Scribd
Upload
7 views

01 PowerProtect+DD+Concepts+and+Features+-+Participant+Guide

The document provides a comprehensive overview of PowerProtect DD, a data protection appliance designed to reduce storage requirements through deduplication and encryption. It details the system's architecture, current models, hardware features, and various operating system capabilities, including replication and cloud tiering. Additionally, it highlights management tools and the benefits of integrating PowerProtect DD into backup environments.

Uploaded by

Mohamed Fouad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

01 PowerProtect+DD+Concepts+and+Features+-+Participant+Guide

The document provides a comprehensive overview of PowerProtect DD, a data protection appliance designed to reduce storage requirements through deduplication and encryption. It details the system's architecture, current models, hardware features, and various operating system capabilities, including replication and cloud tiering. Additionally, it highlights management tools and the benefits of integrating PowerProtect DD into backup environments.

Uploaded by

Mohamed Fouad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 106

POWERPROTECT DD

CONCEPTS AND
FEATURES

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Internal Use - Confidential
Table of Contents

PowerProtect DD Concepts and Features ........................................................................... 1

Introduction to PowerProtect DD.............................................................................. 2


PowerProtect DD System Overview ..................................................................................... 3
PowerProtect DD System Overview ..................................................................................... 4
PowerProtect DD System Overview ..................................................................................... 6
PowerProtect DD System Overview ..................................................................................... 7
Current Models .................................................................................................................... 9
Hardware Features ............................................................................................................ 12
PowerProtect DD Virtual Edition (DDVE) Features ............................................................ 13
Feature and Capacity Licensing ......................................................................................... 17

Architecture and Technology Overview................................................................. 18


Data Paths and Supported Protocols ................................................................................. 19
DDOS File System ............................................................................................................. 20
DDOS Deduplication .......................................................................................................... 21
Stream Informed Segment Layout (SISL) .......................................................................... 22
Data Invulnerability Architecture (DIA) ............................................................................... 24

DD Operating System Features and Capabilities .................................................. 25


DD Boost ........................................................................................................................... 26
Replication ......................................................................................................................... 27
Cloud Tier .......................................................................................................................... 28
BoostFS ............................................................................................................................. 29
PowerProtect DD High Availability ..................................................................................... 31
DD Retention Lock ............................................................................................................. 32
Secure Multi-Tenancy (SMT) ............................................................................................. 34
DD Virtual Tape Library (DD VTL) ...................................................................................... 35
Data Security ..................................................................................................................... 36
System Access Features ................................................................................................... 37
Dell Secure Remote Service .............................................................................................. 39
Storage Migration............................................................................................................... 40

PowerProtect DD Concepts and Features

Page ii © Copyright 2020 Dell Inc.


Minimally Disruptive Upgrade (MDU) ................................................................................. 41

PowerProtect DD Management Overview .............................................................. 43


Command Line Interface (CLI) ........................................................................................... 44
DD System Manager (DDSM) ............................................................................................ 46
PowerProtect DD Management Center (DDMC) ................................................................ 47

Appendix ................................................................................................. 49

Glossary ................................................................................................ 101

PowerProtect DD Concepts and Features

Internal Use - Confidential


© Copyright 2020 Dell Inc. Page iii
Introduction to PowerProtect DD

PowerProtect DD Concepts and Features

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 1
Introduction to PowerProtect DD

Introduction to PowerProtect DD

PowerProtect DD Concepts and Features

Internal Use - Confidential


Page 2 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

PowerProtect DD System Overview

What is a PowerProtect PowerProtect DD Replication3


DD system?1 Deduplication and
Encryption2

1PowerProtect DD systems are purpose-built, data protection appliances that are


designed to reduce the amount of disk storage that is required to retain and protect
data.

2 One of the key differentiators PowerProtect DD systems offers is the ability to


deduplicate and encrypt data inline as it is written to disk. Furthermore
PowerProtect DD systems meet various US and international compliance
regulations.

3All data sent to a PowerProtect DD system can be efficiently replicated to a


secondary site for disaster recovery. Also, data can be sent to the public, private, or
hybrid cloud for long-term protection.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 3
Introduction to PowerProtect DD

PowerProtect DD System Overview

Challenges4 1: Clients and 2: Backup 3: Tape 4: Tape


Servers5 Server6 Transport7 Restore
Process8

4 The diagram here illustrates the conventional process of handling backups


through backup servers. Increasing the storage speed and capacity for the data
that is generated along with the cost-effectiveness is a perpetual challenge. One of
the most expensive and resource-intensive tasks are gathering, storing, and
protecting data backups. Writing data to tapes and shipping them offsite for storage
is one of the largest financial and labor resource challenges in the conventional
tape-centric environment.

5 Clients and servers store data on the primary storage device.

6The conventional process of handling backups is through backup servers. The


backup servers preserve the data on the primary storage device by copying it to
disk-based storage or a tape library.

7 Tapes are physically transported and stored offsite for archival and disaster
recovery purposes. If there is a negative event in the data center, moving tapes
offsite prevents the loss of backup data.

8Data recovery requires a manual process of transporting the tapes back to the
primary storage device in the data center.

PowerProtect DD Concepts and Features

Internal Use - Confidential


Page 4 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

Backup Environment Without PowerProtect DD

Challenges Data Center Data Recovery Site


Clients

Primary
Storage

Speed

Restore
Process

Capacity Backup
Servers Management
Server

Tape
Cost
Transport

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 5
Introduction to PowerProtect DD

PowerProtect DD System Overview

Introducing PowerProtect DD systems

Scalability and Efficient Resource Reliable Access Seamless


Performance9 Utilization10 and Recovery11 Integration12

9Reduces required storage by 50-65x. Protects up to 211.2 PB of logical capacity,


and completes backups faster – up to 94 TB per hour on the high end appliance
(DD9900).

10 Sends only deduplicated data across the network to reduce bandwidth required

11 End-to-end data verification, fault detection, and self-healing

12 Integrates with leading backup, archiving, and enterprise applications

PowerProtect DD Concepts and Features

Internal Use - Confidential


Page 6 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

PowerProtect DD System Overview

Applications13 1: Clients and 2: Data 3: Data 4: Data


Servers14 Center15 Replication16 Recovery17

13PowerProtect DD systems support many backup, archive, and enterprise


applications. The list includes not only Dell EMC NetWorker and Avamar,
PowerProtect Data Manager(PPDM) but also products by Quest, Veritas, Oracle,
HP, IBM, SAP Hana, and others.

14When a PowerProtect DD appliance is added to a backup environment, clients


and servers still store data on the primary storage device. However, if NetWorker or
Avamar are used to backup clients, the clients may also backup data directly to the
PowerProtect DD appliance.

15If clients do not back up directly to the PowerProtect DD appliance using Avamar
or Networker, the backup servers preserve the data on the PowerProtect DD
appliance. Deduplication greatly reduces the data footprint before the data is
backed up. Global compression technology combines an exceptionally efficient
high-performance inline deduplication technology with a local compression
technique. The reduced data footprint allows data to be retained on-site for longer
periods and allows transfer across the network for archival. If regulatory or
corporate policies require tape backups, tape backups can be incorporated into a
PowerProtect DD environment.

16 DD Replicator software transfers only the deduplicated and compressed unique


changes across any IP network. PowerProtect DD appliances use replication
methods that require a fraction of the bandwidth, time, and cost, compared to
traditional replication methods. “Time-to-DR readiness” is greatly reduced when
compared to other replication methods.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 7
Introduction to PowerProtect DD

Backup Environment with PowerProtect DD

Backup Applications Data Center Data Recovery Site


Clients

Disaster Recovery PowerProtect DD


Primary PowerProtect DD System
System

Archive Applications

Servers

Enterprise Applications WA
N

Backup
Management
Server

17The elimination of time-consuming and resource-intensive handling of tape


similarly transforms the data recovery process.

PowerProtect DD Concepts and Features

Internal Use - Confidential


Page 8 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

Current Models

3 5
2 4

1: PowerProtect DD Virtual Edition (DDVE) is a customer-deployable virtual


deduplication appliance that provides data protection for entry, enterprise, and
service provider environments.

DDVE is agile, it is designed for use with VMware, it is exceptionally quick to set up
and run. You can start with a small capacity configuration and scale as large as 96
TB.

It is flexible as it offers a flexible deployment environment that includes


deduplication, replication, DD Boost, and scalable storage capacity. Users can take
advantage of the same powerful deduplication feature available in all PowerProtect
DD hardware products along with the security of full replication capabilities.
Optional use of DD Boost to further speed-up data transfers to your own scalable
storage configurations, making DDVE efficient.

2: The DD3300 is a small and robust protection storage platform, ideal for both
SMBs, and branch or departmental data protection for larger enterprises. The
DD3300 with Cloud Tier can back up a logical capacity up to 4.8 PB in the cloud
with extensive API support.

3: The DD6900 offers 1.3 times greater system scale than its predecessors and
can backup up to 288 TB usable capacity. That usable capacity is expanded to up
to 576 TB with Cloud Tier.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 9
Introduction to PowerProtect DD

4: The DD9400 has a throughput up to 57 TB per hour and delivers scalability 2.5
times greater than previous generations. It can backup up to 768 TB of usable
capacity, with up to 1.54 PB usable with Cloud Tier.

5: The DD9900 has a throughput of up to 94 TB per hour. It can backup up to 1.25


PB of usable capacity and up to 2.02 PB usable when using Cloud Tier.

Expansion Shelves
Listed are the capacities and compatibilities of the options for the expansion
shelves.

1. ES40

ES40 can accommodate 15, 4 TB or 8 TB drives and supports the DD6900,


DD9400, and DD9900.

2. DS60

The DS60 (Dense Storage) shelf supports 3 TB, 4 TB, or 8 TB SAS drives in
15 drive increments, up to 60 drives per shelf. DS60 supports DD6900,
DD9400, and DD9900 systems. 8 TB SAS drives are only supported on the
DD9400 and DD9900.

PowerProtect DD Concepts and Features

Internal Use - Confidential


Page 10 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

3. FS25

The FS25 (Flash Storage) SSD shelf is a solid-state expansion shelf that is
used exclusively for the metadata cache in a PowerProtect DD system. The
FS25 is supported on the DD6900, DD9400, and DD9900. The FS25 is only
supported on the DD6900 and DD9400 in a DD high availability (DD HA)
configuration.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 11
Introduction to PowerProtect DD

Hardware Features

PowerProtect DD appliances are based on basic hardware architecture.

Head Unit and Expansion Shelves

Connectivity and Redundancy

Documents for specific hardware models are published on the Dell EMC support
site.

PowerProtect DD Concepts and Features

Internal Use - Confidential


Page 12 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

PowerProtect DD Virtual Edition (DDVE) Features

DDVE Evaluation18

18 Dell EMC offers a DDVE evaluation license for a limited 500 GB capacity. The
evaluation license includes DD Boost, Replication, and Encryption with no set
expiration. This license can be replaced with larger capacity licenses if needed – up
to a maximum of 96 TB. Other limited time evaluation licenses are also available.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 13
Introduction to PowerProtect DD

Features DDVE Optimized Features20 Other


only on DDOS
DDVE19 features21

DD Operating System (DDOS) Features

DDOS is the intelligence that powers Dell EMC PowerProtect DD appliances.


DDOS provides the agility, security, and reliability that enables the PowerProtect
DD platform to deliver scalable, high-speed, and cloud-enabled protection storage
for backup, archive, and disaster recovery.

DDOS has a wide range of features to protect sensitive data. Most of the features
that are listed are covered in more detail later in the course.

4. BoostFS

19 Features that are supported only on DDVE are the deployment assessment tool,
virtual resource monitoring, and RAID-On-LUN.

20Features that are optimized for use with DDVE are stream counts, MTree counts,
the DD System Manager, IPv4, and IPv6.

21Features that are supported on DDVE include DD Boost, CIFS, NFS, Encryption,
and Replication.

PowerProtect DD Concepts and Features

Internal Use - Confidential


Page 14 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

BoostFS is a virtual file system running on a Linux or Windows client. It is


based on the DDBoost SDK and the open-source software FUSE (file system
in user space). BoostFS exports a storage-unit from a PowerProtect DD
system to create a mount point on the client system. BoostFS collects the
results of the file system operations that are conducted on the mount points by
the kernel on the client system. BoostFS then translates them into DD Boost
SDK APIs to communicate with the PowerProtect DD system. As a result, files
and directories that are created on the mount point are stored in the storage
unit on the PowerProtect DD system.

5. Dell EMC Cloud Tier

The Cloud Tier feature enables the movement of inactive data from the active
tier to a low-cost and a high-capacity object storage like a public, private, or
hybrid cloud. This mechanism is highly efficient for long-term data retention.
During the process of data movement, only the unique and deduplicated data
is sent from the PowerProtect DD system to the cloud. This process ensures
that the data being sent to the cloud occupies as little space as possible. Using
less space in the cloud results in a lower TCO over time for long-term storage.

6. DD Replicator

DD Replicator provides automated, policy-based, network efficient, and


encrypted replication for Disaster Recovery and multi-site backup and archive
consolidation. DD Replicator asynchronously replicates only compressed,
deduplicated data over a Wide Area Network (WAN) This eliminates up to 99%
of the bandwidth required compared to standard replication methods.

7. DD Boost

DD Boost is a private protocol that is more efficient than CIFS or NFS. DD


Boost has a private and efficient data transfer protocol with options to increase
efficiencies.

8. Encryption

Encryption software option encrypts all data on the system using an internally
generated encryption key. Optionally, an external key manager may be used.

9. DD Retention Lock

DD Retention Lock enables IT organizations to efficiently store and manage

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 15
Introduction to PowerProtect DD

different types of governance and compliance archive data on a single


PowerProtect DD system. Retention Lock helps to ensure that data integrity is
maintained. Any data that is locked cannot be overwritten, modified, or deleted
for a user-defined retention period of up to 70 years.

10. Secure Multi-Tenancy (SMT)

SMT for PowerProtect DD systems is a feature that enables secure isolation of


many users and workloads on a shared system. As a result, the activities of
one tenant are not visible or apparent to other tenants. This capability
improves cost efficiencies through a shared infrastructure while providing each
tenant with the same visibility, isolation, and control that they would have with
their own system.

11. Storage Migration

Storage migration supports the replacement of an existing storage enclosure


with new enclosure. The replacement of existing storage enclosures usually
offers higher performance, higher capacity, and a smaller data footprint.

12. PowerProtect DD VTL (DD VTL)

DD VTL software eliminates the challenges of physical tape. The DD VTL


software can emulate up to 60 or more virtual tape libraries with up to 1,080
virtual tape drives, and unlimited tape cartridges.

13. PowerProtect DD High Availability (DD HA)

If there is a system failure, the DD HA feature lets you configure two protection
systems as an Active-Standby pair, providing redundancy. DD HA keeps the
NVRAM of the active and standby systems synchronized. If the active node
were to fail due to hardware or software issues, the standby node can take
over services and continue where the failing node left off.

14. Management Features

PowerProtect DD systems can be managed using the Command Line


Interface, or through the DD System Manager (DDSM) user interface. The
PowerProtect DD Management Center (DDMC) can be used to manage
multiple PowerProtect DD systems.

PowerProtect DD Concepts and Features

Internal Use - Confidential


Page 16 © Copyright 2020 Dell Inc.
Introduction to PowerProtect DD

Feature and Capacity Licensing

PowerProtect DD appliances can have extra features, and capacity added by


adding the appropriate license.

Electronic Licensing
Management
System

Features and Capacity

Contact your sales representative for specific information about which


feature and capacity licenses may be required for specific
implementations.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 17
Architecture and Technology Overview

Architecture and Technology Overview

PowerProtect DD Concepts and Features

Page 18 © Copyright 2020 Dell Inc.


Architecture and Technology Overview

Data Paths and Supported Protocols

PowerProtect DD appliances support several protocols over both Ethernet and


Fibre Channel.

1: 2: Clients 2a: Client 3: Backup 4: Fibre 5:


Administrativ and Direct and Channel Replication
e Access Servers Archive
Servers

Data Center Data Recovery Site

Backup
Management
Administration
Server

Clients

Servers LAN

or

WAN

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 19
Architecture and Technology Overview

DDOS File System

The DDOS has a file system for system and administrative files and another for
storing backup data. System files are stored in the /ddvar directory, and backup
data is stored in an MTree in the /data/col1 folder.

/data
/ddvar

/col1
/core

/backup
/log

/HR
/support
/Sales

/releases
/Support

PowerProtect DD Concepts and Features

Page 20 © Copyright 2020 Dell Inc.


Architecture and Technology Overview

DDOS Deduplication

DDOS Deduplication Process

1: The DD operating system (DDOS) implements inline deduplication, where


variable-length segments are examined when they arrive in the system. This
deduplication method determines if the segments are new, or duplicates of
segments that are stored. Data deduplication occurs in RAM, before the data is
written to disk. Approximately 99% of data segments are analyzed in RAM without
disk access, which reduces disk seek time. Writes from RAM to disk are done in
full-stripe batches to increase the efficiency of disk usage.

2: The stream is divided into variable-length segments, and each is given a unique
ID or fingerprint.

3: If a segment is redundant, a reference to the stored segment is created.

4: If a segment is unique, it is compressed and stored.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 21
Architecture and Technology Overview

Stream Informed Segment Layout (SISL)

Deduplication Using SISL

1: Segment: The data is split into variable-length segments.

2: Fingerprint: Each segment is given a fingerprint or hash for identification.

3: Filter: Summary vector and segment locality techniques in RAM (inline) are
used to identify 99% of the duplicate segments before storing to disk. If a segment
is a duplicate, it is referenced and discarded. If a segment is new, the data is
grouped and compressed.

4: Compress: New segments are grouped and compressed using common


algorithms: lz, gz, gzfast, or off (no compression). The gzfast algorithm is used by
default.

5: Write: Writes data (segments, fingerprints, metadata, and logs) to containers


stored on disk.

6: The DD Operating System (DDOS) uses SISL to implement inline deduplication.


SISL uses fingerprints and RAM to identify segments already on disk.

PowerProtect DD Concepts and Features

Page 22 © Copyright 2020 Dell Inc.


Architecture and Technology Overview

SISL scaling architecture provides faster, and more efficient deduplication by


minimizing excessive disk accesses to check if a segment is on disk:
• 99% of duplicate data segments are identified inline in RAM before the data is
stored to disk.
• Scales with PowerProtect DD appliances using newer and faster CPUs and
RAM.
• Increases the throughput-rate of newly added data.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 23
Architecture and Technology Overview

Data Invulnerability Architecture (DIA)

DIA is an important DDOS technology that provides safe and reliable storage. It
protects data from loss due to hardware and software failures.

1. Inline Data 2. Fault 3. Continuous Fault


4. Recovery/Access
Verification Avoidance and Detection and Self-
and Verification
Containment Healing

Stores Stays Recheck Stays Recovers


Correctly Correctly Correctly Correctly

DDOS is built to ensure that you can reliably recover your data with confidence. Its
elements consist of an architectural design which provides data invulnerability.

PowerProtect DD Concepts and Features

Page 24 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

DD Operating System Features and Capabilities

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 25
DD Operating System Features and Capabilities

DD Boost

What is DD Boost?22 PowerProtect App Direct23 DD Boost for Backup


Applications24

Avam NetWork NetBack Backup vRang NetVa Veea VDP Data Greenpl RMA SAP SAP DB2 SQL
Exec Advance Protect HAN

App
Server

Backu Supported over


p
Server Supported over

Supported over

Dell EMC Avamar and NetWorker support DD Boost over LAN, SAN, and WAN. Other leading
backup and enterprise applications support DD Boost over LAN or SAN.

22 DD Boost is a private protocol that is more efficient than CIFS or NFS. DD Boost
distributes parts of the deduplication process out of the PowerProtect DD system
and into the backup or application server enabling client-side deduplication. DD
Boost can speed backups by up to 50% and enables more efficient resource
utilization, including reducing the impact on the server by 20% to 40%. DD Boost
also reduces the impact on the network by 80% to 99%.

23PowerProtect App Direct provides application owners control and visibility of their
own backups to PowerProtect DD systems using their native utilities.

24DD Boost for backup applications allows the application to control the replication
process with full catalog awareness of both the local and remote copies of the
backup.

PowerProtect DD Concepts and Features

Page 26 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

Replication

Replication

Destination
Source PowerProtect
PowerProtect DD
DD

Replication provides automated, policy-based, network efficient, and encrypted


replication for Disaster Recovery (DR) and multisite backup and archive
consolidation. The PowerProtect DD system asynchronously replicates only
compressed, deduplicated data over a Wide Area Network (WAN). DD Replication
eliminates up to 99 percent of the bandwidth required compared to standard
replication methods.

Replication Managed File Directory MTree Collection


Features Replication Replication Replication Replication

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 27
DD Operating System Features and Capabilities

Cloud Tier

What is Cloud
Tier?

DD Retention
Lock Support

Encryption
with Cloud
Tier

Replication
Support

Supported
Cloud
Providers

PowerProtect DD Concepts and Features

Page 28 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

BoostFS

What is BoostFS?25

Application Support26

Boost FS Profiler27

25BoostFS is a virtual file system running on a Linux or Microsoft Windows client.


BoostFS is based on the DD Boost SDK and the open-source software FUSE (file
system in user space). BoostFS exports a storage-unit from a PowerProtect DD
system to create a mount point on the client system. BoostFS collects the results of
the file system operations that are conducted on the mount points by the kernel on
the client system and translates them into DD Boost SDK APIs to communicate
with the PowerProtect DD system. As a result, files and directories that are created
on the mount point are stored in the storage unit on the PowerProtect DD system.

26Third-party backup applications can avoid the cost and effort of integration with
the DD Boost APIs by directly accessing the mount points. This method allows the
customers to use the DD Boost feature without integrating their applications with
DD Boost APIs. The third-party applications that are supported in this release are:
CommVault, MySQL, and MongoDB.

27 BoostFS Profiler is a software tool that is designed to help users evaluate or


qualify backup applications for the BoostFS file system using comparative
performance analysis against NFS. It is an interactive terminal that guides users
through the evaluation process which includes, setting up the environment for the
test, performing the test, cataloging the test artifacts, and compiling the test results
for analysis.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 29
DD Operating System Features and Capabilities

Benefits of integrating backup applications with BoostFS28

28 The benefits of integrating the backup application with BoostFS are:


Improvement in backup performance up to 50%; Reduction in bandwidth
consumption up to 99%; Load on the server that is reduced up by 20% to 40%;
Provides access to DD Boost capabilities such as link aggregation with Dynamic
Interface Groups and backup application control of replication; Application owners
have control of backups that are created using BoostFS.

PowerProtect DD Concepts and Features

Page 30 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

PowerProtect DD High Availability

PowerProtect DD High Availability (DD HA) uses dual Dell EMC PowerProtect DD
nodes that are loosely coupled into a single highly available system. When there
are software or hardware failures on individual nodes, the overall system and its
services remain available to external applications. DD HA reduces (and sometimes
eliminates) down time in the event of a failure.

DD HA uses:
• Dual head units.
• A single set of shared storage.
• Both head units and nodes that are configured in an active/passive setup.

One of the nodes is active and running an instance of DD File System (DDFS)
handling all ingests, restores, replication, and cleaning. The second node is a
standby and in normal operation remains almost idle. If the active node
experiences a fault, such as a DDFS panic, failover occurs automatically, to the
standby node.

DD HA is a flagship feature that is aimed at environments which cannot tolerate


down time. DD HA is supported on the following PowerProtect DD systems:
DD6900, DD9400, and DD9900.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 31
DD Operating System Features and Capabilities

DD Retention Lock

DD Retention Lock enables organizations to efficiently store and manage different


types of archive data on a single Dell EMC PowerProtect DD system. DD Retention
Lock helps to ensure that data integrity is maintained. Any data that is locked
cannot be overwritten, modified, or deleted for a user-defined retention period of up
to 70 years. DD Retention Lock enables secure file locking of archive data at an
individual file level. Locked files can intermix with unlocked files on the same
PowerProtect DD system. DD Retention Lock uses industry-standard protocols
such as Network File System (NFS) and Common Internet File System (CIFS) for

PowerProtect DD Concepts and Features

Page 32 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

time-based retention of files. As a result, it can be integrated seamlessly with


industry-leading archive applications providing customers with a secure archiving
function.

DD Retention Lock is supported on all PowerProtect DD systems. DD Retention


Lock Compliance Edition is not supported on PowerProtect DD Virtual Edition
systems.

DD Retention Lock Governance Edition DD Retention Lock Compliance Edition

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 33
DD Operating System Features and Capabilities

Secure Multi-Tenancy (SMT)

The SMT feature for the DD Operating System allows enterprises and service
providers to deliver data protection-as-a-service.

Overview Terminology Architecture Benefits

PowerProtect DD Concepts and Features

Page 34 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

DD Virtual Tape Library (DD VTL)

DD VTL software eliminates the challenges of physical tape storage. DD VTL can
emulate up to 60 or more virtual tape libraries with up to 1080 virtual tape drives,
and unlimited tape cartridges.

Dell EMC has qualified DD VTL with leading open systems and IBM enterprise
backup applications. It integrates without disrupting existing Fibre Channel storage
area network (SAN) backup environments.

Any Dell EMC PowerProtect DD system running VTL protocol can also run other
backup operations simultaneously using NAS, NDMP, and DD Boost protocols.

Using PowerProtect Data Domain Replication software that you can vault virtual
tape cartridges over a wide area network (WAN). Replicate your data to a remote
site for disaster recovery, remote office backup and recovery, or multisite tape
consolidation.

Disk-based network storage provides a shorter RTO by eliminating the need for
handling, loading, and accessing tapes from a remote location.

DD VTL Tape Out to Cloud feature offers the ability to store offsite and retrieve
tapes for long-term retention (LTR) use cases.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 35
DD Operating System Features and Capabilities

Data Security

PowerProtect DD systems can keep data secure using data encryption, data
sanitization, and Cyber Recovery solution.

Encryption Data Cyber Recovery


Sanitizatio
n

PowerProtect DD Concepts and Features

Page 36 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

System Access Features

System access management features can allow PowerProtect DD system


administrators to define different access levels for users, and control the protocols
that are used to access the system.

DDOS can be configured for user access to the system for administrative tasks.
Access can be configured to use the FTP, FTPS, HTTP, HTTPS, SSH, SCP, and
Telnet protocols. Only SSH and HTTPS are active by default.

There are six different user access roles in DDOS. To learn more, click each user.

1 2 3 6
4 5

1: The Admin role is used to administer the entire PowerProtect DD system. The
Admin role is designed so you can create and destroy data that is stored on Dell
EMC PowerProtect DD systems. This design does not include any function to
recover data that was removed through the Admin role.

2: Users with the Security role can monitor the system, set up security officer
configurations, and manage other security officer operators.

3: The User role can monitor Dell EMC PowerProtect DD systems.

4: All administrative privileges except the ability to perform data delete operations
are included with the Limited-Admin role. This exception prevents a potentially
malicious administrator from deleting any data from Dell EMC PowerProtect DD
systems.

5: Users assigned the Backup Operator role can monitor Dell EMC PowerProtect
DD systems and create snapshots. Backup Operator role can import and export
tapes to a VTL library, and move tapes within a VTL library.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 37
DD Operating System Features and Capabilities

6: The None role is used to authenticate DD Boost operations, tenant-admins, and


tenant-users. A user with the None role can log in to a Dell EMC PowerProtect DD
system. The None role can change their own password, but cannot monitor or
configure the primary system.

PowerProtect DD Concepts and Features

Page 38 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

Dell Secure Remote Service

Overview ConnectEMC PowerProtect DD High


Availability

Click each link to view the description and image.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 39
DD Operating System Features and Capabilities

Storage Migration

Storage Migration is a licensed feature for use with a PowerProtect DD system.


When you replace existing storage enclosures with new enclosures, storage
migration moves the existing data to the new hardware. Migrating existing data to
newer model enclosures offers higher performance, and higher capacity, in a
smaller data footprint.

Storage Migration Details Storage Migration Process Overview

PowerProtect DD Concepts and Features

Page 40 © Copyright 2020 Dell Inc.


DD Operating System Features and Capabilities

Minimally Disruptive Upgrade (MDU)

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 41
DD Operating System Features and Capabilities

What is an DDOS Versions30 MDU Functionality31


MDU29

29The minimally disruptive upgrade (MDU) feature lets you upgrade specific
software components or apply issue fixes without a system reboot. Only those
services that depend on the component being upgraded are disrupted, so the MDU
feature can prevent significant downtime during certain software upgrades. Not all
software components qualify for a minimally disruptive upgrade; such components
must be upgraded as part of a regular DDOS software upgrade. A DDOS software
upgrade uses a large Red-hat Package Manager (RPM) upgrade bundle, which
performs upgrade actions for all DDOS components. MDU uses smaller component
bundles, which upgrade specific software components individually.

30 Before DDOS 6.0, most upgrades of a PowerProtect DD system require


complete system reboots. Starting with DDOS 6.0, Dell EMC tries to minimize
complete system reboots, the solution for that is Minimally Disruptive Upgrade
(MDU). An MDU is similar to the Linux atomic upgrade, but is made of stand-alone
component RPMs like ddsh.rpm or vtl.rpm. These stand-alone components come
in smaller packages to facilitate faster delivery to the system.

31 When an administrator upgrades the system using a specific component (e.g.:


vtl.rpm), it triggers an MDU. The effect of the new component takes place as in an
atomic upgrade, but only the processes relating to the specific component restarts.
The overall PowerProtect DD system remains unaffected by the upgrade.

PowerProtect DD Concepts and Features

Page 42 © Copyright 2020 Dell Inc.


PowerProtect DD Management Overview

PowerProtect DD Management Overview

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 43
PowerProtect DD Management Overview

Command Line Interface (CLI)

The DD command-line interface (CLI) enables you to manage PowerProtect


systems.

Direct Access

The initial installation and configuration of the DDOS is done using direct access to
the hardware. Access the system through a serial connection or directly attaching a
keyboard and monitor to the system.

Initial Access to the System

More Support

PowerProtect DD Concepts and Features

Page 44 © Copyright 2020 Dell Inc.


PowerProtect DD Management Overview

Remote Access

After the initial configuration is done, you can use the SSH or Telnet (if enabled),
IPMI, or SOL utilities to access the system using remote CLI commands.

Remote Power Management

Serial Over LAN - SOL

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 45
PowerProtect DD Management Overview

DD System Manager (DDSM)

Movie:

The web version of this content contains a movie.

System administrators use sophisticated tools like DDSM to configure and manage
Data Domain systems.

What is DDSM?32

What does DDSM do?33

You can access the System Manager from many popular web browsers 34.

32The DD System Manager is a browser-based UI, available through Ethernet


connections, for managing one system from any location.

33DDSM provides a single, consolidated management interface that allows for


configuration and monitoring of many system features and system settings. It
provides simple configuration wizards which guide you through a simplified
configuration of your system to get your system operating quickly.

34 You can use web browsers such as Google Chrome™, and Mozilla Firefox™.

PowerProtect DD Concepts and Features

Page 46 © Copyright 2020 Dell Inc.


PowerProtect DD Management Overview

PowerProtect DD Management Center (DDMC)

Movie:

The web version of this content contains a movie.

DDMC is a scalable framework that


streamlines the management and monitoring
of PowerProtect DD systems. It integrates
complex workflows into a single interface
which eliminates the overhead of managing
devices across large data centers or remote
sites.

Avamar Server

DDMC Key Features DDMC and DDSM Comparison

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 47
Appendix

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 49
Appendix

Head Unit and Expansion Shelves


Hardware features common to most models include:

• Rack mountable in 4-post racks


• Hot-swappable disks with redundant hot-swappable fans and redundant hot-
swappable power modules
• Dual In-line Memory Module (DIMM) modules for Random Access Memory
(RAM)
• A battery backed NVRAM (nonvolatile RAM) card, Persistent RAM (PRAM), or
virtual NVRAM
• Ports that can be connected to a monitor, keyboard, and mouse
• Front panel Light Emitting Diodes (LEDs) that provide system status indicators

Most PowerProtect DD systems support the addition of one or more storage


expansion shelves to increase capacity.

PowerProtect DD Concepts and Features

Page 50 © Copyright 2020 Dell Inc.


Appendix

Connectivity
Connectivity features include USB ports for connecting a keyboard and mouse, a
VGA port for connecting a monitor, and serial and Ethernet connectivity. Many
systems include mini-SAS ports to connect expansion shelves to increase capacity
and Fibre Channel for SAN connections.

For repairs in the field, access to the command line interface to shut down, restart,
and run diagnostics is usually through the serial port.

All PowerProtect DD systems may be connected to Ethernet networks for TCP/IP-


based data transfer and system management. All models have a minimum of five
integrated ports. One Ethernet port is used for what is known as lights-out
management or iDRAC . Some models may be configured with additional ports by
adding optional Ethernet expansion cards. Interface cards are added to provide
additional network capacity.

Connecting to a Fibre Channel-based storage area network is supported by adding


a host bus adapter card. In these environments, the PowerProtect DD VTL
software license or DD Boost software license is also required.

Click the highlighted section to view more.

6
1 3 4 5 2

1: iDRAC management port -

2: Network daughter card Ethernet ports - provide network connectivity.

3: Serial port - Enables you to connect a serial device to the system.

4: VGA port - Enables you to connect a display device to the system.

5: USB ports - This ports are 9 pins and 3.0 complaint and enable you to connect
USB devices to the system.

6: Power Supply Unit - Supports up to two AC or DC power supply units (PSUs).

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 51
Appendix

7: PCIe expansion card slots

PowerProtect DD Concepts and Features

Page 52 © Copyright 2020 Dell Inc.


Appendix

Redundancy
Components under high mechanical or electrical stress such as spinning drives,
fans, and power supplies are provided with N+1 redundant configuration. N+1
redundancy is a system configuration where certain components have at least one
backup component so that the system functionality continues if a part fails. This
configuration allows for uninterrupted operation at full capacity and operational
status if one component fails. For data, RAID 6 technology provides additional
protection of data integrity when up to two disks fail.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 53
Appendix

ELMS
Electronic Licensing Management System (ELMS) electronically represents feature
and capacity licenses.

ELMS on PowerProtect DD appliances, both physical and virtual, use one license
file per system. The license file contains entries for all purchased features and
capacities.

There are two categories of licenses: served and unserved. Served licenses are on
a license server, and the PowerProtect DD appliance has to check in with the
server to verify which features are licensed. Served licenses are supported only
with DDVE. Unserved licenses are the licenses that are applied directly to a
PowerProtect DD appliance.

PowerProtect DD Concepts and Features

Page 54 © Copyright 2020 Dell Inc.


Appendix

Features and Capacity


Most DD Operating System (DDOS) features do not require licensing, however,
some features do.

The following are some of the features that require additional licensing:

• DD Boost
• PowerProtect DD VTL
• Encryption
• DD Retention lock
• Dell EMC Cloud Tier

PowerProtect DD appliances can require licensing for specific capacities.


Depending on the license applied, the capacity can be used for either the active or
archive tier on the system.

The new PPDD "HIGH_DENSITY CAPACITY ACTIVE" requires a license for 8TB
drives DS60 / ES40.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 55
Appendix

Administrative Access
PowerProtect DD appliances can be administered remotely over Ethernet using
various protocols.

• SSH and Telnet can be used to run CLI commands for management and setup.
Telnet is disabled by default.
• HTTPS and HTTP can be used to access the Data Domain System Manager to
perform management and setup tasks. HTTP access is disabled by default.

PowerProtect DD Concepts and Features

Page 56 © Copyright 2020 Dell Inc.


Appendix

Clients and Servers


Clients to be backed up use the protocols that are supported by the backup
software. The protocols that are supported could be standard TCP/IP protocols,
such as CIFS and NFS, or proprietary protocols, such as DD Boost.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 57
Appendix

Client Direct
Some backup appliances and applications, such as Dell EMC NetWorker and
Avamar, have a client direct feature allowing direct access to the PowerProtect DD
appliance over Ethernet. Both NetWorker and Avamar use the DD Boost protocol
with their client direct feature.

PowerProtect DD Concepts and Features

Page 58 © Copyright 2020 Dell Inc.


Appendix

Backup and Archive Servers


Backup and archive media servers send data from clients to the PowerProtect DD
appliance on the network. A direct connection between a dedicated port on the
backup management server and a dedicated port on the PowerProtect DD
appliance may also be used.

Backup and archive media servers can use the following protocols to send data to
a PowerProtect DD appliance over Ethernet:

• CIFS
• NFS
• DD Boost
• NDMP

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 59
Appendix

Fibre Channel
If a supported FC HBA is installed on the PowerProtect DD appliance, the system
can be connected to a vDisk (Virtual Disk Device) for Storage Direct solution or a
Fibre Channel system attached network and use the PowerProtect DD VTL and DD
Boost protocols for backup operations.

If the DD VTL option is licensed, the backup or archive server sees the
PowerProtect DD appliance as one or multiple DD VTLs.

If the DD Boost option is licensed, any supported backup, archive, or enterprise


application can perform backup and restore operations using the DD Boost protocol
over Fibre Channel. See the DD Boost Compatibility Guide and DD Boost
Administrator Guide (available on the Dell EMC support portal) for backup
applications that support DD Boost over Fibre Channel.

PowerProtect DD Concepts and Features

Page 60 © Copyright 2020 Dell Inc.


Appendix

Replication
The data is written to the backup file system on the PowerProtect DD appliance.
Physical separation of the replication traffic from backup traffic can be achieved by
using two separate Ethernet interfaces on the PowerProtect DD appliance. This
separation allows backups and replication to run simultaneously without network
conflicts.

Replication traffic between two PowerProtect DD appliances can be sent over


either a LAN or WAN connection.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 61
Appendix

ddvar
The /ddvar file system is a ext3 (Third Extended file system) which stores
administrative files, core and log files, generated support upload bundles,
compressed core files, and .rpm (Red Hat package manager) upgrade package
files.

The /ddvar file system keeps the administrative files that are separated from data
storage files.

The /ddvar file system:

• Stores core files, logfiles, support upload bundles, and upgrade packages.
• Cannot be renamed or deleted.
• Does not provide access to all subdirectories.

PowerProtect DD Concepts and Features

Page 62 © Copyright 2020 Dell Inc.


Appendix

MTree
The Managed Tree (MTree) file structure is the destination to store user data. It
provides a root directory for user data. You can configure your backup application
to a specific MTree and organize backup files. MTree provides more granular
space management and reporting. MTrees simplify management of several
features including replication, snapshots, quotas, and retention lock. These
operations can be performed on a specific MTree rather than on the entire file
system.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 63
Appendix

Replication Features

Replication

Destination
Source PowerProtect
PowerProtect DD
DD

When replicating over untrusted networks, Replication can encrypt sensitive data.
This encryption can be enabled on all or for only a selected portion of the replicated
dataset.

For fast time-to-DR readiness, Replication provides logical throughput performance


of up to 52 TB per hour over a 10-Gb network in replication deployments. Compare
replication to one PowerProtect DD system is mirroring its data to another.

You can also consolidate data from up to 270 remote sites by simultaneously
replicating data to a single, large PowerProtect DD system.

Replication offers flexibility by providing multiple replication topologies such as full-


system mirroring, bi-directional, many-to-one, one-to-many, and cascaded. Also,
you can replicate either all or a subset of data on the PowerProtect DD system. For
the highest level of security, Replication can encrypt data being replicated between
PowerProtect DD systems using the standard Secure Socket Layer (SSL) protocol.

To manage network utilization, you can set up a schedule to throttle Replication


WAN utilization at different times of the day.

You can set up a PowerProtect DD system for managed file, directory, MTree, or
collection replication. DDVE supports only managed file and MTree replication.

PowerProtect DD Concepts and Features

Page 64 © Copyright 2020 Dell Inc.


Appendix

Manage File Replication


DD Boost Managed File Replication (MFR) is a type of replication where backup
software manages and controls the process. With MFR, backup images are directly
transferred from one PowerProtect DD system to another, one at a time, at the
request of the backup software.

Dell EMC PowerProtect DD systems and DDVE support managed file replication.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 65
Appendix

Directory Replication
Directory replication transfers deduplicated data within a Data Domain file system
directory that is configured as a replication source. Data is copied to a directory
configured as a replication destination on a different PowerProtect DD system.

PowerProtect DD systems support directory replication. DDVE does not support


directory replication.

PowerProtect DD Concepts and Features

Page 66 © Copyright 2020 Dell Inc.


Appendix

MTree Replication
MTree replication is used to replicate MTrees between PowerProtect DD systems.
Periodic snapshots are created on the source. The differences between the
snapshots are transferred to the destination by using the same cross-site
deduplication mechanism used for directory replication.

PowerProtect DD systems and DDVE both support MTree replication.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 67
Appendix

Collection Replication
Collection replication performs whole-system mirroring in a one-to-one topology.
Collection replication continuously transfers changes in the underlying collection,
including all logical directories and files of the file system.

Collection replication does not have the flexibility of the other replication types.
Collection replication can provide higher throughput and support more objects with
less overhead, which may work better for high-scale enterprise cases.

PowerProtect DD systems support collection replication. DDVE does not support


collection replication.

PowerProtect DD Concepts and Features

Page 68 © Copyright 2020 Dell Inc.


Appendix

What is Cloud Tier?


The Cloud Tier feature of DDOS enables the movement of inactive data from an
active tier of a PowerProtect DD system to low-cost and high-capacity object
storage like a public, private, or hybrid cloud. This mechanism is highly efficient for
long-term data retention. During the process of data movement, only the unique
and deduplicated data is sent from the PowerProtect DD system to the cloud. This
process ensures that the data being sent to the cloud occupies as little space as
possible. This results in a lower TCO over time for long-term storage.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 69
Appendix

DD Retention Lock
The Cloud Tier feature supports the DD Retention Lock feature, and meets all the
regulatory and compliance policies.

PowerProtect DD Concepts and Features

Page 70 © Copyright 2020 Dell Inc.


Appendix

Encryption with Cloud Tier

Encryption can be enabled at three levels:

1. PowerProtect DD system level


2. Active tier level
3. Cloud tier level

Encryption at the active tier level is applicable only if encryption is enabled at the
system level. The system level encryption is a licensed feature.

The cloud units have separate controls for enabling encryption. The encryption of
Data at Rest is enabled by default in the cloud. If needed, users can disable
encryption.

Once the data is in the cloud tier, the encryption status cannot be changed. So the
decision to encrypt the data or not to encrypt must be made before sending any
data to the cloud.

The complete process of data transfer between a PowerProtect DD system and the
cloud is done over a secure HTTP connection.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 71
Appendix

Replication Support
Cloud tier can be enabled on both source and target PowerProtect DD systems. If
the source system is cloud tier-enabled and the data is migrated to the cloud, then
data must be read from the cloud for replication. A replicated file is always written
on the active tier on the destination system even if cloud tier is enabled.

Managed file replication and MTree replication can be implemented on cloud tier-
enabled systems with latest DDOS. Directory replication works only on the
/backup MTree, thus the cloud tier feature does not effect directory replication.
Collection replication is not supported on cloud tier-enabled PowerProtect DD
systems.

The Replication to Cloud feature supports DDVE instances set up in the cloud
replicate from one DDVE system to another.

Data that is backed up to a DDVE instance in one region can be replicated to


DDVE instances in the same or other regions.

PowerProtect DD Concepts and Features

Page 72 © Copyright 2020 Dell Inc.


Appendix

Supported Cloud Providers


The supported cloud storage providers include Dell EMC Elastic Cloud Storage
(ECS), Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform
(GCP). Check the PowerProtect DD System Administration Guide for additional
supported cloud storage providers.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 73
Appendix

DD Retention Lock Governance Edition


DD Retention Lock Governance Edition meets the strict requirements of regulatory
standards for electronic records. The regulations include SEC 17a-4(f), and other
standards that are practiced worldwide.The following are some of the administrative
features of Retention Lock Governance.

Click each icon for more information.

1 2

3 4

1: Apply retention policies at an individual file level of the dataset on the


governance enabled MTree for a specific period.

2: Delete an archive file using an archiving application after the retention period
expires.

PowerProtect DD Concepts and Features

Page 74 © Copyright 2020 Dell Inc.


Appendix

Locked files cannot be modified on the PowerProtect DD system even after the
retention period for the file expires. Archive data that is retained on the
PowerProtect DD system is not deleted automatically when the retention period
expires. An archiving application must delete the file.

3: Update the default values of minimum and maximum retention periods per
MTree. The default values of minimum and maximum retention periods are 12
hours and 5 years respectively.

With Retention Lock Governance edition, IT administrators can meet secure data
retention requirements. If corporate governance policies change, administrators
keep the ability to update the retention period. For example, an administrator could
revert the locked state of a file on a specified path name inside an MTree. They
could also delete an MTree enabled with Retention Lock Governance.

4: Extend the retention time of locked archive files.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 75
Appendix

DD Retention Lock Compliance Edition


The DD Retention Lock Compliance Edition meets the strict requirements of
regulatory standards for electronic records. The regulations include SEC 17a-4(f),
and other standards that are practiced worldwide.DD Retention Lock Compliance,
when enabled on an MTree, maintains file locks with an archiving application for a
time-based retention period. Retention Lock Compliance edition cannot be deleted
or overwritten under any circumstances until the retention period expires.The
following are some of the administrative features of Retention Lock Compliance.

Click each icon for more information.

2 3 4
1

1: The Retention Lock Compliance edition meets the strict requirements of


regulatory standards for electronic records. The regulations include SEC 17a-4(f),
and other standards that are practiced worldwide.

2: Retention Lock Compliance, when enabled on an MTree, ensures an archiving


application locks all files for a time-based retention period. These files cannot be
deleted or overwritten under any circumstances until the retention period expires.

3: Requiring dual sign-on for certain administrative actions. Before engaging


Retention Lock Compliance edition, the System Administrator must create a
Security Officer role. The DD System Administrator can create the first Security
Officer, but only the Security Officer can create other Security Officers on the
system.

Use dual sign-on to extend the retention periods for an MTree, rename the MTree.

PowerProtect DD Concepts and Features

Page 76 © Copyright 2020 Dell Inc.


Appendix

You can also use dual sign-on to delete the Retention Lock Compliance license
from the PowerProtect DD system. Use dual sign-on to secure the system clock
from illegal updates.

4: DD Retention Lock Compliance implements an internal security clock to prevent


malicious tampering with the system clock. The security officer closely monitors
and records the system clock. Only the security officer may resume a DD File
System (DDFS) that is disabled by a skew in both clocks.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 77
Appendix

Overview

SMT for the DDOS is a software feature that enables secure isolation of many
users and workloads on a shared system. As a result, the activities of one tenant
are not visible or apparent to other tenants. This capability improves cost
efficiencies through a shared infrastructure. SMT provides each tenant with the
same visibility, isolation, and control that they would have with their own stand-
alone Dell EMC PowerProtect DD system.

A tenant may be one or more business units, or departments hosted onsite for an
enterprise or large enterprise. For example, Finance and Human Resources
sharing PowerProtect DD system. Each department would be unaware of the
presence of the other.

A tenant may be one or more remotely hosted applications. A service provider


might host the applications on behalf of a client.

PowerProtect DD Concepts and Features

Page 78 © Copyright 2020 Dell Inc.


Appendix

SMT features:

• Enables enterprises to deploy DDVE systems in a private cloud


• Enables service providers to deploy DDVE systems in a hybrid or public cloud
• Allows different cloud models for protection storage which include: Local backup
(Backup as a Service (BaaS) for hosted applications), replicated backup
(Disaster Recovery as a Service (DRaaS)) and, remote backup (BaaS over
WAN)

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 79
Appendix

Terminology

SMT components, also known as management objects, provide security and


isolation within a shared infrastructure. Administrators initially create the SMT
components during the basic provisioning sequence. Administrators can also
create SMT components manually as needed.

In SMT terms, the landlord is the storage admin or the DD Administrator. The
landlord is responsible for managing the PowerProtect DD system. The landlord
sets up the file systems, storage, networking, replication, and protocols. They are
also responsible for monitoring overall system health and replace any failed
hardware as necessary.

A tenant is responsible for scheduling and running the backup application for the
tenant customer. A tenant also manages their own tenant-units including
configuring backup protocols and monitoring resources and stats within their
tenant-unit.

Tenant-units are logical containers for MTrees. They also contain important
information, such as users, notification groups, and other configuration elements.
Other tenants cannon view or detect tenant-units not belonging to them. This type
of privacy ensures security and isolation of the control path, when running multiple
tenants simultaneously on the shared infrastructure.

PowerProtect DD Concepts and Features

Page 80 © Copyright 2020 Dell Inc.


Appendix

Architecture

This example shows two companies Red and Blue share the same PowerProtect
DD system. Tenant units and individual data paths are logically and securely
isolated from each other and are managed independently. Tenant users can
backup using their application servers to Data Domain storage in secure isolation
from other tenants on the PowerProtect DD system.

Tenant administrators can perform self-service fast copy operations within their
tenant units for data restores as needed. Tenant administrators can monitor data
capacity and associated alerts for capacity and stream use.

The landlord responsible for the system monitors and manages all tenants in the
system, and has visibility across the entire system. They set capacity and stream
quotas on the system for the different tenant units, and report on tenant unit data.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 81
Appendix

Benefits

Logical data isolation allows providers to spread the capital expenditure and
operational expenditure of a protection storage infrastructure across multiple
tenants. Data isolation is achieved by using separate DD Boost users for different
MTrees or by using the access mechanisms of NFS, CIFS, and DD VTL.

A tenant-unit is a logical partition of a Power Protect DD system that serves as a


unit of administrative isolation between tenants. Multiple roles with different
privilege levels combine to provide the Administrative isolation on a multitenant
Power Protect DD system. The Tenant Admin and Tenant User can be restricted
only to certain tenant-units on a PowerProtect DD system. Tenant Admins and
Tenant Users can run a subset of the commands that a DD Administrator is
allowed. Both of these roles enable tenant self-service.

The DD Boost protocol allows creation of multiple DD Boost users on a Power


Protect DD system. Each tenant has one or more DD Boost user credentials.
These credentials provide access to one or more MTrees in a tenant-unit that is
defined for a particular tenant. These credentials allow secure access to different

PowerProtect DD Concepts and Features

Page 82 © Copyright 2020 Dell Inc.


Appendix

tenant data-sets using their separate DD Boost credentials by restricting access


and visibility.

Metering and Reporting enable a provider to ensure that they are running a
sustainable business model. Reporting is important in a multitenant environment so
the provider can track usage on the shared PowerProtect DD system.

Similarly, for other protocols such as CIFS, NFS, and DD VTL, the native protocol
level access control mechanisms can be used to provide isolation.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 83
Appendix

Encryption

The Encryption software option encrypts all data on the system using an internally
generated encryption key. This encryption key is static, and the user cannot change
it.

For environments requiring encryption keys to be changed on a periodic basis to


meet compliance regulation, you can manage the life cycle of the encryption key for
each PowerProtect DD system individually with encryption key rotation. If an
external encryption key manager is needed, then the PowerProtect DD system can
be integrated with Gemalto for an enterprise-wide external encryption
management.

In addition to the preceding features, it also provides inline encryption, which


means as the data is being ingested, the data stream is deduplicated, compressed,
and encrypted using an encryption key before being written to the RAID group.

PowerProtect DD Concepts and Features

Page 84 © Copyright 2020 Dell Inc.


Appendix

PowerProtect DD system offers two types of encryption:

• Encryption of data at rest35


• Encryption of data in-flight36

35 Encryption of data at rest protects user data if the PowerProtect DD system is


lost or stolen. It also eliminates accidental exposure if a failed drive needs
replacements. When the file system is intentionally locked, an intruder who
circumvents the network security controls and gains access to the PowerProtect
DD system will be unable to read the file system without the proper administrative
control, passphrase, and cryptographic key.

36Encryption of data in-flight encrypts data being transferred using DD Boost or DD


Replicator software. It uses OpenSSL AES 256-bit encryption to encapsulate the
data over the wire. The encryption encapsulation layer is immediately removed
when it lands on the destination PowerProtect DD system. Data within the payload
can also be encrypted with DD Encryption software.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 85
Appendix

Data Sanitization

Data sanitization, also referred as electronic shredding, is


performed when classified or sensitive data is written to any
system that is not approved to store such data. System
sanitization was designed to remove all traces of deleted files
without any residual remains and to restore the system to its
state prior to the file's existence. Normal file deletion provides
residual data that allows recovery.

The system sanitization command exists to enable the


administrator to delete files at the logical level, whether a
backup set or individual files. The primary use of the system
sanitization command is to resolve Classified Message
Incidents (CMIs) that occur when classified data is copied inadvertently onto a non-
secure system. System sanitization is typically required in government installations.

The system sanitize command erases content in the locations as mentioned:

• Segments of deleted files not used by other files


• Contaminated metadata
• All unused storage space in the file system
• All segments used by deleted files that cannot be globally erased, because
some segments might be used by other files

PowerProtect DD Concepts and Features

Page 86 © Copyright 2020 Dell Inc.


Appendix

Cyber Recovery solution with PowerProtect DD


Cyber Recovery solution with PowerProtect DD minimize the impact of a cyber-
attack and provides a higher likelihood of success in the recovery of business-
critical systems.

The Cyber Recovery software runs in a secure, air-gapped 'vault' environment. The
Cyber Recovery Vault (CR Vault) is physically isolated from an unsecure system or
network. It provides management tools and technology to automate the creation of
restore points that are used for recovery or security analytics. The software is built
on a secure microservices architecture.

A primary storage system replicates its data over an air-gapped link to the Cyber
Recovery environment. The data that is in the CR Vault can be analyzed and
checked for signs of tampering. If the copied data is deemed to be good, it is saved
as an independent full backup copy that can be restored if needed. If this data must
be restored, data can be sent out of the Cyber Recovery environment and back to
the production environment.

With the Cyber Recovery software, you can create, run, and monitor policies that
protect your data.

Cyber Recovery reference architecture base

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 87
Appendix

Overview
Customer Environment Dell EMC Backend Environment

Web ServiceLink Application


Servers Servers

Custome Firewall Firewall


r Firewall

Support Analyst
Public
Internet
(https)

Dell EMC Secure Remote Services, is a two-way remote connection between Dell
Customer Service and Dell products. This connection enables remote monitoring,
diagnosis, and repair. Secure Remote Services assures availability and
optimization of the Dell EMC infrastructure, and is a key component of Dell EMC
industry-leading Customer Service. The connection is secure, high speed, and
operates 24x7.

Secure Remote Services is the remote service solution application that is installed
on one or more customer-supplied dedicated servers. For devices associated with
a particular service, Secure Remote Services is the single point of entry and exit for
all IP-based remote service activities.

Secure Remote Services functions as a communication broker between the


managed devices, the Policy Manager, and the Dell enterprise. Secure Remote
Services sets permissions for devices using the Policy Manager. Secure Remote
Services is an HTTPS handler. All messages are encoded using standard XML and
Simple Object Access Protocol (SOAP) application protocols. Secure Remote
Services message types include:

• Device state heartbeat polling


• Connect homes
• Remote access session initiation

PowerProtect DD Concepts and Features

Page 88 © Copyright 2020 Dell Inc.


Appendix

• User authentication requests.


• Device management synchronization

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 89
Appendix

ConnectEMC

ConnectEMC is a standardized method that Dell EMC products use to transport


system event files (ASUPs, Alerts) securely to Dell EMC support.

The ConnectEMC method sends messages in a secure format using FTP or


HTTPS. ConnectEMC through a Secure Remote Services gateway, benefits by a
single gateway to forward messages from multiple systems. It allows you to
configure network security for only the Secure Remote Services gateway instead of
for multiple systems.

In general, the system sends Autosupport alerts and alert-summaries to Dell EMC
Support. An e-License is required if the system is a physical Dell EMC
PowerProtect DD system or DDVE.

Configure network security only for Secure Remote Services gateway instead of
multiple systems.

PowerProtect DD Concepts and Features

Page 90 © Copyright 2020 Dell Inc.


Appendix

PowerProtect DD High Availability (DD HA)

The Secure Remote Services GUI supports DD HA. The configuration is similar to
the non-HA systems with the addition of the HA Peer IP which is a required field.

DD HA uses a floating IP address to provide data access to the DD HA pair


regardless of which physical node is the active node.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 91
Appendix

Storage Migration Details


Storage Migration requires numerous system resources and can slow certain
processes. Throttle settings control the migration process to limit or increase
system processing power. You can manually suspend a migration to make the
resources available for other processes and later resume the migration when
resource demand is lower.

When migrating storage to new storage, system processes such as data access,
expansion, cleaning, and replication are unaffected.

PowerProtect DD Concepts and Features

Page 92 © Copyright 2020 Dell Inc.


Appendix

Storage Migration process Overview


The migration process on a PowerProtect DD system occurs at the shelf level and
not at the logical data level. As a result of shelf level migration, all disks present on
the source shelf are accessed and copied over regardless of whether it contains
any data. This process cannot be used to shrink logical data.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 93
Appendix

Initial Access to the System


To initially access the PowerProtect DD system, use the default administrator
username and password. The default administrator name is sysadmin. The initial
password for the sysadmin user on a physical PowerProtect DD system is the
system serial number. The initial password for the sysadmin user on a DDVE
instance is changeme.

PowerProtect DD Concepts and Features

Page 94 © Copyright 2020 Dell Inc.


Appendix

More Support
The DDOS Command Reference Guide provides information for using the
commands to accomplish specific administration tasks. Each command also has an
online help page that gives the complete command syntax. Help pages are
available at the CLI using the help command.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 95
Appendix

Remote Power Management


PowerProtect DD systems support remote power management using the Dell
Remote Access Controller (iDRAC). iDRAC enables remote monitoring of the boot
sequence using Serial over LAN (SOL).

Some of the capabilities of remote power management that are supported through
iDRAC are:

• Powering on the PowerProtect DD system after power outage


• Power cycle after a DDOS crash
• Powering off to save power on the systems that are not in use at the time
• Obtaining the power status

PowerProtect DD Concepts and Features

Page 96 © Copyright 2020 Dell Inc.


Appendix

Serial Over LAN - (SOL)


The console activities that are supported through SOL are:

• Running diagnostics
• Installing, upgrading, or reconfiguring the DDOS
• Accessing the BIOS
• Viewing valuable POST and boot messages

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 97
Appendix

DDMC Key Features


Some of the key features of the DDMC include:

• Health and Status Resource Monitoring


• Capacity and Replication Management
• Aggregated System Management
• Simultaneously manages up to 150 PowerProtect DD systems across Data
centers or remote sites - per instance
• Ability to manage PowerProtect DD systems with High Availability, Cloud Tier,
and DDVE instances
• Provides Administrative roles with limited responsibilities
• Group and Property-based Administration
• Perform upgrade on groups of PowerProtect DD systems simultaneously

PowerProtect DD Concepts and Features

Page 98 © Copyright 2020 Dell Inc.


Appendix

DDMC and DDSM Comparison


The DDMC is designed for customers with multiple PowerProtect DD systems who
are seeking to aggregate management and reporting from a single interface.

In contrast, the DDSM is primarily a single system management tool. DDSM does
not aggregate storage or performance data from multiple systems, as provided by
DDMC.

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 99
Glossary
iDRAC
Dell Remote Access Controller

RAID
Redundant Array of Independent Disks

PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 101
PowerProtect DD Concepts and Features

© Copyright
Internal Use - Confidential 2020 Dell Inc. Page 102

You might also like