Dell PowerProtect Data Manager User Manual

PowerProtect Data Manager

Version 19.2

Administration and User Guide

REV 03

October 2019

Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.” DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND

WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED

IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property

of their respective owners. Published in the USA.

Dell EMC Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.DellEMC.com

2 PowerProtect Data Manager Administration and User Guide

Preface

Chapter 1

Chapter 2

Getting Started 13

Introducing PowerProtect Data Manager software........................................... 14

Accessing the PowerProtect Data Manager UI..................................................14

Replacing the default PowerProtect Data Manager certificate ............15

Getting Started.................................................................................... 16

UI tools and options ............................................................................. 16

Managing Users 19

Managing user roles and privileges ...................................................................20

Managing users....................................................................................20

Default admin user............................................................................... 22

Roles.................................................................................................... 22

Privileges............................................................................................. 25

Resetting system-generated VM Direct credentials..........................................30

Managing LDAP or AD groups...........................................................................30

Managing keychains.......................................................................................... 31

Add credentials.....................................................................................31

LDAP or AD authentication................................................................................31

Configuring LDAP or AD authorities and assigning roles....................... 31

Example: Configuring an AD authority .................................................35

Example: Configuring an LDAP authority............................................. 36

Troubleshooting LDAP configuration issues......................................... 37

Chapter 3

Chapter 4

Managing Storage 39

Add protection storage .................................................................................... 40

Overview of PowerProtect Data Manager cloud tier......................................... 41

Add Data Domain cloud protection storage...........................................41

Overview of PowerProtect Data Manager Cloud Disaster Recovery..................41

Enabling the Microsoft Application Agent for SQL 43

About the Microsoft application agent for SQL.................................................44

Microsoft SQL Server data protection and replication requirements................ 44

Protecting a stand-alone SQL Server................................................................44

Protecting SQL Server clustered environments................................................45

Install and configure the Microsoft application agent for SQL Server............... 46

Prerequisites ....................................................................................... 46

Install the Microsoft application agent................................................. 46

Upgrade the Microsoft application agent............................................. 48

Uninstall the Microsoft application agent with the setup file................48

Required privileges for backup and recovery of a stand-alone server...49

Required privileges for backup and recovery of an Always On availability

group................................................................................................... 49

Required privileges for backup and recovery of a Failover Cluster

Instance or Always On Failover Cluster Instance..................................50

PowerProtect Data Manager Administration and User Guide 3

Contents

Stagger SQL discovery jobs in host scale-out environments................50

Manage the Microsoft application agent for SQL............................................. 50

Support for existing SQL agent backups with PowerProtect Data Manager......51

Supporting existing SQL agent backups with PowerProtect................ 52

Use the backup discovery tool for PowerProtect Data Manager

management of existing backups......................................................... 53

Chapter 5

Chapter 6

Enabling the Oracle RMAN Agent 55

About the Oracle RMAN agent......................................................................... 56

Review Oracle data protection and replication requirements............................ 56

Prerequisites........................................................................................56

Protecting a stand-alone Oracle server.............................................................57

Protecting Oracle RAC environments............................................................... 57

Install and configure the Oracle RMAN agent................................................... 58

Install the Oracle RMAN agent.............................................................58

Upgrade the Oracle RMAN agent.........................................................60

Uninstall the Oracle RMAN agent........................................................ 62

Integration with PowerProtect Data Manager software.......................64

Install the PowerProtect Data Manager agent..................................... 65

Uninstall the PowerProtect Data Manager agent................................. 67

How the Oracle RMAN agent communicates with PowerProtect Data

Manager...............................................................................................67

Verify the connectivity from ddbmcon..................................................71

Discover the storage units....................................................................74

Add or manage the Oracle application agent..................................................... 74

Supporting existing Oracle RMAN agent backups with PowerProtect Data

Manager............................................................................................................75

Support existing Oracle RMAN agent backups with PowerProtect Data

Manager...............................................................................................76

Enabling the File System Agent 79

About the File System agent.............................................................................80

File System agent prerequisites........................................................................ 80

Roadmap for protection with the File System agent..........................................81

Installing and configuring File System agent..................................................... 82

Install the File System agent on Linux.................................................. 82

Install the File System agent on Windows ........................................... 82

Silent installation of File System agent.................................................83

Uninstalling the File System agent ...................................................... 83

Upgrade the File System agent............................................................ 84

Manage the File System agent..........................................................................84

Chapter 7

4 PowerProtect Data Manager Administration and User Guide

Enabling the Storage Direct Agent 87

About the Storage Direct agent........................................................................ 88

Storage Direct agent prerequisites................................................................... 88

Additional setup and configuration file requirements for existing Storage Direct

users................................................................................................................. 89

Roadmap for protection with the Storage Direct agent (new users)................. 91

Roadmap for protection with the Storage Direct agent (existing Storage Direct

users)............................................................................................................... 93

Installing or Upgrading Storage Direct.............................................................. 94

Install the Storage Direct agent on Linux............................................. 94

Upgrade the Storage Direct agent on Linux......................................... 95

Install or Upgrade the Storage Direct agent on Windows .................... 97

Contents

Silent installation of the Storage Direct agent......................................98

Uninstall the Storage Direct agent on Linux......................................... 98

Uninstall the Storage Direct agent on Windows................................... 98

Manage the Storage Direct agent..................................................................... 98

Chapter 8

Chapter 9

Managing Assets 101

About asset sources, assets, and storage........................................................ 102

Prerequisites for discovering asset sources.....................................................102

Adding a vCenter Server asset source.............................................................102

Add a VMware vCenter Server........................................................... 102

Virtual asset discovery........................................................................104

Creating a dedicated vCenter user account and assigning the role in vCenter.105

Specify the required privileges for a dedicated vCenter user account ....

105

VM Direct protection engine overview............................................................ 108

Add a VM Direct appliance..................................................................108

Additional VM Direct actions.............................................................. 109

Discovering an application or File System host ................................................110

Discover an Oracle or SQL application host......................................... 111

Discover a File System Host.................................................................111

Discover a Storage Direct agent host.................................................. 112

Add and discover the SMIS server for the Storage Direct agent...................... 113

Managing Protection Policies 115

Protection policies........................................................................................... 116

Policy retention time considerations................................................... 116

Data Domain protection considerations...............................................116

Before you a create protection policy.............................................................. 118

Add a protection policy for virtual machine protection..................................... 118

On-demand backups of virtual machines............................................. 121

Additional options for managing virtual machine backups................... 122

Add a protection policy for SQL database protection...................................... 122

Add a protection policy for Oracle database protection...................................125

Add a protection policy for File System protection.......................................... 129

Add a protection policy for Storage Direct protection..................................... 132

Add a Cloud Tier protection policy...................................................................136

Edit a protection policy....................................................................................137

Add or remove assets in a protection policy.....................................................137

Removing expired backup copies.....................................................................138

Export protection ........................................................................................... 139

Delete a protection policy................................................................................139

Add a Service Level Agreement....................................................................... 140

Export Asset Compliance.................................................................................142

Dynamic filters ................................................................................................143

Creating virtual machine tags in the vSphere Client............................143

Add a dynamic filter............................................................................ 144

Manually run a dynamic filter.............................................................. 145

Edit or delete a dynamic filter ............................................................ 146

Change the priority of the existing dynamic filter .............................. 146

Chapter 10

Restoring Data and Assets 147

View copies..................................................................................................... 148

Restore a virtual machine or VMDK................................................................. 148

Prerequisites to restore a virtual machine...........................................149

PowerProtect Data Manager Administration and User Guide 5

Contents

Restore to original virtual machine......................................................149

Restore individual virtual disks............................................................ 151

Restore to new....................................................................................151

Restore an instant access virtual machine.......................................... 153

File level restore................................................................................. 156

Direct Restore to ESXi....................................................................... 158

Restore an application-aware virtual machine backup..................................... 159

Performing centralized restore of a File System host...................................... 159

Centralized restore of File Systems in PowerProtect Data Manager.. 159

Restore of Storage Direct backups in PowerProtect Data Manager.................161

Restore the PowerProtect Data Manager server ............................................162

Restore operations for cloud tier..................................................................... 163

Restore from cloud tier.......................................................................163

Chapter 11

Chapter 12

Chapter 13

Performing Self-service Backup and Restore of Application and File

System Agents 165

Performing self-service backups of Microsoft SQL databases........................ 166

Performing self-service backups of Oracle databases..................................... 166

Performing self-service backups of File Systems.............................................167

Performing self-service backups of Microsoft SQL databases........................ 168

Restore a SQL application host....................................................................... 168

Restore an Oracle application host.................................................................. 168

Performing self-service restore of a File System host..................................... 169

Using the ddfsadmin utility for File Systems....................................... 169

Self-service image-level restore of File Systems................................ 170

Self-service file-level restore of File Systems......................................171

Preparing for and Recovering from a Disaster 173

Managing system backups...............................................................................174

Manage PowerProtect Data Manager backups for disaster recovery.............. 174

Prepare the Data Domain recovery target....................................................... 175

Configure backups for disaster recovery......................................................... 175

Configure PowerProtect Data Manager server disaster recovery backups...... 176

Record settings for disaster recovery..............................................................176

Restore PowerProtect Data Manager from an external Data Domain system.. 177

Managing Alerts, Jobs, and Tasks 179

Configure Alert Notifications........................................................................... 180

View and manage System Alerts......................................................................180

View and manage System Alerts...................................................................... 181

Monitoring and viewing jobs.............................................................................181

Monitor and view tasks....................................................................................182

Restart a job or task........................................................................................ 182

Cancel a job or task......................................................................................... 183

Export logs for a job or task.............................................................................184

Chapter 14

6 PowerProtect Data Manager Administration and User Guide

Upgrading the PowerProtect Data Manager Software 185

Upgrade the software from PowerProtect Data Manager version 19.1............ 186

Upgrade PowerProtect Data Manager from version 19.2 and later.................. 187

Managing certificates after upgrading from versions earlier than PowerProtect

Data Manager version 19.1............................................................................... 188

Contents

Chapter 15

Best Practices and Troubleshooting 191

Compatibility information................................................................................ 192

Power off the PowerProtect Data Manager OVA............................................ 192

Creating a dedicated vCenter user account and assigning the role in vCenter.192

Specify the required privileges for a dedicated vCenter user account ....

192

Best practices with the VM Direct appliance................................................... 195

Software and hardware requirements.................................................196

PowerProtect Data Manager resource requirements on VMware

environment........................................................................................197

Configuration checklist for common issues.........................................197

VM Direct appliance performance and scalability................................198

Increasing the number of instant access sessions...............................199

Enabling or disabling Changed Block Tracking.................................... 199

Configure a backup to support vSAN datastores............................... 200

Disable SSL certification on the vCenter Server................................ 200

Troubleshooting backup configuration issues..................................................200

Troubleshooting virtual machine backup issues............................................... 201

VM Direct limitations and unsupported features................................. 201

Managing command execution for VM Direct Agent operations on Linux

.......................................................................................................... 203

SQL Server application-consistent backups fail with error "Unable to

find VSS metadata files in directory"................................................. 203

Failed to lock Virtual Machine for backup: Another EMC VM Direct

operation 'Backup' is active on VM ................................................... 203

vMotion operations are not allowed during active backup operations.203

Backups fail if certain characters are used in the virtual machine name,

datastore, folder, or datacenter names.............................................. 203

Lock placed on virtual machine during backup and recovery operations

continues for 24 hours if VM Direct appliance fails............................ 204

Trailing spaces not supported in SQL database names.......................204

SQL databases skipped during virtual machine transaction log backup....

204

Accessing Knowledge Base Articles................................................... 205

Recover a failed PowerProtect Data Manager backup....................................205

Troubleshooting virtual machine restore issues...............................................205

Troubleshooting instant access restore failures................................. 207

FLR Agent for virtual machine file-level restore................................. 208

Supported platform versions for file-level restore..............................209

File-level restore and SQL restore limitations..................................... 210

Troubleshoot recovery of PowerProtect Data Manager.................................. 212

Application agent and File System agent co-existence.................................... 212

Microsoft application agent for SQL Server application-aware protection...... 214

Troubleshooting Microsoft Application Agent discoveries on Windows 2008 and

Application Direct............................................................................................ 216

Supporting more than 50 database clients...................................................... 216

File System agent limitations........................................................................... 216

Storage Direct agent limitations...................................................................... 218

Time synchronization required between PowerProtect Data Manager and the

systems it interfaces with................................................................................221

PowerProtect Data Manager allows completion of protection policy when

storage unit on the Data Domain cannot be created........................................ 221

Viewing the DD Boost storage unit password.................................................. 221

Chapter 16

Modifying the System Settings 223

PowerProtect Data Manager Administration and User Guide 7

Contents

System settings.............................................................................................. 224

Modify the network settings.............................................................. 224

Modify the appliance time zone..........................................................224

Change the system root user password............................................. 224

Enable replication encryption............................................................. 225

License types..................................................................................... 225

PowerProtect Data Manager licenses................................................ 226

System Support.............................................................................................. 227

Callhome ........................................................................................... 228

Set up the email server...................................................................... 230

Add Auto Support............................................................................... 231

Enable automatic upgrade package downloads................................... 231

Add a log bundle................................................................................. 231

Monitor system state and system health............................................232

Configure PowerProtect Central reporting........................................ 234

Modifying the PowerProtect Data Manager virtual machine disk settings...... 235

Modify the virtual machine memory configuration............................. 235

Modify the data disk size................................................................... 235

Modify the system disk size............................................................... 237

Configure the Data Domain system................................................................. 237

Chapter 17

Chapter 18

PowerProtect plug-in within the vSphere Client 239

Overview of the PowerProtect plug-in within the vSphere Client...................240

Prerequisites to using the PowerProtect plug-in within the vSphere Client.....241

Monitor virtual machine protection copies...................................................... 242

Restore a virtual machine protection copy in the vSphere Client.................... 242

VMware Cloud on Amazon Web Services (AWS) Support 245

PowerProtect Data Manager image backup and recovery for VMware Cloud on

AWS................................................................................................................246

Configure the VMware Cloud on AWS web portal console.............................. 246

Amazon AWS web portal requirements........................................................... 247

Interoperability with VMware Cloud on AWS product features....................... 247

vCenter server inventory requirements...........................................................248

VMware Cloud on AWS configuration best practices...................................... 248

Add a VM Direct appliance.............................................................................. 248

Protection and recovery operations................................................................ 249

Interoperability with VMware Cloud on AWS product features....................... 250

Unsupported operations in VMware Cloud on AWS ....................................... 250

Troubleshooting VMware Cloud on AWS ....................................................... 250

8 PowerProtect Data Manager Administration and User Guide

Preface

As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.

If a product does not function correctly or does not function as described in this document, contact a technical support professional.

Note: This document was accurate at publication time. To ensure that you are using the latest

version of this document, go to the Support website https://www.dell.com/support.

Note: References to Data Domain systems in this documentation, in the UI, and elsewhere in

the product include Data Domain systems and the new PowerProtect DD systems.

Purpose

This document describes how to install, configure, and administer PowerProtect Data Manager software.

Audience

This document is intended for the host system administrator who is involved in managing, protecting, and reusing data across the enterprise by deploying PowerProtect Data Manager.

Revision history

The following table presents the revision history of this document.

Table 1

Revision history

Revision Date Description

03 October 29, 2019 This revision includes the following updates:

File System agent limitations updates, including exclusions when performing block-based backups.

Add a protection policy for File System protection updates.

02 September 27, 2019 Post GA updates.

01 September 24, 2019 Initial release of this document for

PowerProtect Data Manager 19.2.

Getting Started

This section includes the following topics:

Introducing PowerProtect Data Manager software................................................................14

Accessing the PowerProtect Data Manager UI...................................................................... 14

PowerProtect Data Manager Administration and User Guide 13

Getting Started

Introducing PowerProtect Data Manager software

PowerProtect Data Manager software is an enterprise solution that provides software-defined data protection, deduplication, operational agility, self-service, and IT governance.

PowerProtect Data Manager enables the transformation from traditional centralized protection to an IT-as-a-service model, based on a self-service design. This design ensures that you can enforce compliance and other business rules, even when backup responsibilities are decentralized to individual database administrators and application administrators.

PowerProtect Data Manager key features include:

Software-defined data protection with integrated deduplication, replication, and reuse

Data backup and recovery self-service operations from native applications that are combined with central IT governance

Multi-cloud optimization with integrated cloud tiering

SaaS-based management, compliance, and predictive analytics

Modern services-based architecture for ease of deployment, scaling, and upgrading

PowerProtect Data Manager integrates multiple data protection products within the Dell EMC Data Protection portfolio to enable data protection as a service, providing the following benefits:

The data protection team can create data paths with provisioning, automation, and scheduling to embed protection engines into the infrastructure for high-performance backup and recovery.

For large-scale environments, backup administrators can schedule Microsoft SQL and Oracle backups from a central location on the PowerProtect Data Manager server.

PowerProtect Data Manager uses an agent-based approach to discover the protected and unprotected databases on an application server.

PowerProtect Data Manager enables governed self-service and centralized protection by providing the ability to monitor and enforce Service Level Objectives (SLOs), identify violations of Recovery Point Objectives (RPO), and apply retention locks on backups created using the Microsoft application agent and the Oracle RMAN agent.

PowerProtect Data Manager supports deploying an external VM Direct appliance for data movement with the VM Direct Engine. The PowerProtect Data Manager software comes prebundled with an embedded VM Direct appliance, which is automatically used as a fallback proxy for performing backup and restore operations when the added external proxies fail or are disabled. Dell EMC recommends that you always deploy external proxies because the embedded proxy has limited capacity for performing parallel backups.

PowerProtect Data Manager supports integration of Cloud Disaster Recovery (Cloud DR), including workflows for Cloud DR deployment, protection, and recovery operations in the AWS cloud.

Accessing the PowerProtect Data Manager UI

PowerProtect Data Manager provides a stand-alone UI that you can use to manage and monitor system behavior.

Procedure

1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:

https://appliance_hostname

14 PowerProtect Data Manager Administration and User Guide

Note: You can specify the hostname or the IP address of the appliance.

2. Log in with your user name and password.

If you receive an unsigned certificate warning, see Replacing the default PowerProtect Data

Manager certificate on page 15 for instructions.

The Getting Started page appears.

The left pane provides links to the available menu items. Expand a menu item for more options.

The icons in the PowerProtect Data Manager banner provide additional options.

Replacing the default PowerProtect Data Manager certificate

Use this procedure to replace the PowerProtect Data Manager UI and public API facing certificates with new self-signed or CA signed certificates.

Before you begin

You must have the following keys and certificates in place:

/etc/ssl/certificates/customer/customerkey.pem

/etc/ssl/certificates/customer/customer.pem

/etc/ssl/certificates/customer/customer.keystore

/etc/ssl/certificates/customca/customca.truststore

Getting Started

Procedure

1. Log in to the PowerProtect Data Manager system as the root user.

Note:

PowerProtect Data Manager does not support using the ssh command with the

root account. To use ssh to connect to the system and change the password for the root account, log in to ssh with the admin account, and then use the su command to change to the root account.

2. Run the following Unix commands:

cd /usr/local/brs/lib/ecdm-ui/app

ln -s /etc/ssl/certificates/customer/customer.pem cert.pem

ln -s /etc/ssl/certificates/customer/customerkey.pem private-key.pem

sudo systemctl restart nginx

Update the /usr/local/brs/lib/zuul/conf/application.yml file with following parameters:

key-store: Specify the file path where your key-store certificate is kept. For example: /etc/ssl/certificates/customer/customer.keystore

key-store-password: Specify a key-store password.

key-password: Specify a key password.

key-alias: Specify a key alias.

trust-store: Specify the file path where your trust-store certificate is kept. For example: /etc/ssl/certificates/customca/customca.truststore

trust-store-password: Specify a trust-store password.

PowerProtect Data Manager Administration and User Guide 15

Getting Started

The Getting Started page provides configuration options that are required when the system is first deployed.

The Getting Started page appears upon first deployment of PowerProtect Data Manager and opens to this page by default until you click Skip This.

You can access the Getting Started page at any time by selecting System Settings > Getting Started.

Table 3 PowerProtect Data Manager Getting Started menu items

Options Description

4. Carry out the command: zuul restart

5. Log in to the https://ecdm.customer.com instance.

6. When prompted, accept the certificate.

7. Login to https://ecdm.customer.com:8443.

All external requests are now using your installed certificates.

Support View and configure Secure Remote Services (SRS), Email Setup, Auto

Disaster Recovery Backup

VMware vCenter Opens the Infrastructure > Asset Sources page where you can add a

Protect Assets Opens the Protection Policies page where you can manage Protection

UI tools and options

Learn about the available tools in the UI.

PowerProtect Data Manager UI tools

Table 4

PowerProtect Data Manager tools

Menu item Description

Dashboard

Support, Logs, System Health.

Configure and manage backups for disaster recovery.

vCenter instance as an asset source so that it can be added to a protection policy.

Life Cycle workflows for all asset types.

Provides a high-level view of the overall state the PowerProtect Data Manager system and includes the following information:

Alerts—System alerts

Protection—Details about protection policies

Jobs—Status of all Jobs filtered by a selected time frame or status type. Select the status in the Jobs pane to open the Jobs window, where you can manage jobs, search, and view details.

Policy—Details include number of successes, failures, and excluded assets for each asset type

Protection Storage—Protection storage usage statistics

16 PowerProtect Data Manager Administration and User Guide

Table 4 PowerProtect Data Manager tools (continued)

Menu item Description

Recovery—Recovery statistics

Health—Details about the health of the system, including services, licenses, support, protection engines, server backups, and uptime.

PowerProtect Data Manager refreshes the data hourly unless you run an ad-hoc discovery.

Click Infrastructure to perform the following tasks:

View and manage Virtual Machine, SQL Database, Oracle

Infrastructure

Database, and File System assets

Add vCenter and Application and File System Host asset sources

View and manage Integrated Storage

Add a VM Direct appliance with the VM Direct protection engine for virtual machine data protection

Manage registration of RMAN Agent, Microsoft Application Agent, and File System Agent

View and manage Cloud disaster recovery

Getting Started

Protection

Recovery

Alerts

Administration

Click Protection to perform the following tasks:

Add protection policy groups to SQL and Oracle databases, File Systems, and Virtual Machines

Manage SLA

Add, edit, and delete Dynamic Groups to SQL and Oracle databases, File Systems, and Virtual Machines

Click Recovery to perform the following tasks:

View asset copy location details and initiate a Restore operation

Manage Instant Access Sessions

Click Alerts to perform the following tasks:

View and acknowledge alerts and events.

View and drill down to Audit Logs.

Export audit logs to CSV files.

Set audit log boundaries.

Click Administration to perform the following tasks:

Configure users and roles

Set password credentials and manage key chains

Configure alert notifications

Add LDAP Identity Sources

Click Jobs to manage jobs, view by completed or running, filter, and view details.

PowerProtect Data Manager Administration and User Guide 17

Getting Started

Table 4 PowerProtect Data Manager tools (continued)

Menu item Description

Jobs

Click Reporting to log in to PowerProtect Central.

Reporting

Additional UI options

The following table describes the icons located in the PowerProtect Data Manager banner.

Table 5 Additional options

Option Description

Click to enter search criteria to find assets, jobs, logs, and alerts.

Click to see recent alerts.

Click to configure and manage PowerProtect Data Manager system network, time zone, and NTP settings, DR backups, security, licenses, upgrades, authentication, agent downloads, and support, and to access the Getting Started page.

Click to log out and log in as a different user.

Click to see PowerProtect Data Manager version information.

Click to obtain more information about PowerProtect Data Manager and how it can help you manage your backup copies.

18 PowerProtect Data Manager Administration and User Guide

CHAPTER 2

Managing Users

This section includes the following topics:

Managing user roles and privileges ....................................................................................... 20

Resetting system-generated VM Direct credentials.............................................................. 30

Managing LDAP or AD groups............................................................................................... 30

Managing keychains...............................................................................................................31

LDAP or AD authentication.................................................................................................... 31

PowerProtect Data Manager Administration and User Guide 19

Managing Users

Managing user roles and privileges

Users can be defined as either local or LDAP/Active Directory. Users and LDAP groups can access all protection policies and assets within the PowerProtect Data Manager environment.

The role that is assigned to a user defines the privileges that are associated with the user and determines the tasks that the user can perform.

Managing users

Only the Admin role can manage users.

The following roles can view users, roles, identity sources, and user groups:

Admin

User

Export and Recovery Admin

Users can see only their own role within their own account.

Note: User authorization grants or denies users access to PowerProtect Data Manager

resources. Authorization is the same for locally authorized users and Microsoft Windows Active Directory/LDAP users.

Add a user

You can create local users to perform management tasks. When you create a local user account, you must assign a role to the user.

You must have administrator credentials to add a user.

Procedure

1. Select Administration > Users.

The Users window appears.

2. Click Add.

3. In the New User window, provide the following information:

User first name

User last name

Username

Email Address

Password

Retype to confirm password

Force Password Change—Enabled by default. Requires the user to update the password at first login.

Role

4. Click Save.

Results

The newly added user appears in the Users window.

20 PowerProtect Data Manager Administration and User Guide

Edit or delete a user

You must have administrator credentials to edit or delete a user.

Procedure

1. Select Administration > Users.

The Users window displays the following information:

Username

User first name

User last name

User email address

User role

Date the user was created

2. Select the user you want to edit or delete.

3. Do one of the following:

To delete the user, click Delete.

To edit the user, click Edit, modify the user fields, and then click Save.

Managing Users

Reset a password

Results

The changes appear in the Users window.

Local users can reset a forgotten password using this procedure.

Before you begin

The user must be a a local user.

A reset password mail server must be configured.

LDAP and Windows Active Directory users cannot reset their password using this procedure. Contact the system administrator to reset your password.

About this task

Local users can receive an email with a link to reset their password. The reset password link in the email expires in 20 minutes, after which time they must request another link.

Procedure

1. In the PowerProtect Data Manager login page, click Forgot Password.

2. In the Forgot Password dialog box, type your user name, click Send Link, and click OK to dismiss the informational dialog box.

The system sends a message to the email address associated with your user name.

3. Open the email and click the link.

4. In the Reset Password dialog box, type a new password in the New Password and Confirm New Password fields, and click Save.

The PowerProtect Data Manager login page appears.

5. Log in with your user name and new password.

PowerProtect Data Manager Administration and User Guide 21

Managing Users

Default admin user

The default admin user is preassigned the Admin role during PowerProtect Data Manager installation.

The default admin user has super user control over PowerProtect Data Manager and cannot be deleted. However, you can modify the attributes of the default admin user.

Roles

A role defines the privileges and permissions that a user has to perform a group of tasks. When a user is assigned a role, you grant the user all of the privileges that are defined by the role. Only one role can be associated to a user account.

Admin role

Admin

The Admin role is responsible for setup, configuration, and all PowerProtect Data Manager management functions. The Admin role provides systemwide access to all functionality across all organizations. One default Admin role is assigned at PowerProtect Data Manager deployment and installation. You can add and assign additional Admin roles to users in your organization who require full access to the system.

This table outlines the privileges and tasks that are associated with the Admin role.

Table 6

Admin role privileges and tasks

Privileges Tasks

Activity Management

Asset Management

Monitoring

Recovery and Reuse Management

Manage Discovery Jobs

Manage Tasks

Workflow Execution

View Data Source Assets

Manage Data Source Assets

View Protection Storage Targets

Manage Protection Storage Targets

Monitor Events

Manage Events

View Historical Data

View Tasks and Activities

View Host

Manage Host

Rollback to Production

Recovery to New Location

Export for Reuse

22 PowerProtect Data Manager Administration and User Guide

Table 6 Admin role privileges and tasks (continued)

Privileges Tasks

Managing Users

Service Plan Management

Security and System Audit

Storage Management

Support Assistance and Log Management

System Management

User/Security Management

View Plans

Manage Plans

Assign Data Source to Plan

Monitor Security/System Audit

Manage Security/System Audit

View Storage Array

Manage Storage Array

View Inventory Sources

Manage Inventory Sources

View Diagnostic Logs

Manage Diagnostic Logs

View System Settings

Manage System Settings

Manage User Security

View User Security

User role

User

The User role is responsible for monitoring the PowerProtect Data Manager Dashboard, Activity Monitor, and Notifications. The User role provides read-only access to monitor activities and operations. Assign the User role to users in your organization who monitor Dashboard activities, Activity Monitor, and Notifications but do not require the ability to configure the system.

This table outlines the privileges and tasks that are associated with the User role.

Table 7

User role privileges and tasks

Privileges Tasks

Activity Management

Asset Management

Monitoring

Workflow Execution

View Data Source Assets

View Protection Storage Targets

Monitor Events

View Historical Data

View Tasks and Activities

PowerProtect Data Manager Administration and User Guide 23

Managing Users

Table 7 User role privileges and tasks (continued)

Privileges Tasks

Recovery and Reuse Management

Service Plan Management

Security and System Audit

Storage Management

Support Assistance and Log Management

System Management

User/Security Management

Export and Recovery Admin role

Export and Recovery Admin

The Export and Recovery Admin role is defined for a dedicated set of users who are solely responsible for PowerProtect Data Manager setup, configuration, and execution of data management tasks such as copy export and recovery operations. The Export and Recovery Admin role provides access only to those functions required for data export and recovery operations. This role and its operations are intended for a limited set of users whose actions are solely focused on data management, export, and recovery; and whose actions are audited routinely for security purposes. Assign the Export and Recovery Admin role to a user in your organization that requires access to data only to make it available to others in the organization to maintain a chain of custody record.

This table outlines the privileges and tasks that are associated with the Export and Recovery Admin role.

View Host

View Plans

Monitor Security/System Audit

View Storage Array

View Inventory Sources

View Diagnostic Logs

View System Settings

View User Security

Table 8

Export and Recovery Admin role privileges and tasks

Privileges Tasks

Activity Management None

Asset Management

Monitoring

Recovery and Reuse Management

24 PowerProtect Data Manager Administration and User Guide

View Data Source Assets

View Protection Storage Targets

Monitor Events

View Historical Data

View Tasks and Activities

View Host

Manage Host

Table 8 Export and Recovery Admin role privileges and tasks (continued)

Privileges Tasks

Rollback to Production

Recovery to New Location

Export for Reuse

Managing Users

Service Plan Management

Security and System Audit

Storage Management

Support Assistance and Log Management

System Management

User/Security Management

Privileges

PowerProtect Data Manager privileges define the tasks that a user can perform and these privileges are assigned to roles.

Activity Management Privileges

This table defines the Activity Management Privileges.

Table 9

Activity Management Privileges

None

View Storage Array

View Diagnostic Logs

View System Settings

View User Security

Privilege Task

Manage Discovery Jobs

Manage Task

Workflow Execution

Create discovery jobs.

View discovery jobs.

Edit discovery jobs.

Delete discovery jobs.

Create task resources.

View task resources.

Edit task resources.

Start workflow execution.

Cancel workflow execution.

View the status of workflow execution.

PowerProtect Data Manager Administration and User Guide 25

Managing Users

Asset Management Privileges

This table defines the Asset Management Privileges.

Table 10 Asset Management Privileges

Privilege Task

Manage Data Source Assets

Manage Protection Storage Targets

View Data Source Assets

View Protection Storage Targets

Monitoring Privileges

This table defines the Monitoring Privileges.

Create, read, edit, and delete a data source.

Create, view, edit, and delete the policy in the protection group resource.

Create, view, edit, and delete asset group resources.

Create, view, edit, patch, and delete tag category resources.

Create, view, edit, and delete a data target.

Create, view, edit, and delete asset group resources of protection storage targets.

View a data source.

View asset group resources.

View the policy of the protection group resource.

View tag category resources.

View a data target.

Table 11

Monitoring Privileges

Privilege Task

View Tasks or Activities

View Historical Data

View task resources.

View historical data that relates to plans, arrays, data targets, data sources, and capacity data.

Monitor Events

Manage Events

View alerts.

View external notifications.

Acknowledge alerts and add notes.

Create, modify, and delete external notifications.

Service Policy Management Privileges

This table defines the Policy Management Privileges.

26 PowerProtect Data Manager Administration and User Guide

Table 12 Policy Management Privileges

Privilege Task

Managing Users

Assign Data Source to Policy

Manage Policies

View Policies

Assign a data source to a protection policy resource.

Create, view, edit, and delete the policy for a protection policy resource.

Create, view, edit, and delete a policy definition resource.

Create, view, edit, and delete schedule resources.

Create, view, edit, and delete an objective definition resource.

Create, read, edit, and delete an action definition.

View the policy for a protection policy resource.

View schedule.

View a protection policy definition.

View objective definition.

View services.

View service resources.

View assets that are assigned to a protection policy.

View action definitions.

View asset group resources.

Recovery and Reuse Management Privileges

This table defines the Recovery and Reuse Management Privileges.

Table 13

Privilege Task

Export for Reuse

Roll back to Production

Recovery to Alternate Location

Manage Host

View Host

Recovery and Reuse Management Privileges

Create, view, edit, and start export and reuse operations.

Create, view, edit, and start rollback to production operations.

Create, view, edit, and start recovery to alternate location operations.

Create, view, edit and delete a host.

View a host.

Storage Management Privileges

This table defines the Storage Management Privileges.

PowerProtect Data Manager Administration and User Guide 27

Managing Users

Table 14 Storage Management Privileges

Privilege Task

View Inventory Sources

View Storage Array

Manage Storage Array

Manage Inventory Sources

Security Management Privileges

This table defines the Security Management Privileges.

Table 15

Security Management Privileges

View a management interface.

Read storage manager resources such as exported, deleted, and restored copies.

View a storage array.

Create, view, edit, and delete a storage array.

Create storage manager resources and run creation-related storage array operations.

Create exported and restored copies and run restore-related storage array operations.

Create expunged copies and run deletion-related storage array operations.

Create, view, edit, and delete a management interface.

Privilege Task

Manage User Security

View User Security

System Management Privileges

This table defines the System Management Privileges.

Table 16

Privilege Task

View System Settings

System Management Privileges

Create, view, edit, and delete users

View roles

Create, view, edit, and delete identity sources

Create, view, edit, and delete user groups

Create, view, edit, and delete whitelists

View users and roles

View identity sources and user groups

View whitelists

View SRS information.

28 PowerProtect Data Manager Administration and User Guide

Table 16 System Management Privileges (continued)

Privilege Task

View Server Disaster Recovery artifacts.

View Maintenance Mode.

View License information.

View Server Disaster Recovery Status.

View node, Configuration EULA, OS User, Upgrade Package, Component, Configuration Status, Configuration Logs, Time Zone, and State resources

Managing Users

Manage System Settings

Manage Server Disaster Recovery activities.

Manage SRS Gateway connection and other Telemetry communications.

View and edit Node State resource.

Update the license for the appliance.

View Component, Configuration Status, Configuration Logs, Time Zone, and State resources

View and edit node, Configuration EULA, OS User, and Lockbox resouces.

Create, view, edit, and delete the Upgrade Package resource

Support Assistance and Log Management Privileges

This table defines the Support Assistance and Log Management Privileges.

Table 17

Privilege Task

View Diagnostic Logs

Support Assistance and Log Management Privileges

View Log bundle resources.

View Log information resources.

View the LogSource resource.

View logs.

Manage Diagnostic Logs

Security and System Audit Privileges

This table defines the Security and System Audit Privileges.

Manage Log bundle resources.

Retrieve Log information resources.

Retrieve or edit the LogSource resource.

Export logs.

PowerProtect Data Manager Administration and User Guide 29

Managing Users

Table 18 Security and System Audit Privileges

Privilege Task

Monitor Security/ System Audit

Manage Security/ System Audit

View Security Audit–related events and activities.

Acknowledge Security Audit–related events and activities.

Export Audit/Change Log of events and activities.

Resetting system-generated VM Direct credentials

PowerProtect Data Manager deploys the VM Direct Engine during installation with unique admin and root credentials.

About this task

You must have PowerProtect Data Manager Admin role privileges to edit or delete a user.

Procedure

1. Select Administration > Credentials.

The Credentials Management window appears and displays the type, name, and username.

2. Select a VM Direct user and click Edit.

3. Modify the password in the Edit Credentials window and click Save.

4. Select Infrastructure > Protection Engines > VM Direct Engines.

5. Select a VM Direct Engine.

6. Select redeploy from the ellipsis list.

Managing LDAP or AD groups

PowerProtect Data Manager requires you to configure an LDAP group, and the PowerProtect Data Manager users must be part of this group. Only the Admin role can create users or LDAP and AD groups.

Users

You can create local users to perform management tasks. When you create a local user account, you must assign a role to the user.

LDAP or AD groups

When you configure LDAP or AD authentication in the Authentication Service, use the User Group resources to assign roles to the LDAP groups. The User Group resource defines the role assignments for an LDAP or AD user group.

30 PowerProtect Data Manager Administration and User Guide

+ 220 hidden pages

Dell PowerProtect Data Manager User Manual

CONTENTS

Preface

Getting Started

Introducing PowerProtect Data Manager software

Accessing the PowerProtect Data Manager UI

Replacing the default PowerProtect Data Manager certificate

Getting Started

UI tools and options

Managing Users

Managing Users

Managing user roles and privileges

Default admin user

Roles

Privileges

Resetting system-generated VM Direct credentials

Managing LDAP or AD groups