Dd Guide Emc

8/11/2019 Dd Guide Emc

1/288

Backup Recovery Systems DivisionEMC Data Domain2421 Mission College BoulevardSanta Clara, CA 95054

866-WE-DEDUPE408-980-4800www.datadomain.com

EMC Data Domain System Administration

Course

April 2011

MR 1CN DDSAADMIN 50G1


2/288

EMC believes the information in this publication is accurate as of its publication date. The information is subject tochange without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NOREPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, ANDSPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Using, copying, and distributing EMC software described in this publication requires an applicable software license.EMC2, EMC, Data Domain, Global Compression , SISL, the EMC logo, and where information lives are registeredtrademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used

herein are the property of their respective owners. Copyright 2009-2011EMC Corporation. All rights reserved.Published in the USA.


3/288

Contents 1

nts

Module 0: Course Introduction 9Module Objectives 10Lesson 1: Course Introduction 11

Covered Skills 12Course Objectives 13Course Objectives (Continued) 14Course Content 15Course Content (Continued) 17Daily Agenda 18Guides, Introductions, and Orientation 19

Lesson 2: VDC 20VDC Introduction 21Access VDC 22Lab 0.1: Access the VDC 23

Module 1: Deduplication 25Module Introduction 25Module Objectives 26Deduplication Simplified Definition 27Inline Vs. Post-Process Deduplication 28

Inline Deduplication 28Inline Deduplication Process 29Post Processing Deduplication 29Post-Process Deduplication Process 29

File Based Deduplication 30Fixed Segment Deduplication 31Variable Segment Size Deduplication 32Module Review 33

Module 2: Data Domain Operating Environment 35Module Introduction 35Lesson 1: Data Domain Deduplication 36

How Deduplication Works 37Lesson 2: SISL 39

SISL Definition 40Deduplication 41Deduplication (Continued) 42

Lesson 3: DIA 43Definition 44DIA End-to-End Verification 45DIA Fault Avoidance and Containment 46DIA Continuous Fault Detection and Healing 47DIA File System Recovery 48
http://-/?-http://-/?-http://-/?-http://-/?-


4/288

EMC Data Domain System Administration Course Student Guide

Lesson 4: File Systems 49Administration File System 50Storage File System 51Storage File System (Continued) 52Storage File System (Continued) 53

Lesson 5: Data Domain Data Paths 54Data Domain System in Typical Backup Environments 55Data Path over Ethernet 56Data Path over Fibre Channel VTL 57

Lesson 6: Administration Interfaces 58Access Enterprise Manager 59Enterprise Manager Main Screen 60Enterprise Manager Tabs 61CLI 62CLI (Continued) 63

Module Review 64Module Review (Continued) 65Module Review (Continued) 66

Module 3: Initial Configuration and Backup 67Module Introduction 67Module Objectives 68Lesson 1: Verify Initial Configuration 69

Launch Enterprise Manager 70Launch Configuration Wizard 71Lab 3.1: Initial Configuration 72

Lesson 2: Manage System Access 73User Classes 74Manage Administration Access Protocols 76

Create a User 77Lesson 3: Configure CIFS/NFS 79

Configure a CIFS share 80Configure an NFS Export 81

Lesson 4: Verify Hardware 83Model Number, System Uptime, Serial Number 84Storage (Disk) Status 85Disk Overview 86Active Tier 87Locate a Disk 88View Usable Disks 89View Failed, Foreign, or Absent Disks 90View Chassis Status 91Lab 3.2: Copy Data to a Data Domain System 93

Module Review 94

Module 4: Manage Network Interfaces 95Module Introduction and Objectives 95
http://-/?-http://-/?-


5/288

Contents 3

Lesson 1: Interfaces, Settings, & Routes 96Manage Network Routes 97Create Static Routes 99

Lesson 2: Link Aggregation 101Definition 101Requirements 102Create a Virtual Interface for Link Aggregation 103

Lesson 3: Link Failover 106Specifications 106Manage Link Failover 108Manage Link Failover (Continued) 109

Lesson 4: Manage VLAN and IP Alias Network Interfaces 110Introduction and Objectives 110Define VLAN and IP Alias Network Interfaces 111Create VLAN and IP Aliases 112Create VLAN and IP Aliases (Continued) 113Create VLAN and IP Aliases (Continued) 115

Module Review 117Module Review (Continued) 118Module Review (Continued) 119

Module 5: Manage a VTL 121Module Introduction and Objectives 121VTL Overview 122Configuration Terms 124VTL Planning 125Capacity Planning 126Create Tapes 127VTL Barcode Definition 128

Configure VTL Barcode 129Configure VTL Barcode (Continued) 130Configure VTL Barcode (Continued) 131Module Review 132

Module 6: Manage Data 133Module Introduction and Objectives 133Lesson 1: Snapshots 134

Manage Snapshots 136Lab 6.1 Configure Snapshot 137

Lesson 2: Fastcopy 138

Perform Fastcopy 139Lab 6.2: Perform Fastcopy 140Lesson 3: Retention Lock 141

Retention Lock (Continued) 142Retention Lock (Continued) 143Configure Retention Lock 144

Lesson 3: Sanitization 145


6/288


Lab 6.3: Configure Sanitization 147Lesson 4: Encryption of Data at Rest 148

Passphrase and Encryption Key 148File System Locking 149Encryption Flow 150Configure Encryption 151Apply Encryption Changes 152Deactivate Encryption 153Lab 6.4 Configure Encryption 154

Lesson 5: File System Cleaning 155Cleaning 156Lab 6.5: Configure File-System Cleaning 158

Lesson 6: Monitor File-System Space Usage 159File System Summary Tab 160Space Usage 161

Space Usage Terms 161Space Consumption Tab 163

Space Consumption Terms 163Daily Written Tab 164

Daily Written Tab Terms 164Module Review 165Module Review (Continued) 166

Module 7: Manage Data Replication and Recovery 167Module Introduction and Objectives 167Lesson 1: Data Replication 168

Lesson Objectives 169Data Replication Overview 170Data Domain Replication Types 171

Collection Replication 172Directory Replication 173Pool Replication 174Replication Context 175Replication Context Streams 176Replication Topologies 177Configure General Replication 179Configured Advanced Replication 180Replication Seeding 181Low Bandwidth Optimization Benefits 183Low Bandwidth Optimization Using Delta Compression 184Encryption Over Wire 186Lab 7.1: Replication 187

Lesson 2: Recover Data 188Recover Replication-Pair Data 189Why Resynchronize Recovered Data? 190Resynchronization Process 191


7/288

Contents 5

Manage Throttle Settings 192Module Review 194Module Review (Continued) 195

Module 8: Manage DD Boost 197Module Introduction and Objectives 197DD Boost Overview 198

DD Boost Overview (Continued) 199DD Boost Flow 200Replica Awareness Flow 202DD Boost Replication Awareness Advantages 203Deduplication With Distributed Segment Processing 205NetWorker Data Zone Architecture 207NetWorker Server Architecture 209Networker Work Flow 210Interface Groups 211Firewall Ports 212Download DD Boost Plug-In Software 213

Configure DD Boost 214Configure DD Boost (Continued) 215Lab 8.1: DD Boost 216Module Review 217

Module 9: Plan Capacity and Throughput, Monitor Throughput 219Module Introduction and Objective 219Lesson 1: Plan Capacity 220

Collect Information 221Collect Information (Continued) 222Determine Capacity Needs 223

Compression Requirements with Variables 224Compression Requirements with Variables (Continued) 225Calculate Required Capacity 226Capacity Requirements Calculation (Page 1 of 2) 227Capacity Requirements Calculation (Page 2 of 2) 228Calculate Required Throughput 229System Model Capacity and Performance 230Select Model 231Calculate Capacity Buffer for Selected Models 232Match Required Capacity to Model Specifications 233Calculate Performance Buffer for Selected Models 234

Match Required Capacity to Model Specifications 235Lesson 2: Throughput Tuning 236Throughput Bottlenecks 237Performance Metrics 238Tuning Solutions 239Monitor Throughput 240

Module Review 241
http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/http://08.boost.pdf/


8/288


Module 10: Monitor a Data Domain System 243Module Introduction 243Module Objectives 244Lesson 1: Monitor a Data Domain System Using SNMP 245

SNMP Flow 246Download and Configure MIB File 247Lab 10.1: Monitor Using SNMP 248

Lesson 2: Syslog (Remote Logging) 249Configure Remote Logging 250Lab 10.2: Monitor Using Syslog 251

Lesson 3: Log Files 252ddvar log files 253Log File Types 254Lab 10.3: Manage Log Files 255

Lesson 4: Support Bundles 256Generate Support Bundles 257

Lesson 5: Autosupport 258Autosupport System 259Autosupport Types 260Autosupport Via Enterprise Manager 261Autosupport Reports 262Autosupport Reports (Continued) 263Autosupport Reports (Continued) 264Detailed Autosupport Report Contents 265Daily Summary Autosupport 266Alerts 267Alerts (Continued) 268Alerts (Continued) 269Alert Message Types 270Alerts Notification 271Find Autosupport Information 272Find System Autosupports 273Autosupport Device Symbols and Display Options 274View Space Plot, Autosupports, and Support Cases 275Lab 10.4: Autosupport 276

Module Review 277Module Review (Continued) 278

Module 11: Upgrade a Data Domain System 279Module Introduction and Objective 279

Download Software 280System Upgrade 281

Appendix A: Licenses 283

Appendix B: Further Reading 285Access System Documentation 285


9/288

Contents 7

Access Integration Documentation 285Access Part Replacement Documentation 286


10/288



11/288

EMC Data Domain System Administration Course Student Guide 9

Module 0: Course Introduction

The Data Domain System Administration course provides you with the knowledge and skills you needto maintain Data Domain systems. This course includes:

Lecture

Demonstrations

Hands-on lab exercises (see lab guide)

Reviews

Pointers to Data Domain system documentation


12/288

10 Module 00: Course Introduction

Module Objectives

After completing this module, you should be able to:

Describe this course

Access the EMC Virtual Data Center (VDC)


13/288


Lesson 1: Course Introduction

After completing lesson 1, you should be able to:

Describe the objectives for this course

Describe the course content

Describe the daily agenda

Identify the other students

Identify your course materials


14/288


Covered Skills

This course focuses on Data Domain system:

Concepts

Basic configuration

System monitoring

Other courses in the Data Domain curriculum cover:

Design

Installation

3rd-party application integration

Troubleshooting

Parts replacement


15/288


Course Objectives


16/288


Course Objectives (Continued)


17/288


Course Content

This course contains 11 modules. Each module contains lecture and review. Some modules contain labs.

Module 0 (this module) is the course introduction. It:

Gives a course overview.

Introduces course materials

Provides instructions to access the VDC.

Module 1 covers deduplication (not Data Domain specific)

Module 2 gives a product overview. It includes an overview of:

The Data Domain operating system

The Data Domain file system

Data Domain data paths

Module 3 covers how to perform the initial setup of a Data Domain system and how to do a file-systembased backup.


18/288


Module 4 covers how to manage a Data Domain system network.

Module 5 covers how to configure a VTL.

Module 6 covers how to manage data.


19/288


Course Content (Continued)

Module 7 covers how to perform data replication and recovery.

Module 8 covers DD Boost

Module 9 covers planning for capacity

Module 10 covers monitoring a Data Domain system

Module 11 covers upgrading the Data Domain operating system

Appendix A lists Data Domain software licenses

Appendix B tells you how to find Data Domain documentation


20/288


Daily Agenda

This is a typical agenda. Your instructor may speak with you about variances.


21/288


Guides, Introductions, and Orientation

Use your student guide to follow the lecture and take notes.

Use your lab guide for step-by-step instructions on the labs.


22/288


Lesson 2: VDC

EMC2 Education Services provides a virtual data center (VDC) for you to use during labs. The VDC gives youaccess to Data Domain systems.


23/288


VDC Introduction

The VDC provides Microsoft Windows and Linux virtual machines (VMs).


24/288


Access VDC

Your instructor will give you a user name and password to access the VDC.


25/288


Lab 0.1: Access the VDC

Once your instructor gives you your user name, password and lab introduction, locate your lab guide andfollow the step-by-step instructions to complete this lab.


26/288



27/288


28/288


29/288


Deduplication Simplified Definition

Deduplication eliminates redundant data because it stores only one instance of data. For example andonly an example, this isnt a precise definition the sentence Mary had a little lamb gets stored asMary hd lite mb. No second instances of letters get stored.

Deduplication recognizes and deletes common elements in data. It stores only one copy of the duplicateddata. It looks at each segment of an incoming data stream to determine if it needs to be stored or if it canbe replaced by a smaller reference to a segment that is already on the disk.


30/288

28 Module 1: Deduplication

Inline Vs. Post-Process Deduplication

Inline DeduplicationIt is simpler to use inline deduplication. Data is filtered before its stored to disk, so its like a regular stor-age system (it just writes and reads data). Theres no separate administration involved (managing multiplepools some with deduplication, some with regular storage or managing the conditions betweenthem).

Incoming data is examined as soon as it arrives to determine if the segment is new or unique or a dupli-cate of a segment previously stored.

Inline deduplication occurs in RAM before the data is written to disk. Around ninety-nine percent of datasegments are analyzed in RAM without disk access. A very small amount of data is not identified immedi-ately as either unique or redundant. That data is stored to disk and examined again later against thealready stored data.

Because deduplication is done with limited disk access, the speed of inline deduplication is not limited bydisk seek times. Stream speed is as fast as other virtual tape library products that do not have deduplica-tion.


31/288


Inline Deduplication Process

1. Inbound segments are analyzed in RAM.

2. If a segment is redundant, a reference to the stored duplicate segment is created.

3. If a segment is unique, it is compressed and stored.

4. If a segment cannot be identified as unique or redundant, the segment is stored and re-examinedlater.

Post Processing Deduplication

Requires disk space to initially capture the data.

Requires more disk space to store multiple pools of data.

Requires more disks for speed when the deduplication approach is spindle bound.

Post-Process Deduplication Process

1. Data is first buffered to a large cache.

2. Deduplication is then run as a separate processing task this could lengthen the time needed to fullycomplete the backup.

3. After the data is stored, its read back internally, deduplicated, and written again to a different area.


32/288


File Based Deduplication

With file-based deduplication, if 2 files are exactly alike, 1 file is stored and future interations of the file arepointed to the original file.

File-based deduplication doesnt segment data like a Data Domain system, nor does it chunk data like anAvamar system. It certain situations it can be efficient. However, it often doesnt result in as large a datareduction as other deuplication methods.


33/288


Fixed Segment Deduplication

With fixed-segment deduplication, if you add a segment, the entire data stream moves.


34/288


Variable Segment Size Deduplication

Sub-file (segment) deduplication:

Analyses data backup streams

Breaks file into smaller fixed or variable sized segments. Smaller segments make it easier for DataDomain systems to find duplicates.

Is good for backup data stores

Compares backup data against existing data segments

Is commonly used as a quick fix for backup problems

Is more efficient than file based deduplication

Variable segment sized deduplication if better than fixed-segment size deduplication because you canadd data to a variable segment and it doesnt move a data stream.

If you add data to a fixed segment, the entire data stream moves.


35/288


Module Review


36/288



37/288


Module 2: Data Domain Operating Environment

Module Introduction

This module introduces you to the Data Domain system. It reviews concepts that you learned about in theEMC Data Domain Systems and Technology Introduction (eLearning) course.

This module includes 6 lessons:

1. Data Domain Deduplication

2. SISL

3. DIA

4. File Systems

5. Data Domain Data Paths

6. Administration Interfaces


38/288

36 Module 2: Data Domain Operating Environment

Lesson 1: Data Domain Deduplication

Data Domain systems are disk-based deduplication appliances. In this lesson you will learn more aboutdeduplication.


39/288


How Deduplication Works

The end result of identifying unique data segments and compressing the unique data before storage is asignificant reduction in the size of the data stored on disk. Because of the size reductions, data can beretained on disk on site. The reduced data size also makes WAN vaulting possible because of up to 99%bandwidth reduction.

Data Domain global compression technology reduces the data footprint by applying a combination ofdeduplication and local compression.

Deduplication works by breaking the data into segments and then identifying the unique segments. Localcompression is performed on the unique segments using standard compression algorithms before the

unique data is written to disk.For example, in the illustration of the first full backup, two segments labeled B are the same, so segmentsA, B, C, and D are stored with a reference to B instead of storing a second copy.

The compression factor at this point is the ratio of the size of the original 5 segments received (A+B+C+Bagain+D) to the size of the 4 segments (A+B+C+D) stored on disk. Usual data reduction for a first full backupis 3-4x.


40/288


The next backup in the illustration is incremental. The backup includes copies of A and B as well as a newsegment E. Only the new segment E is stored. A and B are stored as references to the previously storedsegments. The compression factor of this backup is quite good since it is the ratio of the 3 receivedsegments (A+B+E) to the single stored segment E. Usual data reduction for a file level incremental is 6-7x.

The second full backup is when the reductions start to become very large. A,B,C,D and E are recognized asduplicates from the previous two backups, and only the new segment F gets stored. The compression factorof this second full backup is very high, with 6 segments coming in but only the one new segment gettingstored. Usual data reduction for the second full backup is 50-60x.

The compression factor over all three backups is the ratio of all 14 segments coming from the backupsoftware to be stored to the 6 segments that get stored to represent all the data received over time.

Deduplication is the process of recognizing common elements in the many versions and copies of data andeliminating the redundant copies of those common elements.

With deduplication only one copy of duplicated data is stored.

Because deduplication is performed with limited disk access, the speed of in line deduplication is notlimited by disk seek times. Stream speed of Data Domain systems is as fast as other virtual tape libraryproducts that do not have deduplication. The process is shown as follows:

Inbound data is analyzed in RAM.

If data is redundant, a reference to the stored duplicate data is created.

If data is unique, it is compressed and stored.

If data cannot be identified as unique or redundant, the data is stored and re-examined later.

For IT administrators, deduplication means there are fewer and smaller storage systems to manage, smallerdata centers to run, fewer tapes to handle, fewer tape pickups, smaller network pipes, and cheaper WANlinks.


41/288


Lesson 2: SISL


42/288


SISL Definition


43/288


Deduplication

The Data Domain system:

1. Segments

2. Fingerprints

3. Filters

4. Compresses

5. Writes data to containers, containers written to disk


44/288


Deduplication (Continued)

The Data Domain system:

1. Segments

2. Fingerprints

3. Filters

4. Compresses

5. Writes data to container, container written to disk


45/288


Lesson 3: DIA


46/288


Definition


47/288


DIA End-to-End Verification

The flow for continuous fault detection and healing is:

1. The Data Domain system periodically rechecks the integrity of the RAID stripes and container logs.

2. The Data Domain system uses the redundancy of the RAID system to heal any faults.

3. During every read, data integrity is re-verified.

4. Errors are healed as they are encountered.


48/288


DIA Fault Avoidance and Containment

The following is true for fault avoidance and containment:

New data never puts old data at risk

Container log never overwrites or updates existing data

New data written in new containers

The old containers and references remain in place and safe even in the face of software bugs or hard-ware faults that may occur when storing new backups

New data never overrides good data

Fewer complex data structures

NVRAM for fast restarts

No partial stripe writes


49/288


DIA Continuous Fault Detection and Healing

Here is the flow for continuous fault detection and healing:

1. The Data Domain system periodically rechecks the integrity of the RAID stripes and container logs

2. Uses the redundancy of RAID system to heal any faults

3. During every read, data integrity is re-verified

4. Any errors are healed as they are encountered


50/288


DIA File System Recovery

Here is the flow for file system recoverability:

1. Data is written in a self describing format

2. The file system can be recreated by scanning the logs and rebuilding it from meta data stored with thedata


51/288


Lesson 4: File Systems


52/288


Administration File System

The Data Domain system administrative file system is called ddvar:

The NFS directory is /ddvar

The CIFS directory is \ddvar

This file system stores system core and log files.

You cannot rename or delete this file system. Nor can you access all of its sub-directories, for example,the core sub-directory.

Data streams for this file system change according to the Data Domain OS version and hardware model.Check the Data Domain support portal for more information on data streams for each OS and hardwaremodel.


53/288


Storage File System

/data/col1/ is the parent directory path under which all user data is retained.

MTrees provide granular data management so that you can manage and report on different data types ordata from different sources separately.

For example, you can configure compression separately on different types of data in separate Mtrees.

Note: You cant replicate under Mtrees.


54/288


Storage File System (Continued)


55/288


Storage File System (Continued)

You can add up to 14 MTrees /data/col1 to keep data separate. You can add subdirectories to MTreedirectories.

You cannot add anything to the /data directory. You can only change to the col1 subdirectory.

Subdirectories can be added under /data/col1/backup.

The backup MTree (/data/col1/backup) cannot be deleted or renamed.

If MTrees are added, they can be renamed and deleted.

You can replicate under /backup

Note: This slide shows the Data Domain system view, not the client view. The client view would not show/data/col1.


56/288


Lesson 5: Data Domain Data Paths


57/288


Data Domain System in Typical Backup Environments

Data Domain systems connect to backup servers as storage capacity to hold large collections of backupdata.

A Data Domain system integrates into typical backup environments non-intrusively.

Often the Data Domain system is connected directly to the backup server.

The backup data flow is redirected from the clients to the Data Domain device instead of to tape.

If tape needs to be made for long term archival retention, data flows from the Data Domain device back tothe server and then to tape, completing the same flow that the backup server was doing initially.

Tapes come out in the same standard backup software formats as before and can go off site for long termretention.

If a tape must be retrieved, it goes back into the tape library and the data flows back through the backupsoftware to the client that needs it.


58/288


Data Path over Ethernet

Backup and archive media servers send data from clients to Data Domain systems on the network. A directconnection between a dedicated port on the backup or archive server, and you can also use a dedicatedport on the Data Domain system.

The connection between the backup or archive server and the Data Domain system can be Ethernet orFibre Channel, or both if needed. This slide shows the Ethernet connection.

Data is written to the backup file system on a Data Domain system.

When Data Domain replicator is licensed on two Data Domain systems, replication is enabled between thetwo systems. The Data Domain systems can be either local for local retention or remote, for disaster recov-

ery. Data in flight over the WAN can be secured using VPN.

Physical separation of the replication traffic from backup traffic can be achieved by using two separateEthernet interfaces on the Data Domain system. This allows backups and replication to run simultaneouslywithout network conflicts.

Since the Data Domain OS is based on Linux, it needs additional software to work with CIFS. Samba soft-ware enables CIFS to work with the Data Domain OS.


59/288


60/288


Lesson 6: Administration Interfaces


61/288


Access Enterprise Manager

With the Enterprise Manager, you can manage 1 or more Data Domain systems.

You can access the Enterprise Manager with many browsers, for example:

Internet Explorer

Chrome

Firefox

To login:

1. In a browser enter the address

2. Enter your user name and password

3. Enter your system IP address


62/288


Enterprise Manager Main Screen


63/288


Enterprise Manager Tabs


64/288


CLI

There are 4 ways to log into the CLI:

1. SSH (PuTTY)

2. Serial console

3. Telnet (default is not enabled)

4. Keyboard and monitor (KVM)

Initial login information:

login: sysadminpassword: serial number on Data Domain model (box).


65/288


CLI (Continued)

You can do everything in the CLI that you can do from the Enterprise Manager.

You enter commands with options, for example:

#command argument options

#filesys show space

#user show list

#user add Bob

#help admin access#help show


66/288


Module Review


67/288


68/288


Module Review (Continued)


69/288


Module 3: Initial Configuration and Backup

Module Introduction


70/288

68 Module 3: Configuration and Backup

Module Objectives

After completing after completing this module, you should be able to:

Verify and perform an initial configuration

Manage system access

Configure CIFS/NFS

Verify hardware

Copy data to a Data Domain system


71/288


Lesson 1: Verify Initial Configuration

Your environment for this course assumes that your hardware installation is complete and your networkconnections are established. In this lesson you will learn how to verify or configure:

Licenses

Network settings

System settings

Protocols

After you complete this lesson, you should be able to use the Enterprise Manager to perform an initial

setup of the following:

Licenses

Network and system settings

Protocols: CIFS, NFS, DD Boost (to be expanded in the DD Boost module). Currently, you cannot com-plete the configuration for the VTL protocol in the VDC.


72/288


Launch Enterprise Manager

To perform an initial configuration from the Enterprise Manager, do the following:

1. Open the Enterprise Manager from an Internet Explorer browser, for example:

http://dddev-01/ddem

2. Enter your assigned Username and Password.

1. Double-click on Login.


73/288


Launch Configuration Wizard

To launch the Configuration Wizard:

1. From the Enterprise Manager, Click on Maintenance.

2. Click on the More Tasks pull-down menu.

3. Double-Click on Launch Configuration Wizard...

4. Follow the Configuration Wizard prompts.

You must follow the configuration prompts. You cant select an item to configure from the left-hand naviga-tion pane. You will be prompted to submit your configuration changes as you move through the wizard.

You can also quit the wizard during your configuration.

The CLI command is config setup.


74/288


Lab 3.1: Initial Configuration


75/288


Lesson 2: Manage System Access

In a Data Domain system there are 2 user privilege types: admin and user. In this lesson, youll learn howto manage both.


76/288


User Classes

You may have to mange access for administrators and users on a Data Domain system. A Data Domain sys-tem supports 3 classes of access:

1. Sysadmin (default account) :

Default administrative account.

Cant be deleted.

Creates1st security officer

Has access to all GUI and CLI configuration, management, and monitoring commands.

Can view all users. Can change the sysadmin password, but cant delete the account.

Can enable/disable users with admin or user privileges, except sysadmin user.

sysadmin is domain admin by defaul when you integrate with Active Directory

2. Local user (user) :

Has access to GUI and CLI monitoring commands.


77/288


Can view only their own account.

Cant disable sysadmin.

Cant make changes to the configuration.

3. Security officer (user) :

Can enable, disable, modify, and delete other security officers.

Can view all users.


78/288


Manage Administration Access Protocols

Use the Access Management page to configure and manage access protocols:

Telnet access

FTP access

HTTP/HTTPS access

SSH access


79/288


Create a User

To create new users, follow these steps:

1. In the Navigational pane, expand the DD Network and select a system.

2. Click the System Settings > Access Management> Local Users tabs. The Local Users view appears.

3. Click the Create button to create a new user. The Create User dialog box appears.

4. Enter the following information in the General Tab:

Item Description

User The user ID or name

Password The user password. Set a default password, and the user can change it later.

Verify Password The user password, again

Privilege The privilege of the user: admin, security, or user


80/288


The default value for the minimum length of a password or minimum number of characterclasses required for a user password is 1. Allowable character classes include:

Lowercase letters (a-z)

Uppercase letters (A-Z)

Numbers (0-9) Special Characters ($, %, #, +, and so on)

The available privileges display based on users privilege. Only the Sysadmin user can create the firstsecurity officer. After the first security officer is created, only security officers can create or modify othersecurity officers. Sysadmin is the default admin user and cannot be deleted or modified.

5. Enter the following information in the Advanced Tab:

6. Click OK.

The default password policy can change if the admin user changes them from the Modify Password Policytask. The default values are the initial default password policy values.

Item Description

Minimum Days Between Change The minimum number of days between password changes thatyou allow a user. Default is 0.

Maximum Days Between Change The maximum number of days between password changes thatyou allow a user. Default is 99999.

Warn Days Before Expire The number of days to warn the users before their passwordexpires. Default is 7.

Disable Days After Expire The number of days after a password expires todisable the user account. Default is Never.

Disable account on the followingdate

Check this box and enter a date ( mm/ dd/ yyyy) on which you wantto disable this account. Also, you can click on the calendar to select

a date.


81/288


Lesson 3: Configure CIFS/NFS


82/288


Configure a CIFS share

To configure a CIFS share, you must:

1. Configure the workgroup mode

2. Configure the Active Directory mode

3. Give a descriptive name for the share

4. Enter the path to the target directory (for example, /data/col1/mtree1)


83/288


Configure an NFS Export

To configure an NFS export, do the following:

1. Enter a path name for the export

2. In the Clients area, select an existing client or click the + icon to create a client

The Clients dialog box appears.

a. Enter a server name in the text box.

Enter fully qualified domain names, host names, or IP addresses. A single asterisk (*) as a wild cardindicates that all backup servers are to be used as clients.

Clients given access to the /data/col1/backup directory have access to the entire directory. A clientgiven access to a subdirectory of /data/col1/backup has access only to that subdirectory.

A client can be a fully-qualified domain host name, class-C IP addresses, IP addresses with eithernetmasks or length, an NIS netgroup name with the prefix @, or an asterisk (*) wildcard with adomain name, such as *.yourcompany.com .

A client added to a subdirectory under /data/col/backup has access only to that subdirectory.

Enter an asterisk (*) as the client list to give access to all clients on the network.


84/288


b. Select the check boxes of the NFS options for the client.

- Read-only permission.

- (Default) Requires that requests originate on a port that is less than IPPORT_RESERVED (1024).

- Map requests from UID or GID 0 to the anonymous UID or GID.

- Map all user requests to the anonymous uid or gid.- Use default anonymous UID or GID.


85/288


Lesson 4: Verify Hardware

As part of your Data Domain initial setup, you should verify that your hardware is correctly installed andrunning. This lesson teaches you how to do that.

The CLI command is system show status.


86/288


Model Number, System Uptime, Serial Number

To verify your model number, system uptime, and serial number in the Enterprise Manager:

1. Select a system from the left-hand navigation pane.

2. Click the Maintenance tab.

3. Verify the information.

The CLI commands are:

1. system show status

2. system show config

3. system disk show


87/288


Storage (Disk) Status

To verify your storage status in the Enterprise Manager:

1. Click the Hardware tab

2. View the Storage Status

If the Status indicator Storage operational is green, all disks are good. If the Status indicator Stor-age operational is yellow, the system is working, but there is a problem. I the Status indicator Stor-age operational is red, the system isnt operational.


88/288


Disk Overview

To get an overview of your storage (disk) status in the Enterprise Manager:

1. Select a system from the left-had navigation pane.

2. Click the Hardware tab.

3. Click Storage.

From here you can view the Active Tier, Usable Disks, and Failed\Foreign\Absent Disks.


89/288


Active Tier

Disks in the Active Tier are currently marked as usable by the Data Domain file system. Sections are orga-nized by Disks in Use and Disks Not in Use. If the optional archive feature is installed From the Storage Sta-tus Overview pane, you can expand your view of the disk use in the Active Tier. You can view for both DisksIn Use and Disks Not In Use:

Disk Group: here it is dg0

Status. Here it is 1 Normal.

Disk Reconstructing

Total Disks Disks

You can also expand the Disks In Use view to view individual disks. Once you View Details, you can Beaconindividual disks.

The CLI command is storage show


90/288


Locate a Disk

To locate a disk (for example, when a failed disk needs to be replaced):

1. Select the Data Domain system in the Navigational pane.

2. Click the Hardware > Storage > Disks tabs.

The Disks view appears.

3. Select a disk from the Disks table and click Beacon.

The Beaconing Disk dialog window appears, and the LED light on the disk begins flashing.

4. Click Stop to stop the LED beaconing.


91/288


View Usable Disks

Usable disks are those that arent incorporated into the file system yet. To view details about usable disksfrom the Enterprise Manager:



3. View the status, which includes the disk:

Name

Status

Size

Manufacturer/Model

Firmware

Serial Number

You can also view the details of individual disks. The CLI command is disk show status.


92/288


View Failed, Foreign, or Absent Disks

To get the status on Failed/Foreign/Absent Disks in the Enterprise Manager:


2. Open the Failed/Foreign/Absent Disks panel.

3. View the following disk information:

Name

Status

Size

Manufacturer/Model

Firmware

Serial Number

4. You can also view the details of individual disks.


93/288


View Chassis Status

To view your chassis status in the Enterprise Manager:

1. From the left-hand navigation pane, select a system.


3. Click Chassis.

From here you can view the following by hovering your mouse over them:

NVRAM

PCI Slots

SAS

Power Supply

PS FAN

Riser Expansion

Temperature


94/288


FANs

FRONT and BACK chassis views

The CLI command is system show status.


95/288


Lab 3.2: Copy Data to a Data Domain System


96/288


Module Review


97/288


Module 4: Manage Network Interfaces

Module Introduction and Objectives

After completing this module, you should be able to:

Manage network interfaces, settings, and routes

Describe and use link aggregation.

Describe and use link failover.

Describe and use VLAN tagging.

Describe and use IP aliases.


98/288


99/288


100/288

98 Module 4: Manage Network Interfaces

5. Click OK.

The system processes the information and returns you to the Routes tab.


101/288


Create Static Routes

1. From the Navigational pane, select the Data Domain system to configure.

2. Click the Hardware > Network > Routes tabs.

3. Click Create in the Static Routes area

The Create Routes dialog box appears.

4. Select an interface to configure for the static route.

a. Click the check boxes for the interface(s) whose route you are configuring.

b. Click Next.

5. Specify the Destination. Select either of the following.

The Network Address and Netmask.

a. Click the Network radio button.

b. Enter destination information, by providing destination network address and netmask.


102/288


Note: This is not the IP of any interface. The interface is selected in the initial dialog and it is usedfor routing traffic.

The Host Name or IP address of host destination.

a. Click the Host radio button.

b. Enter the Host Name or IP address of the destination host to use for the route.

6. Optionally, change the gateway for this route.

a. Click the check box, Specify different gateway for this route.

b. Enter a gateway address in the Gateway field.

7. Review changes, click Next.

The Create Routes > Summary page appears. The values listed reflect the new configuration.

8. Complete the action, click Finish.

Progress messages display. When changes are applied, the message indicates Completed. Click OK toclose the dialog.

The new route specification is listed in the Route Spec list.


103/288


Lesson 2: Link Aggregation

DefinitionUsing multiple Ethernet network cables, ports, interfaces (links) in parallel, link aggregation increases net-work throughput, across a LAN or LANs until the maximum computer speed is reached. Data processingbecomes faster than when data is sent over individual links. For example, you can enable link aggregationon a virtual interface (veth1) to a physical interfaces (eth0a and eth0b) in the link aggregation control pro-tocol (LACP) mode and hash XOR-L2.

Link aggregation evenly splits network traffic across all links or ports in an aggregation group. It doesthis minimum with impact to the splitting, assembling, and reordering of out-of-order packets.

Aggregation is between 2 directly attached systems (point-to-point and physical or virtual). Normallythe aggregation is between the local system and the network device or system that is connected. Nor-mally a Data Domain system is connected to a switch or router.

Aggregation is handled between the IP layer (L3 and L4) and the mac layer (L2) network driver.

Link aggregation performance is impacted by the following:


104/288


Switch speed: normally the switch can handle the speed of each link that is connected to it, but itmay lose some packets if all of the packets are coming from several ports that are concentrated onone uplink running at maximum speed. In most cases, this means that you can use only 1 switch forport aggregation coming out of a Data Domain system. Some network topologies allow for linkaggregation across multiple switches.

How much the Data Domain system can process

Out-of-order packets: a network program must put out-of-order packets back to the original order. Ifthe link aggregation mode allows the packets to be sent out-of-order, and the protocol requires thatthey be put back to the original order, the added overhead may impact the throughput speedenough so that the link aggregation mode that caused the out-of-order packets shouldnt be used.

Number of clients: in most cases, either the physical of OS resources cant drive data at multipleGbps. Also, due to hashing limits, youd need multiple clients to push data at multiple Gbps.

n Number of streams (connections) per client can significantly impact link utilization depending onthe hashing that you use.

A Data Domain system supports 2 aggregation methods:

1. Round robin

2. Balanced-xor (you set up manually on both sides)

Requirements

Links can only be part of 1 group.

Aggregation is between 2 systems.

All links in a group have the same speed.

All links in a group are half-duplex or full-duplex.

No changes to the network headers are allowed.

You must have a unique address across aggregation groups.

Frame distribution must be predictable and consistent.


105/288


Create a Virtual Interface for Link Aggregation

To create a link aggregation virtual interface:

1. From the navigation pane, select a Data Domain system.

2. Click Hardware > Network > Interfaces.

3. Under the Interfaces tab, disable the physical interface where you want to add the virtual interface.

Select No from the Enabled pull-down menu.

4. From the Interface Type pull-down menu, select Virtual Interface.

The Create Virtual Interface dialog box appears.

5. Specify a virtual interface name in the veth text box.

Enter a virtual interface name in the form vethx, where x is a unique ID (typically 1 or 2 digits). A typicalfull virtual interface name with VLAN and IP alias in veth56.3999.199. The maximum length of the fullname is 15 characters. Special characters are not allowed. Numbers must be between 0 and 9999.

6. Select Aggregate from the bonding Type drop-down list.


106/288


Registry setting can be different from the bonding configuration. When you add interfaces to the vir-tual interface, the information isnt sent to the bonding module until the virtual interface is broughtup. Until that time the registry and the bonding driver configuration are different.

7. From the General tab, specify the Bonding Mode.

Specify a bonding mode thats compatible with the system requirements to which the interfaces are

directly attached. The available modes are: Round robin: transmits packets in sequential order from the 1st available link through the last in the

aggregated group.

Balanced: Data sent over interfaces as determined by the hash method yo select. Associated inter-faces on the switch must be grouped into an Ether channel (trunk).

LACP: Similar to Balanced except it has a control protocol that communicates with the other end andcoordinates what links, within the bond, are available. It provides heartbeat failover.

8. Specify the bonding hash.

In the General tab, from the Bonding Hash pull-down menu select either Layer 2 (L2) or Layer 3/Layer 4(L3L4).

9. Select an interface to add to the aggregate configuration by click in the check ox corresponding to theinterface.

10. Click Next.

The Create virtual interface veth_name dialog box appears.

11. Enter an IP address.

12. Enter a Netmask address.

The Netmask is the subnet portion of the IP address that is assigned to the interface.

The format is usually 255.255.255.XXX, where XXX is the value that identifies the interface. If youdont specify a netmask, the Data Domain system uses the netmask format as determined by the TCP/IP address class (A, B, C) that you are using.

13. Specify speed and duplex options.

Note: Aggregation isnt available for NICs.

The combination of speed and duplex settings define the rate of data transfer through the interface.

Layer 2 (XOR-L2) Transmit based on static balanced and LACP mode aggregation withan XOR hash or layer 2 (inbound and outbound MAC addresses).

Layer 2/Layer 3(XOR-L2L3)

Transmit based on static balanced and LACP mode aggregation withan XOR has of layer 2 (inbound and outbound IP address) and layer3 (inbound and outbound interface numbers).

Layer 3/Layer 4(XOR-L3L4)

Transmit based on static balanced and LACP mode aggregation withan XOR hash of Layer 3 (inbound and outbound IP address) andLayer 4 (inbound and outbound interface numbers).


107/288


Autonegotiate Speed/Duplex: select this option to allow the NIC to autonegotiate the line speedand duplex setting for an interface.

Manually configure Speed/Duplex: select this option to manually set an interface data transfer rate.

Duplex options are half-duplex or full-duplex.

Speed options are limited to the capabilities of the hardware. The option are 10 Base-T, 100Base-T, 1000 Base-T (Gb), and 10,000 (10 Gb).

Half-duplex is only available in 10 base-T and 100 Base-T speeds.

1000 and 10,000 line speeds require full-duplex.

Optical interfaces require the Autonegotiate option.

The copper interface default is 10 Gb. If a copper interface is set to 1000 or 10,000 line speed,duplex must be full-duplex.

14. Specify maximum transfer unit (MTU) settings.

This sets the size for the physical (Ethernet) interface. Supported values are from 350 to 9014. For 100

base-T gigabit networks, 1500 is the default.15. Click the Default button to return the setting to the default value.

16. Ensure that all of your network components support the size set with this options.

17. Select Dynamic Registration (optional).

The dynamic DNS (DDNS) protocol enable machines on a network to communicate with and register IPaddresses on a Data Domain system DNS server.

The DDNS must be registered to enable this option.

18. Click Next.

The Configure Interface Settings summary page appears.19. Ensure that the values listed are correct.

20. Click Finish

21. Click OK.


108/288


Lesson 3: Link Failover

Link failover increases network throughput by keeping backups operational during network glitches.

Link failover is supported by a bonding driver on a Data Domain system. The bonding driver checks the car-rier signal on the active interface every 9 seconds. If the carrier signal is lost, the active interface ischanged to another standby interface. An ARP is sent to indicate that the data must flow to the new inter-face. The interface can be:

On the same switch

On a different switch

Directly connected

Specifications

Only 1 interface in a group can be active at a time.

Data flows over the active interface. Non-active interfaces can receive data.

You can specify a primary interface. If you do specify a primary interface, it will be the active interfaceif its available.


109/288


Bonded interfaces can go to the same or different switches.

You do not have to configure a switch to make link failover work.

1 GbE interface

You can put 2, or more, interfaces in a link failover bonding group.

The bonding interfaces can be:

On the same card

Across cards

Between a card and a motherboard

Link failover is independent of the interface type. For example, copper and optical can be failoverlinks if the switches support the connections.

10 GbE interface

You can put only 2 interfaces in a failover bonding group.

The bonding interfaces can only be on the same card.


110/288


Manage Link Failover


111/288


Manage Link Failover (Continued)


112/288


Lesson 4: Manage VLAN and IP Alias Network Interfaces

Introduction and Objectives

In this lesson youll learn about VLAN and IP alias network interfaces and how to manage it through theEnterprise Manager.


113/288


Define VLAN and IP Alias Network Interfaces

Virtual local area networks (VLANs) manage subnets on a network. VLANs enable a LAN to transcend phys-ical boundaries. They enable you to segregate network broadcasting. They are used to:

Provide security

Speed up network traffic

Organize network LANs.

If youre not using VLANs, you can use IP aliases. Ip aliases are easy to implement and are less expensivethan VLAN, but they are not a true VLAN. For example, you must use 1 IP address for management and

another IP address to backup or archive data. You can combine VLANs and IP aliases.


114/288


Create VLAN and IP Aliases

VLAN tag insertion (VLAN tagging) enables you to create multiple VLAN segments. (You get the tagsfrom the network administrator.)

In a Data Domain system, you can have up to 4096 VLAN tags.

Create a new VLAN interface from either a physical interface or a virtual interface.

The recommended total number that can be created is 80, though it is possible to create up to 100 inter-faces before the system is affected.


115/288


Create VLAN and IP Aliases (Continued)

To create a VLAN tag from the Enterprise Manager:

1. From the Navigational pane, select the Data Domain system to configure.2. Click the Hardware > Network > Interfaces tabs.

3. Click Create and select the VLAN option.

The Create VLAN dialog box appears.

4. Specify a VLAN ID by entering a number in the ID field.

The range of a VLAN ID is between 1 and 4095.

5. Enter an IP Address.

The Internet Protocol (IP) Address is the numerical label assigned to the interface. For example,192.168.10.23


The Netmask is the subnet portion of the IP address that is assigned to the interface. The format is typ-ically 255.255.255.###, where the ### are the values that identify the interface. If you do not specifya netmask, the Data Domain system uses the netmask format is determined by the TCP/IP addressclass (A,B,C) you are using.

7. Specify MTU Settings.


116/288


This sets the maximum transfer unit (MTU) size for the physical (Ethernet) interface. Supported valuesare from 350 to 9014. For 100 Base-T and gigabit networks, 1500 is the standard default.

Notes:

Click the Default button to return the setting to the default value.

Ensure that all of your network components support the size set with this option.

8. Specify Dynamic DNS Registration option.

Dynamic DNS (DDNS) is the protocol that allows machines on a network to communicate with, and reg-ister their IP address on, a domain name system (DNS) server. The DDNS must be registered to enablethis option. Refer to Registering a DDNS for additional information.

9. Click Next.

The Configure Interface Settings summary page appears. The values listed reflect the new system andinterface state.

10. Click Finish and OK.


117/288


Create VLAN and IP Aliases (Continued)

Create a new IP Alias interface from either a physical interface or a virtual interface.

The recommended total number of IP Aliases and virtual interfaces that can be created is 80 though itis possible to create up to 100 interfaces.

1. From the Navigational pane, select the Data Domain system to configure.

2. Click the Hardware > Network > Interfaces tabs.

3. Click Create and select the IP Alias option.

The Create IP Alias dialog box appears.

4. Specify a IP Alias ID by entering a number in the eth0a field.

Requirements are: 1 to 4096

5. Enter an IP Address. The Internet Protocol (IP) Address is the numerical label assigned to the inter-face. For example, 192.168.10.23


The Netmask is the subnet portion of the IP address that is assigned to the interface.

Format is typically 255.255.255.###, where the ### are the values that identify the interface. If you donot specify a netmask, the Data Domain system uses the netmask format is determined by the TCP/IPaddress class (A,B,C) you are using.


118/288


7. Specify Dynamic DNS Registration option.

Dynamic DNS (DDNS) is the protocol that allows machines on a network to communicate with,and register their IP address on, a Domain Name System (DNS) server.

The DDNS must be registered to enable this option. Refer to Registering a DDNS for additional infor-mation.

Click Next. The Configure Interface Settings summary page appears. The values listed reflect thenew system and interface state.

Click Finish and OK.


119/288


Module Review


120/288




121/288




122/288



123/288


Module 5: Manage a VTL



124/288

122 Module 5: Manage a VTL

VTL Overview

In some environments the Data Domain system must be configured as a Virtual Tape Library. This practicemay be motivated by the need to leverage existing backup policies that were built around using physicaltape libraries. Using a VTL can also be a step in a longer range migration to disk based media for backup,or it may be driven by the need to minimize the effort to recertify a system to meet compliance needs.

Virtual tape libraries emulate the physical tape equipment and function. Different tape library productsmay package some things in different ways and the names of some elements may differ between productsbut the fundamentals are basically the same. Data Domain systems are configured using the concepts oflibraries, tapes, Cartridge Access Ports, and barcodes.

The Data Domain VTL software option requires installation of a Data Domain VTL HBA to connect to a FibreChannel storage network. Activating the VTL configuration also requires the installation of a VTL licensekey.

The Data Domain VTL software option requires installation of a Data Domain VTL HBA to connect to a FibreChannel storage network. Activating the VTL configuration also requires the installation of a VTL licensekey.


125/288


The goal of configuring a Data Domain system as a VTL is to provide an interface that the backup softwarecan work with as if it were working with the physical tape library. Some Parameters must be configured inthe VTL environment to structure the libraries and the number and size of elements within each. Many ofthese parameters are dictated by the tape technology and library model that is being emulated. Consultthe product documentation and best practice guides for more information about the definitions and

ranges for each parameter.


126/288


Configuration Terms


127/288


VTL Planning

You must configure parameters in the VTL environment to structure the number and size of elementswithin each library. Parameters are dictated by the tape technology and library you are emulating. Consultthe product documentation and best practices guides for information about the definitions and ranges foreach parameter.


128/288


Capacity Planning

See the best practices documentation for planning a virtual library configuration.

Capacity calculations are a function of the backup set size and the compression ratios.

Consider how space gets allocated and recovered in events like tape creation and expiration.

With deduplication the amount of disk space you need for a tape depends on the compression ratio.When virtual tapes are created space isnt pre-allocated, so the logical setup to emulate a large libraryof tape incurs a small disk space. You monitor disk space use and compression using the same tech-niques you use for monitoring data backed up over NFS and CIFS

You must clean a Data Domain system to reclaim data storage space from an expired tape image. DIArequirements to not use space until cleaning runs also means that large amounts of space maybecome unavailable for use. In some environments, you must manage disk use closely. You may needto run system cleaning frequently.


129/288


Create Tapes


130/288


VTL Barcode Definition

When a tape is created, a bar code is assigned that is a unique identifier of a tape. The eight-characterbarcode must start with six numeric or upper-case alphabetic characters (from the set {0-9, A-Z}) and endin a two-character tag for the supported LT0-1, LT0-2, and LT0-3 tape type.


131/288


Configure VTL Barcode

Data Domain recommends creating tapes with unique barcodes only. Duplicate bar codes in the same tapepool create an error. Although no error is created for duplicate barcodes in different pools, duplicate barcodes may cause unpredictable behavior in backup applications.


132/288


Configure VTL Barcode (Continued)


133/288


Configure VTL Barcode (Continued)


134/288


Module Review


135/288


Module 6: Manage Data



136/288

134 Module 6: Manage Data

Lesson 1: Snapshots

Use a snapshot to save a backup directory copy at a specific point in time. You can use it later torestore files from a specific point in time, for example, before a Data Domain OS upgrade.

Snapshot benefits:

Snapshots do not use many system resources

Snapshots are free (do not require a license)

A snapshot is a read-only copy of the entire backup directory.

You can schedule multiple snapshot schedules at the same time or create them when you choose, for

example, before you upgrade or configure your system. Snapshots are created in the /backup/.snapshot directory.

The maximum number of snapshots allowed to be stored on a Data Domain system is 750. You willreceive warning when the number of snapshots reaches 90% of the allowed number (675-749). Analert is generated when the maximum number is reached. To clear the warning:

1. Expire snapshots


137/288


2. Run file system cleaning

If the Data Domain system is a source for collection, snapshots are replicated. If the Data Domain systemis a source for directory replication, snapshots are not replicated. You must create and replicate snapshotsseparately.

Note: Use snapshots judiciously to avoid having segments in snapshots that remain after files are deleted.


138/288


Manage Snapshots

To create a snapshot:

1. Data Management > Snapshots

2. Click Create to create snapshot

3. Click Modify Expiration Date to choose

Never Expire

In: snapshot expires in number of days, weeks, months, or years you select

On: snapshot expires at the first minute of the day you select

4. Select Schedule tab to schedule snapshots


139/288


Lab 6.1 Configure Snapshot


140/288


Lesson 2: Fastcopy

Use fastcopy to retrieve data stored in snapshots. Fastcopy copies files and directory trees of a coursedirectory to a target directory on a Data Domain system. The fastcopy force option allows the destinationdirectory to be overwritten if it exists. Fastcopy makes a destination equal to the source, but not at aparticular point in time. The source and destination may not be equal if you change either during the copyoperation. Fastcopy takes space (its like a clone).


141/288


Perform Fastcopy

1. Data Management > File System > More Tasks >

2. Enter source and destination

3. Click box to overwrite exiting destination (if it exists)


142/288


Lab 6.2: Perform Fastcopy


143/288


Lesson 3: Retention Lock

The EMC Data Domain Retention lock licensed software feature enables organizations to protect records innon-writeable and non-erasable formats for a specified length of time, up to 70 years. Retention lock pro-tects against:

Accidents and user errors

Malicious activity

Licensed feature


144/288


Retention Lock (Continued)

Minimum and maximum retention periods are set globally

Within the global parameters, retention parameters can be set on a file-by-file basis

Retention Lock is designed to respond to commands from the user, archive software, or some backupapplications, which trigger the lock on stored data.

Assumes administrators are trustworthy

Allows administrative users to do the following

Override global retention settings

Update permissions of locked files

Rename empty directories

Fully integrated with Data Domain replication

File locking is initiated by the user or by backup or archive software


145/288


Retention Lock (Continued)

The user or the storage software needs to set the access time (atime) for the file to a date in the future thatmust be beyond the minimum retention period that is configured on the Data Domain system. The actionof setting the atime is the signal to lock the file. As soon as this value is set, the file is locked and cannotbe deleted or modified before that date.

Retention Lock extends the utility of Data Domain systems into environments that require granular con-trols over the protection of individual files stored on the system.


146/288


Configure Retention Lock


147/288


Lesson 3: Sanitization

With the sanitize function, deleted files can be overwritten using a DoD/NIST compliant algorithm and pro-cedures. No complex setup or disruption is needed. Clean data is available during the sanitization pro-cess, with limited disruption to daily operations. Sanitizing is the electronic equivalent of data shredding.It removes any trace of deleted files.

Sanitization supports organizations that:

Are required to remove and destroy confidential data that is accidentally written to unapproved sys-tems

Are required to delete data that is no longer needed.

Need to resolve classified message incidents (CMIs).

The system sanitize command erases the following:

Segments of deleted files that are not used by other files

Contaminated metadata

All unused capacity in the file system


148/288


All segments used by deleted file cannot be globally erased, because some segments may be used byother files

CLI command: system sanitize, system sanitize start


149/288


Lab 6.3: Configure Sanitization


150/288


Lesson 4: Encryption of Data at Rest

With encryption software option licensed and enabled, all incoming data is encrypted inline before it iswritten to disk. This is a software-based approach, and it requires no additional hardware. It includes:

Configurable 128-bit or 256-bit Advanced Encryption Standard (AES) algorithm with either:

Confidentiality with Cipher Block Chaining (CBC mode)

Or

Both confidentiality and message authenticity with Galios/Counter Mode (GCM mode)

Encryption and decryption to and from disk is transparent to all access protocols: DD Boost, NFS, CIFS, andVTL (no administrative action is required for decryption)

Passphrase and Encryption KeyWhen you enable encryption, you are prompted for a passphrase. The system generates an encryption keyand uses the passphrase to encrypt the key. One key is used to encrypt all data written to the system. Afterencryption is enabled, the passphrase is needed by administrative users only:


151/288


If locking or unlocking the file system

If disabling encryption

One key is used for all data in a system.

The encryption key is passphrase protected.

The administrative user specifies the passphrase when enabling encryption.

The passphrase is needed by administrative users only:

If locking or unlocking the file system

If disabling encryption

Take great care not to lose the passphrase or data can be irrevocably lost. If, for example, the passphraseis lost after a file system is locked, the file system cannot be unlocked. The passphrase is not stored on disk(so the passphrase cant be recovered). The two administrative users use the passphrase to lock the DataDomain system and its external storage devices. They enter a new passphrase during the lockingprocedure. A thief who steals a system cant unlock the file system without the passphrase.

File System Locking

After encryption is enabled, the file system can be locked by two administrative users who worktogether.

To unlock the file system, one administrative user enters the new passphrase.

Useful before a system is transported or a disk is replaced

Without encryption, user data could possibly be recovered by a thief with a forensic tool (particularly iflocal compression is turned off)

If a file system is locked before a disk is shipped, the disk is protected from forensic analysis because: The encryption key (which is stored on disk encrypted by the passphrase) cant be recovered

Any user data is encrypted (and the data cant be decrypted without the key)

Only an administrative user who has the new passphrase created during the locking procedure canunlock a file system


152/288


Encryption Flow


153/288


Configure Encryption

1. In the CLI, ensure the Data Domain Encryption license is enabled.

(See Appendix A for Data Domain software licenses.)

Disable the file system

# filesys disable

Enable encryption

# filesys encryption enable

2. Enter a passphrase when promptedSelect an alternative cryptographic algorithm (optional)

# filesys encryption algorithm set algorithm

Default algorithm is aes_256_cbc. Other options are: aes_128_cbc, aes_128_gcm, or aes_256_gcm


154/288


Apply Encryption Changes


155/288


Deactivate Encryption


156/288


Lab 6.4 Configure Encryption


157/288


Lesson 5: File System Cleaning

Cleaning reclaims physical storage occupied by deleted objects. For example, as retention periods expire,old backups are deleted. Space from deleted backups becomes available only after cleaning reclaims thedisk space.

When application software expires backup or archive images, they are deleted in the sense that they areno longer accessible or available for recovery from the application. The images still occupy physical stor-age. The clean operation reclaims the segments used by files that are deleted and are not longer refer-enced.

Cleaning may require a lot of system resources. Mechanisms (self-throttling) are in place to automatically

adjust the priority assigned to cleaning tasks in favor of more time critical processing tasks. Cleaningschedules are adjustable. By default, cleaning is scheduled to start every Tuesday at 6:00 am. You shouldschedule cleaning for times when system traffic is lowest.

A Data Domain system is available for write and read operations during cleaning.


158/288


Cleaning

Cleaning enables you to reorganize data to improve the speed and efficiency of deduplication.

Data invulnerability requires that data is only written into new containers. This requirement also applies tocleaning. Copy forward segments are segments that, for deduplication efficiency, should be stored adja-cent to each other. So they are copied forward together into a single container.

Dead segments are dead because the files that referred to them were all deleted, and the pointers wereremoved. Dead segments are not allowed to be rewritten with new data since this could put valid data atrisk of corruption. Instead, valid segments are copied forward into free containers to group the remainingvalid segments together. When the data is safe and reorganized, the original containers are appended

back onto the available disk space.

Since DDS is a log structure file system, space that was deleted (see types below) must be reclaimed. Thisis called cleaning.

Cleaning is done for 2 main reasons:

1. House keeping: periodically, segments are considered dead if the reference file for it was deleted.


159/288


2. Performance tuning: approximately 10% of the duplicate data is rewritten on the disk. This is done forperformance reasons. For example, rewriting duplicate segments (copy forward segment) into thesame location (segmentation locality) can be more advantageous than having the segments acrossdifferent locations.

The default time schedule for file system cleaning is every Tuesday at 6 am. The default CPU throttle is50%. You can change these options using the Enterprise Manager or the CLI.


160/288


Lab 6.5: Configure File-System Cleaning


161/288


Lesson 6: Monitor File-System Space Usage


162/288


File System Summary Tab


163/288


Space Usage

Monitor space use to determine if you have enough space (through extrapolation). If you dont haveenough space you can do the following:

Increase capacity

Reduce retention periods

Reduce amount of data

Space Usage Terms

Term GUI Term Definition

pre-compression Pre Compression Written Data sent to Data Domain system beforededuplication, local compression, or both

post compression used Post-Comp Used Space used after compression


164/288


compression factor Comp Factor The compression factor (global ratio, cumula-tive ratio) is amount of data footprint

Documents

Dd Guide Emc