Dell Integrated Data Protection User Manual

Dell EMC Integrated Data Protection
Appliance

Version 2.4.1

Product Guide

REV 01

November 2019

Copyright © 2019 Dell Inc. or its subsidiaries. All rights reserved.

Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.” DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND

WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED

IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property

of their respective owners. Published in the USA.

Dell EMC
Hopkinton, Massachusetts 01748-9103
1-508-435-1000 In North America 1-866-464-7381
www.DellEMC.com

2 Dell EMC Integrated Data Protection Appliance Product Guide

CONTENTS

Revision history 5

Chapter 1

Chapter 2

Introduction 7

Document scope and audience............................................................................8

Product features.................................................................................................8

System architecture and components............................................................... 10

Detailed configuration...........................................................................10

Base hardware.......................................................................................11

Embedded software.............................................................................. 11

System self-protection..........................................................................11

Network connectivity overview............................................................. 11

Customer Support tasks....................................................................................13

Monitor and manage the appliance 15

About the ACM dashboard................................................................................ 16

Basic management tasks...................................................................... 16

Appliance Configuration Manager dashboard........................................17

Shut down the IDPA.............................................................................28

Advanced backup configuration........................................................... 29

Health.................................................................................................. 30

Upgrade................................................................................................31

Install the IDPA post-installation patch on DataProtection-ACM.......................31

Start up the IDPA..............................................................................................33

Access components with a browser.................................................................. 33

User accounts for components......................................................................... 35

Change passwords and synchronize components............................................. 36

Change passwords for individual components......................................36

Synchronize components.....................................................................40

Configure IDPA to use specific interfaces for replication.................................. 40

Chapter 3

Chapter 4

Upgrade the IDPA software (DP4400) 43

Upgrade components........................................................................................44

Upgrade Prerequisites (DP4400)......................................................................44

Upgrade the appliance software (DP4400).......................................................45

Upgrade Postrequisites .................................................................................... 47

Upgrade CDRA manually...................................................................... 48

Troubleshooting 51

System log files.................................................................................................52

Troubleshoot shutdown.................................................................................... 52

Avamar shutdown validation errors...................................................... 52

Shut down Avamar manually................................................................ 53

Shut down Data Domain manually........................................................ 54

Shut down vCenter manually............................................................... 54

Shut down ESX manually..................................................................... 54

Troubleshooting startup....................................................................................55

Adding a CA-signed certificate..........................................................................57

Dell EMC Integrated Data Protection Appliance Product Guide 3

Contents

Enabling certificate verification........................................................................ 58

Configure secure AD having self-signed Certificates on IDPA...........................58

Troubleshoot LDAP...........................................................................................59

Troubleshoot secure LDAP configuration.............................................59

Verify Internal LDAP password............................................................ 59

Create internal LDAP password........................................................... 60

Change the expired root password................................................................... 60

Change expired password of administrator@vsphere.local user account...........61

When the upgrade is not initiated......................................................... 61

Credential mismatch..........................................................................................61

Troubleshoot Avamar........................................................................................62

Troubleshooting health monitoring....................................................................63

Troubleshooting component software upgrades............................................... 64

Retry upgrade process.........................................................................64

Advanced troubleshooting (support only)............................................ 64

Rollback is Successful..........................................................................65

Rollback Failed..................................................................................... 65

Upgrade log files.................................................................................. 67

Resolve TLS Error After the Firmware Update for IDPA 2.4.1.............. 68

Chapter 5

Index

Additional resources 69

Document references for IDPA......................................................................... 70

Document references for individual components.............................................. 70

IDPA training resources.....................................................................................72

73

4 Dell EMC Integrated Data Protection Appliance Product Guide

Revision history

The following table presents the revision history of this document.

Table 1 IDPA Product Guide Revision History

Revision Date Description

01 November 2019 First release of this document

for Integrated Data
Protection Appliance 2.4.1.

Dell EMC Integrated Data Protection Appliance Product Guide 5

Revision history

6 Dell EMC Integrated Data Protection Appliance Product Guide

CHAPTER 1

Introduction

This chapter provides a general overview of the Integrated Data Protection Appliance 2.4.1
features and hardware configurations.

Topics include:

l

Document scope and audience................................................................................................ 8

l

Product features..................................................................................................................... 8

l

System architecture and components....................................................................................10

l

Customer Support tasks........................................................................................................ 13

Dell EMC Integrated Data Protection Appliance Product Guide 7

Introduction

Document scope and audience

This document describes the administrative details of Integrated Data Protection Appliance
(IDPA).

The target audience for this document includes field personnel, partners, and customers
responsible for managing and operating IDPA. This document is designed for people familiar with
Data Protection solutions.

Product features

IDPA provides a simplified configuration and integration of data protection components in a
consolidated solution.

Integrated solution

IDPA DP4400 model is a hyperconverged, 2U system that a user can install and configure onsite.

The DP4400 includes a virtual edition of Avamar server (AVE) as a Backup Server node with an
optional NDMP Accelerator, a virtual edition of Data Domain system (DDVE) as the Protection
Storage node, Cloud Disaster Recovery, IDPA System Manager as a centralized system
management , an Appliance Configuration Manager(ACM) for simplified configuration and
upgrades, Search, Reporting and Analytics, and a compute node that hosts the virtual components
and the software.

The Search, Reporting and Analytics, and CDRA are optional. Also, you can also perform the
Search, Reporting and Analytics, and CDRA functions in a central corporate implementation.

If your organization enables communication through the Internet, as part of the initial configuration
of the system, you can register the IDPA Appliance, Avamar, Data Domain and Reporting and
Analytics components with Secure Remote Services (formerly ESRS). The Secure Remote
Services is a secure, IP-based, distributed customer service support system that provides Dell
EMC customers with command, control, and visibility of support-related activities.

Centralized management

IDPA System Manager provides advanced monitoring and management capabilities of the IDPA
from a single pane of glass and includes the following features.

l

A comprehensive dashboard that includes information about Avamar, IDPA Appliance, Data
Domain, Search, and Data Protection Advisor.

n

Backup activities

n

Replication activities

n

Assets

n

Capacity

n

Health

n

Alerts

l

A comprehensive dashboard to manage Avamar, Data Domain, Data Protection Advisor, and
Search components.

l

Advanced search and recover operations through integration with Search.

l

Comprehensive reporting capabilities

l

Cloud backups.

8 Dell EMC Integrated Data Protection Appliance Product Guide

Introduction

Appliance administration

The ACM provides a graphical, web-based interface for configuring, monitoring, and upgrading the
appliance.

The ACM dashboard displays a summary of the configuration of the individual components. It also
enables the administrators to monitor the appliance, change configuration details such as changing
the Data Domain disk capacity, changing the common password for the appliance, change LDAP
settings, update customer information, and change the values in the General Settings panel. The
ACM dashboard enables you to upgrade the system and its components. It also displays the health
information of the Appliance Server and VMware components.

Backup administration

The IDPA uses Avamar Virtual Edition (AVE) servers to perform backup operations, with the data
being stored in a Data Domain system. Generally, when using the Avamar Administrator
Management Console, all Avamar servers look and behave the same. The main differences among
the Avamar server configurations are the number of nodes and disk drives that are reported in the
server monitor.

You can also add an Avamar NDMP Accelerator (one NDMP Accelerator node is supported in
DP4400) to enable backup and recovery of NAS systems. The Avamar NDMP Accelerator uses the
network data management protocol (NDMP) to enable backup and recovery of network-attached
storage (NAS) systems. The accelerator performs NDMP processing and then sends the data
directly to the Data Domain Server (DDVE Storage).

Reporting and Analytics

The Reporting and Analytics feature offers a robust reporting functionality with dedicated sections
for various features. These reports help you retrieve information about the Data Domain (DDVE )
and Avamar (AVE). Using these reports, you can identify outages in the environment, diagnose
problems, plan to mitigate risks, and forecast future trends. You can also run system and
customized reports, dashboard templates, and schedule the reports generation as per your
requirements.

Search

The Search feature provides a powerful way to search backup data within the IDPA and then
restore the backup data based on the results of the Search. Scheduled collection activities are
used to gather and index the metadata (such as keyword, name, type, location, size, and backup
server/client, or indexed content) of the backup, which is then stored within the IDPA.

Disaster recovery

The CDRA is a solution, which enables disaster recovery of one or more on-premises virtual
machines (VMs) to the cloud. CDRA integrates with the existing on-premises backup software and
a Data Domain system to copy the VM backups to the cloud. It can then run a disaster recovery
test or a failover, which converts a VM to an Amazon Web Services Elastic Compute Cloud (EC2)
instance, and then runs this instance in the cloud.

Note:

Installing CDRA, Search, and Reporting and Analytics (based on Data Protection Advisor) is
optional. Also, if these components are already configured in your environment, then the
appliance can be configured to use the central implementation in your environment. You do not
need to configure the optional components that are bundled in IDPA again.

However, the IDPA dashboard does not display any data that is associated with external
CDRA, Search, and Data Protection Advisor. Moreover, you must manage and configure any
such external instances. Also, IDPA does not support local Search and Analytics (not part of
IDPA but are centrally implemented at the customer environment) when these functions are
performed by external implementations.

Dell EMC Integrated Data Protection Appliance Product Guide 9

Introduction

Scalability

The DP4400 is designed to be scalable so it can scale up with ever-changing needs. See the

Expanding storage capacity
Guide

for more information about how to add storage capacity.

l

For the DP4400 model with a capacity from 8 TB to 24 TB, you can expand the storage

section in the

Dell EMC Integrated Data Protection Appliance Product

capacity in multiples of 4 TB increments up to 24 TB. You can now expand the capacity beyond
24 TB in 12 TB increments.

l

For the DP4400 model with a capacity from 24 TB to 96 TB, you can expand the storage
capacity in 12 TB increments, and you can expand the capacity up to a maximum of 96 TB.

The following table details the configuration for the DP4400 models.

Table 2 Configuration for IDPA DP4400 Models

Model Configuration Details

DP4400 From 8 TB up to 24 TB

From 24 TB up to 96 TB

Unified support

The same Customer Support team supports both the hardware and the software that is used in the
appliance.

System architecture and components

The IDPA integrates multiple data protection components into a single product.

Detailed configuration

The IDPA DP4400 is available in the following configurations:

Table 3

Model Protection Storage

model

DP4400 Data Domain Virtual

Edition

Configuration options

Protection Storage
configuration options
(usable TB)

8, 12, 16, 20, or 24 TB Avamar Virtual Edition 3TBNDMP Accelerator (1)

24, 36, 48, 60, 72, 84, or
96 TB

Backup Server Avamar Accelerator

Node for NDMP/NAS
Backup (optional)

Note: The Avamar

NDMP Accelerator
is supported with
IDPA but is not
bundled with the
product. You must
contact Customer
Support to set it up
with IDPA.

10 Dell EMC Integrated Data Protection Appliance Product Guide

Base hardware

The IDPA DP4400 includes a Dell PowerEdge R740 Server.

Embedded software

After the initial configuration, the following applications are deployed and configured:

l

Data Domain Virtual Edition

l

VMware vCenter Server

l

Avamar Virtual Edition

l

IDPA System Manager

l

Data Protection Advisor (optional)

n

Datastore Server

n

Application Server

l

Search (optional)

n

Search Index Master

l

Cloud Disaster Recovery Add-on (optional)

l

Appliance Configuration Manager

Introduction

System self-protection

The IDPA is configured to protect itself from data loss with the backup and storage applications
that are in the system.

It is protected with a predefined backup job policy that is scheduled daily and has a 30-day
retention period. The metadata is protected through a backup to the Protection Storage (Data
Domain) using checkpoints.

Table 4

Component VM backup jobs

Virtual machine Backup job

ACM Management_VM_Backup

vCenter vCenter_Backup

DP Advisor DataProtectionAdvisor_Backup

Search DataProtectionSearch_Backup

IDPA System Manager DataProtectionCentral_Backup

CDRA DataDomainCloudDisasterRecovery_Backup

Network connectivity overview

During the initial configuration, IP addresses are assigned to various functional components of
IDPA, typically by allocating a range of IP addresses. IDPA requires 13 IP addresses for the various
components. Using a range is the preferred method as it simplifies the assignment and reduces the
chance for errors while entering the IP addresses. When a range of IP addresses is used during the
IDPA configuration, the IP addresses are assigned in a standard order. Optionally, discrete IP
addresses can be assigned manually to each functional component.

Of these 13 IP addresses, two are required for the initial network configuration; one for the ACM
and the other for the ESXi server. After the initial network configuration is successful, the IPs for

Dell EMC Integrated Data Protection Appliance Product Guide 11

Introduction

the other components can be configured using a range of 11 IP addresses. If a range of IPs is not
available, users can also set random IPs of the same subnet to the components.

Use the following table to determine which IP address is allocated to a component. The

Allocation

(first column in the table) is the value that you should add to the first IP address in the

IP Range

range.

Table 5 IP address range assignments for DP4400

IP Range
Allocation

+0

+1

+2

+3

+4

+5

+6

+7

+8

+9

+10

Example Component Assigned Field

192.0.2.1

192.0.2.2

192.0.2.3

192.0.2.4

192.0.2.5

192.0.2.6

192.0.2.7

192.0.2.8

192.0.2.9

192.0.2.10

192.0.2.11

vCenter VMware vCenter Server VM

Protection storage Management IP

Protection storage Backup IP 1

Protection storage Backup IP 2

Backup application Avamar Virtual Edition Server IP

Backup application Avamar Proxy VM

IDPA System Manager IDPA System Manager VM

Reporting and Analytics Application Server Host VM

Reporting and Analytics Datastore Server Host VM

Search Index Master Node Host VM

DD Cloud DR CDRA
(optional)

Data Domain Cloud Disaster
Recovery (DD Cloud DR) Cloud DR
Add-on (CDRA) virtual appliance

Note: IDPA is compatible with IPv4 enabled networks and does not support pure IPv6 or dual-

stack networks.

Note: For more information on the network and firewall ports that are used in IDPA, see

Network ports

in the

IDPA Security Configuration Guide

Separate management network

DP4400 models support separating the backup network traffic from the management network
traffic. For configuring separate management network you need two IP addresses one for the
management network and one for the backup settings on the ACM, and one for the ESXi server.

Use the following table to determine which IP address is allocated to a component when you
configure a separate management network. The
the value that you should add to the first IP address in the range.

Table 6
Network

12 Dell EMC Integrated Data Protection Appliance Product Guide

Management IP address range assignments for the DP4400 with Dedicated Backup

Management IP Range
Allocation

+0 vCenter VMware vCenter Server VM

+1 Protection storage Management IP

+2 Backup application Avamar Virtual Edition Server

Component Assigned Field

.

IP Range Allocation

IP

(first column in the table) is

Table 6 Management IP address range assignments for the DP4400 with Dedicated Backup
Network (continued)

Introduction

Management IP Range
Allocation

+3 Backup application Avamar Proxy VM

+4 IDPA System Manager IDPA System Manager VM

+5 Reporting and Analytics Application Server Host VM

+6 Reporting and Analytics Datastore Server Host VM

+7 Search Index Master Node Host VM

+8 DD Cloud DR CDRA (optional) Data Domain Cloud Disaster

Table 7 Backup IP address range assignments for the DP4400 with Dedicated Backup Network

Backup IP Range Allocation Component Assigned Field

+0 Protection storage Backup IP 1

+1 Protection storage Backup IP 2

+2 Backup application Avamar Proxy VM

Component Assigned Field

Recovery (DD Cloud DR)
Cloud DR Add-on (CDRA)
virtual appliance

Customer Support tasks

This section describes IDPA components that require Customer Support for additional assistance.

Table 8

Customer Support tasks

Task Description

Licensing

Secure Remote Services
(SRS)

Physical NDMP server For fresh installation, configuration, and upgrade.

Latest firmware, BIOS, and
driver updates on the Dell
Server

l

For obtaining the right license keys for any of the IDPA
components.

l

For obtaining licensing for increased storage capacity.

For issues when registering customer site IDs to the SRS
gateway.

For upgrading IDPA models on Generation 14 servers.

Dell EMC Integrated Data Protection Appliance Product Guide 13

Introduction

14 Dell EMC Integrated Data Protection Appliance Product Guide

CHAPTER 2

Monitor and manage the appliance

This chapter introduces the features and functionality of the ACM dashboard.

Topics include:

l

About the ACM dashboard.....................................................................................................16

l

Install the IDPA post-installation patch on DataProtection-ACM........................................... 31

l

Start up the IDPA.................................................................................................................. 33

l

Access components with a browser...................................................................................... 33

l

User accounts for components..............................................................................................35

l

Change passwords and synchronize components..................................................................36

l

Configure IDPA to use specific interfaces for replication...................................................... 40

Dell EMC Integrated Data Protection Appliance Product Guide

15

Monitor and manage the appliance

About the ACM dashboard

The ACM dashboard enables you to manage settings for the appliance and individual components,
update customer support information, and upgrade software for the appliance and its components.
The ACM dashboard also performs system health monitoring for the appliance hardware.

To access the dashboard, type https://<ACM IP address>:8543/ in a web browser and log in.
The dashboard requires Google Chrome version 64 and later or Mozilla Firefox 47.2 and later.

Note: The dashboard is enabled only after configuring IDPA.

The initial view displays the Home page and tabs for Health and Upgrade.

Basic management tasks

The ACM Dashboard enables you to view system details, change the password of appliance
components, and log out from the dashboard.

Changing the appliance password

The appliance password is common for all IDPA components.

1. Click the Change Password icon.

2. Type the Current Password.

3. Type and confirm the New Password.
The password must contain 9 through 20 characters and include at least one of each type of
supported character. The following types of characters are supported:

l

Uppercase letters (A–Z)

l

Lowercase letters (a–z)

l

Numbers (0–9)

l

Special characters: Period (.), hyphen (-), and underscore (_)

Note:

A password with a period (.) as the last character (for example, Idpa1234.) is not

accepted as a valid password.

l

Must not start with a hyphen (-)

l

The password must not include common names or user names such as root or admin.

4. Click Change Password.
The password change process for ACM and all the other IDPA components is initiated. The
Password change progress shows the progress bar with status descriptions.

Note:

The password change process takes approximately 40 minutes to complete.

The password gets changed for the users in the following sequence:

1. ACM internal LDAP user idpauser

2. Storage (DDVE) sysadmin user

3. Backup Server (Avamar) users:

a. Operating system admin and operating system root

b. Avamar server users – root, mcuser, repulser, and viewuser

4. Backup server proxy operating system root user

5. IDPA System Manager(DPC) users: Operating system admin and operating system root

16 Dell EMC Integrated Data Protection Appliance Product Guide

6. Reporting and analytics (DPA) users: Application Server operating system root, Datastore
operating system root, Application server administrator

7. Search(DPS) operating system root and search default LDAP root and admin

8. Cloud disaster recovery(CDRA) admin password

9. VCenter and ESXi idpauser password.

10. ACM root password

Note: Once the password is changed, ACM users will be logged out and they need to log in

again using the updated password.

Viewing version and build details

Click the Information (i) icon. The About page displays details about the IDPA software version,
build number, and the hardware version.

Logging out

Click the Logout button.

Appliance Configuration Manager dashboard

The Home tab provides an overview of the status and settings for the IDPA components and also
displays the general settings and customer information of the IDPA appliance.

Monitor and manage the appliance

On the dashboard Home tab, you can view the network configuration and product details, manage
the password, time zone, SMTP, SNMP, and NTP settings, and modify customer support
information.

You can also configure the LDAP settings, create and download log bundles, download the current
appliance configuration, shutdown the appliance, register components with Secure Remote
Services (formerly ESRS), and install optional components such as Reporting and Analytics,
Search, Data Protection Advisor, and Cloud Disaster Recovery (CDRA) if not already installed.

Note:

The Secure Remote Services (SRS) is a seperate application that can be installed and
deployed. For more information on SRS such as overview, documentation, and so on, see

https://support.emc.com/products/31755?siteLocale=en_US.

You can configure the Secure Remote Services present under the General Settings panel. If
the Secure Remote Services is not configured, you can configure it by clicking the Edit icon.

Downloading the configuration details

To download a PDF containing the current details of the IDPA configuration, click the Adobe PDF
icon.

Managing system components

The Home tab contains panels for each of the following:

l

IDPA System Manager

l

Backup Server

l

Protection Storage

l

Reporting and Analytics

l

Search

l

Cloud Disaster Recovery

l

Virtualization

l

Customer Information

Dell EMC Integrated Data Protection Appliance Product Guide 17

Monitor and manage the appliance

l

General Settings

Note: If a component cannot be reached on the network or has an incorrect stored credential,

the corresponding panel prompts the user to resolve the issue.

IDPA System Manager panel

The IDPA System Manager panel displays the IDPA System Manager version and component IP
address.

You can hover over the Services to view the status information for IDPA System Manager
services.

To launch the web interface, click IDPA System Manager Web UI and log in.

Note: If external LDAP has not been configured, then use the idpauser as the username. If

external LDAP has been configured, then use the external LDAP username.

For more information about IDPA System Manager workflows and capabilities, refer to the

System Manager Administration Guide

Backup Server panel

The Backup Server panel displays the component IP address, Avamar version, metadata of the
total and available backup storage, number of NDMP servers, license status of the Backup Server
node, and whether the installation of agents is in progress.

You can hover over the Services to view the status information for Avamar services.

Click Backup Server Web UI to launch the Avamar Web Interface and log in. You can download
the Avamar agents from the web interface.

For more information about the role of backup agents and how to install them, refer to the

Administration Guide

Protection Storage panel

The Protection Storage panel displays the DD OS version, component IP address, total and
available backup storage, the file system and license status of the Protection Storage node, and
any alerts that require your action.

To access additional functionality of the component, click the Protection Storage System
Manager link.

Note:

Center (DDMC) instance.

IDPA

.

Avamar

.

Protection Storage (Data Domain) cannot be managed by the Data Domain Management

Expanding storage capacity

You can expand the storage capacity by obtaining the required additional licenses through ELMS
(an electronic license management system).

Before you begin

Note:

Adding licenses to expand the storage directly from the Data Domain user interface is

not recommended, as it may result in loss of critical functionality.

About this task

Once the system detects the hardware, the Expand storage option is available in the gear icon
menu under the Protection Storage panel. For more information on expanding storage capacity,
see the Storage expansion section in the latest

Installation Guide.

18 Dell EMC Integrated Data Protection Appliance Product Guide

Dell EMC Integrated Data Protection Appliance

Monitor and manage the appliance

Procedure

1. In the Protection Storage panel, mouse over the gear icon on the top right and click the
Expand storage.

The Storage expansion and license upgrade wizard appears.

2. Click Browse and select the required license files for the additional storage.

3. Click Expand.

Results

After several minutes, the dashboard reflects the increased storage capacity.

Configuring cloud long-term retention feature on IDPA

DD Cloud Tier is configured through ACM configuration. Follow the below procedures to create DD
cloud units and configure Avamar backup policies for cloud long-term retention (LTR).

Before you begin

Note: For detailed information on creating DD cloud units, refer

Administration Guide

.

Data Domain Operating System

This process refers to the procedures in the following documents:

l

Data Domain Operating System Administration Guide

l

Avamar and Data Domain System Integration Guide

for DD OS 6.0 or higher

for Avamar 7.4 or higher

Procedure

1. On the ACM home tab, click the Protection Storage System Manager link.

The Data Domain System Manager GUI is displayed.

2. Follow the "Importing CA certificates" procedure in the

Administration Guide

.

Data Domain Operating System

After importing the certificate, close the Data Domain System Manager.

3. Connect to the Avamar user interface through IDPA System Manager.

The Avamar Administrator GUI is displayed.

4. Follow the "Adding or editing a Data Domain system with cloud tier support" procedure in
the

Avamar and Data Domain System Integration Guide

Note:

The ACM makes the step that refers to "Adding a Data Domain system"

.

unnecessary. To learn how to access the Edit Data Domain System dialog box, refer to
"Editing a Data Domain system."

5. Follow the "Creating a new tier group" procedure in the

Integration Guide

6. To verify your configuration, click the Activity launcher button in Avamar Administrator
and review the list of session on the Activity Monitor tab.

Reporting and Analytics panel

The Reporting and Analytics panel displays the Data Protection Advisor (DPA) version, IP
addresses for the Application Server and the Datastore Server, the license status of the Reporting
and Analytics node, and any alerts that require your action.

You can hover over the Services to view the status information for Data Protection Advisor
services.

To load the Reporting and Analytics console, click the Reporting and Analytics Web UI link.

Avamar and Data Domain System

.

Dell EMC Integrated Data Protection Appliance Product Guide 19

Monitor and manage the appliance

If Reporting and Analytics is not configured during the initial configuration process, the panel
displays a message indicating Reporting and Analytics is not configured. To configure the
Reporting and Analytics node, click the message. The Reporting and Analytics Configuration
screen is displayed. On the Reporting and Analytics Configuration screen, provide the required
license information and IP addresses and click Configure.

IDPA supports use of an external DPA implementation to analyze the system if you are running a
corporate deployment of the DPA instance. However, IDPA dashboard (ACM) does not display any
data that is associated with the external DPA separately. IDPA does not support local analytics and
search functions when an external instance of DPA or Search is used. Moreover, if you are using
an external DPA instance, you must configure and manage any such external DPA instances as
external instances cannot be configured or managed through the ACM.

Search panel

The Search panel displays the Search version, IP address for the Index Master node, and any
alerts that require your action. To load the Search console, click the Search link.

Hover over Services to view the status information for Search services.

If Search is not configured during the initial configuration process, the panel displays a message
indicating Search is not configured. To configure the Search node, click the message. The Search
Configuration screen appears. On the Search Configuration screen, provide the required IP
address and click Configure.

IDPA supports the use of an external Search node if you are running a corporate deployment of the
Search instance. However, the Search panel on the IDPA dashboard (ACM) does not display any
data that is associated with the external Search separately. IDPA does not support local analytics
and search functions when external instances of Search are used. Moreover, if you are using an
external Search instance, you must configure and manage any such external instances as external
instances cannot be configured and managed through the ACM.

Configuring clients in Search

To enable indexing for backup clients, additional configuration in Search is required.

Refer to the procedures in the "Collections" chapter of the

Administration Guide

connected to the appliance.

All the domains under Avamar get indexed automatically. Only those client domains that are added
post deployment of Search, are added manually.

Cloud Disaster Recovery panel

The Cloud Disaster Recovery panel displays the CDRA version, and alerts that require any action.
To load the Cloud Disaster Recovery console, click the Cloud Disaster Recovery Web UI link.

IDPA supports the use of an external CDRA if you are running a corporate deployment of the
CDRA instance. However, the Cloud Disaster Recovery panel on the IDPA dashboard (ACM) does
not display any events or data that is associated with the external CDRA separately. Moreover, if
you are using an external CDRA instance, you must configure and manage any such external CDRA
instances as external instances cannot be configured and managed through the ACM.

If CDRA is not configured during the initial configuration process, the panel displays Click here to
configure Cloud Disaster Recovery, indicating that Cloud Disaster Recovery is not configured.
To configure the Cloud Disaster Recovery node, click the message. The Cloud Disaster Recovery
Configuration screen is displayed. On the Cloud Disaster Recovery Configuration screen,
provide the IP address and click Configure.

Note:

Data Protection Search Installation and

. In the Sources section of the Collections wizard, select the clients that are

20 Dell EMC Integrated Data Protection Appliance Product Guide

Monitor and manage the appliance

l

Do not change the Avamar root user password before configuring CDRA from the
dashboard.

l

Do not change the Data Domain boost user password before configuring CDRA from the
Dashboard.

l

If a cloud account and email address are not configured during the CDRA configuration, the
CDRA Login page does not work. You must configure a cloud account and email address
manually in CDRA.

Connect to the cloud account and add Cloud DR targets

Connect the CDRA to the Amazon Web Services account and add targets to the account.

Before you begin

l

You have logged in to CDRA as administrator.

l

You have an AWS account that is already configured before connecting to the cloud account.

Note: IDPA performs the CDRA configuration automatically.

Procedure

1. Click Cloud Account on the menu bar.

The Connect to Cloud Account page appears.

2. Click Add Cloud Account.

3. In the Connecting to AWS Cloud account dialog box, enter the access key and the secret
key for the AWS account. http://docs.aws.amazon.com/IAM/latest/UserGuide/

id_credentials_access-keys.html provides information about obtaining the access and

secret keys.

4. To copy the IAM policy, click Copy IAM Policy.

This action copies to the buffer a JSON version of the minimum AWS user account
permissions that are required for Cloud DR implementation, which can then be applied to
AWS to set the permissions policy for the AWS user.

5. To view the Identity and Access Management (IAM) policy that represents the minimum
AWS user account permissions that are required for Cloud DR implementation, click Show
IAM Policy.

6. To save the AWS cloud account, click Verify & Save.

The CDRA verifies that the account exists before saving the cloud account information and
closing the Connecting to AWS Cloud account dialog box.

Note:

After you have provided credentials to an AWS account, you cannot change to

another AWS account.

Add cloud targets

You can add one or more cloud targets to the cloud account that includes selecting an Amazon S3
bucket and an encryption method.

Procedure

1. Click Cloud Account on the menu bar.

The Connect to Cloud Account page appears.

2. Click Add Cloud DR Target to set up one or more Cloud DR targets on the cloud account.

The Cloud DR target is the S3 bucket on AWS where data is written when VMs are backed
up to the cloud. The Cloud DR Server is deployed on one of the targets.

Dell EMC Integrated Data Protection Appliance Product Guide 21

Monitor and manage the appliance

3. Enter a name for the Cloud DR target.

4. Select an Amazon S3 bucket for the Cloud DR target.

5. Click Advance security option and select an encryption method:

The Add Cloud DR Target dialog box opens.

The name entered here appears in the Avamar Administrator when creating a Cloud DR
backup policy.

Option Description

SSE-S3 Default encryption (no cost)

SSE-KMS Key management service encryption (incurs a cost)

Note: If you select the SSE-KMS encryption method, only the default customer

managed key is supported. Changing the encryption key might cause errors with the
files in the Amazon S3 bucket.

For more information about these encryption methods, see:

l

SSE-S3 - https://docs.aws.amazon.com/AmazonS3/latest/dev/

UsingServerSideEncryption.html

l

SSE-KMS - https://docs.aws.amazon.com/AmazonS3/latest/dev/

UsingKMSEncryption.html

6. Click Add.

Deploy the Cloud DR Server

Deploy the CDRS on a specific Cloud DR target.

Before you begin

l

Cloud DR targets are required in the AWS account before performing this task. Connect to the

cloud account and add Cloud DR targets on page 21 contains information about adding Cloud

DR targets to the AWS account.

l

AWS Marketplace terms must be accepted before deploying the Cloud DR Server.

Procedure

1. Click Cloud DR Server on the menu bar.

l

If no CDRS has been deployed, the Deploy Cloud DR Server page appears.

l

If the CDRS has already been deployed, the Cloud DR Server page appears. You cannot
deploy additional CDRS instances.

2. In the Cloud DR Server Configuration section, select the Cloud DR target on which to
deploy the Cloud DR Server.

3. To allocate IP addresses for the Cloud DR solution, provide the IPV4 CIDR Range.

4. In the User Configuration section, enter and confirm passwords for the CDRS Admin and
CDRS Monitor users.

The passwords must:

l

Be at least eight characters in length

l

Contain characters of a minimum of three of the following types:

22 Dell EMC Integrated Data Protection Appliance Product Guide

Monitor and manage the appliance

n

English uppercase: A-Z

n

English lowercase: a-z

n

Numeric character: 0–9

n

Special (non-alphanumeric) characters

a. Enter and confirm passwords for the CDRS Admin and CDRS Monitor users.

b. Enter an email address for DD Cloud DR password reset requests.

When the Cloud DR Server is successfully deployed, AWS sends an email to this address
for verification. Follow the instructions in the email within 24 hours of deployment.

5. To confirm that you accept the marketplace terms, click the I have accepted the AWS
Marketplace terms checkbox.

6. Click Deploy Cloud DR Server.

The CDRA begins deployment of the CDRS to the Cloud DR target. If an error occurs during
deployment, click Cleanup to delete the cloud resources that CDRS creates, and then retry
deployment.

Deploying the CDRS may take up to 30 minutes.

If the deployment is successful, the Cloud DR Server page appears, listing the hostname of
the CDRS host, and the region. Also deployed are:

l

A Virtual Private Cloud (VPC).

l

An Amazon Relational Database Services (RDS) catalog, to maintain persistent data.

l

A private subnet for communication between the RDS and CDRS.

l

A public subnet (Standard Mode) or private subnet (Professional Mode) with internet
access to be used by CDRS.

l

The CDRS EC2 instance.

The M4.Large instance type is used for the CDRS instance. To reduce deployment costs,
you may want to purchase reserved instances from AWS; otherwise an on-demand instance
is used. An elastic IP address is automatically assigned to the CDRS instance. You cannot
change this IP address.

Note:

Multiple Cloud DR Add-on appliances can connect to a single Cloud DR Server
instance. However, one Cloud DR Add-on appliance cannot connect to multiple Cloud
DR Server instances.

Results

When the CDRS is deployed, connect to the Cloud DR Server by clicking the CDRS hostname.

Create rapid recovery images for protected VMs

You can accelerate the recovery process ahead of time by creating rapid recovery images for
protected VMs.

About this task

Creating a rapid recovery image starts the rehydration process and converts the VMDK files to an
Amazon Machine Image (AMI). The recovery process then launches the recovered instance from
the AMI.

Perform this procedure when a new backup copy is available in the Amazon S3 bucket.

Dell EMC Integrated Data Protection Appliance Product Guide 23