Dell EMC DD OS Administration Guide

Dell EMC DD OS

Version 7.0

Administration Guide

Revision 02 March 2020

Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.” DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the USA.

Dell EMC Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.DellEMC.com

2 Dell EMC DD OS Administration Guide

Preface 15

Chapter 1

Chapter 2

System Features and Integration 17

Revision history................................................................................................. 18

System overview............................................................................................... 18

System features................................................................................................ 19

Data integrity........................................................................................19

Data deduplication............................................................................... 20

Restore operations...............................................................................20

DD Replicator.......................................................................................20

Multipath and load balancing................................................................20

High Availability.................................................................................... 21

Random I/O handling........................................................................... 22

System administrator access............................................................... 23

Licensed features.................................................................................23

Storage environment integration...................................................................... 24

Getting Started 27

Dell EMC DD System Manager overview...........................................................28

Logging in and out of DD System Manager....................................................... 28

Logging in using single sign-on (SSO).................................................. 31

The DD System Manager interface....................................................................31

Page elements..................................................................................... 32

Banner................................................................................................. 32

Navigation panel...................................................................................32

Information panel................................................................................. 32

Footer.................................................................................................. 33

Help buttons........................................................................................ 33

End User License Agreement............................................................... 33

Configuring the system with the configuration wizard...................................... 34

License page........................................................................................ 34

Network...............................................................................................35

File System.......................................................................................... 37

System Settings................................................................................... 41

DD Boost protocol................................................................................42

CIFS protocol.......................................................................................43

NFS protocol........................................................................................44

DD VTL protocol.................................................................................. 45

Configure NTP..................................................................................................46

Managing time and date settings......................................................... 46

Command line interface.................................................................................... 47

Logging into the CLI..........................................................................................47

CLI online help guidelines.................................................................................. 48

Chapter 3

Managing the Protection System 51

System management overview......................................................................... 52

HA system management overview....................................................... 52

Dell EMC DD OS Administration Guide 3

Contents

HA system planned maintenance......................................................... 52

Restarting a protection system.........................................................................53

Powering a protection system on or off ........................................................... 53

Power a protection system on............................................................. 54

System upgrade management.......................................................................... 55

Pre-upgrade checklists and overview...................................................55

Viewing upgrade packages on the protection system...........................60

Obtaining and verifying upgrade packages...........................................60

Upgrading a protection system.............................................................61

Removing an upgrade package.............................................................62

Managing electronic licenses............................................................................ 62

HA system license management...........................................................63

Protection system storage management...........................................................63

Viewing system storage information.................................................... 64

Physically locating an enclosure...........................................................68

Physically locating a disk......................................................................69

Configuring storage............................................................................. 69

DD3300 capacity expansion................................................................. 70

Fail and unfail disks............................................................................... 71

Network connection management..................................................................... 71

HA system network connection management....................................... 71

Network interface management........................................................... 72

General network settings management................................................85

Network route management................................................................ 89

System passphrase management......................................................................92

Setting the system passphrase............................................................ 92

Changing the system passphrase.........................................................93

Configuring mail server settings........................................................................93

Managing system properties.............................................................................94

SNMP management..........................................................................................94

Viewing SNMP status and configuration..............................................95

Enabling and disabling SNMP...............................................................96

Downloading the SNMP MIB................................................................96

Configuring SNMP properties.............................................................. 97

SNMP V3 user management................................................................ 97

SNMP V2C community management................................................... 99

SNMP trap host management............................................................. 101

Autosupport report management.....................................................................102

Setup sending ASUP using the GUI.................................................... 103

HA system autosupport and support bundle manageability.................104

Enabling and disabling autosupport reporting to Dell EMC..................104

Reviewing generated autosupport reports..........................................104

Configuring the autosupport mailing list............................................. 104

Verifying the system is able to send ASUP and alert emails to external

recipients............................................................................................105

Support bundle management...........................................................................106

Generating a support bundle...............................................................106

Generating a mini support bundle....................................................... 106

Viewing the support bundles list......................................................... 107

Coredump management...................................................................................107

Splitting a coredump file..................................................................... 107

Alert notification management........................................................................ 108

HA system alert notification management.......................................... 109

Viewing the notification group list...................................................... 109

Creating a notification group................................................................111

Managing the subscriber list for a group.............................................. 111

4 Dell EMC DD OS Administration Guide

Contents

Modifying a notification group.............................................................112

Deleting a notification group............................................................... 113

Resetting the notification group configuration.................................... 113

Configuring the daily summary schedule and distribution list...............113

Enabling and disabling alert notification to Dell EMC...........................115

Testing the alerts email feature...........................................................115

Support delivery management..........................................................................116

Selecting standard email delivery to Dell EMC.................................... 116

Selecting and configuring Secure Remote Services delivery............... 116

Testing ConnectEMC operation.......................................................... 117

Log file management........................................................................................118

Viewing log files in DD System Manager..............................................119

Displaying a log file in the CLI..............................................................119

Learning more about log messages..................................................... 120

Saving a copy of log files.................................................................... 120

Log message transmission to remote systems.....................................121

Remote system power management with IPMI................................................122

IPMI and SOL limitations.................................................................... 123

Adding and deleting IPMI users with DD System Manager..................123

Changing an IPMI user password........................................................ 124

Configuring an IPMI port.................................................................... 124

Preparing for remote power management and console monitoring with

the CLI................................................................................................125

Managing power with DD System Manager........................................ 126

Managing power with the CLI............................................................. 127

System access management............................................................................127

Role-based access control..................................................................128

Access management for IP protocols................................................. 129

Local user account management........................................................ 135

Directory user and group management............................................... 142

Diagnosing authentication issues........................................................ 157

Change system authentication method...............................................158

Reset the iDRAC password.................................................................159

Chapter 4

Monitoring Protection Systems 161

Viewing individual system status and identity information............................... 162

Dashboard Alerts area.........................................................................162

Dashboard File System area................................................................163

Dashboard Services area.................................................................... 163

Dashboard HA Readiness area............................................................ 164

Dashboard Hardware area.................................................................. 164

Maintenance System area.................................................................. 164

Health Alerts panel.......................................................................................... 165

Viewing and clearing current alerts..................................................................165

Current Alerts tab...............................................................................166

Viewing the alerts history................................................................................ 166

Alerts History tab................................................................................167

Viewing hardware component status............................................................... 167

Fan status...........................................................................................168

Temperature status............................................................................ 168

Management panel status...................................................................169

SSD status (DD6300 only)................................................................. 169

Power supply status........................................................................... 170

PCI slot status.................................................................................... 170

NVRAM status....................................................................................170

Dell EMC DD OS Administration Guide 5

Contents

Viewing system statistics................................................................................. 171

Performance statistics graphs.............................................................171

Viewing active users........................................................................................ 172

History report management.............................................................................173

Types of reports................................................................................. 173

Viewing the Task Log.......................................................................................177

Viewing the system High Availability status..................................................... 178

High Availability status........................................................................178

Chapter 5

Chapter 6

File System 181

File system overview....................................................................................... 182

How the file system stores data..........................................................182

How the file system reports space usage............................................182

How the file system uses compression .............................................. 182

How the file system implements data integrity................................... 184

How the file system reclaims storage space with file system cleaning....

184

Supported interfaces ......................................................................... 185

Supported backup software................................................................185

Data streams sent to a protection system ......................................... 185

File system limitations.........................................................................187

Monitoring file system usage........................................................................... 188

Accessing the file system view........................................................... 189

Managing file system operations..................................................................... 195

Performing basic operations............................................................... 195

Performing cleaning............................................................................197

Performing sanitization.......................................................................199

Modifying basic settings..................................................................... 201

Fast copy operations.......................................................................................203

Performing a fast copy operation.......................................................203

MTrees 205

MTrees overview............................................................................................ 206

MTree limits.......................................................................................206

Quotas............................................................................................... 206

About the MTree panel.......................................................................207

About the summary view....................................................................207

About the space usage view (MTrees)................................................212

About the daily written view (MTrees)............................................... 212

Monitoring MTree usage..................................................................................213

Understanding physical capacity measurement.................................. 214

Managing MTree operations............................................................................216

Creating an MTree..............................................................................216

Configure and enable/disable MTree quotas.......................................218

Deleting an MTree.............................................................................. 218

Undeleting an MTree.......................................................................... 219

Renaming an MTree............................................................................219

Chapter 7

6 Dell EMC DD OS Administration Guide

Snapshots 221

Snapshots overview........................................................................................ 222

Monitoring snapshots and their schedules...................................................... 222

About the snapshots view.................................................................. 222

Managing snapshots....................................................................................... 224

Creating a snapshot........................................................................... 224

Contents

Modifying a snapshot expiration date.................................................224

Renaming a snapshot......................................................................... 225

Expiring a snapshot............................................................................225

Managing snapshot schedules........................................................................ 225

Creating a snapshot schedule............................................................ 226

Modifying a snapshot schedule.......................................................... 227

Deleting a snapshot schedule............................................................. 227

Recover data from a snapshot........................................................................ 227

Chapter 8

CIFS 229

CIFS overview.................................................................................................230

Performing CIFS setup................................................................................... 230

HA systems and CIFS.........................................................................230

Preparing clients for access to protection systems............................ 231

Enabling CIFS services........................................................................231

Naming the CIFS server......................................................................231

Setting authentication parameters.....................................................232

Disabling CIFS services...................................................................... 232

Working with shares........................................................................................232

Creating shares.................................................................................. 233

Modifying a share...............................................................................235

Creating a share from an existing share............................................. 235

Disabling a share................................................................................ 236

Enabling a share................................................................................. 236

Deleting a share................................................................................. 236

Performing MMC administration........................................................236

Connecting to a protection system from a CIFS client....................... 236

Displaying CIFS information .............................................................. 237

Configuring SMB signing.................................................................................237

Managing access control................................................................................ 238

Accessing shares from a Windows client............................................238

Providing domain users administrative access....................................238

Allowing administrative access to a protection system for domain users

.......................................................................................................... 239

Restricting administrative access from Windows............................... 239

File access......................................................................................... 239

Monitoring CIFS operation..............................................................................242

Displaying CIFS status....................................................................... 242

Display CIFS configuration................................................................. 243

Displaying CIFS statistics...................................................................245

Performing CIFS troubleshooting....................................................................245

Displaying clients current activity...................................................... 245

Setting the maximum open files on a connection............................... 246

System clock......................................................................................246

Synchronize from an NTP server....................................................... 246

Chapter 9

NFS 247

NFS overview................................................................................................. 248

HA systems and NFS..........................................................................248

Managing NFS client access to the protection system................................... 248

Enabling NFS services........................................................................249

Disabling NFS services.......................................................................249

Creating an export............................................................................. 249

Modifying an export...........................................................................250

Dell EMC DD OS Administration Guide 7

Contents

Creating an export from an existing export.........................................251

Deleting an export..............................................................................252

Displaying NFS information.............................................................................252

Viewing NFS status............................................................................252

Viewing NFS exports..........................................................................252

Viewing active NFS clients.................................................................252

Integrating a DDR into a Kerberos domain...................................................... 253

Add and delete KDC servers after initial configuration.................................... 254

Chapter 10

NFSv4 257

Introduction to NFSv4.................................................................................... 258

NFSv4 compared to NFSv3............................................................... 258

NFSv4 ports.......................................................................................259

ID Mapping Overview......................................................................................259

External formats............................................................................................. 259

Standard identifier formats................................................................ 259

ACE extended identifiers................................................................... 260

Alternative formats............................................................................ 260

Internal Identifier Formats.............................................................................. 260

When ID mapping occurs................................................................................ 260

Input mapping.....................................................................................261

Output mapping..................................................................................261

Credential mapping.............................................................................261

NFSv4 and CIFS/SMB Interoperability........................................................... 262

CIFS/SMB Active Directory Integration.............................................262

Default DACL for NFSv4.................................................................... 262

System Default SIDs.......................................................................... 262

Common identifiers in NFSv4 ACLs and SIDs.....................................263

NFS Referrals................................................................................................. 263

Referral Locations..............................................................................263

Referral location names......................................................................263

Referrals and Scaleout Systems.........................................................264

NFSv4 and High Availability............................................................................ 264

NFSv4 Global Namespaces............................................................................. 264

NFSv4 global namespaces and NFSv3 submounts............................. 265

NFSv4 Configuration...................................................................................... 265

Enabling the NFSv4 Server................................................................ 266

Setting the default server to include NFSv4...................................... 266

Updating existing exports.................................................................. 266

Kerberos and NFSv4....................................................................................... 266

Configuring Kerberos with a Linux-Based KDC...................................267

Configuring the protection System to Use Kerberos Authentication.. 268

Configuring Clients............................................................................ 269

Enabling Active Directory................................................................................269

Configuring Active Directory..............................................................270

Configuring clients on Active Directory.............................................. 270

Chapter 11

8 Dell EMC DD OS Administration Guide

Storage Migration 271

Storage migration overview............................................................................ 272

Migration planning considerations...................................................................272

DS60 shelf considerations..................................................................273

Viewing migration status................................................................................. 274

Evaluating migration readiness........................................................................274

Migrating storage using DD System Manager................................................. 275

Contents

Storage migration dialog descriptions............................................................. 276

Select a Task dialog............................................................................276

Select Existing Enclosures dialog....................................................... 276

Select New Enclosures dialog............................................................ 276

Review Migration Plan dialog............................................................. 276

Verify Migration Preconditions dialog.................................................277

Migration progress dialogs................................................................. 277

Migrating storage using the CLI...................................................................... 278

CLI storage migration example........................................................................279

Chapter 12

Chapter 13

Chapter 14

Metadata on Flash 285

Overview of Metadata on Flash (MDoF) ........................................................ 286

SSD cache licensing and capacity................................................................... 286

SSD cache tier................................................................................................ 288

SSD cache tier - system management ........................................................... 288

Managing the SSD cache tier.............................................................288

SSD alerts....................................................................................................... 291

SCSI Target 293

SCSI Target overview..................................................................................... 294

Fibre Channel view..........................................................................................295

Enabling NPIV.................................................................................... 295

Disabling NPIV....................................................................................297

Resources tab.................................................................................... 298

Access Groups tab............................................................................. 304

Port monitoring...............................................................................................304

Working with DD Boost 305

About DD Boost.............................................................................................. 306

Managing DD Boost with DD System Manager............................................... 306

Specifying DD Boost user names........................................................307

Changing DD Boost user passwords...................................................307

Removing a DD Boost user name....................................................... 308

Enabling DD Boost............................................................................. 308

Configuring Kerberos......................................................................... 308

Disabling DD Boost.............................................................................309

Viewing DD Boost storage units......................................................... 309

Creating a storage unit....................................................................... 310

Viewing storage unit information......................................................... 311

Modifying a storage unit..................................................................... 313

Renaming a storage unit..................................................................... 314

Deleting a storage unit........................................................................315

Undeleting a storage unit....................................................................315

Selecting DD Boost options................................................................ 315

Managing certificates for DD Boost.................................................... 317

Managing DD Boost client access and encryption...............................318

About interface groups................................................................................... 320

Interfaces...........................................................................................320

Clients................................................................................................ 321

Creating interface groups.................................................................. 322

Enabling and disabling interface groups............................................. 323

Modifying an interface group's name and interfaces.......................... 323

Deleting an interface group................................................................ 323

Adding a client to an interface group..................................................324

Dell EMC DD OS Administration Guide 9

Contents

Modifying a client's name or interface group......................................324

Deleting a client from the interface group..........................................325

Using interface groups for Managed File Replication (MFR)..............325

Destroying DD Boost.......................................................................................326

Configuring DD Boost-over-Fibre Channel...................................................... 327

Enabling DD Boost users.................................................................... 327

Configuring DD Boost........................................................................ 328

Verifying connectivity and creating access groups.............................329

Using DD Boost on HA systems....................................................................... 331

About the DD Boost tabs................................................................................. 331

Settings.............................................................................................. 331

Active Connections............................................................................ 332

IP Network.........................................................................................333

Fibre Channel..................................................................................... 333

Storage Units..................................................................................... 333

Chapter 15

DD Virtual Tape Library 335

DD Virtual Tape Library overview....................................................................336

Planning a DD VTL.......................................................................................... 336

DD VTL limits..................................................................................... 337

Number of drives supported by a DD VTL.......................................... 340

Tape barcodes................................................................................... 340

LTO tape drive compatibility...............................................................341

Setting up a DD VTL...........................................................................342

HA systems and DD VTL.................................................................... 342

DD VTL tape out to cloud................................................................... 342

Managing a DD VTL........................................................................................ 342

Enabling DD VTL................................................................................ 344

Disabling DD VTL................................................................................344

DD VTL option defaults...................................................................... 344

Configuring DD VTL default options...................................................345

Working with libraries..................................................................................... 346

Creating libraries................................................................................ 347

Deleting libraries................................................................................ 349

Searching for tapes............................................................................349

Working with a selected library.......................................................................350

Creating tapes................................................................................... 350

Deleting tapes.....................................................................................351

Importing tapes..................................................................................352

Exporting tapes..................................................................................354

Moving tapes between devices within a library.................................. 355

Adding slots....................................................................................... 356

Deleting slots..................................................................................... 356

Adding CAPs...................................................................................... 357

Deleting CAPs.................................................................................... 357

Viewing changer information...........................................................................357

Working with drives........................................................................................ 358

Creating drives...................................................................................359

Deleting drives................................................................................... 359

Working with a selected drive......................................................................... 360

Working with tapes..........................................................................................361

Changing a tape's write or retention lock state.................................. 362

Working with the vault....................................................................................362

Working with the cloud-based vault................................................................363

Prepare the VTL pool for data movement.......................................... 363

10 Dell EMC DD OS Administration Guide

Contents

Remove tapes from the backup application inventory........................365

Select tape volumes for data movement............................................ 365

Restore data held in the cloud............................................................367

Manually recall a tape volume from cloud storage.............................. 367

Working with access groups........................................................................... 369

Creating an access group...................................................................369

Deleting an access group....................................................................373

Working with a selected access group............................................................ 373

Selecting endpoints for a device........................................................ 374

Configuring the NDMP device TapeServer group...............................374

Working with resources.................................................................................. 375

Working with initiators....................................................................... 376

Working with endpoints......................................................................377

Working with a selected endpoint...................................................... 378

Working with pools..........................................................................................379

Creating pools....................................................................................380

Deleting pools..................................................................................... 381

Working with a selected pool.......................................................................... 382

Converting a directory pool to an MTree pool ................................... 384

Moving tapes between pools..............................................................384

Copying tapes between pools............................................................ 385

Renaming pools..................................................................................386

Chapter 16

DD Replicator 387

DD Replicator overview...................................................................................388

Prerequisites for replication configuration...................................................... 389

Replication version compatibility..................................................................... 391

Replication types............................................................................................ 393

Managed file replication .................................................................... 394

Directory replication...........................................................................394

MTree replication...............................................................................395

Collection replication .........................................................................397

Using DD Encryption with DD Replicator........................................................ 398

Replication topologies.....................................................................................399

One-to-one replication.......................................................................400

Bi-directional replication.....................................................................401

One-to-many replication.....................................................................401

Many-to-one replication.....................................................................402

Cascaded replication..........................................................................402

Managing replication.......................................................................................403

Replication status.............................................................................. 404

Summary view....................................................................................404

DD Boost view.................................................................................... 414

Performance view...............................................................................415

Advanced Settings view..................................................................... 415

Monitoring replication .....................................................................................418

Viewing estimated completion time for backup jobs........................... 418

Checking replication context performance......................................... 419

Tracking status of a replication process..............................................419

Replication lag.................................................................................... 419

Replication with HA......................................................................................... 419

Replicating a system with quotas to one without............................................ 420

Replication Scaling Context ........................................................................... 420

Directory-to-MTree replication migration....................................................... 420

Performing migration from directory replication to MTree replication420

Dell EMC DD OS Administration Guide 11

Contents

Viewing directory-to-MTree migration progress................................. 421

Checking the status of directory-to-MTree replication migration...... 422

Aborting D2M replication .................................................................. 422

Troubleshooting D2M.........................................................................423

Additional D2M troubleshooting......................................................... 424

Using collection replication for disaster recovery with SMT............................424

Chapter 17

Chapter 18

DD Secure Multitenancy 427

Secure Multi-Tenancy overview......................................................................428

SMT architecture basics.................................................................... 428

Terminology used in Secure Multi-Tenancy (SMT)............................ 428

Control path and network isolation.....................................................429

Understanding RBAC in SMT............................................................. 430

Provisioning a Tenant Unit...............................................................................431

Enabling Tenant Self-Service mode................................................................ 435

Data access by protocol..................................................................................435

Multi-User DD Boost and Storage Units in SMT.................................435

Configuring access for CIFS...............................................................436

Configuring NFS access.....................................................................436

Configuring access for DD VTL.......................................................... 436

Using DD VTL NDMP TapeServer ..................................................... 437

Data management operations..........................................................................437

Collecting performance statistics.......................................................437

Modifying quotas................................................................................437

SMT and replication........................................................................... 438

SMT Tenant alerts............................................................................. 439

Managing snapshots.......................................................................... 439

Performing a file system Fast Copy................................................... 440

Cloud Tier 441

Cloud Tier overview........................................................................................ 442

Supported platforms.......................................................................... 442

Cloud Tier performance......................................................................444

Configuring Cloud Tier.................................................................................... 445

Configuring storage for Cloud Tier.....................................................445

Configuring cloud units................................................................................... 446

Firewall and proxy settings.................................................................447

Importing CA certificates................................................................... 447

Adding a cloud unit for Elastic Cloud Storage (ECS)..........................448

Adding a cloud unit for Alibaba...........................................................449

Adding a cloud unit for Amazon Web Services S3...............................451

Adding a cloud unit for Azure............................................................. 452

Adding a cloud unit for Google Cloud Provider................................... 453

Adding an S3 Flexible provider cloud unit...........................................455

Modifying a cloud unit or cloud profile............................................... 456

Deleting a cloud unit...........................................................................457

Data movement.............................................................................................. 458

Adding data movement policies to MTrees.........................................458

Moving data manually........................................................................ 458

Moving data automatically................................................................. 459

Recalling a file from the Cloud Tier.................................................... 459

Using the CLI to recall a file from the cloud tier................................. 460

Direct restore from the cloud tier....................................................... 461

Using the CLI to configure Cloud Tier..............................................................461

12 Dell EMC DD OS Administration Guide

Contents

Configuring encryption for DD cloud units...................................................... 465

Information needed in the event of system loss.............................................. 465

Using DD Replicator with Cloud Tier............................................................... 466

Using DD Virtual Tape Library (VTL) with Cloud Tier...................................... 466

Displaying capacity consumption charts for Cloud Tier...................................466

Cloud Tier logs................................................................................................ 467

Using the CLI to remove Cloud Tier................................................................ 467

Chapter 19

DD Retention Lock 471

DD Retention Lock overview........................................................................... 472

DD Retention Lock protocol............................................................... 473

DD Retention Lock flow......................................................................473

Automatic retention lock.................................................................... 473

Supported data access protocols.................................................................... 474

Compliance mode on iDRAC............................................................................475

Create an iDRAC user account...........................................................475

Request PowerProtect access for iDRAC administrators...................475

Extend PowerProtect access for iDRAC administrators.....................476

Disable PowerProtect access for iDRAC administrators.....................476

Enabling DD Retention Lock on an MTree....................................................... 476

Enabling DD Retention Lock Governance on an MTree.......................477

Enabling DD Retention Lock Compliance on an MTree....................... 478

Client-Side Retention Lock file control........................................................... 480

Setting Retention Locking on a file..................................................... 481

Extending Retention Locking on a file................................................ 483

Identifying a Retention-Locked file.................................................... 484

Specifying a directory and touching only those files...........................484

Reading a list of files and touching only those files.............................484

Deleting or expiring a file....................................................................484

Using ctime or mtime on Retention-Locked files................................485

System behavior with DD Retention Lock.......................................................485

DD Retention Lock governance..........................................................485

DD Retention Lock compliance...........................................................487

Chapter 20

DD Encryption 497

DD Encryption overview..................................................................................498

Configuring encryption................................................................................... 498

About key management.................................................................................. 499

Rectifying lost or corrupted keys....................................................... 499

Key manager support.........................................................................500

Working with the Embedded Key Manager........................................ 500

Working with KeySecure Key Manager...............................................501

Using DD System Manager to set up and manage the KeySecure Key

Manager............................................................................................. 501

Using the DD CLI to manage the KeySecure Key Manager.................503

How the cleaning operation works..................................................... 507

Key manager setup......................................................................................... 507

Setting up KMIP key manager............................................................507

Changing key managers after setup................................................................509

Deleting certificates...........................................................................509

Checking DD Encryption settings................................................................... 509

Enabling and disabling DD Encryption..............................................................510

Enabling DD Encryption......................................................................510

Disabling DD Encryption..................................................................... 510

Dell EMC DD OS Administration Guide 13

Contents

Locking and unlocking the file system.............................................................. 511

Locking the file system........................................................................511

Unlocking the file system....................................................................512

Changing the encryption algorithm.....................................................512

14 Dell EMC DD OS Administration Guide

Preface

As part of an effort to improve its product lines, Dell EMC periodically releases revisions of its software and hardware. Therefore, some functions described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information on product features, software updates, software compatibility guides, and information about this product, licensing, and service.

Contact your technical support professional if a product does not function properly or does not function as described in this document.

Note: This document was accurate at publication time. Go to Online Support (https://

support.emc.com) to ensure that you are using the latest version of this document.

Purpose

This guide explains how to manage the PowerProtect DD Series Appliance systems with an emphasis on procedures using the dd System Manager, a browser-based graphical user interface (GUI). If an important administrative task is not supported in DD System Manager, the Command Line Interface (CLI) commands are described.

Note:

DD System Manager was formerly known as the Enterprise Manager.

In some cases, a CLI command may offer more options than those offered by the corresponding DD System Manager feature. See the

Operating System Command Reference Guide

for a complete description of a command and

PowerProtect DD Series Appliances

its options.

Audience

This guide is for system administrators who are familiar with standard backup software packages and general backup administration.

System Features and Integration

This chapter includes:

Revision history......................................................................................................................18

System overview....................................................................................................................18

System features.....................................................................................................................19

Storage environment integration...........................................................................................24

Dell EMC DD OS Administration Guide 17

System Features and Integration

Revision history

The revision history lists the major changes to this document to support DD OS Release 7.0.

Table 2 Document revision history

Revision Date Description

02 (7.0.0) March 2020 This revision includes the following corrections and

clarifications:

Corrected DD6900 and DD9400 MTree limits.

CAC/PIV card login

Removed an unsupported US location for configuring a cloud unit for Google.

Add the CLI steps to register the system with an ESRS gateway.

Added additional information about snapshot retention after breaking an MTree replication context.

Added additional information about licensing requirements for storage migration.

01 (7.0.0) September 2019 This revision includes information about these new

System overview

Data Domain and PowerProtect systems are disk-based inline deduplication appliances that provide data protection and disaster recovery (DR) in the enterprise environment.

Note:

In this guide, "the protection system" or simply "the system" refers to both Data Domain

and PowerProtect DD systems running DD OS 7.0 or later.

All protection systems run the DD OS, which provides both a command-line interface (CLI) for performing all system operations, and the DD System Manager graphical user interface (GUI) for configuration, management, and monitoring.

Note:

DD System Manager was formerly known as the Enterprise Manager.

Protection systems consist of appliances that vary in storage capacity and data throughput. Systems are typically configured with expansion enclosures that add storage space.

features:

Retention Lock Compliance for DD6900, DD9400, and DD9900 systems.

GUI support for system coredump management.

18 Dell EMC DD OS Administration Guide

System features

System features ensure data integrity, reliable restoration, efficient resource usage, and ease of management. Licensed features enable you to scale the system feature set to match your needs and budget.

Data integrity

The DD OS Data Invulnerability Architecture™ protects against data loss from hardware and software failures.

When writing to disk, the DD OS creates and stores checksums and self-describing metadata for all data received. After writing the data to disk, the DD OS then recomputes and verifies the checksums and metadata.

An append-only write policy guards against overwriting valid data.

After a backup completes, a validation process examines what was written to disk and verifies that all file segments are logically correct within the file system and that the data is identical before and after writing to disk.

In the background, the online verify operation continuously checks that data on the disks is correct and unchanged since the earlier validation process.

Storage in most systems is set up in a double parity RAID 6 configuration (two parity drives). Additionally, most configurations include a hot spare in each enclosure. Each parity stripe uses block checksums to ensure that data is correct. Checksums are constantly used during the online verify operation and while data is read from the system. With double parity, the system can fix simultaneous errors on as many as two disks.

To keep data synchronized during a hardware or power failure, the system uses non-volatile RAM (NVRAM) to track outstanding I/O operations. The following system models write the contesnts of the NVRAM to flash memory upon power failure or reboot to preserve that data indefinitely:

DD6300

DD6800

DD6900

DD9300

DD9400

DD9500

DD9800

DD9900

When reading data back on a restore operation, the DD OS uses multiple layers of consistency checks to verify that restored data is correct.

When writing to SSD cache, the DD OS:

Creates an SL checksum for every record stored in the cache to detect corruption to cache data. This checksum is validated for every cache read.

Treats corruption to cache data as a cache miss to avoid data loss by forcing clients to retrieve the most recent copy of the data from a different backup mechanism such as NVRAM or HDD instead of retrieving the corrupted data from the cache.

System Features and Integration

Dell EMC DD OS Administration Guide 19

System Features and Integration

Data deduplication

The file system deduplicates data by identifying redundant data during each backup and storing unique data just once.

The storage of unique data is invisible to backup software and independent of data format. Data can be structured, such as databases, or unstructured, such as text files. Data can derive from file systems or from raw volumes.

Typical deduplication ratios are 20-to-1, on average, over many weeks. This ratio assumes there are weekly full backups and daily incremental backups. A backup that includes many duplicate or similar files (files copied several times with minor changes) benefits the most from deduplication.

Depending on backup volume, size, retention period, and rate of change, the amount of deduplication can vary. The best deduplication happens with backup volume sizes of at least 10 MiB (MiB is the base 2 equivalent of MB).

To take full advantage of multiple systems, a site with more than one system must consistently backup the same client system or set of data to the same target system. For example, if a full back up of all sales data goes to target system A, maximum deduplication is achieved when the incremental backups and future full backups for sales data also go to target system A.

Removes the need for inline verification of cache writes because end-to-end verification is performed on the copy of the data that resides on the system HDDs. This also saves I/O bandwidth by eliminating the need to perform additional I/O operations on the SSDs.

Removes the need for continuous fault detection on the SSDs because the SSDs have a built-in scan capability.

Restore operations

File restore operations create little or no contention with backup or other restore operations.

Incremental backups to the system are superior to tape backups, because they are always reliable and can be easily accessed.

You can perform full backups more frequently without the penalty of storing redundant data. Multiple processes can access the system simultaneously. The system enables your site to offer safe, user-driven, single-file restore operations.

DD Replicator

DD Replicator sets up and manages the replication of backup data between two protection systems.

A DD Replicator pair consists of a source and a destination system and replicates a complete data set or directory from the source system to the destination system. An individual system can be a part of multiple replication pairs and can serve as a source for one or more pairs and a destination for one or more pairs. After replication is started, the source system automatically sends any new backup data to the destination system.

Multipath and load balancing

In a Fibre Channel multipath configuration, multiple paths are established between a protection system and a backup server or backup destination array. When multiple paths are present, the system automatically balances the backup load between the available paths.

At least two HBA ports are required to create a multipath configuration. When connected to a backup server, each of the HBA ports on the multipath is connected to a separate port on the backup server.

20 Dell EMC DD OS Administration Guide

High Availability

The High Availability (HA) feature lets you configure two protection systems as an Active-Standby pair, providing redundancy in the event of a system failure. HA keeps the active and standby systems in sync, so that if the active node were to fail due to hardware or software issues, the standby node can take over services and continue where the failing node left off.

The HA feature:

HA is supported on the following systems:

System Features and Integration

Supports failover of backup, restore, replication and management services in a two-node system. Automatic failover requires no user intervention.

Provides a fully redundant design with no single point of failure within the system when configured as recommended.

Provides an Active-Standby system with no loss of performance on failover.

Provides failover within 10 minutes for most operations. CIFS, DD VTL, and NDMP must be restarted manually.

Note: Recovery of DD Boost applications may take longer than 10 minutes, because Boost

application recovery cannot begin until the DD server failover is complete. In addition, Boost application recovery cannot start until the application invokes the Boost library. Similarly, NFS may require additional time to recover.

Supports ease of management and configuration through DD OS CLI commands.

Provides alerts for malfunctioning hardware.

Preserves single-node performance and scalability within an HA configuration.

Note:

The active node continues retains full functionality, performance, and scalability even if the HA configuration is in degraded mode, which means the standby node is unavailable for failover.

Supports the same feature set as stand-alone DD systems, with the exception of vDisk.

Supports systems with all SAS drives. This includes legacy systems upgraded to systems with all SAS drives.

Note:

The Hardware Overview and Installation Guides for the systems that support HA describes how to install a new HA system. The

Single Node to HA Upgrade

describes how to

upgrade an existing system to an HA pair.

Does not impact the ability to scale the product.

Supports nondisruptive software updates.

Data Domain DD6800

Power Protect DD6900

Data Domain DD9300

Power Protect DD9400

Data Domain DD9500

Data Domain DD9800

Power Protect DD9900

Dell EMC DD OS Administration Guide 21

System Features and Integration

HA architecture

HA functionality is available for both IP and FC connections. Both nodes must have access to the same IP networks, FC SANs, and hosts in order to achieve high availability for the environment.

Over IP networks, HA uses a floating IP address to provide data access to the active node of the HA pair, regardless of which physical node is the active node.

Over FC SANs, HA uses NPIV to move the FC WWNs between nodes, allowing the FC initiators to re-establish connections after a failover.

Figure 1 on page 22 shows the HA architecture.

Figure 1 HA architecture

Random I/O handling

The random I/O optimizations included in DD OS provide improved performance for applications and use cases that generate larger amounts of random read and write operations than sequential read and write operations.

DD OS is optimized to handle workloads that consist of random read and write operations, such as virtual machine instant access and instant restore, and incremental forever backups generated by applications such as Avamar. These optimizations:

Improve random read and random write latencies.

Improve user IOPS with smaller read sizes.

Support concurrent I/O operations within a single stream.

Provide peak read and write throughput with smaller streams.

Note:

The maximum random I/O stream count is limited to the maximum restore stream count of a protection system.

22 Dell EMC DD OS Administration Guide

The random I/O enhancements allow the protection system to support instant access/instant restore functionality for backup applications such as Avamar and Networker.

System administrator access

System administrators can access the system for configuration and management using a command line interface (CLI) or a graphical user interface (GUI).

DD OS CLI - A command-line interface that is available through a serial console or through Ethernet connections using SSH or Telnet. CLI commands enable initial system configuration, changes to individual system settings, and display of system operation status.

DD System Manager - A browser-based graphical user interface that is available through Ethernet connections. Use DD System Manager to perform initial system configuration, modify the system configuration, display system and component status, and generate reports and charts.

Note: Some DD hardware models support access using a keyboard and monitor attached

directly to the system.

Licensed features

Feature licenses allow you to purchase only those features you intend to use. Some examples of features that require licenses are DD Boost, and capacity on demand (storage capacity increases).

Consult with your sales representative for information on purchasing licensed features.

System Features and Integration

Table 3

Features requiring licenses

Feature Name License Name in

Software

DD ArchiveStore ARCHIVESTORE Licenses systems for archive use, such as file and

DD Boost DDBOOST Enables the use of a system with qualified backup

DD Capacity on Demand

Cloud Tier CLOUDTIER-

DD Encryption ENCRYPTION Allows data on system drives or external storage

CONTROLLERCOD

CAPACITY

Description

email archiving, file tiering, and content and database archiving.

software. The online compatibility guide available at https://compatibilityguide.emc.com:8080/

CompGuideApp/ provides the list of qualified

applications. The managed file replication (MFR) feature of DD Boost also requires the DD Replicator license.

Enables an on-demand capacity increase for a DD system that is not at its maximum supported capacity.

Enables a system to move data from the active tier to low-cost, high-capacity object storage in the public, private, or hybrid cloud for long-term retention.

to be encrypted while being saved and locked when moving the system to another location.

DD Expansion Storage EXPANDED-

STORAGE

Allows system storage to be expanded beyond the level provided in the base system.

Dell EMC DD OS Administration Guide 23

System Features and Integration

Table 3 Features requiring licenses (continued)

Feature Name License Name in

Software

DD I/OS (for IBM i operating environments)

DD Replicator REPLICATION Adds DD Replicator for replication of data from

DD Retention Lock Compliance Edition

DD Retention Lock Governance Edition

DD Shelf CapacityActive Tier

DD Storage Migration STORAGE-

I/OS An I/OS license is required when DD VTL is used

RETENTIONLOCKCOMPLIANCE

RETENTIONLOCKGOVERNANCE

CAPACITYACTIVE

MIGRATION-FORDATADOMAINSYSTEMS

Description

to backup systems in the IBM i operating environment. Apply this license before adding virtual tape drives to libraries.

one protection system to another. A license is required on each system.

Meets the strictest data retention requirements from regulatory standards such as SEC17a-4.

Protects selected files from modification and deletion before a specified retention period expires.

Enables a system to expand the active tier storage capacity to an additional enclosure or a disk pack within an enclosure.

Enables migration of data from one enclosure to another to support replacement of older, lowercapacity enclosures.

DD Virtual Tape Library (DD VTL)

High Availability HA-ACTIVE-

SSD Cache SSD-CAPACITY Enables the SSD cache feature on DD6300,

VTL Enables the use of a protection system as a

virtual tape library over a Fibre Channel network. This license also enables the NDMP Tape Server feature, which previously required a separate license.

Enables the High Availability feature in an Active-

PASSIVE

Standby configuration. You only need to purchase one HA license; the license runs on the active node and is mirrored to the standby node.

DD6800, DD9300, DD9500, and DD9800 systems. This license is not required to use the SSD cache feature on DD6900, DD9400, and DD9900 systems.

Storage environment integration

Protection systems integrate easily into existing data centers.

All protection systems can be configured as storage destinations for leading backup and archiving applications using NFS, CIFS, DD Boost, or DD VTL protocols.

Search for applications that work with the different configurations.

Multiple backup servers can share a single protection system.

compatibility documents

at https://support.emc.com for information on the

24 Dell EMC DD OS Administration Guide

System Features and Integration

A single protection system can handle multiple simultaneous backup and restore operations.

Multiple protection systems can be connected to one or more backup servers.

For use as a backup destination, a protection system can be configured either as a disk storage unit with a file system that is accessed through an Ethernet connection or as a virtual tape library that is accessed through a Fibre Channel connection. The DD VTL feature enables protection systems to be integrated into environments where backup software is already configured for tape backups to minimize disruption.

Configuration is performed both in the DD OS, as described in the relevant sections of this guide, and in the backup application, as described in the backup application’s administrator guides and in application-related guides and tech notes.

All backup applications can access the protection system as either an NFS or a CIFS file system on the disk device.

The following figure shows a protection system integrated into an existing basic backup configuration.

Figure 2 Protection system integrated into a storage environment

1. Primary storage

2. Ethernet

3. Backup server

4. SCSI/Fibre Channel

5. Ethernet or Fibre Channel connection

6. Tape system

Dell EMC DD OS Administration Guide 25

System Features and Integration

Figure 2 Protection system integrated into a storage environment (continued)

As shown in Figure 2 on page 25, data flows to the protection system through an Ethernet or Fibre Channel connection. Immediately, the data verification processes begin and are continued while the data resides on the system. In the file system, the DD OS Global Compression algorithms deduplicate and compress the data for storage. Data is then sent to the disk RAID subsystem. When a restore operation is required, data is retrieved from storage, decompressed, verified for consistency, and transferred via Ethernet to the backup servers using Ethernet (for NFS, CIFS, DD Boost), or using Fiber Channel (for DD VTL and DD Boost).

The DD OS accommodates relatively large streams of sequential data from backup software and is optimized for high throughput, continuous data verification, and high compression. It also accommodates the large numbers of smaller files in nearline storage (DD ArchiveStore).

Protection system performance is best when storing data from applications that are not specifically backup software under the following circumstances.

Data is sent to the protection system as sequential writes (no overwrites).

Data is neither compressed nor encrypted before being sent to the protection system.

7. Protection system

8. DD OS management layer

9. NFS export/CIFS share/DD VTL pool/DD Boost storage unit

10. DD OS data verification

11. DD OS file system

12. DD OS global deduplication and compression

13. DD OS RAID protection

26 Dell EMC DD OS Administration Guide

CHAPTER 2

Getting Started

This chapter includes:

Dell EMC DD System Manager overview............................................................................... 28

Logging in and out of DD System Manager............................................................................28

The DD System Manager interface........................................................................................ 31

Configuring the system with the configuration wizard...........................................................34

Configure NTP...................................................................................................................... 46

Command line interface.........................................................................................................47

Logging into the CLI.............................................................................................................. 47

CLI online help guidelines...................................................................................................... 48

Dell EMC DD OS Administration Guide

Getting Started

Dell EMC DD System Manager overview

DD System Manager is a browser-based GUI for managing a single system from any location. DD System Manager provides a single, consolidated management interface that enables you to configure and monitor many of the system features and settings.

Note: PowerProtect DD Management Center (DDMC) enables you to manage multiple

systems from a single browser window.

DD System Manager provides real-time graphs and tables that enable you to monitor the status of system hardware components and configured features.

Additionally, a command set that performs all system functions is available to users through the CLI. Commands configure system settings and display system hardware status, feature configuration, and operation.

The command-line interface is available through a serial console or through an Ethernet connection using SSH, Telnet, or serial over LAN (SOL).

Note: Some systems support access using a keyboard and monitor attached directly to the

system.

DD OS Software Versions

DD OS software releases have two public statuses, indicating the number of installed systems running the version.

General Availability releases have completed internal QA Testing and are available for installation in production environments.

Directed Availability - Controlled (Directed Availability) releases are carefully controlled access releases, directed to a small number of installations. Customers may request to be qualified for access to these releases.

Target Code -Dell EMC recommends that all systems upgrade to the DD OS target code within a release family as soon as practical.

Note:

There is only one Target Code release in a given family. Target Code releases have met the installation and run-time hours and quality metrics to indicate that they are stable and have no problems that would affect most customers. For some release families, there may be no target code identified, due to limited customer uptake, quality issues, or other considerations.

Upgrading between families may have product compatibility considerations, and a careful review of product compatibility should precede any upgrade to a new release family.

Logging in and out of DD System Manager

DD System Manager provides a single, consolidated management interface that enables you to configure and monitor many of the system features and settings Use a browser to log in to DD System Manager.

About this task

When connecting to DD System Manager from a web browser, all HTTP connections automatically redirect to HTTPS.

Note:

For information about managing user permissions, see the KB article

Permissions on the Data Domain system

support.emc.com/kb/181533.

28 Dell EMC DD OS Administration Guide

Managing User

, available from the Online Support website, at https://

Procedure

1. Open a web browser and enter the IP address or hostname to connect to DD System Manager. It must be one of the following:

A fully qualified domain name (for example, http://dd01.example.com)

A hostname (http://dd01)

An IP address (http://10.5.50.5)

Note: DD System Manager uses HTTP port 80 and HTTPS port 443. If your system is

behind a firewall, you may need to enable port 80 if using HTTP, or port 443 if using HTTPS to reach the system. The port numbers can be easily changed if security requirements dictate.

Note: If DD System Manager is unable to launch from any web browser, the displayed

error message is "The GUI Service is temporarily unavailable. Please refresh your browser. If the problem persists, contact support for assistance." SSH can be used to login to the system and can run all commands. If you have not upgraded the DD OS but still encounter this GUI error, use the following

procedure:

a. Close the web browser session on the system with the reported error.

Getting Started

b. Run these commands in sequence:

adminaccess disable http

adminaccess disable https

adminaccess enable http

adminaccess enable https

c. Wait 5 minutes to allow the http and https services to start completely.

d. Open a web browser, and connect to DD System Manager.

If you see this GUI issue after a DD OS upgrade, use the following procedure:

a. Close the web browser session on the system with the reported error.

b. Run these commands in sequence:

adminaccess disable http

adminaccess disable https

adminaccess certificate generate self-signed-cert

adminaccess enable http

adminaccess enable https

a. Wait 5 minutes to allow the http and https services to start completely.

b. Open a web browser, and connect to DD System Manager.

2. For HTTPS secure login, click Secure Login.

Secure login with HTTPS requires a digital certificate to validate the identity of the DD OS system and to support bi-directional encryption between DD System Manager and a browser. DD OS includes a self-signed certificate, and DD OS allows you to import your own certificate.

3. Enter your assigned username and password.

Dell EMC DD OS Administration Guide 29

Getting Started

For physical systems the default password is the system serial number.

For PowerProtect DD Virtual Edition (DD VE) instances the default password is

changeme.

4. Click Log In.

If this is the first time you have logged in, the Home view is displayed in the Information panel.

Note: If you enter an incorrect password 4 consecutive times, the system locks out the

specified username for 120 seconds. The login count and lockout period are configurable and might be different on your system.

Note: If this is the first time you are logging in, you might be required to change your

password. If the system administrator has configured your username to require a password change, you must change the password before gaining access to DD System Manager.

If you forget the sysadmin password after changing it, contact Dell EMC Support.

5. To log out, click the log out button in the DD System Manager banner.

When you log out, the system displays the log in page with a message that your log out is complete.

Log in with certificate using CAC/PIV card

Before you begin

You must have authorization privileges on the protection system, and the protection system must trust the CA certificate. Your username must be specified in the common-name field in the certificate.

You must have a user account on the protection system. You can be either a local user or a name service user (NIS/AD). For a name service user, your group-to-role mapping must be configured on the protection system.

Procedure

1. Use the following CLI command to import the public key from the CA that issued the certificate: adminaccess certificate import ca application login-auth.

2. Load the user certificate in PKCS12 format in your browser from the CAC/PIV card after swiping CAC/PIV card against a card reader which interacts with the browser .

Once the CA certificate is trusted by the protection system, a Log in with certificate link is visible on the HTTPS login screen.

3. Click Log in with certificate, and choose the user certificate from the list of certificates that are prompted by the browser.

Results

The system validates the user certificate against the trust store. Based on authorization privileges associated with your account, a System Manager session is created for you.

30 Dell EMC DD OS Administration Guide

+ 482 hidden pages

Dell EMC DD OS Administration Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

CONTENTS

Preface

System Features and Integration

Revision history

System overview

System features

Data integrity

Data deduplication

Restore operations

DD Replicator

Multipath and load balancing

High Availability

Random I/O handling

System administrator access

Licensed features

Storage environment integration

Getting Started

Dell EMC DD System Manager overview

Logging in and out of DD System Manager

Log in with certificate using CAC/PIV card