PowerProtect Cyber Recovery Workshop

DM5500 Integration with Cyber Recovery​

Frankfurt
January 2024

Internal Use - Confidential 1 Copyright © Dell Inc. All Rights Reserved.

 Agenda

Solution Overview Recovery Scenario’s

Network Topologies Resource’s

Pre-requisites

Configuration

Internal Use - Confidential 2 Copyright © Dell Inc. All Rights Reserved.

 Ensuring the Recovery of Critical Rebuild Data in case of Cyber Threats

Cyber
Recovery
Solution for
DM5500
• Operational air gap
PowerProtect DD based
vault with data isolation
and immutability for
DM5500 backups
• CyberSense analytics
and Machine Learning
monitor data integrity
• Accelerate cyber and
ransomware attack data ✓ Integrated and secure workflow on DM5500 to configure vault target, and provisioning data to send to vault.
recovery ✓ Perform PPCR orchestrated automated periodic test of vaulted data within vault for validity/recoverability checks.
✓ Restore data from the vault to production or restore DM5500 appliance if appliance is attacked.

Internal Use - Confidential 3 Copyright © Dell Inc. All Rights Reserved.

 Networking
Topologies

We support both
❖ Switched Network
❖ Directly Connected
Network

Networking Topologies

Internal Use - Confidential 4 Copyright © Dell Inc. All Rights Reserved.

 Pre-
❖ Need a
requisites for ❖ Dedicated uplink connected/cabled to the appliance for vault network
the Solution configuration.

❖ A Security Officer Role must exist on the appliance.

❖ Ensure the Vault Data Domain is running on the following DDOS version
❖ DDOS- 7.7.5.20
❖ DDOS- 7.10.1.10
❖ DDOS- 7.12.0.0 or greater

Internal Use - Confidential 5 Copyright © Dell Inc. All Rights Reserved.

 Cyber
Recovery
Configuration
The Cyber Recovery Tab is only
accessible by the “admin”
account (Account of Last
Resort) or a user with
"Administrator" level rights.

Internal Use - Confidential 6 Copyright © Dell Inc. All Rights Reserved.

 Vault
Network
Configuration

❖ Configure Uplinks
❖ Create Vault Network

Internal Use - Confidential 7 Copyright © Dell Inc. All Rights Reserved.

 Vault
Network
Configuration

❖ Configure Uplinks

Internal Use - Confidential 8 Copyright © Dell Inc. All Rights Reserved.

 Vault
Network
Configuration

❖ Create Vault Network

Internal Use - Confidential 9 Copyright © Dell Inc. All Rights Reserved.

 Vault
Network
Configuration

❖ Create Vault Network

Internal Use - Confidential 10 Copyright © Dell Inc. All Rights Reserved.

 Security
Officer Role

❖ Creating Security
Officer User
❖ Only One Security
Officer Role can exist
per appliance.
❖ The Security Officer
Role must be local to
the appliance.

Internal Use - Confidential 11 Copyright © Dell Inc. All Rights Reserved.

 Configure
Vault
Storage
Once the pre-requisites are
met the user is allowed to
configure the vault storage.

❖ FQDN Field: Represents the

“Management FDQN name”
corresponding to the vault
Data Domain System
❖ IP Field: Represents the “
Replication Interface” on the
vault Data Domain System

Internal Use - Confidential 12 Copyright © Dell Inc. All Rights Reserved.

 Configure
Vault
Storage
Once the pre-requisites are
met the user is allowed to
configure the vault storage.

❖ FQDN Field: Represents the Management FQDN of

the Vault Data Domain
“Management FDQN name”
corresponding to the vault
Data Domain System
❖ IP Field: Represents the “
Replication Interface” on the
vault Data Domain System Replication IP Address of
the Vault Data Domain

Internal Use - Confidential 13 Copyright © Dell Inc. All Rights Reserved.

 Policy
Decision
Tree
❖ There are two kind of
policy that can be
configured on
DM5500.
❖ Traditional policy
❖ Retention Lock
based policy

Internal Use - Confidential 14 Copyright © Dell Inc. All Rights Reserved.

 Policy
Decision
Tree
❖ There are two kind of
policy that can be
configured on
DM5500.
❖ Traditional policy
❖ Retention Lock
based policy

Internal Use - Confidential 15 Copyright © Dell Inc. All Rights Reserved.

 Configuring
Vault for a
Protection
Policy

❖ Either a Primary
Backup or Replication
stage needs to exist to
enable vault for a
protection policy.
❖ If you re-use a
Storage-Unit which is
already vaulted, then
the new PLC will
inherit the vault stage
automatically.

Internal Use - Confidential 16 Copyright © Dell Inc. All Rights Reserved.

 Configuring
Vault for a
Protection
Policy

❖ Either a Primary
Backup or Replication
stage needs to exist to
enable vault for a
protection policy.
❖ If you re-use a
Storage-Unit which is
already vaulted, then
the new PLC will
inherit the vault stage
automatically.

Internal Use - Confidential 17 Copyright © Dell Inc. All Rights Reserved.

 Configuring
Vault for a
Protection
Policy

❖ Either a Primary
Backup or Replication
stage needs to exist to
enable vault for a
protection policy.
❖ If you re-use a
Storage-Unit which is
already vaulted, then
the new PLC will
inherit the vault stage
automatically.

Internal Use - Confidential 18 Copyright © Dell Inc. All Rights Reserved.

 Configuring
Vault for a
Protection
Policy

❖ Either a Primary
Backup or Replication
stage needs to exist to
enable vault for a
protection policy.
❖ If you re-use a
Storage-Unit which is
already vaulted, then
the new PLC will
inherit the vault stage
automatically.

Internal Use - Confidential 19 Copyright © Dell Inc. All Rights Reserved.

 Configuring
Vault for a
Protection
Policy
Contd..
❖ As part of the policy
creation workflow, we
orchestrate the replication
context creation for the
source and destination
storage units on DM5500.
❖ When the very first PLC
which is vault enabled the
system ServerDR backup is
also vault enabled
automatically.

Internal Use - Confidential 20 Copyright © Dell Inc. All Rights Reserved.

 Configuring
Vault for a
Protection
Policy
Contd..
❖ As part of the policy
creation workflow, we
orchestrate the replication
context creation for the
source and destination
storage units on DM5500.
❖ When the very first PLC
which is vault enabled the
system ServerDR backup is
also vault enabled
automatically.

Internal Use - Confidential 21 Copyright © Dell Inc. All Rights Reserved.

 Vault Admin
activities
❖ Configure the replication
context on vault DD
❖ Create policies and
schedules on Cyber
Recovery Console to
orchestrate the automated
operational air gap

Internal Use - Confidential 22 Copyright © Dell Inc. All Rights Reserved.

 Vault Admin
activities
❖ Configure the
replication context on
vault DD for both
User Defined Policy
and ServerDR Storage-
Units

Internal Use - Confidential 23 Copyright © Dell Inc. All Rights Reserved.

 Vault Admin
activities
❖ Status of replication
context on vault DD.
❖ By default, it can take
up to 15 minutes for
the first
synchronization to
complete.

Internal Use - Confidential 24 Copyright © Dell Inc. All Rights Reserved.

 Vault Admin
activities
Contd..
❖ Create policies and
schedules on Cyber
Recovery Console to
orchestrate the
automated operational
air gap

Internal Use - Confidential 25 Copyright © Dell Inc. All Rights Reserved.

Recovery Scenario’s
 Recovery to
a PPDM
Instance in
the Vault
❖ Ensure the PPDM Server is
deployed ahead of time
using the same version and
build number that matches
the production DM5500.
❖ The PPDM should be at the
state where you are asked
to select between a New
Install and a Restore Backup

Internal Use - Confidential 27 Copyright © Dell Inc. All Rights Reserved.

 Recovery to
a PPDM
Instance in
the Vault
Contd..
❖ Ensure the vCenter hosting
the PPDM instance and the
PPDM Server are added as
an asset under the Cyber
Recovery Assets page.
❖ Ensure a good copy is
available for restore.
❖ Once restore is initiated
Cyber Recovery
orchestrates the restore by
running several REST API to
restore the data

Internal Use - Confidential 28 Copyright © Dell Inc. All Rights Reserved.

 Recovering
from the Vault
PPDM to
production
client
❖ This recovery option includes
running a PPDM recovery as
described above, and then
connecting it to clients running
on the production site and
restoring their data from the
vault PPDM

Internal Use - Confidential 29 Copyright © Dell Inc. All Rights Reserved.

Recovering
to a clean
room
❖ Recovery from the vault to
a sterile location running an
infrastructure like
production, including a
dedicated DM5500
❖ Data is replicated from the
vault DD to the Clean
Room DM5500
❖ Requires to run a DM5500
recovery procedure that
involves access to internal
components to restore the
replicated data.
❖ This procedure must be run
by Dell Support
Internal Use - Confidential 30 Copyright © Dell Inc. All Rights Reserved.
Recovering
back to
production Production CR Vault

❖ Requires to replicate the

vault data back to the
production DM5500
Cyber Recovery
❖ The production DM5500
needs to be reset/reimaged
and then the replicated data
from the vault will be used DM5500
on the reimaged DM5500
Vault DD CyberSense
❖ This procedure must be run
by Dell Support
❖ If the production DM5500
has RL-C policies, additional
legal approval might be
required because the
process will delete data
that’s supposed to be locked
Internal Use - Confidential 31 Copyright © Dell Inc. All Rights Reserved.
 ❖ The Data Protection Info Hub provides expertise to ensure customer success with Dell
Technologies data protection products.
❖ Whitepaper’s
Resources ❖ Dell PowerProtect Data Manager Appliance: Protection for Existing and Modern
Workloads
❖ DM5500 Overview, Planning & Deployment Best Practices
❖ DM5500 Integration with Cyber Recovery Solution
❖ HOL and ITD:
❖ PowerProtect Data Manager Appliance Interactive Demo
❖ PowerProtect Data Manager Appliance Hands-on-Lab

❖ Videos:
❖ PowerProtect Data Manager Appliance Integration with PowerProtect Cyber Recovery

Internal Use - Confidential 32 Copyright © Dell Inc. All Rights Reserved.

 Q&A

Internal Use - Confidential 33 Copyright © Dell Inc. All Rights Reserved.