integrating emc networker with data domain secure … emc networker with data domain secure...

Integrating EMC NetWorker withData Domain Secure Multi-TenancyVersion 1.0

White PaperH13513

REV 01

Copyright © 2014 EMC Corporation. All rights reserved. Published in USA.

Published October, 2014

EMC believes the information in this publication is accurate as of its publication date. The information is subject to changewithout notice.

The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind withrespect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for aparticular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicablesoftware license.

EMC², EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and othercountries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date regulatory document for your product line, go to EMC Online Support (https://support.emc.com).

EMC CorporationHopkinton, Massachusetts 01748-91031-508-435-1000 In North America 1-866-464-7381www.EMC.com

2 Integrating EMC NetWorker with Data Domain Secure Multi-Tenancy 1.0 White Paper

Executive Summary 5

Why you should take the time to read this paper............................................. 6Audience.........................................................................................................6Overview......................................................................................................... 6

Secure multi-tenancy......................................................................... 7SMT for Data Domain systems and NetWorker................................................. 7

Terminology 11

Data Domain terminology..............................................................................12NetWorker terminology..................................................................................13

Planning 15

Host naming guidelines.................................................................................16Tenant units.................................................................................................. 16Network planning..........................................................................................17

DD Boost..........................................................................................17NetWorker........................................................................................17

Storage capacity planning............................................................................. 19Stream quota planning..................................................................................20Clone-Controlled Replication and disaster recovery....................................... 21

Configuring a new multi-tenant Data Domain system 23

Creating the tenant-unit................................................................................ 24Creating tenant user accounts....................................................................... 24Configuring DD Boost ................................................................................... 26Configuring SMT and DD Boost devices in NetWorker for backups................. 30Configuring SMT and DD Boost devices in NetWorker for CCR........................ 33

Upgrading to a Multi-tenant Data Domain system 35

Creating the tenant-unit................................................................................ 36Creating tenant user accounts....................................................................... 36Configuring DD Boost.................................................................................... 38Configuring SMT and DD Boost devices in NetWorker for backups................. 42Configuring SMT and DD Boost devices in NetWorker for CCR........................ 45

Conclusion 47

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

CONTENTS

Integrating EMC NetWorker with Data Domain Secure Multi-Tenancy 1.0 White Paper 3

CONTENTS


CHAPTER 1

Executive Summary

l Why you should take the time to read this paper..................................................... 6l Audience.................................................................................................................6l Overview................................................................................................................. 6l SMT for Data Domain systems and NetWorker......................................................... 7

Executive Summary 5

Why you should take the time to read this paperProvide data path isolation by tenantSecure logical data path isolation for each tenant by department or customer on a sharedData Domain system.

Enable Data Protection-as-a-Service with protection storageImprove operational efficiency for the provider while enhancing the tenant experience.

Enable NetWorker to function in a SMT environmentImprove operational efficiency and integrate into an existing backup framework.

Reduce service requests timeReduce bottlenecks to customer service requests through tenant self-service.

Reduce backup storage costsProvide efficient utilization of Data Domain system resources.

Manage Data Domain system resources per tenantEnable the Data Domain Admin to control the amount of storage capacity used andstream counts per tenant.

AudienceThis paper is intended for EMC customers, EMC sales, EMC systems engineers, EMCpartners, and anyone else who is interested in learning more about the differentiatingtechnology and all of the unique advantages that Data Domain systems can provide foryour backup and archive data.

OverviewThis white paper discusses Data Domain systems technology leadership, differentiation,and why this matters to you.

Data Domain system in a secure multi-tenancy environment has the following features:

l Enables Enterprises to deliver protection storage-as-a-service in private cloudenvironments.

l Enables Service Providers to deliver protection storage-as-a-service in hybrid orpublic cloud environments.

l Supports multiple cloud models for storage protection:

n Local Backup, or Backup-as-a-service for hosted applications

n Replicated Backup, or DR-as-a-service

n Remote Backup, or Backup-as-a-service over WAN

Executive Summary


The following table summarizes the supported cloud models.

Table 1 Cloud models enabled by secure multi-tenancy

Cloud Model Large Enterprise(Private Cloud)

Service Providers(Public/Hybrid Cloud)

Local Backup Example:

Local backup for multiplebusiness units

Example:

Hosted Applicationsincluding BaaS

Replicated Backup Example:

Remote offices with localbackup

Example:

Disaster Recovery-as-a-service

Remote Backup Example:

Remote offices withoutlocal backup

Example:

Backup-as-a-service overWAN

The Why Secure Multi-tenancy with Data Domain Systems white paper provides moreinformation about the business value of using multi-tenancy with Data Domain systems.

The purpose of this paper is to explore the technical and financial reasons as to why DataDomain systems are ideal for backup and archive operations in a secure multiple tenantenvironment, and how to apply the advantages of using Data Domain systems in an EMCNetWorker environment.

Secure multi-tenancyMulti-tenancy refers to the hosting of an IT infrastructure by an internal IT department orby an external service provider for more than one concurrent consumer or workload.

Secure multi-tenancy (SMT) has three main elements:l Secure isolation. SMT provides logical isolation at the administrative and data path

levels, which provides support for the following actions between different tenants onthe same system:n Data Domain system sharingn Secure access

l Multi-tenant Management. SMT provides the Data Domain Admin with a wizard thatcreates and provisions tenant-units with MTrees or Storage Units, and assigns tenantusers to the tenant units.

l Multi-tenant Reporting. SMT allows providers to monitor alerts and report on differentmetrics on a per tenant basis. For example, logical capacity, historical streamsperformance, and replication statistics.

SMT for Data Domain systems and NetWorkerData Domain systems that run DDOS 5.5 or later support SMT. The EMC implementationof SMT for Data Domain systems improves cost efficiency by providing you with the ability

Executive Summary

Secure multi-tenancy 7

https://www.emc.com/collateral/white-papers/h12937-why-data-domain-secure-multi-tenancy-wp.pdf

to securely isolate many tenants and workloads on a shared system. This implementationprovides each tenant with the same visibility, isolation, and control that they would havewith their own stand-alone Data Domain systems.

EMC NetWorker 8.2 and later seamlessly supports SMT with Data Domain systems. Thisfunctionality provides the following benefits:

l Deployment of all EMC NetWorker 8.2 and later protection work flows, such as:

n Comprehensive application protection and replication management

n As-a-service model with logical isolation

n Multi-tenant-management

n Tenant level reporting on the hardware side

l Consolidation of multiple tenant data on a single Data Domain system.

l Isolation of the EMC NetWorker 8.2 and later backup data on a single Data Domainsystem when you configure Data Domain devices with different DD Boost users andstorage units.

l Integration between DD Boost components in the EMC NetWorker 8.2 and latersoftware and in the DD Boost logical storage devices on Data Domain systems.

The following diagram illustrates a NetWorker environment without SMT.

Figure 1 NetWorker without SMT

This configuration requires three different physical Data Domain systems, which leads toinefficient use of capacity, power, space and cooling resources. When you enable SMT inthe environment, you consolidate the three physical Data Domain systems into a singlesystem and create individual tenants. The following diagram illustrates a NetWorkerenvironment that uses SMT on the Data Domain system.

Executive Summary


Figure 2 NetWorker with SMT

Executive Summary

SMT for Data Domain systems and NetWorker 9

Executive Summary


CHAPTER 2

Terminology

l Data Domain terminology...................................................................................... 12l NetWorker terminology..........................................................................................13

Terminology 11

Data Domain terminologyData Domain hostname

Identifies the Data Domain system. EMC recommends that you:

l Use the assigned fully-qualified hostname.

l When possible, avoid creating secondary host names to associate with alternateIP interfaces.

Data Domain AdminA user role that has full control to configure and monitor the entire Data Domainsystem.

Multi-tenancyThe hosting of an IT infrastructure by an internal IT department or an external serviceprovider for more than one consumer or workload at the same time.

TenantA consumer, for example a business unit, department, or customer, who maintains apersistent presence in a hosted environment.

Tenant unitThe basic unit of a multi-tenancy configuration. A tenant unit is a secure, isolatedpartition for a tenant-specific data and control flow within a Data Domain system.

Tenant UserA new user role created for secure multi-tenancy that has privileges to monitor andreport on only the assigned tenant units.

Tenant AdminA new user role created for secure multi-tenancy that has privileges to monitor,report, and perform limited modifications of the assigned tenant units. A TenantAdmin has more privileges than a Tenant User.

Storage UnitA Logical unit of disk storage on a Data Domain system that is associated with aNetWorker data zone .

DDBoost UserA DD OS user that backup applications use to connect to the Data Domain system.You must configure these credentials on each backup server that connects to thissystem. When you specify a DD Boost user name on a Data Domain system, you canselect an existing DD OS username, or you can create a new DD OS user then makethat user name a DD Boost User. DD OS 5.5 and later supports the creation ofmultiple DD Boost users.

Data deduplicationA type of data compression that removes duplicate information to dramaticallyreduce the amount of backup data sent to the storage devices and to reduce thebandwidth required to transport the backup data.

Managed Trees (Mtree)A logical partition of the namespace in a Data Domain 5.0 and later file system thatyou can use to group a set of files together for management purposes. Also referredto as storage units, you typically associate each Mtree with a single NetWorker datazone.

Terminology


IfgroupA private network configured on the Data Domain system, which consists of multiplenetwork interfaces that are logically designated as a single group IP address. Theifgroup provides dynamic load balancing, fault tolerance within the group, andbetter network bandwidth usage than traditional network aggregation.

NetWorker terminologyNetWorker server

Computer on a network that runs the NetWorker server software, contains the onlineindexes, and provides backup and restore services to the clients and storage nodeson the same network.

NetWorker clientComputer on a network, such as a workstation or application server with theNetWorker client software installed. The NetWorker server can perform backupoperations on the host and can restore backup data to the host.

NetWorker storage nodeComputer on a network that runs the NetWorker storage node software. TheNetWorker storage node manages Data Domain devices and other devices alongwith NetWorker server. The NetWorker server manages NetWorker storage nodeoperations and sends data to the NetWorker storage node.

NetWorker data zoneA data zone is a group of clients, storage devices, and storage nodes that a singleNetWorker server manages and administers.

Save setThe name given to the data contained in a backup save stream. A backup operationwrites the save set data to devices on a NetWorker storage node and informationabout the save set to the client file index and media database on the NetWorkerserver.

Client file indexDatabase maintained by the NetWorker server that tracks and records informationabout the back up of every database object, file, or file system for a NetWorkerclient. The NetWorker server maintains a single index file for each NetWorker client.

Media databaseDatabase maintained by the NetWorker server that contains indexed entries ofstorage volume locations and the life cycle status of all data and volumes managedby the NetWorker server.

Browse policyNetWorker storage policy that specifies the period of time that a client file index (CFI)retains information about a save set. Save sets entries in the CFI enable you to easilysearch the contents of a save set when you perform a recovery operation.

Retention policyNetWorker storage policy that determines the minimum period of time that a storagevolume retains save set data and makes the data to be available for recovery. Once asave set exceeds the retention time period, the data is eligible to be overwritten onthe storage volume.

Terminology

NetWorker terminology 13

CloneA complete and independent duplicate copy of backup data that the NetWorkerserver indexes and tracks in the media database and client file index. You can usethe clone copy to perform another clone or to recover data. The clone save setretains the NetWorker browse and retention storage policies assigned to the originalsave set by default, but you can change these policies for the clone save sets. Singlesave sets or entire volumes can be cloned. You can clone single save sets or theentire volume of a DD Boost device. You cannot store cloned data in a differentNetWorker data zone.

Client directA feature that enables clients with a direct network connection to the Data Domainsystem to send and receive data directly to Data Domain AFTD and DD Boost devices.Client Direct is also known as Direct File Access (DFA). Client Direct supports multipleconcurrent client data backup and restore operations that bypass the NetWorkerstorage node, and eliminates a potential bottleneck. The storage node manages thedevices that the clients use but does not handle the backup data.

When the connection is available, NetWorker enables Client Direct by default andalso uses Client Direct to recover duplicated backups sent to a NetWorker storagenode.

Clone-controlled replicationClone-controlled replication (CCR) or Optimized Clone, replicates data from a DDBoost device to another DD Boost device at a different, typically geographicallydistant location. CCR preserves the deduplicated data format and minimizesbandwidth usage between the Data Domain systems. You can configure theNetWorker clone feature to create a copy of the backup save set stored on DD Boostdevices. All data movement for NetWorker clone operations must use IP networkconnectivity. When you configure the NetWorker clone feature, the NetWorkersoftware automatically uses CCR to clone data between Data Domain devices.

Terminology


CHAPTER 3

Planning

l Host naming guidelines.........................................................................................16l Tenant units.......................................................................................................... 16l Network planning.................................................................................................. 17l Storage capacity planning..................................................................................... 19l Stream quota planning..........................................................................................20l Clone-Controlled Replication and disaster recovery............................................... 21

Planning 15

Host naming guidelinesReview this section for information about host, device, and NetWorker resource namingrecommendations. Examples of NetWorker resources include storage nodes and devices,pools, and volume labels. The network environment has an impact on hostnameresolution methods and you need to follow the manufacturer recommendations.

Use the following guidelines to create consistent, easy to identify host names, devicenames, and resource names that improve the configuration, report generation, andtroubleshooting experience in the DD Boost environment:

l Create hostnames that are unique across all NetWorker data zones. Use names thatidentify the network role, such as administration, backup, cloning, or production. Aname can also include a location or a server name.

l Associate a single hostname with each NIC, IP, or FC interface within the sameNetWorker data zone.

l Specify all the long names, short names and IP addresses in the Aliases attribute ofthe client resources that you create for the NetWorker server and storage nodes.

l Use short, easy-to-identify, descriptive names instead of IP addresses or fullyqualified name strings for devices and storage nodes . Long names may not fit intosome views. The following examples show the name of a device that uses a longname and a short name of the storage node host:

NWDD365-1.burloak.lab.mycorp.com:/NWDZ_Dr1NWDD365-1:/NWDZ_Dr1

l With the exception of pool resource names and hostnames, use standardalphanumeric characters, including dot (.), hyphen (-), and underscore (_), with nospaces and no special characters. Do not use an underscore (_) in pool resourcenames and hostnames.

l Use a consistent format for the text field length and text case up to a maximum of 50characters. Include leading zeros when you specify numbers.

l Avoid the use of dates. Dates can change or become meaningless in the future.

l Avoid the use of IP addresses. IP addresses are harder to identify and troubleshootthan hostnames.

l Use operating system tools, such as nslookup to confirm that you can consistentlyand correctly resolves all names and IP addresses for each NetWorker host and DataDomain system in the data zone. For example, ensure that you can resolve the shortname to IP address, long name to IP address, IP address to short name, and IPaddress to long name.

l Use a local hosts file to help diagnose and resolve naming issues. You can use thenet hosts add command on the Data Domain system to add hosts to the /etc/hosts file.

Tenant unitsA tenant unit is a logical partition of a Data Domain system that serves as the unit ofadministrative isolation between tenants. Before you create tenant units, it is importantto have a strategy in place.

Typically you associate one tenant unit with a single customer. A tenant can have tenantunits on multiple Data Domain systems for the same tenant. To group data differentlywithin a tenant unit, create multiple storage units. A tenant unit can contain many storage

Planning


units, but you can only associate a storage unit with a single tenant unit. When youdeploy tenant units, consider resource availability from a capacity perspective as well asa backup stream perspective. If you put too many tenants on a single Data Domainsystem, you can overwhelm the Data Domain system and cause backups to miss requiredSLAs. Use the quota abilities available in Data Domain systems to provision or allocateand monitor resources from both a stream and capacity perspective, as described later inthis paper.

Network planningReview this section before you deploy NetWorker with Data Domain SMT to help you planinfrastructure support.

DD BoostDD Boost devices support data transport over both Fiber Channel (FC) and Ethernet IPnetwork connections for data backup and data recovery operations.

To use FC connectivity for DD Boost devices with SMT, the environment requires:

l NetWorker 8.1 or later

l DD OS 5.5 or later

l FC deployed as a SAN

DD Boost devices do not distinguish TCP/IP network types (LAN, WAN, or MAN) and cansuccessfully operate where packet loss is strictly 0% and latency is less than 5 ms.

NetWorkerThe NetWorker server requires Ethernet IP connections to communicate with all hostsinvolved in DD Boost operations and to move data during NetWorker clone controlledreplication operations.

Client directWhen you create a client in NetWorker, client direct is enabled by default. Backup andrecovery operations for the client will use client direct when the client has a directnetwork connection to the Data Domain system. If the client does not have a directnetwork connection to the Data Domain system, backup and recovery options will use thetraditional NetWorker storage node workflow.

EMC recommends that you use client direct as the primary backup workflow to gain thefollowing advantages:

l Reduced bandwidth usage as a result of deduplication on the client.

l Improved performance and maintainability. You can share a single storage volumebetween DD Boost devices and between multiple backup hosts and multiple storagenodes. This enables you to configure multiple hosts and multiple sessions for onedevice, instead of creating multiple devices.

l Dedicated storage node for a client. You can configure a client direct client as astorage node. In this configuration, the backup operations only send local client datato the Data Domain system. This configuration requires additional NetWorker licensesand configuration.

Planning

Network planning 17

Note

Some backup clients or applications that the client hosts may not support adedicated storage node.

If you configure Client Direct enabled backups when 10 GbE connectivity is unavailable,EMC recommends that you combine two or more NICs on the Data Domain system with 1GbE connections aggregated together by using the Data Domain ddboost ifgroupcommand.

When you group the NICs, you increase data capacity and this configuration can offersome resiliency. The Data Domain system provides automatic advanced load balancingand link failover for NIC connections in the ifgroup.

Note

NetWorker requires one DD Boost enabler code to support multiple interfaces andmultiple network identities for each Data Domain system. EMC NetWorker and EMC DataDomain Boost Deduplication Devices Integration Guide provides more information abouthow to license the NetWorker software when you use DD Boost.

Advanced load balancing and link failoverThe advanced load balancing and link failover feature enables the combination ofmultiple Ethernet links into a group and the registration of only one interface on the DataDomain system.

The advanced load balancing and link failover feature has the following characteristics:

l Works at the DD Boost software layer

l Appears seamless to the underlying network connection

l Support both physical and virtual interfaces

l Occurs across all available interfaces in an ifgroup

l Based on the number of jobs that run currently at the start of a backup or recoveryjob.

Note

When you add NICs to an ifgroup that have different performance characteristics,inconsistent service levels can result. For example, when an ifgroup contains 1GbE and10GbE NICs, different backup or restore job data transfer rates can occur, dependant onwhich NIC the operation uses.

Backups over a WANBackup configuration is the same in a WAN and LAN when you back up clients over theWAN, however there are characteristics of the WAN that are important to note.

NetWorker support for DD Boost devices does not distinguish network types (LAN, WAN,or MAN) and can successfully operate when packet loss is strictly 0% and latency is lessthan 20 milliseconds.

In a WAN environment, EMC recommends that you use:

l QoS features, like stream quotas on the Data Domain system.

l ifgroups to provide as many interfaces as possible to service the backup requests.

Planning


https://support.emc.com/docu50622_NetWorker-8.1-SP1-Data-Domain-Deduplication-Devices-Integration-Guide-.pdf


Storage capacity planningAs a Data Domain admin, when you leverage SMT on a Data Domain system, you candefine the amount of storage allocated to specific tenants and monitor the amount ofavailable storage space. SMT uses two management units for capacity quotas: MTreesand DDBoost storage units.

You can define two types of storage capacity quotas:

l Soft limits: When the amount of available storage reaches a soft limit quota, the DataDomain system triggers an alert that lets the administrator know that the storage unithas reached the maximum allocated storage limit. The Data Domain system clearsthe alert after the amount of available storage drops below the soft limit.

l Hard limits: When the amount of available storage reaches a hard limit quota, theData Domain system will not allow backup or clone operations to write any data tothe system until the used storage space is less than the specified hard limit quota.Backup and clone operations will fail.

In a Multi-Tenant environment, to prevent one tenant from consuming adisproportionately high amount of storage space on a Data Domain system, EMCrecommends that you define soft and hard limits on a storage unit. Use the ddbooststorage-unit create command to apply a capacity quota when you create thestorage unit. Use the ddboost storage-unit modify command or the quotacapacity command to apply a capacity quota after you create the storage unit.

To set the capacity quota limits for a storage unit, first enable quota capacity and thenuse the quota capacity set command:

1. To enable quota capacity, type: quota capacity enable.

2. To set capacity quotas:

l For storage units, type:

quota capacity set storage-units storage_unit soft-limit soft_limit_size hard-limit hard_limit_size

For example, to set the capacity quota limits for a storage unit namedstorage_unit1, type:

quota capacity set storage-units storage-unit1 soft-limit 30 GiB hard-limit 50 GiB

l For Mtrees, type:

quota capacity set mtrees path soft-limit soft_limit_size hard-limit hard_limit_size

For example, to set the capacity quota limits for an MTree with a files ystemlocation of /data/col1/mtree1, type:

quota capacity set mtrees /data/col1/mtree1 soft-limit 30GiB hard-limit 50 GiB

To display the capacity quotas assigned to a tenant unit, use the quota capacityshow command.

For example:

quota capacity show tenant-unit tenant_unit_name

Planning

Storage capacity planning 19

The following output provides an example of how to view the capacity quotas assigned tostorage units and MTrees within a tenant-unit named tenant-unit1.

networker@dd660-4# quota capacity show tenant-unit tenant-unit1Tenant-unit: tenant-unit1Mtree Pre-Comp (MiB) Soft-Limit (MiB) Hard-Limit (MiB)------------------------ -------------- ---------------- ----------------/data/col1/storage-unit1 0 100000 1000000000------------------------ -------------- ---------------- ----------------

Stream quota planningDDOS 5.5 and later allows the Data Domain Admin to set soft quota limits for DD Booststreams on each storage unit. Soft quota limits allow the Data Domain Admin to monitorwhen a storage unit for a tenant exceeds the expected maximum number of streams.

The number of DD Boost streams on a Data Domain system is a limited resource thatdefines the capability of a tenant to backup or replicate data to another Data Domainsystem. A Data Domain Admin can generate reports for active or historical DD Booststreams usage for each tenant unit. These reports enable the Data Domain Admin andTenant Users to assess performance issues and to plan resource usage.

When the number of active streams reaches the soft limit quota, the Data Domain systemtriggers an alert that lets the administrator know that the storage unit has reached themaximum number of streams. The Data Domain system clears the alert after the numberof streams consumed drops below the soft limit.

You can apply four types of stream quotas:

l Write-stream-soft-limit. The maximum number of streams that write operations canuse to write to a specified storage unit.

l Read-stream-soft-limit. The maximum number of streams that read operations canuse to read from a specified storage unit.

l Repl-stream-soft-limit. The maximum number of streams that replication operationscan use, to replicate to or from a specified storage unit.

l Combined-stream-soft-limit. The maximum total number of write, read and replicationstreams that a specified storage unit can use.

You can set the soft limit value for any single stream quota up to the highest number ofstreams that the Data Domain system supports. When you set the combined-stream-soft-limit quota, ensure that you set a value that is equal to or higher than the highest valueset for the write, read or replication stream quota.

To configure stream soft limits on a storage unit, use the quota streams setcommand:

quota streams set storage-units storage_unit_name write-stream-soft-limit value1 repl-stream-soft-limit value2 combined-stream-soft-limit value3

For example, to set the quota stream limits to a storage unit named storage-unit1, type:

quota streams set storage-units storage-unit1 write-stream-soft-limit2 repl-stream-soft-limit 2 combined-stream-soft-limit 5To view the stream soft limits set for a storage unit and the maximum stream limits for theData Domain system, use the quota streams show command.

Planning


The following output provides an example of how to view the soft limits for all of thestorage units on a Data Domain system.

networker@dd660-4# quota streams show allStorage Unit Write Streams Read Streams Repl Streams Combined Streams Soft-Limit Soft-Limit Soft-Limit Soft-Limit -------------- ------------- ------------ ------------ ----------------storage-unit1 10 3 10 10 -------------- ------------- ------------ ------------ ----------------DD System Stream Limits: write=90 read=30 repl-in=90 repl-out=90 combined=90

To validate the number of active streams for a storage unit, use the ddboost streamsshow active command, which provides you with a point-in-time picture of the activestreams by stream type for a storage unit. The following output provides an example ofthis command.

networker@dd660-4# ddboost streams show activeName Read Write Repl-out Repl-in Read Write Repl Combined Tenant-Unit Streams Streams Streams Streams Limit Limit Limit Limit-------------- ------- ------- -------- ------- ----- ----- ----- -------- ------------storage-unit1 0 0 0 0 2 3 - - tenant-unit1------------- ------- ------- -------- ------- ----- ----- ----- -------- ------------DD System Stream Limits: read=30 write=90 repl-in=90 repl-out=90 combined=90

To display historical information about the number of streams consumed by a specifictenant unit or storage unit, use the ddboost streams show history command.The output of this command provides you with the ability to:

l View when an SMT tenant may have exceeded a quota.l Determine if the number of streams in use may have an impact on the performance of

the Data Domain system.

The following output provides an example of this command for tenant-unit tenant-unit1:

networker@dd660-4# ddboost streams show history tenant-unit tenant-unit1INTERVAL: 10 mins"-" indicates that the data is not available for the intervals

Storage-Unit: "storage-unit1", Tenant Unit: "tenant-unit1"Date Time read write repl-out repl-inYYYY/MM/DD HH:MM streams streams streams streams----------------- ------- ------- --------- --------2014/07/17 13:00 0 0 0 02014/07/17 13:10 1 4 0 02014/07/17 13:20 0 0 1 02014/07/17 13:30 2 0 0 0

Figure 3 Change Disk Pool window

Clone-Controlled Replication and disaster recoveryA disaster recovery environment can use Clone-Controlled Replication (CCR) to copyindividual save sets or complete volumes from one Data Domain system to another at ageographically distant location.

NetWorker browse and retention policies manage both the source (primary) and the clone(secondary) data. For additional protection, NetWorker can clone some or all of the storeddata from the secondary system to tape storage.

You must configure, enable, and manage both the primary and secondary Data Domainsystems within a single NetWorker data zone. You must configure target devices on the

Planning

Clone-Controlled Replication and disaster recovery 21

secondary Data Domain system. You can use either a single storage node or separatestorage nodes for the local and remote operations within the data zone.

Planning


CHAPTER 4

Configuring a new multi-tenant Data Domainsystem

Use the information in this chapter to configure muti-tenancy with NetWorker and a newData Domain system that runs DDOS 5.5 or later.

l Creating the tenant-unit........................................................................................ 24l Creating tenant user accounts............................................................................... 24l Configuring DD Boost ........................................................................................... 26l Configuring SMT and DD Boost devices in NetWorker for backups......................... 30l Configuring SMT and DD Boost devices in NetWorker for CCR................................ 33

Configuring a new multi-tenant Data Domain system 23

Creating the tenant-unitEnable SMT, then create one empty tenant-unit for each tenant.

Before you begin

Perform the following steps on the Data Domain system with a Data Domain Adminaccount.

Procedure

1. Use the smt enable command to enable SMT.

For example:

networker@dd660-4# smt enableSMT enabled.

2. Use the smt tenant-unit create command to create the tenant-unit:

For example:

smt tenant-unit create tenant_unit_name

The following output provides an example of how to create a new tenant unit calledtenant-unit1.

networker@dd660-4# smt tenant-unit create tenant-unit1Tenant-unit "tenant-unit1" created.

Creating tenant user accountsMultiple roles with different privilege levels combine to provide administrative isolationon a multi-tenant Data Domain system. Tenant self-service enables the two mainpersonas and roles: Tenant Admin and Tenant User. Users with these roles can only run asubset of management operations on the tenant-unit management objects. The subset ofoperations are deemed useful for the Tenant Admin and Tenant User users, and are safefrom an overall Multi-Tenant environment perspective.

You can control which tenant-units and the related management objects that the userscan manage.

Note

You only use tenant-units from a management perspective, you will never write datadirectly to a tenant-unit. Backup operations write data to the storage unit, which belongsto the tenant-unit.

Procedure

1. Use the user add command or the Create User option in the Data DomainAdmin GUI to create two Data Domain users with a role of none.

Note

If you assign the users to a role other than none, then you cannot assign these usersas a tenant admin or tenant user.

user add user_acct role none

Configuring a new multi-tenant Data Domain system


The following output provides an example of how to create the two user accounts,tenant-admin1 and tenant-user1 from a command prompt.

networker@dd660-4# user add tenant-admin1 role none Enter new password: Re-enter new password:Passwords matched.User "tenant-admin1" added.networker@dd660-4# user add tenant-user1 role none Enter new password: Re-enter new password:Passwords matched.User "tenant-user1" added.

2. Assign one user to the tenant-admin role and one user to the tenant-user role for therequired tenant-unit.

For example:

smt tenant-unit management-user assign username tenant-unit tenant_unit_name role tenant-admin

The following output provides an example of how to assign the tenant-admin role touser tenant-admin1, and the tenant-user role to the user tenant-user1 for a tenant unitnamed tenant-unit1.

networker@dd660-4# smt tenant-unit management-user assign tenant-admin1 tenant-unit tenant-unit1 role tenant-adminManagement user "tenant-admin1" is assigned to tenant-unit "tenant-unit1" as "tenant-admin".networker@dd660-4# smt tenant-unit management-user assign tenant-user1 tenant-unit tenant-unit1 role tenant-userManagement user "tenant-user1" is assigned to tenant-unit "tenant-unit1" as "tenant-user".

The users can now use the ssh command to log in to the Data Domain system andwill only see the tenant units to which they were assigned.

3. Enable self-service on the tenant unit.

For example:

smt tenant-unit option set tenant_unit_name self-service enabled

The following output provides an example of how to enable self-service on a tenant-unit called tenant-unit1.

networker@dd660-4# smt tenant-unit option set tenant-unit1 self-service enabledTenant self-service enabled for tenant-unit "tenant-unit1".

Note

If you do not enable self-service, the tenant-users can only run the user command.

To determine the commands that a tenant-user is allowed to run, use the help option.The following output provides an example of a tenant user account that uses the helpoption when self-service is not enabled on the tenant-unit.


Creating tenant user accounts 25

tenant-user1@dd660-4> ?

Help is available on the following topics:

user

Type "help <topic>" to view help for the given topic.

Type "help <keyword>" to search the commands for a specific keyword.For example, "help timezone" shows all commands relating to timezones.

The following output provides an example of a tenant user account that uses the helpoption when self-service is enabled on the tenant-unit. The user has all of the tenant-user privileged commands available



alerts mtree snapshot ddboost quota system filesys smt user



4. Use the dd boost user option command to set the default tenant unit for theddboost user. This ensures that the Data Domain system will assign the newly createdstorage units to the specified tenant unit for the ddboost user.

For example:

ddboost user option set username default-tenant-unit tenant_unit_name

The following output provides an example of how to set tenant unit tenant-unit1 as thedefault tenant-unit for the ddboost user tenant1-boost.

networker@dd660-4# ddboost user option set tenant1-boost default-tenant-unit tenant-unit1

Default-tenant-unit is set to "tenant-unit1" for user "tenant1-boost".

Configuring DD BoostBefore you can deploy a tenant-unit, you must create the DD Boost user account.NetWorker and SMT use the DD Boost user to establish and maintain a connectionbetween the NetWorker server and the Data Domain system. This user account is differentfrom the tenant-admin or tenant-user accounts. After you create the DD Boost user, createthe DD Boost storage-unit for the tenant, and then specify the DD Boost user as the ownerof the storage-unit. You can create the DD Boost user account from the command line orfrom the Data Domain Enterprise Manager (DDEM).

Before you begin




Procedure

1. Use the user add command to create the DD Boost user account and assign apassword.

For example:

user add username password password role none

The following output provides an example of how to create a new user with the nametenant1-boost.

networker@dd660-4# user add tenant1-boost password abc123 role noneUser "tenant1-boost" added.

2. Use the ddboost user assign command to assign the user account to DD Boost.

For example:

ddboost user assign username

The following output provides an example of how to assign the user tenant1-boost toDD Boost.

networker@dd660-4# ddboost user assign tenant1-boostUser "tenant1-boost" assigned to DD Boost.

3. Use the dd boost user option command to set the default tenant unit for theDD Boost user. This ensures that the Data Domain system will assign the newlycreated storage units to the specified tenant unit for the DD Boost user.

For example:


The following output provides an example of how to set the tenant-unittenant-unit1 asthe default tenant-unit for the DD Boost user tenant1-boost.

networker@dd660-4# ddboost user option set tenant1-boost default-tenant-unit tenant-unit1Default-tenant-unit is set to "tenant-unit1" for user "tenant1-boost".

4. Use the ddboost storage-unit create command to create the storage unit,add the storage unit to the tenant-unit, and assign the DD Boost user as the owner ofthe storage unit.

For example:

ddboost storage-unit create storage_unit_name user DDboost_user tenant-unit tenant_unit_name

The following output provides an example of how to create a new storage unit calledstorage-unit1, which is assigned to the DD Boost user tenant1-boost and added totenant-unit tenant-unit1.

networker@dd660-4# ddboost storage-unit create storage-unit1 user tenant1-boost tenant-unit tenant-unit1Created storage-unit "storage-unit1" for "tenant1-boost".

5. Use the mtree modify command to specify the tenant-unit for each Mtree thatbelongs to a tenant.


Configuring DD Boost 27

For example:

mtree modify path tenant-unit tenant_unit_name

The following output provides an example of how to assign an Mtree with a datapath /data/col1/mtree1 to a tenant-unit named tenant-unit1:

networker @dd660-4# mtree modify /data/col1/mtree1 tenant-unit tenant-unit1

6. Use the ddboost option set command to enable distributed segmentprocessing. NetWorker storage node and clients require distributed segment processfor deduplication.

For example:

networker@dd660-4# ddboost option set distributed-segment-processing enabledDD Boost option "distributed-segment-processing" set to enabled.



7. Optionally, use the smt tenant-unit show detailed all command todisplay a detailed summary of the tenant unit configuration on the Data Domainsystem. The following output provides an example of the summary information for atenant-unit named tenant-unit1:

networker@dd660-4# smt tenant-unit show detailed tenant-unit1Tenant-unit: "tenant-unit1" Summary: Name Tenant Number of Pre-Comp Self-service Mtrees (GiB) ------------ ------------ --------- -------- tenant-unit1 Enabled 1 0.0 ------------ ------------ --------- --------

Management-User: User Role ------------- ------------ tenant-admin1 tenant-admin tenant-user1 tenant-user ------------- ------------

Management-Group: No management-groups.

DDBoost: Name Pre-Comp (GiB) Status User Tenant-Unit ------------- -------------- ------ ------------- ------------ storage-unit1 0.0 RW tenant1-boost tenant-unit1 ------------- -------------- ------ ------------- ------------ Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination

Getting users with default-tenant-unit tenant-unit1 DD Boost user Default tenant-unit ------------- ------------------- tenant1-boost tenant-unit1 ------------- -------------------

Mtrees: Name Pre-Comp (GiB) Status Tenant-Unit ------------------------ -------------- ------ ------------ /data/col1/storage-unit1 0.0 RW tenant-unit1 ------------------------ -------------- ------ ------------ D : Deleted Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination RLGE : Retention-Lock Governance Enabled RLGD : Retention-Lock Governance Disabled RLCE : Retention-Lock Compliance Enabled

Quota: Tenant-unit: tenant-unit1 Mtree Pre-Comp (MiB) Soft-Limit (MiB) Hard-Limit (MiB) ------------------------ -------------- ---------------- ---------------- /data/col1/storage-unit1 0 none none ------------------------ -------------- ---------------- ----------------

Alerts: No notification lists. No such active alerts.



8. Optionally, use the ddboost storage-unit show command to display summaryinformation about the storage unit.

The following output provides an example of summary information for a storage unitcalled storage-unit1:

networker@dd660-4# ddboost storage-unit show storage-unit1Name Pre-Comp (GiB) Status User Tenant-Unit------------- -------------- ------ ------------- ------------storage-unit1 0.0 RW tenant1-boost tenant-unit1------------- -------------- ------ ------------- ------------ Q : Quota Defined RO : Read Only RW : Read Write RD : Replication DestinationStorage-unit storage-unit1 does not contain any files.

9. Optionally, configure an alert notification group list, which contains the email addressof tenant administrator(s).

a. Use the use the alerts notify-list create command to create adistribution list. For example: alerts notify-list create new_group_nametenant-unit tenant_unit_name

b. Use the alerts notify-list add command to add email addresses to thedistribution list. For example: alerts notify-list add new_group_nameemails [email protected], [email protected]

Note

When you configure alert notifications, tenant administrators will receive emailnotifications under the following conditions:

l When a storage unit reaches the defined hard capacity quota limit.

l When a storage unit exceeds the defined soft capacity quota limit.

l When a storage unit exceeds a defined soft stream limit.

l When a Data Domain system outage occurs.

Configuring SMT and DD Boost devices in NetWorker for backupsUse the New Device Configuration Wizard to create DD Boost devices for the backupoperations. In NetWorker 8.2 and later, the wizard can limit the visibility of devices fortenants to a specific DD Boost user.

Before you begin

Configure the storage units, SMT tenant units, and DD Boost users on the Data Domainsystems before you configure the devices in Networker.

EMC NetWorker and EMC Data Domain Boost Deduplication Devices Integration Guideprovides detailed information about how to use the New Device Configuration Wizard tocreate and configure new DD Boost devices.

Procedure

1. Use the NetWorker Management Console (NMC) to connect to the NetWorker server.




2. Click Devices.

3. In the left navigation pane, right-click Devices and select New Device Wizard.

4. On the Select Device Type window, select Data Domain, and then click Next.

5. Review the Data Domain Configuration Checklist and then click Next.

6. On the Specify Data Domain Configuration Options window, perform the followingsteps:

a. In the Data Domain System section, select Use an existing Data Domain system,then select the Data Domain system.

b. In the DD Boost Credentials section, specify the username and password for theDD Boost user that owns the storage-unit that you previously created for the tenantand placed into the tenant-unit for the tenant.

Ensure that tenant-unit that you want to configure is the default tenant unit for theDD Boost user.

c. In the Secure Multi-Tenancy section, select Configure Secure Multi-Tenancy. If thestorage unit already exists, select Use an existing secure storage unit, then selectthe storage unit from the drop-down. Otherwise, select Create a new securestorage unit and provide the name of the storage unit. When you create the newstorage unit, the default tenant unit for the DD Boost user will contain the newstorage unit.

d. In the Configuration Method section, leave the default option Browse and Selectenabled.

7. Click Next.

The following figure provides an example of the Specify Data Domain ConfigurationOptions window.Figure 4 Specify Data Domain Configuration Options window

8. On the Select the Folders to use as Device window, select an existing folder on theData Domain system, and then click Next. To create a new folder select New Folder,specify the folder name, and then select the folder.


Configuring SMT and DD Boost devices in NetWorker for backups 31

The following figure provides an example of the Select Folders to use as a Devicewindow.Figure 5 Select Folders to use as a Device window

9. On the Configure Pool Information window, perform the following steps:

a. In the Pool Type section, select Backup.

b. In the Pool section, select Create and use a new Pool to create a new backup pool,or select Use an existing Pool and then select a backup pool.

c. Click Next.

10.On the Select Storage Nodes window, perform the following steps:

a. In the Storage Node Options section, select an existing storage node. To create anew storage node select Create a new storage node, then specify the name of thestorage node. Click Next.

b. Optionally, select Enable Fibre Channel for this device, and then specify the FChost name.

c. Click Next.

11.Optionally, on the Select SNMP Monitoring Options window, perform the followingsteps to configure SNMP monitoring:

a. Select Gather usage information, then specify the Data Domain SNMP communitystring.

b. Select Receive SNMP trap events and then specify the SNMP process port.

c. Optionally, select or deselect the SNMP events to monitor.

d. Click Next.



12.On the Review the Device Configuration Settings window click Configure.

13.On the Device Configuration Results window, review the results and then click Finish.

Configuring SMT and DD Boost devices in NetWorker for CCRUse the New Device Configuration Wizard to create the Data Domain devices that receiveCCR data.

Before you begin

Configure the storage units, SMT tenant units, and DD Boost users on the Data Domainsystems before you configure the devices in Networker. To ensure that clone operationscomplete in a timely matter, use multiple interfaces in an ifgroup.


Procedure


2. Click Devices.










7. Click Next.

8. On the Select the Folders to use as Device window, select an existing folder on theData Domain system, and then click Next . To create a new folder select New Folder,specify the folder name, and then select the folder.

9. Perform the following steps on the Configure Pools window.

10.In the Pool Type section, select Backup Clone.

a. Select Configure Media Pools for devices, then select the storage path for theclone data.


Configuring SMT and DD Boost devices in NetWorker for CCR 33


b. In the Pool Type section, select Backup Clone.

c. In the Pool section, select Create and use a new Pool, then specify a new name forthe clone pool.

The following figure provides an example of the Configure Pools window.

Figure 6 Configure Pools window



CHAPTER 5

Upgrading to a Multi-tenant Data Domain system

Use the information in this chapter to upgrade an existing Data Domain system that runsDDOS 5.5 or later to a muti-tenant configuration and NetWorker.

l Creating the tenant-unit........................................................................................ 36l Creating tenant user accounts............................................................................... 36l Configuring DD Boost............................................................................................ 38l Configuring SMT and DD Boost devices in NetWorker for backups......................... 42l Configuring SMT and DD Boost devices in NetWorker for CCR................................ 45

Upgrading to a Multi-tenant Data Domain system 35

Creating the tenant-unitEnable SMT, then create one empty tenant-unit for each tenant.

Before you begin


Procedure

1. Use the smt enable command to enable SMT.

For example:

networker@dd660-4# smt enableSMT enabled.

2. Use the smt tenant-unit create command to create the tenant-unit:

For example:

smt tenant-unit create tenant_unit_name

The following output provides an example of how to create a new tenant unit calledtenant-unit1.

networker@dd660-4# smt tenant-unit create tenant-unit1Tenant-unit "tenant-unit1" created.

Creating tenant user accountsMultiple roles with different privilege levels combine to provide administrative isolationon a multi-tenant Data Domain system. Tenant self-service enables the two mainpersonas and roles: Tenant Admin and Tenant User. Users with these roles can only run asubset of management operations on the tenant-unit management objects. The subset ofoperations are deemed useful for the Tenant Admin and Tenant User users, and are safefrom an overall Multi-Tenant environment perspective.

You can control which tenant-units and the related management objects that the userscan manage.

Note

You only use tenant-units from a management perspective, you will never write datadirectly to a tenant-unit. Backup operations write data to the storage unit, which belongsto the tenant-unit.

Procedure

1. Use the user add command or the Create User option in the Data DomainAdmin GUI to create two Data Domain users with a role of none.

Note

If you assign the users to a role other than none, then you cannot assign these usersas a tenant admin or tenant user.

user add user_acct role none



The following output provides an example of how to create the two user accounts,tenant-admin1 and tenant-user1 from a command prompt.

networker@dd660-4# user add tenant-admin1 role none Enter new password: Re-enter new password:Passwords matched.User "tenant-admin1" added.networker@dd660-4# user add tenant-user1 role none Enter new password: Re-enter new password:Passwords matched.User "tenant-user1" added.

2. Assign one user to the tenant-admin role and one user to the tenant-user role for therequired tenant-unit.

For example:

smt tenant-unit management-user assign username tenant-unit tenant_unit_name role tenant-admin

The following output provides an example of how to assign the tenant-admin role touser tenant-admin1, and the tenant-user role to the user tenant-user1 for a tenant unitnamed tenant-unit1.

networker@dd660-4# smt tenant-unit management-user assign tenant-admin1 tenant-unit tenant-unit1 role tenant-adminManagement user "tenant-admin1" is assigned to tenant-unit "tenant-unit1" as "tenant-admin".networker@dd660-4# smt tenant-unit management-user assign tenant-user1 tenant-unit tenant-unit1 role tenant-userManagement user "tenant-user1" is assigned to tenant-unit "tenant-unit1" as "tenant-user".

The users can now use the ssh command to log in to the Data Domain system andwill only see the tenant units to which they were assigned.

3. Enable self-service on the tenant unit.

For example:

smt tenant-unit option set tenant_unit_name self-service enabled

The following output provides an example of how to enable self-service on a tenant-unit called tenant-unit1.

networker@dd660-4# smt tenant-unit option set tenant-unit1 self-service enabledTenant self-service enabled for tenant-unit "tenant-unit1".

Note

If you do not enable self-service, the tenant-users can only run the user command.

To determine the commands that a tenant-user is allowed to run, use the help option.The following output provides an example of a tenant user account that uses the helpoption when self-service is not enabled on the tenant-unit.


Creating tenant user accounts 37



user



The following output provides an example of a tenant user account that uses the helpoption when self-service is enabled on the tenant-unit. The user has all of the tenant-user privileged commands available



alerts mtree snapshot ddboost quota system filesys smt user



4. Use the dd boost user option command to set the default tenant unit for theddboost user. This ensures that the Data Domain system will assign the newly createdstorage units to the specified tenant unit for the ddboost user.

For example:


The following output provides an example of how to set tenant unit tenant-unit1 as thedefault tenant-unit for the ddboost user tenant1-boost.

networker@dd660-4# ddboost user option set tenant1-boost default-tenant-unit tenant-unit1

Default-tenant-unit is set to "tenant-unit1" for user "tenant1-boost".

Configuring DD BoostBefore you can deploy a tenant-unit, you must create the DD Boost user account.NetWorker and SMT use the DD Boost user to establish and maintain a connectionbetween the NetWorker server and the Data Domain system. This user account is differentfrom the tenant-admin or tenant-user accounts. After you create the DD Boost user, modifythe DD Boost storage-unit for the tenant, and then specify the DD Boost user as the ownerof the storage-unit. You can create the DD Boost user account from the command line orfrom the Data Domain Enterprise Manager (DDEM).

Before you begin




Procedure

1. Use the user add command to create the DD Boost user account and assign apassword.

For example:

user add username password password role none

The following output provides an example of how to create a new user with the nametenant1-boost.

networker@dd660-4# user add tenant1-boost password abc123 role noneUser "tenant1-boost" added.

2. Use the ddboost user assign command to assign the user account to DD Boost.

For example:

ddboost user assign username

The following output provides an example of how to assign the user tenant1-boost toDD Boost.

networker@dd660-4# ddboost user assign tenant1-boostUser "tenant1-boost" assigned to DD Boost.

3. Use the dd boost user option command to set the default tenant unit for theDD Boost user. This ensures that the Data Domain system will assign the newlycreated storage units to the specified tenant unit for the DD Boost user.

For example:


The following output provides an example of how to set the tenant-unittenant-unit1 asthe default tenant-unit for the DD Boost user tenant1-boost.

networker@dd660-4# ddboost user option set tenant1-boost default-tenant-unit tenant-unit1Default-tenant-unit is set to "tenant-unit1" for user "tenant1-boost".

4. Use the ddboost storage-unit modify command to associate an existingstorage unit with the tenant-unit, and assign the DD Boost user as the owner of thestorage unit.

For example:

ddboost storage-unit modify storage_unit_name user DDboost_user tenant-unit tenant_unit_name

The following output provides an example of how to associate a storage unit calledstorage-unit1 to tenant-unit tenant-unit1, and assign the DD Boost user tenant1-boostto the storage unit.

networker@dd660-4# ddboost storage-unit modify storage-unit1 user tenant1-boost tenant-unit tenant-unit1Modified storage-unit "storage-unit1" for "tenant1-boost".

5. Use the mtree modify command to specify the tenant-unit for each Mtree thatbelongs to a tenant.



For example:

mtree modify path tenant-unit tenant_unit_name

The following output provides an example of how to assign an Mtree with a datapath /data/col1/mtree1 to a tenant-unit named tenant-unit1:

networker @dd660-4# mtree modify /data/col1/mtree1 tenant-unit tenant-unit1

6. Use the ddboost option set command to enable distributed segmentprocessing. NetWorker storage node and clients require distributed segment processfor deduplication.

For example:

networker@dd660-4# ddboost option set distributed-segment-processing enabledDD Boost option "distributed-segment-processing" set to enabled.



7. Optionally, use the smt tenant-unit show detailed all command todisplay a detailed summary of the tenant unit configuration on the Data Domainsystem. The following output provides an example of the summary information for atenant-unit named tenant-unit1:

networker@dd660-4# smt tenant-unit show detailed tenant-unit1Tenant-unit: "tenant-unit1" Summary: Name Tenant Number of Pre-Comp Self-service Mtrees (GiB) ------------ ------------ --------- -------- tenant-unit1 Enabled 1 0.0 ------------ ------------ --------- --------

Management-User: User Role ------------- ------------ tenant-admin1 tenant-admin tenant-user1 tenant-user ------------- ------------

Management-Group: No management-groups.

DDBoost: Name Pre-Comp (GiB) Status User Tenant-Unit ------------- -------------- ------ ------------- ------------ storage-unit1 0.0 RW tenant1-boost tenant-unit1 ------------- -------------- ------ ------------- ------------ Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination

Getting users with default-tenant-unit tenant-unit1 DD Boost user Default tenant-unit ------------- ------------------- tenant1-boost tenant-unit1 ------------- -------------------

Mtrees: Name Pre-Comp (GiB) Status Tenant-Unit ------------------------ -------------- ------ ------------ /data/col1/storage-unit1 0.0 RW tenant-unit1 ------------------------ -------------- ------ ------------ D : Deleted Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination RLGE : Retention-Lock Governance Enabled RLGD : Retention-Lock Governance Disabled RLCE : Retention-Lock Compliance Enabled

Quota: Tenant-unit: tenant-unit1 Mtree Pre-Comp (MiB) Soft-Limit (MiB) Hard-Limit (MiB) ------------------------ -------------- ---------------- ---------------- /data/col1/storage-unit1 0 none none ------------------------ -------------- ---------------- ----------------

Alerts: No notification lists. No such active alerts.



8. Optionally, use the ddboost storage-unit show command to display summaryinformation about the storage unit.

The following output provides an example of summary information for a storage unitcalled storage-unit1:

networker@dd660-4# ddboost storage-unit show storage-unit1Name Pre-Comp (GiB) Status User Tenant-Unit------------- -------------- ------ ------------- ------------storage-unit1 0.0 RW tenant1-boost tenant-unit1------------- -------------- ------ ------------- ------------ Q : Quota Defined RO : Read Only RW : Read Write RD : Replication DestinationStorage-unit storage-unit1 does not contain any files.

9. Optionally, configure an alert notification group list, which contains the email addressof tenant administrator(s).

a. Use the use the alerts notify-list create command to create adistribution list. For example: alerts notify-list create new_group_nametenant-unit tenant_unit_name

b. Use the alerts notify-list add command to add email addresses to thedistribution list. For example: alerts notify-list add new_group_nameemails [email protected], [email protected]

Note

When you configure alert notifications, tenant administrators will receive emailnotifications under the following conditions:

l When a storage unit reaches the defined hard capacity quota limit.

l When a storage unit exceeds the defined soft capacity quota limit.

l When a storage unit exceeds a defined soft stream limit.

l When a Data Domain system outage occurs.

Configuring SMT and DD Boost devices in NetWorker for backupsUse the New Device Configuration Wizard to create DD Boost devices for the backupoperations. In NetWorker 8.2 and later, the wizard can limit the visibility of devices fortenants to a specific DD Boost user.

Before you begin

Configure the storage units, SMT tenant units, and DD Boost users on the Data Domainsystems before you configure the devices in Networker.


Procedure





2. Click Devices.










7. Click Next.

The following figure provides an example of the Specify Data Domain ConfigurationOptions window.Figure 7 Specify Data Domain Configuration Options window

8. On the Select the Folders to use as Device window, select an existing folder on theData Domain system, and then click Next. To create a new folder select New Folder,specify the folder name, and then select the folder.


Configuring SMT and DD Boost devices in NetWorker for backups 43

The following figure provides an example of the Select Folders to use as a Devicewindow.Figure 8 Select Folders to use as a Device window

9. On the Configure Pool Information window, perform the following steps:

a. In the Pool Type section, select Backup.

b. In the Pool section, select Create and use a new Pool to create a new backup pool,or select Use an existing Pool and then select a backup pool.

c. Click Next.

10.On the Select Storage Nodes window, perform the following steps:

a. In the Storage Node Options section, select an existing storage node. To create anew storage node select Create a new storage node, then specify the name of thestorage node. Click Next.

b. Optionally, select Enable Fibre Channel for this device, and then specify the FChost name.

c. Click Next.

11.Optionally, on the Select SNMP Monitoring Options window, perform the followingsteps to configure SNMP monitoring:

a. Select Gather usage information, then specify the Data Domain SNMP communitystring.

b. Select Receive SNMP trap events and then specify the SNMP process port.

c. Optionally, select or deselect the SNMP events to monitor.

d. Click Next.



12.On the Review the Device Configuration Settings window click Configure.

13.On the Device Configuration Results window, review the results and then click Finish.

Configuring SMT and DD Boost devices in NetWorker for CCRUse the New Device Configuration Wizard to create the Data Domain devices that receiveCCR data.

Before you begin

Configure the storage units, SMT tenant units, and DD Boost users on the Data Domainsystems before you configure the devices in Networker. To ensure that clone operationscomplete in a timely matter, use multiple interfaces in an ifgroup.


Procedure


2. Click Devices.










7. Click Next.

8. On the Select the Folders to use as Device window, select an existing folder on theData Domain system, and then click Next . To create a new folder select New Folder,specify the folder name, and then select the folder.

9. Perform the following steps on the Configure Pools window.

10.In the Pool Type section, select Backup Clone.

a. Select Configure Media Pools for devices, then select the storage path for theclone data.


Configuring SMT and DD Boost devices in NetWorker for CCR 45


b. In the Pool Type section, select Backup Clone.

c. In the Pool section, select Create and use a new Pool, then specify a new name forthe clone pool.

The following figure provides an example of the Configure Pools window.

Figure 9 Configure Pools window



CHAPTER 6

Conclusion

After you read this paper, you should have a better understanding of how an integrationof SMT and NetWorker into a backup and recovery solution provides companies with theability to consolidate dedicated devices into a single system.

To summarize, the integration of SMT and NetWorker provides you the following benefits:

l Reduces the current backup hardware and software footprint.

l Achieves secure data isolation by tenant on shared Data Domain systems.

l Writes backup data with NetWorker to a secure storage unit.

l Reduces data protection storage costs.

l Provides tenant self-service administration and reporting.

l Gives the provider control over capacity and stream count resources assigned to eachtenant on shared Data Domain systems.

l Enables increased utilization of existing Data Domain assets.

Conclusion 47

Conclusion


integrating emc networker with data domain secure … emc networker with data domain secure...

Documents