DELL POWERPROTECT

DD BASIC
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

Dell PowerProtect DD Basic Administration 5

Accessing a PowerProtect DD System 6

Accessing a PowerProtect DD System 6
Exploring Administration Interfaces 6
Accessing the DD System Manager 9
Exploring the Password Policy 10
Default Passwords 14
Password Changes Due to a DDOS Upgrade 15
Examining Multifactor Authentication 16
Configuring Multifactor Authentication 17
Session Security Commands 19
Session Security Activity 21

Hardware Verification 22
Hardware Verification 22
Verify System Information Using DD System Manager 22
Verify Storage Information 23
Viewing Chassis Information 24
Verifying System Information Using the CLI 25

Accessing the System 27

Accessing the System 27
Exploring LDAP Authentication 27
AD over LDAP 29
Common LDAP Authentication Issues 30
Managing Administrator Access 31
Administrator Access Using the Command Line Interface 32
Managing Local Users 33
Exploring User Roles 34
Managing User Roles Using the Command Line 35

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 3

[email protected]
 Monitoring the System 36
Monitoring the System 36
Monitoring Alert Messages 36
Monitoring Autosupport Reports 37
Exploring Log Files 38
Using Remote Logs 39
Configuring SNMP 40
Exploring Support Bundles 41

Exploring Licensing Features 44

Exploring Licensing Features 44
Licensing Features 44
Electronic Licensing 45

Upgrading the PowerProtect DD System 47

Upgrading the PowerProtect DD System 47
Discovering Why to Upgrade 47
DD Operating System Releases 48
Minimally Disruptive Upgrade (MDU) 50
Checking Compatibility 51
Performing a System Upgrade 52
DDOS Upgrade Rollback 54

Terms 57

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 4

[email protected]
 Accessing a PowerProtect DD System

Dell PowerProtect DD Basic Administration

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 5

[email protected]
 Accessing a PowerProtect DD System

Accessing a PowerProtect DD System

Accessing a PowerProtect DD System

Exploring Administration Interfaces

Administrators can use three methods to access a PowerProtect DD

Appliance: The DD System Manager (DDSM), the command line interface
(CLI), and the PowerProtect DD Management Center (DDMC).

DD System Manager (DDSM)

DD System Manager Dashboard

The DD System Manager (DDSM) provides a single, consolidated,

management interface to configure and monitor many system features
and settings.

You can use the DDSM to configure and manage a single PowerProtect
DD system.

Administrators can access the DDSM from many web browser

applications such as Microsoft Edge™, Google Chrome™, and Mozilla
Firefox™.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 6

[email protected]
 Accessing a PowerProtect DD System

Command Line Interface (CLI)

Command Line Interface

You can access and manage the PowerProtect DD system using the
DDOS command line interface .

When the initial configuration completes, you can use SSH or Telnet
utilities to access the system remotely and issue CLI commands. You can
also connect to the system using a serial console, serial over LAN (SOL),
or a keyboard and monitor and access the DDOS command line interface.

Use the default administrator account to initially access the PowerProtect

DD system. The default administrator username is sysadmin. On a
physical PowerProtect DD system, the initial password for the sysadmin
user is the system serial number. On a PowerProtect DD Virtual Edition
(DDVE) instance, the initial password for the sysadmin user is changeme.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 7

[email protected]
 Accessing a PowerProtect DD System

PowerProtect DD Management Center (DDMC)

Data Domain Management Center (DDMC) Infrastructure Systems Window

You can access any PowerProtect DD system that is registered in a

PowerProtect DD Management Center instance. A single PowerProtect
DD Management Center (DDMC) instance can register and manage a
maximum of 150 PowerProtect DD systems and multiple simultaneous
users.

Administrators and users can access a DDMC by using a supported

browser application with network access to the DDMC instance.

To access and manage an individual PowerProtect DD in DDMC, click

Infrastructure > Systems to view the list of registered systems. Double-
click a Host Name to access the System Details window.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 8

[email protected]
 Accessing a PowerProtect DD System

Accessing the DD System Manager

DD System Manager Login Screen

Log in to DD System Manager using a web browser and your assigned

user name and password.

Open a web browser and enter the IP address or hostname to connect to

DD System Manager. Use one of the following formats to log in:

• A fully qualified domain name

− For example, if the hostname is dd01 and is located at
example.com, then type, http://dd01.example.com in the
URL field of the web browser.
• A hostname

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 9

[email protected]
 Accessing a PowerProtect DD System

− A hostname is a label that is assigned to a device connected to a

computer network. You can use the hostname to identify the device
on the network. For this example, the name of the PowerProtect
DD system is dd01. Type http://dd01 in the URL field of the
web browser.
• An IP address

− Obtain the IP address of the PowerProtect DD system and enter it

into the URL field. For example if the IP address is 10.5.50.5, then
enter http://10.5.50.5 in the URL field of the web browser.

Exploring the Password Policy

Administrators can manage the policy that controls setting user login
passwords with a default password policy. You can manage the password
policy on the Change Login Options page. Go to Administration >
Access > More Tasks > Change Login Options.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 10

[email protected]
 Accessing a PowerProtect DD System

Password Policy Options

Change Login Options Window

This table describes the configurable password policy options

administrators can make. You can change the policy options in the Change
Login Options window.

Password Configuration Requirements

The minimum password length cannot be shorter than nine characters.

The minimum password length can be set from 9 to 31 characters long.

You cannot disable the following rules:

• At least one lowercase character

• At least one uppercase character
• At least one digit

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 11

[email protected]
 Accessing a PowerProtect DD System

• At least one special character

• Minimum of four character classes

Policy Default Description

Option Value

Minimum 0 The number of days a user must wait before

number of changing their password.
days
between a
password
change.

Maximum 90 The number of days a user can login with the

number of same password before the system forces a
days password change.
between a
password
change.

Warn days 7 The number of days the system warns the

before user that their password is about to expire.
expire

Disable the Never The system disables a user account after

user password expiration according to the number
account X of days specified with this option. Valid
days after entries are never or a number greater than or
the equal to 0.
password
expires.

Minimum Nine The minimum password length can be set 9

password characters to 31 characters.
length

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 12

[email protected]
 Accessing a PowerProtect DD System

Maximum Three A locked user cannot log in while the account

login attempts is locked. The range is 3 to 20. The limit
attempts applies to all user accounts, including
sysadmin.

Unlock 120 Defines the number of seconds a user is

timeout seconds locked out after the maximum number of
login attempts. The range is 120 to 3600
seconds.

At least one Always The local user password must have at least
lowercase enabled one lowercase character.
character

At least one Always The local user password must have at least
uppercase enabled one uppercase character.
character

At least one Always The local user password must have at least
digit enabled one digit.

At least one Always The local user must have at least one special
special enabled character.
character

Minimum 4 The minimum number of character classes

character value is always 4. The password requirement
classes is to have at least a lowercase, an
uppercase, a digit, and a special character.

Maximum Enabled This option enables or disables the

three requirement for a maximum of three
consecutive consecutive repeated characters. For
characters example, if three consecutive repeated
characters are enabled, the password,
Ab!111111 is not allowed.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 13

[email protected]
 Accessing a PowerProtect DD System

Number of 6 Specify the number of remembered

previous passwords. The range is 0 to 24.
passwords
to block

Minimum 1 Specify the minimum number of character

positions positions that must be changed within the
changed new password when a password is changed.

Default Passwords

PowerProtect DD

For PowerProtect DD series appliances, the

default sysadmin password is the system serial
number that is found on the product-serial
number tag (PSNT). The PSNT is a 14-digit
number that is used to identify your appliance to
Dell support.

On the first login, you must set a new password. The password must
comply with the password strength policy on the system.

DDVE

For DD3300, and DDVE systems running in the cloud, other initial
password requirements might apply. Following are the requirements:

System Description

DD3300 The default password for sysadmin is changeme.

On the first login, you are forced to set a new
password, which must comply with the new
password strength policy.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 14

[email protected]
 Accessing a PowerProtect DD System

DDVE running on The default password for sysadmin is the

Amazon Web Instance-ID.
Service (AWS) and When you first log in to the DDVE on the cloud
Google Cloud service, you must set a new password which must
Platform (GCP) comply with their password strength policy.

DDVE running on During the deployment on Azure, you are required

Microsoft Azure to set a complex sysadmin password following the
Azure password policy.

Password Changes Due to a DDOS Upgrade

When a PowerProtect DD system undergoes an upgrade, DDOS applies

the default password strength policy as follows:

• The system upgrade status displays a precheck warning about this

change to the default password strength policy.
• After the upgrade, the system displays an alert for the password policy
change.
• After the upgrade, when a password does not meet the password
strength policy, the following alert similar to the following appears:
Password for sysadmin does not comply with minimum requirements
for passwords. Change your password to comply with current
requirements.
• If a password meets or exceeds the password strength policy, the
system retains the password values. No alert appears.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 15

[email protected]
 Accessing a PowerProtect DD System

DDOS Upgrade Status

Alert for the Password Policy Change

Deep Dive: See the current DDOS Administration Guide on

the Dell Support website for all password policy details.

Examining Multifactor Authentication

Multifactor authentication (MFA) is a layered

approach to securing data and applications. MFA
requires a user to present a combination of two or
more credentials to verify an identity for login. MFA
increases security because even if a credential is
compromised, unauthorized users cannot meet the
second authentication requirement and cannot

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 16

[email protected]
 Accessing a PowerProtect DD System

access the device.

You can require multifactor authentication for system login for all roles and
security officer oversight. You can Configure, Enable, Edit, and Disable
multifactor authentication in the Multifactor Authentication panel in the DD
System Manager.

With the DD Operating System (DDOS), you can require the security
officer and system administrator to enter an RSA SecurID passcode
before logging into the system. Certain destructive commands or
configuration changes require system admin and security officer logins as
well.

DDOS supports MFA login only for username and password in the the DD
System Manager or SSH. DDOS does not support MFA using a certificate
or a token-based login. RSA SecurID is the only supported MFA server.
To ensure that backup applications can access the system without a
passcode, you can disable MFA for the sysadmin user only by using MFA
for login.

Configuring Multifactor Authentication

Prerequisites

Add usernames to the RSA Authentication Manager following these

requirements:
• For local, NIS, or AD users, add the user to the RSA internal database
first.
• For LDAP users:
− Add the external identify source to the RSA Operation Console.
− Link the external identity source in the RSA Security Console.
• Create a unique user ID for each user:

− For local users, create the user ID in the format <user-ID>@<DD-

serial-number>.

− Do not append the system serial number to the user IDs for Active
Directory (AD) or Network Information Service (NIS) users.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 17

[email protected]
 Accessing a PowerProtect DD System

Configuration Overview

Multifactor Authentication in DD System Manager Access Management >

AUTHENTICATION Window

To configure MFA from the DD System Manager, perform the following:

1. Select Administration > Access > Authentication.

2. Expand the Multifactor Authentication panel and click Configure.
3. Specify the RSA configuration values. Provide the server URL, the
RSA client key, the RSA client ID, the connection timeout, read
timeout. Specify any replica URLs for the RSA server. Click OK.
4. Click + Add and add the RSA server certificate to the protection
system. Click OK.
5. Click Enable.
6. When the system prompts, provide the security officer credentials.
Click Next.
7. Enter the sysadmin password in the Password field and click Finish.
8. Test the connection to the RSA SecurID server. Click Test
Connection.

The configuration process requires that you test the connection to the
RSA SecurID server. If you do not test the connection, the sysadmin
and security officer users cannot log in to the system. Dell

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 18

[email protected]
 Accessing a PowerProtect DD System

Technologies recommends that you test the connection for other

configured users but the configuration process does not require it.
a. In the Username field, enter the username to test.
b. In the Passcode field, enter the RSA passcode for the sysadmin.
c. Click OK.
Dell Technologies recommends creating an MFA troubleshooting user for
situations when the RSA passcode does not work. The MFA
troubleshooting user can access the system when required to disable
MFA or perform troubleshooting steps.

Session Security Commands

The purpose of the session security features is to monitor active sessions

on a protection system. When required, administrators can remove
malicious sessions. DD Operating System (DDOS) sessions include
HTTPS, SSH or Telnet, and web service (REST API).

Use the sysadmin role to perform these Command-Line Interface (CLI)

commands. You must provide credentials for the sysadmin and security
roles to run the session delete session command.

session show all

Use the session show all command to display all the active running
HTTPS, SSH, telnet, and web-service sessions in DDOS.

Only the sysadmin role may run this command.

The following is an example of session show all and its output:

Example of the session show all Command

The output of the session show all command lists the session IDs
that you must use to terminate the session. Copy one of the session IDs.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 19

[email protected]
 Accessing a PowerProtect DD System

Paste the session ID in the session delete session [session-

id] command.

session show data

Use the session show data session-id command to display

detailed information about the specified HTTPS, SSH or telnet, and web-
service for REST API sessions in DDOS:

Only a sysadmin role may run this command.

The following is an example of session show data session-id and

its output.

Example of the session show data session Command

The session show data output shows the username, remote host IP
address, and type of access (or agent).

session delete session

Use the session delete session [session-id]command to

terminate sessions in DDOS.

To delete an active session a security officer must also provide their

credentials.

The session delete session command deletes the specified

HTTPS, SSH, telnet, or web-service (REST API) session. Deleting each
type of session has the following impact:

• For HTTPS sessions, DDOS logs out the specified user immediately
from the DD System Manager.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 20

[email protected]
 Accessing a PowerProtect DD System

• For SSH or telnet sessions, DDOS terminates the specified connection

to the system.
• For web-service (REST API) sessions, DDOS invalidates the specified
authentication token.

The following is an example of session delete session command

and its output.

Example of session delete session Command

Obtain the session ID of the session that you want to terminate. Run
session show all to display the running session IDs. Copy the
session ID and place it after the session delete session command
in the command line.

Session Security Activity

For this activity you play the part of a system administrator trying to
remove an unauthorized active session from the system. Use the
command line commands to view and delete sessions, and show session
data.

The web version of this content contains an interactive activity.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 21

[email protected]
 Hardware Verification

Hardware Verification

Hardware Verification

Verify System Information Using DD System Manager

The Maintenance > System Page in DD System Manager

The DD System Manager dashboard displays summary information and

status for alerts, licensed services, and hardware enclosures. The
Maintenance > System page displays additional system informationsuch as:
• Model Number
• DDOS Version
• System Uptime
• System Serial No and Chassis Serial No

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 22

[email protected]
 Hardware Verification

Verify Storage Information

Use the DD System Manager Storage Window

To verify storage information use the Hardware > Storage window in the
DD System Manager.

You can also use the command line to access the same information.

Hardware > Storage management features provide certain administration

access. Administration access includes viewing the status and
configuration of the system storage space. Administrators can flash or
beacon the LED on a disk, and change the storage configuration.

Use the OVERVIEW, ENCLOSURES, and DISKS tabs to perform these

tasks.

The OVERVIEW tab displays information about the overall state of disks
that belong to the system. An Addable Storage panel displays optional
storage enclosures that are available to be added to the system to
increase capacity. The OVERVIEW tab contains information about failed,
foreign, or absent disks.

The ENCLOSURES tab displays a table summarizing the details of the

enclosures that are connected to the system.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 23

[email protected]
 Hardware Verification

The DISKS tab displays the disk state table with information about each
disk. You can filter the table to display all disks, disks in a specific tier, or
disks in a specific group.

Use the disk BEACON feature to identify which physical hard drive
corresponds to a disk identified in the table.

Viewing Chassis Information

The DD System Manager Chassis Window

The DD System Manager (DDSM) provides a virtual view of a physical

PowerProtect DD system chassis. This view is not available on DDVE
systems because DDVE systems have no physical components.

The chassis panel displays a block drawing of each enclosure in a system.

The drawing includes the chassis serial number and the enclosure status.
Depending on the model, the diagram in the Chassis window displays the
following components:

• Disks
• Fans
• Power supplies
• NVRAM

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 24

[email protected]
 Hardware Verification

• CPUs
• Memory

The System Serial No is independent of the chassis serial number and

remains the same during many types of maintenance events, including
chassis replacements.

Chassis views show the TOP VIEW, REAR VIEW, and ENCLOSURES.
The DETAILS pane shows the description and status of Power Supply 1.

Verifying System Information Using the CLI

Verifying System Information

Use the command-line interface (CLI) to verify basic system information

such as model number, version number, system serial number, and more.
• The system show modelno command displays the hardware model
number of a PowerProtect DD system.
• The system show detailed-version command shows the
version number and release information.
• The system show serialno [detailed] command displays the
system serial number and also shows whether encryption is enabled.
• The system show uptime command displays the file system
uptime, the time since the last reboot, the number of users, and the
CPU load.

Verifying Storage Information

Use CLI commands to verify information about system storage such as

storage used in active, archive, cache, and cloud tiers. You can also see
information about individual storage enclosures and individual disks.
• Thestorage show {all | summary | tier {active |
archive | cache | cloud}} command displays information
about the disk groups, disks, and storage capacity in the file system.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 25

[email protected]
 Hardware Verification

• Theenclosure show all [enclosure] command displays

detailed information about the installed components and component
status for all enclosures.
• Thedisk show hardware command displays disk hardware
information, and the output includes a column for slot identification.

Verifying Chassis Information

Use CLI commands to view the information found in the DDSM chassis
view:
• The enclosure show chassis [enclosure] command shows
part numbers, serial numbers, and component version numbers for
one or all enclosures.
• The enclosure show chassis [enclosure] command shows
part numbers, serial numbers, and component version numbers for
one or all enclosures.
• The enclosure show summary command lists enclosures, model
and serial numbers, state, OEM names and values, and the capacity
and number of disks in the enclosure.

Deep Dive: Go to the latest Command Reference Guide on

the Error! Hyperlink reference not valid. for more detailed
information and specific command syntax.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 26

[email protected]
 Accessing the System

Accessing the System

Accessing the System

Exploring LDAP Authentication

LDAP Authentication Window in the DD System Manager

You can configure the PowerProtect DD system to authenticate users with

the Lightweight Directory Access Protocol (LDAP) server. You can provide
access to DDSM, DDMC, Common Internet File System (CIFS) shares, or
Network File System (NFS) exports using LDAP accounts.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 27

[email protected]
 Accessing the System

You can use an existing OpenLDAP server or deployment with the

PowerProtect DD for system-level user authentication. You can also use
OpenLDAP for NFSv4 ID mapping, NFSv3 Kerberos with LDAP, or NFSv4
Kerberos with LDAP.

LDAP functionality and user interface are similar to the interface already
present for another authentication method, Network Information System
(NIS). You cannot enable LDAP and NIS simultaneously. You can use
Active Directory (AD) with either NIS or LDAP.

LDAP may be configured for both the DD System Manager and

PowerProtect DD Management Center.

Perform the following to configure LDAP in the DD System Manager:

1. Select Administration > Access > AUTHENTICATION.
2. Expand the LDAP Authentication panel and click CONFIGURE.
3. Configure the details in the LDAP Authentication pane and click OK.
4. To enable or disable LDAP authentication, click Enable next to LDAP
Status.
5. Click OK.

Important: An LDAP server and a valid base-suffix must

exist before enabling LDAP authentication.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 28

[email protected]
 Accessing the System

AD over LDAP

Dell PowerProtect DD Appliance with LDAP and Active Directory

PowerProtect DD series appliances that communicate with Active

Directory (AD) over LDAP provide the following:

• Single sign-on support with AD that is in line with other PowerProtect

DP series appliance components
• Compliance with Federal Information Processing Standards (FIPS)
The Approved Products List (APL) requires FIPS compliance
certification by using FIPS-compliant cipher suites with Transport Layer
Security (TLS) 1.2 to communicate with Active Directory.
• Simpler configuration and administration

Use the AD over LDAP feature when:

• You do not require or use Common Internet File System (CIFS) data
access with AD users.
• A production PowerProtect DD system is not already joined to an AD
domain.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 29

[email protected]
 Accessing the System

Common LDAP Authentication Issues

The following are common LDAP authentication issues:

Issue Possible reasons

LDAP fails when enabling • Unable to locate LDAP server

authentication. by hostname when Domain
Name Service (DNS) is not
configured.
• Unable to contact LDAP server
when ports 389/636 are not
open.
• Invalid user credentials.
• Invalid Certificate Authority
(CA) certificate for LDAP.

User fails to log in. • The user forgot to specify

type active directory
while configuration.
• The user is not assigned a
uidNumber or gidNumber.
• The user group is not
configured for login.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 30

[email protected]
 Accessing the System

Managing Administrator Access

The DD System Manager ADMINISTRATOR ACCESS Window

You can administer a PowerProtect DD system using a variety of common

protocols, including HTTPS and SSH. The Administrator Access tab under
Administration > Access allows administrators to enable and disable these
protocols to suit their security requirements.

You can configure administrative access protocols using the DD System

Manager (DDSM) or through the command line.

System administrators can use the following protocols to access a

PowerProtect DD system:

• FTP andFTPS provides access to a PowerProtect DD system through

an FTP or FTPS connection. These are the only protocols restricted to
those with the admin management role. These protocols are only used
for administrative access to files on the protection system.
• HTTP andHTTPS provides access to a PowerProtect DD system
through an HTTP, HTTPS, or both, connection.
• Secure shell (SSH) provides secure encrypted access to a
PowerProtect DD system through an SSH connection.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 31

[email protected]
 Accessing the System

• Secure Copy Protocol (SCP) provides secure, encrypted access to

copy files to and from a PowerProtect DD system.
• Telnet provides access to a PowerProtect DD system through a Telnet
connection. Telnet is neither a secure, nor encrypted protocol.

Administrator Access Using the Command Line

Interface

Administrators can use the command line interface (CLI) to manage

administrator access with the adminaccess command. The following are
the base commands:

• The adminaccess enable {http | https | ftp | ftps |

telnet | ssh | scp | web-service | all} command
enables a protocol on the protection system. By default, SSH, HTTP,
HTTPS, and web-service are enabled. FTP and Telnet are disabled.
HTTP and HTTPS allow users to log in from DD System Manager. The
web-service allows the protection system to use REST APIs.
• To use FTP and Telnet, users with the admin role permissions must
add host machines to the access lists.
• The adminaccess disable{http | https | ftp | ftps |
telnet | ssh | scp | web-service | all} command
disables system access using the specified protocol. Disabling FTP or
Telnet does not affect entries in the access lists. If all access is
disabled, the protection system is available only through a serial
console or keyboard and monitor.
• The adminaccess reset{ftp | ftps | telnet | ssh |
http | scp | all} command resets the access lists of host
entries to its default state. The output shows the running state of each
protocol.
• The adminaccess show command lists the access services available
on a protection system and displays option values for the access
services that are enabled.

You can call each protocol using the adminaccess command to modify
its parameters.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 32

[email protected]
 Accessing the System

Deep Dive: Go to the latest Command Reference Guide on

the Dell Support website for more detailed information and
specific command syntax.

Managing Local Users

The LOCAL USERS Window in DD System Manager

You can CREATE, MODIFY, and DELETE, local users in the LOCAL
USERS window. Administrators can grant user privileges, ENABLE, and
DISABLE user accounts. Administrators can view and change the user's
Management Role and Status.

CAUTION: To comply with security policies, Dell

Technologies recommends mapping PowerProtect DD
roles to Active Directory or LDAP service groups.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 33

[email protected]
 Accessing the System

Exploring User Roles

Role-based access control (RBAC) assigns a role with a privilege level

which combines to provide administrative isolation across a system.
RBAC is especially useful in a multitenant protection system.

Understanding the functions that these roles can perform can help you
better understand this unique environment.

The following are RBAC roles in the DD Operating System:

• The sysadmin role is the default admin user role. The sysadmin can
perform all administrative functions in DDOS although some functions
might require the confirmation of a security officer role. During DDOS
installation and configuration, sysadmin is the default user who the
system creates.
• The admin role can configure and monitor the entire PowerProtect DD
system. Most configuration features and commands are available only
to admin role users.
• The limited-admin role can configure and monitor the PowerProtect DD
system with some limitations. Users who are assigned this role cannot
perform data deletion operations, edit the registry, or enter any mode
besides admin mode in the command-line interface.
• The user role can monitor the system, change their own password, and
view the system status. A user assigned the user role cannot change
the system configuration.
• The security role manages other security officers and provides security
authorization for procedures that require security sign-off. The security
role also performs user-role tasks. Only the sysadmin can create the
first security officer. Once an administrator creates the first security
officer account, they cannot delete it. The users assigned the security
role can create or modify other security officers.
• The backup-operator role can perform tasks that include creating
snapshots for MTrees. They can also import, export, and move tapes
between elements in a virtual tape library. Backup-operators can also
copy tapes across pools. Backup operators can perform all user-role
tasks.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 34

[email protected]
 Accessing the System

• The none role is used for DD Boost authentication. A user assigned

the none role can log in to a PowerProtect DD system. They can
change their password, but the none role cannot monitor or configure
the primary system.
• You can append the tenant admin role to the none role when you
enable the secure multitenancy (SMT) feature. A tenant admin can
configure and monitor a specific tenant unit as well as schedule and
run backup operations for the tenant.
• You can append the tenant user role to the none role when you enable
the secure multitenancy (SMT) feature. The tenant user role enables a
user to monitor a specific tenant unit and change the user password.

Managing User Roles Using the Command Line

You can manage local user accounts through the command line interface
(CLI) using the following commands:

• The command user add user [role {admin | limited-

admin | security | user | backup-operator | none}]
[min-days-between-change days] [maxdays-between-
change days] [warn-days-before-expire days]
[disable-days-after-expire days] [disable-date date]
[forcepassword-change {yes | no}] adds a new locally
defined user.
• The user enable user [disable-date date] command
enables the specified locally defined user account so that the user can
access the file system.
• The user disable user command disables the specified locally
defined user account so that the user cannot access the file system.
• The user show list command displays a list of system users.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 35

[email protected]
 Monitoring the System

Monitoring the System

Monitoring the System

Monitoring Alert Messages

Alerts Notification Window In DD System Manager

The Alerts feature generates event and summary reports that the system
distributes to configurable email lists and to Dell Support.

The system sends event reports immediately. The reports provide detailed
information about a system event. The system uses notification groups to
distribute event reports.

You can configure notification groups to include one or more email

addresses to receive various alert types. You can also send event reports
to different notification groups based on the severity level of the alert. For
example, you might configure one notification group for people who
monitor critical events and another group for people who monitor less
critical events.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 36

[email protected]
 Monitoring the System

Another option is to configure notification groups for different technologies.

For example, one notification group can receive messages about all
network events. Another group can receive messages that are related to
storage issues.

The system sends daily summary reports that provide a summary of the
events that occurred during the last 24 hours. Summary reports include
only summary information.

Monitoring Autosupport Reports

AutosupportMailing List Configuration Window in DD System Manager

The autosupport feature generates an Autosupport log (ASUP). An ASUP

is an appliance-specific, consolidated report that shows details about the
condition of the system.

These details include identification information, consolidated output from

several DDOS commands, and entries from various log files. The ASUP
includes system alert messages. When the system generates a system
alert, the system sends it automatically to Dell Support. The system also
distributes the alert to all configured recipients in the ASUP distribution.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 37

[email protected]
 Monitoring the System

By default, the system generates an ASUP once per day. An ASUP is also
generated every time the file system is started. You can also configure
ASUPs per schedule.

Dell Support can use the ASUP of your system to aid in identifying and
debugging possible system problems.

You can configure email addresses to receive daily Autosupport reports.

The default time for sending the daily ASUP is 06:00 a.m. Use the support
channel to send email information to Dell Support. You can also use the
Secure Connect Gateway (SCG) instead of email delivery. Using SCG
enables remote assistance from Dell Support.

Exploring Log Files

From the DD System Manager, go to Maintenance > Logs to display log

file entries. The Logs window shows the contents of the /log directory.

File System Log Locations

The file system logs system status messages every hour. You can bundle
and send log files to Dell Support. Sending log files to Support provides
detailed system information to aid with troubleshooting system issues.

The /log directory contains messages from the alerts feature, auto
support reports, and general system messages.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 38

[email protected]
 Monitoring the System

Every Sunday morning, the PowerProtect DD system automatically opens

a new messages file and renames the previous file with an appended
number, for example messages.1. Each numbered file increments its
number each week.

You can also view a log file using the log view command. With no
argument, the log view command displays the most current messages
file.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

Using Remote Logs

Administrators can configure the PowerProtect DD system to send system

log events to a remote server.

Connecting to a Syslog Server Using UDP Port 514

Syslog is a way that a network device can use a standard message format
to communicate with a logging server. Syslog is designed to simplify
monitoring network devices. Devices can use a syslog agent to send out
notification messages under a wide range of specific conditions. Remote
logging with syslog uses UDP Port 514 to send system messages to a
syslog server.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 39

[email protected]
 Monitoring the System

Use the CLI command log host for remote logging.

Following is a list of CLI commands that are related to managing remote

logging:

• log host enable enables remote logging.

• log host add <host IP> adds a log host.
• log host show verifies remote logging configuration.

Important: The CLI is the only method to configure remote

logging with syslog. Use the log host enable command
to enable remote logging.

Configuring SNMP

The General Configuration Window in DD System Manager

Simple Network Management Protocol (SNMP) is a part of the

Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 40

[email protected]
 Monitoring the System

SNMP provides a tool for network administrators to monitor and manage

network-attached devices.

SNMP must use an SNMP manager, also called an SNMP server. The
SNMP manager is sometimes a third-party application. The SNMP
manager operates as a centralized management station running an SNMP
management application.

SNMP uses an SNMP agent to monitor and respond to queries. For

DDOS, the PowerProtect DD system is the SNMP agent. The SNMP
manager requests that agents send SNMP updates at regular intervals.
You can use Dell NetWorker, and Dell Avamar as SNMP managers.

To configure SNMP using the DD System Manager, go to Administration

> Settings > SNMP, and select ENABLE. An SNMP system location is a
text entry in the SNMP System Location that describes where the
PowerProtect DD system location and an SNMP System Contact.

Regarding SNMP V3 and V2C configurations:

• The SNMP agent accepts queries for PowerProtect DD-specific
information from management systems using SNMP V1, V2C, and V3.
SNMP V3 provides a greater degree of security than V2C and V1.
• V3 security replaces clear text community strings that SNMP
authentication uses with user-based authentication using either MD5 or
SHA1.
• You can encrypt SNMP V3 user authentication packets and verify their
integrity with either Data Encryption Standard (DES) or Advanced
Encryption Standard (AES).

Exploring Support Bundles

If you work with Dell Support to troubleshoot a problem with your

PowerProtect DD system, the Support Engineer might request a support
bundle. A support bundle is a compressed selection of log files with an
attached README file that includes autosupport headers.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 41

[email protected]
 Monitoring the System

Generating Support Bundles

To create a support bundle in DD System Manager, go to Maintenance >

Support > SUPPORT BUNDLES

1. Click GENERATE SUPPORT BUNDLE. It may take a few minutes to

create a bundle.
2. If the support bundle is too large, the DD Operating System provides
the option to GENERATE MINI SUPPORT BUNDLE that is smaller in
size. In the Bundle Type list box, select Mini Bundle or Full Bundle.
3. Select a duration to include in the support bundle in the Duration list
box.
4. Click Generate
5. Right-click the link to download the bundle to your personal computer.
6. Email the file to Dell Support.

Important: If the bundle size is too large to attach to an

email, go to the Dell Support website and upload the bundle.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 42

[email protected]
 Monitoring the System

You can also generate support bundles from the command line using the
following commands:
• The support bundle create {files-only <file-list> |
traces-only} [and-upload [transport
{http|https}]]command compresses listed files into a bundle and
uploads them.
• The support bundle create default [with-files <file-
list>] [and-upload [transport {http|https}]] command
compresses default and listed files into a bundle and uploads them.

The system archives a maximum of five support bundles. If you attempt to

generate a sixth support bundle, the system automatically deletes the
oldest support bundle. You can also delete support bundles using the
support bundle delete command.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 43

[email protected]
 Exploring Licensing Features

Exploring Licensing Features

Exploring Licensing Features

Licensing Features

PowerProtect DD systems add feature licenses

to activate features embedded in the DD
Operating System. System owners have the
ability to purchase only the specific feature
licenses they require. Some examples of
features that require licenses are DD Boost,
and capacity on demand. DD Capacity on
demand is a feature that allows you to increase
storage capacity on a PowerProtect DD
system.

Other features include:

• DD ArchiveStore
• Cloud Tier
• DD Encryption
• DD Expansion Storage
• DD I/OS - for IBM i operating environments
• DD Replicatior
• DD Retention Lock Compliance Edition
• DD Retention Lock Governance Edition
• DD Shelf Capacity-Active Tier
• DD Storage Migration
• DD Virtual Tape Library
• High Availability
• Protection Pool - for DD6400 systems
• SSD Cache

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 44

[email protected]
 Exploring Licensing Features

Go to the current DD System Administration guide on the Dell Support

website for more information about each of the feature licenses.

Deep Dive: Go to the current DDOS Administration guide

and DDOS Release Notes on the Dell Support website for
more information about feature licenses.

Electronic Licensing

Use the Electronic Licensing Management System (ELMS) to license

capacity and features on PowerProtect DD systems. ELMS provides a
standardized method to license Dell products electronically. By using
ELMS, you use a single file to license the system.

The customer chooses a feature that they want to license. The ELMS
creates a license authorization code (LAC) email. The LAC email contains
a link to the ELMS portal where you can redeem your LAC for license
keys. The license keys activate the system features on the system.

Dell PowerProtect DD Virtual Edition (DDVE) appliances use a locking ID

to activate system features. A locking ID is a unique identifier that links
your license file to your PowerProtect DDVE system. The locking ID ties
the serial number of your PowerProtect DD Virtual Edition to the licensed
feature. Provide the Locking ID, or serial number when you obtain a
feature license because ELMS generates a license only for that system.

You can add the license onto the DDVE using either the CLI or the DD
System Manager.

From the CLI, use the following commands to manage licenses with
ELMS:
• Use elicense show [all | license | locking-id] to show
current license information. Use the licenses option to display all
licenses installed, and all to display licenses, locking-ID, and the last
modified licenses.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 45

[email protected]
 Exploring Licensing Features

• Use elicense update to cut and paste license codes. When

finished pasting, enter CTRL+D. Use the check-only option to
validate the evaluation license file content,
• Use elicense reset to delete all existing licenses.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 46

[email protected]
 Upgrading the PowerProtect DD System

Upgrading the PowerProtect DD System

Upgrading the PowerProtect DD System

Discovering Why to Upgrade

The DD Operating System (DDOS) is the

intelligence that powers the Dell PowerProtect
DD series appliances. When purchasing a new
DD series appliance, you can now consume
DDOS as a subscription, providing flexibility for
deployment while minimizing upfront costs.

The following are several reasons to upgrade

PowerProtect DD series appliances that are
running as a part of a data protection deployment:

• Upgrades to DDOS install operating system improvements. Upgrades

are not always essential, but Dell Technologies suggests that you
maintain PowerProtect DD appliances with the current versions of the
DD Operating System (DDOS). Using the most current DDOS ensures
that you have access to all features and capabilities that your system
has to offer.
• Upgrading DDOS ensures better compatibility with new data protection
systems and software. When you add newer PowerProtect DD
systems to your backup architecture, you must often update the DDOS
version to support hardware changes. For example, remote-battery,
non-volitile RAM (NVRAM), or newer model expansion shelves might
require a more current version of DDOS.
• Administrators who want to take advantage all replication options
between source and destination devices should consider upgrading
their PowerProtect DD systems to the most current version of DDOS.
Replication pairs running earlier versions of DDOS can still support
replication with some limitations. For example, directory replication is
supported in DDOS 7.7.0.0 and earlier but not in versions after 7.7.0.0.
Only DDOS 6.2 and later supports MTree and managed file replication.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 47

[email protected]
 Upgrading the PowerProtect DD System

Dell Technologies recommends that systems that are paired in a

replication configuration should have the same version of DDOS.
• Upgrading the DDOS ensures better compatibility with backup host
software. Administrators upgrading backup host software should
always check the minimum DDOS version that Dell Technologies
recommends for your backup software. Go to the Dell Support website
and view the current DDOS Release Notes to learn more about the
supported backup host software.
• You can correct unexpected system behavior by upgrading to a more
current DDOS. No software is free of flaws, and Dell Technologies
works continuously to improve the functionality of DDOS. Each version
release has complete release notes that identify issue fixes by number.

DD Operating System Releases

Dell Support Website Showing Available Releases for DD9500 Appliance

The DD Operating System (DDOS) is the intelligence that powers

PowerProtect DD systems. DDOS provides the agility, security, and

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 48

[email protected]
 Upgrading the PowerProtect DD System

reliability that enables the platform to deliver scalable, high-speed, and

cloud-enabled protection storage for backup and archive.

DDOS functionality is constantly improving with each new version. Go to

the Dell Support website to locate and download available upgrade
packages for your PowerProtect DD products.

DD System Manager allows you to view and manage up to five upgrade

packages on the DDOS system. To upgrade the system, download an
upgrade package from the Dell Support website to a local system and
then transfer it to the target system.

Dell Technologies recommends that you track DDOS releases deployed in

your backup environment. Dell Technologies recommends that you
upgrade to the latest DDOS release for your system model. By upgrading
to the latest release, you ensure that you are running the version of DDOS
with the highest reliability status.

Caution: Reverting to a previous DDOS version destroys

all data on the PowerProtect DD system.
There is no downgrade path to a previous version of
DDOS. The only method to revert to a previous DDOS
version is to destroy the file system and all the data that is
stored on that system.
If necessary, contact Dell Support to discuss system
backup and restoration options before you upgrade.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 49

[email protected]
 Upgrading the PowerProtect DD System

Minimally Disruptive Upgrade (MDU)

The minimally disruptive upgrade (MDU)

feature lets you upgrade specific software
components or apply fixes to issues
without performing a system reboot. An
MDU is similar to the Linux atomic
upgrade. The MDU is made of stand-alone
component Red Hat Package Managers
(RPMs). These stand-alone components
come in smaller packages to facilitate
faster delivery to the system.

• The PowerProtect DD System

Manager (DDSM) is a browser-based graphical interface that enables
administrators to configure, manage, and monitor many PowerProtect
DD systems at once. DDSM provides real-time graphs and tables that
you can use to monitor the status of system hardware components and
configured features. DDSM provides a single, consolidated
management interface from which to manage a single system from any
location.
• If you have a larger protection environment, you can manage multiple
PowerProtect DD systems from a single browser window with the
PowerProtect DD Management Center (DDMC).
• You can configure system settings and display system hardware
status, configure features, and perform operations from the DDOS
command-line interface (CLI). Some operations that the DDSM cannot
run, you can run using the CLI.

MDU uses smaller component bundles, which upgrade specific software

components individually.

When an administrator upgrades the system for a specific component, the

upgrade triggers an MDU.

Only those services that depend on the component that the MDU
upgrades are disrupted. The MDU feature can prevent significant
downtime while performing other operations during certain software
upgrades.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 50

[email protected]
 Upgrading the PowerProtect DD System

Checking Compatibility

Applications or hardware devices that access the PowerProtect DD

system must be compatible with the DDOS version to which you want to
upgrade.

Check compatibility between your system upgrade and third-party

applications that you use as part of your data protection workflow.

Take the following measures to ensure the postupgrade functionality

within all system components:

• See PowerProtect DD compatibility guides in the Dell Support website.

• For information about DD Boost and third-party software compatibility,
access the E-Lab Navigator website.
• When you upgrade your version of DDOS, obtain a copy and read the
version release notes that are found on the Dell Support website.
Check for possible compatibility issues with your appliance and DDOS
software.

DDOS release notes are the most informative document to check

compatibility for your backup environment. Release notes documents
contain environmental and system requirements specific to the target
software version in these sections:

• DDOS and DDVE environment and system requirements

• DDMC environment and system requirements
• Preparing to upgrade a version of DOS
• Preupgrade checklists and overview
• Preparing the system for upgrade
• Upgrade considerations for high availability mode (HA) systems.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 51

[email protected]
 Upgrading the PowerProtect DD System

If any applications or hardware devices are not compatible

with the new version of DDOS, do not perform the upgrade.
Consider upgrading to a compatible DDOS version or
schedule your upgrade after the application or hardware
compatibility has been verified.

Performing a System Upgrade

Once you verify the compatibility of your Dell PowerProtect DD series

appliance, verify the correct version of DD Operating System to upgrade.
You can now begin the system upgrade.

Upgrade Precheck

The UPGRADE PRECHECK Tab in DD System Manager

Begin the system upgrade. Go to Maintenance > System and perform the
UPGRADE PRECHECK.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 52

[email protected]
 Upgrading the PowerProtect DD System

In DD System Manager, click Upgrade Precheck in the Maintenance >

System > UPGRADE PRECHECK tab. Upgrade precheck is part of the
upgrade process which determines whether the system is in an
upgradable state.

The aim of the precheck is to detect potential problems early and cancel
the upgrade. If you perform the upgrade without a precheck, you might
place the system in an unusable state after an upgrade attempt.

Upgrade Precheck in Progress

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 53

[email protected]
 Upgrading the PowerProtect DD System

Perform the Upgrade

The PERFORM SYSTEM UPGRADE Tab in DD System Manager

When the upgrade precheck is successful, click PERFORM SYSTEM

UPGRADE to begin the upgrade process.

DDOS Upgrade Rollback

In current DD Operating System (DDOS)

versions, system engineers improved the
management and onboarding of PowerProtect
DD series appliances at scale. You can
perform DDOS prechecks and scheduled
upgrades using PowerProtect DD Management
Center (DDMC). When the system detects an
upgrade failure, it automatically rolls back to
the previous DDOS version. Auto rollback
allows for continuous backup operations even if an upgrade fails.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 54

[email protected]
 Upgrading the PowerProtect DD System

When an administrator initiates a system upgrade, DDOS performs

prechecks on many of the system hardware and software parameters. The
DDOS checks the before initiating the backup operation:

• The partition size check verifies that the /ddr and /(root) partitions
are correct.
• The redundant array of independent disks (RAID) metagroup assembly
check verifies that all dg0 disks are available on the head unit. DDOS
ensures that there is enough available space for the file system.
• The precheck also determines whether the file system is enabled and
verifies that the numbers of MTrees and Virtual Tape Library (VTL)
pools are less than 100.
• An operations check ensures that the system is not performing file
system cleaning, cloud cleaning, and data movement operations.

If precheck determines a problem with any of these items, the upgrade

process quits without attempting an upgrade.
If the system performs an upgrade and encounters a failure with the
upgrade process, the upgrade stops. The system then automatically
returns to its pre-upgrade version.

DDOS File System Upgrade Rollback Process Overview

You can view the status of an upgrade using the DDOS command-line
command, system upgrade status. Log messages for the
upgrade are stored in /ddvar/log/debug/platform/upgrade-
error.log and /ddvar/log/ debug/platform/upgrade-
info.log.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 55

[email protected]
 Upgrading the PowerProtect DD System

Important: Rollback automatically occurs only when a

DDOS upgrade fails. DDOS offers no provision or support
for selectively downgrading to previous versions of DDOS.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 56

[email protected]
Terms
Approved Products List
The Department of Defense Information Network (DoDIN) Approved
Products List (APL) is the single consolidated list of products that have
completed cybersecurity and interoperability certification.

Federal Information Processing Standards

Federal Information Processing Standards (FIPS) are a set of standards
that describe document processing, encryption algorithms and other
information technology standards. FIPS is used within government
agencies and by government contractors and vendors who work with the
agencies.

Lightweight Directory Access Protocol (LDAP)

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-
neutral, industry-standard application protocol. LDAP is used for
accessing and maintaining distributed directory information services over
an Internet Protocol (IP) network.

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is an open-standard
protocol for exchanging network management information.

Unique Identifier or Group Identifier

A Unique Identifier (UID or UidNumber), along with the group identifier
(GID or GidNumber) and other access control criteria, is used to
determine which system resources an entity can access.

Dell PowerProtect DD Basic Administration

© Copyright 2023 Dell Inc Page 57

[email protected]
 POWERPROTECT DD
NETWORK INTERFACE
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

PowerProtect DD Network Interface Administration 5

Configuring Ethernet Interfaces 6

Configuring Ethernet Interfaces 6
Exploring Network Management Interfaces 6
Configuring and Viewing IP Name Settings 7
Configure and Viewing IP Name Settings with the CLI 8
Configure Ethernet Interfaces 9
Managing Network Routes 16
Configuring Static Routes 18
Configuring Static Routes with the Command Line 22

Administering Fibre Channel 24

Administering Fibre Channel 24
Configuring Fibre Channel Endpoints 24
Enabling and Disabling NPIV 28
Gather Fibre Channel Device Information 30
Fibre Channel Components 30
Managing Fibre Channel Initiators 32
Exploring Fibre Channel Ports 36
Monitoring Fibre Channel Status 37
Exploring Access Groups 38
Manage Fibre Channel Ports 39

Administering Link Failover and Aggregation 43

Administering Link Failover and Aggregation 43
Exploring Link Failover and Aggregation Bonding 43
Exploring Link Aggregation 45
Link Aggregation Guidelines 47
Link Control 48
Exploring Link Failover Architecture 49
Exploring Supported Link Failover and Aggregation Topologies 50

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 3

[email protected]
 Creating a Bond Interface for Link Failover 51
CLI for Configuring Link Failover 54

Administering VLAN and IP Alias Interfaces 56

Administering VLAN and IP Alias Interfaces 56
Exploring VLAN and IP Aliases 56
VLAN Interfaces 57
Administering IP Aliases 58
Configuring VLAN Interfaces 59
Configuring IP Aliases 61
CLI for Configuring IP Aliases 63

Terms 64

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 4

[email protected]
 Configuring Ethernet Interfaces

PowerProtect DD Network Interface Administration

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 5

[email protected]
 Configuring Ethernet Interfaces

Configuring Ethernet Interfaces

Configuring Ethernet Interfaces

Exploring Network Management Interfaces

Administrators can manage networking component configuration through

the PowerProtect DD System Manager or the Command Line Interface
(CLI).

IP configuration settings include IP addresses, IP aliases, and IP routes.

The domain name system (DNS) configuration is also available through
the user interface.

DD System Manager and Command Line Interface

Ethernet configuration management includes:

• Ethernet Network Interface Cards (NICs)

• Link failover configuration
• Link aggregation configuration
• Virtual LANs (VLANs)

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 6

[email protected]
 Configuring Ethernet Interfaces

• Virtual network devices (vEth)

• Network aliases

The DNS configuration management includes:

• Hostname
• Local host file
• Search domains
• Dynamic DNS

Configuring and Viewing IP Name Settings

The Network SETTINGS view in DD System Manager

The Hardware > Ethernet > SETTINGS view displays the Host Settings,
Search Domains, Hosts Mapping, and DNS List.

• The Host Settings section displays the PowerProtect DD system

hostname. DD Operating System (DDOS) displays the hostname as a
fully qualified domain name (FQDN). An FQDN provides its exact
location within the domain name system (DNS) by specifying the
hostname, domain name, and top-level domain (TLD).
• The Search Domains section displays the search domains that the
system uses. If you enter a hostname into a PowerProtect DD CLI
command or DDSM configuration field without a domain name, the DD

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 7

[email protected]
 Configuring Ethernet Interfaces

Operating System uses Search Domains to determine the correct

domain to associate with the provided hostname.
• The Host Mappings section displays local names to Internet protocol (IP)
address mappings. Unlike the mappings from the DNS server, these
name mappings only apply to this system.
• The DNS List displays the IP addresses of the DNS servers that the
system uses. An asterisk * indicates that the DNS server addresses
were assigned through dynamic host configuration protocol (DHCP).

Configure and Viewing IP Name Settings with the CLI

The following are essential commands that administrators can use to view
and configure the IP name settings using the DDOS command line:

• The net show hostname command displays the hostname of the

PowerProtect DD system.
• The net show dns command displays a list of DNS servers used by
the PowerProtect DD system. The final line in the output shows
whether the servers were configured manually or by DHCP.
• The net set hostname command sets the hostname of the
PowerProtect DD system. If you do not statically set the hostname, the
system uses a dynamic host configuration protocol (DHCP) hostname
from one of the system interfaces. If multiple interfaces have DHCP
hostnames, the system hostname might change to a hostname from a
different interface during an upgrade. Dell Technologies recommends
that you use the net set hostname command to statically set the
system hostname.
• The net set domainname command sets the domain name of the
PowerProtect DD system.
• The net set searchdomains command sets the PowerProtect DD
system search domain.
• The net hosts add command adds a host list entry in the
/etc/hosts file.
• The net hosts del command deletes a host list entry in the
/etc/hosts file.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 8

[email protected]
 Configuring Ethernet Interfaces

• The net hosts reset command clears the host list entry from the
/etc/hosts file.
• The net set dns command resets the domain name system (DNS)
server to default values.

Deep Dive: Go to the latest Dell EMC DDOS Command

Reference Guide on the Dell Support website for more
detailed information and specific command syntax.

Configure Ethernet Interfaces

When a PowerProtect DD system is installed and initially configured with a

management interface, you can create additional interfaces for user traffic.
You must configure at least one physical interface before the system can
connect to a network. Follow the steps below to configure an Ethernet
interface.

Step One

The Ethernet > Network > INTERFACES Window

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 9

[email protected]
 Configuring Ethernet Interfaces

The replication protocol confirms that the replication source and

destination tenant units belong to the same tenant. Replication begins only
when replication confirms the source and destination.

In DD System Manager, go to the Hardware > Ethernet > INTERFACES

tab and select an interface from the interface table. Then click
CONFIGURE.

Step Two

Go to the IP Settings section of the panel. When you select Obtain IP

Address using DHCP, select either IPv4 or IPv6 address depending on
which version the dynamic host configuration protocol (DHCP) server
uses.

To assign a static IP address to the device, select Manually configure IP

Address and enter the IP address and netmask in the appropriate fields.
Click NEXT.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 10

[email protected]
 Configuring Ethernet Interfaces

Selecting IPv4 in the Configure Interface Window

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 11

[email protected]
 Configuring Ethernet Interfaces

Selecting IPv6 in the Configure Interface Window

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 12

[email protected]
 Configuring Ethernet Interfaces

Step Three

MTU Settings Field in the Configure Interface Window

The minimum value for the maximum transmission unit (MTU) size is 600
for IPv4 and 1280 for IPv6. The MTU maximum value is 9000, and the
default value is 1500. To change the MTU size, go to the MTU Settings
section of the panel and change the MTU value.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 13

[email protected]
 Configuring Ethernet Interfaces

Step Four

Optional Dynamic DNS Registration for Windows Mode Setting

Enable or Disable the Dynamic DNS Registration (DDNS) for Windows

mode by selecting or clearing the checkbox. Click NEXT.

Step Five

The Configure Interface Settings summary panel appears. Review the

Configuration Interface > Settings summary and click FINISH. The
Configure Interface status panel appears. When the configuration is
complete, click OK.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 14

[email protected]
 Configuring Ethernet Interfaces

Configure Interface Summary Window

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 15

[email protected]
 Configuring Ethernet Interfaces

Configure Interface Status Window

Managing Network Routes

The PowerProtect DD uses source-based routing. Source-based routing

directs IP traffic based on the source IP address or a combination of
source IP and destination IP. In this way, you can configure the
PowerProtect DD to send packets via a specified interface or to a specific
route address, depending on the source IP.

Source-based routing directs IP traffic based on the source IP address or

a combination of source IP and destination IP. In this way, the
PowerProtect DD can be configured to send packets via a specified
interface or to a specific route address, depending on the source IP.

The only routing that the DD Operating System implements is based on

the internal route table.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 16

[email protected]
 Configuring Ethernet Interfaces

Creating StaticRoutes In the Hardware > Ethernet > ROUTES tab in DD System
Manager

The Default Gateway Setting in DD System Manager

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 17

[email protected]
 Configuring Ethernet Interfaces

Important: The PowerProtect DD appliance does not

generate or respond to any of the network routing
management protocols. The protocols include Routing
Information Protocol (RIP), Enhanced Gateway Routing
Protocol (EGRP), Enhanced Interior Gateway Routing
Protocol (EIGRP), or Border Gateway Protocol (BGP).

Configuring Static Routes

Routes determine the path taken to transfer data to and from the localhost
(the protection system) to another network or host. Static routes define
destination hosts or networks with which the PowerProtect DD appliance
can communicate.

The system requires static routes in the main routing table to direct which
source addresses it uses with connections initiated from DDOS if the
destination program does not bind the IP address. You can add and delete
static routes from individual routing tables by adding or deleting the table
from the route specification.

Create a static route using the following steps:

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 18

[email protected]
 Configuring Ethernet Interfaces

Step One

Accessing the Ethernet > ROUTES Tab in DD System Manager

To configure a static route using the DD System Manager, select

Hardware > Ethernet and click the ROUTES tab.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 19

[email protected]
 Configuring Ethernet Interfaces

Step Two

The Create Routes window in DD System Manager

In the CreateRoutes window, select an interface to host the static route.

Click NEXT.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 20

[email protected]
 Configuring Ethernet Interfaces

Step Three

Add a Network Destination IP Address, Netmask, and Gateway in the Configure Static
Routes

In the Create Routes dialog box, specify the DestinationIP Address, and
Netmask. Specify a destination Host.

Optionally, you can add the Gateway address to connect to the

destination network or host. Click NEXT.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 21

[email protected]
 Configuring Ethernet Interfaces

Step Four

The Create RoutesSummary Window

Review the Create RoutesSummary and click FINISH. When the process
is finished, click OK. The Route Spec table displays the new route
specification.

Configuring Static Routes with the Command Line

With an admin or limited-admin role, configure static routes in DDOS with

the following Command Line Interface (CLI) commands:
• The net route add [ipversion {ipv4 | ipv6}] <route
spec> command adds an IPv4 or IPv6 static route for a network or
network host
• The net route show config command displays the configured
static routes.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 22

[email protected]
 Configuring Ethernet Interfaces

• The net route show tables [<table-name-list> |

ipversion {ipv4 | ipv6}] displays the IPv4 and IPv6 routing
tables as specified.
• The net route set gateway {ipaddr | ipv6addr}
configures the IP address to be the static IPv4 or IPv6 default gateway.

Deep Dive: Go to the latest Dell EMC DDOS Command

ReferenceGuide on the Dell Support website for more
detailed information and specific command syntax.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 23

[email protected]
 Administering Fibre Channel

Administering Fibre Channel

Administering Fibre Channel

Configuring Fibre Channel Endpoints

The Fibre Channel view displays the current Fibre Channel and shows
whether Fibre Channel and N-Port ID Virtualization (NPIV) are enabled.
The Fibre Channel view also displays two tabs: Resources and Access
Groups. Resources include ports, endpoints, and initiators. An access
group holds a collection of initiator worldwide port names (WWPNs) or
aliases and the drives and changers that they are allowed to access.

Endpoints are virtual Fibre Channel ports presented to the Fibre Channel
network by the DD Operating System. On PowerProtect DD systems with
NPIV disabled, endpoints mirror the WWPN and failure status of their
associated physical ports. On PowerProtect DD systems with NPIV
enabled, endpoints present a WWPN different to their associated physical
port and can fail over in the event of a physical port failure.

Reviewing Endpoints

The Fibre Channel Window in DDOS

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 24

[email protected]
 Administering Fibre Channel

To review the Fibre Channel endpoint configuration:

1. Go to the Hardware > Fibre Channel > RESOURCES tab. Click the
right arrow > to expand the Endpoint Configuration Summary table.
2. Review the configuration summary table. Select an endpoint to view
the Summary Details. The summary information includes the endpoint
Name, Worldwide Port Name (WWPN), Worldwide Network Name
(WWNN), The System Address in use, Enabled status, and Link
Status. The Detailed Information section shows the Primary System
Address, Secondary System Address, and whether the Fibre
Channel Protocol Layer 2 (FCP-2) retry option is enabled.

Enabling and Disabling Endpoints

The Fibre Channel Window in DDOS

When N_Port ID virtualization (NPIV) is disabled on a PowerProtect DD

system, enabling an endpoint also enables the underlying physical port.

In NPIV mode, enabling an endpoint enables only the endpoint and no

other ports.

To enable an endpoint:
1. On the Hardware > Fibre Channel page, select More Tasks >
Endpoints > Enable.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 25

[email protected]
 Administering Fibre Channel

2. In the Enable Endpoints dialog box, select one or more endpoints

from the list, and then click Next.
3. Confirm that all endpoints are configured correctly, and then click Next.
DDOS displays the Enable Endpoint Status box. Click Close when
the process completes.

When you disable an endpoint, and your system is in non-NPIV mode,

disabling an endpoint also disables the underlying port. In NPIV mode,
only the endpoint is disabled.

To disable an endpoint:
1. Go to Hardware > Fibre Channel page, select More Tasks >
Endpoints > Disable. If all endpoints are already disabled, a message
to that effect is displayed.
2. In the Disable Endpoints dialog, select one or more endpoints from
the list, click Next.
3. Confirm that the endpoints are correct. If the endpoint is associated
with an active service, a warning appears. Select Disable and the
Disable EndpointStatus dialog box appears.
4. Monitor the status of the DisableEndpoint process and select Close
when the process completes.

Configuring Endpoints

The Fibre Channel Window in DDOS

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 26

[email protected]
 Administering Fibre Channel

To configure FC Endpoints:
1. Go to the Hardware > Fibre Channel > Resources tab and select the
plus sign + to expand the endpoint configuration summary table.
2. Click the green plus + icon to open the Add Endpoint dialog box. Enter
an Endpoint Name for the endpoint.
3. For EndpointStatus, select Enabled or Disabled.
4. When NPIV is enabled, select a Primary system address from the
drop-down list. You must have a different primary system address than
any secondary system address.
5. If the endpoint cannot be created, the system displays an error. If there
are no errors, the system proceeds with the endpoint creation process.

Monitor the system as the endpoint is created. The system notifies you
when the endpoint creation process is complete.

Deleting Endpoints

Delete Endpoints in the Fibre Channel Window in DDOS

You can delete an endpoint when the underlying hardware is no longer

available. If the underlying hardware is still present, or becomes available,
the system automatically discovers, and configures a new endpoint for the
hardware based on default values.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 27

[email protected]
 Administering Fibre Channel

To delete an endpoint, do the following:

1. Go to the Hardware > Fibre Channel > Resources tab and select the
plus sign + to expand the endpoint configuration summary table.
2. Select one or more endpoints that you want to delete from the system.
3. Select the delete icon represented by a trashcan. The delete icon is
not active unless you select an endpoint. The system displays the
Delete Endpoint dialog box. If the selected endpoint is in use, the
system displays an alert that deleting the endpoint might disrupt the
system.
4. Verify that the endpoints in the Delete Endpoint dialog box are
correct. Click Delete.

Enabling and Disabling NPIV

The Fibre Channel standard includes a N_Port1 ID Virtualization (NPIV)

feature in which multiple Fibre Channel N_Port IDs can share a single
physical N_Port. Sharing a single N_Port allows multiple Fibre Channel
initiators to occupy a single physical port, easing hardware requirements.
This mechanism allows each virtual server to see only its own storage.
NPIV allows a single N_Port to register multiple World Wide Port Names
(WWPNs) and N_Port identification numbers.

1 node port

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 28

[email protected]
 Administering Fibre Channel

The Fibre Channel Window in DD System Manager

To enable NPIV:

1. Go to the Hardware > Fibre Channel page.

2. Next to the NPIV: Disabled status indicator, select ENABLE. In the
Enable NPIV dialog box, DDOS presents a warning that you must
disable all Fibre Channel ports before enabling NPIV.
3. Review and correct any configuration error messages.
4. Monitor the Enable NPIV Status dialog box. Click Close when the
process is complete.

To disable NPIV:

1. Go to the Hardware > Fibre Channel page.

2. Next to NPIV: Enabled status indicator, select DISABLE.
3. Review and correct any configuration error messages.
4. Monitor the Disable NPIV Status dialog box as the NPIV disables.
Click Close.

Warning: Before you can disable NPIV, all ports must have
a maximum of one endpoint.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 29

[email protected]
 Administering Fibre Channel

Gather Fibre Channel Device Information

Fibre Channel Components with a PowerProtect DD Series Appliance

Before you configure a Fibre Channel (FC) connection for the

PowerProtect DD system, you must first gather some FC-related
information. Check that the FC switch is properly zoned and
communicating with the server and the PowerProtect DD.

For each connecting host, gather the hostname, FC card, World Wide
Node Name (WWNN), and each host port's World Wide Port Name
(WWPN). Use these details when you add the host WWPNs to the
PowerProtect DD as initiators.

Your system is easier to configure if you prepare and know the device
information before you begin.

Fibre Channel Components

Fibre Channel services, such as Virtual Tape Library (VTL) and DD Boost,
require the support of underlying components. These components are

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 30

[email protected]
 Administering Fibre Channel

grouped in the DD System Manager (DDSM) under the hardware

configuration section.

For Fibre Channel configuration, PowerProtect DD also supports block

storage service or vDisk. For a PowerProtect DD system, Dell VMAX3 and
VMAX All Flash arrays encapsulate PowerProtect DD storage devices.
Dell VMAX3 and VMAX All Flash arrays prepare PowerProtect DD storage
for use as native VMAX storage devices for data protection solutions.

Fibre Channel components consist of:

• Host Bus Adapter (HBA)

− A host bus adapter connects a host system, such as a server, to a
storage or network device. An HBA also provides input and output
processing in order to reduce the host processing load and help
improve overall performance.
• Fibre Channel Ports
− A Fibre Channel port is a hardware pathway into and out of a node
that performs data communications over an FC link.
• N-Port ID Virtualization (NPIV)

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 31

[email protected]
 Administering Fibre Channel

− NPIV is a standard that describes how a single Fibre Channel HBA

port can register with the fabric using several worldwide port names
(WWPNs). NPIV allows a fabric-attached N-port to claim multiple
fabric addresses. Each address appears as a unique entity on the
Fibre Channel fabric. In the DD system, these unique FC entities
are called endpoints.
• Endpoint
− An endpoint is the logical target on a DD system with which an
initiator connects and communicates.
• Initiator
− The initiator is the endpoint that sends commands to the target
endpoint for data transfers over FC.
• Access groups

− Access groups define which storage initiators can be used to

access hard drives that are exposed using some form of SAN
storage.

Important: When using NPIV, Dell Technologies

recommends using only one protocol per endpoint on a
protection storage device. The protocols include DD VTL
Fibre Channel, DD Boost over Fibre Channel, or vDisk Fibre
Channel. For redundancy, you should also configure
secondary endpoints to use the same protocol as the
primary.

Managing Fibre Channel Initiators

A Fibre Channel (FC) initiator is the host port that initiates a session and
sends commands to the target endpoint for data transfers over FC. In a
storage environment, the Fibre Channel target is almost always on the
storage device. PowerProtect DD is no exception. FC targets are passive
FC entities that wait for FC initiators to request data read or write.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 32

[email protected]
 Administering Fibre Channel

When you add an access group for the initiator or client, the client can
access only the devices in that access group. A client can have access
groups for multiple devices.

An access group may contain multiple initiators, but an initiator can exist in
only one access group.

Reviewing FC Initiators

The Fibre Channel Window in DD System Manager

To review the configuration of the Fibre Channel initiators, perform the

following:

1. Select the Hardware > Fibre Channel > RESOURCES tab.

2. Click the right arrow > next to the Initiators section to expand the
initiator configuration summary table.
3. Review the configuration of the initiators.

With an admin or limited-admin role, administrators can view the list of

initiators and their details using the following commands:
• The CLI command, scsitarget initiator show list
[initiator-spec] [endpoint endpoint-spec] [group
group-spec]displays a list of initiators based on the selected
arguments.
• The CLI command, scsitarget initiator show detailed
[initiator-spec] [endpoint endpoint-spec] [group
group-spec]displays details information for one or more initiators
based on selected arguments.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 33

[email protected]
 Administering Fibre Channel

Adding an FC Initiator

The Add Initiator Pane in DD System Manager

To add an initiator, do the following:

1. Go to Hardware > Fibre Channel and select the RESOURCES tab.

2. Select the right arrow > to expand the Initiators configuration
summary table if necessary.
3. Under Initiators, select the plus + symbol.
4. In the Add Initiator dialog, enter the Worldwide Port Name (WWPN)
for the device that you want to add to the system. Use the format
shown in the field. Enter a name or alias for the initiator.
5. Select the Address Method. Select Auto for standard addressing.
Volume Set Addressing (VSA) to address virtual buses, targets, and
LUNs.
6. Click OK.

The CLI command, scsitarget group add <My_Group>initiator

<My_Initiator> adds an initiator.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 34

[email protected]
 Administering Fibre Channel

Deleting an FC Initiator

The Delete Initiator Button in the DD System Manager Fibre Channel Window

To delete an FC initiator using DD System Manager, do the following:

1. Go to the Hardware > Fibre Channel > RESOURCES tab and select
the right arrow > to expand the initiator configuration summary table.
2. Ensure that the target initiator is offline and not a part of any access
group. You cannot delete the initiator if it is configured with an access
group and is online.
3. Select the target initiator from the Initiators tab in the Fibre Channel
window.
4. Click the trash can icon to delete the initiator.
5. A warning appears in the Initiator Delete dialog box. Read the warning
and Click OK to proceed. Click Cancel to stop the deletion.
6. When the process finishes, click OK to proceed.

The CLI command, scsitarget group del <My_Group>initiator

<My_Initiator> deletes an initiator.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 35

[email protected]
 Administering Fibre Channel

Exploring Fibre Channel Ports

Fibre Channel Ports

At startup, the DD Operating System uses port discovery to identify and

automatically create a single endpoint for each port. The properties of the
base port depend on whether N_Port ID virtualization2 (NPIV) is enabled
or not.

In non-NPIV mode, ports use the same properties as the endpoint. The
WWPN for the base port and the endpoint are the same.

In NPIV mode, the endpoint keeps its worldwide port name (WWPN) and
the system generates a new WWPN for the base physical port. This
means that you should not need to make changes to zoning if NPIV is
enabled on an existing system. The PowerProtect DD system preserves
the original WWPN on the endpoint to enable consistent switching
between NPIV modes.

You must enable channel ports before the system can identify and use
them.

When you enable an FC port, the system also enables any endpoints
using that port. With endpoint fallback, any endpoints that failover when
the port disables should fail back to their primary port.

2 With NPIV, you can assign multiple N-Port IDs or Fibre Channel IDs
(FCID) over a single Fibre Channel host connection or N-Port.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 36

[email protected]
 Administering Fibre Channel

In non-NPIV mode, disabling one or more target ports also disables any
endpoints using that port.

In NPIV mode, you can configure endpoints to failover to a secondary

port. To configure port failover, you must ensure that a secondary port is
available for failover.

Monitoring Fibre Channel Status

View Fibre Channel Status in DD System Manager

If you want to check the status of the Fibre Channel subsystem in DDOS,
go to Hardware > Fibre Channel in the DD System Manager (DDSM).
View the Fibre ChannelStatus that is shown near the top of the Fibre
Channel page.

You can enable or disable Fibre Channel only through the command line
interface (CLI). The roles required to perform these commands are admin
and limited-admin. Use the following commands to enable and disable
Fibre Channel in DDOS:

Use the CLI command scsitarget enable to enable the small

computer system interface (SCSI) target subsystem.

Use the CLI command scsitarget disable to disable the SCSI

target subsystem.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 37

[email protected]
 Administering Fibre Channel

Important: With DDSM, the SCSI target daemon is

automatically initiated when you enable the DD Boost-over-
FC service.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

Exploring Access Groups

Access groups provide a means to arrange and restrict access to storage

to a limited set of servers. Access groups identify the specific initiator,
drives, changers, and logical unit numbers (LUNs) that the devices are
permitted to use.

When you work with initiators, consider the following:

• Initiators can read from and write to devices in the same access group.
• Initiators may belong to only one access group. You can add up to 64
devices to one access group.
• You cannot assign initiators to both VTL access groups and DD Boost
access groups on the same system.

Important: Make access group changes only when backup

and restore operations are inactive.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 38

[email protected]
 Administering Fibre Channel

Manage Fibre Channel Ports

Administrators can review, enable, disable, and configure Fibre Channel

(FC) ports.

Review FC Ports

The Fibre Channel Port RESOURCES Window in DD Operating System

To review FC ports, perform the following:

1. Go to Hardware > Fibre Channel > RESOURCES. A Port Details table
appears.
2. Review the Port Configuration status table. The table holds summary
information including the System Address, World Wide Port Name
(WWPN), World Wide Network Name (WWNN), and enabled status.
The table also contains the N_Port ID virtualization (NPIV) status, the
Fibre Channel Link Status, the Operation Status, and the Number of
Endpoints configured on the system.
3. Select a port.
4. Review the configuration details for the port that you selected in Port
Details. The detailed information section shows the Fibre Channel
HBA Model, the installed Firmware version number, the Port ID, Link
Speed, Topology, and Connection Type.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 39

[email protected]
 Administering Fibre Channel

Enable FC Ports

The Enable Ports menu selection in DDOS

To enable FC ports in DD System Manager, perform the following:

1. Go to Hardware > Fibre Channel, and select MORE TASKS > Ports >
ENABLE to select the target ports. If all existing ports are enabled, the
system displays an indication that all ports are enabled.
2. Select one or more ports from the list and select Next.
3. Click ENABLE to enable the ports you select.
4. Wait for the enable port process to complete, and then click Close
todismiss the Enable Ports Status dialog box.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 40

[email protected]
 Administering Fibre Channel

Disable FC Ports

The Delete Ports menu selection in DDOS

To select and disable FC ports in DD System Manager, perform the

following:
1. Go to the Hardware > Fibre Channel > RESOURCES tab, and select
MORE TASKS > Ports > Disable. The Disable Ports window
appears.
2. Select one or more ports from the list in the Disable Ports window.
3. Click Next
4. Wait for the disable port process to complete, and then click Close.

You can also use the command line command, scsitarget port
disable to disable FC ports.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 41

[email protected]
 Administering Fibre Channel

Configure FC Ports

The Configure Port window in DD System Manager

To configure FC ports in DD Operating System (DDOS), perform the

following:
1. Go to the Hardware > Fibre Channel > RESOURCES tab.
2. Select the port to configure.
3. Then select the pencil icon to configure the selected port. The
Configure Port window appears.
4. In the ConfigurePort dialog, select whether to automatically enable or
disable NPIV for this port. You can modify this option only if you
enabled NPIV globally.
5. In the Topology field, select Default, LoopOnly, Point to Point, or
Loop Preferred.
6. In the Speed field, select 1,2,4,8, or 16Gbps, or Auto.
7. Click OK.
8. Close the Configure Port window once you complete the configuration
process.

You can also use the command line interface (CLI) command,
scsitarget port modify to configure a Fibre Channel port.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 42

[email protected]
 Administering Link Failover and Aggregation

Administering Link Failover and Aggregation

Administering Link Failover and Aggregation

Exploring Link Failover and Aggregation Bonding

Link aggregation and link failover are two types of bonding that most
PowerProtect DD systems support.

When designing link failover and link aggregation, consider the following:

Components

• Consider four components to implement link failover or link

aggregation:
− The system software
− A virtual interface
− The operation defined by the virtual interface
− The physical network interfaces

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 43

[email protected]
 Administering Link Failover and Aggregation

• The system software sends and receives data to and from the bonded
interface3. Data moves across the bonded interface in the same way
manner as a physical interface.
• The virtual network interface provides the system software with a way
to access the underlying aggregated link connection, link failover
connection, or virtual local area network (VLAN). The system views the
virtual interface as a normal physical network interface.

Bonding Modes

• Bonding is grouping network interfaces together to act as one interface

to the outside world.
• Bonding modes define the methods and protocols that are used to
control the physical links between systems. The bonding hash defines
the methods that are used to balance transmissions over the physical
links. Balancing is typically done to obtain better physical link
utilization.

Topologies

• The basic link aggregation topology uses a single aggregation that

contains more than one physical interfaces.

3 The bonded interface operation is the component that performs the

functions that the bonded interface type or bonding mode defines. The
bonded interface processes data according to the rules associated with
the interface type.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 44

[email protected]
 Administering Link Failover and Aggregation

Bonding Hash

• Bonding hash is how the system balances transmissions over physical

links to obtain better network utilization. With interface bonding, several
physical network interfaces are bonded together in one logical network
interface. Load is balanced using an XOR hash calculation for each
frame (L2) or packet (L3). Hash options are:
− Inbound and outbound MAC addresses (XOR-L2)
− Inbound and outbound MAC addresses, and inbound and outbound
IP addresses (XOR-L2L3)
− Inbound and outbound IP addresses and inbound and outbound
ports (XOR-L3L4)
• Traffic for a single data flow always hashes to the same interface.

Important: Only physical Dell PowerProtect DD appliances

support link failover and aggregation except for the
PowerProtect DD3300.

Exploring Link Aggregation

Link aggregation increases network throughput and treats a bundle of

multiple network links as a single path. Each added physical network link
increases network throughput by the speed of the link. For example, you
can aggregate three 10-Gbps links to provide 30 Gbps of potential
throughput. Link aggregation runs between the PowerProtect DD system
and connected network devices.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 45

[email protected]
 Administering Link Failover and Aggregation

Link Aggregation Overview

The following are some attributes of link aggregation:

• The network device connected to the PowerProtect DD system can be
a switch, router, server, or client.
• The network device connected to the PowerProtect DD system can be
a switch, router, server, or client.
• Link aggregation provides link failover. If one of the physical network
links in the bundle should fail, the other links continue to service the
network connection.
• Administrators can create as many bonded interfaces as there are
physical interfaces.
• Link aggregation provides improved network performance and
resiliency by using one or more network interfaces in parallel. Link
aggregation can increase the link speed and reliability compared to
using a single interface.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 46

[email protected]
 Administering Link Failover and Aggregation

Link Aggregation Guidelines

When you configure link aggregation, consider the following that can affect
performance:
• The network switch and network link speeds impact performance when
data throughput exceeds the switch capacity.
− If packets originate from several ports and connect to one uplink
running at maximum speed, the switch may lose some packets.
Consider using only one switch for port aggregation coming from a
PowerProtect DD system.
• Out-of-order packets can impact performance due to the processing
time the system requires to reorder the packets.
− Round-robin link aggregation mode can result in packets arriving at
the destination out-of-order. Out-of-order packets add overhead
that can severely reduce the throughput speed.
• The number of clients can impact performance.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 47

[email protected]
 Administering Link Failover and Aggregation

− Sometimes the aggregation resources cannot process data fast

enough. Test the performance of your devices after setting-up link
aggregation.
• The number of streams (connections) per client can impact link
utilization depending on the hashing used.
• Make interface changes only during scheduled maintenance downtime.
• Enable aggregation on an existing bonded interface by specifying the
physical interfaces and mode.
• When you enable the bonded interface, ensure that an IP address is
on the interface or an associated interface.

− The bonded interface might have VLANs and or aliases on it, each
with an IP address.

Important: Aggregate interfaces of like speeds only. For

example, you cannot aggregate a 1 GbE and a 10 GbE
interface together.

Link Control

When using link failover or link aggregation, the protocols the

PowerProtect DD system uses to control link operations are point-to-point.
The protocols operate only between the PowerProtect DD system and the
directly connected device. The directly connected device can be a switch,
a server, or even a network gateway or router.

Link control does not extend beyond the directly connected device. If the
media or application server is not directly connected to the PowerProtect
DD system, the failover or aggregation functions cannot manage physical
link operations. Higher-level protocols detect any loss of connectivity.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 48

[email protected]
 Administering Link Failover and Aggregation

Exploring Link Failover Architecture

Link failover provides link redundancy by reserving pre-configured failover

interfaces that can support network traffic when the primary interface is
not operating. Link failover ensures that the PowerProtect DD system
remains connected to the network.

Click the blue boxes in the image below to view more details about link
failover.

Link Failover Architecture

Link Failover

1: The failover-enabled bonded interface represents a primary physical

network interface and a group of secondary physical network interfaces.
The system activates the primary interface whenever the primary interface
is operational. Setting an interface to primary is optional and not required.

2: If the primary link fails, the PowerProtect DD remains connected. You

can configure the down delay failover option in 900 millisecond intervals.
When the network is unstable, the failover down and failover up delays
guard against multiple failovers. By default, a link must be up or down
continuously for about 30 seconds before the system activates a standby
link or restores the primary link.

3: If the system loses the carrier signal, the active interface changes to
another standby interface. An Address Resolution Protocol (ARP) call
comes from the system to indicate that the data must flow to the new

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 49

[email protected]
 Administering Link Failover and Aggregation

interface. The interface can be on the same switch, on a different switch,

or directly connected.

Exploring Supported Link Failover and Aggregation

Topologies

Topologies provide a map of the network and essentially

define its terrain. A map of the network topology shows
how devices are physically or logically interconnected.

The following describes three common link failover and

link aggregation topologies:

Direct Connect

In the direct connect topology, the PowerProtect DD appliance connects

directly to the application, media, client, or backup server. In this case, the
connected server must use a compatible bonding configuration - including
type, mode, and hash. The physical Ethernet connections must follow
existing guidelines, which typically means that all interfaces have the
same speed and duplex settings. Some configurations support the links in
the bundle to have different media types.

LAN Connect

The PowerProtect DD appliance directly connects to a Layer 2 switch. The

physical Ethernet links between the PowerProtect DD appliance and the
switch must have the same speed and duplex settings. The PowerProtect
DD system and the Layer 2 switch must use a compatible bonding
configuration. Compatibility includes the bonding type, mode, and hash.
The PowerProtect DD system and the server must also use the same
subnet. The server must connect to a Layer 2 switch, but that does not
mean it is connected to the same switch as the PowerProtect DD system.

Remote Connect

In a remote connect topology, the server or client belongs to a different

subnet than the PowerProtect DD system. All traffic to and from the server

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 50

[email protected]
 Administering Link Failover and Aggregation

must go through a gateway. All packets contain the MAC addresses of the
gateway and PowerProtect DD.

Important: Link aggregation and link failover are point-to-

point protocols and not end-to-end.

Creating a Bond Interface for Link Failover

PowerProtect DD appliances support link aggregation, a technology that

joins multiple physical interfaces into one virtual network interface, known
as a bond interface. The bond interface shares the load among many
interfaces, which gives fault tolerance and increases throughput.

Administrators can create and manage the bond interface using the
following steps:

Disable the Interface

Ethernet > Network > INTERFACES Window

A physical network interface that is part of a virtual interface appears as

disabled for other network configuration options. Each physical interface

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 51

[email protected]
 Administering Link Failover and Aggregation

can belong to one virtual interface. The number and type of cards on the
system determine the number of physical Ethernet interfaces available.

To disable the interface that you want to configure, perform the following
steps:
1. In the DD System Manager, select Hardware > Ethernet >
INTERFACES.
2. In the Interfaces list, disable the physical interface to which you want
to add the bonded interface. Select the interface from the list and click
No in the Enabled column.

If an error appears that warns about the dangers of disabling the interface,
verify that the interface is not in use and click OK.

Create the Virtual Interface

The Create Menu in the Network > INTERFACES Window

To create the virtual interface, perform the following:

1. From the CREATE menu, select Virtual Interface.
2. In the Create Virtual Interface dialog box, specify a bonded interface
name in the Virtual Interface Id box. In the BondingType list, select
Failover as the bonding type.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 52

[email protected]
 Administering Link Failover and Aggregation

Select Failover as the Bonding Type for the Virtual Interface

3. Select the interfaces that you want to add to the failover configuration.
Click the checkboxes under Select physical interface(s) for bonding
next to the interface.Only group identical physical interfaces to create
the bonded interface. You may have only one interface group active at
a time.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 53

[email protected]
 Administering Link Failover and Aggregation

Configure the IP Settings

Add the IP Settings for the Virtual Interface.

To configure the IP settings, perform the following:

1. Specify an IP address and Netmask.
2. Specify the maximum transmission unit (MTU) setting. The default
setting is 1500. Ensure all the network path components support the
MTU size that you set.
3. A summary panel of the configuration appears. Review the
configuration and click Finish.
4. Once the process finishes, click OK.

CLI for Configuring Link Failover

Use the following command line commands to configure link failover:

• The command net disable ifname disables the interfaces.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 54

[email protected]
 Administering Link Failover and Aggregation

• The command net create interface virtual vethidcreates

a virtual interface. The virtual interface name vethid must begin with
veth.
• The command net ddns add {ifname-list all | ifname
interface-hostname} hostname adds interfaces to the Dynamic
DNS (DDNS) registration list.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 55

[email protected]
 Administering VLAN and IP Alias Interfaces

Administering VLAN and IP Alias Interfaces

Administering VLAN and IP Alias Interfaces

Exploring VLAN and IP Aliases

Virtual Local Area Networks (VLANs) allow network administrators to

isolate traffic from different device groups on the same switch, allowing
devices in the same VLAN to communicate and preventing communication
between devices in different VLANs. Traffic isolation improves network
efficiency and security and enables network features like service
prioritization to further improve network performance.

VLAN tagging allows devices on the network such as a PowerProtect DD

to tag packets with a VLAN ID. VLAN tagging immediately identifies the
purpose of those packets to network switches and routers. VLAN-tagged
packets to be correctly identified as they travel switch-to-switch across the
network.

Administrators can control traffic patterns and react quickly to relocation

using virtual local area network (LANs, VLANs). VLANs provide the
flexibility to adapt to changes in network requirements and simplify
administration. A virtual LAN is a logical overlay network that groups a
subset of devices that share a physical LAN, isolating the traffic for each
group.

IP aliasing associates more than one IP address to a single network

interface.

VLANs and IP aliases provide the following benefits when managing

network traffic:
• With IP aliasing, one node on a network can have multiple connections
to a network, each serving a different purpose.
• VLANs provide the segmentation services that routers provide in LAN
configurations.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 56

[email protected]
 Administering VLAN and IP Alias Interfaces

• VLANs address issues such as scalability, security, and network

management.
• Routers in VLAN topologies provide broadcast filtering, security,
address summarization, and traffic-flow management.
• Switches cannot bridge IP traffic between VLANs. Bridging may violate
the integrity of the VLAN broadcast domain.

VLAN Interfaces

Creating VLAN Interfaces

When an administrator creates a VLAN interface on a PowerProtect DD

system, the system essentially adds an 802.1Q tagged virtual port to a
physical interface. All Ethernet frames that the system transmits through
the VLAN interfaces are tagged with the assigned VLAN ID.

• When you create a VLAN interface, you must provide an IP address for
the underlying physical or bonded interface.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 57

[email protected]
 Administering VLAN and IP Alias Interfaces

• Unlike VLAN Interfaces, Physical and Bonded Interfaces require

untagged ports on the switch.
• Configure the connected switch to support both packet types and all
VLAN IDs on the physical interface.

Administering IP Aliases

An IP alias assigns multiple IP addresses to a physical interface, a virtual

interface, or a VLAN. The IP alias interface does not operate as an
independent interface. The only function of an alias interface is to add
multiple IP addresses to the base interface.

The format of an IP alias interface name is the base interface name,

followed by a colon : followed by the IP alias ID.

The following are examples of IP aliases:

• The interface nameeth5a:35 references an IP alias that the system
assigns to the physical interface eth5a and the IP alias ID is 35.
• The interface name veth4:26 references an IP alias that is assigned
to bonded interface 4 and its alias ID is 26.
• The IP alias interface name eth5a.82:162 is an IP alias that is
assigned to VLAN 82. The system assigns the alias to physical
interface eth5a, and the IP alias ID is 162. The acceptable IP alias ID
values differ depending upon the user interface or CLI command that is
used to create the IP alias.

Best Practice: DD Operating System (DDOS) supports IP

alias ID values from 1 to 4094. If you use the net config
command, DDOS supports values from 1 to 9999. Dell
Technologies recommends using 1 through 999 as the
range of ID values.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 58

[email protected]
 Administering VLAN and IP Alias Interfaces

Best Practice: You can add up to 100 interfaces on a

system. Dell Technologies recommends a maximum of 80
interfaces. As you approach the maximum number, you
might experience some system slowness.

Configuring VLAN Interfaces

You can create a VLAN interface from a physical or a bonded interface in

DD System Manager.

Go to the VLAN INTERFACES Window

The DD System Manager Network > INTERFACES Window

To create a VLAN, perform the following:

1. In the DD System Manager, go to Hardware > Ethernet >
INTERFACES table, select the interface to add the VLAN.
2. Click CREATE and choose VLAN from the dropdown menu. A Create
VLAN dialog box appears.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 59

[email protected]
 Administering VLAN and IP Alias Interfaces

Adding the VLAN Settings

The Create VLAN Window in DD System Manager

To add the VLAN settings, perform the following:

1. Specify a VLAN ID by entering a number in the VLAN ID field.
2. Enter an IP Address, or enter 0 to specify no IP address.
3. Enter a Netmask.
4. Specify the MTU Setting or click DEFAULT to select the default value
of 1500.
5. If you plan to use the VLAN in Windows mode, click the Dynamic DNS
Registration (DDNS) for Windows mode checkbox and click NEXT.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 60

[email protected]
 Administering VLAN and IP Alias Interfaces

Finish the Configuration

The Create VLAN Summary Pane

The Create VLAN summary page appears. Review all configurations

settings and click FINISH.

Important: DD Operating System supports VLAN interfaces

only on physical PowerProtect DD appliances.

Configuring IP Aliases

To create and IP alias using the PowerProtect DD System Manager,

perform the following:

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 61

[email protected]
 Administering VLAN and IP Alias Interfaces

The DD System Manager Network > INTERFACES Window

1. Go to the Hardware > Ethernet > INTERFACES tab and select the
interface to add the IP alias. You can choose an existing physical,
VLAN, or virtual interface.
2. Click CREATE.
3. From the CREATE menu, select the IP Alias option.
4. Specify an IP alias ID by entering a number in the IP Alias Id field.
Use any number between 1 and 4094 for the IP alias ID. You cannot
use the same IP alias ID that exists on the base interface. The
command line allows using a number range between 1 and 9999.
5. Enter an IPv4 and subnet mask or IPv6 address and prefix.
6. If you plan to use the IP alias in Windows mode, click the Dynamic
DNS Registration (DDNS) for Windows mode checkbox and click
NEXT.
7. Once the system configures the IP alias, click OK.
8. Review the details from the newly configured IP alias in the interface
table in the Hardware > Ethernet > INTERFACES tab.
9. Click FINISH to complete the configuration.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 62

[email protected]
 Administering VLAN and IP Alias Interfaces

CLI for Configuring IP Aliases

Use the following commands to configure IP aliases:

• The command net config <base-ifname>:<alias-id>
<ipaddr> netmask <mask> creates an IP alias. The base-
ifname parameter expects a physical, VLAN, or virtual interface
name.
• The command net config <base-ifname>:<alias-id>
<ipv6addr/prefix> creates an IP alias for IPv6. The net config
command supports alias-id values from 1 to 9999. You cannot use
an alias ID that is used by another alias. Use the net config
command to assign an IP alias to physical, VLAN, and virtual
interfaces. To destroy or delete an IP alias using the net config
command, assign it an IP address of 0.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 63

[email protected]
Terms
Internal route table
An internal routing table keeps rules that DDOS uses to determine where
data packets traveling over an Internet Protocol (IP) network are directed.
The administrator configures the internal route table.

PowerProtect DD Network Interface Administration

© Copyright 2023 Dell Inc Page 64

[email protected]
 POWERPROTECT DD
CIFS AND NFS
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

PowerProtect DD CIFS and NFS Implementation and Administration 5

PowerProtect DD CIFS and NFS Implementation and Administration 6

Administering CIFS 7
Administering CIFS 7
Evaluating CIFS Status 7
Evaulate and Change CIFS Status Using CLI Commands 8
Managing CIFS Shares 9
Detailed CIFS Share Information 10
Creating a CIFS Share 11
CLI Commands to Manage CIFS Shares 12
Configuring CIFS Options 13
Accessing a CIFS Share 14
Monitoring CIFS Status 15

Administering NFS 17
Administering NFS 17
Exploring NFS 17
Exploring NFS Status 18
NFS Status Using the Command Line 18
Exploring NFS Exports 19
NFS Exports Using the Command Line 20
NFS Export Options 21
Exploring Kerberos Authentication 22
Exploring Kerberos in DDOS 22
Kerberos Authentication 23
Exploring Active Directory Authentication 24
Monitoring NFS 25
Monitoring NFS 25
Monitor NFS Client Status Using the Command Line 26

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 3

[email protected]
 PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 4

[email protected]
 Administering CIFS

PowerProtect DD CIFS and NFS Implementation and

Administration

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 5

[email protected]
PowerProtect DD CIFS and NFS Implementation and
Administration

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 6

[email protected]
 Administering CIFS

Administering CIFS

Administering CIFS

Evaluating CIFS Status

The Protocols > CIFS Window in DD System Manager

Administrators can provide access to Common Internet File System

(CIFS) protocol clients to the system directories on the PowerProtect DD
system.

Common Internet File System (CIFS) clients can have access to the
system directories on the PowerProtect DD system. For some backup
applications that write to network drives, you will need to create CIFS
shares to provide access to a PowerProtect DD backup location.

For administrative tasks, such as retrieving core and log files, DDOS uses
the /ddvar/core directory and its subdirectories.

The Protocols > CIFS > CONFIGURATION page enables you to

configure CIFS Authentication and Options.

In the DD System Manager, the Protocols > CIFS window displays the
CIFS status in the DD Operating System (DDOS). Administrators can

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 7

[email protected]
 Administering CIFS

enable or disable CIFS, set authentication, manage shares, and view

configuration and share information.

As part of the initial protection system configuration, you can enable the
CIFS protocol and configure clients to access the protection system. You
can modify the initial settings on the Protocols > CIFS page. For instance, if
CIFS is not enabled, you can enable CIFS by clicking ENABLE next to the
CIFS Status on the CIFS page. With administrative privileges, you can
perform all CIFS operations such as setting authentication, managing
shares, viewing configuration, and sharing information.

Evaulate and Change CIFS Status Using CLI

Commands

With an admin or limited-admin role, administrators can run cifs

command line interface (CLI) commands to enable, disable, restart, and
show the status of CIFS:
• The cifs status command shows whether the status of CIFS is
enabled or disabled. Your login role must be admin, limited-admin,
user, backup-operator, security, or none to run this command.
• The cifs enable command enables access to the system from
media servers and other Windows clients that use the CIFS protocol.
The CIFS server starts listening on port 445.
• The cifs restart command restarts all CIFS services on the
system.
• The cifs disable command disables access to the system from
media servers and other Windows clients that use the CIFS protocol.
The CIFS server starts listening on port 445.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 8

[email protected]
 Administering CIFS

Managing CIFS Shares

The CIFS Window in DD System Manager

A share enables a Common Internet File System (CIFS) client to back up

files to a specified directory.

In the DD System Manager, go to the Protocols > CIFS > SHARES page
to create, modify, delete, enable, and disable CIFS shares. Only admin or
limited-admin roles can perform these actions.

As a part of the initial PowerProtect DD configuration, the administrator

can access to the /data/col1/backup and /ddvar directories.

The /data/col1/backup directory is the only default backup location

that exists on a PowerProtect DD system.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 9

[email protected]
 Administering CIFS

Detailed CIFS Share Information

CIFS Detailed Information in DD System Manager

Detailed information is displayed in the DD System Manager by selecting

a share in the Protocols > CIFS > SHAREStab.

The DD Operating System (DDOS) supports a maximum of 600

simultaneous CIFS connections with sufficient system memory.

By default, DDOS assigns wildcard access to /data/col1/backup to all

clients, users, and groups.

You can use a different share name other than the backup directory name.
For example, you may create a backup directory path
/data/col1/backup2. You can then name the share for backup2
named HR to better identify the share assignment.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 10

[email protected]
 Administering CIFS

Creating a CIFS Share

The Create Share Pane in DD System Manager

To create a CIFS share in the DD System Manager, go to Protocols >

CIFS > Shares > CREATE. A Create Share dialog appears.

Enter a Share Name. A PowerProtect DD system supports an absolute

maximum number of 3000 CIFS shares. Some PowerProtect DD systems
might support a smaller number of CIFS shares limited by its hardware. A
share name can be a maximum of 80 characters.

Enter the Directory Path to the share.

Assign client access in the Clients field. To make a share available to all
clients, use the wildcard *. To make the share available to only specific
clients, use client names or IP addresses.

Do not mix a wildcard with client names or IP addresses. The system does
not apply any other client entries when an * is present in the list.

In the Max Connections field, the default value is Unlimited. A zero

value has the same effect as the Unlimited value. Depending on the
amount of available system memory, the system supports up to 600
simultaneous connections, depending on the specific PowerProtect DD
system memory. The maximum open file limit is based on the DDR
system memory. For systems with greater than 12 GB, the maximum open
file limit is 30,000.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 11

[email protected]
 Administering CIFS

CLI Commands to Manage CIFS Shares

Users with an administrator or limited-admin role can also create CIFS

shares using the command line interface (CLI). The cifs share
command contains the options to manage CIFS shares.

Among other functions, the cifs share command can create, destroy,
enable, disable, modify, and show the configurations of CIFS shares:
• The cifs share create command creates a share.
• The cifs share destroy command deletes a share.
• The cifs share disable command disables a share.
• The cifs share enable command enables a share.
• The cifs share modify command modifies a share configuration.
• The cifs share show command displays a list of share
configurations for all shares.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 12

[email protected]
 Administering CIFS

Configuring CIFS Options

The CIFS > Configuration > Options Page

In the DD System Manager, the Protocols > CIFS > CONFIGURATION

page enables administrators to view or modify the default CIFS
authentication settings. To configure CIGS options, click the CONFIGURE
OPTIONS button.

The Configure Options dialog box enables you to modify three areas:

• Restrict Anonymous Connections allows you to disallow or restrict

anonymous connections. The default setting for this option is
Disabled. Click Enable to restrict anonymous connections.
• Loglevel options enable a higher amount of detail than is provided in
the CIFS logs. Loglevel options are 1 through 5. Loglevel 1 is the
default system level that sends the least detailed CIFS log messages.
Loglevel5 produces results with the most detail. When you select
more log detail, you run the risk of degrading system performance.
• Server Signing helps secure communications and data across
networks. Server signing is also known as security signatures. When
you enable server signing, the recipient of server message block
(SMB) communication authenticates the identity of the sender and
confirms that the data is genuine. In DD Operating System (DDOS),
server signing options are Enabled, Disabled, and Required.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 13

[email protected]
 Administering CIFS

Disabled is the default setting. System performance degrades when

you enable server signing.

Accessing a CIFS Share

Access a PowerProtect DD CIFS Share from Windows Explorer

For administrative or troubleshooting purposes, you can access a

PowerProtect DD CIFS share from Microsoft Windows Explorer.

From a Windows client, access a CIFS share with these steps:

1. Go to Tools > Map network drive.
2. Select a drive letter.
3. Type in the path to the shared folder.
− Optionally, check the Reconnect at sign-in check box.
4. Check the Connect using different credentials check box.
5. Click Finish.
6. In the Connect As dialog box, enter appropriate user credentials for
the PowerProtect DD system and click OK.

− The system displays a new drive window.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 14

[email protected]
 Administering CIFS

Most backup applications that establish CIFS connections to the

PowerProtect DD system use a universal naming convention (UNC) such
as \\dd_hostname\share_name. Consult the documentation for your
specific backup application for more details.

Monitoring CIFS Status

Use CIFS > Connection Details to Monitor CIFS Status

In the Protocols > CIFS page, administrators can monitor CIFS

connection information regarding the number of open connections, open
files, connection limit, and open files limit per connection.

CIFS Status indicates either CIFS is enabled, or CIFS is disabled but

CIFS authentication is running.

Connections lists the number of open connections and open files.

In the Sessions area of the Connection Details dialog box,

administrators can view several statistics for CIFS connections:
• Computer displays the IP address or the system name that is
connected with the PowerProtect DD system for the session.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 15

[email protected]
 Administering CIFS

• User indicates the user operating the system that is connected with the
PowerProtect DD system.
• Open Files shows the number of open files for each session.
• Connect Time shows the connection length in minutes.
• Idle Time is the time since last activity of the user.

The Open Files area of the Connection Details dialog box contains
additional information about CIFS connections:
• User shows the name of the system and the user on that system.
• Mode displays the following values and each value has a
corresponding permission:
− 0 – No permission
− 1 – Perform
− 2 – Write
− 3 – Perform and Write
− 4 – Read
− 5 – Read and Perform
− 6 – Read and Write
− 7 – All Permissions
• Locks displays the number of file locks.
• Files displays the file location.

Administrators can use the command line interface (CLI) to monitor CIFS
activity with the following command:

• The cifs show stats command displays basic statistics on CIFS

activity and performance.

Deep Dive: Go to the latest Dell EMC DDOS Command

Reference Guide on the Dell Support website for more
detailed information and specific command syntax.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 16

[email protected]
 Administering NFS

Administering NFS

Administering NFS

Exploring NFS

The Network File System (NFS) is a distributed file system protocol. NFS
is an open standard that requests for comments (RFCs) define. Anyone
can implement the NFS protocol. NFS client system users access files
over a network in a manner similar to how local storage is accessed. NFS,
like many other protocols, builds on the open network computing remote
procedure call (ONC RPC) system.

NFS clients can have access to the system directories or MTrees on the
PowerProtect DD system. The /ddvar directory contains PowerProtect
DD system, core, and log files. The /data/col1/backup directory is the
default destination for deduplicated backup data.

The default destination directory for deduplicated backup server data is

/data/col1/backup. Backup servers using the NFS protocol access
this directory if no other backup locations are created on the PowerProtect
DD system.

The PowerProtect DD system is preconfigured with the /ddvar directory

and its sub-directories. The only backup target that comes pre-configured
is /data/col1/backup. You can only create NFS mounts to directories
that exist on the PowerProtect DD system. The NFS mounts are
accessible by an administrator.

For administrative tasks, such as retrieving core and log files, DDOS
makes the /ddvar directory available as an NFS mount point by default.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 17

[email protected]
 Administering NFS

Exploring NFS Status

The NFS Window in DD System Manager

To check the status of NFS in DD System Manager (DDSM), go to

Protocols > NFS. If NFS is disabled, click Enable for either NFS v3 or
NFS v4, or both.

NFS Status Using the Command Line

In the CLI, the command nfs status indicates whether NFS is enabled
or disabled. If it is not active, nfs enable starts the NFS server.

Use the following CLI commands to enable, disable, and check the NFS
status:

• The nfs status command indicates whether the NFS system is

operational. The admin, limited-admin, user, backup-operator, and
security roles can run the nfs status command.
• The nfs enable command allows all NFS-defined clients to access
the protection system. The admin, and limited-admin roles can run the
nfs enable command.
• The nfs disable command disables the NFS server and disables
access from the NFS clients. The admin, and limited-admin roles can
run the nfs disable command.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 18

[email protected]
 Administering NFS

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

Exploring NFS Exports

The Add Clients Pane in the Protocols > NFS Window

You must create and specify the path that NFS clients can access. The
/ddvar directory contains the PowerProtect DD system, core, and log
files. The /data/col1/backup folder is the default destination for
deduplicated backup data.

The Status column validates the specified path.

A PowerProtect DD system supports a maximum number of 2048 exports

and a number of connections limited by the amount of system memory on
a system.

NFS assigns and removes client access for each export separately. For
example, you can remove a client from /ddvar and can still access
/data/col1/backup.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 19

[email protected]
 Administering NFS

You should consider these additional client access rules. A single asterisk
* indicates a wildcard entry. A wildcard allows you to use all backup
servers as clients. Clients with access to the /data/col1/backup
directory can access the entire directory. Clients with access to a
subdirectory under the /data/col1/backup only have access to that
subdirectory.

Follow these steps to create NFS exports in the DD System Manager:

1. Click Protocols > NFS > Create.

2. Click Next. The Add Clients window appears.
3. Select the export Options. Choose the NFS Version that you want to
use.
− Optionally you can select Read-only permissions. Allow
connections from ports below 1024, and set the condition of
anonymous user ID and group ID to Use DefaultAnonymous
UID/GID, and Allowed Kerberos Authentication Modes.
4. Click OK to complete the export path.

NFS Exports Using the Command Line

You can use the command line to manage NFS exports. Administrators
with admin role credentials can run the following commands:

• The nfs export add command adds a client or list of clients to one
or more exports.
• The nfs export del command removes a client or a list of clients
from existing exports.
• The nfs export create command creates a named export and
adds a path.
• The nfs export destroy command deletes one or more NFS
exports.
• The nfs export modify command updates an existing client or
clients to an export or set of exports.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 20

[email protected]
 Administering NFS

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

NFS Export Options

Use the CLI to configure the default options for the export path. The
options are the following:
• The rw option enables read and write permissions. rw is the default
value.
• The no_root_squash option turns off root squashing.

− no_root_squash is the default value. The value root squash is

a reduction of the access rights for the remote superuser when
using authentication. The value no_root_squash means that the
administrator has complete access to the export path.
• The no_all_squash option turns off the mapping of all user requests
to the anonymous UID and GID. This setting is the default value for
NFS export options.
• The secure option requires that requests originate on an Internet port
that is less than 1024. Kerberos uses port 88.
• The nolog option turns off log NFS requests. Enabling nolog might
impact performance.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 21

[email protected]
 Administering NFS

Exploring Kerberos Authentication

Exploring Kerberos in DDOS

Configure Kerberos in the DD System Manager NFS Window

Kerberos is an authentication protocol that works based on tickets. A

Kerberos authentication ticket is part of the network security protocol. A
ticket acts as a token, a small collection of data that is passed between a
client and a server to securely prove identity. The ticket is encrypted using
the server key. The tickets enable nodes to communicate over a
nonsecure network.

Kerberos uses User Datagram Protocol (UDP) port 88 by default. You can
configure Kerberos from the DD System Manager in the Network File
System (NFS) window.

Next to the Kerberos Mode, click CONFIGURE to open Administration >

Access > Authentication and view authentication details.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 22

[email protected]
 Administering NFS

Kerberos Authentication

Active Directory / Kerberos Authentication Window in DD System Manager

The authentication screen displays after selecting Kerberos Mode

Configure from the NFS screen in the DD System Manager.

Choose one of three options available when enabling Kerberos

authentication:

• If you select Disabled, NFS clients do not use Kerberos authentication

and CIFS clients default to Workgroup authentication.
• If you select Windows / Active Directory, both NFS and CIFS clients
use Kerberos authentication.
• If you select UNIX, only NFS clients use Kerberos authentication. CIFS
clients default to Workgroup authentication.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 23

[email protected]
 Administering NFS

Exploring Active Directory Authentication

The Access Management > AUTHENTICATION Window in DD System Manager

You can use DD System Manager to manage access to the system for
users and groups in Windows Active Directory, Windows Workgroup, and
NIS. Kerberos authentication is an option for CIFS and NFS clients.

The Active Directory Kerberos configuration determines the methods CIFS

and NFS clients use to authenticate. The Active Directory/Kerberos
Authentication panel displays this configuration.

Configuring Active Directory authentication makes the PowerProtect DD

system part of a Windows Active Directory realm. Administrators can
enable certain domains and groups of users to access files that are stored
on the system. CIFS clients and NFS clients use Kerberos authentication.

To configure Active Directory, set the PowerProtect DD authentication

parameters for working with CIFS.

1. Go to Administration > Access > AUTHENTICATION to configure

authentication for Active Directory.
− The AUTHENTICATION view appears.
2. Expand the Active Directory/Kerberos Authentication panel.
3. Click Configure...
− The Active Directory/Kerberos Authentication dialog appears.
4. Select Windows/Active Directory and click NEXT.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 24

[email protected]
 Administering NFS

5. Enter the full realm name for the system. For example, use
domain1.local. Include the username, and password for the system.
Then click NEXT.
6. Select the default CIFS server name, or select Manual and enter a
CIFS server name.
7. Select domain controllers. You can select Automatically assign, or
select Manual and enter up to three domain controller names.
8. Select an organizational unit (OU). You can choose Use default
Computers, or select Manual and enter an OU name. Click NEXT.
9. Click FINISH.
10. Click ENABLE.

Monitoring NFS

Monitoring NFS

Monitoring NFS > ACTIVE CLIENTS in DD System Manager

In the DD System Manager, the Protocols > NFS > ACTIVE CLIENTS
tab displays any configured NFS clients and the related mount paths that
have been connected in the past 15 minutes. NFS clients and related
mount paths that have been connected for more than 15 minutes are not
displayed.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 25

[email protected]
 Administering NFS

Monitor NFS Client Status Using the Command Line

You can use the following command line interface (CLI) commands to
monitor NFS client status:

• The nfs show active command lists active clients in the past 15
minutes and the mount path for each client. nfs show active
allows all NFS-defined clients to access the PowerProtect DD system.
• The nfs show clients command lists NFS clients, mount path, and
NFS options for each client that has access to the PowerProtect DD
system.
• The nfs show detailed-stats command displays NFS cache
entries and status to facilitate troubleshooting.

You can perform these commands with the admin, limited-admin, user,
backup-operator, security, tenant-user, and tenant-admin roles.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 26

[email protected]
 PowerProtect DD CIFS and NFS Implementation and Administration

© Copyright 2023 Dell Inc Page 27

[email protected]
 POWERPROTECT DD
FILE SYSTEM AND DATA
MANAGEMENT

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

PowerProtect DD File System and Data Management 5

Configuring and Monitoring MTrees 6

Configuring and Monitoring MTrees 6
Exploring MTrees 6
MTree Structure 7
MTree Benefits 8
MTree Limits 8
MTree Quotas 10
Creating MTrees 11
Considerations When Configuring MTree Quotas 12
Configuring MTree Quotas Using the CLI 12
Data Management 13
Data Management Using the Command Line 14
MTree Alerts 15

Configuring and Monitoring Snapshots 17

Configuring and Monitoring Snapshots 17
Exploring Snapshots 17
Snapshot Restore Point 19
Production Data Changes 19
Snapshot Operations 20
Creating a Snapshot 21
Creating Snapshot Schedules 22
Monitoring Snapshots 28

Managing Fast Copy 29

Managing Fast Copy 29
Exploring Fast Copy 29
Fast Copy Considerations 30
Performing a Fast Copy 31

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 3

[email protected]
Terms 33

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 4

[email protected]
 Configuring and Monitoring MTrees

PowerProtect DD File System and Data

Management

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 5

[email protected]
 Configuring and Monitoring MTrees

Configuring and Monitoring MTrees

Configuring and Monitoring MTrees

Exploring MTrees

MTrees Located in the DD File System Structure

Management trees (MTrees) are specific directories that provide greater

granular data management. Data from various sources are managed and
reported on separately. Individual MTrees can receive backup operations
from various sources.

For example, administrators can configure directory export levels and

quotas to separate and manage backup files by departments such as HR
or Sales.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 6

[email protected]
 Configuring and Monitoring MTrees

MTree Structure

MTrees Created Under /data/col1.

The default MTree is /data/col1/backup.

You can create subdirectories within all MTrees, including the default
MTree. The DDOS reports the cumulative data that is contained within the
MTree.

Important: You can only add MTrees under the

/data/col1 directory. DDOS controls all directory
structures above /data/col1/backup.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 7

[email protected]
 Configuring and Monitoring MTrees

MTree Benefits

The following are some of the benefits for using MTrees in organizing the
data on your protection system:
• Space and deduplication rate reporting
− MTrees provide finer granular reporting for space and deduplication
rates than directories or collections. With MTrees, you can manage
your data with finer detail. Use a data snapshot to record the state
of data stored on the device, at any given moment. You can
preserve that snapshot as a guide for restoring the storage device
or a portion of the data. Snapshots are used extensively with
MTrees as a part of the PowerProtect DD data restoration process.
• Independent storage
− Administrators can organize MTrees into individual departments,
geographies, or customers each with their own independent
storage location.
• Retention lock
− Administrators can apply retention lock at the MTree level. DD
Retention lock is an optional feature that the PowerProtect DD
system uses to securely retain saved data for an extended length of
time. DD Retention lock protects data from accidental or malicious
deletion during its retention time.
• Quotas

− Administrators can limit logical precompression space using

quotas. Quotas limit space used by organizations on a
PowerProtect DD system. A major benefit is that quotas limit the
logical, precompression space that a specific MTree uses. You can
set quotas for MTrees that are used by CIFS, NFS, VTL, or DD
Boost data.

MTree Limits

PowerProtect DD systems support a maximum number of configurable

and concurrently active MTrees. Depending on the system, the maximum

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 8

[email protected]
 Configuring and Monitoring MTrees

number of configurable MTrees may or may not be the same as the

number of concurrently active MTrees.

The following table shows MTree limits for all PowerProtect DD systems:

System DDOS Supported Supported

Version Configurable Concurrently
MTrees Active MTrees

DD9900 7.0 and 256 256

later

DD6900, 7.0 and 128 128

DD9400 later

DD6400 7.7 and 128 128

later

DD3300 7.7 and 100 Up to 32

later

DDVE 6.2 and 100 Up to 32

later

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 9

[email protected]
 Configuring and Monitoring MTrees

MTree Quotas

MTree Quotas

MTree quotas allow you to set limits on the amount of logical space before
compression.

You can set quotas on user-created MTrees, but not the default /backup
MTree.

Quotas are independent of protocol. You can set quotas for MTrees used
by CIFS, NFS, PowerProtect DD VTL, or DD Boost data.

There are two types of quotas: soft limits and hard limits. When a soft limit
is reached, the system generates an alert, but operations continue as
normal. When you set a hard limit on an MTree and the amount of data in
the MTree reaches the hard limit, all write operations fail. You must
remove data from the MTree before write operations resume.

Administrators may set either soft, hard, or both soft and hard limits.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 10

[email protected]
 Configuring and Monitoring MTrees

Creating MTrees

The MTree Window in DD System Manager

To create an MTree in the System Manager, go to Data Management >

MTree > CREATE. In the Create MTree dialog, type the name of the MTree
in the MTree Name field. Names are case-sensitive.

If you use the command line to create an MTree, type mtree create
<mtree-path>.

Use Quota Settings to set storage space restrictions for an MTree, storage
unit, or DD VTL pool to prevent it from consuming excess space.

Set the Pre-Comp Soft Limit, Pre-Comp Hard Limit, and combined
limits for the selected MTree.

With an admin or limited-admin role, use the DD System Manager and

select either the MTree tab or Quota tab.

• When setting quotas from the Quota tab, select DataManagement >
Quota.
• Set Quota Enforcement to Enabled.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 11

[email protected]
 Configuring and Monitoring MTrees

• Select one or more MTrees.

• Click the Configure Quota button and set the Pro-Comp Soft Limit,
or Pre-Comp Hard Limit or both.

Considerations When Configuring MTree Quotas

Consider the following information when managing quotas:

• You can apply MTree quotas to DD VTL, DD Boost, CIFS, and NFS
protocols that you assign to an MTree.
• Snapshots do not count towards the quota of the MTree.
• You cannot set quotas on the /data/col1/backup directory.
• The maximum quota value that is allowed that is is 4096 PB
precompressed size.

Configuring MTree Quotas Using the CLI

With an admin or limited-admin role, you can disable or enable quotas

using the following commands:
• The quota capacity set command sets quotas for named
MTrees, and storage units. Use quota capacity set command to
set hard and soft limits.
• The quota capacity enablecommand enables MTree capacity
quota limits. Use the quota capacity enablecommand after you
set the quotas.
• The quota capacity disable command disables MTree quota
limits and restores the limits to the default, unlimited, state.
• The quota capacity status command shows the status for the
quota function.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 12

[email protected]
 Configuring and Monitoring MTrees

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

Data Management

MTree SUMMARY Information

You can CREATE, DELETE, andMANAGE SCHEDULES of MTrees in

the Data Management > MTree window. The window also provides a
summary of all configured MTrees. The summary displays quota limits,
precomp, and postcomp usage for the selected MTree.

The summary also displays compression ratios for the last 24 hours, the
last seven days, and the current weekly average compression.

Select an MTree, and the SUMMARY pane presents current information

about the selected MTree. The SUMMARY pane shows Full Path,
Status, and Pre-Comp Used data and any Quota Enforcement
information for a given MTree.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 13

[email protected]
 Configuring and Monitoring MTrees

Important: The information that is found in the SUMMARY

pane may appear delayed up to 15 minutes or more. To
receive the most up-to-date data, select UPDATE.

Data Management Using the Command Line

To monitor MTrees compression statistics and quotas, use the following

CLI commands:
• The mtree show compression <mtree_path> [tier
{active | archive}] [summary | daily | daily-
detailed] {[last <n> { hours | days | weeks | months
} | [start <date> [end <date>]]} command shows MTree
compression statistics.
• The quota capacity show {all | mtrees <mtree-list> |
storage-units <storage-unit-list> | tenant-unit
<tenant-unit>} command lists quotas for MTrees and storage-
units.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 14

[email protected]
 Configuring and Monitoring MTrees

MTree Alerts

The Health > Alerts Window

In the DD System Manager, the Health > Alerts window displays MTree
quota alerts. The system displays alerts in CURRENT ALERTS, ALERTS
HISTORY, NOTIFICATION, and DAILY ALERT SUMMARY tabs.

When you enable quota limits for MTrees, and capacity reaches its soft
limit, the system generates an alert, but operations continue as normal.
The Severity level is Warning.

When you enable quota limits for MTrees, and capacity reaches its hard
limit, two things happen:
• Any further data backing up to this MTree fails.
• The system generates an alert and an out-of-space error.

− The alert appears in the CURRENT ALERTS tab of the Health >
Alerts window. The Severity level is CRITICAL. The system also
reports the error to the backup application.
To resume backup operations after the system reaches a hard limit quota,
you can take three actions:
• You can delete sufficient content in the MTree.
• You can increase the hard limit quota.
• You can disable hard limit quotas for the MTree.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 15

[email protected]
 Configuring and Monitoring MTrees

The system reports the same alerts in the Home > Dashboard > Alerts
window.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 16

[email protected]
 Configuring and Monitoring Snapshots

Configuring and Monitoring Snapshots

Configuring and Monitoring Snapshots

Exploring Snapshots

A Snapshot of an MTree is a Logical Copy Captured at a Moment in Time.

A storage snapshot is a file that contains reference markers for data at a

particular point in time. A snapshot acts like a detailed table of contents of
actual data. Snapshots provide administrators with accessible copies of
data.

Snapshot benefits include:

• Instant access to data
− A snapshot copy is made instantly and is available for use by other
applications for data protection, data analysis, and reporting and
data replication. The original copy of the data remains available to
the applications without interruption, while the snapshot copy is
available to perform other functions on the data.
• Easier backup management

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 17

[email protected]
 Configuring and Monitoring Snapshots

− Snapshots enable better application availability, faster recovery,

and easier backup management of large volumes of data.
• Original data available after expiration
− Snapshots continue to place a hold on the original data they
reference even when the backups have expired.
• A single point-in-time copy
− Snapshots are useful for saving a copy of MTrees at specific points
in time. One example of using snapshots is before a DD Operating
System (DDOS) upgrade. You can later access the snapshot as a
restore point for files you must restore from that specific point in
time.
• Flexible scheduling
− You can schedule multiple snapshots simultaneously or create
them individually as you choose.
• Stores hundreds of snapshots per system

− The maximum number of snapshots that you can store on a

PowerProtect DD system is 750 per MTree. You receive a warning
when the number of snapshots reaches 90% of the limit, between
675 and 749 for a given MTree. When you reach the maximum
snapshot count, the system posts an alert.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 18

[email protected]
 Configuring and Monitoring Snapshots

Snapshot Restore Point

In the following example, the snapshot copies only the metadata pointers
to the production data for a specific point in time. In this case, 22:24 GMT.
The copy is quick and places a minimal load on the production systems. If
needed, the snapshot can be later used as a restore point.

Production Data Changes

Snapshots Keep Original Content After Changes

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 19

[email protected]
 Configuring and Monitoring Snapshots

Snapshots are a point in time view of a file system. You can use
snapshots to recover previous versions of files and also to recover files
that are accidentally deleted.

After you take a snapshot, changes to the data can still occur. When
changes occur, the file system removes the pointers to the original data
and adds pointers to the changed data.

The system stores the original file data segments for the snapshot
metadata pointers. The snapshot continues to identify the data as saved
at the original point in time.

With the snapshot, you can retrieve all data from the time you took the
snapshot. The system does not overwrite the original data. The system
adds new pointers for the changed data.

When the system backs up changed production data, it writes additional

data blocks. The system adds new pointers to access the changed data.
The snapshot maintains pointers to the original, point in time data. The
original data remains on the system provided pointers reference the data.

Snapshot Operations

The .snapshot Directory Keeps All Snapshots in Sequence

When you perform a snapshot of an MTree, the system does the

following:

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 20

[email protected]
 Configuring and Monitoring Snapshots

• The system creates the .snapshot directory for each directory under
/data/col1/backup with the name of each snapshot, snap001,
snap002, and so on, in that directory.
• The system adds snapshots for the MTree in /data/col1/backup
as /data/col1/backup/.snapshot.
• Each MTree where you create snapshots contains the same type of
structure. An MTree /HR has a system-created directory
/data/col1/HR/.snapshot.

You can use the snapshot feature to take images of an MTree, manage
MTree snapshot organization and schedules, and display information
about the status of snapshots.

Creating a Snapshot

Creating Snapshots Using the DD System Manager

To create a snapshot using DD System Manager:

1. Go to Data Management > Snapshots

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 21

[email protected]
 Configuring and Monitoring Snapshots

2. In the Snapshots pane, click Create.

− The Create Snapshot dialog box appears.
3. In the Name field, enter the name of the snapshot.
4. In the MTree(s) pane, select one or more MTrees and click Add.
5. In the Expiration area, select one of these snapshot expiration
options:
a. Never Expire
b. Enter a number for the In field, and select the number of Days,
Weeks, Months, or Years from the drop-down list. The snapshot
remains on the system for the selected number of days, weeks,
months, or years.
c. Enter a date using the format mm/dd/yyyy in the On field, or click
Calendar and select a date. The system retains the snapshot until
midnight, 00:00, the first minute of the day of the given date.
6. Click Create.

Creating Snapshot Schedules

You can set up and manage a series of snapshots that automatically take
snapshots at regular intervals.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 22

[email protected]
 Configuring and Monitoring Snapshots

Schedules View

Data Management > Snapshots > SCHEDULES view in DD System Manager

You can create a weekly or monthly snapshot schedule using the DD

System Manager.
• Select Data Management > Snapshots > SCHEDULES to open the
Schedules view.
• Click Create.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 23

[email protected]
 Configuring and Monitoring Snapshots

Schedule Details

Snapshot Schedule Details page in DD System Manager

Provide a Name and a Snapshot Name Pattern for the snapshot schedule on
the Schedule Details page.

• In the Name field, enter the name you want to give the schedule.
• In the Snapshot Name Pattern field, enter a name pattern.
• Enter a string of characters and variables that translates to a snapshot
name. For example, if you want to create a snapshot name,
Scheduled April 12, 2024, 17:33 enter, scheduled-2024-04-12-
17-33. Use alphabetic characters, numbers, _, -, and variables that
translate into current values.
• Click Next.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 24

[email protected]
 Configuring and Monitoring Snapshots

Schedule Execution

Snapshot Schedule > Schedule page in DD System Manager

Select the time of day when you want to perform the schedule:
• If you want the snapshot to occur at specific timed intervals, select At
Specific Times and click Add.
− The Time dialog appears.
• Enter the time in the format hh:mm, and click OK.
• If you want the snapshot to occur in specific intervals, select In
Intervals. Click the drop-down menu to select the Start Time and End
Timehh:mm and AM or PM. Click the Interval dropdown menu to
choose the number of snapshots and then the hours or minutes of the
interval.
• Click Next.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 25

[email protected]
 Configuring and Monitoring Snapshots

Associate MTrees

Snapshot Schedule > Associate MTree(s) Page in DD System Manager

The Associate MTree(s) page displays a list of Available MTree(s) and a list of
Selected MTree(s).

Choose the MTrees that you want to associate with the snapshot schedule
you are creating.
• Select an MTree from the Available MTree(s) list and move it to the
Selected MTree(s) list.
• Remove any MTree you do not want to associate with the current
snapshot schedule.
• Click Next.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 26

[email protected]
 Configuring and Monitoring Snapshots

Summary

Snapshot Schedule > Summary page in DD System Manager

Review the Summary window and click Finish to complete the schedule.

You can also use the command line interface (CLI) command, snapshot
schedule create <name> [mtrees <mtree-list>] [days
<days>] time <time> [,<time>...] [retention <period>]
[snap-name-pattern <pattern>] to configure a snapshot schedule.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 27

[email protected]
 Configuring and Monitoring Snapshots

Monitoring Snapshots

MTree > SUMMARY Pane

The Snapshots pane in the MTree page SUMMARY pane enables

administrators to see the total number of snapshots that are collected,
expired, and unexpired, as well as the oldest, newest, and next scheduled
snapshots.

Administrators can associate the configured snapshot schedules with a

selected MTree name. Click Assign Schedules, and select a schedule
from the list of snapshot schedules to assign it.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 28

[email protected]
 Managing Fast Copy

Managing Fast Copy

Managing Fast Copy

Exploring Fast Copy

An Example of Fast Copy on the DD Operating System

Use fast copy operation to retrieve data that is stored in a snapshot. Fast
copy makes a read/write copy of your backed-up data on the same
PowerProtect DD system. The copied data is the same as the original as
long as data in the source and destination directories do not change while
the fast copy completes.

Fast copy is a read/write copy of a point-in-time snapshot instance at the

time that the instance was created. A snapshot is read-only. Creating a

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 29

[email protected]
 Managing Fast Copy

fast copy of a snapshot to a new directory, or using the Replace contents

option allows the administrator to create a read and write copy of the
source of the snapshot. The fast copy is a point-in-time copy so long as
the system is not writing data to the destination at the same time.

Fast copy makes a copy of the pointers to data segments and structure of
a source to a target directory on the same PowerProtect DD system.

Administrators can use the fast copy operation to retrieve data stored in
snapshots.

In this example, the /HR MTree contains two snapshots in the

/.snapshot directory. One of these snapshots, 10-31-2024, is fast
copied to /data/col1/backup/Recovery.

Fastcopies and snapshots do not duplicate segments, they only copy

associated metadata, resulting in a 1% to 2% additional space usage. If
you delete the /HR MTree or any of its contents, the data that is
referenced in the related fast copy remains on the system.

Fast Copy Considerations

Evaluate the following when using fast copy for data recovery:
• The fast copy operation can be used as part of a data recovery
workflow by using a snapshot of the data you want to recover.
− You cannot view snapshot content using a common Internet File
System (CIFS) share or Network File System (NFS) mount. You
can view all data from a fast copy of the same snapshot.
Administrators can recover lost data without disturbing normal
backup operations and production files by using a fast copy on a
share or mount.
• Fast copy makes a destination equal to the source, but not at a
particular point in time.
− The contents of the source and the destination may not be equal if
either is changed during the copy operation.
• You must manually identify data and delete it to free up space. Then
run file system cleaning to regain the data space held by the fast copy.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 30

[email protected]
 Managing Fast Copy

− When backup data expires, a fast copy directory prevents the

PowerProtect DD system from recovering expired data on a
system. The system marks the data as in use by the fast copy
directory.

Performing a Fast Copy

The File System > SUMMARY window

A fast copy operation clones files and directory trees of a source directory
to a target directory on a protection system.

1. Select Data Management > File System > SUMMARY and click Fast
Copy.
2. In the Source text box, enter the pathname of the directory where the
data to be copied resides. For example, /data/
col1/backup/.snapshot/snapshot-name/dir1 is an
appropriate path.
3. In the Destination text box, enter the pathname of the destination
directory. For example, /data/col1/backup/dir2 is an
appropriate path. This destination directory must be empty, or the
operation fails.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 31

[email protected]
 Managing Fast Copy

4. If the destination directory already exists, click the checkbox Overwrite

existing destination if it exists.
5. Click OK. The contents of dir1 is now also in dir2.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 32

[email protected]
Terms
Fast copy
Fast copy is efficient at making duplicate copies of pointers to data.
Sometimes, access to production backup data is restricted. Fast copy
gives access to all data fast copied readable and writable. It makes this
operation handy for data recovery from backups.

PowerProtect DD File System and Data Management

© Copyright 2023 Dell Inc Page 33

[email protected]
 POWERPROTECT DD
DATA REPLICATION AND
RECOVERY

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

PowerProtect DD Data Replication and Recovery 5

Exploring Data Replication 6

Exploring Data Replication 6
Exploring Data Replication 6
Replication Pair and Context 8
Replication Streams 9
Replication Types 9
Replication Topologies 11
Replication Guidelines 12
Exploring Collection Replication 13
Collection Replication and Security 14
Exploring Directory Replication 15
Directory Replication Topologies 16
Directory Replication EOL 17
Exploring MTree Replication 19
General MTree Replication Guidelines 20
MTree Replication Destination System Guidelines 20
Exploring Managed File Replication 21
Considerations When Using MFR 22
Initializing Replication 22

Configuring Replication 25
Configuring Replication 25
Discovering Replication URL Schemes 25
Example URL Schemes 26
Adding a Partner System 27
Creating a Replication Context 28
Configuring a Replication Context Using the CLI 30
Reviewing Replication Configuration 31
Reviewing Replication Configuration Using the CLI 32

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 3

[email protected]
 Exploring Replication Connection Ports 32
Modifying the Connection Port 34
Create Context with Non-Default Connection Port 35
Modifying the Listen Port 36
Low-Bandwidth Optimization 36
Low Bandwidth Optimization Process 37
Encryption Over Wire 38
Managing Replication Throttle Settings 39
Replication Schedule 40

Monitoring Replication 42
Monitoring Replication 42
Creating Replication Status Reports 42
Creating a Replication Status Report 43
Replication Status Report Details 45

Data Recovery 47
Data Recovery 47
Data Recovery Description 47
Configuring Data Recovery 48
Data Resynchronization 49

Terms 51

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 4

[email protected]
 Exploring Data Replication

PowerProtect DD Data Replication and Recovery

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 5

[email protected]
 Exploring Data Replication

Exploring Data Replication

Exploring Data Replication

Exploring Data Replication

Replication Architecture

Basic replication architecture consists of a source PowerProtect DD

appliance and one or more destination PowerProtect DD appliances. The
destination provides a replicated copy to a secondary, offsite location.

The replication process only copies information that does not exist in the
destination system. Deduplication reduces network demands during
replication because the source sends only unique data segments over the
network to the destination.

You can use replicated data for:

• Data recovery

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 6

[email protected]
 Exploring Data Replication

− In a replication scenario, you can use a PowerProtect DD appliance

to store backup data onsite for short periods, such as 30 to 90
days. You can then recover lost or corrupted files from the local
PowerProtect DD appliance using a few recovery configuration and
initiation commands. The replication process enables you to quickly
clone data to another system for a second level of disaster
recovery. You locate the destination PowerProtect DD appliances
offsite and can store data longer term for data recovery needs.
• Multisite replication
− Multisite replication replicates the state between different deployed
sites to a single replication destination.
• Archive consolidation

− The replication process only copies and consolidates data from

remote systems that do not exist on the destination system. Archive
consolidation reduces chain lengths to enable lower recovery time
objectives (RTOs) from archive locations and eliminate periodic full
snapshots. Users also benefit from lower storage costs due to
shorter, storage-optimized snapshot chains.
The replication process is designed to deal with network interruptions
common in the wide-area network (WAN) and recovers gracefully with
high data integrity and resilience. The replication process ensures that the
data on the destination system is in a state that applications can use.

DD Replicator is a licensed software feature of DD Operating System. You

need DD Replicator licenses for both the source and destination
PowerProtect DD appliances.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 7

[email protected]
 Exploring Data Replication

Replication Pair and Context

Example of Multiple Replication Contexts

Together, the replication source and destination appliances are called a

pair. The connection that is defined between the replication source and
destination is a context.

You can assign multiple replication contexts to one replication pair. You
can assign a PowerProtect DD appliance as the replication source of one
context and the replication destination of a second context simultaneously.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 8

[email protected]
 Exploring Data Replication

Replication Streams

A Replication Context with Multiple Replication Streams

A replication context can support multiple replication streams and multiple

segments in parallel. For every read stream coming from a replication
source, there is a write stream receiving the data on the replication
destination.

Replication Types

DD Replicator software offers the following replication types:

• Collection Replication
− Collection replication mirrors a whole system in a one-to-one
topology. The protection system transfers all logical directories and
files of the PowerProtect DD file system. Collection replication
transfers all data changes from source to destination when the
replication context is active. Collection replication is simple and
requires fewer resources than other types. It can provide higher
throughput to the destination and support more data objects with
less overhead.
• Directory Replication

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 9

[email protected]
 Exploring Data Replication

− Directory replication transfers deduplicated changes of any file or

subdirectory under /backup on a source system to a destination
directory on a different PowerProtect DD appliance.
• MTree Replication
− MTree replication replicates MTrees between source and
destination PowerProtect DD systems. The source creates periodic
snapshots, and the source copies the differences to the destination
MTree. The data copy uses the same cross-site deduplication
mechanism that directory replication uses. MTree replication
ensures that the data on the destination is always a point-in-time
copy of the source, with file consistency.
• Managed File Replication

− DD Boost uses managed file replication (MFR). Backup software

controls and manages the data replication operations between
source and destination. The backup software tracks all copies and
provides replication status for monitoring. Lifecycle policies control
replication without any user intervention.
− Managed file replication offers flexible replication topologies
including full system mirroring, bi-directional, many-to-one, one-to-
many, and cascaded, enabling efficient cross-site deduplication.
− With MFR, DD Boost creates and destroys contexts automatically.

Important: Directory replication is only supported in DD

Operating System (DDOS) 7.7.0.0 and earlier.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 10

[email protected]
 Exploring Data Replication

Replication Topologies

Replication Topologies

PowerProtect DD appliances support various replication topologies in

which data flows from a source to a destination over a LAN or WAN.

• One-to-one replication is the simplest type of replication. One-to-one

replication starts at a PowerProtect DD source appliance and copies
data to a PowerProtect DD destination appliance. One-to-one
replication supports directory, MTree, and collection replication types.
• In a bi-directional replication pair, a PowerProtect DD system A
replicates data from a directory or MTree to a PowerProtect DD system
B. The second replication pair replicates from another directory or
MTree on system B to system A.
• One-to-many replication includes a single source PowerProtect DD
system replicating data to several destination systems. You can use
this type of replication to create more than two copies for increased
data protection, or to distribute data for multisite usage.
• Many-to-one replication includes several source systems replicating
data to a single destination system. You can use this type of replication

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 11

[email protected]
 Exploring Data Replication

to provide data recovery protection for several branch offices from a

central protection system.
• In a cascaded replication topology, source systems A, B, and C are
chained to a destination system D. In the last hop of cascaded
replication, system D is the source and replicates its data to system E.
You can configure the last hop in the chain between D and E as
collection, directory, or MTree replication.
• In a cascaded one to many replication topology, source systems A, B,
and C are chained to a destination system D. The last hop shows that
system D replicates to systems E and F. You can configure the last
hop in the chain from D to E and D to F as collection, directory, or
MTree replication.

Replication Guidelines

The following are guidelines for setting up and configuring replication

services:

• A destination PowerProtect DD appliance must have available storage

capacity that is at least the size of the expected maximum size of the
source directory. Be sure that the destination PowerProtect DD
appliance has sufficient space to handle all data from replication
sources.
• Ensure that you have enough network bandwidth to support the
expected replication traffic.
• The source must exist, and the destination must not exist. The
destination is created when the system builds and initializes a context.
When the system initializes replication, ownership and permissions of
the destination are always identical to the source.
• You can usually replicate between appliances that are within five
releases of each other, for example, from 6.0 to 7.2. Review replication
version compatibility in the current DDOS Administration Guide.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 12

[email protected]
 Exploring Data Replication

• You must enable the file system on a PowerProtect DD system. Based

on the replication type, enable the file system as part of the replication
initialization. In the replication command options, the destination must
identify a specific replication pair.
• Both systems must have an active, visible route through the IP network
so that each system can resolve the hostname of its partner. During
replication, a PowerProtect DD system can perform normal backup
and restore operations.

Deep Dive: For more details on replication version

compatibility, see the current DDOS Administration Guide
on the Dell Support website.

Exploring Collection Replication

Collection Replication Using a Source and Destination PowerProtect DD Appliance

Collection replication replicates the entire /data/col1 area from a

source PowerProtect DD appliance to a destination PowerProtect DD
appliance. Collection replication uses the logging file system structure to
track replication. Transferring data using collection replication compares
the pointers of the source and destination file system logs since the last
replication operation. The replication operation transfers the data catching
up one container at a time until the source and destination logs match.

Because there is only one collection per PowerProtect DD, collection

replication is an approach to system mirroring. Collection replication is the

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 13

[email protected]
 Exploring Data Replication

only form of replication that is used for true disaster recovery. You cannot
share the destination system of a collection pair for other roles.

Collection replication uses fewer system resources because the systems

of the pair do not negotiate what data to send. Collection replication is
mostly unaware of the boundaries between files. Replication operates on
segment locality containers that the source system sends once the file
system closes them.

Collection Replication and Security

With collection replication, the system replicates all

user accounts and passwords from the source to
the destination. The system does not replicate other
elements of configuration and user settings of the
PowerProtect DD appliance. You must reconfigure
most system settings after recovery.

The destination system can only accept data from

the replication process. No data, including snapshots and files, can be
written to the destination system except through the replication process. If
you must write data to the destination, you must first disable replication by
breaking the replication context. Unfortunately, if you break the context,
you cannot resync the replication pair. Collection replication supports
retention lock compliance.

Regarding security and hardening, you should use DD Replicator software

with the optional encryption of data at rest feature. Collection replication
requires the source and target to use the same encryption configuration.
In particular, the encryption feature must be turned on at both source and
target.

When you enable encryption, the encryption algorithm and the system
passphrases must match or encryption fails. The system checks
encryption parameters during the replication association phase. During
collection replication, the source system transmits the encrypted user data
along with the encrypted system encryption key. You can recover the data
at the destination because it uses the same passphrase and the same
system encryption key.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 14

[email protected]
 Exploring Data Replication

Exploring Directory Replication

Important: Directory replication has reached the end of

service life. Data Domain Operating System (DDOS) version
7.7.0.0 and lower still support directory replication.

Directory Replication

With directory replication, a replication context pairs a directory, under

/data/col1/backup, on a source system with a destination directory on
a different system. The /backup directory can have the source and
destination directories on different levels. If a destination directory does
not exist when you initialize replication, the system creates one
automatically.

If there is new data that is found on source system, directory replication

creates a list of file segment IDs in the file. The source system sends the
list to the destination system. The destination system examines the list of
segment IDs to determine which segment IDs are missing. The destination
system sends a list of the missing segments to the source system.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 15

[email protected]
 Exploring Data Replication

The source system then sends copies of the missing segments to the
destination. This method of replication allows source and destination
systems to use bandwidth more efficiently.

With directory replication, the destination is always read-only. The

destination can only receive data from the source system and directory.
To write to the destination directory outside of replication, you must first
delete the replication context between the two systems. The destination
directory can exist on the same system as other replication destination
directories, replication source directories, and other local directories.

Directory replication operates based on file system activity. When activity

occurs on the system, such as a new directory, change of permissions, or
file rename the source system communicates the update to the
destination.

In cases where file closures are infrequent, the PowerProtect DD source

system forces the data transfer periodically.

Directory replication can receive backups from both common Internet file
system (CIFS) and network file system (NFS) protocol clients. You must
use separate directories for each protocol. Do not mix CIFS and NFS data
in the same directory. The directory replication source cannot be the
parent or the child of a directory that is already being replicated.

Directory Replication Topologies

Directory replication supports 1-to-1, bi-directional,

many-to-one, one-to-many, and cascaded
topologies.

If the PowerProtect DD appliance is a source for

directory replication, snapshots within that directory
are not replicated. Snapshots must be created and
replicated separately.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 16

[email protected]
 Exploring Data Replication

Directory Replication EOL

Directory replication contexts have reached end of life in DDOS version

7.7.0.0 and later.

DD System Manager displays a warning if:

• DDOS detects the presence of directory replication contexts.

• The user tries to create a directory replication context.

If you receive either of the following warnings, you can choose to migrate
existing directory replication contexts to MTree replication contexts.

Directory Context Replication Warning in DD System Manager

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 17

[email protected]
 Exploring Data Replication

Create a Directory Replication Pair in DD System Manager

Important: You can migrate existing directory replication

contexts to MTree based replication contexts. See the
Directory to MTree Replication Migration section in the Dell
EMC DDOS Administration Guide. For assistance contact
Support on the Dell Support website.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 18

[email protected]
 Exploring Data Replication

Exploring MTree Replication

MTree Replication Process

MTree replication enables the creation of disaster recovery copies of

MTrees at a secondary location. MTree replication can apply to any MTree
under /data/col1.

MTree replication copies the data segments that are associated with the
entire MTree structure except for the /data/col1/backup MTree.
MTree replication clones all metadata and file data that is related to the
MTree. MTree replication uses snapshots to determine what to send to the
destination.

The MTree replication source creates periodic snapshots. The source

compares the latest snapshot against the snapshot that was used for the
last replication transfer. The source creates a delta list of segment IDs that
were not in the last snapshot. The source transmits the list to the
destination. The destination examines the delta list and sends back a list
of what it still needs. The source transmits the needed data segments to
the destination.

The destination PowerProtect DD system does not expose the replicated

data until all data for that snapshot is received. At the destination,

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 19

[email protected]
 Exploring Data Replication

replicated files do not show out of order because the directory tree
structure is part of the data in the snapshot.

MTree replication avoids sending redundant data across the network.

MTree replication supports one-to-one, bi-directional, many-to-one, one-
to-many, and cascaded topologies.

MTree structure provides the greatest control and flexibility when

replicating data.

General MTree Replication Guidelines

The following are general guidelines for MTree replication:

• MTree replication supports the Retention Lock Compliance feature on

PowerProtect DD appliances.
• If you apply a license retention lock on a source, the destination must
also have a retention lock license, or replication fails. To avoid this
situation, you must disable the retention lock on the MTree. If you
enable retention lock in a replication context, the replicated destination
context contains data that is retention locked.
• The number of concurrently active MTrees supported on a system is
between 32 and 256, depending on the PowerProtect DD appliance
model you use.
• Automatic Multi-Streaming (AMS) is a feature to improve replication
performance. AMS uses multiple streams to replicate files over 32 GB
or larger to improve network bandwidth during replication. When the
workload presents multiple optimization choices, AMS automatically
selects the best option for the workload. AMS is always enabled and
cannot be disabled.

MTree Replication Destination System Guidelines

The following are guidelines for the MTree replication destination system:

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 20

[email protected]
 Exploring Data Replication

• If you configure an MTree context, the destination MTree remains in a

read-only state, and only receives data from the source MTree.
• A destination PowerProtect DD system can receive backups from both
common Internet file system (CIFS) and network file system (NFS)
protocol clients. You must keep the data from different protocols in
separate MTrees.

Exploring Managed File Replication

In DD Operating System (DDOS), managed file replication (MFR) is a

powerful replication feature where backup software manages and controls
replication operations on the protection system. MFR is also called
storage life cycle policy (SLP) in NetBackup and clone-controlled
replication (CCR) in Dell NetWorker. DD Boost uses MFR to replicate
backup images between PowerProtect DD systems as the controlling
backup software requests.

The backup software tracks all replicated data, allowing monitoring of

replication status and recovery from multiple copies.

MFR can replicate using full system mirroring, bi-directional, many-to-one,

one-to-many, and cascaded topologies.

MFR automatically uses the most secure replication encryption that is

configured on a system in the replication pair. For example, if the source
system uses encryption with anonymous authentication and the
destination system uses no encryption, MFR uses encryption with
anonymous authentication.

The improved automatic negotiation of the most secure replication

encryption does not require any reconfiguration of managed file replication
or security settings.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 21

[email protected]
 Exploring Data Replication

Important: When you use one-way and two-way

authentication encryption, the PowerProtect DD replication
systems require preconfigured certificates. If certificates are
not preconfigured for one- or two-way authentication
encryption, MFR fails.

Considerations When Using MFR

Consider the following points regarding managed file replication:

• Unlike other replication types, the system configures replication
contexts automatically.
• Lifecycle policies control all data replication with no management from
the user.
• DD Boost is the active protocol for MFR. DD Boost creates and
removes contexts as needed based on life-cycle policies.
• MFR automatically uses the most secure level of replication encryption
that is configured in the replication pair.

Initializing Replication

Replication Initialization

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 22

[email protected]
 Exploring Data Replication

Once a new replication pair is created, the replication initialization process

automatically begins.

You can view the latest Synced As Of Time in DD System Manager in

the Replication > Automatic > Summary > Detailed Information
window. The Synced As Of Time displays N/A because initialization is
underway.

The Synced As Of Time displays the local date and time of sync
completion when replication is finished.

Tip: Directory replication uses the directory file structure on

a PowerProtect DD system. The directory file structure is a
legacy structure that systems before DDOS version 5.x use.
DDOS keeps and manages directories in /data/col1/.
DDOS carries the directory file structure over to current
versions of DDOS to maintain compatibility with customers
who upgraded from 4.x to 5.x.

If you must sync a large amount of data and the replication pair is
connected to a slow link, initialization can take some time. To expedite the
initial data transfer to the destination system, bring the destination and
source systems together to use a high-speed low-latency link.

Consider the following when you plan to initialize your replication

destination:

• You cannot perform migration during initialization.

• Initialization supports all replication topologies.

Once the data in the replication pair is successfully replicated to the

destination system, you can move the system back to its intended
location. Once data is initialized on the destination system, the source
system sends only new data from that point onwards.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 23

[email protected]
 Exploring Data Replication

The following guidelines can be used to estimate the time to complete

replication initialization:
• When you use a T3 connection, 100 milliseconds wide ares network
(WAN), throughput performance is about 40 MB/sec of precompressed
data. The yield is a data transfer rate of 40 MB/sec = 25 seconds per
GB or about 3.456 TB/day.
• When you use a base-2 equivalent of 1G local area network (LAN)
performance is about 80 MB/sec of precompressed data, or, twice the
rate of a T3 WAN.

Important: The estimates above are guidelines only and

may not be accurate in specific production environments.
For assistance contact Dell Support through the Dell
Support website.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 24

[email protected]
 Configuring Replication

Configuring Replication

Configuring Replication

Discovering Replication URL Schemes

The replication feature identifies endpoints of the

replication source and destination systems with a
replication URL. The command-line interface (CLI),
system logs, and other facilities use the replication
URL. The first portion of the replication URL
identifies the context type in the part of the URL
known as the scheme.

For example, the following replication URL, mtree://dd-

dst.domain.com/data/col1/mtree-dst where mtree:// is the
scheme.

The scheme types are mtree:// for MTree and managed file replication
(MFR) contexts and col:// for collection replication contexts.

The hostname portion of the replication URL is the same as the output of
the net show hostname command. The path is the logical path to the
target directory or MTree.

The path for an MTree URL starts with the hostname, followed by
/data/col1 and ends with the name of the target MTree.

Collection replication URLs require only the hostname belonging to a

particular PowerProtect DD host.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 25

[email protected]
 Configuring Replication

Example URL Schemes

Create Replication Pair

The following are example URL schemes for collection, and MTree
replication. Use these schemes when identifying the replication pair in the
DD System Manager in the Create Replication Pair window. Use the same
scheme when using adding a replication pair using the replication
add CLI command.

For collection replication, use the following URL scheme providing only the
hostname:

• col://<hostname>

For MTree replication, use the following URL scheme:

• mtree://<source-hostname>/data/col1/<source-mtree-
name>
• mtree://<destination-
hostname>/data/col1/<destination-mtree-name>

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 26

[email protected]
 Configuring Replication

Adding a Partner System

Managing Systems for Replication Using DD System Manager

Before you can configure replication between two systems, you must first
configure the destination or partner PowerProtect DD system, to let the
source system manage it.

To add a partner system to a replication pair, do the following:

1. Verify that you have compatible DD Operating System (DDOS)
versions on both the source and destination systems.
2. In the Replication > Automatic > SUMMARY tab, select MANAGE
SYSTEMS.
3. Click thevplus sign +. The Add System dialog box appears.
4. Enter the partner system hostname and the password that is assigned
to the sysadmin user.
5. Select OK when the information for the partner system is complete.
Select OK. The Verify Certificate dialog box appears.
6. If the system is successfully added, the DD System Manager returns to
the Manage Systems dialog box and the newly added partner system
appears in the list.

If host system cannot reach the partner system after adding it, verify the
route from the managing system to the added system. If you enter a

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 27

[email protected]
 Configuring Replication

hostname, either a fully qualified domain name (FQDN) or non-FQDN,

ensure that both systems can resolve it.

Configure a hostname for the source and destination replication system.

Ensure that a domain name system (DNS) entry for the system exists, or
ensure that you have defined an IP address to hostname mapping.

Creating a Replication Context

The Create Replication Pair in DD System Manager

To create a replication pair and context, follow these steps:

1. Select CREATE PAIR in the Replication > Automatic > SUMMARY

tab.
2. In the Create Replication Pair dialog, select the CREATE tab.
3. Select the Replication Direction context. When you configure the
source system, select Outbound. When you configure the destination
system, select Inbound.
4. Select either MTree, or Collection in the Replication Type field.

Continue by choosing one of the following options below:

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 28

[email protected]
 Configuring Replication

To create a collection replication pair:

1. Select Collection from the dropdown Replication Type field.
2. Provide the destination system hostname.
− If the destination system is not listed in the dropdown menu, add it
by selecting the Add System hyperlink and click OK.
3. After the create pair process completes, select Close.

To create an MTree replication pair:

1. Provide the destination system hostname.
If the destination system is not listed in the dropdown menu, click Add
System.
2. Provide the Source Path of the source MTree.
3. Provide the Destination Path of the destination MTree.
The source and destination MTrees must be directly under
/data/col1 in the file system.
4. Select OK to complete the configuration.

Important: Directory replication is supported in DDOS

versions 7.7.0.0 and earlier support directory replication.
DDOS versions 7.7.1.0 and later do not support directory
replication.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 29

[email protected]
 Configuring Replication

Configuring a Replication Context Using the CLI

With an admin or limited-admin role, you can configure a replication

context using the replication add command. The following are
example commands for collection, or MTree context creation:
• Use the replication add source col://system-
dd1.chaos.local destination
col://systemdd2.chaos.local command to add a collection
replication context.
• Use the replication add source mtree://system-
dd1.chaos.local/data/col1/mtree1 destination
mtree://system-dd2.chaos.local/data/col1/dstmtree1
max-repl-streams 6 destination-tenantunit tu1command
to add an MTree replication context.

Deep Dive: For more details about configuring a replication

context using the command line interface in DDOS, go to
the latest Dell EMC DDOS Command Reference Guide on
the Dell Support website.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 30

[email protected]
 Configuring Replication

Reviewing Replication Configuration

Use the Replication > Automatic > SUMMARY > Detailed Information pane to Review a
Replication Configuration

To review the configuration of the replication feature, go to the

Replication > Automatic > SUMMARY tab. The replication summary
table provides you high-level information about the configuration of each
context.

Select a context from the list in the replication summary table to see
Detailed Information pertaining to the selected context.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 31

[email protected]
 Configuring Replication

Reviewing Replication Configuration Using the CLI

With an admin or limited-admin, security, user, backup-operator, none,

tenant-user, and tenant admin role, you can review the configuration of a
replication context using the replication show config command:
• The replication show config | all command displays the
connection host, port, IP version, and other configured options.
• The replication show detailed-historycommand displays
replication performance history details.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information and specific command syntax.

Exploring Replication Connection Ports

Listen and Connection Ports in a Many-to-One Replication Configuration

The listen port is the transmission control protocol (TCP) port the
replication destination system monitors for incoming connections. If a
firewall configuration or other network issues interfere with the default

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 32

[email protected]
 Configuring Replication

connections between the replication and source, you can modify the listen
port.

The listen port is a global setting. All contexts for which this system is a
destination monitor this port. All replication source systems must be
configured to connect to this particular port value.

The three replication source systems should connect to the single

replication destination by configuring three separate replication contexts.

The connection port is the TCP port that the source system uses to
communicate to the replication destination. The connection port is
configured per context. It is not a global setting. The default value for the
connection port is 2051.

Because the replication destination has a default listen port value of 2051,
each replication source must use a corresponding connection port value of
2051. In the example, the first two systems are configured with the correct
connection port, 2051. The third system is using an incorrect connection
port value, 3030. An incorrect connection port value prevents a replication
connection with the destination.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 33

[email protected]
 Configuring Replication

Modifying the Connection Port

Change the Connection Port Using the Modify Connection Settings

To move data traffic through a specific port, you can change the
Connection Port in the Modify the Connection Settings window. Change the
current context by changing the Connection Host parameter using a
hostname that is defined in the local hosts file. Using the Connection Host
parameter allows you to change the name of the destination system
without having to destroy and recreate the replication pair. The hostname
corresponds to the destination. The host entry indicates an alternate
destination address for that host.

If you are changing an existing context to contain a non-default connection

value:

1. Go to the Replication > Automatic > SUMMARY tab on the source

system.
2. Select a context from the context summary table.
3. Select MODIFY SETTINGS to modify the selected context.
4. In the Modify Connection Settings dialog, click the checkbox Use Non-
default Connection Host.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 34

[email protected]
 Configuring Replication

5. Change the Connection Port to a new value.

6. Click NEXT to complete the context modification process.

Create Context with Non-Default Connection Port

Create Replication Pair > ADVANCED Window in DD System Manager

You can specify a non-default connection port value when you create the
context in DD System Manager. You can modify the port value after the
context is created.

To create a context with a non-default value, perform the following:

1. Go to the Replication > Automatic > SUMMARY tab on the source
system.
2. Select CREATE PAIR to create a replication pair.
3. Complete the configuration of the CREATE PAIR > CREATE tab in the
Create Replication Pair dialog.
4. Click the ADVANCED tab.
5. Click the Use Non-default Connection Host checkbox.
6. Change the Connection Port to a new value.
7. Click OK.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 35

[email protected]
 Configuring Replication

Modifying the Listen Port

Modifying the Listen Port in DD System Manager

To choose a non-default IP listen port value in DD System Manager,

perform the following:
1. Go to the Replication > Automatic > ADVANCED SETTINGS tab on
the system.
2. Click CHANGE NETWORK SETTINGS.
3. In the Listen Port field of the Network Settings dialog, enter a non-
default IP listen port value.
4. Click OK.

Low-Bandwidth Optimization

Low-bandwidth optimization (LBO) is an optional mode that enables

remote sites with limited bandwidth to replicate and protect more of their
data over existing, lower-speed networks.

Do not use LBO if the system requires maximum file system write
performance. Enable LBO only for replication contexts that are configured

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 36

[email protected]
 Configuring Replication

over wide area network (WAN) links with less than 6 Mb per second of
available bandwidth.

You enable LBO on a per-context basis for all file replication jobs on a
system. You must enable LBO on both the source and destination
PowerProtect DD appliances.

You might further tune your system to improve LBO functionality. Use
bandwidth and network-delay settings together to calculate the proper
transmission control protocol (TCP) buffer size and set replication
bandwidth for replication for greater compatibility with LBO.

Replication without deduplication can be expensive. Data deduplication

makes it possible to replicate all data across a small WAN link.
Deduplication sends only new unique segments in order to reduce WAN
traffic down to a small percentage of what you might need for replication
without deduplication. Large factor reductions make it possible to replicate
over a less-expensive, lower throughput WAN link or to replicate more
than just the most critical data.

Low Bandwidth Optimization Process

LBO Process in DD Operating System

Delta compression is a global compression algorithm that LBO applies

after identitying filtering. Delta comparison reduces the amount of data

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 37

[email protected]
 Configuring Replication

that is replicated over a low-bandwidth WAN by eliminating redundant

data before replication. Delta compression is also beneficial to remote
sites with lower-performance PowerProtect DD models.

The algorithm looks for previous similar segments using a sketch-like

technique that sends only the difference between previous and new
segments. In the example diagram, segment S1 is similar to S16. The
destination can ask the source if it also has S1. If it does, the source
transfers only the data differences between S1 and S16. If the destination
does not have S1, it sends the full segment data for S16 and the full
missing segment data for S1.

When using DD System Manager, you can enable LBO when you create a
replication context. You can disable LBO anytime afterward.

Encryption Over Wire

Encryption over wire secures replication traffic

between the source and destination systems.
Enable encryption over wire if you are concerned
about the security of your network link. Encryption
over wire uses the Anonymous Diffie-Hellman,
advanced encryption standard, 256-bit secure hash
algorithm (ADH-AES256-SHA) encryption suite.

When you enable the encryption over wire option on a replication context,
the system must first process the data that it reads from the disk. If you
enable the data at rest encryption feature, the source system must decrypt
the data before it is processed for replication. Otherwise, the data is read
from the source system.

The replication source encrypts the data using the encryption over wire
algorithm before the system transmits the data to the destination system.

You can also modify the encryption over wire setting after the context is
created.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 38

[email protected]
 Configuring Replication

When using the DD System Manager, you can enable the encryption over
wire feature when you create the context:
1. Go to the Replication > Automatic > SUMMARY tab on the source
system.
2. Select CREATE PAIR to create a replication pair.
3. Complete the configuration of the CREATE PAIR > CREATE tab.
4. Select the ADVANCED tab.
5. Select the checkbox Enable Encryption Over Wire.
6. Click OK.

Managing Replication Throttle Settings

Throttle Settings Located in the Replication Window in DD System Manager

To modify the amount of bandwidth used for replication, you can set
replication throttle for replication traffic.

Click ADD THROTTLE SETTING to view the Add Throttle Setting dialog.
The Add Throttle Setting dialog shows the current settings for any temporary
overrides. If you configure an override, the Add Throttle Setting dialog
displays the set throttle rate, 0 which means all replication traffic is
stopped, or Unlimited.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 39

[email protected]
 Configuring Replication

The Add Throttle Setting dialog also shows the configured schedule. You
should see the time for days of the week on which scheduled throttling
occurs.

To add throttle settings, perform the following:

1. Click the checkboxes to set the Days of the Week that throttling is
active.
2. Set the throttling Start Time.
3. Set the Throttle Rate. Be sure to select Bps, Kbps, or Mbps, then
click OK. You can disable all replication traffic by selecting the 0 Bps
(Disabled) option. You can also select Unlimited to remove all throttle
amounts.
4. In the Replication > ADVANCED SETTINGS, click the SET
THROTTLE OVERRIDE tab to set override options.
5. If you select the Clear at next scheduled throttle event checkbox,
the throttle schedule returns to normal after the next scheduled throttle
event.
6. Click OK to start the throttle override setting.

Replication Schedule

The replication schedule command-line interface (CLI) commands

allow customers to enable and disable MTree replication contexts using
the (CLI). The replication schedule commands are useful to disable
replication during a backup window and then reenabling replication at the
end of the backup window.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 40

[email protected]
 Configuring Replication

Some administrators construct their own Cron Jobs1 to accomplish the

same task. Dell Technologies recommends using only the DDOS
replication schedule CLI commands to avoid system instability or
possible data loss.

The replication schedule commands give you integrated

functionality, so Cron Jobs are not necessary.

Perform the following CLI commands to control the replication schedule

for specified MTree contexts:

• The command replication schedule set context enable

hhmm disable hhmm creates or changes the enable and disable
times for the specified MTree replication context.
• The command replication schedule reset context enable
hhmm disable hhmm deletes a schedule and specifies the context,
enable time, and disable time to reset.
• The command replication schedule show displays all
scheduled enable and disable times for all replication contexts on the
system.

1 A Cron Job is a process or task that runs periodically on a UNIX system.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 41

[email protected]
 Monitoring Replication

Monitoring Replication

Monitoring Replication

Creating Replication Status Reports

PowerProtect DD Management Center Dashboard

PowerProtect DD Management Center (DDMC) enables you to generate

reports to track space usage on a PowerProtect DD appliance for up to
the previous two years. You can also generate reports to help understand
replication progress. You can view reports on file systems daily and
cumulatively, over time.

There are two types of replication reports available for PowerProtect DD:
• The Replication Status Report

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 42

[email protected]
 Monitoring Replication

− The Replication Status Report displays three charts describing the

status of the current replication job running on the system. This
report provides a snapshot of all replication contexts to help
understand the overall replication status.
• The Replication Summary Report

− The Replication Summary Report provides performance information

about the overall network in-and-out usage, and per context levels
over a specified duration. You can select which contexts to analyze.

Creating a Replication Status Report

Creating a Replication Status Report Using Reports Management in DDMC

You can create replication status reports in the PowerProtect DD

Management Center Reports Management window.

You can create a replication status report when you want to evaluate past
collected file system or replication data:
1. In the PowerProtect DD Management Center, select Reports >
Management.
2. Click ADD.
− The Add Report Template appears.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 43

[email protected]
 Monitoring Replication

3. Select System Reports.

− DDMC displays a list of report templates.
4. Select the Replication Status report from the list of templates and
enter a name for this report in the Name field.
5. Click NEXT.
− The Email window appears.
6. Click ADD to enter email addresses to contact when the report is
finished or if an error occurs.
7. Click NEXT.
8. A summary screen shows the completed configuration.
The replication status report generates a summary of the report
configurations.
9. If the configurations are correct, click FINISH.
10. The Replication Report appears in Reports > Management.
11. Double-click the Report icon to view the details.
12. The Replication Status Report contains three sections: Replication
Status Overview, Replication Pairs, and System Details.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 44

[email protected]
 Monitoring Replication

Replication Status Report Details

Replication Status Report Cover Sheet

A typical Replication Status Report contains several pages and presents

three detailed sections: Replication Status Overview, Replication Pairs,
and System Details.

• The Replication Status Overview provides a summary of all

replication contexts for a PowerProtect DD system. The overview
shows the status for the inbound and outbound replication pairs.
Automatic Replications Overview reports systems with pairs lagging
beyond thresholds, by bytes remaining for MTree and directory
replications and systems with lagging collection replications. On-
Demand Replications status shows that the system with failed
outbound on-demand replications ranked by percentage.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 45

[email protected]
 Monitoring Replication

• The Replication Pairs section reports errors, warnings, or unknown

status for automatic and on-demand replications.
• The System Details section reports on both source and destination
systems. It provides inbound and outbound statistics and displays a
trend analysis over the last 30 days. More details show system details
for source and destination systems that include replications with lags
over thresholds, on-demand replications by the highest percentage of
failed transfers, inbound automatic replications, and inbound on-
demand replications. The last section provides details about outbound
and cascaded automatic replications and outbound on-demand
replications.

Automatic Replications Overview reports systems with pairs lagging

beyond thresholds, by bytes remaining for MTree replications, and
systems with lagging collection replications.

On-Demand Replications status shows that the system with failed

outbound on-demand replications ranked by percentage.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 46

[email protected]
 Data Recovery

Data Recovery

Data Recovery

Data Recovery Description

If source replication data is inaccessible for any reason, you can

resynchronize the data from the replication destination.

Resynchronization is when you reestablish a previously configured but

broken replication context. Data recovery through resynchronization is the
process of bringing back into synchronization, the replication pair after a
manual break. The replication pair is resynchronized so both endpoints
contain the same data. Resynchronization is available for MTree and pool
replication. Resynchronization is not available for collection replication.

Use PowerProtect DD systems to store backup data onsite for short-term

protection, depending on local practices and capacity. The best protection
strategy uses offsite storage backup to maintain file replicas for long-term
protection. If a disaster destroys onsite data, you can use offsite replica to
restore operations.

Recovery systems can immediately recover data on the replica or target

system. When you repair or replace the PowerProtect DD system at the
main site, you can recover lost data using a few simple recovery
commands. For collection replication, you must fully initialize the
destination context to successfully recover the data.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 47

[email protected]
 Data Recovery

Configuring Data Recovery

Recovering Lost Data Using Recovery

If source replication data becomes inaccessible, you can recover it from

the replication pair destination. The source must be empty before recovery
can proceed. You can perform recovery for all replication types, except for
MTree replication which uses data resynchronization.

Recover directory, collection, or pool replicated data by following these

steps:
1. Go to Replication > Automatic and select the SUMMARY tab.
2. To display the Start Recover dialog box, select MORE > Start Recover.
3. Click CREATE and select MTree, Collection, or Pool from the
Replication Type menu.
4. Select the hostname of the system to be restored from the System to
recover to menu.
5. Select the hostname of the source system from the System to
recover from menu.
6. From the context list, select the context to restore.
7. To change any host connection settings, select the ADVANCED tab.
8. To start the recovery, select OK.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 48

[email protected]
 Data Recovery

Important: If a recovery fails or if you must terminate

recovery, you can cancel the replication recovery. You must
restart recovery on the source as soon as possible.

To cancel a recovery, perform the following steps:

1. Click MORE, and select Abort Recover. The Abort Recover dialog
box appears, showing the contexts that are performing recovery.
2. Click the checkbox of one or more contexts to cancel from the list.
3. Click OK.

Data Resynchronization

Resynchronization is the process of recovering or bringing back into sync,

the data between a source and a destination replication pair after a
manual break. The replication pair is resynchronized so both systems
contain the same data. Resynchronization is available for MTree and pool
replication but not for collection replication.

Start a Data Resynch in the Replication Window on DD System Manager

To resynchronize a context in DD System Manager, do the following:

1. Go to the Replication > Automatic > SUMMARY tab for both the
source and destination systems.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 49

[email protected]
 Data Recovery

a. Select the target context.

b. Delete the context by selecting the DELETE PAIR button.
2. Select the context from either the replication source or replication
destination system and select MORE > Start Resync to display the
Start Resync dialog.
3. Select either MTree, or PoolReplication Type to resync. If resyncing
an MTree replication, the source and destination must have a common
snapshot. Do not delete existing snapshots before you resync the
source and destination.
4. Select the replication source system details.
5. Select the replication destination system hostname from the
Destination System menu.
6. Enter the replication source path in the Source Path text box.
7. Enter the replication destination path in the Destination Path text box.
8. To change any host connection settings, select the ADVANCED tab.
9. Select OK.

The resynchronization process adds the context back to both the source
and destination systems and starts the resync process. The
resynchronization process can take several hours and up to several days,
depending on the size of the system and current load factors.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 50

[email protected]
Terms
Replication
Replication is storing copies of the same data in two or more locations.

Replication initialization
Replication initialization is the process of transferring the initial replication
data from the source system to the target system.

PowerProtect DD Data Replication and Recovery

© Copyright 2023 Dell Inc Page 51

[email protected]
 DD BOOST
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

DD Boost Implementation and Administration 5

Exploring DD Boost 6
Exploring DD Boost Features 6
DD Boost Overview 6
DD Boost Features 7
DD Boost Security Options 8
Managing Storage Units 10
Exploring Distributed Segment Processing 11
Exploring Managed File Replication with DD Boost 13
Managing Load Balancing and Link Failover for DD Boost 14
Exploring Virtual Synthetic Backups 15
Exploring Virtual Synthetic Backups 17
When to Use Virtual Synthetic Backups 18
When Not to Use Virtual Synthetic Backups 19
DD Boost Over Fibre Channel 19
Exploring DD Boost in High Availability Systems 20
DD Boost File System for Windows and Linux 21
BoostFS for Windows 22
BoostFS for Linux 23

Configuring DD Boost 25
Configuring DD Boost 25
Configuring DD Boost 25
Enabling DD Boost 27
Adding DD Boost Users and Clients 29
Creating Storage Units 30
Renaming, Deleting, and Restoring Storage Units 32
Setting DD Boost Options 34
Configuring DD Boost Over Fibre Channel 35
Creating DD Boost Access Groups 37

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 3

[email protected]
 Reviewing DD Boost Access Groups 38
Managing DD Boost Access Groups 39

Using DD Boost with Backup Software 41

Using DD Boost with Backup Software 41
Using DD Boost with Dell NetWorker 41
Using DD Boost with Dell Avamar 43
DD Boost with PowerProtect Data Manager 45
DD Boost for Partner Integration 46
Using DD Boost with Veritas NetBackup and Backup Exec 47
DD Boost with Other Third-Party Applications 48

Terms 50

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 4

[email protected]
 Exploring DD Boost

DD Boost Implementation and Administration

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 5

[email protected]
 Exploring DD Boost

Exploring DD Boost

Exploring DD Boost Features

DD Boost Overview

DD Boost Integrates with Backup and Enterprise Applications

DD Boost provides advanced integration with backup and enterprise

applications for increased performance and ease of use. DD Boost
distributes parts of the deduplication process to the backup server or
application clients, enabling client-side deduplication for faster, more
efficient backup and recovery.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 6

[email protected]
 Exploring DD Boost

DD Boost library runs on the backup server and is integrated into

particular backup applications such as:

• Dell NetWorker
• Dell Avamar
• Third-party DD Boost partner backup applications

For nonpartnered backup applications, download a version of the DD

Boost plug-in1 to install on the media server.

DD Boost supports interoperability with many products on various backup

host platforms and operating systems. The interoperability matrix is both
large and complex. To be certain a specific product is compatible with DD
Boost, consult the Dell Technologies E-Lab Interoperability Navigator or a
Dell Technologies Support representative.

DD Boost Features

DD Boost provides the following features:

• Increased performance, and ease of use for backup and recoveries.
• Parts of the deduplication process are distributed to the backup server
or application clients using distributed segment processing (DSP). DSP
increases backup throughput by eliminating duplicate data
transmission between the media server and the PowerProtect DD
system.
• Advanced load balancing and link failover using Dynamic Interface
Groups (DIG).

1 The DD Boost plugin includes the DD Boost libraries for integrating with
the DD Boost server running on the protection system.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 7

[email protected]
 Exploring DD Boost

• Managed File Replication (MFR) for supported backup applications.

• Contains DD Boost security options for both authentication and
encryption.
• DD Boost supports file replication encryption. You can encrypt the data
replication stream by enabling the DD Boost file replication encryption
option. If you use DD Boost file replication encryption on a system
without the data at rest option, you must enable it on both systems.
• DD Boost supports virtual synthetic backups. A virtual synthetic full
backup is the combination of the last full backup and all subsequent
incremental backups. DD Boost enables virtual synthetics by default.
• Optionally, DD Boost uses low-bandwidth optimization over low-
bandwidth connections. If you use file replication over a low-bandwidth
network, you can increase replication network efficiency by using low-
bandwidth optimization. This feature provides extra compression
during data transfer. Low-bandwidth compression is available to
PowerProtect DD appliances with an installed replication license.

Important: To harden the security for managed file

replication with DD Boost, Dell Technologies recommends
that you enable encryption with two-way authentication.

DD Boost Security Options

DD Boost security options include setting the DD Boost authentication

mode and encryption strength. The PowerProtect DD appliance compares
the global authentication mode and encryption strength against the per-
client authentication mode and encryption strength. Then the appliance
calculates the effective authentication mode and authentication encryption
strength.

The effective authentication mode and encryption strength come from the
single entry that provides the highest authentication mode. The system
does not use the highest authentication mode from one entry and the
highest encryption settings from a different entry.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 8

[email protected]
 Exploring DD Boost

The DD Boost authentication modes are:

• None
• Two-way
• Two-way Password

The DD Boost encryption strength levels are:

• None
• Medium
• High

The protection system reads the global authentication mode and

encryption strength. The system then compares them against the per-
client authentication mode and encryption strength. The comparison
results in determining the effective authentication mode and authentication
encryption strength.

DD Boost supports file replication encryption. You can encrypt the data
replication stream by enabling the DD Boost file replication encryption
option. If you use DD Boost file replication encryption on a system
without the data at rest option, you must enable it on both systems. The
effective authentication mode and encryption strength come from the
single entry that provides the highest authentication mode.

Important: To harden the security for managed file

replication with DD Boost, Dell Technologies recommends
that you enable encryption with two-way authentication.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 9

[email protected]
 Exploring DD Boost

Managing Storage Units

A Storage Unit in the PowerProtect DD MTree Structure

The PowerProtect DD appliance exposes user-created volumes that are

called storage units (SUs) to a DD Boost-enabled application host. Access
to the SU is operating system independent. Multiple application hosts,
when configured with DD Boost, can use the same SU on a PowerProtect
DD appliance as a storage server.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 10

[email protected]
 Exploring DD Boost

In this example, an administrator created an SU named User-created_su.

As the system completes the SU creation, an MTree is created. Creating
storage units creates MTrees under /Data/col1.

You can manage MTrees in the following ways:

• Set hard and soft quota limits
• Set stream limits
• Receive reports about the contents of any MTree including DD Boost
storage units

Exploring Distributed Segment Processing

Distributed segment processing (DSP) increases backup throughput in

almost all cases by eliminating duplicate data transmission between the
media server and the protection system.

Distributed Segment Processing (DSP) Shares Deduplication Duties with the Backup
Host.

• With DSP enabled, the backup host performs these functions:

− Segments the data
− Creates fingerprints of the segment data
− Sends the fingerprints to the PowerProtect DD appliance

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 11

[email protected]
 Exploring DD Boost

• With DSP enabled, the PowerProtect DD appliance performs these

functions:
− Filters the fingerprints
− Requests data not previously stored
− Records references to previously stored data and writes new data
− Compresses the segments it transmits to the PowerProtect DD
appliance
• DSP has several benefits, including:

− More efficient CPU utilization

− Reduced utilization of network bandwidth
o DSP helps reduce the network bandwidth that the protection
system needs because it sends only unique pre-compressed
data over the network to the PowerProtect DD appliance. DSP
increases performance over 1-GbE infrastructure yields higher
throughput than is possible using traditional Ethernet protocol.
− Less time to complete failed backup jobs
o If a job fails, system does not resend the data that the protection
system received before the failure. Sending only unique data
reduces the load on the network and improves the overall
throughput for the failed backups upon retry.
− Distribution of the workload
DD Boost can operate with DSP either enabled or disabled. You must
enable or disable DSP on a per-system basis. You cannot configure
individual backup clients differently than the PowerProtect DD appliance.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 12

[email protected]
 Exploring DD Boost

Exploring Managed File Replication with DD Boost

Managed File Replication

Managed file replication (MFR) directly transfers backup data from one
PowerProtect DD system to another, one at a time on request from the
backup software. MFR uses DD Boost integration between two or more
PowerProtect DD appliances and the backup application. MFR allows
schedule replication operations and monitoring backups for both local and
remote sites. MFR simplifies the recovery from backup copies because all
copies are tracked in the backup software catalog.

The PowerProtect DD appliance uses a Wide Area Network (WAN), an

efficient replication process for deduplicated data. You can optimize the
replication process over WAN, reducing the overall load on the bandwidth
required for creating a duplicate copy.

When setting up MFR, consider the following:

• Both standard MTree replication and managed file replication can
operate on the same system. Managed file replication can be used
only with MTrees established with DD Boost storage units.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 13

[email protected]
 Exploring DD Boost

• Keep below the maximum total number of replication pairs

recommended for your particular PowerProtect DD appliance.
• Do not exceed the total number of MTrees on a system. The MTree
limit is a count of both standard MTrees, and MTrees created as DD
Boost storage units. The limit depends on the PowerProtect DD
appliance and the DDOS version.

Deep Dive: Go to the latest Dell EMC DDOS

AdministrationGuide on the Dell Support website for detailed
information about MFR. The Dell EMC DDOSAdministration
Guide provides information about the number of supported
MTrees for specific PowerProtect DD models.

Managing Load Balancing and Link Failover for DD

Boost

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 14

[email protected]
 Exploring DD Boost

You can manage the physical interfaces that connect the system to a
network and create logical interfaces to support load balancing and link
failover.

The advanced load balancing and link failover feature support combining
multiple Ethernet links into an interface group.

As a part of load balancing, DD Boost negotiates with the PowerProtect

DD appliance which interface to use to send the data.

A benefit of load balancing is higher physical throughput to the

PowerProtect DD appliance compared to configuring the interfaces into a
virtual interface using Ethernet-level aggregation.

The links connecting the backup hosts and the switch that connects to the
PowerProtect DD appliance are placed in an aggregated failover mode.
The backup application registers a network-layer aggregation of multiple 1
GbE or 10 GbE links. The backup server controls the aggregated links.

A network-layer aggregation provides network failover functionality in the

configuration. You can use any of the available aggregation technologies
between the backup servers and the switch.

The system uses an interface group that is configured on the

PowerProtect DD appliance as a private network for data transfer. If an
interface fails, all in-flight jobs to that interface transparently fail over to a
healthy interface in the interface group. Any jobs started after the failure
are routed to the healthy interfaces. You can add public or private IP
addresses for data transfer connections.

Important: Advanced load balancing and link failover work

with interfaces of different speeds in the same interface
group.

Exploring Virtual Synthetic Backups

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 15

[email protected]
 Exploring DD Boost

Virtual Synthetic Backups

During a traditional full backup, the protection system copies all data from
the client to a backup host. The backup host sends the resulting image set
to the PowerProtect DD appliance. The system transfers the files even
though the data may not have changed since the last incremental or
differential backup. Copying data that has not changed since the last full
backup results in more bandwidth and time to perform a backup operation.

In contrast, a synthetic full backup combines the previous full backup with
the subsequent incremental backups on the PowerProtect DD appliance.
The combination forms a new full backup. The new full synthetic backup is
an accurate representation of the client file system at the time of the most
recent incremental backup.

The PowerProtect DD system creates synthetic backups without using

client or network resources. The synthetic backup process requires less
time to perform a backup, and reduces system restore times and costs.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 16

[email protected]
 Exploring DD Boost

Exploring Virtual Synthetic Backups

Virtual Synthetic Backups

A synthetic full or synthetic cumulative incremental backup is a backup

that is assembled from previous backups.

The following are some important points about virtual synthetic backups:

• Synthetic full backups are generated from one previous, traditional, or

synthetic full backup and subsequent incremental backups. The
system timestamps the virtual synthetic backup as occurring one
second after the latest incremental. The virtual synthetic backup does
not include any changes to the backup selection since the latest
incremental.
• A client uses a synthesized backup to restore files and directories in
the same way that a client restores from a traditional backup.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 17

[email protected]
 Exploring DD Boost

• Virtual synthetic backups help reduce network traffic and client

processing. Virtual synthetic backups reduce the network traffic and
client processing by processing the data on the PowerProtect DD
appliance. The storage node or backup host directs the efficient
processing. The operation transfers client files and backup image sets
over the network only once.
• Synthesized backups are a solution for backing up remote offices
using manageable data volumes and low levels of daily change. If the
clients experience a high rate of change daily, then the incremental or
differential backups are too large. In these conditions, a virtual
synthetic backup is no more helpful than a traditional full backup.

Important: To ensure good restore performance, Dell

Technologies recommends that you create a traditional full
backup every two months. Be sure you adopt a normal
weekly full and daily incremental backup policy.

When to Use Virtual Synthetic Backups

Consider using virtual synthetic backups when:

• Backups are small and localized.
− Daily incremental backups are small, about less than 10% of a
normal, full backup.
• The PowerProtect DD appliance has more than ten disks.
• Data restores are infrequent.
− Restore performance from a synthetic backup is typically worse
than a standard full backup due to poor data locality.
• Synthetic backups can reduce the load on an application server and
the data traffic between an application server and a backup host.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 18

[email protected]
 Exploring DD Boost

− Synthetic backups can also reduce the traffic between the backup
hosts and the PowerProtect DD appliance. Synthetic backups
reduce traffic by performing the virtual synthetic backup assembly
on the PowerProtect DD appliance.
• Your backup hosts might not handle distributed segment processing
(DSP) well and are burdened.

When Not to Use Virtual Synthetic Backups

It might not be appropriate to use virtual synthetic backups when:

• Daily incremental backups are large, about >15% of a full backup, or if
they are highly distributed.
• You are backing up large, non-system data.
• When you frequently restore data from backup.
• The PowerProtect DD appliance has few disks.
• Your backup hosts handle distributed segment processing well.
• Base files for virtual synthetic operations cannot use files in a cloud
tier. The incremental forever or synthetic full backups must remain in
the active tier when you use them in the virtual synthesis of new
backups.

DD Boost Over Fibre Channel

Using DD Boost Over Fibre Channel

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 19

[email protected]
 Exploring DD Boost

Using Fibre Channel (FC) instead of Ethernet as the transport is

transparent to the backup application. DD Boost over FC presents logical
storage units (LSUs) to the backup application and removes several
limitations inherent to tape and virtual tape libraries (VTL). DD Boost over
FC permits concurrent reads and writes, which is not supported with VTL.
The backup image is the smallest unit of replication or expiration
compared to virtual tape. Backup images result in more efficient space
management.

Considerations for using DD Boost over Fibre Channel include:

• Simplified management removes access group limitations in a simple
configuration using few access groups. Instead of managing tape
cartridges, administrators manage backup images.
• The DD Boost library that you install on backup hosts and
PowerProtect DD systems performs path management, load
balancing, and failover. You do not need multipathing I/O (MPIO)
software on backup servers with FC connection to PowerProtect DD
systems.

Exploring DD Boost in High Availability Systems

PowerProtect DD High Availability Feature

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 20

[email protected]
 Exploring DD Boost

The High Availability (HA) feature for PowerProtect DD lets you configure
two protection systems as an active-standby pair.

1. A PowerProtect DD HA system receives a backup using DD Boost to

the active node.
2. The HA configuration provides redundancy and keeps the active and
standby systems synchronized. If the active node fails for any reason,
the standby node can take over services and continue where the failing
node left off.
3. If the active node fails, the standby node becomes the new active
node.
4. Backup operations continue over DD Boost to the new active node
without interruption.

The following are some of the qualities of the HA feature:

• HA supports an active node and a standby node.
• When a protection system with HA enabled fails, recovery on the
standby node occurs in less than 10 minutes.
• If a failover occurs, applications automatically recover. DD Boost
requires no action from the application.

DD Boost File System for Windows and Linux

BoostFS Integration Advantages

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 21

[email protected]
 Exploring DD Boost

DD Boost Filesystem (BoostFS) provides a general file-system interface to

the DD Boost library, allowing standard backup applications to take
advantage of DD Boost features. The BoostFS Plug-In with DD Boost
provides even greater application support, which enables all the benefits
of DD Boost for data protection. BoostFS is supported and available for
both Linux and Windows hosts.

The following are some of the features of BoostFS:

• Boost FS workflow is similar to CIFS and NFS with the added benefits
of the DD Boost protocol.
• BoostFS uses DD Boost load-balancing.
• BoostFS supports in-flight encryption.
− In-flight encryption allows applications to encrypt in-flight backup or
restore data over LAN from the protection system. When you
configure BoostFS, the client can use Transport Layer Security
(TLS) to encrypt the session between the client and the protection
system. DD Operating System (DDOS) supports Galois/Counter
Mode (GCM) ciphers in both the DD Boost client and the
PowerProtect DD protection system.
• As a file server system implementation, the BoostFS workflow is
similar to NFS but leverages the DD Boost protocol. In addition,
BoostFS improves backup times compared to NFS and various copy-
based solutions.
• BoostFS provides a file system interface to create and delete mount
points.
• BoostFS offers RSA Lockbox or Kerberos authentication.
• BoostFS supports distributed segment processing.

BoostFS for Windows

You can install BoostFS for Windows on Windows Server 2016, Windows
Server 2019, or Windows Server 2022, and supports several backup and
enterprise applications.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 22

[email protected]
 Exploring DD Boost

Install BoostFS for Windows by using the Microsoft Software Installer

(MSI) which you can download from the Dell Support website. Do not
change the default settings. The MSI includes several binary files and a
device driver from EldoS Corporation.

BoostFS for Windows uses Callback File System (CBFS). CBFS is a

software interface that Callback Technologies owns. CBFS enables file
systems to exist in user space and not only within a driver in kernel space.
CBFS functionality is similar to that of FUSE on UNIX operating systems.
To install BoostFS for Windows, you must install the CBFS driver.

When installing BoostFS for Windows:

• Use an account with administrator rights to run the installer.
• Ensure that there is enough free space to complete the installation,
which requires approximately 7 MB of space.

Deep Dive: BoostFS for Windows supports many different

applications. Go to the E-Lab Navigator to find the current
support versions for your configuration.

Deep Dive: See the current Dell EMC DD BoostFS for

Windows Configuration Guide for more information about
installing and configuring BoostFS for Windows. The guide
is available on the Dell Support website.

BoostFS for Linux

You can install BoostFS for Windows on several Linux distributions and
supports several backup and enterprise applications.

You can download a single RPM installation package for BoostFS for
Linux from the Dell Support website. It is available in both Red-Hat

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 23

[email protected]
 Exploring DD Boost

Package Manager (RPM) and .deb formats. The RPM package includes
the BoostFS executable.

Before beginning the process, verify that the FUSE version on the client is
2.8 or higher.

Boost FS supports the following Linux distributions:

• Red Hat Enterprise Linux
• CentOS
• SUSE Linux Enterprise Server
• Ubuntu
• Oracle Linux

Deep Dive: Go to the Dell EMC DD Boost BoostFS for

Linux Configuration Guide for specific Linux versions and
more information about installing and configuring BoostFS
for Linux. The guide is available on the Dell Support
website.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 24

[email protected]
 Configuring DD Boost

Configuring DD Boost

Configuring DD Boost

Configuring DD Boost

DD Boost configuration is the same for all backup environments. There

are two components to DD Boost: one component that runs on the backup
server and another that runs on the protection system.

To create DD Boost on the backup server, follow these steps:

1. License the backup software for DD Boost if the software manufacturer

requires it.
2. Create devices and pools through the management console interface.
3. Configure backup policies and groups to use the PowerProtect DD
appliance for backups with DD Boost.
4. Configure clone or duplicate operations to use managed file replication
between PowerProtect DD appliances.

To configure DD Boost on each of the PowerProtect DD appliances, follow

these steps:

1. License DD Boost on all PowerProtect DD appliances.

2. Enable DD Boost on all PowerProtect DD appliances.
3. Define a user with management role privileges set to none as the DD
Boost user, and set a backup host as a client by hostname.
4. Create storage units as needed.
5. Optionally, set any DD Boost options.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 25

[email protected]
 Configuring DD Boost

Important: Open ports UDP 2049, TCP 2051, and TCP 111
if you plan to use DD Boost features through a network
firewall.

Important: As a security hardening measure, if they are not

used by another application, close ports TCP 111 and UDP
2049 if you do not plan on using DD Boost.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 26

[email protected]
 Configuring DD Boost

Enabling DD Boost

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 27

[email protected]
 Configuring DD Boost

DD Boost and DD Boost Library Locations

The DD Boost feature is built into the DD Operating System (DDOS).

Unlock the DD Boost feature on each PowerProtect DD appliance with a
license. If you are planning not to use managed file replication (MFR), the
destination PowerProtect DD appliance does not require a DD Boost
license.

The DD Boost library comes included for Dell NetWorker, Dell Avamar,
and some third-party backup applications. Some third-party backup
applications require a DD Boost plug-in that you must download and install
on the backup host before enabling DD Boost. The plug-in contains the
appropriate DD Boost library for use with compatible products. To verify
compatibility with your specific software, consult the E-Lab Navigator for
PowerProtect DD products.

Enable NFS on each PowerProtect DD system that you plan to run with
DD Boost.

If you plan to use centralized replication awareness and management,

apply a DD Boost license to the second destination PowerProtect DD
appliance.

Do the following to enable DD Boost on your PowerProtect DD

appliances:
1. Go to Protocols > DD Boost > SETTINGS.
2. If the DD Boost Status reads Disabled, click the ENABLE button.

You can enable and check the status of DD Boost on a PowerProtect DD

system by using the following command line interface commands:
• Use ddboost enable to enable clients to the DD Boost.
• Use ddboost status to verify the status of DD Boost on the system.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support websitefor more information
about enabling DD Boost and specific command syntax.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 28

[email protected]
 Configuring DD Boost

Adding DD Boost Users and Clients

Use the DD System Manager to Add DD Boost Clients and Users

Using the DD System Manager (DDSM), you can add DD Boost clients
and users by going to Protocols > DD Boost > SETTINGS.

In the Allowed Clients area, click the plus + button to enable access to a
new client using the DD Boost protocol on the system. Add the client
name as a host name, or fully qualified domain name since IP addresses
are not supported. You can add an asterisk * to the Client field to enable
access to all clients. You can also set the Encryption Strength and
Authentication Mode when setting up clients.

To add a DD Boost user to a PowerProtect DD system, do the following:

1. In DDSM, go to Protocols > DD Boost > SETTINGS.
2. In the Users with DD Boost Access section, click the plus + button.
a. The Add User dialog appears.
3. Click the dropdown menu, Select or Create User and choose either
Select a Local User... or Add a New User....

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 29

[email protected]
 Configuring DD Boost

Use the following command line interface commands to add DD Boost

users and clients:
• The command ddboost clients add client-list adds clients
to a DD Boost client list.
• The command ddboost user assign user-name-list assigns
protection system users to the list of recognized DD Boost users. This
command is typically used for applications that create storage-units
through the DD Boost SDK APIs.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information about adding DD Boost clients and specific
command syntax.

Creating Storage Units

Create Storage Unit Window in DD System Manager

Using the DD System Manager, you can create a storage unit in

Protocols > DD Boost > STORAGE UNITS.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 30

[email protected]
 Configuring DD Boost

To create a storage unit, do the following:

1. In the Storage Units section of the DD Boost window, click the plus +.
− The Create Storage Unit appears.
2. Provide a name for the storage unit in the Name field.
3. In the Select or Create User field, select an existing or create a DD Boost
user.
4. Optionally, you can set quotas for the new storage unit in the Quota
Settings fields.
5. Click CREATE to finish making the new storage unit.

Use the following command line interface commands to create storage

units:
• ddboost storage-unit create <storage-unit-name> .

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information about adding DD Boost clients and specific
command syntax.

Important: Some backup applications, such as Dell

NetWorker and Dell Avamar, create their own storage units.
The applications create the storage units when you
configure them to use a PowerProtect DD appliance as a
backup target.

Best Practice: For increased security hardening, Dell

Technologies recommends that you do not assign the same
DD Boost user to multiple DD Boost storage units. This
practice limits the number of DD Boost clients that share the
same DD Boost user credentials.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 31

[email protected]
 Configuring DD Boost

Renaming, Deleting, and Restoring Storage Units

Modify Storage Units in the DD System Manager

Using the DD System Manager, you can rename, delete, and recover
storage units in the DD System Manager (DDSM).

1. Go to Protocols > DD Boost > STORAGE UNITS and click the pencil
icon.

a. The Modify Storage Unit dialog box appears where you can
change the name, the DD Boost User, and the quota settings of a
storage unit.
In the same Storage Units window, you can delete one or more storage
units by selecting the storage units from the list and clicking the trashcan
icon.

You can retrieve any deleted storage units using the Undelete Storage
Unit menu item under the MORE TASKS button. You can recover storage
units only if file system cleaning has not occurred.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 32

[email protected]
 Configuring DD Boost

Use the following command line interface commands to rename, delete,

and recover storage units:
• ddboost storage-unit create <storage-unit> user
<user-name> - creates a storage unit, assign tenant, and set quota
and stream limits.
• ddboost storage-unit delete <storage-unit> deletes a
specified storage unit, its contents, and any DD Boost associations.
• ddboost storage-unit rename <storage-unit> <new-
storage-unit> renames a storage unit.
• ddboost storage-unit undelete <storage-unit> recovers a
deleted storage unit.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information about adding and modifying storage units and
specific command syntax.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 33

[email protected]
 Configuring DD Boost

Setting DD Boost Options

Set DD Boost Options in DD System Manager

To set various DD Boost options go to Protocols > DD Boost >

SETTINGS, click MORE TASKS, and select Set Options. In the Set DD
Boost Options window, you can enable Distributed Segment Processing
(DSP), Virtual Synthetics, Low-Bandwidth Optimization for File
Replication, and File Replication DD Encryption. In the same window,
you can also set the Authentication Mode and Encryption Strength.

Use the following command line interface commands to set DD Boost

options:
• The command ddboost option reset resets previously set DD
Boost options.
• The command ddboost option set distributed-segment-
processing {enabled | disabled} enables or disables
distributed-segment-processing for DD Boost.
• The command ddboost option set virtual-synthetics
{enabled | disabled} enables or disables virtual-synthetics for
DD Boost.
• The command ddboost option show shows DD Boost options.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 34

[email protected]
 Configuring DD Boost

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information about modifying DD Boost options and specific
command syntax.

Configuring DD Boost Over Fibre Channel

Configuring DD Boost Over Fibre Channel Using DD System Manager

DD Operating System (DDOS) offers Fibre Channel as an alternative

transport mechanism for communication between the DD Boost Library
and the PowerProtect DD appliance. Windows, Linux, HP-UX (64-bit
Itanium architecture), AIX, and Solaris client environments are supported.

Using the DD System Manager, you can configure DD Boost over Fibre
Channel. Go to Protocols > DD Boost > FIBRE CHANNEL. The FIBRE
CHANNEL tab is where you can change the Status of DD Boost over Fibre
Channel, EDIT the Server Name, and EDITDD Boost Access Groups.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 35

[email protected]
 Configuring DD Boost

Use the following command line interface commands to configure and

manage DD Boost over Fibre Channel:
• ddboost option set fc {enabled | disabled} enables or
disables DD Boost over Fibre Channel.
• ddboost fc dfc-server-name set <server-name> sets the
DD Boost Fibre Channel server name.
• ddboost fc dfc-server-name show displays the DD Boost Fibre
Channel Server Name.
• ddboost fc group add <group-name> initiator
<initiator-spec> adds initiators or DD Boost devices to a DD
Boost FC group.
• ddboost fc group add <group-name> device-set adds one
or more DD Boost devices to a DD Boost Fibre Channel group.
• ddboost fc group create <group-name> creates a DD Boost
FC group.
• ddboost fc group show list [<group-spec>] [initiator
<initiator-spec>] lists configured DD Boost FC groups.
• ddboost fc status - displays the DD Boost Fibre Channel status.

Deep Dive: Go to the latest DDOS Command Reference

Guide on the Dell Support website for more detailed
information about configuring DD Boost over Fibre Channel
and specific command syntax.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 36

[email protected]
 Configuring DD Boost

Creating DD Boost Access Groups

Configure DD Boost Access Groups in DD System Manager

Create a DD Boost access group by following these steps:

1. In DD System manager, go to the Protocols > DD Boost page.
2. Select the FIBRE CHANNEL tab and click the plus + icon.
3. Enter the group name in the Group Name field of the Create Access
Group dialog box.
a. You can use up to 128 characters for the group name. The name
must be unique.
4. From the Initiator list, select the Initiators to add to the access group
then click NEXT.
a. You may add your initiator later, as you are not required to add one
now.
5. The Create Access Group > Devices dialog box appears.
a. Enter the number of devices and endpoints to include. The numeric
range is from 1 to 64.
6. Click NEXT.
a. The Create Access Group > Summary dialog box appears.
7. Review the contents of the dialog box.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 37

[email protected]
 Configuring DD Boost

8. Once you are satisfied, select FINISH to create the DD Boost access
group.
9. When the DD Boost access group creation process finishes, click OK.

Reviewing DD Boost Access Groups

Review Access Groups in DD System Manager

Review DD Boost access groups by following these steps:

1. To review the configuration of the DD Boost Access Groups, select the
Hardware > Fibre Channel > Access Group tab.
2. A table appears containing summary information about the DD Boost
access groups and the VTL access groups.
a. The summary information includes the name of the group, the type
of service the group supports, and the endpoint associated with the
group. Summary information also includes the names of the
initiators in the group, and the number of devices in the group. Take
note of the groups that contain initiators and devices.
3. You can distinguish the DD Boost and VTL access groups from one
another by the service type.
4. The total number of groups that the system appears at the bottom of
DD Boost Access Groups section.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 38

[email protected]
 Configuring DD Boost

5. Select the View DD Boosts Groups hyperlink to go to the Protocol >

DD Boost window to view more information and configuration tools.
6. Select the FIBRE CHANNEL tab in the DD Boost window.
7. Review the configuration of the DD Boost access groups.

Managing DD Boost Access Groups

Managing DD Boost Access Groups in DD System Manager

DD Boost access groups, called scsitarget groups in the command

line, identify initiators and devices they can access. Initiators can read and
write to devices in its access group, but not to devices in other DD Boost
access groups.

Initiators can only belong to one access group. Initiators assigned to DD

Boost access groups cannot be assigned to DD VTL access groups on the
same appliance.

Using the DD System Manager, you can also review or create DD Boost
access groups.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 39

[email protected]
 Configuring DD Boost

Caution: Avoid making access group changes on a

PowerProtect DD appliance during active backup or restore
jobs. A change may cause an active job to fail. The impact
of changes during active jobs depends on a combination of
backup software and host configurations.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 40

[email protected]
 Using DD Boost with Backup Software

Using DD Boost with Backup Software

Using DD Boost with Backup Software

Using DD Boost with Dell NetWorker

The NetWorker Client Direct Feature

DD Boost provides NetWorker with visibility into the properties of the

PowerProtect DD appliance, control of the backup images, and efficient
wide area network replication.

After you configure a PowerProtect DD appliance for the DD Boost

environment, you can configure NetWorker resources for devices, media
pools, volume labels, clients, and groups. Keep the following NetWorker
considerations in mind:
• Each DD Boost device is displayed as a folder on the PowerProtect
DD appliance. A unique NetWorker volume label identifies each device
and associates the device with a media pool.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 41

[email protected]
 Using DD Boost with Backup Software

• NetWorker uses the media pools to direct the backups or clones of

backups to specific local or remote devices.
• NetWorker uses data protection policy resources to schedule the
backup and cloning workflows of clients.

The client direct feature2 enables clients to send and receive data directly
to Data Domain advanced file type devices and DD Boost devices. Clients
must have a direct network connection or a DD Boost over a Fibre
Channel connection to the PowerProtect DD system.

Best Practice: Dell Technologies recommends that you

create policies that are dedicated solely to DD Boost
backups.

Best Practice: Dell Technologies recommends that you use

the device configuration wizard, which is part of the
NetWorker Administration UI, to create and modify DD
Boost devices. The wizard can also create and modify
volume labels and storage pools for DD Boost devices.

2 The client direct feature supports multiple concurrent backup and restore
operations that bypass the NetWorker storage node. Bypassing the
storage node eliminates a potential bottleneck. The storage node
manages the devices that the clients use but does not handle the backup
data. The clients back up directly to the PowerProtect DD system and
deduplicate directly from the client instead of going through the backup
server or storage nodes.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 42

[email protected]
 Using DD Boost with Backup Software

Using DD Boost with Dell Avamar

Avamar Data Store with PowerProtect DD Protection Storage

System administrators use PowerProtect DD deduplication storage

systems to back up large high change rate databases. Administrators use
Avamar systems to back up file systems, virtual servers, low change rate
databases, remote offices, and personal office systems.

Administrators see added benefits when they integrate PowerProtect DD

with Avamar:

• Avamar can use PowerProtect DD systems as a backup target for

Avamar backups.
• Avamar can manage one or many PowerProtect DD systems.
• Avamar clients can use DD Boost software for efficient and transparent
data movement to PowerProtect DD systems as backup targets. The
clients backup directly to the PowerProtect DD system and deduplicate
using distributed segment processing (DSP) directly from the client.
− DD Boost distributes parts of the deduplication process to Avamar
clients. Before DD Boost, Avamar clients could only send data to an
Avamar server. With the DD Boost library integrated in Avamar, the
client can send unique data segments directly to the PowerProtect
DD appliance.
− Avamar clients use a multistream approach to send backup data to
the PowerProtect DD appliance and metadata to the Avamar Data
Store (ADS). A multistream approach enables users to deploy the

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 43

[email protected]
 Using DD Boost with Backup Software

optimal approach to deduplication for different datatypes and

manage the entire infrastructure from a single interface.
• Administrators can set backup policies at the dataset level as target
destinations.

During backup operations, the Avamar server sends a backup request to

the Avamar client. The Avamar client sends the backup data directly to the
PowerProtect DD appliance bypassing the Avamar data store. The data
store does not stage the backup data on the Avamar server.

During disaster recovery operations, the active Avamar DR server stays in

contact with the local Avamar and both PowerProtect DD systems. The
Avamar DR server is aware of the DR PowerProtect DD system and can
perform DR restores.

Metadata for the backup is sent from the Avamar client to the Avamar
server. The metadata enables Avamar to manage the backup data stored
on a PowerProtect DD appliance.

As a result, backup data is stored on the PowerProtect DD appliance while

only tracking metadata is stored on the Avamar server.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 44

[email protected]
 Using DD Boost with Backup Software

DD Boost with PowerProtect Data Manager

PowerProtect Data Manager using PowerProtect DD Protection Storage

Dell PowerProtect Data Manager offers database administrators self-

service data protection and recovery through Application Direct formerly
DD Boost for Enterprise Applications (DDBEA).

Application Direct integrates with DD Boost and database applications, to

give administrators control and visibility to their application backup and
restore processes. The high level of control does not require
administrators to go through the backup administration interface thus
enabling faster restore. The backup team can also perform either backup
or restore operations centrally from the management console.

Application agents are installed on the application host or database host

servers to manage protection using PowerProtect Data Manager. These
agents are commonly known as PowerProtect Data Manager file system
agents, and database application agents.

The application agents that are commonly installed in the PowerProtect

environment are for the following:

• Microsoft Exchange
• Microsoft SQL

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 45

[email protected]
 Using DD Boost with Backup Software

• Oracle RMAN
• SAP HANA

DD Boost for Partner Integration

When integrated with partner applications, DD Boost gives application

owners control of and greater visibility into their own backups. You can
accomplish such control and visibility on PowerProtect DD appliances
using application native tools and utilities. By distributing parts of the
deduplication to the application server, DD Boost reduces backup
durations and the impact on network resources. This approach enables
application administrators to perform backup and recovery operations
instead of relying on a centralized backup team.

DD Boost supports various enterprise applications, including:

• IBM DB2, Oracle, SAP HANA, and SAP with Oracle
• Microsoft SQL and Exchange servers
• Hadoop

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 46

[email protected]
 Using DD Boost with Backup Software

Deep Dive: To verify compatibility with your specific

software, consult the current Dell EMC DD Boost for Partner
Integration Administration Guide available on the Dell
Support website.

Using DD Boost with Veritas NetBackup and Backup

Exec

Using PowerProtect DD Protection Storage with Veritas Backup Software

DD Boost for Veritas NetBackup OpenStorage provides three benefits to

NetBackup:
1. DD Boost enhances the integration between NetBackup and
PowerProtect DD appliances. The DD Boost software enables a
PowerProtect DD system to become an OpenStorage storage server
to contain backup applications such as NetBackup or Backup Exec.
2. DD Boost distributes part of the deduplication process to the media
server, improving backup throughput, reducing media server loads,
and decreasing LAN bandwidth requirements.
3. DD Boost enables advanced load balancing and failover at the
Ethernet link layer.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 47

[email protected]
 Using DD Boost with Backup Software

DD Boost for NetBackup has two components:

• The DD Boost library is embedded in the OpenStorage plug-in that
runs on the NetBackup Media servers.
• The DD Boost server is built into DDOS and runs on the PowerProtect
DD appliance.

The combination of a PowerProtect DD appliance and DD Boost for

Veritas Backup Exec creates an optimized connection to provide a tightly
integrated solution. DD Boost for Veritas Backup Exec enables the media
server to manage the connection between the backup application and one
or more PowerProtect DD appliances.

With Veritas Backup Exec, you must install the plug-in software on media
servers that access the PowerProtect DD appliance during backups.
Backup Exec is not supported for use with DD Boost over Fibre Channel.

Deep Dive: Go to the Dell EMC DD Boost for OpenStorage

Administration Guide, available on the Dell Support site, for
more information about using DD Boost with Veritas
NetBackup and Backup Exec.

DD Boost with Other Third-Party Applications

DD Boost provides integration between many enterprise backup software

applications and PowerProtect DD systems. A DD Boost library on a
backup server or application client can take advantage of distributed
segment processing. Without DD Boost, the entire deduplication effort is
performed enitrely by the PowerProtect DD system and all of the data
must travel from the client to the the PowerProtect DD system.

When you install a DD Boost library on a compatible third party application

you can also turn over replication control and management to the
application.

Many third-party backup applications do not natively support DD Boost but

require the DD Boost plug-in to install the DD Boost library. Install the

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 48

[email protected]
 Using DD Boost with Backup Software

plug-in software on each media server and configure the backup software
as documented by the manufacturer.

Important: Before installing either the DD Boost plug-in in a

third-party application, consult the Dell Technologies eLab
Navigator.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 49

[email protected]
Terms
Managed File Replication
Managed file replication (MFR) is when the application host is aware of,
and manages the replication of backups that are created with DD Boost.

DD Boost Implementation and Administration

© Copyright 2023 Dell Inc Page 50

[email protected]
 POWERPROTECT DD
VIRTUAL TAPE LIBRARY
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

PowerProtect DD Virtual Tape Library Implementation and Administration 5

Exploring PowerProtect DD Virtual Tape Library 6

Exploring PowerProtect DD Virtual Library 6
Exploring PowerProtect DD VTL 6
DD VTL Benefits 8

Planning for VTL 9

Planning for VTL 9
Licensing and User Access 9
VTL Limits 10
Backup Software Guidelines 11
Supported Changers and Tape Drives 13
Multiplexing 14
Fibre Channel Configuration Guidelines 16
VTL Access Groups 17
Tape Management 18
Tape Management Considerations 19
Barcode Definitions 20
NDMP Support 22
Considerations When Choosing VTL with NDMP 23
IBM i Support 23

Configuring VTL 26
Configuring VTL 26
Create a DD VTL in DD System Manager 26
Create a DD VTL Using Command Line Commands 27
Enabling and Disabling DD VTL 28

Managing VTL 29
Managing VTL 29
Managing a VTL 29

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 3

[email protected]
 Reviewing the VTL Configuration 30
Managing VTL Access Groups 31
Creating VTL Access Groups 31
Reviewing VTL Access Groups 32
Deleting VTL Access Groups 35
Managing Tapes 35

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 4

[email protected]
 Exploring PowerProtect DD Virtual Tape Library

PowerProtect DD Virtual Tape Library Implementation

and Administration

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 5

[email protected]
 Exploring PowerProtect DD Virtual Tape Library

Exploring PowerProtect DD Virtual Tape Library

Exploring PowerProtect DD Virtual Library

Exploring PowerProtect DD VTL

An Overview of the DD VTL Configuration

DD Virtual Tape Library (DD VTL) is a disk-based backup system that

emulates the use of physical tapes. DD VTL enables backup applications
to connect to and manage PowerProtect DD system storage using
functionality almost identical to a physical tape library.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 6

[email protected]
 Exploring PowerProtect DD Virtual Tape Library

A Fibre Channel (FC) equipped host connecting to a Storage Area

Network (SAN) can communicate with an FC equipped PowerProtect DD
system. When properly zoned, the host can send its backups using the FC
protocol directly to the appliance.

Within DD VTL, the DD Operating System performs the following:

• DD VTL manages replication. You can replicate tape pools to a remote
PowerProtect DD appliance using the DD replication feature as part of
a disaster recovery plan.
• DD VTL supports retention lock. You can lock virtual tapes using the
DD Retention Lock feature to protect data from modification.

The following are some key features for DD VTL:

• DD VTL devices appear as SCSI robotic devices to the backup
software. Backup software can access virtual tape drives in the same
way as they access physical tape drives.
• DD VTL virtual tape drives appear to the backup software as SCSI
tape drives.
• The VTL protocol functions alongside Common Internet File System
(CIFS), Network File System (NFS), and DD Boost.
• PowerProtect DD appliances support backups over the SAN using FC.
The backup application on the backup host manages all data
movement to and from the appliance. When you use a direct
connection from the backup host to the appliance, you do not need an
FC switch.

Deep Dive: Dell Technologies tests and verifies DD VTL

compatibility with specific backup software and hardware
configurations. For more information, see the current DD
VTLBackup Compatibility Guide on the Dell Support site.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 7

[email protected]
 Exploring PowerProtect DD Virtual Tape Library

DD VTL Benefits

The following are some of the benefits of using DD VTL over physical tape
libraries:
• DD VTL is a way to support companies that have invested in backup
software and infrastructure intending to write to a physical tape library.
Using DD VTL allows these companies to reduce physical tape library
limitations while still leveraging their software and infrastructure
investment.
• DD VTL integrates with an existing Fibre Channel or tape-based
infrastructure. DD VTL offers a simple integration, using existing
backup policies. DD VTL can use existing backup policies in a backup
system using a strategy of physical tape libraries.
• DD VTL enables the simultaneous use of VTL with Network Attached
Storage (NAS), Network Data Management Protocol (NDMP), and DD
Boost. PowerProtect DD appliances simultaneously support data
access methods through VTL over Fibre Channel, NDMP access over
Ethernet, NFS, CIFS, DD Boost. This deployment flexibility means that
users can rapidly adjust to changing enterprise requirements.
• DD VTL eliminates using physical tape cartridges and the
accompanying tape-related issues for most restores. Compared to
normal tape technology, DD VTL provides resilience in storage through
the benefits of Data Invulnerability Architecture (DIA).
• PowerProtect DD appliances that are configured for VTL reduce
storage space requirements by using deduplication technology.
• Disk-based network storage provides a shorter Recovery Time
Objective (RTO) by eliminating the need for handling, loading, and
accessing physical tapes from a remote location.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 8

[email protected]
 Planning for VTL

Planning for VTL

Planning for VTL

Licensing and User Access

PowerProtect DD Virtual Tape Library (DD VTL) is a licensed feature.

When you add a DD VTL license using DD System Manager, you
automatically enable the DD VTL feature.

If you intend to work with IBM i systems, you need an additional I/OS
license.

Ensure that you plan for appropriate user access to the system. Only the
admin role may enable and configure DD VTL on a PowerProtect DD
system. A user role can perform basic tape operations and monitoring.

DD VTL also requires an installed Fibre Channel (FC) interface card. You
must set up the interface card with initiator and port configuration.

If you choose not to use FC, you can set up DD VTL configuration to use
Network Data Management Protocol (NDMP). For NDMP, set up
communication between the backup server and a PowerProtect DD
system, using the TapeServer access group. When using NDMP, all
initiator and port function does not apply.

Best Practice: As a part of your security hardening

strategy, only give VTL access to users who administer
VTL. Use an admin login to enable and configure VTL
services, and perform other configuration tasks. For basic
tape operations, you must have a backup operator login. For
basic VTL monitoring, you must have a user login.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 9

[email protected]
 Planning for VTL

VTL Limits

Before you set up a DD VTL, be aware of the function and the limits of
certain VTL components.

The minimum supported I/O size for DD VTL is 64 K and the maximum is
1 MB.

In the VTL environment, virtual tape cartridges record and store data long
term. Virtual tape cartridges act the same as physical tape media. The
tape cartridges appear in a VTL system as a grouped datafile. DD VTL
assigns virtual tape cartridges to tape pools. Each tape pool is an MTREE
on the PowerProtect DD system.

A library in a VTL is a collection of tape cartridges. You can size tape

cartridges up to 4 TB capacity. Tape slots store a single cartridge. A tape
library has one slot for each tape that the library holds.

DD VTL supports a maximum of 32,000 tape slots per library and 64,000
slots per PowerProtect DD system. The system automatically adds slots to
keep the number of slots equal to or greater than the number of drives.
Slot counts are typically based on the number of tapes that DD VTL uses
over a retention policy cycle.

When planning a DD VTL, determine the number of virtual tape drives you
need. A tape drive is a device that records backed-up data to a tape
cartridge. In the virtual tape world, this drive still uses the same Linear
Tape-Open (LTO) technology standards as physical tape drives.
Depending on the multiplex setting of the backup application, each drive
operates as a device that supports one or more data streams.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 10

[email protected]
 Planning for VTL

The maximum number of tape drives that your system can

support in a VTL depends on the number of CPU cores. The
maximum number also depends on the amount of memory
in the system. If your system has fewer than 32 cores, it can
support up to 64 tape drives. If your system has 60 or more
cores, it can support up to 1885 tape drives.
Deep Dive: For more information about the number of tape
drives a DD VTL supports, see the Dell EMC DDOS
Administration Guide available on the Dell Support website.

Important: Your backup host may not support the limits set
by the PowerProtect DD appliance you use. Ensure
compatibility between your backup host software and DD
VTL component sizing.

Backup Software Guidelines

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 11

[email protected]
 Planning for VTL

Important:
Before you
plan a DD
VTL on your
PowerProtect
DD system,
know the
requirements
and
capabilities
of your
backup
software.
Ensure that
the choices
you make for
your DD VTL
are
compatible
with your
backup host
software.

The following are key considerations and guidelines as you plan DD VTL
with your backup software.
• Set backup software to use a block size of 64 KB or larger. Larger
block sizes usually allow faster performance and better data
compression. You can experience data write problems f you change
the block size after the initial configuration. The data that the system
writes with the original selected size might become unreadable
depending on your backup application.
• Use multiple data streams from your client system to the PowerProtect
DD appliance to increase throughput efficiency and maintain
deduplication-friendly data. Each stream requires writing to a separate
virtual drive.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 12

[email protected]
 Planning for VTL

• Ensure that your backup software supports the changers and tape
drives that you select in the VTL configuration.
• Disable multiplexing to avoid low deduplication rates.

Deep Dive: For more details about data streams and DD

VTL, go to the current Dell EMC DDOS Administration
Guide on the Dell Support website.

Supported Changers and Tape Drives

Verify that the backup software can support the changers and drives that
the PowerProtect DD appliance emulates.

To work with virtual tape drives, you must use the tape drivers that are
supplied by your backup software vendor that supports the following
drives:
• IBM LTO-1
• IBM LTO-2
• IBM LTO-3
• IBM LTO-4
• IBM LTO-5
• IBM LTO-7 - the default tape driver
• IBM LTO-8

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 13

[email protected]
 Planning for VTL

• HP-LTO-3
• HP-LTO-4

To work with libraries, you must use the library drivers that are supplied by
your backup software vendor that supports the following libraries:
• StorageTek L180 - the default library driver
• RESTORER-L180
• IBM TS3500
• I2000
• I6000
• DDVTL

Important: When you configure virtual tape drives, keep in

mind the limits on backup data streams. For the number of
streams supported by different PowerProtect DD models,
see the Dell EMC DDOS Administration Guide available on
the Dell Support website.

Deep Dive: For more information, see the Application

Compatibility Matrices and Integration Guides for your
vendors available on the Dell Support website.

Multiplexing

In a physical tape library setting, multiplexing is a method to gain

efficiency by sending data from multiple clients to a single tape drive.
Multiplexing is the sending of data from multiple clients, interleaving the
data onto a single tape drive simultaneously.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 14

[email protected]
 Planning for VTL

An Example of Multiplexing

Multiplexing is useful for clients with slow throughput since a single client
could not send data fast enough to keep the tape drive busy.

With PowerProtect DD VTL, multiplexing causes existing data to land on a

PowerProtect DD appliance in a different order each time a backup is
performed. Multiplexing makes recognizing repeated segments difficult,
thus making deduplication less efficient. Dell Technologies does not
recommend enabling multiplexing on your backup host software when
writing to a PowerProtect DD appliance.

If you are using NetWorker with DD VTL, do the following to mitigate data
compression loss:
• Set the NetWorker tape block size on the media server to 256 KB. 256
KB is a safe block size for all operating systems and drivers.
• Set NetWorker device properties, target sessions, and maximum
sessions to 1 to avoid low deduplication rates caused by multiplexing
multiple backup streams.

Deep Dive: For further options on multiplexed backups to

DD VTL, see the NetWorker documentation available on the
Dell Support website.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 15

[email protected]
 Planning for VTL

Fibre Channel Configuration Guidelines

The DD Virtual Tape Library (DD VTL) feature has specific requirements,
such as proper licensing, interface cards, user permissions, and
configuration. As you plan to integrate DD VTL with Fibre Channel (FC),
follow these host bus adapter (HBA) and port guidelines:
• Make all FC connections to a PowerProtect DD appliance through an
FC switch or by direct attachment to an initiator.
• Use the E-Lab Navigatorto verify that the system supports the initiator
FC HBA hardware and driver.
• Upgrade the initiator HBA to its latest supported version of firmware
and software.
• Dedicate the initiator FC port to PowerProtect DD VTL devices.
• Verify that each FC port supports the speed that you configured for
each port.
• Consider spreading the backup load across multiple FC ports and
switches to avoid bottlenecks on a single port and provide increased
resiliency.
• Use either an installed FC interface card to operate VTL service or
configure VTL to use NDMP over Ethernet.

− Install an FC interface card on the PowerProtect DD appliance to

enable communication with the backup server if you plan to use
VTL over FC. Whenever you remove or change an FC interface
card within the appliance, verify and update any VTL configuration
that is associated with that card.
− If you plan to use VTL over FC, install an FC interface card on the
PowerProtect DD appliance to enable communication to the backup
server.
− If the VTL communication between the backup server and the
PowerProtect DD appliance is through NDMP, you do not need an
FC interface. However, you must configure the tape server access
group.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 16

[email protected]
 Planning for VTL

When establishing FC zones through FC switches:

• Include only one initiator and one target port in one zone.
• Avoid having any other targets or initiators in any zones that contain a
gateway target FC port.
• Only zone the initiators that communicate with a particular set of VTL
target ports on a PowerProtect DD appliance with that appliance.

VTL Access Groups

Access groups hold a collection of initiator

worldwide port names (WWPNs) and the
drives and changers that the groups are
permitted to access. An access group may
contain multiple initiators, but an initiator
can exist in only one access group.

Access group configuration enables

initiators in general backup applications to
read and write data to devices in the same
access group.

A preconfigured VTL access group lets you add devices that support
NDMP-based backup applications. The preconfigured VTL access group
is named TapeServer.

In DD System Manager, select Access Groups > Groups to display the

following information for all access groups:
• Group Name
• Initiators
• Devices

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 17

[email protected]
 Planning for VTL

Warning: Avoid making access group changes on a

PowerProtect DD appliance during active backup or restore
jobs. An access group change might cause an active job to
fail. The impact of changes during active jobs depends on a
combination of backup software and host configurations.

Tape Management

Backups on a Virtual Tape Claiming Space Prevents Space Reclamation

Getting the optimal size of tapes depends on many factors, including

which backup application you use and the characteristics of the data you
back up. A good sizing strategy is to use a larger number of smaller-
capacity tapes to control disk usage.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 18

[email protected]
 Planning for VTL

Larger capacity tapes pose a risk to system full conditions. Large capacity
tapes are difficult to expire and reclaim the space that they hold compared
to smaller tapes. A larger tape can carry more backups which makes
expiring the entire tape difficult because it might contain a current backup.

Tape Management Considerations

Consider the following tape management ideas when you configure VTL:
• Target multiple drives to write multiple streams.
• Set retention periods to no longer than what you require.
• Expire and relabel tapes to reclaim and reuse space. You must expire
all backups on a tape by policy or manually before you can make it
available for reuse.
− DD Operating System does not delete and reclaim the space on
tapes until the tape is relabeled, overwritten, or deleted. Consider a
situation in which you created a 1 TB tape on your system. That
tape represents 30% of your total system capacity. The tape fills,
and now you want to reclaim the space from that tape. You could
delete half of the content on the tape and still cannot reclaim any
space on your system. The tape still holds unexpired data.
− Backing up smaller files to larger-sized tapes can take a long time
to fill. Use a larger number of smaller-capacity tapes. You can
reduce the chances of newer files preventing cleaning the older
data on a larger tape.
− If backups with different retention policies exist on a single piece of
media, the youngest image prevents file system cleaning and reuse
of the tape. You can avoid this condition by initially creating and
using smaller tape cartridges.
• Begin with a tape count that can accommodate twice the pre-
compressed size of all expected backups during the retention period.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 19

[email protected]
 Planning for VTL

• Use caution not to create more tapes than you need. The system
capacity may fill up prematurely. Usually, backup software uses blank
tapes before recycling tapes.
• Consider that some backup applications support only specific capacity
tapes. Review your backup application support documentation to
determine correct capacity tapes.

Barcode Definitions

Barcode for VTL Tapes

When creating tapes, you must provide a starting barcode to begin the
sequence.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 20

[email protected]
 Planning for VTL

When creating tapes for your VTL configuration, consider the following:
• If you back up large files, consider using larger-sized tapes since some
backup applications are not able to span across multiple tapes.
• Use smaller tapes across many drives for greater throughput by using
more data streams between the backup host and the PowerProtect DD
appliance.

When the VTL creates a tape, it assigns a unique identifier for the tape, a
logical, eight-character barcode. The barcode must start with six numeric
or uppercase alphabetic characters (from the set {0-9, A-Z}).

When creating the identifier, use either two or three of the first characters
of the group or pool to which the tapes belong. If you use two characters
as the identifier, for example, AA, and then use four numbers in sequence
to number up to 10,000 tapes. If you use three characters, you can
sequence only 1,000 tapes.

The eight character barcode ends with a two-character tag indicating the
supported tape type.

Important: If you specify the tape capacity when you create

a tape through the PowerProtect DD System Manager, you
override the two-character tag capacity specification.

Deep Dive: To see the list of two-character tape code tags

that indicate the supported tape types, go to the Dell EMC
DDOS 7.10 Administration Guide available on the Dell
Support website.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 21

[email protected]
 Planning for VTL

NDMP Support

Network Data Management Protocol (NDMP) Over TCP/IP

Network Data Management Protocol (NDMP) is an open-standard protocol

for enterprise-wide backup of heterogeneous network-attached storage.

PowerProtect DD appliances support using NDMP over TCP/IP as an

alternate method of Virtual Tape Library (VTL) access when Fibre
Channel (FC) connections are not feasible. A DD VTL default group is
named TapeServer to which you add devices that support NDMP-based
backup applications.

You must run NDMP client software on the backup server. The software
can route the server data to the related DD VTL TapeServer group on the
PowerProtect DD appliance. The DD VTL TapeServer group holds tape
drives that interface with NDMP-based backup applications. A device that
the NDMP TapeServer uses must be in the DD VTL group TapeServer
and is available only to the NDMP TapeServer.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 22

[email protected]
 Planning for VTL

Considerations When Choosing VTL with NDMP

The following are considerations when choosing NDMP for VTL

operations on a PowerProtect DD appliance:
• NDMP on a PowerProtect DD appliance does not require a Fibre
Channel HBA. If a Fibre Channel HBA is installed, NDMP does not use
it.
• The NDMP service is enabled separately from the VTL service.
• You must configure and manage the NDMP TapeServer group through
the command line interface.
• You must install NDMP-enabled software on the client system in order
to access the VTL with NDMP.
• NDMP clients must log in to the PowerProtect DD appliance using a
standard DD Operating System (DDOS) user account or an NDMP
user account.
• To make DD VTL devices accessible to the NDMP clients, the devices
must be members of the TapeServer access group.

− You can only access devices that are intended for use through
NDMP through the TapeServer access group.
− You cannot locate devices that are in the TapeServer access group
in any other VTL access groups.
− You cannot add initiators to the TapeServer access group.

Deep Dive: For more details on managing NDMP using the

command line interface, see the Dell EMC DDOS Command
Reference Guide available on the Dell Support website.

IBM i Support

IBM i customers use a dedicated IBM tape library or IBM virtual tape
library (VTL) to protect their data. PowerProtect DD series and DD VTL
can emulate the IBM tape library and tape drives that IBM i systems use.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 23

[email protected]
 Planning for VTL

PowerProtect DD VTL Configured with an IBM i Device

All peripheral equipment must emulate IBM equipment, including IBM tape
libraries and devices.

To back up systems in the IBM i operating environment, install an I/OS

license on the PowerProtect DD appliance. Install the I/OS license before
adding virtual tape drives to libraries.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 24

[email protected]
 Planning for VTL

The hardware drivers that IBM i systems use are part of the Licensed
Internal Code (LIC)1 and IBM i operating system.

IBM i virtual libraries are not managed any differently from other operating
systems when they are licensed properly.

DD VTL supports one type of library configuration for IBM i use. The
library configuration that is supported is an IBM TS3500 configured with
IBM LT0-3, LTO-4, LTO-5, LTO-7, and LTO-8 virtual tape drives. Virtual
library management is done from the Virtual Tape Libraries tab. Use the
CREATE button, to set the number of virtual drives and the number of
slots.

You can connect Fibre Channel devices directly to the host with direct-
attach. Use a Fibre Channel-arbitrated loop (FC-AL) topology or a Fibre
Channel-switched fabric (FC-SW) topology.

Deep Dive: Read more about using DD VTL in an IBM i

environment. Go to the Virtual Tape Library for IBM System
i Integration Guide. The document is available on the Dell
Support website.

1IBM uses LIC Program Temporary Fixes (PTFs) as the method of

updating and activating the drivers that are used. Usually, hardware
configuration settings cannot be manually configured, as only IBM, or
equipment that emulates IBM equipment is attached, requiring only fixed
configuration settings.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 25

[email protected]
 Configuring VTL

Configuring VTL

Configuring VTL

Create a DD VTL in DD System Manager

DD VTL Create Library window in DD System Manager.

You can configure a DD VTL in the DD System Manager (DDSM) through

the configuration wizard. The DD System Manager wizard guides you
through a simplified configuration that includes VTL configuration to get
your system operating quickly.

You can also configure VTL on a PowerProtect DD system through the

Data Management tab in the DDSM.

To enable DD VTL through the DD System Manager, follow these steps:

1. Go to Data Management > DD VTL Service > Libraries and expand
the DDVirtual Tape Libraries menu.
2. Expand the VTL Service menu item.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 26

[email protected]
 Configuring VTL

3. Select MORE TASKS > Library > Create.

a. The DDSM displays the Create Library window.
4. Enter the values that you planned when designing your VTL library.
5. Click OK to create the library.

Create a DD VTL Using Command Line Commands

You can configure DD VTL using command line interface (CLI) commands
in DD Operating System (DDOS).

With an admin or limited-admin role, you can create a VTL, add VTL
drives, and show existing VTL configurations using the following CLI
commands:
• Use vtl add vtl [model model] [slots num-slots] [caps
num-caps]to add a tape library to a PowerProtect DD system. VTL
supports a maximum of 64 libraries per on each PowerProtect DD
system.
• Use vtl drive add vtl [count num-drives] [model
model] to add drives to a VTL.
• Use vtl show config [vtl] to show the library name and model
and tape drive model for a single VTL or all VTLs.

Deep Dive: For more details on using the CLI to create a

VTL in DDOS, see the current Dell EMC DDOS Command
Reference Guide on the Dell Support website.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 27

[email protected]
 Configuring VTL

Enabling and Disabling DD VTL

Enable VTL Using the DD System Manager

DD VTL controls the operation of the VTL. License and enable DD VTL in
order to use DD VTL.

DD VTL provides the environment for virtual tape library devices to exist.

To enable DD VTL through the DD System Manager, follow these steps:

1. Go to the Protocols > DD VTL, and expand DDVirtual Tape Libraries.
2. Select the DDVTL Service menu item. The system displays the state
of the VTL service and VTL licenses. You cannot see the state of the
service unless you select the VTL Service item.
3. Verify that the DD VTL license is installed. If the license is not installed
click UPDATE LICENSE and install the VTL license.
4. If the VTL is in an IBM environment, verify that an I/OS license is also
installed. You must install an I/OS license before you create any VTLs
or tape drives for use with IBM products.
5. When all required licenses are installed, select ENABLE to add DD
VTL service. The Status should show that it is Enabled: Running and
the Enable button changes to DISABLE. Select DISABLE to disable
DD VTL.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 28

[email protected]
 Managing VTL

Managing VTL

Managing VTL

Managing a VTL

DD VTL Management Components in DD System Manager

To enable or disable PowerProtect DD VTL with the DD System Manager,

Go to the Protocols > DD VTL pane.

The DD VTL pane is subdivided into sections: DD Virtual Tape Libraries,

Access Groups, Resources, and Pools.
• The options under the DD Virtual Tape Libraries section enable you
to manage the VTLs and their associated devices.
• The options under the Access Groups section enable you to define
the devices that an individual initiator can access.
• The Resources section enables you to view the configuration of
endpoints and initiators. To configure these devices, you must go to
the Hardware > Fibre Channel menu.
• The Pools section displays information for the default pool and any
other existing pools.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 29

[email protected]
 Managing VTL

Reviewing the VTL Configuration

Review the VTL Configuration in DD System Manager

The DD System Manager enables you to review the configuration of the

virtual tape library (VTL) and its components. The Protocols > DD VTL
SERVICE page provides details about the VTL contents.

Select the DD Virtual Tape Libraries > VTL Service > Libraries menu
item to view summary information relating to all VTLs.

Select the DD Virtual Tape Libraries > VTL Service > Libraries >
{library-name} menu item to view summary information about the
selected VTL. The number and disposition of tapes in the VTL are also
shown. If no tapes are associated with the VTL, the system shows nothing
in the Tapes section.

Select the Changer menu item to view detail about the changer. The
changer item details the vendor, product ID, revision number, and serial
number of the changer. The changer details are all attributes that you
would expect to find with a physical changer device.

Select the Drives to view detailed information about all drives that are
associated with a VTL. The details include the drive number, vendor,
product ID, revision number, serial number, and status. If a tape is in the
drive, the system displays the barcode and the name of the tape pool to
which the tape belongs.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 30

[email protected]
 Managing VTL

Managing VTL Access Groups

Access groups contain a collection of initiator worldwide port names

(WWPNs) or aliases and the drives and changers that they are allowed to
access. A DD VTL default group that is named TapeServer lets you add
devices that support Network Data Management Protocol-based backup
applications.

Access group configuration allows initiators to read and write data to

devices in the same access group.

Clients can only access selected media changers or virtual tape drives on
a system through access groups.

When you select Access Groups > Groups in DD System Manager, the
system displays the following information:

• Group Name
− The name of the VTL group
• Initiators
− The number of initiators that are assigned to the group
• Devices

− The number of devices that are assigned to the group

You can create or delete a group from the More Tasks menu.

Creating VTL Access Groups

To create a virtual tape library (VTL) access group in the DD System

Manager, follow these steps:
1. Select Access Groups > Groups.
2. Select More Tasks > Group > CREATE.
3. In the Create Access Group dialog, enter a name, between one and
128 characters, and select NEXT.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 31

[email protected]
 Managing VTL

4. Add devices, and select NEXT.

5. Review the summary and select FINISH to complete the process or
BACK to review the configuration before proceeding.

With an admin or limited-admin role, you can create VTL access groups
using the following command line interface (CLI) command:
• Use vtl group create group-name - to create a VTL access
group with the specified name. When you create the group, you can
then add the VTL changer, drives, and initiators to the group.

Deep Dive: For more details on using the CLI to create a

VTL group in the DD Operating System (DDOS), see the
current Dell EMC DDOS Command Reference Guide on the
Dell Support website.

Reviewing VTL Access Groups

Review the configuration of the Fibre Channel access groups

ACCESS GROUPS Window in DD System Manager

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 32

[email protected]
 Managing VTL

1. Select the Hardware > Fibre Channel > ACCESS GROUPS tab.
− The ACCESS GROUPS tab contains summary information about
any DD Boost access groups and VTL access groups. The
information includes the following:
o The name of the group
o The type of service
o The endpoint associated with the group
o The names of the initiators in the group
o The number of devices in the group
2. The Number of Access Groups in the Access Groups window displays
the total number of groups that are configured on the system.
3. Select View DD VTL Groups to go to the DD System Manager
Protocol > DD VTL page to access more information and
configuration tools.

Review the LUNs in an access group

View VTL Groups in DD System Manager

1. You can select the View VTL Groups hyperlink on the Hardware >
Fibre Channel > Access Groups tab. You can also go to Protocols >
DD VTL page directly.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 33

[email protected]
 Managing VTL

2. Select the Access Group menu item. To expand the list, click the plus
sign + and select an access group from the Access Groups list.
3. Select the logical unit number (LUN) in the LUNS tab.
4. Review a summary list of the various LUNs in the selected access
group.

Review the Initiators in an access group

Reviewing the Initiators in an Access Group

1. You can select the View DD VTL Groups hyperlink on the Hardware
> Fibre Channel > Access Groups tab. Or you can go to Protocols >
DD VTL page directly.
2. Select the Access Groups menu item. To expand the list, click the
plus sign + next to the Groups item.
3. Select an access group from the Groups list.
4. Select the INITIATORS tab.
5. Review a summary of any initiators in the selected access group.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 34

[email protected]
 Managing VTL

Deleting VTL Access Groups

Deleting VTL Access Groups in DD System Manager

To delete a VTL access group, you must first remove all initiators and
logical unit numbers (LUNS) from the access group. Use the configure or
modify process to delete these objects from an access group.
1. Select Protocols > VTL > Access Groups > Groups.
2. Select More Tasks > Group > Delete.
3. In the Delete Group dialog, select the group and click NEXT.
4. In the Group Confirmation dialog, verify the deletion and click SUBMIT.
5. Click CLOSE when the Delete Groups Status displays Completed.

With an admin or limited-admin role, you can delete VTL access groups in
DD Operating System with the following Command Line Interface (CLI)
command:
• scsitarget group destroy My_Group

Managing Tapes

The PowerProtect DD system provides the tools that you would expect to
manage tapes. They include the ability to create and delete tapes. The
VTL service also enables tape import and export from and to the vault.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 35

[email protected]
 Managing VTL

You can also move tapes within the VTL between the slots, drives, and
cartridge access ports (CAPs). You can search for specific tapes using
various criteria, such as location, pool, or barcode to search for a tape.

Create Tapes

Creating Tapes in DD System Manager

To create tapes, follow this process using the DD System Manager:

1. Go to Protocols> DD VTL, and expand the Virtual Tape Libraries
menu and select the VTL to hold the tapes. The tapes are directly
added to the VTL when the VTL is selected first.
2. Select MORE TASKS > Tapes > Create to open the Create Tapes
dialog box.
3. Provide the information about the tapes that you want to create. You
determined tape information during your implementation planning. You
may select the default tape pool or a pool to hold the tapes.
4. Select OK when you are ready to create the tapes.
5. Select OK when the tape creation process is complete. You can now
verify if the tapes have been successfully created.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 36

[email protected]
 Managing VTL

With an admin or limited-admin role, you can create tapes using the
following CLI command:
• Use vtl tape add barcode [capacity capacity] [count
count] [pool <pool>] to add one or more virtual tapes and insert
them into the vault. Optionally, add the tapes to the specified pool.

Delete Tapes

You can delete tapes from either a library or a pool. If initiated from a
library, the system first exports the tapes, then deletes them. The tapes
must be in the vault, not in a library. On a replication destination system,
deleting a tape is not permitted.

Delete Tapes in the DD System Manager

1. Select Virtual Tape Libraries > DD VTL Service > Libraries >
library or Vault.
2. Select MORE TASKS > Tapes > Delete.
3. In the Delete Tapes dialog, enter search information about the tapes
to delete, and select Search.
4. Select the checkbox of the tape that should be deleted or the checkbox
on the heading column to delete all tapes, and select Next.
5. Select Submit in the confirmation window, and select Close.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 37

[email protected]
 Managing VTL

When a tape is removed, the system does not reclaim the

disk space that is used for the tape until after a file system
cleaning operation.

You can also delete tapes using the following CLI command:
• Use vtl tape del barcode [count count] [pool pool] to
delete the specified tape or one or more tapes. You cannot delete
tapes that are in a VTL.

Import Tapes

When you create tapes for VTL, you can add them directly to a VTL or to
the vault. From the vault, you can import, export, move, search, and
remove the tapes. Importing moves existing tapes from the vault to a
library slot, drive, or CAP. The number of empty slots in the library limits
the number of tapes that you can import at one time.

Import Tapes in the DD System Manager

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 38

[email protected]
 Managing VTL

To import tapes, do the following using the DD System Manager:

1. Select Potocols > DD VTL > DD Virtual Tape Libraries > Service >
Libraries.
2. Select a library and view the list of tapes, or click MORE TASKS.
3. Select Tapes > Import.
4. Enter the search criteria about the tapes that you want to import and
click Search.
5. Select the tapes to import from the search results.
6. Choose the target location for the tapes.
7. Select Next to begin the import.

With an admin or limited-admin role, you can import tapes using the
following CLI command:
• vtl import vtl barcode barcode [count count] [pool
pool] [element {drive | cap | slot}] [address addr] -
This command is used to move tapes from the vault into a slot, drive,
or CAP.

Export Tapes

Exporting a tape removes that tape from a slot, drive, or CAP and sends it
to the vault.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 39

[email protected]
 Managing VTL

Export Tapes in the DD System Manager

1. You can export tapes using either step a or step b.

a. Select DDVirtual Tape Libraries > DD VTL Service > Libraries
>library. Then, select MORE TASKS > Tapes > Export. In the
Export Tapes dialog, enter search information about the tapes to
export, and select Search.
b. Select VirtualTape Libraries > DD VTL Service > Libraries
>library> Changer > Drives >drive > Tapes. Select tapes to
export by selecting the checkbox next to one of the following:
• An individual tape
• The Barcode column to select all tapes on the current page
• The Select all pages checkbox to select all tapes returned by
the search query.
You can export only tapes with a library name in the Location
column.
Select Next.
2. Select Submit.
3. Select Close in the status window.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 40

[email protected]
 Managing VTL

With an admin or limited-admin role, you can also export tapes using the
following CLI command:
• vtl export vtl {slot | drive | cap} address [count
count] - Remove tapes from a slot, drive, or cartridge-access port
(CAP) and send them to the vault.

Move Tapes

Tapes are moved between physical devices within a library to mimic

backup software procedures for physical tape libraries. In a physical tape
library, backup software never moves a tape outside the library.

Move Tapes in the DD System Manager

1. Select DDVirtual Tape Libraries > DD VTL Service > Libraries >
library. When started from a library, the Tapes panel allows tapes to
be moved only between devices.
2. Select MORE TASKS > Tapes > Move.
3. In the Move Tape dialog, enter search information about the tapes to
move, and select SEARCH.
4. From the search results list, select the tape or tapes to move.
5. Do one of the following:

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 41

[email protected]
 Managing VTL

a. Select the device from the Device list, for example, a slot, drive, or
CAP, and enter a beginning address using sequential numbers for
the second and subsequent tapes. For each tape to be moved, if
the specified address is occupied, the next available address is
used.
b. Leave the address blank if the tape in a drive originally came from a
slot and is to be returned to that slot. Also, leave the address blank
if you are going to move the tape to the next available slot.
6. Select Next.
7. In the Move Tape dialog, verify the summary information and the tape
listing, and select Submit.
8. Select Close in the status window.

Search Tapes

1. Select DD Virtual Tape Libraries or Pools.

Search Tapes in the DD System Manager

2. Select the area to search. Choose library, vault, or pool.

3. Select MORE TASKS > Tapes > SEARCH.
4. In the Search Tapes dialog, enter information about the tapes you
want to find.
• In the Location field, specify a location, or leave the default All.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 42

[email protected]
 Managing VTL

• In the Pool field, select the name of the pool in which to search for
the tape. If there are no pools, select the Default pool.
• In the Barcode field, specify a unique barcode, or leave the default
* to return a group of tapes. The Barcode selection allows the
wildcards ? and *, where ? matches any single character and *
matches zero or more characters.
• In the Count field, enter the maximum number of tapes that you
want returned to you. If you leave this blank, the system applies *.
5. Select SEARCH.

Review Tapes

Review Tapes in the DD System Manager

Select the Tapes menu item associated with the VTL to review the tapes
that are assigned to it. The tapes are in a slot, drive, or CAP.

Deep Dive: For more details on using the CLI to manage

DD VTL tapes in DDOS, see the current Dell EMC DDOS
Command Reference Guide on the Dell Support website.

PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 43

[email protected]
 PowerProtect DD Virtual Tape Library Implementation and Administration

© Copyright 2023 Dell Inc Page 44

[email protected]
 DELL CLOUD TIER
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

Dell Cloud Tier Implementation and Administration 5

Exploring Dell Cloud Tier 6

Exploring Dell Cloud Tier 6
Cloud Tier Architecture 7
Cloud Tier Benefits 8
Considerations When Implementing Cloud Tier 9
Exploring Model Sizing 9
Exploring Cloud Tier Components and Platform Support 10
Exploring Cloud Tier Capacity Options 12
Exploring Cloud Tier Protocol Support 13
Exploring Cloud Tier with Deduplication and Cleaning 13
Applying Retention Lock and Encryption 15
Exploring Replication with Cloud Tier 16
Cloud Tier Migration 18
Restricted Mode During Migration 19
Migration Operation Prerequisites 20

Preparing for Cloud Tier 21

Preparing for Cloud Tier 21
Create Cloud Units 21
Creating Cloud Units for Alibaba Cloud 21
Creating Cloud Units for Amazon Web Services S3 23
Creating a Cloud Unit for Flexible Cloud Tier Provider Framework for S3 25
Creating Cloud Units for Google Cloud Storage 26
Creating Cloud Units for Microsoft Azure 28
S3 Authentication with Signature Version 4 30

Configuring Cloud Tier 33

Configuring Cloud Tier 33
Configuring Cloud Tier Storage 33
Enable the Cloud Tier 34

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 3

[email protected]
 Monitoring Active and Cloud Tier Statistics 35

Managing Data Movement 37

Managing Data Movement 37
Data Movement Policies and Schedules 37
Data Movement Schedule 38
Efficient File Recall 39
Recall Data from the Cloud 40
Recall Data Using DDSM 41
Exploring Tape Out to Cloud 42
Tape Out to Cloud Requirements 43
Backup and Restore Workflow Using a Cloud Tier Vault 43
Tape Out to Cloud Policies 44
Configuring Tape Out to Cloud Movement 45
Recalling Tapes from the Cloud 46

Terms 47

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 4

[email protected]
 Exploring Dell Cloud Tier

Dell Cloud Tier Implementation and Administration

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 5

[email protected]
 Exploring Dell Cloud Tier

Exploring Dell Cloud Tier

Exploring Dell Cloud Tier

Dell Cloud Tier Basic Operation

The Dell Cloud Tier enables a Dell PowerProtect DD series appliance to

move data from its active tier to lower-cost, high-capacity object storage.
Object storage can reside in the public, private, or hybrid cloud.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 6

[email protected]
 Exploring Dell Cloud Tier

Dell Cloud Tier moves data to the cloud for long-term data retention. The
PowerProtect DD appliance sends only unique, deduplicated data1 to the
cloud or retrieves it from the cloud.

Cloud Tier Architecture

Cloud Tier Architecture

A PowerProtect DD appliance treats cloud storage as an attached storage

tier. The implementation of Dell Cloud Tier occurs within the cloud volume,
which consists of one or two cloud units that are mapped to a cloud

1Sending only deduplicated data ensures that the data in the cloud
occupies as little space as possible.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 7

[email protected]
 Exploring Dell Cloud Tier

provider. To use the cloud units, you must connect the PowerProtect DD
to the cloud with an account for a supported cloud provider.

The system stores active data locally, while data intended for long-term
retention is stored on the cloud. Some MTree data may reside in the
active tier, while older data is in the cloud.

The system maintains file system metadata in local storage and mirrors it
to the cloud. This metadata is used in deduplication, cleaning, and
replication operations. Cloud Tier uses local storage for metadata to
minimize writes to the cloud. The metadata includes the index, the
directory manager (DM) responsible for managing the namespace, and
container metadata. Also, certain metadata, including container metadata,
is stored with the data in the cloud for disaster recovery purposes.

Cloud Tier Benefits

Cloud Tier offers a scalable solution for long-term data

storage. Users can use Cloud Tier to store up to two
times the maximum capacity of the active tier in the
cloud, ensuring long-term data retention. Data is
intelligently to cloud storage directed by using cloud
tiering policies. Data is scheduled for movement to the
cloud using policies based on the age of the data.

When files move from the active tier to the cloud tier, PowerProtect DD
deduplicates and stores the data in cloud object storage in its native
format. Moving data to the cloud results in a lower total cost of ownership
(TCO) over time for long-term cloud storage. For security, the cloud tier
supports encryption of data at rest and the DD Retention Lock feature,
thus ensuring the ability to satisfy regulatory and compliance security
policies.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 8

[email protected]
 Exploring Dell Cloud Tier

Considerations When Implementing Cloud Tier

Consider the following when deciding to implement Cloud Tier:

• The PowerProtect DD system requires a cloud capacity license to use
Cloud Tier. Use the Dell Electronic License Management System
(ELMS) file to engage the license.
• The Cloud Tier feature may consume all available bandwidth in a
shared WAN link, especially in a low-bandwidth configuration such as
one Gbps. The Cloud Tier feature may impact other applications
sharing the wide area network (WAN) link.
• On systems with a dedicated management interface, reserve that
interface for system management traffic. You should direct backup and
cloud tier data traffic to other interfaces, such as eth1a.

Exploring Model Sizing

As a part of planning a cloud storage tier consider the following:

• Dell Cloud Tier can scale up to twice the maximum capacity of the
active tier. Scaling can increase the overall PowerProtect DD system
scalability by up to three times. For example, the DD6400 scales up to
11.2 PB of usable capacity on the active tier. The cloud tier on the
system can support up to 33.5 PB of usable capacity.
• A PowerProtect DD system must meet minimum platform hardware
requirements before installing licenses or allocating capacity to a new
tier such as Cloud Tier. If a system does not have the required
hardware, you cannot install the Cloud Tier license. Without an active
Cloud Tier license, you cannot configure the system blocks, or create
or expand a tier.
• Before licensing and configuring Cloud Tier, review the supported
configurations for Cloud Tier with your PowerProtect DD appliance.
• For all PowerProtect DD models, use a dedicated network link for data
movement to the cloud tier. Dell Cloud Tier relies on consistent and
stable network resources to transfer data to the cloud. The Cloud Tier
feature may consume all available bandwidth in a shared WAN link,
especially in a low bandwidth, 1 Gbps, configuration. Sharing a low

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 9

[email protected]
 Exploring Dell Cloud Tier

bandwidth configuration will impact other applications sharing the WAN

link.

Deep Dive: For more details on supported PowerProtect

DD configurations for Dell Cloud Tier, see the Dell EMC
DDOS Administration Guide available on the Dell Support
website.

Exploring Cloud Tier Components and Platform Support

Cloud Tier Components

Cloud tier enables you to move backup data from the active tier in a
protection system to lower cost, high-capacity object storage in a public,
private, or hybrid cloud for long-term retention.

Dell Cloud Tier is managed through a single namespace. A separate cloud

gateway or virtual appliance is not required. The native PowerProtect DD
policy management framework supports the data movement.

Local storage maintains file system metadata associated with the data
stored in the cloud. The metadata is also mirrored in the cloud. The cloud
tier requires extra storage capacity to hold metadata that is associated
with the data in the cloud tier. Metadata is used for deduplication,

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 10

[email protected]
 Exploring Dell Cloud Tier

cleaning, and replication operations. The amount of required cloud tier

metadata storage is based on the PowerProtect DD model. Cloud units
are self-contained buckets of locally stored data that mirrors to the cloud.

The following cloud storage services support Dell Cloud Tier:

• Alibaba
• Amazon Web Services
• Elastic Cloud Storage
• Google Cloud Platform
• Microsoft Azure
• Flexible Cloud Tier Provider Framework for S3

Dell Cloud Tier supports the following:

• Physical PowerProtect DD systems with expanded memory
configurations.
• Dell PowerProtect DD Virtual Edition (DDVE) in 16 TB using block
storage and up to 256 TB using object storage.
• PowerProtect DD High Availability (DD HA) configurations.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 11

[email protected]
 Exploring Dell Cloud Tier

Exploring Cloud Tier Capacity Options

Active Tier and Cloud Tier with Cloud Units

Dell Cloud Tier supports one or two cloud units on each PowerProtect DD
appliance. Other details about cloud units include:
• Each cloud unit has the maximum capacity of the active tier. You can
scale the cloud tier to the maximum capacity without scaling the active
tier any larger.
• Each cloud unit maps to a cloud provider. Each cloud unit can write to
a separate supported cloud provider.
• Metadata shelves store metadata for both cloud units. The number of
metadata shelves you need depends on the cloud unit physical
capacity.
• Data that is stored on the active tier provides local access to data. You
can use the active tier for operational recoveries. The cloud tier
provides long-term retention for data that is stored in the cloud.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 12

[email protected]
 Exploring Dell Cloud Tier

Exploring Cloud Tier Protocol Support

Dell Cloud Tier supports the following protocols for all

data movement:
• Network File System (NFS)
• Common Internet File System (CIFS)
• DD Boost

DD Virtual Tape Library (DD VTL) supports storing the VTL vault in cloud
tier storage. Use the PowerProtect DD system and the DD VTL tape out to
cloud feature to store the VTL vault on cloud tier storage. The protection
system must have a configured cloud tier, with Dell Cloud Tier and DD
VTL licenses.

DD VTL does not require a special configuration to use cloud storage for
the vault. When you configure DD VTL, select Cloud Storage as the
Vault Location.

Exploring Cloud Tier with Deduplication and Cleaning

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 13

[email protected]
 Exploring Dell Cloud Tier

Cloud Tier Deduplication

The following are important points to consider about deduplication and file
system cleaning with cloud tier storage.
• Each cloud unit has its own segment index and metadata and thus
each cloud is a deduplication unit by itself. Deduplication does not
occur across the active tier and cloud tier.
• The cloud tier uses the same compression algorithm as the active tier.
On most PowerProtect DD appliances, the default compression
algorithm is gzfast. For legacy Data Domain systems and the
PowerProtect DD3300, the lz compression algorithm is used by
default.
• You can schedule cloud tier cleaning or perform cleaning on demand.
By archiving data that changes infrequently, do not schedule cleaning
operations as often as active tier cleaning. Less frequent cleaning
minimizes access delays that user can experience during data recalls.
• Set the schedule for cloud tier cleaning relative to active tier cleaning.
The schedule specifies running cloud tier cleaning after every user-
defined Nth run of active tier cleaning. By default, consider running
cloud tier after every fourth scheduled active tier cleaning.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 14

[email protected]
 Exploring Dell Cloud Tier

• On-demand cleaning is invoked from the user interface on a specific

cloud unit. You can run on-demand cleaning can from either the DD
System Manager or the command line.
• Cloud tier cleaning does not perform partial copy forward to avoid
unnecessary reads from the cloud. When all segments within a region
are dead, the entire object is deleted.
• Most of the work of cleaning happens locally using local cloud
metadata information. The system accesses cloud storage to delete
objects in the cloud with no live data. The system also performs some
copy forward of container metadata-related activities.

Applying Retention Lock and Encryption

Dell Cloud Tier supports DD Retention Lock. Consider the following when
applying DD Retention Lock features to Dell Cloud Tier:
• You can move retention-locked files from the active tier to the cloud.
• You can apply DD Retention Lock on files that are already in the cloud
tier.
• PowerProtect DD appliances using DD Retention Lock Compliance do
not allow deleting files in the cloud unit.
• You can recall locked files to the active tier. The recalled files remain
locked.

You can enable encryption on a PowerProtect DD system with Dell Cloud

Tier at three levels:
• The PowerProtect DD appliance
• The active tier
• The cloud tier

Consider the following when adding encryption to the cloud tier:

• You must use an encryption license. You are prompted for the security
officer username and password to enable encryption.
• Once data is in the cloud, you cannot change the encryption status.
Decide whether you plan to encrypt data before sending it to the cloud.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 15

[email protected]
 Exploring Dell Cloud Tier

• Encryption of data at rest is enabled by default for data in the cloud.

• Encryption of the active tier is only applicable when encryption is
enabled on the system. Enabling encryption on the active tier is not
required to enable encryption on the cloud tier.
• Cloud units have separate controls for enabling encryption.
• You can use either the embedded key manager or an external key
manager with cloud encryption.

Exploring Replication with Cloud Tier

Replication with Cloud Tier

You can enable Dell Cloud Tier on one or both systems in a replication
pair.

The replication source always places the replicated files first in active tier
of the destination system. The replication destination then copies the files
to the cloud.

The source system reads data from the cloud only if the destination
system migrates the files to the cloud tier from its active tier.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 16

[email protected]
 Exploring Dell Cloud Tier

Dell Cloud Tier supports one or two cloud units on each PowerProtect DD
appliance. Other details about cloud units include:
• Each cloud unit has the maximum capacity of the active tier. You can
scale the cloud tier to maximum capacity without scaling the active tier
any larger.
• Each cloud unit maps to a cloud provider. Each cloud unit can write to
a separate supported cloud provider.
• Metadata shelves store metadata for both cloud units. The number of
metadata shelves you need depends on the cloud unit physical
capacity.
• Data that is stored on the active tier provides local access to data. You
can use the active tier for operational recoveries. The cloud tier
provides long-term retention for data that is stored in the cloud.

Dell Cloud Tier-enabled PowerProtect DD appliances support MTree

replication and managed file replication. Dell Cloud Tier-enabled
PowerProtect DD appliances do not support collection replication.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 17

[email protected]
 Exploring Dell Cloud Tier

Cloud Tier Migration

Cloud Tier Migration Workflow

It is possible to migrate the system data from an older appliance that is

configured with Dell Cloud Tier to a newer appliance. Migrating to a newer
appliance can improve performance, add additional capacity, and provide
access to new features.

The migration process moves the active tier storage, and the locally stored
Cloud Tier metadata from the existing system to a new system. During the
Cloud Tier migration, the source system operates in a restricted mode. In
restricted mode, the active tier storage is available for backup operations,
but operations involving Cloud Tier storage are not permitted.

To migrate system data configured with Cloud Tier, do the following:

1. Copy the active tier data from the existing system to the new system.
2. Copy the cloud tier metadata from the existing system to the new
system.
3. Disconnect the cloud storage from the existing system.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 18

[email protected]
 Exploring Dell Cloud Tier

4. Connect the cloud storage to the new system.

5. Commit the migration operation.

Deep Dive: For more details on Cloud Tier migration, see

the Dell EMC DDOS Administration Guide available on the
Dell Support website.

Restricted Mode During Migration

The following operations are not permitted

while the migration is in progress:
• Sending active tier data to cloud tier
storage
• Recalling data from cloud tier storage
• Cleaning the cloud tier storage.
• Restoring files directly or reading from the cloud tier storage
• File system cleaning on the source system
• System sanitization cannot be performed on the source system
• Enabling or disabling file system encryption.
• Enabling, disabling, or setting the embedded key manager or an
external key manager
• Creating, destroying, deleting, or syncing keys from the embedded key
manager or an external key manager

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 19

[email protected]
 Exploring Dell Cloud Tier

Migration Operation Prerequisites

Complete the following tasks on the new system before

beginning the migration operation:
1. Verify both the source and destination systems are
running DD Operating System version 7.3.0.5 or
higher. Cloud tier migration is not supported on Dell
PowerProtect DD Virtual Edition instances.
2. Add a Dell Cloud Tier license on the new system.
3. Add other feature licenses as required on the new system.
4. If a passphrase is configured on the existing system, set the same
passphrase on the new system. The passphrase store-on-disk setting
should not be less secure on the destination than on the source.
5. If the existing system is configured with encryption, set the same
encryption values on the new system. The values must include the
same key manager settings and Federal Information Processing
Standards (FIPS) compliance on the new system.
6. If automatic key rotation is configured on the existing system, disable it
before starting the migration. Reenable it on the new system after the
migration.
7. If encryption is configured on the existing system, back up the key
export files from the existing system.
8. If Retention Lock Compliance (RLC) is enabled on the existing system,
enable RLC on the new system.
9. Record the cloud profile and cloud unit information from the existing
system.
10. Create the file system on the new system, but do not enable it.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 20

[email protected]
 Preparing for Cloud Tier

Preparing for Cloud Tier

Preparing for Cloud Tier

Create Cloud Units

Cloud units provide a logical extension to the DD Operating System

(DDOS) file system and MTree organization. Cloud units use a data
movement policy that you can apply to aging backup content. A cloud unit
connects a PowerProtect DD appliance to an S3 cloud provider such as
Microsoft Azure, Amazon Web Services S3 (AWS), and other similar cloud
providers.

The cloud tier consists of a maximum of two cloud units. Each cloud unit
maps to a cloud provider, enabling multiple cloud providers per protection
system. An active cloud tier must include a PowerProtect DD system that
is connected using an account with a supported cloud service provider.

To configure cloud units in a PowerProtect DD system, do the following:

• Configure the network, including firewall and proxy settings.
• Import Certificate Authority (CA) certificates.
• Add cloud units that connect to a supported cloud service provider.

Creating Cloud Units for Alibaba Cloud

Configuration

Regions are configured at the bucket level instead of the object level. All
objects that are contained in a bucket are stored in the same region. A
region is specified when a bucket is created, and cannot be changed once
it is created.

The Alibaba Cloud user credentials must have permission to create and
delete buckets and to add, modify, and delete files within the buckets they
create. Alibaba uses Resource Access Management (RAM) users that

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 21

[email protected]
 Preparing for Cloud Tier

manage permissions to their Object Storage Service (OSS). Within the

Alibaba RAM console, you can create standard or custom policies and
attach them to RAM users.

AliyunOSSFullAccess is one of the preferred RAM standard policies

that you can configure from the RAM console. It grants a RAM user the
permissions to manage OSS buckets. The minimum management
permissions required to create cloud units for Alibaba Cloud are:
• ListBuckets
• GetBucket
• PutBucket
• DeleteBucket
• GetObject
• PutObject
• DeleteObject

Procedure

To create a cloud unit for Alibaba Cloud, do the following:

1. Select Data Management > File System > CLOUD UNITS.
2. Click Add. The Add Cloud Unit dialog appears.
3. Enter a Name for this cloud unit. Cloud unit names support only
alphanumeric characters.
4. For Cloud provider, select Alibaba Cloud from the drop-down list.
5. Enter the provider Access key as password text.
6. Enter the provider Secret key as password text.
7. Ensure that port 443 for HTTPS is open in firewalls. Communication
with the Alibaba cloud provider occurs on port 443.
8. If you use an HTTP proxy server to get around a firewall for this
provider, click Configure for HTTP Proxy Server. Enter the proxy
hostname, port, user, and password.
9. Click Add.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 22

[email protected]
 Preparing for Cloud Tier

Deep Dive: For more details on creating cloud units for

Alibaba Cloud, go to the Alibaba support webpage.

Creating Cloud Units for Amazon Web Services S3

Configuration

For enhanced security, Cloud Tier uses Signature Version 4 for all AWS
requests. Signature Version 4 signing is enabled by default.

The AWS user credentials must have permissions to create and delete
buckets and to add, modify, and delete files within the buckets they create.

S3FullAccess is preferred, but the minimum requirements are:

• CreateBucket
• ListBucket
• DeleteBucket
• ListAllMyBuckets
• GetObject
• PutObject
• DeleteObject

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 23

[email protected]
 Preparing for Cloud Tier

Procedure

Add a Cloud Unit for Amazon Web Services S3

To create a cloud unit for Amazon Web Services S3:

1. Select Data Management > File System > Cloud Units.
2. Click Add. The system displays the Add Cloud Unit dialog.
3. Enter a Name for this cloud unit. Cloud unit names support only
alphanumeric characters.
4. In the Cloud provider field, select Amazon Web Services S3 from
the drop-down list.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 24

[email protected]
 Preparing for Cloud Tier

5. Select the Storage class and Storage region from their drop-down
lists.
6. Enter the provider Access key as password text.
7. Enter the provider Secret key as password text.
8. Ensure that you unblock port 443 in firewalls. Communication with the
AWS cloud provider occurs over HTTPS on port 443.
9. If you use an HTTP proxy server to get around a firewall for this
provider, click Configure for HTTP Proxy Server. Enter the proxy
hostname, port, user, and password.
10. Click Add.

Deep Dive: For more details on creating cloud units for

Amazon Web Service S3, go to the Amazon Web Service
S3 documentation webpage.

Creating a Cloud Unit for Flexible Cloud Tier Provider

Framework for S3

Configuration

The Cloud Tier feature supports qualified S3 cloud providers under an S3

Flexible provider configuration option.

The S3 Flexible provider option supports the standard and standard-

infrequent-access storage classes. The endpoints vary depending on
cloud provider, storage class, and region. Be sure that domain name
service (DNS) can resolve these hostnames before configuring cloud
units.

Procedure

To create a cloud unit for a qualified S3 cloud provider, do the following:

1. Select Data Management > File System > CLOUD UNITS.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 25

[email protected]
 Preparing for Cloud Tier

2. Click Add. The system displays the Add Cloud Unit dialog.
3. Enter a Name for this cloud unit. Cloud unit names support only
alphanumeric characters.
4. For Cloud provider, select Flexible Cloud Tier Provider Framework
for S3 from the drop-down list.
5. Enter the provider Access key as password text.
6. Enter the provider Secret key as password text.
7. Specify the appropriate Storage region.
8. Enter the provider endpoint in this format:
http://<ip/hostname>:<port>. If you are using a secure
endpoint, use https:// instead.
9. For Storage class, select the appropriate storage class from the drop-
down list.
10. Ensure that port 443 (HTTPS) is not blocked in firewalls.
Communication with the S3 cloud provider occurs on port 443.
11. If you use an HTTP proxy server to get around a firewall for this
provider, click Configure for HTTP Proxy Server. Enter the proxy
hostname, port, user, and password.
12. Click Add.

Creating Cloud Units for Google Cloud Storage

Configuration

The Google Cloud Provider user credentials must have permissions to

create and delete buckets and to add, modify, and delete files within the
buckets they create.

The minimum requirements are:

• ListBucket
• PutBucket
• GetBucket
• DeleteBucket

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 26

[email protected]
 Preparing for Cloud Tier

• GetObject
• PutObject
• DeleteObject

Procedure

Add a Cloud Unit for Google Cloud Storage

To create a cloud unit for Google Cloud Storage, do the following:

1. Select Data Management > File System > Cloud Units.
2. Click Add. The system displays the Add Cloud Unit dialog.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 27

[email protected]
 Preparing for Cloud Tier

3. Enter a Name for this cloud unit. Cloud unit names support only
alphanumeric characters.
4. For Cloud provider, select Google Cloud Storage from the drop-
down list.
5. Enter the provider Access key as password text.
6. Enter the provider Secret key as password text.
7. Storage class is set as Nearline by default. If a multiregional location
is selected then the storage class and the location constraint is set as
Nearline Multiregional. All other regional locations have the storage
class set as Nearline Regional.
8. Select the Storage region.
9. Ensure that port 443 (HTTPS) is not blocked in firewalls.
Communication with Google Cloud Provider occurs on port 443.
10. If you use an HTTP proxy server to get around a firewall for this
provider, click Configure for HTTP Proxy Server. Enter the proxy
hostname, port, user, and password.
11. Click Add.

Deep Dive: For more details on creating cloud units for

Google Cloud Storage, go to the Google Cloud Storage
documents webpage.

Creating Cloud Units for Microsoft Azure

Configuration

Microsoft Azure offers a range of storage account types. Each type

supports different features such as redundancy and methods of use.

The Azure cloud provider uses the endpoint account

name.blob.core.windows.net. Azure cloud provider console
provides the account name. Be sure that DNS can resolve these
hostnames before configuring cloud units.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 28

[email protected]
 Preparing for Cloud Tier

Procedure

Add a Cloud Unit for Microsoft Azure Storage

To create a cloud unit for Microsoft Azure Storage, do the following:

1. Select Data Management > File System > CLOUD UNITS.
2. Click Add. The system displays the Add Cloud Unit dialog.
3. Enter a Name for this cloud unit. Cloud unit names support only
alphanumeric characters.
4. For Cloud provider, select Microsoft Azure Storage from the drop-
down list.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 29

[email protected]
 Preparing for Cloud Tier

5. For Account type, select Government or Public.

6. Select the Storage class from the drop-down list.
7. Enter the provider Account name.
8. Enter the provider Primary key as password text.
9. Enter the provider Secondary key as password text.
10. Ensure that port 443 (HTTPS) is not blocked in firewalls.
Communication with the Azure cloud provider occurs on port 443.
11. If you use an HTTP proxy server to get around a firewall for this
provider, click Configure for HTTP Proxy Server. Enter the proxy
hostname, port, user, and password.
12. Click Add.

Deep Dive: For more details on selecting a storage account

and creating cloud units for Microsoft Azure Storage, go to
the Microsoft Azure documents webpage.

S3 Authentication with Signature Version 4

Overview

All cloud tier systems authenticate interactions with a signature protocol.

DD Operating System (DDOS) supports all S3 flexible cloud providers with

S3 authentication using signature V4.

In signature version 4, you use your secret access key to derive a signing
key. The derived signing key uses elements related to the date, service
type, and region. When servers receive an authenticated request, servers

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 30

[email protected]
 Preparing for Cloud Tier

re-create the signature by using the authentication information from the

signing request. If the signatures match, the server processes the request.

The following are some of the customer benefits when using signature
version 4:

• A more secure authentication protocol.

• Continuing the support for signature V2 along with addition of support
for signature V4.
• Detects the signature version supported by the S3 flexible cloud
providers automatically.

Command Line Interface Example

The cloud profile show command in the DDOS command line

discloses the S3 Signature Version.

The output of cloud profile show, DDOS displays two possible

values: s3v2 or s3v4.

Once set, you cannot modify the signature version of the cloud profile.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 31

[email protected]
 Preparing for Cloud Tier

S3v2 and S3v4 Signature Versions

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 32

[email protected]
 Configuring Cloud Tier

Configuring Cloud Tier

Configuring Cloud Tier

Configuring Cloud Tier Storage

Configuring Cloud Tier Storage in DD System Manager

Before you configure Cloud Tier, you should do the following:

• Add the Dell Cloud Tier license.
• Add and configure the required number of enclosures for the model
and size of your protection storage.
• Set a system passphrase.
• Configure the PowerProtect DD file system to support data movement
to the cloud.

With Dell Cloud Tier storage, the PowerProtect DD appliance holds the
metadata for the files residing in the cloud. A copy of the metadata resides
in the cloud for disaster recovery.

To configure metadata storage for the cloud tier:

1. Select Hardware > Storage.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 33

[email protected]
 Configuring Cloud Tier

2. In the OVERVIEW tab, expand Cloud Tier and click Configure.

3. In the Addable Storage section, select the checkbox for the shelf that
you want to add.
4. Click ADD TO TIER.
5. Click NEXT.
6. Select the Assessment Option to determine if the devices meet
performance recommendations:
a. Using only DD Boost for backup
b. Using CIFS or NFS for backup
c. Skip Assessment
7. Click Done.

Enable the Cloud Tier

Enable Cloud Tier in DD System Manager

The cloud tier requires a local store for a local copy of the cloud metadata.
To configure Cloud Tier, you must meet the storage requirement for the
licensed capacity.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 34

[email protected]
 Configuring Cloud Tier

Follow the steps below to enable the cloud tier on a PowerProtect DD

appliance:
1. Go to Data Management > File System.
2. Disable the file system before you enable cloud tier. To disable the file
system, click Disable at the bottom of the screen.
3. Click OK to proceed.
4. When the file system is disabled select, Enable Cloud Tier.
5. Select Enable file system after creation. The cloud tier is now
enabled with designated storage.

If you are creating a file system, you can enable the cloud tier at the same
time. To create a file system, select Create File System and then
configure the active tier on the system.

Monitoring Active and Cloud Tier Statistics

Monitor Active Tier and Cloud Tier in DD System Manager

In Data Management > File System > SUMMARY, the main panel
displays statistics for the Active Tier and the Cloud Tier.

The statistics viewable in the DD System Manager for both the Active
Tier and the Cloud Tier are:
• Size

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 35

[email protected]
 Configuring Cloud Tier

• Used
• Available
• Pre-Compression
• Total Compression Factor (Reduction %)
• Cleanable
• Space Usage

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 36

[email protected]
 Managing Data Movement

Managing Data Movement

Managing Data Movement

Data Movement Policies and Schedules

The Data Movement Policy Editor

Data moves from the active tier to the cloud tier as detailed in your data
movement policy. You can run the cloud tier policy manually or
automatically by using a schedule. You can schedule the policy to run
daily, weekly, or monthly and at a specific time of day.

The system moves files from the active tier to the cloud tier based on the
date that the files were last modified. The Data Movement Policy establishes
the File Age in Days threshold, Age Range, and Destination.

You can also throttle the number of resources that the process can
consume. Throttling is an important consideration. When you allot
resources for data movement to the cloud, you have fewer resources
available for primary backup data ingest operations.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 37

[email protected]
 Managing Data Movement

The following are qualities to consider about age-based threshold and

app-driven policies when configuring data movement policies:
1. Age-based threshold is used for all files older than a set number of
days. An example of age-based threshold is selecting all files older
than 90 days.
2. Age-range threshold is used for all files older than X days, but younger
than Y days. For example, you can select all files older than 30 days
but younger than 365 days.
3. You can set app-driven policies that backup applications set using
REST APIs. If an external application, such as NetWorker controls the
policy, then it is not possible to modify the policy from the DD System
Manager.
4. You can initiate data movement manually or configure data movement
automatically using a schedule.

Data Movement Schedule

File System Settings > DATA MOVEMENT Pane

You can view the data movement schedule in the DD System Manager at
Data Management > File System > SUMMARY.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 38

[email protected]
 Managing Data Movement

You can set the data movement schedule in DD System Manager at Data
Management > File System > CLOUD UNITS > Settings > DATA
MOVEMENT.

If the system cannot access the cloud unit when data movement runs, it
skips the cloud unit during the run. The system attempts data movement
for that cloud unit in the next run. The data movement schedule
determines the duration between two runs. If the cloud unit becomes
available and you cannot wait for the next scheduled run, you can start the
data movement manually.

Efficient File Recall

Recalling a File from the Cloud Tier

Recall brings data from the cloud tier to the active tier in protection
storage. Restore recovers data from the active tier in protection storage
and makes it available to the client.

You can recall data from the cloud tier as needed either through the
backup software interface such as what NetWorker provides. You can also
recall data directly using the DD System Manager.

You can also recall data from the cloud tier using the command line.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 39

[email protected]
 Managing Data Movement

Recall Data from the Cloud

Cloud Tier Recall

For nonintegrated backup applications, you must recall the data to the
active tier before you can restore it. Backup administrators must trigger a
recall or backup applications must perform a recall operation before you
can restore cloud-based backups. Once you recall a file, the system
resets aging for that file, and its time starts again from zero. You can only
recall a file on the source MTree only. Integrated applications can recall a
file directly.

When no space is available on the active tier, the recall action fails to
move the file. The system checks available space before it initiates any
data movement. Recall and data movement actions occur per file. Dell
Cloud Tier checks for existing data segments on the active tier. The
system recalls from the cloud only the segments that are not present in
the active tier. This type of recall makes data movement efficient.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 40

[email protected]
 Managing Data Movement

Recall Data Using DDSM

Locations of the Recall buttons in DD System Manager

Recalling data requires a filename to be passed to the PowerProtect DD

unit either through the command line interface (CLI) or the DD System
Manager. The recall function reconstructs the entire file from the cloud tier
and moves it to the active tier. At that point, you can select the file for
restoration using the original backup software or using a manual
restoration.

Select Data Management > File System > SUMMARY. In the Cloud Tier
section of the Space Usage panel, click RECALL, or expand the File
System Status panel at the bottom of the screen. Click RECALL.

Important: The system displays a RECALL button only if

data exists in a cloud unit. Click RECALL to view the Recall
File from Cloud dialog.

In the Recall File from Cloud dialog, enter the exact file name without
using wildcards, and the full path of the file. For example, you can enter
the following: /data/col1/mt11/ file1.txt. Click Recall to start the
recall process.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 41

[email protected]
 Managing Data Movement

Only four recall jobs are active at any given time. You can cue up to 1,000
recall jobs to run automatically. The system automatically generates the
recall queue. The recall continues after you restart the system during a
recall, when the system is available.

You can restore the data from the active tier when the file recall
completes.

Exploring Tape Out to Cloud

DD VTL Tape Out to Cloud

DD Virtual Tape Library (DD VTL) supports storing the VTL vault in cloud
storage. Storing VTL vaulted tapes on cloud tier storage is called tape out
to cloud. The DD Operating System (DDOS) supports cloud storage for
use as the VTL vault. DD VTL does not support the option to store the
vault from an MTree replication destination on cloud storage.

You can use tape out to cloud storage on PowerProtect DD systems

configured and licensed with Dell Cloud Tier and DD VTL.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 42

[email protected]
 Managing Data Movement

Tape Out to Cloud Requirements

You must license and enable the Dell Cloud Tier feature on either a
physical or virtual PowerProtect DD appliance. The appliance must also
have a VTL license.

Configure a cloud profile and cloud unit name before using the DD VTL
tape out to cloud feature.

The Fibre Chanel (FC) and network interface requirements for virtual tape
library (VTL) are the same for both cloud-based and local vault storage.
DD VTL does not require a special configuration to use cloud storage for
the vault. When you configure the DD VTL, select the cloud storage as the
vault location.

Backup and Restore Workflow Using a Cloud Tier Vault

Tape Out to Cloud Workflow Diagram

The workflow for backing up and restoring data using the PowerProtect
DD VTL tape out to cloud feature is as follows:
1. Perform the backup server or client configuration and user application
setup.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 43

[email protected]
 Managing Data Movement

2. Back up to primary disk storage pools.

3. During backup, the system copies the data while the backup server
maintains the necessary backup catalog and tracking metadata.
4. Data replicates to the DD VTL vault. You can replicate to a vault that is
onsite or or remotely. The backup server tracks the tapes in a
Mountable state.
5. Once the tapes are ready for cloud tier vault storage, the VTL process
ejects them from the tape storage pool. The backup server tracks
tapes in the Nonmountable state.
6. The backup server continues to monitor the tape while the tape out to
the cloud functionality moves the tapes to the cloud tier.
7. Once in the cloud tier vault, the backup server maintains the tape
status as Offsite.
8. To restore from the cloud tier vault, the PowerProtect DD appliance
recalls the tapes from the cloud tier vault. The PowerProtect DD moves
them to the DD VTL vault. Once the tapes are in the vault, you can
move them to the library where the backup application can use them.

Tape Out to Cloud Policies

The administrator applies a tape selection policy at the pool level and sets
the age threshold for data moving to the cloud. The minimum setting is 14
days. If you change the policy to user-managed, you can use a command
to select one or more tapes to move during the next scheduled data
movement. If the administrator sets the policy to none, the system moves
no tapes to the cloud.

Only tapes in the VTL vault can move to the cloud.

The cloud data movement schedule defines how frequently the system
moves vaulted tapes to the cloud. Administrators can set the cloud data
movement schedule to Never, to any number of days or weeks, or to run
Manually.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 44

[email protected]
 Managing Data Movement

Deep Dive: Go to the DDOS Command Reference Guide

on the Dell Support website to find specific commands that
you can use to set the tape selection policy and cloud data
movement schedule.

Configuring Tape Out to Cloud Movement

Prepare the VTL Pool for Data Movement

Data movement for the VTL occurs at the tape volume level. You can
move individual tape volumes or collections of tape volumes to the cloud
tier but only from the vault location. You cannot move tapes in other
elements of a VTL.

1. Select Protocols > DD VTL.

2. Expand the list of pools, and select a pool on which to enable migration
to Cloud Tier.
3. In the Cloud Data Movement pane, click Create under Cloud Data
Movement Policy.
4. In the Policy drop-down list, select a data movement policy such as,
Age of tapes in days or Manual selection.
5. Set the data movement policy details.
a. For Age of tapes in days, select an age threshold after which
tapes are migrated to Cloud Tier, and specify a destination cloud
unit.
b. For Manual selection, specify a destination cloud unit.
6. Click Create.

Remove Tapes from the Backup Application Inventory

Use the backup application to verify the tape volumes that move to the
cloud are marked and inventoried according to the backup application
requirements.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 45

[email protected]
 Managing Data Movement

Select Tape Volumes for Data Movement

Manually select tapes for migration to the cloud tier. You can set the
migration to migrate immediately or at the next scheduled data migration.
You can also manually remove tapes from the migration schedule.

1. Select Protocols > DD VTL.

2. Expand the list of pools and select the pool which is configured to
migrate tapes to the cloud tier.
3. In the pool pane click the Tape tab.
4. Select tapes for migration to the cloud tier.
5. Click Select for Cloud Move to migrate the tape at the next scheduled
migration or Move to Cloud Now to immediately migrate the tape.
a. If the data movement policy is based on tape age, the Select for
Cloud Move option is not available, as the protection system
automatically selects tapes for migration.
6. Click Yes at the confirmation dialog.

Recalling Tapes from the Cloud

To recall tapes from the cloud, perform the following:

1. In DD System Manager, select Protocols > DD VTL.
2. Expand the list of pools, and select the pool which is configured to
migrate tapes to the cloud tier.
3. In the pool pane, click the Tape tab.
4. Select one or more tapes that are in a cloud unit.
5. Click Recall Cloud Tapes to recall tapes from Cloud Tier.

After the next scheduled data migration, the tapes move from the cloud
unit to the vault. You can return tapes to a library from the vault.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 46

[email protected]
Terms
Object storage
Object storage is a technology that stores and manages data in an
unstructured object format. Cloud object storage systems distribute this
data across multiple physical devices but allow users to access the
content efficiently from a single, virtual storage repository.

Tape out to cloud

Tape out to cloud stores the VTL vault on Cloud Tier storage.

Dell Cloud Tier Implementation and Administration

© Copyright 2023 Dell Inc Page 47

[email protected]
 POWERPROTECT DD
DATA SECURITY
IMPLEMENTATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

PowerProtect DD Security Implementation 5

Exploring Retention Lock 6

DD Retention Lock Overview 6
DD Retention Lock Editions 6
Exploring the Security Officer Role 8
Creating the Security Officer in DDOS 8
Security Officer and Runtime Authorization Policy 9
Exploring DD Retention Lock Activity 11
Exploring File Locking Protocol 12
Automatic Retention Lock 13
Exploring Retention Lock Governance Edition 14
Exploring DD Retention Lock Compliance 17
DD Retention Lock Compliance Edition Setup and Configuration 18

Administering Data Sanitization 20

Administering Data Sanitization 20
Exploring the System Sanitization Procedure 20
Administering System Sanitization 21

Exploring DD Encryption 23
Exploring DD Encryption 23
DD Encryption at Rest 23
Exploring Inline Encryption 24
Key Management 25
Key Management Considerations 26
Exploring Authorization Workflow 27
Configuring Encryption 29
Changing the Encryption Passphrase 30
Disabling Encryption 31
File System Locking 32
Locking the File System 34

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 3

[email protected]
 Unlocking the File System 35

Administering File System Destroy 36

Administering File System Destroy 36
Destroying the File System 36

Terms 38

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 4

[email protected]
 Exploring Retention Lock

PowerProtect DD Security Implementation

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 5

[email protected]
 Exploring Retention Lock

Exploring Retention Lock

DD Retention Lock Overview

DD Retention Lock provides immutable file locking

and secure data retention capabilities to meet a
broad class of governance and compliance
standards of archive data stored on PowerProtect
DD systems.

When you lock data on your protection system with

DD Retention lock the system cannot overwrite,
modify, or delete the data for a user-defined retention period of up to 70
years.

Dell data protection applications like PowerProtect Cyber Recovery and

PowerProtect Data Manager use DD Retention Lock to protect data from
ransomware attacks.

DD Retention Lock is a licensed feature for Data Domain Operating

System (DDOS) that protects archive data from any malicious activity that
might compromise the integrity of the retained data. System administrators
and compliance officers use DD Retention lock to meet requirements for
archiving data with immutable file locking.

DD Retention Lock Editions

Dell offers two separately licensed DD Retention Lock editions: DD

Retention Lock Governance and DD Retention Lock Compliance. Each
has its own set of features and capabilities.

DD Retention Lock Governance maintains the integrity of the archive data.

DD Retention Lock Governance does not require a security officer and
provides greater flexibility in managing archive data retention.

DD Retention Lock Compliance is designed to meet strict regulatory

compliance standards such as those of the United States Securities and

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 6

[email protected]
 Exploring Retention Lock

Exchange Commission. DD Retention Lock Compliance requires extra

authorization by a security officer for system functions.

You can use both DD Retention Lock Governance and Compliance

editions on a single system simultaneously.

The following table describes the capabilities of both DD Retention Lock

editions:

Capability Retention Lock Retention Lock

Governance Compliance

File level retention Yes Yes

policies

Update or extend Yes Yes, with security officer

retention periods authorization

Rename MTree Yes Yes, with security officer

authorization

Retention modes Collection, Collection, MTree

supported Directory, MTree

Secure clock No Yes

Audit logging No Yes

CLI support Yes Yes

DD System Manager Yes No. Configure the

configuration compliance edition using
the command-line
interface

Supported protocols CIFS, NFS, VTL, CIFS, NFS, DD Boost

DD Boost

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 7

[email protected]
 Exploring Retention Lock

Exploring the Security Officer Role

Some DD Operating System features and

commands require the approval of a security role
user before an admin role user can complete a task.

A security role user, also called a security officer,

can perform the following:
• Manage other security officers.
• Authorize procedures that require security officer approval.
• Perform all tasks supported for user-role users.

Most command options for administering operations related to security

require security officer approval.

Some of these security-related operations are:

• DD Retention Lock Compliance
• DD Encryption
• Archiving

Admin users can enable or disable all users except the sysadmin user and
users with the security role. Only Security officers can enable or disable
other security officers.

Important: The security officer is the only user that is

permitted to change the security officer password. Contact
Dell Technologies Support if you lose or forget the security
officer password.

Creating the Security Officer in DDOS

During initial configuration, the system prompts you to create a security

officer with the first login. If the administrator selects Yes, then the
administrator must provide a username and password to create the

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 8

[email protected]
 Exploring Retention Lock

security officer. If the administrator selects No, then the system skips
creating the security officer.

The DD Operating System (DDOS) requires security officer user oversight

for many security-related operations on the PowerProtect DD system.

After the initial system configuration, create a user with a security role
within the DD System Manager. Go to Administration > Access > Local
Users > CREATE > Create User. In the Create User window, enter the
user details and select Security in the Management Role field.

Deep Dive: You can create a user with a security role using
the command line interface. For details, see the DDOS
Command Reference Guide found on the Dell Support
website.

Security Officer and Runtime Authorization Policy

When establishing DD Retention Lock Compliance on a PowerProtect DD

system, the security officer must log in and establish or modify the runtime
authorization policy.

Using the Runtime Authorization Policy

You can use the runtime authorization policy to update or extend retention
periods and rename MTrees.

Use the runtime authorization policy to manage encryption commands.

When the security officer activates the runtime authorization policy, the
system applies it while the security officer is logged in to the current
session.

The runtime authorization policy needs the security officer to provide

credentials, as part of a dual authorization process with an administrator.
Use dual authorization to set up and modify retention lock compliance
features and data encryption features.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 9

[email protected]
 Exploring Retention Lock

Security officers can establish or modify runtime authorization policy using

the command line interface (CLI). Command options enable security-
based functions such as managing file system encryption and enabling or
disabling authorization policy.

Configuring Runtime Authorization Policy

The following are the CLI commands to view and configure the runtime
authorization policy:
• The authorization policy set security-officer
{enabled | disabled} command enables or disables runtime
authorization policy. You cannot disable the authorization policy on DD
Retention Lock Compliance systems.
• The authorization policy reset security-officer
command resets runtime authorization policy to defaults. You cannot
reset the authorization policy on DD Retention Lock Compliance
systems.
• The authorization policy set security-officer
enabled command shows the current authorization policy
configuration.
• The authorization show history [last n { hours | days
| weeks }] command views or audit past authorizations according to
the interval that the security officer provides in the command.

You must install the DD Retention Lock Compliance license to enable the
security officer authorization policy. You are not permitted to disable the
authorization policy on DD Retention Lock Compliance systems.

Deep Dive: For complete information about the

authorization command, see the DDOS Command
Reference Guide on the Dell Support website.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 10

[email protected]
 Exploring Retention Lock

Exploring DD Retention Lock Activity

Most of the steps in the following procedure require both sysadmin and
security officer credentials. The following is the general flow of operations
for DD Retention Lock:
1. License and enable DD Retention Lock.
a. Enable DD Retention Lock Governance, Compliance, or both on
the PowerProtect DD systems. You must install a valid license for
each of the editions you plan to enable.
2. Commit files and MTrees.
a. Commit the files and MTrees to lock on the PowerProtect DD
system using client-side commands. Use an appropriately
configured archiving or backup application, either manually, or by
using scripts. Windows clients might download utilities for DDOS
compatibility. Dell backup applications like PowerProtect Data
Manager and Dell Cyber Recovery use the DD API to lock backups.
3. Extend retention times.
a. Optionally, you can extend the file retention times of the committed
files and MTrees.
4. Delete files.

a. Though you are not required to do so, you can delete files with
expired retention periods using client-side commands.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 11

[email protected]
 Exploring Retention Lock

Exploring File Locking Protocol

Setting Retention Lock Protocol on Files

To perform retention locking on a file, change the last access time1 (atime)
of the file to the retention time of the file. The retention time that you set is
the time when the file can be deleted. Use a qualified archive application
to perform this operation.

1The archiving application must set the atime value, and DD Retention
Lock must enforce it, to avoid any modification or deletion of locked files.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 12

[email protected]
 Exploring Retention Lock

Observe three file-locking specifications and their outcomes when setting

retention times:

• If the set atime is less than or equal to the current time plus 12 hours,
the retention time falls before the minimum retention period. The file is
not locked and the system generates no error message.
• If the set atime is less than the minimum retention period and is greater
than the current time plus 12 hours, then the file falls before the
minimum retention period. The file is not locked and the system
generates an error message.
• If the set atime is greater than the maximum retention period, then the
file is not locked and the system generates an error message.
• If the set atime is greater than or equal to the minimum retention period
and if atime is less than or equal to the maximum retention period, then
the file is locked.

You cannot modify locked files on the PowerProtect DD system even after
the retention period for the file expires. You can copy files to another
system and then modify them. Data that you archive and retain on the
PowerProtect DD system after the retention period expires remains on the
system. You can delete the remaining files using an archiving application,
or remove them manually.

For example, Veritas Enterprise Vault retains records for a user-specified

amount of time. While Enterprise Vault retention monitors archived files on
a PowerProtect DD system, the system cannot modify or delete
documents in the archive. When the set time expires, you can set
Enterprise Vault to automatically dispose of those archived records.

Automatic Retention Lock

DD Retention Lock is compatible with industry-standard, NAS-based

Write-Once-Read-Many (WORM) protocols. DD Retention Lock
integration qualifies with archive applications such as Symantec
Enterprise Vault, SourceOne, Cloud Tiering Appliance, or DiskXtender.
You can also develop some custom scripts for DD Retention lock to use
with some backup applications.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 13

[email protected]
 Exploring Retention Lock

The automatic retention lock feature allows you to set automatic values for
the retention period on a per MTree basis. When you add new files to an
MTree that already has preconfigured retention lock settings, the new files
can automatically receive lock settings. Adding the new files does not
affect the other files in the MTree. Both Retention Lock Compliance and
Retention Lock Governance support automatic retention lock.

Automatic retention lock provides a lock delay. A lock delay is a

preconfigured cool-off period that postpones the time when files become
locked after writing them to a retention lock-enabled MTree.

Important: After you configure automatic retention lock, you

cannot disable it on Retention Lock Compliance or
Retention Lock Governance-enabled systems.

Important: After it is set you cannot reset the automatic

retention period on Retention Lock Compliance or Retention
Lock Governance-enabled systems.

Exploring Retention Lock Governance Edition

You can configure DD Retention Lock Governance using the DD System

Manager (DDSM) or by using command line interface (CLI) commands:

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 14

[email protected]
 Exploring Retention Lock

DD System Manager

The Modify Retention Lock window in DD System Manager

To configure retention lock using the DD System Manager, go to Data

Management > MTree and do the following:
1. Select the MTree you want to edit with DD Retention Lock.
2. Click the SUMMARY tab, and scroll to the DDRetention Lock area.
3. Click Edit.
4. Enable retention lock in the Modify Retention Lock dialog box.
5. Enter the Min retention period, or select DEFAULT. You can also
place an indefinite retention hold on the selected MTree from the
selected MTree.
6. Enter the Max retention period or select DEFAULT.
7. Click OK.

Command Line

You can also manage Retention Lock using the following commands in
the CLI:
• The mtree retention-lock enable mode {compliance |
governance} mtree mtree-path command enables Retention

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 15

[email protected]
 Exploring Retention Lock

Lock and edition for the specified MTree. Enabling Retention Lock
Compliance requires security officer authorization.
• The mtree retention-lock disable mtree mtree-path
command disables Retention Lock for the specified MTree.
The mtree retention-lock disable command is allowed on
Retention Lock Governance MTrees only.
• The mtree retention-lock set {min-retention-period |
max-retention-period | automaticretention-period |
automatic-lock-delay} period mtree mtree-path
command sets the minimum or maximum retention period for the
specified MTree. The mtree retention-lock set command
requires security officer authorization when applying the command to
an MTree that is enabled with Retention Lock Compliance.
• The mtree retention-lock show {min-retention-period |
max-retention-period | automaticretention-period |
automatic-lock-delay} mtree mtree-path command shows
the minimum or maximum retention period, the automatic retention
period, or the automatic lock delay time for the specified MTree.
• The mtree retention-lock indefinite-retention-hold
enable mtree mtree-path - command enables Indefinite
Retention Hold (IRH) for the specified MTree. This command option is
allowed on Retention Lock-enabled MTrees only (Governance or
Compliance). It is not allowed on the /data/col1/backup MTree. When
IRH is enabled, all locked and expired files are protected until you
disable the hold. Revert operations on locked files for Retention lock
Governance MTrees are not allowed. You cannot disable Retention
Lock for an MTree when IRH is enabled.
• The mtree retention-lock indefinite-retention-hold
disable mtree mtree-path command disables Indefinite
Retention Hold (IRH) for the specified MTree. You can use this
command on IRH-enabled MTrees only. You cannot apply IRH on the
/data/col1/backup MTree. You can delete expired files
immediately after disabling IRH on an MTree.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 16

[email protected]
 Exploring Retention Lock

Deep Dive: For more details on configuring Retention Lock

on MTrees using CLI commands, see the Data Domain
Operating System Command Reference Guide on the Dell
Support website.

Exploring DD Retention Lock Compliance

DD Retention Lock Compliance ensures that an

archiving application locks selected files for a
specific retention period. The lock prevents file
deletion or modification until the retention period
ends. Retention Lock Compliance archives data
using multiple security hardening procedures for
certain administrative actions.

Security hardening procedures include:

• Securing the system clock from illegal updates.
− DD Retention Lock Compliance implements an internal security
clock to prevent malicious tampering with the system clock. The
security clock closely monitors and records the system clock. If the
time between the security clock and the system clock differs by
more than two weeks in a year, Retention Lock Compliance
disables the DD File System (DDFS). Only a security officer can
reenable the file system.
• Requiring dual sign-on for certain administrative actions.
• Disabling various avenues of access where operators could
compromise locked data or the state of retention attributes.

Tip: You configure and enable the system to use DD

Retention Lock Compliance software and then enable DD
Retention Lock Compliance on one or more MTrees.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 17

[email protected]
 Exploring Retention Lock

DD Retention Lock Compliance Edition Setup and

Configuration

Setting up DD Retention Lock Compliance on a PowerProtect DD system

requires several steps. You must license the feature, set up a security role
on the system, configure the software, and enable DD Retention Lock
Compliance on one or more MTrees.

To set up DD Retention Lock on a PowerProtect DD system, perform the

following steps:
1. In the command line interface (CLI), use the license show command to
check for the presence of the DD Retention Lock Compliance license.
Install the DD Retention Lock Compliance license using the elicense
update command.
2. Set up one or more security accounts according to Role-Base Access
Control (RBAC) rules. As a system administrator, add a security officer
account with the command user add[user]role security.
3. Enable the security officer authorization with the command
authorization policy set security-officer enabled.
4. Configure the system to use DD Retention Lock Compliance with the
command system retention-lock compliance configure.
The system automatically reboots.
DD3300, DD6400, DD6900, DD9400, and DD9900 systems require
that you enable compliance mode on iDRAC before you can configure
DD Retention Lock Compliance on the system. The iDRAC Users
table displays the iDRAC users currently configured on the system,
their role, whether access for that user is enabled or disabled, and the
amount of time those users can access the system.
5. After the restart process completes, create iDRAC users using the
command user idrac create.
6. Enable retention lock compliance on the system with the command
system retention-lock compliance enable.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 18

[email protected]
 Exploring Retention Lock

7. Enable compliance on an MTree holding retention-locked files with the

command mtree retention-lock enable mode compliance
mtree [mtree-path].
8. You can configure the automatic retention period and automatic lock
delay using the following commands:

mtree retention-lock set automatic-retention-

period[period]mtree [mtree-path].
mtree retention-lock set automatic-lock-delay
[time]mtree[mtree-path].

Deep Dive: For more details on configuring DD Retention

Lock Compliance, see the Data Domain Operating System
Command Reference Guide on the Dell Support website.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 19

[email protected]
 Administering Data Sanitization

Administering Data Sanitization

Administering Data Sanitization

Exploring the System Sanitization Procedure

Data sanitization, or data shredding, destroys

classified or sensitive data on a PowerProtect DD
system. Data shredding is an option for
organizations that must delete all traces of data that
are no longer needed from the PowerProtect DD
system.

The following are some of the properties of data

sanitization:
• Sanitization overwrites deleted files using an algorithm that complies
with the United States Department of Defense (DoD) and the National
Institute of Standards and Technology (NIST) requirements.
• Sanitization causes little to no disruption to file system operations. You
have access to existing data on a PowerProtect DD system during the
sanitization process.
• Administrators can use sanitization to remove and destroy classified
message incidents (CMI) from the PowerProtect DD system.

Deleting files leaves behind residual data that a person can use to recover
the deleted data. Sanitization removes any trace of deleted files with no
residual remains.

The command line interface (CLI) system sanitize command is a

Level 1 system sanitization method for PowerProtect DD appliances. If the
data to remove is unclassified, then you can use Level 1 sanitization to
overwrite the affected storage once.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 20

[email protected]
 Administering Data Sanitization

Tip: If you need to remove classified data, as defined in the

NIST Special Publication 800-88 Guidelines for Media
Sanitization, you might need stronger sanitization measures.
Level 2 sanitization or full system sanitization is an option.
Contact Dell Support for additional information about Level 2
system sanitization.

System sanitization requires security officer authorization. You cannot run

system sanitization if you do not have a system that is configured with a
security policy. The system sanitize start CLI command requires
dual-party authentication by both the system administrator and security
officer for protection from accidental execution.

The system sanitize command erases content in the following

locations:
• All storage tiers, caches, unused capacity, and free space
• All caches
• Contaminated metadata
• All unused capacity in the file system
• All free space

Important: The system sanitize start command

does not run on Dell Cloud Tier-enabled systems.

Administering System Sanitization

When you issue the system sanitize start command on a system

where there is a large amount of space to sanitize, the process can be
several hours or longer.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 21

[email protected]
 Administering Data Sanitization

During sanitization, the system runs through five phases: merge, analysis,
enumeration, copy and zero.

Merge: Performs an index merge to flush all index data to disk.

Analysis: Reviews all data to be sanitized.

Enumeration: Reviews all the files in the logical space and remembers
what data is active.

Copy: Copies live data forward and clear the space that it used to occupy.

Zero: Writes zeroes to the disks in the system.

You can view the progress of these five phases by running the system
sanitize watch CLI command.

You can administer system sanitization using CLI commands:

• The system sanitize abort command cancels the sanitization
process.
• The system sanitize start command starts sanitization process
immediately.
• The system sanitize status command shows the current
sanitization status.
• The system sanitize watch command monitors sanitization
progress.

Deep Dive: For more information about the system

sanitize command, see the Dell EMC DDOS Command
Reference Guide found on the Dell Support website.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 22

[email protected]
 Exploring DD Encryption

Exploring DD Encryption

Exploring DD Encryption

DD Encryption at Rest

Encryption of Data at Rest

Data encryption provides protection to user data in the event of system or

physical storage media loss during transit. Data encryption protects
against accidental exposure of a failed drive during replacement. If an
intruder circumvents network security controls and gains access to
encrypted data, the data is unreadable and unusable without the proper
cryptographic keys.

Encryption of data at rest protects backup and archive data that is stored
on systems with data encryption. As data is ingested, the PowerProtect
DD deduplicates, compresses, and encrypts the stream using an
encryption key before writing to the redundant array of independent disks
(RAID) group. The encryption at rest feature satisfies internal governance
rules and compliance regulations.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 23

[email protected]
 Exploring DD Encryption

Some features of encryption of data at rest are the following:

• It protects data on a PowerProtect DD system from unauthorized
access or accidental exposure.
• The PowerProtect DD appliance can encrypt and save the data that it
holds before moving the appliance to another location.
• The PowerProtect DD appliance encrypts all newly ingested data using
stream-informed segment layout (SISL) for optimized encryption.

Encryption of data at rest requires a software license. By default,

encryption of data at rest encrypts only newly ingested data. You can
encrypt data that is stored on the system before encryption was active by
enabling an option to encrypt existing data.

Exploring Inline Encryption

In-Line Encryption Encryption Modes and Supported Access Protocols

When licensed and enabled with DD Encryption software, a PowerProtect

DD system encrypts all incoming data inline before writing it to disk. DD
Encryption is a software-based approach to encryption that requires no
additional hardware. DD Encryption uses a configurable 128-bit or 256-bit
advanced encryption standard (AES) algorithm. Encryption includes
confidentiality using a cipher-block chaining (CBC) mode or message

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 24

[email protected]
 Exploring DD Encryption

authenticity using the Galois/Counter (GCM) mode. You can use both
confidentiality and message authenticity in GCM mode.

All DD Operating System (DDOS) data protocols apply encryption and

decryption transparently.

When using Data Security Manager (DSM), the system administrator can
select an Advanced Encryption Standard (AES) algorithm for encrypting
all data within the system. The AES consists of either 128 or 256-bit
encryption.

Key Management

A key manager controls the generation, distribution,

and life cycle management of multiple encryption
keys. You can use either the embedded key
manager, or an external key manager to manage
encryption keys. PowerProtect DD appliances
support many compliant Key Management
Interoperability Protocol (KMIP) key managers.

Encryption keys determine the output of the cryptographic algorithm.

Encryption keys use passphrase protection, which encrypts the encryption
key before it is stored in multiple locations on disk. The user generates the
keys and applies a passphrase to access them. Changing the password
requires both an administrator and security officer authorization.

A key manager controls the generation, distribution, and life cycle

management of multiple encryption keys. You can use either the
embedded key manager, or an external key manager to manage
encryption keys. PowerProtect DD appliances support many compliant
Key Management Interoperability Protocol (KMIP) key managers,
including Data Security Manager from Vormetric/Thales.

PowerProtect DD appliances support the following KMIP-compliant key

managers:
• KeySecure
• NextGen from SafeNet/Gemalto

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 25

[email protected]
 Exploring DD Encryption

• Data Security Manager (DSM) from Vormetric/Thales

− When using Data Security Manager (DSM), the system
administrator can select an Advanced Encryption Standard (AES)
algorithm for encrypting all data within the system. The AES
consists of either 128 or 256-bit encryption.
• Thales CipherTrust
• Security Guardium Key Lifecycle Manager (GKLM)

Deep Dive: To discover more details about supported

KMIP-compliant key managers, see the Dell EMC DDOS
System Administration Guide available on the Dell Support
website.

Key Management Considerations

Consider the following before employing key managers:

• You may only use one key manager at a time.
• PowerProtect DD systems support either an embedded key manager
or an external key manager.
• When you enable encryption on a PowerProtect DD system, the
embedded key manager is the default key manager. The PowerProtect
DD system creates its own encryption keys when the system uses the
embedded key manager.
• External key managers rotate keys on a normal basis, depending on
the key class.
• If you use the embedded key manager, you can enable or disable key
rotation. When you enable key rotation, you must provide a key
rotation interval between 1 through 12 months or 52 weeks. If Cloud
Tier encryption is enabled, you must provide a weekly key rotation
policy.
• External key managers centrally manage encryption keys in a single,
centralized platform. The key manager precreates keys when it is

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 26

[email protected]
 Exploring DD Encryption

applicable. Active and cloud tier storage supports external key

management.
• To use a KMIP eternal key manager, you must configure both the key
manager and the PowerProtect DD to trust each other. The protection
system retrieves the encryption keys and their states from the key
manager using a transport layer security (TLS) connection.

Deep Dive: For more details on configuring key

management systems with PowerProtect DD, see the Dell
EMC DDOS Administration Guide available on the Dell
Support website.

Exploring Authorization Workflow

System administrators issue most PowerProtect DD commands in the DD

Operating System. However, some features and commands require
approval by a security role user before completing the operation. Many
operations require further authorization from the security officer for the
protection system.

Some of the operations that require security authorization are the

following:
• DD Encryption
• DD Retention Lock
• Setting or updating the system passphrase
• Destroying the file system or cloud tier

Procedures requiring authorization require dual authentication by the

security officer and a user in the administrator role. An administrator role
user interacts with the security officer to perform an operation that requires
security officer sign-off.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 27

[email protected]
 Exploring DD Encryption

Important: Creating a security officer does not enable the

authorization policy on a PowerProtect DD system. A
security officer must log in and enable the authorization
policy.

To invoke the authorization policy, the security officer must log in through
the command line interface (CLI) and issue the runtime authorization
policy command authorization policy set security-officer
enabled.

The following are steps to authorize a dual-authentication action, such as

enabling encryption on the PowerProtect DD system:
1. The administrator issues the command to enable encryption using the
DD System Manager (DDSM).
2. The DDSM displays a prompt for the security officer credentials. The
security officer must enter their credentials on the same console at
which the command option was run.
3. Encryption enables when it accepts the security credentials. If the
system does not accept the security credentials, the system generates
a security alert, and the authorization log records the details of each
transaction.

Important: Keep the Security Officer credentials safe and

change the password before it expires. Only another
security officer has permission to change or reset a security
officer account. Only an existing security officer can create
another security officer account.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 28

[email protected]
 Exploring DD Encryption

Configuring Encryption

Configuring Encryption in DD System Manager

The Data Management > File System > DD ENCRYPTION in the DD

System Manager (DDSM) shows the status of system encryption of data
at rest.

The status indicates Enabled, Disabled, or Not configured.

To configure DD Encryption, do the following:

1. Click CONFIGURE.
a. You are prompted for a passphrase2. The system generates an
encryption key and uses the passphrase to encrypt the key. One
key is used to encrypt all data that is written to the system.
Administrators use the passphrase when locking or unlocking the
file system, or when disabling encryption.
2. Enter a passphrase, and then click NEXT.

2 The system generates an encryption key and uses the passphrase to

encrypt the key. One key is used to encrypt all data that is written to the
system. Administrators use the passphrase only when locking or unlocking
the file system, or when disabling encryption.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 29

[email protected]
 Exploring DD Encryption

3. Choose the encryption algorithm, and then click NEXT.

4. Select whether you obtain the encryption key from the PowerProtect
DD system or an external key manager.
5. Click FINISH.

You must restart the system to activate the new encryption

configuration.

Important: You must restart the system to activate the new

encryption configuration.

Changing the Encryption Passphrase

CHANGE PASSPHRASE Option in DD System Manager

You can change the encryption passphrase without manipulating the

encryption keys. Changing the passphrase indirectly changes key
encryption, but does not affect user data or the encryption key.

Changing the passphrase requires two-user authentication to protect

against data shredding.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 30

[email protected]
 Exploring DD Encryption

To change the encryption passphrase, do the following:

1. Select Administration > Access > ADMINISTRATOR ACCESS.
2. Click CHANGE PASSPHRASE.
a. The CHANGE PASSPHRASE dialog appears. You must disable
the file system to change the passphrase. If the file system is still
running, disable the file system to proceed.
3. In the related fields, enter the security officer username and password,
the current passphrase, and the new passphrase.
4. Click the checkbox, Enable file system now.
5. Click OK.

Disabling Encryption

File System > DD ENCRYPTION > DISABLE Option in DD System Manager

You must set security authorization and provide a security officer login and
password to disable encryption.

To disable encryption, do the following:

1. In the same DD ENCRYPTION tab, click DISABLE.

The Disable Encryption dialog box appears.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 31

[email protected]
 Exploring DD Encryption

2. Enter the username and password of a security officer.

3. Select one of the following:

a. Select Apply to existing data and click OK.

i. Existing data decrypts during the first cleaning cycle after the file
system restarts.
b. Select Restartthe file system now and click OK.
i. When the file system restarts, DD Encryption is disabled.

File System Locking

File System Lock in DD System Manager

You can enable the file system lock to securely transport the DD-
Encryption-enabled protection system and its external storage devices.
You can also use the same feature to lock a disk when you are replacing
it. This procedure requires both the security officer and the system
administrator authorization. A passphrase protects the encryption key that
is stored on a disk that the system encrypts by the passphrase. You
cannot retrieve this passphrase when the system is locked.

Without the encryption that file system locking provides, a thief with
forensic tools could recover the data.

To manage file system locking, do the following:

1. Select Data Management > File System > DD ENCRYPTION.
In the File System Lock section, the Status shows whether the file
system is Locked or Unlocked.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 32

[email protected]
 Exploring DD Encryption

2. Review the DD Encryption status and confirm that you enable DD

Encryption.
3. Disable the file system. Select Data Management > File System >
SUMMARY and click Disable in the File System status area at the
bottom of the page.
4. Return to Data Management > File System > DD ENCRYPTION and
click LOCK in the File System Lock section. The Lock File System
window appears.

a. When you are ready, you can unlock the file system using a similar
procedure.

Caution: Unless you can reenter the correct passphrase,

you cannot unlock the file system and access the data.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 33

[email protected]
 Exploring DD Encryption

Locking the File System

The Lock File System Window in DD System Manager

1. To lock the file system, enter the following:

a. The username and password of a security officer account
b. The current passphrase
c. The new passphrase
2. Click OK.
a. The system reencrypts the encryption keys with the new
passphrase. It also destroys the cached copy of the current
passphrase in-memory and on-disk.
3. Use the command line interface (CLI) system poweroff command
to shut down the system.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 34

[email protected]
 Exploring DD Encryption

Unlocking the File System

To unlock a locked file system for use, do the following:

1. Select Data Management > File System > DD ENCRYPTION and
click Unlock File System.
2. In the text field, type the passphrase that was used to lock the file
system.
3. Click OK.
4. Click Close to exit.

a. If you enter the passphrase is incorrectly, the file system does not
start and the system reports the error. Type the correct passphrase,
as directed in the previous step.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 35

[email protected]
 Administering File System Destroy

Administering File System Destroy

Administering File System Destroy

Destroying the File System

You can destroy the file system on a PowerProtect DD appliance. This

action deletes all data in the file system, including virtual tapes. Deleted
data is not recoverable.

Dell Technologies recommends that you should only destroy a file after
careful consideration. You cannot reverse the file system destroy
operation. Destroying the file system deletes all data in the file system,
including virtual tapes. Deleted data is not recoverable.

Destroying a file system deletes data that is configured with DD Retention

Lock Governance. Destroying the file system removes DD Replicator
configuration settings and returns file system settings to its default
settings. When the process completes, you might need to remount NFS
clients that are connected to the affected system.

Use the filesys destroy to destroy the file system. You must run the
command with an admin role. The filesys destroy command runs
only with a security policy authorization on the system and with security
officer endorsement. If you configure multifactor authentication on the
system, the security officer must enter the RSA passcode to authorize this
command. The system runs some enhanced security checks before
allowing filesys destroy.

Important: The option to destroy the file system is not

available on systems running DD Retention Lock
Compliance.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 36

[email protected]
 Administering File System Destroy

Important: You must first delete all cloud units on the

protection system before running the filesys destroy
command.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 37

[email protected]
Terms
Classified message incidents (CMI)
CMI describes an incident where data of a certain classification is
inadvertently copied into another system that is not certified for data of
that classification.

Client-side command
A client-side command is a command that originates and occurs on the
client. DD System Manager and command line command are considered
server-side commands.

PowerProtect DD Data Security Implementation

© Copyright 2023 Dell Inc Page 38

[email protected]
 POWERPROTECT DD
SECURE MULTI-
TENANCY
IMPLEMENTATION AND
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

Secure Multi-Tenancy Implementation and Administration 5

Exploring Secure Multi-Tenancy 6

Exploring Data Protection as a Service 6
Exploring Data Protection as a Service - Cloud Models 7
Secure Multi-Tenancy Description 8
Exploring Secure Multi-Tenancy Benefits 9
Exploring Secure Multi-Tenancy Architecture 11
Multi-Tenancy Security Modes 12
Stream Limits and Capacity Quotas 14
Exploring Network Isolation 15
Secure Multi-Tenancy Considerations 16

Configuring Secure Multi-Tenancy 18

Configuring Secure Multi-Tenancy 18
Configuring Secure Multi-Tenancy 18
Secure Multitenancy Access Management Using RBAC 22
Setting Network Attributes for SMT 23
Exploring Data Access Isolation with Dynamic Interface Groups 24
Considerations for Data Access Isolation with DIGs 25
Configuring Network Firewall Settings 25
Configuring Unique Default Gateways for SMT Tenant Units 27
Managing Quotas 28
Tenant Self-Service 31
Configuring CIFS and NFS for Secure Multi-Tenancy 32
VTL with Secure Multitenancy 33
Exploring DD Boost MFR with Secure Multitenancy 34

Monitoring Secure Multi-Tenancy 36

Monitoring Secure Multi-Tenancy 36
Monitoring Secure Multi-Tenancy 36
Monitoring Quotas 37

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 3

[email protected]
 Monitoring and Modifying Physical Capacity Measurement 41
PCM Operations 42
Monitoring Tenant Alerts 46
Secure Multitenancy Reporting 48
Report Templates 53

Terms 55

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 4

[email protected]
 Exploring Secure Multi-Tenancy

Secure Multi-Tenancy Implementation and

Administration

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 5

[email protected]
 Exploring Secure Multi-Tenancy

Exploring Secure Multi-Tenancy

Exploring Data Protection as a Service

Data protection as a service (DPaaS) are cloud and web-based

subscription services that provide the following:

• Data protection
• Network security
• Disaster recovery capabilities

DPaaS enables a more unified and comprehensive data protection

strategy.

Secure Multitenancy (SMT) is the simultaneous hosting, by an internal IT

department or an external provider, of an IT infrastructure for more than
one consumer or workload such as business units, departments, or
individual tenant.

SMT provides the ability to securely isolate many users and workloads in
a shared infrastructure, so that the activities of one tenant is not apparent
or visible to the other tenants.

In light of DPaaS, Secure Multi-Tenancy (SMT) for PowerProtect DD

offers the following:
• Enterprises and service providers can offer and deliver DPaaS.
• Enterprises can securely deploy PowerProtect DD systems in a
private, hybrid, or public network cloud.
• Enterprises can securely isolate many users and workloads on a
shared system. As a result of secure isolation, the activities of one
tenant are not visible or apparent to other tenants. This capability
improves cost efficiencies through a shared, logically isolated
infrastructure.
• Tenants can have the same visibility, isolation, and recovery control as
they do with stand-alone PowerProtect DD systems.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 6

[email protected]
 Exploring Secure Multi-Tenancy

Exploring Data Protection as a Service - Cloud Models

The following cloud models are allowed for protection storage with Secure
Multitenancy (SMT):

Local Backup

For large enterprises in a private cloud, local backup occurs for multiple
business units in the same geography. Each business unit is a tenant for
SMT.

Service providers in a public or hybrid cloud there are hosted applications

including Backup-as-a-Service (BaaS). BaaS makes frequent backup
copies of company files and databases and stores them securely in the
cloud. BaaS is your main tool to protect critical files so you can fully
restore lost data after a disruption or disaster.

Replicated Backup

Remote offices with local backup can replicate data to a public, private, or
hybrid cloud as an SMT tenant.

DRaaS goes beyond BaaS by protecting data, applications, and

infrastructure that belongs to an organization. DRaaS is intended to get
your IT infrastructure back online quickly and return business operations
with minimal disruption.

Remote Backup

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 7

[email protected]
 Exploring Secure Multi-Tenancy

Remote offices can remote backup to the cloud participating as a single

tenant configured under SMT.

A remote backup service backs up data and copies it to a cloud server in a

remote data center. You can automatically back up files, folders, or the
entire contents of hard drives on a regularly scheduled basis or
incrementally as the information changes.

Secure Multi-Tenancy Description

SMT Architecture

SMT only allows tenants to manage and monitor their own data.
Management of isolated tenant data enables chargeback information and
monitors trending and other reporting.

• The system administrator creates a tenant unit on a PowerProtect DD

system. In the example diagram, it is Tenant-Unit A1.
• The system administrator creates a tenant administrator or landlord
and users for the tenant unit on the PowerProtect DD system.
• The administrator creates MTrees, storage units (SUs), and VTL pools
to meet the storage requirements of various types of backups for the

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 8

[email protected]
 Exploring Secure Multi-Tenancy

tenants. The MTrees, SUs and VTL pools provide logical data isolation
by restricting the visibility of each tenant and read and write access to
data in their tenant units only.
• The tenant configures backup and archiving applications to send data
to their configured tenant unit MTree, SUs, or VTL pool.

Important: SUs, MTrees, and VTL pools, logically isolate

their data within a single tenant unit. Tenant client
applications using protocol-specific security can only access
each storage object that the application can access.

Exploring Secure Multi-Tenancy Benefits

The following describe some of the benefits of SMT:

Data isolation Logical data isolation enables providers to spread the

capital expenditure and operational expenditure of a
protection storage infrastructure across multiple tenants.
SMT achieves data isolation by using separate DD
Boost users for different MTrees or by using the access
mechanisms of NFS, CIFS, and VTL. A tenant-unit is a
logical partition in a PowerProtect DD system isolating
data of one tenant from another. Tenant Admins may
only administer the tenant units that belong to them
providing administrative isolation.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 9

[email protected]
 Exploring Secure Multi-Tenancy

Multiple DD Administrators can create multiple DD Boost users on a

Boost users PowerProtect DD system. You can assign each tenant
one or more DD Boost user credentials. Tenants can
assign the credentials access privileges to one or more
MTrees in a tenant unit. The system grants users secure
access to different tenant datasets using their separate
DD Boost credentials by restricting access and visibility.
Similarly, you can use native protocol-level access
control mechanisms to provide data path isolation for
other protocols such as CIFS, NFS, and VTL.

Mutual Mutual isolation ensures that local users, management

isolation groups, and remote IPs associated with one tenant in an
SMT environment are not associated with another
tenant. Mutual isolation ensures data and administrative
isolation across tenants when configuring tenants, users,
tenant units, or protocols that transfer data such as
replication and DD Boost.

Metering and With metering and reporting, a landlord has information

reporting to ensure that they are running a sustainable business
model. The need of such reporting in a multi-tenant
environment is even greater when the provider tracks
usage on a shared asset.

Self-service The landlord tracks and monitors usage of various

system resources. Similarly, the tenant user can access
metrics through tenant self-service. SMT restricts
metrics to resources that belong to a particular tenant
user.

Metrics Administrators can obtain various metrics from the

PowerProtect DD system using SNMP. The SNMP
Management Information Base provides relationships of
the different metrics to the tenant unit, grouping the
metrics on a per-tenant basis.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 10

[email protected]
 Exploring Secure Multi-Tenancy

Exploring Secure Multi-Tenancy Architecture

In the following figure, two organizations share the same PowerProtect DD

system. The organizations are separate tenants within the PowerProtect
DD system. The system logically and securely isolates tenant units and
individual data paths, managing them independently. Tenant users can
back up their own data using their application servers to PowerProtect DD
storage. Tenants are logically isolated from other tenants on the
PowerProtect DD system.

Tenants Using Separate Protocols Logically and Securely Isolated from Each Other

The following compares the abilities of the landlord and the tenant
administrator.
• The landlord can:
− Monitor and manage all tenants.
− View all content across the entire system.
− Set capacity and stream quotas on the system for different tenant
units.
− Generate reports on tenant unit data.
• The tenant administrator can:

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 11

[email protected]
 Exploring Secure Multi-Tenancy

− Perform self-service fast copy operations within their tenant unit.

− Monitor data capacity and associated alerts for capacity and stream
usage.

Multi-Tenancy Security Modes

Security for replication operations is an example of network isolation.

When using replication in a Secure Multi-Tenancy (SMT) environment, the
system provides security to maintain the integrity of the replication
between the sites.

SMT has the following security modes: Default and strict.

Default Security Mode

Default Security Mode Example

If the source and destination do not belong to different assigned tenants,

the default security mode supports replication. When no security mode is
selected, the system provides a default security mode. The default tenant
unit security mode permits replication between an MTree that is assigned
to a tenant and an unassigned MTree. If both the source and destination
MTrees belong to a tenant, then the replication is only performed if both
MTrees belong to the same tenant.

The diagram is an example where the source MTree belongs to Tenant A.

Replication can occur on the destination system belonging to Tenant A.
The default security mode allows replication between an MTree belonging
to Tenant A and an unassigned MTree.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 12

[email protected]
 Exploring Secure Multi-Tenancy

Strict Security Mode

Strict Security Mode Example

Strict security-mode is configured at either the replication source or

destination tenant unit, both the source and destination units must belong
to the same tenant.

In the example, when Tenant A names Tenant Unit A 1.1 as the source
and Tenant Unit A 2.1 as the destination.

Similarly, with strict security, Tenant A configures a new replication pair

naming Tenant Unit A 1.2 as the source and an unassigned MTree as the
destination. The replication protocol checks the ownership of both the
source and destination for ownership. Replication fails because both the
source and destination must belong to Tenant A.

When using strict security mode the UUID of the source and destination
tenant must be set and identical. i.e. the tenant must be created via the
CLI and the UUID set using a command like: smt tenant create tenant-
name [tenant-uuid uuid]

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 13

[email protected]
 Exploring Secure Multi-Tenancy

Stream Limits and Capacity Quotas

Example of Setting Replication Stream and Capacity Quotas Across Multiple

PowerProtect DD Systems

The service provider administrator who owns the replication destination

sets the replication stream limits and capacity quotas. Administrators can
also set backup read and write streams with quotas.

Administrators can set the following restrictions on tenants in a secure

multi-tenancy environment:

Refer to the numbers on the diagram corresponding to the list item

numbers.
1. Administrators set stream limits per tenant for replication data.
a. For each tenant, the destination PowerProtect DD system controls
the maximum number of supported streams.
2. Administrators set capacity quotas on the replication destination to
ensure that individual tenants do not consume storage beyond their set
limit on the PowerProtect DD system.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 14

[email protected]
 Exploring Secure Multi-Tenancy

a. Administrators set the capacity quota through the command line for
any future replication MTrees.
b. Capacity quotas prevent any single tenant from creating a full
storage condition that prevents other tenants from adding data to
their own spaces.

Exploring Network Isolation

Network Isolation Using a Fixed Set of IP Addresses

Administrators can configure specific network clients for tenants using

local and remote Internet Protocol (IP). Specific network clients eliminate
potential security problems with tenants accessing the system over the
network. Local and remote IPs create a layer of network isolation using
access validation.

In the example, Tenant A has multiple tenant units on a PowerProtect DD

system and uses Client A to log in and manage those units. An
unauthorized user tries to access and manage tenant units belonging to
Tenant A using a different client, such as Client B. The unauthorized user
could do so by providing the credentials for Tenant A.

With a local IP assigned to Tenant A, their tenant units are accessible only
by a client using the configured local IP. Without a local IP associated with

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 15

[email protected]
 Exploring Secure Multi-Tenancy

Client B, the unauthorized user cannot access the PowerProtect DD

system.

With remote IP addresses, clients can only access the tenants when they
connect from a defined set of configured remote IPs. An authorized user
with a username and password without a remote IP assigned to their client
cannot gain access to the system. This form of network isolation creates
an association between the management IP and a tenant unit. Remote IP
addresses provide a layout of network isolation using access validation.
Setting local and remote IPs is only required for self-service sessions.

Secure Multi-Tenancy Considerations

When planning and implementing a secure multi-tenancy (SMT)

environment on a PowerProtect DD system, consider the following:

• Run the most current version of DD

Operating System (DDOS) in order to
access all SMT features.
• In an SMT environment, your data
resides in secure logical isolation and
not physical isolation. Tenant data on a
system securely co-mingles with data
from other tenants and shares
deduplication benefits of all data on the
system.
• SMT supports NFS, CIFS, DD Boost, VTL, and replication protocols.
− PowerProtect DD VTL achieves tenant data isolation by using
NDMP.
− DDOS implements an NDMP tape server that allows systems to
send backup data to the DD system using a three-way NDMP
backup.
• SMT supports extended retention and PowerProtect DD Retention
Lock governance edition.
• You can configure DD Retention Lock compliance edition systems that
are configured with SMT but not at the tenant level.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 16

[email protected]
 Exploring Secure Multi-Tenancy

− By enabling tenant-level Retention Lock governance, you impair

MTree function and management. For tenant-level Compliance
Lock deployment, Dell Technologies recommends the tenants use
separate PowerProtect DD systems.
• With SMT, landlords must create all replication contexts.
• SMT does not support tenant-unit level management of system-wide
parameters.

− For instance, depending on the model, a PowerProtect DD system

is limited to the current level of 32 through 256 maximum,
concurrently active MTrees.
− Protection systems support a maximum of 2,048 exports, with the
number of connections scaling in accordance with system memory.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 17

[email protected]
 Configuring Secure Multi-Tenancy

Configuring Secure Multi-Tenancy

Configuring Secure Multi-Tenancy

Configuring Secure Multi-Tenancy

The following are elements in configuring secure multi-tenancy on a

PowerProtect DD system:

Creating a Tenant

The Create Tenant Window in PowerProtect DD System Manager

You can set up SMT using PowerProtect DD System Manager or the

DDOS command line. The system administrator must first create a tenant.
The Multitenancy window is located in the PowerProtect DD Management Center
(DDMC) under Administration.

There are two parts to the Multitenancy window. The first part displays a
list of all tenants and tenant units that the PowerProtect DD System
Manager manages. The second part displays a detailed overview of
selected tenants and tenant units.

When you select All Tenants, a detailed overview displays the number of
configured tenants, tenant units, and host systems.

Create tenant units by clicking the Plus icon +.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 18

[email protected]
 Configuring Secure Multi-Tenancy

Creating a Tenant Unit

Create TenantUnit Options

To create a tenant unit, perform the following steps:

1. Create and provision a tenant unit either manually or automatically in
the Create Tenant Unit window. You can also create empty tenant
units that you can provision later.
2. Provide specific information for a customized tenant unit. You must
provide the host system size, a tenant unit name, security mode, and
the use of an MTree or storage unit.
3. To create a tenant unit, select the tenant from the All Tenants pull
down, click the green plus icon, +.
4. From the window choose either Create a Tenant Unit and manually
provision storage,Create a Tenant Unit and automatically
provision storage, or Create an empty Tenant Unit.
5. Click NEXT.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 19

[email protected]
 Configuring Secure Multi-Tenancy

Identifying and Selecting a Host System

Identify Host System and Select Host System Pages

Inside the Identity Host System, identify a system that DDMC manages
with enough capacity to host your new tenant unit.

An administrator must first set up and configure secure multi-tenancy

(SMT). The multi-tenancy page is located in the PowerProtect DD
Management Center (DDMC) under the Administration tab.

The Multitenancy page has two parts. The first part provides a list of all
tenants and tenant units in the data center. The second part displays an
overview of either the selected tenant or tenant units.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 20

[email protected]
 Configuring Secure Multi-Tenancy

Configuring Administration

The Create Tenant UnitAdministration Page

The Administration page appears.

To configure the administration of the tenant unit, do the following:

1. Provide a Tenant Unit name and Administrator name and
Administrator email.
2. On the Administration page, choose the type of security to enable for
the tenant unit. Click the Use strict security mode checkbox to
enable strict security mode. Selecting strict security mode enforces
strict security at both the source and destination during a replication.
3. Click NEXT.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 21

[email protected]
 Configuring Secure Multi-Tenancy

Configuring MTrees

MTrees Page to Administer MTrees for the Tenant Unit and the Summary Page to Create
the Tenant Unit

On the MTrees page, select the MTree for the tenant unit, or click ADD,
EDIT, or DELETE to modify the MTree list.

To add a MTree, do the following:

1. Click ADD.
2. Click NEXT.
3. On the Summary page, review the configuration and click CREATE.

Important:
If you configure strict security mode, you must create the
tenant in the command line interface using the smt tenant
create tenant-name [tenant-uuid uuid]
command.

Secure Multitenancy Access Management Using RBAC

To provide added security to Secure Multitenancy (SMT), only assigned

users have permission to perform certain tasks. PowerProtect DD

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 22

[email protected]
 Configuring Secure Multi-Tenancy

Management Center (DDMC) uses role-based access control (RBAC) to

control these permissions.

All DDMC users can:

• View all tenants.
• Create, read, update, or delete tenant units that belong to any tenant, if
the user is an administrator on the protection system that is hosting the
tenant unit.
• Assign and revoke tenant units that belong to a tenant if the user is an
administrator on the system hosting the tenant unit.
• Users that are assigned roles on a system hosting the tenant unit may
view tenant units that belong to that tenant.

Setting Network Attributes for SMT

For increased security use these four network-related attributes:

Attribute Description

Tenant Unit You can configure hostnames for individual tenant

Hostname units. These names must resolve to an IP address
within a specified tenant.

Local Data Access Using assigned data access IP addresses enhances

IP Addresses the security of the DD Boost and NFS protocols by
adding SMT-related security checks. Local data
access IPs must be unique IP addresses. Local data
access IPs must not be the same IP to more than a
single tenant.

Remote Data Remote data access IP addresses are the client IP

Access IP addresses, or subnets that you can assign to a
Addresses tenant unit for data access. Unlike the local data
access IP, you may share a remote data access IP
within the same tenant.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 23

[email protected]
 Configuring Secure Multi-Tenancy

Default Gateway You can configure a default gateway for tenant units
belonging to the same tenant.

Exploring Data Access Isolation with Dynamic Interface

Groups

Data Access Isolation with DIGs

A dynamic interface group (DIG) distributes backup application client

connections across available links on the PowerProtect DD system while
maintaining data path isolation. When the system encounters an error on
a link, the DIG configuration initiates a failover to another link within the
isolated virtual local access network (VLAN).

The way to make tenant units work with a DIG is to configure all of the IP
addresses in the DIG as local data access IP addresses within the tenant
unit. The SMT tenant unit takes full advantage of any link that the DIG
provides.

The configuration in /etc/hosts is for DD Boost ifgroup configuration.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 24

[email protected]
 Configuring Secure Multi-Tenancy

Considerations for Data Access Isolation with DIGs

The following are considerations for data

access isolation with DIGs:

• You must configure all DIG interfaces as

tenant unit local data IPs.
• When you add a DIG interface, add the
IP to the local IP of the tenant unit.
• When you remove a DIG interface, first
delete the IP from the DIG and then
delete it from the tenant unit local IP.
• When you assign DIG interfaces to a tenant unit, you cannot use them
to access data that is not part of that tenant unit.

Configuring Network Firewall Settings

Using Local IP Mapping for Data Isolation

Secure multitenancy uses local IP mapping through a net filter as part of

data isolation. In the diagram to the right, the mapping ensures that the
local IP only receives network traffic from a specific remote IP.

The net filter or IP table restricts access by blocking packets that are
based on remote and local IP setups.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 25

[email protected]
 Configuring Secure Multi-Tenancy

In the following diagram, Client 1 has access to certain storage objects

only through local IP1. If Client 1 attempts to access storage objects
through local IP2, the net filter denies access using IP filtering. The
PowerProtect DD system has two tenant units configured. Each tenant
unit has its own assigned local data IP.

Each tenant unit has a firewall rule set to only permit traffic from a certain
client IP address.

If you configure remote IPs with subnets and data ranges, the system
does not perform the tenant isolation check.

Important: When you configure report IPs for a tenant unit,

only share data access IPs with the same tenant on the
PowerProtect DD system.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 26

[email protected]
 Configuring Secure Multi-Tenancy

Configuring Unique Default Gateways for SMT Tenant

Units

Unique Default Gateways Keep Tenant Units Isolated

Unique default gateways between tenants help strengthen the physical

isolation of data between tenants.

In the image on the right, tenants belonging to Gateway 1 may only

access their tenant, tenant unit 1 (tu1) through their unique gateway.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 27

[email protected]
 Configuring Secure Multi-Tenancy

Non-SMT entities within the PowerProtect DD system may not use the
unique default gateways that the administrator assigns a tenant.

SMT supports configuring only targeted default gateways.

Administrators configure targeted gateways by configuring one or more

default gateways for each tenant unit within a PowerProtect DD system.
Individual tenant-unit IP addresses are assigned to the configured
gateways.

Managing Quotas

To meet quality of service (QoS) criteria, a system administrator adjusts

settings in DDOS to control the settings required by a tenant configuration.
The administrator can set both soft and hard capacity quota limits on DD
Boost storage units. You can allocate stream quota limits only to DD Boost
storage units assigned as tenant units. The system sets quotas the
configuration wizard prompts you, but you may adjust or modify them
later.

Once the administrator sets the quotas, the tenant admin can monitor one
or all tenant units. Monitoring ensures that no single object exceeds its
allocated quotas and deprives others of system resources.

Selecting an MTree for Quotas

DD System Manager Data Management > MTree Window

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 28

[email protected]
 Configuring Secure Multi-Tenancy

To access quota settings for MTrees, do the following:

1. Select Data Management > MTree to view the SUMMARY tab.
2. In Quota, click Configure to access the Configure Quota for MTrees
window.

Setting Limits for an MTree

The Configure Quota for MTrees Window

To configure MTree quotas, do the following:

1. TheConfigure Quota for MTrees, displays the MTree Full Path. In
the Quota Settings you can set the Pre-Comp Soft Limit and Pre-
Comp Hard Limit.
2. Click Ok.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 29

[email protected]
 Configuring Secure Multi-Tenancy

Disabling and Configuring an MTree Quota

The Quota Settings Window Allows Administrators to Disable and Configure an MTree
Quota.

To review quotas or change the status of MTree quotas, do the following:

1. Click DataManagement > Quota to open the Quota Settings window.
2. In the Quota Settings window, you can review the list of quotas that are
configured on the system.
3. To configure a quota, select a quota from the list then click Configure
Quota.
4. If MTree quotas are enabled and you want to disable them, click
Disable. If quotas are disabled and you want to enable them, click
Enable.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 30

[email protected]
 Configuring Secure Multi-Tenancy

Tenant Self-Service

Enable Tenant Self-Service in the Edit Tenant Unit Window

When you provision tenant self-service you reduces system administrator

involvement in basic administrative tasks.

Tenant self-service provides tenants some administrator privileges within

their tenant unit in a protection system. Tenant self-service privileges
include adding, editing, and deleting local users, NIS groups, and AD
groups.

The system administrator can provision self-service mode on a tenant

unit and then assign users to manage the unit in the roles of tenant-admin
or tenant-user.

System administrators can enable and disable tenant self-service in the

Administration > Multitenancy > Edit Tenant Unit window. To enable the
service, click the checkbox next to Enable Tenant Self-Service.

Alerts related to secure multi-tenancy are specific to each tenant unit and
differ from PowerProtect DD system alerts. When you enable tenant self-
service, the tenant-admin can choose to receive alerts about the various
system objects. A tenant-admin may only view or modify notification lists
with which they are associated.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 31

[email protected]
 Configuring Secure Multi-Tenancy

Important: If you enable tenant self-service, Dell

Technologies recommends adding local users or groups
with a specific role to monitor the resources within the
tenant unit.

Configuring CIFS and NFS for Secure Multi-Tenancy

In a secure multitenancy (SMT) configuration, backups, and restores

might require client access to the Common Internet File System (CIFS)
shares and Network File System (NFS) exports that reside in the MTree of
the associated tenant unit. The system administrator must create and
configure the MTrees for CIFS and NFS before a tenant user can use
them.

Administrative users and self-service users use command line interface

(CLI) commands to configure and administer CIFS and NFS for SMT. Self-
service users can only see the clients specific to their tenant units.

The following are some of the CLI commands to administer CIFS and NFS
for SMT:
• The mtree create mtree-path [tenant-unit tenant-unit-
name] [quotasoft-limit n {MiB|GiB|TiB|PiB] [quota-
hard-limit n {MiB|GiB|TiB|PiB}] command creates an
MTree in the specified path and sets the capacity soft and hard quotas
for the MTree.
• The mtree modify mtree-path tenant-unit tenant-unit-
namecommand assigns an MTree to a tenant-unit.
• The cifs share create share path path {max-
connections max connections | clients clients |
users users | comment comment} command creates a CIFS
share.
• The nfs show active [tenant-unit tenant-unit]
command displays the NFS clients that are active over the past 15
minutes and the mount path for each client.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 32

[email protected]
 Configuring Secure Multi-Tenancy

• The nfs export add {<export-spec> | all} clients

<client-list> [options <option-list>] command adds a
client of list of clients to one or more exports.
• The nfs show clients [tenant-unit tenant-unit]
command displays NFS clients that can access the PowerProtect DD
system, the mount path, and NFS options for each MTree.

Deep Dive: For more details on administering CIFS and

NFS for SMT, see the Dell EMC DDOS Command
Reference Guide on the Dell Support website.

VTL with Secure Multitenancy

DD Virtual Tape Library (DD VTL) in a Secure Multitenancy Environment

Virtual tape library (VTL) access groups create a virtual access path
between a host system and PowerProtect DD VTL to achieve tenant data
isolation. The physical Fibre Channel connection between the host system
and PowerProtect DD VTL must exist.

The backup application on the host system writes to and reads from the
DD VTL tapes. DD VTL creates the tapes in a DD VTL pool, which is an

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 33

[email protected]
 Configuring Secure Multi-Tenancy

MTree formatted for VTL data. Administrators can assign pools to tenant
units. The association of VTL pools to MTrees enables SMT monitoring
and reporting.

A tenant-admin can run command line interface (CLI) commands to

display read-only information that is related to the MTrees in their tenant
unit. Tenant admins can only run commands on their assigned DD VTL
pools.

The following are some of the CLI commands that tenant-admins can run
to view read-only information about their VTL pools:
• The mtree list command displays a list of MTrees belonging to
their tenant unit.
• The mtree show compression command displays statistics about
compression for their MTree.
• The mtree show performance command displays statistics about
performance for their MTree.

Deep Dive: For more details on administering VTL for SMT,

see the Dell EMC DDOS Command Reference Guide on the
Dell Support website.

Exploring DD Boost MFR with Secure Multitenancy

Multiuser DD Boost is the use of multiple DD Boost user credentials for

DD Boost access control. Each DD Boost user has a separate username
and password.

A storage unit is an MTree configured for the DD Boost protocol. Storage

unit ownership sets user permissions for multi-user DD Boost with secure
multitenancy (SMT). You can associate a user with one or more storage
units, but a storage unit may have only one owner. Administrators must
assign the none role to storage units that are associated with SMT. Only
the storage unit owner can access the data on the storage unit.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 34

[email protected]
 Configuring Secure Multi-Tenancy

SMT supports DD Boost managed file replication (MFR) between two

storage units. One or both storage units may belong to a tenant unit.

During DD Boost MFR, storage units are not replicated in total. Instead,
the backup application selects certain files within a storage unit for
replication. You can replicate files from a storage unit that is assigned to a
tenant unit on one system to a different storage unit assigned to a tenant
unit on another system.

Important: The number of DD Boost usernames cannot

exceed the maximum number of MTrees.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 35

[email protected]
 Monitoring Secure Multi-Tenancy

Monitoring Secure Multi-Tenancy

Monitoring Secure Multi-Tenancy

Monitoring Secure Multi-Tenancy

Tenant Unit Details Lightbox in DDMC

Secure Multi-Tenancy (SMT) management operations include monitoring

tenant units and other objects such as MTrees and storage units. Each
MTree generates performance statistics for historical and real-time
information. The PowerProtect DD system administrator can use these
statistics as a source metric for chargeback.

PowerProtect DD Management Center (DDMC) displays statistical

information of either the Tenant or the Tenant Unitwhich you can access
under Administration > Multitenancy.

Access the Tenant Unit Details lightbox by selecting a specific Tenant from
the All Tenants list and clicking the information icon.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 36

[email protected]
 Monitoring Secure Multi-Tenancy

Some possible causes for network bottlenecks are the following:

• Misconfigured backup software on the client can contribute to
bottlenecks over a data network. It is possible that your client network
now has far more network traffic than when it was originally built.
Hardware issues and device connectivity to the network over the same
port also contribute to slow data throughput.
• Outdated network equipment such as switch ports that do not support
current data transfer technology can cause bottlenecks between
networked devices. Improperly configured or mismatched network
servers can reduce network speeds to the speed of the slowest point in
the datapath. Bottlenecks can also happen within your network servers
due to excessive contention for internal resources. Proper load
balancing in front of a server pool to route traffic to the appropriate
server can solve bottleneck issues.

The Tenant Unit Details lightbox displays the following tabs:

1. The OVERVIEWtab shows information about the Tenant Unit
including Health, Capacity, System Performance, Replication, and
Network Bytes Used.
2. CAPACITY displays a variable meter showing the amount of space
used as a percentage. Capacity also displays Quota amounts
Available and Used.
3. REPLICATION displays the number of Automatic and On-
demandReplication Pairs. Replication also displays Inbound and
Outbound data totals With errors and With unknown status.
4. Network Bytes Used displays Bytes used in the Last 24 hours. The
total Network Bytes break down into Backup, Restore, Replication
inbound, and Replication outbound.
5. SYSTEM CHARTS displays the system graphs for the PowerProtect
DD system of a selected tenant unit that is associated with this tenant.

Monitoring Quotas

Initially, you can set quotas with the Secure MultiTenancy (SMT)
configuration wizard. You can perform quota tasks using the PowerProtect
DD Management Center (DDMC), or the command line.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 37

[email protected]
 Monitoring Secure Multi-Tenancy

Landlords and tenant admins can collect usage statistics and compression
ratios for MTrees associated with their tenant-units using the following
commands:

MTree List

Using the mtree list Command in PowerProtect DD System Manager

For landlords, use the mtree list command to list MTrees that exist on
a PowerProtect DD system. For tenant-admins, use mtree list to list
MTrees within their assigned tenant-unit.

MTree Show Stats

The mtree show stats command collects MTree real-time

performance statistics.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 38

[email protected]
 Monitoring Secure Multi-Tenancy

MTree Show Performance

mtree show performance Command in PowerProtect DD System Manager

The mtree show performance command collects performance

statistics for MTrees associated with a tenant unit.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 39

[email protected]
 Monitoring Secure Multi-Tenancy

MTree Show Compression

mtree show compression Command in PowerProtect DD System Manager

The mtree show compression command collects compression

statistics for MTrees associated with a tenant-unit.

Quota Capacity Show

The quota capacity show Command in PowerProtect DD System Manager

The quota capacity show command lists capacity quotas for MTrees
and storage-units.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 40

[email protected]
 Monitoring Secure Multi-Tenancy

Important: The system administrator can filter the output to

display usage in intervals ranging from minutes to months
and use the results as a chargeback metric.

Deep Dive: For more details about monitoring quotas using

the command line interface, go to the Dell EMC DDOS
Command Reference Guide available on theDell Support
website.

Monitoring and Modifying Physical Capacity

Measurement

Physical capacity measurement (PCM) measures and reports on space

usage information for a subset of storage space. From the DD System
Manager (DDSM), PCM provides space usage information for MTrees.
From the command line, you can view space usage information for
MTrees, tenants, tenant units, and pathsets.

Deep Dive: For more information about monitoring and

modifying physical capacity measurement using the
command line interface, see the Dell EMC DDOS Command
Reference Guide on the Dell Support website.

Tenant admins can perform the following tasks related to PCM:

• Create or destroy a pathset.
• Add or delete paths in a pathset.
• Modify a pathset.
• Start or stop a PCM job.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 41

[email protected]
 Monitoring Secure Multi-Tenancy

• Create, destroy, and modify a PCM schedule.

• Enable or disable a PCM schedule.

Important: Tenant admins can only view PCM activities

belonging to their tenant units.

PCM Operations

PCM provides space usage information for an MTree. You can configure
PCM using both the DD System Manager (DDSM) and the PowerProtect
DD Management Center (DDMC).

Enabling and Disabling PCM

Enabling PCM in DD System Manager

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 42

[email protected]
 Monitoring Secure Multi-Tenancy

Perform the following steps to enable PCM using DD System Manager:

1. Select Data Management > File System > Summary.
2. Click the expand arrow in the bottom right corner to view the Status
Panel.
3. Click Enable to the right of Physical Capacity Measurement status to
enable PCM.
4. Once enabled, click Details to view running PCM jobs.
5. Click Disable to the right of Physical Capacity Measurement status
to disable PCM and cancel all running PCM jobs.

Creating PCM Schedules

Creating a Schedule in DD System Manager

Perform the following steps to create PCM schedules using DD System

Manager:
1. Select Data Management > MTree > MANAGE SCHEDULES.
2. Click the add button + to add a schedule.
3. Enter the name of the schedule and confirm that the Status is
Enabled.
4. Select Priority based on your requirement.
a. Select Normal to submit a measurement task to the processing
queue.
b. Select Urgent to submit a measurement task to the front of the
processing queue.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 43

[email protected]
 Monitoring Secure Multi-Tenancy

5. Select how often the schedule triggers a measurement occurrence:

Every Day, Week,or Month.
a. For Day, select the time.
b. For Week, select the time and day of the week.
c. For Month, select the time and day during the month.
6. Select MTree Assignments for the schedule and click CREATE.

Assigning PCM Schedules to an MTree

Assigning a Schedule in DD System Manager

Perform the following steps to assign PCM schedules to an MTree using

DD System Manager:
1. Select Data Management > MTree > SUMMARY.
2. Select the MTrees to assign schedules to.
3. Scroll down to the Physical Capacity Measurements area and click
Assign to the right of Schedules.
4. Select a schedule to assign to the MTree and click ASSIGN.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 44

[email protected]
 Monitoring Secure Multi-Tenancy

Starting PCM Immediately

Start PCM Measurement Immediately in DD System Manager

Perform the following steps to start the PCM process immediately using
DD System Manager:
1. Select Data Management > MTree > SUMMARY.
2. Scroll down to the Physical Capacity Measurements area and click
Measure Now to the right of Submitted Measurements.
3. Select a Priority as Normal or Urgent and click SUBMIT.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 45

[email protected]
 Monitoring Secure Multi-Tenancy

Monitoring Tenant Alerts

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 46

[email protected]
 Monitoring Secure Multi-Tenancy

Setting Alert Notifications for a Tenant Unit in PowerProtect DD Management Center

Secure Multitenancy (SMT) tenant alerts are specific to each tenant-unit

and differ from PowerProtect DD system alerts1. A PowerProtect DD
system generates events when it encounters potential problems with the
software or hardware. When the system generates an event, members
that are designated in the notification list and the PowerProtect DD admin
are sent an alert notification email.

If a system administrator enables tenant self-service on a PowerProtect

DD system, the tenant admin can:
• Enable alert notifications about SMT system objects and critical
events.
• View or modify Alert Notification Groups to which the alerts are
associated.

Each tenant unit has its own alert notification. Go to Administration>

Multitenancy to access alert notifications.

An Alert Notification Group contains the email addresses of the

recipients who receive alert reports of a specific tenant unit.

Administrators can perform the following tasks on a tenant unit:

• Create or edit or delete notification groups
• Add or delete email addresses

1A PowerProtect DD system generates events when it encounters

potential problems with the software or hardware. When an event is
generated, members that are designated in the notification list and the
PowerProtect DD admin are sent an alert notification email.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 47

[email protected]
 Monitoring Secure Multi-Tenancy

Secure Multitenancy Reporting

You can create status and usage templates to generate reports for Secure
MultiTenancy (SMT). Go to Reports > Management within PowerProtect
DD Management Center (DDMC) to create the templates.

Perform the following steps to add a report template:

Add a Report

Adding a Report to the Reports Management Page

Once logged in to the DDMC interface, select Reports > Management,

and click ADD.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 48

[email protected]
 Monitoring Secure Multi-Tenancy

Choose a Report Type

Choosing the Report Type in the Add Report Template

From the report type page, select Multitenancy Reports and click NEXT.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 49

[email protected]
 Monitoring Secure Multi-Tenancy

Add a Report Template

Daily Status and Usage Metrics Report Templates

From the Add Report Template Content page, provide a Name, Template,
and Sections and click NEXT.

Choose a Report Scope

Choose to Report on Either Tenant Unit or Tenant

From the Add Report Template Scope page, select Tenant or Tenant Unit,
and click NEXT.

Here is an example of the Scope page for both Daily Status and Usage
Metrics report template.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 50

[email protected]
 Monitoring Secure Multi-Tenancy

Add a Schedule

Specify a Schedule in the AddReport Template Window

From the Schedule page, provide Time Span, Schedule, and Report
retention information, and click NEXT.

The following is an example of the Schedule page for both Daily Status
and Usage Metrics report templates:

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 51

[email protected]
 Monitoring Secure Multi-Tenancy

Add Report Recipients

Create a Mailing List of Email Addresses to Receive the Report

From the Email page, enter the email ID and click NEXT.

The PowerProtect DD system generates and sends reports to the

appropriate personnel. You can use these reports for chargebacks to the
various tenants of the system.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 52

[email protected]
 Monitoring Secure Multi-Tenancy

Review and Finish

Review the Report Configurations and Run the Report

Review the information in the Summary page. Confirm that you check the
Save report template and Run report checkboxes then click FINISH.

The following is an example of the Summary page for both Daily

Status and Usage Metrics report templates.

Report Templates

Sections Available in the Daily Status and Usage Metrics Report Templates

You can select different topic sections to report on in a specific report

template.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 53

[email protected]
 Monitoring Secure Multi-Tenancy

When you create a report from a report template, you can add sections
such as a report overview, logical and physical capacity, replication
activity, and the number of network bytes used.

The Daily Status template includes daily status for the tenant or tenant
unit as it pertains to report overview, capacity, replication, and network
bytes used.

The Usage Metrics template includes metrics for the tenant and tenant
unit as it pertains to logical and physical capacity consumption and
network bytes used.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 54

[email protected]
Terms
Landlord
The landlord is the storage administrator for the tenant. The landlord is
responsible for creating, configuring, and managing the SMT system. The
landlord sets up the file systems, tenant units, tenant roles, storage,
networking, replication, and protocols. Landlords monitor overall system
health and replace any failed hardware as necessary.

Network isolation
Administrators can eliminate potential security problems with tenants
accessing the system over the network. They can configure specific
network clients for tenants using local and remote internet protocol (IP).
Local and Remote IPs create a layer of network isolation using access
validation.

Storage unit
A storage unit is an MTree configured for the DD Boost protocol. The
system administrator creates a storage unit and assigns it to a DD Boost
user. The DD Boost protocol permits access only to storage units
assigned to DD Boost users connected to the system.

Tenant
In SMT a tenant is responsible for scheduling and running the backup
application for the tenant customer. Tenants are also responsible for
managing their own tenant units, including configuring backup protocols
and monitoring resources and stats within their tenant unit.

Tenant unit
A tenant unit is a partition of a PowerProtect DD system that serves as the
unit of administrative isolation between tenants. Administrators assign
MTrees to tenant units. A tenant-admin user can configure and monitor a
specific tenant unit. Tenant units may consist of one or more MTrees.
Tenant units can also span multiple PowerProtect DD systems.

PowerProtect DD Secure Multi-Tenancy Implementation and Administration

© Copyright 2023 Dell Inc Page 55

[email protected]
 CAPACITY AND
THROUGHPUT
PLANNING AND
MONITORING

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

Capacity and Throughput Planning and Monitoring 5

Exploring Capacity and Throughput Planning 6
Determining Capacity Needs 6
Considerations When Determining Capacity Needs 6
Exploring Data Reduction Expectations 8
Calculating the Required Capacity 9
Calculating the Required Throughput 11

Exploring System Model Capacity and Throughput Performance 13

Exploring System Model Capacity and Throughput Performance 13
System Model Capacity and Throughput Performance 13
PowerProtect DD Performance Factors 15
Factors That Can Impact Performance 15
Collecting Customer Site Information to Determine Capacity and Throughput Needs 17
Selecting a PowerProtect DD Model Activity 17
Matching Customer Requirements with a Model 19
Scenario 1 20
Scenario 2 22
Scenario 3 24

Monitoring and Tuning Throughput 26

Monitoring and Tuning Throughput 26
Identifying Throughput Performance Issues 26
Monitoring Daily Performance 27
Evaluating Customer Data and Actual Performance 28
Evaluating Customer Data and Actual Performance Using CLI Commands 29
System Utilization 30
Network and Process Utilization 31
CPU and Disk Utilization 32
Monitoring Throughput 33
Evaluating Tuning Solutions 35

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 3

[email protected]
 Considerations When Experiencing System Performance Issues 36

Monitoring File System Space Usage 37

Monitoring File System Space Usage 37
Monitoring File System Space Usage 37
Monitoring the MTree Space Usage 38
Managing File System Capacity 39
Evaluating File System Summary 40
Evaluating Space Usage 42
Evaluating System Consumption 44
Evaluating the Daily Written Chart 46

Exploring File System Cleaning 49

Exploring File System Cleaning 49
Exploring File System Cleaning 49
File System Cleaning Process and DIA 50
File System Cleaning Data Movement 51
Running File System Cleaning 51
Capacity Prediction Enabled Automatic Cleaning 53
File System Cleaning Considerations 55

Appendix 57

Terms 60

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 4

[email protected]
 Exploring System Model Capacity and Throughput Performance

Capacity and Throughput Planning and Monitoring

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 5

[email protected]
 Exploring System Model Capacity and Throughput Performance

Exploring Capacity and Throughput Planning

Determining Capacity Needs

Capacity and throughput planning are two

critical aspects that determine backup
efficiency. Inadequate capacity and
throughput planning can result in backup
failure, backup lags, or even data loss. You
must consider multiple factors when you
plan for your protection system capacity
and performance.

Collect information about your daily backup sizes and the amount of time
to complete the backups. Calculate capacity needs using the information
that you collect about the backup system. Know that these factors can
affect system data capacity requirements to operate data protection
operations successfully.

The key to space savings in a data protection system is the ability for the
system to recognize duplicate data. Data deduplication achieves space
savings by finding and reducing the number of duplicate copies of data
that are stored. The amount of duplicate data within the protection system
sets the limit on space savings that you realize through deduplication.

Considerations When Determining Capacity Needs

The following are factors to consider when determining the capacity needs
for your protection system:

Data Size

The data size is the total physical size of the data that is backed up to a
protection system.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 6

[email protected]
 Exploring System Model Capacity and Throughput Performance

Data Type

Different datatypes can achieve different deduplication levels that are

based on the makeup. For example, image files, virtual images,
precompressed data, encrypted data, and NDMP streams do not
deduplicate well and reduce deduplication levels.

Office workers create files in their normal day-to-day. These files are
examples of data that deduplicates well. Email messages, spreadsheets,
and text documents often contain redundant data that a work community
distributes and shares. Backing up a virtual data center with thousands of
identical virtual machines might experience an overall data reduction of
1000:1.

Deduplication Rate

The deduplication rate is one of the main factors in determining capacity

needs. At the basic level, deduplication eliminates nonunique data
segments within datasets. From this definition, deduplication is not that
different from compression. However, its real distinction is data reduction
against historical data which allows storage savings and prevents copying
similar data from multiple sources. DDOS compresses data at both global
and local levels.

Global compression compares received data to data that is already stored

on disks. If the system identifies data that is already stored, it does not
store that data again. When the system identifies new data, it compresses
the data locally, then writes the data to disk.

Change Rate

Change rate is a difficult factor to calculate. Most normal protection

systems produce an average of 10% changed data per week. Change rate
can vary by when the backups are scheduled and also how frequently
they are performed. For example, an organization might have one weekly
full backup performed every Saturday with incremental backups performed
each weekday.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 7

[email protected]
 Exploring System Model Capacity and Throughput Performance

High change rates can mean low deduplication as new and unique data is
unlikely to match preexisting data on the protection system and
deduplicates poorly.

Retention Policies

Retention policies greatly affect the amount of deduplication on a

protection system. Longer data retention on a protection system results in
greater data reduction. In a protection system that operates a backup
schedule where retained data is repeatedly replaced with new data,
deduplication rates are small.

Exploring Data Reduction Expectations

Data reduction rates vary based on data types, similar data amounts, and
storage duration. It is difficult to determine exactly what rates to expect
from any given protection system and the data it protects. Protection
systems usually achieve the highest data reduction rates when it stores
many full backups.

Estimate conservatively when calculating data reduction through

deduplication. Use an average sample rate over a longer time period as a
starting point for your calculations. Refine the sample data after real data
is available.

Different datatype and sizes affect your data reduction results. According
to Dell Technologies, you can realize up to 65:1 data reduction ratio when
applying best practices for deduplicating data on a PowerProtect DD
appliance.

Consider life cycle management with data deduplication so you balance

performance, availability, usability, and scalability, to optimize your cost of
data storage.

The following are factors that are associated with lower data deduplication
ratios:

• High data change rates

• Active data

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 8

[email protected]
 Exploring System Model Capacity and Throughput Performance

• Using incremental backups

• Shorter data retention length
• Preencrypted, precompressed data

The following are factors that are associated with higher data
deduplication ratios:

• Low data change rates

• Reference and inactive data
• Using full backups
• Longer data retention length
• Unencrypted, uncompressed data

Consider adopting data lifecycle management policies for data protection

that balances performance, availability, usability, and scalability, to
optimize your cost of data storage.

Calculating the Required Capacity

Calculated Capacity on a Protection System

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 9

[email protected]
 Exploring System Model Capacity and Throughput Performance

Calculate the required capacity by adding up the space required to store

data in the following manner:
• Add the first full backup to the total number of incremental backups in a
weekly cycle.

• Then add a complete weekly cycle multiplied by the number of weeks

that the system retains the data.

For example, 10 TB of data is backed up and a conservative reduction

rate is estimated at 5x. This calculation comes to 2 TB which the system
needs for the initial backup. Data amounts increase 10% each day and
incremental backups are 1 TB each.

With an estimated compression of 10x, the amount of space that you need
for each incremental backup is 100 GB.

Continuing the example, you plan to back up 10 TB of data with a

conservative reduction rate of 5x. The calculation results in 2 TB for the
initial backup.

You plan a 10% increase in data daily. Incremental backups are 1 TB

each, uncompressed. You calculate a possible 10x compression for the
incremental backups. The result is about 100 GB space for each
incremental backup.

As subsequent full backups run, the backups likely yield a higher data
reduction rate. If you estimate 20x for the data reduction rate on
subsequent full backups, then 10 TB of data compresses to 500 GB.

Four daily incremental backups require 100 GB each. One weekly backup
that uses 500 GB of space yields a burn rate of 900 GB per week. A 900
GB weekly burn rate over the full 8-week retention period totals an
estimated 7.2 TB storage. 7.2 TB storage includes the daily incremental
backups and the weekly full backups.

When you add the requirement for daily incremental backups to the initial
full backup, you realize a required capacity of about 9.2 TB. On a system
with 10 TB of usable capacity, the appliance operates at about 92% of
capacity. You might need more than an eight percent buffer for current
needs. You might want to consider a system with a larger capacity, or a

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 10

[email protected]
 Exploring System Model Capacity and Throughput Performance

system to which you can add extra storage to compensate for data
growth.

Important: These calculations are for estimation purposes

only. Before determining true capacity, analyze real data
from your system as a part of a sizing evaluation.

Calculating the Required Throughput

Factors to Calculate Data Throughput

While capacity is one part of the sizing calculation, do not neglect

calculating the data throughput rates.

You can calculate the required throughput by dividing the size of the
largest backup by the backup window time.

When making your calculations, consider the effective throughput of both

the PowerProtect DD appliance and the network on which it runs. Both
points in data transfer determine whether the throughput speeds that the

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 11

[email protected]
 Exploring System Model Capacity and Throughput Performance

system needs are reliably feasible. Feasibility can be assessed by running

network testing software such as iPerf.

For example, you must process a full 2 TB backup within a 10-hour

backup window.

You can divide 2 TB by 10 hours. The result is that you need a throughput
rate of at least 200 GB per hour or about 489 Mbps throughput to move
the data to the protection system within the backup window.

With an unrestricted 1 Gb network, with maximum bandwidth available,

this backup would take about half of the 10-hour backup window to finish.
If the network shares throughput resources during the backup time
window, the required backup time could increase considerably.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 12

[email protected]
 Exploring System Model Capacity and Throughput Performance

Exploring System Model Capacity and Throughput

Performance

Exploring System Model Capacity and Throughput

Performance

System Model Capacity and Throughput Performance

The PowerProtect DD series provides efficient data protection and

management on-site and in the cloud. PowerProtect DD appliances
include scalable ecosystem support and comprehensive data protection of
all capacities and needs.

The PowerProtect DD series systems deliver fast and flexible solutions

that are optimized for multi-cloud data protection and future demands.

The following is a table of the PowerProtect DD system models and their

throughput and capacity specifications:

DD3300 DD6400 DD6900 DD9400 DD9900 DDVE

Maximum Up to Up to Up to 15 Up to 26 Up to 41 Up to
Throughput 4.2 12.7 TB/hr TB/hr TB/hr 1.85
TB/hr TB/hr TB/hr

Maximum Up to Up to Up to 33 Up to 57 Up to 94 Up to
Throughput 7.0 27.7 TB/hr TB/hr TB/hr 4.2
with DD TB/hr TB/hr TB/hr
Boost

Logical Up to Up to Up to Up to Up to Up to
Capacity 1.6 PB 11.2 PB 18.7 PB 49.9 PB 97.5 PB 4.8
PB

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 13

[email protected]
 Exploring System Model Capacity and Throughput Performance

Logical Up to Up to Up to Up to Up to Up to
Capacity 4.8 PB 33.5 PB 56.1 PB 149.8 293 PB 14.8
with Cloud PB PB
Tier

Usable 4 TB - 8 TB - 24 TB - 192 TB - 576 TB - Up to

Capacity 32 TB 172 PB 288 TB 768 TB 1.5 PB 96 TB

Usable Up to 96 Up to Up to Up to Up to Up to
Capacity TB 516 TB 864 TB 2.3 PB 4.5 PB 288
with Cloud TB
Tier

The maximum capacity is the amount of usable data storage space for
each PowerProtect DD model. Capacity is based on the maximum number
of drives a specific PowerProtect DD model supports. The maximum
capacity for each PowerProtect DD model assumes the maximum number
of internal and external drives that are supported for that model.

You achieve maximum throughput with a PowerProtect DD system by

using either VTL or DD Boost over Fibre Channel, or DD Boost over 10
Gb Ethernet. The information on this page calculates data throughput
using DD Boost.

The maximum throughput for each PowerProtect DD model depends

mostly on the number and speed capability of the network interfaces that
the system uses to transfer data. Some PowerProtect DD systems have
more and faster processors so they can process incoming data faster.

The number of network streams you may expect to use depends on your
hardware model.

Deep Dive: To learn specific maximum-supported stream

counts and other specifications, see the specific model
PowerProtect DD system guide available on the Dell
Support website.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 14

[email protected]
 Exploring System Model Capacity and Throughput Performance

The system capacity of a PowerProtect DD system assumes a

combination of typical enterprise backup data such as file systems,
databases, mail, and developer files. How often data is backed up
determines the low and high ends of the range.

Important: Advertised capacity and throughput ratings for

PowerProtect DD products are based on tests that Dell
Technologies conducts in laboratory conditions. Your
throughput varies depending on your network conditions.

PowerProtect DD Performance Factors

There are external and internal factors that affect PowerProtect DD

system performance in backup environments.

External factors in the backup environment often impact how fast data is
sent to the PowerProtect DD appliance. External factor bottlenecks do not
affect the potential throughput of the PowerProtect DD appliance.

Internal factors reduce the potential throughput of the PowerProtect DD

appliance. Internal factor bottlenecks require that administrators consider
mitigating the factors to achieve sustained system performance.

Factors That Can Impact Performance

Internal factors that can impact performance include the following:

Simultaneous Streams

Throughput increases when you add simultaneous streams to

PowerProtect DD appliances until peak performance occurs. Adding more
than the maximum recommended streams for an appliance usually
reduces performance. DDOS ensures that performance does not drop
below 85% of the peak throughput when you use simultaneous streams.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 15

[email protected]
 Exploring System Model Capacity and Throughput Performance

System Cleaning

Schedule garbage collection to run at most once weekly. Frequently

running garbage collection might cause data on disk to fragment
excessively and exhibit poor spatial locality. Poor spatial locality often
results in poor read or replication and data movement performance.

Initial Dataset Backup Speeds

The performance values are based on several subsequent full backups.

Sometimes, the initial backup dataset may consist entirely of unique
segments, resulting in no global compression. Unique segments to be
compressed and stored at initial backup cause more work for the
PowerProtect DD system. Initial dataset backup speeds can be more than
30% slower than subsequent dataset backups.

Precompressed Data

An increased replication workload might be a sign of a poor compression

ratio. Replication must transfer more data since deduplication is
decreased. If you are replicating precompressed or preencrypted data, the
replicated data does not deduplicate well and requires replicating more
data.

High Replication Load

Increased replication load can cause poor system performance. If the

replication load is high and the compression ratio drops, your system
might transfer more data across the network. Increased data transfers
slow down replication times and impact performance.

RAID Rebuild

If a storage disk fails, the system must replace the failed disk with a spare
disk. The replacement maintains the full redundancy of the RAID system
and rebuilds all lost data onto the spare disk. During a RAID disk rebuild
the PowerProtect DD system uses system resources that it uses for other
operations.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 16

[email protected]
 Exploring System Model Capacity and Throughput Performance

Number of Storage Shelves

A PowerProtect DD system that has more CPU power, memory, and

network port bandwidth also needs more disks to support system
performance.

Collecting Customer Site Information to Determine

Capacity and Throughput Needs

Determine the required performance and capacity needs of your

protection system by collecting site information. Identify the types and
amounts of data that you intend to protect. Estimate the amounts of the
following:

• Unstructured file data

• Rich media
• Microsoft Exchange data
• Microsoft SQL data
• Microsoft SharePoint data
• Virtual Machines

Consider the daily change rate in the data and retention period.

Selecting a PowerProtect DD Model Activity

Dell Technologies recommends using conservative estimates when

calculating the capacity and throughput you need for your backup
environment. Estimate the need for greater throughput and capacity rather
than less. Apply your requirements against conservative ratings and not
the maximums of a PowerProtect DD system.

The following is a table of the PowerProtect DD system models and their

throughput and capacity specifications:

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 17

[email protected]
 Exploring System Model Capacity and Throughput Performance

DD3300 DD6400 DD6900 DD9400 DD9900 DDVE

Maximum Up to Up to Up to 15 Up to 26 Up to 41 Up to
Throughput 4.2 12.7 TB/hr TB/hr TB/hr 1.85
TB/hr TB/hr TB/hr

Maximum Up to Up to Up to 33 Up to 57 Up to 94 Up to
Throughput 7.0 27.7 TB/hr TB/hr TB/hr 4.2
with DD TB/hr TB/hr TB/hr
Boost

Logical Up to Up to Up to Up to Up to Up to
Capacity 1.6 PB 11.2 PB 18.7 PB 49.9 PB 97.5 PB 4.8
PB

Logical Up to Up to Up to Up to Up to Up to
Capacity 4.8 PB 33.5 PB 56.1 PB 149.8 293 PB 14.8
with Cloud PB PB
Tier

Usable 4 TB - 8 TB - 24 TB - 192 TB - 576 TB - Up to

Capacity 32 TB 172 PB 288 TB 768 TB 1.5 PB 96 TB

Usable Up to 96 Up to Up to Up to Up to Up to
Capacity TB 516 TB 864 TB 2.3 PB 4.5 PB 288
with Cloud TB
Tier

Allow for a minimum 20% buffer in both capacity, stream count, and
throughput requirements:
• Use the required capacity divided by maximum capacity of a particular
model to calculate the capacity percentage.
• Use the required throughput divided by the maximum throughput of a
particular model to calculate the throughput percentage.

If the capacity or throughput for a particular model does not provide at

least a 20% buffer, calculate the capacity and throughput for a
PowerProtect DD model of the next higher capacity. Consider these three

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 18

[email protected]
 Exploring System Model Capacity and Throughput Performance

scenarios for matching customer requirements with a PowerProtect DD

model.

Sometimes one model provides adequate capacity but does not provide
enough throughput, or conversely. Your model selection should
accommodate both throughput and capacity requirements with an
appropriate buffer.

Matching Customer Requirements with a Model

Given the current PowerProtect DD hardware offerings, determine which

model is best suited for the needs of the customer.

The following is a table of the PowerProtect DD system models and their

throughput and capacity specifications:

DD3300 DD6400 DD6900 DD9400 DD9900 DDVE

Maximum Up to Up to Up to 15 Up to 26 Up to 41 Up to
Throughput 4.2 12.7 TB/hr TB/hr TB/hr 1.85
TB/hr TB/hr TB/hr

Maximum Up to Up to Up to 33 Up to 57 Up to 94 Up to
Throughput 7.0 27.7 TB/hr TB/hr TB/hr 4.2
with DD TB/hr TB/hr TB/hr
Boost

Logical Up to Up to Up to Up to Up to Up to
Capacity 1.6 PB 11.2 PB 18.7 PB 49.9 PB 97.5 PB 4.8
PB

Logical Up to Up to Up to Up to Up to Up to
Capacity 4.8 PB 33.5 PB 56.1 PB 149.8 293 PB 14.8
with Cloud PB PB
Tier

Usable 4 TB - 8 TB - 24 TB - 192 TB - 576 TB - Up to

Capacity 32 TB 172 PB 288 TB 768 TB 1.5 PB 96 TB

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 19

[email protected]
 Exploring System Model Capacity and Throughput Performance

Usable Up to 96 Up to Up to Up to Up to Up to
Capacity TB 516 TB 864 TB 2.3 PB 4.5 PB 288
with Cloud TB
Tier

1. A customer estimates that they require 70 TB usable storage for

backups over the next 5 years. They require at least 3.25 TB/hour
throughput to ensure that all data is backed up within their backup
window. Which model would you consider for this scenario?
2. A customer estimates that they require 275 TB usable storage for
backups over the next 5 years. They require at least 15 TB/hour
throughput to ensure that all data is backed up within their backup
window. Which model would you consider for this scenario?
3. A customer estimates that they require 625 TB usable storage for
backups over the next 5 years. They require at least 36 TB/hour
throughput to ensure that all data is backed up within their backup
window. Which model would you consider for this scenario?

Scenario 1

A customer estimates that they require 70 TB usable storage for backups

over the next 5 years. They require at least 3.25 TB/hour throughput to
ensure that all data is backed up within their backup window.

The following is a table of the PowerProtect DD system models and their

throughput and capacity specifications:

DD3300 DD6400 DD6900 DD9400 DD9900 DDVE

Maximum Up to Up to Up to 15 Up to 26 Up to 41 Up to
Throughput 4.2 12.7 TB/hr TB/hr TB/hr 1.85
TB/hr TB/hr TB/hr

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 20

[email protected]
 Exploring System Model Capacity and Throughput Performance

Maximum Up to Up to Up to 33 Up to 57 Up to 94 Up to
Throughput 7.0 27.7 TB/hr TB/hr TB/hr 4.2
with DD TB/hr TB/hr TB/hr
Boost

Logical Up to Up to Up to Up to Up to Up to
Capacity 1.6 PB 11.2 PB 18.7 PB 49.9 PB 97.5 PB 4.8
PB

Logical Up to Up to Up to Up to Up to Up to
Capacity 4.8 PB 33.5 PB 56.1 PB 149.8 293 PB 14.8
with Cloud PB PB
Tier

Usable 4 TB - 8 TB - 24 TB - 192 TB - 576 TB - Up to

Capacity 32 TB 172 PB 288 TB 768 TB 1.5 PB 96 TB

Usable Up to 96 Up to Up to Up to Up to Up to
Capacity TB 516 TB 864 TB 2.3 PB 4.5 PB 288
with Cloud TB
Tier

If both Dell EMC Cloud Tier and DD Boost are used, the customer could
use the DD3300. Otherwise the DD6900 would be the better choice.

If Cloud Tier and DD Boost are used, the DD3300 is a possible solution:
• If DD Boost is the primary protocol that is used for backup data and 7.0
TB/hr is required, a 54% buffer for throughput is achieved.
• If Cloud Tier is used, the DD3300 provides up to 96 TB capacity. The
system capacity provides a 27% buffer.

If Cloud Tier is not used, the DD3300 is not a possible solution:

• If CIFS and NFS are the primary protocols that are used for backup
data, the customer can expect 4.2 TB/hr for backup data. The system
throughput provides a 23% buffer over the requirement.
• If Cloud Tier is not used, the DD3300 provides up to 32 TB capacity.
The system capacity is below the requirement of 70 TB.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 21

[email protected]
 Exploring System Model Capacity and Throughput Performance

The DD6900 is a possible solution even if Cloud Tier and DD Boost are
not used:
• The DD6900 provides up to 15 TB/hr using CIFS or NFS and up to 33
TB/hr when using DD Boost. Regardless of which protocols are used,
the DD6900 exceeds the throughput requirements.
• The DD6900 provides up to 288 TB usable capacity without Cloud
Tier. The system capacity is above the 70 TB storage requirement,
leaving a 76% buffer.

Scenario 2

A customer estimates that they require 275 TB usable storage for backups
over the next 5 years. They require at least 15 TB/hour throughput to
ensure that all data is backed up within their backup window.

The following is a table of the PowerProtect DD system models and their

throughput and capacity specifications:

DD3300 DD6400 DD6900 DD9400 DD9900 DDVE

Maximum Up to Up to Up to 15 Up to 26 Up to 41 Up to
Throughput 4.2 12.7 TB/hr TB/hr TB/hr 1.85
TB/hr TB/hr TB/hr

Maximum Up to Up to Up to 33 Up to 57 Up to 94 Up to
Throughput 7.0 27.7 TB/hr TB/hr TB/hr 4.2
with DD TB/hr TB/hr TB/hr
Boost

Logical Up to Up to Up to Up to Up to Up to
Capacity 1.6 PB 11.2 PB 18.7 PB 49.9 PB 97.5 PB 4.8
PB

Logical Up to Up to Up to Up to Up to Up to
Capacity 4.8 PB 33.5 PB 56.1 PB 149.8 293 PB 14.8
with Cloud PB PB
Tier

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 22

[email protected]
 Exploring System Model Capacity and Throughput Performance

Usable 4 TB - 8 TB - 24 TB - 192 TB - 576 TB - Up to

Capacity 32 TB 172 PB 288 TB 768 TB 1.5 PB 96 TB

Usable Up to 96 Up to Up to Up to Up to Up to
Capacity TB 516 TB 864 TB 2.3 PB 4.5 PB 288
with Cloud TB
Tier

If both DD Boost and Dell EMC Cloud Tier are used, the customer could
use the DD6900. Otherwise the DD9400 would be the better choice.

If Cloud Tier and DD Boost are used, the DD6900 is a possible solution:
• If DD Boost is the primary protocol that is used for backup data 33
TB/hr is backed up, providing a 55% buffer for throughput.
• If Cloud Tier is used, the DD6900 provides up to 576 TB capacity. The
system capacity provides a 52% buffer.

If Cloud Tier and DD Boost are not used, the DD6900 is not a possible
solution:
• If CIFS and NFS are the primary protocols that are used for backup
data, the customer can expect up to 15 TB/hr for backup data. The
system throughput matches the requirement, but leaves no buffer for
growth.
• If Cloud Tier is not used, the DD6900 provides up to 288 TB capacity.
Although the system capacity is above the requirement, it does not
provide the recommended 20% buffer.

The DD9400 is a possible solution even if Cloud Tier and DD Boost are
not used:
• The DD9400 provides up to 26 TB/hr using CIFS or NFS and up to 57
TB/hr when using DD Boost. Regardless of which protocols are used,
the DD9400 exceeds the throughput requirement.
• The DD9400 provides up to 768 TB usable capacity without Cloud
Tier. The system capacity is above the 275 TB storage requirement,
leaving a 64% buffer.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 23

[email protected]
 Exploring System Model Capacity and Throughput Performance

Scenario 3

A customer estimates that they require 625 TB usable storage for backups
over the next 5 years. They require at least 36 TB/hour throughput to
ensure that all data is backed up within their backup window.

The following is a table of the PowerProtect DD system models and their

throughput and capacity specifications:

DD3300 DD6400 DD6900 DD9400 DD9900 DDVE

Maximum Up to Up to Up to 15 Up to 26 Up to 41 Up to
Throughput 4.2 12.7 TB/hr TB/hr TB/hr 1.85
TB/hr TB/hr TB/hr

Maximum Up to Up to Up to 33 Up to 57 Up to 94 Up to
Throughput 7.0 27.7 TB/hr TB/hr TB/hr 4.2
with DD TB/hr TB/hr TB/hr
Boost

Logical Up to Up to Up to Up to Up to Up to
Capacity 1.6 PB 11.2 PB 18.7 PB 49.9 PB 97.5 PB 4.8
PB

Logical Up to Up to Up to Up to Up to Up to
Capacity 4.8 PB 33.5 PB 56.1 PB 149.8 293 PB 14.8
with Cloud PB PB
Tier

Usable 4 TB - 8 TB - 24 TB - 192 TB - 576 TB - Up to

Capacity 32 TB 172 PB 288 TB 768 TB 1.5 PB 96 TB

Usable Up to 96 Up to Up to Up to Up to Up to
Capacity TB 516 TB 864 TB 2.3 PB 4.5 PB 288
with Cloud TB
Tier

If DD Boost and Dell EMC Cloud Tier are used, the customer could use
the DD9400. Otherwise, the DD9900 would be the better choice.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 24

[email protected]
 Exploring System Model Capacity and Throughput Performance

If Cloud Tier and DD Boost are used, the DD9400 is a possible solution:
• If DD Boost is the primary protocol that is used for backup data 57
TB/hr is backed up, providing a 37% buffer for throughput.
• If Cloud Tier is used, the DD9400 provides up to 2.3 PB capacity. The
DD9400 provides a 73% buffer for capacity.

If Cloud Tier and DD Boost are not used, the DD9400 is not a possible
solution:
• If CIFS and NFS are the primary protocols that are used for backup
data, the customer can expect up to 26 TB/hr for backup data. The
maximum throughput of the DD9400 is below the requirement of 36
TB/hr.
• If Cloud Tier is not used, the DD9400 provides up to 768 TB capacity.
The system capacity provides only a 19% buffer for capacity.

The DD9900 is a possible solution even if Cloud Tier and DD Boost are
not used:
• The DD9900 provides up to 41 TB/hr using CIFS or NFS and up to 94
TB/hr when using DD Boost. Regardless of which protocols are used,
the DD9900 exceeds the throughput requirement.
• The DD9900 provides up to 1.5 PB usable capacity without Cloud Tier.
The capacity of the system is well above the 625 TB storage
requirement, leaving a 58% buffer.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 25

[email protected]
 Monitoring and Tuning Throughput

Monitoring and Tuning Throughput

Monitoring and Tuning Throughput

Identifying Throughput Performance Issues

Potential Bottleneck Locations

Integrating PowerProtect DD systems into an existing backup architecture

can change the responsiveness of the backup system. Bottlenecks can
restrict the flow of data being backed up.

As demand shifts among system resources, the source of the bottlenecks

can shift.

Eliminate bottlenecks where possible. Monitor all network segments in the

datapath between client and protection to identify possible choke points.
Tune the system to mitigate causes for reduced performance.
PowerProtect DD systems collect and report performance metrics through
real-time reporting and log files to help identify potential bottlenecks and
their causes.

Consider using tools such as Dell Data Protection Advisor (DPA) to gain
actionable insights about what the bottleneck may be in a backup solution.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 26

[email protected]
 Monitoring and Tuning Throughput

DPA can monitor Ethernet and Fibre Channel switches, backup

applications, and client performance.

Monitoring Daily Performance

Throughput Monitoring Resources in DDMC

System monitoring is the key to understanding and removing the causes

of the performance throughput and capacity issues.

Use PowerProtect DD Management Center (DDMC) to perform daily

monitoring. The DDMC dashboard widgets can help prevent serious
problems from happening. Dashboard widgets show real-time capacity
and throughput information. Monitoring capacity is important because
near-full capacity conditions can contribute to system performance issues.

Dashboard widgets provide an overview of key performance indicators for

the monitored appliances. The widgets in DDMC include Health Status,
Active Alerts, Capacity Thresholds, Capacity Used, Replication Status, Lag
Thresholds, High Availability Readiness, and Cloud Health.

Resource charts in DDMC show information about CPU utilization

percentage for the system and when the system performs cleaning.
Network throughput charts show when a system experiences bandwidth-
related bottlenecks. You can determine the amount of network bandwidth
the systems that share the same subnet use. Observing bandwidth allows
you to see if any systems are using more than expected or enabled by IT
departments.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 27

[email protected]
 Monitoring and Tuning Throughput

Replication charts list the counts of different automatic and on-demand

replication pairs. Inbound characteristics and Outbound
characteristics charts show inbound and outbound counts. The
Throughput chart shows throughput characteristics for both automatic
and on-demand replication pairs.

Evaluating Customer Data and Actual Performance

Reports > Management Tab in DDMC

The DD System Manager (DDSM) and PowerProtect DD Management Center

(DDMC) offer tools and reports you can use for evaluating data and
performance. The real-time charts in DDSM are a good way to see the
effect data movement is having on the data domain. The following are
some of the reports:
• In the DDSM, from Replication History and Replication Detailed History,
you can see the hourly breakdown of replication operations.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 28

[email protected]
 Monitoring and Tuning Throughput

• In the DDSM, use the Replication Throttle dialog to check throttle

settings on a PowerProtect DD appliance.
• In the DDMC, use the Replication Data Transferred over 24 hr that reports
replication operations over a 24-hour period.
• In the DDMC, use the Optimized Deduplication Data Transfer
History that displays DD Boost managed file replication (MFR) and
DD Boost replication statistics.

Evaluating Customer Data and Actual Performance

Using CLI Commands

From the command line interface (CLI) of a PowerProtect DD appliance,

you can use the following commands for evaluating data and
performance:
• Use the replication status [destination | tenant-unit
tenant-unit | all] [detailed] command to show the status
of replication.
• Use the ddboost file-replication show stats command to
monitor outbound and inbound traffic on a protection system during
replication. The compression ratio increases when you enable low-
bandwidth optimization.
• Use the ddboost show stats [ interval seconds ] [count
count] command to show DD Boost statistics. The interval is an
optional number of seconds with a minimum of 1 and a maximum of
4294967295. The count is an optional ordinal value with a minimum of
1 and a maximum of 4294967295.
• Use the system show performance [raw | fsop | view
{legacy | default} custom-view {state | throughput |
protocol | compression | streams |utilization |
mtree-active},...] [duration duration {hr | min}
[interval interval {hr | min}]] command to display system
performance statistics for a designated interval. If you enter this
command without the custom-view argument, the standard
performance report appears.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 29

[email protected]
 Monitoring and Tuning Throughput

Deep Dive: For more details on using CLI commands to

evaluate customer data and actual performance, see the
Dell EMC DDOS Command Reference Guide available on
the Dell Support website.

System Utilization

You can monitor system utilization only

through the DD Operating System
command-line interface, using the system
show performance command. With
system show performance you can
monitor the number of active Mtrees and
streams your system is using during the
backup window.

Deep Dive: For more details on using CLI commands to

evaluate system utilization and performance, see the Dell
EMC DDOS Command Reference Guide available on the
Dell Support website.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 30

[email protected]
 Monitoring and Tuning Throughput

Network and Process Utilization

The system show performance Command

The system show performance command displays system

performance and utilization statistics for an interval that you can
designate. The following list describes the output categories for the
Protocol section in the system show performance command:
1. ops/s shows the number of operations per second.
2. load indicates the load percentage of pending ops and total remote
procedure call operations.
3. data (MB/s) is the amount of data that the file system can read from
and write to the kernel socket buffer.
4. wait (ms/MB) is the time that it takes to send and receive 1 MB of data
from the file system to the kernel socket buffer.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 31

[email protected]
 Monitoring and Tuning Throughput

Important: Protocol data includes Network File System

(NFS), Common Internet File System (CIFS), DD Boost over
IP, and DD Boost-managed replication and optimized
duplication. Data does not include Replication, Virtual Tape
Library (VTL) over Fibre Channel, or DD Boost over Fibre
Channel.

CPU and Disk Utilization

The system show performance output includes the state and

percentage of central processing unit (CPU) and disk utilization.

The following explains the system show performance command

output details for the system State:

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 32

[email protected]
 Monitoring and Tuning Throughput

1. The State column shows the state of the CPU. If the CPU is
performing only one type of operation, it reports only one state.
a. C indicates that the system is performing file system cleaning
operations.
b. D indicates that the system is reconstructing data onto a
replacement.
c. V – file verification
2. CPU avg/max reports the average and maximum CPU utilization in
percent. The number in brackets is the CPU ID of the most-loaded
CPU.
3. Disk max reports the highest disk utilization over all disks. The number
in brackets is the disk ID of the most-loaded disk.

If the CPU utilization shows 80% or greater or if the disk utilization is 60%
or greater for an extended period, the PowerProtect DD appliance is likely
to run out of disk capacity or reach the CPU processing maximum.
Confirm that the system is not performing cleaning or disk reconstruction
operations. You can check cleaning and disk reconstruction in the State
column of the system to show performance output.

The processes that the system show performance command reports

in the State column impact the amount of CPU utilization for handling
backup and replication activity.

Monitoring Throughput

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 33

[email protected]
 Monitoring and Tuning Throughput

The Output of the system show stats Command

In addition to watching disk utilization, you should monitor the rate at

which the system receives and processes data. The system measures the
throughput statistics at several points in the system to analyze
performance and help identify throughput issues.

If slow performance occurs in real-time, use the command-line interface to

run the system show stats interval [interval in seconds]
command. The system shows stats command reports CPU activity
and Disk readandDisk write amounts. For example, system show
stats interval 2 produces a new line of data every two seconds.

In the example report on this page, you can see a high and steady amount
of data inbound on the network interface eth0a. The amount of inbound
data indicates that the backup host is writing data. The incoming data is
backup traffic, and not replication traffic as the Repl column indicates no
activity.

The likely issue causing the low Disk write rates is the high number of
duplicate data segments that are duplicates of segments arriving on the
system. The PowerProtect DD appliance identifies the duplicates in real-
time as they arrive and writes only those new segments it detects.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 34

[email protected]
 Monitoring and Tuning Throughput

Evaluating Tuning Solutions

Tune a PowerProtect DD system using the following recommendations:

• Do not run file system cleaning during times of heavy data intake.
• Separate backup and replication activities to improve performance.
Perform backups first and then replicate the system completes the
backups.
• Consider using link aggregation for increased network reliability and
availability.
• Reduce network latency by decreasing the number of network hops to
the PowerProtect DD appliance.
• Isolate the network to improve network performance and security.
• Consider implementing DD Boost to improve throughput to and from
your PowerProtect DD system.

When you identify performance problems, document the time when you
observe poor performance to know where to look in the system show
performance output.

Important: If you notice abnormally high CPU utilization for

an extended period and cannot identify the cause, contact
Dell Support for assistance.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 35

[email protected]
 Monitoring and Tuning Throughput

Considerations When Experiencing System

Performance Issues

If you experience system performance issues, for example, if you are

exceeding your backup window, or if throughput is slower than expected,
consider the following:
• From the command-line interface, run the system show
performance command. Review the Streams columns output and
confirm that the system does not exceed the recommended maximum
write and read stream count.
− Review the active read streams and active write streams columns
to determine the stream count. Compare the active stream count
with the recommended number of streams supported for your
system. If you are unsure about the recommended stream number,
contact Dell Support for assistance.
− Review the CPU utilization. Extended periods of high CPU
utilization may suggest that the workload exceeds the processing
capacity of the CPU.
− Review the State output of the system show performance
command. Confirm that the system is not running cleaning or disk
reconstruction. Both cleaning and disk reconstruction operations
are processor intensive and reduce the performance of other
operations.
• From the command line interface, review the output of the
replication show performance all command. Confirm that
there is no replication in progress. If there is no replication activity, the
output should report zeros in the columns.

− Press Ctrl + C to stop the command. Performing replication

during data ingestion might cause slower-than-expected system
performance. Separate data ingestion and replication operations in
your backup schedule.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 36

[email protected]
 Monitoring File System Space Usage

Monitoring File System Space Usage

Monitoring File System Space Usage

Monitoring File System Space Usage

Data Management > File System Window Tabs Layout

During normal data protection operations, you must maintain proper file
system space on your PowerProtect DD appliance. In DD System Manager
(DDSM), select Data Management > File System to review details about
the file system.

The File System window provides the following tabs for monitoring details:
• The SUMMARY tab shows space usage statistics for the active and
cloud tiers.
• The DDENCRYPTION tab displays encryption types, status, and
progress. You must license the DD Encryption feature in order to view
any status for encryption.
• The CHARTS tab displays graphs for Space Usage, Consumption, and
Daily Written over time.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 37

[email protected]
 Monitoring File System Space Usage

− The Consumption tab displays space that is used over time in

relation to total system capacity.
− The Daily Written tab displays data flow over time for pre- and
post-compression amounts.
− The Settings button provides compression type settings, workload
balance, and cleaning schedule options.
Monitor data growth using the following tools:
• Graphic reports allow administrators to see trends in data growth over
time. Both DDSM and PowerProtect DD Management Center provide
graphic reports of file system space usage for PowerProtect DD
appliances.
• Capacity and quota alerts at the system and MTree level. The
PowerProtect DD system sends email alerts to specific recipients when
an MTree reaches its soft and hard quota limits. The system sends
alerts when the file system reaches 90%, 95%, and 100% full.
• The daily autosupport includes information about the system and
MTree capacity. The system sends the daily autosupport report daily at
6 am by default.

Caution: If any of these factors increase above the original

sizing plan, your backup system can overrun its capacity.

Monitoring the MTree Space Usage

Select Data Management > MTree in order to view details about MTrees
available for use on the system.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 38

[email protected]
 Monitoring File System Space Usage

The Data Management > MTree Window Tabs Layout

The MTree window provides the following tabs for monitoring details:
• The SUMMARY tab displays the selected MTree Details, configured
Quotas, Protocols in use, Snapshots, Physical Capacity Measurements
(PCM) and Retention Lock Status.
• The SPACE USAGE tab displays a space usage graph for the
selected MTree.
• The DAILY WRITTEN tab displays a graph of data written daily over a
selected time.

Managing File System Capacity

PowerProtect DD systems have three levels of storage capacity. As a

PowerProtect DD system reaches a new level, the file system
progressively disallows more operations. At each level, you should make
disk space available by deleting data and performing a file system
cleaning operation.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 39

[email protected]
 Monitoring File System Space Usage

The following are the three levels of capacity and methods to reduce the
amount of space used on the system:
• Level 1 is where capacity reaches a point that the appliance cannot
write additional data to the file system. The system generates an out of
space alert.
− To remedy a level 1 capacity limit alert, delete unneeded datasets.
Shorten the data retention period on the system. Lastly, delete
snapshots, and then perform a file system cleaning operation to
recover space.
• Level 2 is where capacity reaches a point that you cannot delete files
because deleting files requires free space.
− To remedy a level 2 capacity limit, expire snapshots and perform a
file system cleaning operation to recover space.
• Level 3 is where all attempts to expire snapshots, delete files, or write
new data fail.

− To remedy a level 3 capacity limit, perform a file system cleaning

operation to free enough space to delete some files. Expire
snapshots that you might not need and then rerun the cleaning.
The system generates capacity alerts at 75%, 90%, 95%, and 100% full.
You can create a list of capacity alert recipients by setting up a notification
group in the Health > Alerts > NOTIFICATION tab.

Important: If you are unable to resolve an out of space

condition on your PowerProtect DD system, contact Dell
Support for assistance.

Evaluating File System Summary

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 40

[email protected]
 Monitoring File System Space Usage

The Data Management > File System > SUMMARY Page in DD System Manager

In the DD System Manager, the Data Management > File System >
SUMMARY page displays current space usage and availability. The
SUMMARY page also provides an up-to-the-minute indication of the
compression factor.

You can monitor CPU and disk utilization in the state and utilization
options of the command output.

The Space Usage section shows two panes:

• The Active Tier Space Usage Tier section shows the amount of disk space
available based on the last cleaning.

− Size displays the total physical space for data storage.

− Used displays the physical space that the system uses for
compressed data. Warning messages go to the system log and an
email alert is generated when the use reaches 90%, 95%, and
100%. When the system reaches 100% used, the PowerProtect DD
appliance accepts no more data from backup hosts.
− Available displays the amount of available space remaining for
data storage. The available amount can change because an

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 41

[email protected]
 Monitoring File System Space Usage

internal index may expand as the appliance fills with data. The
index expansion takes space from the available amount.
− Cleanable displays the estimated amount of space that the system
could reclaim after running a cleaning operation.
• The Active Tier (Last 24-Hours) section displays compression information.

− Pre-Compression displays the amount of data that the system

uses before data reduction.
− Post-Compression displays the amount of storage that the system
uses after data reduction.
− Global-Compression Factor is the total compression ratio,
deduplication plus local compression. Global Compression
measures the data reduction effect of deduplication
− Local-Compompression measures the data reduction effect of the
LZ, GZ Fast or GZ compression algorithms.
− Total Compression Factor (Reduction %) is the product of the
global compression and local compression factors.

Evaluating Space Usage

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 42

[email protected]
 Monitoring File System Space Usage

Data Management > File System > Chart > Space Usage Chart in DD System Manager

In the DD System Manager, the Data Management > File System >
CHARTS page displays graphs depicting how the PowerProtect DD writes
and stores data on the PowerProtect DD appliance.

The Space Usage chart contains a graph that displays a visual

representation of data usage for the system. The Date Range choices are
one week, one month, three months, one year and All. You can also
enter custom date ranges.

Factors that affect data growth on a PowerProtect DD system include the

following:
• The size and number of datasets backing up to a system
• Pre-compressed data formats do not compress or deduplicate as
efficiently as noncompressed files. Pre-compressed and encrypted
data increase the amount of space used on the system.
• The retention period that is specified in the backup software might fill
more space on the system. The longer you retain data on the system,
the larger the amount of storage space you should make available.

The lines of the Space Usage chart denote measurements for the following:
• Pre-Comp Used is displayed as a blue line with blue shading. Pre-
Comp Used is the total amount of data that backup servers send to

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 43

[email protected]
 Monitoring File System Space Usage

the protection system. A backup server sees the total uncompressed

data that is held by the protection system as pre-compressed data.
• Post-Comp Used is displayed as a red line with red shading. Post-
Comp Used is the total amount of disk storage in use on the
PowerProtect DD appliance.
• Comp Factor is displayed as a green line with green shading. Comp
Factor is the amount of compression the PowerProtect DD appliance
has performed with the data it received.

Evaluating System Consumption

In the DD System Manager, the Data Management > File System >
CHARTS page displays written and stored data on the PowerProtect DD
appliance in graph format.

The Consumption chart displays a visual representation of data usage for

the system over time. The Date Range choices are 1w, one week,
1m,one month, 3m, three months, 1y, one year, and All. You can also
enter custom date ranges.

The Consumption chart provides a cumulative representation of the

amount of space the system has consumed. The chart also shows the
amount of deduplication against the total capacity of the system. You can
also view the time lines and durations for system cleaning and data
movement operations.

The following is an example consumption chart comparing Space Useage

data against Capacity:

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 44

[email protected]
 Monitoring File System Space Usage

Capacity

The File System Consumption Chart in DD System Manager

Selecting the Capacity item changes the chart so that it displays the
amount of space used relative to the total capacity of the system, with a
blue line indicating the storage limit.

The Capacity view also displays cleaning start and stop data points. The
graph covers one week by default and displays one cleaning event. This
PowerProtect DD appliance has its cleaning schedule set to one day per
week.

In the Consumption view, you can observe trends in space availability on

the PowerProtect DD appliance, such as changes in space availability and
compression in relation to cleaning processes.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 45

[email protected]
 Monitoring File System Space Usage

Space Useage

The File System > CHARTS > Consumption Chart Capacity Graph in DD System
Manager

When you view the Post-Comp Used graph, you can see the space that
the system consumes over time.

Post-Comp Used is the amount of storage consumed after compression.

This view is helpful to see trends in space availability on the PowerProtect

DD system. These trends include changes in space availability and
compression in relation to cleaning processes.

The chart displays Pre-Comp Used data in blue, Post-Comp Used data
in red, the Comp Factor in green.

Evaluating the Daily Written Chart

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 46

[email protected]
 Monitoring File System Space Usage

Data Management > File System > CHARTS > Daily Written Chart

The Data Management > File System > CHARTS page displays graphs
depicting how data is written and stored on the PowerProtect DD
appliance.

The Daily Written graph displays a visual representation of data flow over
time.

The Daily Written graph allows you to see data ingestion and
compression factor results over a duration that you select. You may notice
trends in compression factor and ingestion rates. The graph shows data
amounts for both precompression and postcompression.

Global-Comp Factor displays the compression factor amount of the files

after the system deduplicates the data.

Local-Comp Factor displays the compression factor of the files when the
system writes them to disk. The default local compression method on
most PowerProtect DD appliances is GNU zip fast gzfast. Other
supported compression types are Lempel-Ziv lz, GNU zip gz, and none.

The PowerProtect DD3300 and PowerProtect DD Virtual Edition instances

use lz compression by default. Legacy Data Domain models also use lz
as the default compression algorithm. lz compression provides the best
throughput and uses the fewest CPU cycles on these systems.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 47

[email protected]
 Monitoring File System Space Usage

Gz is a zip-style compression that uses the least amount of space for data
storage. Gz compression uses 10% to 20% less space than lz on
average. However, some datasets get higher compression. PowerProtect
DD systems often use the gz compression type for nearline storage
applications in which performance requirements are low.

Gzfast is a zip-style compression that uses less space for compressed

data but it consumes more CPU cycles unless you add additional
hardware to support its operation.

Deep Dive: For more detailed information about the

compression types mentioned in this topic, see the Dell
EMC DDOS Administration Guide available on the Dell
Support website.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 48

[email protected]
 Exploring File System Cleaning

Exploring File System Cleaning

Exploring File System Cleaning

Exploring File System Cleaning

The File System Marks Expired Data For Deletion During File System Cleaning

The PowerProtect DD file system manages expired data in the following

manner:
1. When you expire data through the backup application, the
PowerProtect DD file system marks that data for deletion.
2. The file system does not delete the data immediately. Instead, the file
system removes expired data during the next scheduled file system
cleaning operation.
3. File system cleaning deletes expired data and reorganizes empty
space and remaining data.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 49

[email protected]
 Exploring File System Cleaning

The cleaning process uses a significant amount of system resources. File

system cleaning is self-throttling and gives up system resources in the
presence of user traffic.

Running file system cleaning can take from several hours to several days
to complete depending on the amount of space the file system must clean.

File System Cleaning Process and DIA

File System Cleaning Overview

PowerProtect DD Operating System uses a data invulnerability

architecture (DIA) that requires the system to write data into new, empty
containers. You cannot overwrite written data in existing containers at any
time. DIA also applies to file system cleaning. During file system cleaning,
the system reclaims the space that expired data once used.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 50

[email protected]
 Exploring File System Cleaning

File System Cleaning Data Movement

The File System Cleaning Process

Since the PowerProtect DD system uses a log-structured file system, the

system must reclaim the deleted space. The reclamation process runs
automatically as a part of file system cleaning.

The PowerProtect DD system can perform all normal operations during

the cleaning process. Operations include accepting data from backup
systems. Cleaning requires enough free capacity to store the cleanable
containers until the file system can verify them.

Running File System Cleaning

You can run file system cleaning by scheduling the operation or running it
manually.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 51

[email protected]
 Exploring File System Cleaning

Schedule File System Cleaning

File System Settings > CLEANING Window In DD System Manager

You can run file system cleaning by setting a schedule for both the active
and the cloud tier.

To schedule file system cleaning, do the following:

1. In DD System Manager, go to Data Management > File System >
SUMMARY > Settings > CLEANING.
a. The CLEANING tab of the File System Settings dialog displays the
configurable settings for each tier.
2. Select the cleaning frequency in the Frequency drop-down list.
3. Click Save.

Immediately Start File System Cleaning

If the system skips scheduled cleaning operations, you can run an

unscheduled file system cleaning. If the system detects an anomaly in the
amount of deleted data, it skips file system cleaning.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 52

[email protected]
 Exploring File System Cleaning

Running file system cleaning manually requires that a security policy

exists on the system. You must also obtain security officer authorization to
initiate cleaning.

To manually start a file system cleaning session, do the following:

1. Open a command-line interface (CLI) session on the PowerProtect DD
system.
2. Run the filesys clean start command.
a. The following message appears: Cleaning started. Use
'filesys clean watch' to monitor progress.
3. To confirm that the cleaning process is active, run the filesys
status command.

a. The following message appears: The filesystem is enabled

and running.

Capacity Prediction Enabled Automatic Cleaning

Another feature of the filesys clean command is capacity prediction

enabled automatic cleaning. Running a weekly scheduled cleaning on
systems that do not have a high capacity usage can impact system
performance and claims minimal space. Capacity prediction-enabled
automatic cleaning resolves this issue.

Capacity prediction enabled automatic cleaning predicts the plausible

capacity usage of the system over time that is based on the current
capacity usage and data ingest trends. Automatic cleaning uses this
prediction engine to start cleaning on the active tier when it detects the
system might exceed the specified automatic cleaning thresholds.

Use the command-line interface (CLI) command filesys clean skip

schedule estimate-percent-used [percent] days [days].

If the system can reach the specified capacity percentage in the specified
number of days, it initiates cleaning on the active tier. On a scheduled
date and time, the system checks if the estimated capacity usage can be
reached in the specified number of days. If possible, set the days option

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 53

[email protected]
 Exploring File System Cleaning

to twice the number of days set with the filesys clean set
schedule command.

For example, if you schedule cleaning to run once per week, set the Days
option to 14. If you schedule cleaning biweekly, set the Days option to 28.
If the specified estimate-percent-used is achievable, the system
initiates cleaning on the active tier. If the percentage is not achievable, the
system skips the cleaning operation.

Automatic Cleaning Using the filesys clean schedule show Command

The benefits of capacity prediction automatic cleaning include the

following:
• Cleaning starts on the active tier by predicting the system capacity that
is based on current capacity usage and ingest trends.
• You can view capacity predictions using show commands.
• Running on a predictive basis improves system performance.

Deep Dive: For more information about capacity prediction

enabled automatic cleaning, see the Dell EMC DDOS
Administration Guide available on the Dell Support website.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 54

[email protected]
 Exploring File System Cleaning

File System Cleaning Considerations

Some key considerations of file system

cleaning include:
• Run the filesys clean command
when you know system traffic periods
are low.
• Set the throttle to 50% or lower to
prevent other processes from slowing.
• Dell Technologies recommends running
filesys clean after the first full
backup to a PowerProtect DD system. An immediate filesys clean
operation can increase the system compression factor by 1.5 times.
• If you take the file system offline the cleaning process stops.
• Encryption and GNU-zip gz compression increases cleaning process
time.
• You must remove all pointers to data before that data is a candidate for
cleaning.
• If the PowerProtect DD system is not short on disk space, consider
reducing the cleaning frequency.

Important: Dell Technologies recommends running file

system cleaning no more than once per week. Running file
system cleaning more often can increase data
fragmentation and result in poor read, replication, and other
data movement performance.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 55

[email protected]
[email protected]
Appendix

Scenario 1
A customer estimates that they require 70 TB usable storage for backups
over the next 5 years. They require at least 3.25 TB/hour throughput to
ensure that all data is backed up within their backup window.

If both Dell EMC Cloud Tier and DD Boost are used, the customer could
use the DD3300. Otherwise the DD6900 would be the better choice.

If Cloud Tier and DD Boost are used, the DD3300 is a possible solution:
• If DD Boost is the primary protocol that is used for backup data and 7.0
TB/hr is required, a 54% buffer for throughput is achieved.
• If Cloud Tier is used, the DD3300 provides up to 96 TB capacity. The
system capacity provides a 27% buffer.

If Cloud Tier is not used, the DD3300 is not a possible solution:

• If CIFS and NFS are the primary protocols that are used for backup
data, the customer can expect 4.2 TB/hr for backup data. The system
throughput provides a 23% buffer over the requirement.
• If Cloud Tier is not used, the DD3300 provides up to 32 TB capacity.
The system capacity is below the requirement of 70 TB.

The DD6900 is a possible solution even if Cloud Tier and DD Boost are
not used:
• The DD6900 provides up to 15 TB/hr using CIFS or NFS and up to 33
TB/hr when using DD Boost. Regardless of which protocols are used,
the DD6900 exceeds the throughput requirements.
• The DD6900 provides up to 288 TB usable capacity without Cloud
Tier. The system capacity is above the 70 TB storage requirement,
leaving a 76% buffer.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 57

[email protected]
 Appendix

Scenario 2
A customer estimates that they require 275 TB usable storage for backups
over the next 5 years. They require at least 15 TB/hour throughput to
ensure that all data is backed up within their backup window.

If both DD Boost and Dell EMC Cloud Tier are used, the customer could
use the DD6900. Otherwise the DD9400 would be the better choice.

If Cloud Tier and DD Boost are used, the DD6900 is a possible solution:
• If DD Boost is the primary protocol that is used for backup data 33
TB/hr is backed up, providing a 55% buffer for throughput.
• If Cloud Tier is used, the DD6900 provides up to 576 TB capacity. The
system capacity provides a 52% buffer.

If Cloud Tier and DD Boost are not used, the DD6900 is not a possible
solution:
• If CIFS and NFS are the primary protocols that are used for backup
data, the customer can expect up to 15 TB/hr for backup data. The
system throughput matches the requirement, but leaves no buffer for
growth.
• If Cloud Tier is not used, the DD6900 provides up to 288 TB capacity.
Although the system capacity is above the requirement, it does not
provide the recommended 20% buffer.

The DD9400 is a possible solution even if Cloud Tier and DD Boost are
not used:
• The DD9400 provides up to 26 TB/hr using CIFS or NFS and up to 57
TB/hr when using DD Boost. Regardless of which protocols are used,
the DD9400 exceeds the throughput requirement.
• The DD9400 provides up to 768 TB usable capacity without Cloud
Tier. The system capacity is above the 275 TB storage requirement,
leaving a 64% buffer.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 58

[email protected]
 Appendix

Scenario 3
A customer estimates that they require 625 TB usable storage for backups
over the next 5 years. They require at least 36 TB/hour throughput to
ensure that all data is backed up within their backup window.

If DD Boost and Dell EMC Cloud Tier are used, the customer could use
the DD9400. Otherwise the DD9900 would be the better choice.

If Cloud Tier and DD Boost are used, the DD9400 is a possible solution:
• If DD Boost is the primary protocol that is used for backup data 57
TB/hr is backed up, providing a 37% buffer for throughput.
• If Cloud Tier is used, the DD9400 provides up to 2.3 PB capacity. The
DD9400 provides a 73% buffer for capacity.

If Cloud Tier and DD Boost are not used, the DD9400 is not a possible
solution:
• If CIFS and NFS are the primary protocols that are used for backup
data, the customer can expect up to 26 TB/hr for backup data. The
maximum throughput of the DD9400 is below the requirement of 36
TB/hr.
• If Cloud Tier is not used, the DD9400 provides up to 768 TB capacity.
The system capacity provides only a 19% buffer for capacity.

The DD9900 is a possible solution even if Cloud Tier and DD Boost are
not used:
• The DD9900 provides up to 41 TB/hr using CIFS or NFS and up to 94
TB/hr when using DD Boost. Regardless of which protocols are used,
the DD9900 exceeds the throughput requirement.
• The DD9900 provides up to 1.5 PB usable capacity without Cloud Tier.
The capacity of the system is well above the 625 TB storage
requirement, leaving a 58% buffer.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 59

[email protected]
Terms
Data lifecycle management (DLM)
DLM is a policy-based approach to managing the flow of information
system data throughout its lifecycle: from creation and initial storage to
backup, archive, and deletion.

Spatial locality
Spatial locality also termed data locality is the use of data elements within
relatively close storage locations.

Weekly cycle
The weekly cycle is the number of days that the system runs an
incremental backup. The number of days in a cycle is typically four to six
days in a week.

Capacity and Throughput Planning and Monitoring

© Copyright 2023 Dell Inc Page 60

[email protected]
 DELL POWERPROTECT
DD MANAGEMENT
CENTER
ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
 Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 2

[email protected]
Table of Contents

PowerProtect DD Management Center 5

Overview 5
Features and Limitations of the PowerProtect DD Management Center - Activity 7
Question 1 8
Question 2 8
Differences Between PowerProtect DD Management Center and PowerProtect DD System
Manager 9

Configuring the PowerProtect DD Management Center 10

System Requirements 10
Installing DDMC 11
Logging In and Out of DDMC 13
Performing Additional Configuration 17
Role-Based Access Control 27
Managing Access to DDMC 27
Adding Systems to DDMC 32
Simulation Activity: Adding a System to DDMC 35

PowerProtect DD Management Center Interface 36

Viewing DDMC Page Elements 36
Navigating a DDMC Page 40
Organizing the Dashboard 40
Launching a DD System Manager Session 45
Simulation Activity: Adding and Configuring a Dashboard 46

Monitoring Systems 47
Overview 47
Performing Daily Monitoring 50
Monitoring Capacity 55
System Details 60
Monitoring Replication 62

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 3

[email protected]
 System Reports 63
Simulation Activity: DDMC Reports Management 65

Administration Menu 66
Multitenancy 66
Permissions 69
Groups 71
Properties 72
Simulation Activity: Adding Permissions to Systems 73

Infrastructure Menu 74
Systems 74
Data Centers 75
Configuration Templates 77
Updates 79
Simulation Activity: Adding a Data Center 83

Smart Scale 84
Overview 84
System and Hardware Requirements Activity 85
Question 1 86
Question 2 86
Smart Scale Services 87

Glossary 89

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 4

[email protected]
 PowerProtect DD Management Center

PowerProtect DD Management Center

Overview

The PowerProtect DD Management Center (DDMC) is a scalable, virtual

system-based solution for centralized management of multiple Dell
PowerProtect DD series appliances and PowerProtect DD Virtual Edition
(DDVE) instances.

DDMC user interface

DDMC is composed of browser-based pages and is installed and runs on

a VMware platform or compatible cloud service.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 5

[email protected]
 PowerProtect DD Management Center

DDMC:

• Provides current and historical data for all managed systems.

• Projects system capacity and availability, capacity threshold health,
and compression factor.
• Monitors storage on multiple systems with Secure Multitenancy1, DD
Boost backup, and replication.
• Balances storage usage and performance by using the Smart Scale
migration feature.

1 DDVE 3.0 and later supports Secure Multitenancy.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 6

[email protected]
 PowerProtect DD Management Center

Features and Limitations of the PowerProtect DD

Management Center - Activity

Scavenger Hunt Activity

Instructions

1. The Dell PowerProtect DD Management Center 7.11 Installation and

Administration Guide provides information about the features and
limitations of the DDMC.
2. Go to the Dell Support website and search for the guide.
3. From the PowerProtect DDMC Overview content, review the
Features and limitations of DDMC section, and answer the questions
on the following pages.

Scavenger Hunt Activity Wrap Up

Notes

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 7

[email protected]
 PowerProtect DD Management Center

Question 1

1. A customer wants to know the aggregated usage totals for all their
managed PowerProtect DD systems. Which of the following is the
best recommendation for the customer?
a. Deploy a DDMC to view the site-wide storage capacity.
b. Deploy a DDMC to view the estimate-projected capacity needs
based on historical trends.
c. Deploy a DDMC to view the processed alerts for all managed
PowerProtect DD systems.
d. Deploy a DDMC to use Smart Scale.

Question 2

2. A customer wants to view the notifications for all their managed

PowerProtect DD systems in a single list. Which of the following is the
best recommendation for the customer?
a. Deploy a DDMC to view all the processed alerts for all managed
PowerProtect DD systems, including Cloud Tier.
b. Deploy a DDMC to see a graph of the current and historical data
about space usage, data consumption, and daily written data
trends.
c. Deploy a DDMC to create custom groups of the managed
PowerProtect DD systems.
d. Deploy a DDMC to generate usage and performance reports.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 8

[email protected]
 PowerProtect DD Management Center

Differences Between PowerProtect DD Management

Center and PowerProtect DD System Manager

The differences between the DDMC and PowerProtect DD System

Manager (DDSM) are as follows:

DDMC DDSM

Manages up to 150 PowerProtect DD Manages a single PowerProtect

systems DD system

Can perform an update on groups of Can perform an update in a

systems simultaneously. single PowerProtect DD system.

Aggregates storage and performance Does not aggregate storage or

data and compares operational performance data or compare
information for all managed systems. operational information across
systems.

Does not directly manage storage. Directly manages storage using

VTL, CIFS, NFS, DD Boost, and
other protocols.

Cannot configure and manage any Can configure encryption on a

replication or encryption. single PowerProtect DD and
replication between PowerProtect
DD systems.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 9

[email protected]
 Configuring the PowerProtect DD Management Center

Configuring the PowerProtect DD Management

Center

System Requirements

The virtual machine hardware requirements are the following:

System vCPU Memory VM disk size

managed base install + database +
DD services disk

1-150 4 vCPU 8 GB 40 GB + 200 GB + 100 GB

The VMware hardware and software that is required to host a DDMC are:

• The vCenter Server installation

• One of the following:
− ESXi 6.5
− ESXi 6.7
− ESXi 7.0
• The vSphere client
• The VMware storage:

− NAS, Virtual Disks over NFS

− SAN, Virtual Disks over VMFS

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 10

[email protected]
 Configuring the PowerProtect DD Management Center

Installing DDMC

Prerequisites

For a smooth and successful DDMC installation, ensure that the following
are available:

• VMware vCenter or ESXi servers

• VMware vSphere client application2
• Sufficient CPU, memory, disk space, and network resources
• The information to create an access profile3
• The DDMC software

− Download the DDMC .zip file from the Dell Support website.
− Two DDMC packages are available for the ESXi platform, DDMC
without Smart Scale services4 and DDMC with Smart Scale
services5
− DDMC in AWS, Azure, and GCP are available in the marketplace of
each of these public clouds

2 The VMware vSphere client application is not required for AWS, Azure,
GCP, Hyper-V, or KVM.
3 If installing within a Hyper-V or cloud environment without role-based

credentials, gather the information to create an access profile.

4 For DDMC without Smart Scale services, download the DDMC package

with the prefix ddmc.x.x. For example, ddmc-7.10.0.0.rpm or the ddve-

vsphere-7.10.0.20-1023227.zip.
5 For DDMC with Smart Scale services, download the package with the

prefix ddmc-ddnvm. For example, ddmc-ddnvm-ddnvminfra-7.10.0.0.rpm

or the ddmc-ddnvm-ddnvminfra-7.10.0.0.ova.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 11

[email protected]
 Configuring the PowerProtect DD Management Center

Installing DDMC in a VMware Environment

To install the DDMC in a VMware environment:

1. Download the required DDMC software and extract the .zip file.
2. Log in to a vSphere client or VMWare Host Client.
3. Launch the virtual machine deployment wizard to deploy the DDMC
instance using the OVA file.
4. Complete the initial configuration.

After the installation, power on the DDMC virtual machine:

1. Open the vSphere client and go to the DDMC location.

2. Right-click the instance and select Power On.

Deep Dive: For detailed DDMC installation in a VMware

environment or cloud provider, see the Dell PowerProtect
DD Management Center Installation and Administration
Guide on the Dell Support website.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 12

[email protected]
 Configuring the PowerProtect DD Management Center

Logging In and Out of DDMC

Access DDMC by using a browser on a workstation that has network

access to the DDMC instance. DDMC supports multiple simultaneous
users.

Initial Login Requirements

The initial login requires using the sysadmin user ID and the default
password.

The initial login details are the following:

DDMC Deployment Username and Default Password

AWS or Google Cloud sysadmin/instance ID

Platform (GCP)

Azure sysadmin/changeme

Non-cloud deployment sysadmin/changeme

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 13

[email protected]
 Configuring the PowerProtect DD Management Center

Logging into DDMC

DDMC Login Window

Perform the following to log in to DDMC:

1. Open a browser and enter the hostname or IP address of DDMC.

a. A Secure Login link provides a secure connection over the network
using HTTPS. This option uses a self-signed certificate by default,
which the user must accept, despite browser warnings.
2. In the login window, enter a username and password, and press Enter,
or select Log In.
a. During initial login, a prompt appears to change the default
password.
3. After logging in to the DDMC, the Dashboard displays showing the
default set of monitoring widgets.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 14

[email protected]
 Configuring the PowerProtect DD Management Center

DDMC Dashboard

Users can log in to DDMC with their existing public key infrastructure (PKI)
and common access card (CAC) and present the PowerProtect DD
system with a certificate for authentication or authorization.

Logging in with PKI and CAC certificates is only available through a

secure login page (HTTPS) and requires an import of the CA root and
intermediate files through the CLI.

To log in to DDMC with a certificate, perform the following:

1. Import the CA root by entering the following command in the Windows

or Linux CLI:
a. ssh sysadmin@DDMC adminaccess certificate import
ca application login-auth < rootCA.crt
2. Import the intermediate CA files by entering the following command in
the CLI:
a. ssh sysadmin@DDMC adminaccess certificate import
ca application login-auth < intermediateCA.crt
3. Select the Log in with certificate link.

a. The Select a Certificate dialog displays, enabling users to select the

appropriate certificate to use to log in to DDMC.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 15

[email protected]
 Configuring the PowerProtect DD Management Center

Logging out of DDMC

Perform the following to log out of DDMC:

1. Click the User icon on the DDMC banner and select Logout in the
dropdown.

DDMC Logout Option

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 16

[email protected]
 Configuring the PowerProtect DD Management Center

Performing Additional Configuration

The basic configuration enables DDMC to start. To fully integrate the

DDMC into the customer environment, complete the configuration of the
additional settings like network settings and time zone:

Prerequisites

For the DDMC network and time zone configuration, ensure that the
following are available:

• Hostname
• IP address
• Netmask
• Default Gateway
• Domain name
• DNS servers
• NTP servers

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 17

[email protected]
 Configuring the PowerProtect DD Management Center

Interface

The DDMC Network Interface Page

The Interfaces page lets you manage and configure the Ethernet
interface, DHCP, and IP addresses and displays network information and
status.

To configure the Ethernet interface, follow the steps below:

1. Click the gear icon in the DDMC banner and select Settings.
2. Select Network > Interface.
3. Select the interface to modify and click Edit.
4. Complete the configuration and click SAVE.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 18

[email protected]
 Configuring the PowerProtect DD Management Center

Hosts

The DDMC Network Hosts Page

The DDMC hostname is set manually or automatically.

To set the DDMC hostname, follow the steps below:

1. Click the gear icon in the DDMC banner and select Settings.
2. Select Network > Hosts.
3. Select the Mode to set the host and domain names:
a. Using DHCP
b. Manually
i. Enter a Host name.
ii. Enter a Domain name associated with DDMC.
4. Click APPLY to save the changes.

For manual configuration, use the Mapping area to add a host mapping.

To add a hostname mapping, follow the steps below:

1. Click ADD in the Mapping area to create a host mapping.

2. Type the IP address in the IP Address field.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 19

[email protected]
 Configuring the PowerProtect DD Management Center

3. In the Host Name list, click ADD.

4. Enter the hostname that is used for the mapping.
5. Click ADD.
6. Click APPLY to save the changes.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 20

[email protected]
 Configuring the PowerProtect DD Management Center

DNS

The DDMC Network DNS Page

To configure the DNS, follow the steps below:

1. Click the gear icon in the DDMC banner and select Settings.
2. Select Network > DNS.
3. Select the Mode to set the method for obtaining the DNS:
a. Using DHCP
b. Manual
i. Click ADD.
ii. Enter the DNS IP address.
4. Select APPLY to save changes.

To add a search domain list, follow the steps below:

1. Click the ADD next to Search domain names.

2. Enter a name in the Search domain field.
3. Click ADD.

Search domains are shown as an action table within the DNS page.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 21

[email protected]
 Configuring the PowerProtect DD Management Center

Routes

The DDMC Network Routes Page

The routing that is implemented on DDMC is based on the internal route

table, where the administrator may define a specific network or subnet that
is used by a physical interface or interface group.

To configure routes, follow the steps below:

1. Click the gear icon in the DDMC banner and select Settings.
2. Select Network > Routes.
3. In the STATIC ROUTES page, set the default IPv4 or IPv6 gateway
address:
a. Using DHCP
b. Manual
i. Enter the gateway IP address.
4. Click APPLY to save the changes.

To force traffic for a specific interface to a specific destination, configure a

static route as follows:

1. Click ADD in the Static routes action table to create a route.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 22

[email protected]
 Configuring the PowerProtect DD Management Center

2. In the Add Static routes dialog box, select an interface.

3. Specify the Destination by selecting one of the following:
a. Network
i. Type the network IP address and netmask.
b. Host
i. Type the hostname or IP address of the destination host of the
route.
4. Type a new gateway address in the Gateway field.
5. Click ADD to close the dialog box and save changes.
6. Click APPLY to save the changes.

Select DINAMIC ROUTES page to view the dynamically assigned routes

that use network or host paths for data transmission.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 23

[email protected]
 Configuring the PowerProtect DD Management Center

SNMP

The DDMC Network SNMP Page

DDMC supports SNMP V2C and SNMP V3. SNMP V3 provides a greater
degree of security than V2C by replacing clear text community strings with
user-based authentication using either MD5 or SHA1.

The default port that is open when SNMP is enabled is port 161. Traps are
sent out through port 162.

To enable or disable SNMP, follow the steps below:

1. Click the gear icon in the DDMC banner and select Settings.
2. Select Network > SNMP.
3. In the Status area, select Enable to use SNMP.
4. In the Status area, select Disable to stop using SNMP.
5. Click APPLY to save the changes.

You can configure SNMP system location and system contacts.

To configure SNMP properties, follow the steps below:

1. Type the DDMC location in the Location field.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 24

[email protected]
 Configuring the PowerProtect DD Management Center

2. Type the contact information in the Contact field.

3. Click APPLY to save the changes.

Uses the V3 Configuration are to set up SNMP V3 users and trap hosts.

Uses the V2C Configuration area to set up the community strings and
trap hosts.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 25

[email protected]
 Configuring the PowerProtect DD Management Center

Time and Date Settings

DDMC Time and Date Settings

Perform the following to set or change the time and date settings:

1. Click the gear icon in the DDMC banner, and then select Settings >
SYSTEM > Time and Date.
2. Under Settings set how the time synchronizes:
a. To manually set the time and date, from the Synchronization mode
select Manual, set the Time Zone from the drop-down lists, and then
set the Date and Time.
b. To use an NTP server to synchronize the time, from the
Synchronization mode select how to access the NTP server:
i. Using NTP server from DHCP which automatically select a server.
ii. NTP service manually, and then add the IP address of the servers
in the NTP Servers area.
3. Select APPLY.

a. Changes to the Time and Date settings require a DDMC restart to

take full effect.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 26

[email protected]
 Configuring the PowerProtect DD Management Center

Role-Based Access Control

DDMC uses role-based access control (RBAC) to control how data is

manipulated and displayed within DDMC and on the PowerProtect DD
systems that DDMC manages.

DDMC users can:

• Have one of four roles within DDMC

− admin, limited-admin, user, or mobile-user
• Have one of four roles on the PowerProtect DD systems that DDMC
manages
− admin, limited-admin, user, or backup operator
• Modify DDMC states
− admin or limited-admin users
• View PowerProtect DD system status through DDMC
− admin, limited-admin, user
• Modify a PowerProtect DD system

− admin or limited-admin users in the PowerProtect DD system

Managing Access to DDMC

Access management includes viewing and configuring the services that

provide administrator and user access to DDMC.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 27

[email protected]
 Configuring the PowerProtect DD Management Center

Roles Required for DDMC Tasks

Mutual trust is established between DDMC and its managed systems. If a

user is added to DDMC with admin or limited-admin access, that user can
also access the managed systems.

The roles available in the DDMC are the same as the roles in the DD
System Manager.

Role Description

admin Can access all functions on a DDMC page.

limited- Can configure and monitor the PowerProtect DD system with

admin some limitations. Users assigned to this role cannot:
• Perform data deletion operations
• Perform Smart Scale operations
• Edit the registry
• Delete uploaded RPM packages
• Delete update schedules
• Enter bash or SE mode

user Can be a stand-alone user or part of a group. The user has

access to only certain functions on a DDMC page according to
the role that is assigned to that user or group.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 28

[email protected]
 Configuring the PowerProtect DD Management Center

Managing Administrator Access

DDMC Administrator Access

Administrator Access provides settings to configure how users can connect

to DDMC. Each protocol is configured separately as follows:

1. Click the gear icon in the DDMC banner, and then select Settings >
ACCESS > Administrator Access.
2. View the Passphrase. If required, set the passphrase.
3. View the available Protocols, and for the selected protocol, configure
the required options.
a. The following protocols are available for viewing or configuration:
i. FTP, FTPS, HTTP, HTTPS, SCP, SSH, or Telnet
o The status of the service is either enabled or disabled.
o The allowed hosts set the access permissions for the named
host.
4. Click APPLY to save changes.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 29

[email protected]
 Configuring the PowerProtect DD Management Center

Managing Local User Access

DDMC Local Users Access

To create a local user with either the admin, limited-admin, or the user
role:

1. Click the gear icon in the DDMC banner, and then select Settings >
ACCESS > Local Users.
2. Click ADD.
3. In the Add Local User dialog box, fill out the requested information.
4. Select ADD.
5. Click APPLY to save changes.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 30

[email protected]
 Configuring the PowerProtect DD Management Center

Configuring Authentication

DDMC Authentication

The types of authentication in DDMC are the Network Information

Services (NIS), Windows (Workgroup or Active Directory), and Lightweight
directory access protocol (LDAP).

To configure the DDMC authentication:

1. Click the gear icon in the DDMC banner, and then select Settings >
Access > Authentication.
2. Select the authentication method NIS, WINDOWS, or LDAP.
3. Fill out the requested information.
4. Enable the required authentication method.
5. Click APPLY.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 31

[email protected]
 Configuring the PowerProtect DD Management Center

Adding Systems to DDMC

Register PowerProtect DD systems in the DDMC inventory for DDMC

management.

Perform the following to register a PowerProtect DD system in the DDMC

inventory:

Step One

Select Infrastructure > Systems.

DDMC Infrastructures Systems Window

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 32

[email protected]
 Configuring the PowerProtect DD Management Center

Step Two

DDMC Add System to Inventory Window

Click ADD. Ensure that the box next to the system being added is checked
and enter the system details:

a. Select DD System or DD HA system.

b. Enter the hostname in the Host name field.
c. Enter the sysadmin password in the Sysadmin password field.
d. Optionally, type the inbound and outbound proxy hostname or IP
address and port number for Proxy Firewalls.
e. Optionally, check Certificate information by clicking in the associated
cells. The Subject name in the DDMC CA certificate should match the
DDMC hostname, or SSL fails the host verification.
f. The Progress field shows the percentage that is completed as the
system is being added.

If another DDMC manages the system, select the Takeover managed system
checkbox.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 33

[email protected]
 Configuring the PowerProtect DD Management Center

Step Three

Click REGISTER to continue.

A progress bar displays on the page showing the progress of the initial
data synchronization for the newly added systems.

DDMC Add System to Inventory Window

Deep Dive: For more information about editing system

settings, configuration templates, and assigning properties
to system or replication, see the Adding (registering)
systems to DDMC section of the Dell PowerProtect DD
Management Center Installation and Administration Guide
on the Dell Support website.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 34

[email protected]
 Configuring the PowerProtect DD Management Center

Simulation Activity: Adding a System to DDMC

Simulation Activity: Adding a System to DDMC

The Online Course Contains an Interaction Here.

In the simulation, the learner logs in to the DDMC to register a

PowerProtect DD system ddve01.delledu.lab to DDMC.

Simulation Activity Wrap Up

Notes

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 35

[email protected]
 PowerProtect DD Management Center Interface

PowerProtect DD Management Center Interface

Viewing DDMC Page Elements

The PowerProtect DD Management Center (DDMC) is composed of

various page elements.

The three main areas of the DDMC main page are the banner, navigation
panel, and the work area.

Banner

The DDMC Banner

The banner contains the following elements:

1. Alerts
− A bell icon that when clicked shows the most recent alerts.
− A red badge notifies of unseen new alerts and the count.
2. Settings
− Provides various options including Support Bundles and Disaster
Recovery.
3. Refresh

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 36

[email protected]
 PowerProtect DD Management Center Interface

− Reload the page to display the latest information.

4. Help
− Shows various options about the DDMC including the DDMC
Guide.
5. User Settings

− A circular icon that displays the first letter of the user ID.
− Displays the user and role information, provides access to the
classic view of DDMC, and the Logout option.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 37

[email protected]
 PowerProtect DD Management Center Interface

Navigation Panel

The DDMC navigation panel

The navigation panel is on the left side of the DDMC and includes the
following categories:

• Dashboard
• Health
• Capacity
• Replication
• Reports
• Administration
• Infrastructure

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 38

[email protected]
 PowerProtect DD Management Center Interface

Work Area

The DDMC work area

Within each category, you can select subcategories that appear in the
work area.

When you select a subcategory, the content in the work area changes.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 39

[email protected]
 PowerProtect DD Management Center Interface

Navigating a DDMC Page

DDMC Health Status page

The navigation elements on a DDMC page change the focus and scope
that the work area displays:

• Find categories and subcategories on the left, in the navigation panel.

• Toggle buttons, if applicable, let you change from a standard system
list, to a group of systems, and to a tenant view.

Organizing the Dashboard

The dashboard:

• Lets you quickly check important conditions, such as unreachable

systems, active alerts, capacity used, and others.
• Holds widgets for a collection of monitoring functions.

Dashboards display organized information based on location, datatype,

health status, and others.

By default, each user is assigned a dashboard with one tab with a group
of widgets that are configured to cover all the systems that a user is
monitoring.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 40

[email protected]
 PowerProtect DD Management Center Interface

Dashboard Tabs

The DDMC Add dashboard Window

To create a Dashboard tab quickly:

1. Click the blue plus sign (+).

2. Complete the required Name, Columns, and Filter fields in the Add
Dashboard window.
3. Click ADD.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 41

[email protected]
 PowerProtect DD Management Center Interface

You can copy a dashboard tab with all its widgets to a new dashboard tab
and then edit the new dashboard with the Add tab control in the upper right
corner.

The DDMC Add Tab control and filter icon

Dashboard tabs can be filtered using the filter icon in the upper right
corner to:

• Filter by group
• Filter by property
• Filter by system
• Filter by rule
• Clear filter

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 42

[email protected]
 PowerProtect DD Management Center Interface

Widgets

The DDMC Add widget control

To create a widget:

1. Select the Dashboard.

2. Select a dashboard tab.
3. Select the Add widget control at the upper right corner.
4. In the Add Dashboard Widget dialog, enter a Name for the new widget.
5. Select the Template for the wanted output.
6. If applicable, in the Settings area, select any of the available filter
options.
7. Click ADD.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 43

[email protected]
 PowerProtect DD Management Center Interface

You can edit widgets using the Edit widget control or delete widgets using
the Remove widget control in the banner of each widget.

The DDMC Edit widget and Remove widget controls

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 44

[email protected]
 PowerProtect DD Management Center Interface

Launching a DD System Manager Session

DDMC VIEW DD SYSTEM MANAGER Option

From some DDMC pages, you can launch a DD System Manager (DDMS)
session to perform configuration or troubleshooting operations.

The launched session of DDSM runs on DDMC.

To start a DDMS session, select VIEW DD SYSTEM MANAGER from any of

the following DDMC pages:

• Health > Status

• Capacity > Systems/MTrees > Systems
• Infrastructure > Systems
• Replication > Overview > SYSTEM DETAILS
• Replication > Automatic > PAIR DETAILS
• Replication > On-demand > PAIR DETAILS
• Infrastructure > System

The DDSM session that starts requires no login or logout and provides
complete management of the system.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 45

[email protected]
 PowerProtect DD Management Center Interface

Simulation Activity: Adding and Configuring a

Dashboard

Simulation Activity

The Online Course Contains an Interaction Here.

In this simulation, the learner adds a new dashboard that is called

Capacity Overview and remove the non-capacity related widgets.

Simulation Activity Wrap Up

Notes

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 46

[email protected]
 Monitoring Systems

Monitoring Systems

Overview

Monitoring PowerProtect DD Systems

DDMC Reports

The monitoring tools of the PowerProtect DD Management Center

(DDMC) let you examine a wide array of operational information about
managed systems.

DDMC copies all the historical information for a PowerProtect DD system

that is added to DDMC.

When operational data changes on a PowerProtect DD system:

• The system notifies DDMC.

• DDMC immediately polls the system to get the latest operational data
for current and historical reporting and create trend projections.

In addition to data provided on the interface, you can generate reports on-
demand or scheduled and email to a list of interested parties.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 47

[email protected]
 Monitoring Systems

Data Retention Policy for DDMC

DDMC maintains up to ten years of performance and capacity

measurements for the monitored PowerProtect DD systems.

The following table shows the type of data that DDMC retains for each
sample:

Type of Data Hourly Samples Daily Samples Weekly Samples

Collection 3 months 1 year 10 years

space usage

MTree space 1 month 3 months 10 years

used

Automatic 1 month 3 months 10 years

replication
 Bytes
transferred
and lag

On-demand 3 months 1 year 10 years

replication
 Number of
files and
bytes
transferred

Performance 1 month 1 year None

 CPU and
network

To reduce the amount of space to store this historical data, DDMC

periodically discards older samples.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 48

[email protected]
 Monitoring Systems

Space Projection Algorithm for DDMC

DDMC uses a sophisticated algorithm, a seven-day moving average6, to

project growth in space usage and to predict when a PowerProtect DD
system runs out of space.

The data history is scanned to find the projection with the best fit the
regression with the highest R2 value.

The R2 value is a measure of how close the regression fits the actual
measurements:

• A value of 1 means that the fit was perfect.

• A value of 0 means that there was no fit at all.
• A value of 0.8 means that DDMC found a projection that matches the
measurements closely enough to be meaningful and not misleading.

After the best fit is determined, the projection must pass the following
validation tests to ensure that the prediction is accurate:

1. DDMC must have at least 15 days of historical data.

2. The regression R2 value must be at least 0.8 or higher.
3. Time-to-full must be less than 10 years in the future.
4. The system must be at least 10% full.
5. The most recent data sample must be within 5% of the projection.

6The seven-day moving average algorithm computes a linear projection of

space growth using an optimal set of recent data points.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 49

[email protected]
 Monitoring Systems

Performing Daily Monitoring

Using DDMC to perform daily monitoring of your site lets you check for
unusual activity before it becomes a serious problem.

Dashboard

The ALL SYSTEMS Dashboard

The Dashboard widgets provide an overview of key performance

indicators for the monitored PowerProtect DD systems.

By default, DDMC provides a dashboard that is named ALL SYSTEMS

with the following widgets:

• Health Status
• Active Alerts
• Capacity Thresholds
• Capacity Used
• Replication Status
• Lag Thresholds

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 50

[email protected]
 Monitoring Systems

• High Availability Readiness

• Cloud Health

Alert Notifications

The DDMC Alerts Notification Area

For new unacknowledged alerts on the PowerProtect DD systems you are

authorized to manage, check the bell icon present at the upper right side.

The Alerts area shows the current unacknowledged EMERGENCY,

ERROR, CRITICAL, and WARNING level alerts.

The Alerts notification area reports the severity, date, class, and system
name of the new alert.

To see the alert details, select the View All link to open the Health > Alerts
page.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 51

[email protected]
 Monitoring Systems

Health Alerts

The DDMC Health Alerts Page

The Health Alerts page provides a list of alerts on the PowerProtect DD

systems that DDMC manages.

At the upper right corner, you can select the ACTIVE ALERTS or ALL ALERTS
tab.

The All active alerts or All alerts date range filter allows for narrowing or
expanding the focus of alert scoping or going back to a specific point in
time. The date range includes Last 12 hours, Last 24 hours, Last 7 days, Last
30 days, All active alerts, and Custom.

The SYSTEM and TENANT buttons at the upper right let you show all the
PowerProtect DD systems or systems by tenant assignment.

Selecting an alert in the table expands to show descriptive information

about the alert.

To see a summary of the history of the alert, click the EVENT OCCURRENCE
HISTORY button to see a list of every occurrence of the alert for the system.

To investigate an alert on a system, click the MANAGE SYSTEM ALERTS

button to open the DDSM.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 52

[email protected]
 Monitoring Systems

Health Status

The DDMC Health Status Page

The Health Status page displays information about potential operational

problems, such as connection status, replication status, and alerts.

The toggle buttons at the upper right let you show all the PowerProtect DD
systems and systems organized by group or tenant assignment.

The LED colors indicators are as follows:

Led Color Description

Red Error or problem

Yellow Error or warning

Green Normal operation

Gray Disabled components

Gray for empty sockets Nonlicensed components

If a system is unreachable, but not disabled or nonlicensed, the last known

state of the LED is displayed.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 53

[email protected]
 Monitoring Systems

Health Jobs

The DDMC Health Jobs Page

The Health Jobs page displays information about jobs or tasks that are
initiated from DDMC.

This information includes jobs that are still in progress and complete,
whether successfully or not.

Details of the task, including its subtask status, are shown for a selected
task in the Details panel.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 54

[email protected]
 Monitoring Systems

Monitoring Capacity

Overview

The DDMC Capacity Page

The Capacity pages display information about storage utilization.

You can monitor current and historical space consumption, and estimated
projected near-term future storage needs.

The Capacity section is split into the following sections:

• Systems/MTrees
• Cloud

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 55

[email protected]
 Monitoring Systems

Systems Capacity

The DDMC Systems Capacity Page

The Systems capacity threshold table shows the current used and
projected capacity.

3 Months is the default for the Projection Timeline (Capacity Used %).

The Export option downloads a .csv file to your workstation that contains
the current capacity that is used and the protected capacity utilization.

To view the capacity projection, select a system and click the Calculate
Projections button.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 56

[email protected]
 Monitoring Systems

The Capacity Projections Page

The Calculate Projections is a linear regression that is based on total system

usage and makes predictions about capacity thresholds.

A projection is not made if the average usage in the last seven days is
less than 10%.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 57

[email protected]
 Monitoring Systems

MTrees Capacity

The DDMC MTrees Capacity Page

The MTrees capacity table shows MTrees capacity statistics for the
PowerProtect DD systems.

The MTree compression factor allows making informed decisions about

migrating the data to a different PowerProtect DD system for better
deduplication.

MTrees are organized in a hierarchy that can be expanded or collapsed to

facilitate navigation.

A Details pane appears at the right of the page when you click the Show
Details icon at the left of each PowerProtect DD system and MTree in the
table.

The Export option downloads the MTrees table information to a .csv file to
your workstation.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 58

[email protected]
 Monitoring Systems

Cloud Capacity

The DDMC Cloud Capacity Page

The Cloud capacity page provides the following:

• Monitor the active tier and cloud tier capacity residing on different
cloud providers

• Give an overview of the data distribution between on-premises data

centers and the different cloud providers

• List which MTrees are associated with a specific cloud provider

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 59

[email protected]
 Monitoring Systems

System Details

The System Details Page

The System Details lightbox provides detailed operating information about

specific components of a PowerProtect DD system.

There is a System Details control on each of the following pages:

• Health > Status

• Capacity > Systems/MTrees > Systems
• Capacity > Systems/MTrees > MTrees
• Replication > Overview
• Infrastructure > Systems

To activate the control, you must first select a PowerProtect DD system

from the table.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 60

[email protected]
 Monitoring Systems

The System Details contains the following tabs for non-HA systems:

Tab Description

OVERVIEW The OVERVIEW tab shows the operational status of

various system components using LED status indicators.
Also provides summaries of file system usage and
capacity, and replication status and statistics for inbound
and outbound replications.

CAPACITY The CAPACITY tab shows different tier data if applicable

and contains a Capacity Usage chart and a table with
MTrees on that system.

REPLICATION The REPLICATION tab lists the counts of different

automatic and on-demand replication pairs, both inbound
and outbound, with ones that have errors or warnings. A
Replication Trend chart is available.

NETWORK The NETWORK tab shows total bytes, backup and restore
bytes, and replication inbound and outbound bytes. A
Network Trend chart is available.

SYSTEM The SYSTEM CHARTS includes all system charts, and lets
CHARTS you produce charts for selected time intervals.

Deep Dive: For more information about the system details

for HA systems, see the Checking the System Details
lightbox section of the Dell PowerProtect DD Management
Center Installation and Administration Guide on the Dell
Support website.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 61

[email protected]
 Monitoring Systems

Monitoring Replication

The DDMC Replication page

The Replication pages provide status and performance details about

replication pairs:

• The Replication > Overview page provides details of the replication

activity for the PowerProtect DD systems.
• The Replication > Automatic page display a list of the automatic
replication contexts that are monitored by the DDMC managed by the
PowerProtect DD system, collection, MTree, and directory replication.
• The Replication > On-demand page provides summary information
for the replications that are initiated by DDBoost managed file
replication.

Deep Dive: For more information about replication, see the

Monitoring replication section of the Dell PowerProtect DD
Management Center Installation and Administration Guide
on the Dell Support website.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 62

[email protected]
 Monitoring Systems

System Reports

Overview

The DDMC Reports Page

Reports compile information for areas of interest on managed systems

and for Secure Multi-Tenancy (SMT) and DD Cloud Tier.

Reports generation is based on default report template types, report

content, schedule, and email distribution.

The types of reports are the following:

Reports Templates

System Reports Capacity, Replication, and Status

Multitenancy Reports Status and Usage reports

Cloud Reports Status and Usage reports

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 63

[email protected]
 Monitoring Systems

Creating a Report

The DDMC Reports > Management Page

The Add Report Template wizard creates a report template for use in running
reports about key data points.

To create a report:

1. Select Reports > Management.

2. Click ADD.
3. In the Add Report Template dialog, select the type of report you want,
and click NEXT.
4. Enter a name, and select a Template. Choose one or more Sections to
include, and click NEXT.
5. Depending on the report selection:
a. For System, select a filter to narrow the scope of reported objects.
b. For Multi-Tenancy, select a scope, Tenant Unit or Tenant.
c. For Cloud Reports, select Cloud Service Provider to filter the
systems that have a cloud tier configuration.
6. Optionally, select a Schedule and Report retention, and click NEXT.
7. Optionally, add recipient email addresses for the reports delivery, and
click NEXT.
8. Review the report configurations and click FINISH.

The report template adds an entry in the reports table. Select the report
template to immediately run, edit, delete, or disable the report.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 64

[email protected]
 Monitoring Systems

Simulation Activity: DDMC Reports Management

Simulation Activity

The Online Course Contains an Interaction Here.

In this simulation, the learner creates a cloud report that is called Cloud
Status and view the report from the email.

Simulation Activity Wrap Up

Notes

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 65

[email protected]
 Administration Menu

Administration Menu

Multitenancy

DDMC can configure and monitor Secure Multitenancy for DD Boost

backup and replication storage on multiple PowerProtect systems.

The Administration Multitenancy page allows you to create, manage,

and monitor tenant units.

Creating and Managing Tenants

The DDMC Administration Multitenancy Page

To create tenants, follow the steps below:

1. Select Administration > Multitenancy.

2. Select All Tenants in the tree, then select Add Tenant Unit, the green
plus sign above the tree.
3. In the Create Tenant dialog box, type the following information:
a. For Tenant name, which is required, the name of the client or
organization that uses the storage.
b. For Administrator name, which is optional, type the name of the
backup administrator.
c. For Administrator email, which is required, type the email address of
the backup administrator.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 66

[email protected]
 Administration Menu

i. This information is used to create a default alert notification list.

4. Select CREATE.

You can edit, delete, or view tenant information from the Multitenancy
page.

Creating and Managing Tenant Units

The DDMC Create Tenant Unit Page

To create tenants units, follow the steps below:

1. Select Administration > Multitenancy.

2. Select All Tenants in the tree, then select Add Tenant, the green plus
sign, above the tree.
3. In the Creation Type page, select one of the options below, and then
click NEXT:
a. Create a Tenant Unit with manual provisioning storage
b. Create a Tenant Unit and automatically provision storage
c. Create an empty Tenant Unit
4. In the Identify the Host System page, set the following and then click
NEXT:

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 67

[email protected]
 Administration Menu

a. Datacenter location
b. Size now (GB)
c. Size to grow (GB)
d. Time to grow
5. In the Select Host System page, select a system with enough logical
capacity to host the tenant unit and then click NEXT.
6. In the Administration page, set the following and then click NEXT:
a. Tenant Unit name
b. Optionally the Administrator name
c. Administrator email
d. Check Use strict security mode to allow incoming replications
only if they are from another tenant unit that the same tenant owns.
e. Add Management IP Addresses, which is optional, as needed.
When Create an Empty Tenant Unit is selected, the Use strict
security mode and Management IP Addresses options do not show.
7. The next page depends on the previous choice:
a. For manual provisioning, you can create MTrees/Storage Units,
and then click NEXT.
b. For automatic provisioning, you can configure users for data access
over the DD Boost protocol, and then click NEXT
c. For Create an empty Tenant Unit, go to the Summary page.
8. Review the Summary page and then click CREATE.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 68

[email protected]
 Administration Menu

Permissions

The DDMC Administration Permissions Page

The Administration Permissions page allows you to add, modify, and

remove permissions from groups and systems. Each of the views shows
the users, the assigned roles, and the effective roles.

To add permissions to systems or groups, follow the steps below:

1. Select Administration > Permissions.

2. Click ADD.
3. From the drop-down menu select one of the options below:
a. Add permissions to systems, and then select the systems.
b. Add permissions to groups, and then select the groups.
4. Click ADD from the right side of the Add Permissions page.
5. From the Select Users page, select a user.
6. Click SELECT.
7. Click in the Role field for the user, and select the access role from the
drop-down list:
a. Administrator
b. Limited Administrator

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 69

[email protected]
 Administration Menu

c. Backup Operator
d. User
8. Click ASSIGN.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 70

[email protected]
 Administration Menu

Groups

The DDMC Administration Groups Page

Groups are a way to organize PowerProtect DD systems under a specific

name and in a hierarchical structure.

In a group:

• The system applies properties to systems, MTrees, and replication

contexts.
• The system automatically assigns a default set of system properties
like system model, DDOS version, and domain name.

To create a group, follow the steps below:

1. Select Administration > Groups.

2. Click ADD.
3. Ensure only the forward-slash (/) is in the Path box.
4. Enter a name for the new group and click SAVE.
5. In the Add Group dialog, select a system from the Available Systems
panel. Select the right arrow (>) to move the system into the group
panel and click SAVE.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 71

[email protected]
 Administration Menu

You can edit or delete a group from the Groups page.

Properties

The Administration Properties page allows you to add additional

properties to managed systems for classifying, searching, filtering, and
organizing systems.

The DDMC Administration Properties Page

To add properties to systems and replication pairs, follow the steps below:

1. Select Administration > Properties.

2. At upper right, select one of the tabs SYSTEM or REPLICATION, and
click ADD.
3. In the Add Property dialog box, type a name for the property, and
select the operation type:
a. String
▪ Allows a string of up to 256 characters to be set when assigning
the property.
b. Boolean
▪ Creates a condition where you can assign one of two values, for
example True or False, or Yes or No.
c. Fixed-value String

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 72

[email protected]
 Administration Menu

▪ Let you provide a name and specific values for the property.
Selecting the option Allow multiple types lets you assign more
than one value.
4. Click ADD.
5. Assign values to the properties by editing the system from the
Infrastructure > Systems page.

Simulation Activity: Adding Permissions to Systems

Simulation Activity

The Online Course Contains an Interaction Here.

In this simulation, the learner adds a ddadmin user with limited

administration privileges to the systems ddve01.delledu.lab and
ddve02.delledu.lab.

Simulation Activity Wrap Up

Notes

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 73

[email protected]
 Infrastructure Menu

Infrastructure Menu

Systems

The DDMC Infrastructure Systems Page

From the Infrastructure Systems page you can perform the following:

• View all the PowerProtect DD systems that the PowerProtect DD

Management Center (DDMC) manages.
• Register PowerProtect DD systems to the DDMC inventory.
• Edit systems configuration settings, properties, group assignments,
and thresholds.
• View SYSTEM DETAILS.
• Manage the system with the PowerProtect DD System Manager
(DDSM).

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 74

[email protected]
 Infrastructure Menu

Data Centers

The DDMC Data Centers Page

A Data Center is a logical group of PowerProtect DD systems that are

based on location and provide the following:

• A cleaner view of the PowerProtect DD systems managed by DDMC.

• The ability to create custom dashboards for the individual Data

Centers.

• The ability to deploy Smart Scale Data Centers Services for Storage
Unit Mobility.

• The ability to create, manage, and monitor health and alerts of groups
of systems at the data center level.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 75

[email protected]
 Infrastructure Menu

The Data Centers page shows:

• The number of created data centers.

• The number of systems that are in and are not in a managed data
center.
• The number of data centers that have deployed advanced services, for
example, Smart Scale.

To create a data center, follow the steps below:

1. Select Infrastructure > Data Centers.

2. Click Create.
3. Define the data center name by entering a Data Center name and an
optional Description and then click Next.
4. Select and add available systems to the data center and then click
Next.
5. Review the Summary page and make any necessary edits. Click
Create.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 76

[email protected]
 Infrastructure Menu

Configuration Templates

The DDMC Configuration Templates Page

The Configuration Templates page allows a DDMC administrator to

create a configuration settings template from an existing PowerProtect DD
system.

Configuration templates allow:

• Applying the same configuration to multiple systems.

• Using a known valid and preferred configuration from a PowerProtect
DD system as a standard template.
• Monitoring of multiple systems for configuration compliance and audit
changes.

To create a configuration template, follow the steps below:

1. Select Infrastructure > Configuration Templates.

2. Click Create.
3. Set the Name for the template.
4. Select the Source System from a list of existing systems managed by
DDMC.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 77

[email protected]
 Infrastructure Menu

5. Select or clear any feature or subfeature.

6. Click Create Template.

The Audit Schedules allow you to create audits that generate an alert for
each noncompliant configuration system.

You can edit, apply, and audit configuration templates to systems

managed by DDMC from the Configuration Templates page.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 78

[email protected]
 Infrastructure Menu

Updates

Overview

The DDMC Updates Page

The Updates page allows you to upload a DD Operating System (DDOS)

update package to the DDMC inventory to schedule or perform a DDOS
update on the PowerProtect DD systems that DDMC manages.

Download the DDOS update package7 from the Dell Support website.

7Download the DDOS update package with the prefix x.x.rpm, for
example, 7.11.0.0-1035502.rpm.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 79

[email protected]
 Infrastructure Menu

Managing System Update Packages

The DDMC Add Update Package Page

To upload a DDOS update package, follow the steps below:

1. Select Infrastructure > Updates.

2. Select the Packages tab.
3. In the Add Update Package dialog box, click BROWSE, and locate
the update package.
4. Click ADD.

After the update package has been uploaded to the DDMC inventory, you
can update one or more systems.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 80

[email protected]
 Infrastructure Menu

Scheduling a System Update

The DDMC Configure Update Page

The DDMC allows you to update the DDOS on one or more PowerProtect
DD systems.

If the system is not in an acceptable managed state, for example,

unreachable, suspended, or updating, the update action is unavailable.

To schedule a system update, follow the steps below:

1. Select Infrastructure > Updates.

2. Click the Configure Update button.
3. Set the Update Name, and select one of the options below, and the
click Next:
a. Download Package Only
▪ Allows for downloading an update package to the systems
without installation.
b. Install Update Only
▪ Allows for installation of previously downloaded update
packages on systems.
c. Download Package and Install Update

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 81

[email protected]
 Infrastructure Menu

▪ Allows for configuring both download and installation of an

update package to selected systems.
4. From the Select Systems page, select a system from the Available
Systems list and then click Add.
5. Click Next.
6. From the Select Package page, select the update package to apply to
the previously selected system or systems. Click Next.
− If the update package exists in the system, continue to the next
step.
7. The Schedule page depends on the option that is selected on step
number three:
− For the Download Package Only, select when to download the
package and then click Next.
− For the Install Update Only, select when to install the update and
then click Next.
− For the Download Package and Install Update, select when to
download the package and when to install the update and then click
Next.
8. From the Summary page, review the summary, and if applicable,
select Reboot before installation. Click Finish.

− Rebooting the system lets the update continue without any conflicts
with background processes and may be required for some updates.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 82

[email protected]
 Infrastructure Menu

Simulation Activity: Adding a Data Center

Simulation Activity

The Online Course Contains an Interaction Here.

In this simulation, the learner creates a data center that is called DellEdu
and add the systems ddve01.delledu.lab and ddve02.delledu.lab.

Simulation Activity Wrap Up

Notes

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 83

[email protected]
 Smart Scale

Smart Scale

Overview

The DDMC with Smart Scale and the System Pools

The following are features of the PowerProtect DD Management Center

(DDMC) Smart Scale:

• Manages, protects, and recovers data efficiently

• Enables grouping of multiple PowerProtect DD systems into a logical
system pool

A logical system pool creates a layer between client protection policies

and the destination of the protected data to help manage capacity
changes and storage unit placement without requiring modifications to the
protection infrastructure.

Smart Scale introduces a mobile storage unit (MSU) which is hosted on

one of the PowerProtect DD systems in a system pool.

You can migrate an MSU from one PowerProtect DD system to another

for more efficient balance storage usage and performance within the
environment.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 84

[email protected]
 Smart Scale

System and Hardware Requirements Activity

Scavenger Hunt Activity

Instructions

1. The Dell PowerProtect DD Management Center 7.11 Installation and

Administration Guide provides information about the Smart Scale
system and hardware requirements.
2. Go to the Dell Support website and search for the guide.
3. From the Smart Scale content, review the System and hardware
requirements section, and answer the questions on the following
pages.

Scavenger Hunt Activity Wrap Up

Notes

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 85

[email protected]
 Smart Scale

Question 1

1. A customer with 30 PowerProtect DD Virtual DD Editions (DDVE)

running DDOS 7.6 would like to deploy Smart Scale services. As the
system administrator, what would be your recommendation?
a. Upgrade all DDVE to DDOS 7.11 or later and deploy a DDMC
with DDNVM 7.11 or later.
b. Upgrade all DDVE to DDOS 7.10 or later and deploy a DDMC
7.10.
c. Upgrade all DDVE to DDOS 7.11 and deploy a DDMC 7.11.
d. Deploy a DDMC 7.10 or later.

Question 2

2. A customer with some PowerProtect DD6900 series models and a

vCenter Server 5.1 would like to deploy Smart Scale services to
support the backup environment. As the system administrator, what
would be your recommendation?
a. Upgrade the vCenter Server to 6.7 or later and deploy a DD
Namespace VM with 8 vCPU, 24 GB memory, and 250 GB disk
space.
b. Upgrade the vCenter Server to 6.5 and deploy a DD Namespace
VM with 8 vCPU, 24 GB memory, and 250 GB disk space.
c. Upgrade the vCenter Server to 6.0 and deploy a DD Namespace
VM with 8 vCPU, 24 GB memory, and 250 GB disk space.
d. Upgrade the vCenter Server to 5.5 and deploy a DD Namespace
VM with 8 vCPU, 24 GB memory, and 250 GB disk space.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 86

[email protected]
 Smart Scale

Smart Scale Services

Prerequisites

The DDMC Smart Scale feature is not available by default. Smart Scale
services must be deployed.

The DDMC Smart Scale prerequisites are the following:

• A user with administrator role

• A data center
• A DNS configuration on the DDMC
• A configured DD Namespace Redirection Service (DDNRS) port

Deploy Smart Scale Services

The DDMC Data Center Card View Expanded

The DDMC pushes an OVA file to create the DD Namespace VM

(DDNVM) on a vCenter in the VMware environment and deploy Smart
Scale services.

From the Data Centers page, you can deploy Smart Scale services.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 87

[email protected]
 Smart Scale

Deploying the DDNVM on a vCenter can take up to 30 minutes depending

on network bandwidth, load on the vCenter, and other network
configuration factors.

Once complete, Smart Scale services indicate that they are Running on the
data center.

You can redeploy Smart Scale services:

• If the DDNVM is deleted or corrupted using existing configuration data

• To modify deployed Smart Scale services using an updated
configuration

Deep Dive: For more details about Smart Scale, see the
Dell PowerProtect DD Management Center Installation and
Administration Guide on the Dell Support website.

Deep Dive: For more information about Smart Scale

services deployment, see the Smart Scale for PowerProtect
Appliances Implementation course.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 88

[email protected]
Glossary
Host Mapping
Host mapping is required when DNS is not configured. DNS maps the
name of a device with its IP address.

Mobile Storage Unit

A Mobile Storage Unit (MSU) is a DD Boost storage unit that is hosted on
one of the PowerProtect DD systems in a system pool. DD Boost clients
access the mobile storage unit through its specified networks.

OVA file
The Open Virtualization Application or Appliance (OVA) is a single file that
archives all the files that make up the Open Virtualization Format (OVF).
OVF is an open standard that contains multiple files as a package.

Passphrase
The Passphrase is a human-readable key, like a smart card, used to
generate a machine-usable AES 256 encryption key.

Search domain
A search domain is a domain used as part of a domain search list. The
search list, as well as the local domain name, is used by a resolver to
create a fully qualified domain name (FQDN) from a relative name.

Secure Multitenancy
Secure Multitenancy (SMT) is the simultaneous hosting of an IT
infrastructure by an internal IT department or an external provider for more
than one consumer or workload like a business unit, department, or
tenant.

SMT securely isolates many users and workloads in a shared

infrastructure so that the activities of one tenant are not apparent or visible
to the other tenants.

Dell PowerProtect DD Management Center Administration

[email protected]
© Copyright 2020 Dell Inc. Page 89
System Pool
A System Pool is a defined set of PowerProtect DD systems for
organization management, for example, by workload types, like backups
for Oracle, VM, and others. The DDMC manages these PowerProtect DD
systems and balances client workloads that access the hosted mobile
storage units. A system pool resides in a data center.

Dell PowerProtect DD Management Center Administration

© Copyright 2023 Dell Inc Page 90

[email protected]
 SMART SCALE FOR
POWERPROTECT
APPLIANCES CONCEPTS

PARTICIPANT GUIDE

[email protected]
[email protected]
 ESDPS04250 ~ Smart Scale for PowerProtect Appliances Concepts

© Copyright 2022 Dell Inc. Page i

[email protected]
Table of Contents

Smart Scale Concepts ......................................................................................................... 2

Smart Scale Introduction ...................................................................................................... 3
Smart Scale Configuration ................................................................................................... 4
Smart Scale Example .......................................................................................................... 6

Smart Scale with PowerProtect DD Management Center ....................................... 8

Smart Scale with PowerProtect DD Management Center..................................................... 9
DD Namespace Redirection Service .................................................................................. 10
Network Discovery with DDMC .......................................................................................... 11
Mobile Storage Unit Access ............................................................................................... 12

Activity - Build a Smart Scale Environment........................................................... 13

Analyze Smart Scale Components ..................................................................................... 14
Build a Smart Scale Environment....................................................................................... 17

Page ii © Copyright 2022 Dell Inc.

[email protected]
 ESDPSD04250 ~ Smart Scale Concepts – Participant Guide

© Copyright 2022 Dell Inc. Page 1

[email protected]
Smart Scale for PowerProtect Appliances Concepts

Page 2 © Copyright 2022 Dell Inc.

[email protected]
Smart Scale Introduction

Challenges managing backup data at scale

Protecting exponentially growing data is a big challenge to IT. Risk from cyber
attacks and meeting ever increasing service levels further complicates
protecting data. Some of the challenges to protecting rapidly growing data are:
 Managing multiple data centers and cloud environments
 Accommodating new and evolving applications
 Optimizing capacity and performance
Organizations must keep pace with data growth, optimize its workload, and
provide ongoing capacity insight in a data protection environment.
The Smart Scale feature in PowerProtect DD Management Center aids in
managing these challenges.

© Copyright 2022 Dell Inc. Page 3

[email protected]
Smart Scale Configuration

Smart Scale Configuration

The Smart Scale feature in PowerProtect DD Management Center (DDMC)

configures and controls data movement in the following ways:
1. Administrators can add up to 32 PowerProtect DD systems in DDMC.
The systems can span across as many as four pools in a single data
center. Smart Scale provides up to 48 PB of usable capacity or over 3
EB logical capacity with typical deduplication rates.
2. Smart Scale optimizes workload placement with intelligent and guided
backup data movement. Mobile storage units enable data consolidation
and data redistribution. As one PowerProtect DD system approaches full
capacity, a mobile storage unit can be moved to another system, freeing
up capacity on the at-risk PowerProtect DD. Smart Scale provides an
on-demand mobile storage unit transfer, sparing the customer from
manually rebalancing storage units. MSUs provide optimized workload
placement. Mobile storage units are transportable from one
PowerProtect DD system to another within a system pool. MSUs
eliminate storage silos and improve performance.

Page 4 © Copyright 2022 Dell Inc.

[email protected]
 3. Smart Scale groups all storage infrastructure into a single
federated namespace. Smart Scale manages storage as a single
entity.

© Copyright 2022 Dell Inc. Page 5

[email protected]
Smart Scale Example

Smart Scale Data Center Configuration Example

This diagram shows a data center with three PowerProtect DD systems.

1. PowerProtect DD systems are logically grouped to create a Smart
Scale system pool. A system pool manages available capacity as a
group of systems instead of selecting individual PowerProtect DD
appliances.
2. A data network is used to send the data from a client to a
PowerProtect DD. A pool access IP is used for the data network.
The DDMC collects the configuration of all network interfaces from
all the PowerProtect DD systems that the DDMC manages. Once
the data is collected, network groups are constructed based on a
unique subnet mask, VLAN ID, and network address. A network
group is a set of IP addresses, subnet, and VLAN ID. A pool access IP is
created for each network group. The IP address is dedicated to enable
client access to the system pool.

Page 6 © Copyright 2022 Dell Inc.

[email protected]
 3. The backup administrator creates backup policies and selects a
system pool as the destination for the backup.
4. A backup application starts a backup to a mobile storage unit
(MSU). The client establishes a connection to the DD Namespace
Service VM using a pool access IP. The namespace redirection
service returns the IP address within the same network group on
the PowerProtect DD where the MSU resides. The DD Boost library
on the backup client redirects the connection to this address.
5. Clients then send data to the appropriate PowerProtect DD
system.

© Copyright 2022 Dell Inc. Page 7

[email protected]
Smart Scale with PowerProtect DD Management
Center

Page 8 © Copyright 2022 Dell Inc.

[email protected]
Smart Scale with PowerProtect DD Management Center

Clients

Smart Scale Services

Using PowerProtect DD Management Center,

Smart Scale services provides:
Namespace redirection
Capacity projections and recommendations
Storage unit placement and transparent migration
Capacity and performance analytics System Pools Non-Pooled Systems

Smart Scale with PowerProtect DD Management Center

Smart Scale is deployed through the PowerProtect DD Management Center

(DDMC). DDMC operates as the control path for Smart Scale. DDMC manages all
mobile storage units (MSU) and all mobile boost users (MBU).

The strong analytics capabilities in DDMC provide the capacity projection and
analytics service for Smart Scale.

Lastly, DDMC provides migration and placement service for data that is stored in
system pools.

© Copyright 2022 Dell Inc. Page 9

[email protected]
DD Namespace Redirection Service

Multi System Management Using DDMC

PowerProtect Data Manager and

NetWorker

DD Namespace VM
Smart Scale
Services
Namespace Redirection DD Boost Client
Services

App App App

System Pool

Mobile Mobile
Mobile Mobile
Storage Storage
Storage Storage
Unit Unit
Unit Unit

Storag
e Unit

DD namespace Redirection Service

DDMC deploys the DD Namespace VM (DDNVM). The DDNVM is a virtual

machine that runs the DD Namespace Redirection Service (DDNRS).

The DDNRS is used with Smart Scale to manage its credential and backup set
databases.

The DD Namespace VM is mostly stateless and is used in the data path for initial
connection redirection.

Page 10 © Copyright 2022 Dell Inc.

[email protected]
Network Discovery with DDMC

Collects and saves network interface

information. Creates network groups to
map topology.

Network Group 1 Network Group 2

- Subnet Details - Subnet Details
- VLAN details - VLAN Details

IP Addresses IP Addresses
IP11, IP12, IP13 IP51, IP52, IP53
System IPs: System IPs:
DD01: IP11 DD01: IP51
DD02: IP12 DD02: IP52
DD03: IP13 DD03: IP53

Network Discovery

DDMC uses automatic network discovery of managed PowerProtect DD systems.

DDMC builds network groups that are based on the network topology using the IP
configuration of managed systems.

© Copyright 2022 Dell Inc. Page 11

[email protected]
Mobile Storage Unit Access

2 3

Mobile Boost user

connects to pool access
IP address IP10

Connects to IP3 (DD03) to access

MSU-1

Mobile Storage Unit Access

The administrator must specify the following when creating a mobile storage unit
(MSU):

 A system pool to determine the PowerProtect DD systems that can host the
MSU
 A network group or groups that file system clients can use to access the MSU
 A mobile Boost user with credentials for accessing the mobile storage unit

This diagram shows how an MSU is accessed in a system pool:

1. The mobile storage unit MSU-1 is hosted on system DD03 and is configured for
system pool SP-1.
2. Two workloads access MSU-1. One workload uses Network Group 1, which
accesses IP pool address IP10. A second workload can use Network Group 2
and IP50 for pool access.
3. A mobile Boost user provides a username and password to connect to IP10, the
pool access IP address for Network Group 1.

Page 12 © Copyright 2022 Dell Inc.

[email protected]
Activity - Build a Smart Scale Environment

© Copyright 2022 Dell Inc. Page 13

[email protected]
Analyze Smart Scale Components

Multi-System Management Using DDMC

PowerProtect Data Manager and

NetWorker
DDVM DD Namespace VM
Smart Scale
Services Namespace Redirection DD Boost Client
Service

Data Center
App App App

System Pool

Mobile Mobile
Storage Mobile Mobile Storage
Unit Storage Storage
Unit
Unit Unit

Storage
Unit

Smart Scale components

Become acquainted with the components used with Smart Scale to better
understand its function.

Page 14 © Copyright 2021 Dell Inc.

[email protected]
Data center1 Smart Scale services2 DD namespace VM3

Pool access IP (not Mobile storage unit 5 Mobile Boost user (not
pictured)4 pictured)6

DD Namespace System pool1 Network groups (not

redirection service1 pictured)1
1 A data center is a logical space that contains a group of PowerProtect DD
Systems. The PowerProtect DD system administrator can group up to 32 managed
PowerProtect DD appliances to create a single data center.
2 Smart Scale services are deployed from the DDMC into the data center and

enable you to create mobile storage units within a system pool. Smart Scale
services include, namespace redirection, capacity projections and
recommendations, mobile storage unit placement, and analytics.
3 A system pool in a data center is a defined set of PowerProtect DD systems.

Administrators can organize protected data in a system pool, for example, by

workload type (Oracle backups, VM backups, and so on). The DDMC manages
these PowerProtect DD systems and balances client workloads that access the
mobile storage units that are hosted on them.
4 A pool access IP address is a dedicated IP address that enables client access to

the system pool.

5 A Mobile Storage Unit (MSU) is a PowerProtect DD Boost storage unit that is

hosted on one of the PowerProtect DD systems in a system pool. DD Boost clients

access the mobile storage unit through its specified networks.
6 A Mobile Boost User is a DD Boost user that is assigned to a mobile storage unit.

Clients that access a mobile storage unit must provide the username and password
of its mobile DD Boost user.

© Copyright 2021 Dell Inc. Page 15

[email protected]
Page 16 © Copyright 2021 Dell Inc.
[email protected]
Build a Smart Scale Environment

Sequencing Activity:

Widgets Inc. is implementing a Smart Scale environment to manage multiple

PowerProtect DD systems in PowerProtect DD Management Center. Widgets Inc.
wants to use PowerProtect DD systems in a single system pool with DD Boost
clients to control the data that is transferred to the mobile storage units.

In the table below, place the number found on the diagram across from its
component name.

Number on the diagram Name of the component

Mobile storage unit

© Copyright 2021 Dell Inc. Page 17

[email protected]
 Namespace redirection services
DD Boost client
Multi system management using DDMC
System pool
Smart Scale services
DD Namespace VM

Page 18 © Copyright 2021 Dell Inc.

[email protected]
Answer key to Build a Smart Scale Environment
7 – Mobile storage unit
4 – Namespace redirection services
5 – DD Boost client
1 – Multi system management using DDMC
6 – System pool
2 – Smart Scale services
3 – DD Namespace VM

© Copyright 2021 Dell Inc. Page 19

[email protected]
 ESDPSD04094 ~ SMART
SCALE FOR
POWERPROTECT
APPLIANCES
IMPLEMENTATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
[email protected]
 ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page i

[email protected]
Table of Contents

Smart Scale Implementation ........................................................................4

Explore Smart Scale Data Centers .......................................................... 5

Data Centers........................................................................................................................ 6
Data Center Summary Page ................................................................................................ 7
Simulation Activity: Create a Data Center for Smart Scale Deployment ............................... 8

Explore the Smart Scale Deployment Wizard ....................................... 19

Smart Scale Services Preconfiguration .............................................................................. 20

Simulation Activity: Deploy Smart Scale Services .............................................................. 21

Explore Smart Scale System Pools ....................................................... 37

System Pool Preconfiguration ............................................................................................ 38

Simulation Activity: Create a System Pool for Smart Scale ................................................ 40

Appendix ................................................................................................. 53

ESDPSD04094 ~ Smart Scale Implementation

Page ii © Copyright 2022 Dell Inc.

[email protected]
 ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 3

[email protected]
Smart Scale Implementation

ESDPSD04094 ~ Smart Scale Implementation

Page 4 © Copyright 2022 Dell Inc.

[email protected]
Explore Smart Scale Data Centers

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 5

[email protected]
Data Centers

Data Centers Main Page in DDMC

In Smart Scale, data centers are logical groupings of PowerProtect DD systems.

Data centers show a clear view of individual system capacity and performance.

Data centers are created and managed within the Infrastructure menu in the
PowerProtect DD Management Center (DDMC) navigation panel. Only admin roles
can view and administer data centers.

Administrators can create custom dashboards for individual data centers and filter
PowerProtect DD systems at the data center level. Administrators can also deploy
Smart Scale services for DD Boost-based storage unit mobility.

Smart Scale supports up to 32 PowerProtect DD series appliances per data center.

PowerProtect DD systems can belong to only one data center.

Dell Technologies recommends creating no more than four system pools per data
center for Smart Scale services.

ESDPSD04094 ~ Smart Scale Implementation

Page 6 © Copyright 2022 Dell Inc.

[email protected]
Data Center Summary Page

Data Centers Summary Page

The Data Centers Summary page shows information about individual data centers.

1. View capacity information of the combined systems in the Data Center

Summary pane.

2. The Systems menu displays a window with a summary of individual systems

that are attached to the data center. The Summary window reports available
and used capacity on each system.
3. Administrators can deploy Smart Scale services from the Summary page by
clicking the Deploy Services button.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 7

[email protected]
Simulation Activity: Create a Data Center for Smart Scale
Deployment

Simulation Activity: Creating Data Centers for Smart Scale

Perform this simulation activity to experience creating Smart Scale data centers
with PowerProtect DD Management Center (DDMC).

1.1 Click the Infrastructure menu item.

ESDPSD04094 ~ Smart Scale Implementation

Page 8 © Copyright 2022 Dell Inc.

[email protected]
1.2 Click the Data Centers menu item.

1.3 In the Data Centers window, click Create.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 9

[email protected]
1.4 Click the Data Center Name field.

1.5 Click Next

ESDPSD04094 ~ Smart Scale Implementation

Page 10 © Copyright 2022 Dell Inc.

[email protected]
1.6 Click the system named dd02.demo.local

1.7 Click the system named dd01.demo.local

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 11

[email protected]
1.8 Scroll down to see the Add button.

1.9 Select Add

ESDPSD04094 ~ Smart Scale Implementation

Page 12 © Copyright 2022 Dell Inc.

[email protected]
1.10 Scroll downwards.

1.11 Click Next

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 13

[email protected]
1.12 Click Create.

1.13 Create a second data center. Click Create.

ESDPSD04094 ~ Smart Scale Implementation

Page 14 © Copyright 2022 Dell Inc.

[email protected]
1.14 Click the Data Center name field.

1.15 Select Next

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 15

[email protected]
1.16 Select dd03.demo.local.

1.17 Scroll downward.

ESDPSD04094 ~ Smart Scale Implementation

Page 16 © Copyright 2022 Dell Inc.

[email protected]
1.18 Select Add.

1.19 Scroll downward.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 17

[email protected]
1.20 Select Next.

1.21 Click Create to create the Hopkinton data center.

ESDPSD04094 ~ Smart Scale Implementation

Page 18 © Copyright 2022 Dell Inc.

[email protected]
Explore the Smart Scale Deployment Wizard

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 19

[email protected]
Smart Scale Services Preconfiguration

Smart Scale Configuration

Smart Scale services must be deployed through PowerProtect DD Management

Center (DDMC).

To deploy and enable the Smart Scale service, a Smart Scale data center must first
exist.

Smart Scale services are not available by default. Smart Scale can only be
deployed using DDMC. For the smoothest deployment, ensure that all resources
are preconfigured.

When services are deployed, the administrator must provide the data center name.
The deployment wizard also requires vCenter credentials, and username. The
administrator must supply an IP address with network details of the DD nameserver
VM, and the related port numbers.

DNS configuration is also required for Smart Scale deployment. Configure at least
one DNS server on the DDMC.

More information about DDMC deployment can be found in the Dell EMC
PowerProtect DD Management Center (DDMC) 7.8 Installation and Administration
Guide.

ESDPSD04094 ~ Smart Scale Implementation

Page 20 © Copyright 2022 Dell Inc.

[email protected]
Simulation Activity: Deploy Smart Scale Services

Simulation Activity: Deploy Smart Scale Services

Perform this simulation activity to experience how Smart Scale is deployed through
PowerProtect DD Management Center (DDMC).

1.1 Introduction

1.2 Click the expand icon.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 21

[email protected]
1.3 Click Deploy Services

1.4 Click New Passphrase.

ESDPSD04094 ~ Smart Scale Implementation

Page 22 © Copyright 2022 Dell Inc.

[email protected]
1.5 Click Confirm Passphrase

1.6 Click Save and Continue

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 23

[email protected]
1.7 Review the Data Needed window and click Next.

1.8 Click the vCenter field.

ESDPSD04094 ~ Smart Scale Implementation

Page 24 © Copyright 2022 Dell Inc.

[email protected]
1.9 Click Verify and Accept Host Certificate.

1.10 Click Accept

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 25

[email protected]
1.11 Provide the vCenter Username.

1.12 Provide the vCenter Password.

ESDPSD04094 ~ Smart Scale Implementation

Page 26 © Copyright 2022 Dell Inc.

[email protected]
1.13 Click Next

1.14 Provide the Data Center name.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 27

[email protected]
1.15 Provide the Cluster name.

1.16 Provide the Datastore name

ESDPSD04094 ~ Smart Scale Implementation

Page 28 © Copyright 2022 Dell Inc.

[email protected]
1.17 Provide the Portgroup name

1.18 Click Next.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 29

[email protected]
1.19 Provide a VM name.

1.20 Click Next.

ESDPSD04094 ~ Smart Scale Implementation

Page 30 © Copyright 2022 Dell Inc.

[email protected]
1.21 Provide the IP address for eth0.

1.22 Provide a Netmask address for eth0

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 31

[email protected]
1.23 Update the Gateway for eth0

1.24 Click Next

ESDPSD04094 ~ Smart Scale Implementation

Page 32 © Copyright 2022 Dell Inc.

[email protected]
1.25 Click Next

1.26 Click Next

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 33

[email protected]
1.27 Provide the administrator Username.

1.28 Provide the administrator Password.

ESDPSD04094 ~ Smart Scale Implementation

Page 34 © Copyright 2022 Dell Inc.

[email protected]
1.29 Click Next

1.30 Review the summary page and click Next.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 35

[email protected]
1.31 Smart Scale services are now installed and running.

ESDPSD04094 ~ Smart Scale Implementation

Page 36 © Copyright 2022 Dell Inc.

[email protected]
Explore Smart Scale System Pools

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 37

[email protected]
System Pool Preconfiguration

PowerProtect DD Management Center Data Protection Management

PowerProtect DD Series Appliances

Storage Pools in the Smart Scale Configuration

A system pool in a data center is a defined set of PowerProtect DD series

appliances. Administrators can organize system pools, by workload type, such as
Oracle backups, VM backups, and so on. The DDMC manages PowerProtect DD
series systems and balances client workloads that access Mobile Storage Units
(MSU) hosted on them.

A pool access IP is the network component that is used to create and access a
Mobile Storage Unit in a system pool.

In order to create a system pool, Smart Scale services must first be deployed.

PowerProtect DD systems should be available in the data center to add to the

system pool.

More requirements for adding systems to the system pool include:

 The PowerProtect DD systems must be model DD6900, DD9400, or DD9900.
 The DDOS version must be 7.8 or later.

ESDPSD04094 ~ Smart Scale Implementation

Page 38 © Copyright 2022 Dell Inc.

[email protected]
 The PowerProtect DD system must not belong to a different data center or
system pool.
 DD Boost must be enabled on the PowerProtect DD systems.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 39

[email protected]
Simulation Activity: Create a System Pool for Smart Scale

Simulation Activity: Create a System Pool for Smart Scale.

Perform this simulation activity to experience how to create a System Pool

for Smart Scale using PowerProtect DD Management Center (DDMC)

1.1 Introduction Slide

ESDPSD04094 ~ Smart Scale Implementation

Page 40 © Copyright 2022 Dell Inc.

[email protected]
1.2 Click the System Pools button.

1.3 Click Create.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 41

[email protected]
1.4 Review the System Pool Readiness Guidelines then click Next.

1.5 Name the system pool, "General."

ESDPSD04094 ~ Smart Scale Implementation

Page 42 © Copyright 2022 Dell Inc.

[email protected]
1.6 Click the Retention Lock Governance radio button.

1.7 Click Next.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 43

[email protected]
1.8 Select dd02.demo.local

1.9 Select dd02.demo.local

ESDPSD04094 ~ Smart Scale Implementation

Page 44 © Copyright 2022 Dell Inc.

[email protected]
1.10 Click Add to Pool.

1.11 Click Next.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 45

[email protected]
1.12 Click Configure Pool Access.

1.13 Select the pool marked Not Configured.

ESDPSD04094 ~ Smart Scale Implementation

Page 46 © Copyright 2022 Dell Inc.

[email protected]
1.14 Click the Assign Pool Access IP button.

1.15 Click the System Pool Access IP field.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 47

[email protected]
1.16 Click the Interface field.

1.17 Select Eth1.

ESDPSD04094 ~ Smart Scale Implementation

Page 48 © Copyright 2022 Dell Inc.

[email protected]
1.18 Click Save

1.19 Click Next.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 49

[email protected]
1.20 Click Create

ESDPSD04094 ~ Smart Scale Implementation

Page 50 © Copyright 2022 Dell Inc.

[email protected]
 ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 51

[email protected]
[email protected]
Appendix

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2021 Dell Inc. Page 53

[email protected]
Appendix

Resource Requirements
Hardware Resource Requirements

Resource DDMC DDNVM

vCPU 4vCPU 8vCPU

Memory 8 GB 24 GB

Disk 40 + 200 + 100 GB 256 GB

System Requirements

Requirement Use

DDMC administrator role permissions Used to access the Smart Scale feature

vCenter lookup credentials Used to monitor Smart Scale services

health status

vCenter 6.7 or later with shared Used as host for Data Domain Namespace
datastore and HA configuration VM

One or more valid DNS servers that Used for communications between
are configured on the DDMC DDNVM, DDMC, and protection storage

DDNVM Ports

Port Protocol Service Notes

10001 TCP DD Namespace This service uses a

Redirection Service certificate-based
Agent trusted channel and
a DDMC-CA-issued
certificate.

ESDPSD04094 ~ Smart Scale Implementation

Page 54 © Copyright 2021 Dell Inc.

[email protected]
 Appendix

10002 TCP Preshared key for SSL This service uses a

and TLS handshake preshared secret
with DDMC. The
secret is secured on
both DDMC and
DDNVM.

10003 TCP SSH Daemon This service uses

SSH private key
that is stored only
on DDMC.

10004 TCP DD namespace This service uses a

Redirection database certificate-based
Manager trusted channel and
a DDMC-CA issued
certificate.

2053 TCP DD namespace This service is used

Redirection Service for mobile storage
unit (MSU) access
by DD Boost clients.

2049 TCP PowerProtect DD Server The default DD

Boost port remains
2049.

ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2021 Dell Inc. Page 55

[email protected]
 ESDPSD04094 ~ Smart Scale Implementation

© Copyright 2022 Dell Inc. Page 56

[email protected]
 ESDPSD04249 ~ SMART SCALE
FOR POWERPROTECT
APPLIANCES ADMINISTRATION

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
[email protected]
 ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page i

[email protected]
Table of Contents

Smart Scale for PowerProtect Appliances Administration .......................................................... 1

Using Smart Scale in Backup Operations................................................................ 2

Backup Operations with Smart Scale ................................................................................... 3
Simulation Activity: Add a Smart Scale System Pool as Protection Storage ......................... 4
Simulation Activity: Perform a Backup with a Smart Scale System Pool as the Backup
Target ................................................................................................................................13
Simulation Activity: Restore from a System Pool Backup ................................................... 29

Using Smart Scale in Disaster Recovery Operations ........................................... 44

Disaster Recovery Backups with Smart Scale.................................................................... 45
Simulation Activity: Using Smart Scale for DDMC DR Backup ........................................... 47
Disaster Recovery Restore Operations with Smart Scale................................................... 62
Simulation Activity: Using Smart Scale for DDMC Disaster Recovery Restores ................. 64

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP – Participant Guide

Page ii © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

Smart Scale for PowerProtect Appliances Administration

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 1

[email protected]
Using Smart Scale in Backup Operations

Using Smart Scale in Backup Operations

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 2 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

Backup Operations with Smart Scale

A Smart Scale System Pool Available for Protection Storage

Smart Scale for PowerProtect DD appliances can be used with PowerProtect Data
Manager and Dell NetWorker as the data protection management applications for
backups.

As administrators create protection policies, they can specify a system pool as the
targeted protection storage. Copy placement becomes transparent to the data
protection client. This feature helps administrators to better manage capacity
changes and storage unit placement without requiring modifications to the
protection infrastructure.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 3

[email protected]
Using Smart Scale in Backup Operations

Simulation Activity: Add a Smart Scale System Pool as

Protection Storage

Simulation Activity: Add a Smart Scale System Pool as

Protection Storage

Add a Smart Scale system pool as protection storage

1.1 Introduction Slide

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 4 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.2 Click Infrastructure.

1.3 Click Storage

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 5

[email protected]
Using Smart Scale in Backup Operations

1.4 Click Add.

1.5 Click PowerProtect DD Management Center.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 6 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.6 Click the Name field.

1.7 Click ddmc1.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 7

[email protected]
Using Smart Scale in Backup Operations

1.8 Click the Address field.

1.9 Select ddmc.demo.local.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 8 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.10 Click the Host Credentials field.

1.11 Select ddmc1.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 9

[email protected]
Using Smart Scale in Backup Operations

1.12 Click Verify.

1.13 Click Save.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 10 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.14 Click Details for the General system pool.

1.15 Click and drag

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 11

[email protected]
Using Smart Scale in Backup Operations

1.16 Click

Simulation Activity Wrap Up

Notes

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 12 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

Simulation Activity: Perform a Backup with a Smart Scale

System Pool as the Backup Target

Simulation Activity: Perform a Backup with a Smart Scale

System Pool as the Backup Target

Perform a backup with a Smart Scale system pool as the backup

target
1.1 Introduction Slide

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 13

[email protected]
Using Smart Scale in Backup Operations

1.2 Click

1.3 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 14 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.4 Click

1.5 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 15

[email protected]
Using Smart Scale in Backup Operations

1.6 Click

1.7 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 16 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.8 Click

1.9 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 17

[email protected]
Using Smart Scale in Backup Operations

1.10 Click

1.11 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 18 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.12 Click

1.13 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 19

[email protected]
Using Smart Scale in Backup Operations

1.14 Click

1.15 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 20 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.16 Click

1.17 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 21

[email protected]
Using Smart Scale in Backup Operations

1.18 Click

1.19 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 22 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.20 Click

1.21 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 23

[email protected]
Using Smart Scale in Backup Operations

1.22 Click

1.23 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 24 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.24 Click

1.25 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 25

[email protected]
Using Smart Scale in Backup Operations

1.26 Click

1.27 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 26 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.28 Click

1.29 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 27

[email protected]
Using Smart Scale in Backup Operations

1.30 Click

Simulation Activity Wrap Up

Notes

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 28 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

Simulation Activity: Restore from a System Pool Backup

Simulation Activity: Restore from a system pool backup

Restore from a System Pool Backup

1.1 Introduction Slide

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 29

[email protected]
Using Smart Scale in Backup Operations

1.2 Click Restore.

1.3 Click Assets.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 30 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.4 Select LINUX-01

1.5 Click View Copies.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 31

[email protected]
Using Smart Scale in Backup Operations

1.6 In the Restore -> Asset LINUX-01 window, click SP.

1.7 Select the copy from April 6.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 32 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.8 Click Restore.

1.9 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 33

[email protected]
Using Smart Scale in Backup Operations

1.10 Click

1.11 Select Create and Restore to New VM.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 34 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.12 Click Next.

1.13 Click Next.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 35

[email protected]
Using Smart Scale in Backup Operations

1.14 For the Restore Location, click PowerProtect.

1.15 Select esxi03-7.demo.local as the restore location.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 36 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.16 Click Next.

1.17 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 37

[email protected]
Using Smart Scale in Backup Operations

1.18 Select Datastore 1.

1.19 Click Next.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 38 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.20 Click the Network field.

1.21 Select VM Network.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 39

[email protected]
Using Smart Scale in Backup Operations

1.22 Click Next.

1.23 Click the New VM name field.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 40 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

1.24 Click Next.

1.25 Click Restore.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 41

[email protected]
Using Smart Scale in Backup Operations

1.26 Click Jobs.

1.27 Click Protection Jobs to view the restore progress.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 42 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Backup Operations

Simulation Activity Wrap Up

Notes

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 43

[email protected]
Using Smart Scale in Disaster Recovery Operations

Using Smart Scale in Disaster Recovery Operations

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 44 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

Disaster Recovery Backups with Smart Scale

Configure Disaster Recovery in the PowerProtect DD Management Center

Administrators can protect a PowerProtect DD Management Center (DDMC) by

taking a snapshot of the entire virtual machine (VM) on which the DDMC instance
is running. In the case of disaster, administrators can restore the DDMC.

As administrators create protection policies, they can specify a system pool as the
targeted protection storage. Copy placement is transparent to the data protection
client. This feature helps administrators to better manage capacity changes and
storage unit placement without requiring modifications to the protection
infrastructure.

To create a DDMC DR backup, administrators must do the following:

 Enable the backup.
 Specify an MTree on a PowerProtect DD system that the DDMC manages.
 Create an NFS export path for the MTree or storage unit and provide full access
to the DDMC.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 45

[email protected]
Using Smart Scale in Disaster Recovery Operations

By default, the backup happens every 15 minutes and retains only the latest
readable copy. The backup copies to a staging area (/resource/ddmc_dr/backup) in
DDMC and then move to the MTree or storage unit.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 46 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

Simulation Activity: Using Smart Scale for DDMC DR Backup

Simulation Activity: Using Smart Scale for DDMC DR Backups

Using Smart Scale for DDMC DR Backups

1.1 Introduction Slide

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 47

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.2 Click Protocols.

1.3 Click DD Boost.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 48 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.4 Click Storage Units.

1.5 Click the add storage units symbol.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 49

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.6 Click the Name field and name the storage unit.

1.7 Select sysadmin as the user.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 50 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.8 Click Create.

1.9 Click the Storage Units tab to view the new SU.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 51

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.10 Click NFS to create an NFS mount point for the new SU.

1.11 Click Create to create a new export.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 52 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.12 Click Export Name.

1.13 Click the Directory Path field.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 53

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.14 Click the plus symbol to add a client.

1.15 Click OK to accept the default settings.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 54 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.16 Select the new client.

1.17 Click OK to complete the NFS export.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 55

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.18 When the export configuration is saved, click CLOSE.

1.19 Click the DD Management Center tab.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 56 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.20 Click Settings.

1.21 Click Disaster Recovery.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 57

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.22 Click the DD System dropdown arrow.

1.23 Select dd01.demo.local.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 58 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.24 Click the NFS Export Path dropdown arrow.

1.25 Select the DRDDMC export path.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 59

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.26 Click Apply to start the backup.

1.27 View the backup summary.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 60 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

Simulation Activity Wrap Up

Notes

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 61

[email protected]
Using Smart Scale in Disaster Recovery Operations

Disaster Recovery Restore Operations with Smart Scale

Restoring a PowerProtect DD Management Center

To perform a DDMC recovery, deploy a new DDMC with the same version and
mount the MTree that has the backup on the new DDMC.

Following is a table that explains which recovery operation should be used when
experiencing a corrupt or destroyed DDMC instance, or DD Namespace VM
(DDNVM), or both:

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 62 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

DDMC DD Namespace VM Solution

(DDNVM)

Good Corrupt or destroyed Restart DDNVM from

vCenter. Redeploy the
service from the
DDMC UI and sync the
data if a restart does
not fix the issue.

Corrupt or destroyed Good DDMC DR

Corrupt or destroyed Corrupt or destroyed Recover DDMC from

DR backup and
redeploy DDNVM from
the DDMC UI.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 63

[email protected]
Using Smart Scale in Disaster Recovery Operations

Simulation Activity: Using Smart Scale for DDMC Disaster

Recovery Restores

Simulation Activity: Using Smart Scale for DDMC Disaster

Recovery

Using Smart Scale for DDMC Disaster Recovery Restores

1.1 Introduction Slide

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 64 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.2 Right Click

1.3 Click Deploy OVF Template.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 65

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.4 Click Local File.

1.5 Click Upload Files.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 66 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.6 Click ddmc-ddnvm-infra-7.8.0.0-1007936.ova.

1.7 Click Open.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 67

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.8 Click Next.

1.9 Click Next.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 68 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.10 Expand the PowerProtect cluster.

1.11 Select esxi03-7.demo.local.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 69

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.12 Click Next.

1.13 Click Ignore.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 70 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.14 Click Next.

1.15 Select Smartscale_Datastore.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 71

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.16 Select virtual data format.

1.17 Click Thin Provisioned

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 72 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.18 Click Next.

1.19 Click Next.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 73

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.20 Click Finish

1.21 Right-click the recovered DDMC instance.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 74 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.22 Click the Power menu item.

1.23 Select Power On.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 75

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.24 Right-click the DDMC instance.

1.25 Click the Launch Console icon.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 76 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.26 Click Launch.

1.27 Click the localhost login field

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 77

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.28 Close the console window.

1.29 Click open the DDMC tab.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 78 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.30 Click the User Name field.

1.31 Click the Password field.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 79

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.32 Click Login.

1.33 Click the Settings icon.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 80 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.34 Select Restore DDMC.

1.35 Click New Passphrase.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 81

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.36 Click

1.37 Click Save and Continue.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 82 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.38 Enter the DD System name.

1.39 Click NFS Export Path.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 83

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.40 Click Next.

1.41 Click Next.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 84 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.42 Click Restore.

1.43 Click the User Name field.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 85

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.44 Click the Password field.

1.45 Click Infrastructure.

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 86 © Copyright 2022 Dell Inc.

[email protected]
 Using Smart Scale in Disaster Recovery Operations

1.46 Click Data Centers.

1.47 Click

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 87

[email protected]
Using Smart Scale in Disaster Recovery Operations

1.48 End

Simulation Activity Wrap Up

Notes

ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

Page 88 © Copyright 2022 Dell Inc.

[email protected]
 ESDPSD04249 ~ Smart Scale for PowerProtect Appliances Administration-SSP

© Copyright 2022 Dell Inc. Page 89

[email protected]