AD domain.

Only Microsoft AD is supported.

3To be FIPS-compliant, an organization must adhere to the various data security

and system standards that are outlined in the Federal Information Processing
Standards (FIPS).

4The Department of Defense Information Network (DoDIN) Approved Products List

(APL) is the single consolidated list of products that have completed cybersecurity
and interoperability certification.

5 The Common Internet File System (CIFS) is a cross-platform, transport-

independent protocol that provides a mechanism for client systems to use file and
print services made available by server systems over a network.

PowerProtect DD Basic Administration

Page 18 © Copyright 2021 Dell Inc.

System Access

Command Line Interface Changes

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 19

System Access

Authentication Change History

Modified arguments and modified behavior in DDOS:

• authentication ldap base set basename

[type active-directory]

The optional type active-directory parameter enables

LDAP authentication for AD6.
Commands with modified behavior in DDOS:

• authentication kerberos set realm home-

realm kdc-type {windows [kdcs kdc-list]
| unix kdcs kdc-list}

This command will not work when LDAP

authentication is configured for AD.
Modified output in DDOS:

• authentication ldap show

The output now includes a line to indicate the server

type.

6When this is enabled, the AD and Kerberos authentication cannot be used for
CIFS access. If the type active-directory parameter is not specified, the system
defaults to open LDAP, which allows AD or Kerberos authentication for CIFS
access.

PowerProtect DD Basic Administration

Page 20 © Copyright 2021 Dell Inc.

System Access

CIFS Change History

Commands with modified behavior in DDOS:

• cifs set authentication active-directory realm { [dc1 [dc2

...]] | * }

This command will not work when LDAP authentication is configured for AD.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 21

System Access

Common Issues

The common authentication issues are listed in the table below.

Issue Possible reasons

Failure to enable Authentication LDAP • Unable to locate LDAP server by

hostname if DNS is not configured
• Unable to contact LDAP server if
ports 389/636 are not open
• Invalid user credentials
• Invalid CA certificate for LDAP

User fails to log in • The user forgot to specify type

active directory while
configuration
• The user is not assigned a
uidNumber or gidNumber7
• The user group is not configured
for login

7UidNumber or UID, along with the group identifier (GID or GidNumber) and other
access control criteria, is used to determine which system resources an entity can
access.

PowerProtect DD Basic Administration

Page 22 © Copyright 2021 Dell Inc.

System Access

Managing Administrator Access Protocols

Managing administration access protocols enables you to view and manage how
administrators and users access a PowerProtect DD system.

Access to administrative protocols can be configured through the DD System

Manager (DDSM)8.

Read a description of the protocols that are available in the Services list.

You can also manage administration access using the command line.

8Access administrative protocols in DDSM at: Administration > Access >

Administrator Access.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 23

System Access

Managing Local Users and Administrator Access Protocols

Demonstration

Movie:

Managing Local Users and Administrator Access Protocols

PowerProtect DD Basic Administration

Page 24 © Copyright 2021 Dell Inc.

System Monitoring

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 25

System Monitoring

Log Files

From the DD System Manager, go to Maintenance > Logs to display logfile

entries9. The other graphic shows the structure of the Log directory.

DDOS functionality constantly improves with each new version10.

The file system logs system status messages hourly11. Log files can be bundled
and sent to Dell EMC Support to provide the detailed system information to aid with
troubleshooting system issues.

9Only a sample of the logfiles and folders is listed on this slide. The /ddvar folder
contains other logfiles that you cannot view.

10Generally, a PowerProtect DD appliance running an earlier DDOS release

should upgrade to the latest release.

11The system logfile entries contain messages from the alerts feature, autosupport
reports, and general system messages. The log directory is /ddvar/log.

PowerProtect DD Basic Administration

Page 26 © Copyright 2021 Dell Inc.

System Monitoring

Every Sunday morning, the PowerProtect DD system automatically opens a new

messages file and renames the previous file with an appended number, for
example messages.1. Each numbered file increments its number each week12.

12For example, at the second week, the file messages.1 increments to

messages.2. If a file messages.2 already exists, it increments to messages.3. An
existing messages.9 is deleted when messages.8 increments to messages.9.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 27

System Monitoring

Autosupport Reports

DD Operating System (DDOS) is the intelligence that powers PowerProtect DD

systems. It provides the agility, security, and reliability that enables the platform to
deliver scalable, high-speed, and cloud-enabled protection storage for backup and
archive.

Change time that a daily

ASUP is sent

Use standard email or

encrypted email using
ConnectEMC

Set recipients for system

alert messages

The autosupport (ASUP) feature generates an Auto Support log (ASUP),13 an

appliance-specific, consolidated report that shows details14 about the system.
Detailed internal statistics are presented at the end of the report.

13An ASUP is generated as scheduled, usually once per day. An ASUP is also
generated every time the file system is started.

PowerProtect DD Basic Administration

Page 28 © Copyright 2021 Dell Inc.

System Monitoring

An ASUP is designed to aid Dell EMC Support engineers identify and debug
possible system problems.

You can configure email addresses to receive the daily ASUP reports 15.

14These details include identification information, consolidated output from several

DDOS commands and entries from various logfiles. The ASUP includes system
alert messages. When a system alert is generated, it is automatically sent to Dell
EMC Support and any specific recipients that have been configured in the
distribution of ASUPs for that device.

15The default time for sending the daily ASUP is 06:00 a.m. and it is configurable.
When sending ASUPs to Dell EMC, you can select the legacy unsecure method or
the ConnectEMC method, which encrypts the information before transmission.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 29

System Monitoring

Alert Messages

Configure
Add Alert
Severity
Subscribers
Level

The Alert feature generates event and summary reports that are distributed to
configurable email lists and to Dell Technologies Support.

Event reports are sent immediately and provide detailed information about a
system event. Event reports are generated using notification groups.16

16Notification groups can be configured to include one or more email addresses

and the types, and severity level, of the event reports sent to those addresses. For
example, you might configure one notification group for people who monitor critical
events and another group for people who monitor less critical events.

PowerProtect DD Basic Administration

Page 30 © Copyright 2021 Dell Inc.

System Monitoring

Another option is to configure groups for different technologies.17

Summary reports are sent daily and provide a summary of the events18 that
occurred during the last 24 hours.

17For example, one group can receive emails about all network events and another
group to receive messages that are related to storage issues.

18Summary reports include only summary information compared to full-description

event reports.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 31

System Monitoring

Configuring Autosupport Reports and Alerts Demonstration

Movie:

Configuring Autosupport Reports and Alerts

PowerProtect DD Basic Administration

Page 32 © Copyright 2021 Dell Inc.

System Monitoring

Support Bundles

When troubleshooting, Dell EMC Support may ask for a support bundle. A support
bundle is a tar-g-zipped selection of log files with a README file that includes
identifying autosupport headers.

To create a support bundle in System Manager, go to Maintenance > Support >

Support Bundles.

1. Select Generate Support Bundle. It may take a few minutes to create bundle.
2. Right-click the link to download the bundle to your personal computer.
3. Email the file to Dell Technologies Support.

If the bundle is too large to be emailed, use the online support site to
upload the bundle.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 33

System Monitoring

You can also generate support bundles from the command line.

If the support bundle is too large, DDOS provides the option to create a mini bundle
that is smaller in size.

The system archives a maximum of five support bundles. If you

attempt to generate a sixth support bundle, the system automatically
deletes the oldest support bundle. You can also delete support
bundles using the support bundle delete command.

PowerProtect DD Basic Administration

Page 34 © Copyright 2021 Dell Inc.

System Monitoring

SNMP

SNMP status

Configure SNMP
properties

Must be compatible
with the SNMP
manager used

SNMP V2C is also

compatible with V1

Simple Network Management Protocol (SNMP)19 is a part of the Transmission

Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP provides a tool for
network administrators to monitor and manage network-attached devices.

An SNMP manager20 is required.

19 SNMP is an open-standard protocol for exchanging network management

information.

20The SNMP manager is sometimes a third-party application. However, Dell EMC

Networker, Avamar, and DPA can be configured to be used as an SNMP manager.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 35

System Monitoring

The SNMP manager needs an SNMP agent21 to monitor and respond to queries.

To configure SNMP22 using the DD System Manager, go to Administration >

Settings > SNMP and ensure Enable is selected.

Regarding SNMP V3, V2c, Configurations: The SNMP agent accepts queries for
PowerProtect DD-specific information from management systems using SNMP v1,
v2c, and v3. SNMP V3 provides a greater degree of security23 than v2c and v1.

21The SNMP agent is the PowerProtect DD system. From an SNMP perspective, a

PowerProtect DD system is a read-only device with one exception: a remote
machine can set the SNMP location, contact, and system name on a PowerProtect
DD system.

22An SNMP system location is a text entry describing where the PowerProtect DD
system is located and a contact.

23 This added security is done by replacing clear text community strings (used for
authentication) with user-based authentication using either MD5 or SHA1. SNMP
v3 user authentication packets can be encrypted and their integrity is verified with
either DES or AES.

PowerProtect DD Basic Administration

Page 36 © Copyright 2021 Dell Inc.

System Monitoring

Remote Logging

You can configure the PowerProtect DD system to send system log events to a
remote server.

UDP Port 514 UDP Port 514

System Messages

PowerProtect DD System Syslog Server

Remote logging with syslog sends system messages to a syslog server using UDP
Port 514.

Use the basic command log host for remote logging.

Following is a list of related commands:

• log host enable enables remote logging.

• log host add <host IP> adds a log host.
• log host show verifies remote logging configuration

Remote logging with syslog is only configured using the CLI. Use the
log host enable command to enable remote logging.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 37

System Monitoring

Remote Monitoring of a PowerProtect DD System

Demonstration

Movie:

Remote Monitoring of a PowerProtect DD System

PowerProtect DD Basic Administration

Page 38 © Copyright 2021 Dell Inc.

Licensed Features

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 39

Licensed Features

Licensing

Features and capacity can be added to PowerProtect DD system by

adding the proper licensing.

Licensing capacity and features on PowerProtect DD systems is done using the

Electronic Licensing Management System (ELMS)24.

The customer decides which feature they need to license. The ELMS creates a
license authorization code (LAC) email25.

The locking ID26 on the license is a unique identifier that links your license file27 to
your PowerProtect DD Virtual Edition system.

24ELMS provides a standardized method to license all Dell EMC products

electronically. By using ELMS, you use a single file to license the system.

25 The LAC contains a link to the ELMS portal where you can redeem you LAC for
license keys to activate the system features.

26 The locking ID is created using the serial number of your PowerProtect DD

Virtual Edition. The Locking ID (or serial number) must be provided since the
license is generated only for that system. Once all the required fields are filled out,
the output is the ELMS license.

27
The license can be added onto the DDVE using either the CLI or the DD System
Manager.

PowerProtect DD Basic Administration

Page 40 © Copyright 2021 Dell Inc.

Licensed Features

From the CLI, the following commands can be used to manage licenses with
ELMS:
• elicense show [all | license | locking-id]
• elicense update [check-only] [filename]
• elicense reset

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 41

Licensed Features

PowerProtect DD Licensed Features

Feature licenses allow you to purchase only those features you intend to use.
Some examples of features that require licenses are DD Boost, and DD Capacity
on Demand (storage capacity increases).

DD DD Boost29 DD Cloud Tier31 DD Encryption32

ArchiveStore28 Capacity
on
Demand30

28Licenses systems for archive use, such as file and email archiving, file tiering,
and content and database archiving.

29Enables the use of a system with qualified backup software. The Data Domain
Boost 7.3 for Partner Integration Administration Guide explains the how to
configure and use DD Boost with partner applications. The managed file replication
(MFR) feature of DD Boost also requires the DD Replicator license.

30Enables an on-demand capacity increase for a PowerProtect DD system that is

not at its maximum supported capacity.

31Enables a system to move data from the active tier to low-cost, high capacity
object storage in the public, private, or hybrid cloud for long-term retention.

32Allows data on system drives or external storage to be encrypted while being

saved and locked when moving the system to another location.

PowerProtect DD Basic Administration

Page 42 © Copyright 2021 Dell Inc.

Licensed Features

DD Expansion DD I/OS (for DD DD Retention Lock DD Retention Lock

Storage33 IBM i operating Replicator35 Compliance Edition36 Governance Edition37
environments)34

33Allows system storage to be expanded beyond the level provided in the base
system.

34 An I/OS license is required when DD VTL is used to backup systems in the IBM i
operating environment. Apply this license before creating virtual tape drives to
libraries because the tape drives are created as part of this process, not separately.

35Adds DD Replicator for replication of data from one protection system to another.
A license is required on each system.

36Meets the strictest data retention requirements from regulatory standards such
as SEC17a-4.

37Protects selected files from modification and deletion before a specified retention
period expires.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 43

Licensed Features

DD Shelf Capacity- DD Storage DD Virtual High Availability41 SSD Cache42

Active Tier38 Migration39 Tape
Library
(DD
VTL)40

38Enables a system to expand the active tier storage capacity to an additional

enclosure or a disk pack within an enclosure.

39 Enables migration of data from one enclosure to another to support replacement

of older, lower-capacity enclosures.

40Enables the use of a protection system as a virtual tape library over a Fibre
Channel network. This license also includes the NDMP Tape Server feature and
the I/OS license for IBM i systems, which previously required separate licenses.

41Enables the High Availability feature in an Active-Standby configuration. You only

need to purchase one HA license; the license runs on the active node and is
mirrored to the standby node.

42Enables the SSD cache feature on some legacy models. This license is not
required to use the SSD cache feature on DD3300, DD6900, DD9400, and
DD9900 systems.

PowerProtect DD Basic Administration

Page 44 © Copyright 2021 Dell Inc.

System Upgrades

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 45

System Upgrades

DD Operating System Releases

DD Operating System (DDOS) is the intelligence that powers PowerProtect DD

systems. It provides the agility, security, and reliability that enables the platform to
deliver scalable, high-speed, and cloud-enabled protection storage for backup and
archive.

DDOS functionality is constantly improving with each new version43.

The following image shows downloads available44 for your appliance based on
search criteria.

43Generally, a PowerProtect DD appliance running an earlier DDOS release

should upgrade to the latest release.

PowerProtect DD Basic Administration

Page 46 © Copyright 2021 Dell Inc.

System Upgrades

DD System Manager allows you to view and manage up to five upgrade

packages45 on the DDOS system.

Dell EMC recommends that you track DDOS releases deployed in your backup
environment. It is important that the backup environment run the most current,
supported releases46.

In some cases you can upgrade specific features within the DDOS using a
minimally disruptive upgrade.

Keep all PowerProtect DD appliances running the most current DDOS version47,
when possible.

44Any upgrade packages that are available for your organization can be
downloaded from Dell EMC support regardless of where they are in the release
cycle.

45 To upgrade the system, download an upgrade package from the Dell

Technologies Support (dell.com/support) site to a local computer, and then upload
it to the target system.

46 As a rule, you should upgrade to the latest release for your system model. This
ensures that you are running the latest version that has achieved the highest
reliability status.

47Be sure to minimize the number of different deployed release versions in the
same environment.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 47

System Upgrades

REVERTING TO A PREVIOUS DDOS VERSION DESTROYS ALL

DATA ON THE POWERPROTECT DD SYSTEM.
There is no down-grade path to a previous version of DDOS. The
only method to revert to a previous DDOS version is to destroy the
file system and all the data contained therein.
If necessary, contact Dell EMC Support to discuss system backup
and restoration options before you upgrade.

PowerProtect DD Basic Administration

Page 48 © Copyright 2021 Dell Inc.

System Upgrades

Why Upgrade?

• Improved operating system48

• Often required when changing to newer systems49
• Replication configuration systems should all have the
same version of DDOS50
• Compatibility is ensured with backup host software51
• Unexpected system behavior can be corrected52

48 It is not always essential, but Dell Technologies suggests you maintain a

PowerProtect DD appliances with the current versions of the DD Operating System
(DDOS). With the newest version of DDOS, you can be sure that you have access
to all features and capabilities your system has to offer.

49When you add newer PowerProtect DD systems to your backup architecture, a

newer version of DDOS is typically required to support hardware changes. For
example, remote-battery NVRAM, or newer model expansion shelves might require
a current version of DDOS.

50Dell Technologies recommends that systems paired in a replication configuration

have the same version of DDOS.

51Administrators upgrading backup host software should always check the

minimum DDOS version that is recommended for your backup software in the
Supported Systems section of the DDOS version Release Notes.

52No software is free of flaws, and Dell Technologies works continuously to

improve the functionality of DDOS. Each version release has complete release
notes that identify bug fixes by number.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 49

System Upgrades

Preparing for a DDOS Upgrade

The following are points to consider before upgrading the

DDOS on a PowerProtect DD appliance.

• PowerProtect DD appliances may upgrade only two release versions53 ahead in

a single upgrade action.
• Pick an appropriate time window54 to run the upgrade.
• Time required55 to install depends on the platform and the amount of existing
data.
• Stop any client connections to the system before upgrading.
• In a replication pair,56 upgrade the destination (replica) before upgrading the
source.

53 If you are ever more than two release versions behind, contact Dell EMC Support
for advice on the intermediate versions to use for your stepped upgrade.

54 Cleaning operations or backups should not run during a DDOS upgrade.

55 The time to run an upgrade should take no longer than 45 minutes. Adding the
time to shut down processes and to check the upgraded system, might take 90
minutes or more to complete a single version upgrade. Double this time if you are
upgrading two release versions at once.

PowerProtect DD Basic Administration

Page 50 © Copyright 2021 Dell Inc.

System Upgrades

Compatibility Check

Applications or hardware devices must be

compatible with the DDOS version to
which you want to upgrade.

• Refer to PowerProtect DD
Compatibility Guides available from
Dell Technologies Support.
• Read the release notes for the version
of DDOS you are upgrading and check
for possible compatibility issues with
your device and software57.
• DD Boost Version Compatibility Guide
• For specific details about compatibility
with third-party software, access the E-Lab Navigator website.

If any applications or hardware devices are not compatible with the

new version of DDOS, do not perform the upgrade. Consider
upgrading to a compatible DDOS version or schedule your upgrade
after the application or hardware compatibility has been verified.

56Do not disable replication on either side of the replication pair. When the
appliance file system reenables, replication automatically resumes service.

57 Check for compatibility between the upgrade version of DDOS, the backup
software version, and any DDOS feature software you are using. You can find this
information in the "Preparing to upgrade" section of the release notes.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 51

System Upgrades

Performing a System Upgrade

When you have verified compatibility with your PowerProtect DD appliance and the
correct version of DDOS to upgrade, you are ready to perform a system upgrade.

Begin the system upgrade by navigating to the Maintenance > System and
performing the upgrade precheck.

When the upgrade precheck is successful, select Perform System Upgrade to

begin the upgrade process.

PowerProtect DD Basic Administration

Page 52 © Copyright 2021 Dell Inc.

System Upgrades

Managing System Upgrades Demonstration

Movie:

Managing System Upgrades

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 53

System Upgrades

Performing a System Upgrade Using DDMC Scheduled

Updates

PowerProtect DD Management Center (DDMC) introduces a new feature to

schedule DDOS updates on one or more PowerProtect DD series appliances.

With the DDMC scheduled updates, the system administrator can:

• See the list of managed systems and the current schedule status.
• Schedule an update operation58 for a selected list of available systems.
• Edit an updated schedule.59

58An update operation includes future updates or immediate execution, download

the package, install a predownloaded package, or both with the option to choose
the DDMC or PowerProtect DD time zone.

59 An updated schedule can be edited if it has not started.

PowerProtect DD Basic Administration

Page 54 © Copyright 2021 Dell Inc.

System Upgrades

• Delete an updated schedule60.

• Monitor the update progress.

To schedule a DDOS update see Schedule Updates.

60This action does not affect the update that started or is in progress. For updates
that have not started yet, the update schedule is deleted.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 55

Appendix

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 57

Appendix

Command Line Interface (CLI)

Access CLI Through:

– SSH
– Serial Console
– Telnet
– Serial Over LAN (SOL)
– Keyboard and Monitor

The DDOS command line interface enables you to manage PowerProtect DD

systems.

After the initial configuration, use the SSH or Telnet (if enabled) utilities to access
the system remotely and issue CLI commands.

The default administrator account61 is used to initially access the PowerProtect DD

system.

61The default administrator username is sysadmin. On a physical PowerProtect DD

system, the initial password for the sysadmin user is the system serial number. On
a PowerProtect DD Virtual Edition (DDVE) instances, the initial password for the
sysadmin user is “changeme”.

PowerProtect DD Basic Administration

Page 58 © Copyright 2021 Dell Inc.

Appendix

DD System Manager

Management
Options

The DD System Manager (DDSM) provides a single, consolidated management

interface for configuration and monitoring of many system features and settings.

The DDSM can be used for configuration and management of a single

PowerProtect DD system.

You can access the DDSM from many browsers.62

62 Microsoft Internet Explorer™, Microsoft Edge™, Google Chrome™, and Mozilla

Firefox™

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 59

Appendix

PowerProtect DD Management Center (DDMC)

DDMC Supports

– Up to 100 PowerProtect DD Systems

– Multiple Simultaneous Users

DDMC can manage multiple PowerProtect DD systems63.

You can access a DDMC by using a supported browser64 with network access to
the DDMC instance.

63
A maximum of 100 DD systems can be added to a DDMC. It also supports
multiple simultaneous users.

64For Windows use Internet Explorer™, Edge™, Mozilla Firefox™, and Google
Chrome™.For Mac OX use Mozilla Firefox™, and Google Chrome™.

PowerProtect DD Basic Administration

Page 60 © Copyright 2021 Dell Inc.

Appendix

Verify System Information Using DD System Manager

(DDSM)

You can view this information in the DDSM by selecting Maintenance > System to
display:
• Model number
• DDOS version
• System uptime
• Serial numbers for the system and chassis

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 61

Appendix

Verify System Information Using CLI

The command line interface (CLI) can be used to verify basic information about a
PowerProtect DD system. The following commands can be useful:
• system show modelno - Displays the hardware model number of a
PowerProtect DD system.
• system show detailed-version - Shows the version number and release
information.
• system show serialno [detailed] - Displays the system serial number
and also shows whether encryption is enabled.
• system show uptime - Displays the file system uptime, the time since the
last reboot, the number of users, and the average load.

PowerProtect DD Basic Administration

Page 62 © Copyright 2021 Dell Inc.

Appendix

Verify Storage

1 2 3

If you have trouble determining which hard drive corresponds to a disk displayed in
the table, you can use the beacon feature65 (4).

65Select a single disk from the Disks table and click Beacon. You can only select
one disk at a time.

The beacon feature flashes an LED on the drive until you click Stop in the DDSM
window.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 63

Appendix

Verify Storage Using CLI

The CLI can be used to verify system storage. The following commands can be
used:
• storage show {all | summary | tier {active | archive |
cache | cloud}} - Displays information about the disk groups, disks, and
storage capacity of the file system.
• enclosure show all [enclosure] - Displays detailed information about
the installed components and component status for all enclosures.
• disk show hardware - Displays disk hardware information, the output
includes a column for slot identification.

PowerProtect DD Basic Administration

Page 64 © Copyright 2021 Dell Inc.

Appendix

Viewing the Chassis

The DD System Manager (DDSM) provides a virtual view of a physical

PowerProtect DD system chassis66.

The system serial number is independent of the chassis serial number and remains
the same during many types of maintenance events, including chassis
replacements.

66The Hardware Chassis panel displays a block drawing of each enclosure in a

system, including the chassis serial number and the enclosure status. The drawing
displays components, such as disks, fans, power supplies, NVRAM, CPUs, and
memory, depending on the system model.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 65

Appendix

Chassis view shows top view, back view, and enclosures. Shown here in the rear
view, a mouse rolls over Power Supply 1. The Details pane shows the description
and status of Power Supply 1.

You can find similar information using the command line.

PowerProtect DD Basic Administration

Page 66 © Copyright 2021 Dell Inc.

Appendix

Viewing Chassis Information Using CLI

From the CLI the following commands can be issued to view similar information
found in the chassis view:
• enclosure show chassis [enclosure] - Show part numbers, serial
numbers, and component version numbers for one or all enclosures
• enclosure show summary - List enclosures, model and serial numbers,
state, OEM names and values, and capacity (number of disks in the enclosure)

Consult the DDOS 7.6 Command Reference Guide on the Dell EMC Support
site for more detailed information and specific command syntax.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 67

Appendix

Defining User Roles

Role-based access control (RBAC) is an authentication policy that controls which
DD System Manager controls and CLI commands a user can access on a system.

Role-based sysadmin - Default admin68 limited admin69

access administrator67
control

67 A sysadmin is the default admin user role.

68 A user with the admin role can configure and monitor the entire PowerProtect DD
system. Most configuration features and commands are available only to admin
role users.

69The limited-admin role can configure and monitor the PowerProtect DD system
with some limitations. Users who are assigned this role cannot perform data
deletion operations, edit the registry, or enter bash or SE mode.

PowerProtect DD Basic Administration

Page 68 © Copyright 2021 Dell Inc.

Appendix

user70 security - security backup operator72

officer71

70The user role can monitor the system, change their own password and view
system status. A user assigned the user role cannot change the system
configuration.

71 The user assigned the security role is for a security officer who can manage
other security officers, authorize procedures, and perform tasks that are supported
for user-role users. Only the sysadmin user can create the first security officer and
that first account cannot be deleted. After the first security officer is created, only
security officers can create or modify other security officers. Before destroying the
file system, a security officer must provide authorization.

72The Backup-operator role can perform all tasks that are permitted for user-role
users. These tasks include creating snapshots for MTrees, importing, exporting,
and moving tapes between elements in a virtual tape library and copying tapes
across pools.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 69

Appendix

none73 tenant admin74 tenant user75

73 The role of None is used for DD Boost authentication. A user assigned the None
role can log in to a PowerProtect DD system and can change their password but
cannot monitor or configure the primary system.

74The Tenant Admin role can be appended to the None role when the Secure
Multi-Tenancy (SMT) feature is enabled. A tenant admin user can configure and
monitor a specific tenant unit as well as schedule and run backup operations for the
Tenant.

75The Tenant User role can be appended to the None role when the secure multi-
tenancy (SMT) feature is enabled. The Tenant User role enables a user to monitor
a specific tenant unit and change the user password.

PowerProtect DD Basic Administration

Page 70 © Copyright 2021 Dell Inc.

Appendix

Managing User Roles Through the Command Line

The CLI can be used to manage local users. The following commands can be used:

• user add user [role {admin | limited-admin | security |

user | backup-operator | none}] [min-days-between-change
days] [maxdays-between-change days] [warn-days-before-
expire days] [disable-days-after-expire days] [disable-date
date] [forcepassword-change {yes | no}] - Adds a new locally
defined user
• user enable user [disable-date date] -Enables the specified locally
defined user account so that the user can access the file system
• user disable user - Disables the specified locally defined user account so
that the user cannot access the file system
• user show list - Displays a list of system users

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 71

Appendix

IP Protocols for System Access

Following are the protocols that can be used by administrators to access a

PowerProtect DD system:

• FTP/FTPS provides access to a PowerProtect DD system through an FTP or

FTPS connection. These are the only protocols restricted to those with the
admin management role. These protocols are only used for administrative
access to files on the protection system.
• HTTP/HTTPS provides access to a PowerProtect DD system through an HTTP,
HTTPS, or both, connection.
• Secure shell (SSH) provides access to a PowerProtect DD system through a
secured shell (SSH) connection.
• Secure Copy Protocol (SCP) provides access to securely copy files to and from
a PowerProtect DD system.
• Telnet Provides access to a PowerProtect DD system through a Telnet
connection.

PowerProtect DD Basic Administration

Page 72 © Copyright 2021 Dell Inc.

Appendix

NFS Exports Using the Command Line

You can use the command line to manage NFS exports. Use the following
commands:

• nfs export add - Adds a client or list of clients to one or more exports.
• nfs export del - Removes a client or a list of clients from existing exports.
• nfs export create - Creates a named export and adds a path.
• nfs export destroy - Destroys one or multiple NFS exports.
• nfs export modify - Updates an existing client or clients to an export or set
of exports.

The minimum role required for these commands is admin. Consult the DDOS
Command Reference Guide for more detailed information and specific syntax.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 73

Appendix

Generating a Support Bundle from the Command Line

You can also generate support bundles from the command line:
• support bundle create {files-only <file-list> | traces-
only} [and-upload [transport {http|https}]]
Compresses listed files into a bundle and uploads if specified
• support bundle create default [with-files <file-list>]
[and-upload [transport {http|https}]]
Compresses default and listed files into a bundle and uploads if specified

PowerProtect DD Basic Administration

Page 74 © Copyright 2021 Dell Inc.

Appendix

Generating a Mini Support Bundle

For automatically generated mini support bundles, the maximum number allowed is
two created within the last 24 hours, and four total. New mini bundles are not
generated if two mini support bundles were created in the last 24 hours. If the
maximum of four bundles is reached, the system automatically deletes the oldest
bundle.

1. Select Maintenance > Support > Support Bundles

2. Click Generate Mini Support Bundle.
3. Email the file to Dell Technologies Support.

If the bundle is too large to be emailed, use the online support site to
upload the bundle.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 75

Appendix

Minimally Disruptive Upgrade (MDU)

The minimally disruptive upgrade (MDU)
feature lets you upgrade specific software
components76 or apply bug fixes without
needing to perform a system reboot.77

When an administrator upgrades the system

using a specific component (e.g.: vtl.rpm), it
triggers an MDU78.

76Only those services that depend on the component being upgraded are
disrupted, so the MDU feature can prevent significant downtime during certain
software upgrades. MDU uses smaller component bundles, which upgrade specific
software components individually.

77An MDU is similar to the Linux atomic upgrade, but is made of stand-alone
component RPMs like ddsh.rpm or vtl.rpm. These stand-alone components come in
smaller packages to facilitate faster delivery to the system.

78The effect of the new component takes place as in an atomic upgrade, but only
the processes relating to the specific component restarts. The overall PowerProtect
DD system remains unaffected by the upgrade.

PowerProtect DD Basic Administration

Page 76 © Copyright 2021 Dell Inc.

Appendix

Release Notes
DDOS release notes are the most
informative document to check
compatibility for your backup
environment. Release notes
documents contain environmental
and system requirements specific to
the target software version in these
sections:

• DDOS and DDVE environment

and system requirements
• DDMC environment and system
requirements
• Preparing to upgrade to DDOS X.X
• Pre-upgrade checklists and overview
• Preparing the system for upgrade
• Upgrade considerations for HA systems.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 77

Appendix

Upgrade Precheck

The DDOS upgrade precheck is found in the Maintenance > System > UPGRADE
PRECHECK tab in the DD System Manager. Upgrade precheck is part of the
upgrade process which determines whether the system is in an upgradable state79.

79The aim of the precheck is to detect potential problems early and halt the
upgrade. Allowing the upgrade without a precheck might place the system in an
unusable state after an upgrade attempt.

PowerProtect DD Basic Administration

Page 78 © Copyright 2021 Dell Inc.

Appendix

Schedule Updates
To schedule a DDOS update from PowerProtect DD Management Center (DDMC):

1. Go to Infrastructure > Updates.

2. Click Configure Update.
3. Under the Update Options page, type the Update Name.
4. Select Download Package Only, Install Update Only, or Download Package
and Install Update.
5. Click Next.
6. Under the Select System page, select from the list of available systems.
7. Click Next.
8. Under the Select Package page, select the package to apply to the previously
selected system or systems.
9. Click Next.
10. Under the Schedule page, select when to perform the downloads and update,
Now or Later.
If Later is chosen, select whether to use the Individual System Time or the
PowerProtect Management Center Time and schedule the specific date and
time.
11. Click Next.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 79

Appendix

12. In the Summary page, review the summary, and if applicable, select Reboot
before installation.
A system reboot allows the update to continue without any conflicts with
background running processes and may be required for some updates.
13. Click Finish.

Systems that are High-Availability (HA) or have an existing update

schedule cannot be updated and do not appear in the list of available
systems.

PowerProtect DD Basic Administration

Page 80 © Copyright 2021 Dell Inc.

PowerProtect DD Basic Administration

© Copyright 2021 Dell Inc. Page 81

POWERPROTECT DD
NETWORK INTERFACE
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

Configuring Ethernet Interfaces ............................................................................... 4

Network Management Overview .......................................................................................... 5
Viewing Network Interface Settings ...................................................................................... 7
Configuring Ethernet Interfaces.......................................................................................... 10
Configure and Viewing IP Name Settings .......................................................................... 15
Managing Network Routes ................................................................................................. 20

Link Failover and Aggregation ............................................................................... 26

Link Failover and Aggregation Bonding Concepts .............................................................. 27
Link Control Overview ........................................................................................................ 29
Supported Topologies ........................................................................................................ 30
Link Failover Overview ....................................................................................................... 32
Creating a Bonded Interface for Link Failover .................................................................... 33
Link Aggregation Overview ................................................................................................ 40
Link Aggregation Considerations ....................................................................................... 43
Configuring Link Aggregation ............................................................................................. 46

VLAN and IP Alias Interfaces .................................................................................. 52

Introduction to VLAN and IP Aliases .................................................................................. 53
PowerProtect DD VLAN Interface Architecture .................................................................. 54
Configuring VLAN Interfaces .............................................................................................. 56
IP Aliases Overview ........................................................................................................... 59
Configuring IP Aliases ........................................................................................................ 61

Configuring Fibre Channel ...................................................................................... 65

Fibre Channel Connection Overview .................................................................................. 66
Configuring Fibre Channel Hardware ................................................................................. 67
Fibre Channel Status ......................................................................................................... 69
Fibre Channel Port Overview ............................................................................................. 71
Managing Fibre Channel Ports........................................................................................... 73
Enabling and Disabling NPIV ............................................................................................. 77

PowerProtect DD Network Interface Administration - Participant Guide

Page ii © Copyright 2020 Dell Inc.

Configuring Fibre Channel Endpoints................................................................................. 79
Fibre Channel Initiator Overview ........................................................................................ 84
Configuring Fibre Channel Initiators ................................................................................... 85
Introduction to Access Groups ........................................................................................... 89

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page iii

Configuring Ethernet Interfaces

PowerProtect DD Network Interface Administration - Participant Guide

Page 4 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

Network Management Overview

You can manage the configuration of the networking components through the
PowerProtect DD System Manager or the Command Line Interface (CLI).

IP configuration settings include IP addresses, IP aliases, and IP routes. The

Domain Name Server (DNS) configuration is also available through the user
interface.

Ethernet Configuration Management DNS Configuration Management

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 5

Configuring Ethernet Interfaces

Ethernet Configuration Management

The Ethernet Configuration Management includes:

• Ethernet Network Interface Cards (NIC)

• Link Failover
• Link Aggregation
• Virtual LANs (VLANs)
• Virtual Network Interfaces (veth)
• Network Aliases

DNS Configuration Management

The DNS configuration management includes:

• Hostname
• Local host file
• Search domains
• Dynamic DNS

PowerProtect DD Network Interface Administration - Participant Guide

Page 6 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

Viewing Network Interface Settings

You can manage the PowerProtect DD appliance using DD System Manager

(DDSM) and Command Line Interface (CLI). When using DDSM, go to the
Hardware > Ethernet screen. From there you can select the INTERFACES,
SETTINGS, or ROUTES tab as needed.

1: Selecting the interfaces tab causes the system to display interface-related

information. The output from this screen is organized into four sections - command
buttons, interface table, Interface details, and IPMI information. (The IPMI is only
available on physical PP DD).

2: The Interfaces table presents summary information about the interface in

columns that identify the contents. You can filter the number of interfaces that are
displayed in the interface table by name or by interface type.

3: The Interface Details section of the screen displays comprehensive information

about the selected interface. You can view the details of an interface by selecting
its associated row in the Interface table.

Click the green boxes for more information.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 7

Configuring Ethernet Interfaces

Examples of CLI for Network Interfaces

With an admin or limited-admin role, here are some CLI commands that provide
most of the relevant information that is associated with network interfaces. Use the
help net show command to obtain more information about these commands.

PowerProtect DD Network Interface Administration - Participant Guide

Page 8 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

CLI Command Description

net show settings Displays the interface network

settings.

net show hardware Displays the interface hardware

configuration.

net show config Displays the configuration for a

specified Ethernet interface.1

net show domainname Displays the domain name that is

associated with the PP DD.

net show searchdomains Displays the search domains.

net show dns Lists the domain name servers that

are used by PP DD.

net show stats Provides several different

networking statistics.

net show all Combines the output of several

other net show commands.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

1 If Ethernet interface is not specified, display the configuration of all Ethernet

interfaces.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 9

Configuring Ethernet Interfaces

To configure an Ethernet interface using the PowerProtect DD System Manager,

follow these steps shown here.

Step One

Navigate to Hardware > Ethernet > Interfaces tab and select an interface from the
interface table. Then click Configure.

Step Two

Go to the IP settings section of the panel. If you are using DHCP to assign an IP
address, click Obtain using DHCP and identify if the DHCP server provides an
IPv4 or IPv6 address.

PowerProtect DD Network Interface Administration - Participant Guide

Page 10 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

IPv6

To assign a static IP address to the device, select Manually configure IP Address

and enter the IP address and netmask in the appropriate fields. Click NEXT.

IPv4

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 11

Configuring Ethernet Interfaces

Step Three

If the Maximum Transmission Unit (MTU) size must be changed, go to the MTU
Settings section of the panel and enter the MTU value2.

Step Four

Enable or Disable the Dynamic DNS Registration (DDNS) for Windows mode by
selecting or clearing the checkbox. Click NEXT.

2The minimum value for the MTU setting is 600 for IPv4 and 1280 for IPv6, the
maximum value is 9000, and the default value is 1500.

PowerProtect DD Network Interface Administration - Participant Guide

Page 12 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

Step Five

The Configure Interface Settings summary panel is displayed. Review the

Configuration Interface Settings summary and click FINISH. The configuration
progress panel is displayed, after network interface configuration completes click
OK.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 13

Configuring Ethernet Interfaces

PowerProtect DD Network Interface Administration - Participant Guide

Page 14 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

Configure and Viewing IP Name Settings

The SETTINGS view, shows you the Host Settings3, Search Domains4, Hosts
Mapping5, and DNS List6.

You can also use the Command Line Interface to view IP Name settings and
configure IP name settings.

3The Host Settings section displays the PowerProtect DD system hostname. The
hostname is shown as a Fully Qualified Domain Name (FQDN), which means the
hostname and domain name are displayed as a single string.

4 The Search Domain section displays the search domains that are used by the
PowerProtect DD. When a hostname is entered without a domain, the system
attempts to determine the correct domain to associate with the provided hostname
by appending each of the listed search domains to the hostname. If it is discovered,
the system uses the fully qualified domain name. If no domain names yield the
correct fully qualified domain name, the system returns an error.

5The Host Mappings section shows local name to IP address mappings. Unlike the
mappings from the DNS server, these name mappings only apply to this system.

6 The DNS List displays the IP addresses of the DNS servers that are used by this
system. An asterisk (*) indicates that the DNS server addresses were assigned
through DHCP.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 15

Configuring Ethernet Interfaces

Examples of CLI Commands to View IP Name Settings

Refer to the Dell EMC DDOS Command Reference Guide for more information
about these commands.

PowerProtect DD Network Interface Administration - Participant Guide

Page 16 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

CLI Command Description

net show hostname Displays hostname

net show domainname Displays domain name

net show searchdomains Displays the search domain list

net hosts show Displays hostnames and IP

addresses from the /etc/hosts
file.

net show dns Displays a list of DNS servers used

by the protection system. The final
line in the output shows if the
servers were configured manually
or by DHCP.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 17

Configuring Ethernet Interfaces

Examples of CLI Commands to Configure IP Name Settings

Refer to the Dell EMC DDOS Command Reference Guide for more information
about these commands.

CLI Command Description

net set hostname Configures the hostname.

net set domainname Configures the domain name.

net set searchdomains Configures the search domain.

net hosts add Adds the hosts list entry in the

/etc/hosts file.

net hosts del Deletes the hosts list entry in the

/etc/hosts file.

PowerProtect DD Network Interface Administration - Participant Guide

Page 18 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

net hosts reset Clear the hosts list from the

/etc/hosts file.

net set dns Clears out the statically set DNS

servers.

net reset dns Resets the DNS server to default

values.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 19

Configuring Ethernet Interfaces

Managing Network Routes

The PowerProtect DD uses source-based routing. Source-based routing enables

the sender of the packet to specify the route, or interface, that a packet must use to
reach the destination.

The only routing that is implemented on a Powerprotect DD appliance is based on

the internal route table.7

Static routes define the data path to destination hosts or networks. You can create
static routes from the PowerProtect DD System Manager (DDSM) or the Command
Line Interface (CLI).

Default Gateway Configuration

7The internal route table is where the administrator may define a specific network
or subnet that is used by a physical interface (or interface group).

PowerProtect DD Network Interface Administration - Participant Guide

Page 20 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

Important: PowerProtect DD appliance do not generate or respond to

any of the network routing management protocols (RIP,
EGRP/EIGRP, and BGP) in any way.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 21

Configuring Ethernet Interfaces

Configuring Static Routes

Step One

To configure a static route using the DDSM, navigate to Hardware > Ethernet >
Interfaces and click on the ROUTES tab.

Step Two

In the Create Routes dialog box, select an interface that you want to host the static
route. Click NEXT.

PowerProtect DD Network Interface Administration - Participant Guide

Page 22 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

Step Three

In the Create Routes dialog box, specify the Destination network, and enter the
Network address and Netmask or prefix for IPv6 addresses. To specify a
destination host, select Host and enter the hostname or IP address of the
destination host.

Optionally, you can add the Gateway to use to connect to the destination network
or host. Click NEXT.

This is not the IP of any interface. The interface is selected in the initial dialog, and it is used for
routing traffic.

Step Four

Review the Summary and click FINISH. After the process is completed, click OK.
The new route specification is listed in the Route Spec table.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 23

Configuring Ethernet Interfaces

CLI for Static Routes

With an admin or limited-admin role, using the following command:

• net route add [ipversion {ipv4 | ipv6}] <route spec> - Adds
an IPv4 or IPv6 static route for a network or network host
• net route show config

PowerProtect DD Network Interface Administration - Participant Guide

Page 24 © Copyright 2020 Dell Inc.

Configuring Ethernet Interfaces

• net route show tables [<table-name-list> | ipversion

{ipv4 | ipv6}]
• net route set gateway {ipaddr | ipv6addr} - Configure the IP
address to be the static IPv4 or IPv6 default gateway.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 25

Link Failover and Aggregation

PowerProtect DD Network Interface Administration - Participant Guide

Page 26 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Link Failover and Aggregation Bonding Concepts

Link aggregation and link failover are two types of bonding that most PowerProtect
DD systems support.

Bonding8 modes define the methods and protocols that are used to control the
physical links between systems. The bonding hash defines the methods that are
used to balance transmissions over the physical links. Balancing is typically done to
obtain better physical link utilization.

Components Bonding Topologies10 Bonding

Modes9 Hash11

Important: Link Failover or Aggregation is not

supported on DDVE implementations. The
PowerProtect DD3300 does not support Link
Aggregation.

8 Bonding is a term the Linux community uses to describe the grouping of interface
together to act as one interface to the outside world.

9 Control links between the connected systems.

10 Relationship between devices in the network.

11 This is how transmissions are balanced over the physical links to obtain better
utilization.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 27

Link Failover and Aggregation

Components

The components required to implement link failover or link

aggregation are the system software, a virtual interface, the
operation defined by the virtual interface, and physical
network interfaces.

• The system software sends and receives

data to and from the bonded interface12 in the same way it
would if the bonded interface was a physical interface.13
• The virtual network interface provides the system software with a way to access
the underlying aggregated link connection, link failover connection, or VLAN. It
is displayed to the system as a normal physical network interface. A virtual
interface can be viewed as a container to hold physical interfaces.

12The bonded interface operation is the component that performs the functions that
are defined by the bonded interface type (bonding mode). This component
processes data according to the rules associated with the interface type.

13These components are responsible for transmitting and receiving data over the
network. There are physical interfaces on the connected devices as well. If
configuring link failover, the interfaces on the connected device do not require any
special configuration other than normal Ethernet network configuration. If
configuring link aggregation, the interfaces on the connected device must be set up
with a compatible bonding type, mode, and hash.

PowerProtect DD Network Interface Administration - Participant Guide

Page 28 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Link Control Overview

When using link failover or link aggregation, remember that links are controlled
point-to-point. Whichever protocol is used to control the operation of the links, it
only operates from the PowerProtect DD system to the directly connected device.
This directly connected device can be a switch, a server, or even a network
gateway or router.

Link control does not extend beyond the directly connected device. If the media or
application server is not directly connected to the PowerProtect DD system, the
operations of the physical links are not managed by the failover or aggregation
functions. Higher-level protocols detect any loss of connectivity.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 29

Link Failover and Aggregation

Supported Topologies

Topologies provide a map of the network and essentially define its terrain. With a
map of the topology, you can see how devices are physically or logically
interconnected.

In the context of link failover and link aggregation, three common topologies are
Direct connect14, LAN connect, and Remote connect. Click on each term for more
information.

Direct Connect Topology15

14 The direct connect topology may be used for any type of bonding mode, but is
most often used with round robin. Round robin provides the most fair traffic
distribution between the two links. Round robin is more susceptible to out-of-order
packet transmission. The fact that traffic that is destined for other devices is not
going to be contending for the resources these links provide minimizes the problem
of out-of-order packet transmission.

15 In the direct connect topology, the PowerProtect DD system is directly connected

to the application, media, client, or backup server. In this case, the connected
server must be configured with a compatible bonding configuration - including type,
mode, and hash. The physical Ethernet connections must follow existing
guidelines, which typically means all interfaces have the same speed and duplex
settings. Some configurations support the links in the bundle to have different
media types.

PowerProtect DD Network Interface Administration - Participant Guide

Page 30 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

LAN Connect Topology16

Remote Connect Topology17

Important: Because link aggregation and link failover are point-to-

point protocols and not end-to-end, the physical network link
configuration of the server is unrelated to the configuration of the
PowerProtect DD system in this topology if they are not directly
connected to each other. It is required that the server and switch
have compatible physical network and bonding configurations.
However, it is not required for the server and PowerProtect DD
system to also have the same level of compatibility.

16The PowerProtect DD system is directly connected to a Layer 2 switch. The

physical Ethernet links between these must have the same speed and duplex
settings. The bonding configuration must be compatible between the PowerProtect
DD system and the Layer 2 switch. This includes the bonding type, mode, and
hash. Also, the PowerProtect DD system and the server are on the same
subnet.There is no router between the PowerProtect DD system and the server.
The server is also connected to a Layer 2 switch, but that does not mean it is
connected to the same switch as the PowerProtect DD system

17In a remote connect topology, the server, or client is in a different subnet than the
PowerProtect DD system. All traffic to and from the server must go through a
gateway. Because of this, all packets contain the MAC addresses of the gateway
and PowerProtect DD.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 31

Link Failover and Aggregation

Link Failover Overview

Link failover provides link redundancy by identifying backup interfaces that can
support network traffic when the primary interface is not operating. This ensures
that the PowerProtect DD system remains connected to the network.

Click on red boxes for more information.

1: The failover-enabled bonded interface represents a primary physical network

interface and a group of secondary physical network interfaces. The system makes
the primary interface the active interface whenever the primary interface is
operational. The setting of an interface to primary is optional and not required.

2: If the primary link fails, the PowerProtect DD remains connected. A configurable

Down Delay failover option enables you to configure a failover delay in 900-
millisecond intervals. The failover down and up delays guard against multiple
failovers when a network is unstable. By default, a link must be up or down
continuously for 29,700 ms (29.7 seconds) before the system activates a standby
link or restores the primary link.

3: If the carrier signal is lost, the active interface is changed to another standby
interface. An Address Resolution Protocol (ARP) is sent to indicate that the data
must flow to the new interface. The interface can be on the same switch, on a
different switch, or directly connected.

PowerProtect DD Network Interface Administration - Participant Guide

Page 32 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Creating a Bonded Interface for Link Failover

Create a bonded interface for link failover to serve as a container to associate the
links that participate in failover. The failover-enabled bonded interface represents a
group of secondary interfaces, one of which can be specified as the primary. The
system makes the primary interface the active interface whenever the primary
interface is operational. A configurable Down Delay failover option allows you to
configure a failover delay18 in 900-millisecond intervals.

Step One

Select Hardware > Ethernet > Interfaces. In the interfaces table, disable the
physical interface19 to which the bonded interface is to be added by clicking No in
the Enabled section.

If an error is displayed warning about the dangers of disabling the interface, verify
that the interface is not in use and click OK.

18 The failover delay guards against multiple failovers when a network is unstable.

19 A physical network interface that is part of a virtual interface is seen as disabled

for other network configuration options. Each physical interface can belong to one
virtual interface. The number and type of cards that are installed on the system
determines the number of physical Ethernet interfaces available.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 33

Link Failover and Aggregation

Step Two

From the Create menu, select Virtual Interface.

PowerProtect DD Network Interface Administration - Participant Guide

Page 34 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Step Three

In the Create Virtual Interface dialog box, specify a bonded interface name in the
veth box20. In the Bonding Type list, select Failover as the bonding type.

Select the interfaces to be part of the failover configuration by selecting the

checkboxes next to the interface. Bonded interfaces21 must be created from
identical physical interfaces and only one interface group can be active at a time.

Click NEXT.

20 Enter a bonded interface name in the form vethx, where x is a unique ID

(typically one or two digits). A typical full bonded interface name with VLAN and IP
Alias is veth56.3999:199. The maximum length of the full name is 15 characters.
Special characters or alphabetical characters are not allowed. (Only "veth", ".", and
":" only decimal numbers are allowed).

21 All interfaces in a bonded interface must be on the same physical network.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 35

Link Failover and Aggregation

Physical network interfaces or virtual

link aggregation interfaces can be
added to a link failover interface.

Step Four

Specify and IP address and Netmask. Specify MTU setting. The default setting is
1500. Enter a different setting22 if needed.

22Ensure that all of your network path components support the size set with this
option.

PowerProtect DD Network Interface Administration - Participant Guide

Page 36 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Click Next.

Step Five

In the IP settings, enter an IP address and netmask for the virtual interface. If
necessary, configure the MTU Settings. Verify the MTU settings with the network
administrator before modifying the configuration. Click Next.

A summary panel of the configuration is displayed, review the configuration and

click Finish. Once the process completes, click OK.

The CLI can also be used to configure link failover.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 37

Link Failover and Aggregation

PowerProtect DD Network Interface Administration - Participant Guide

Page 38 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

CLI for Configuring Link Failover

net disable ifname Disables the interfaces.

net create interface virtual Creates virtual interface, dd

vethid interfaces to the Dynamic DNS
net ddns add {ifname-list all | (DDNS) registration list.
ifname interface-hostname}
hostname

net failover add virtual ifname Add interfaces to a failover bonded

interfaces ifname-list [primary interface. Note that you can add an
ifname] [up {time | default}] aggregated interface to a failover
[down {time | <default>}] interface.

net config ifname up Enables bonded interface.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 39

Link Failover and Aggregation

Link Aggregation Overview

Link aggregation increases network throughput and treats a bundle of multiple

network links as a single path. Each added physical network link increases network
throughput by the speed of the link23. The link aggregation24 feature is between the
local system and the connected network device. The device connected to the
PowerProtect DD system can be a switch, router, server, or client.

veth 1
eth1a Port
eth2a Port 2
eth3a Port 3

Connected
Link Aggregation
Devices
Bundle

A bonded network interface must be created in order for link aggregation to work.
The system uses this bonded interface25 as an access point for the link aggregation
bundle.

23For example, three 10-Gbps links can be bundled together (aggregated) to

provide 30 Gbps of potential throughput.

24Link aggregation also provides link failover. If one of the physical network links in
the bundle should fail, the other links continue to service the network connection.

25When you create the bonded network interface, you identify how the bonded
(bundled) links are used. In this case, the bonded interface is used to aggregate

PowerProtect DD Network Interface Administration - Participant Guide

Page 40 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Link aggregation provides improved network performance and resiliency by using

one or more network interfaces in parallel, increasing the link speed and reliability
over that of a single interface. These guidelines are provided to help you optimize
your use of link aggregation.

Link Aggregation Guidelines

Link aggregation performance is impacted by link and switch speed, the amount of
information the system can process, out-of-order packets, the number of clients,
and the number of streams.

• The speed of the network switch or network link26

impacts performance when the amount of data has exceeded the
capacity of the switch.
• Out-of-order packets can impact performance due
to the processing time required to reorder the packets. Round
robin link aggregation mode27 could result in packets arriving at
the destination out-of-order.

multiple physical links and make them appear as a single network connection. You
can create as many bonded interfaces as there are physical interfaces.

26The network switch can handle the speed of each connected link. If all packets
are coming from several ports that are concentrated on one uplink running at
maximum speed, it may lose some packets. Usually, this means you can use only
one switch for port aggregation coming out of a PowerProtect DD system. Some
network topologies support link aggregation across multiple switches.

27The receiving device must reorder the data stream. This adds overhead that may
impact the throughput speed enough that the link aggregation mode causing the
out-of-order packets should not be used.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 41

Link Failover and Aggregation

• The number of clients can also impact performance. Usually, either the physical
or operating system resources cannot drive data at multiple Gbps.28
• Enable aggregation on an existing bonded interface by specifying the physical
interfaces and mode.
• The number of streams (connections) per client can impact link utilization
depending on the hashing used.
• Make interface changes29 only during scheduled maintenance downtime
because routing rules and gateways are reapplied after interface changes.
• Enable aggregation on an existing bonded interface by specifying the physical
interfaces and mode.
• Bring up the bonded interface and make sure an IP address is on the interface
or an associated interface. The bonded interface may have VLANs and or
aliases on it, each with an IP address, and therefore does not need an IP
address directly on it to be fully
functional.

Warning: 1 GbE and 10 GbE interfaces cannot be aggregated

together.

28
Due to hashing limits, you may need multiple clients to push data at multiple
Gbps.

29 Verify the routing configuration is still correct after making interface changes.

PowerProtect DD Network Interface Administration - Participant Guide

Page 42 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Link Aggregation Considerations

Link aggregation provides improved network performance and resiliency by using

one or more network interfaces in parallel, thus increasing the link speed and
reliability over that of a single interface.

Link aggregation performance is impacted by:

Link and switch speed.30

The quantity of data the PowerProtect

DD can process.

30The speed of the network switch or network link impacts performance when the
amount of data has exceeded the capacity of the switch. Usually, a network switch
can handle the speed of each connected link. If all packets are coming from several
ports that are concentrated on one uplink running at maximum speed, it may lose
some packets. Usually, this means you can use only one switch for port
aggregation coming out of a PowerProtect DD system.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 43

Link Failover and Aggregation

Out-of-order packets.31

The number of clients.32

The number of streams.33

31Out-of-order packets can impact performance due to the processing time

required to reorder the packets. Round-robin link aggregation mode could result in
packets arriving at the destination out-of-order. The receiving device must reorder
the data stream. This adds overhead that may impact the throughput speed
enough that the link aggregation mode causing the out-of-order packets should not
be used.

32The number of clients can also impact performance. Usually, either the physical
or operating system resources cannot drive data at multiple Gbps. Also, due to
hashing limits, you need multiple clients to push data at multiple Gbps.

33The number of streams (connections) per client can impact link utilization
depending on the hashing used.

PowerProtect DD Network Interface Administration - Participant Guide

Page 44 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

It is recommended that you make interface changes only during scheduled

maintenance downtime because routing34 rules and gateways are reapplied after
interface changes.

Enable aggregation on an existing bonded interface35 by specifying the physical

interfaces and mode.

Tip: 1 GbE and 10 GbE interfaces cannot be aggregated together.

1 GbE copper and optical interfaces can be aggregated together.
10 GbE copper and optical interfaces cannot be aggregated together.

34 Verify the routing configuration is still correct after making interface changes.

35 Bring up the bonded interface and make sure an IP address is on the interface or
an associated interface. The bonded interface may have VLANs and or aliases on
it, each with an IP address, and therefore does not need an IP address directly on it
to be fully functional.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 45

Link Failover and Aggregation

Configuring Link Aggregation

To create a link aggregation bonded interface, follow these steps:

Step One

After verifying the device connected to the PowerProtect DD system support

compatible link aggregation bonding methods, go to the Hardware > Ethernet >
Interfaces tab.

Disable the physical Ethernet interfaces36 that you want to add to the aggregation
link by selecting the interfaces and choosing No from the Enabled menu.

If an error is displayed warning about the dangers of disabling the interface, verify
that the interface is not in use and click OK.

36 A physical network interface that is part of a virtual interface is seen as disabled

for other network configuration options. Each physical interface can belong to one
virtual interface.

PowerProtect DD Network Interface Administration - Participant Guide

Page 46 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Step Two

From the Create menu, select the Virtual Interface option. The Create Virtual
Interface dialog box is displayed. Specify a virtual interface name in the veth text
box.

From the General tab, select Aggregate as the bonding type. Specify the bonding
Mode. The bonding mode must be compatible with the link aggregation method
that is supported by the system that is directly connected to the physical interfaces
in the bundle. The available bonding modes are Round-robin37, Balanced38, and
Link Aggregation Control protocol (LACP).39

If the Bonding mode is LACP or Balanced, choose the bonding hash algorithm.

To add to the aggregate configuration, select an interface by selecting the check

box corresponding to the interface.

37 Round robin bonding mode is often used by Linux systems. It transmits packets
in sequential order from the first available link through the last link in the bundle.
Round Robin provides the best distribution across the bonded interfaces. Often,
this is the best bonding mode to use, but throughput can suffer because of packet
ordering.

38Balanced bonding mode sends data over the interfaces as determined by the
selected hash method. All associated interfaces on the switch must be grouped into
an EtherChannel (trunk). EtherChannel is the bonding method that is defined by
Cisco systems.

39LACP bonding mode is similar to Balanced, except for the control protocol that
communicates with the other end and coordinates which links in the bond are
available. It provides heartbeat failover. LACP was originally defined in IEEE
802.3ad. 802.3ad was incorporated into the IEEE 802.1AX-2008 specification
which was in turn superseded by IEEE 802.1AX-2014.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 47

Link Failover and Aggregation

Step Three

If the Bonding mode is LACP or Balanced, choose the bonding Hash algorithm.
The options are XOR-L2, XOR-L2L3, or XOR-L3L4

To add to the aggregate configuration, select an interface by selecting the check

box corresponding to the interface. The options are , , or .

Bonding Hash

Physical Interfaces

PowerProtect DD Network Interface Administration - Participant Guide

Page 48 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

Step Four

Enter an IP address and netmask for the virtual interface. If necessary, configure
the MTU. Verify the MTU settings with the network administrator before modifying
the configuration. Click Next. A panel with the summary of the configuration is
displayed, review the summary and click Finish. Once the interface is created,
click OK.

If there are any errors, review them and reconfigure the interface.

The CLI can also be used to configure link aggregation.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 49

Link Failover and Aggregation

CLI for Configuring Link Aggregation

net disable ifname Disables and configures member

physical network interfaces.

net modify virtual-ifname Change the behavior of the specified

bonding {aggregate | failover} virtual interface from aggregate to
failover or from failover to aggregate.

PowerProtect DD Network Interface Administration - Participant Guide

Page 50 © Copyright 2020 Dell Inc.

Link Failover and Aggregation

net aggregate add virtual- Add physical interfaces to an

ifname interfaces physical- aggregate bonded interface. Setting
ifname-list [mode {roundrobin | the mode40 is required on initial
balanced hash {xor-L2 | xor- configuration and when there is no
L3L4| xor-L2L3} | lacp hash default aggregate mode, but optional
{xor-L2 | xor-L3L4 | xor-L2L3} when adding interfaces to an existing
[rate {fast | slow}]} [up {time aggregate interface.
| default}] [down {time |
default}]

net config ifname up Enables bonded interface and verify

configuration.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

40Choose the mode compatible with the specifications of the system to which the
ports are attached. Balanced and LACP modes require a hash selection.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 51

VLAN and IP Alias Interfaces

PowerProtect DD Network Interface Administration - Participant Guide

Page 52 © Copyright 2020 Dell Inc.

VLAN and IP Alias Interfaces

Introduction to VLAN and IP Aliases

Administrators can control traffic patterns and react quickly to relocation using
VLANs. VLANs provide the flexibility to adapt to changes in network requirements
and simplify administration.

VLANs and IP aliases41 are two methods of managing network traffic:

• VLANs provide the segmentation services that are normally provided by routers
in LAN configurations.
• VLANs address issues such as scalability, security, and network management,
• Routers in VLAN topologies provide broadcast filtering, security, address
summarization, and traffic-flow management.
• Switches may not bridge IP traffic between VLANs.42

Partitioning a local network into several distinctive segments in a common

infrastructure that is shared across VLAN trunks provides a high level of security
with flexibility and a low cost.

41 IP aliasing is associating more than one IP address to a network interface. With

this, one physical or bonded interface on a system can have multiple IP addresses
to a network, each serving a different purpose.

42 This may violate the integrity of the VLAN broadcast domain.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 53

VLAN and IP Alias Interfaces

PowerProtect DD VLAN Interface Architecture

When you create a VLAN interface on a PowerProtect DD system, you are

essentially adding a 802.1Q tagged virtual port to a physical interface. All Ethernet
frames that are transmitted through the VLAN interface are tagged43 with the
assigned VLAN ID.

eth1 / 1.1.0.1/24
VLAN ID 200 Switch Port
Physical Configuration
Network Interface Virtual
Interface
Assign untagged
(eth 1) frames to VLAN 200

eth1.1/1.1.1.1/24
VLAN ID 1
VLAN Tag frames
destined for VLAN
1
Tag frames
eth1.2/1.1.2.1/24 destined for VLAN 2
VLAN ID 2

VLAN

Untagged Tagged
Mixed

43If frames are tagged with the appropriate VLAN ID, any frames that are received
by the physical interface are directed to the VLAN interface.

PowerProtect DD Network Interface Administration - Participant Guide

Page 54 © Copyright 2020 Dell Inc.

VLAN and IP Alias Interfaces

• No IP address is required on the underlying physical or bonded interface when

you create a VLAN interface.
• Unlike the VLAN interface, Physical and Bonded Interfaces require untagged
ports.
• Make sure to configure the connected switch to support both packet types and
all VLAN IDs configured on the physical interface.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 55

VLAN and IP Alias Interfaces

Configuring VLAN Interfaces

Step One

Navigate to the Hardware > Ethernet > Interfaces tab. In the interfaces table,
select the interface to which you want to add the VLAN.

Click Create menu, and select the VLAN option.

Step Two

In the Create VLAN panel, specify a VLAN ID by entering a number in the VLAN Id
field. The VLAN ID can be any number from 1 to 4094. Specify an IPv4 or IPv6
address along with the netmask or prefix. If needed, specify the MTU setting44 as
well.

44The VLAN MTU must be less than or equal to the MTU defined for the physical
or virtual interface to which it is assigned.

PowerProtect DD Network Interface Administration - Participant Guide

Page 56 © Copyright 2020 Dell Inc.

VLAN and IP Alias Interfaces

Specify Dynamic DNS Registration option. The Dynamic DNS (DDNS) is a

protocol that registers local IP addresses on a Domain Name System (DNS)
server.

Click NEXT.

If the MTU defined for the supporting physical or virtual interface is reduced below
the configured VLAN value, the VLAN value is automatically reduced to match the
supporting interface.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 57

VLAN and IP Alias Interfaces

Step Three

The Create VLAN summary page appears. Review all configurations settings and
click FINISH.

Important: VLAN interfaces are not supported on DDVE

implementations.

PowerProtect DD Network Interface Administration - Participant Guide

Page 58 © Copyright 2020 Dell Inc.

VLAN and IP Alias Interfaces

IP Aliases Overview

An IP alias assigns multiple IP addresses to a physical interface, a virtual interface,

or a VLAN. An IP alias interface45 does not operate as an independent interface.

DD Operating System,
does not generate
statistics46 for the IP
alias. The name of an IP
alias interface name is
derived from the base
interface and the IP
alias ID47, which the
system administrator
assigns.

The format of an IP alias

interface name is the
base interface name, followed by a colon character (:), followed by the IP alias ID.
Using this format as a reference, the ifname eth5a:35 references an IP alias
that is assigned to the physical interface and the IP alias ID is 35. The interface

45 The only function of an alias interface is to add multiple IP addresses to the base
interface.

46 Statistics are only provided for the base interface.

47 The total number of interfaces on a system is 100. However, the recommended

total number of IP aliases, VLAN, physical and bonded interfaces that can exist on
the system is 80. Although up to 100 interfaces are supported, as the maximum
number is approached, you might notice slowness in the display.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 59

VLAN and IP Alias Interfaces

name veth4:26 references an IP alias that is assigned to bonded interface 4 and

its alias ID is 26.

The IP alias interface name eth5a.82:162 is an IP alias that is assigned to VLAN

82, which in turn is assigned to physical interface eth5a and the IP alias ID is 162.
The acceptable IP alias ID values differ depending upon the user interface or CLI
command that is used to create the IP alias.

Tip: If you use the DD System Manager or the net create

interface command to create the IP alias, IP alias ID values from 1
to 4094 are supported. If you use the net config command, the IP
alias ID values from 1 to 9999 are supported. The recommended
maximum range of numbers are 1-999.

PowerProtect DD Network Interface Administration - Participant Guide

Page 60 © Copyright 2020 Dell Inc.

VLAN and IP Alias Interfaces

Configuring IP Aliases

To create and IP alias using the PowerProtect DD System Manager:

1. Navigate to the Hardware > Ethernet > Interfaces tab, and select the interface
to add the IP alias48. Click Create.
2. From the Create menu, select the IP Alias option.
3. Specify an IP alias ID49 by entering a number in the IP Alias Id box.
4. Enter an IPv4 and subnet mask or IPv6 address and prefix.

48 You can also choose an existing physical, VLAN, or virtual interface.

49 The IP alias ID must be a number from 1-4094. You cannot use the same IP
alias ID that already exist on this base interface. The CLI allows 1 to 9999.

IP alias name is eth0a:1 and this is a combination of base interface and IP alias
and alias ID.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 61

VLAN and IP Alias Interfaces

5. Specify Dynamic DNS Registration50 option. Click Next.

6. Once the system configures the IP alias, click OK.
7. Review the details from the newly configured IP alias in the interface table
located in the Hardware > Ethernet > Interfaces tab.

The Command Line Interface (CLI) can also be use to create an IP alias.

50 DNS is a protocol that registers local IP addresses on a DNS server.

PowerProtect DD Network Interface Administration - Participant Guide

Page 62 © Copyright 2020 Dell Inc.

VLAN and IP Alias Interfaces

Example of CLI for Configuring IP Aliases

With an admin or limited-admin role, you can create an IP alias. The base-ifname
parameter expects a physical, VLAN, or virtual interface name. The net config
command supports alias-id values from 1 to 9999. The alias-ID cannot be in use by
another alias. The net config command can be used to assign an IP alias to
physical, VLAN, and virtual interfaces. To destroy or delete an IP alias using the
net config command, assign it an IP address of 0.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 63

VLAN and IP Alias Interfaces

CLI Command Description

net config <base-ifname>:<alias-id> Creates an IP alias

<ipaddr> netmask <mask>

net config <base-ifname>:<alias-id> Creates an IP alias for

<ipv6addr/prefix> IPv6.51

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

An alias interface does not operate as an independent interface.

DD OS generates statistics and supports additional
configuration settings only for a base interface. The only
function of an alias interface is to add an additional IP address to
the base interface.

51 Specify an IPv6 address for the interface. The dhcp option must be set to no to
support manual IP address configuration. The dhcp option is automatically set to no
if a static address is set.

If an IPv6 address is specified, there is no associated netmask. Instead, a prefix

length is used to determine the subnet. The default prefix length is 64. To use a
prefix length different from 64, it must be specified with the address by adding a
forward slash followed by a number. For example, if the prefix length is 52, the
notation is: 2026:3456:cafe::f00d:1/52.

PowerProtect DD Network Interface Administration - Participant Guide

Page 64 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 65

Configuring Fibre Channel

Fibre Channel Connection Overview

Before you can start to configure a Fibre Channel connection for the PowerProtect
DD system, you must verify some things.

Fibre Channel

Switch

Server

PowerProtect DD

✓ Is the FC switch properly zoned and communicating with the FC server and the
PowerProtect DD?
✓ What name or alias must be applied to the server? This name is mapped to the
WWPN.
✓ What is the WWPN, IP address and FC slot and port?

PowerProtect DD Network Interface Administration - Participant Guide

Page 66 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Configuring Fibre Channel Hardware

Fibre Channel services, such as VTL and DD Boost, require the support of
underlying components. These components are grouped in the DD System
Manager (DDSM) under the hardware configuration section.

For Fibre Channel configuration, PowerProtect DD also supports Block Storage

Service (or vDisk52), which enables a PowerProtect DD system to expose its
storage devices on a SAN.

VTL Services DD Boost vDisk Service

Service
VTL Access Group DD Boost vDisk Access

Initiators

Endpoints

NPIV

Ports

HBA

52With the PowerProtect DD system, Dell EMC VMAX3/VMAX All Flash arrays
encapsulate PowerProtect DD storage devices and prepares them to be used as
the native VMAX storage devices for data protection solutions (for example,
ProtectPoint).

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 67

Configuring Fibre Channel

Fibre Channel services require support from many Fibre Channel hardware
components.

• HBA
• FC Ports
• NPIV (Optional)
• Endpoints
• Initiators
• Access groups

Important: When using NPIV, it is recommended that you use only

one protocol (that is, DD VTL Fibre Channel, DD Boost over Fibre
Channel, or vDisk Fibre Channel) per endpoint. For failover
configurations, secondary endpoints should also be configured to
have the same protocol as the primary.

PowerProtect DD Network Interface Administration - Participant Guide

Page 68 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Fibre Channel Status

To check on the status of the Fibre Channel, from the DDSM go to Hardware >
Fibre Channel page. Then you can review the Fibre Channel status that is shown
at the top of the page.

The Fibre Channel status can only be changed through the Command Line
Interface (CLI).

Important: If you are using DD System Manager, the SCSI target

daemon is automatically enabled when you enable the DD Boost-
over-FC service.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 69

Configuring Fibre Channel

Command Line Interface for Fibre Channel

Here are CLI commands that enable or disables the Fibre Channel status.

scsitarget enable Enables the SCSI target subsystem. Role required: admin,
limited-admin.

scsitarget disable Disables the SCSI target subsystem. Role required:

admin, limited-admin

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

PowerProtect DD Network Interface Administration - Participant Guide

Page 70 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Fibre Channel Port Overview

Ports53 are discovered and a single endpoint is automatically created for each port,
at startup. The properties of the base port depend on whether NPIV is enabled.

In non-NPIV mode, ports use the same properties as the endpoint, that is, the
WWPN for the base port and the endpoint are the same. In NPIV mode, the base
port properties are derived from default values. A new WWPN is generated for the
base port and is preserved to enable consistent switching between NPIV modes54.

When you enable an FC port, any endpoints using that port are also enabled. If the
failback-endpoints feature is used, any Failover endpoints that use this port for their
primary system address may be failed-back to the primary port from the secondary
port.

Disabling one or more SCSI target ports also disables any endpoints using that
port. If specified, the failover configured endpoints55 that use one or more target
ports as their primary system address are failed-over if the secondary port is
available.

53 Ports must be enabled before they can be used.

54 NPIV mode supports multiple endpoints per port.

55Endpoints that are disabled by an administrative operation prior to a port being

disabled are remembered as manually disabled. This state is restored when that
port is later enabled.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 71

Configuring Fibre Channel

• Ports discovered at startup: A single endpoint automatically created for each

port.
• NPIV:
• Disabled : fc port, associated endpoints, same WWPN.
• Enabled: fc port, associated endpoints, different WWPN.
• Enable:
• Endpoints using port also enabled.
• Endpoints failed-back if configured.
• Disable:

• Endpoints using port also disabled.

• Endpoints failed-back if configured.

PowerProtect DD Network Interface Administration - Participant Guide

Page 72 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Managing Fibre Channel Ports

Step One

To review the configuration of Fibre Channel (FC) ports, go to the Hardware >
Fibre Channel > Resources tab. Review the configuration summary table56 then
select a port. From the port that is selected review the configuration details57 in
Port Details.

56The summary information includes the System Address, WWPN, WWNN, and
enabled status. Also included are the NPIV status, the Fibre Channel Link status,
operation status, and the number of endpoints configured on the system.

57 The detailed information section shows the Fibre Channel HBA Model, installed
firmware version number, port id, link speed, topology, and connection type.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 73

Configuring Fibre Channel

Step Two

To enable a FC port, navigate to the Hardware > Fibre Channel page, select
More Tasks > Ports > Enable to select the target ports58.

Select one or more ports from the list and select Next. Click Enable to enable the
port(s). Once complete, select Close59 to dismiss the Enable Ports Status dialog
box.

Step Three

The DD System Manager (DDSM) provides two methods to select and disable FC
ports. Navigate to the Hardware > Fibre Channel > Resources tab, and select

58If all ports are already enabled, a message to that effect is displayed otherwise
the Enable ports dialog box is displayed.

59Click Close if you do not wish to wait for the port enable process to complete.
The dialog box eventually displays a completion message

PowerProtect DD Network Interface Administration - Participant Guide

Page 74 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

More Tasks > Ports > Disable to select the target ports. If all ports are already
disabled, a message to that effect is displayed otherwise the Disable Ports dialog
box is displayed.

Select one or more ports from the list and click Next. Wait for the disable process
to complete and select Close to dismiss the Disable Ports Status dialog box.

The Command Line Interface (CLI) command scsitarget port disable can
also be used. Refer to the Dell EMC DD OS Command Reference Guide for more
details.

Step Four

Navigate to Hardware > Fibre Channel > Resources tab, and select the port to
configure. Then select the pencil icon, show here as a pencil.

In the Configure Port dialog, select whether to automatically enable or disable

NPIV for this port. This option can only be modified if NPIV is globally enabled.

In the Topology, select Default, Loop Only, Point to Point, or Loop Preferred.
For the Speed select 1,2,4,8, or 16 Gbps, or auto. Click OK.

Once the configuration process completes, click Close.

The Command Line Interface (CLI) command, scsitarget port modify can
also be used. Refer to the Dell EMC DD OS Command Reference Guide for more
details.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 75

Configuring Fibre Channel

PowerProtect DD Network Interface Administration - Participant Guide

Page 76 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Enabling and Disabling NPIV

To enable NPIV60:

1. Go to the Hardware > Fibre Channel page.

2. Next to NPIV: Disabled, select Enable. In the Enable NPIV dialog box, you are
warned that all Fibre Channel ports must be disabled before NPIV can be
enabled.
3. Review and correct any configuration error messages.
4. Monitor the Enable NPIV Status dialog box as the NPIV gets enabled. Click
Close upon a successful completion.

To disable NPIV:

1. Go to the Hardware > Fibre Channel page.

2. Next to NPIV: Enable, select Disable.

60N_Port ID virtualization (NPIV) is a technology that defines how multiple virtual

servers can share a single physical Fibre Channel port identification (ID).

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 77

Configuring Fibre Channel

3. Review and correct any configuration error messages.

4. Monitor the Disable NPIV Status dialog box as the NPIV gets disabled. Click
Close.

Warning: Before you can disable NPIV, you must not have any ports
with multiple endpoints.

PowerProtect DD Network Interface Administration - Participant Guide

Page 78 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Configuring Fibre Channel Endpoints

Reviewing FC Endpoints

To review the configuration of Fibre Channel endpoints:

1. Go to the Hardware > Fibre Channel > Resources tab. Click the (>) to expand
the endpoint configuration summary table.
2. Review the configuration summary table. Select an endpoint to view the
summary details61.

Endpoint configuration
summary

61 The summary information includes the endpoint name, WWPN, WWNN, system
address in use, enabled status, and link status. The detailed information section
shows the primary system address, secondary system address and if FCP2 Retry
is enabled.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 79

Configuring Fibre Channel

Enabling/Disabling FC Endpoints

If in non-NPIV mode, enabling an endpoint also enables the underlying port if it is

disabled. In NPIV mode, only the endpoint is enabled.

1. On the Hardware > Fibre Channel page, select More Tasks > Endpoints >
Enable.
2. In the Enable Endpoints dialog box, select one or more endpoints from the list,
then click Next.
3. Confirm all endpoints are correct and click Next. The Enable Endpoint Status
box is displayed. Select Close when the process completes.

If in non-NPIV mode, disabling an endpoint also disables the underlying port if it is

enabled. In NPIV mode, only the endpoint is disabled.

1. Navigate to Hardware > Fibre Channel page, select More Tasks > Endpoints
> Disable. If all endpoints are already disabled, a message to that effect is
displayed.
2. In the Disable Endpoints dialog, select one or more endpoints from the list,
click Next.
3. Confirm the endpoints are correct. If the endpoint is associated with an active
service, a warning is displayed. Select Disable and the Disable Endpoint
Status dialog box appears.
4. Monitor the status of the Disable Endpoint process and select Close when the
process completes.

PowerProtect DD Network Interface Administration - Participant Guide

Page 80 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Configure FC Endpoints

To configure a FC Endpoint:

1. Navigate to the Hardware > Fibre Channel > Resources tab and select the
plus sign (+) to expand the endpoint configuration summary table.
2. Click the green plus icon to open the Add endpoint dialog box62.
3. For Endpoint Status, select Enabled or Disabled.
4. If NPIV is enabled, select a Primary system address from the drop-down list.
The primary system address must be different from any secondary system
address63.
5. If the endpoint cannot be created, an error is displayed. If there are no errors,
the system proceeds with the endpoint creation process.

Monitor the system as the endpoint is created. The system notifies you when
the endpoint creation process has completed.

62 In the Add Endpoint dialog, enter a Name for the endpoint. The endpoint name
can be from 1 to 128 characters in length. The field cannot be empty or be the word
"all,” and cannot contain the characters asterisk (*), question mark (?), front or back
slashes (/, \), or right or left parentheses (,).

63 The secondary address is used for fail over operations

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 81

Configuring Fibre Channel

Add
Endpoint

Deleting an Endpoint

You may want to delete an endpoint if the underlying hardware is no longer

available. However, if the underlying hardware is still present, or becomes
available, a new endpoint for the hardware is discovered automatically and
configured based on default values.

1. Navigate to the Hardware > Fibre Channel > Resources tab and select the
plus sign (+) to expand the endpoint configuration summary table.
2. Select the endpoint(s) you wish to delete from the system.
3. Select the delete icon represented by a red X. This icon is not active unless an
endpoint is selected. The Delete Endpoint dialog box is displayed. If an
endpoint is in use, you are warned that deleting it might disrupt the system.
4. Verify the endpoints listed in the Delete Endpoint dialog box are correct. Click
Delete.

PowerProtect DD Network Interface Administration - Participant Guide

Page 82 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Delete an
Endpoint

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 83

Configuring Fibre Channel

Fibre Channel Initiator Overview

A Fibre Channel (FC) initiator64 is the device that starts a SCSI session and sends
SCSI commands. The initiator is usually a backup server.

The worldwide port name (WWPN) assigned to an initiator's HBA port is needed to
identify an initiator to the PowerProtect DD system.

An initiator name65 is an alias66 that maps to an initiator's WWPN.

An initiator can be configured to support DD Boost over FC or VTL, but not both. A
maximum of 1024 initiators can be configured for a PowerProtect DD system.

64 On the PowerProtect DD system, you must identify the initiators that are allowed
to control the system through SCSI commands.

65 The PowerProtect DD system uses the initiator name to interface with the
initiator for VTL activity.

66Initiator aliases are useful because it is easier to reference a name than an eight-
pair WWPN number when configuring the system, including access groups.

PowerProtect DD Network Interface Administration - Participant Guide

Page 84 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Configuring Fibre Channel Initiators

Reviewing FC Initiators

To review the configuration of the Fibre Channel initiators, follow this process:

1. Select the Hardware > Fibre Channel > Resources tab.

2. Click the arrow (>) next to the initiator section to expand the initiator
configuration summary table.
3. Review the configuration of the initiators.

Command Line Interface (CLI) commands can also be used.

Add A FC Initiator

To add an initiator to provide a Fibre Channel backup client with the ability to
connect to the PowerProtect DD system:

1. Navigate to Hardware > Fibre Channel > Resources tab, begin the Initiator
Add process by selecting the (>) to expand the Initiators configuration
summary table if necessary.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 85

Configuring Fibre Channel

2. Under Initiators, select (+ sign).

3. In the Add Initiator dialog, enter the WWPN for the device to be added to the
system. Use the format shown in the field. Enter a Name for the initiator. This
name is also called an Alias.
4. Select the Address Method67. Click OK.

CLI commands are the following:

• # scsitarget group add <My_Group> initiator <My_Initiator>

Add an initiator

Deleting an FC Initiator

To delete a FC initiator:

1. Navigate to the Hardware > Fibre Channel > Resources tab and select the (>)
to expand the initiator configuration summary table.
2. Verify the target initiator if offline and not a part of any access group. Otherwise,
you will get an error message and the initiator will not be deleted. 68

67 Auto is used for standard addressing. Volume Set Addressing (VSA) is used
primarily for addressing virtual buses, targets, and LUNs.

PowerProtect DD Network Interface Administration - Participant Guide

Page 86 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

3. Select the target initiator from the initiator configuration summary table.
4. Click the trash can icon.

A warning is provided in the Initiator Delete dialog box. Read the warning and Click
OK if you wish to proceed. Otherwise, click Cancel. After the process complete,
click OK.

Delete an Initiator

68You must delete all initiators in an access group before you can delete the
access group. If an initiator remains visible, it may be automatically rediscovered.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 87

Configuring Fibre Channel

CLI for Reviewing FC Initiators

With an admin or limited-admin role, you can import tapes using the following
command:
• scsitarget initiator show list
• scsitarget initiator show detail

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters.

PowerProtect DD Network Interface Administration - Participant Guide

Page 88 © Copyright 2020 Dell Inc.

Configuring Fibre Channel

Introduction to Access Groups

Access groups identify initiator and drives, changers, and LUNs they are permitted
to use.

• Initiators can read/write to devices in the same access group.

• Initiators can only belong to one access group69.
• Initiators assigned to DD Boost access groups cannot be assigned to VTL
access groups on same system.

Warning: Avoid making access group changes during a backup or

restore operations.

69 Up to 64 devices can be in one group.

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 89

PowerProtect DD Network Interface Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 90

POWERPROTECT DD
CIFS AND NFS
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

Common Internet File System .................................................................................. 3

CIFS Status ......................................................................................................................... 4
Managing Shares ................................................................................................................. 6
CIFS Configuration ............................................................................................................ 13
Active Directory Authentication .......................................................................................... 15
Accessing a CIFS Share .................................................................................................... 16
Monitoring CIFS ................................................................................................................. 18

Network File System ................................................................................................ 20

NFS Overview.................................................................................................................... 21
NFS Status ........................................................................................................................ 22
NFS Exports ...................................................................................................................... 23
Kerberos Configuration ...................................................................................................... 27
Monitoring NFS .................................................................................................................. 29

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page ii © Copyright 2020 Dell Inc.

Common Internet File System

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 3

Common Internet File System

CIFS Status

In the DD System Manager, the Protocols > CIFS > Configuration page indicates
CIFS status. It can be enabled or disabled. Users with administrative privileges can
perform major CIFS operations such as enabling and disabling CIFS, setting
authentication, managing shares, and viewing configuration and share information.
CIFS clients write data to a share.

Backup servers that perform backup and restore operations using the CIFS
protocol need access to /data/col1/backup directory if no other backup
locations are created.

For administrative tasks, such as retrieving core and logfiles, the /ddvar directory
is used as a CIFS share.

The Protocols > CIFS > Configuration page enables you to perform CIFS
operations such as enabling and disabling CIFS, setting authentication, managing
shares, and viewing configuration and share information.

You can also manage CIFS using the CLI commands.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 4 © Copyright 2020 Dell Inc.

Common Internet File System

Manage CIFS Using CLI Commands

You can also manage CIFS backup and restores using the command line interface
(CLI). The cifs command contains all the options to manage CIFS backup and
restores between Windows clients and PowerProtect DD systems. Among other
functions, the cifs command can enable, disable, restart, and show the status of
CIFS. For complete information about the cifs command, see the DDOS
Command Reference Guide.
• cifs enable - The CIFS server starts listening on port 445. Role required:
admin, limited-admin
• cifs disable - The CIFS server starts listening on port 445. Role required:
admin, limited-admin
• cifs restart - Restarts all CIFS services. Role required: admin, limited-
admin.
• cifs status - Show status of CIFS: enabled or disabled. Role required:
admin, limited-admin, user, backup-operator, security, none.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 5

Common Internet File System

Managing Shares

A share enables a CIFS client to back up files to a specified directory.

Using the DD System Manager, navigate to Protocols > CIFS > Shares page you
can create, modify, delete, enable, and disable CIFS shares. Using these
commands require admin or limited-admin roles.

Access to the /data/col1/backup and the /ddvar directories is often

configured during the initial configuration of the PowerProtect DD system.

The /data/col1/backup directory is not the only location for backup data.
However, it is the only backup location that exists on a system by default.

You can view detailed share information within the Shares tab.

You can also create, modify, enable, or disable shares by using the command line
interface..

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 6 © Copyright 2020 Dell Inc.

Common Internet File System

Creating a Share

To create a CIFS share in the DD System Manager, go to Protocols > CIFS >
Shares > Create.

A PowerProtect DD system supports a maximum number of 3000 CIFS shares.

The share name can be a maximum of 80 characters1.

Client access must be assigned2.

Do not mix3 an * with client names or IP addresses.

1 Characters included cannot contain any spaces or special characters like / ? “ <> ;
, = or extended ASCII characters.

2 To make a share available to all clients, use the wildcard *. To make the Share
available to only specific clients, use the client name or IP address. It is not
required to use both the name and the IP address.

3 When an * is present in the list, any other client entries are not used.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 7

Common Internet File System

In the Max Connections field, the default value4 is Unlimited.

You can also create CIFS shares using the command line interface.

Create a CIFS Share Using CLI Commands

You can also create CIFS shares using the command line interface (CLI). The
cifs share command contains all the options to manage CIFS shares. Among
other functions, the cifs share command can create, destroy, enable, disable,
modify, and show the configurations of CIFS shares. For complete information
about the cifs share command, see the DDOS Command Reference Guide
located at dell.com/support.
• cifs share create - Creates a new share. Role required: admin, limited-
admin.
• cifs share destroy - Deletes a share. Role required: admin, limited-admin.

4A value of zero entered in the adjacent option would have the same effect as
Unlimited. Remember that there is a limit of up to 600 simultaneous connections,
depending on the specific PowerProtect DD system memory.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 8 © Copyright 2020 Dell Inc.

Common Internet File System

• cifs share disable - Disables a share. Role required: admin, limited-

admin.
• cifs share enable - Enables a share. Role required: admin, limited-admin.
• cifs share modify - Modifies a share configuration. Role required: admin,
limited-admin.
• cifs share show - Display share configurations for all shares, or for a
specified or custom share, as well as shared access control lists. Role required:
admin, limited-admin, user, backup-operator, security, none.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 9

Common Internet File System

Detailed Share Information

ADMIN share detailed information

Wildcard access

Detailed information is displayed in the DDSM under Protocols > CIFS > Shares
and selecting a share5.

The number of supported CIFS connections6 is based on your PowerProtect DD

system's memory.

Wildcard access7 to /data/col1/backup is assigned by default to all clients,

users, and groups.

5In this example, the share ADMIN is selected and the Detailed Information is
displayed.

6 The DDOS supports a maximum of 600 simultaneous connections as long as

there is sufficient memory in the system.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 10 © Copyright 2020 Dell Inc.

Common Internet File System

The share name does not need to match the directory name.8

Manage CIFS Shares Using CLI Commands

You can also manage CIFS shares using the command line interface. The cifs
command contains all the options to manage CIFS backup and restores between
Windows clients and PowerProtect DD systems. Among other functions, the cifs
command can create and modify a share, and show the status of CIFS. For
complete information about the cifs command, see the DDOS Command
Reference Guide located at support.emc.com.
• cifs share create - Creates a new share. Role required: admin, limited-
admin.

7 You can alter access settings in the Modify tab.

8 Here, the share backup is the same name as the directory backup. It does not
need to be the same name if there is a preference. For example, you may create a
path /data/col1/backup2 but prefer to call the share that points to backup2 as HR
for easier identification of the specific share assignment.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 11

Common Internet File System

• cifs share modify - Modifies a share configuration with the same

configuration options as the cifs share create option, except for its path.
Role required: admin, limited-admin.
• cifs status - Show status of CIFS: enabled or disabled. Role required:
admin, limited-admin, user, backup-operator, security, none.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 12 © Copyright 2020 Dell Inc.

Common Internet File System

CIFS Configuration

Default CIFS
authentication settings

In the DD System Manager, the Protocols > CIFS > Configuration page enables
you to view or modify the default CIFS authentication settings. If the settings must
be changed, click the Configure Options button.

The Configure Options dialog box enables you to modify three areas:

• Restrict Anonymous Connections9

9 The default is disabled. Check Enable to restrict anonymous connections.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 13

Common Internet File System

• Log Level 10
• Server Signing11

Server Signing12 is a security mechanism in the CIFS protocol and is also

known as security signatures.

10Options are 1 through 5. One is the default system level that sends the least-
detailed level of CIFS-related log messages, five results in the most detail. Log
messages are stored in the file /ddvar/log/debug/CIFS/CIFS.log. The higher the
log level, the more likely it is to degrade system performance. Click Default to set
the level back to 1.

11The options are Enabled, Disabled, and Required. The default is Disabled.
This feature is disabled by default because it degrades performance. When
enabled, it can cause a 29 percent (reads) to 50 percent (writes) throughput
performance drop, although individual system performance varies.

12 Server Signing improves the security of the CIFS protocol by having the
communication that is digitally signed at the packet level. This enables the recipient
of the packets to confirm their point of origin and authenticity. This security
mechanism in the CIFS protocol helps avoid issues like tampering of packets. If the
packet is changed from the original packet that was sent by a CIFS client, the
system marks it as invalid.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 14 © Copyright 2020 Dell Inc.

Common Internet File System

Active Directory Authentication

PowerProtect DD systems can use Microsoft Active Directory pass-through

authentication for users and servers.13

For optimal security, we recommend you have Kerberos configured14.

Set the PowerProtect DD authentication parameters for working with CIFS.15

13Configuring Active Directory authentication makes the PowerProtect DD system

part of a Windows Active Directory realm. Administrators can enable certain
domains and groups of users to access files that are stored on the system.

14PowerProtect DD systems support Microsoft Windows NT LAN Managers

NTLMv1 and NTLMv2. However, NTLMv2 is more secure and is intended to
replace NTLMv1.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 15

Common Internet File System

Accessing a CIFS Share

For administrative or troubleshooting purposes, it is possible to access a

PowerProtect DD CIFS share from Microsoft Windows Explorer.

15
In the DD System Manager, go to Protocols > CIFS. Click Configure in the
Configuration tab. The system navigates to the Administration > Access >
Authentication where you can configure authentication for Active Directory.

A Windows key distribution server requires the realm name and credentials for
Active Directory authentication.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 16 © Copyright 2020 Dell Inc.

Common Internet File System

From a Windows client, access a CIFS share by following these steps:

1. Navigate to Tools > Map Network Drive.
2. Select a drive letter.
3. Type in the path to the shared folder.
4. Optionally, check the Reconnect at login check box.
5. Check the Connect using a different user name check box.
6. Click Finish.
7. In the Connect As dialog box, enter appropriate user credentials for the Data
Domain system and click OK.

The new drive window is displayed.

Most backup applications that establish CIFS connections to the PowerProtect DD
system use a UNC (\\dd_hostname\share_name). Consult documentation for
the specific backup application for more details.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 17

Common Internet File System

Monitoring CIFS

In the Protocols > CIFS page you can monitor CIFS connection information
regarding the number of open connections, open files, connection limit, and open
files limit per connection.

In the Sessions area of the Connection Details dialog box, you can view several
statistics for CIFS connections.
• Computer displays the IP address or computer name that is connected with the
PowerProtect DD system for the session.
• User indicates the user operating the computer and connected with the
PowerProtect DD system.
• Open Files shows the number of open files for each session.
• Connection Time shows the connection length in minutes.
• Idle Time is the time since last activity of the user.

The Open Files area of the Connection Details window contains additional
information about CIFS connections.
• User shows the name of the computer and the user on that computer.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 18 © Copyright 2020 Dell Inc.

Common Internet File System

• Mode, displays the following values and each value has a corresponding
permission: 0 – No permission, 1 – Execute, 2 – Write, 3 – Execute and Write, 4
– Read, 5 – Read and Execute, 6 – Read and Write, and 7 – All Permissions.
• Locks displays the number of file locks, if any.
• Files displays the file location.

You can also display connection details using CLI commands.

Monitoring CIFS Through the Command Line

The CLI can be used to monitor CIFS activity. The following commands can be
used:

• cifs show stats -

displays basic statistics on CIFS
activity and performance.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 19

Network File System

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 20 © Copyright 2020 Dell Inc.

Network File System

NFS Overview

The Network File System (NFS)16 is a distributed file system protocol. NFS enables
a user on a client computer to access files over a network in a manner similar to
how local storage is accessed. NFS, like many other protocols, builds on the Open
Network Computing Remote Procedure Call (ONC RPC) system.

Network File System (NFS) clients can have access to the system directories or
MTrees on the PowerProtect DD system17.

The default destination directory18 for deduplicated backup server data is

/data/col1/backup.

For administrative tasks, such as retrieving core and logfiles, /ddvar should be
available as an NFS mount point.

16The Network File System is an open standard that is defined in RFCs, enabling
anyone to implement the protocol.

17The /ddvar directory contains PowerProtect DD system, core, and logfiles.

The /data/col1/backup folder is the default destination for deduplicated backup
data.

18Backup servers using the NFS protocol need access to this directory if no other
backup locations have been created on the PowerProtect DD system

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 21

Network File System

NFS Status

To check the status of NFS in DD System Manager (DDSM), go to Protocols >

NFS. If NFS is disabled, click Enable for either NFS v3, NFS v4, or both.

You can also check status, enable, and disable NFS using CLI commands.

NFS Status Through the Command Line

In the CLI, the command nfs status indicates whether NFS is enabled or
disabled. If it is not active, nfs enable starts the NFS server.

• nfs status -
Indicates whether the NFS system is
operational. Role required: admin,
limited-admin, user, backup-operator,
security.
• nfs enable - Allows
all NFS-defined clients to access the
protection system. Role required:
admin, limited-admin
• nfs disable - Disables the NFS server, effectively disabling access from the
clients. Role required: admin, limited-admin.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 22 © Copyright 2020 Dell Inc.

Network File System

NFS Exports

An export must be created and must specify the path (directory)19 that NFS clients
can access.

The Status column validates the path that is specified.

A PowerProtect DD system supports a maximum number of 128 NFS exports and

enables 900 simultaneous connections.

Client access to each export is assigned and removed from each export
separately20.

19 The /ddvar directory contains PowerProtect DD system, core, and logfiles.

The /data/col1/backup folder is the default destination for deduplicated backup

data.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 23

Network File System

You should consider these additional client access rules21.

You can create NFS exports in the DD System Manager:

1. Click Protocols > NFS > Create.

2. Click Next. The Add Clients window appears. Click here to view an enlarged
view of the Add Clients window.
3. Select the export options you want to apply. Choose the NFS versions you want
to use, permissions, connection port range, anonymous mapping, and Kerberos
authentication.
4. Click Next to complete the export path.

You can also manage NFS exports using CLI commands.

20For example, a client can be removed from /ddvar can still have access to
/data/col1/backup.

21 • A single asterisk (*) as a wildcard indicates that all backup servers are used as
clients.

• Clients given access to the /data/col1/backup directory have access to the

entire directory.

• Clients given access to a subdirectory under the /data/col1/backup have access

only to that subdirectory.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 24 © Copyright 2020 Dell Inc.

Network File System

Add Clients - Close-Up

NFS Export Options

The default options for the export path are:

• rw - Enable read and write permissions (default value)
• no_root_squash - Turn off root squashing
This is the default value. Root squash is a reduction of the access rights for the
remote superuser, the “root,” when using authentication. It is a feature of NFS.
So “no_root_squash” means that the administrator has complete access to the
path, the Export.
• no_all_squash - Turn off the mapping of all user requests to the anonymous
uid/gid (default value)
• secure - Require that requests originate on an Internet port that is less than
1024. Kerberos uses port 88
• nolog - The system will not log NFS requests. If enabled, this option may
impact performance

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 25

Network File System

NFS Exports Using the Command Line

You can use the command line to manage NFS exports. Use the following
commands:

The minimum role required for these commands is admin. Consult the DDOS
Command Reference Guide for more detailed information and specific syntax.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 26 © Copyright 2020 Dell Inc.

Network File System

Kerberos Configuration

Click here to configure

Kerberos

Kerberos is an authentication protocol that works based on “tickets22” to enable

nodes communicating over a nonsecure network.

Kerberos uses UDP port 88 by default. It can be configured in the DD System

Manager from the NFS window.

Click Configure to open Adminstration > Access > Authentication to view

authentication details.

22A Kerberos ticket is a certificate issued by an authentication server, encrypted

using the server key.

Kerberos tickets prove their identity in a secure manner. Both the client and the
server verify the identity of each other.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 27

Network File System

Kerberos Authentication

The authentication screen displays after selecting Kerberos Mode Configure from
the NFS screen in the DD System Manager.

There are three options available when enabling Kerberos authentication:

• If you select Disabled, NFS clients do not use Kerberos authentication and
CIFS clients default to Workgroup authentication.
• If you select Windows/Active Directory, both NFS and CIFS clients use
Kerberos authentication.
• If you select UNIX, only NFS clients use Kerberos authentication. CIFS clients
default to Workgroup authentication.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 28 © Copyright 2020 Dell Inc.

Network File System

Monitoring NFS

In the DD System Manager, the Protocols > NFS > Active Clients tab, displays
any configured NFS clients and the related mount paths that have been connected
in the past 15 minutes. NFS clients and related mount paths connected longer than
15 minutes are not displayed.

You can also monitor clients using CLI Commands.

Monitor NFS Client Status Using the Command Line

You can use the command line to

manage NFS client status. Use the
following commands:

• nfs show active -

Lists clients active in the past 15 minutes
and the mount path for each. Allows all
NFS-defined clients to access the
PowerProtect DD system.
• nfs show clients - Lists NFS clients, mount path, and NFS options for each
client that has access to the PowerProtect DD system.
• nfs show detailed-stats - Displays NFS cache entries and status to
facilitate troubleshooting.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 29

Network File System

The role required to access these commands is admin, limited-admin, user,

backup-operator, security, tenant-user, tenant-admin.
Consult the DDOS Command Reference Guide from the Dell EMC Support site
for more detailed information and specific syntax.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

Page 30 © Copyright 2020 Dell Inc.

PowerProtect DD CIFS and NFS Implementation and Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 31

POWERPROTECT DD
FILE SYSTEM AND DATA
MANAGEMENT
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

Configuring and Monitoring MTrees ........................................................................ 3

MTree Definition .................................................................................................................. 4
Creating MTrees ................................................................................................................ 11
Data Management ............................................................................................................. 14
Alerts ................................................................................................................................. 16
MTrees with CIFS and NFS ............................................................................................... 17

Configuring and Monitoring Snapshots ................................................................. 19

Snapshot Description ......................................................................................................... 20
Creating a Snapshot .......................................................................................................... 25
Monitoring MTree Snapshots ............................................................................................. 32

Fast Copy.................................................................................................................. 33
Fast Copy .......................................................................................................................... 34
Perform a Fastcopy............................................................................................................ 36
Fastcopy Operations .......................................................................................................... 37

PowerProtect DD File System and Data Management Administration - Participant Guide

Page ii © Copyright 2020 Dell Inc.

Configuring and Monitoring MTrees

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 3

Configuring and Monitoring MTrees

MTree Definition

MTrees
Subdirectories inherit the
same permissions, policies,
and reporting as the parent
directory

Each MTree can

be individually
managed

Management Trees (MTrees) are specific directories that are used to provide more
granular management of data so data from different sources can be managed and
reported on separately. Various backup operations are directed to individual
MTrees1.

Select the links below to learn more about MTrees and their function within DDOS.

MTree Structure MTree Benefits

MTree Limits MTree Quotas

1For example, you can configure directory export levels and quotas to separate
and manage backup files by department such as HR or Sales.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 4 © Copyright 2020 Dell Inc.

Configuring and Monitoring MTrees

MTree Structure

Default MTree
/data/col1/backup

User-created MTrees

MTrees are only created under /data/col1.

The default MTree is /data/col1/backup. These directory structure above the

MTree directories cannot be altered.

Subdirectories can be created within all MTrees, including the default MTree. The
DDOS recognizes and reports on the cumulative data contained within the entire
MTree.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 5

Configuring and Monitoring MTrees

MTree Benefits

Space and Deduplication Rate

Independent Storage Retention Lock Quotas
Reporting

Increased granular reporting Each department, Retention lock can be applied Logical, pre-compression
of space and deduplication geography, or customer at the MTree level space can be limited through
rates is a benefit. could have their own quotas
independent storage location.

A benefit of using MTrees is an Increased granular reporting2 of space and

deduplication rates.

With MTrees, snapshots3 can be managed at a more granular level.

2 If you have different departments or geographies backing up to the same

PowerProtect DD system. Each department, geography, or customer could have
their own independent storage location.

3 Snapshot is a common industry term denoting the ability to record the state of a
storage device or a portion of the data being stored on the device, at any given
moment and to preserve that snapshot as a guide for restoring the storage device,
or portion thereof. Snapshots are used extensively as a part of the PowerProtect
DD data restoration process.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 6 © Copyright 2020 Dell Inc.

Configuring and Monitoring MTrees

DD Retention lock4 can be applied at the MTree level.

Quotas5 can limit space used by organizations on a PowerProtect DD system.

4DD Retention lock is an optional feature that the PowerProtect DD system uses to
securely retain saved data for a given length of time. DD Retention lock protects
data from accidental or malicious deletion.

5Another major benefit is to limit the logical, precomp, space the specific MTree
uses through quotas. Quotas can be set for MTrees used by CIFS, NFS, VTL, or
DD Boost data.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 7

Configuring and Monitoring MTrees

MTree Limits

PowerProtect DD systems support a maximum number of configurable and

concurrently active MTrees. Depending on the system, the maximum number of
configurable MTrees may or may not be the same as the number of concurrently
active MTrees.

MTree Limits for PowerProtect DD Systems

System DDOS Version Supported Supported

configurable concurrently active
MTrees MTrees

DD9900 7.0 and later 256 256

DD6900, DD6400 7.0 and later 128 128

DD3300 6.2 and later 100 Up to 32

DDVE 6.2 and later 100 Up to 32

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 8 © Copyright 2020 Dell Inc.

Configuring and Monitoring MTrees

MTree Quotas

Soft Limit
Hard Limit

MTree quotas allow you to set limits on the amount of logical, precomp space.
Quotas can only be set on user-created MTrees and not on default MTrees,

Quotas can be set on user-created MTrees, but not the default MTree, /backup.

Quotas are independent of protocol. They can be set for MTrees used by CIFS,
NFS, PowerProtect DD VTL, or DD Boost data.

There are two types of quotas: soft limits6 and hard limits7.

6When a soft limit is reached, the system generates an alert, but operations
continue as normal.

7When the hard limit is reached, any data backing up to this MTree fails. The
system generates an alert and an out of space error (EMOSP for VTL) is reported

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 9

Configuring and Monitoring MTrees

You may set soft, hard, or both soft and hard limits8.

to the backup app. To resume backup operations after data within an MTree
reaches a hard limit quota, you must either delete sufficient content in the MTree,
increase the hard limit quota, or disable quotas for the MTree.

8If you set both limits, the soft limit must be less than the hard limit. The smallest
quota that can be set is 1 MiB.

An administrator can set the storage space restriction for an MTree to prevent it
from consuming excess space.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 10 © Copyright 2020 Dell Inc.

Configuring and Monitoring MTrees

Creating MTrees

To create an MTree in the System Manager, go to Data Management > MTree >
Create. In the Create MTree dialog, type the name of the MTree in the MTree
name field. Names are case-sensitive.

You can also set both pre-comp soft limits, hard limit and combined limits for the
MTree you create in this window.

Be aware of these considerations when managing MTree quotas.

With an admin or limited-admin role, use the DD System Manager and select either
the MTree tab or Quota tab.

• When setting quotas from the Quota tab, select Data Management > Quota.
• Make sure Quota Enforcement is Enabled.
• Select one or more MTrees.
• Click the Configure Quota button and set your quota configuration.

You can also configure MTree quotas using the command line interface.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 11

Configuring and Monitoring MTrees

Considerations When Configuring MTree Quotas

Consider the following information when managing quotas.

• MTree quotas can be applied to DD VTL, DD Boost, CIFS, and NFS.

• Snapshots9 do not count towards the quota of the MTree.
• Quotas cannot be set on the /data/col1/backup directory.
• The maximum quota value allowed is 4096 PiB pre-compressed size.

Configure Quotas Pane

When configuring quotas for MTrees you can set a specific value for pre-comp soft
or hard limits or both hard and soft limits. Click OK when you are finished.

9 A snapshot is a read-only copy of a designated MTree at a specific time.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 12 © Copyright 2020 Dell Inc.

Configuring and Monitoring MTrees

Configuring MTree Quotas Using the CLI

With an admin or limited-admin role, you can disable/enable quotas using the
following commands:
• quota capacity set – Sets quota for named MTrees, and storage units.
Use this command to set hard and soft limits.
• quota capacity enable – Enables MTree capacity quota limits. Use this
command after you have set quotas.
• quota capacity disable – Disables MTree quota limits and restores the
limits to the default, unlimited, state.
• quota capacity status – Shows status for quota function.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 13

Configuring and Monitoring MTrees

Data Management

Data Management > MTree provides a summary of all configured MTrees.10

Select an MTree and the Summary pane presents current information about the
selected MTree.

The information on this summary page may be delayed up to 15

minutes or more. For immediate data select Update.

You can also monitor MTrees and quotas using the command line interface.

10The selected MTree displays any quota limits, pre- and postcomp usage, as well
as compression ratios for the last 24 hours, the last seven days, and current weekly
average compression.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 14 © Copyright 2020 Dell Inc.

Configuring and Monitoring MTrees

Data Management Using CLI Commands

For real-time monitoring of MTrees and quotas, the following commands can be
used from the command line interface:
• mtree show compression <mtree_path> [tier {active |
archive}] [summary | daily | daily-detailed] {[last <n> {
hours | days | weeks | months } | [start <date> [end
<date>]]} - Show MTree compression statistics
• quota capacity show {all | mtrees <mtree-list> | storage-
units <storage-unit-list> | tenant-unit <tenant-unit>} - List
quotas for MTrees and storage-units

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 15

Configuring and Monitoring MTrees

Alerts

In the DD System Manager, the Health > Alerts displays MTree quota alerts. They
are displayed in all of the tabs – Current Alerts, Alerts History, Notification, and
Daily Alert Summary.

Soft limit: When this limit is reached, an alert is generated through the system, but
operations continue as normal. The Severity level is Warning.

Hard limit: When a hard limit is set and the limit is reached, data cannot be written
to the MTree and all write operations fail until data is deleted from the MTree. You
can also increse the hard limit or disable quotas for that MTree. A critical hard limit
alert is also generated through the system and an out of space error is reported to
the backup app.

These alerts are also reported in the Home > Dashboard > Alerts pane.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 16 © Copyright 2020 Dell Inc.

Configuring and Monitoring MTrees

MTrees with CIFS and NFS

Network File System (NFS) and Common Internet File System (CIFS) can access
the MTrees within the /data/col1 directory by configuring CIFS shares and NFS
exports.

• /data/col1/<MTreeName>
• /data/col1/<MTreeName>/arbitrary/subdirectory/path

Other protocols have special storage requirements within the MTree structure and
are discussed in their respective modules.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 17

Configuring and Monitoring MTrees

CIFS Share Configuration

CIFS shares are configured in the DD System Manager in the Protocols > CIFS >
Shares tab.

Click the Create button to create a CIFS share. This is where you specify the share
name, which can be name appropriate for the share. In this example the share is
ADMIN for the data backed-up for the HR administrative staff. Do not confuse the
name of this share with the notion that these shares might be used as user shares
which they definitely are not.

You also specify the directory path and clients for the MTree you want to use.

When the share is complete, view it in the CIFS tab by share name. The Directory
Path Status verifies whether the path to the share exists.

A similar configuration tab exists for setting up the NFS protocol.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 18 © Copyright 2020 Dell Inc.

Configuring and Monitoring Snapshots

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 19

Configuring and Monitoring Snapshots

Snapshot Description

What is a snapshot?11

You can use a snapshot as a restore

point.

11A snapshot is a common industry term denoting the ability to record the state of a
storage device or a portion of the data being stored on the device, at any given
moment and to preserve that snapshot as a guide for restoring the storage device,
or portion thereof.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 20 © Copyright 2020 Dell Inc.

Configuring and Monitoring Snapshots

Snapshot operations overview.

Snapshot Benefits

Available instantly12 Provides faster recovery Holds original data after

and more13 expiration14

Saves copies of MTrees Allows for flexible Stores hundreds of

at a specific point in time15 scheduling16 snapshots per system17

12 A snapshot copy is made instantly and is available for use by other applications
for data protection, data analysis, and reporting and data replication. The original
copy of the data remains available to the applications without interruption, while the
snapshot copy is used to perform other functions on the data.

13Snapshots enable better application availability, faster recovery, and easier

backup management of large volumes of data.

14Snapshots continue to place a hold on the original data they reference even
when the backups have expired.

15Snapshots are useful for saving a copy of MTrees at specific points in time. One
example is before a DDOS upgrade. The snapshot can later be used as a restore
point if files must be restored from that specific point in time.

16You can schedule multiple snapshots simultaneously or create them individually

as you choose.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 21

Configuring and Monitoring Snapshots

Restore Point

Backup of a production
Snapshot
file

Snapshot taken at 22:24 GMT

File data segments

Snapshot copies only the metadata pointers to the production data for a specific
point in time. In this case, 22:24 GMT. The copy is quick and places minimal load
on the production systems. If needed, the snapshot can be later used as a restore
point.

What happens when changes occur to the production data?

17The maximum number of snapshots that can be stored on a PowerProtect DD

system is 750 per MTree. You receive a warning when the number of snapshots
reaches 90% of the limit (675-749) of a given MTree. The system posts an alert
when you reach the maximum snapshot count.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 22 © Copyright 2020 Dell Inc.

Configuring and Monitoring Snapshots

Production Data Changes

Snapshots are a point-in-time view of a file system. They can be used to recover
previous versions of files and also to recover from an accidental deletion of files.

When changes occur to the production data (in this case segments 1 and 2 are no
longer part of the file) and more data is written (segments 5 and 6), the file system
removes the pointers to the original data no longer in use and adds pointers to the
new data. The original data segments (1 and 2) are still stored, enabling the
snapshot metadata pointers to continue to point to the data as saved at the specific
point in time. Data is not overwritten, but changed data is added to the system and
new pointers are written.

When changed production data is backed up, more blocks are written and pointers
are changed to access the changed data. The snapshot maintains pointers to the
original, point-in-time data. All data remains on the system provided pointers
reference the data.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 23

Configuring and Monitoring Snapshots

Snapshot Operations

Original Copy Snapshot Copy

Snapshot taken at 22:24 GMT

Each directory in the MTree will have a

copy of its snapshot data.

As an example, snapshots for the MTree named, “backup” are created in the
system directory /data/col1/backup/.snapshot. Each directory under
/data/col1/backup also has a .snapshot directory with the name of each
snapshot that includes the directory. Each MTree has the same type of structure,
so an MTree named HR would have a system directory
/data/col1/HR/.snapshot and each subdirectory in /data/col1/HR would
have a .snapshot directory.

Use the snapshot feature to take an image of an MTree, to manage MTree

snapshots and schedules, and to display information about the status of snapshots.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 24 © Copyright 2020 Dell Inc.

Configuring and Monitoring Snapshots

Creating a Snapshot

You can create a snapshot in the DD System Manager or using the command line
interface. Snapshots can be managed with schedules

To create a snapshot in the DD System Manager:

1. Go to Data Management > Snapshots
2. In the Snapshots view, click Create.
3. In the Name text field, enter the name of the snapshot.
4. In the MTree(s) area, select a checkbox of one or more MTrees in the Available
MTrees panel and click Add.
5. In the Expiration area, select one of these expiration options:
a. Never Expire
b. Enter a number for the In text field, and select Days, Weeks, Month, or
Years from the drop-down list. The snapshot is retained until the same time
of day as when it is created.
c. Enter a date (using the format mm/dd/yyyy) in the On text field, or click
Calendar and click a date. The snapshot is retained until midnight (00:00,
the first minute of the day) of the given date.
6. Click Create when you are finished.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 25

Configuring and Monitoring Snapshots

Creating a Snapshot Using the CLI

With an admin or limited-admin role, you can create and expire snapshots using
the following command line commands:
• snapshot create snapshot mtree mtree-path [retention {date
| period}] – Creates a snapshot.
• snapshot expire snapshot mtree mtree-path [retention {date
| period | forever}] – Sets or resets the retention time of a snapshot.
To expire a snapshot immediately, use the snapshot expire operation with
no options.
• snapshot rename snapshotnew-name mtree mtree-path – Renames
a snapshot for a specific MTree.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 26 © Copyright 2020 Dell Inc.

Configuring and Monitoring Snapshots

Creating Snapshot Schedules

You can set up and manage a schedule to automatically create a series of

snapshots at regular intervals.

You can create a snapshot in the DD System Manager or using the command line
interface.

Creating Snapshot Schedules

Schedules View

Snapshot Schedule Summary

You can create a weekly or monthly snapshot schedule using the DD System
Manager.

• Select Data Management > Snapshots > Schedules to open the Schedules
view.
• Click Create.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 27

Configuring and Monitoring Snapshots

Details

Schedule Details View

In the Name text field, enter the name you want to call the schedule.

In the Snapshot Name Pattern text box, enter a name pattern.

Enter a string of characters and variables that translates to a snapshot name (for
example, scheduled-%Y-%m-%d-%H- %m, translates to "scheduled-2012-04-12-
17-33"). Use alphabetic characters, numbers, _, -, and variables that translate into
current values.

Click Next.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 28 © Copyright 2020 Dell Inc.

Configuring and Monitoring Snapshots

Execution

Select the time of day when the schedule will be executed:

1. At Specific Times—Click Add and in the Time dialog that appears, enter the
time in the format hh:mm, and click OK.
2. In Intervals—Click the drop-down arrows to select the start and end time hh:mm
and AM or PM. Click the Interval dropdown arrows to select a number and then
the hours or minutes of the interval.

Click Next.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 29

Configuring and Monitoring Snapshots

Associate MTrees

Identify and move the MTrees you want to associate with this schedule to the
Selected MTrees column.

Click Next.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 30 © Copyright 2020 Dell Inc.

Configuring and Monitoring Snapshots

Summary

Review the Summary window and click Finish to add the schedule.

Creating Snapshot Schedules Using the CLI

With an admin or limited-admin role, you can create and manage snapshot
schedules using the following command line command:

• snapshot schedule create <name> [mtrees <mtree-list>] [days

<days>] time <time> [,<time>...] [retention <period>]
[snap-name-pattern <pattern>]

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 31

Configuring and Monitoring Snapshots

Monitoring MTree Snapshots

In the MTree summary page, there is a section that is called MTree Replications
and that section contains snapshot information.

The Snapshots pane in the MTree summary page enables you to see the total
number of snapshots that are collected, expired, and unexpired, as well as the
oldest, newest, and next scheduled snapshot.

You can associate configured snapshot schedules with a selected MTree name.
Click Assign Schedules, select a schedule from the list of snapshot schedules and
assign it. You can also create more snapshot schedules.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 32 © Copyright 2020 Dell Inc.

Fast Copy

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 33

Fast Copy

Fast Copy operations clones files and directory

trees of a source directory to a read/write target
directory.

/data/col1/backup/Recovery

10-31-2020

/data/col1/HR/.snapshot/10-31-2020

10-31-2020

10-15-2020

Use fastcopy operation to retrieve data that is stored in a snapshot. Fastcopy18

makes an read/write copy of your backed up data on the same PowerProtect DD
system.

Fastcopy is different from snapshots19.

18 Fastcopy is efficient at making duplicate copies of pointers to data. Sometimes,

access to production backup data is restricted. Fast copy gives access to all data
fast copied readable and writable. It makes this operation handy for data recovery
from backups.

19The difference between snapshots and fast copied data is that the fast copy
duplicate is not a point-in-time duplicate. Any changes that are made during the

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 34 © Copyright 2020 Dell Inc.

Fast Copy

Fastcopy makes a copy of the pointers to data segments and structure of a source
to a target directory on the same PowerProtect DD system.

You can use the fastcopy operation to retrieve data stored in snapshots.20

data copy, in either the source or the target directories, is not duplicated.

Fast copy is a read/write copy of a point-in-time instance at the time it was made,
and a snapshot is read-only.

20 In this example, the /HR MTree contains two snapshots in the /.snapshot
directory. One of these snapshots, 10-31-2020, is fast copied to /backup/Recovery.
Only pointers to the data are copied, adding a 1% to 2% increase in used data
space. All referenced data is readable and writable. If the /HR MTree or any of its
contents is deleted, none of the data that is referenced in the Fast Copy is deleted
from the system.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 35

Fast Copy

Perform a Fastcopy

A fastcopy operation clones files and directory trees of a source directory to a

target directory on a protection system.

1. Select Data Managment > File System > Summary > Fast Copy.
2. In the Source text box, enter the pathname of the directory where the data to
be copied resides. For example, /data/
col1/backup/.snapshot/snapshot-name/dir1 is an approptiate path.
3. In the Destination text box, enter the pathname of the directory where the data
will be copied to. For example, /data/ col1/backup/dir2is an approptiate
path. This destination directory must be empty, or the operation fails.
4. If the Destination directory already exists, you can click the checkbox Overwrite
existing destination if it exists.
5. Click OK. The contents of dir1 will now also be found under dir2.

PowerProtect DD File System and Data Management Administration - Participant Guide

Page 36 © Copyright 2020 Dell Inc.

Fast Copy

Fastcopy Operations

The fastcopy operation can be used as part of a data recovery

workflow using a snapshot21

Fastcopy makes a destination equal to the source, but not at a

particular point in time22

This data must be manually identified and deleted to free up space. Then, space
reclamation23 must be run to regain the data space held by the fastcopy24

21 Snapshot content is not viewable from a CIFS share or NFS mount, but a fast
copy of the snapshot is fully viewable. From a fast copy on a share or a mount, you
can recover lost data without disturbing normal backup operations and production
files.

22The source and destination may not be equal if either is changed during the copy
operation.

23 File system cleaning

24When backup data expires, a fast copy directory prevents the PowerProtect DD
system from recovering the space that is held by the expired data because it is
marked by the fast copy directory as in-use.

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 37

PowerProtect DD File System and Data Management Administration - Participant Guide

© Copyright 2020 Dell Inc. Page 38

POWERPROTECT DD
DATA REPLICATION
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

PowerProtect DD Data Replication Implementation and Administration ............................... 1

Data Replication Overview ........................................................................................ 2

Replication Description ........................................................................................................ 3
Collection Replication .......................................................................................................... 6
Directory Replication ............................................................................................................ 9
Directory Replication EOL .................................................................................................. 12
MTree Replication .............................................................................................................. 14
Replication Initialization...................................................................................................... 16

Configuring Replication .......................................................................................... 17

Replication URL Schemes ................................................................................................. 18
Review Configuration ......................................................................................................... 19
Add a Partner System ........................................................................................................ 21
Creating a Replication Context........................................................................................... 23
Replication Connection Port Overview ............................................................................... 25
Modify Listen Port .............................................................................................................. 27
Create Context with Non-Default Connection Port ............................................................. 28
Change the Connection Port .............................................................................................. 29
Low-Bandwidth Optimization .............................................................................................. 30
Encryption Over Wire ......................................................................................................... 32
Manage Replication Throttle Settings................................................................................. 34
Replication Scheduler ........................................................................................................ 36
Replication Scheduler Changes ......................................................................................... 38

Monitoring Replication ............................................................................................ 39

Replication Reports............................................................................................................ 40

Data Recovery .......................................................................................................... 41

Data Recovery Description ................................................................................................ 42
Data Recovery ................................................................................................................... 43
Data Resynchronization ..................................................................................................... 45

PowerProtect DD Data Replication Implementation and Administration

Page ii © Copyright 2021 Dell Inc.

Data Resynchronization Using DDSM................................................................................ 46
Managing Replication Demonstration................................................................................. 47

Appendix ................................................................................................. 49

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page iii

Data Replication Overview

PowerProtect DD Data Replication Implementation and

Administration

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 1

Data Replication Overview

PowerProtect DD Data Replication Implementation and Administration

Page 2 © Copyright 2021 Dell Inc.

Data Replication Overview

Replication Description

Replication consists of a source PowerProtect DD appliance and one or more

destination PowerProtect DD appliances. The destination provides a replicated
copy1 to a secondary, normally offsite, location.

WAN/LAN

PowerProtect DD
Replication Source

PowerProtect DD
Replication Destination

1The replication process only copies information that does not exist on the
destination system. This technique reduces network demands during replication
because only unique data segments are sent over the network.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 3

Data Replication Overview

The replicated data can be used for:

• Data recovery2
• Multi-site backup 3
• Archive consolidation4

The replication process handles common network interruptions5.

DD Replicator is a licensed feature6 of PowerProtect DD appliances.

2 In a replication scenario, a PowerProtect DD appliance can be used to store

backup data onsite for short periods, such as 30 days to 90 days. Lost or corrupted
files can be recovered from the local PowerProtect DD appliance using a few
recovery configuration and initiation commands. The replication process enables
you to quickly copy data to another system for a second level of disaster recovery.
The second PowerProtect DD appliance is usually offsite and is available when the
local system is not.

3 Multi-site replication can replicate the state between different deployed sites to a
single replication destination.

4 The replication process only copies and consolidates data from remote systems
that does not exist on the destination system. This technique reduces network
demands during replication because only unique data segments are sent over the
network.

5 The replication process is designed to deal with network interruptions common in

the WAN and to recover gracefully with high data integrity and resilience. This
process ensures that the data on the replica is in a state usable by applications.
Compensating for network interruptions is a critical component for optimizing the
utility of the replica for data recovery and archive access.

PowerProtect DD Data Replication Implementation and Administration

Page 4 © Copyright 2021 Dell Inc.

Data Replication Overview

Observe replication guidelines for setting up and configuring DD Replicator.

Replication Pair Replication Replication Types Topologies

and Context Streams

6DD Replicator is a software feature that requires a license. You need a DD

Replicator license for both the source and destination PowerProtect DD appliances.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 5

Data Replication Overview

Collection Replication
Head of source Head of source Head of source Head of source
collection log collection log collection log collection log

Collection replication7 replicates the entire /data/col1 area from a source

PowerProtect DD appliance to a destination PowerProtect DD appliance.8

Collection replication is the fastest and lightest type of replication.9

With collection replication, all user accounts and passwords are replicated10 from
the source to the destination.

7 Transferring data in this way means comparing the heads of the source and
destination logs and catching-up, one container at a time. If collection replication
lags behind, it continues until it catches up.

8 Collection replication uses the logging file system structure to track replication.

9 There is no on-going negotiation between the systems regarding what to send.

Collection replication is mostly unaware of the boundaries between files.
Replication operates on segment locality containers that are sent after they are
closed.

10However other elements of configuration and user settings of the PowerProtect

DD appliance are not replicated to the destination. Most system settings must be
reconfigured after recovery.

PowerProtect DD Data Replication Implementation and Administration

Page 6 © Copyright 2021 Dell Inc.

Data Replication Overview

If the PowerProtect DD appliance is a source for collection replication, snapshots

are also replicated.

Collection replication is an approach to system mirroring.11

The PowerProtect DD appliance to be used as the collection replication destination

must be empty before configuring replication.12

In collection replication, the destination system is a read-only system.13

Replication must be licensed on both systems.14

11 Because there is only one collection per PowerProtect DD, collection replication
is an approach to system mirroring. Collection replication is the only form of
replication that is used for true disaster recovery. The destination system cannot be
shared for other roles. It is read-only and shows data only from one source. After
the data is on the destination, it is immediately visible for recovery.

12After replication is configured, this system is dedicated to receive data from the
source system. The destination immediately offers all backed up data, as a read-
only mirror, after it is replicated from the source.

13 The destination system can only accept data from the replication process. No
data, including snapshots and files, can be written to the destination system except
through the replication process. If you must write data to the destination, you must
first disable replication by breaking the replication context. Unfortunately, if the
context has been broken, a resync cannot be performed. Collection replication
supports Retention Lock Compliance.

14DD Replicator software can be used with the optional Encryption of Data at Rest
feature, enabling encrypted data to be replicated using collection replication.
Collection replication requires the source and target to have the exact same
encryption configuration because the target is an exact replica of the source data.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 7

Data Replication Overview

In particular, the encryption feature must be turned on or off at both source and
target. If the feature is turned on, the encryption algorithm and the system
passphrases must match. Encryption parameters are checked during the
replication association phase. During collection replication, the source system
transmits the encrypted user data along with the encrypted system encryption key.
The data can be recovered at the target, because the target machine has the same
passphrase and the same system encryption key.

PowerProtect DD Data Replication Implementation and Administration

Page 8 © Copyright 2021 Dell Inc.

Data Replication Overview

Directory Replication

Source System Destination System

Only new data is Destination directory

sent can be at a different
level

With directory replication15, a replication context pairs a directory, under

/data/col1/backup, on a source system with a destination directory on a different
system16.

15 Directory file structure is a legacy structure used by earlier versions of DDOS

prior to version 5.x. Directories were kept and managed in the /data/col1/backup
folder. Directory file structure is carried over to current versions of DDOS to
maintain compatibility with customers who upgraded from 4.x to 5.x.

16The source and destination directories can be on different levels under the
/backup directory.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 9

Data Replication Overview

Directory replication operates based on file system activity. When activity occurs on
the system, such as a new directory, change of permissions, or file rename the
source system communicates the update to the destination.17

Topologies supported by directory How directory replication works19

replication18

17 In cases where file closures are infrequent, the PowerProtect DD source system
forces the data transfer periodically.

18 Directory replication supports 1-to-1, bi-directional, many-to-one, one-to-many,

and cascaded topologies. If the PowerProtect DD appliance is a source for
directory replication, snapshots within that directory are not replicated. Snapshots
must be created and replicated separately.

19 If there is new data, the source system, A, first creates a list of file segment IDs
in the file. The source sends this list to the destination system, B. The destination
system examines the list of segment IDs to determine which are missing. The
destination sends a list of the missing segments to the source. The source now
sends the missing segments to the destination. In this way, bandwidth between the
source and destination system is used more efficiently.

PowerProtect DD Data Replication Implementation and Administration

Page 10 © Copyright 2021 Dell Inc.

Data Replication Overview

Network protocols used by directory About the destination directory21

replication20

20Directory replication can receive backups from both CIFS and NFS, clients
provided separate directories are used for each. Do not mix CIFS and NFS data in
the same directory. The directory replication source cannot be the parent or the
child of a directory that is already being replicated.

21 If it does not exist when replication is initialized, a destination directory is created

automatically. In a directory replication pair, the destination is always read-only.
The destination can only receive data only from the source system and directory.
To write to the destination directory outside of replication, you must first break
(delete) the replication context between the two systems. Breaking the context is
also referred to as deleting the link. The destination directory can coexist on the
same system with other replication destination directories, replication source
directories, and other local directories.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 11

Data Replication Overview

Directory Replication EOL

Directory replication contexts will reach end of life in a future DDOS release.

A warning is displayed in the DD System Manager if:

• DDOS detects the presence of directory replication contexts.

• If the user tries to create a directory replication context.

User can choose to migrate existing directory replication contexts to MTree

replication contexts.

PowerProtect DD Data Replication Implementation and Administration

Page 12 © Copyright 2021 Dell Inc.

Data Replication Overview

Directory Context Replication Warning

Creating Directory Context Replication Warning

Existing directory replication contexts can be migrated to MTree

based replication contexts, see the Directory to MTree Replication
Migration in the Dell EMC DDOS Administration Guide. For
assistance contact support at Dell Support Site.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 13

Data Replication Overview

MTree Replication

MTree replication enables the creation of disaster recovery copies of MTrees at a

secondary location.22 MTree replication copies the data segments that are
associated with the entire MTree structure.23

The MTree replication source creates periodic snapshots24. The source creates a
delta list of segment IDs that were not in the last snapshot. The source transmits
this delta list to the destination. The destination examines the delta list and sends
back a list of what it still needs. The source transmits the needed data segments to
the destination.

22Except for the /data/col1/backup directory, MTree replication can be applied to

any MTree under the /data/col1.

23This means that all metadata, file data, and everything else that is related to the
MTree is replicated. MTree replication uses snapshots to determine what to send to
the destination.

24The source compares the latest snapshot against the snapshot that was used for
the last replication transfer.

PowerProtect DD Data Replication Implementation and Administration

Page 14 © Copyright 2021 Dell Inc.

Data Replication Overview

The destination PowerProtect DD system does not expose the replicated data until all data
for that snapshot has been received25. Because the directory tree structure is part of the
data in the snapshot26, files do not show out of order at the destination.

MTree replication uses the same WAN deduplication mechanism as directory replication.27

MTree replication takes advantage of the MTree structure on the PowerProtect DD

system.28

MTree replication works only at the MTree level.29

General guidelines for MTree Replication

Guidelines for the MTree replication source system

Guidelines for the MTree replication destination system

25The destination is always a point-in-time image of the source PowerProtect DD

appliance.

26 This provides file-level consistency. Snapshots are also replicated.

27This way MTree replication avoids sending redundant data across the network.
MTree replication also supports the same topologies that directory replication
supports.

28MTree structure provides the greatest control and flexibility over its data being
replicated. Careful planning of your data layout provides the greatest flexibility
when managing data under an MTree structure.

29If you want to implement MTree replication, you must move any data from the
existing directory structure within the /backup directory to a new or existing MTree.
A replication pair using that MTree must be created.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 15

Data Replication Overview

Replication Initialization

Source Destination
High-speed low-latency link

Initialization is the process of transferring the initial replication data from the source
system to the target system.30

Once a new replication pair is created, the initialization process automatically

begins. In the Replication > Automatic > Summary > Detailed Information shows a
Synced As Of Time as N/A as initialization is underway. When initialization
completes, the Synced As Of Time shows the local data and time of sync
completion.

Consider the following when you plan to initialize your replication destination:

• Migration is not allowed during initialization

• Initialization supports all replication topologies.

When data is successfully replicated to the destination system, you can move
the system back to its intended location31.

30If the source PowerProtect DD system has a high volume of data before
configuring replication, the initial replication can take some time over a slow link. To
expedite the initial data transfer to the destination system, you can bring the
destination system to the same location as the source system to use a high-speed,
low-latency link.

31Once data is initially replicated to the destination system, the source system
sends only new data from that point onwards.

PowerProtect DD Data Replication Implementation and Administration

Page 16 © Copyright 2021 Dell Inc.

Configuring Replication

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 17

Configuring Replication

Replication URL Schemes

The endpoints of a context on the replication source and destination

systems are identified with a replication URL. The replication URL is
used by the CLI, system logs, and other facilities. The replication
context type is identified in the part of the URL known as the
scheme. The scheme is also referred to as the protocol or prefix
portion of a URL.

URL Scheme Type What it does

dir:// Identifies a directory replication context

mtree:// Identifies an MTree

col:// identifies a collection replication context

The hostname portion of the URL the same as the output of the net show
hostname command. The path is the logical path to the target directory or MTree.

The path for a directory URL must start with the hostname, followed by
/data/col1/backup and ends with the name of the target directory.

The path for an MTree URL starts with the hostname, followed by /data/col1
and ends with the name of the target MTree.

For collection URLs, a path is not identified since a collection is the entire data set
belonging to a particular PowerProtect DD host.

Examples of URL schemes.

PowerProtect DD Data Replication Implementation and Administration

Page 18 © Copyright 2021 Dell Inc.

Configuring Replication

Review Configuration

Select a context here

Review the configuration

here

To review the configuration of the replication feature, go to the Replication >

Automatic > Summary tab. The replication summary table provides you high-level
information about the configuration of each context32.

Select a context from the list in the replication summary table to see detailed
information pertaining to the selected context.33

32Selecting a context causes the system to display detailed information about that
context in the Detailed Information section of the screen.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 19

Configuring Replication

You can also review the configuration of the replication feature through the
command line.

33Since collection, MTree, and directory contexts have different requirements, the
detailed information shown changes depending on the context type.

PowerProtect DD Data Replication Implementation and Administration

Page 20 © Copyright 2021 Dell Inc.

Configuring Replication

Add a Partner System

Add a New
System

Before you can configure replication between two systems, you must first configure
the destination PowerProtect DD system to let the source system manage it. This
process is called adding a system.

1. Verify the source and destination systems are running compatible DDOS
versions.
2. In the Replication > Automatic > Summary tab, select Manage Systems.
3. Click the plus sign (+). The Add System dialog box appears.
4. Enter the partner system hostname and the password that is assigned to the
sysadmin user.
5. Select OK when the information for the partner system is complete. Select OK.
The Verify Certificate dialog box appears.
6. If the system is successfully added, the DD System Manager returns to the
Manage Systems dialog box and the newly added partner system appears in
the list.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 21

Configuring Replication

If the partner system is unreachable after adding it to the Manage Systems list.34

34 Ensure that there is a route from the managing system to the system being
added. If a hostname (either a fully qualified domain name (FQDN) or non-FQDN)
is entered, ensure it is resolvable by both systems. Configure a hostname for the
source and destination replication system. Ensure that a DNS entry for the system
exists, or ensure that an IP address to hostname mapping is defined.

PowerProtect DD Data Replication Implementation and Administration

Page 22 © Copyright 2021 Dell Inc.

Configuring Replication

Creating a Replication Context

To create a replication pair and context, follow these steps:

1. Go to the Replication > Automatic > Summary tab.

2. Select Create Pair.
3. In the Create Pair dialog, select the Create tab.
4. Select the replication direction35 for the context.
5. Select the replication type (collection, directory, or MTree).

35If the device being configured is the source for the context, select Outbound. If
the device being configured is the destination in the context, select Inbound.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 23

Configuring Replication

Select a link below to view creation instructions specific to the replication type.

Create a replication pair Create a replication pair Create a replication pair

with a collection context. with a directory context. with an MTree context.

You can also create replication contexts using the command line interface.

PowerProtect DD Data Replication Implementation and Administration

Page 24 © Copyright 2021 Dell Inc.

Configuring Replication

Replication Connection Port Overview

Global setting - Listen port
same for all contexts

Listen port = 2051

Replication Destination Connection port = 2051

The listen port might require modification

because of existing firewall or network
configuration
Replication
source
systems
Connection port = 2051

This system cannot connect - the Connection ports

connection port must match the listen are configured per
port
context
Connection port = 3030

The listen port36 is the TCP port the replication destination system monitors for
incoming connections. You can change the value of the listen port.37

The three replication source systems should connect38 to the single replication
destination.

36The listen port is a global setting. All contexts for which this system is a
destination monitor this port. All replication source systems must be configured to
connect to this particular port value.

37If a firewall configuration or other network issues interfere with the default
connections between the replication and source, you can modify the listen port.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 25

Configuring Replication

The connection port39 is the TCP port the source system uses to communicate to
the replication destination.

Because the replication destination has a default listen port value of 2051, each
replication source needs a corresponding connection port value of 2051.40

38The three systems are connected by configuring three separate replication

contexts.

39The connection port is configured per context. It is not a global setting. The
default value for the connection port is 2051.

40 The first two systems are configured with the correct connection port, but the
third system is using incorrect connection port value, 3030, that prevents a
replication connection with the destination.

PowerProtect DD Data Replication Implementation and Administration

Page 26 © Copyright 2021 Dell Inc.

Configuring Replication

Modify Listen Port

When using the DD System Manager, you can specify a non-default listen port
value by first going to the Replication > Automatic > Advanced Settings tab on
the system.

From the Network Settings pane, you can verify the current listen port value and
change the port value as needed.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 27

Configuring Replication

Create Context with Non-Default Connection Port

When using DD System Manager, you can specify a non-default connection port
value when you create the context. The value can be modified after the context is
created.

If you are creating a context with a nondefault value:

1. Navigate to the Replication > Automatic > Summary tab on the source
system.
2. To create a replication pair, select Create Pair.
3. Complete the configuration of the Create Pair > Create tab.
4. Select the Advanced tab.
5. Select the checkbox Use Nondefault Connection Host
6. Change the Connection Port to a new value.
7. Click OK when finished.

PowerProtect DD Data Replication Implementation and Administration

Page 28 © Copyright 2021 Dell Inc.

Configuring Replication

Change the Connection Port

If you are changing an existing context to contain a nondefault connection value:

1. Navigate to the Replication > Automatic > Summary tab on the source
system.
2. Select a context from the context summary table.
3. Select Modify Settings to modify an existing replication pair.
4. Select the checkbox Use Nondefault Connection Host.
5. Change the Connection Port to a new value.
6. Click Next to continue the context modification process.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 29

Configuring Replication

Low-Bandwidth Optimization

Destination sends a
Source sends a list of LBO eligible
new segment list segments

Delta (difference)
Determines S16 is sent from source to
similar to S1. The destination
delta is +6

Low-bandwidth optimization (LBO) is an optional mode that enables remote sites

with limited bandwidth to replicate and protect more of their data over existing
networks.

Do not use LBO if the system requires maximum file system write performance.41

LBO is enabled on a per-context basis to all file replications jobs on a system. LBO
must be enabled on both the source and destination PowerProtect DD
appliances.42

41Only enable LBO for replication contexts that are configured over WAN links with
less than 6 Mb per second of available bandwidth.

42If the source and destination have incompatible LBO settings, LBO is inactive for
that context.

PowerProtect DD Data Replication Implementation and Administration

Page 30 © Copyright 2021 Dell Inc.

Configuring Replication

You might need to further tune your system to improve LBO functionality43.

Replication without deduplication can be expensive.44

Delta compression45 is a global compression algorithm that is applied after identity

filtering. The algorithm looks for previous similar segments using a sketch-like
technique that sends only the difference between previous and new segments. In
the example diagram, segment S1 is similar to S16. The destination can ask the
source if it also has S1. If it does, it transfers only the delta (or difference) between
S1 and S16. If the destination does not have S1, it can send the full segment data
for S16 and the full missing segment data for S1.

When using DD System Manager, you can enable LBO when you create a
replication context, or the LBO setting can be modified after the context is created.

43Use bandwidth and network-delay settings together to calculate the proper TCP
buffer size and set replication bandwidth for replication for greater compatibility with
LBO.

44 Data deduplication makes it possible to replicate everything across a small WAN

link. Only new, unique segments are sent, reducing WAN traffic down to a small
percentage of what is needed for replication without deduplication. These large
factor reductions make it possible to replicate over a less-expensive, slower WAN
link or to replicate more than just the most critical data.

45Delta comparison reduces the amount of data that is replicated over a low-
bandwidth WAN by eliminating the transfer of redundant data that is found with
replicated, deduplicated data. This feature is typically beneficial to remote sites with
lower-performance PowerProtect DD models.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 31

Configuring Replication

Encryption Over Wire

Encryption over wire, secures replication traffic46 between the

source and destination systems.

When you enable the encryption over wire option on a replication context47, the
system must first process the data that it reads from the disk.48

The replication source encrypts the data49 using the encryption over wire algorithm
before the system transmits the data to the destination system.50

You can also modify the encryption over wire setting after the context is created:

46Enable encryption over wire if you are concerned about the security of your
network link.

It uses ADH-AES256-SHA encryption suite.

47Encryption over wire must be enabled on both the source and destination
systems. If there is a mismatch, the context is disabled.

48If you have the data at rest encryption feature enabled, the source system must
decrypt the data before it can be processed for replication. Otherwise, the data is
read from the source system.

49If the data at rest encryption feature is enabled on the destination PowerProtect
DD system, the data must be encrypted using the method that is specified by the
data at rest encryption feature. If the data at rest encryption feature is not enabled,
the destination system writes the data to the disk using normal processes.

50When the replication destination system receives the replication traffic, it must
decrypt it using the encryption method that is employed by the replication feature.

PowerProtect DD Data Replication Implementation and Administration

Page 32 © Copyright 2021 Dell Inc.

Configuring Replication

When using the DD System Manager, you can enable the encryption over wire
feature when you create the context:51
1. Navigate to the Replication > Automatic > Summary tab on the source
system.
2. Select Create Pair to create a replication pair.
3. Complete the configuration of the Create Pair > Create tab.
4. Select the Advanced tab.
5. Select the checkbox Enable Encryption Over Wire.
6. Click OK when finished.

51 You can also modify the encryption over wire setting after the context is created.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 33

Configuring Replication

Manage Replication Throttle Settings

To modify the amount of bandwidth used for replication, you can set replication
throttle for replication traffic.

The Throttle Settings52 area shows the current settings for any temporary
overrides. If you configure an override, this section shows the throttle rate, or 0
which means all replication traffic is stopped.

To add throttle settings from the Add Throttle Settings window, do the
following:

1. Click the checkboxes to set the days of the week that throttling is active.
2. Set the throttling start time.
3. Set the throttling rate53. Be sure to select Bps54, Kbps, etc., then click OK.

52The throttle settings area also shows the configured schedule. You should see
the time for days of the week on which scheduled throttling occurs.

53 Click the Unlimited radio button to set no limits.

PowerProtect DD Data Replication Implementation and Administration

Page 34 © Copyright 2021 Dell Inc.

Configuring Replication

4. Select Set Throttle Override to override he current throttle configuration.

5. If you select the Clear at next scheduled throttle event checkbox55, the throttle
schedule returns to normal.
6. Click OK to start the throttle override setting.

These alerts are also reported in the Home > Dashboard > Alerts pane.

54 You can disable all replication traffic when you select the 0 Bps (disabled) option.

55
If you do not select this option, the override throttle stays in effect until you
manually clear it.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 35

Configuring Replication

Replication Scheduler

Replication Scheduler allows customers to enable and disable MTree replication

context using the command-line interface.

This functionality was introduced because there are issues with some vendor
backups where it reopens the files, overwrites file metadata at the start of the file,
and appends to the files in batches.

Because of this, the workloads cannot take advantage of the Automated Multi-
Streaming (AMS)56 functionality or synthetic replication.

56 The Automated Multi-Streaming (AMS) is a type of replication between two

PowerProtect DD appliances. It uses multiple streams to replicate a single large file
to improve the network bandwidth utilization during the replication. It also improves
the pipeline efficiency of the replication queue and provides improved replication
throughput and reduced replication lag.

PowerProtect DD Data Replication Implementation and Administration

Page 36 © Copyright 2021 Dell Inc.

Configuring Replication

Some customers already had a workaround in place. They used two cron jobs57:

• One cron job to disable the replication during the backup window.
• Another cron job to reenable the replication for the context after the backup is
done.

The replication scheduler gives you integrated functionality, so there is no need to

setup cron jobs.

57 A "cron job" or cron is a process or task that runs periodically on a UNIX system.

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 37

Configuring Replication

Replication Scheduler Changes

New Replication Schedulers CLI

Following are the new replication schedulers CLI in DDOS:

• replication schedule reset context enable hhmm disable hhmm

Resets the scheduled enable and disable values for the specified replication
context to remove the schedule.
• replication schedule set context enable hhmm disable hhmm
Schedules enable and disable times for the specified replication context.
• replication schedule show

Displays all scheduled enable and disable times for all replication contexts on
the system.

Replication Output

Modified replication output in DDOS:

• replication add source source destination destination [low-

bw-optim {enabled | disabled}] [encryption {enabled
[authentication-mode {one-way | two-way | anonymous}] |
disabled}] [propagate-retention-lock {enabled | disabled}]
[ipversion {ipv4 | ipv6}] [max-replstreams n] [destination-
tenant-unit tenant-unit]
• replication status [destination | tenant-unit tenant-unit |
all] [detailed]

The output in DDOS now includes the following message when adding or
displaying directory replication contexts:

• Support for directory replication will be removed from a future DDOS release.
Use migration of directory replication to MTree replication. Contact your
contracted support provider or visit us online at https://support.emc.com.

PowerProtect DD Data Replication Implementation and Administration

Page 38 © Copyright 2021 Dell Inc.

Monitoring Replication

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 39

Monitoring Replication

Replication Reports

PowerProtect DD Management Center (DDMC) enables you to

generate reports to track space usage on a PowerProtect DD
appliance for up to the previous two years. You can also generate
reports to help understand replication progress. You can view
reports on file systems daily and cumulatively, over a period of
time.

There are two types of replication reports available for PowerProtect DD: the
replication status report58 and the replication summary report59.

Creating a Replication Status Report Replication Status Report Details

58The replication status report displays three charts describing the status of the
current replication job running on the system. This report provides a snapshot of all
replication contexts to help understand the overall replication status.

59The replication summary report provides performance information about the

overall network in-and-out usage, and per context levels over a specified duration.
You can select which contexts to analyze.

PowerProtect DD Data Replication Implementation and Administration

Page 40 © Copyright 2021 Dell Inc.

Data Recovery

PowerProtect DD Data Replication Implementation and Administration

© Copyright 2021 Dell Inc. Page 41

Data Recovery

Data Recovery Description

If source replication data becomes inaccessible, it can be

recovered60 from the replication destination.

Onsite PowerProtect DD systems are typically used to store

backup data onsite for short periods61, depending on local
practices and capacity.

In the case of a disaster destroying onsite data, the offsite replica is used to restore
operations.62

If a recovery fails or must be terminated, the replication recovery can

be aborted.

60With collection, directory and pool replication, the system uses the term "data
recovery." With MTrees, data recovery is termed, "data resynchronization."

61 Lost or corrupted files are recovered from the onsite PowerProtect DD system
since files are easy to locate and read at any time.

62Data on the replica or target system is immediately available for use by recovery
systems. When a PowerProtect DD system at the main site is repaired or replaced,
the data can be recovered using a few simple recovery commands. During
collection replication, the destination context must be fully initialized for the recover
process to be successful.

PowerProtect DD Data Replication Implementation and Administration

Data Recovery

If source replication data becomes inaccessible, it can be recovered from the

replication pair destination. The source must be empty before recovery can
proceed. Recovery can be performed for all replication types, except for MTree
replication.

Recover directory, collection, or pool replicated data by following these steps:

1. Navigate to Replication > Automatic and select the Summary tab.
2. To display the Start Recover dialog box, select More > Start Recover.
3. Select Directory, Collection, or Pool from the Replication Type menu.
4. Select the hostname of the system to be restored from the System to recover
to menu.
5. Select the hostname of the source system from the System to recover from
menu.
6. From the context list, Select the context to restore.
7. To change any host connection settings, select the Advanced tab.
8. To start the recovery, select OK.

PowerProtect DD Data Replication Implementation and Administration

Data Recovery

If a recovery fails or must be terminated, the replication recover can

be aborted. Recovery on the source should be restarted again as
soon as possible by restarting the recovery.
1. Click More, and select Abort Recover. The Abort Recover
dialog box appears, showing the contexts that are currently
performing recovery.
2. Click the checkbox of one or more contexts to abort from the
list.
3. Click OK.

PowerProtect DD Data Replication Implementation and Administration

Data Recovery

Data Resynchronization

Resynchronization brings the replication source and destination into sync.63

Resynchronization can be used to convert a collection replication to directory

replication.64

63Resynchronization is the process of recovering (or bringing back into sync) the
data between a source and a destination replication pair after a manual break. The
replication pair is resynchronized so both systems contain the same data.
Resynchronization is available for MTree, directory and pool replication, but not for
collection replication.

64 This is useful when the system is to be a source directory for cascaded

replication. A conversion is started with a replication resynchronization that filters
all data from the source PowerProtect DD system to the destination PowerProtect
DD system. This implies that seeding is accomplished by first performing a
collection replication, breaking collection replication, and then performing a
directory replication resynchronization.

PowerProtect DD Data Replication Implementation and Administration

Data Recovery

Data Resynchronization Using DDSM

To resynchronize a context, follow this process.

1. On the source and destination systems:
a. Navigate to the Replication > Automatic > Summary tab.
b. Select the target context.
c. Delete the context by selecting the Delete Pair button.
2. Select the replication From either the replication source or replication
destination system, select More > Start Resync to display the Start Resync
dialog.
3. Select the Replication Type to be resynced: Directory, MTree, or Pool. If
resyncing an MTree replication, the source and destination must have a
common snapshot. so do not delete existing snapshots before a resyncing the
source and destination.
4. Select the replication source system details.
5. Select the replication destination system hostname from the Destination
System menu.
6. Enter the replication source path in the Source Path text box.
7. Enter the replication destination path in the Destination Path text box.
8. To change any host connection settings, select the Advanced tab.
9. Select OK.

This process adds the context back to both the source and destination systems and
starts the resync process. The resync process can take between several hours and
several days, depending on the size of the system and current load factors.

PowerProtect DD Data Replication Implementation and Administration

Data Recovery

Managing Replication Demonstration

Movie:

Managing Replication

PowerProtect DD Data Replication Implementation and Administration

Appendix

PowerProtect DD Data Replication Implementation and Administration

Appendix

Replication Guidelines

The following are guidelines for setting up and configuring DD Replicator:

• A destination PowerProtect DD appliance must have available storage capacity

that is at least the size of the expected maximum size of the source directory.
Be sure that the destination PowerProtect DD appliance has sufficient disk
space to handle all data from replication sources.
• Ensure that there is enough network bandwidth to support the expected
replication traffic.
• The source must exist, and the destination must not exist. The destination is
created when a context is built and initialized. After replication is initialized,
ownership and permissions of the destination are always identical to the source.
• You can usually replicate between appliances that are within five releases of
each other, for example, from 6.0 to 7.2. However, there may be exceptions to
this, so review the tables in the DDOS Administration Guide, Replication version
compatibility section, or check with your Dell EMC representative.
• The DD file system must be enabled or, based on the replication type, is
enabled as part of the replication initialization. In the replication command
options, a specific replication pair is identified by the destination.
• Both systems must have an active, visible route through the IP network so that
each system can resolve its partner's hostname. During replication, a
PowerProtect DD system can perform normal backup and restore operations.

PowerProtect DD Data Replication Implementation and Administration

Appendix

Replication Pair and Context

PowerProtect DD A and
B make up the
replication pair.

Context #1
A is the source
B is the destination

Context #2
B is the source
A is the destination

Together, the replication source and destination appliances are called a pair. The
connection that is defined between the replication source and destination is a
context65.

65One replication pair can have multiple replication contexts. A PowerProtect DD

appliance can simultaneously be the source of some replication contexts and the
destination for other contexts.

PowerProtect DD Data Replication Implementation and Administration

Appendix

Replication Streams

Replication source
(read) streams

Replication
destination (write)
streams

Replication source
(read) streams

Replication
destination (write)
streams

A replication context can support multiple replication streams. The stream resource
utilization within a PowerProtect DD appliance is equivalent to a read stream
(source context) or a write stream (destination context).

PowerProtect DD Data Replication Implementation and Administration

Appendix

Replication Types
DD Replicator software offers four replication types.

Collection replication66 performs whole-

system mirroring in a one-to-one topology,
transferring changes in the collection,
including all logical directories and files of
the PowerProtect DD file system.

A subdirectory under /backup and all files

and directories below it on a source
system replicates to a destination
directory67 on a different PowerProtect DD
appliance.
If a pool is using backward-compatibility
mode, directory replication can be used to
replicate the media pool.

66 This type of replication is simple and requires fewer resources than other types.
It can provide higher throughput and support more objects with less overhead.

67This process transfers only the deduplicated changes of any file or subdirectory
within the selected PowerProtect DD file system directory.

PowerProtect DD Data Replication Implementation and Administration

Appendix

MTree replication is used to replicate

MTrees between PowerProtect DD
appliances.68 Media pools69 can be
replicated. The use of snapshots70
ensures that the data on the destination is
always a point-in-time copy of the source
with file consistency.

A fourth type of replication, managed file

replication, belongs to DD Boost
operations and is discussed later in this
course.

68Replicating individual directories under an MTree is not permitted with MTree

replication.

69By default, MTrees which can be replicated, are used when a media pool is
created. It uses the same WAN deduplication mechanism as directory replication to
avoid sending redundant data across the network.

70 Snapshots also reduce replication churn, making WAN use more efficient.

PowerProtect DD Data Replication Implementation and Administration

Appendix

Replication Topologies

PowerProtect DD appliances support various replication topologies in which data

flows from a source to a destination over a LAN or WAN.

• One-to-one replication71
• Bi-directional replication72
• One-to-many replication73

71One-to-one replication is the simplest type of replication is from a PowerProtect

DD source appliance to a PowerProtect DD destination appliance. This replication
topology can be configured with directory, MTree, or collection replication types.

72With bi-directional replication, a directory or MTree on System A is replicated to

System B and another directory or MTree on System B is replicated to System A.

PowerProtect DD Data Replication Implementation and Administration

Appendix

• Many-to-one replication74
• Cascaded replication75

73With one-to-many replication, data flows from a source directory or MTree on

System A to several destination systems. You could use this type of replication to
create more than two copies for increased data protection, or to distribute data for
multisite usage.

74With many-to-one replication MTree or directory replication data flows from

several source systems to a single destination system. This type of replication can
be used to provide data recovery protection for several branch offices at the
corporate headquarters IT systems.

75In a cascaded replication topology, a source directory, or MTree is chained

among three PowerProtect DD systems. The last hop in the chain can be
configured as collection, MTree, or directory replication, depending on whether the
source is directory or MTree.

PowerProtect DD Data Replication Implementation and Administration

Appendix

General MTree Replication Guidelines

Here are general guidelines for MTree Replication:

• MTree replication supports Retention Lock Compliance

• If you license Retention Lock on a source, the destination must also have a
Retention Lock license or replication fails.76
• MTree replication supports 1-to-1, bi-directional, one-to-many, many-to-one,
and cascaded replication topologies.
• The number of MTrees supported on a system is dependent upon the
PowerProtect DD appliance model you use
• The active MTree limit is based on the PowerProtect DD appliance model.

76To avoid this situation, you must disable Retention Lock on the MTree. If you
enable retention lock in a replication context, the replicated destination context
contains data that is retention locked.

PowerProtect DD Data Replication Implementation and Administration

Appendix

Source System Guidelines

The following are guidelines for the MTree replication source system:

• Data can be logically segregated into multiple MTrees to promote greater

replication performance
• Replicating directories under an MTree is not permitted. A directory below the
root of an MTree cannot be the replication source

PowerProtect DD Data Replication Implementation and Administration

Appendix

Destination System Guidelines

The following are guidelines for the MTree replication destination system:

• If the context is configured, the destination MTree is kept in a read-only state

and can receive data only from the source MTree
• A destination PowerProtect DD system can receive backups from both CIFS
and NFS clients, provided they are used in separate MTrees

PowerProtect DD Data Replication Implementation and Administration

Appendix

Example URL Schemes

These are example URL schemes for collection, MTree, and
Directory replication.

Collection replication

• col://<hostname>
• col://ddsys

MTree replication

• mtree://<hostname>/data/col1/<mtree-name>
• mtree://ddsys/data/col1/engineering

Directory replication

• dir://<hostname>/data/col1/backup/<dir-path>
• dir://ddsys/data/col1/backup/corp/finance

PowerProtect DD Data Replication Implementation and Administration

Appendix

Review Replication Configuration Using the CLI

With an admin or limited-admin, security, user, backup-operator, none, tenant-user,

tenant admin role, you can review the configuration of a replication context using
the replication show config command:
• replication show config | all - Shows the connection host, port, IP
version, and whether many other options are configured.
• replication show detailed-history - Show details of replication
performance history

PowerProtect DD Data Replication Implementation and Administration

Appendix

Creating a Replication Pair with a Collection Context

To create a replication pair with a collection context:

1. Select collection from the dropdown Replication Type field.
2. Provide the destination system hostname.
3. If the destination system is not listed in the dropdown menu, add it by selecting
the Add System hyperlink.
4. To initiate the configuration process, select OK.
5. If the file system on the replication source is enabled, a warning is displayed. To
continue, select OK, or to go back click Cancel.
6. Monitor the system as the replication context is created.
7. After the create pair process completes, select Close.

PowerProtect DD Data Replication Implementation and Administration

Appendix

Creating a Replication Pair with a Directory Context

To create a replication pair with a directory context:

1. Select Directory from the dropdown Replication Type field.
2. Provide the destination system hostname.
3. If the destination system is not listed in the dropdown menu, add it by selecting
the Add System hyperlink.
4. Provide the name of the source directory.
5. Provide the name of the destination directory.
The source and destination directories must be under the
/data/col1/backup directory. The source and destination directories are not
required to be on the same directory level.
6. Select OK implement the configuration.
7. Monitor the system as it verifies that the destination system is qualified as a
destination for a directory replication context.
8. After the create pair process completes, select Close.

PowerProtect DD Data Replication Implementation and Administration

Appendix

Creating a Replication Pair with an MTree Context

To create a replication pair with an MTree context:

1. Select MTree from the dropdown Replication Type field.
2. Provide the destination system hostname.
If the destination system is not listed in the dropdown menu, add it by selecting
the Add System hyperlink.
3. Provide the name of the source MTree.
4. Provide the name of the destination MTree.
The source and destination MTrees must be directly under /data/col1 in the
file system. The source and destination MTrees are required to be at the same
directory level.
5. Select OK implement the configuration.
6. Monitor the system as it verifies that the destination system is qualified as a
destination for an MTree replication context.
7. After the Create Pair process completes, select Close.

PowerProtect DD Data Replication Implementation and Administration

Appendix

Configuring a Replication Context Using the CLI

With an admin or limited-admin role, you can configure a replication context using
the replication add command. Following are example commands for
collection, directory, and MTree context creation:
• replication add source col://system-dd1.chaos.local
destination col://systemdd2.chaos.local - to add a collection
replication context
• replication add source mtree://system-
dd1.chaos.local/data/col1/mtree1 destination
mtree://system-dd2.chaos.local/data/col1/dstmtree1 max-
repl-streams 6 destination-tenantunit tu1 - to add a directory
replication context
• replication add source dir://system-
dd1.chaos.local/backup/dir1 destination
dir://systemdd2.chaos.local/backup/dir1 - to add an MTree
replication context

PowerProtect DD Data Replication Implementation and Administration

Appendix

Creating a Replication Status Report

Create a replication status report when you want to evaluate file system or
replication data that is collected in the past:
1. In the PowerProtect DD Management Center, select Reports > Management.
2. Click Add.
3. Select System Reports.
4. The schedule is shown with the default settings.
5. Provide email addresses to contact when the report is finished or if an error
occurs.
6. A summary screen shows the completed configuration.
The replication status report generates a summary of the report configurations.
7. If the configurations are correct, click Finish.
8. The Replication Report is available in Reports > Management.
9. Double-clicking the Report icon opens the details.
10. This replication report contains 10 pages and each report has three sections,
Status Overview, System Pairs, and System Details.

PowerProtect DD Data Replication Implementation and Administration

Appendix

Replication Status Report Details

Replication status report details is created and presented in the PowerProtect DD

Management Center (DDMC).

To open the report, launch the DDMC and double-click the Report icon.

PowerProtect DD Data Replication Implementation and Administration

Appendix

A typical report contains several pages and presents three sections: Replication
Status Overview77, Replication Pairs78, and System Details79.

Automatic Replications Overview reports systems with pairs lagging beyond

thresholds, by bytes remaining for MTree and directory replications and systems
with lagging collection replications.

77 The Replication Status Overview provides a summary of all replication contexts

for a PowerProtect DD system. The overview shows the status for the inbound and
outbound replication pairs.

Automatic Replications Overview reports systems with pairs lagging beyond

thresholds, by bytes remaining for MTree and directory replications and systems
with lagging collection replications.

On-Demand Replications status shows that the system with failed outbound on-
demand replications ranked by percentage.

78The Replication Pairs section reports errors, warnings, or unknown status for
automatic and on-demand replications.

79The System Details section reports on both source and destination systems. It
provides inbound and outbound statistics and displays a trend analysis over the
last 30 days.

More details show system details for source and destination systems that include
replications with lags over thresholds, on-demand replications by highest
percentage of failed transfers, inbound automatic replications, and inbound on-
demain replications.

The last section provides details about outbound and cascaded automatic
replications and outbound on-demand replications.

PowerProtect DD Data Replication Implementation and Administration

Appendix

On-Demand Replications status shows that the system with failed outbound on-
demand replications ranked by percentage.

PowerProtect DD Data Replication Implementation and Administration

DD BOOST
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

DD Boost Overview and Features ............................................................................ 3

DD Boost Features .............................................................................................................. 4
Technology Interoperability .................................................................................................. 7
Storage Units ....................................................................................................................... 8
Distributed Segment Processing .......................................................................................... 9
Managed File Replication................................................................................................... 11
Advanced Load Balancing and Link Failover...................................................................... 13
Virtual Synthetic Backups .................................................................................................. 15
DD Boost Over Fiber Channel............................................................................................ 21

Configuring DD Boost ............................................................................................. 23

DD Boost Configuration ..................................................................................................... 24
Configure DD Boost Over Fibre Channel ........................................................................... 32

Using DD Boost with Backup Software.................................................................. 37

DD Boost with Dell EMC NetWorker .................................................................................. 38
DD Boost with Dell EMC Avamar ....................................................................................... 40
DD Boost with PowerProtect Data Manager....................................................................... 42
DD Boost for Partner Integration ........................................................................................ 43
BoostFS ............................................................................................................................. 44
DD Boost with Veritas NetBackup and Backup Exec ......................................................... 48
DD Boost with Other Third-Party Applications .................................................................... 50

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

DD Boost Features

Backup Hosts

Clients

DD Boost DD Boost
Library Library

Server
DD Boost

DD Boost is a proprietary Dell EMC protocol that is more efficient than CIFS or NFS
for transferring data to a PowerProtect DD appliance. DD Boost is an efficient data
transfer protocol with options to increase efficiencies.

DD Boost provides the following features:

• Advanced integration with partner backup systems and enterprise applications.
• Increased performance, and ease of use for backup and recoveries.
• Parts of the deduplication process are distributed to the backup server or
application clients.
• Advanced load balancing and link failover1 using Dynamic Interface Groups
(DIG).

1To improve data transfer performance and increase reliability, you can create a
group interface using the advanced load balancing and link failover feature.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

• Managed File Replication2 (MFR) for supported backup applications.

• Contains DD Boost security3 options.
• Supports file replication DD encryption4.

Configuring an interface group creates a private network within the PowerProtect

DD appliance, which is composed of the IP addresses designated as a group.
Clients are assigned to a single group by specifying client name
(client.dellemc.edu) or wildcard name (*.dellemc.edu).

2The application host is aware of, and manages replication of backups that are
created with DD Boost.

3DD Boost security options include setting the DD Boost authentication mode and
encryption strength. The PowerProtect DD appliance compares the global
authentication mode and encryption strength against the per-client authentication
mode and encryption strength to calculate the effective authentication mode and
authentication encryption strength.

The system does not use the highest authentication mode from one entry, and the
highest encryption settings from a different entry. The effective authentication mode
and encryption strength come from the single entry that provides the highest
authentication mode.

4 You can encrypt the data replication stream by enabling the file replication DD
Encryption option. If DD Boost file replication encryption is used on systems without
the data at rest option, it must be set to on for both systems.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

• Performs virtual synthetic backups5.

• Optionally uses low-bandwidth optimization6 over low-bandwidth connections.

Important: DD Boost is an optional feature that requires a separate

license to operate.

5Virtual synthetic backups reduce processing overhead associated with traditional

synthetic full backups. Like a traditional backup scenario, optimized synthetic
backups start with an initial full backup with incremental backups that are
performed throughout the week. However, the subsequent full backup requires no
data movement between the application server and PowerProtect DD appliance.

The second full backup is synthesized using pointers to existing segments on the
PowerProtect DD appliance. This optimization reduces the frequency of full
backups, thus improving recovery point objectives (RPO) and enabling single-step
recovery to improve recovery time objectives (RTO).

Also, optimized synthetic backups further reduce the load on the LAN and
application host.

6 If you use file replication over a low-bandwidth network, you can increase
replication network efficiency by using low-bandwidth optimization. This feature
provides extra compression during data transfer. Low-bandwidth compression is
available to PowerProtect DD appliances with an installed Replication license.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

Technology Interoperability

PowerProtect Data
Backup Exec VDP Advanced Data Protector SAP HANA
Avamar NetWorker Manager NetBackup vRanger NetVault Veeam Greenplum RMAN SAP DB2 SQL

App
Server

Supported over LAN

Backup
Server
Supported over SAN

Supported over WAN

DD Boost supports interoperability with many products on various backup host

platforms and operating systems. The interoperability matrix is both large and
complex. To be certain a specific product is compatible with DD Boost, consult the
Dell Technologies E-Lab Interoperability Navigator.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

Storage Units

The PowerProtect DD appliance exposes user-created disk volumes that are called
storage units (SUs) to a DD Boost-enabled application host. Access to the SU is
operating system independent. Multiple application hosts, when configured with DD
Boost, can use the same SU on a PowerProtect DD appliance as a storage server.

In this example, an administrator created an SU named “User-created_su.” As the

system completes the SU creation, an MTree is created. Creating storage units
creates MTrees under /data/col1.

Storage units can be monitored and controlled the same as any data managed
within an MTree. You can set hard and soft quota limits and receive reports about
the contents of any MTree, includeing a DD Boost storage unit.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

Distributed Segment Processing

1. Segments data to be backed up

Backup Hosts
4. Filters fingerprints,
requests only unique data
2. Creates fingerprints and sends them to the PowerProtect segments
DD appliance

3. Compresses and sends only

Clients unique data segments DD Boost Library
5. Notes references to
previously stored data
and writes new data

Server

DD Boost

Distributed Segment Processing (DSP) shares deduplication duties with the backup host.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

With DSP enabled, the With DSP enabled, the DSP has several benefits,
backup host performs PowerProtect DD including:
these functions: appliance performs these • More efficient CPU
functions:
• Segments the data utilization
• Filters the fingerprints
• Creates fingerprints of • Reduced utilization of
segment data and • Requests data not network bandwidth7
previously stored
• Sends fingerprints to • Less time to restart
the PowerProtect DD • Records references to failed backup jobs8
appliance previously stored data • Distribution of the
and writes new data
• Compresses data workload
• Sends only unique data
segments to the
PowerProtect DD
appliance

DD Boost can operate with DSP either enabled or disabled. DSP must be enabled
or disabled on a per-system basis. Individual backup clients cannot be configured
differently than the PowerProtect DD appliance.

7The network bandwidth requirements are reduced because only unique data is
sent over the LAN to the PowerProtect DD appliance. DSP enables use of existing
1-GbE infrastructure to achieve higher throughput than is physically possible over
1-GbE links with traditional backups without DSP.

8 If a job fails, the data that is already sent to the PowerProtect DD appliance does
not need to be sent a second time. This reduces the load on the network and
improves the overall throughput for the failed backups upon retry.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

Managed File Replication

DD Boost integration enables the backup application to manage file replication

between two or more PowerProtect DD appliances that are configured with DD
Boost software. It is a simple process to schedule replication operations and
monitor backups for both local and remote sites. In turn, recovery from backup
copies is also simplified because all copies are tracked in the backup software
catalog.
Reports the contents of
replicated data

DD Boost
Clients Backup Host

DD Boost Library
File replication done at the
request of DD Boost-
aware backup software

LAN

DD Boost

Server WAN

The PowerProtect DD appliance uses a wide area network (WAN)-

efficient replication process9 for deduplicated data.

9The process can be optimized for WANs, reducing the overall load on the WAN
bandwidth required for creating a duplicate copy.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

Standard MTree replication and managed file replication can operate on

the same system. However, managed file replication can be used only
with DD Boost Storage Units.

It is acceptable for both standard MTree replication and managed file

replication10 to operate on the same system.

Do not to exceed the total number of MTrees on a system11.

Remain below the maximum total number of replication pairs (contexts)

recommended for your particular PowerProtect DD appliance.
See the DDOS Administration Guide, available on the Dell EMC Support
site, for detailed information about the number of supported contexts for a
specific model.

10Managed file replication can be used only with MTrees established with DD
Boost storage units.

11The MTree limit is a count of both standard MTrees, and MTrees created as DD
Boost storage units. The limit depends on the PowerProtect DD appliance and the
DDOS version. See the DDOS Administration Guide for detailed information about
the number of supported MTrees for a specific model.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

Advanced Load Balancing and Link Failover

Load balanced backup server group

Backup Hosts

Application
layer
4-port interface
aggregation
group

NIC NIC

You can manage the physical interfaces that connect the system to a network and
create logical interfaces to support load balancing and link failover.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

The advanced load balancing and link failover feature supports combining multiple
Ethernet links into an interface group.
• Only one of the interfaces on the PowerProtect DD appliance is registered with
the backup application12.
• Load balancing provides higher physical throughput to the PowerProtect DD
appliance compared to configuring the interfaces into a virtual interface using
Ethernet-level aggregation.

The links connecting the backup hosts and the switch that connects to the
PowerProtect DD appliance are placed in an aggregated failover mode13.

This configuration provides network failover functionality14 in the configuration.

An interface group is configured15 on the PowerProtect DD appliance as a private

network used for data transfer.

Advanced load balancing and link failover work with interfaces of different speeds
in the same interface group16.

12DD Boost negotiates with the PowerProtect DD appliance on the interface that is
registered with the backup application to obtain an interface to send the data.

13A network-layer aggregation of multiple 1 GbE or 10-GbE links is registered with

the backup application and is controlled on the backup server.

14Any of the available aggregation technologies can be used between the backup
servers and the switch.

15 If an interface fails, all in-flight jobs to that interface transparently fail over to a
healthy interface in the interface group. Any jobs started after the failure are routed
to the healthy interfaces. You can add public or private IP addresses for data
transfer connections.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

Virtual Synthetic Backups

During a traditional full backup, all files are copied from the client to a backup host
and the resulting image set is sent to the PowerProtect DD appliance. The files are
transferred even though those files may not have changed since the last
incremental or differential backup. Copying data that has not changed since the last
full backup results in more bandwidth and time used to perform a backup operation.

In contrast, during a synthetic full backup, the previous full backup and the
subsequent incremental backups on the PowerProtect DD appliance are combined
to form a new full backup. The new full synthetic backup is an accurate
representation of the client file system at the time of the most recent full backup.
Synthetic backups require less time to perform a backup, and system restore times
and costs are reduced.

Full Incremental Incremental Incremental Incremental Synthetic Full Incremental

16Combining interfaces of different speeds in a single dynamic interface group

(DIG) is supported.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

What are virtual synthetic When to use virtual When not to use virtual
backups? synthetic backups. synthetic backups.

What Are Virtual Synthetic Backups

Full Incremental Incremental Incremental Incremental Synthetic Full Incremental

A synthetic full or synthetic cumulative incremental backup is a backup that is

assembled from previous backups.
• Synthetic full backups are generated from one previous, traditional full17, or
synthetic full backup and subsequent differential backups or a cumulative
incremental backup18.

17 A traditional full backup means a nonsynthesized, full backup.

18 The virtual synthetic backup is timestamped as occurring one second after the
latest incremental. It does not include any changes to the backup selection since
the latest incremental.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

• Used to restore files and directories19.

• Reduce network traffic20 and client processing.
• Are a solution for backing up remote offices with manageable data volumes and
low levels of daily change21.

19A client can use the synthesized backup to restore files and directories in the
same way that a client restores from a traditional backup.

20 Because processing takes place on the PowerProtect DD appliance under the

direction of the storage node, or backup host, virtual synthetic backups reduce the
network traffic and client processing. Client files and backup image sets are
transferred over the network only once.

21 The virtual synthetic full backup is a scalable solution for backing up remote
offices with manageable data volumes and low levels of daily change. If the clients
experience a high rate of change daily, the incremental or differential backups are
too large.

In this case, a virtual synthetic backup is no more helpful than a traditional full
backup. To ensure good restore performance, Dell Technologies recommends that
you create a traditional full backup every two months, presuming a normal weekly
full and daily incremental backup policy.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

When to Use Virtual Synthetic Backups

Full Incremental Incremental Incremental Incremental Synthetic Full Incremental

You might want to consider using virtual synthetic backups when:

• Backups are small and localized. Daily incremental backups are small22.
• The PowerProtect DD appliance has many disks23.
• Data restores are infrequent24.

22 <10% of a normal, full backup.

23 More than ten.

24 Restore performance from a synthetic backup is typically worse than a standard

full backup due to poor data locality.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

• Your intention is to reduce the amount of network traffic25 between the

application server, the backup hosts, and the PowerProtect DD appliance.
• Your backup hosts are burdened and might not handle distributed segment
processing (DSP) well.

When Not to Use Virtual Synthetic Backups

Full Incremental Incremental Incremental Incremental Synthetic Incremental

Full

It might not be appropriate to use virtual synthetic backups when:

• Daily incremental backups are large, or highly distributed26.

25 Synthetic backups can reduce the load on an application server and the data
traffic between an application server and a backup hosts. Synthetic backups can
reduce the traffic between the backup hosts and the PowerProtect DD appliance by
performing the Virtual Synthetic Backup assembly on the PowerProtect DD
appliance.

26 Incremental backups are >15% of a full backup.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

• You are backing up large, nonfile system data27.

• When you frequently restore data from backup.
• The PowerProtect DD appliance has few disks.
• Your backup hosts handle DSP well.
• Files in the Cloud Tier28 cannot be used as base files for virtual synthetic
operations.

27 Such as databases

28The incremental forever or synthetic full backups need to ensure that the files
remain in the Active Tier if they will be used in virtual synthesis of new backups.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

DD Boost Over Fiber Channel

Using Fibre Channel (FC) instead of Ethernet as the transport is transparent to the
backup application. DD Boost over FC presents Logical storage units (LSUs) to the
backup application and removes several limitations inherent to tape and VTL. DD
Boost over FC permits concurrent read and write, which is not supported with
virtual tape. The backup image is the smallest unit of replication or expiration vs.
virtual tape cartridge, which results in efficient space management.

FC SAN
Managed File Replication

DD Boost DD Boost

WAN

DD Boost Library
Local Data Center Disaster Recovery Site
FC SAN
Backup Server

Some considerations for using DD Boost over Fibre Channel are:

• Simplified Management29

29 - No access group limitations, simple configuration using few access groups.

- Manage backup images, as opposed to tape cartridges.

DD Boost Implementation and Administration - Participant Guide

DD Boost Overview and Features

• Advanced Load Balancing and Failover30

• Replication over TCP/IP

30
- A DD Boost library installed on backup hosts and DDOS perform path
management, load balancing, and failover.

- No need for expensive multipathing I/O (MPIO) software.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

DD Boost Configuration

DD Boost configuration is the same for all backup environments.

For the backup host you will follow On each of the PowerProtect DD
these steps: appliances you will follow these
steps:
1. License the backup software for
DD Boost if required by the 1. License DD Boost31 on all
software manufacturer. PowerProtect DD appliances.
2. Create devices and pools 2. Enable DD Boost on all
through the management PowerProtect DD appliances.
console interface. 3. Define a local user as the DD
3. Configure backup policies and Boost User, and set a backup
groups to use the PowerProtect host as a client by hostname.
DD appliance for backups with 4. Create storage units as needed.
DD Boost.
5. Optionally, set any DD Boost
4. Configure clone or duplicate Options.
operations to use managed file
replication between As needed, storage units can be
PowerProtect DD appliances. renamed, deleted, and restored.

31If the managed file replication feature of DD Boost is used, a replication license is
required on all systems.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Open the following ports if you plan to use any of the related features
through a network firewall:
• UDP 2049 (enables NFS communication)
• TCP 2051 (enables file replication communication)
• TCP 111 (enables RPC portmapper services comms)

Enabling DD Boost

DD Boost
Library

Backup Host

DD Boost
Source

DD Boost
Destination

The DD Boost feature is built-into DDOS. Unlock the DD Boost feature on each
PowerProtect DD appliance with a license. If you are planning not to use Managed
File Replication, the destination PowerProtect DD appliance does not require a DD
Boost license.

For Dell EMC NetWorker, Dell EMC Avamar and some third-party backup
applications, the DD Boost library is already included. Some third-party backup
applications require a special plug-in that you must download and install on the
backup host before enabling DD Boost. The plug-in contains the appropriate DD
Boost library for use with compatible products. To verify compatibility with your
specific software, consult the E-Lab Navigator for PowerProtect DD products.

All PowerProtect DD systems running DD Boost must also enable NFS on their
systems before enabling DD Boost.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

A second destination PowerProtect DD appliance that is licensed with DD Boost is

needed when implementing centralized replication awareness and management.
Enable NFS on each system you plan to run with DD Boost. Then, enable DD
Boost in the DD System Manager by going to Protocols > DD Boost > Settings. If
the DD Boost Status reads “Disabled,” click the Enable button.

You can also enable DD Boost from the command line using the ddboost
enable command. You can use the ddboost status command to verify
whether DD Boost is enabled or disabled on your system.

Adding DD Boost Users and Clients

Using the DD System Manager, you can add DD Boost clients and Users by going
to Protocols > DD Boost > Settings.

In the Allowed Clients area, click the plus button to enable access to a new client
using the DD Boost protocol on the system. Add the client name as a host name or
fully qualified domain name since IP addresses are not supported. An asterisk (*)
can be added to the Client field to enable access to all clients. You can also set the
Encryption Strength and Authentication Mode when setting up clients.

To add a DD Boost user for the system, click the plus button in the Users with DD
Boost Access section. In the Add User window, select from the list of existing
users, or add a new user.

Users and clients can also be added using the command line interface.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Adding DD Boost Users and Clients Using the CLI

You can also add users and clients using the

following commands:
• ddboost set user-name
<user-name> - Set DD Boost user.
• ddboost access add
clients <client-list> - Add clients to DD
Boost access list.

Consult the DDOS Command Reference Guide, available through the Dell EMC
Support portal, for more detailed information about using the ddboost commands
to administer DD Boost.

Creating Storage Units

Create a storage unit by going to Protocols > DD Boost > Storage Units. To
open the Create Storage Unit dialog box, click the plus sign. Name the storage
unit, select a DD Boost user and optionally set quotas. Under the Storage Unit tab,
you can view information about a storage unit such as the file count, full path,
status, quotas, and capacity measurements.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Some backup applications, such as Dell EMC NetWorker and

Avamar will create their own storage units when they are configured
to use a PowerProtect DD appliance as a backup target.

Storage units can also be created using the command line interface.

Creating Storage Units Using the CLI

The command line can be used to create

and manage storage units.
• ddboost storage-unit
create <storage-unit-name> - Create
a storage unit, setting quota limits.
• ddboost storage-unit
delete <storage-unit-name> - Delete
a storage unit.
• ddboost storage-unit show [compression] [<storage-unit-
name>] - List the storage-units and images in a storage-unit.

Consult the DDOS Command Reference Guide, available through the Dell EMC
Support portal, for more detailed information about using the ddboost commands
to administer DD Boost.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Setting DD Boost Options

To set various DD Boost options go to Protocols > DD Boost > Settings, click
More Tasks, and select Set Options. Other DD Boost options include DSP, Virtual
Synthetics, Low-Bandwidth Optimization, and File Replication Encryption.

You can also set DD Boost options from the command line interface.

Setting DD Boost Options Using the CLI

You can also set DD Boost options from the

command line.
• ddboost option reset -
Reset DD Boost options.
• ddboost option set
distributed-segment-processing
{enabled | disabled} - Enable or
disable distributed-segment-processing for DD Boost.
• ddboost option set virtual-synthetics {enabled | disabled} -
Enable or disable virtual-synthetics for DD Boost.
• ddboost option show - Show DD Boost options.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Consult the DDOS Command Reference Guide, available through the Dell EMC
Support portal, for more detailed information about using the ddboost commands
to administer DD Boost.

Renaming, Deleting, and Restoring Storage Units

You can rename, delete, and undelete storage units in the DD System Manager by
going to Protocols > DD Boost > Storage Units. To rename or modify a storage
unit, click the pencil icon. This opens the Modify Storage Unit dialog box enabling
you to change the name, the DD Boost User, and the quota settings.

You can delete one or more storage units by selecting them from the list and
clicking the red X icon. Any deleted storage units can be retrieved using the
Undelete Storage Unit item under the More Tasks button. Deleted storage units
can only be retrieved if file system cleaning has not taken place.

You can also rename, delete, and undelete storage units from the command line
interface.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Renaming, Deleting, and Restoring Storage Units Using the CLI

You can also rename, delete, and

undelete storage units from the
command line.
• ddboost storage-
unit create <storage-unit>
user <user-name> - Create a
storage unit, assign tenant and set
quota and stream limits.
• ddboost storage-unit delete <storage-unit> - Delete a specified
storage unit, its contents, and any DD Boost associations.
• ddboost storage-unit rename <storage-unit> <new-storage-
unit> - Rename a storage unit.
• ddboost storage-unit undelete <storage-unit> - Recover a deleted
storage unit.

Consult the DDOS Command Reference Guide, available through the Dell EMC
Support portal, for more detailed information about using the ddboost commands
to administer DD Boost.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Configure DD Boost Over Fibre Channel

DDOS offers Fibre Channel as an alternative transport mechanism for

communication between the DD Boost Library and the PowerProtect DD appliance.
Windows, Linux, HP-UX (64-bit Itanium architecture), AIX, and Solaris client
environments are supported.

DD Boost over Fibre Channel can be configured in the DD System Manager from
Protocols > DD Boost > Fibre Channel. Here you can enable DD Boost over
Fibre Channel, edit the server name, and add DD Boost Access Groups.

DD Boost can also be managed using the CLI.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Manage DD Boost Access Groups

DD Boost access groups, called scsitarget groups in the CLI, identify initiators
and devices they can access. Initiators can read and write to devices in its access
group, but not to devices in other DD Boost access groups. Initiators can only
belong to one access group. Initiators assigned to DD Boost access groups cannot
be assigned to DD VTL access groups on the same appliance.

Using the DD System Manager you can review or create DD Boost access groups.

Avoid making access group changes on a PowerProtect DD appliance during

active backup or restore jobs. A change may cause an active job to fail. The impact
of changes during active jobs depends on a combination of backup software and
host configurations.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Review DD Boost Access Groups

Review DD Boost
Access Groups by
following these steps:
1. To review the
configuration of the
DD Boost Access
Groups, select the
Hardware > Fibre
Channel > Access
Group tab.
2. A table appears
containing summary information about the DD Boost access groups and the
VTL access groups.
The information includes the name of the group, the type of service the group
supports, the endpoint associated with the group, the names of the initiators in
the group, and the number of devices (disks, changers, LUNs) in the group.
Note the groups that contain initiators and devices.
3. The DD Boost and VTL access groups are distinguished from one another by
the Service type.
4. The total number of groups that are configured on the system is shown at the
bottom of this section.
5. Select the View DD Boosts Groups hyperlink to go to the Protocol > DD
Boost page where there is more information and configuration tools.
6. Verify that the system went to the Protocols > DD Boost > Fibre Channel tab
in system manager.
7. Review the configuration of the DD Boost Access Groups.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Create DD Boost Access Groups

Create a DD Boost
access group by
following these
steps:
1. Go to the
Protocols > DD
Boost page.
2. Select the Fibre
Channel tab.
3. To create a
group, click the
plus icon.
4. Enter the group name in the Group Name field of the Create Access Group
dialog box.
The group name can be up to 128 characters in length. The name must be
unique. Duplicate names are not permitted.
5. From the Initiator list, select the Initiators that you want to add to this access
group.
You may add your initiator later, as you are not required to add one now.
6. Select Next.
The Create Access Group > Devices dialog box now is displayed.
7. Enter the number of devices (the range is from 1 to 64).
8. Select which endpoints to include.
9. Click Next.
The Create Access Group > Summary dialog box now is displayed.
10. Review the contents of the dialog box.
11. Once you are satisfied, select Finish to create the DD Boost Access Group.
12. When the system indicates that the DD Boost Access Group creation process
has completed, click OK.

DD Boost Implementation and Administration - Participant Guide

Configuring DD Boost

Configuring DD Boost Over Fibre Channel Using the CLI

You can also configure and manage DD Boost over Fibre Channel from the
command line.
• ddboost option set fc {enabled | disabled} - Enable or disable
Fibre Channel for DD Boost. Role required: admin, limited-admin.
• ddboost fc dfc-server-name set <server-name> - DDBoost Fibre
Channel set Server Name. Role required: admin, limited-admin.
• ddboost fc dfc-server-name show - Show DDBoost Fibre Channel
Server Name. Role required: admin, limited-admin.
• ddboost fc group add <group-name> initiator <initiator-
spec> - Add initiators or DDBoost devices to a DDBoost FC group. Role
required: admin, limited-admin.
• ddboost fc group add <group-name> device-set - Add one or more
DD Boost devices to a DD Boost Fibre Channel group. Role required: admin,
limited-admin.
• ddboost fc group create <group-name> - Create a DDBoost FC group.
Role required: admin, limited-admin.
• ddboost fc group show list [<group-spec>] [initiator
<initiator-spec>] - List configured DDBoost FC groups. Role required:
admin, limited-admin.
• ddboost fc status - DDBoost Fibre Channel Status. Role required:
admin,limited-admin, security, user, backup-operator, none.

Consult the DDOS Command Reference Guide, available through the Dell EMC
Support portal, for more detailed information about using the ddboost commands
to administer DD Boost.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

DD Boost with Dell EMC NetWorker

Backup Management

WAN
NetWorker Clients

Local PowerProtect DD Disaster Recovery PowerProtect

NetWorker Server
Appliance DD Appliance

Client Direct

NetWorker Storage Node

NetWorker Data Zone
(CIFS, NFS and VTL)

DD Boost provides NetWorker with visibility into the properties of the PowerProtect
DD appliance, control of the backup images, and efficient wide area network
replication.

After you configure a PowerProtect DD appliance for the DD Boost environment,

you can configure NetWorker resources for devices, media pools, volume labels,
clients, and groups. Keep the following NetWorker considerations in mind:
• Each DD Boost device is displayed as a folder on the PowerProtect DD
appliance32.

32A unique NetWorker volume label identifies each device and associates the
device with a pool.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

• NetWorker uses the pools to direct the backups or clones of backups to specific
local or remote devices.
• NetWorker uses data protection policy resources33 to specify the backup and
cloning schedules for member clients.

The client direct feature34 enables clients that have a direct network connection or a
DD Boost over Fibre Channel (DFC) connection to the PowerProtect DD system to
send and receive data directly to Data Domain AFTD and DD Boost devices.

Dell Technologies recommends that you use the Device Configuration Wizard,
which is part of the NetWorker Administration GUI, to create and modify DD Boost
devices. The wizard can also create and modify volume labels and the storage
pools for DD Boost devices.

33 Dell Technologies recommends that you create policies that are dedicated solely
to DD Boost backups.

34Client Direct supports multiple concurrent backup and restore operations that
bypass the NetWorker storage node, which eliminates a potential bottleneck. The
storage node manages the devices that the clients use but does not handle the
backup data. The clients backup directly to the PowerProtect DD system and
deduplicate (DSP) directly from the client instead of going through the backup
server or storage nodes.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

DD Boost with Dell EMC Avamar

Data
WAN

Local PowerProtect DD Disaster Recovery PowerProtect

Appliance DD Appliance

Avamar Clients

Metadata

Avamar Data Store

DD Boost increases performance by distributing parts of the deduplication process

to Avamar clients. Before DD Boost, Avamar clients could only send data to an
Avamar server. With the DD Boost Library integrated in Avamar, the client can
send unique data segments directly to the PowerProtect DD appliance.

Avamar clients use a multistream approach35 to send backup data to the

PowerProtect DD appliance and metadata to the Avamar Data Store (ADS).

35 This approach enables users to deploy the optimal approach to deduplication for
different datatypes and manage the entire infrastructure from a single interface.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

During a backup, the Avamar server sends a backup request to the Avamar client.
If the backup request includes the option to use a PowerProtect DD appliance as
the target, the Avamar client sends the backup data directly to the PowerProtect
DD appliance36. Metadata for the backup is sent from the Avamar client to the
Avamar server. The metadata enables Avamar to manage the backup even though
the data is stored on a PowerProtect DD appliance.

As a result, backup data is stored on the PowerProtect DD appliance while tracking

metadata is stored on the Avamar server.

36 The backup data is not staged on the Avamar server before it is sent to the
PowerProtect DD appliance. The storage node manages the devices that the
clients use but does not handle the backup data. The clients backup directly to the
PowerProtect DD system and deduplicate (DSP) directly from the client instead of
going through the backup server or storage nodes.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

DD Boost with PowerProtect Data Manager

PowerProtect PowerProtect
DD DD

Application Hosts
Application Agents
PowerProtect
Data Manager

Dell EMC PowerProtect Data Manager offers DBA self-service data protection and
recovery through Application Direct (formerly DD Boost for Enterprise Applications).

Application Direct integrates with DD Boost and database applications, to give

administrators control and visibility to their application backup and restore
processes. With this level of control, DB administrators don’t need to go through
the Backup Admin thus enabling faster restore. The backup team can also perform
backup and restore operations centrally from the management console.

Application agents are installed on application host or database host servers to

manage protection using PowerProtect Data Manager. These agents are
commonly known as DD Boost Enterprise Applications (DDBEA) for databases and
applications.

The application agents, commonly installed in the PowerProtect environment, are:

• Microsoft Application Agent.

• Database Application Agent.
• Oracle RMAN Agent.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

DD Boost for Partner Integration

When integrated with partner applications, DD Boost gives application owners

control of and visibility into their own backups to PowerProtect DD appliances using
application native tools and utilities. By distributing parts of the deduplication to the
application server, DD Boost reduces backup durations and the impact on network
resources. This approach enables application administrators to perform backup
and recovery operations instead of relying on a centralized backup team.

DD Boost supports various enterprise applications, including:

• IBM DB2, Oracle, SAP HANA, and SAP with Oracle
• Microsoft SQL and Exchange servers
• Hadoop: Cloudera, Hortonworks

To verify compatibility with your specific software, consult the Dell EMC DD Boost
for Partner Integration Administration Guide available on the Dell EMC Support
site.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

BoostFS

CBFS for Windows

FUSE for Linux

DD Boost Filesystem (BoostFS) provides a general file-system interface to the DD

Boost library:
• BoostFS enables standard backup applications to take advantage of DD Boost
features37.
• BoostFS is similar to CIFS or NFS38 but uses the DD Boost protocol.
• BoostFS is supported on Windows and Linux platforms.

BoostFS supports single-node PowerProtect DD appliances, high-availability (HA)

systems, PowerProtect DD Virtual Edition, and Extended Distance Protection.

37By using DD Boost technology, BoostFS helps reduce bandwidth, can improve
backup times, offers load-balancing, in-flight encryption, and supports Secure Multi-
Tenancy.

38As a file server system implementation, the BoostFS workflow is similar to CIFS
or NFS but uses the DD Boost protocol. Also, BoostFS improves backup times
compared to CIFS, NFS, and various copy-based solutions.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

BoostFS for Windows

BoostFS for Windows can be installed on Windows Server 2012, Windows Server
2012 R2, or Windows Server 2016, and supports several backup and enterprise
applications.

Install BoostFS for Windows by using the MSI installer that can be downloaded
from the Dell EMC Support site. Do not change the default settings. The MSI
installer includes several binary files and a device driver from EldoS Corporation.

BoostFS for Windows uses CBFS39. This functionality is similar to that of FUSE on
UNIX operating systems. To install BoostFS for Windows, you must install the
CBFS driver from EldoS Corporation40.

When installing BoostFS for Windows:

• Use an account with administrator rights to run the installer.
• Ensure that there is enough free space to complete the installation, which
requires approximately 7 MB of disk space.

See the Dell EMC DD BoostFS for Windows Configuration Guide, available on the
Dell EMC Support site, for more information about installing and configuring
BoostFS for Windows.

39CBFS is a software interface from EldoS that enables file systems to exist in user
space and not only within a driver in kernel space.

40 If another program on the system previously installed the CBFS driver, the driver
that BoostFS installs is installed alongside it. The BoostFS CBFS driver does not
affect the operation of the other program.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

BoostFS for Windows Supported Applications

BoostFS for Windows supports the following applications:

• Commvault Simpana versions 10 and 11
• Microsoft SQL Server 2012 and 2016
• MySQL Community 5.6 and 5.7
• MySQL Enterprise Manager 5.6 and 5.7
• MongoDB Community 2.6, 3.0, and 3.2

BoostFS for Linux

BoostFS for Windows can be installed on several Linux distributions, and supports
several backup and enterprise applications.

There is a single RPM installation package for BoostFS for Linux that both
enterprise and small-scale users can download from the Dell EMC Support site. It
is available in both RPM and .deb formats. The RPM package includes the
BoostFS executable.

Before beginning the process, verify that the FUSE version on the client is 2.8 or
higher.

See the Dell EMC DD Boost BoostFS for Linux Configuration Guide, available on
the Dell EMC Support site, for more information about installing and configuring
BoostFS for Linux.

BoostFS for Linux Supported Distributions

The following Linux distributions are supported:

• Red Hat Enterprise Linux versions 6 and 7
• CentOS 7
• SUSE Linux Enterprise Server versions 11 and 12
• Ubuntu 14.04 and 15
• Oracle Linux version 7

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

BoostFS for Linux Supported Applications

BoostFS for Windows supports the following applications:

• Commvault Simpana versions 10 and 11
• MySQL Community 5.6 and 5.7
• MySQL Enterprise Manager 5.6 and 5.7
• MongoDB Community 2.6, 3.0, and 3.2

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

DD Boost with Veritas NetBackup and Backup Exec

NetBackup Server

WAN or LAN

Local PowerProtect DD Disaster Recovery PowerProtect

Appliance DD Appliance
Backup Management
Clients

Media Server

Servers
Read/Write Server

Veritas NetBackup: DD Boost for Veritas NetBackup OpenStorage enhances the

integration between NetBackup and PowerProtect DD appliances. It distributes part
of the deduplication process to the media server, improving backup throughput,
reducing media server loads, and decreasing LAN bandwidth requirements. It also
enables advanced load balancing and failover at the Ethernet link layer.

DD Boost for NetBackup has two components. The DD Boost Library is embedded
in the OpenStorage plug-in that runs on the NetBackup Media servers. The DD
Boost server is built into DDOS and runs on the PowerProtect DD appliance.

Veritas Backup Exec: The combination of a PowerProtect DD appliance and DD

Boost for Veritas Backup Exec creates an optimized connection to provide a tightly
integrated solution. DD Boost for Veritas Backup Exec offers operational simplicity
by enabling the media server to manage the connection between the backup
application and one or more PowerProtect DD appliances.

With Veritas Backup Exec, the plug-in software must be installed on media servers
that access the PowerProtect DD appliance during backups. Backup Exec is not
supported for use with DD Boost over Fibre Channel.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

See the Dell EMC DD Boost for OpenStorage Administration Guide, available on
the Dell EMC Support site, for more information about using DD Boost with Veritas
NetBackup and Backup Exec.

DD Boost Implementation and Administration - Participant Guide

Using DD Boost with Backup Software

DD Boost with Other Third-Party Applications

DD Boost works with many popular backup applications. Consult the DD Boost
Compatibility Guide, available on the Dell EMC Support site, for the latest
information about the backup applications that support DD Boost.

Many third-party backup applications do not natively support DD Boost, but require
the DD Boost plug-in to install the DD Boost library. Install the plug-in software on
each media server and configure the backup software as documented by the
manufacturer.

Before installing either the DD Boost plug-in or DDOS, consult the Dell
Technologies eLab Navigator. You can select from the various DD Boost guides to
learn which DD Boost client to download and use for your backup software version,
DDOS version, and client operating system version.

Failure to consult the Dell Technologies eLab Navigatorcould result in unexpected

incompatibilities.

DD Boost Implementation and Administration - Participant Guide

POWERPROTECT DD
VIRTUAL TAPE LIBRARY
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

PowerProtect DD VTL Overview .................................................................................. 1

DD VTL Overview ................................................................................................................ 2

VTL Planning .............................................................................................................. 9

VTL System Capacity ........................................................................................................ 10
Backup Software Guidelines .............................................................................................. 13
Fibre Channel Configuration Guidelines............................................................................. 16
Licensing, User Access, and VTL Limits ............................................................................ 19
VTL Access Groups ........................................................................................................... 21
Tape Management ............................................................................................................. 22
NDMP Support ................................................................................................................... 26
IBM i Support ..................................................................................................................... 27

Configuring VTL ....................................................................................................... 29

Creating a VTL ................................................................................................................... 30
Enabling and Disabling DD VTL ......................................................................................... 34
Managing a VTL ................................................................................................................ 36
Reviewing the VTL Configuration ....................................................................................... 37
Managing VTL Access Groups........................................................................................... 39
Managing Tapes and Tape Pools ...................................................................................... 47
NDMP ................................................................................................................................ 65

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

PowerProtect DD VTL Overview

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

PowerProtect DD VTL Overview

DD VTL Overview

What is PowerProtect DD VTL Benefits DD VTL Terminology

DD VTL?

DD VTL Description

A Fibre Channel (FC) equipped host

Backup Application

connecting to a Storage Area Network Fibre Channel SAN

FC Switch
(SAN) can communicate with an FC equipped
PowerProtect DD appliance. When properly FC Host

zoned, the host can send its backups using the

VTL 1
FC protocol directly to the appliance.
VTL 2

Physical VTL-Enabled PowerProtect DD

•
Tape Appliance
DD VTL Feature Library

Physical Tapes/Pools Virtual Tapes/Pools

− Emulates a physical tape library1

1The PowerProtect DD Virtual Tape Library (DD VTL) feature provides a disk-
based backup system that emulates the use of physical tapes. This feature enables
backup applications to connect to and manage system storage using functionality
almost identical to a physical tape library.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

PowerProtect DD VTL Overview

− VTL is displayed as a SCSI robotic device (changer).2

− VTL drives are displayed as SCSI tape drives.3
− VTL can be used along side other protocols.4
• Backup applications manage data movement to and from the PowerProtect DD
appliance.5
• DDOS

− Manages replication6

2 A VTL is displayed to the backup software as a SCSI robotic device or changer.

Virtual tape drives are accessible to backup software in the same way as physical
tape drives.

3Once virtual drives are created, they appear to the backup software as SCSI tape
drives.

4The DD VTL feature provides a network interface to the file system. The VTL
protocol can be active along side CIFS, NFS and DD Boost, providing network
access to the file system.

5 PowerProtect DD appliances support backups over the SAN using Fibre Channel.
The backup application on the backup host manages all data movement to and
from the appliance. An FC switch is not needed when a direct connection from the
backup host to the appliance is used.

6When disaster recovery is needed, tape pools can be replicated to a remote

PowerProtect DD appliance using the DD replication feature.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

PowerProtect DD VTL Overview

− Supports retention lock7

DD VTL has been tested with specific backup software and hardware
configurations. For more information, see the appropriate Backup Compatibility
Guide on the Dell EMC Support site.

DD VTL Benefits

• Integrates with an existing Fibre Channel or

tape-based infrastructure8
• Allows simultaneous use of VTL with NAS, NDMP,
and DD Boost9
• Eliminates tape-based storage issues that are
related to physical tape10

7Tapes can be locked using the DD Retention Lock feature to protect data from
modification.

8 DD VTL offers a simple integration, using existing backup policies. DD VTL can
use existing backup policies in a backup system using a strategy of physical tape
libraries.

9 PowerProtect DD appliances simultaneously support data access methods

through VTL over Fibre Channel, Network Data Management Protocol (NDMP)
access over Ethernet, NFS, CIFS, DD Boost. This deployment flexibility means that
users can rapidly adjust to changing enterprise requirements.

10DD VTL eliminates the use of tape and the accompanying tape-related issues for
most restores. Compared to normal tape technology, DD VTL provides resilience in
storage through the benefits of Data Invulnerability Architecture (DIA).

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

PowerProtect DD VTL Overview

• Reduces storage space requirements by using deduplication technology11

• Reduces RTO by eliminating the need for physical tape handling12

DD VTL Terminology

Different tape library products package some components in different ways, and
the names of elements may differ, but the fundamental function is the same.

Slots
Barcode

Changer Cartridge
Access
Port (CAP) Library
Tape

Tape Drive
Tape
Tape Pool Devices Drives Vault

11PowerProtect DD appliances that are configured for VTL reduce storage space
requirements by using deduplication technology.

12Disk-based network storage provides a shorter Recovery Time Objective (RTO)

by eliminating the need for handling, loading, and accessing tapes from a remote
location.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

PowerProtect DD VTL Overview

• Barcode13
• Tape14
• Pool15
• Tape Drive16
• Changer17

13A barcode is a unique ID for a virtual tape. Barcodes are assigned when the user
creates the virtual tape cartridge. A unique ID for a virtual tape that is assigned
when the user creates the virtual tape cartridge.

14 A tape is a cartridge holding magnetic tape that is used to store data long term.
The backup software creates virtual tapes which to act the same as physical tape
media. Tapes are represented in a system as grouped datafiles. Tapes can be
moved between a long-term retention vault to a library. They can also move within
a library across drives, slots, and CAPs. A tape is also called a cartridge.

15 A pool is a collection of tapes that maps to a directory on a file system that is

used to replicate tapes to a destination. Note: Pools in DDOS are not the same as
backup software pools. Most backup software, including Dell EMC NetWorker, has
its own pooling mechanism.

16 A tape drive is the device that records backed-up data to a tape cartridge. In the
virtual tape world, this drive still uses the same Linear Tape-Open (LTO)
technology standards as physical tape drives. Depending on the multiplex setting of
the backup application, each drive operates as a device that can support one or
more data streams.

17A changer (Tape Backup Medium Changer) is the device that handles the tape
between a tape library and the tape drive. In the virtual tape world, the system
creates an emulation of a specific type of changer.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

PowerProtect DD VTL Overview

• Cartridge Access Port18

• Slot19
• Library20
• Tape Vault21

Although no tapes are physically moved, the virtual tape backup medium changer
must emulate the messages that your backup software expects when tapes are
moved. Selecting and using the incorrect changer model in your configuration
causes the system to send incorrect messages to the backup software. These
incorrect messages can cause the VTL system to fail.

18 A cartridge access port (CAP) enables the user to deposit and withdraw tape
cartridges (volumes) in an autochanger without opening its door. In a VTL, a CAP
is the emulated tape enter and eject point for moving tapes to or from a library. The
CAP is also called a mail slot.

19 A slot is a storage location within a library. For example, a tape library has one
slot for each tape that the library can hold.

20A library is a collection of magnetic tape cartridges that are used for long-term
data backup. A VTL emulates a physical tape library with tape drives, changer,
CAPs, and slots (cartridge slots). A library is also called an autoloader, tape silo,
tape mount, or tape jukebox.

21A tape vault is a holding place for tapes not in any library. Tapes in the vault
eventually have to be moved into the tape library before they can be used.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

PowerProtect DD VTL Overview

• Initiator22
• Access Group23

22An initiator is the device that starts a SCSI session and sends SCSI commands.
The initiator is usually a backup server. On the PowerProtect DD appliance, you
must identify the initiators that are permitted to control the system through SCSI
commands. The PowerProtect DD appliance needs the WWPN to determine which
Fibre Channel traffic is from an authorized initiator. When you identify the initiator,
you can also provide a name, or alias, that maps to the initiators WWPN. The name
makes it easier to manage the initiator through the DDOS user interface.

23 An access Group, or VTL Group, is a collection of initiators and the drives and
changers they can access. An access group may contain multiple initiators, but an
initiator can exist in only one access group.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

VTL System Capacity

• DDOS limits the number of tapes,

drives, libraries (VTLs), slots, cartridge
access ports (CAPs), block size, read, and
write streams.
• The following information provides capacities
for the various features in a DD VTL
configuration:
− DD VTL is scalable and should accommodate most configurations.
− Your backup host may not support these limits.24
• Create only as many tapes and slots as needed.25

For further information about the definitions and capacities of specific systems,
consult the DDOS System Administration Guide and the VTL Best Practices Guide.
Both are available through the Dell EMC Support Portal.

24 See your backup host software support for correct sizing to fit your software.

25 Standard practices suggest creating only as many tape cartridges as required to

satisfy backup requirements and enough slots to hold the number of tapes you
create. Creating more slots is not a problem. The key in good capacity planning is
to not be excessive beyond the system requirements and add capacity as needed.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Tape Drive Limits

Number of CPU RAM (in GB) NVRAM (in GB) Maximum

Cores number of
supported drives

Fewer than 32 4 or less N/A 64

More than 4, up N/A 128

to 38

More than 38, up N/A 256

to 128

More than 128 N/A 540

32–39 Up to 128 Less than 4 270

Up to 128 4 or more 540

More than 128 N/A 540

40–59 N/A N/A 540

60 or more N/A N/A 1080

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

DD VTL Capacity

In setting up a Virtual Tape Library (VTL) on a PowerProtect DD appliance, you

must be aware of the capacity of the system. The configuration of the VTL depends
on the tape drive technology, and changer model you are emulating. The
processing power and storage capacity of the appliance that is used to provide the
VTL dictate the efficiencies. Larger, faster systems support more streams to write
to a higher number of virtual tape drives, thus providing faster virtual tape backups.
For specific stream and drive limits, look in the DDOS System Administration
Guide.

Item Max Capacity

I/O (Block) Size 1 MB

Libraries (VTLs) 64 concurrently active library instances per system

Slots 32,000 per library

64,000 per system

CAPs 100 per library

1,000 per system

Tape Size Can be configured to 4,000 GiB per tape.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Backup Software Guidelines

Ensure that you understand the requirements

and capabilities of the backup software.
• 64-KiB minimum record (block) size26
• Verify supported changers and tape drives
• Disable multiplexing
• Use multiple data streams: Each stream from
initiator to separate tape drive27

26Dell Technologies strongly recommends that backup software is set to use a

minimum record (block) size of 64 KiB or larger. Larger sizes usually give faster
performance and better data compression.

Depending on your backup application, if you change the size after the initial
configuration, data that is written with the original size might become unreadable.

27 To increase throughput efficiency and maintain deduplication-friendly data,

establish multiple data streams from your client system to the PowerProtect DD
appliance. Each stream requires writing to a separate virtual drive. See the DDOS
Administration Guide for specific information about the number of data streams
allowed for each model.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Supported Changers and Tape Drives

Verify that the backup software can support the

changers and drives that the PowerProtect DD
appliance emulates.

To work with drives, you must use the tape and

library drivers that are supplied by your backup
software vendor that support the IBM LTO-1, IBM
LTO-2, IBM LTO-3, IBM LTO-4, IBM LTO-5, IBM
LTO-7 (default), HP-LTO-3, or HP-LTO-4 drives
and the StorageTek L180 (default), RESTORER-L180, IBM TS3500, I2000, I6000,
or DDVTL libraries. For more information, see the Application Compatibility
Matrices and Integration Guides for your vendors. When configuring drives, keep in
mind the limits on backup data streams. See the DDOS Administration Guide for
the number of streams supported by different PowerProtect DD models.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Multiplexing

In a physical tape library setting, multiplexing is a method to gain efficiency by

sending data from multiple clients to a single tape drive. Multiplexing is the sending
of data from multiple clients, interleaving the data onto a single tape drive
simultaneously.

Multiplexing is not
Client recommended

Client Server
VTL Enabled PowerProtect DD
Appliance

Client

Multiplexing was useful for clients with slow throughput since a single client could
not send data fast enough to keep the tape drive busy.

With PowerProtect DD VTL, multiplexing causes existing data to land on a

PowerProtect DD appliance in a different order each time a backup is performed.
Multiplexing makes it difficult for a system to recognize repeated segments, thus
making deduplication less efficient. It is not recommended to enable multiplexing
on your backup host software when writing to a PowerProtect DD appliance.

If you are using NetWorker with DD VTL, you should take the following steps to
mitigate any data compression loss:
• Set the NetWorker tape block size on the Media Server to 256 KB. This value is
safe for all operating systems and drivers.
• To avoid low deduplication rates due to multiplexing of multiple backup streams,
Dell Technologies recommends setting NetWorker device properties "target
sessions" and "maximum sessions" to 1. For further options on multiplexed
backups to DD VTL, see the NetWorker documentation.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Fibre Channel Configuration Guidelines

HBA and Port Guidelines Establishing Fibre Channel Zones

FC Switch

Initiator

VTL 1

VTL 2

VTL-Enabled PowerProtect DD Appliance

VTL Zone

HBA and Port Guidelines

Make all Fibre Channel connections to a PowerProtect DD

appliance through a Fibre Channel switch or by direct attachment
to an initiator.

To verify that the initiator FC HBA hardware and driver are

supported, see the DDOS Backup Compatibility Guide.

Upgrade initiator HBA to the latest supported version of firmware and software.

Dedicate the initiator Fibre Channel port to PowerProtect DD VTL devices.

Verify the speed of each FC port on the switch to confirm that the port is configured
for the required rate.

Consider spreading the backup load across multiple FC ports and switches to avoid
bottlenecks on a single port and provide increased resiliency.

The DD VTL service requires an installed FC interface card or VTL configured to

use NDMP over Ethernet.

If the VTL communication between a backup server and the PowerProtect DD

appliance is through an FC interface, the PowerProtect DD appliance must have an
FC interface card installed. Whenever an FC interface card is removed from (or
changed within) the appliance, any VTL configuration that is associated with that
card may need to be updated.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

If the VTL communication between the backup server and the PowerProtect DD
appliance is through NDMP, no FC interface card is required. However, you must
configure the tape server access group.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Establishing Fibre Channel Zones

FC Switch

Initiator

VTL 1

VTL 2

VTL-Enabled PowerProtect DD
Appliance

VTL Zone

When you establish fabric zones through FC switches, the best way to avoid
problems with VTL configurations is to include only one initiator and one target port
in one zone.

Avoid having any other targets or initiators in any zones that contain a gateway
target FC port.

Only initiators that communicate with a particular set of VTL target ports should be
zoned with that PowerProtect DD appliance.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Licensing, User Access, and VTL Limits

PowerProtect DD VTL is a licensed feature28.

Ensure to plan which users have access to the DD

VTL features and plan to give them the appropriate
Slots access to the system29.

The number of CPU cores and the amount of

memory on the system determine the number of
drives that are supported in a VTL.

Slot counts30 are typically based on the number of

Tape Drives tapes that are used over a retention policy cycle.

See the current DDOS Administration Guide, available from the Dell EMC Support
site, for details.

28Adding a DD VTL license through the DD System Manager automatically

disables and enables the DD VTL feature.

29An admin login is required to enable and configure VTL services, and perform
other configuration tasks. For basic tape operations a backup-operator login is
required. For basic monitoring a user login is required.

30DD VTL supports a maximum of 32,000 slots per library and 64,000 slots per DD
system. The system automatically adds slots to keep the number of slots equal to,
or greater than, the number of drives.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Number of Drives Supported by a DD VTL

Depending on the configuration of your particular PowerProtect DD appliance, the

overall number of drives that are assigned to a VTL may need adjustment.

Number of CPU RAM (in GB) NVRAM (in GB) Maximum

Cores number of
supported drives

Fewer than 32 4 or less N/A 64

More than 4, up N/A 128

to 38

More than 38, up N/A 256

to 128

More than 128 N/A 540

32–39 Up to 128 Less than 4 270

Up to 128 4 or more 540

More than 128 N/A 540

40–59 N/A N/A 540

60 or more N/A N/A 1080

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

VTL Access Groups

Access groups31 hold a collection of initiator WWPNs

(worldwide port names) or aliases and the drives, and
changers they are permitted to access.

Access group configuration enables initiators (in general

backup applications) to read and write data to devices in the
same access group.

A preconfigured VTL access group32 lets you add devices that support NDMP-
based backup applications.

Avoid making access group changes on a PowerProtect DD appliance during

active backup or restore jobs33.

31An access group may contain multiple initiators, but an initiator can exist in only
one access group.

32 The preconfigured VTL access group is named "TapeServer."

33A change may cause an active job to fail. The impact of changes during active
jobs depends on a combination of backup software and host configurations.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Tape Management

Choosing the optimal size of tapes depends on Unexpired

and active
multiple factors, including the specific backup data pointers

application being used and the characteristics of

the data being backed up. In general, it is better
to use a larger number of smaller capacity tapes Expired backups still claiming disk segments
until all of the files on the tape expire
than a smaller number of large capacity tapes to
control disk usage.

• When choosing a tape size34: All data segments identified as part of the VTL
tape are treated as a complete set of data. File

− Use larger tapes for large single system cleaning cannot run on a tape until all

datafiles35.
− Use smaller tapes for smaller datasets36.
• Target multiple drives to write multiple streams.
• Set retention periods to no more than are required.

34Larger capacity tapes pose a risk to system full conditions. It is more difficult to
expire and reclaim the space on data being held on a larger tape than on smaller
tapes. A larger tape can have more backups on it, making it potentially harder to
expire because it might contain a current backup.

35If the data you are backing up is large, you may want larger-sized tapes since
some backup applications are not able to span across multiple tapes.

36Using smaller tapes across many drives gives the system greater throughput by
using more data streams between the backup host and the PowerProtect DD
appliance.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

• Expire and relabel tapes37 to reclaim and reuse space38.

• Make initial tape count39 2x available space.
• Too many tapes can cause premature system full condition.
• The administrator must provide the starting barcode when creating tapes.
• Consider the backup application being used40.

37 All backups on a tape must be expired, by policy or manually, before the space in
the cartridge can be relabeled and made available for reuse. If backups with
different retention policies exist on a single piece of media, the youngest image
prevents file system cleaning and reuse of the tape. You can avoid this condition by
initially creating and using smaller tape cartridges.

38 Expired tapes are not deleted and the space that is used by that tape is not
reclaimed until it is relabeled, overwritten, or deleted. Consider a situation in which
30% of your data is being held on a 1TB tape. You could delete half of that data,
and still not be able to reclaim any of the space because the tape is still holding
unexpired data. Backing up smaller files to larger-sized tapes contributes to this
issue by taking longer to fill a cartridge with data. Using a larger number of smaller-
sized tapes can reduce the chances of a few young files preventing cleaning older
data on a larger tape.

39When deciding how many tapes to create for your VTL configuration, remember,
that creating more tapes than you need might cause the system to fill up
prematurely. Usually, backup software uses blank tapes before recycling tapes. It is
a good idea to start with a tape count less than twice the available space on the
PowerProtect DD appliance.

40For instance, Hewlett Packard Data Protector supports only LTO-1/200-GB

capacity tapes.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Barcode Definitions

When a tape is created, a logical, eight-character barcode is assigned that is a

unique identifier of a tape. The barcode must start with six numeric or uppercase
alphabetic characters (from the set {0-9, A-Z}).

A good practice is to use either two or three of the first characters as the identifier
of the group or pool in which the tapes belong. If you use two characters as the
identifier41, you can and then use four numbers in sequence to number up to
10,000 tapes. If you use three characters42, you can sequence only 1,000 tapes.

The barcode ends with a two-character tag for the supported tape types.

If you specify the tape capacity when you create a tape through
the PowerProtect DD System Manager, you override the two-
character tag capacity specification.

41 For example, AA0000.

42 For example, AAA000.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Tape Codes and Capacities for Supported Tape Types

Tape Type Default Capacity (unless noted) Tape Code

LTO-1 100 GiB L1

LTO-1 50 GiB LA43

LTO-1 30 GiB LB

LTO-1 10 GiB LC

LTO-2 200 GiB L2

LTO-3 400 GiB L3

LTO-4 800 GiB L4

LTO-5 1.5 TiB L5

LTO-7 6 TiB L7

43For Tivoli Storage Manager (TSM), use the L2 tape code if the LA code is
ignored.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

NDMP Support

PowerProtect DD system configured with

NAS runs NDMP Server configured with
NDMP tape server receives backup data
client software Ethernet NIC
and places it into virtual tapes
NAS

VTL 1

Backup data is sent over VTL 2

Ethernet using TCP/IP
VTL-Enabled
Clients Server PowerProtect DD
Appliance

Network Data Management Protocol (NDMP) is an open-standard protocol for

enterprise-wide backup of heterogeneous network-attached storage.

PowerProtect DD appliances support backups using NDMP over TCP/IP over

Ethernet as an alternate method of access when Fibre Channel (FC) connections
are not feasible.

Backup servers that are configured only with Ethernet can back up to a
PowerProtect DD VTL when used with an NDMP tape server44.

When a backup is initiated, the host tells the server to send its backup data45 to the
VTL tape server.

44 The backup host must be running NDMP client software to route the server data
to the related tape server on the PowerProtect DD appliance.

45 Data is sent over TCP/IP to the PowerProtect DD appliance where it is captured

to virtual tape and stored.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

IBM i Support

All peripheral equipment must emulate IBM

FC Switch
equipment, including IBM tape libraries and
devices, when presented to the operating
Workstati system.
on

A different PowerProtect DD VTL license

that supports IBM i use is required46.
VTL and I/OS-Enabled
IBM Power PowerProtect DD
System Appliance The hardware drivers these systems use
are embedded in the Licensed Internal
Code (LIC)47 and IBM i operating system.

IBM i virtual libraries are not managed any differently from other operating systems.

DD VTL supports one type of library configuration48 for IBM i use.

46 This license supports other VTL configurations as well, but the standard DD VTL
license does not directly support IBM i configurations. Add the i/OS license to the
PowerProtect DD appliance before creating a VTL to have the correct IBM i
configuration.

47 IBM uses LIC Program Temporary Fixes (PTFs) as the method of updating and
activating the drivers that are used. Usually, hardware configuration settings cannot
be manually configured, as only IBM, or equipment that emulates IBM equipment is
attached, requiring only fixed configuration settings.

48 The library configuration that is supported is an IBM TS3500 configured with IBM
LT0-3, LTO-4, or LTO-5 virtual tape drives. Virtual library management is done
from the Virtual Tape Libraries tab. From Virtual Tape Libraries > More Tasks >
Library > Create, you can set the number of virtual drives and the number of slots.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

VTL Planning

Fibre Channel devices can be connected directly to host (direct attach) through
arbitrated loop (FC-AL) topology or through a switched fabric (FC-SW) topology49.

See the Virtual Tape Library for IBM System i Integration Guide, available on the
Dell EMC Support page, for current configuration instructions when using VTL in an
IBM i environment.

49Direct Connect is not supported on Power5 hardware, Virtual I/O Server, and
5761/5704 IOAs. The Fibre Channel host bus adapters, or IOAs, can negotiate at
speeds of 2 Gbps to 16 Gbps in an FC-SW environment without any configuration
on the operating system. An IBM business partner installs Fibre Channel IOPs and
IOAs.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Creating a VTL

Provide
Slots quantity (1-
32,000

Provide
quantity (0-
Cartridge Access
100
Port (CAP)

Changer
Provide
model and
Identify model - Only quantity (64 -
one changer in VTL 1,080
Tape Drives

The VTL consists of four specific virtual objects50.

When you create the VTL, you can only have one changer, and you must identify
the model of the changer.

The number of slots51 your VTL contains must be provided.

50 They are the changer, slots, cartridge access ports (CAPs), and tape drives.

51 You can specify a quantity from 1 and 32,000.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

CAPs must be assigned52 to the VTL.

The quantity and model of the tape drives53 must be provided in the VTL.

Even though the VTL uses the tapes, they are not an integral part of the VTL54.

A VTL can be created using the DD System Manager (DDSM) or the command-line
interface (CLI).

52 The number of CAPs assigned to a VTL can range from 0 to 100.

53The number of tape drives can range from 64 to up to 1,080 depending on the
PowerProtect DD model used.

54 The same is true for tape pools.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Creating a VTL Using DDSM

Create a VTL by following these steps:

1. Go to Data Management > DD VTL, and then expand the Virtual Tape
Libraries menu.
2. Expand the VTL Service menu item.
3. Next, select the Libraries item. The contents of the More Tasks menu is
dependent upon the item that is selected in the menu, so the correct item must
be selected.
4. Select More Tasks > Library > Create. The Create Library dialog box is
displayed.
5. Enter the values appropriate for your application. If the VTL is properly planned,
you should know the values to enter.
6. To start the Create Library process, select OK.
7. Select OK after the library creation process completes.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Creating a VTL Using the CLI

With an admin or limited-admin role, you can create a VTL using the following
commands:
• vtl add vtl [model model] [slots num-slots] [caps num-caps]
- Add a tape library.
• vtl drive add vtl [count num-drives] [model model] - Add
drives to a VTL.
• vtl show config [vtl] - Show the library name and model and tape drive
model for a single VTL or all VTLs. This command is also available to users with
the security, user, backup-operator, and none roles, in addition to the admin
and limited-admin roles.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the commands listed on this page.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Enabling and Disabling DD VTL

Click to enable
the DD VTL
service.

If the DD VTL
service is enabled,
click to disable the
service.

DD VTL controls the operation of the Virtual Tape Library. It must be licensed and
enabled to use DD VTL.

DD VTL provides the environment for virtual devices to exist. You may think of it as
a virtual data center.

To enable DD VTL through the DD System Manager, follow these steps:

1. Go to the Protocols > DD VTL, and then expand the Virtual Tape Libraries
section.
2. Select the DD VTL Service item. The state of the VTL service, and VTL
licenses are displayed. The state of the service is not seen unless the VTL
Service item is selected.
3. Verify that the DD VTL license has been installed. If the license has not been
installed, select the Update License hyperlink and install the VTL license.
4. If the VTL is in an IBM environment, verify that an I/OS license has also been
installed. This license must be installed before any VTLs or tape drives are
created.
5. After all required licenses have been installed, select Enable to Enable DD
VTL. The status should show as Enabled: Running and the Enable button
changes to Disable. Select Disable to disable DD VTL.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

VTL can also be enabled and disabled using the command-line interface.

Enabling and Disabling DD VTL Using the CLI

With an admin or limited-admin role, you can enable and disable VTL using the
following commands:
• vtl enable - Enable the DD VTL subsystem. Before DD VTL can be enabled:

− You must have at least one Fibre Channel (FC) interface card that is
installed on your PowerProtect DD appliance. VTL communicates between a
backup server and a PowerProtect DD appliance through an FC interface.
− You must have previously enabled the file system and scsitarget features.
− You must have set the record (block) size for the backup software on the
application host; the minimum is 64 KiB or larger.
Changing the block size after the initial configuration may render unreadable
any data that was written in the original size.
• vtl disable - Close all libraries and shut down the DD VTL subsystem.
• vtl status - Show the status of DD VTL.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the commands listed here.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Managing a VTL

Manage VTLs and associated devices.

Manage access groups.

View resources configured through Hardware > Fibre Channel.

Manage tape pools.

To enable or disable PowerProtect DD VTL with the DD System Manager, Go to

the Protocols > DD VTL pane.

The DD VTL pane is subdivided into sections: DD Virtual Tape Libraries, Access
Groups, Resources, and Pools.
• The options under the DD Virtual Tape Libraries section enable you to
manage the VTLs and their associated devices.
• The options under the Access Groups section enable you to define the devices
that an individual initiator can access.
• The Resources section enables you to view the configuration of endpoints and
initiators. To configure these devices, you must go to the Hardware > Fibre
Channel menu.
• The Pools section displays information for the default pool and any other
existing pools.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Reviewing the VTL Configuration

Provides summary information relating to all VTLs.

Provides summary information relating to the selected VTL.

Provides summary information relating to the changer.

Provides summary information relating to the drives.

The DD System Manager enables you to review the configuration of the VTL and
its components. The Protocols > DD VTL page provides details about the VTL
contents.

Select the DD Virtual Tape Libraries > VTL Service > Libraries menu item to
view summary information relating to all VTLs.

Select the DD Virtual Tape Libraries > VTL Service > Libraries > {library-name}
menu item to view summary information about the selected VTL55.

55The number and disposition of tapes in the VTL is also shown. If no tapes are
associated with the VTL, there is nothing in the Tapes section.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Selecting the Changer item in a VTL provides detailed related information56.

Selecting the Drives item in a VTL provides detailed related information for all
drives57.

56 Including the vendor, product ID, revision number, and serial number of the
changer. These are all attributes that you would expect to find with a physical tape
drive.

57Including the drive number, vendor, product ID, revision number, serial number,
and status. If a tape is in the drive, the barcode is displayed along with the name of
the tape pool to which the tape belongs.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Managing VTL Access Groups

Creating VTL Access Reviewing VTL Access Deleting VTL Access

Groups Groups Groups

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Creating VTL Access Groups

Create a VTL access group in the DD System Manager, by following these steps:
1. Select Access Groups > Groups.
2. Select More Tasks > Group > Create.
3. In the Create Access Group dialog, enter a name, from 1 to 128 characters,
and select Next.
4. Add devices, and select Next.
5. Review the summary, and select Finish or Back, as appropriate.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Reviewing VTL Access Groups

Review the configuration of the Fibre Channel Access Groups

1. Select the Hardware > Fibre Channel > Access Groups tab.
2. The Access Groups tab contains summary information about any DD Boost
Access Groups and VTL access groups. The information includes the name of
the group, the type of service, the endpoint associated with the group, the
names of the initiators in the group, and the number of devices in the group.
Note the groups that contain initiators and devices.
3. The total number of groups that are configured on the system is shown at the
bottom of this section.
4. Select the View DD VTL Groups hyperlink to go to the DD System Manager
Protocol > DD VTL page where there is more information and configuration
tools.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Review the LUNs in an access group

1. You can select the View VTL Groups hyperlink on the Hardware > Fibre
Channel > Access Groups tab. You can also go to Protocols > DD VTL page
directly.
2. Select the Access Group menu item. To expand the list, click the plus sign (+)
and select an access group from the Access Groups list.
3. Select the LUNs tab.
4. Review a summary of the various LUNs in the selected access group.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Review the Initiators in an access group

1. You can select the View DD VTL Groups hyperlink on the Hardware > Fibre
Channel > Access Groups tab. Or you can go to Protocols > DD VTL page
directly.
2. Select the Access Group menu item. To expand the list, click the plus sign (+)
next to the Groups item.
3. Select an access group from the Groups list.
4. Select the Initiators tab.
5. Review a summary of any initiators in the selected access group.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Deleting VTL Access Groups

To delete a VTL Access Group, you must first ensure that the access group is
empty and contains no initiators or devices. Use the configure (modify) process to
delete these objects from an access group.
1. Select Protocols > VTL > Access Groups > Groups > group.
2. Select More Tasks > Group > Configure.
3. In the Modify Access Group dialog, enter or modify the Group Name.
4. To configure initiators to the access group, check the box next to the initiator.
You can add initiators to the group later.
5. Select Next.
6. Select a device, and select the edit (pencil) icon to display the Modify Devices
dialog. Then, follow steps a-e. If you simply want to
delete the device, select the delete (X) icon, and skip to step e.

a. Verify that the correct library is selected in the Library drop-down list, or
select another library.
b. In the Devices to Modify area, select the checkboxes of the devices
(Changer and drives) to be modified.
c. Optionally, modify the starting LUN (logical unit number) in the LUN Start
Address box.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

This is the LUN that the PowerProtect DD appliance returns to the initiator.
Each device is uniquely identified by the library and the device name. (For
example, it is possible to have drive 1 in Library 1 and drive 1 in Library 2).
Therefore, a LUN is associated with a device, which is identified by its library
and device name.
The initiators in the access group interact with the LUN devices that are
added to the group.
The maximum LUN accepted when creating an access group is 16,383.
A LUN can be used only once for an individual group. The same LUN can be
used with multiple groups.
Some initiators (clients) have specific rules for target LUN numbering; for
example, requiring LUN 0 or requiring contiguous LUNs. If these rules are
not followed, an initiator may not be able to access some or all of the LUNs
assigned to a DD VTL target port.
Check your initiator documentation for special rules, and if necessary, alter
the device LUNs on the DD VTL target port to follow the rules. For example,
if an initiator requires LUN 0 to be assigned on the DD VTL target port,
check the LUNs for devices assigned to ports, and if there is no device
assigned to LUN 0, change the LUN of a device so it is assigned to LUN 0.
d. In the Primary and Secondary Ports area, change the option that determines
the ports from which the selected device is seen. The following conditions
apply for designated ports:
i. all – The checked device is seen from all ports.
ii. none – The checked device is not seen from any port.
iii. select – The checked device is seen from selected ports. Select the
checkboxes of the ports from which it will be seen.
If only primary ports are selected, the checked device is visible only from
primary ports.
If only secondary ports are selected, the checked device is visible only
from secondary ports. Secondary ports can be used ifprimary ports
become unavailable.
The switchover to a secondary port is not an automatic operation. You must
manually switch the DD VTL device to the secondary ports if the primary
ports become unavailable.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

The port list is a list of physical port numbers. A port number denotes the
PCI slot, and a letter denotes the port on a PCI card. Examples are 1a, 1b,
or 2a, 2b.
A drive appears with the same LUN on all ports that you have configured.
e. Select OK.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Managing Tapes and Tape Pools

The PowerProtect DD system provides the tools that you would expect to manage
tapes. They include the ability to create and delete tapes. The VTL service also
provides the ability to import and export tapes from and to the vault. If needed, you
can move tapes within the VTL between the slots, drives, and CAPs. You can
search for specific tapes using various criteria, such as location, pool, or barcode to
search for a tape.

Tape Management
• Create
• Delete
• Import
• Export
Tapes
• Move
• Search
• Review

Tape Pools Tape Pool Management

• Create
• Delete
• Rename

When you create a tape pool, either an MTree is

created under /data/col1 or a directory is
created under /data/col1/backup.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Create Tapes

To create tapes, follow this process using the DD System Manager:

1. Go to Data Management > DD VTL, and expand the Virtual Tape Libraries
menu and select the VTL to hold the tapes. The tapes are directly added to the
VTL when the VTL is selected first.
2. Now, select More Tasks > Tapes > Create to open the Create Tapes dialog
box.
3. Provide the information about the tapes you are creating. This information was
determined during your implementation planning. You may select the Default
tape pool or a pool that you have created to hold the tapes.
4. Select OK when you are ready to create the tapes.
5. Select OK when the tape creation process is complete. You can now verify if
the tapes have been successfully created.

You can also create tapes using the command-line interface (CLI).

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Creating Tapes Using the CLI

With an admin or limited-admin role, you can create tapes using the following
command:
• vtl tape add barcode [capacity capacity] [count count]
[pool <pool>] - Add one or more virtual tapes and insert them into the vault.
Optionally, add the tapes to the specified pool.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters for the vtl tape add command.

Delete Tapes

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

You can delete tapes from either a library or a pool. If initiated from a library, the
system first exports the tapes, then deletes them. The tapes must be in the vault,
not in a library. On a Replication destination system, deleting a tape is not
permitted.

1. Select Virtual Tape Libraries > DD VTL Service > Libraries > library or
Vault.
2. Select More Tasks > Tapes > Delete.
3. In the Delete Tapes dialog, enter search information about the tapes to delete,
and select Search.
4. Select the checkbox of the tape that should be deleted or the checkbox on the
heading column to delete all tapes, and select Next.
5. Select Submit in the confirmation window, and select Close.

After a tape is removed, the disk space that is used for the tape is
not reclaimed until after a file system cleaning operation.

You can also delete tapes using the command line interface.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Delete Tapes Using the CLI

You can also delete tapes using the following command:

• vtl tape del barcode [count count] [pool pool] - Delete the
specified tape or one or more tapes. Note: You cannot delete tapes that are in a
VTL.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the vtl tape del command.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Import Tapes

When tapes are created, they can be added directly to a VTL or to the vault. From
the vault, tapes can be imported, exported, moved, searched, and removed.
Importing moves existing tapes from the vault to a library slot, drive, or CAP. The
number empty slots in the library limit the number of tapes you can import at one
time.

To import tapes, follow this process using the DD System Manager:

1. Select Data Management > DD VTL > DD VTL Service > Libraries.
2. Select a library and view the list of tapes, or click More Tasks.
3. Select Tapes > Import.
4. Enter the search criteria about the tapes you want to import and click Search.
5. Select the tapes to import from the search results.
6. Choose the target location for the tapes.
7. Select Next to begin the import.

Tapes can also be imported using the command-line interface (CLI).

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Import Tapes Using the CLI

With an admin or limited-admin role, you can import tapes using the following
command:
• vtl import vtl barcode barcode [count count] [pool pool]
[element {drive | cap | slot}] [address addr] - This command is
used to move tapes from the vault into a slot, drive, or CAP.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the vtl import command.

Export Tapes

Exporting a tape removes that tape from a slot, drive, or cartridge-access port
(CAP) and sends it to the vault.

1. You can export tapes using either step a. or step b.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

a. Select Virtual Tape Libraries > DD VTL Service > Libraries > library.
Then, select More Tasks > Tapes > Export. In the Export Tapes dialog,
enter search information about the tapes to export, and select Search.
b. Select Virtual Tape Libraries > VTL Service > Libraries > library >
Changer > Drives > drive > Tapes. Select tapes to export by selecting
the checkbox next to:
• An individual tape, or
• The Barcode column to select all tapes on the current page, or
• The Select all pages checkbox to select all tapes returned by the search
query.
Only tapes with a library name in the Location column can be exported.
Select Next.
2. Select Submit.
3. Select Close in the status window.

You can also export tapes using the command line interface.

Export Tapes Using the CLI

With an admin or limited-admin role, you can also export tapes using the following
command:
• vtl export vtl {slot | drive | cap} address [count count] -
Remove tapes from a slot, drive, or cartridge-access port (CAP) and send them
to the vault.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the vtl export command.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Move Tapes Between Devices

Tapes can be moved between physical devices within a library to mimic backup
software procedures for physical tape libraries (which move a tape in a library from
a slot to a drive, a slot to a CAP, a CAP to a drive, and the reverse). In a physical
tape library, backup software never moves a tape outside the library.

1. Select Virtual Tape Libraries > DD VTL Service > Libraries > library.
When started from a library, the Tapes panel allows tapes to be moved only
between devices.
2. Select More Tasks > Tapes > Move.
3. In the Move Tape dialog, enter search information about the tapes to move,
and select Search.
4. From the search results list, select the tape or tapes to move.
5. Do one of the following:
a. Select the device from the Device list (for example, a slot, drive, or CAP),
and enter a beginning address using sequential numbers for the second and
subsequent tapes. For each tape to be moved, if the specified address is
occupied, the next available address is used.
b. Leave the address blank if the tape in a drive originally came from a slot and
is to be returned to that slot; or if the tape is to be moved to the next
available slot.
6. Select Next.
7. In the Move Tape dialog, verify the summary information and the tape listing,
and select Submit.
8. Select Close in the status window.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Search for Tapes

1. Select DD Virtual Tape Libraries or Pools.

2. Select the area to search (library, vault, pool).
3. Select More Tasks > Tapes > Search.
4. In the Search Tapes dialog, enter information about the tapes you want to find.
• Location58
• Pool59

58 Specify a location, or leave the default (All).

59Select the name of the pool in which to search for the tape. If no pools have been
created, use the Default pool.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

• Barcode60
• Count61
5. Select Search.

60 Specify a unique barcode, or leave the default '*' to return a group of tapes.
Barcode allows the wildcards '?' and '*', where '?' matches any single character and
'*' matches zero or more characters.

61 Enter the maximum number of tapes you want to be returned to you. If you leave
this blank, the barcode default '*' is used.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Review Tapes

Provides detailed information about the

tapes.

Select the Tape menu item associated with the VTL to review the tapes that are
assigned to it. The tapes are in a slot, drive, or CAP.

You can also review tapes using the command line interface.

Review Tapes Using the CLI

You can also review tapes using the following command:

• vtl tape show - Display information about tapes, including modification,
creation, retention, or recalled times.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the vtl tape show command.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Create a Tape Pool

To create a tape pool using the DD System Manager, follow this process.
1. Go to Data Management > DD VTL, and expand the Pools menu on the left
side of the screen.
2. Select the Pools menu item from the list.
3. Now, select More Tasks > Pool > Create to open the Create Pool dialog box.
4. Provide a name for the Pool. Use a name that identifies the type of data that is
on the tape. For example, you could name the pool EngBkupPool to signify that
it contains tapes relevant to engineering backups.
5. Click the backwards compatibility check box to create the older-style tape
pool under /data/col1/backup. If you do not check this box, the system
creates a newer style tape pool that uses the MTree structure.
6. Select OK when you are ready to create the tape pool.

Tape pools can also be imported using the command-line interface (CLI).

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Create Tape Pools Using the CLI

With an admin or limited-admin role, you can create tape pools using the following
command:
• vtl pool add pool - Create a VTL pool.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the vtl pool add command.

Delete Tape Pools

1. Select Pools > Pools > pool.

2. Select More Tasks > Pool > Delete.
3. In the Delete Pools dialog, select the checkbox of items to delete:
• The name of each pool, or

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

• Pool Names, to delete all pools.

4. Select Submit in the confirmation dialogs.
5. When the Delete Pool Status dialog shows Completed, select Close. The pool
is removed from the Pools subtree.

Tape pools can also be deleted using the command-line interface (CLI).

Delete Tape Pools Using the CLI

You can also delete tape pools using the following command:
• vtl pool del pool - Delete a VTL pool. You must run vtl tape del to
remove all tapes from a pool, or use vtl tape move to move all tapes to
another pool.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the vtl pool del command.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Rename Tape Pools

A pool can be renamed only if none of its tapes are in a library.

1. Select Pools > Pools > pool.

2. Select More Tasks > Pool > Rename.
3. In the Rename Pool dialog, enter the new Pool Name, with the caveat that this
name:
a. Cannot be "all," "vault," or "summary."
b. Cannot have a space or period at its beginning or end.
c. Is case-sensitive.
4. Select OK to display the Rename Pool status dialog.
5. After the Rename Pool status dialog shows Completed, select OK. The pool is
renamed in the Pools subtree in both the Pools and the Virtual Tape Libraries
areas.

Tape pools can also be renamed using the command-line interface (CLI).

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

Rename Tape Pools Using the CLI

You can also rename tape pools using the following command:
• vtl pool rename src-pool dst-pool - Rename a VTL pool. A pool can
be renamed only if none of its tapes is in a library.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
support site, for specific parameters for the vtl pool rename command.

Tape Pools and MTrees

A tape pool is an MTree by default.

When you create a tape pool, either an MTree is created under /data/col1 or a
directory is created under /data/col1/backup.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

You can examine the list of MTrees on the system to view the MTrees associated
with VTL.

When you enable VTL, the Default MTree-based tape pool is created.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

NDMP

PowerProtect DD system configured with

NAS runs NDMP Server configured with
NDMP tape server receives backup data
client software Ethernet NIC
NAS and places it into virtual tapes

VTL 1

Backup data is sent over VTL 2

Ethernet using TCP/IP
VTL-Enabled
Clients Server PowerProtect DD
Appliance

PowerProtect DD appliances support Network Data Management Protocol (NDMP)

to access the VTL.
• NDMP enables VTL access through Ethernet.62
• NDMP does not require or use Fibre Channel.63
• The NDMP service is enabled separately from the VTL service.
• The NDMP service must be configured and managed through the command-
line interface.

62 Without NDMP, VTL access is only through Fibre Channel.

63 NDMP on a PowerProtect DD appliance does not require a Fibre Channel HBA.

If a Fibre Channel HBA is installed, NDMP does not use it.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

• NDMP-enabled software must be installed on the client system for access to the
VTL.
• NDMP clients must log in to the PowerProtect DD appliance using a standard
DDOS user account64 or an NDMP user account65.
• To make DD VTL devices accessible to the NDMP clients, the devices must be
members of the TapeServer access group.

− Only devices in the TapeServer access group are available through NDMP.
− Devices in the TapeServer access group cannot be in other VTL access
groups.
− Initiators cannot be added to the TapeServer access group.
For more information about NDMP, see http://ndmp.org.

NDMP Configuration and Management

• Enable the NDMP daemon using the ndmpd enable command.

• Verify that NDMP daemon sees devices in the TapeServer access group
using the ndmp show devicenames command.
• Add and verify an NDMP user for the ndmpd service using the ndmpd user
add ndmp and ndmpd user show commands.
• Check the options for the ndmpd daemon using the ndmpd option show
all command.

64If a standard DDOS user account is employed, the password is sent over the
network as plain text.

65The NDMP feature on the appliance enables you to add a user for NDMP
access. Password encryption can be added to the NDMP user for added security.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

Configuring VTL

• Set the ndmpd service authentication to MD5 using the ndmpd option set
authentication md5 command.
• Verify that the service authentication was correctly set using the ndmpd
option show all command.

See the Dell EMC DDOS Command Reference Guide, available on the Dell EMC
Support site, for specific parameters for the commands listed on this page.

PowerProtect DD Virtual Tape Library Implementation and Administration-Participant Guide

CLOUD TIER
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

Cloud Tier Implementation and Administration ..................................................................... 1

Dell EMC Cloud Tier Overview .................................................................................. 2

Configuring Cloud Tier ............................................................................................ 16

Data Movement ........................................................................................................ 27

Appendix ................................................................................................. 33

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Backup Data
Cloud storage in the public, private,
Cloud Tier Architecture
or hybrid cloud for long-term data
retention.

Active Tier Cloud Tier Benefits

Cloud Tier
Cloud Tier
Cloud Unit 1
Considerations
Cloud Unit 2

Only unique data is sent to the

cloud.

1Sending only deduplicated data ensures that the data being sent to the cloud
occupies as little space as possible.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Model Sizing

Here the supported physical memory and storage requirements for each
PowerProtect DD model.

Model Memory Cloud Number Supported Number Capacity

(GB) Capacity of SAS Disk Shelf of ES40 for
(TB) I/O Types for Shelves Metadata
Modules Metadata or DS60 Storage
Storage Disk
Packs
Required

DD3300 16 8 N/A N/A N/A 1 x 1 TB

(4 TB virtual disks
Capacity) = 1 TB

DD3300 48 16
(8 TB
Capacity)

DD3300 48 32
(16 TB
Capacity)

DD3300 64 64
(32 TB
Capacity)

DD6900 288 576 2 DS60 or 2 30 x 4 TB

ES40 HDDs =
120 TB

DD9400 576 1536 2 DS60 or 4 60 x 4 TB

ES40 HDDs =
240 TB

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

DD9900 1152 2016 2 DS60 or 5 75 x 4 TB

ES40 HDDs =
300 TB

DDVE* 32 32 N/A N/A N/A 1 x 500 GB

(16 TB virtual disk
Capacity) = 500 GB2

DDVE* 60 128
(64 TB
Capacity)

DDVE* 80 192
(96 TB
Capacity)
* Dell EMC Cloud Tier is supported on DDVE for on-premises implementations only.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Cloud Tier Components and Platform Support

Backup Data Single namespace

Supported cloud storage (Long-term

retention)

Active Tier

Data Movement
Policy Cloud Tier

Cloud Unit 1

Requires extra storage for metadata Cloud Unit 2

Cloud Tier is supported on physical PowerProtect DD systems with expanded

memory configurations. Cloud Tier can be used with DDVE 3.0 or later in 16 TB, 64
TB, and 96-TB storage options.

Extra metadata storage is required to support the cloud tier. The amount of
required metadata storage is based on the PowerProtect DD model.

Cloud Tier is supported in PowerProtect DD High Availability (DD HA)

configurations. Both nodes must be running DDOS 6.0 or higher with DD HA
enabled.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Cloud Tier Capacity Options

Active Tier

Data Movement
Policy Cloud Tier

Cloud Unit 1

Cloud Unit 2

3You can scale the cloud tier to maximum capacity without scaling the active tier
any larger.

4 Each cloud unit can write to a separate supported cloud provider.

5The number of metadata shelves you need depends on the cloud unit physical
capacity.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Cloud Tier Protocol Support

The NFS, CIFS, and DD Boost protocols are supported for data movement to and
from the cloud tier.

PowerProtect DD VTL Tape Out to Cloud is supported with DDOS version 6.1 and
later. DD VTL Tape Out to Cloud supports storing the VTL vault on Cloud Tier
storage.

There is no support for vDisk pools as used with Dell EMC ProtectPoint.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Deduplication and Cleaning

PowerProtect DD Appliance

Deduplication is not allowed

Active Tier across tiers.

Cloud Tier
Cloud units each have their own
deduplication pools.

Cloud Unit 1

The cloud tier uses the same Cloud Unit 2

compression algorithm as the active tier.

6 There is no deduplication across tiers: active tier and cloud tier.

7On most PowerProtect DD appliances, the default compression algorithm is

gzfast. For legacy Data Domain systems and the PowerProtect DD3300, the lz
compression algorithm is used by default.

8 Cleaning of the active tier and the cloud tier cannot take place simultaneously.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

• On-demand cleaning is invoked from the user interface10 on a specific cloud

unit.
• Cloud tier cleaning does not do partial copy forward11 to avoid unnecessary
reads from the cloud.
• Most of the work of cleaning happens locally12 using local cloud metadata
information.

9 The schedule specifies to run cloud tier cleaning after every Nth run of active tier
cleaning. By default, cloud tier cleaning runs after every 4th scheduled active tier
cleaning.

10 On-demand cleaning can be run from either the DD System Manager or CLI.

11 When all segments within a region are dead, the entire object is deleted.

12 The cloud storage is accessed to delete objects in the cloud with no live data and
to perform some copy forward of container metadata-related activities.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Retention Lock and Encryption

DD Retention Lock is supported by Dell EMC Cloud Tier.

Secure HTTP (HTTPS) is used for the transfer of data between a PowerProtect
DD appliance and the cloud.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Encryption can be enabled13 at three levels:

• The PowerProtect DD appliance
• The active tier14
• The cloud tier

A license for encryption is required.

Encryption of data at rest is enabled by default15 on data in the cloud.

Active tier encryption is not required to enable encryption on the cloud tier.

Cloud units have separate controls for enabling encryption.

Using an external key manager is not supported.

13You are prompted for the security officer username and password to enable
encryption.

14Encryption of the active tier is only applicable if encryption is enabled for the
system.

15 Users can disable encryption.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Replication

You can enable Dell EMC Cloud Tier on one or both systems in a replication pair.

Using Cloud Tier with

different replication types:
Active Tier

• MTree replication and

16Directory replication works only on the /backup directory which cannot be

configured for cloud data movement.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Once data is in the cloud,

the encryption status
cannot be changed17.

The use of an embedded

key manager is supported.

17
Before sending any data to the cloud the decision to encrypt data or not must be
made.

Cloud Tier Implementation and Administration

Dell EMC Cloud Tier Overview

Cloud Tier Migration

Active Tier Active Tier

Cloud Tier Cloud Tier

Cloud Unit 1 Cloud Unit 1

Cloud Unit 2 Cloud Unit 2

Cloud Tier migration consists of the following steps:

Several prerequisites must be met before starting the migration procedure.

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Configure Storage

Expand Cloud Tier and click

Configure.

Select the device you want

to add from the Addable
Storage list.

With Dell EMC Cloud Tier storage, the PowerProtect DD appliance holds the
metadata for the files residing in the cloud18.

To configure storage for the cloud tier:

18 A copy of the metadata resides in the cloud for disaster recovery.

Cloud Tier Implementation and Administration

Configuring Cloud Tier

6. Select an assessment option to determine if the devices meet performance

recommendations.
a. Using only DD Boost for backup
b. Using CIFS or NFS for backup
c. Skip Assessment
7. Click Done.

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Enable the Cloud Tier

When the file system is disabled, click

Enable Cloud Tier.

Disable the file system before enabling

Cloud Tier

The cloud tier requires a local store for a local copy of the cloud metadata. To
configure Cloud Tier, you must meet the storage requirement for the licensed
capacity.

To enable the cloud tier on a PowerProtect DD appliance:

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Viewing Active and Cloud Tier Statistics

In Data Management > File System, the main panel displays statistics for the
active and cloud tiers.

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Cloud Unit Status Details

To provide more information to the user, the DD System Manager displays the
reasons why the cloud storage is in error state.

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Cloud Tier Unit Preconfiguration

Before configuring a cloud unit on a PowerProtect DD appliance, perform the

following actions:

1. Configure your firewall19.

2. Download the appropriate certificates for your cloud provider.
3. Convert the downloaded certificate to .pem format20.
4. Add the certificate using the DD System Manager or CLI.

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Create Cloud Units

Google Cloud Storage Microsoft Azure

Cloud Tier Implementation and Administration

Configuring Cloud Tier

S3 Authentication with Signature Version 4

Overview

All interactions with cloud providers are authenticated with a signature protocol.

Support for S3 flexible cloud providers that support S3 authentication with signature
V4 is now part of DDOS.

The customer benefits are:

• Support for a more secure authentication protocol.

• Continuing the support for signature V2 along with addition of support for
signature V4.
• Automatically detect the signature version supported by the S3 flexible cloud
providers.

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Command Line Interface Changes

A new field S3 Signature Version is added to display the cloud profile version.

In the output of cloud profile show, DDOS displays two possible values: s3v2
or s3v4.

Once set, the signature version of the cloud profile cannot be modified.

Cloud Tier Implementation and Administration

Configuring Cloud Tier

Configuring Cloud Tier Demonstration

Movie:

Configuring Cloud Tier

Cloud Tier Implementation and Administration

Data Movement

Cloud Tier Implementation and Administration

Data Movement

Data Movement Policies and Schedules

There are three types of

data movement policies.
1. Age-based threshold21
2. Age-range threshold22
3. App-driven policy23
Data Movement Schedule

Data movement can be

initiated manually or set
up automatically using a
schedule.

21Used for all files older than a set number of days. For example, all files older than
90 days.

22All files older than X days, but younger than Y days. For example, all files older
than 30 days but younger than 365 days.

23 Set by applications using REST APIs.

Cloud Tier Implementation and Administration

Data Movement

Efficient File Recall

Agent

Recall is the act of bringing data from the cloud to the active tier. Restore is the act
of recovering data from the active tier and making it available to the client.

Data can be recalled from the cloud tier using the DD System Manager (DDSM) or
the CLI.

Cloud Tier Implementation and Administration

Data Movement

Tape Out to Cloud

Tape Out to cloud storage offers the ability to store offsite and retrieve tapes for
long-term retention (LTR) use cases.

Requirements Backup and End-to-End Policies Configuring Tape Recall

Restore Workflow Tape Out to from the
Workflow for Cloud Cloud
Long-Term
Retention

Cloud Tier Implementation and Administration

Data Movement

Cloud Tier Data Movement Demonstration

Movie:

Cloud Tier Data Movement

Cloud Tier Implementation and Administration

Appendix

Cloud Tier Implementation and Administration

Appendix

Architecture

Policy Data CC: Cloud Connector

MTree movement

Metadata
Data
Active Unit Cloud Unit

Active CP Cloud CP
(metadata)
Index, container metadata,
directory manager

Conceptually, cloud storage is treated as a storage tier attached to a PowerProtect

Data is sent to the cloud in compressed regions within a container as a unique

object. The local metadata container stores the metadata that describes each
compressed data region that is sent to the cloud.

The cloud architecture isolates tier-related issues.

Cloud Tier Implementation and Administration

Appendix

When data is moved from the

Cloud Tier Implementation and Administration

Appendix

Cloud Tier Implementation and Administration

Appendix

Prerequisites

Cloud Tier Implementation and Administration

Appendix

Restricted Mode
While the PowerProtect DD appliance is in restricted mode, the active tier storage
is available for backup operations, but I/O on the cloud tier storage is not permitted.

Cloud Tier Implementation and Administration

Appendix

Cloud Provider Certificates

24For AWS and Azure cloud providers, download the Baltimore CyberTrust root
certificate.

Cloud Tier Implementation and Administration

Appendix

Cloud Tier Implementation and Administration

Appendix

Creating Cloud Units for Alibaba Cloud

Configuration

The Alibaba Cloud user credentials must have permissions to create and delete
buckets and to add, modify, and delete files within the buckets they create.

AliyunOSSFullAccess is preferred, but the minimum requirements are:

• ListBuckets
• GetBucket
• PutBucket
• DeleteBucket
• GetObject
• PutObject
• DeleteObject

Cloud Tier Implementation and Administration

Appendix

Procedure

To create a cloud unit for Alibaba Cloud:

Cloud Tier Implementation and Administration

Appendix

5. Enter the provider Access key as password text.

Cloud Tier Implementation and Administration

Appendix

Creating Cloud Units for Amazon Web Services S3

Configuration

For enhanced security, the Cloud Tier feature uses Signature Version 4 for all AWS
requests. Signature Version 4 signing is enabled by default.

The AWS user credentials must have permissions to create and delete buckets and
to add, modify, and delete files within the buckets they create.

S3FullAccess is preferred, but the minimum requirements are:

• CreateBucket
• ListBucket
• DeleteBucket
• ListAllMyBuckets
• GetObject
• PutObject
• DeleteObject

Cloud Tier Implementation and Administration

Appendix

Procedure

To create a cloud unit for Amazon Web Services S3:

Cloud Tier Implementation and Administration

Appendix

5. Select the Storage class from the drop-down list.

Cloud Tier Implementation and Administration

Appendix

Creating a Cloud Unit for Flexible Cloud Tier Provider

Framework for S3

Configuration

The Cloud Tier feature supports qualified S3 cloud providers under an S3 Flexible
provider configuration option.

The S3 Flexible provider option supports the standard and standard-infrequent-

access storage classes. The endpoints vary depending on cloud provider, storage
class, and region. Be sure that DNS can resolve these hostnames before
configuring cloud units.

Cloud Tier Implementation and Administration

Appendix

Procedure

To create a cloud unit for a qualified S3 cloud provider:

Cloud Tier Implementation and Administration

Appendix

5. Enter the provider Access key as password text.

Cloud Tier Implementation and Administration

Appendix

Creating Cloud Units for Google Cloud Storage

Configuration

The Google Cloud Provider user credentials must have permissions to create and
delete buckets and to add, modify, and delete files within the buckets they create.

The minimum requirements are:

• ListBucket
• PutBucket
• GetBucket
• DeleteBucket
• GetObject
• PutObject
• DeleteObject

Cloud Tier Implementation and Administration

Appendix

Procedure

To create a cloud unit for Google Cloud Storage:

Cloud Tier Implementation and Administration

Appendix

5. Enter the provider Access key as password text.

Cloud Tier Implementation and Administration

Appendix

Creating Cloud Unit for Microsoft Azure

Configuration

The Azure cloud provider uses the endpoint account

name.blob.core.windows.net. The account name is obtained from the Azure
cloud provider console. Be sure that DNS can resolve these hostnames before
configuring cloud units.

Cloud Tier Implementation and Administration

Appendix

Procedure

To create a cloud unit for Microsoft Azure Storage:

Cloud Tier Implementation and Administration

Appendix

5. For Account type, select Government or Public.

Cloud Tier Implementation and Administration

Appendix

Data Movement Schedule

Frequency can be set to

Can be manual or Daily, Weekly, Monthly, or
scheduled Never

Data movement can be initiated manually or set up automatically using a schedule.

The schedule can be viewed at Data Management > File System > Summary.

The data movement schedule is set at Data Management > File System > Cloud
Units > Settings > Data Movement.

Cloud Tier Implementation and Administration

Appendix

Recall Data from the Cloud

Cloud Tier Implementation and Administration

Appendix

Recall Data Using DDSM

Select Data Management > File System > Summary. In the Cloud Tier section of
the Space Usage panel, click Recall, or expand the File System status panel at
the bottom of the screen. Click Recall.

The Recall link is available only if a cloud unit is created and has
data. The Recall File from Cloud dialog is displayed.

In the Recall File from Cloud dialog, enter the exact file name (no wildcards) and
full path of the file, for example: /data/col1/mt11/ file1.txt. Click Recall to
start the recall process.

Once the file has been recalled to the active tier, you can restore the data.

Cloud Tier Implementation and Administration

Appendix

Recall Data Using the CLI

Check the Location of the File

Use the filesys report generate file-location [path {<path-

name> | all}] [output-file <filename>] command to check the location
of the file to recall.

The path-name can be a file or directory; if it is a directory, all files in the directory
are listed.

Recall the File

Recall the file using the data-movement recall path <path-name>

command.

This command is asynchronous, and it starts the recall.

Monitor the Status of the Recall

Monitor the status of the recall using the data-movement status [path
{pathname | all | [queued] [running] [completed] [failed]} |
to-tier cloud | all}] command.

If the status shows that the recall is not running for a given path, the recall may
have finished, or it may have failed.

Verify the Location of the File

Verify the location of the file using the filesys report generate file-
location [path {<path-name> | all}] [output-file <filename>]
command.

Once the file has been recalled to the active tier, you can restore the data.

Cloud Tier Implementation and Administration

Appendix

Both DD VTL and Cloud Tier Capacity licenses are required to use the DD VTL
Tape Out to Cloud feature.

Cloud Tier Implementation and Administration

Appendix

Backup and Restore Workflow for Long-Term Retention

Cloud Tier Implementation and Administration

Appendix

You can manage a DD VTL using the DD System Manager (DDSM) or the
command-line interface (CLI).

Cloud Tier Implementation and Administration

Appendix

End-to-End Workflow

The DD file system uses NFS v3 APIs to access the DD VTL tape pool and send
the virtual tapes in the vault to the cloud tier.

Cloud Tier Implementation and Administration

Appendix

Tape Out to Cloud Policies

There are two types of policies that Tape Out to Cloud is built upon.

Only tapes in the vault are eligible to move to the cloud.

The cloud data movement schedule defines how frequently vaulted tapes are
moved to the cloud. The cloud data movement schedule can be set to never, to any
number of days/weeks, or run manually.

You can find specific commands that are used to set the tape selection policy, and
cloud data movement schedule in the DDOS Command Reference Guide on the
Dell EMC Support site.

Cloud Tier Implementation and Administration

Appendix

Configuring Tape Out to Cloud

Prepare the VTL Pool for Data Movement

1. Select Protocols > DD VTL.

Remove Tapes from the Backup Application Inventory

Use the backup application verify the tape volumes that will move to the cloud are
marked and inventoried according to the backup application requirements.

Select Tape Volumes for Data Movement

Manually select tapes for migration to the cloud tier (immediately or at the next
scheduled data migration), or manually remove tapes from the migration schedule.

1. Select Protocols > DD VTL.

2. Expand the list of pools, and select the pool which is configured to migrate
tapes to the cloud tier.
3. In the pool pane, click the Tape tab.

Cloud Tier Implementation and Administration

Appendix

4. Select tapes for migration to the cloud tier.

Cloud Tier Implementation and Administration

Appendix

Tape Recall from the Cloud

After the next scheduled data migration, the tapes are recalled from the cloud unit
to the vault. From the vault, the tapes can be returned to a library.

Cloud Tier Implementation and Administration

POWERPROTECT DD
DATA SECURITY
IMPLEMENTATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Table of Contents

PowerProtect DD Data Security Implementation .................................................................. 1

Retention Lock ........................................................................................................... 2

DD Retention Lock Overview ............................................................................................... 3
Security Officer Role and Security Privilege ......................................................................... 5
DD Retention Lock Activity Flow .......................................................................................... 7
File Locking Protocol............................................................................................................ 8
Retention Lock Governance Edition ................................................................................... 10
DD Retention Lock Compliance Edition ............................................................................. 11

Data Sanitization ...................................................................................................... 13

Data Sanitization Overview and Procedure ........................................................................ 14

DD Encryption .......................................................................................................... 16
Encryption at Rest.............................................................................................................. 17
Key Management ............................................................................................................... 19
Inline Encryption ................................................................................................................ 20
Authorization Workflow ...................................................................................................... 22
Configuring Encryption ....................................................................................................... 23
File System Locking ........................................................................................................... 25

File System Destroy ................................................................................................. 27

File System Destroy Option Removal from DD System Manager ....................................... 28

Appendix ................................................................................................. 29

PowerProtect DD Data Security Implementation

Retention Lock

PowerProtect DD Data Security Implementation

Retention Lock

PowerProtect DD Data Security Implementation

Retention Lock

DD Retention Lock Overview

DD Retention Lock is a licensed software feature for the

DDOS. DD Retention Lock enables storage
administrators and compliance officers to meet data
retention requirements1 for archive data stored2 on a
PowerProtect DD system.

When the retention period expires, files can be deleted,

but cannot be modified.3

There are two separately licensed DD Retention Lock

editions: DD Retention Lock Governance4 and DD
Retention Lock Compliance5. Each have their own set of features and capabilities.

1For files committed to be retained, DD Retention Lock works with the retention
policy set by the application to prevent locked files from being modified, or deleted
during the retention period. The retention period can be set for up to 70 years.

2 DD Retention Lock protects against data management accidents, user errors, and
any malicious activity that might compromise the integrity of the retained data. The
retention period of a retention-locked file can be extended, but not reduced.

3 Files that are written to a PowerProtect DD system, but not committed to be

retained, can be modified or deleted at any time.

4 DD Retention Lock Governance edition maintains the integrity of the archive data.

The DD Retention Lock Governance Edition does not require a security officer and
provides a higher degree of flexibility for archive data retention.

5DD Retention Lock Compliance edition is designed to meet strict regulatory

compliance standards such of those of the United States Securities and Exchange

PowerProtect DD Data Security Implementation

Retention Lock

Each edition requires a separate, add-on license6.

Commission.

When DD Retention Lock Compliance is deployed, it requires extra authorization

by a Security Officer for system functions. The extra authorization is to safeguard
against any actions that could compromise data integrity.

6 Both DD Retention Lock Governance and Compliance editions can be used on a

single system.

PowerProtect DD Data Security Implementation

Retention Lock

Security Officer Role and Security Privilege

A user assigned the security privilege is called a security officer. The security
officer can establish or modify runtime authorization policy. To do this, the security
officer applies authorization CLI commands.

Updating or extending retention periods and renaming MTrees, requires the use of
the runtime authorization policy7.

Runtime authorization requires dual authorization8.

7 Runtime authorization policy is also used to manage encryption commands.

When enabled, runtime authorization policy is invoked on the system for the length
of time the security officer is logged in to the current session.

8 Runtime authorization policy requires the security officer to provide credentials, as

part of a dual authorization with an administrator, to set up and modify retention
lock compliance features and data encryption features.

PowerProtect DD Data Security Implementation

Retention Lock

The security officer is the only user that is permitted to change the
security officer password. Contact Dell Technologies Support if the
password is lost or forgotten.

PowerProtect DD Data Security Implementation

Retention Lock

DD Retention Lock Activity Flow

The general flow of activities with DD Retention Lock is as follows:

1. Enable DD Retention Lock Governance, Compliance, or both on the
PowerProtect DD system. You must have a valid license for each of the editions
you plan to enable.
2. Use the DD System Manger or CLI to enable the MTrees for DD Retention Lock
Governance or Compliance.
3. Commit the files to be retention locked on the PowerProtect DD system using
client-side commands. Use an appropriately configured archiving or backup
application, either manually, or by using scripts.
4. Optionally, extend file retention times or delete files with expired retention
periods using client-side commands.

PowerProtect DD Data Security Implementation

Retention Lock

File Locking Protocol

If atime ≤ current time + 12 hours, then:

• The file is not locked.

• The system generates no error message.

If atime < minimum retention period -AND-

atime > current time + 12 hours -OR-
atime > maximum retention period, then:
• The file is not locked.

• The system generates an error message

If atime ≥ minimum retention period -AND-

atime ≤ maximum retention period, then:

• The file is locked.

• The system generates no error message.

Minimum retention period Maximum retention period

PowerProtect DD Data Security Implementation

Retention Lock

To perform retention locking on a file, change the last access time9 (atime) of the
file to the desired retention time10 of the file, that is, the time when the file can be
deleted.

The future atime you specify must respect the minimum and maximum retention
periods of the file’s MTree, as offsets from the current time, as shown in the
diagram.

You cannot modify locked files on the PowerProtect DD system even after the
retention period for the file expires. You can copy files to another system and then
modify them. Data that you archive and retain on the PowerProtect DD system
after the retention period expires remains on the system. You can delete the
remaining files using an archiving application, or remove them manually.

For example, Symantec Enterprise Vault retains records for a user-specified

amount of time. When Enterprise Vault retention is in effect, the system cannon
modify or delete documents on the PowerProtect DD system. When the set time
expires, you can set Enterprise Vault to automatically dispose of those records.

9The archiving application must set the atime value, and DD Retention Lock must
enforce it, to avoid any modification or deletion of locked files.

10This action is usually performed using the archive application, and all the archive
applications that are qualified on the protection system today, per the DD Security
Configuration Guide. Follow the basic locking protocol outlined here.

PowerProtect DD Data Security Implementation

Retention Lock

Retention Lock Governance Edition

You can configure DD Retention Lock Governance using the DD System Manager
(DDSM) or by using CLI commands. DDSM provides the capability to modify the
minimum and maximum retention period for selected MTrees.

Only files within DD Retention Lock enabled MTrees can be retention-locked.

MTrees enabled for DD Retention Lock Compliance cannot be converted to DD

Retention Lock Governance MTrees and vice versa.

To configure retention lock using the DDSM, navigate to Data Management >
MTree, then:
1. Select the MTree you want to edit with DD Retention Lock.
2. Click the Summary tab, and scroll to the Retention Lock area
3. Click Edit.
4. Enable retention lock in the Modify DD Retention Lock dialog box.
5. Enter the retention period, or select Default. You can also place an indefinite
retention hold on the selected MTree from the selected MTree. Indefinite
retention hold can be set as long as Retention Lock is enabled.
6. Click OK.

PowerProtect DD Data Security Implementation

Retention Lock

DD Retention Lock Compliance Edition

The DD Retention Lock Compliance edition meets the strict

requirements of regulatory standards for electronic records, such
as SEC 17a-4(f)and other standards that are practiced worldwide.

DD Retention Lock Compliance Edition ensures that all files that

are locked by an archiving application, for a time-based retention
period, cannot be deleted or overwritten until the retention period expires. Data is
archived using multiple hardening procedures11 by requiring dual sign-on for certain
administrative actions.12

11 Hardening procedures include:

• Securing the system clock from illegal updates.

• Requiring dual sign-on for certain administrative actions.

• Disabling various avenues of access where locked data or the state of retention
attributes might be compormised.

12 Some of the actions requiring dual sign-on include:

• Extending the retention periods for an MTree.

• Renaming the MTree.

• Deleting the Retention Lock Compliance license from the PowerProtect DD

system.

• Securing the system clock from illegal updates.

PowerProtect DD Data Security Implementation

Retention Lock

DD Retention Lock Compliance implements an internal security clock

to prevent malicious tampering with the system clock. The security
clock closely monitors and records the system clock. If there is an
accumulated two-week skew within a year between the security clock
and the system clock, the DD File System (DDFS) is disabled. The
file system can only be resumed by a security officer.

You configure and enable the system to use DD Retention Lock Compliance
software, and then enable DD Retention Lock Compliance on one or more MTrees.

PowerProtect DD Data Security Implementation

Data Sanitization

PowerProtect DD Data Security Implementation

Data Sanitization

Data Sanitization Overview and Procedure

Data sanitization, or data shredding, is a process of

destroying classified or sensitive data that is written
to a system not approved to store such data.
Deleted files are overwritten using an algorithm that
is compliant to United States Department of
Defence (DoD) and the National Institute of
Standards and Technology (NIST) requirements.
No complex setup or system process disruption is
required. Existing data is available during the
sanitization process, with limited disruption to daily operations.

Sanitization is for organizations, typically government organizations, that:

• Are required to delete data that is no longer needed.

• Must remove and destroy Classified Message Incidents (CMI)13.

Normal file deletion leaves behind residual data that makes it possible to recover
the data. Sanitization removes any trace of deleted files with no residual remains.

Data sanitization is accessible only through the system sanitize command.

System sanitization14 requires security officer authorization, and cannot be run if a

security policy is not configured on the system. The system sanitize command
requires dual-party authentication for protection from accidental execution.

13 CMI is a government term that describes an event where data of a certain

classification is inadvertently copied into another system that is not certified for data
of that classification.

PowerProtect DD Data Security Implementation

Data Sanitization

The system sanitize command erases content in the following locations:

• Segments of deleted files unused by other files
• Contaminated metadata
• All unused storage space in the file system

There are five main phases to the system sanitize procedure.

Note: Sanitization is not supported when used with SSD cache tier.
Use the storage remove and storage add commands to
remove the logical to physical mapping. This action ensures that
physical pages do not return previously written data. However, the
previously written data may still be on SSD.

Note: Sanitization is not supported on a Cloud Tier enabled system.

When the system sanitize start command is run on a Cloud
Tier enabled system, an incorrect status message is displayed
saying that sanitization has started. The message should indicate
that the command failed.

14For more information, refer to the KB article, 545871, available from Dell
Technologies Support.

PowerProtect DD Data Security Implementation

DD Encryption

PowerProtect DD Data Security Implementation

DD Encryption

Encryption at Rest

Encryption at rest protects backup and archive data

that is stored on systems with data encryption.
Encryption is performed inline before the data is
written to disk. The Encryption at Rest feature
satisfies internal governance rules, compliance
regulations, and protects against the reading of
customer data on individual disks or disk shelves
that are removed from the system due to theft.

Encryption at Rest features.15

Additional points to consider.16

15• Can encrypt data on the PowerProtect DD appliance and is saved and locked
before moving the appliance to another location.

• Provides inline data encryption

• Protects data on a PowerProtect DD system from unauthorized access or

accidental exposure.

• Encrypts all newly ingested data.

16 • Encryption of Data at Rest requires an Encryption software license.

• Encrypts only newly ingested data

. Data that was in the system before encryption was enabled can be encrypted by
enabling an option to encrypt existing data.

PowerProtect DD Data Security Implementation

DD Encryption

DD Encryption supports all of the currently supported backup applications

described in the backup compatibility guides available online through Dell
Technologies support.

PowerProtect DD Data Security Implementation

DD Encryption

Key Management

A key manager controls the generation, distribution, and life cycle

management of multiple encryption keys. 17

A protection system can use either the Embedded Key Manager,

or an external key manager.

When encryption is enabled on a PowerProtect DD system, the

Embedded Key Manager is in effect by default.

Key Rotation Details18

17 There are three available key management options:

• The Embedded Key Manager
• Data Security Manager (DSM) 6.3 from Thales/Vormetric
• KeySecure 8.5 and 8.9 from Safenet Inc/Gemalto Keysecure,

Only one key management option can be in effect at a time.

18When using Embedded Key Manager, key rotation can be enabled or disabled. if
enabled, type a rotation interval between 1 and 12 months. External key managers
rotate keys on a normal basis, depending on the key class.

PowerProtect DD Data Security Implementation

DD Encryption

Inline Encryption

With the encryption software option licensed and enabled, all incoming data is
encrypted inline before it is written to disk. This software-based approach requires
no additional hardware. It includes software encryption19. It also includes
confidentiality20 or message authenticity.21 You can also use both confidentiality
and message authenticity.

19Encryption uses a configurable 128-bit or 256-bit advanced encryption standard

(AES) algorithm.

20 Using a cipher-block chaining (CBC) mode.

21 Using the Galois/Counter (GCM) mode.

PowerProtect DD Data Security Implementation

DD Encryption

Encryption and decryption to and from the disk is transparent to all access
protocols.22

For the Data Security Manager (DSM), the system admin can select a 128-bit or
256-bit Advanced Encryption Standard (AES)23 algorithm for encrypting all data
within the system.

22DD Boost, NFS, CIFS, NDMP tape server, and VTL (no administrative action is
required for decryption)

23 SafeNet KeySecure Key Manager only supports AES-256.

PowerProtect DD Data Security Implementation

DD Encryption

Authorization Workflow

Procedures requiring authorization require dual-authentication24

by the security officer and a user in the admin role. A user in the
administrator role interacts with the security officer to perform a
command that requires security officer sign-off.

These are the normal steps to authorize an dual-authentication

action, such as enabling encryption on the PowerProtect DD system:

1. The security officer25 logs in through command line interface (CLI) and issues
the runtime authorization policy, authorization policy set security-
officer enabled.
2. The administrator role issues the command to enable encryption using the DD
System Manager (DDSM).
3. The DDSM prompts the security officer for their credentials26.
4. With system-accepted security credentials27, encryption is enabled.

24For example, when you want to set encryption, the admin enables the feature
and the security officer enables runtime authorization.

25To enable the authorization policy, a security officer must log in and enable the
authorization policy.

26The security officer must enter their credentials on the same console at which the
command option was run.

27If the security credentials are not accepted, a security alert is generated, and the
authorization log records the details of each transaction.

PowerProtect DD Data Security Implementation

DD Encryption

Configuring Encryption

The DD Encryption tab within the File System section of the DD System Manager
(DDSM) shows the status of system encryption of data at rest.

The status indicates Enabled, Disabled, or Not configured.

PowerProtect DD Data Security Implementation

DD Encryption

To configure DD Encryption:
1. Click Configure
You are prompted for a passphrase28.
2. Enter a passphrase, and then click Next
3. Choose the encryption algorithm29, and then click Next.
4. Select whether you obtain the encryption key from the PowerProtect DD system
or an external RSA Data Protection Manager.
5. Click Finish.

You must restart the system for the new configuration to start.
You can change the DD Encryption passphrase from the Administration >
Access window in DDSM.
You can disable encryption from the same window in the DDSM.

28The system generates an encryption key and uses the passphrase to encrypt the
key. One key is used to encrypt all data that is written to the system.

When encryption is enabled, administrators use the passphrase only when locking
or unlocking the file system, or when disabling encryption.

29You may select a configurable 128-bit or 256-bit Advanced Encryption Standard

(AES) algorithm - with confidentiality and cipher block chaining (CBC) mode.

Or you may select confidentiality and message authenticity with Galois/Counter

(GCM) mode.

You can optionally apply encryption to data that existed on the system before
encryption was enabled.

PowerProtect DD Data Security Implementation

DD Encryption

File System Locking

Use this procedure when you are transporting a DD Encryption-enabled

PowerProtect DD system and its external storage devices. You can also use this
procedure to lock a disk you are replacing.

Without the encryption that file system locking provides30, a thief with forensic tools
could recover the data—especially if local compression is turned off.

1. Select Data Management > File System > DD Encryption.

In the File System Lock section, the Status shows whether the file system is
Locked or Unlocked.
2. Review the DD Encryption status. Make sure DD Encryption is enabled.
3. Disable the file system. Select Data Management > File System > Summary
and click Disable in the File System status area at the bottom of the page.
4. Return to Data Management > File System > DD Encryption and click Lock
in the File System Lock section. The Lock File System Window appears.

30 File system locking requires two-user authentication – a sysadmin and a security

officer – to confirm the lock-down action. A passphrase protects the encryption key,
which is stored on disk and is encrypted by the passphrase. With the system
locked, this passphrase cannot be retrieved

PowerProtect DD Data Security Implementation

DD Encryption

When you are ready, you can unlock the file system using a similar procedure.

Unless you can reenter the correct passphrase, you cannot unlock
the file system and access the data. The data will be irretrievably
lost.

PowerProtect DD Data Security Implementation

File System Destroy

PowerProtect DD Data Security Implementation

File System Destroy

File System Destroy Option Removal from DD System

Manager

The file system destroy option is removed from the DD System Manager (DDSM) in
DDOS as a security enhancement.

The user must log in from the CLI to perform any file system destroy operation.

File System Destroy option is removed from the DDSM

File System Destroy option is present in older DDOS versions of the DDSM

PowerProtect DD Data Security Implementation

Appendix

PowerProtect DD Data Security Implementation

Appendix

DD Retention Lock Capabilities

The capabilities that are built into DD Retention Lock are based on governance and
compliance archive data requirements.

The following table describes the capabilities of both DD Retention Lock editions:

Capability Retention Lock Retention Lock

Governance Compliance

File level retention policies Yes Yes

Update or extend retention Yes Yes, with Security Officer

periods authorization

Rename MTree Yes Yes, with Security Officer

authorization

Retention modes supported Collection, Directory, Collection, MTree

MTree

Secure Clock No Yes

Audit Logging No Yes

CLI Support Yes Yes

System Manager Yes No - Compliance must be

configuration configured using the CLI.

Supported Protocols CIFS, NFS, VTL, DD CIFS, NFS, DD Boost

Boost

PowerProtect DD Data Security Implementation

Appendix

Manage Authorization Runtime Policy Using CLI Commands

Security officers can establish or modify runtime authorization policy using the
command line interface (CLI). Command options enable security-based functions
such as managing filesystem encryption and enabling or disabling authorization
policy. For complete information about the authorization command, see the
Dell EMC DD OS Command Reference Guide.
• authorization policy set security-officer {enabled |
disabled} - Enables or disables runtime authorization policy. Disabling
authorization policy is not allowed on Retention Lock Compliance systems. Role
required: security.
• authorization policy reset security-officer - Resets runtime
authorization policy to defaults. Resetting authorization policy is not allowed on
Retention Lock Compliance systems. Role required: security
• authorization policy set security-officer enabled - Shows the
current authorization policy configuration. Role required: security.
• authorization show history [last n { hours | days | weeks
}] - View or audit past authorizations according to the interval specified. Role
required: security.

PowerProtect DD Data Security Implementation

Appendix

Manage Retention Lock Governance Edition Using CLI

Commands

You can also manage Retention Lock using the command line interface (CLI). The
mtree retention-lock command contains all the options to enable and disable
Retention Lock on PowerProtect DD systems. Among other functions, the mtree
retention-lock command can also place an indefinite hold on MTrees. For
complete information about the mtree retention-lock command, see the Data
Domain Operating System Command Reference Guide.
• mtree retention-lock enable mode {compliance | governance}
mtree mtree-path - Enables Retention Lock and edition for the specified
MTree. Enabling Retention Lock Compliance requires security officer
authorization. Role required: admin, limited-admin.
• mtree retention-lock disable mtree mtree-path - Disables
Retention Lock for the specified MTree. This command option is allowed on
Retention Lock Governance MTrees only. It is not allowed on Retention Lock
Compliance MTrees. See the DDOS Administration Guide for details on
Retention Lock Compliance and Governance. Role required: admin, limited-
admin.
• mtree retention-lock set {min-retention-period | max-
retention-period | automaticretention-period | automatic-
lock-delay} period mtree mtree-path - Sets the minimum or
maximum retention period for the specified MTree. This command option
requires security officer authorization if Retention Lock Compliance is enabled
on the MTree. Role required: admin, limited-admin.

PowerProtect DD Data Security Implementation

Appendix

• mtree retention-lock show {min-retention-period | max-

retention-period | automaticretention-period | automatic-
lock-delay} mtree mtree-path - Shows the minimum or maximum
retention period, the automatic retention period, or the automatic lock delay time
for the specified MTree. Role required: admin, limited-admin, user, backup-
operator, security, none.
• mtree retention-lock indefinite-retention-hold enable mtree
mtree-path - Enables Indefinite Retention Hold (IRH) for the specified MTree.
This command option is allowed on Retention Lock-enabled MTrees only
(Governance or Compliance). It is not allowed on the /data/col1/backup MTree.
When IRH is enabled, all locked and expired files are protected until the hold is
disabled, and revert operations on locked files for Retention lock Governance
MTrees are not allowed. Retention Lock cannot be disabled for the MTree when
IRH is enabled. See the DDOS Administration Guide for details on Retention
Lock Compliance and Governance. Role required: admin, limited-admin.
• mtree retention-lock indefinite-retention-hold disable
mtree mtree-path - Disables Indefinite Retention Hold (IRH) for the
specified MTree. This command option is allowed on IRH-enabled MTrees only.
It is not allowed on the /data/col1/backup MTree. Deletion of expired files
is allowed immediately after disabling IRH on an MTree. Role required: admin,
limited-admin.

PowerProtect DD Data Security Implementation

Appendix

DD Retention Lock Compliance Edition Setup and

Configuration
For mAdd a DD Retention Lock Compliance license to a system, set up a system
administrator and one or more security officers, configure and enable the system to
use DD Retention Lock Compliance software, and then enable DD Retention Lock
Compliance on one or more MTrees.

1. Check for the presence of the DD Retention Lock Compliance license on the
system using the elicense show command.
If it is not present, install the license using the elicense update
command providing the license-file.
2. Set up one or more security officer users accounts according to Role-Base
Access Control (RBAC) rules. As system administrator, add a security officer
account: user add user role security.
3. Enable the security officer authorization authorization policy set
security-officer enabled
4. Configure the system to use DD Retention Lock Compliance. system
retention-lock compliance configure
The system automatically reboots.
5. After the restart process completes, create iDRAC users. user idrac
create
6. Enable DD Retention Lock Compliance on the system. system retention-
lock compliance enable
7. Enable compliance on and MTree that will contain retention-locked files. mtree
retention-lock enable mode compliance mtree mtree-path

Note: Compliance cannot be enabled on /backup or pool MTrees.

8. You can configure the automatic retention period and automatic lock delay
using the following commands:

PowerProtect DD Data Security Implementation

Appendix

mtree retention-lock set automatic-retention-period period

mtree mtree-path
mtree retention-lock set automatic-lock-delay time mtree
mtree-path
For more details, see the DDOS Command Reference Guide 7.3 on the Dell
Technologies support site.

PowerProtect DD Data Security Implementation

Appendix

System Sanitization Procedure

When you issue the system sanitize start
command, you are prompted to consider the length
of time that is required to perform this task. The
system advises that it can take longer than the time
it takes to reclaim space holding expired data on
the system. If there is a high percentage of space
to be sanitized the process can be several hours or
longer.

During sanitization, the system runs through five phases: merge, analysis,
enumeration, copy and zero.

Merge: Performs an index merge to flush all index data to disk.

Analysis: Reviews all data to be sanitized.

Enumeration: Reviews all the files in the logical space and remembers what data
is active.

Copy: Copies live data forward and clears the space that it used to occupy.

Zero: Writes zeroes to the disks in the system.

You can view the progress of these five phases by running the system sanitize
watch command.

Related CLI commands:

• system sanitize abort: Aborts the sanitization process.
• system sanitize start: Starts sanitization process immediately.
• system sanitize status: Shows current sanitization status.
• system sanitize watch: Monitors sanitization progress.

PowerProtect DD Data Security Implementation

Appendix

Changing Encryption Passphrase

You can change the encryption passphrase without having to manipulate the
encryption keys. Changing the passphrase indirectly changes the encryption of the
keys, but does not affect user data or the encryption key.

Changing the passphrase requires two-user authentication to protect against data

shredding.

1. Select Administration > Access > Administrator Access.

2. Click Change Passphrase.
The Change Passphrase dialog appears. You must disable the file system to
change the passphrase. If the file system is still running at this point, you must
disable the file system to proceed.
3. In the related fields, enter the security officer username and password, the
current passphrase, and the new passphrase.
4. Click the checkbox, Enable file system now.
5. Click OK.

PowerProtect DD Data Security Implementation

Appendix

Disabling Encryption

To disable DD Encryption you must have security authorization set and a security
officer login and password.

Follow these steps:

1. In the same DD Encryption tab, click Disable.

The Disable Encryption dialog box appears.
2. Enter the user name and password of a security officer.
3. Select one of the following:

• Select Apply to existing data and click OK. Existing data decrypts during
the first cleaning cycle after the file system restarts.
• Select Restart the file system now and click OK. DD Encryption is disabled
after the file system restarts.

PowerProtect DD Data Security Implementation

Appendix

Locking the File System

1. In the text fields of the Lock File System dialog box, provide:
• The username and password of a security officer account.
• The current passphrase.
• The new passphrase.
2. Click OK.
The system re-encrypts the encryption keys with the new passphrase. It also
destroys the cached copy of the current passphrase in-memory and on-disk.
3. Shut down the system using the system poweroff command in a terminal
window connected to the PowerProtect DD appliance.

PowerProtect DD Data Security Implementation

Appendix

Unlocking the File System

This procedure prepares a locked file system for use.

1. Select Data Management > File System > Encryption and click Unlock File
System.
2. In the text fields, type the passphrase that was used to lock the file system.
3. Click OK.
4. Click Close to exit.

If the passphrase is incorrect, the file system does not start and the system
reports the error. Type the correct passphrase, as directed in the previous step.

PowerProtect DD Data Security Implementation

Powerprotect DD Concepts and Features: Participant Guide
No ratings yet
Powerprotect DD Concepts and Features: Participant Guide
106 pages
PowerProtect DD Concepts and Features - Participant Guide
No ratings yet
PowerProtect DD Concepts and Features - Participant Guide
106 pages
Dell PowerProtect DD Concepts and Features - Participant Guide
No ratings yet
Dell PowerProtect DD Concepts and Features - Participant Guide
76 pages
PowerProtect Concepts Downloadable Content NEW PDF
No ratings yet
PowerProtect Concepts Downloadable Content NEW PDF
24 pages
Dell PowerProtect Data Domain Hardware Installation - Participant Guide
No ratings yet
Dell PowerProtect Data Domain Hardware Installation - Participant Guide
110 pages
PowerProtect Data Manager Concepts - Participant Guide
No ratings yet
PowerProtect Data Manager Concepts - Participant Guide
67 pages
Powerprotect DD Basic Administration: Participant Guide
No ratings yet
Powerprotect DD Basic Administration: Participant Guide
85 pages
Dell PowerProtect DP Series Appliance Concepts Participant Guide
No ratings yet
Dell PowerProtect DP Series Appliance Concepts Participant Guide
45 pages
Dellemc Powerprotect DD Ds
No ratings yet
Dellemc Powerprotect DD Ds
4 pages
Student Guide DP Series Appliance Admin
No ratings yet
Student Guide DP Series Appliance Admin
652 pages
h19639 Powerprotect DD Commvault Configuration WP
No ratings yet
h19639 Powerprotect DD Commvault Configuration WP
50 pages
Powerprotectdd 6400 WP
No ratings yet
Powerprotectdd 6400 WP
9 pages
Powerprotect DD Implementation With Application Software: Participant Guide
No ratings yet
Powerprotect DD Implementation With Application Software: Participant Guide
65 pages
Powerprotect DD Zero Trust
No ratings yet
Powerprotect DD Zero Trust
8 pages
DES-DD33 SA PowerProtectDD Specialist Exam
No ratings yet
DES-DD33 SA PowerProtectDD Specialist Exam
5 pages
Dell Powerprotect DP Series Appliance: Simple, Efficient and Agile Data Protection - Guaranteed. Simple
No ratings yet
Dell Powerprotect DP Series Appliance: Simple, Efficient and Agile Data Protection - Guaranteed. Simple
2 pages
D PDD DY 23 Deploy - PowerProtect - DD - Exam
No ratings yet
D PDD DY 23 Deploy - PowerProtect - DD - Exam
4 pages
Powerprotect DD Hardware Installation: Participant Guide
No ratings yet
Powerprotect DD Hardware Installation: Participant Guide
78 pages
DD 7-7-1-0 Release Notes
No ratings yet
DD 7-7-1-0 Release Notes
30 pages
PowerProtect DD Basic Administration v7.11
No ratings yet
PowerProtect DD Basic Administration v7.11
790 pages
DD Boost Implementation and Administration: Participant Guide
No ratings yet
DD Boost Implementation and Administration: Participant Guide
51 pages
PowerProtect DD Monthly Support Highlights Oct 2021
No ratings yet
PowerProtect DD Monthly Support Highlights Oct 2021
8 pages
Dell Powerprotect DD Virtual Edition Implementation: Participant Guide
No ratings yet
Dell Powerprotect DD Virtual Edition Implementation: Participant Guide
96 pages
System Overview: Command Reference Guide For A Complete Description of Commands
No ratings yet
System Overview: Command Reference Guide For A Complete Description of Commands
1 page
DD Boost Implementation and Administration - Participant Guide
No ratings yet
DD Boost Implementation and Administration - Participant Guide
50 pages
PowerFlex+4 0+Administration-Downloadable+Content
No ratings yet
PowerFlex+4 0+Administration-Downloadable+Content
132 pages
D PDD Dy 23
No ratings yet
D PDD Dy 23
5 pages
h18883 Dell Emc Powerprotect Data Manager Dynamic Nas Protection WP
No ratings yet
h18883 Dell Emc Powerprotect Data Manager Dynamic Nas Protection WP
32 pages
Dd6900 Dsa Gii Configuration
No ratings yet
Dd6900 Dsa Gii Configuration
78 pages
Cyber-Recovery 19.248416 48416 Setup-Guide40
No ratings yet
Cyber-Recovery 19.248416 48416 Setup-Guide40
32 pages
Dell PowerProtect DD Operating System 8.3 Differences - Participant Guide
No ratings yet
Dell PowerProtect DD Operating System 8.3 Differences - Participant Guide
17 pages
D PDD Dy 23 Demo
No ratings yet
D PDD Dy 23 Demo
5 pages
Emc D PCR Dy 01
No ratings yet
Emc D PCR Dy 01
8 pages
D PDD DY 23 Demo
No ratings yet
D PDD DY 23 Demo
5 pages
FY16Q3 398 Dell PowerVault RD1000 SpecSheet 100115
No ratings yet
FY16Q3 398 Dell PowerVault RD1000 SpecSheet 100115
3 pages
Which Powerprotect Appliance Is Right For You
No ratings yet
Which Powerprotect Appliance Is Right For You
13 pages
Docu106301 - DDOS DDMC DDVE 7.7.0.0 Release Notes (REV 01)
No ratings yet
Docu106301 - DDOS DDMC DDVE 7.7.0.0 Release Notes (REV 01)
30 pages
Free Dell Emc Dell Powerprotect DD Deploy 2023 Exam Questions by Golden
No ratings yet
Free Dell Emc Dell Powerprotect DD Deploy 2023 Exam Questions by Golden
10 pages
Powerprotect Data Manager Dynamic Nas Protection
No ratings yet
Powerprotect Data Manager Dynamic Nas Protection
46 pages
PowerProtect Data Manager Appliance - PowerProtect DM5500 5.18.0.0-Install The DM5500 in The Rack
No ratings yet
PowerProtect Data Manager Appliance - PowerProtect DM5500 5.18.0.0-Install The DM5500 in The Rack
71 pages
h04492 Dell Powerprotect Data Domain DD6410
No ratings yet
h04492 Dell Powerprotect Data Domain DD6410
16 pages
PowerProtect Data Manager 19.3 Deployment Guide 01
No ratings yet
PowerProtect Data Manager 19.3 Deployment Guide 01
32 pages
PPD M 1911 Admin Guide
No ratings yet
PPD M 1911 Admin Guide
163 pages
Ppdm1915 Admin
No ratings yet
Ppdm1915 Admin
191 pages
Powerprotect DD and Data Domain Hardware Installation: Participant Guide
100% (1)
Powerprotect DD and Data Domain Hardware Installation: Participant Guide
58 pages
PowerProtect DD - Data Domain Field Component Replacement-DD6400
No ratings yet
PowerProtect DD - Data Domain Field Component Replacement-DD6400
175 pages
Powerprotect Cyber Recovery Reference Architecture WP
No ratings yet
Powerprotect Cyber Recovery Reference Architecture WP
29 pages
Powerprotect DP Series Appliance Administration: Course Description
No ratings yet
Powerprotect DP Series Appliance Administration: Course Description
3 pages
PowerProtect Data Manager Oracle Integration - Participant Guide
No ratings yet
PowerProtect Data Manager Oracle Integration - Participant Guide
79 pages
Docu103947 - DDOS DDMC DDVE 7.6.0.5 Release Notes (REV 02)
No ratings yet
Docu103947 - DDOS DDMC DDVE 7.6.0.5 Release Notes (REV 02)
40 pages
EMC.D PDD DY 23.v2025 01 25.q75
0% (1)
EMC.D PDD DY 23.v2025 01 25.q75
20 pages
Cyber Recovery Simple Support Matrix
No ratings yet
Cyber Recovery Simple Support Matrix
13 pages
DDMC 7.5 Install Admin Guide 01
No ratings yet
DDMC 7.5 Install Admin Guide 01
125 pages
Dell PowerProtect Data Manager
0% (1)
Dell PowerProtect Data Manager
9 pages
PowerProtect Data Manager Troubleshooting - Participant Guide
No ratings yet
PowerProtect Data Manager Troubleshooting - Participant Guide
45 pages
Dell PowerProtect Data Manager VM Integration-Participant Guide
No ratings yet
Dell PowerProtect Data Manager VM Integration-Participant Guide
126 pages
PowerProtect DM5500 5.15.0.0
No ratings yet
PowerProtect DM5500 5.15.0.0
65 pages
CommVault Competitive Assessment Template - New
No ratings yet
CommVault Competitive Assessment Template - New
10 pages
Data Protection Mastery Course
No ratings yet
Data Protection Mastery Course
4 pages
Understanding Library Catalogues and Classification
No ratings yet
Understanding Library Catalogues and Classification
8 pages
Matrix of Curriculum Standards (Competencies), With Corresponding Recommended Flexible Learning Delivery Mode and Materials Per Grading Period
No ratings yet
Matrix of Curriculum Standards (Competencies), With Corresponding Recommended Flexible Learning Delivery Mode and Materials Per Grading Period
3 pages
User-Manual NJoy UserManual UPS ISIS For View
No ratings yet
User-Manual NJoy UserManual UPS ISIS For View
27 pages
Strategic Product Development Goals
No ratings yet
Strategic Product Development Goals
12 pages
CBSE Solved Paper 2021 Term 1 Information Technology 10
No ratings yet
CBSE Solved Paper 2021 Term 1 Information Technology 10
3 pages
Atc Handbook - Iata
0% (1)
Atc Handbook - Iata
50 pages
Natural Sciences Education - 2018 - Cope - Developing and Evaluating An ESRI Story Map As An Educational Tool
No ratings yet
Natural Sciences Education - 2018 - Cope - Developing and Evaluating An ESRI Story Map As An Educational Tool
9 pages
Year 12 Mathematics Exam
No ratings yet
Year 12 Mathematics Exam
28 pages
Computer Report 1
No ratings yet
Computer Report 1
6 pages
Nature Events Impact on Business
No ratings yet
Nature Events Impact on Business
1 page
HT 33kv Incomer CT
No ratings yet
HT 33kv Incomer CT
3 pages
Hindustan Times 27-11-2025
No ratings yet
Hindustan Times 27-11-2025
28 pages
HSC Dimension EN DS E PDF
No ratings yet
HSC Dimension EN DS E PDF
4 pages
Cec364 Syllabus
No ratings yet
Cec364 Syllabus
1 page
Igbt & Sic Gate Driver Fundamentals: Enabling The World To Do More With Less Power
No ratings yet
Igbt & Sic Gate Driver Fundamentals: Enabling The World To Do More With Less Power
35 pages
附件 MP三杆阀
No ratings yet
附件 MP三杆阀
5 pages
How To Create An As - Net Addin
No ratings yet
How To Create An As - Net Addin
3 pages
AEM Mailer
No ratings yet
AEM Mailer
2 pages
Equity 2023-2024
No ratings yet
Equity 2023-2024
2 pages
Photointerrupter Specs for Engineers
No ratings yet
Photointerrupter Specs for Engineers
6 pages
80043-712-05 - Panelboard Information Manual
No ratings yet
80043-712-05 - Panelboard Information Manual
31 pages
Scania DI09, DI13, DI16 Marine Engines - CAN Interface PDF
100% (4)
Scania DI09, DI13, DI16 Marine Engines - CAN Interface PDF
81 pages
Senior Java Developer Resume Profile
No ratings yet
Senior Java Developer Resume Profile
9 pages
Neelam Choudhary: Profile
No ratings yet
Neelam Choudhary: Profile
3 pages
DS 2009-2016
No ratings yet
DS 2009-2016
59 pages
4100 ES Manual
No ratings yet
4100 ES Manual
76 pages
Sistem Manajemen Basis Data
No ratings yet
Sistem Manajemen Basis Data
5 pages
Riger Wifi Router DB108-WL User Manual
100% (6)
Riger Wifi Router DB108-WL User Manual
20 pages
Data Management Systems: Database Architectures and The Web Transparencies
No ratings yet
Data Management Systems: Database Architectures and The Web Transparencies
27 pages
Coating Procedure - Sop 06 Painting Control
No ratings yet
Coating Procedure - Sop 06 Painting Control
1 page