Avamar Book ALL

D0LL Technologies
DELL AVAMAR CONCEPTS
PARTICIPANT GUIDE
PARTICIPANT GUIDE
Dell Avamar Concepts Participant Guide
© Copyright 2022 Dell Inc. Page i

Table of Contents
Explore Avamar ......................................................................................................................... 2

Avamar Overview................................................................................................................. 3
Avamar System Components............................................................................................... 7
Exploring Dell Avamar User Interface - Simulation Activity................................................... 9
Examine Avamar Architecture ................................................................................ 10

Systematic Fault Tolerance ................................................................................................ 11
Avamar Server Editions ..................................................................................................... 13
Avamar Data Store Specification ....................................................................................... 16
Server Node Types and Configurations - Video ................................................................. 18
Integrating with Avamar .......................................................................................... 19

Avamar Support for Virtual Machines ................................................................................. 20
Avamar NDMP Integration ................................................................................................. 21
Avamar Integrated with PowerProtect DP Series Appliance ............................................... 22
Avamar and PowerProtect DD Integration ......................................................................... 23
Appendix ................................................................................................. 25
Glossary .................................................................................................. 29
Page ii © Copyright 2022 Dell Inc.

Examine Avamar Architecture
© Copyright 2022 Dell Inc. Page 1

Explore Avamar
Page 2 © Copyright 2022 Dell Inc.

Avamar Overview
What is Avamar
Avamar is a
comprehensive,
client/server backup and
restore solution which
addresses the data
protection challenges in
today’s IT environments.
Several components make
up the Avamar System
such as the Avamar
Server, Avamar Client,
Avamar Administrator
Console, and Avamar
User Interface (AUI). A key feature of Avamar is its unique global data
deduplication technology, which ensures that data objects are only backed up once
across the backup environment.
In addition, the redundant data is identified at the source, meaning that duplicate
data is not sent over the network if it exists on the Avamar Server. This results in a
dramatic reduction in the amount of data that is moved across the network and
stored in backup storage.
Avamar Features
Avamar is a comprehensive backup and recovery solution addressing data

protection backup challenges. Avamar capabilities include:
Capability Description

Global Reduces the backup storage needs by eliminating

Deduplication redundant or duplicate data. Deduplication is effective
because only one unique instance of the data across
multiple backups is stored in the repository. The redundant
data is stored, but not physically; it is simply replaced with a
pointer to the one unique data instance in the repository.
Minimal Scalable server architecture, flexible deployment, and no

Architecture need for a dedicated backup network.
Centralized Avamar Administrator and Avamar User Interface (AUI)

Management enable remote management and monitoring1 of Avamar
servers from a centralized location over Internet access.
Scalable Extra storage nodes can be added to an Avamar multi-

Architecture node server to accommodate increased backup storage
requirements. Also, attaching a PowerProtect DD appliance
enables effortless scalability. Based on the requirement,
Avamar can use dedicated, shared, or multiple
PowerProtect DD appliances.
Flexible Options include Avamar Virtual Edition (AVE) and Avamar

Deployment Data Store (ADS). Avamar supports various client
Options operating systems and applications. Including Windows,
Linux, UNIX, NDMP, Microsoft SQL, Microsoft Exchange,
SharePoint, Hyper-V, VMware (virtualization
environments), AWS and Azure (Cloud environments),
DB2, SAP, and Oracle.
1Avamar can also integrate with Data Protection Central for further monitoring and
management capabilities. Similarly, Avamar is integrated with Data Protection
Advisor for reporting purposes.

Disk Storage The random-access nature of the disk makes deduplication

possible and provides speed and reliability. Similarly, the
PowerProtect DD can be used as primary storage when an
Avamar system is integrated with PowerProtect DD. You
can also store the backup data in the cloud environment2
as well.
Data Deduplication
Data Deduplication is one of the key features of an Avamar system. Deduplication

feature reduces network traffic and provides greatly enhanced storage efficiency on
the Avamar server. During the backups, the Avamar client software examines the
client file system and applies a source level data deduplication algorithm that uses
block level deduplication.
Variable Block Level
A BCDEFGHIJKLMNOP
2 This can be performed only if Avamar is integrated with a PowerProtect DD.

Deduplication is when the file is scanned and blocks are cut whenever the data
matches a pattern. The algorithm is used in the Avamar client software to find the
boundary points. If any data is changed, inserted, or deleted, the boundary points
do not change. The algorithm finds the same boundary points. Only the block of
data that has changed must be backed up and stored again.
The algorithm filters redundant data sequences and separates the file system into
data segments. Each data segment is assigned a unique ID. The client software
then determines whether this unique ID has already been stored3 on the Avamar
server. If this object resides on the Avamar server, a link to the stored object is
referenced in the backup. Once an object is stored on the server, it is not sent over
the network again.
Important: For more detailed information, see the Avamar

Operational Best Practices Guide on Dell support.
3If the Avamar has a PowerProtect DD appliance integrated, then the unique ID
and the stored object are stored on both the Avamar and the PowerProtect DD.

Avamar System Components
Avamar has three main system components that define the Avamar system.
Optional components include NDMP Accelerator nodes, which may be physical or
virtual, depending on requirements. An Avamar server (multinode or single node)
can manage and direct backups to up to five PowerProtect DD appliances.
Avamar Backup Avamar Server5 Avamar Web User Interface or

Clients4 Avamar Administrator6
4 The Avamar Backup Clients communicate directly to the Avamar Server. Avamar
Client software is installed on each system or server that is being backed up. When
the target is a PowerProtect DD, backup data is written directly to the PowerProtect
DD and the metadata is backed up on to the Avamar server.
5 The Avamar Server stores client backups, and provides essential processes and
services that are required for client access and for remote system administration.
The server can be integrated with a PowerProtect DD which acts as a storage
platform. In this case, the backup data is stored on the PowerProtect DD and the
metadata in the Avamar Server.
6 Data that is stored in the Avamar Server or PowerProtect DD is administered
using either Avamar Administrator or AUI. AUI is a web-based application that is

used to administer an Avamar server. You can use the AUI to monitor backup and
restore operations and system-maintenance activities. It is also used to manage
backup policies, manage clients and user accounts, and configure other system
settings.

Avamar Backup Clients
Important: Data Domain is now PowerProtect DD. References to

PowerProtect DD series appliances in this training, Avamar
documentation, in the UI, and elsewhere in the product include
Data Domain or DD systems, PowerProtect DD, and older Data
Domain systems.

Exploring Dell Avamar User Interface - Simulation Activity
The Online Course Contains an Interaction Here.
[Detailed description of the Interaction for Guides]


Systematic Fault Tolerance
To ensure system integrity, Avamar provides systematic fault tolerance at the

following levels:
RAID
Redundant Array of Independent Disks (RAID) provides the following:
• A method of protection against disk failure or corruption.

• Capable of hot-swap with minimum system impact for highest failure rate
components.
RAIN
Redundant Array of Independent Nodes (RAIN) provides the following:
• A flexible, fault-tolerant architecture that enables an Avamar server to maintain

availability and preserve data storage if single nodes fail in an Avamar module.
• Data that is distributed across each storage node and parity data is used for
protection.
• Provides uninterrupted functionality during node failure, replacement, and
reconstruction.
HA Uplinks and Switches
In the event of a storage node failure, new backup data is written onto the
remaining nodes. The High Availability (HA) dual uplinks and switches provides the
following:
• Provide high availability in the event of hardware failure.

• Each node has dual connections to the customer switch.
• Avamar Data Store has two internal switches to provide hardware redundancy.

Checkpoints
The use of checkpoints7 (CP) provides the following:
• Protects data that is stored in Avamar in the event of operational failures.

• Read-only snapshots of the Avamar server taken to facilitate rollbacks.
• Created using hard-links to all stripes.
• Regular checkpoint validation (auto-repair capability) is used to ensure data
integrity.
• Single-node servers and AVE servers allow Avamar to perform backups of
checkpoint data to PowerProtect DD.
7 Checkpoints provide redundancy across time. Checkpoints enable you to recover

from operational issues.

Avamar Server Editions
Avamar Servers are available in two different editions:
Avamar Data Store (ADS)
About
• Often seen as Avamar Server or Avamar Grid
• Contains all components (utility node, storage
node, switches) for proper functionality of the
product
• Dell Trained personnel review the
environment and install the Avamar server
software.
• Deployment time at the customer site is
reduced.8
8Hardware stress tests and initial-benchmark tests are performed before the
hardware is shipped to the customer site.

Types
• Multi-Node Configuration9
1 4C
− Configured in RAIN architecture
Switch B
1 39 t:n power c:<d: 1
1 38 Switch A j
1 37 1
− Expandable in single-node increments
1U f'ont ’iller pane
Spare node
1
35 J
− Shipped with two internal Dell switches10 _ 1| - Expansion i |
hm
1 32 Expansion R
− Supports 2.0 TB, 3.9 TB, or 7.8 TB HU®1 31
Expansion
bhs
licensed storage capacity 'I
1
29
IS Storage node 13
|
I
• Single-Node Configuration 11 27
. Storage node 12 | 1
1 25 |j
1 . Storage node li
− Used in small business environment 11 23

.. storage node 10
mmI
1
j 1J 2 -
− Supports 2.0 TB, 3.9 TB, 7.8 TB, or 7.8 ||2
1 19
Storage node 9 Li,
1 1
A
|
TB Business Edition | |. '
Storage node 8
1
| |.
17
Storage node 7
Bhh
− Nodes with 2.0 TB, 3.9 TB, and 7.8 TB 1 13 BHH
II-'- Storage node e
uses RAID 1 disk protection is
IwW
| __ Storage node 5 |B1®|
1 i: UM
- Stooge node -
Storageiode3
7
Storage node 2
5
Storage node 1
IM™
3
u' ''tv 'icde
Avamar Data Store (ADS) with 13

storage nodes and a utility node.
Avamar Virtual Edition (AVE)
AVE is a single-node non-RAIN Avamar server running as a virtual machine on a

virtualization host server.

Advantages
• Supported on VMware, Hyper-V, Azure, AWS, and KVM environments
• Server and storage sharing helps in cost reduction.
• Reduced hardware support and maintenance
• Customer self-installation
• Benchmark Test11
Supported License Capacities

• 0.5 TB
• 1.0 TB
• 2.0 TB
• 4.0 TB
• 8.0 TB
• 16.0 TB
9 ADS multinode configuration allows a minimum of four to a maximum of 18

nodes. Example 1: In the four-node configuration, there are three storage nodes,
one utility node, and a spare node which is optional. Example 2: In an 18-node
configuration, there are 16 storage nodes, one utility node, and a spare node.
10 Eliminates the switch as a single point of failure.
11 Benchmark test ensures that the server hardware and the virtual environment
meet expected I/O performance benchmarks. The benchmark tests also help to
determine the impact of AVE on other virtual machines running on the same
physical server.

Avamar Data Store Specification
Avamar server runs on SUSE Linux Enterprise Server (SLES) 12 SP5 operating
system. The Avamar server is capable of operating on server hardware with
multiple processors.
The following table shows the types of nodes that are available in an Avamar Data
Store:
Node Type Hard Drive Component
Utility Node Two 3.5" 2 TB hot swappable hard

drives
M600 (2.0 TB Licensed Capacity) Four 3.5" 2 TB hot swappable hard

drives
M1200 (3.9 TB Licensed Capacity) Six 3.5" 2 TB hot swappable hard

drives
M2400 (7.8 TB Licensed Capacity) Twelve 3.5" 2 TB hot swappable hard

drives
Avamar Business Edition or S2400 (7.8 Eight 3.5" 2 TB hot swappable hard
TB Licensed Capacity) drives
NDMP Accelerator12 Two 3.5" 2 TB hot swappable hard

drives
12 A virtualized NDMP Accelerator can also be used in the environment.

Important: All storage nodes within an Avamar server must contain

the same number of drives, and all drives across the storage nodes
must have the same capacity.

Server Node Types and Configurations - Video
Avamar Data Store is divided into two types:

• Multi-Node
• Single-Node
This video describes both multi node systems and single node systems.

Integrating with Avamar

Avamar Support for Virtual Machines
Avamar is ideally suited for protecting clients in virtual environments by reducing

the amount of backup data that is stored within and across virtual machines.
Avamar supports the following virtual environments:

• VMware
• Hyper-V
Avamar provides the flexibility of implementing a virtual machine backup solution

with guest level and image backups.
Avamar Administrator or Avamar Web User Interface (AUI)
Avamar provides a high level of integration with VMware for backing up virtual
environments. VMware backups can be centrally configured, scheduled, and
managed with the Avamar Administrator and Avamar Web User Interface (AUI).
Avamar Administrator or AUI also can browse the virtual machines in the
environment and display information for each machine. You can also perform file
level restore of a backup in case any file is deleted from the original location.
Avamar Plug-in for vSphere Web Client
The Avamar Plug-in for vSphere Web Client (Avamar plug-in through vSphere
Client) is an Avamar-integrated VMware plug-in that provides an easy to use
interface for backing up and restoring VMware image-level backups through a
vSphere Web Client instead of logging to Avamar interfaces.
The plug-in for vSphere Web Client supports image-level backup and restoration
for multiple vCenters.
Tip: For more information about VMware backups, see the Dell
Avamar VMware User Guide on Dell Support.

Avamar NDMP Integration
Network Data Management (NDMP) Accelerator is a dedicated Avamar client that

is used as a part of an Avamar system. NDMP provides complete backup and
recovery solution for any supported Network Attached Storage (NAS) systems.
NDMP also provides support to NAS appliances by interfacing between filers and
the Avamar server. The NDMP was developed to support challenges13 while
backing up to a NAS device.
The NDMP Accelerator can be used to perform backups and restores from the
following NAS devices:
PowerMax PowerStore NetApp Oracle Unity VNX

ZFS
NDMP Accelerator is a special version of the Avamar client. This client acts as a
conduit14 from the NAS device to the Avamar server. The NDMP accepts data from
the NAS and performs deduplication and forwards the deduplicated data to the
Avamar.
In Avamar integration with PowerProtect DD series appliance, the data is sent

directly to the PowerProtect DD and metadata is stored in the Avamar server.
Tip: When performing backups of remote sites to a primary data

center, the recommended backup solution is to place an NDMP
Accelerator at each remote site.
13 Some of these challenges are they must store large number of files and most
native operating systems do not support backup software being installed.
14 No user data is ever stored in the NDMP accelerator.

Avamar Integrated with PowerProtect DP Series Appliance
Avamar server is seen as a Protection Software in the PowerProtect DP Series

Appliance.
The Protection Software panel shows the following information:
[XM.LEMC PowerProtect DP4400 Appliance Configuration Manager sow
PowerProtect DP Series appliance Dashboard
• Component IP address
• Avamar version
• Total and available backup metadata storage
• License status of the backup server node
Tip: For more information about Protection Software, reference the

PowerProtect DP Series Appliance training material.

Avamar and PowerProtect DD Integration
OS level backup and metadata,

backup metadata, and log files
Work order for backup and work order

for OS-level backup
DD Boost
Backup data
Avamar and PowerProtect DD solution architecture
A PowerProtect DD system performs deduplication through DDOS software. The

DD Boost library facilitates Avamar source-based deduplication to a PowerProtect
DD system.
Avamar uses the DD Boost protocol through API-based integration to access and
manipulate directories, and files contained on the PowerProtect DD Filesystem.
The DD Boost API gives Avamar visibility into some of the properties and
capabilities of the PowerProtect DD system. Avamar can manage backup images
that are stored on PowerProtect DD series appliances.
The diagram depicts a high-level architecture of the combined Avamar and

PowerProtect DD solution. Avamar and PowerProtect DD integration allows you to
specify whether specific datasets in an Avamar backup policy target an Avamar
server or a PowerProtect DD system.
Avamar as the Backup Target
When you select an Avamar server as the backup target, the Avamar client agent
on each host performs deduplication segment processing. Data and metadata are
stored only on the Avamar server.

PowerProtect DD as the Backup Target
When you select a PowerProtect DD series appliance as the backup target, the
Avamar client transfers its backup data to the PowerProtect DD15 series appliance.
The client sends its backup metadata to the Avamar server. The metadata16
enables the Avamar management system to perform restore operations directly
from the PowerProtect DD system.
Capacity Concerns
If the Avamar server is the backup target and the data redirects to a PowerProtect
DD system, then the PowerProtect DD stores subsequent incremental backup data
while the original backup data remains on the Avamar server. This scheme can
affect capacity because the incremental data remains on the Avamar server while
the PowerProtect DD stores the updated incremental data.
If Avamar server capacity is not a concern, then the system continues to backup
incremental backup data to the PowerProtect DD. Prior backup data remains on
the Avamar server until it expires. A full backup occurs only when the last backup
containing parts on the Avamar server expires. Dell Technologies recommends you
perform a controlled or scheduled full backup.
Best Practice: Best practice to use the Avamar as the metadata

storage and the PowerProtect DD for backups if the Avamar has
PowerProtect DD integrated into the environment.
15 The Avamar client uses the integrated DDBoost protocol to transfer to the
PowerProtect DD.
16 The Avamar client uses the integrated DDBoost protocol to transfer to the
PowerProtect DD.

Appendix

Appendix
Guest Level and Image Level Backups

Guest backup protects virtual machine data by installing Avamar client software on
the virtual machine as if it were a physical machine, then registering and activating
that client with an Avamar server. No special configuration is required.
Microsoft Exchange Windows Server Microsoft SharePoint
Avamar Client Agent
Virtual Infrastructure
Guest Level Backups with Avamar
Image backup uses VMware vStorage API for Data Protection (VADP) to protect
virtual machine data. Image backup is fully integrated with vCenter Server to
provide detection of virtual machine clients, and enable efficient centralized
management of backup jobs.
Image backups and restores, require deployment of proxy virtual machines within
the vCenter. The Avamar image backup supports only the following types of virtual
disks:
• Flat (Version 1 and 2).

• Raw Device Mapped (RDM) in virtual mode only (version 1 and 2).
• Sparse (Version 1 and 2).

Appendix
CLIENTS
vCenter
Proxy
VM1
VM2
VM4
VM5
DataStore
Image Level Backups with Avamar

Glossary
Avamar Server
An Avamar server is a logical grouping of one or more nodes that are used to store
and manage client backups. The server also provides processes and services that
are required for client access and remote system administration.
© Copyright 2021 Page 29


D0LL Technologies
DELL AVAMAR ADMINISTRATION
PARTICIPANT GUIDE
PARTICIPANT GUIDE
Dell Avamar Administration-SSP
© Copyright 2023 Dell Inc Page 2

Table of Contents
Avamar Overview 8
Avamar System Components 11
Avamar Administrative and Management Interfaces 14
Avamar User Interface (AUI) Dashboard Overview 18
Avamar Processes 21
Examine Avamar Backup Client Software 25

Avamar Client Structure and Processes 25
Avamar Backup Client Software and Requirements 29
Avamar Windows Client Software Plugins 30
Avamar Database Clients 32
Desktop Laptop Clients Overview 33
Installing Avamar Windows Client Software 39
Exploring Avamar Account Management 42

Asset Management 42
Avamar Domains 43
Avamar Users and Roles 48
Creating and Editing Avamar Users 54
Creating and Editing Domains 55
Registering and Activating Avamar Clients 58
Managing Avamar Clients 66
Managing Directory Services 67
Avamar Client Manager 71
Managing Avamar Backups 77

Avamar Backups 77
Avamar Policies 78
Avamar Schedules 82
Allowing Overtime Option 86
Avamar Retentions 88

Creating a Dataset 92
Managing Backups 94
Avamar Backup and Maintenance Windows 98
Examine Avamar and PowerProtect DD Integration 100

Avamar Integration with PowerProtect DD Overview 100
PowerProtect DD Integration Features 101
Types of PowerProtect DD Configurations with an Avamar Environment 103
Back Up Processes for PowerProtect DD with Avamar 105
Adding and Deleting a PowerProtect DD System to Avamar 106
Restoring from PowerProtect DD with Avamar 108
Impacts of Avamar Maintenance Activities on PowerProtect Data Domain 109
Upgrading PowerProtect DD Integrated with Avamar 110
Managing Avamar Restores 112

Types of Avamar Restores 112
Operating System Server Recovery Solutions 114
Volume Shadow Copy Service (VSS) Recovery Pre-Requisites 115
Avamar Bare Metal Recovery Wizard 116
Windows Full System Backup 118
Exploring VMware Backups and Restores 121

Avamar Guest Backup Overview 121
Avamar Image Backup Overview 122
VMware Image Backup Process 128
VMware Image Backup Configuration 129
Autodiscovery of Virtual Machines 132
Virtual Machine Restore Overview 134
File-Level Restore Process Overview 135
Instant Access - PowerProtect DD 136
Managing Avamar Replication 138

Avamar Replication Overview 138
Replication Types 139

Avamar to PowerProtect DD Replication 141
PowerProtect DD Appliance Destination Settings 142
Replication Destination 145
Setting Up Replication Policies and Schedules 147
How to Perform and Monitor On-Demand Replication 149
Avamar Data Migration Enabler (ADMe) 150
Exploring Cloud Tier with Avamar 153

Cloud Tier Overview 153
Cloud Tier Configuration 153
Recalling Backups from the Cloud Tier 157
File Level Restore for Cloud Tier 158
Examine System Maintenance and Monitoring 160

Avamar Profiles 160
Creating a Custom Event Profile - Sequencing Activity 162
Event Management in the AUI 162
Avamar Email Home/ConnectEMC 163
Avamar Checkpoints 165
Rolling Back a Checkpoint 169
Avamar Monitoring 172
Backup and Maintenance Windows 178
Impacts of Maintenance Activities and Backups 182
Impacts of Maintenance Activities on PowerProtect DD 183
Analyze Avamar Capacity 185

Avamar Server Capacity Definitions 185
Avamar Server Lifecycle 188
Using the capacity.sh Utility 188
Monitoring Capacity with Integrated PowerProtect DD 190
High Capacity on Integrated PowerProtect DD 191
Explore Avamar Reporting Tools 193

Avamar Fitness Analyzer Overview 193

Fitness Analyzer Overview and Header 194
Fitness Analyzer Reports 196
Fitness Analyzer Summaries 198
Running Report with Avamar Administrator 201
Using Third-Party Reporting Tools with Avamar Administrator 203
Examine Troubleshooting and Logs 209

Challenges When Managing Backups 209
Managing Backups Successfully 209
Possible Client Initialization Issues 211
Avamar getlogs Utility 212
Client Logs 213
MCS and CRON Logs 216
Maintenance Activity Logs 217
Appendix 219
Glossary 221

Avamar Overview

Avamar Overview
Avamar Overview
What is Avamar
Avamar is a
comprehensive,
client/server backup
and restore solution
which addresses the
data protection
challenges in IT
I AVAMAR environments. Several
I components make up
the Avamar System
such as the Avamar
Server, Avamar
Client, Avamar Administrator Console, and Avamar User Interface
(AUI). A key feature of Avamar is its unique global data deduplication
technology, which ensures that data objects are only backed up once
across the backup environment.
In addition, the redundant data is identified at the source, meaning that

duplicate data is not sent over the network if it exists on the Avamar
Server. This results in a dramatic reduction in the amount of data that is
moved across the network and stored in backup storage.
Avamar Features
Avamar is a comprehensive backup and recovery solution addressing

data protection backup challenges. Avamar capabilities include:

Avamar Overview
Capability Description
Global Data deduplication is a process that looks for

Deduplication redundancy in sequences of bytes across large
comparison sets. Sequences of data are compared
to the history of other such sequences. The first
uniquely stored version of a sequence is referenced
using a metadata pointer rather than stored again,
reducing the required storage footprint. This process
is automatic during both write (when deduplication is
performed) and read (when files are rehydrated to
their full size), so each file is readable after it is
written without interruption.
Minimal Scalable server architecture or virtual appliance

Architecture architecture, flexible deployment, and no need for a
dedicated backup network.
Centralized Avamar Administrator and Avamar User Interface

Management (AUI) enable remote management and monitoring1
of Avamar servers from a centralized location over
LAN, WAN, or Internet access.
Scalable Extra storage nodes added to an Avamar multi-node

Architecture server accommodate the need for increased backup
storage requirements. Also, attaching a
PowerProtect DD appliance enables effortless
scalability. Based on the requirement, Avamar can
use dedicated, shared, or multiple PowerProtect DD
appliances.
1Avamar can also integrate with Data Protection Central for further
monitoring and management capabilities.

Avamar Overview
Flexible Options include Avamar Virtual Edition (AVE), with a

Deployment range of licensable capacities, and Avamar Data
Options Store (ADS), with scalable architecture.
Disk Storage Disk-to-disk backup offers speed, reliability, instant-

access to backups, and multilayered redundancy.
Similarly, the PowerProtect DD can be used as
primary storage when an Avamar system is
integrated with PowerProtect DD. Administrators can
also store the backup data in the cloud environment2
as well.
Data Deduplication
Data deduplication is one of the key features of an Avamar system. The

deduplication feature reduces network traffic and provides greatly
enhanced storage efficiency on the Avamar server. During the backups,
the Avamar client software examines the client files and applies a block-
level data deduplication algorithm prior to data being sent across the
network for storage.
2This can be performed only if Avamar is integrated with a PowerProtect

DD.

Avamar Overview
A BCDEFGHIJKLMNOP
Variable length deduplication is a key feature in eliminating redundant

data at a subfile level. This method of deduplication is more efficient that
traditional fixed-length deduplication.
Variable length deduplication reduces backup time by only storing unique

segments of backup data, while maintaining daily full backups for
immediate, single-step image restore. Deduplication reduces the amount
of data that is sent and stored, eliminating backup bottlenecks and
reducing storage costs.
With deduplication using fixed-length segments, even small changes to a

file can more frequently trigger a backup of the entire file, whereas with
variable-length, small changes will only trigger a backup of the changed
segments of the file.
Avamar has three main system components. Optional components include

NDMP Accelerator nodes, which may be physical or virtual, depending on
requirements. An Avamar server (multinode or single node) can manage
and direct backups to up to five PowerProtect DD appliances.

Avamar Overview
Components Description
Avamar Backup Clients Clients are any systems or servers with

data to be backed up by Avamar. Physical
clients and virtual clients being backed up
via guest backup configuration
communicate directly with the Avamar
Server. Avamar Client software is installed
on physical and guest backup systems or
servers. Virtual clients being backed up via
image-based backup communicate with
the Avamar Server through an Avamar
Proxy virtual appliance. When the storage
target is a PowerProtect DD, backup data
is written directly to the PowerProtect DD,
and metadata is sent to and tracked by the
Avamar server.
Avamar Server Provides essential processes and services

that are required for client access and for
remote system administration. Two of
Avamar Server's core processes are
GSAN (data processing) and MCS
(management and configuration). The
server can be integrated with a
PowerProtect DD which acts as a storage
platform. In this case, the backup data is
stored on the PowerProtect DD and the
metadata in the Avamar Server.
Avamar Web User AUI and the Avamar Administrator are

Interface (AUI) or Avamar Avamar's primary administration interfaces.
Administrator All day-to-day configuration, monitoring,
and management tasks required to
administer an Avamar environment are
performed in the Avamar Administrator or
the AUI.

Avamar Overview
Important: Data Domain is now branded as PowerProtect

DD. References to PowerProtect DD series appliances in
this training, Avamar documentation, in the UI, and
elsewhere in product guides include references to Data
Domain or DD systems, and PowerProtect DD.

Avamar Overview
Avamar Administrative and Management Interfaces
Important: Avamar Administrator is deprecated in favor of

the Avamar Web User Interface (AUI) and will be
removed in a future release. However, some advanced
configuration tasks can still only be performed in the
Avamar Administrator.
Avamar enables central administration through remote access interfaces.

Administrators can use the any the following to administer the Avamar:
Avamar User Interface (AUI)
The AUI can monitor and configure the Avamar server, and perform
management activities.
D0LLTechnologies Avamar
«
Q Dashboard
Events Protection Activities
Asset Management
Policy Backup Replication

Warning
0] Backup Policy
। Assets
Seventy Date&Time Summary f^l] q Backup Protected 'eted
fa Advanced Policy I Policies kz
'o Replication Policy

0
<3; Cloud Tier Policy
0 uled
= Validation Policy
Administration Replication^^ Unprotected
Policies Assets
S Setting 0
S Proxy Management View More
I® System
H Server Plugins Capacity
Monitor
Plugin Client Protected
Type Count GB GSAN Space Left: 562
f© Activity aa
Avamar AUI Dashboard

Avamar Overview
Avamar
©2001-2020 Dell Inc. or its subsidiaries. All Rights Reserved.
Avamar Username
Avamar Password
Avamar Domain
/
AuthType (§) Avamar Q vCenter
Avamar AUI log in screen
Avamar Administrator is a graphical management console software

application that is used to administer an Avamar system from a supported
Windows or Linux client system. The Avamar Administrator or AUI is the
primary user interface that is used to:

Avamar Overview
ave1.emc.edu Avamar Administrator (/) x
• Monitor and restore backups.

• Perform system maintenance activities.
• Configure backup policies.
Management Console Command Line Interface (MCCLI)
Management Console Command Line Interface (MCCLI) is a Java

application that provides command-line access to Avamar3 features and
functions that are available using the Avamar Administrator or the AUI.
3 This command is run on the Avamar server by using SSH connection to

the Avamar server.

Avamar Overview
ave-01.demo.local - PuTTY — X
******************************
admin@ave-01: ~/>: mccli
mccli 19.4.0-116
syntax: mccli <resource> <command> <global options... > [command options...]

OR
mccli help <resource>
<resource> is one of the following:

activity
agent
backup
checkpoint
client
dataset
dd
domain
dump
esrs
event
group
help
mcs
msgbroker
plugin
profile
property
repldest
resetcreds
retention
MCCLI Command
Avamar Desktop Laptop
Avamar Desktop/Laptop allows the end users to restore their data without
the intervention of the backup administrator. Avamar Desktop/Laptop is a
version of the Avamar client software for Windows and Macintosh that
adds enhanced features for enterprise desktop and laptop systems. Many
of the features are also available on supported Linux systems. The
following are some of the features of Avamar Desktop/Laptop:
• Provides secure Avamar interface for end users

• No separate login is required, as the users are integrated with Active
Directory/LDAP for authentication.
• Users are allowed to perform predefined backups and restore files that
they own.
Orchestra REST API
The Orchestra REST API extends the native Avamar server REST API to
facilitate the management of multiple Avamar servers. Once Avamar is
registered with Orchestra, the API provides a single point of interface for

Avamar Overview
management operations. Orchestra obtains, holds, and supplies the

required authentication tokens on your behalf.
Avamar User Interface (AUI) Dashboard Overview
The AUI Dashboard provides an at-a-glance view of Avamar system

status. To access the AUI, open a web browser and type URL:
https://Avamar_server_address/aui, where
Avamar_server_address is the DNS name or IP address of the
Avamar server.
This is displayed when you log in to the AUI based on the user privileges4.
The AUI Dashboard is divided into sections with each section displaying
the summary information.
Click on the green boxes to get more details:
AUI Dashboard
1: The Assets | Overview panel indicates the number of Integrated and

Unprotected assets on the Avamar server.
2: The Capacity | Overview panel provides information about the

capacity usage for the Avamar server and the PowerProtect DD
appliance.
The Avamar server capacity information tab displays the amount of

available storage and used storage for the Avamar server in Gigabytes
(GB). Also, information about the percentage of total capacity that is used
is also displayed.
4 Only users with ADMIN privileges have access to the dashboard view.

Avamar Overview
If the Avamar has an integrated PowerProtect DD this also displays the

amount of available as well as used storage in GB. Also, information about
the percentage of total capacity used is also displayed.
3:
The Events | All panel displays any unacknowledged system errors and
warnings that have occurred, as well as system alerts5.
All the events are displayed6 in the list with the name, date, and the time
the event occurred.
4: The Activities | Backup panel indicates if the scheduled backups

occur at the correct time or if there is any problem that is preventing the
backups from occurring. Various color codes represent the status of the
backups.
5 The type of alerts that are displayed under the Events | All panel include
HFS check failures, Capacity warnings, and Capacity usage warnings. All
the events are categorized as Critical, Error, and Warning.
6 To display all the critical events, click View More option in the AUI. The
user must explicitly acknowledge the events to clear these serious system
errors and warnings.

Avamar Overview
• Blue: Indicates the backup has successfully completed.

• Green: Indicates the backups are in progress
• Yellow: Indicates backups have not yet started
• Red: Indicates the backup jobs that did not successfully complete or
completed with errors
5: The Activities | Replication panel indicates the replication status of

groups that are configured with replication.

Avamar Overview
• Blue: Indicates the replication jobs are completed successfully

• Green: Indicates schedule replication jobs which are in progress
• Yellow: Indicates replication jobs that are scheduled but have not yet
started
• Red: Indicates replication jobs that did not complete successfully or
completed with errors
6: The Client | Information panel displays the Avamar client information

which includes plugin type, total client count, and total protected
Gigabytes (GB).
Avamar Processes
Client Processes
The Avamar client software runs on each system being backed up on the
Avamar server. The client software consists of two main processes. These
two processes are the following:

Avamar Overview
• avagent: Runs as a service or daemon on the client. It establishes

and maintains communication with MCS on the Avamar server. The
avagent listens for incoming work orders from MCS on the Avamar
server. In response to a work order, such as a backup or a restore,
avagent spawns the avtar. The avagent listens on port 28002.
• avtar: Is the primary process for backups and restore, the avtar
communicates with the Avamar server processes on the storage
nodes. The two types of plugins are file system7 and application
plugins8.
Backup Processes Flow
During a scheduled backup the management console server (MCS) on the

Avamar Server generates a work order. The MCS pages the client
avagent process and avagent retrieves the work order. On the client,
avagent starts the avtar process to begin the backup.
7 File system plugins browse, backup, and restore files or directories on a

specific client file system, such as Windows or Linux.
8 Application plugins support backups and restores of applications and
databases, including SQL Server, Exchange, Oracle, and SAP.

Avamar Overview
Avamar
Client
Avamar
Server
Backup Process Flow
The avtar process communicates with the gsan process on the avamar
storage nodes and sends unique backup data for writing to storage. The
gsan process distributes the data across available storage nodes .
From the avagent to MCS, the client receives a work order from MCS
server. From the MCS to avagent, the MCS server pages client to push
the work order as shown here.
Server Processes and Notifications
Several processes run on Avamar server nodes. Key processes include:
Key Description
Processes
Avamar System activities and operational status are reported as

Administrator events to the administrator server. Avamar
Administration processes include MCS, EMT, MCDB and
more.

Avamar Overview
Avamar The Avamar server stores, processes, and manages

Server variable-sized chunks that the client sends during a
backup. Avamar server is also known as Global Storage
Area Network (GSAN).
The Avamar Administrator and or the AUI is responsible for two important
functions:
Functions Description
Notifications
Reporting Third-party tools and applications can be used to monitor

and report on the syslog files and SNMP traps. An
example of a third-party tool is the Dell Data Protection
Advisor (DPA).
Actions initiated by users, such as user logins, are
maintained in an audit log for the enforcement of security
policies. Avamar activities and events can also be
accessed to run preconfigured and ad hoc reports
through read-only view of the Management Console
Database.
Important: The avagent and avtar are not used for

VMware image level backups.
Go to: For more information about process and functions,

see the Dell Avamar Administration Guide on Dell
Support.

Examine Avamar Backup Client Software
Avamar Client Structure and Processes
Launching Avamar Windows Client Interface
Once the avscc process launches automatically, the Avamar Client

applet is placed in the Windows System Tray.
If the icon is not visible from the Windows System Tray, administrators can
start the avscc by searching for the Avamar client application in the
Windows Start menu.

DELL EMC Avamar Client (Online

View Actions Options Interface Languages
Back Up Now Current File/ Completion Status Start | Duration | MB | % | Workorder

Backup: Completed without error 2022-03-11 16:11:56 00:05:34 31954 100 MOD-1647
Backup: Completed without error 2022-03-11 15:51:06 00:13:14 31993 100 MOD-1647
Back Up.., Backup Completed th er 2020-07-22 06:29:59 00:04:37 3265 100 SQLServer!
Restore-
Settings
Languages
Avamar Client activity status
Manage For Viewing Activity Status, right-click the Avamar

About client icon. Then click on Manage and click
Ser View Console.
Avamar client menu

options
For client-initiated
backups, right-click
the Avamar client icon
for client initiated
backup and restores.
Similarly, click Back
Up Now option to
open the Avamar
Desktop/Laptop
interface.

Avamar Client Directory Structure
On an Avamar Windows client, the Avamar binaries, utilities, and log files
are in C:\Program Files\avs by default.
Ji avs - °
(?) Q) T This PC Local Disk (G) Program Files avs v 0 Search avs P
Ji cygwin64 A
Name Date modified Type Size
Ji ddve
Ji bin 7/22/2020 6:57 File folder
I jW
1bin32 6/1/20209:15 Filefolder
Program Files
4 etc 3/10/202211:09 File folder
S
Program Files (x86)

Ji var 11/5/2020 5:05 File folder
Ji Strawberry v
4 items 1 item selected
avs folder
• bin: Binaries and scripts

• etc: Configuration files
• var: Logs for the Avamar client processes: avscc, avagent, and
avtar
On an Avamar Linux or MAC client, the Avamar client files are located in
/usr/local/avamar/clientlogs by default. The Agent logs are
located in /var/avamar.
Avamar Client Processes
While performing a Windows client installation, the avagent and avscc

are started automatically.
Verify that the services are running and this will show Backup Agent in the
Services window as shown.

Task Manager
File Options View
Processes Performance Users Details Services
>
0% 13%
Name Status CPU ! Memory
Apps (1) *
> ® Task Manager 0% 6.8 MB
Background processes <21 j

@ Avamar Backup Client 0% 6.4 MB
U Avamar Backup Client 0% 6.1 MB
I> [PI COM Surrogate 0% 2.5 MB
t> PI Distributed File System Replicati... 0% 7.6 MB
t> PI Domain Name System (DNS) Se... 0% 45.1 MB
‘13 Google Crash Handler 0% 0.3 MB
Google Crash Handler (32 bit) 0% 0.4 MB
aJ Google Installer (32 bit) 0% 0.7 MB V
(a) Fewer details End task
Task Manager
Component Services
Lab Exercise: For more practice, go to the Avamar

Administration Lab.

Tip: Use the Windows Services application to start, stop, or

restart backup agent.
Avamar Backup Client Software and Requirements
Avamar Backup Client Software
Avamar offers client software and backup appliances for various

computing platforms. Each Avamar client configuration includes a client
agent and one or more plug-ins or a backup appliance which hosts the
client agent and plugins.
Avamar backup clients are the following:
• File- No additional plug-in needed.

• Database or Database application- Requires specific plug-ins.
• VMware Machine Image- Requires a proxy.
• VMware Guest backup- VM is treated like a physical host for filesystem
or database backups.
• NAS backups (NDMP Accelerator clients): Requires the NDMP
accelerator.
Backup Client System Requirements
The following requirements must be reviewed before installing an Avamar

client software:

X
Administrator: C:\Windows\system32\cmd.exe
Microsoft Windows [Uersion 6.3.9600]
<c> 2013 Microsoft Corporation. All rights reserved.
C:\Users \Administrator>ping auel.emc.edu
Pinging auel.emc.edu [192.168.1.131 with 32 bytes of data:
Reply from 192.168.1.13: bytes=32 time<lms TTL=64
Reply from 192.168.1.13: bytes=32 time<lms TTL=64
Reply from 192.168.1.13: bytes =32 time<lms TTL=64
Ping statistics for 192.168.1.13:
Packets: Sent = 3, Receiued = 3, Lost = 0 <0z loss>.
Approximate round trip times in milli-seconds :
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Contro 1-C
C:\Users \Administrator>nslookup auel.emc.edu I
Server 8 UnMnuwii
Address: 192.168.1.21
Name: auel.emc.edu
Address: 192.168.1.13
|C:\Users\Admin is trat or >
Example of ping and nslookup
• System requirements include operating system, file system, memory,

hard drive space, network interface, and browser support.
• The client on the same network as Avamar server.
− Use the following commands to get the network status of the

Avamar server:
o C:\> ping <avamar server hostname>
o C:\> nslookup
Important: See the E-Lab Navigator for a list of supported

clients.
Avamar Windows Client Software Plugins
With the installation of client software on a Windows machine, notice three

plugins appear for the client in the AUI and Avamar Administrator.

These three plugins are in the Windows client installation and each have
different purposes.
• Windows File System: Used to perform backups and restores of file

system data. It allows backup and restore of individual files.
• Windows VSS: Backs up the entire system state and any critical disks.
This type of backup is used for bare-metal recoveries. The Windows
VSS9 also creates a snapshots to provide a consistent point-in-time
copy of the volume. Administrators can select this plugin to perform full
system backups.
• Windows Update: This plugin is not used for backups or restores, but for
push upgrades from Client Manager. It allows an administrator to
remotely update Avamar client software on the client machine. This
should not select this plugin when performing any backups.
«
Q Dashboard
Q win10-2.demo.local
gx Asset Management Backup Policy Plugin Activity Information
Policy
l§] Backup Policy ID Name Version Initialize Time Register Time Last Backup Time
Cq Advanced Policy
3015 Windows VSS 194.10 2020-04-08 10:50:18 2020-10-26 09:49:57 N/A
0-116 GMT+1 GMT+0
•g, Replication Policy
Cloud Tier Policy 3001 Windows File 194.10 2020-04-08 10:50:18 2020-10-26 09:49:57 2021-12-16 12:16:22
System 0-116 GMT+1 GMT+0 GMT+0
Validation Policy
Administration
3023 Windows 194.10 2020-04-08 10:50:18 2020-10-26 09:49:57 N/A
Update 0-116 GMT+1 GMT+0
& Setting
Proxy Management
B System
« Server
Monitor
3 Plugins
go Activity
AUI Plugin Details
9VSS is used during the backup to handle the backup of open files. You
can select the VSS plug-in when performing regular file system backups.

Tip: For more details on Windows clients, see the Dell

Avamar Windows Servers Guide on Dell Support.
Important: Applications should be backed up using the

appropriate plugin (SQL plugin for SQL, MOSS plugin for
SharePoint, Exchange plugin for Exchange). These
plugins use the corresponding VSS writer. This ensures
that the data is in a consistent state before being backed
up.

Administration Lab.
Avamar Database Clients
Avamar database clients are specialized client software for backing up

and restoring databases. The software allows the users to choose
between different configurations depending on the placement and the type
of agent.
The following activities take place when the Avamar client and the Avamar
database client are installed on the database server:
• The installation requires the Avamar client software and the Avamar
client plugin for the appropriate database type.
• During a backup, the Avamar database clients communicate with the
database API or backup utility, and pass data to be backed up by
avtar. The avtar process then sends the data to the Avamar server.

If the Avamar has an integrated PowerProtect DD, the data goes to the
PowerProtect DD, and metadata is stored on the Avamar server.
Desktop Laptop Clients Overview
Avamar Desktop/Laptop (DTLT) is a version of the Avamar client software

for Windows and Macintosh that adds enhanced features for enterprise
desktop and laptop systems. Many of these features are also available
from a browser and the Avamar client web UI on supported Linux
systems.
Clients can be organized by using Avamar domains. These domains offer

a more secure environment by enabling the administrator to define user
accounts based on domain basis. Before any client can backup or restore,
the clients must be registered or activated with an Avamar server.
Desktop/Laptop Features
Client Installation Administrators can install the client on Windows and

and Mac desktop and laptop systems by using systems
Management management tools.
After client installation, administrators can activate,
upgrade, analyze, and manage clients by using the
Avamar Client Manager UI.

User Avamar Desktop/Laptop authenticates with pass-

Authentication through authentication10 with either enterprise Active
Directory, OpenLDAP-compliant directory service,
built-in Avamar authentication, or a combination of
Avamar authentication and LDAP authentication.
User Interfaces Avamar Desktop/Laptop functionality is available

through the client local user interface (client UI) and
AUI. With the client UI, an Avamar icon appears in
the notification area, or system tray, or on Windows
systems or on the menu bar on Mac systems. Users
can right-click the icon on Windows or click the icon
on Mac to open the client menu, which provides
access to backup and restore, program settings, and
logs.
Backup Users can start an on-demand backup with a single

click on the client menu, or open the AUI for an
interactive on-demand backup. Administrators can
also perform scheduled backups11 of all the Avamar
Desktop/Laptop clients.
Restore Users can search for or browse to folders, files, and

file versions to either the original location or to a new
location on the same system. Users can restore data
with the same name or a new name.
10 Pass-through authentication also enables administrators to allow non-

domain users to restore files to their local account on the computer. This
enables users to access the Avamar client web UI (this is not the AUI)
without using the login screen.
11 Backups should be scheduled to run during the day when end users are
connected to the network.

Activity History The History page in the web UI provides a 14-day

history of the status of restore and backup tasks for
a client system. Also, it provides the listing of the
folders and files that are backed up during that
period.
Desktop/Laptop User Interface
Desktop/Laptop User Interface
• Avamar Desktop/Laptop software must be installed on applicable clients.

− The Client User Interface optional component should be selected
during the installation of the Avamar client software on the client
machine.
• Interface is available in 14 languages
− These are automatic and appear in the local operating system. End
users can switch to any of the supported locals.
• Interface can be rebranded by replacing the logo graphic.
− Launched using system tray icon by clicking Back Up Now.

Desktop/Laptop Backups
Avamar Desktop/Laptop provides several methods for starting a client

backup.
The following table describes the methods for starting a client backup:
Schedule Performed the

d same way that D0LLEMC Avamar
Backups administrators «
Domain C Policy
0 Dashboard
back up other Px Asset Management
V BZ
v B clients ADD 1 EDIT 1 (»1 DELETE 1w RUN 1O
Avamar client Pol<y > n Desktopclient
S] Backup Policy
Name Domain Type
systems in the
t
Advanced Policy
Replication Policy (S) DTLT Group /clients/D PEG.

environment. G: Cloud Tier Policy
eskto(£lie
nt
R
Users see the Administration
S Setting
groups that are
associated 1 Avamar
with an m Backup
Avamar M
Search
Next Backup: DTLT Group at 3.'24,'20 1:00 AM (in 6 hours and 36 minutes)
Group Policy
Desktop/Lapto Q Bate up now
Group ’Oley
*
Aozosa
Browse
cieruDesKtopCiert DTLT Group
p client on the
j
Source Data:
C Aoacxup
Backup page in Backup

Excluded
P4e Paths
C --users
the Avamar Included
P4e Paths
c Aoaocup
Desktop/Laptop
Hiotory
UI. The next

Desktop/Laptop Scheduled Backups
scheduled
backup time
for each group
that is
associated
with an
Avamar
Desktop/Lapto
p client also
appears on the
Backup page.

Single- Users can start an

click on-demand
backup on an
Avamar
Desktop/Laptop
client system by a
single-click on the
Back Up Now
button on the
client menu.
Desktop/Laptop Back Up Now

Interac Interactive
tive backups allow
Back Up Now
users to select a
Back Up... Avamar
backup group that Restore...
is associated with Settings Backup
Languages
the client and Search
Next Backup: DTLT Group at 3/24/20
Manage
back up the client Group Policy
About Backup Now । .
by using the Help y Jb'.k to a

U«t backup
Browse
j (.HaJDWBBpCWWfrLT Group
group's settings. Exit source Data
When on-demand 1 Cb El
.21 Backup
CADawup
Excluded:
Frfe Patts
backup sets are C users
ator •<
included
enabled,
A
Fife Patts
Cu itemize...
interactive 3 sr 20 History
C ADacxup
backups also
allow users to
- tg p, 6:26 PM
3/23/2020
choose instead to Desktop/Laptop Interactive

back up only
selected files and
folders.
Desktop/Laptop Restores
Avamar Desktop/Laptop users can use the UI to either browse to or

search for folders, files, and file versions to restore.
Avamar ? .
Restore
Avamar Desktop/Laptop users can restore data to:

• Original location
• New location
Important: Before performing backups of Desktop/Laptop

clients, first define a backup policy. See the Dell Avamar
Administration Guide on Dell Support for more details on
Desktop/Laptop.
Tip: If the backup environment contains both

Desktop/Laptop users that must backup during the day,
and servers that backup during the night, it may be
necessary to have separate Avamar servers for
Desktop/Laptop clients and for servers to allow for Avamar
maintenance activities to complete.
Installing Avamar Windows Client Software
The Avamar Client for Windows includes the agent, Windows File System
plugin, and the Windows VSS plugin. The Windows File System plugin
enables backups and restores of the file system data on a stand-alone
Windows system or on a share storage in a Windows Cluster.

Avamar Web Restore z &
। J^Search# frj Browse 6 A Downloads S Documentation A Administrator

I^Home Avamar Web UI
* Restore Client
Downloads 2
Filter
Operating System a Modified Date File Size
£ Windows (64 bit)

Microsoft Windows Vista, 7. 8 8 1. 10 and Microsoft Windows Server 2008 2008 R2 2012. 2012 R2 (Console)
G Microsoft Windows Vista, 7, 8 8 1 10 and Microsoft Windows Server 2008 2008 R2 2012. 2012 R2 2016 2019
i^| AvamarClient-windows-x86 64-19 4 100-116.msi Oct 16.2020 12:49 40 PM 85MB
s AvamarDB2-windows-x86 64-19 4 100-116 msi Oct 16 2020 1 07 24 PM 40MB
g| AvamarPB232-v/indows-x86 64-19 4. 100-116 msi Oct 16 2020 12 50 07 PM 33MB
AvamarExchanQeVSS-windows-x86 64-19 4 100-116.exe Oct 16 2020 12 48 49 PM 83MB
AvamarHyper/VSS-windov/s-x86 64-19.4 100-116 msi Oct 16 2020 12 43 55 PM 49MB
^| AvamarLotus-windows-x86 64-19.4 100-116.msi Oct 16 2020 12 33 57 PM 32MB
AvamarLotus32-windows-x86 64-19 4 100-116.msi Oct 16 2020 12 51 42 PM 26MB
^| AvamarMossVSS-windows-x86 64-19 4.100-116 exe Oct 16 2020 12 46 30 PM 86MB
i^| AvamarRMAN-windows-x86 64-19 4 100-116 msi Oct 16 2020 12:41 59 PM 41MB
g| AyamarSAP-windov/s-x86 64-19 4 100-116. msi Oct 16 2020 12:57 50 PM 41MB
AvamarSQL-windov/s-x86 64-19 4 100-116.exe Oct 16 2020 12 46 01 PM 79MB
Avamar Web Restore
Download the Windows client using a web browser by navigating to the

Avamar Web Restore page https://<avamar server hostname>.
Avamar clients are found under Downloads.
During the installation, administrators are asked to provide server

information. This information is used to activate the current client with an
Avamar server. Activating the client enables the client to perform backup
and restore to that server. Users can either activate the client to a server
at the time of installation or later.
EMC Avamar for Windows Setup

1^ EMC Avamar for Windows Setup
Ready to install EMC Avamar for Windows

Please Enter Server Information
Click Instal to begin the installation. Click Back to review or change any of your
MC server: nstalabon settings. Ckk Cancel to exit the wizard.
|ave 192.emc.edu
MC domain:
INoce: Cent s a read, -egsêd. Reêgsraton web another

server/domar can be done manuaty after the insulaton completes.
Back | Next Cancel | Back Install Cancel
Avamar for Windows Setup

Tip: For more details on Avamar Clients for Windows, see

Dell Avamar for Windows Servers Users Guide on Dell
Support.
Lab Exercise: For more practice, use the Avamar

Administration Lab.

Exploring Avamar Account Management
Asset Management
Administrators can perform various account management tasks from the

Asset Management window.
The Asset Management tasks are as follows:
Tasks
Create, edit, The user must be logged into the root domain with
and delete the Administrator privilege.
domains.
Create, edit, The user must be logged into a domain with the
and delete Administrator privilege.
users.
Create, edit, The user must be logged into a domain with the
and delete Administrator privilege.
clients.
Move clients to The user must be logged into a domain with the
a different Administrator privilege.
domain.
Tip: All these Asset Management tasks can be performed in

the Avamar Administrator as well.


Administration Lab.
Avamar Domains
Avamar client domains are distinct zones that are used to organize and
separate backup clients for administrative purposes. The server provides
enhanced security by enabling administrators to define administrative user
accounts on a domain-by-domain basis.
Avamar client domains are internal to the Avamar server and have nothing
to do with Internet or Active Directory domains.
Tip: Domain names are case sensitive.

Avamar Domains
Administrators can nest

Domain © domains to create a rich
tree structure. This
v &/ structure allows the
v Cj clients
administrator to set
v & DataCenterA privileges to a specific level
> D SOL_Clients on the client tree. These
v & DataCenterB : domain-level
administrators can then
> D Oracle_Clients
manage the clients and
V MC_RETIRED
policies within that domain.
v t) MC_SYSTEM
v 0 vcenterOI.demo.local Default and Special

v t) Containerclients
Domains
v £3 VirtualMachines
Avamar has the following
default and special
domains:
Example of Domain structure

Domain ©
v to/
v D clients
v & DataCenterA
> ED SOL_Clients
v & DataCenterB :
> Oracle Clients
V tl MC_RETIRED
v MC_SYSTEM
v 0 vcenterOl.demo.local
v ED Containerclients
v VirtualMachines
MC_RETIRED and MC_SYSTEM domain
REPLICATE Contains
replicated
data from
other Avamar
servers. This
domain is
created once
the server
receives
replication
data.

MC_RETIRED Holds clients

that have
been retired
which means
they are no
longer being
backed up.
The backups
can still be
used for
recovering
files until
backups
expire.
clients The default

domain that
comes
preconfigured
on the
Avamar
server. It can
be used for
the backup
clients. If a
domain is not
specified
during
activation of
client, by
default it
resides in
/clients
domain.

MC_SYSTEM Holds the

backups of
the Avamar
Server
databases.
Since
replication
uses client
software that
is installed on
the Avamar
server, the
Avamar
server itself
must appear
in the tree.
This domain
serves as a
container for
this client.
Avamar Domain Tree Structure
In Avamar, the domain hierarchy in an AUI is depicted in the form of a tree

structure.
Domain © Asset Management Include Sub-domain o

V &/
v & clients 1^1 1 Clients 1 Activities 0 Policies
> Q HR_Clients
V &WIN02D0 :
> D MC_RETIRED C REFR._ MORE ACTIONS J
> D MC_SYSTEM
Name T Domain Enabled Activated Client
Type
M wmO2.delledu.lab VREGULA
/clients/WINO2Domain true true
R
The root domain is represented with the following:

 Forward slash / in the AUI.

 Avamar server name in Avamar Administrator
The domain tree can expand to view subdomains and clients that are
assigned to the domain as shown below:
Best Practice: Dell Technologies recommends retiring a

client as opposed to deleting a client to preserve backups for
future use.
Go to: For more detailed information, see Avamar

Operational Best Practices on Dell Support website.

Administration Lab.
Important: Users or administrators cannot delete the

MC_SYSTEM, MC_RETIRED, and REPLICATE domains.
Avamar Users and Roles
The user accounts help define the authentication that is used to grant a
user access to the Avamar system and define the role for each user.

Important: All usernames that are created inside Avamar,

including those for preconfigured user accounts, are case-
sensitive. The case-sensitive formatting differs from
Active Directory user accounts, as Active Directory
usernames are not case-sensitive.
Avamar Users
Security in Avamar is implemented with the help of user accounts. Users

are added to the following:
• Domains for administering the domain and any sub domains within the
domain
• Individual clients to perform backup and restore of client data
The privileges that are assigned to a user determine the tasks that the
user can perform in AUI. Also, the privileges determine the ability of the
user to initiate backups and restores.
Preconfigured User Accounts
Avamar provides several preconfigured12 user accounts at the root domain

level which include the following:
Preconfigured Description
Users
MCUser Used to administer the Avamar server at the root

domain level.
12 Preconfigured user accounts are case-sensitive.

repluser An account for replication between two Avamar

systems.
root An Administrator role.
backuprestore Only used as Backup/Restore user role.
backuponly A user role can only run backups.
restoreonly A user role can only run Restore (Read).
Avamar Roles
Roles define the allowable operations for each user account. The following
are the three categories for user roles:
Roles Description
Administrator Can perform administrator13 tasks, backups, and

restores with their domain and any subdomains.
13 A root level administrator has full control of the Avamar system.

Operator The users with operator role have access to the

specific Avamar Administrator features they are entitled
to use based on their assigned role such as:
• Restore only operator: Perform and monitor restores
only.
• Backup only operator: Perform backups and monitor
only those activities.
• Backup/Restore operator: Initiate backups and
restores, and can monitor those activities.
• Replication User: The default replication user account
on the Avamar server
• Activity operator: Monitors the backup and restore
activities, and create reports.

User These users cannot log in to the Avamar server. These

user roles are:
• Backup Only Users: Initiate backups from the client
using the avtar CLI command.
• Restore (Read) Only User: Initiate restores directly from
the client.
• Backup/Restore User: Initiate backups and restores
from the client.
• Restore (Read) Only/Ignore File Permissions: Similar to
the Restore (Read) Only User role except that
operating system file permissions are ignored
during restores. This user is allowed to restore any
file that is stored for an Avamar client.
− Windows client user accounts should be

assigned this role only when both of the
following are true:
o Users are authenticated using Avamar
internal authentication.
o Users do not require access to the Avamar
client UI.
Avamar Users In Domain Hierarchy
The level at which a user account is added to the Avamar system and the
role that is assigned to the user determine the access and privileges that
are assigned to that user.
These privileges are the following:

User Roles Description
Root Administrator Role Root users are created at the root

Operator Role: domain, represented by the Avamar
• Restore Only server in the domain tree. Root users
Operator can perform tasks for all domains in
the hierarchy and the clients within the
• Backup Only
domains.
Operator
• Backup/Restore
Operator
• Activity
Operator
Domain Administrator Role Domain users are created at the

Operator Role: Avamar domain level. Users at the
• Restore Only domain level can perform tasks for that
Operator domain, the clients assigned to the
domain, and any domain or client
• Backup Only
beneath the domain in the domain
Operator
hierarchy.
• Backup/Restore
Operator
• Activity
Operator
Client User Role: Client users are created for an

• Restore (Read) individual Avamar client. The tasks a
Only client user can perform are limited to
that specific client.
• Backup Only
User
• Backup/Restore
user

Lab Exercise: For more practice go to the Avamar

Administration Lab.
Creating and Editing Avamar Users
The AUI and Administrator allows users to easily perform ADD, EDIT, or
DELETE a domain tasks as shown below:
Important: Avamar usernames are case-sensitive and

must be 31 characters or less, and cannot contain special
characters. The passwords are case-sensitive and must
be 6 to 31 characters in length, and cannot contain any
special characters.
Create a User
To create a new user, perform the following:
• From the AUI navigation pane, click >> and click on Setting.
• In the Setting pane, click the User tab.
• Select a domain for the new user and click +ADD.
• From the User Management window, select an authentication system.
The Authentication System list appears in a disabled state, with Axion
Authentication System (the internal system) that is selected. This step
indicates that the ability to select an enterprise authentication system is
not currently enabled.
• Enter the usernames and password, and select a role for the new user
from the list.
• Click OK to create the user.

Edit a User
To edit a user, perform the following:
• From the AU navigation pane, click >> and click on Setting.

• Click the User tab, and select the user from the domain.
• To change the role for the user, click Edit, and select a role that is
needed for the change and click OK.
• To change the password for the user, click Edit Password and enter the
new password.
• Click OK to finalize the changes.
Delete a User
To delete a user, perform the following:
• From the AUI navigation pane, click >> and click Setting.
• In the Setting pane, click the User tab.
• In the domain tree, select the domain and respective user and click the
DELETE button.
• Click YES to confirm the deletion of user.

Administration Lab.
Creating and Editing Domains
Administrators or other users may need to add additional domains to their

tree or change the name of a specific domain.
The AUI and Administrator allows users to easily create, edit, or delete a
domain task as shown below:

Important: Domain names cannot be modified once the

domain has been created.
Warning: To preserve the clients and their backups in the

system, move the clients to a new domain before
performing a deletion of a Domain or client. Deleting
users will not affect the backups.
Create a Domain
To add a new domain into the Avamar, perform the following:
Create Domain
D0LLEMC Avamar
New domain will be added at /clients
« Name • Desktopclient
Domain Optional Infomation

Q Dashboard
Contact
V &/
1*1 Asset Management clients Pnone
Policy MC RETIRED Email
Backup Policy
> MC.SYSTEM Location
Advanced Policy
% Replication Policy
Domain @
V &/
v & clients :
> D Desktopclient
> XYZDomain
> tJ MC-RETIRED
> MC.SYSTEM
Create a Domain
• Click Asset Management.

• Select a location in the Domain tree, the click the + icon.

• Enter the name of the new domain and fill out optional areas as
needed.
• Click OK to create the new domain.
Edit a Domain
To edit an existing domain in the Avamar, perform the following:
D0LLEMC Avamar Edit Domain
« Name '
Domain © Asset Management
Q Dashboard Optional infomation
v b/
Pi Asset Management > clients
Contact JonnDoe
Policy > Cl Engineering Phone
l§] Backup Policy > Email

Edit Domain
> 9 ADD CLIENT •
Qh Advanced Policy > Delete Domain Location New York
% Replication Policy Refresh Domain

Name
CANCEL
& Cloud Tier Policy
Edit a Domain

• Select the domain to be edited, and click the overflow button next to
the domain name and select Edit Domain.
• Edit the information as needed and click OK. In this example we added
a Contact and Location.
Delete a Domain
To delete an existing domain in the Avamar, perform the following:

D0LLEMC Avamar
«
© Dashboard
&/
Pi Asset Management D clients
Policy D Engineering :
® Backup Policy
Edit Domain
o? ADD CLIENT
Advanced Policy Delete Domain
Replication Policy Refresh Domain

Name
a Delete Domain
Are you sure you want to delete domain /Engineenng?
CANCEL
Delete a Domain

• Select the domain to be deleted, click the overflow button next to the
domain name, and then select Edit Domain.
• Click YES to confirm the deletion of the domain.

Administration Lab.
Registering and Activating Avamar Clients
Registering Avamar Client
The Avamar client needs to be registered and activated with an Avamar

server before performing any backup or restores. Registering an Avamar
client establishes an identity with the Avamar server. Once Avamar knows
the client, activation can occur that assigns a unique client ID (CID), which
passes back to the client during activation. A client can be registered on
more than one Avamar server but can only be activated on one Avamar
server at a time.

There are multiple ways to register the Avamar client:
Client-side With Client-side registration and activation, the

registration registration is initiated from the client which may have
already been done during the client software installation
process. If not, registering after installing the client
software is also allowed. In Windows, the installer can
initiate registration by right-clicking the Avamar client
(avscc) tray icon and choosing Manage > Activate Client. In
Linux and UNIX, administrators may run the
avregister command that is located in the Avamar
software bin directory.
Server-side Server-side registration of an Avamar client can be done

registration using AUI and Avamar Administrator. In this way,
administrators can add the client to an Avamar system in
the intended domain.
Batch client Batch client registration can be performed with the

registration Avamar Client Manager. This registration defines
multiple clients using a single client definition file. The file
then gets imported to the Avamar server to register them.
Client Avamar Client Manager is a centralized interface that

Manager allows administrators to perform client management
tasks for multiple Avamar Servers, including client
registration and activation.
Adding an Avamar Client
The following steps are used to register a client with the AUI:

D0LLEMC Avamar
« New Client Client information x

Domain © Asset Management Normal O»ent
Gj Dashboard
lnto<mat*on
B/ New Nyne
*X Asset Management
e» clients 2 Option* Wormabon CMnt Doolin
Policy > D DesktopC
Backup Pobcy > m XYZDomain
D MC.RETIREO
Advanced Policy
D MC_SYSTEM
Ta. Replication Policy
Name
New Client
CANCtl
: Opccn*i
Add a Client
1. Once logged in to the AUI, click on Asset Management and then click
ADD CLIENT.
2. In the New Client page, select the Client Type, enter the new client
name, and click NEXT.
3. Review the client information in the Finish page, click ADD.
Avamar Server-Side Client Activation
Once a client has been registered with an Avamar server, Avamar

administrators can activate the client14 with the Invite client option in
either the AUI or Avamar Administrator.
The steps to invite a client are the following:
14In order for activation to succeed, the client must be present on the
network. Then client software must be installed and running, and the
Avamar server must be able to resolve the hostname that is used to
register the client.

tar
Domain Asset Management

b/
b clients
Activities Voices
DesktopC :
XYZDomain
D MC_RETIRED
MC SYSTEM C? ADD CLIENT BACKUP RESTORE ADD POLICY C REFRESH MORE ACTIONS •
Edit Cbent
Name Domain Enabled Activated ype
Delete C ent
wmOi emc ec?j /clients/Desktop true false AR
Client invite Client
Move C ent
Retire Cent
Inviting a client
AUI To activate a client using AUI, select the client under a

domain and click MORE ACTIONS > Invite Client.
Avamar To activate a client using Avamar Administrator, after the

Administrator client is added to a domain, select the client and choose
Actions > Account Management > Invite Client.
Client-Side Activation for Windows and Linux Clients
During the activation of a Windows or Linux/Unix client, the domain exist

and the capitalization must be matching to ensure that the activation of
client is completed successfully.
In Windows, with the client software is installed, activate the client by right-
clicking the Avamar client (avscc) tray icon and choosing Manage > Activate.

Activate Client Setup

Administrator Server Address :
|ave1.emc.edu
Administrator Server Port :
|28001
Client Domain :
Activate Close
Avamar Client Activation with Windows Client
In Linux and UNIX, the client registration process using the avregister
command also activates the client.
leg-sun3# /opt/AVMRclnt/bin/avregister
=== Client Registration and Activation

This script will register and activate the client with the Administrator server.
Enter the Administrator server address (DNS text name, not numeric IP address) avei.emc.edu
Enter the Avamar server domain [clients]:
avagent.d Info: Stopping Avamar Client Agent (avagent)...
avagent.d Info: Client Agent stopped.
avagent Info <5241>: Logging to /opt/AVMRclnt/var/avagent.log
avagent.d Info: Client activated successfully.
avagent Info <5241>: Logging to /opt/AVMRclnt/var/avagent.log
avagent Info <5417>: daemonized as process id 18819
avagent.d Info: Client Agent started.
Registration Complete.
Avamar Linux Client Activation
Client ID and Activation
During the activation process, the Avamar server passes the client ID
(CID) to the client. The client ID is stored in an encrypted file on the client
file system.
A client can only be activated to one Avamar server at a time. To move a

client from one Avamar server to another, follow the steps below in the
Avamar Client Manager:

Asset Managerent rOjOt s-x-donur Q <vOi «mc ecu
^1 1 CH«1 a 0 Mti. ••-.

DCMAJK ACTIONS
g cart OorMir C Oom»m

t*e.u» »ok»
cx«t D»un
*no* *ev*» ^*t>—
S &•<««• Oom** wm •mO'ornc**.

Q ADO CKHT : 1 BACKUP 1 'etreesM Domaw /c*o^vDwMc*C*,»
xte^veettwcw’V-**' •*<••»
enMMd
Harm » Domaxi enab4«o A<b.Md CM typ» Cl*M Summaty
H M
1
Q«rOimc»a- 7CHrevoe»»apcw»* true trua VKOUUA0
Mme mnO’emceOu Aa-WO- TW 202003 »» ex O’ 29 OW 4
••*»*•«X» M
Dom*" XM^DOÔPCM O4MWMA ftirou
O«M OS 3012 «2 5MMO-M- S*w CO"« INO!•«« BmM «4 1»
a«Miy»« vteoui>B
CO ^WS*»04
VW>«kt4»O> Tvna 2030-03- W 5? 38 *3 OMT-4
LMl CMC*-* rm 203003-»» 04 or 29 OX*.*
Opben SCrr.SuCCKS
CC«*4Cl»Mf«»
Ccr*4d»ho**
COHUctemxt
Ccrt*c! LocM«n
Avamar Client ID and Activation Status

1. On the left-side menu, click Clients > Activated Clients.

2. Select a client. Do not select an NDMP client. Do not select a client
that has backups on a Data Domain server.
3. On the Actions bar, click Move. The Domain Selection pane of the
Client Move dialog box appears.
4. At the top of the Domain Selection pane, from the server selection
list, select the Avamar server that is the target of the move. The
target server's domains appear in the Domain Selection pane.
5. In the Domain Selection pane, select the target domain. Click
NEXT.
6. The Group Selection pane of the Client Move dialog box appears.
Select a target group. Users can optionally select more than one
target group. Avamar Client Manager adds the client to all selected
groups.
7. In Replicate Existing Backups at the bottom of the Group
Selection pane, select a value:
a. All - Replicate all the client's backups to the target server
b. Last - Replicate only the last backup
c. None - Replicate none of the backups.
8. Optional: In Delete From Source:
a. Select to remove all the client's backups from the source server.
b. Clear to move the source server's registration of the client to the
source server's MC_RETIRED domain and retain copies of the
client's backups on the source server.
9. Click FINISH.
The details of the client can be viewed in the VIEW MORE option after
selecting the client.

Disabling Client
Administrators can disable a client backup from the AUI. When a client is
disabled, it cannot use the Avamar server to backup any data.
Once the client is disabled, no backups, restores, replication, or cloud tier

operations can be initiated.
Asset Management Edit Client
E© 1 =»*«
Dornan /c*entty©e»McpC>ent
ADO CLIENT : BACKUP I RESTORE I ADD POLICY "REFRESH I MORE ACTIONS J O*w-e0s*a" No
etktcKne n EMxd
Name Domam Enabled Activated Jrnype
Delete Cfaerf^ J
/c^vDwktoo
Client
true true
mvre cient
invite Client **
Allow a^rt ntateo bAC. 14«
Move Chent
ABM h« on cX"t nt rec badnc: B
Retire Cl*nt
rp ADD CLIENT (♦, BACKUP RESTORE ADD POLICY 0 REFRESH MORE ACTIONS =
Name Domain Enabled Activated Client Type
n wmoi.emcedu /c ents/D-esktop false true '/REGULAR

Client
Disable a Client
Shown here are the steps to disable the client in the AUI:
1. Select a client in the registered domain.

2. Click MORE ACTIONS, and click Edit Client.
3. Clear the Enabled box, and click UPDATE. This change reflects a
false value under the Enabled column.
Important: Before inviting and or activating a client, the

client must be added to a specific domain on the Avamar
server. Administrators can register a client to two Avamar
servers, but only activate on one Avamar server.


Administration Lab.
Managing Avamar Clients
Administrators can perform additional tasks with clients from the AUI.
The following tasks can be performed on a client:
Asset Management
Activities Pobcies
9 ADD CLIENT : 1 ch backup I| ft* RESTORE

J ADD POLICY I0 REFRESH 1 MORE ACTIONS •
Edit Ghent
Name Domain Enabled Activated j
Delete Cl ert
/c ents/Desktop
G winOl emc edu Client
true true
invite Client
wove Client
Retire C ent
Management tasks
Edit Used to change the client name and optional descriptive

Client information. It also allows the administrator to enable, activate,
and initiate any client backups.
Move Used to move a client to another domain.

Client

Retire Retired clients do not participate in regular backups; however,

Client previous backups are still maintained and files can be restored
using a directed restore. All retired clients15 are moved to the
MC_RETIRED domain.
Delete This permanently deletes all backups that are stored that are
Client for the client being deleted. If there is any chance that an
administrator needs to restore data from this client, retire the
client instead.
Invite Used to activate a client.

Client

Administration Lab.
Best Practice: Retire a client instead of deleting it so that

d administrators still have the capability of performing restores.
Managing Directory Services
An Avamar server must be configured first to authenticate with the

directory service in order to use a directory service authentication.
15 If the client has been replicated to another Avamar server, users at any
time can change the retention times of the replicated backups.

Use directory service authentication to authenticate and assign roles to

Avamar users by using information from an existing directory service.
Directory service16 authentication works with specific LDAP directory
services and provides additional functionality when used with an
OpenLDAP directory service.
The following Avamar products use directory service to authenticate and

authorize users:
• Avamar Administrator
• Avamar Web Restore
• Avamar Client Web UI (Desktop/Laptop)
• Avamar Web User Interface (AUI)

Administration Lab.
Managing Directory Services
The Avamar server needs to be configured to authenticate with the

directory server.
Some important things to consider with directory service authentication

are the following:
• Can be configured from the Administration interface in Avamar

Administrator.
16Directory service authentication also works with a Network. Information

Service (NIS) on its own or with one of the supported LDAP directory
services.

• Edits the necessary LDAP and Kerberos configuration files to allow

authentication
• NIS authentication is also supported.
Ava
aveOl.delledu.iab Avamar Administrator - Administration (/)
Actions
J Actions Tools VMware Navigation Help
G Sy Account Management Event Management Services Administration LDAP Management ble

Users LDAP Maps
Sc
LDAP Domain LDAP Group Name Role Domain
(± clients
© M
IB MC_SYSTEM DELLEDU.LAB Avamar Root Admins Administrator / illy 6, M
Li
Activit
O Ba mini
Pen
Run
Re
Pen
Run
ill R © Sch/Disp: Running/Running Have Unacknowledged Events © Server: Full Access inal Server
Add Directory Service
From the Account Management tab, select LDAP Maps. Click Actions
and choose New LDAP Map. Fill out the options in the New LDAP Map
dialog box. Click OK.

Create an LDAP Group
Avamar Administrator Create LDAP Group
In order to allow an LDAP access, first create a user group. Administrators

may have to create multiple groups to grant access to different Avamar
domains or different roles depending on the requirements.
In the Active Directory Users and Computers section, click on Users .

In the Users section click Action > New > Group. Choose the Add to a group,
and find that group name and click OK.

Adding LDAP Map
NEW LDAP MAP
The LDAP Map needs to be created to allow the LDAP users to access
the Avamar. When an LDAP map is configured, all users who are
assigned to the group have access to an Avamar domain as defined by
the user role.
Users can create LDAP Maps in the Avamar Administrator and the AUI.
The map must be created in the Avamar domain in which the users have
access. When creating an LDAP map, select the LDAP group that is
created for the assigned role.
From the Account Management tab, select LDAP Maps. Click Actions and
choose New LDAP Map. Fill out the options in the New LDAP Map dialog
box. Click OK.
Avamar Client Manager
Other tasks that are performed on a client in the AUI and Avamar
Administrator can also be performed from the Avamar Client Manager.
The Avamar Client Manager is useful for managing large number of

clients. The Client Manager can also assist administrators with moving
clients from one Avamar server to another Avamar server.
Avamar Client Manager is a web-based management application that

provides centralized administration of more than one Avamar server. The
Avamar Client Manager can analyze both failed and successful backups
and restores. The Client Manager is also capable of pushing client
software upgrades.
Overview
The login page authenticates the username and the password with
administrator accounts that are registered on the Avamar server. Avamar
Client Manager only allows access for accounts with administrator
privileges on the Avamar server that is running the Avamar Client
Manager process.
Avamar Client Manager can be accessed by navigating to

https://<Avamar server>/aam in a web browser.

Avamar Client Manager
The Avamar Client Manager has the ability to:
• Activate
• Retire
• Move
• Upgrade
• Delete
• Change Group Associations
Activating with Avamar Client Manager
Avamar Client Manager provides a centralized facility for multiple Avamar

servers to have their respective clients activated.
The Avamar Client Manger allows the following:

Avamar Client Manager New Clients
• Populate a list of clients by either importing a client list CSV or

querying a defined directory service.
• Manage clients that are already registered or activated on an Avamar
Server.
• Initiate the registration and activation of clients.
Moving Clients with Avamar Client Manager
Administrators can also move clients from one Avamar server to another.
Client Manager Add Server
From the Avamar Client Manager, users can view the Summary pane and
the Actions allows user to Move, Retire, and Delete clients as needed.

Avamar Client Manager 3 ?
Navigation Summary «
avel.emc.edu Filters : OS • Version • Period • Client Name • User Name • ’ Success Criteria - Activity Type -
Overview Actions : Move Retire Delete ivup AssoooUon •^••'Cuku etaio
ST
Clients
J Client • Domain Groups Version OS
-c: Clients /dients/DesktopClient /Default Group 19.2.100-155 Windows Server 2012 R2 Datacenter Server
M ^wmOl.emc.edu Edition (No Service Pack) 64-brt
HRegistered Clients /dients/DesktopClient /Default Group 19.2.100-155 Windows Server 2012 R2 Datacenter Server
i—’ Activated Clients f< ^W1NO2.emc.edu Edition (No Service Pack) 64-bit
a Failed Clients
@Idle Clients
a Upgrade Clients
« «
Avamar Client Manager Actions
Preparing a Client List CSV
As an alternative to using a directory service to import a client list,

administrators can prepare a Comma-Separated Value (CSV)17 file which
contains list of clients and import that list into Client Manager using the
Add Clients feature.
Avamar Client Manager is a web application, so the client list CSV file
must be available on the machine running the web browser. The client list
CSV is formatted according to the following rules:
• Needs to have at least two rows.

• The values (or columns) are separated only by a comma.
• The name for the first value is Hostname.
• The name for the second value is Group18.
17 A CSV file is a plain text file that contains a table, similar to a

spreadsheet, with all cell values separated by commas.
18 The Group value in the CSV does not relate to Avamar Backup Policy or
Policy Group. All newly imported clients must still be assigned to Avamar
domains after import, as part of activation.

• The first row of the file must consist of the literal names for each type
of value.
• The second row, and all subsequent rows must have at least one value
and no more than two values.
• The formatting rules require a first value that is a valid hostname or
Fully Qualified Domain Name (FQDN) for a computer and a trailing
comma.
• The second value is optional, it is intended to be the directory service
logical group name for the computer. This directory service structure is
shown in Client Manager for all clients that are imported from the CSV
and allow clearer visual organization once imported.
An example of the client list is the following:

Hostname,Group User1-
desktop.Acme.corp.com,acme.corp/USA/MA User1-
laptop.Acme.corp.com,acme.corp/USA/CA/SFO User2-
desktop.Acme.corp.com,acme.corp/Engineering User3-
desktop.Acme.corp.com, User4-desktop.Acme.corp.com,

Managing Avamar Backups
Avamar Backups
Avamar backups are categorized into Scheduled and On-Demand.
• Scheduled Backups: Run automatically according to Backup Policy

specifications that the administrator can customize by the using the
AUI or Avamar Administrator.
D0LLEMC Avamar
«
© Dashboard
Domain c Policy Include Sub-domain o
[£ Asset Management
clients + ADD 0 EDIT ® DELETE & RUN C REFRESH MORE ACTIONS ;
Policy
@] Backup Policy
Name Domain Type
» Policy details
Advanced Policy
REGl Dataset
t. Replication Policy © Daily_Backup_Policy /clients AR
cG; Cloud Tier Policy FODN /dients/dataset
Administration Plugins Windows File System
Scheduled Backups
• On-Demand Backups: On-demand backups run instantly. On-demand

backups can be initiated off from the client or the Avamar Server and
can be performed using the AUI, Avamar Administrator, Avamar
Desktop/Laptop web UI, or the Management Console Command-Line
interface (MCCLI).

CXHLEMC Avamar
«
Q Dashboard
&/
Asset Management
clients
Policy MC_RETIRED
9 Activit
@] Backup Policy > D MC_SYSTEM
Advanced Policy ADD CLIENT BACKUP A RESTORE
*□, Replication Policy

Name Domain Enablec
(2; Cloud Tier Policy
Administration Cl win01.emc.edu /clients true
& Setting
Proxy Management
On-Demand Backups
Go to: For more information, see the Dell Avamar

Backup User Guide on the Dell Support website.
Avamar Policies
Backup Policies
Avamar uses backup policies for automating backups and enforcing

consistent rules across a collection of clients. Backups are scheduled to
run automatically by associating a Schedule with the Backup Policy, and
enabling the Backup Policy. The following components make up the
backup policy:

Setting
Schedule Retention Dataset Rule User
Name t Domain Recurrence St
o Daily Schedu le / Weekly 2
o Default Replication Schedule / Weekly 2
o Default Schedule / Weekly 2
Avamar Schedule Components
Dataset Defines the files, folders, and databases that will be backed
up, as well as the plugins required to perform that backup.
Administrators can also narrow the scope by specifying
certain content, such as file types, to exclude or include.
Datasets can be created at any domain level and can be
assigned to one or more policies and clients within the
assigned domain.
Schedule Determines when and how often a backup will automatically

run. Can be created at any domain level and can be assigned
to one or more policies within the assigned domain.
Retention Specifies how long each backup is retained. Any backups

older than the specified retention are automatically dropped
from the system. Retention can be created at any domain
level and can be assigned to one or more policies and clients
within the assigned domain. These retention policies can still
be reused even if the client is deleted or retired.

Clients Avamar client is a device from which files can be backed up

or a device to which files can be restored. Typically this is a
laptop, desktop, server, or a virtual machine.
Pre-Configured Backup Policies
Within the root domain, Avamar includes by default two preconfigured

backup policies:
[X^LLEMC Avamar
Cemar Poky
© Oe V'toerd
* B/
A Attet Maneoerncfl:
> Pl dxeti
t! Backup PoU, V Dornan Type tnêtod Memt

Q Ae^xed Potty
UfirwixePok, i£ / REGULM few 2
£: Ocvd T«r Poecy o D«»Jt Prey Gn>» / REGULAS lane 0

AcmrHt'MO^
B
f< Proiy MeMêment
AU I Avamar Administrator
Pre-Configured Policies
Default Automatically includes all new clients, if no other groups

Group have been configured. The Default Group always uses
the system default dataset, schedule, and retention
policy. This cannot be changed; however, the
specifications of the default dataset, schedule, and
retention can be changed. By default, this group19 is
disabled.
Default The Default Proxy Group is also a preconfigured backup

Proxy Group policy and is used to support VMware Image Proxy
clients. By default, this group is disabled.
19Group in Avamar Administrator has now been renamed as Backup

Policy in the AUI.

Create a Backup Policy
Administrators can create a policy from the Backup Policy option click +ADD.
When the Properties window appears fill out the sections for Members,
Dataset, Schedule, and Retention. Review the Summary page and click
FINISH.
Policy Summary O X
1 Propenes Dataset
PGDN /c lents/dataset
2 Members
Plugins Windows File System
3 Dataset
Schedule
4 Schedule PGDN /schedule
Recurrence type Daily
5 Retention Next run time 2020-03-28 0100 00 GMT-4
6 Summary
Retention
PGDN /c ients/retention_po icy
Retention period 60 DAYS
Name Domain Override Dataset Membership
vanOI.emc.edj /clients NCLUDED_BY_USER
/Default Dataset
/OpenStack mage Dataset
/Oracle Cumulative Backup Dataset
/Oracle Differential Backup Dataset
/Oracle Fji Backup Dataset
/Oracle Incremental Backup Dataset <CCL BACK
/SOL Server Differential Backup Dataset
Server Fu i Backup Dataset
SOL Server ncremental Backup Dataset
nix Dataset
Mware Image Dataset
indows Dataset
—
clients/Dary.Dataset
*
Backup Policy Summary
Avamar also provides the administrator the option to individually override

the Backup Policy's Dataset for clients selected in the Members step of
Backup Policy creation. The Override Dataset drop-down in the
Summary page allows clients with unique requirements to be backed up
at the same time as other Backup Policy members, but with a different
Dataset.

Administration Lab.

Avamar Schedules
Overview of Schedules
Schedules determine when and how often a backup is automatically run.

Schedules are also used to determine when custom event profile email
notifications are sent.
Schedules that are created at the root domain level can be assigned to
any backup policy throughout the hierarchy.
The following preconfigured schedules are defined at the root domain

level in Avamar:

Setting Include Sub-domain
F ADD & RUN

1 C REFRESH
Name Domain Recurrence Start Timezone Id

Time
o Daily Schedule / Weekly 22:00 America/Los_Angeles
o Default Replication Schedule / Weekly 23:00 America/Los_Angeles
0 Default Schedule / Weekly 20:00 Amenca/Los_Angeles
Default Tiering Schedule / Weekly 00:00 Amerka/Los_Angeles
0 Evaluation Schedule / Weekly 06:00 America/Los-Angeles
o Notification Schedule / Daily N/A Amenc a/Los_Angeles
o Override Daily Schedule / Daily N/A America/Los_Angeles
Statistics Schedule / Daily N/A America/Los_Angeles
Preconfigured Schedules
Daily Configured to run once every day. It is initially

Schedule configured similarly to the Default Schedule.
Default Used for replication jobs. It is set to run daily at 11 PM.

Replication
Schedule
Default Assigned to the Default Group. It is initially configured to

Schedule run once a day with the earliest start time of 10 P.M. US
Pacific time for a maximum of 8 hours.
Default Used for the Cloud Tier feature.

Tiering
Schedule

Evaluation Controls when the Evaluation Profile email notification

Schedule is sent. The evaluation profile is primarily intended to be
used to support system evaluations. If enabled, this
profile generates an email notification and attaches a
report to the email with two weeks of detailed client
activities.
Notifications Controls when custom event profile email notification

Schedule messages are sent.
Override Defines the available start times for Avamar Desktop

Daily Laptop clients that can override a set schedule.
Schedule
Time for Schedules
The times displayed when editing or creating a schedule, and the times
that are displayed in the AUI and Avamar Administrator interfaces are in
the local time zone of the Avamar Administrator client or web browser that
is running the AUI.
The following time zones are used by various Avamar components:
• The Avamar server utility node is the local time where the Avamar
server resides.
• The Avamar storage nodes, MCDB, and reports track time in GMT.
• The Avamar client20 is in local time of the client machine.
For example:
20 The time that is displayed in most client log files is the local time of the
client. However, there are some client log files that are time/date-stamped
in GMT.

Pacific Time Mountain Time Central Time Eastern Time

Avamar Server Avamar Client Avamar Client AUI or Avamar
10:00 PM 11:00 PM 12:00 AM Administrator
Monday Monday Tuesday Interface
1:00 AM
Tuesday
Defining and Creating Schedules
To define a schedule, go to the Setting menu and select the domain that is
needed. From the Schedule tab, click +ADD. From the Create Schedule
window enter the information needed for: Basic Configuration, Recurrence
Pattern, and Activities Constraint. Review the Summary window, click FINISH.
Create Schedule Create Schedule Create Schedule Create Schedule
1 Basic Configuration 1 Basic Configuration 1 Basic Configuration 1 Basic Configuration
2 Recurrence Pattern 2 Recurrence Pattern 2 Recurrence Pattern
3 Activities Constraint 3 Activities Constraint
4 Summary
Basic Configuration Recurrence Pattern Activities Constraint Summary
Recurrence Types
The recurrence types in Avamar schedules are of various types, including

Daily, Weekly, Monthly, and On-Demand.

Daily These policies that are associated with the schedule that
is run on a daily basis. If the Daily recurrence type is
selected, and then the backup jobs are repeated every
day at one or more times of the day. With daily
schedules, limit the duration of the activity to prevent job
overlap.
Weekly The Weekly recurrence type is selected, and then the

backup job is repeated every week on one or more days
of the week. With weekly schedules, define the earliest
start time for the activity, and the time at which the
activity is stopped, even if it is still in progress.
Monthly The Monthly recurrence type is selected, the backup jobs

repeat on a specific calendar date or on a designated
day of the week each month, such as the first Sunday of
every month. With monthly schedules, define the earliest
start time for the activity, and the time at which the
activity is stopped, even if it is still in progress.
On-Demand The On-Demand schedules never run automatically.

Schedules of this type are typically assigned to policies
that are only run on-demand.

Administration Lab.
Allowing Overtime Option
The Overtime option allows backups to run longer than their Backup
Window as configured in the relevant schedule assigned.
The settings for the overtime feature are the following:

Edit Client
Basic Contact Paging
Name winOtemcedu
Domain /clients
Overtime Option No overtime allowed

[Overtime until successful backup"^
Enabled No overtime allowed
Overtime on next backup only
Always alow overtime
Activated
Allow client initiated backups
Allow file selection on client initiated backups
Overtime Option
Overtime until The Overtime attribute for a client is set automatically

successful to Overtime until successful backup when a client
backup registers with the Avamar server.
No overtime After the first successful backup for the client, the
allowed Overtime attribute is changed automatically to No
overtime allowed.
Overtime on If the administrator is running a full initial client backup

next backup where the time to complete the backup could
only potentially exceed the schedule duration period, set
the Overtime attribute to Overtime on next backup
only. This allows the backup to run beyond the
duration period.
Always allow When overtime is allowed, the duration settings on a

overtime schedule are ignored, allowing scheduled backups to
run as long as necessary to complete.

Important: From the Avamar Administration UI only,

administrators can set Override retention policy on client-
initiated backups.

Administration Guide on the Dell Support website.
Avamar Retentions
Retention policies specify how long the backup is retained. Any backups
older than the specified retention are automatically removed from the
system.
The removal of expired backup data from the system and returning those
blocks to free space depends on several factors, including whether a
unique data segment is referenced by another backup that has not yet
expired. If the segment is still in use it is not cleared with the rest of the
expired backup's segments, also whether the garbage collection cycle has
run yet.
Retention policies can be created at any domain level and can be

assigned to one or more groups and clients within the respective domain
and sub-domain.
There are two types of retention settings are the following:
• Basic
• Advanced

Tip: Administrators cannot apply advanced retention

settings to on-demand backups.
Preconfigured Retention Policy Catalog
The Avamar system includes a set of preconfigured retention policies by

default. Administrators can use these retention policies for scheduled
backups of clients, or administrators can create a custom retention policy.
The following preconfigured retention policies are defined at the root

domain level in Avamar:
Default Defines backup retention settings for the Default Group. By

Retention default, the policy assigns a retention period of 60 days and
retains 60 days of daily backups.
End User Controls the retention settings for on-demand backups that
On- the client begins with, such as using the Back Up Now
Demand command on the Avamar Windows client. Advanced
retention settings are disabled on this retention policy
because advanced retention settings never apply to on-
demand backups. The End User On Demand Retention policy is
a global system object that only controls retention for on-
demand backups that the client begins with. Administrators
cannot assign the End User On Demand Retention policy to a
backup policy.

Minimal Enables administrators to enforce a minimum basic

Retention retention setting across an entire site. This feature is
intended to address the need of some enterprises to
enforce sitewide minimum retention standards regardless of
what individual organizations might decide to implement
with other retention policies. The Minimal Retention policy is a
global system object that controls only the minimal retention
setting. Therefore, administrators cannot assign the Minimal
Retention policy to a backup policy.
For example, administrators can keep all backups for at
least 90 days regardless of what other retention policies
specify.
Monthly An expiration of one month after the backup is performed.

Retention
Weekly An expiration of one week after the backup is performed.

Retention
Basic Retention Setting
The following shows the Basic Retention settings:
Retention Description
Setting
Retention Enables administrators to define a fixed retention period in

Period days, weeks, months, or years after the backup is
performed.
 For example, administrators can specify that backups
expire after 6 months.
End Date Enables administrators to assign a calendar date as the

expiration date.
 For example, administrators can specify that
backups expire on December 31, 2023.

No End Enables backups to be kept indefinitely. This setting is

Date useful for ensuring that all backups that are assigned this
retention policy are retained for the life of the system.
Advanced Retention Setting
Advanced retention settings are an optional set of rules to be used with

scheduled backups for dynamically assigning backup expiration dates
based on how long to keep the daily, weekly, monthly, and yearly backups
in the system.
For scheduled daily backups are automatically assigned one or more

advanced retention types:
• Each successful scheduled backup is assigned the Daily retention type.

• The first successful scheduled backup each week is assigned both
Daily and Weekly retention types.
• The first successful scheduled backup each month is assigned both
Daily and Monthly retention type.
• The first successful scheduled backup each year is assigned Daily,
Weekly, Monthly, and Yearly retention type.
For assigning advanced retention types, each day begins at 00:00:01

GMT, each week begins on Sunday, each month begins on the first
calendar day of that month, and each year begins on January 1.
Always use daily scheduled backups with retention policies with advanced
retention settings. The Always keep: n weeks of daily backups setting has no
effect unless there are daily backups in the system. Depending on the
schedule used, daily backups may not be in the system.
For example, if an administrator assigns a schedule to a group that only

performs weekly backups, and then there are no daily backups in the
system.


Administration Lab.
Creating a Dataset
A single dataset definition can use more than one plug-in type. When
backing up, Avamar uses the appropriate plug-in based on the client
definition. The default dataset is used to back up all local file systems for
all clients. However, there can be instances where there is a must create a
dataset to define specific persistent requirements.
To create a dataset, go to the Setting pane, and chose the domain needed
and chose the Dataset tab and click +ADD.
In the Create DataSet window enter the following information, and click
SUBMIT.
Example:
• Source Data: C:\

• Exclusions: C:\TempData\
• Inclusions: C:\TempData\BackupThisUp

Create DataSet
Dataset Name: Windows Dataset]
Plugins Options Source Data Inclusions Exclusions
Windows Exchange WebS
Q Windows File System

Windows File System
| | Windows Hyper-V VSS
Show Advanced Options O
Q Back up Natively Attached Virtual Hard Disks
2| Windows itemPoint
Avamar Server Restore Option (HBE) disabled v
Windows Lotus Domino
Back up System State (Windows Server 2003 only)
| | Windows Oracle RMAN
2 Perform a Windows Optimized Backup of a Windows Deduplicated volume (not recommended)
CLOSE SUBMIT
Create DataSet
Dataset Provides a name for the dataset.

Name
Plugins Choose the types of plugins that must be part of the

backup policy. Depending on the types of data being
backed up, additional plugins can be installed on the client
as well.
Options Selecting a plug-in enables the options available for the

specific plug-in. A single dataset can include options
selections for more than one plug-in type. Options can be
selected from the items that are in the AUI or entered as
attribute/value text. Checking Show Advanced
Options expands the list of options that are displayed to
include options that may be used for troubleshooting or
fine-tuning the system.
Source Data Choose the base file systems, directories, or files that this
dataset can backup. Administrators can choose to either
select all data for all local file systems or enter explicit file
systems, directories, or files per plug-in type. If entering
explicit items, the default all local file systems entry for that
plug-in type is removed. Similarly, clients create a backup
for every plug-in that is installed on the client, if those
plugins have been specified in the same dataset.

Inclusions Specifies the items that administrators want to include in

the backup. Be sure that the correct plug-in is selected
from the list. The Inclusion tab is only available with
Avamar File System plugins. This is the exception to the
exclusion in the Source Data tab.
Exclusions Specifies items to exclude from the backup dataset

specified in Source Data. Be sure to select the correct plug-
in. Also, the exclusions only apply to the plug-in selected
when adding them to the list. The Exclusion tab is only
available with Avamar File System Plugins.

Administration Lab.
Go to: For more information about creating datasets, see

the Dell Avamar Administration Guide on the Dell Support
website.
Managing Backups
Avamar allows administrators to manage backups from the AUI or Avamar

Administrator. Administrators can list the backups run for a particular client
by selecting the client that is registered to a domain under the Asset
Management tab and clicking VIEW MORE.
The following management tasks can be performed on an Avamar backup

using the AUI:

Search for a Backup
D0LLEMC Avamar
«
(2) Dashboard
Q winO1.emc.edu
Asset Management Backup Policy Plugin Activity Information
Policy
C REFRESH Q SEARCH
®] Backup Policy
x Date 2020-03-16 to 2020-03-25 | retrieve |
Advanced Policy
March 2020
g. Replication Policy Lo-1 Sun Mon Tue wed Thu Fri sat Plugin Retention
G: Cloud Tier Policy 1 2 3 4 5 6 7

LO Windows Daily
Administration File System
8 9 10 n 12 13 14
S Setting
Proxy Management LO
15
22
a 23
17
24
18 19
26
20
27
21
28
Windows
File System Daily
® System
29 30 31 Windows
Monitor O L0 File System Daily.Weekly,Monthly,Yearly
& Activity
A Event
M Fitness Analyzer
Search by Date
Select a client from the Asset Management, click Backup. Use the Search
option to search by dates.
Restore a Backup
win01 enx edu
Backup Pokey Plugei Activity Information
Restore Destination Client

Date 2020-03-23 to 2020-03-24 | etTaitvt ] <§> Restore to original client
1 Destination Client
Location Number DateATime Plugin Retention E
I O Restore to different c»ent
2 Backup Content
Destination C«ent '
20200324 .
® LOCAL 3 ^S^tem I 3 Destination Location
4 More Options
O LOCAL 2 SSs^m I 5 Summary
2020 03-23
O LOCAL 1 183507 D*y Weekly MontniyVeoriy
Restore
Avamar allows administrators to restore a regular or replicated backup to

the original client or to a different client based on the requirement.

Recall a Backup
Q wmO1 emc edu

Backup Policy Plugin Activity Information
C REFRESH Q SEARCH £ RESTORE RECALL ® DELETE MORE ACTIONS
x Date 2020-03-23 to 2020-03-24 RETRIEVE
Location Number Date&Time Plugin Retention E
202003-24 Windows
LOCAL 3 02 00 32 Daily
GMT*0 Fie System
202003-24 Windows
LOCAL 2 01:00:21 Fie System Daily
GMT*0
202003-23 Windows
LOCAL 1 18:35:07 Fie System Daily,Weekly.Monthly.Yearly
GMT*0
Recall a Backup
Avamar allows administrators to recall the backup directly to the client

from a cloud unit if the tier status of the backup is CLOUD.
Delete a Backup
Q win0l.emc.edu
Backup Policy Plugin Activity Information
'
REFRESH H SEARCH I RESTORE DELETE I MORE ACTIONS
x Date: 2020-03-23 to 2020-03-24 | retrieve |
Location Number Date&Time Plugin Retention Expires Size
2020-03-24 Windows No end 415.99

LOCAL 3 02:00:32 Pile System Daily date MB
GMT+0
2020-03-24
o LOCAL 2 01:00:21
GMT-0
Windows
File System Daily No end
date
415.99
MB
2020-03-23
o LOCAL 1 18:35:07
GMT*0
Windows
File System Daily,Weekly.Monthly.Yearly No end
date
415.99
MB
Delete a Backup

Avamar allows administrators to delete a backup. This permanently

deletes the backup from Avamar. Unused data blocks from the deleted
backup are returned to free space when the next garbage collection
process runs, or, if the backup is stored on an integrated PowerProtect
DD, when the PowerProtect DD cleaning process runs.
Change Expiration Date

wnO1 emc edu
Backup Policy Plug* Activity information
'RtrersM I spahcm H ''nrsroor oeirre I mooc actions :
2020-03-23 to 2020-03-2* | oer^tve | Change expiration date

Change retention typed”1)/ Change expiration date
Location Number Date*Time Plugm Expires
_
® LOCAL 3
202003-2*
020032 n>ww>
Fie System
nîv No end
date
O *MeM>on penod
® E -a Mt«
60
03/2S/2O20
GMT»0 OHotna«!»
LOCAL 2 W”4
G^r-o
»»rXA7W>
Fie System
PlWw No end
date
2020-03-23 Windows
LOCAL 1 «3507 Fie System Daiy.Weewiy Monthly Yearly
gst-o
Change expiration date
The expiration date can be a specific date that is selected or a retention

period of days, weeks, months, or years.
Avamar allows administrators to configure a backup to remain in backup

storage for as long as the client remains active on the Avamar server.
Change Retention Type
Q wind emc edu

Backup Pokey Plugm Activity information
C REFRESH| SEARCH I ^RESTORE Change retention type

Date 2020-03-23 to 2020-03-24 | aeraieve | Change expiration date
Change retention type Q Daily
Location Number DateATime Plugin Expires
Q -Veeky
2020-03-24 Windows No end
LOCAL 3 020032 File System Day
date Q Monthly
GMT-0
Yearly
2020-03-24 ¥VIIIWUA> No end
LOCAL 2 010021 File System
GMT*0 date O Not tagged
2020-03-23 Windows No end CANCEL OK

LOCAL 1 18 35 07 Fie System Dai y.Week y Monthly Yeary date
GMT*0
Change retention type

The administrator automatically assigns one or more retention types to

every backup. Administrators can manually change the retention types
assigned to a backup.
For example, the first backup that is created on an Avamar system is

tagged as daily, weekly, monthly, or yearly. If no tag is wanted the
option Not tagged is assigned.

Administrator Lab.
Avamar Backup and Maintenance Windows
Avamar divides each day into two operational windows during which
various system activities are performed:
Backup and maintenance window durations
0 1 2 2 4 5 6 7 S 9 10 11 12 1S 14 15 16 17 18 19 20 21 22 28
24 Hours duration - Amonca Now.York
S Backup Window
•Maintenance window
Backup and Maintenance Window

Backup The time the Avamar server reserves for performing

Window regular, scheduled backups. During the backup window,
the Avamar server does not run any server maintenance
activities. By default, the Backup Window is configured to
start at 8 P.M. and end at 8 A.M. Configure all backup
scheduled backups to start, run, and complete during the
time that is defined in the Backup Window. Avoid creating
any schedules that extend into the Maintenance Window, as
backups that are running cause garbage collection
performance to drop.
Maintenance This is the time the Avamar server reserves for performing
Window maintenance activities. During the Maintenance Window, the
Avamar server runs garbage collection, takes a
checkpoint, runs checkpoint validation (HFS check), and
takes a final checkpoint.
If the Avamar server is integrated with a PowerProtect DD,
the data maintenance operations, aside from garbage
collection, are performed on the DD storage. With an
integrated PowerProtect DD, during garbage collection, a
list of cleanable hashes is sent to the PowerProtect DD
and the associated data will be cleared and returned to
free space on the PowerProtect DD when the next DD
cleaning process runs by default, once a week.
Important: The start times and duration of the operational

windows can be customized to meet specific site
requirements. However, the customization should be
done cautiously, as any changes that are made to the
windows have the potential to negatively impact server
maintenance activities.

Examine Avamar and PowerProtect DD Integration
Avamar Integration with PowerProtect DD Overview
Dell PowerProtect DD series appliances are used to store backup data

from Avamar clients. During a backup, the Avamar server sends a backup
request to the Avamar client. If the backup request includes the option to
use a PowerProtect DD as the target, backup data is stored on the
PowerProtect DD, and metadata21 is stored on the Avamar server.
Some of the features of integrating Avamar with PowerProtect DD include:
• Avamar manages backup clients, schedules, datasets, and other

policies.
• PowerProtect DD integration, PowerProtect DD stores backup data
from clients. Clients send data directly to PowerProtect DD using DD
Boost technology. As a result, only file cache is used as DDBoost API
integration, which shortens the client-side caching process.
• VMware image backups are configured for rapid recovery using the
Avamar instant access feature. With instant access, the virtual
machine image backup is staged to a temporary NFS share on the
PowerProtect DD. If needed, vSphere can be used to initiate a Storage
vMotion operation. The vSphere client is then used to power on the
virtual machine.
21Metadata is the backup information such as date, time, retentions,

schedules, and client name. This is used as pointers to the backups on
the PowerProtect DD.

Important: Avamar manages maintenance operations for

both Avamar and the PowerProtect DD appliance.
Important: Avamar does not store the original path and

file name for a file on the PowerProtect DD appliance.
Instead, Avamar uses unique file names on the
PowerProtect DD appliance.
PowerProtect DD Integration Features
Integrating Avamar with PowerProtect DD provides the following features:
Feature Functionality
Instant Access A virtual machine backup is booted from the

PowerProtect DD without performing a restore back
to the VMware datastore. This feature of
PowerProtect DD integration is known as Instant
Access.
Checkpoint Single-node servers and AVE servers enable Avamar

Backups to to perform backups of checkpoint data to a
PowerProtect PowerProtect DD. Disaster recovery is possible
DD without the need for a second Avamar server. If a
disaster occurs, the checkpoint can be restored.

Token-Based Avamar can establish a connection to a PowerProtect

Authentication DD using the DD Boost Token-based Authentication.
In Token-based Authentication, each token is unique.
The token exists only during a backup. The clients do
not store any of the credentials. The risk of breach
into a system is greatly reduced. This feature is
important for multitenant BaaS environments.
Avamar clients connect securely to the PowerProtect
DD without going through login formalities.
REST API REST API provides Quota management and

PowerProtect DD physical capacity reporting.
Cloud Tier Avamar leverages the PowerProtect DD Cloud

Tiering Feature. The feature allows older backups to
be tiered to cloud-based storage for long-term
storage.
Age-based policy support for PowerProtect DD Cloud
Tier.
Single administrative step backup recalls from cloud
restore to clients.
Go to: For more detailed information, see the Avamar

and Data Domain System Integration Guide and or DDOS
Administration Guide on Dell Support website.
Important: PowerProtect DD cloud storage units must be

preconfigured on the PowerProtect DD appliance before
they can be configured for cloud tier in the AUI.

Types of PowerProtect DD Configurations with an

Avamar Environment
The following are the three different types of backup configurations with an
Avamar that is integrated with a PowerProtect DD appliance:
Basic Configuration
The basic configuration consists of a single Avamar server with a single

PowerProtect DD appliance, backing up several Avamar clients. When a
backup is kicked off, the Avamar server sends a backup request to the
Avamar client. The Avamar agent on the client recognizes a PowerProtect
DD backup request and launches the DD Boost client. DD Boost performs
deduplication and streams the backup data to the PowerProtect DD.
Metadata for the backup is sent from the Avamar client to the Avamar
server. Avamar still performs all management and tracking tasks for the
backup.
Metadata for the backup is sent from the Avamar client to the Avamar
server. Avamar manages the backup even though the data is stored on a
PowerProtect DD system. Metadata is stored on the Avamar system, and
the backup data is sent to and stored on the PowerProtect DD.

Multiple PowerProtect DD Appliances
Database Backup Client
Full Database Backup
Incremental Database Backup
Physical Windows File Server Backup

Client
The multiple appliance environment has an Avamar system with multiple

PowerProtect DD appliances. To separate data, use multiple
PowerProtect DD appliances with a single Avamar server.
This type of configuration provides a large amount of storage by using

multiple Data Domains. When using this type of configuration, be sure that
the Avamar server is sized properly so that it can store all metadata.
Having multiple PowerProtect DD appliances also increases the number

of simultaneous backups allowed. When directing one backup to two
different PowerProtect DD appliances, keep in mind that the data from one
system is not deduplicated against a single one.

Backup clients that use incremental backup22 strategies must store the
incremental on the same PowerProtect DD appliance as their associated
full backups.
Shared PowerProtect DD Appliance
A shared environment is where an Avamar system and another backup

system share a PowerProtect DD appliance. The other backup solution
can be any other backup product that uses a PowerProtect DD appliance
or it can be another Avamar server.
The PowerProtect DD logically separates the data from different sources

by storing it in different Mtrees.
When using a single PowerProtect DD with multiple Avamar servers, be

sure that there is enough capacity 23on the PowerProtect DD. Keep in
mind that each PowerProtect DD appliance has a limited number of
streams and Mtree. These resources must be shared among the Avamar
and other backup applications.
Important: Backup data is not staged on the Avamar

before it is sent to the PowerProtect DD.
Back Up Processes for PowerProtect DD with Avamar
The backup process for Avamar that are integrated with PowerProtect DD
uses the DDboost Protocol. DD Boost provides deduplication at the client
22 Typically database log backups, incremental backups can be taken

multiple times a day. This is used for point in time restores.
23 Capacity planning can be more difficult when PowerProtect DD storage
is shared amongst multiple systems.

so that only unique data is sent across the network. The method is similar
to how Avamar provides deduplication except that the file cache is not
used (except for file system backups).
The DDboost SDK is installed automatically on the client system during

the installation of the Avamar client. The following steps are performed
during a backup with a PowerProtect DD:
• When a backup request is made, DD Boost software on the client

divides the data into variable size segments which create a unique
hash that is seen by PowerProtect DD as a fingerprint.
• The client checks to see if the segment has already been stored.
• If the unique segment has not previously been seen by the client and
or found in the DD Summary Vector Array (segment catalog in DD
appliance RAM) on the DD appliance, the client compresses the data
and sends it to the PowerProtect DD.
• The PowerProtect DD appliance writes the data to its own file system
or disk.
• For most backup types, the file cache is not used. File system
backups, however, do use a file cache. If a file has not changed since
the last backup, it does not get segmented, and its segments are not
queried against the PowerProtect DD.
Important: Before the DDboost can be used, the

PowerProtect DD appliance needs to be configured to
accept DDboost data.
Adding and Deleting a PowerProtect DD System to

Avamar
When a PowerProtect DD system is added to the Avamar configuration,

Avamar creates a Management Tress (MTree) on the PowerProtect DD
system for the Avamar server. The MTree are storage directories that are
used by PowerProtect DD to provide more granular management of data,

enabling data from different sources to be managed and reported on

separately using separate MTree.
Before a PowerProtect DD can be deleted from Avamar the following

requires validation:
• All backups and checkpoints must be removed.

• The PowerProtect DD must be online.
• There must be more than one PowerProtect DD configured for the
Avamar.
Adding a PowerProtect DD
The following prerequisites must be configured on the PowerProtect DD

before Avamar is integrated:
• DD Boost user must be created. The DD Boost user needs

Administrative privileges on the Data Domain.
• If using key-based SSH to connect with the Avamar, the SSH public
key must be added to the DD Boost user.
• SNMP string needs to be configured.
A PowerProtect DD system is added to Avamar through the AUI using the

Add Data Domain System wizard under the Server Management tab
and then selecting Actions.
Deleting a PowerProtect DD
Before deleting a PowerProtect the following must be confirmed:
• The PowerProtect DD that is to be deleted must be online.

• Verify that no backups from clients that are managed by the integrated
Avamar server are stored on the PowerProtect DD appliance that is to
be deleted.
• Verify that no Avamar checkpoints from the integrated Avamar server
are stored on the PowerProtect DD appliance that is to be deleted.

• Verify that all expired backups on the PowerProtect DD appliance are

deleted through the Avamar garbage collection process.
• A new validated checkpoint must be created on the Avamar after the
PowerProtect DD is deleted.

Administration Lab.
Go to: For more information about adding or deleting and

PowerProtect DD, see the Dell Avamar and Data Domain
System Integration Guide on the Dell Support website.
Warning: If an Avamar server has multiple PowerProtect

DD appliances that are integrated, deletion of a DD
appliance can be performed, however, deleting the last
PowerProtect DD appliance from an Avamar server
requires advanced services.
Restoring from PowerProtect DD with Avamar
The restore process from the AUI is the same whether Avamar is
integrated with PowerProtect DD or not. The difference is the workflow,
which is transparent to the backup administrator.
When the restore of a backup is initiated, the Avamar server uses the
stored metadata from the backup to locate the data on the PowerProtect
DD. The backup is restored directly from the PowerProtect DD to the
client.


Administration Lab.
Impacts of Avamar Maintenance Activities on

PowerProtect DD
Avamar runs maintenance every day at the beginning of a 12-hour window

and communicates the same to PowerProtect DD as well. PowerProtect
calls its maintenance cleaning. Cleaning should not be run on the same
schedule as the Avamar maintenance, it only runs once a week.
During this 12-hour period Garbage Collection runs, the other time is
spent on checkpoints and HFS checks. If the HFS check completes before
the 12-hour window, the maintenance completes.
Avamar communicates maintenance commands to PowerProtect DD

using the ddrmaint service. The ddrmaint service is installed on the
Avamar Utility Node as part of the installation package.
The Avamar and PowerProtect DD operations that are impacted are:
Operations Impacts

Garbage GC runs daily and identifies hashes that have expired

Collection and hashes from canceled or failed backups. At same
(GC) time the hashes are sent to the PowerProtect DD24 to
clear the corresponding data.
Checkpoint Avamar creates a checkpoint, and then the PowerProtect

(cp) DD takes a snapshot25 of the entire directory.
HFS Check HFS verifies the integrity of the data in the checkpoint.
Upgrading PowerProtect DD Integrated with Avamar
Upgrading the DD OS before upgrading the Avamar server is

recommended but not required. If the DD OS is not upgraded before the
Avamar server, the DD OS should immediately be upgraded afterward.
Go to: For more information about upgrades, see the

Dell DD OS Administration Guide on the Dell Support
website.
24 Data Domain runs cleaning only once a week. It moves the data to
/DELETED directory under its cur directory under the Avamar Mtree. By
default, on Tuesday when Data Domain runs cleaning, it clears the entire
/DELETED directory. Recoveries of backups are not possible after hashes
are deleted from Avamar, and the space is reclaimed from Data Domain
only after weekly cleaning is successful.
25 In the event of a rollback on Avamar, the cp allows the Data Domain to
run a fast copy operation of that snapshot back to its point in time.

Important: To ensure that there are no compatibility

issues, verify that the version of DD OS being upgraded
to is compatible with the version of Avamar. To verify
compatibility, use the E-LAB Navigator.

Managing Avamar Restores
Types of Avamar Restores
Administrators can restore by the date of the backup and then restore to
either the same original location, a different location, or multiple locations.
To find a backup by a date, go to Asset Management and select the

domain where the client resides from the domain tree. Once the client is
selected, click VIEW MORE from the Client Summary window. Below are
the options for restoring:
Restore to Original Client
Avamar can restore to the original client and original locations.
Be sure to see the user guide for each plugin for more details for restores.
Backup Content o x
’□ D Contents of Backup MOD-1649940625755 - 18 C
’ Q &c
* S D Recovery e Name Date Size
D System volume I
2021-12-06 16 1
Q DRecovery 0
* H & Users 800
B D administrator Q
..System Volum
“e information
2021-12-16 1301
S3 20 09 KB
Q t) All Users
2021-12-06 16 1 104 GB
Q &use's 023
B Default
> B Default User
D oemouser
BD
Q3 1-3o<3Ne$
CANCEL
Restore to original client
Restore to Different Client
Administrators can restore to a different client by choosing another client

and location for the restore. The Destination Location can be same directory
location or an alternate location.

Be sure to refer to the user guide for each plugin for more details for
restores.
Backup Content X
Contents of Backup MOD-1649940625755 - 18 C:

D
- be
CJ Recovery D Name Date Size
D System Volume I
DRecovery 2021-12-06 16 1 0
D Users B 800
^System Volum 2021-12-16 13 01: 20 09 KB
B “e Information 53
2021-12-06161 104 GB
B 023
Q3 1-3of3fie$
CANCEL BACK NEXT
Restore to a different client
Restore to a New Virtual Machine
Administrators can also restore VM backups to a new virtual machine

Similar to the restores to original or a different client, but when the
Destination Location window is displayed, the Restore to New Virtual Machine
appears. Select the vCenter and provide the Virtual Machine Name in the
Advanced Config section.

Restore Content x
Avamar
Ale Level Restoce O Cooims or Boom MOO-êeiuSKOu' -

Dcmar © Asset Manageêr’ I Corts'*
3 aunts [^ 3 *o~«« •[ ] D Osks

Q Hard disk 1 - [LOC
°
/
#VX-01 VMAOM
No Data
Restore Summary X
Restore Basic Config X
Source Client /vcanterOt oamo localMriuaiMacnr>e$/UnuM_NEF3S8agOnQ9C4(uqwSBvA
Destratror Restore to Ongnai Vrtuai Macrre 1 Content
1 Content
Type Pastore to Ongnai Virtual Mathre
2 Bas< Config
2 Basic Config
Post Restore Op"xrs Do not power on VM after restore -
3 Summary Pesto'* as a "ew ask *Mse
Pesto** Virtual Macnne
Cor*gu*atKin Pastore vrtuai Macrene
Pesto** as a new ask Confjguraacr
Post Pestora options Do not power on VM attar restore
Use CBT to increase 3

oer'cnrence
Pro«y
CANCEL BACK FINISH
Restore to a new virtual machine

Administration Lab.
Operating System Server Recovery Solutions
Avamar is compatible with the native OS-specific server recover solutions

to achieve various levels of server disaster recovery.
• Windows Operating System

• Windows Server Operating System
• RedHat
• Linux
• Oracle Solaris

Important: Use the E-Lab Navigator for details on

supported versions.
Volume Shadow Copy Service (VSS) Recovery Pre-

Requisites
Before performing a disaster recovery, ensure that a completed system

backup of the Windows client exists. This backup must include the system
state data that is captured with the Windows VSS plugin. Verify the
following:
• Check the contents of the backup in the Backup and Restore interface to
ensure that there is an entry for the Automated System Recovery
(ASR) writer.
• To recover from a disaster, provision new hardware that is similar to
the original hardware. The disk size must be at least the same size as
the source. Also, be sure to have the same number of disks.
Tip: This plug-in is also used for the Active Directory

server backups.

Administration Lab.

Avamar Bare Metal Recovery Wizard
The bare-metal recovery uses a customized Windows Preinstallation

Environment (WinPE) boot disk that provides a minimal set of Windows
features. The installation of the full operating system is not required. The
new server can boot from the WinPE disk and restore all data back onto
the hard drive, including the original operating system. The ISO for this
disk is in the Avamar Downloads webpage.
The WinPE ISO can also be added as a boot image to a Windows

Deployment Services server. This allows the new bare-metal server to
boot the image from the network instead of a local USB. Restoring a
physical server to a virtual machine is also supported. This can be useful if
a server must be recovered immediately before new hardware is available.
During the disaster recovery, all critical disks are formatted.
When the new client is booted from the WinPE disk, the Avamar System
Recovery Wizard is displayed. The wizard asks for date and time
information, networking information, the address of the Avamar server,
and the backup to recover from.
The Avamar System Recovery Wizard asks for the following:

Avamar System Recovery Wizard
• Date and Time

• Networking Information
• Avamar Server Address
• Location for recovered backup
• Disk Details
• Operating System Settings

Windows Full System Backup
Windows full system backup for the client must be performed to

successfully recover a Windows server. A full system backup is performed
using the Windows VSS plugin.
The VSS plugin does not back up critical disks on shared storage in a
cluster. If the server has shared cluster storage, the cluster share must be
backed up using a file system plugin.
Click on the green boxes for more information:
1: The Options tab allows administrators to add a Snapup Label and

have options to select for Create Disaster Recovery Backup.

New Dataset Full System_Window
2: Select plugin Type, use the Windows VSS option. The Backup is
performed using the Windows VSS plugin.
3: Clear out all other plugin options, and add in the VSS options. The
dataset should have client file system and system state data.

Policy Dataset X
Dataset New
1 Properties
Dataset Name Full System Windows
2 Members
Plugin Filter All Plugins
3 Dataset
Plugins Options Source Data inclusions Exclusions
Windows ShareF * Windows VSS

[ | Windows Sybast Show Advanced Options O
Windows VMwai Snapup label
Windows VSS
Q Create Disaster Recovery Backup
CANCEL BACK NEXT

Administration Guide and Avamar Windows Servers
Users Guide on the Dell Support website.

Exploring VMware Backups and Restores
Avamar Guest Backup Overview
Configuring the virtual machine for guest level backups is identical to

installing a physical Avamar client:
• Open the web browser and type in

https://Avamar_server/dtlt/home.html where the
Avamar_server is the DNS name or IP address of the Avamar.
When the Downloads Page appears, download the operating system
platform for the specific client.
• Once the download is complete, Register and Activate the client with
the Avamar server.
Guest Backup Overview
Guest backups protect the VM data with the Avamar client software.
Installing and registering are the same steps when installing and
registering a physical client.
When registering VM clients protected by guest backup, do not register

them to a vCenter domain. Doing so prevents the administrator from
locating or managing that virtual machine in Avamar Administrator.
Instead, register any virtual machine clients that are protected by guest
backup to some other domain or subdomain (for example, /clients).
For application consistent backups of applications such as Microsoft SQL,

Microsoft Exchange, Oracle. The corresponding plug-in software is
available to be installed in addition to the Avamar client software.
Considerations and Guidelines
The advantage of using guest-level backups:
• Backups fully support all applications and operating system clients that
are provided by Avamar.

• Each virtual machine is separately managed. In a large environment,

this can add up to a significant number of VMs. In order for guest-level
backups to run the host VM needs to be powered on, and on the
backup network.
• It is the only way to protect virtual machines that are not hosted in a
virtual environment (for example, desktops and laptops).
• Application plug-ins and their features add the ability to exclude data
from the backups.
Go to: For more detailed information, see the Avamar for

VMware Users Guide Dell Support website.
Important: See the E-Lab Navigator for a list of supported

clients.
Avamar Image Backup Overview
Avamar offers two ways to protect data on VMware virtual machines:

image backup and guest backup.
Before configuring VMware Image Backup, configure communication

between the vCenter and the Avamar26 server. The vCenter server is also
added as a client to the Avamar server.
26The Avamar server uses the vCenter server to gather information about
the target virtual machines and manage them during backup.

The image backup uses VMware vStorage API for Data Protection
(VADP) to protect virtual machine (VM) data. This is fully integrated with
vCenter Server to allow for detection of the VM clients and enable
centralized management of backup jobs. Multiple image proxies can be
configured for a single system. Proxies share the load of the backup jobs,
allowing for better performance.
Below are the descriptions of Avamar image backups processes:
Image Backup Overview
vCenter Server (physical or

Virtual)
TCP/IP
Clients
vcenter
Proxy
VM1
VM2
VM4
VM5
Avamar Server
Fibre Datastore
Avamar Image Level backup
Image backups are fully integrated with vCenter Server to provide

detection of virtual machine clients and enable efficient centralized
management of backup jobs. Images backups are application consistent
and sufficient for most use cases.
Some of the advantages of Image level backups are:
• VM does not need to be powered on.

• VM does not need to be on backup network.

• Backup command runs on Proxy.

• Proxy does DDBoost processing.
Some of the disadvantages of Image level backups are:
• Files or directories cannot be excluded but Changed Block Tracking

(CBT) helps reduce amount of data that needs to be deduplicated.
• Limited support for Application Consistent backup and recovery (VSS
SQL).
Proxies
Image backups and restores require deployment of proxy virtual machines

within the vCenter. Proxies run Avamar software inside a Linux virtual
machine. Deploy Proxies using an appliance template (.ova) file or the
Proxy Deployment Manager.
The image proxy VM is created on the ESXi server by importing the .ova
file. Dell Technologies recommends deploying multiple proxies to allow for
several simultaneous backups.
Each proxy provides the following:

> CPU 4 CPU(s)
> Memory 4 GB, 3.12 GB memory active
> Hard disk 1 20 GB
> Hard disk 2 1 GB
> Network adapter 1 VM Network (connected)
CD/DVD drive 1 Disconnected
> Video card 4 MB
VMCI device Device on the virtual machine PCI bus that provides support for the
virtual machine communication interface
Other
Controllers PCI controller 0

IDE 0
IDE1
PS2 controller 0
SIO controller 0
SCSI Adapters SCSI controller 0 (LSI Logic)

SCSI controller 1 (LSI Logic)
Input Devices Keyboard

Pointing device
Compatibility ESXi 5.5 and later (VM version 10)
Edit Settings...
Default Requirements for proxy virtual machines
• Backup of Microsoft Windows and Linux virtual machines (entire

images or specific drives)
• Restore of Microsoft Windows and Linux virtual machines (entire
images or specific drives)
• Provides selective restore of individual folders and files.
Each proxy can perform eight simultaneous backup or restore operations,

in any combination. They are allowed in any part of the Avamar
Administrator account management tree except the vCenter Server
domain.

Snapshots
A snapshot is a temporary creation of the virtual machine. If the virtual

machine is running at the time of the backup, the snapshot can impact
disk I/O and consumes disk space on the datastore.
Custom scripts can be created to run during the backup of a virtual

machine. A prescript can run before the VMDK snapshot process begins,
and a postscript can run after the snapshot creation has finished. These
custom scripts27 can be used to quiesce the applications that are running
on the VM.
Create DataSet
Dataset Name TruncationSQL
Plu9ins Options Source Data
Windows Oracle RMAN

Pre-snapshot Script
Windows SAP witn Oracle
Windows SOL Script file:
Windows SharePoint
Maximum script run time (minutes): 5
[j Windows SnarePomt VSS
[J Windows Sybase ASE
Post-snapshot Script
Q Windows VMware image
Script file:
n Windows VSS
CLOSE SUBMIT
Adding custom scripts in Create Dataset
The Avamar image backup supports three types of virtual disks:
• Flat (version 1 and 2)
27In order to use custom scripts, the scripts must exist on the virtual
machine. In the backup options, specify a path to the scripts and provide a
username and password for a virtual machine user account that has
permission to run these scripts.

• Raw Device Mapped (RDM) in virtual mode only (version 1 and 2)

• Sparse (version 1 and 2)
The supported architectures for image backups are the following:
• Fiber channel Storage Area Networks (SAN) hosting VMFS and RDMS
• iSCSI channel SAN storage
• Network File Share (NFS)
Image Backup Limitations
Image backups offer moderate deduplication efficiency and do not

consume guest level machine resources, such as CPU, RAM, or disk
during backups.
The following are system-wide limitations that apply to image level

backups:
Types of Limitations Results
Special characters are not Because of this limitation in the

allowed in data center, datastore, vCenter software, when special
folder, or VM names. characters are used in these areas
the .vmx file is not in the backup.
Avamar server upgrades require After an upgrade of the Avamar

proxy reboots. server, the administrator manually
has to reboot all proxies that are
connected to the Avamar server.

Changing a VM disk The next entire image backup to be

configuration (adding or processed as a full backup. Virtual
removing a disk). disks are processed, and changed
block tracking is not used.
The vCenter nested containers. When backing up a VMware

container that contains other
containers, Avamar only backs up
the top level of the hierarchy. Two
solutions for this limitation:
• Flatten the container structure.
• Add the vApps to Avamar as
separate container entities and
back up separately.
Important: Dell Technologies recommends using a SAN-

attached datastore to reduce traffic over the IP network.
When SAN connectivity is not available, using guest-level
backup is preferred.
VMware Image Backup Process
The image backup is initiated either by a scheduled Avamar group or an

on-demand by an Avamar user. The Avamar server communicates28 with
the vCenter server in order to prepare the backup.
28 Communication between Avamar and vCenter is on port 443.

The vCenter server creates a temporary VMware snapshot of the virtual

machine client. This snapshot is a point-in-time copy of the virtual machine
that allows the virtual machine to continue running throughout the backup
process.
The proxy mounts the virtual machine files and creates a temporary
snapshot29 and deduplicates, compresses, and sends the data to the
Avamar server.
VMware Image Backup Configuration
Configuring MCS for Guest and Image backups
By default, Avamar only allows one instance of a client name. In order to

support using both image and guest backup to protect the same virtual
machine, configure the Avamar MCS to allow duplicate client names.
29Once the backup completes, the vCenter server removes the temporary
snapshot.

<entry key=”cncrypt _servcr_authent icate" va luc="true" z>

<entry key="c Uent_t ineout_sec" va lue="10" z>
<entry key="def au ! t bu lk_user perm iss ion" va lue="cnab led . read , back
up" z>
<entry key=ssl_ciphers" va lue="TLS_ECDHE_RSA_W I TH_AE3_1Z8_CBC_SHA
Z56 . TL3_R3A_U I TH_AE8_Z56_CBC_3HA . TL3_RSA_U 1 TH_AE3_Z56_CBC_3HA” z>
<entry key="c 1 ient_Hsten_port" va lue=”Z8O0Z“ z>
<entry key="custon_start_ weekday for week lyretent Ion" ua iue="none
”
z>
<entry key="a 1 lou dup I icate_c I ient nanes" va lue<*true”>’>
<entry key="mcs_ssl_iio_cl lent_auth_service_port'* vaTue="30003" ✓>
<entry key="logFi leStorePol lerSieepMinutes" va lue=" 1440" z>
<entry key=”va I idatevm namepref i x" value="EHC U0LIDATIHG" z>
<entry key="ncs_ssl_ta lk_f irst” va lue="true" z>
<entry key="custom_start month_f or_year ly_retent ion" va lue="none”
z>
<entry kry="proxyda tas torr napp i ngmode” va lue=” i n i t ia I ” z>
<zmap>
<znode>
<node name* "dashboard ">
<map>
mcserver.xml
Container Clients
Containers provide the capability of managing multiple virtual machines,

vApps, virtual machine folders, and resource pools. When the
administrators add a VMware container to Avamar all VMs within it are
treated as a single object. Containers are created and managed by
VMware; they are not configured in Avamar.
Containers are defined as either dynamic or static when added to the AUI.
• Dynamic containers include all contents of the vCenter container.

Avamar monitors the container entity in vCenter. When changes occur
(for example, virtual machines or folders are added or deleted), they
are automatically reflected in the AUI.
• Static containers only include what is in the vCenter container at the
time that it is added to Avamar. If subsequent changes occur in
vCenter, is not reflected in the AUI.
Avamar scans only the top-level container when detecting virtual

machines. Nested VMware containers (a container that contains other
containers) result in subcontainers being added to Avamar as one
entity and VMs inside the subcontainers cannot be individually backed
up.
Two solutions exist for this limitation:

• Flatten the container structure.

• Add nested vApps to Avamar as separate container entities so that
they can be backed up separately.
VMware Image Groups
VMware Image Groups
Avamar has three default groups for virtual machines:
• The group created under the domain of the vCenter. This type of group
behaves like any normal group except that clients can be assigned to
different proxy servers.
• The Default Virtual Machine group is where new virtual machine
clients are automatically added when they are registered.
• The Default Proxy group is where VMware image proxy clients reside.

Integration with VMware Lab.

Autodiscovery of Virtual Machines
The Avamar server uses rules to automatically map autodiscovered

virtual machines to domains and to assign backup policies to these VMs.
Rules use one or more filtering mechanisms to determine whether VMs
qualify for inclusion in a policy.
Enable Dynamic VM Import By Rule
Edit Client
Basic Contact VMware
Username ’ administrator@vsphere.local
Password Password
Confirm Password Corfinn Password
Port 443
Q Enable Dynamic VM import by rule
Q Enable Changed Block Tracking
ADD RULE CREATE RULE
Rule Domain
CANCEL
Editing vCenter client to add Enable Dynamic VM import by rule
Autodiscovery uses domain-mapping rules to map a new or moved VM to

Avamar domains. These rules are selected or created when Enable
Dynamic VM import by rule is selected during the configuration of the
vCenter client.

Create Rules
New Rule
Rule Name VMs start with demo
Match Type All
Filter Operator Value Actions
VM Name v equals v demo Delete
CANCEL SUBMIT
Creating a New Rule for all VMs that start with name demo
Rules30 are applied across the entire virtual environment, so VMs from
various hosts, folders, and vApps can all match the same rule. Rules allow
the administrator to filter virtual machines based on various attributes such
as the VM Name, tag, vApp, and more.
More Autodiscovery
• In addition to autodiscovering new VMs, vMotion of VMs from one

vCenter to another is also automatically detected by the Avamar
software.
• If the new vCenter hosting the VM is configured in Avamar, the VM is
automatically moved from the original vCenter client to the new
vCenter client using the same user-defined rules to assign its domain
and backup policy.
• If a VM is deleted from vCenter, it is automatically removed from the
vCenter client. For dynamic containers, VMs deleted on the vCenter
30When protecting an ESXi only the VM names and the root folder are
supported in rules.

server will not be fully removed from Avamar, but the VM's icon will
turn from blue to gray. This allows backups that are taken of the
deleted VM to still be restored until they expire.
Important: vCenter 5.5 and later releases support the

autodiscover feature. However, vCenter must be release
6.0 or higher to use VM tags in rules.
Important: Avamar does not support the Autodiscovery for

template VMs.
Virtual Machine Restore Overview
Avamar provides two distinct mechanisms for restoring Virtual Machine

(VM) data:
• Image Restores contain an entire image or specific drives.

• File-Level Restores contain specific folder and files.

Virtual Machine Restore Workflow
Here are the steps when a restore is initiated:
1. The vCenter server creates a temporary snapshot.

2. The proxy mounts the snapshot.
3. Avamar Server or PowerProtect DD sends the data to the proxy.
4. The proxy reassembles and writes the data to the VM snapshot.
File-Level Restore Process Overview
File Level Restore (FLR) enables the administrator to restore individual

files from a backup without requiring a full (image-level) restore. The
administrator can browse the files and folders that are contained within a
backup volume to select specific items.
The two methods for FLR are as follows:
HTTPS
The Avamar VMware FLR feature is implemented using a proxy server. By

default, Avamar uses the HTTPS protocol to perform the file-level restore.
Using HTTPS to download the files is faster than the file copy method.
The process requires that the virtual machine is powered on, and have a

network connection. The proxy server uses AvFS, which allows the proxy
to access the backed-up VMDK files.
When a file level restore is initiated:
• The proxy sends a customized download script that contains all the
requested file names to the client virtual machine.
• The client runs this script, which downloads the files from the proxy
with the wget command. To take advantage of the performance
improvement. The wget needs to be installed on the client prior to use.
File Copy
Avamar uses the File Copy method only when the HTTPS is not available.
The File Copy method can be used if the client is offline, and only a small
amount of data needs to be restored.
When a file level restore is initiated:
• The proxy mounts the AvFS share.

• The proxy uses custom Avamar code to extract specific files from
VMDK files.
• The VMware VIX API moves the files into the client VM. The VIX API
requires that the VM client is powered on, it does not require a network
connection.
Instant Access - PowerProtect DD
The Instant Access feature enables booting backed-up virtual machines

that are on the PowerProtect DD appliance. The administrator can access
the files in the backup.
To use the Instant Access feature, select Instant Access in the

Destination field while performing restores.

Instant Access Process
Instant Access includes the following activities:
1. Instant access is initiated by using the Avamar AUI.

2. The selected VMware backup is cloned (Data Domain fastcopy) to
temporary NFS share on the PowerProtect DD system.
3. Temporary NFS share is exported, and mounted on ESXi host.
4. The administrator can now access the VM as they would any other VM
residing in the ESXi host.
The administrator can choose to migrate the virtual machine from the
PowerProtect DD NFS share to a datastore within the vCenter using
storage vMotion.
Upon completion, the NFS share is deleted using Avamar Administrator.

Managing Avamar Replication
Avamar Replication Overview
The Avamar replication job copies client backups from the source Avamar
system to an alternate destination31. Replicating backups to an alternate
destination protects against data loss if the source Avamar system fails.
Avamar also provides the option to perform policy-based replication and
command-line replication.
Avamar Replication is the process of logically copying backup data from

one or more source Avamar servers to a destination or target Avamar
server. Replication is configured and run using the AUI and or the Avamar
Administrator and can be scheduled or on-demand. This data is encrypted
during the transmission process. Replication can also integrate an Avamar
system with PowerProtect DD in the source and the destination.
The replication process is initiated from the source Avamar server. If the
data that has been selected for replication includes data that is stored on
the source PowerProtect DD, the source Avamar queries the target
Avamar server to ensure that there is a target PowerProtect DD. The
source Avamar also communicates with the target PowerProtect DD to
ensure that replication is possible.
The source Avamar replicates metadata to the target Avamar while the
source PowerProtect DD sends backup data directly to the target
PowerProtect DD. Since the source Avamar server must communicate
with the target PowerProtect DD, it is not possible to separate the Avamar
and PowerProtect DD traffic onto separate networks. The data is not
staged on the Avamar server.
31The alternate destination can be an environment either having an

Avamar server or an Avamar server that is integrated with the
PowerProtect DD appliance.

Ensure that the target site has an Avamar server that is configured with its
own PowerProtect DD. Be sure that the destination systems have enough
capacity to store all data, especially when multiple systems are replicating
to one.
Prior to setting up any replication, first add replication for each system.
The administrator must set up one or more replication groups that define
the settings and if needed, create a daily, weekly, or monthly schedule.
Go to: For more detailed information, see the Avamar

Administration Guide on Dell Support website.
Warning: If the source PowerProtect DD is used to store
El data other than the Avamar backup data, it will not be

replicated. Configure replication for this data separately
through the PowerProtect DD interface.
Replication Types
Policy-Based Replication
Policy-based replication provides greater control of the replication

process.
With policy-based replication, administrators can create replication groups

in the AUI that define the following replication settings:

DeiLEMC Avamar
«
Replication Policy
0 Dashboard
!*• Asset Management + ADD C REFRESH
Policy
®| Backup Policy Name Enabled Schedule
[Jl Advanced Policy
| % Replication Policy
(St Cloud Tier Policy
Administration
& Setting
§ Proxy Management
UI System
Monitor
Activity
No Pol ic
Pl Event
IS Fitness Analyzer
Avamar Replication Policy
• Replication group members, either domains or clients

• Priority order for replication tasks
• Backups to replicate, based on the retention setting or the backup date
• Maximum number of backups to replicate for each client
• Destination system for the replicas (replication to another Avamar
system, Cloud Tier, or Data Domain system)
• Replication schedule
• Retention of replicas

Command-Line Replication
Perform on-demand replication from the command line by logging in to the

utility node and using the avrepl32 command-line interface (CLI).
The following replication settings are defined by the avrepl command:
• Domains or clients to replicate

• Backups to replicate based on plugin, retention setting, and backup
date
• Maximum number of backups to replicate for each client
• Destination system for the replicas
Avamar to PowerProtect DD Replication
When using a PowerProtect DD appliance as a backup target33, the

replication process also transfers Avamar data from the source
PowerProtect DD to a destination to PowerProtect DD.
The replication process is initiated from the source Avamar server. If the
data selected for replication includes data that is stored on the source
PowerProtect DD, the source Avamar queries the target Avamar server to
ensure that there is a target PowerProtect DD.
32 Account options for the avrepl command enable administrators to

specify credentials to connect to the destination Avamar server for
replication.
33 If a PowerProtect DD is configured with an Avamar server, then there
must be a corresponding PowerProtect DD that is configured with a

destination server. Otherwise, the replication fails for backups that are
stored on the source PowerProtect DD.

Since the source Avamar server must communicate with the target
PowerProtect DD, it is not possible to separate the Avamar and
PowerProtect DD traffic onto separate networks.
Replication34 control belongs to Avamar, however, a PowerProtect DD

replication license is required to enable the copying of data from one
system to another.
Caution: Be sure that the destination systems have

enough capacity to store all data, especially when multiple
systems are replicating to one.
Important: If the source PowerProtect DD is used to store

data other than the Avamar backup data, it will not be
replicated. Configure replication for this data separately
through the PowerProtect DD System Manager.
PowerProtect DD Appliance Destination Settings
In a replication environment with more than one destination PowerProtect

DD, administrators can set the system35 that receives the replicas by
34 Replication is a direct copy and occurs on the Avamar replication

schedules.
35 Users can specify a PowerProtect DD system as a default destination.
The Avamar server replicates to a default destination when a destination

PowerProtect DD system is not identified in the Storage Mapping tab.

mapping a domain on the source Avamar server to a destination

PowerProtect DD system.
Set Default PowerProtect DD Destination
The following steps must be followed in order to set a default

PowerProtect DD destination system:
D0LLEMC Avamar
«
System
(2) Dashboard
Pi Asset Management Certificate VMware Plugin DD NFS Datastores Data Dorna n R<
Pobcy
I ADD EDIT > DELETE C REFRESH
& Backup Policy
ft Advanced Policy v Data Domain

ProPerty
Replication Policy Q ddvei.emc.edu
Gs Cloud Tier Policy

Edit Data Domain System C X
Administration
Account
1 System
& Setting user NamefDDBoost) ddboost_user
2 SNMP
Password
S Proxy Management 3 Tiering
verify Password
System
Instant Access
Monitor instant Access limit 32
Max Streams
Max Data Domain system limit 90
Max used by Avamar: 50
As percentage of the max limit
Mise
Use system as default replication storage
Use as target for Avamar Checkpoint Backups
Use certificate authentication for REST communication
CANCEL VALIDATE
Edit a Data Domain
1. Log in to the AUI, and click the System pane.

2. Click the Data Domain tab. Click +ADD
3. Scroll down the wizard page to the Misc section, and select the Use
system as default replication storage checkbox. Click VALIDATE.
If the Data Domain system is already listed, select the system and click
Edit.

Map Avamar Domain to the Destination PowerProtect DD
To specify the destination system, a domain should be mapped on the

source Avamar system to a destination PowerProtect DD system. If the
mapping is not done, and then Avamar replicates the data from the source
PowerProtect DD system to the default destination.
If there are multiple destination PowerProtect DD systems, administrators

can control which system receives the data that replicates from the source
PowerProtect DD system.
To map a domain:
tXM-LEMC Avamar
«
System
Q Dashboard
Pl Asset Management Certificate VMware Plugin DD NPS Datastores Data Domain Replication Destination Storage Mapping
Poky
(§] Backup Policy
tfe Advanced Policy Avamar Replica Add Storage Mapping ©

a Replication Policy
£; Cloud Tier Policy Note: Configuration must be done on the replication destination.
Administration Default Data Domain System: ddve2.emc.edu
S Setting Select a domain

S Proxy Management
QS System Domain C
Monitor
> 0 Loading
F& Activity
Select a Data Domain System
Data Domain
(•) ddve2.emc.edu
SUBMIT CANCEL
Map a domain
1. Log in to the AUI, and navigate to System pane.

2. Click Storage Mapping tab, and click +ADD.

3. Select the PowerProtect DD system from the list to use as replication
target. Click SUBMIT.

Administration Lab.
Replication Destination
Avamar allows administrators the ability to restore the replicated backups

on a destination system using AUI. This method is used when the source
Avamar server is unavailable and the Replicas at Source feature is not
enabled on the source Avamar system.
Replication Destination
The initial step during a policy-based replication is to add a replication

destination. The connection details36 for a supported data storage system
have to be specified.
The Avamar system supports replication to other Avamar systems and to

PowerProtect DD through DD Boost.
36An Avamar system can also replicate to another Avamar system that is
running a different version of the Avamar server software. However, the
best results occur with the same software version.

Edit replication destination x
Name
Destination name ave2 emc.edu
Encryption High v
Configuration
Target server address 192.1681.12
Target server connection port 27000
Target MCS connection port 28001
Credentials
User ID on target server rep user
Password on target server
VALIDATE
CANCEL
Avamar Replicated Backups to a Destination System

Restore Replicated Backups the Destination System
D^LLEMC Avamar ® S’ © ©
«
Domain Asset Management
© Dashboard
&/
Ass*, Management
D clients Clients The VIEW MORE
Pd*cy MC.RETIRED displays the details of the
D MC_SYSTEM
0j Backup Policy
£5 REPLICATE
backup
Qi Advanced Policy v £5 avel emc ed & RESTORE
Replication Policy > tu clients ;

Name Domain
Cloud Tier Policy Client S VIEW MORE
/REPUCA
Administration El nmOt emc edu TE/avete
mcecu/cl Name wmOt erne edu
•e^ts
Setting
Q wind emc edu
Backup Activity information
C REFRESH O SEARCH A RESTORE ® DELETE MORE ACTIONS ;

Include Remote ®
Location Number DateiTime Plugin Retention Expire* Size Type
© LOCAL 1 2020-03-25
04 50 02 GMT-
Windows
File System
Not
tagged
2020-05-23
200000
415 99
MS
Em
4 GMT-4
Restore Avamar Replicated Backups from Destination System
To restore from destination, perform the following steps:
• From the Asset Management, click the REPLICATE domain and

hostname to view the clients.
• Select the client, click VIEW MORE under Client Summary pane.
• From the backups associated with that client, select the backup and
click RESTORE.
Lab Exercise: For more practice, go the Avamar

Administration Lab.
Setting Up Replication Policies and Schedules

Define a Replication Schedule
The method of scheduling replication tasks depends on the type of

replication that is used. In a policy-based replication, schedules are
defined in a similar way to back up schedules. Start replication after the
majority backups have completed. Replication can be started during the
backup window.
To configure schedules for a policy-based replication, perform the

following steps:
EXM.LFMC Avamar
Domain C Setting
Q Dashboard
Ei Asset Management
y
_
>
_
D clients
HOIicy ? [_J MC_SYb 1 tM

+ ADD C REFRESH
fi] Backup Policy
fg Advanced Policy
Name Domain Recurrence Start
Time
Replication Policy
(S Cloud Tier Policy Daily Schedule / Weekly 22.00
Administration
Default / Weekly 23.00
& Setting Replication
Schedule
Avamar Replication Schedule
• From Asset Management, click on Setting.

• In the Setting pane, click on Schedule and the click the +ADD.
• Define a schedule for this replication task on a daily, weekly, or
monthly interval.
Administrators can also configure a retention period based on their

environment requirements.
Create a Replication Policy
The replication policy enables administrators the ability to define the

settings for policy-based replication. The replication policy also enables
administrators to perform a scheduled as well as on-demand replication
from source to destination systems.

Administrators create a Replication Policy in a similar way to creating a

Backup Policy.
Replication Policies require the following:
• Members
• Backup Filters
• Schedule
• Retention
• Destination

Administration Lab.
How to Perform and Monitor On-Demand Replication
An on-demand replication is an instant replication job initiation that is

performed by the administrator by running the replication policy.
To run an on-demand replication, perform the following:
CXM.LEMC Avamar © Policy repl_policy started successfully. View Activity x
Replication Policy
Q Dashboard
|?X Asset Management
Policy
S] Backup Policy Name Enabled Schedule Members Destination
fg Advanced Policy
/Default
(•) repl_policy true Replication ave2.emc.edu
% Replication Policy Schedule
& Cloud Tier Policy
Performing an on-demand replication
• Click on Replication Policy.
• Select a replication policy from the list and click RUN.

The on-demand replication is initiated. Navigate to the Activity pane to

view the progress of the replication activity or click on the View Activity
from the Policy <policy name> started successfully.
The Activity window in the AUI enables administrators to view status
information for both on-demand and scheduled replication activity.
D0LLEMC Avamar
«
Activity Auto- Refresh «3
Q Dashboard
1'1 Asset Management

Policy
Oo Oo Activities
Running
O Activities
*5 Completed
Activities
Failed
S] Backup Policy c REFRESH Filter activities by domiirtter/activities by duration: All v
[ja Advanced Policy

Status Client t Started Processed Bytes Plugin t Type t «
Replication Policy

Q v0 Completed avel emc.edu 320°GMT^4 °6 2
819.79 MB Replicate Replication Sou
Replication Sou
Administration © Complei MC.BACKUPS sS^MtS °6 2 204.12 MB Replied
1008
Ce
Si Setting ©Complei AVI_BACKUPS °6 2

141.48 MB Replicate Replication Sou
Replication Sou
S Proxy Management © Complet EM_BACKUPS
5<M°GMT?4 °6 2 474 19 MB Replicate
0 System °6 Replication Sou

5 04GMT?4
1
> © Completed avel emc edu 415.99 MB Replicate
Monitor
Rephcafon Sou
& Activity
©Failed avel emc edu 0%°GMT?4°61 0 Replicate
O Event
© Failed avelemc.edu s^GMT-a 03 5
3
0 Replicate
Replication Sou
°4 4 Windows File Sy On-Demand Ba

S Fitness Analyzer
©Completed winO1.emc.edu g^GMT-i5 w mo
4,3 qq
stem ckup
1 - 5 of 5 Activities
Monitoring the replication from the Activity pane
Avamar Data Migration Enabler (ADMe)
Avamar Data Migration enabler (ADMe) is a utility providing automation for

the migration of Avamar backup data to a different storage medium such
as tape, disk, cloud based storage, or to another Avamar and
PowerProtect DD. Backup data is first rehydrated to a staging disk area
into a structured top-level folder layout for organizational purposes.
This can automatically be backed up to a tape backup application as a

standard file system backup or to another Avamar for purposes of placing
the backup data into its PowerProtect DD.

ADMe Compatibilities
ADMe is compatible with all Avamar systems including single or multinode

GRID systems, source or replication target systems, Integration Data
Protection Appliance and those using PowerProtect DD storage.
Some of ADMe capabilities are the following:
• Single point of management.

• No dependency on Avamar when recovering from tape or cloud.37
• Supports migration of backups to public or private cloud storage using
a suitable gateway.
• Results in a cataloged and browsable tape backup.
• Supports file level recoveries directly from tape or cloud storage.
• Supports multiple staging servers and concurrent migration threads per
server.
• Supports incremental and non-incremental migration strategies
Phases of ADMe
The ADMe migration process is consisted of three distinct phases:
• Client Backup Selection Phase: Used to identify which backups to act

on
• Backup Recovery (Staging Phase): Used where backup data is
recovered to a staging disk.
• Export Phase (Optional): Used for external tape backup application or
cloud synchronization
37The only exception to this is that Oracle and PAX file archives. User
need to leverage the Avamar to complete the restores.

The complete end-to-end workflow is automated by ADMe Job Policies

eliminating the need for manual intervention or localized scripting. ADMe
Job policies can be scheduled to run automatically or run an on-demand as
needed.
Tip: When upgrading to a new Avamar system which

relies on PowerProtect DD for storing its backups, there
may be a need to migrate the longer term backups from
the existing Avamar system to the new system.

Exploring Cloud Tier with Avamar
Cloud Tier Overview
The Avamar Cloud Tier feature works in tandem with the PowerProtect
DD Cloud Tier feature to move Avamar backups from PowerProtect DD
series appliances to the cloud. Cloud Tier provides long-term storage of
Avamar backups by seamlessly and securely tiering data to the cloud.
The Avamar User Interface (AUI) allows administrators to configure

Avamar backups to move from the PowerProtect DD active tier to the
cloud tier.
Avamar moves the existing backups that have been marked for tiering to
the new cloud unit, and the PowerProtect DD system triggers data
movement. Avamar marks the backups for tiering while the PowerProtect
DD system triggers data movement. Only backups older than 14 days can
be marked for Cloud Tier data movement.
Important: PowerProtect DD cloud storage units must be

preconfigured on the PowerProtect DD before they are
configured for Cloud Tier in the AUI.
Cloud Tier Configuration
The following steps are performed as part of configuring the Avamar

server to manage the Cloud Tier feature:
Add or Edit a PowerProtect DD with Cloud Tier
To use the Cloud Tier feature on Avamar, enable the Cloud Tier on the
PowerProtect DD system first.

Edit Data Domain Tiering X
1 System
Cloud Unit
2 SNMP Enable Cloud Tief
Cloud Unit ECS *

3 Tienng
Nane
CANCEL BACK FINISH
Enabling Cloud Tier
• In the AUI browse to System.

• Select the Data Domain tab.
− Click ADD or Edit
• At the end of the ADD or Edit steps the Enable Cloud Tier option is
selected before clicking Finish.
Add a Cloud Tier Policy
A Cloud Tier policy runs automatically according to schedules that are

created as part of the policy wizard.

D0LLEMC Avamar
Cloud Tier Policy

(2> Dashboard
Pl Asset Management ADD
Polky
@] Backup Policy Name
Advanced Policy
"a Replication Policy
Cloud T Policy
Administration
Qi Setting
[J Proxy Management
® System
Adding a Cloud Tier Policy
• From the navigation pane, click Cloud Tier Policy and click + ADD.
• Follow the steps in the Policy wizard to complete the Cloud Tier
Policy.
Run a Cloud Tier Policy
A Cloud Tier policy runs according to the schedule selected during the
configuration of the Cloud Tier policy.
Administrators can run Cloud Tier policies on demand.

D0LLEMC Avamar
«
Cloud Tier Policy
(2) Dashboard
Asset Management ADD 0 EDIT ® DELETE RUN C REFRESH

Policy
1^] Backup Policy Name Enabled Schedule
Advanced Policy
Cloud_Tier_Policy true Default Tienng Schedule
q. Replication Policy
G: Cloud Tier Policy
Administration
Setting
Running a Cloud Tier policy
• In the AUI under Policy, select Cloud Tier Policy.

• There is no requirement for advanced scripting or VMware software
knowledge and no unchanged day-to-day procedures for backup.
• Select the policy.
• Click RUN.

Administration Lab.

Recalling Backups from the Cloud Tier
CXAL
Request for restore
PowerProtect DD makes a copy of the

Cloud Tier backup in the active tier
Restore sent to the client
Cloud Tier recall process
A backup must be recalled to the PowerProtect DD active tier before

Avamar can do a restore in a non-ECS cloud.
The following explains the steps of a recall:

1. Avamar requests the PowerProtect DD to recall a backup from the
Cloud Tier.
2. PowerProtect DD makes a copy of the Cloud Tier38 backup in the
active tier.
3. Avamar has access to the backup in the active tier39, and can perform
the restore.
38 The Cloud Tier is the representation of the size of the storage that is
provided from the supported Cloud Provider.
39 The active tier is the default storage tier that exists when the file system
is created.

Important: The copy of the backup in the active tier is

deleted after ten days by default.

Administration Lab.
File Level Restore for Cloud Tier
Cloud Tier file level restore.
Avamar supports file level (FLR) restore from Elastic Cloud Storage (ECS)
cloud units. When the backups are stored on a non-ECS cloud, the entire
backup needs to be recalled to the PowerProtect DD active tier before
FLR can be performed.

The following is an explanation of Cloud Tier FLR:

1. Avamar requests a file level restore from the Cloud Tier.
2. The entire backup does not have to be recalled to the active tier of the
PowerProtect DD.
3. The Avamar client directly reads the file from the Cloud Tier.
Important: The process of restore from a backup that is

tiered to the ECS cloud unit is identical to normal file or
granular level restore operations.

Administration Lab.

Examine System Maintenance and Monitoring
Avamar Profiles
Managing Profiles
Avamar Administrator Manage Profiles
Avamar provides notifications when any event occurs. Notifications

include:
• Pop-up Alerts
• Acknowledgement-required list
• Email messages
• Syslog files
• SNMP traps
Third-party tools and applications can also be used to monitor and report
on the syslog files and SNMP traps.

Editing System Event Profiles

X
Manage All Profiles
New | E<M | Delete Disable
U ave1 emcedu System Profile Properties Summary

a *: clients Name System Profile
* MC_SYSTEM Enabled Yes
8 A sSSSEEZE Domain /
O Event Codes
x* Evaluation Profile
A High Pnonty Events
x* Local SNMP Trap
x* Local Syslog
A Usage Intelligence Profile
OK Cancel Help
Edit System Profile
The System Profile contains all possible system event codes. System event
codes can be edited to control whether an event generates a pop-up alert
in Avamar Administrator, an entry in the common unacknowledged events
list, or neither.
Go to: For more information about profiles, see the Dell

Avamar Administration Guide on the Dell Support
website.

Administration Lab.

Creating a Custom Event Profile - Sequencing Activity
Sequencing Activity
Online Sequencing Activity
Sequencing Activity Wrap Up
Notes
Event Management in the AUI
The Event Management pane in the AUI is seen from Event Management
window. Use filters to narrow down the event viewing, and a selection can
be reset of retrieved by dates.

Click the green boxes for more details.
Avamar Event Management review
1: The Event Management offers views for Critical, Error, and Warnings.
2: Filters can be set to narrow down the events. Administrators can use
a date range, Type, and Categories. Selecting the Unacknowledge event only and
then select RETRIEVE.
3: By selecting an event or events from the Event ID column, administrators

can acknowledge them by clicking ACKNOWLEDGE.
Avamar Email Home/ConnectEMC
Avamar uses two systems to automatically send events, alerts, and

system information to Customer Support.

Avamar Administrator ConnectEMC
DetLEMC Avamar
«
Server Management
0] Backup Policy
Checkpoints Backup Window Garbage Collection Services
fg Advanced Policy
rvo 1 UKCOUL UM 1 HDHOC KUI II III iy
% Replication Policy
Core services WEB SERVICES Running
<S Cloud Tier Policy
WEB RESTORE DISK SPACE 261.573.56OK
AVAILABLE
= Validation Policy
LOGIN MANAGER Running
Administration GSAN STATE Full Access
SNMP SUB-AGENT t
Disabled •
S Setting DATA DOMAIN STATE Full Access

CONNECTEMC Running •
SNMP DAEMON Running :

Proxy Management
BACKUP GROUP SCHEDULER Running J SSH DAEMON Running
03 System STATE
DATA DOMAIN SNMP Running :
MANAGER
Server
MAINTENANCE SCHEDULER Running j
STATE
REMOTE BACKUP MANAGER Running J
Monitor SERVICE
RABBITMO Running :
f© Activity
MCS COUNTER N/A
121 Event REPLICATION CRON JOB Not Running j
Session AUTO LOG OUT 10 Minutes J
H Fitness Analyzer
AUI ConnectEMC
Email Home By default, notification schedule email messages are

sent at 6 a.m. and 3 p.m. each day.

ConnectEMC A standardized application that automatically transfers

event data and product information, such as the serial
number of active utility and storage nodes, from
customer sites to Customer Support. ConnectEMC gets
enabled and configured during the installation of the
Avamar Server.
Disable, Used to test any of these transports and to test any new
Stop, and changes that are made.
Test
Primary ConnectEMC is integrated with Secure Remote Support

Transport (Secure Remote Services). Primary transport can be
Failover configured to use Email, FTP, and HTML communication.
Transport Secure Remote Services gives Customer Support the
Notification ability to provide remote Avamar support.
Transport Clicking the Advanced button opens the settings for Retries,
Timeout, Description, and Email Subject.
Help This can be used at any time to provide more details for
the ConnectEMC feature.
Go to: For more information about ConnectEMC and

Email Home, see the Dell Avamar Administration Guide
on the Dell Support website.
Avamar Checkpoints
A checkpoint (cp) is a read-only snapshot of the Avamar server that is

taken to enable server rollbacks. A rollback restores the Avamar server to
a known good state using data stored in a validated checkpoint. Validation
is performed by running a Hash File System (HFS) check on a checkpoint.
HFS check validates the integrity of a checkpoint by performing a series of

checks on the metadata/backup data. If an HFS check detects errors in

one or metadata/backup data, it automatically attempts to repair them.
The process is similar to the UNIX fsck command. While an HFS check
is being initiated, the server is briefly placed in read-only mode until it
finishes.
Checkpoints are created using hard links to all the metadata/backup

data40. A checkpoint directory is created on each active disk of each
storage node of the Avamar server. The directory contains the stripes on
the disk as they were at the time the checkpoint was taken.
Tip: The cps command can only be run from single-node

server or multi-node server storage nodes. In a multi-node
server environment, administrators must first copy the
cps executable file from the utility node to each storage
node.
Daily Maintenance Checkpoints
By default, a checkpoint is created41 during the Maintenance window. A

second checkpoint is created towards the end of the Maintenance
window after the first checkpoint has been validated.
40 When there is an activity requiring modification of the metadata/backup

data, such as adding new data, the read-only metadata/backup data, is
copied to a writable metadata/backup data. The original metadata/backup
data that is associated with a checkpoint is maintained for the life of the
checkpoint.
41 Checkpoints can also be manually created by the Avamar Administrator
when required. By default, Avamar always retains the last two checkpoints
including the last validated checkpoint.

By default, a rolling HFS check is automatically run once a day, usually

during the period defined by the Maintenance window.
If the Avamar is integrated with a PowerProtect DD, a checkpoint results

in the Avamar mtree snapshot being created.
Server Management
CREATE REFRESH
Tag Validated Creation time
o cp.20211216090102 2021-12-16 09:01:02 GMT+0
o cp.20211216090446 ? 2021-12-16 09:04:46 GMT+0
cp.2O22O4O6131824 2022-04-06 14:18:24 GMT+1

0 ?
Checkpoints in AUI
Creating Checkpoints
Server Management
+ CREATE C REFRESH
A Create Checkpoint
Validated
The maintenance scheduler is enabled The maintenance scheduler will be
disabled for the duration of this operation and regularly scheduled
cp 20211216090102
maintenance operation will not run Do you want to continue?
cp 20211216090446
CANCEL YES
Server Management
+ CREATE C REFRESH
Validated Creation time
cp 20211216090102 2021-12-16 09 01:02 GMT+0
Cp 20211216090446 2021-12-16 09 04 46 GMT+0
cp 20220406131824 2022-04-06 14:18:24 GMT+1
AUI Create Checkpoint

To view and or create a cp in the Avamar Administrator, go to Navigation >

Server > Checkpoint Management tab, and click Actions > Create Checkpoint.
From the Checkpoint Management window, administrators can see the latest
checkpoint with a question mark to the left. This question mark is a
checkpoint that is not yet validated.
To view and or create a checkpoint (cp) in the AUI, from the left menu
select the Server option. From the Server Management window click on the
Checkpoints tab and click +CREATE.
From the Server Management window, administrators can see the latest
checkpoint with a question mark to the left. This questions mark is a
checkpoint that is not yet validated.
Checkpoint Utilization
admingavel:-/>: cps
G3 used %use Total checkpoint usage by node:

304.910 Total blocks on node Sun Mar 29 08:57:16 2020
798.482 99.20 Total blocks available
6.025 0.75 cur Sun Mar 29 08:43:58 2020
0.190 0.02 cp.20200325122951 Wed Mar 25 08:30:51 2020
0.101 0.01 cp.20200316112805 Mon Mar 16 07:29:05 2020
6.316 0.78 Total blocks used by dpn
admingavel:-/>:|
Checkpoints Utilization
Checkpoints reside on each storage node on the Avamar server. This

information is used to determine the overhead space of each checkpoint.
The cps command shows the total amount of data in cur directory for
each checkpoint directory on the node in which the command is run. The
cps command can only be run from single-node server or multi-node
server storage nodes. In a multi-node server environment, first copy the
cps executable file from the utility node to each storage node.

Backing Up Avamar Checkpoint
Edit Data Domain System x

veiny ro^wuiu.
1 System Instant Access
Instant Access limit: 32

2 SNMP
3 Tiering Max Streams
Max Data Domain system limit: 90
Max used by Avamar: 50
As percentage of the max limit
Mise
Q Use system as default replication storage
Use as target for Avamar Checkpoint Backups
Q Use certificate authentication for REST communication
CANCEL
Edit a Data Domain
Avamar has the ability to store Avamar checkpoints42 on an integrated

Data Domain system (with DD OS 5.3 or higher). This is supported only
on single-node and virtual edition Avamar servers.
If there is an issue with the Avamar server, the Avamar checkpoint

backups can also be used for restore. However, it does not provide offline
protection like replication.
Rolling Back a Checkpoint
An Avamar checkpoint is system-wide snapshot of the Avamar server that

is taken for the purpose of Avamar server disaster recovery. In the event
of the Avamar server experiencing data inconsistencies or corruption of its
metadata, a validated checkpoint can be used to restore the Avamar
server to a known good state. This process is called rollback
42If a disaster were to occur and the Avamar server is destroyed, the
checkpoint data can be restored.

Performing a Rollback
To rollback to a specific checkpoint:
• Load the admin ssh keys.

1. su - admin
2. ssh-agent bash
3. ssh-add ~/.ssh/admin_key Enter password if
prompted
• Run dpnctl stop
To start the rollback, run:
• Run: rollback.dpn --cptag=cp.datetime >& filename
− cp.datetime name of a checkpoint
− filename: user-defined file to hold the rollback log information
Forced Rollbacks
If a data server (gsan) did not shut down correctly, dpnctl prompts for a
rollback upon restart. A rollback can also be forced using the--
force_rollback option in dpnctl start.
• Always, rollback to a validated checkpoint

• To obtain a list of current checkpoints, run cplist

|
admin@ave-01:-/>: cplist
cp.20211216090102 Thu Dec 16 09:01:02 2021
-
adialn@ave 01:~/s|:
dpnctl start —
force_rol]
Identity added: /home/admin/.ssh/admin_key
cp.20211216090446 Thu Dec 16 09:04:46 2021
|
admin@ave-01:~/>:
Action: starting all

Have you contacted Avamar Technical Support
is the right thing to do?
cplist command Answering y(es) proceeds with starting all;

n(o) or q(uit) exits
y(es), n(o), q(uit/exit): y

dpnctl: INFO: Checking that gsan was shut c
Here are the most recent validated and non-

Thu Dec 16 09:01:02 2021 UTC Validated(tj
Thu Dec 16 09:04:46 2021 UTC Not Validate
A rollback was requested.

The gsan was shut down cleanly.
The choices are as follows:

1 roll back to the most recent checkpoj
2 roll back to the most recent validate
3 select a specific checkpoint to whicl
4 do not restart
q quit/exit
(Entering an empty (blank) line twice quits

>
dpnctl start --force_rollback

command
Considerations
The following exceptions need to be considered.
• If there has been a change in the password, it has to be updated in the

/usr/local/avamar/etc/usersettings.cfg file of the
checkpoint to be restored.
• Contact Dell Support if nodes were added since the last checkpoint.

Tip: These steps are more commonly used with the

physical Avamar systems
Go to: For more information about rollbacks, see the Dell

Avamar Administration Guide on the Dell Support
website.
Avamar Monitoring
Avamar provides several ways to monitor backup, restore, replication, and

tiering activities to report on backup status, and to manage backups.

[XM-LEMC Avamar
«
Q Dashboard
Activity Auto-Refresh o
Pl Asset Management
Policy
On O Waiting ©0 ACtiV'tes
Running 0 9Activities
O Completed
Sj Backup Policy C REFRESH Filter activities by domain: / Fi ter activities by duration: Last 72 hours
Advanced Policy
Status Client y Started y Processed Rugin y Type Y > Details
Bytes
q. Replication Policy
Id: 9158498849040909
2020-03-24 Windo
Cloud Tier Policy 0 Completed win01.emc.edu 02 00 25 GM 415 99 MB ws File Scheduled Backup
’•0 System Domain /clients/DesktopC sent
Administration 2020-03-24 Windo Client winOi emc edu

0 Completed win01.emc.edu 01:00 15 GMT 415 99 MB ws File Scheduled Backup
•0 System
S Setting Policy /clients/DesktopC ;ent/DTLT
up
2020-03-23 1 Windo
S Proxy Management 0 Completed win01 emc edu 8 34 51 GMT- 415 99 MB ws File On-Demand Backup
0 System Started 2020-03-2318 34 51 GMT*0
IB System End Time 2020-03-23 18 35:07 GMT-C
Monitor
Eaosed 15s
f© Activity Server -
DDR d<Tvel.emc.edu
1^1 Event Nev/ Bytes 93.0%
r.- Fitness Analyzer Windows Server 2012 R2 Da

OS nter Server Edition (No Servi
ack) 64-bit
Activity pane
From the AUI the activity displays the following:

• Allows administrators to monitor backup, restore, backup-validation,
and replication activity
• Detailed log of a client session for analysis and troubleshooting
• Filter activities by duration: By default, the Activity tab displays the
most recent 5,000 client activities. To select a different duration, in
the Filter activities by duration drop-down list, select the last 24 hours
or Last 72 hours.
• Filter activities by domain: By default, the Activity tab displays all
activities regardless of domain. To display only the activities for a
specific domain, in the Filter activities by domain drop-down list,
select a domain or subdomain.
• Filter activities by status, by default, the Activity tab displays all
activities regardless of status.

Tip: In the AUI, the Fitness Analyzer offers more in-

depth details for Policy, Replication Policy, Backup, Client,
Resources, Metadata, System Utilization, Proxy summary, and
Reports.
Activity Monitoring
By default, the Activity Monitor tab displays the most recent 5,000 client
activities during the past 24 to 72 hours. Administrators can increase or
reduce the amount of information in the Activity Monitor by editing the
mcserver.xml file located:
/usr/local/avamar/var/mc/server_data/prefs/mcserver.xm
l
Modifying the mcserver.xml file requires the stopping of the MCS

process, then starting it after edits have been made. This can be done
with the dpnctl stop and dpnctl start command on the Avamar
server.
D^LLEMC Avam; Activity Auto-Refresh «"

«
© Dashboard
Activities
Waiting ©0 AcWit»ei
Running ©2 Activities
Completed O
1*1 Asset Management RESTART |1 f> VIEW LOGS | C REFRESH g Filter activities by oomaFirte/ activities by duration Ail
Pokey
Processed » Details
®] Backup Policy
c Status Client Started r Bytes Plugin r 1
Chent winoi.emc edu
winOlem 2020-03-2 Windows (
Q5| Advanced Policy ©Come 312 22 58 41599 MB File Syste < Policy Admin On-Dema-o Group
cedu
GMT-4 m t
Started 2020-03-23 12 22 58 GMT-4
•b. Replication Policy winOl em 2020-03-2 Windows (
©Come cedu
312 16.01 G 415 99 MB File Syste «
End Time 2020-03-23 12 23 08 GMT-4
MT -4 m t
<&• Cloud Tier Policy
Eiaosed 9s
Administration Server DDR •odvei emc eou
Si Setting Mew Bytes 00%

Windows Server 2012 R2 DatdC
S Proxy Management OS enter Server Edition (Mo Seme
e Pack) 64-bit
® System Client Release 192100-155
Monitor Sched Start Time 2020-03-23 12 22 56 GMT-4
Sched.End Time 2020-03-24 12 22 56 GMT-4

[f© Activity
Retention Tags N
Q Event Schedule Admin On-Demand Schedule
SI Fitness Analyzer E 1 .
1 - 2 of 2 Dataset /Ghent On-Demand Data
W1D: MOD-1584980576952
AUI Activity View

The Activity view offers the following:
VIEW JOBS Shows the details of the client backup and restores.
Administratorss can also choose to download and send
to support.
Filter by Allows the view to be All, Last 72 hours, and Last 24

duration hours.
Status Shows status of backup, restores, or validation activity.

These are Error Code, Start Time, Elapse Time, End Time,
Type, Server, Progress Bytes and New Bytes.
Details In the window administratorss can get the details for the
client, name, domain, operating system, client release,
and proxy.
Server Monitoring
The Avamar Administrator Server view is a primary system status

monitoring tool. The Server Monitor tab presents a summarized view of
CPU, network, and hard drive performance statistics for each node. The
Server Monitor tab on the Server window in Avamar Administrator includes
separate tabs for the Avamar server and any configured PowerProtect DD
appliances.
Avamar Administrator Server Monitor
In the Server window the tabs that are offered are Server Monitor, Server
Management, Session Monitor, Checkpoint Management, and Data Domain NFS
Data Stores.

Data This tab provides the CPU, disk activity, and network activity
Domain for each node on the PowerProtect DD appliance. If the
status is yellow or red, administratos can view additional
status information to determine and resolve the problem.
Node In the Avamar tab the Node details are the following:
• Online (green is functioning correctly).
• Read-Only (blue means backups have been suspended
and normal backgrounded operations are taking place).
• Time-Out (gray is the MCS cannot communicate).
• Unknown (yellow is the Node status cannot be determined).
• Offline (red is the node has a problem and if setup a
Service Request (SR) is logged).
CPU In the Avamar tab, the details of the CPU are the following:
• Load: Avamar number of CPU threads over the past
minute.
• User: Percentage of CPU capacity that is consumed by
running server instructions (anything other than operating
system overhead).
• Sys: Percentage of CPU capacity that is consumed by the
operating system overhead.
Network In the Avamar tab, the Network details are Ping, In, and Out.
Disk In the Avamar tab, the Disk details are the following:
• Reads: Average number of hard drive reads per second as
reported by the operating system.
• Writes: Average number of hard drive writes per second
as reported by the operating system.
• Utilization: Percentage of total available server storage
capacity currently used.

System Management
From the left menu, select System, and click Server Management. In this
view, administrators can review Checkpoints, Backup Window, Garbage
Collection, and Services.
CXM-LEMC Avamar
« [XM-LEMC Avamar
© Dashboard »
System
Q
Px Asset Management
Policy Ri Certrtica VMware Piu DO NFS Datasto Data Oom Replication Destinat Storage Mapp, RSA Authentication Mana Server Managem

(§] Backup Policy
ft
Cq Advanced Policy + CREATE C REFRESH
%
Replication Policy
<a
Tag Validated Creation t nodes t Stripes r Validation r Validation Errors Details
Cloud Tier Policy ft time Start End time
Time
Administration a CHE£j^ltLTJNF2gMAlK»
2020-
& Setting
as 03-16 Tag cp 20200316101223
CP 20200316101223 9' 06122 1 25 N/A N/A 0
3GMT- Creation time 2020-03-16
& 4 06 12 23 GMT-4
S Proxy Management
Q No. OtNodefs) 1
® System 0
2020-
03-16
2020-
03-16
2020-
03-16
Stripes completed/total 25 / 25
cp 20200316112805 07:280 t 25 07 30 07303 0 Deletable No
Momtor '
<.
5GMT-
4
06
GMT-4
6GMT-
4 On Data Domain No
Fo Activity
VALIDATION INFORMATION ©
O Event
ED Fitness Analyzer -
1 2 ot 2 Checkpoints Not Validated
AUI System Management
Some of the options in the System window are the following:
Checkpoints Displays the latest checkpoints that have been validated

(green checkmark) and unvalidated (red question mark).
Backup Displays the Backup and maintenance window duration

Window periods. Administrators can edit the Window start time (24
hours), Duration, and Time Zone.
Garbage Displays the information about the last garbage collection.

Collection The garbage collection history provides an overall view of
past garbage collections and display a graphical chart.

Services Services provides details for Core services and Additional

services. The BACKUP GROUP SCHEDULER
STATE and MAINTENANCE SCHEDULER STATE can be
changed from either Suspend or Resume.
The Additional services pane the details of the services
running or not running are displayed.
Backup and Maintenance Windows
Avamar performs the system-maintenance operations for backup data on

the PowerProtect DD including HFS checks, checkpoints, rollbacks, and
garbage collection.
The three important maintenance activities are:
• Garbage collection
• Checkpoints
• HFS checks
Backup Window defines a period when the server does not perform any
maintenance activities, including checkpoint, garbage collection, and
checkpoint validation.
The Backup Window is that portion of each day reserved to perform normal
scheduled backups. By default the Backup window begins at 8 p.m. local
server time and continues uninterrupted for 12 hours until 8 a.m.
Administrators can customize the Backup Window start time and duration.
The Maintenance Window is reserved for performing routine server

maintenance activities. This includes garbage collection, asynchronous
crunching, a checkpoint, and checkpoint validation. A second checkpoint
is taken and not validated during the Maintenance Window.
When Avamar is integrated with PowerProtect DD, the space is not

reclaimed until PowerProtect DD runs its maintenance activities, which run
on a different schedule..

If the Avamar is not integrated with the PowerProtect DD, the garbage
collection runs once daily starting at the beginning of the Maintenance
Window.
»
System
©
Pi Certrf<a VMware Mu DD 7« Datasto Data Dorn Replicator Destinat Storage Mapc PSA Authentication Mana Server Ma-agem
®J Checkpoints Backup Window Garoage Collection Services

th
Configure backup window Backup and martenance window durations
<3?
a
Window start tmetm 24 2000
notes)
1
Bl Duration 12 hours
a
Q Tmezone Arêr<a/Ne* York
0 1 2 I 4 S « 7
• 9 10 11 12 IS 14 tS 1« 17 It 19 20 21 22 21
24 Hotel duration - America New. York
• Backup Window
• Ma ntenance window
1: The Window start time can be customized around the scheduled

backups, and does not automatically coordinate with the various backup
schedules. May require manual adjustment if there are any conflicts with
the backup schedule.

Configure backup window
Window start Ome(in 24 20 00 v

hours) 1
Duration 12 hours v
4 hours
5 hours
Time zone 6 hours /_York v
7 hours
3 hours
9 hours
10 hours
11 hours
13 hours
14 nours
15 hours
16 hours
2: The Duration can be customized, and does not automatically coordinate

with various backup schedules. Any changes may require a manual
adjustment if there is any conflict with backup schedules.

Configure backup window
Window start Dme(m 24 20:00

hours)
Duration 12 hours v
4 hours
5 hours
Time zone York
6 hours
7 hours
S hours
9 hours
10 hours
11 hours
12 hours
13 hours
14 hours
15 hours
16 hours
3: Time Zone can be changed as needed for the scheduling of the

Backup/Maintenance window.
America/New_York
America/Maceio
America/Managua
America/Manaus
America/Marigot
America/Mart nrque
America/Matamo'os
America/Mazatlan
America/Mendoza
Americ a/Menominee
America/Merida
Americ a/Metlakatia
America/Mexrco_City
America/Miquelon
America/Moncton
Americ a/Monterrey
America/Mcntevideo
America/Montrea
America/Montserrat
Americ a/Nassau
America/New York

Important: Any backup or administrative activities should

be minimized during the Maintenance Window.
Impacts of Maintenance Activities and Backups
Avamar minimizes the impact of maintenance activities on backups by

internally managing the maintenance activities according to the
operational windows.
When the system is in a read-only state (during checkpoint and garbage

collection), these system administration tasks cannot be performed:
• Adding, editing, or deleting a user, client or domain.

• Deleting a backup.
• Changing a backup retention.
• No other maintenance jobs can start.
The following table shows the operational impact on backups:
Operations Impact on Backups
Checkpoint • No other maintenance jobs can start.

• All backup orders are queued until checkpoint
completes.
Garbage • No other maintenance jobs can start.

Collection • New backups are queued.

HFS Checks
• Garbage collection cannot start. All other maintenance
jobs, such as checkpoint, replication, can start.
• All backup work orders are queued until the HFS has
started.
• New backups are queued.
Backups Checkpoints can start, suspending backups while the

checkpoint is running.
Impacts of Maintenance Activities on PowerProtect DD
Avamar performs the system-maintenance operations for backup data on

the PowerProtect DD system, including HFS checks, checkpoints,
rollbacks, and garbage collection.
Avamar runs maintenance every day for 12 hours43, it communicates the

same to PowerProtect DD as well. PowerProtect DD does not run any
maintenance on a daily basis, only cleaning weekly. On a daily basis, it
moves the data to /DELETED directory under its cur directory under the
Avamar Mtree. By default, on Tuesday when PowerProtect DD runs
cleaning, it clears the entire /DELETED directory. Recoveries of backups
are not possible after hashes are deleted from Avamar, and the space is
reclaimed from PowerProtect DD only after weekly cleaning is successful.
When Avamar and PowerProtect DD are integrated, the data on

PowerProtect DD has to match the metadata on Avamar; the sync
43 During this 12-hour period Garbage Collection runs 3 hours, the other
time is spent on checkpoints and HFS checks. If the HFS check completes
before the 12-hour window, the maintenance completes.

between Avamar and PowerProtect DD is critical in terms of data and

metadata.
Avamar and PowerProtect DD operations that are impacted are:
Operations Impacts on Backups
Garbage GC runs daily and identifies hashes that have expired

Collection and hashes from canceled or failed backups. At same
(GC) time the hashes are sent to the PowerProtect DD to
clear the corresponding data.
Checkpoint Avamar creates a checkpoint, then the PowerProtect DD

takes a snapshot44 of the entire directory /CUR.
HFS Check HFS verifies the integrity of the data.
The ddrmaint utility obtains and sets information about PowerProtect DD

server for maintenance. The ddrmaint utility is installed on the utility node
of a multi-node server, or the single node of a single-node server, during
Avamar server installation. The ddrmaint utility is not installed on the data
nodes of the Avamar server.
Important: The ddrmaint utility is installed on the utility

node of a multinode Avamar server, or a single node
Avamar server. This utility is not installed on any data
storage nodes.
44
In the event of a rollback on Avamar, the cp allows the PowerProtect
DD to run a fast copy operation of that snapshot back to its point in time.

Analyze Avamar Capacity
Avamar Server Capacity Definitions
Storage subsystem (GSAN) capacity is the total amount45 of commonality

factored data and RAIN parity data on each data partition of the server
node. The GSAN process measures and reports this amount.
New bytes are added to the Avamar server through the backup process.
Old bytes are removed from the server through expiring or deleting
backups. An administrator can control the reported capacity with the
following:
• Change the dataset definitions, retention policies, or clients the

Avamar server backs up.
• Verify that garbage collection is running daily.
The GSAN changes behavior as the various capacities increase. The

following table describes the behavior of key capacity thresholds.
Threshold Default Capacity Behavior

Values Used for
Comparison
Capacity This default GSAN The Management

Warning value is 80% Console Server issues a
of read-only warning event when the
threshold. GSAN capacity exceeds
80% of the read-only
limit.
45 This amount is net after garbage collection.

Health This default GSAN If the GSAN capacity

Check Limit value is 95% reaches the healthcheck
of read-only limit, the Avamar server
threshold. allows existing backups
to complete, and
suspends all new backup
activity. Avamar sends a
notification as an open
alert and these alerts
must be acknowledge
before the system can
resume activities.
Server This default GSAN The Avamar server

Read-Only value is 100% transitions to read-only
Limit of read-only state to prevent the
threshold, addition of new data.
which is set to Administrators can view
a percentage the utilization value on
of the the Server Management
available hard tab in the AUI. The value
drive capacity. that is reported
represents the average
utilization relative to the
read-only threshold.
System too This default Internal The GSAN determines

Full to value is 85% GSAN that the space available
Perform GC of available on any data partition on
hard drive any node exceeds the
capacity. disknogc configuration
threshold, a garbage
collection operation will
not run. The operation
fails with an error
message
MSG_ERR_DISKFULL.

If the operating system view of capacity utilization exceeds 85%, the

garbage collection process stops running. As checkpoints roll off, garbage
collection resumes until the operating system view once again exceeds
85%.
At this level Dell Support is required and will perform the following:
• Check for extraneous directories and files on each node.

• Reduce the number of checkpoints that are retained.
− Always retain at least two most recent.

− Delete the oldest checkpoint.
Best Practice: Dell Technologies recommends monitoring the

storage capacity and maintenance jobs on the Avamar server
on a daily basis.

Operational Best Practices Guide on Dell Support.

Avamar Server Lifecycle
Gsan View
OS View
Example of steady-state
A newly deployed Avamar system typically fills rapidly for the first few
weeks. Almost every client being backed up contains large amount of
unique data. Avamar commonality feature is not leveraged until several
similar clients have been backed up or if the same clients have been
backed up at least one time.
Once each client has been backed up a “settling” occurs. Now, it is

possible to consider and measure the ability of the system to store new
data each day as it frees during the maintenance windows.
This is also known as achieving a steady state of capacity utilization.

Achieving this state is especially important for Avamar single nodes.
Single nodes cannot be increased in size. Achieving steady-state capacity
utilization is also important for multinode servers to minimize the number
of additional nodes that are required to manage the capacity.
Using the capacity.sh Utility
The capacity.sh utility provides the net rate of change in the Avamar
system for each day over a period of the last two weeks. The
capacity.sh also identifies the clients with the highest change rate.

admin@ave2:-/>: capacity.sh — days“20 — top«10

DATE AVAMAR 1NEW ♦BU DDR NEW ♦BU SCANNED REMOVED MI
NS PASS AVAMAR NET CHG RATE
2020-03-28 0 mb 0 77 mb 3 104 mb 0 mb
0 0 0 mb 74.44%
2020-03-30 0 mb 0 1 mb 3 109 mb 0 mb
0 0 0 mb 1.20%
2020-03-31 92 mb 3 39682 mb 2 263869 mb 0 mb
0 0 92 mb 15.07%
2020-04-01 3 mb 3 88 mb 1 74046 mb 0 mb
0 0 3 mb 0.12%
admin® ave 1:-/>: capacity.sh — days«20 — top«20 — domain«ddr

DATE AVAMAR NEW ♦BU SCANNED REMOVED MINS PASS AVAMAR NET
CHG RATE
2020-04-02 0 mb 0 0 mb -5 mb 0 17 -5
mb N/A
2020-04-03 0 mb 0 0 mb 0 mb 338 4 0
mb N/A
2020-04-04 0 mb 0 0 mb 0 mb 0 6 0
mb N/A
2020-04-05 0 mb 0 0 mb 0 mb 0 7 0
mb N/A
Example of capacity.sh output
This information is used to assess whether the system is running in steady

state, including the average rate of change in the environment and the
effectiveness of garbage collection.
Some useful commands include the following:
Command Action
capacity.sh –-days=20 –- Checks the capacity of the

top=20 storage over the last 20 days for
the top 20 clients.
capacity.sh --days=20 -- Checks the capacity of the

top=10 --domain=ddr storage over the last 20 days for
the top 10 clients in
PowerProtect DD.

Important: If the capacity.sh script is not available,

Dell Support can add it.
Monitoring Capacity with Integrated PowerProtect DD
Monitoring capacity on an Avamar integrated with PowerProtect DD series

appliance as the storage target does not give capacity warnings through
the Avamar. A user will not know if the PowerProtect DD has reached
capacity unless they are actively monitoring the PowerProtect DD.
Capacity is monitored either from the Avamar AUI or in the Data Domain
System Manager.
Avamar AUI Dashboard View
Use the AUI dashboard to view the Capacity of the PowerProtect DD and
the GSAN.
• The capacity on the AUI dashboard shows total capacity.

− Capacity (Total)
− Space Left
• If Cloud Tier is enabled on Avamar, the capacity space that is used
and space available is combined with the active tier. In order to see the
capacities of individual tiers the PowerProtect DD System Manager UI
or PowerProtect DD CLI must be used.
Monitoring PowerProtect DD Capacity on Avamar Using Simple

Network Management Protocol (SNMP)
Avamar collects and displays data for health monitoring, system alerts,
and capacity reports for the PowerProtect DD system by using SNMP
protocols.

• The Data Domain tab in the Server Monitor provides Server Utilization,
Total Capacity, and File System Used for the PowerProtect DD.
• Avamar checks the capacity of the PowerProtect DD system every 24
hours. Avamar logs an event in the Event Monitor if the capacity reaches
95% full.
Monitoring from the PowerProtect DD System Manager UI

(DDSM)
To see the Active Tier and Cloud Tier space usage separately, the DDSM or
the PowerProtect DD CLI must be used.
• In the DDSM browse DataManagement > File System > Summary

• In the Summary, the Active Tier and Cloud Tier are shown in separate
tiers.
Important: The PowerProtect DD capacity that is shown

in Avamar does not separate Active Tier and Cloud Tier.
High Capacity on Integrated PowerProtect DD
When the PowerProtect DD reaches capacity, an integrity alert appears in

the AUI.
Alerts on Avamar
Avamar does not send alerts about the capacity of the PowerProtect DD.
When capacity is full, the following alerts are sent from the Avamar.
• The data integrity issue alert appears when an HFScheck could not be
performed.
• MSG_ERR_DDR appears when Avamar maintenance fails due to space
issues. This message will appear in the Events window.

Full Capacity Behavior
When a PowerProtect DD is full, the following behaviors are seen:
• Backups and replication fail

• Garbage collection cannot run
• HFS checks fail
• Capacity alerts on the PowerProtect DD

Explore Avamar Reporting Tools
Avamar Fitness Analyzer Overview
The Avamar Fitness Analyzer is a reporting and analysis portal that

provides a visual representation of server health and functionality. Reports
that are generated by the Fitness Analyzer help administrators
troubleshoot issues and optimize system performance.
Fitness Analyzer allows administrators to dive deep into preferred areas of

analysis. Apart from creating the reports using predefined workflows, the
tool focuses on a subsequent analysis based on preceding steps.
Fitness Analyzer reporting addresses multiple areas that include:
• Maintenance and backup window optimization

• Capacity utilization
• Replication performance
• Job completion times
• Proxy utilization
• Policy and client organization
• Troubleshooting system health and configuration issues
Tip: Fitness Analyzer also works with existing

Management Console Server (MCS) reporting functions
to provide old reports that were available through Avamar
Administrator.

Fitness Analyzer Guide on the Dell Support website.

Fitness Analyzer Overview and Header
Administrators typically start with a review of the top-level graph of server

health and activity on the Overview pane. Use the graph to identify any
prominent trends, abnormalities, or areas of further interest.
Administrators can access the Fitness Analyzer from the AUI or by

pointing a web browser to https://<AvamarServer>/eagleeye.
Overview Pane
The Fitness Analyzer Overview pane presents a graphical timeline of recent

server activity for a maximum of one week of data.
Timeline Identifies areas of interest, such as high traffic, delayed

backups or replication jobs, and interference between
backup activities and server maintenance. The summaries
in the navigation pane provide a breakdown of the trends
indicated here.
Legend Legends, which are situated below the timeline, identify

each data series and the type of activity. Legends interpret
graphical, color-coded data in the timeline.
Server Fitness Analyzer marks important server health events,

Health such as checkpoint creation and validation, and garbage
collection, as vertical lines that correspond to the start and
finish times of the event.
Flag Flags are bubbles on the timeline that contain a number

and a character. These values identify important events for
specific data series. For example, 1G indicates that a
backup group started at that time, or 1R indicates that a
replication group started at that time.

Scale By default, the timeline contains one day of data. A Scale

that is placed below the timeline enables the administrator
to view data for other time periods of time. The Zoom
control above the timeline can be used to view information
from different set of dates.
Bytes The Bytes view toggle button, at the top-right corner of the
View timeline, changes the display units for the horizontal axis to
Gigabytes, so the timeline represents the amount of raw
data that is transferred to the Avamar server. This view
distinguishes the relative impact of each group on the
server.
Limitations
The Fitness Analyzer has limitations in the following areas:
• Reports and summaries do not show active, running jobs. These jobs
appear in the reports and summaries after completion.
• During the initial creation of each pane, Fitness Analyzer may take
slightly longer than usual to display results. Subsequent views use
cached data.
• Results are cached for approximately 15 minutes from their creation
time. Moving away from a pane and then back, the data may not
regenerate until the cache expires.
• When there are more than 500 backup activities per day, some of the
reports that display backup activities over the default timeline reporting
of seven days may take several minutes to display data or, in extreme
cases, may become unresponsive. To avoid this situation, reduce the
number of days of data that are displayed in the timeline reporting
period to limit the report to 3000 backup activities.

Fitness Analyzer Reports
'S' Overview
0 Reports Name Tittle T;
& Group summary o -

Activities Bytes Protected Client Bytes Protected Per Client Report c<
B? Replication summary o -
Activities Bytes Protected Client •2 Bytes Protected Per Client Report (Date Limited) c;
o -
Activities Bytes Protected Total Total Bytes Protected Report c«
Q Client summary
o -
Activities Bytes Protected Total •2 Total Bytes Protected Report (Date Limited) c<
S Proxy summary o Activities - Client Perf Track Client Performance Tracking Report (Date Limited) Ci
Backup summary 3€
,ul System utilization
Q Meta data Utilization
Ca System Summary
^3 Resource summary Report ID File Name Creation time Type
0 Available reports
Example of Reports pane
Fitness Analyzer reports are snapshots of different aspects of the server

at particular points in time. The Fitness Analyzer portal includes the
predefined activity, capacity, client, and system reports that are available
from Avamar Administrator and MCS, plus two new reports.
• Pending Replication: Shows the number of backups and the amount of

primary data that are awaiting scheduled replication.
• Avamar - Capacity Report: Shows the daily changes in capacity usage,
such as new data backed up to the Avamar subsystem, and capacity
freed by garbage collection.
Generate Reports
Use the following are the steps to generate a report:

GENERATE * From Date: 03/27/2020 Q To Date: 04/01/2020 Q

Overview
(3 Reports Name Tittle
& Group summary Activities - Bytes Protected Client Bytes Protected Per Client Report
Replication summary (•) Activities - Bytes Protected Client - 2 Bytes Protected Per Client Report (Date Limited)
Q Client summary
-
Activities Bytes Protected Total Total Bytes Protected Report
Activities - Bytes Protected Total - 2 Total Bytes Protected Report (Date Limited)
S Proxy summary Activities - Client Perf Track Client Performance Tracking Report (Date Limited)
GENERATE a report
1. Select a type of report from the table on the Reports pane.

2. If the report requires start and end dates to be generated, select
appropriate values from the From Date and To Date fields.
3. Click the GENERATE button.
4. Select a report format from the drop-down
Accessing Reports
After the report is generated, the finished report becomes available in the
Completed Reports panel.
Cq System Summary DOWNLOAD 0 DELETE

Resource summary
Report ID File Name Creation y T
time
—
O
INIT_RPT_ACT_BYTES_PROT_
CU2"
INIT RPT_ACT_BYTES_PROT_CLI2-2021-03-02-
12-31-42
2021-03-02-12-
31-42
P
DOWNLOAD a report
• To retrieve a completed report:

1. Select the report from the list in the Completed Reports panel.
2. Click the DOWNLOAD button.
• To remove a report:
1. Select the report from the list in the Completed Reports panel.
2. Click the DELETE button.
• To view reports of a specific type, select the required type from the list
in the reports pane. Similar reports appear in the Completed Reports
panel.


Fitness Analyzer Guide on the Dell Support website.
Fitness Analyzer Summaries
The data summarized in the navigation pane focus on individual aspects

of the top-level server history as presented on the Overview pane.
Most summaries contain several different levels of reporting breakdown

and graphical analysis, such as data tables, charts, and timelines, to help
adminstrators identify areas for action.
The Overview pane offers the following summaries:
Group Summary
The Group summary tab presents the Group summary report.
The details of the summaries are the following:
• Summary of activities of a group.

• Tabular chart that lists performance statistics.
• Information about client and plugins in that activity. Information
includes the client name and domain, plugin name, start and
completion times, duration, amount of data transferred, and result
codes.
• Backup Timeline tab shows start and stop times of activities.
• Groups Timeline tab shows scheduled start and stop times of activities.
Replication Summary
The Replication summary pane provides statistics about the performance of

replication jobs.

• Presents an overview of replication group activities within the reporting

period.
• The Not Replicated column identifies the number of backups for which
replication is still pending.
Client Summary
The Client summary pane provides statistics that summarize the behavior
and attributes of individual Avamar clients.
• View History page opens to the Statistics tab. The Statistics tab contains
two panels:
− Tabular Report: Display all the recorded client activities over the
duration of the reporting period.
− Graphical Report: A graphical report that breaks down the completion
codes for each job in the tabular report.
• The Backup Timeline tab shows start and stop times of the client
activities.
Proxy Summary
The Proxy summary pane summarizes the performance of entities within a

vCenter environment. The two tabs that are offered are the following:
• Proxy Summary: Offers a high-level overview and statistics of

activities in virtual environments within the reporting period. The
tabular chart lists performance statistics, such as the numbers of
known VMs, containers, VMs within containers, proxies, and
automatically discovered VMs, in each vCenter.
• Proxy Timeline: Offers a graphical report that plots the scheduled
start and stop times for each activity in the virtual environment within
the reporting period. The timeline displays proxy servers and
associated activities in a selected vCenter.

Backup Summary
The Backup summary pane provides statistics that summarize the results of
individual backups on the server. The tabs that are offered are the
following:
• Status Codes: This presents a top-level summary of backups, which

are sorted based on result codes, within the reporting period.
• Error Codes: This presents a top-level summary of backups based on
error codes within the reporting period. Fitness Analyzer displays a
table with a summary of each backup, including the client, plugin,
domain and group, backup type, start and stop times, and related error
codes.
• History: This displays a table with a summary of each backup,
including the client, plugin, domain and group, backup type, start and
stop times, and result codes.
System Summary
The System summary pane provides a detailed breakdown of the server

configuration. The configuration tree provides access to the following:
System Provides descriptive values that apply to the entire

Information Avamar server, such as the number of nodes,
system ID, and hostname.
Network Provides configuration values for the Avamar server

Configuration backup network interface. For multinode servers,
these values are for the utility node. The detailed
node summaries provide more granular information.
Software Provides version information for different Avamar

Versions subsystems.
License Provides a breakdown of the Avamar licensing

Information information, including capacity.

Schedule of Displays the start times for the backup and

Operations maintenance windows, with the associated time
zones.
Additional Provides the configuration status of additional

Avamar Services Avamar features, including whether this server is
configured to replicate data or send email-home
reports.
Miscellaneous Provides the configuration status for monitoring

Services interfaces, such as SNMP.
Detailed Node Provides a detailed breakdown of server status and

Information configuration by node, including hardware platform,
model, part, and serial numbers, network
configuration, operating system version, and logical
node number.
Tip: The summary and related details provide enough

information to identify possible root causes, aid with
server optimization, or serve as direction for more
troubleshooting with Customer Support.
Running Report with Avamar Administrator
The Avamar Administrator tool generates reports for several of the

administrator server database views.

singleO1.emc.edu Avamar Administrator - Manage All Reports™ I~ ° :

x
E 41 reports Run I hew

“t dients
“t MC.SYSTEM Z
Name Title
Activities - DPN Summary DPN Summar *
Activities Exceptions
Activities - Exceptions (Extended) AdMties w/Exc
Activities - Failed Failed AdMtie
Activities - Licensed Bytes Protected Client Licensed Byte
Activities - Licensed Bytes Protected Total Licensed Tota “
AdMties - Licensed Client Stats Detailed been
AdMties - Licensed Plugin Stats Licensed Byte —
AdMties - Plugin Stats Bytes Protede
Avamar Administrator New Reports
To create a report:
1. Select Manage All Reports under Tools.

2. Select the domain and click New.
3. In the New Report window, enter the details46 needed, click OK.
Tip: If the report is intended to be sent as an email

notification, create the report at the root domain level.
46 These necessary details are name, title, and description of the report.
Select the Report View from the drop-down list, and set filter options. After
clicking OK, the Report Name is listed under the selected domain in
Manage All Reports.

Go to: For more information about reports, see the Dell

Avamar Reports Guide on the Dell Support website.
Using Third-Party Reporting Tools with Avamar

Administrator
The Avamar administrator can also use any third-party PostgreSQL-

compliant Open Database Connectivity (ODBC) database reporting tool
that runs on the platform.
Create New Data Source
The Avamar server uses a PostgreSQL database to store the data. The
following are some of the details:

New Data Source PostgreSQL
• ODBC includes Crystal Reports, Microsoft Query, and Microsoft Excel.

Administrators can also access the information with a local or remote
psql tool.

• Filename of Administrator server database: mcdb

• The mcdb is located in:
/usr/local/avamar/var/mc/server_data/postgres
Database Views
MCS database views define the types of information accessible from the
Avamar Administrator. Shown below are some of the supported database
views:
Database Views Description
v_groups Contains a record of each group that is known to

the MCS
v_group_members Contains a record of each client that is organized

by group assignment
v_retention Contains a record of each retention policy that is

policies known to the MCS
v_schedules_2 Contains a record of each schedule that is known

to the MCS
v_node_util Contains a record of node statistics that are

retrieved or calculated per node at a particular date
and time
v_node_space Contains a record of disk capacity data that are

retrieved or calculated per disk, and per node
Accessing Database Views with PSQL
Data in PostgreSQL database on the Avamar server is accessed using

psql:

admin@single02:/root/#: psql -p 5555 mcdb

could not change directory to "/root"
Welcome to psql 8.3.20, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms

\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
mcdb»# select name, dataset_name, schedule_name, retention_name, domain from v_groups;

name | dataset_name | schedule_name | retention_name | domain
+ + + +
fontsGroup |fonts |Default Schedule|Default Retention | /clients
Default Proxy Group|Default Dataset|Default Schedule|Default Retention|/
Default Group |Default Dataset|Default Schedule|Default Retention | /
(3 rows)
psql mcdb
1. Log in to PostgreSQL as administrator.

2. To log in using psql, type psql -p 5555 mcdb.
3. Other useful commands include:
\d Displays all
tables and
views
\d v_groups Shows
columns in
tables
\o /tmp/sample_report_output Redirect
output to a file
Accessing Database Views with Microsoft Query
Microsoft Query is used to access the administrator server database and

prepare reports with the information from database views.

B Bookl - Excel
File Home Insert Page Layout Formulas Data Review View Help Q Tell me what you want to do
X Clear EF Flash Fill |'D Consolidate
Get External
Show Queries
PS^Properties
IL~
Connections A
z
Sort
Reapply B'S Remove Duplicates
Data’
New Refresh
All Edit Links U Filter
X Advanced
Text to
Columns Data Validation ’ f^l Manage Data
Connections Sort & Filter Data Tools
From File
Al
From Database
A E F G H 1 K | L M J N
2 From Azure
3
4 From Online Services
5
6 From Other Sources From Web
7
8
| Combine Queries From SharePoint List
9
10 [J Data Source Settings...
11 From OData Feed
|??| Query Options
12
13 From Hadoop File (HDFS)
14
15 From Active Directory
16
17 From ODBC
From Microsoft Excl
18 Import data from ODBC.
19
From ODBC
20
Sheet! Blank Query

Ready IjDispI
Import data from ODBC
Set up the PostgreSQL ODBC driver on a Windows client. The

parameters for PostgreSQL are:
• Data Source: MCDatabase

• Database: mcdb
• Server: <avamar server name>, where <avamar server name> is the
hostname of the Avamar server
• Port: 5555
• Administrators Name: viewuser
• Password: Configured during Avamar installation
In Microsoft Excel, select Data > Get Data > From Other Sources >
From Microsoft Query, and select MCDatabase as the data source.

Go to: For more information about reports, see the Dell

Avamar Reports Guide on the Dell Support website.

Examine Troubleshooting and Logs
Challenges When Managing Backups
Possible situations that may block a successful backup are the following:
Errors Possible Causes
Network Network issues that interrupt the connection can cause

Errors backup failures.
Client I/O Input/output errors on the client can lead to incomplete

Errors backups as some data is left behind.
High Client High client activity levels can prevent files from being
Activity backed up or backed up in the backup window. These
tasks have Completed with Exceptions as their status.
Operator Certain operator actions, such as rebooting or canceling,

Actions cause backup failures.
Incorrect Backup failures are caused by incorrect or incomplete

Input dataset definitions and retention periods.
Disconnected Data from client machines that may be disconnected

Client from the network can lead to incomplete backups.
Managing Backups Successfully
The following actions help reduce errors and perform successful backups:

Activity Auto-Refresh «3
©0 Activates
Waiting 0 Running © 15 Activities
Completed o
filter activities Oy domain / v Filter activities by duration: Ail »
Status Client Started Processed Bytes Plugin Type
0 Completed wm01 emc edu 2020-03-31 02 05 23 GMT-4 62 32 GB Windows Rie System Scnedued Backup
> 0 Completed ave! emc edu 2020-03-31 02 00 44 GMT-4 114 GB Replicate Repxcation Source
©Competed winOI emc edu 2020-03-31 02 00 01 GMT-4 62 31 GB Windows File System Scheduled Backup
0 Comp eted wm01 emc edu 2020-03-31 0105 23 GMT-4 62 33 GB Windows File System Scheduled Backup
0 Completed winOI emc edu 2020-03-31 0100.01 GMT-4 62 32 GB Windows File System Scnedued Backup
0 Competed wmO1 emc edu 2020-03-30 02 07 02 GMT-4 62 33 GB Windows File System Scheduled Backup
> A Competed w/Exceptoi ave! emc edu 2020-03-30 02 00 14 GMT-4 105 GB RepKate Rep icaton Source
0 Competed wm01 emc.edu 2020-03-30 02 00 01 GMT-4 62 32 GB Windows "lie System Scheduled Backup
0 Completed wm01 emc edu 2020-03-30 0107 02 GMT-4 62 34 GB Windows File Sys 3001 Scheduled Backup
Activity View
Action Description
Monitor Daily Regularly review the Activity window and other backup
Activities activity reports to ensure healthy backups.
Resolve Any Do not ignore exceptions and failures, as it may lead

Exceptions to missing files or data. Check for the following
exceptions.
• Completed with Exceptions: The message indicates
that the backup is complete with files missing.
• Timed Out- End: The status requires special
attention. This indicates a large amount of activity
without any backup data being restored.
• Dropped Session: The status indicates that the
activity was forcefully canceled.
− Client reboot
− More than an hour of communication outage
• Completed: The status indicates that backup was
completed as per defined policies. Ensure that the
policies are defined correctly.

Schedule Ensure that the maintenance activities are scheduled

Maintenance so that they do not overlap with backup activities.
Activities
Possible Client Initialization Issues
Initial backups can be large and may lead to issues with client
initialization. Potential issues include:
Time-Out
If the initial backups are larger than daily backups, initial backups time out
at the end of the backup window that is configured to meet daily backup
requirements. Some errors administrators may see are as follows:
• Overtime must be enabled so initial backups do not time out.

• Partial backups may be created on the server due to timed out
backups. The Avamar completes the partial backups during
subsequent scheduled backups.
• Timed Out status indicates that the client failed to start within the
window. The client is likely to be offline during the backup window
which resulted in this status.
• Timed Out status indicates that the backup started during the window
but did not complete. A partial backup is created.
Network Issues
Initial backups may fail due to network issues in the customer

environment, and manual interventions. Some of these manual
interventions are the following:
• Available WAN bandwidth might limit the backup throughput of large

initial backups that run for long time.
• To perform initial backups across a LAN connection, seed the Avamar
server with the remote client data over a local connection.

• If the backup ends abruptly, partial backups may not be saved. Dell
Technologies recommends breaking the backup into smaller datasets
to avoid such situations.
• Always run a ping test between server and client to validate any
network connectivity issues.
Avamar getlogs Utility

$ ave-01. demo.local - PuTTY
as: admin
keyboard-interactive authentication .
t login: Tue May 3 16:21:29 2022 from 192.168.1.2
£? ave-01 demo local - PuTTY

I* This is an Avamar Virtual Appliance
/hcne/adain/t: Is
I* Please read the documentation before
cert-backup2019-ll-08-12-25-23 cert-backup2020-10-26-07-38-53 egsan duptlme.dat g 3an. out key. pea logs. 220503. 164548. tar"| truncate
cert-backup2020-05-22-20-15-28 cert. pein chain. pec gsan hfsclean logs. 220503.162249. tar EIKrange
I* any administrative functions on this node
/hc«e/acMin/t:|
I* For help, contact EMC at https : //support .«
Example of getlogs command
The Avamar server has server log files that may help an administrator
troubleshoot an Avamar server.
By default, the Avamar storage process log file (gsan.log) is limited to

25 MB in size and always contains the most recent information. Additional
historic log files (for example, gsan.log.1, gsan.log.2, and so forth)
might also exist. Administrators can collect and view these log files by
using command-line operations.
The output of the getlogs script is a single tar file that contains the
compressed logs from all nodes.

Client Logs
Client logs on the client machine provide information about the backup
and restore operations.
Client Log Locations
Depending on the platform, client logs are located in the following

directories:
cal Disk (C:) Program Files avs var v C Search var /
Name Date modified 1 ype Size
X clientlogs 3/31/2020 2:05 AM File folder

lockf 6/19/2019 5:14 AM File folder
Ji update 3/16/2020 9:32 AM File folder
_ agentsettings.xml 3/23/2020 11:58 AM XML File 1 KB
P avagent.cfg 3/25/2020 4:47 AM CFG File 1 KB
p avagent.log 3/31/2020 6:00 AM Text Document 268 KB
P cid.bin 3/25/2020 4:47 AM BIN File 1 KB
P f_cache.dat 3/26/2020 2:54 AM DAT File 22,529 KB
P f_cache2.dat 3/31/2020 2:10 AM DAT File 531,007 KB
P p_cache.dat 3/31/2020 2:10 AM DAT File 98,305 KB
I sqlmeta.xml 7/2/2019 10:47 AM XML File 5 KB
1 view-tilelist.xml 7/2/2019 10:47 AM XML File 4 KB
J view-plugin.xml 7/2/2019 10:47 AM XML File 6 KB
| view-redirect.xml 7/2/2019 10:47 AM XML File 15 KB
Avamar Windows client logs
• Windows
Work order: %SystemDrive%\Program Files\avs\var\clientlogs\
Agent: %SystemDrive%\Program Files\avs\var\
Console: %APPDATA%\Avamar\
• Linux and Mac
Work order: /usr/local/avamar/clientlogs

Agent: /var/avamar/
Linux: $HOME/

Mac: $HOME/.avamardata/
Avtar Logs
The avtar logs are labeled: <backup_label>-<plugin>.log. Listed below are

the formats of a few of the logs:
• Scheduled backups:
− <Schedule name>-<Group name>-<Unix time in msec>
• Ad hoc group or client backups using a defined group policy:
− <Group name>-<Unix time in msec>
• Ad hoc backups that are performed through Backup and Restore:
− MOD-<Unix time in msec>
− MOD stands for Management On Demand

• Ad-hoc backups performed through the Avamar Backup Now client
interface on Windows clients
− COD-<Unix time in msec>
− COD stands for Client On Demand

• Command-line executions of avtar: avtar.log or specify a log file
name with --logfile
cid.bin
The cid.bin file is essential for the client to communicate with the Avamar
server.

Mame Date modified Type Size
clientlogs 3/31/2020 2:05 AM File folder

j, lockf 6/19/2019 5:14 AM File folder
X update 3/16/20209:32 AM File folder
agentsettings.xml 3/23/2020 11:58 AM XML File 1 KB
, avagent.cfg 3/25/2020 4:47 AM CFG File 1 KB
. avagent.log 3/31/20202:01 PM Text Document 277 KB
cid.bin 3/25/2020 4:47 AM BIN File 1 KB
I f_cache.dat 3/31/2020 9:22 AM DAT File 22,529 KB
, f_cache2.dat 3/31/2020 2:10 AM DAT File 531,007 KB
cid.bin - Notepad
File Edit Format View Help
-°
avel.emc.edu
2512d2f536d492c2a5b6b37cd82cll0aa47ba9
f41584352822
Avamar Windows client cid.bin
• This file is located in the installation location /var on the client machine.
− Windows: C: \Program Files\avs\var

− Linux: /usr/local/avamar/var
The cid.bin file contains the following:
• Name of the Avamar server

• Client ID (CID)
• UNIX time of the creation of the file
Miscellaneous Logs
Other logs that may must be examined are the following:
• Work order logs: Provide detailed information about a specific task.

• avagentlogs: Provide information about the status of all backup and

restore activities.
• avscc logs: Provide information about the performance of the user
interface.
MCS and CRON Logs
The Management Console Server (MCS) database is read-only access

and is intended for reporting or query purposes. Avamar stores the server
data a PostgreSQL database management system in a file mcdb on the
utility node in the
/usr/local/avamar/var/mc/server_data_postgres directory.
This file is backed up and can be used to restore the MCS in case of
failure.
Avamar server logs include mcserver.log*,flush.log*,and

restore.log. Administrator server logs are located in
/usr/local/avamar/var/mc/server_log on the utility node.
Logs for activities run the cron include health_check.log and replicate.log.
The logs for activities are located in /usr/local/avamar/var/cron on
the utility node.
Use the following activity to look at server logs.
The web version of this content contains an interactive activity.
Use the following activity to look at cron logs.
The web version of this content contains an interactive activity.

Maintenance Activity Logs
The avmaint and dumpmaintlogs commands allow the administrator to

view the contents of the otherwise hidden /sysinfo/log directory. The
avmaint and dumpmaintlogs commands must be used to view these logs,
since the directory, /sysinfo/log, is not available to the regular file
system.
Checkpoint, HFS check, and garbage collection are in the persistent store
in /sysinfo/log.
The following are some example of these commands:
• To create a file containing checkpoint logs for February 2022:

− avmaint cat /sysinfo/log/2022/02/cp >
cpfeb2022.log
• To create a file containing garbage collection activity of the previous
day:
− dumpmaintlogs --days=1 --types=gc >
gcyesterday.log
• To view HFS activity from April 2022:
− avmaint cat /sysinfo/log/2022/04/hfscheck | view

-

Appendix
Garbage Collection
Last Garbage collection status OF ©
BYTES RECOVERED 0
CHUNKS DELETED 0
ELAPSED TIME 05
END TIME 1969-12-3119:00 00 GMT-5
INDEXSTRIPES PROCESSED 0
INDEXSTRIPES TOTAL 0
MEGABYTES RECOVERED 0MB
NODE COUNT 1
PASSES 1
RESULT OK s/
START TIME 1969-12-3119:00 00 GMT-5
Garbage Collection Summary
Garbage collection is the process of removing unused chunks from

backups that have expired, freeing up capacity on the Avamar server.
Types of backup data that may be deleted during garbage collection
include expired backups, deleted backups, and partial backups47 older
than seven days.
47A partial backup is when a backup did not complete in a backup window
or had errors during a scheduled backup.

Glossary
Asynchronous
Asynchronous crunching is a process that reorganizes data inside stripe
files to eliminate empty spaces created by garbage collection.
Avamar Server
An Avamar server is a logical grouping of one or more nodes that are
used to store and manage client backups. The server also provides
processes and services that are required for client access and remote
system administration.
Change Block Tracking (CBT)

CBT backs up only the blocks that have changed, rather than backing up
every block of every VM in the infrastructure.
Critical Disk
A critical disk is defined as one that contains operating system files or
application services. Dell Technologies recommends any application data,
such as database or Exchange files, be on a separate disk.
EMT
The Avamar EM Tomcat server (EMT) provides essential services that are
required to display, and work with Avamar server.information. The EMT
communicates directly to the MCS and is required for all Avamar systems.
GSAN
Global Storage Area Network, also known as the Avamar server
subsystem. The GSAN process communicates with the Avamar clients.
LDAP Map
LDAP map is an association between an LDAP user group and an Avamar
domain and role.
MCDB

The MCDB is the MCS database file, and it is only located on the utility
node (usr/local/avamar/var/mc/server_data/postgres. This file is used for
restoring the MCS in case of failure. The MCS database is intended for
read-only access for reporting or query purposes. Do not manually modify
any data in mcdb tables unless instructed to do so by Avamar Support.
MCS
The Avamar MCS (Management Console Server) provides centralized
management including scheduling of backups, restore of backups,
monitoring and reporting. When administrators open the Avamar User
Interface, they are interacting with the MCS.
MCS
Provides centralized administration (scheduling, monitoring, and
management) for the Avamar server.
PostgreSQL
PostgreSQL is an open-source Relational Database management System
(RDMS). Avamar uses the PostgreSQL to store data. The information in
the Avamar database is accessible through any PostgreSql compliant
ODBC interface.


CXM-LTechnologies
DELL AVAMAR INSTALLATION AND

MAINTENANCE
PARTICIPANT GUIDE
PARTICIPANT GUIDE
Dell Avamar Installation and Maintenance- Participant Guide

Table of Contents
Dell Avamar Installation and Maintenance 5
Exploring the SolVe Desktop and Avamar Data Store Documentation 6

Dell SolVe 6
Dell EMC Avamar Data Store Documentation 7
Prerequisites For Installation 8
Exploring the Avamar Hardware Gen4T 12

Avamar Data Store Connections 12
Avamar Gen 4T ADS Hardware 14
Dell PowerProtect DP Series Appliance DP8300 and DP8400 20
Analyze Avamar Data Store Networking 22

Analyze Avamar Data Store Networking 22
Multi-node Internal Network Cabling 22
Avamar Data Store Networking 25
Setting up Internal Networking 32
System Tools and Firmware 38
Advanced Network Configuration 41
Install Avamar Datastore 43

Install the AvInstaller 43
Move Installation Packages 44
Install Avamar Software 46
Callable Avamar Workflow Packages (AVP) 48
Post Installation Configuration 49
System Utility Commands for Implementation 51
Avamar Operating System (OS) Kickstart 55
Replace Avamar Node 57

Types of Replacement 57
Node Replacement Commands 59

Discovering Node Numbers 60
Prerequisites - Node Replacement 61
Utility Node Disk Transplant 61
Utility Node Full Replacement 62
Storage Node Disk Transplant 65
Storage Node Replacement 66
Add Avamar Nodes 69

Avamar Node Addition Overview 69
Required Software for Node Addition 69
Avamar Server Dynamic Load Balancing 71
Node Addition Commands 72
Node Addition Process 73

Exploring the SolVe Desktop and Avamar Data Store Documentation
Dell Avamar Installation and Maintenance

Exploring the SolVe Desktop and Avamar Data

Store Documentation
Dell SolVe
• Generate Procedures: Procedures for installation, upgrades, FRUs,

and so on. SolVe Desktop is updated periodically and has the most
relevant procedures.
• Customize Procedures: When launching, SolVe prompts for various
information relating to a task, including software versions, customer
requirements, and installation options. A customized procedure is then
created based on this information. It is necessary to generate a new
procedure for every installation.

D0LLTechnologies A SolVe Desktop

D0LLTechnologies So
APEX Atmos
Click to install this generator Click to install this generator
Celerra Centera < 1/2 > (J) New Netwoi

Cloud Disaster Recovery CloudBoost

Avamar
Connectrix CPSD Converged Infrastructure
Data Domain Virtual Edition

Click to install this generator
Data Protection Advisor
Click to install this generator > Connectivity
Dell EMC Unity
Dell Networking
> Install
ECS Gateway Connectivity > Upgrade
> Avamar Virtual Edit

> Replacement Proct
SolVe Desktop > Service Procedures

> Miscellaneous
> Reference Material
SolVe Online
Tip: Users can also access the SolVe online version which
contains all the procedures as SolVe desktop. For other
documents, see the Dell Support site.
Dell EMC Avamar Data Store Documentation
The following manuals and guides are available on the Dell support portal:

D0LL technologies Search Dell Support Q G Contact IM 'K Cart * A Sign in

- > us?tN -
Product* Solutions Services Support * Convnuraty
ft > S*_CC<*1 > PTOCUCl SJDpXt
Avamar Data Store Gen4T

Avamar is a deduplication backup and recovery software/nardware system win a cient-soe
9»bal deduplication technology Enabling you to delete redundant backup data on a cwm
before storing data
Change proaxt
Overview Drivers & Downloads Documentation Advisories
Access support customized for your product Quick links
Dell Support
Comprehensive Reference Guide
Site Prep Technical Specifications
Customer Installation Guide
Customer Service Manual
Product Support Bulletin
Prerequisites For Installation
Required Tools
Before going onsite to install the Avamar GEN4T, the following is needed:
• Laptop with min Windows 10 operating system

with the following:
− Putty
− WinSCP
• USB memory stick
• Cat6 Ethernet cable
• Null modem cable

• USB to RS-232 adapter

• Customer number (Customer ID) and Reference ID ( Asset reference
ID)
Other items that may be needed are tie straps, Phillips screwdriver, and
labels for cables.
Required Files
For installing single or multi-node server all the of

the following are involved installing the hardware.
Avamar software and Utility GEN4T Patches and Hotfixes

Files System
Tools

• AvamarBundle_<OS>- • gen • DellSwitchMonitoring_

<version>.zip, which 4t- HF307221.avp
includes: sys
• DellSwitchMonitoring_
-
HF307221.avp.sha256
− avinstaller- VER
bootstrap- SIO • ADS_network_test_SLES
<version>.<OS>.x8 N.z -<version>.run
6_64.run ip • ADS_network_test_SLES
− dpnnetutil- -<version>.run.sha256
Whe
<version>.run
re Where <version> is the
− AvamarDownloaderS <ver latest version of the ADS
ervice-windows- sion network test script that is
x86_<version>.exe > is available from the links in
(32-bit version) the SolVe Desktop.
lates
− AvamarDownloaderS
t
ervice-windows-
versi
x86_64-
on
<version>.exe
(64-bit version) of
the
− ADS_Gen4_switch_c ADS
onfig_01- netw
<version>.zip ork
(applicable to test
Avamar 19.2 and scrip
earlier) t
− ADS_network_test_ that
SLES- is
<version>.run avail
able
− AvamarInstallSles from
-<version>.avp the
− AvPlatformOsRollu links
p_<release>.avp in
SolV
Where <version> is
e
the latest version of
Des
the ADS network test
ktop.
script that is available
from the links in SolVe
Desktop.
Customer Supplied
Hardware installation activities require the following information from the

customer:
• Hostnames and IP addresses for the external
H (customer/backup) network interfaces of all Avamar nodes

and servers.
• For multi-node servers, hostnames and IP
addresses for the internal network interfaces of all Avamar nodes.
• Hostnames and IP addresses for the network interfaces of all NDMP
accelerator nodes.
• Gateway, netmask, and domain for all Avamar nodes and servers.
• IP addresses for all remote management console (RMC) ports.
• IP addresses for all remote management console (RMC) ports.
• Hostname and IP address for an SMTP server.
• Hostname and IP address for one or more:
− Network Time Protocol (NTP) servers

− Domain Name System (DNS) servers
Important: Refer to the latest documentation on the SolVe

Online or SolVe Desktop for latest supported information.

Exploring the Avamar Hardware Gen4T
Avamar Data Store Connections
Warning: Racking the servers requires two people for

installation into the rack.
Installation Overview
The goal of the Avamar Data Store Hardware Installation process is to

have an Avamar server that is racked, cabled, powered on with network
connectivity and loaded with Avamar software installation files.
Below is a high-level overview of the Avamar Data Store hardware

installation process:
1. Install the nodes1 into the rack and perform internal network cabling.
Some larger systems will already be in the rack and pre cabled,
pending customer needs.
2. Configure initial network configuration.
1 A node is the primary building block in any Avamar configuration. Each

node is a self-contained, rack-mountable, network-addressable server that
runs Avamar software on the Linux operating system. All Avamar nodes
are Domain Name System (DNS) clients.

3. Copy the Avamar software packages.

4. Test the internal switches.
5. Set IP addresses and other basic networking for each storage node.
6. Run the dpnnetutil command to configure advance network
settings.
7. Install the System tools and Firmware.
8. Connect to the customer network.
Node Placement
All the Avamar nodes must be placed in the rack. Typically, nodes are
installed in a Dell Titan rack, but an existing customer rack may also be
used.
Multinode racking
For a multinode system:
1. Place the utility node at the bottom of the rack.

2. Place the storage nodes above the utility node.

3. A spare node is placed on top of the storage nodes, below the

switches.
4. Switches are located at the top of the rack, leaving a 1U space
between them.
Avamar Gen 4T ADS Hardware
Avamar Data Store (ADS) Overview
Avamar Data Store (ADS) is the physical hardware edition of Avamar. The
Avamar Data Store has the following features:
• The Avamar Data Store is a prepackaged solution that includes the

Avamar software that is installed onto approved hardware.
• Based on the number of nodes used, an Avamar Data store is
deployed in either single-node or multi-node configurations2.
• The nodes are available in several different capacity options. These
options allow for flexibility in the types of Avamar server environments
that can be built.
Initial configurations range from four to eighteen nodes, one utility node
plus a maximum of sixteen active storage nodes and one optional
spare storage node.
2In a single-node setup, the single node performs all Avamar functions.
Whereas in a multi-node configuration, a group of nodes work together as
a single Avamar server.

− Initial configurations range from four to eighteen nodes, one utility

node plus a maximum of sixteen active storage nodes and one
optional spare storage node.
Avamar Data Store (ADS)
Avamar Data Store is the physical hardware edition of Avamar. The

Avamar Data Store has the following features:
Avamar node types and configurations

Prepackaged Multiple Configurations Capacity Options

Solution
The Avamar Data Based on the number of The nodes are

Store is a nodes3 used, an Avamar available in several
prepackaged solution Data store can be different capacity
that includes the deployed in either single- options. These
Avamar software that node or multi-node options allow for
is installed onto configurations4. flexibility in the types
approved hardware. of Avamar server
environments.
Avamar Single-Node
Avamar Single-Node Server is a self-contained server that is made of only

one node. The following are the features of an Avamar Single-Node
Server:
3 A node is a self-contained, rack-mountable, network-addressable system

consisting of both processing power and hard drive storage. Nodes run
the Linux operating system, and the Avamar server software runs on the
Linux operating system.
4 In single-node setup, a single node performs all Avamar functions.
Whereas in a multi-node configuration, a group of nodes work together as

a single Avamar server.

• Hosts utility and storage components: The node hosts the

Administration Server, also known as Management Console Server
(MCS), which manages the Avamar server. The single-node server
also hosts the GSAN process, which manages backup data.
• Replication required: If a single node server fails, its data becomes
inaccessible or lost. Hence, single-node servers require replication.
However, there are two exceptions.
− The S2600 single-node server, also known as Business Edition

single-node server, has RAID 6 protection. So, it does not require
replication.
− A single-node server with an integrated PowerProtect DD appliance
may be configured to backup Avamar checkpoint data to the
PowerProtect. A single-node server with such a configuration does
not require replication.
Single-Node Supported Hardware
With the Gen4T version of hardware, there are four options for a single-
node Avamar Data Store:
M600 M1200 M2400 S2400
• Licensable • Licensable • Licensable • Licensable

capacity: 2 capacity: 3.9 capacity: 7.8 capacity: 7.8
TB TB TB TB
• No. of disks: • No. of disks: • No. of disks: • No. of disks:
4 6 8 8
• RAID 1 • RAID 1 • RAID 1 • RAID 6
• Contains 1 • Contains 1
solid-state solid state
drive drive
Avamar Multi-Node
A multi-node Avamar server contains two types of nodes:

Multiple node options
• Utility Node: The utility node is dedicated5 to scheduling and

managing background Avamar server jobs. It uses its own node type,
which has only two disks of 2 TB each.
− The hostname and IP address of the utility node is the identity of
the Avamar server for access and client/server communication.
• Multiple Storage Nodes: A minimum of three storage nodes are
required to build a multi-node server. Backup data load is balanced
across multiple storage nodes. Storage nodes use the same hardware
resources as a single-node server: The M600, M1200, and M2400.
− Same as the single-node, allowing each node to have licensed

capacities of 2.0 TB, 3.9 TB, or 7.8 TB.
5 Because utility nodes are dedicated to running these essential services,

they cannot be used to store backups.

− In a multi-node environment, the S2400 “Business Edition” node

hardware cannot be used as a storage node.
All storage nodes in a multi-node server must be of the same model,
generation, and capacity.
Racking a Multi-Node Server
A multi-node server consists of:
• One utility node

• 3-16 storage nodes: Storage nodes must all be of the same capacity.
Combining different capacity types in a single Avamar server is not
supported. Optionally, a spare storage node can be added to a multi-
node server. This allows for faster node replacement and expansion.
• Two internal network switches: Every multi-node server has two
internal network switches that facilitate communication between nodes.
These switches are redundant so that the failure of one switch does
not stop the Avamar server.
When assembling the Avamar server,6 place the components in the

following order:
1. Utility node is placed at the bottom.

2. Storage nodes are placed above the utility node, starting at the bottom.
3. Internal switches are placed at the top with an empty spot in the middle
for the power cables, which can also be used for future expansion.
6 Most larger systems will shipped in the rack and may not need to be
racked or assembled.

Avamar NDMP Accelerator
The Avamar NDMP Accelerator is used as a bridge between an Avamar

server and an NDMP-compliant NAS device. An Accelerator node can be
a virtual server that mimics the physical node but has specific resource
requirements.
An NDMP accelerator is the following:
2 Disks of 2TB capacity with RAID 1
NDMP Accelerator
• Is used to backup data from a NAS storage device.

• Does not store data from the NAS device.
• Can support multiple NAS storage devices.
• Has disk configuration identical to the utility node.
• Is placed above storage nodes in the Avamar rack.
Dell PowerProtect DP Series Appliance DP8300 and

DP8400
In Dell PowerProtect 8300, the utility node is placed on top of the NDMP
accelerator, with the storage nodes above it. The Avamar switches are
placed at the top of the rack, just below the Dell PowerProtect switch.

In PowerProtect 8300, the utility node is placed on top of the NDMP

accelerator, with the storage nodes above it. The Avamar switches are
places at the top of the rack, just below the Dell PowerProtect switch.

Analyze Avamar Data Store Networking
Multi-node Internal Network Cabling
Connect Power Supplies
Connect both power supplies on each node to the power distribution units
(PDUs). The top power supply on each node connects to the PDU on the
left, and the bottom power supply on each node connects to the PDU on
the right.
Cable ties are used to combine and tie the power cables together.
Depending on whether the power is single-phase, three-phase delta, or
three-phase, the exact receptacle on the PDU used for each node varies.

PDU Connections
Multi-node Internal Network Cabling
For a multi-node server, there are two network cable bundles, one for
each switch:

Switch A Switch B
• Connect the first bundle to the • Connect the first bundle to the
bottom switch A. bottom switch B.
• Fasten the cable bundle to the • Fasten the cable bundle to the
left wall of the rack. right wall of the rack.
• Attach the individual cables to • Attach the individual cables to
the SLIC1NIC2 port of the SLIC1NIC3 port of
appropriate nodes. appropriate nodes.
Fastening the cable bundle to the wall of the rack transfers the load of the
cables to the wall from the switches.
Avamar Data Store Networking
Avamar Network Connections
Several connections must be made with the data store in an Avamar

system. These connections include:
• Connection from Avamar server to network switch of the customer.

• Internal Avamar network connections between the Avamar nodes and
the Avamar switches.
• Replication and management traffic connections.7
• Remote Management Console (RMC) connections.
Single-Node Networking
On a single-node server, the connection requirements are:
7Some replication setups can contain replication and management traffic

on separate networks.

Single-node networking
• One connection to the network switch of the customer; SLIC0NIC1 port

is used for high availability.
• SLIC0N1C0 and SLIC0NIC1 are bonded as bond0.
• SLIC0NIC2 is used for replication; SLIC0NIC3 facilitates high

availability.
• SLIC1NIC0 is used to separate management and administration traffic;
SLIC1NIC1 facilitates high-availability.
Multi-Node Networking
Multi-node servers use the same ports as a single-node server with the
following changes:

Switch B
Avamar multi-node networking
Internal Connections: All nodes connect to both internal

Avamar switches.
• SLIC1NIC2 connects to internal
Switch A, at the top.
• SLIC1NIC3 connects to
internal8Switch B, at the top.
8An easy way to remember this is that the top NIC of SLIC1 on the node
connects to the top switch.

Customer Connections : All nodes connect to these ports

using SLIC0NIC0 and SLIC0NIC1.
• SLIC0NIC0 connects to the
Since each node has at least one
customer switch. connection to the customer switch,
• SLIC0NIC1 connects to a ensure that the customer has
enough ports available.
second switch for high
availability.
• All nodes connect to these ports
using SLIC0port 1 and SLIC0
port 2.
Bonds: The customer connections are

bonded together as bond0, and
• Customer connections are internal connections are bonded
bonded together as bond0. together as bond1. Each bond has
• Internal connections are bonded its own IP address. These bonds
together as bond1. are on the operating system only
and are Active/Passive.
Replication and Management

If the customer requires separate
traffic:
connections for replication and
• SLIC0NIC2 and SLIC0NIC3 are management traffic, connections
are only made on the utility node.
used for replication.
Avamar uses the same ports as in
• SLIC1NIC0 and SLIC1NIC1 are the single-node configuration.
for management.
Port Labeling
In an Avamar system, each node has two Subscriber Line Interface Card
(SLICs) that provide four NICs each.
The port labeling mechanism is as follows:

SLIC1NIC0
Port labeling
• The SLICs are named SLIC0 on the left, and SLIC1 on the right.
• The ports on SLICs are named NIC0, NIC1, NIC2, and NIC3, from the
bottom to top.
• Ports are named by combining the names of SLIC and NIC. The
customer connections are bonded together as bond0, and internal
connections are bonded together as bond1. Each bond has its own IP
address and these bonds are on the OS only and are Active or
Passive.
• The NICs are located on the rear I/O panel.
− The NICs on left side of the rear I/O panel are used for dedicated
RMC connections.
− The NICs on the right of the rear I/O panel are used for shared
RMC connections.

ADS Internal Switches
Multi-node Avamar servers have two Dell N1124T switches for internal
networking, a primary switch A and secondary switch B for failover
functionality.
The functionalities for these switches are the following:
Dell N1124T Switch
• The utility node is connected to both switches through port 1.

• Storage nodes connect to both switches using ports 2 to 18.9
• Ports 21 and 22 are used for crossover connection between the two
switches.
• Port 24 is reserved as a service port.
• The internal switches do not connect to the customer network.
RMC Options
Remote Management Console (RMC) is a service in each node that

provides tools to monitor, troubleshoot, and potentially repair any node
over the network.
RMC can use either a shared or a dedicated port:
9 The storage nodes should be connected in the order that they are in the
rack, from bottom to top. For example, storage node 1 at the bottom of the
rack connects to port 2, storage node 2 connects to port 3.

RMC Dedicated RMC Shared
RMC share or dedicated
Dedicated Typically RMC uses a dedicated RMC port10 on each node. In

(Left Port) this case, the RMC connection is made to the port on the left
of the rear I/O panel.
10 This port is dedicated to RMC and does not work for anything else.

Shared RMC can work without using additional ports. In this case,
(Right RMC can share a port with backup traffic. The RMC shared
Port) port on the right is enabled for RMC and also mapped
internally to eth0 for regular network use. The backup
connection is moved from SLIC0NIC0 to the RMC shared port

for all nodes.
If high availability is required, the secondary connection on all
nodes is made to SLIC0NIC0. Since the backup connections
now use eth0 and eth1, rather than eth1 and eth2, the
bonding configuration has to be changed as well.
The internal connections, replication, and management connections

remain the same whether the RMC port is shared or dedicated.
Setting up Internal Networking
Important: Check for any updated procedures in the SolVe

Desktop.

Power On and Serial Connections
Power on each node after the nodes are racked and cabled. To power on
a node11, press the reset/power button on the rear I/O panel with a tool or
paperclip. Once the nodes are powered on, on the utility node or single-
node:
Setting up Serial on PuTTY
• Connect a laptop to the serial port. (The nodes have no local ports for
a keyboard or mouse)
• Use PuTTy to connect and configure serial connections. Configure the
PuTTY for serial connections and linux keyboard as shown here.
• Log in to each node as user root with password of changeme.
11The order in which the nodes are powered on is not important since
they do not have any Avamar software installed. They are individual nodes
with an SLES operating system installed.

Modifying Bondconf.xml
If the customer chooses to use shared RMC ports, the bonding

configuration file12 must be modified. To modify the bondconf.xml file:
<?xml version® ' 1 .0' encoding®'UTF-8'?>

<bondconf platform="gen4t">
<nodes>
<node server="multi">
<interface name®"bondO" type="bond" use®"backup" />
<interface name="bondl" type="bond" use®"internal" />
<interface name="bond2" type="bond" use="replication" />
<interface name="bond3" type="bond" use="management" />
</node>
<node server="single">
<interface name="bondO" type="bond" use="backup" />
<interface name="eth3” type="eth" use="replication” />
<interface name="eth5" type="eth" use®"management" />
</node>
</nodes>
<bonds>
<bond name="bondO" mode="l">
<slave>ethO</slave>
<slave>e thl</slave>
</bond>
bondconf.xml
Access the file in the location <install_directory>/var.
Ensure that the entry for the backup network, bond0, includes the proper
port names.
If shared RMC is used, change the entries to eth0 and eth1.
12By default, the eth1 and eth2 network ports are bonded together for the
backup network as bond0. However, if the customer chooses to use
shared RMC ports, the backup network uses eth0 and eth1 instead. In this
case, the bonding configuration file has to be modified.

Modify the bondconf.xml file on storage nodes.13
Basic YaST Network Configuration
The YaST configuration utility is used to configure basic networking for

the primary backup network port. On the utility or single node:
Network Card Setup

General Address — Hardware
—
Device Type Configuration Name

Ethernet |t|||H|l cthi|||||||||||IH»llllllllllll»IIIHIIIII
( I No Link and IP Setup (Bonding Slaves) I I Use iBFT values
( ) Dynamic Address
dhcp||H||III|i DHCP both version 4 and 6|A
(x) Statically assigned IP Address
IP Address Subnet Mask Hostname
192.168.1.12|||||||| Z24IIIIIIHIIIIIIIHI !I
rAdditional Addresses
[Alias Name|IP Address|Netmask
I Add 1 1 Ed i t HDe lete 1
(Help) IBackl (Cancell (Next!
fi inn F3 an fs arrsil fio
YaSt Configuration Window
1. Run the yast command.

2. From the main menu, select Network Devices and Network Settings.
13The user can modify them manually or copy the bondconf.xml file from
the utility node once networking has been configured on all nodes.

3. Select the primary backup port and edit it. For dedicated RMC
configurations14, the primary backup port is eth1.
4. Set DNS parameters and gateway information.
Configure Storage Node Networking
In a multi-node server, the storage node networking must be configured.

For shared RMC, change port assignments15 for the backup network in the
bondconf.xml file. bond0 is assigned ports eth0 and eth1, instead of
ports eth1 and eth2.
Network Settings
</node>
—
rGloba 1 Opt ions Overview — Hostnane/DNS — Routing—
Nane IP Address Device Note
</nodes>
<bo.n.ds> Ethernet Network Card
Linernei nctworK carci
ffilll
ethd
<bond name="bondO" mode="l"> Ethernet Network Card eth3
Ethernet Network Card eth4
<slave>ethl</slave> Ethernet Network Card eth5
Ethernet Network Card eth6
<slave>eth2</slave>
</bond> 1
V J Ethernet Network Card
MAC 00:50:56:01:27:4b
3
PusID 0000:02:01.0
f1
[ Add IQOQ1I Delete]
(— J
(Help] (Back) (Cancc 1J [ OK ]
nwi f < m 7ki fs ansa fm mm
Network Settings with Yast
Use the yast utility to set the IP Address, subnet mask, hostname, DNS
parameters, and gateway. Ensure that the primary ports connected are
correct - eth1 for dedicated RMC and eth0 for shared RMC.
14 For shared RMC configurations, the primary backup port is eth0. Also
provide an IP Address, subnet mask, and hostname.
15 Modify the bondconf.xml file manually or copy the already modified file
from /usr/local/avamar/var/ folder of the utility node.

Transfer Installation Files
For the complete installation to take place, the installation files and their
md5sum files must be transferred to the utility node, or the single node
server. Transfer files to the directory /usr/local/avamar/src/ on the
utility node or the single-node. The files include:
1. Installation AVP package.

2. Operating system security updates.
3. The Avamar bundle zip16 file.
After the file is successfully transferred, perform the following:
1. Run an md5sum check on each file to ensure that they were not
corrupted.
2. Extract the Avamar bundle .zip file.
Test Internal Networks
Test the internal network security of the system by running the Network
Test Script17.
16 The Avamar bundle zip file includes different installation files including
the avinstaller-bootstrap file, dpnnetutil, and the network test script.
17 The Network Test Script is extracted from the Avamar bundle. This
script must be run on multi-node installations. It will ensure that all internal
network connections have been made to the right ports on the right
switches.

Success Failed
Interface:eth8:; MAC Address:c...>; Vendor:CLARIION ; ## Neighbors IPv6 responses to IPv6 check
Link detected:yes; Speed:1Gb; Duplex:full; Auto ##
negotiation:on 11 neighbor responses were received from
WARN: No link detected in eth2: MAC:<...>, this is Switch A
cabling error or non HA configuration of backup network 10 neighbor responses were received from
.
of host <. .> Switch B
HINT: Check cable, port eth2: MAC:<...> settings on host ERROR: Switch A and Switch B have a
<...> and corresponding switch port different count of neighbor nodes
Verifying link presence and connection quality, RESULT:
PASSED #### There're some ERROR with the network
configuration. ####
RESULT: PASSED
### Congratulation^jj^^j^rs found in the network

configuration with|7 nodes.!###
END Netconfig Report Switch A: 192.168. 255. 200
For the more detailed log, please see
/tmp/netconfig/tmp/workf low.log Switch B: 192. 168. 255. 201
Example of Network Test Script
A successful test reports that no errors were found and it will also report
the correct number of storage nodes, including the spare if one is present.
For example, if four nodes are connected to both switch A and B and the
report matches, and then the cabling is correct and the network is working.
In the case of a failure, repeat the procedure.

For example, if seven nodes are connected to switch A, but only 6 are
connected to switch B, it is most likely that one of the nodes was not
connected to switch B.
System Tools and Firmware
Install system tools, update firmware, and configure power button for each
node.
Install System Tools
A few system tools are not preinstalled in the Gen4T operating system. To
Install these tools on each node, perform the following steps:
1. Upload the system tools .zip file to the node.

2. Extract the .zip file.
3. Run the install script.

unzip gen4t-sys-<version>.zip
cd gen4t-sys-<version>
./avsetup.sh
Update Firmware
Update each node’s firmware to the latest version by performing the

following steps. Firmware updates must be placed on a hidden FAT32
partition called “/firmware”.
mount /firmware
rm -rf /firmware/*
cd /firmware
cp -p /usr/local/avamar/src
/Avamar_EMC_l705.zip .
unzip Avamar_EMC_l705.zip
reboot
1. Upload the firmware .zip file.

2. Mount the hidden firmware partition.
3. Extract the contents of the .zip file into that partition.
4. Reboot the node to apply the changes.
5. Repeat the steps for all nodes.

Configure Power Button
Configure the power/reset button18 behavior on nodes using the

command: ipmitool raw 0x30 0x82 0x01 0x01 0x040x04
ipmitool raw 0x30 0x82 0x01 0x01 0x04 0x04
Tip: SolVe Desktop provides download links for the required

files.
18Configure the power/reset button using iptimool command. This will

configure the button to reset the node if it is pressed for less than 10
seconds; the button will power off the node if it is held for more than 10
seconds.

Advanced Network Configuration
./dpnnetutil-<Version>.run
dpnnetutil
Pre-product ion Conf igurat ion

♦module a4dpn222
-Suntnary: 1 utility
-Timezone: Amer lea/ Los_Ange les
-Network: DNS: 10. 6.254 . 4; 2nd DNS: 10. 6.254 . 5
Domain: asl. lab.emc.com; Gateway: 10.6. 199. 1
-NATed: 155.16.45.100, 155.16.45.101
Enter the VLAN id (number m range 1..999) available m the interface bondO
(leave blank to continue)
<show details> Cancel
Some advanced network configurations require you to run the

dpnnetutil utility. Use the dpnnetutil utility in the following
circumstances:
• The customer needs support for VLAN interfaces.

• The customer uses Network Address Translation (NAT).
• The customer uses Custom hostnames.
• The default Avamar internal subnet conflicts with the customer
network.19
19If the default Avamar internal subnet of 192.168.255.1/24 conflicts with

the customer network, then dpnnetutil can configure a new subnet.

Dpnnetutil is a part of the Avamar Bundle .zip file. To use it, install the
utility from its .run file, and run the dpnnetutilutility tool.20
Note: SolVe Desktop provides updated procedures for the

task. For more information, see the document Avamar Data
Store Gen4T Platform Hardware Installation Proceduresin
SolVe Desktop.
20 The dpnnetutil prompts for various networking information including the

internal subnet, NAT, VLAN, and hostnames.

Install Avamar Datastore
Install the AvInstaller
An important software component that resides on the utility node is the

AvInstaller software (also referred to as avi). This service installs Avamar
.avp software packages.
Step 1
Using PuTTY, establish an SSH session to the server, and log in as the
admin user. Perform the following:
1. Change to the root user by typing the command: su -

2. Change directory by typing the command: cd
/usr/local/avamar/src/
WinSCP
Step 2
Make sure the files are in place by performing the following:
1. Verify that the required files exist by typing command:

ls -l AvamarInstallSles* AvamarBundle*
AvPlatformOsRollup*
2. If any of the required files do not exist, copy them using a USB device,
or download them from the FTP to:
/usr/local/avamar/src/
3. Verify the checksum by typing one of the following two commands,
depending on the type of checksum file. Here, <filename> is the
name of the required file:
a. md5sum -c <filename>*.md5sum
b. sha256sum -c <filename>*.sha256sum
-rw-r r
-rw-r r
. —— ——
1 root
1 root
v4 avp.md5sum
-rwxr-xr-x 1 root
root
root
root
988885002 Jan 13 22:40 AvPlatformOsRollup 2015-Q3-v4 .avp
68 Jan 13 22:40 AvPlatformOsRollup 2015-Q3-
284123063 Jan 13 22:39 AvamarBundle SLES11 64-7.3.0-

195.zip
-rwxr-xr-x 1 root root 70 Jan 13 22:39 AvamarBundle S LES 11 64-7.3.0-
. .
1 95 zip md5sum
-rwxr-xr-x 1 root ..
root 3360401124 Jan 13 22:39 AvamarInstallSles-7 3 0-195. avp
-rwxr-xr-x 1 root root ..
65 Jan 13 22:39 AvamarInstallSles-7 3 0-
. .
1 95 avp md5sum
Example of Avamar Bundles
Step 3
Run the Avamar bootstrap file by typing the command:
./AvamarBundle_<VERSION>/avinstaller-bootstrap-
<version>.sles11_64.x86_64.run
where <version> is the product version.
Move Installation Packages
Before software installation, move the Avamar installation package and

the latest OS security patch rollup package as follows:

Step 1
Change directory by typing: cd /usr/local/avamar/src/
Step 2
Move the installation packages to the /data01/avamar/repo/packages/

directory by typing:
• mv /usr/local/avamar/src/AvamarInstallSles-
<version>.avp /data01/avamar/repo/packages
• mv /usr/local/avamar/src/AvPlatformOsRollup_<year>-
Q<q>-v<v>.avp /data01/avamar/repo/packages
In the commands:
• <version> is the version of the Avamar software

• <year>, <q>, and <v> correspond to the release version of the OS
security patch rollup
Delete the checksum file by typing one of the following commands,

depending on the type of checksum file:
• rm AvPlatformOsRollup*.md5sum
• rm AvPlatformOsRollup*.sha256sum
Step 3
Using SCP or a USB memory stick, copy mapall-lite and mapall-

lite.md5 to the /home/admin/bin directory on the utility node: cd
/home/admin/bin
Verify the checksum by typing: md5sum -c mapall-lite*.md5
Change permissions on mapall-lite by typing: chmod a+x mapall-lite

Step 4
Ensure that all storage nodes are powered on and connected to the
internal network.
Mount the /firmware filesystem on all nodes by typing: ./mapall-lite

--all --verbose ‘mount /firmware'
Install Avamar Software
Step 1
1. In a web browser, type: https://<Avamar Server>:7543/avi

Where, <Avamar Server> is the hostname (as defined in DNS) or
the IP address of the server. The Avamar Installation Manager login
page appears.
2. Log into the Avamar Installation Manager as the root user.
Avamar Installation Manager

© 2001-2019 Dell Inc. or its subsidiaries All Rights Reserved v19 2.0 155
D^LLEMC
O Session was timed out or server error occurred You need to re-login
Username
Password
LOGIN
Avamar Installation Manager Log-in
The EMC Avamar Installation Manager appears.

3. Click SW Release. The SW Release page or pane opens

Step 2
1. The Avamar release installation workflow package appears in the

Package List. The Install and Delete buttons activate.
2. If the workflow package does not immediately appear, check the
Repository tab to determine the progress, and return to the SW
Releases tab when ready.
3. Click the help icon to view the workflow package's help information.
4. Click Install. The Optional Packages page appears.
Step 3
In the Optional Packages page:
1. Check or uncheck the optional packages so that only the desired

packages are selected.
2. Click Confirm.The confirmation pop-up appears.
3. Click Yes in the popup to begin installation. The Installation Setup
page appears.
Step 4
To continue the installation process:
1. Inspect all tabs, and enter required workflow inputs. The icons next to
the fields indicate tabs containing required inputs. When all inputs have
been entered, click Save.
2. Click Continue. The Installation Progress pageappears. It displays a
progress bar, status messages, and the Information Log table.
3. Respond to all installation problems, and click Issue Resolved to
continue the installation.
Step 5

1. During the installation process, the user may login to the Avamar
Installation Manager using the new root credentials set via the
workflow inputs.
2. When the installation completes, the Installation Progress page
displays a message.
3. Close the installed by clicking the Close button.
Callable Avamar Workflow Packages (AVP)
Avamar includes a feature for callable AVPs that allows the user to run
multiple AVP packages in a single activity. This feature creates two
categories for AVP packages:
Main Workflow
A Main Workflow is an AVP that is capable of executing callable AVPs
The Avamar Software Installation and Avamar Server Upgrade AVPs are
the only main workflows.
Callable AVP
Also referred to as "optional workflows," callable AVPs are packages that

can be executed by a main workflow. Examples of callable AVPs include:
• OS security patch rollup installation

• Some Avamar hot-fix AVPs
When a callable AVP is included with a main workflow:
• The workflow tasks are consolidated so any duplicated tasks will only
be run once.
• There may be multiple workflow input pages. The number of pages can
be viewed at the bottom-left corner of the screen.

Show advanced settings
Important: For more information on callable AVPs, see the

Avamar software installation procedures in SolVe Desktop.
Post Installation Configuration
Obtain and Install a Server License
The assigned license keys for standard Avamar products are available
from Software Licensing Central (SLC) on the Online Support site. To
access Online Support, type the login credentials that are provided in the
License Activation Code (LAC) email that is sent from
licensing@emc.com, licensingnorthamerica@emc.com,
licensingemea@emc.com, or licensingapj@emc.com.
1. Log in to EMC Online Support using login credentials provided in the

EMC License Authorization (LAC) email. The Service Center page
opens.
2. In Service Center dropdown list, click Manage Licenses and Usage
Intelligence. The Manage Licenses page opens.
3. Click Avamar from the list of products. The Software Licensing
Central page opens.
4. Click the Activate icon. The Software Activation Wizard opens.

5. Search for available product to license by entering the License

Authorization Code(LAC) and click Search.
6. Follow the prompts in the wizard to complete licensing information.
7. After the license key has been generated, download the key for
licensing the software.
Launch the Avamar Administrator Console
Download and install Avamar Administrator. Fo r more detailed

information, go the the Dell Support page and locate the Avamar
Administration Guide.
Avamar
©2001-2020 Dell Inc. or its subsidiaries. All Rights Reserved.
Avamar Username
Avamar Password
Avamar Domain
/
Auth Type (S) Avamar Q vCenter
Avamar User Interface (AUI)
Modify Default Schedule
The earliest start time of the default schedule should be 8:00 PM. Check
and modify the default schedule as follows:
1. In Avamar Administrator, select Tools > Manage Schedules. The

Manage All Schedules window appears.
2. Select Default Schedule.
3. In the Properties list, locate Start Time.
4. Select Edit. The Edit Schedule dialog appears.

5. Under Operating Time, change Earliest start time to 8:00 PM.

6. Click OK to close the Edit Schedule dialog.
Configure External Authentication
Use external authentication to authenticate and assign roles to Avamar

users by using information from an existing directory service. Directory
service authentication works with specific LDAP directory services and
provides additional functionality when used with an OpenLDAP directory
service. Directory service authentication also works with a Network
Information Service (NIS), on its own, or with one of the supported LDAP
directory services.
Configure Replication
The replication feature transfers data from a source Avamar server to a

destination Avamar server. The Avamar Administration Guide provides
instructions to configure a replication policy.
System Readiness Testing
System readiness testing applies to utility nodes and single-node servers.

Testing ensures that the newly installed and configured server is ready for
normal day-to-day operation in the customer environment.
Detailed instructions for performing many of these readiness tests can be

found in the Avamar Administration Guide and Avamar Backup Clients
User Guide.
System Utility Commands for Implementation
The following commands are useful for performing installation procedures

nodenumbers
admungavall:-/>: nodenumbers
Nodenumbers Utility (vl.6) Mon Aug 3 04:21:37 PDT 2015
Using /usr/local/avamar/var/probe.xml
. . . .
Running ’avmaint nodelist --hfsaddr-192 168 255 2'
Appending to Zusr/local/avamar/var/nodenumbers.out
HFSCreateTime-1345584007 Mon Aug 3 04:21:37 PDT 2015
Avamar probe,xml
Logical Node Physical Node IP Address MAC Address
0.0 0.0 192.168.255.2 00:50:56:12:05:D9
0.1 0.1 192.168.255.3 00:50:56:12:05:DA
0.2 0.2 192.168.255.4 00:50:56:12:05:DB
Note:
- "Physical" means "probe order", not rack location.
Example of nodenumbers command
The nodenumbers command generates a table that shows the logical

node number, physical node number, IP address, and MAC address of
each node in an Avamar server.
• The utility node requires a valid probe.xml file. The probe.xml file is
required in order to resolve MODULE.NODE designations into actual
IP addresses. The utility node requires a valid probe.xml file.
• The SYSPROBEDIR environment variable stores the path to probe.out
file.
• If SYSPROBEDIR is not set, the default probe.xml location is used.
Override this location with the --nodedb=FILE option
mapall
rootgutility:/usr/local/ava&ar/src/*: mapall —
all --user-root 'date*
Using /usr/local/avamar/var /probe.xml
(O.s) ssh -x -o GSSAPIAuthentication-no rootg!92.168.255.31 ’date*
Mon Aug 3 04:21:37 PDT 2015
(0.0) ssh -x -o GSSAPIAuthentication-no root9192.168.25S.32 ‘date*
Mon Aug 3 04:21:37 PDT 2015
(0.1) ssh -x -o GSSAPIAuthentication-no root8192.168.255.33 ’date’
Mon Aug 3 04:21:37 PDT 2015
(0.2) ssh -x -o GSSAPIAuthentication-no rootg!92.168.255.34 *date'
Mon Aug 3 04:21:37 PDT 2015
rootgutility:/usr/local/avamar/src/4:|
Example of mapall command
The mapall command runs the same command on all of the nodes in the
Avamar server. Load SSH keys to avoid password prompts.

Format: mapall <options> ‘command’
avmaint
The avmaint command is a command-line maintenance and statistics

gathering program for the Avamar server. The avmaint utility is a highly
complex program with many powerful sub-commands.
The following are some of the examples of avmaint command:

• Applying a license: avmaint license /tmp/license_key_file
--avamaronly
• Verifying license installation: avmaint license --avamaronly
ssn
The ssn command is the Avamar secure remote shell program. This
program wraps the OpenSSH ssh program to accept simpler
MODULE.NODE designations. The ssn utility requires a valid probe.xml
file in order to resolve MODULE.NODE designations into actual IP
addresses.
Syntax: ssn[--allow_legacy] [--debug] [--displaymap] [--

error] [--expert] [--logical | --physical}] [--n] [--
nodedb=FILE] [--nodes=MODULE.NODE, ...] [--ping_only]
[--run] [--skipserver][--user=USER-ID]
scn
The scn command is the Avamar secure file copy program. The scn
program uses MODULE.NODE (0.0, for example) to represent a source or
destination instead of a hostname. This utility requires a valid probe.xml
file.
The scn program copies to or from the running nodes. The probe.xml
file specifies running status of a node by the connected attribute’s setting.
True indicates a node is running, and false indicates it is not running.
Syntax: scn [--allow_legacy] [--debug] [--displaymap] [-

-error] [--expert] [{--logical| --physical}] [--

nodedb=FILE] [--nodes=MODULE.NODE, ...] [--ping_only]

[--probefile=PATH] [--skipserver] [--user=USER-ID]
dpnctl
admin@avall:~/>: dpnctl status

dpnctl: INFO: gsan status: up
dpnctl: INFO: MCS status: up.
dpnctl: INFO: EMS status: up.
dpnctl: INFO: Backup scheduler status: up.
dpnctl: INFO: dtlt status: up.
dpnctl: INFO: Maintenance windows scheduler status: enabled.
Example of dpnctl status
Use the dpnctl utility21 to manually start up, stop, enable, disable, and
check the status of Avamar server subsystems. It implements unattended
automated shutdowns and restarts of single-node servers. It also
simplifies shutdowns and restarts on all Avamar servers.
The dpnctl should be used to stop Avamar Server processes before

attempting any reboot of the utility node. For information about the dpnctl
command options, type: dpnctl help.
getlogs
The getlogs command gathers important log files22 from all server nodes
and writes them to local utility-node directories. The command creates a
master tar file on the utility node, which contains the individual
nodelogs.tgz files.
21 The dpnctl utility is run from the command-line on the Avamar single-
node server or utility node of a multi-node Avamar server.
22 Log files are viewed and analyzed to support maintenance and
troubleshooting activities.

The getlogs program copies getnodelogs to each node in the system

and runs it. If not supplied, the default file name, logs.DATE.tar is used.
Syntax: getlogs[--server={today | yesterday | week |

restart | NUM-DAYS}] [--verbose] [FILE]
Avamar Operating System (OS) Kickstart
Avamar nodes are shipped with the SLES 12 OS already installed. A

kickstart installation package, designed for Avamar, installs the OS.
Occasionally, a node may have to be re-kickstarted if there are any

configuration errors on the node. To re-kickstart a node, always follow an
updated procedure from SolVe Desktop. The procedure explains how to
download the Avamar kickstart ISO file from the Avamar FTP site23.
23 Burn this ISO file to a DVD, and insert it to an external USB DVD drive.
Then connect the drive to the node, and boot the node. Edit the BIOS
settings to boot from the external DVD drive. Once the node is booting
from the DVD drive, select the hardware configuration of the node from
the menu. The OS installs in a few minutes.

Avanar Kickstart - ADS Gen4T (via Serial Console)
1: Back to Main Menu
| 2: ADS Gen4T Utility Node

3: ADS Gen4T M600 Storage Node
6: ADS Gen4T S2400 Avanar Business Edition
7: ADS Gen4T Accelerator Node
Press ITabl to edit options
The following tasks are performed when a node is kickstarted:
• OS is installed with basic Avamar directories and files such as

/usr/local/avamar directory.
• Root and Admin user accounts are configured with default password of
changeme.
• Disks are partitioned (data01, data02, so forth) and mounted to
proper directories.

Replace Avamar Node
Replace Avamar Node
Types of Replacement
Node Transplant
Replacement
Node
Failed
Node
Avamar Server
Node Transplant

Replace Avamar Node
A Node Transplant24 replaces the Avamar node hardware, but it retains

the disk drives from the original node. It avoids the need for:
• Configuration Tasks
• Rebuilding data from parity
Full Node Replacement
Replacement
Node
Failed Node
Avamar Server
Full Node Replacement
A full node replacement is required when a node in a multi-node Avamar

server has had both hardware failure and disk corruption. If a spare node
24An Avamar node may have a hardware failure in which disks are not
corrupted. In such cases, the node may be transplanted.

Replace Avamar Node
is available, then it is used as a replacement for storage nodes while new

hardware is used to replace the old spare node.
In full node replacement, an entire node is replaced. If a node fails,

manual intervention is required to replace the failed node with a new/spare
node. There is no automatic failover process that pulls in an available
spare node on an Avamar server.
Node Replacement Commands
The following commands are useful in the node replacement process:
Command Actions
rebuild.node The rebuild.node command rebuilds data

on a storage node using RAIN parity bits on
other nodes. Once data has been rebuilt, the
storage nodes services are started, and the
node becomes a part of the Avamar server.
asktime Use the asktime command to configure NTP

services on all nodes and synchronize the
clocks on the nodes. When a new node is
added to the Avamar server, it will also need to
have its date and time in-sync with the Avamar
Server.
status.dpn The status.dpn command shows the status

of nodes. This shows whether nodes are online
or offline. It also shows the capacity usage and
maintenance processes of each node.

Replace Avamar Node
Discovering Node Numbers
Avamar has two node numbering systems used to identify nodes -

physical node numbers, and logical node numbers. Failed nodes can be
identified for replacement using these numbering systems. Some
commands require one or both of these numbers. Typically these numbers
are identical, but at times there may be mismatch.
Logical Node Numbers
To discover the logical node number, run the status.dpn command.

This command lists the status of each node along with the logical node
number. The node to be replaced will be labeled OFFLINE. The
nodenumbers utility returns both physical and logical node numbers.
Node IP Address Version State Runlevel Srvr+Root+User Dis ...

0.1 OFFLINE o 0 0 0.0%
0.0 10.1.1.123 5.0.4-30 ONLINE fullaccess mhpu+Ohpu+Ohpu 1
0.2 10.1.1.125 5.0.4-30 ONLINE fullaccess mhpu+Ohpu+Ohpu 0
Example of OFFLINE in status.dpn output
Physical Node Numbers
To discover the physical node number, run the mapall command. This
command is used to send a command to all nodes. But it also lists each
node’s physical node number and IP address. The example below shows
how each node reports its configured date along with its physical node
number and IP address.
Using /usr/local/avamar/var/probe.xml
(O.s) ssh -x —
o GSSAPIAuthentication=no admin@192.168.255.1 ’date'
Mon Apr 18 15:48:51 EDT 2016
(0.0) ssh -x —o GSSAPIAuthentication=no admin@192.168.255.2 * date ’
Mon Aor 18 19:48:51 UTC 2016
H0.1) ssh -x —
o GSSAPIAuthentication=no| admin@192.168.255.3 ’date'
Mon Apr 18 19:48:51 UTC 2016
Example of probe.xml output

Replace Avamar Node
Prerequisites - Node Replacement
The following are the prerequisites for node replacement:
• Ensure availability of replacement.

− Have the replacement node ready before starting the node
replacement procedure. The node must be of the same generation
as the other nodes.
• Confirm compatibility with server.
− Confirm the compatibility of the Operating System of the new node
with the existing Avamar server. A new node must be re-kickstarted
with the appropriate Avamar Kickstart operating system and
Kickstart Procedure. Avamar servers using GEN4S or GEN4T
nodes require the Avamar SLES operating system on all nodes.
Avamar servers using GEN3 or earlier nodes run the Avamar RHEL
operating system on all nodes.
• Sync passwords.
− Passwords on the spare node must reflect the passwords for the
existing production Avamar system. Login to the replacement node
and use the passwd command to change passwords for root and
admin.
Utility Node Disk Transplant
To perform a disk transplant, carry out the following steps:
1. Shut down running Avamar services.

a. Depending on the severity of node failure, there are chances that
some of the activities on the utility node are still functional. Any
running activities must be stopped, and the node must be shut
down to perform disk transplant.
2. Create a backup of configuration files.

Replace Avamar Node
3. Power off the utility node.

4. Remove the utility node.
5. Swap the disks into the replacement node.
a. Ensure that the disks are placed into the same drive bay locations.
6. Place the new node into the rack, and connect cables.
7. Confirm the RAID Rebuild.
a. After replacing a hard drive, the RAID system automatically begins
rebuilding the data. Typically, the hard drive LED begins blinking
while the hard drive is rebuilding. For the complete procedure to
confirm RAID rebuild, see FRU Procedures document in SolVe
Desktop.
8. Relicense the Avamar Server.
a. As a new physical utility node has new NICs and MAC addresses,
relicense the Avamar Server, as per the administration guide.
Avamar server licensing uses the utility node MAC addresses. If the
MAC addresses have changed, the license is no longer valid.
Utility Node Full Replacement
If the failed utility node has disk corruption, it must be fully replaced.
Utility Node Full Re placement (1 of 3)

Replace Avamar Node
1. Copy the following configuration files from the failed node, if possible: 25
a. probe.xml
b. sysconfig.xml
c. Server log scanners file
d. Networking config files
2. Replace the node on the rack.
a. Power off the defective utility node, and perform the physical
replacement. Place the new node on the rack, and connect all
cables appropriately. It is helpful to label all cables before
unplugging them to avoid mixing up wires.
3. Copy configuration files to new node.
a. If the configuration files can be copied from the defective node,
copy them to appropriate directories the new node. If these files are
not available, they have to be reconfigured.
4. Install operating system Security Patch.
a. The new node must be brought up to the same operating system
patch level as the other nodes. Download the necessary patch files,
and install them.
5. Run the change_nodetype --utility.
a. The change_nodetype --utility is used to designate the new
node as a utility node.
6. Copy .ssh directories from any storage node.
25The new node should be brought up to the same operating system

patch level as the other nodes. Download the necessary patch files, and
install them.

Replace Avamar Node
a. SSH keys enable the utility node to securely communicate with the
other nodes.
Utility Node Full Replacement (2 of 3)
1. Change passwords of admin and root users.

a. The OS passwords on the new utility node will not match the
storage nodes. Change the passwords of the admin and root
accounts to match.
2. Install AvInstaller.
a. Transfer and install the avinstaller-bootstrap-VERSION.run file.
3. Install ReinstallUtilityNodeSoftware AVP Software.
a. Use AvInstaller to install the ReinstallUtilityNodeSoftware AVP
software.
4. Start Avamar Server Communications Daemon (ascd).
a. The Avamar Server Communications Daemon(ascd) facilitates
communication between the server and the clients.
5. Restore AvInstaller Database avidbmaint.pl --restore.
a. AvInstaller uses a database to keep track of packages. During
normal operation, the Avamar server performs backups of the
AvInstaller database. These backups are stored on the Avamar
storage nodes. This database can be restored using the
avidbmaint.pl command.
6. Test SSH Keys using mapall.
a. Test the SSH keys that were transferred earlier. Do this by

executing a mapall command to all nodes. The command should
work without warnings or password prompts.
Utility Node Full Replacement (3 of 3)
1. Start Web Server and Login Manager services

2. Synchronize system time using asktime.

Replace Avamar Node
a. Since the utility node has just been booted, its clock may not be
synchronized with the rest of the nodes.
3. Relicense the server.
a. Since the Avamar utility node has been changed, its network cards
have new MAC addresses. This means the license will no longer
work. Generate and install a new Avamar license.
4. Restore EMS and Management Console using commands26
a. emserver.sh --restore
b. mcserver.sh --restore
5. Start Avamar services.
6. Set up DTLT.
Storage Node Disk Transplant
Follow the steps below to perform a disk transplant of a storage node:
Prerequisite Tasks
Before transplanting or replacing a storage node:
1. Confirm that a spare node is available.

2. Ensure that the replacement node is powered off.
26 Restore EMS and Management Console information. Avamar regularly

backs up information from these services to one of the storage nodes. Use
the emserver.sh --restore command and the mcserver.sh --restore
command to retrieve the most recent data. Start Avamar services and
reinstall, and start the Desktop/Laptop(DTLT) service.

Replace Avamar Node
3. Label all disks and cables.

4. Ensure that the replacement node has the same operating system as
the networking that is configured.
5. Ensure that the passwords on the spare node reflect the passwords for
the existing production Avamar system.
Disk Transplant Steps
1. Shut down the Avamar Software.

2. Shut down the defective node, and unplug cables.
3. Swap all disks to the new node.
4. Mount the new node on the rack.
5. Connect cables.
6. Import hard drives through BIOS.
7. Configure Remote Management Console (RMC).
Storage Node Replacement
Storage Node Replacement can be divided into three sections:

prerequisites, physical replacement, and re-kickstarting the node:
Preparing the Avamar Server
Perform the following pre-requisite tasks in order to verify the health of the
server, collect important configuration files, and perform a checkpoint with
validation.
1. Locate the defective node.

2. Verify the serial number using the command .avsysreport
chassis-info | grep "Serial"
3. Collect system information.
4. Obtain network configuration.
a. This task copies the network files and bondconf.xml, if available,
from the defective storage node. If the defective storage node is not

Replace Avamar Node
available, this task copies the files from another storage node
instead. These files are used to configure the network ports on the
replacement storage node.
5. Update checkpoint information.
a. Change the number of retained checkpoints to avoid roll-off of any
existing good checkpoints.
6. Power off the defective node.
Replacing the Storage Node
Perform the following steps to replace a defective storage node from the
rack:
1. Disconnect the defective node.

2. Remove the defective node from the rack.
3. Mount the replacement node.
4. Connect all Ethernet and power cables.
Re-Kickstarting the Storage Node
The following tasks describe how to rebuild the virtual disks and re-
kickstart the storage node over the RMC interface:
1. Configure RMC.
a. A node can communicate with a management network either by
sharing eth0 (RMC shared) or through the RMC dedicated port.
Regardless of whether the shared or dedicated port is used, the
RMC must be configured to perform the re-kickstart procedure.
2. Review the RMC configuration.
3. Mount the ISO Image or a Local DVD as a Virtual DVD Drive.
a. Ensure that the Avamar software on the node is shut down. This
procedure can be found in Solve Desktop under Avamar Service
Procedures > ADS Shutdown or Reboot Procedure.
4. Rebuild the virtual disks.
5. Rekickstart from the Virtual DVD Drive through BIOS.

Replace Avamar Node
6. Verify successful completion.

7. Clear the RMC configuration.
a. Because the RMC port was not configured before performing the
re-kickstart, clear the temporary configuration that was assigned at
the beginning of this procedure.
8. Apply the New RMC Configuration. After performing the re-kickstart,
change the existing RMC configuration to the required values.

Add Avamar Nodes
Add Avamar Nodes
Avamar Node Addition Overview
In a multi-node environment, more nodes can be added to the system.

Some of the features of Avamar node addition are:
• Nodes are added to increase Avamar capacity.

• A maximum of four nodes can be added at a time.
− Up to four nodes can be added at once during the Add Node
procedure. If more than four nodes need to be added, the
procedure must be repeated multiple times.
• Expansion upto a total of 16 storage nodes per grid.
• Single-node servers cannot be expanded.
− To increase the capacity of a single-node server, perform a server
migration to a larger single-node server or multi-node server. The
same method can also be used to increase the capacity in Avamar
Virtual Edition (AVE).
• Nodes must be of the same capacity and Generation.
− Nodes that are added to the Avamar server must be of the same
capacity and the same hardware version as the nodes already in
the server.
Required Software for Node Addition
The following software is required to perform node addition:
Required Software Description

Add Avamar Nodes
Support scripts • proactive_check.pl

• rebuild_collect.pl
Operating system security • sec_install_os_errata_sles.pl

patch rollup • sec_install_os_errata_sles.pl.md5sum
• sec_os_updates_<VERSION>-
<year>-Q<q>-v<v>.tgz
• sec_os_updates_<VERSION>--Q-
v.tgz.md5sum27
dpnavsys package • dpnavsys-<VERSION>.x86_64.rpm

• dpnavsys-
<VERSION>.x86_64.rpm.md5sum
avbase package • avbase-<VERSION>.rpm

• avbase-<VERSION>.rpm.md5sum
Gen4T system tools: • gen4t-sys-<VERSION>.zip

• gen4t-sys-<VERSION>.zip.md5sum
27Here, year, q, and v correspond to the release version of the operating

system security patch rollup installed on the existing storage nodes.

Add Avamar Nodes
Avamar Server Dynamic Load Balancing
Dynamic load balancing is a feature that enables the server to dynamically

move stripes to adjust storage utilization among nodes. When a new node
is added to an Avamar server, it does not have any data. Meanwhile, the
existing nodes are nearly full. When nodes are not properly balanced,
server ingest rates can decline.
The Avamar server dynamic load balancing:
• Is performed during regular maintenance.

− Load balancing occurs as a background process during daily
maintenance.
• Is tested during node addition.
− During the add node procedure, the functionality of load balancing
is tested to ensure that data can be written to the node.
• Does not occur when server is in read-only state.
− Load balancing does not occur when the server is in a read-only

state. Stripes are not relocated if backups are in progress.
However, once a stripe has been relocated, its data is migrated
using the same mechanism as decommission. Backups proceed,
but performance is impacted.

Add Avamar Nodes
Node Addition Commands
The following commands are used during the manual node addition
process.
Command Description
nodedb add node Used to edit the probe.xml

The nodedb add node command is
used to edit the probe.xml file and
add node information to it. This
command needs to be used to
make the utility node aware of any
new nodes.
start.nodes The start.nodes command is

used to start storage node
processes. The user needs to
provide physical node numbers for
this command.

Add Avamar Nodes
avmaint config Used to examine and change

different configuration parameters.
avmaint config is a command to
examine and change different
configuration parameters on the
Avamar server. It is used to change
the balancemin value during an Add
Node procedure. This value28
determines to what extent dynamic
load balancing takes place.
Node Addition Process
Follow the below instructions to perform node addition:
Run proactive_check.pl
The proactive_check.pl script:
28A value of zero disables load balancing. A value of one transfers only
index stripes, and any other value sets the percentage threshold at which
balancing begins.For example, a value of two means balancing occurs if a
node density is 0.2% less than the average density of the other nodes.
The default behavior of an Avamar server is to use a balancemin value of
ten during the maintenance window and zero during the backup window. If
the user modifies the balancemin parameter manually, it is no longer
automatically modified. Set balancemin to zero to enable automatic
balancing again.

Add Avamar Nodes
1. Determines the health of the Avamar server.

a. Before beginning the node addition, be sure that the Avamar server
is operating smoothly. Transfer the proactive_check.pl script onto
the Avamar utility node and run it. This script performs more than
60 checks on the Avamar server.
2. Reports errors and gives recommendations.
a. If there are any errors, the script reports them and makes
recommendations to repair them. Be sure that all errors are
repaired before continuing.
Verify System Information
On the utility node, verify that:
• Node numbers and IP addresses are correct.

• Nodes are of the same model and their capacities match.
• System is a RAIN system.
• New nodes are empty by checking /dataXX directories.
Configure Checkpoints
If a manual node addition is necessary, login to the utility node, and

change the configuration so that the Avamar system retains the ten most
recent checkpoints and the five HFS checked checkpoints.
1. Retain checkpoints using the following commands:

a. avmaint config --ava cpmostrecent=10
b. avmaint config --ava cphfschecked=5
2. Disable balancing by typing: avmaint config --ava
balancemin=0
3. Disable Asynchronous crunching using command: avmaint config
--ava asynccrunching=false
4. Stop maintenance activities with the command: dpnctl stop maint
5. Perform Checkpoint and Full HFS check

Add Avamar Nodes
Configure New Node
To convert the new nodes into storage nodes, perform the following steps:
1. Run the command change_nodetype --data

2. Configure RMC.
3. Update the networking on the new node by running the
rebuild_collect.pl tool on the utility node.
a. This tool collects all the network files from the utility node and
places them into a tar file. Move this file to the new node, and
extract it. The files must be edited to reflect the IP address and
settings for the new node. Restart the networking to apply the
changes.
Install RAID Tools and Patch Stunnel
Install RAID tools by downloading the file as shown on the slide from the
Avamar FTP site, unzip it, and install it onto the node. Many networking
files can also be copied from existing nodes. Stunnel provides TLS/SSH
tunneling services for Avamar. It must be updated before the node is
online.
Modify Swap File Size and Maximum Open Files
The new node needs to have at least 16 GB of swap space. Check the
amount of swap space on the new node with the Linux swapon -s
command. If more swap space is needed, add 12 GB to the node29.
29 Additional swap space will be distributed equally among the data02

through data0X partitions. If the data01 is the only partition in the node,

Add Avamar Nodes
Modify the maximum open files that Linux enables. Change the kernel
setting fs.file-max to 1,600,000. This sets a system-wide limit. Edit the
limits.conf file and set the nofile setting (number of open files) to
10,00,000. This sets the limit on a user basis.
Install Operating System Security Patch
If OS Security patches are installed on the System, they must be installed

on new nodes as well. The OS Security patches should be available on
Utility node from the previous installation. They can be transferred to each
new node and installed. These packages are also available on the Avamar
FTP site.
Find a list of installed patches by executing the command:
sudo head -2 /usr/local/avamar/var/package-survey-*-

post_errata_installation*.xml
Download and install all the listed patches.
Install New Nodes
In order for the new nodes to be used as a part of the Avamar server, they
must appear in the probe.xml file on the utility node. Log onto the utility
node, and add the new information using commands:
then place the entire swap file there. After creating the swap files, add
them to the Linux kernels swap space with the swapon command and by
modifying the /etc/fstab file.

Add Avamar Nodes
• nodedb add node --node=0.x --addr=IP_ADDRESS --

type=storage --nwgrp=1 --allow=backup
• nodedb add node --node=0.x --addr=IP_ADDRESS --
type=storage --nwgrp=2 --allow=internal
The utility node is now aware of the new nodes.
Update Password and SSH Keys
SSH Keys will not be present on the new nodes. These keys can be
copied from the utility node. Failure to do this causes an erroneous
warning about a potential man-in-the-middle attack to appear. OS
user passwords must be changed on all new nodes to match those
already on the server.
Configure Time
Run a date command on each node to confirm date settings. Then use
asktime on the utility node to synchronize clocks.
Copy Hosts File and Install Security Packages
Each node in an Avamar server maintains a hosts file that lists the
hostnames and IP addresses of other nodes in the server.
1. Modify /etc/hosts file on utility to add new nodes.

2. Copy to other nodes from utility node.
3. If Avamar Password package is installed on utility node, install it onto
new nodes.
4. Install OS hardening package.
5. Install firewall package:
a. Add new node IPs into /etc/firewall-ips file on utility node.

b. Update firewall IPs: sec_create_nodeips.sh
c. Restart firewall service.

Add Avamar Nodes
Start New Nodes
Start the new nodes using the following procedure:
1. Suspend Backups, Backup Scheduler, and Maintenance scheduler.

2. Start the new nodes: start.nodes --nodes=0.N --clean
3. Update network connection data: avmaint networkconfig --ava
/usr/local/avamar/var/probe.xml
4. Enable node balancing: avmaint config --ava balancemin=2
5. Ensure that stripes are moving: status.dpn
6. Disable load balancing.
Restart Avamar Processes
To complete the manual process of adding a node, return the Avamar

server to normal state by resuming services and changing configuration to
default values. Use the following commands:
• Backup scheduler: dpnctl start shed

• Maintenance scheduler: dpnctl start maint
• Resume GSAN activity: avmaint resume
• Asynchronous crunching: avmaint config -ava -
asynccrunching=true
Checkpoint parameters should indicate two most recent checkpoints and

an HFS checked checkpoint.
Install License
An Avamar server requires a license key for permanent operation. When

adding a new node, a new license must be created and installed, since the
Avamar licensing process involves capacity of the server. The new license
key must be generated and activated for the total amount of new capacity.

Add Avamar Nodes
Home • Activate .
£ ACTIVATE
Results shown below for ’LAC: ZHS2M4MYPBPY1F6L3SXT
STEP 1: SELECT AVAILABLE PRODUCTS TO ACTIVATE

• Start Over
1 product(s) fouled View by LAC PRODUCT UNE
1 SELECT PRODUCTS
Show Product Hierarchy q
LAC: ZHS2M4MYPBPHF6L3SXJ
Site: EMC
REVIEW
COMPLETE
< BACK I x CANCEL START THE ACTIVATION PROCESS >
Example of Activate License UI
Run acdc.pl Script
The Avamar Configuration Data Collector script (ACDC) collects

configuration information from the Avamar server. To download this script,
first install the As-built Configuration Generator (ASG) on the laptop. This
program gives access to the ACDC script. Transfer the script to the utility
node and execute it. The script creates an acdc.xml file. Transfer this XML
file back to your laptop and use it to generate a report with the As-built
Configuration Generator.
1. Install the As-built Configuration Generator (ASG) on the laptop.

2. Transfer the script to the utility node, and execute it. The script creates
an acdc.xml file.
3. Transfer the XML file back to the laptop.
4. Use it to generate a report with the As-built Configuration Generator.

CXM-LTechnologies
DATA PROTECTION AND

MANAGEMENT
PARTICIPANT GUIDE
PARTICIPANT GUIDE
Data Protection and Management

Table of Contents
Data Protection and Management 23
Data Protection and Management 24
Course Instruction 25
Course Objectives 25
Introduction to Data Protection 26
Introduction to Data Protection 27
Data Protection Primer 28

Data Protection Primer 28
Objectives 28
Data Protection Overview 29
Need for Data Protection and Management 30
Correlating Data Protection and Availability 31
Measurement of Data Availability 32
Measurement of Data Availability - MTBF and MTTR 32
Causes of Data Unavailability 33
Impacts of Data Unavailability 34
Data Protection in a Data Center 35
Knowledge Check: Data Protection Primer 36

Knowledge Check Question 36
Data Center 37
Data Center 37
Objectives 37
Introduction to Data Center 38
Data Center IT Equipment – Compute System 39
Data Center IT Equipment – Storage 41
Data Center IT Equipment – Connectivity Elements 42

Data Center in a Box – Converged Infrastructure 43
Data Center in a Box – Hyper-converged Infrastructure 44
Characteristics of a Data Center 45
Knowledge Check: Data Center 47

Data Protection and Availability Solutions 48

Data Protection and Availability Solutions 48
Objectives 48
Introduction to Data Protection and Availability Solutions 49
Data Protection Terminologies - Disaster Recovery 50
Data Protection Terminologies - RPO and RTO 50
Fault-tolerant IT Infrastructure 52
Data Backup 53
Data Replication 54
Data Archiving 55
Data Migration 56
Data Security 57
Data Protection as a Service 58
Data Protection Management Activities 59
Knowledge Check: Data Protection and Availability Solutions 61

Concepts in Practice 62
Exercise - Introduction to Data Protection 63

Solution 64
Data Protection Architecture 65

Data Protection Architecture: Overview 67
Data Protection Architecture: Overview 67
Why Data Protection Architecture? 67
Data Source – Application and Hypervisor 70

Data Source – Application and Hypervisor 70
Objectives 70
Data Source- Business Application 71
Application Programming Interface 72
Data Source- Hypervisor 73
Virtual Machine 75
Virtual Appliance 76
Containers 78
Containers vs. VMs 79
Knowledge Check: Application and Hypervisor 80

Data Source – Primary Storage 81

Data Source – Primary Storage 81
Objectives 81
Primary Storage Device 81
Architecture of Primary Storage Systems 82
Scale-up and Scale-out Architecture 83
Common Types of Primary Storage System 84
Knowledge Check: Primary Storage 89

Protection Application and Storage 90

Protection Application and Storage 90
Objectives 90
Data Protection and Availability Products Overview 90

Protection Storage Overview 93
Disk-based Protection Storage 94
Tape-based Protection Storage 95
Virtual Tape Library 97
Knowledge Check: Protection Storage Overview 98

Data Security and Management 99

Data Security and Management 99
Objectives 99
Introduction to Data Security and Management 99
Governance, Risk, and Compliance (GRC) 100
Security Threats and Controls 102
Ransomware Protection (Air Gapped Solution) 104
Data Management Functions 106
Knowledge Check: Data Security and Management 111


Exercise - Data Protection Architecture 115

Solution 117
Fault Tolerance Techniques 118
Fault Tolerance Techniques 119
Fault Tolerance Overview 120

Fault Tolerance Overview 120
Objectives 120
Impact of Fault 121
Need for Fault Tolerance 122

What is Fault Tolerance? 123
Key Requirements for Fault Tolerance 124
Elimination of SPOF 125
Fault Isolation 126
Fault Recovery 127
Fault Recovery (Cont'd.) 128
Knowledge Check: Fault Tolerance Overview 130

Compute and Network 131

Compute and Network 131
Objectives 131
Introduction to Compute and Network Fault Tolerance Techniques 131
Compute Clustering 132
Virtual Machine (VM) Live Shadow Copy 133
Link Aggregation 134
NIC Teaming 135
Switch Aggregation 136
Multipathing 137
Configuring Hot-swappable Components 138
Knowledge Check: Compute and Network 139

Storage 140
Storage 140
Objectives 140
Why Storage Fault-tolerant Techniques? 140
Redundant Array of Independent Disks (RAID) 141
Redundant Array of Independent Nodes (RAIN) 142
Erasure Coding Technique 143
Hot Spare (Dynamic Drive Sparing) 144
Cache Protection - Mirroring 145

Cache Protection - Vaulting 146
Knowledge Check: Storage 147

Application and Availability Zone 148

Application and Availability Zone 148
Objectives 148
Introduction to Fault-tolerant Application 149
Graceful Degradation 150
Fault Detection and Retry Logic 151
Persistent State Model 151
Database Rollback 152
Checkpointing 153
Configuring Multiple Availability Zones 153
Knowledge Check: Application and Availability Zone 155


Exercise 157
Solution 158
Data Backup 159
Data Backup 160
Introduction to Backup 161

Introduction to Backup 161
Objectives 161
Why Do We Need Data Backup? 162
Backup Architecture 163
Backup Operations 165

Backup Operations (Cont'd.) 166
Recovery Operations 167
Types of Recovery 168
Achieving Consistency in Backup 169
Backup Granularities 169
Backup Multiplexing 175
Backup Cloning and Staging 176
Knowledge Check: Introduction to Backup 177

Backup Topologies 178

Backup Topologies 178
Objectives 178
Direct-Attached Backup 178
LAN-based Backup 179
SAN-based Backup 180
NAS-based Backup 181
Cloud-based Backup 182
Knowledge Check: Backup Topologies 183

Backup Methods 184

Backup Methods 184
Objectives 184
Agent-Based Backup Approach 184
Image-Based Backup 185
Image-Based Backup – Changed Block Tracking 186
Recovery-in-Place (Instant Recovery) 187
NDMP-Based Backup 188
Direct Primary Storage Backup 189
Knowledge Check: Backup Methods 191


Exercise- Data Backup 194

Solution 195
Data Deduplication 196
Data Deduplication 197
Data Deduplication Overview 198

Data Deduplication Overview 198
Objectives 198
Why Do We Need Data Deduplication? 199
Deduplication Ratio 200
Key Benefits of Data Deduplication 201
Example: Data Deduplication and Backup Process 202
Knowledge Check: Deduplication Granularity and Methods 204

Deduplication Granularity and Methods 205

Deduplication Granularity and Methods 205
Objectives 205
Deduplication Granularity 205
File-level Deduplication 206
Block-level Deduplication - Fixed-length 207
Block-level Deduplication - Variable-length 208
Object-level Deduplication 209
Deduplication Methods 210
Source-based Deduplication 210
Target-based Deduplication 212
Deduplication Use Case: Disaster Recovery 213

Knowledge Check: Deduplication Granularity and Methods 214
Exercise - Data Deduplication 215

Solution 216
Replication 217
Replication 218
Data Replication Overview 219

Data Replication Overview 219
Objectives 219
Introduction to Data Replication 219
Primary Uses of Replicas 220
Methods to Ensure Replica Consistency 221
Types of Replication 222
Knowledge Check: Data Replication Overview 223

Local Replication 224

Local Replication 224
Objectives 224
Local Replication Overview 225
File System Snapshot 226
VM Snapshot 227
VM Clone 228
Full Volume Replication- Clone 229
Pointer-based Virtual Replication – Snapshot 230
Continuous Data Protection (CDP) 231
Key CDP Components 232
Local CDP Replication Operations 232
Hypervisor-based CDP Implementation- Local Replication 234

Knowledge Check: Local Replication 235
Remote Replication 236

Objectives 236
Remote Replication Overview 236
Multi-site Replication 239
Remote CDP Replication Operations 240
Knowledge Check: Remote Replication 241


Exercise- Replication 243

Solution 244
Data Archiving 245
Data Archiving 246
Data Archiving Overview 247

Data Archiving Overview 247
Objectives 247
Why Do We Need Data Archiving? 247
Data Archiving and Its Benefits 248
Backup vs. Archiving 249
Archiving Architecture 249
Examples of Data Archiving Regulations 250

Knowledge Check: Data Archiving Overview 252
Archiving Operation and Storage 253

Archiving Operation and Storage 253
Objectives 253
Data Archiving Operation 254
Data Retrieval Operation 255
Correlating Storage Tiering and Archive 256
Storage Tiering Policy 257
Tiering Example: NAS to Archive File Movement 258
Archiving Use Case: Email Archiving 259
Purpose-built Archive Storage – CAS 260
Key Features of CAS 261
Key Features of CAS (Cont'd.) 261
Knowledge Check: Archiving Operation and Storage 263


Exercise: Data Archiving 265

Solution 267
Data Migration 268
Data Migration 269
Data Migration 270

Data Migration Techniques 272
SAN-based Data Migration - Storage to Storage Migration 273
SAN-based Data Migration - Through Intermediary Virtualization Appliance 274
NAS-based Data Migration - NAS to NAS Direct Data Migration 275
NAS to NAS Data Migration Using an Intermediary Compute System 276

NAS to NAS Data Migration Using a Virtualization Appliance 277
Host-based Migration 278
Application Migration 280
Knowledge Check: Data Migration 282


Exercise - Data Migration 284

Solution 285
Data Protection in Software-Defined Data Center 287
Data Protection in Software-Defined Data Center 288
Software-Defined Data Center Overview 289

Software-Defined Data Center Overview 289
Objectives 289
Software-Defined Data Center 289
Architecture of Software-Defined Data Center 290
Key Benefits of SDDC 292
Knowledge Check: Software-Defined Data Center Overview 293

Software-Defined Compute, Storage, and Networking 294

Software-Defined Compute, Storage, and Networking 294
Objectives 294
Software-Defined Compute (SDC) 295
Software-Defined Storage (SDS) 296
Virtual Storage System and Pool 297
Software-Defined Networking (SDN) 299
Virtual Network 301

Virtual Machine Network 302
Compute-based SAN 304
Knowledge Check: Software-Defined Compute, Storage, and Networking 305

Data Protection Process in SDDC 306

Data Protection Process in SDDC 306
Objectives 306
Introduction to Data Protection in SDDC 306
Orchestrating Data Protection Operations 309
Integration of Components using Orchestrator 310
Knowledge Check: Data Protection Process in SDDC 312


Exercise: Data Protection in SDDC 314

Solution 315
Cloud-Based Data Protection 316
Cloud-based Data Protection 317
Cloud Computing Overview 318

Cloud Computing Overview 318
Objectives 318
What is Cloud Computing 318
Traditional IT vs. Cloud Computing 319
Essential Cloud Characteristics 320
Cloud Service Offering Examples 322
Cloud Service Models 322
Cloud Deployment Models 325

Cloud Benefits 331
Knowledge Check: Cloud Computing Overview 332


Objectives 333
Drivers for Cloud-based Data Protection 333
Backup as a Service 334
Types of Backup Services 335
Restoring Data from the Cloud 339
Use case: ROBO Backup in the Cloud 341
Replication to the Cloud 342
Disaster Recovery as a Service 342
Disaster Recovery as a Service: Disaster Scenario 343
Knowledge Check: Cloud-Based Data Protection 344

Cloud-Based Data Archiving 345

Cloud-Based Data Archiving 345
Objectives 345
Drivers for Cloud-based Data Archiving 345
Cloud-based Archiving Options 346
Cloud-based Storage-Tiering 348
Data Migration to the Cloud 348
Cloud-to-cloud Data Migration 349
Cloud Gateway Appliance 350
Knowledge Check: Cloud-Based Data Archiving 351



Exercise: Cloud-based Data Protection 353
Solution 354
Protecting Big Data and Mobile Device Data 355
Protecting Big Data and Mobile Device Data 356
Big Data Overview 357

Big Data Overview 357
Objectives 357
What is Big Data? 357
Characteristics of Big Data 358
Why Big Data Analytics? 361
Big Data Analytics 361
Hadoop Distributed File System (HDFS) 362
Data Lake – Repository for Big Data 363
Big Data Analytics Use Cases 363
Knowledge Check: Big Data Overview 365

Protecting Big Data 366

Protecting Big Data 366
Objectives 366
Big Data Protection Challenges 366
Data Lake – Repository for Big Data 367
Key Data Protection Solutions for Data Lake 368
Big Data as a Service 370
Data Protection Optimization Method 371
Knowledge Check: Protecting Big Data 372

Protecting Mobile Devices 373

Protecting Mobile Devices 373

Objectives 373
Mobile Device Overview 373
Key Challenges in Protecting Mobile Device Data 374
Mobile Device Backup 375
File Sync-and-Share Application 376
Mobile Cloud Computing 377
Cloud-based Mobile Device Data Protection 378
Benefits of Cloud-based Backup for Mobile Devices 379
Knowledge Check: Protecting Mobile Devices 381

Exercise: Data Protection in Big Data and Mobile Device Environment 382
Solution 383
Securing the Data Protection Environment 384
Securing the Data Protection Environment 385
Overview of Data Security 386

Overview of Data Security 386
Objectives 386
Introduction to Data Security 386
Drivers for Data Security 387
Governance, Risk and Compliance 388
Authentication, Authorization, and Auditing 391
Vulnerabilities 392
Defense-in-depth 394
Knowledge Check: Overview of Data Security 395

Security Threats in Data Protection Environment 396

Security Threats in Data Protection Environment 396
Objectives 396

Introduction to Security Threats 396
Threats to Data Source 397
Threats to Protection Applications 398
Threats to Protection Storage 399
Threats to Management Applications 401
Knowledge Check: Security Threats in Data Protection Environment 402

Security Controls in a Data Protection Environment – 1 403

Objectives 403
Introduction to Security Controls 403
Physical Security 404
Identity and Access Management (IAM) 406
Role-Based Access Control 407
Security Controls 408
Knowledge Check: Security Controls in a Data Protection Environment – 1 417


Objectives 418
Securing Hypervisor, Management Server, VM, OS, and Application 418
Malware Protection Software 420
Mobile Device Management 421
Data Encryption 422
Data Shredding 423
Knowledge Check: Security Controls in a Data Protection Environment – 2 425

Cyber Recovery 426

Cyber Recovery 426

Objectives 426
Cyber Attacks 426
Best Practice Against Cyber Attacks 427
Cyber Recovery Architecture 428
Knowledge Check: Cyber Recovery 430


Exercise: Securing the Data Protection Environment 432

Solution 433
Managing the Data Protection Environment 434
Managing the Data Protection Environment 435
Introduction to Data Protection Management 436

Introduction to Data Protection Management 436
Objectives 436
Need for Data Protection Management 436
Traditional Data Protection Management Challenges 437
Key Characteristics of Modern-day Data Protection Management 440
Key Data Management Functions 443
Discovery 443
Operations Management 445
Knowledge Check: Introduction to Data Protection Management 446

Operations Management – 1 447

Operations Management – 1 447
Objectives 447

Introduction to Monitoring 447
Monitoring Parameters 448
Monitoring Configuration 448
Monitoring Availability 450
Monitoring Capacity 451
Monitoring Performance 452
Monitoring Security 453
Alerting 454
Reporting 455
Knowledge Check: Operations Management – 1 457

Operations Management - 2 458

Operations Management -2 458
Objectives 458
Configuration Management 458
Change Management 459
Capacity Management 460
Performance Management 461
Availability Management 462
Incident Management 463
Problem Management 464
Data Security Management 465
Data Protection Regulations 466
Data Security Governance 466
Knowledge Check: Operations Management - 2 469


Exercise - Managing the Data Protection Environment 471

Solution 472

Summary 473
Summary 474
You Have Completed This eLearning 475
Data Protection and Management – Associate 475
Appendix 477

Data Protection Primer


Course Instruction
Important: Click the highlighted areas on the images for

more details wherever it is applicable throughout the
complete course.
Important: Most of the images in this course are

expandable. Select the image to enlarge it.
Course Objectives
The main objectives of the course are to:

→ Explain data protection architecture and its building blocks.
→ Evaluate fault-tolerance techniques in a data center.
→ Describe data backup methods and data deduplication.
→ Describe data replication, data archiving and data migration
methods.
→ Describe the data protection process in a software-defined data
center.
→ Articulate cloud-based data protection techniques.
→ Describe various solutions for protecting Big Data, cloud and
mobile device data.
→ Describe security controls and management processes in a data
protection environment.

Introduction to Data Protection

Introduction to Data Protection

Objectives
The objectives of the topic are to:

• List the reasons for data protection and its management.
• Explain the correlation between data protection and data availability.
• Use the availability formula for the measurement of data availability.
• List the causes and impacts of data unavailability.

Data Protection Overview
Protecting data is very important for any organization.
• Taking a copy of a data helps to protect the data from loss due to
many reasons.
• The sensitive data of an organization must be safeguarded so that
miscreants can't use that data to demand a ransom, publicly release
an organization's client data, and many other crimes.
Organizations use various techniques to protect their important data,

some of which are as follows:
Archive older but important

files
Create backups often
Use security mechanisms
Test data recovery

Keep a copy of data to a remote site
For more information, select here.

Need for Data Protection and Management
Application Business applications rely on data protection techniques for

uninterrupted and reliable access to data.
Dependency
High-risk Organizations seek to protect their sensitive data to

Data reduce the risk of financial, legal, and business loss.
Data Legal requirements mandate protection against

Protection unauthorized modification, loss, and unlawful processing
Laws
b
1 of personal data.
J
Key reasons for data protection
An organization’s data is its most valuable asset.
• Sensitive data, if lost, may lead to significant financial, legal, and

business loss apart from serious damage to the organization’s
reputation.
• Many governments laws mandate that an organization must be
responsible for protecting its employee’s and customer’s personal
data.
For more information about the need for data protection, select here.

Correlating Data Protection and Availability
The correlation between data protection and availability has been depicted
in the following illustration:
Data Availability
Process of safeguarding data from corruption Ability of an IT infrastructure component/service

and loss to function as required during its operating time
Involves technologies/solutions that can Involves technologies, strategy, procedure, and

prevent data loss and recover data IT resource readiness appropriate for
application/service
Helps in improving data availability Drives the choice of data protection

technologies/solutions

Measurement of Data Availability
Data availability is measured as percentage of uptime in a given year.
Data Availability = — ———

Operating Time
:
Downtime
Operating Time
x 100
Measurement of Data Availability - MTBF and MTTR
Data availability is also measured as a factor of the reliability of

components or services—as reliability increases, so does availability. It is
calculated as the mean time between failure (MTBF) divided by the MTBF
plus the mean time to repair (MTTR).
• MTBF is the average time available for a component or a service to

perform its normal operations between failures. It is calculated as the
total uptime divided by the number of failures.
• MTTR is the average time required to repair a failed component or
service.
MTBF
Data Availability = MTBF+ MTTR x 100
For details of this method, select here.

Causes of Data Unavailability
The following Image illustrates the various causes of data unavailability.
For information about the causes of data unavailability, select here.

Impacts of Data Unavailability
The following Image illustrates the various impacts of data unavailability.
Select the highlighted boxes on the image for more information

about the impacts.
1: The loss of productivity can be measured in terms of the salaries,

wages, and benefits of employees that are made idle by an outage. It can
be calculated as - Number of employees impacted x hours of outage x
hourly rate.
2:
• Revenue recognition
• Cash flow
• Lost discounts
• Payment guarantees
• Credit rating
• Stock price

3: Loss of revenue includes:
• Direct losses
• Compensatory payments
• Future revenue losses
• Investment losses
4: The damage to reputation may result in a loss of confidence or

credibility with customers, suppliers, financial markets, banks, and
business partners.
5: The other possible consequences of outage include the cost of

additional rented equipment, overtime, and extra shipping.
Data Protection in a Data Center
• A data center provides centralized data-processing capability. It is

used to provide worldwide access to business applications and IT
services over a network, commonly the Internet.
• A data center usually stores large amounts of data and provides
services to a vast number of users. Therefore, data protection in a data
center is vital for carrying out business operations.
Server-to-server Data Copy Data Center B(NorthAmerica)
Management
Servers
Data Center A(Europe)

Knowledge Check: Data Protection Primer
Knowledge Check: Data Protection Primer
Knowledge Check Question
1. What is the availability of a computer with MTBF = 8000 hours and

MTTR = 12 hours?
a. 99.5%
b. 98.9%
c. 90%
d. 99.8%

Data Center
Data Center
Data Center
Objectives
• Define a data center and its components.

• Explain compute, storage, and connectivity elements of a data center.
• List the characteristics of a data center.

Data Center
Introduction to Data Center
• A data center is a dedicated facility where an organization houses,

operates, and maintains its IT infrastructure along with other
supporting infrastructures.
• A data center may be constructed in-house and located in an
organization’s own facility, or it may be outsourced, with equipment
being located at a third-party site.
A data center typically consists of the facility, IT equipment, and support

infrastructure. Select each tab for more information.
Facility
It is the building and floor space where the data center is constructed. It
typically has a raised floor with ducts underneath holding power and
network cables.
IT equipment
It includes components such as compute systems, storage, and

connectivity elements along with cabinets for housing the IT equipment.
Support infrastructure
It includes power supply, fire and humidity detection systems; heating,

ventilation and air conditioning (HVAC) systems; and security systems
such as biometrics, badge readers, and video surveillance systems.

Data Center
Data Center IT Equipment – Compute System
Components of a compute system
• A compute system is a computing device (combination of hardware,

firmware, and system software) that runs business applications.
− Examples of compute systems include application servers,

desktops, laptops, and mobile devices.
Types of Compute System
Select each compute system type for more information.

Data Center
Tower Compute System Rack-mounted Compute System Blade Compute System
1: It is built in an upright standalone enclosure called a “tower”, which

looks like a desktop cabinet. Tower compute systems typically have
individual monitors, keyboards, and mice. They occupy significant floor
space and require complex cabling when deployed in a data center.
2: It is a compute system designed to be fixed inside a frame called a

“rack”. It is also known as a rack server. A rack is a standardized
enclosure containing multiple mounting slots called “bays”, each of which
holds a server in place with the help of screws.
3: It is an electronic circuit board containing only core processing

components, such as CPU(s), memory, integrated network controllers,
storage drive, and essential I/O cards and ports. It is also known as a
blade server. It is housed in a slot inside a blade enclosure (or chassis),
which holds multiple blades and provides integrated power supply,
cooling, networking, and management functions.

Data Center
Data Center IT Equipment – Storage
Storage devices are assembled
reliability, and security.
Select image to enlarge
• Storage devices (or simply “storage”) are devices consisting of non-

volatile recording media on which digital data can be persistently
stored.
• Storage may be internal (for example, internal hard disk drives, SSDs),
removable (for example, memory cards), or external (for example,
magnetic tape drive) to a compute system.
For information, select here.

Data Center
Data Center IT Equipment – Connectivity Elements
Network Adapters
Servers
Network Cables
OSI layer-2 OSI Layer-3

Switch Router
Storage Systems
Connectivity elements (Select image to enlarge)
Connectivity elements create communication paths between compute

systems and storage for data exchange and resource sharing.
Examples of connectivity elements are as follows:
• Open Systems Interconnection (OSI) layer-2 network switches

• OSI layer-3 switches or routers
• Cables
• Network adapters such as an NIC

Data Center
Data Center in a Box – Converged Infrastructure
Compute
Storage
Network
Converged Infrastructure (Select image to enlarge)
• IT components that make up a data center can be packaged into a

single, standalone computing box, called converged infrastructure.
− The package is a self-contained unit that can be deployed
independently or aggregated with other packages to meet
additional capacity and performance requirements.
• Components of a converged infrastructure may include compute
systems, data storage devices, networking equipment, and software
for IT infrastructure management, data protection, and automation.
For characteristics and areas of concern of converged infrastructure,

select here.

Data Center
Data Center in a Box – Hyper-converged Infrastructure
Set up new systems

4.5X faster.
Scale in 5 minutes.
Lower TCO by 30%.
Deploy a fully-
virtualized environment
in just 20 minutes
Hyperconverged Infrastructure (Select image to enlarge)
• Hyperconverged Infrastructure (HCI) combines the datacenter

components of compute, storage, virtualization, and storage
networking into a distributed infrastructure platform, managed by
software.
• The intelligent HCI software can create flexible building blocks, thereby
replacing legacy infrastructure, including separate servers, and storage
networks and arrays.
− Allows organizations to plan and size their workloads accurately

and enables flexible and easy scaling.
− Unlike Converged Infrastructure (CI), which relies on hardware and
uses physical building blocks, HCI is software-defined. Moreover,
HCI is more flexible and scalable than CI.

Data Center
Characteristics of a Data Center
A data center should have the following key characteristics:
Select each characteristic in the given image for more details.
1: Continuous availability: A data center should ensure 24x7x365

availability of data to provide anytime, anywhere data access.
2: Software-defined: A software-defined data center supports software-

centric control of data center resources. A controller software that is
decoupled from hardware sends instructions to the hardware components
to perform the required operations.
3: IT-as-a-service: A data center should adopt the IT resource delivery as

a service paradigm. This enables the IT department of an organization to
become a utility to the business and deliver IT resources as services for
convenient consumption by business units. IT services are maintained in a
service catalog which enables users to provision resources in a self-
service manner.

Data Center
4: Multi-layered security: Multiple layers of security help in mitigating the

risk of security threats in case one layer is compromised. An attacker must
breach each layer to be successful. This, in turn, provides additional time
to detect and respond to an attack.
5: Virtualization: It is the process of abstracting physical resources, such

as compute, storage, and network, and creating virtual resources from
them. A virtualized data center provides the flexibility to create and reclaim
virtual resources dynamically.
6: On-demand scalability: The data center IT infrastructure should be

designed for scalable computing. This enables the IT resources to scale-
up, down, in, and out quickly as the demand for resources grows and
shrinks.

Knowledge Check: Data Center
Knowledge Check: Data Center
1. 'Hyperconverged infrastructure (HCI) combines the datacenter

components of compute, storage, virtualization, and storage
networking into a distributed infrastructure platform, managed by
hardware.' State whether this statement is true or false.
a. True
b. False

Data Protection and Availability Solutions
Objectives
• Explain data protection and availability solutions and their benefits.

• Demonstrate the evolution of data protection solutions.
• Define the data protection terminologies.
• List data protection management activities.

Introduction to Data Protection and Availability

Solutions
• Data protection and availability solutions assure that the data is safe
and accessible to the intended users at a required level of
performance.
− Different solutions may be used in the same data center

environment.
Data protection and availability solutions are as follows:

Data Protection Terminologies - Disaster Recovery
A disaster may impact the ability of a

data center to remain up and provide
services to users. This, in turn, may
cause data unavailability. Disaster
recovery (DR) mitigates the risk of
data unavailability due to a disaster. It
involves a set of policies and
procedures for restoring IT
infrastructure including data that is
required to support the ongoing IT
services after a disaster occurs.
Data Protection Terminologies - RPO and RTO
When designing a data availability strategy for an application or a service,

organizations must consider two important parameters that are closely
associated with recovery.
Recovery Point Objective (RPO)
• Point-in-time to which data must be recovered after an outage.
− Defines the amount of data loss that a business can endure.

− Select here1 to learn more about RPO.
1Based on the RPO, organizations plan for the frequency with which a
backup or replica must be made. For example, if the RPO of a particular
business application is 24 hours, then backups are created every
midnight. The corresponding recovery strategy is to restore data from the
set of last backups. An organization can plan for an appropriate data
protection solution on the basis of the RPO it sets.

Recovery Time Objective (RTO)
This is the time within which systems and applications must be recovered
after an outage. It defines the amount of downtime that a business can
endure and survive. Based on the RTO, an organization can decide which
data protection technology is best suited. The more critical the application,
the lower the RTO should be.
• Time within which systems and applications must be recovered after

an outage
− Defines the amount of downtime that a business can endure and

survive.
− Select here2 to learn more about RTO.
Both RPO and RTO are counted in minutes, hours, or days and are
directly related to the criticality of the IT service and data. Usually, lower
the RTO and RPO, higher the cost of a data protection solution or
technology.
2 Based on the RTO, an organization can decide which data protection

technology is best suited. The more critical the application, the lower the
RTO should be.

Time
RPO = Amount of data loss that a RTO = Amount of downtime that a business
business can endure can endure
RPO and RTO Illustration (Select image to enlarge)
Fault-tolerant IT Infrastructure
Fault-tolerant IT infrastructure (Select image to enlarge)
A fault-tolerant IT infrastructure is designed based on the concept of fault

tolerance.

• Provides continues services in case some of the IT infrastructure

components fail.
• Improves the availability of data and services.
Data Backup
Data Backup
Backup Data
Backup Server/
Media Server
Application Servers Backup Storage
Primary Storage
• Data backup is the process of making a copy of primary data for the
purpose of restoring the original data in the event of data loss or
corruption.
• Select here3 to learn more about data backup.
3 The backup data should not be kept in the same storage device where
the original data is stored. Otherwise, both the original data and the
backup data will be lost if physical damage occurs to the storage device.
Often, data backups are performed both within and between sites or data
centers. The local backup within a site enables easy access to the backup
data and quick recovery. The backup data at the remote site (cloud)
provides protection against a disaster.

Data Replication
Data Replication
Data Replication
Replica Storage
• Data replication is the process of creating an exact copy (replica4) of

the data so that the data copy may be used to restore the original data
in the event of a data loss or corruption, or to restart business
operations in case the primary storage is not operational.
• Replication can be performed both within and across data centers or
cloud.
4A replica can also be used to perform other business operations such as

backup, reporting, and testing. Data replication is similar to data backup,
but, it provides higher availability because the replica can be made
operational immediately after the primary storage failure.

Data Archiving
Data Archiving
Data Archive
Application Servers
• Data archiving is the process of identifying and moving inactive data

from primary storage systems to lower cost storage systems, called
data archives, for long term retention.
− A data archive stores older but important data that is less likely to
be accessed frequently.
• Data archiving provides the following advantages:
− Assures data availability on a long-term basis.

− Meets data retention requirements.
− Reduces primary storage consumption and related costs.
− Reduces the amount of data that must be backed up.

Data Migration
Data Migration
Existing Storage System
Data migration is the process of moving data between storage systems or

compute systems.
• Data migration is the process of moving data between storage systems

or compute systems.
• Data migration has several use cases5.
5 For example, before a scheduled system maintenance, data is

transferred to another system to ensure continuous data availability. In
another case, when a technology or a system upgrade occurs the existing
data needs to be moved to a new system before withdrawing the old
system to avoid downtime. Another example is to move data from one
cloud service provider to another.

Data Security
• Data security refers to the countermeasures that are used to protect

data against unauthorized access, deletion, modification, or disruption.
− It provides protection against security threats that can potentially
destroy or corrupt data and cause data and service unavailability.
• Security countermeasures include the implementation of tools,
processes, and policies that can prevent security attacks on
infrastructure components and services.
• Select here6 to learn about security solution.
6 There are solutions like Dell PowerProtect Cyber Recovery, which offer
protection to organizations against ransomware and other devastating
attacks. With such a solution in place, the organization is equipped with
immutable clean backups, kept safely in their vault, even in the case of
production or backup data infiltration. This way the organization can
protect itself from huge data and revenue losses and minimize downtime
because of data unavailability.

Data Protection as a Service

I want to back up my files, so that I can retrieve from
anywhere, anytime. Data backup to cloud
Cloud
My organization needs a remote data protection service to
eliminate the risk of downtime due to a disaster.
cloud
Data
c\°°
4^
My organization wants to outsource non-critical

My organization needs a secured online archive for long applications to free up resources for high value
term data retention. projects.
• Disaster Recovery as a Service is offered by the cloud service

providers to its clients to safeguard the client's data and IT
infrastructure in the cloud environment in case of a disaster.
− This service provides DR orchestration to restore the functionality

of the IT infrastructure of the client, after the disaster, using a SaaS
solution.

Data Protection Management Activities
Select the highlighted boxes in the given image for more information about
the data protection management activities.
0
X X X
Troubl
Gathering information on
resources and checking status of Identifying the root cause of
protection operations issues and resolving the issues
CapaciK anning
Estimating the amount of
resources required for data
Re 2 ng protection and forecasting
Resource 5 imization
capacity requirement
Presenting the details on Improving the overall utilization and
performance, capacity, performance of IT resources
configuration, and chargeback
1: Monitoring: It helps in gathering information on various resources and

checking the status of data protection operations in a data center.
Monitoring involves tracking configuration errors that may fail a recovery,
violations of data protection policies, availability of components, backup
operations that exceed the backup window, missed SLAs, and resource
utilization.
2: Reporting: It involves collating and presenting the monitored

parameters such as resource performance, capacity, and configuration.
Reporting enables data center managers to analyze and improve the data
protection operations, avoid failures, reduce missed SLAs, and plan for
resource procurement. It also helps in establishing business justifications
and chargeback of costs associated with data protection operations.
3: Capacity planning: It involves estimating the amount of IT resources

required to support backup, replication, and archiving operations and meet
the changing capacity requirements. It also involves analyzing the
capacity consumption trends and forecasting future capacity requirements.
4: Troubleshooting: It resolves backup, replication, and archiving-related

issues in the data center so that data protection services can maintain
their operational state. It involves identifying and correcting the reason for
an issue.

5: Resource optimization: It involves improving the overall utilization and

performance of IT resources. It leverages the data collected during
monitoring to get visibility of the under-utilized and over-utilized resources,
underperforming components, and deviations from committed service
levels. This helps in improving performance, reducing spending,
preventing downtime, and meeting service level targets.

Knowledge Check: Data Protection and Availability Solutions
Knowledge Check: Data Protection and Availability

Solutions
1. Match the given concepts with their correct definitions.
A. Data C The process of creating an exact

security copy of the data so that the data
copy may be used to restore the
original data in the event of a
data loss or corruption
B. Data B The process of moving data

migration between storage systems or
compute systems
C. Data A The countermeasures that are

replication used to protect data against
unauthorized access, deletion,
modification, or disruption
D. Data D The process of identifying and

archiving moving inactive data from
primary storage systems to
lower cost storage systems for
long term retention

Concepts in Practice
Dell VxBlock 1000
The VxBlock System 1000 is a Converged Infrastructure solution that

combines industry-leading technologies – including powerful Dell storage
and data protection options, Cisco UCS blade and rack servers, Cisco
LAN and SAN networking, and VMware virtualization and cloud
management – into one fully integrated system. It leverages its deep
VMware integration to simplify automation of everything from daily
infrastructure provisioning tasks to lifecycle management with VMware
Cloud Foundation.
VxBlock provides a single unified interface and access point for converged
infrastructure operations. It dramatically simplifies daily administration by
providing enhanced system-level awareness, automation, and analytics.
Dell VxRail
VxRail is a Hyperconverged infrastructure consisting of common modular

building blocks powered by the best-in-class VxRail HCI System Software
that allows customers to start small and grow, scaling capacity and
performance easily and non-disruptively. Built on PowerEdge servers with
a choice of Intel® Xeon® Scalable or AMD EPYC™ processors, VxRail is
configurable with multiple compute, memory, storage, network and
graphics options to cover a wide variety of applications and workloads,
and is continuously adopting new technologies like NVMe storage, 100
Gb/s networking, SmartDPUs, and NVIDIA Data Center GPUs to deliver
application performance, availability, and diversity for the workloads of
tomorrow.
VxRail HCI System Software ensures workloads are always up and

running with intelligent lifecycle management (LCM) that non-disruptively
automates upgrades, patches, node additions and node retirement to
ensure that VxRail infrastructure maintains a continuously validated state.

Exercise - Introduction to Data Protection

1. Present Scenario:
The exercise scenario is as follows:
• A storage system is used to provide a data archiving service.
• The scheduled operating time of the service = 24×365 hours.
• MTBF of the storage system = 10000 hours.
• MTTR of the storage system = 12 hours
• Last year the storage system failed twice.
• Storage system failures resulted in a service downtime of three

days.
2. Expected Deliverables:
The following are your deliverables for this exercise:
• What is the expected availability of the storage system?
• What are the expected annual uptime and downtime of the storage
system?
• What is the achieved availability of the data archiving service in the

last year?

Solution
Availability is calculated as: MTBF/(MTBF+MTTR)×100
Here, expected availability of the storage system
= 10000 / (10000 + 12) × 100
= 0.9988 × 100
= 99.88 %
Scheduled operating time of the service = 24 × 365 hours = 8760 hours
Expected annual uptime of the storage system = 8760 hours per year ×
(0.9988) ≈ 8749.5 hours
Expected annual downtime of the storage system = 8760 hours per year ×
(1 − 0.9988) ≈ 10.5 hours
Achieved availability of the service in the last year = (Operating Time -

Downtime)/(Operating Time) × 100 = (8760 - (24 × 3)) / 8760 × 100
= 0.9918 × 100
= 99.18 %

Data Protection Architecture


Data Protection Architecture: Overview
Why Data Protection Architecture?
Data protection without an intentional architecture result in an accidental

architecture.
The reasons why it is required are:
• Unclear ownership of processes and resources.

• Multiple unconnected tools and no central visibility.
• Complexity in scaling resources.
• Difficulty in meeting SLAs.
• Challenges in ensuring and reporting on compliance and governance
requirements.
• Expenditure increases manifold with data growth.
For more information click here.

Data Protection Architecture has three core components:
• Data source
• Protection application and storage
• Data security and management
Interaction Data Protection Interaction

Architecture
1: It is the source of the data that must be protected. The data source can
be a business application, a hypervisor, or primary storage.
2: Data security involves implementing various kinds of safeguards or

controls to lessen the risk of a vulnerability in the data source and
protection components. Governance, Risk, and Compliance (GRC) help in
planning and implementing security controls. GRC ensure that all

operations are performed in accordance with an organization's internal

policies and external regulations.
3: Data protection management provides visibility and control of the

components and protection operations. Visibility is provided through the
discovery of data source and protection elements. Control is enabled by
means of operations management and orchestration. It also ensures that
the data protection services meet the SLAs.
4: Both the protection application and the protection storage interact with
the data sources. During interaction, they can identify the data that needs
protection.
• Protection Application: A packaged application running on a

compute system or a data protection feature embedded in any IT
equipment.
• Protection Storage: Built for data protection. The protection storage
may be deployed by an organization in its data center within its own
premises or may exist in the cloud.
5: The data security and management component interacts with other

components of the data protection architecture to exchange data,
command, and status.
Note: The data protection architecture is based on the

concept of a fault-tolerant data center infrastructure that
assures continuous availability of data and services.

Data Source – Application and Hypervisor
Objectives

→ Understand business applications.
→ Define Application Programming Interface.
→ Understand how hypervisor works.
→ Describe virtual machines.
→ Understand the concept of a virtual appliance.
→ Define the concept of containers and understand the key difference
between containers and VMs.

Data Source- Business Application
Business application is software or a tool that is used by business users to

perform various business operations7. Business applications also:
• Helps in increasing productivity.

• Provides user interfaces – CLI, GUI.
• Provides API for application-to-application interaction
For more details, select here.
7 Helps in increasing the productivity of a business. A business application

is specific to the operation(s) it is designed for. It can be a proprietary,
commercial off-the-shelf (COTS), or customized third-party product.

Application Programming Interface
API Example (Select image to enlarge)
• A set of programmatic instructions and specifications that provides an

interface for software components to communicate with each other.
• Specifies a set of routines or functions that can be called from a
software, allowing it to interact with the software providing the API.
• Enables communication with an application without understanding its
underlying architecture.
− APIs8 may be precompiled code that is leveraged in programming

languages and can also be web-based.
8 The image shows an API routine (for instance,

API_Routine_SendCopy()) that is called by a backup application. The
backup application uses the API routine of the database application to
pass a list of data sets to be backed up. The database application begins
to send the copy of data sets in sequential order to the backup storage.

Many modern applications leverage REST APIs9 to allow orchestration

and interaction between applications outside of the GUI.
Data Source- Hypervisor
A hypervisor10 is a software that allows multiple operating systems11 (OSs)

to share and run concurrently on a single compute system.
Hypervisor (Select image to enlarge)
• Each Virtual Machine (VM) is isolated from the other VMs on the same
physical compute system.
• The isolation also provides fault tolerance so that if one VM crashes,
the other VMs remain unaffected.
9 A REST API is an application program interface (API) that uses HTTP

requests to Get, Put, Post, and Delete data. An API for a website is code
that allows two software programs to communicate with each other.
10 The hypervisor provides a compute virtualization layer that abstracts the
physical hardware of a compute system from the OS and enables the

creation of multiple VMs.
11 Each OS runs on a logical compute system which is defined as a virtual
machine (VM).

• A VM appears as a physical compute system with its own CPU,

memory, network controller, and disks.
• The compute system on which a hypervisor is running is called a host
machine and each VM is called a guest machine.
• A compute system can be configured with hypervisor12 and without
hypervisor13.
• The OS that is installed on a guest machine is called a guest OS14.
For more information about hypervisor, select here.
12 Multiple VMs and applications run at a time. Improved resource

utilization. Consolidation of application servers. Increased management
efficiency.
13 Typically one application runs at a time. Underutilized compute
resources. Proliferation of application servers. Management inefficiency.

14 An application can run on the guest OS.

Virtual Machine
A Virtual Machine (VM) is a logical compute system with virtual hardware

on which a supported guest OS and application run. From the perspective
of the guest OS, a VM appears as a physical compute system.
VM hardware components (Select image to enlarge)
• Each VM has its own configuration for hardware, software, network,

and security.
− Hardware and software are configured to meet the application’s
requirements.

• The image shows the typical virtual hardware components15 of a VM.

• VM is a discrete set of files such as - Configuration file16, virtual disk
file17, Memory state file18 and Log file19.
− For managing VM files, a hypervisor may use a native clustered file

system20.
To learn more about virtual machine, select here.
Virtual Appliance
A virtual appliance is a preconfigured VM preinstalled with a guest OS and

an application dedicated to a specific function. Virtual appliances are used
for different functions such as load balancing, firewall, routing of packets,
and data backup.
15 This includes virtual CPU(s), virtual motherboard, virtual RAM, virtual

disk, virtual network adapter, optical drives, serial and parallel ports, and
peripheral devices.
16 Stores the VM’s configuration data, including VM name, location, BIOS
information, guest OS type, number of CPUs, memory size, number of

adapters and associated MAC addresses, and SCSI controller type.
17 Stores the content of a VM’s disk drive. A VM can have multiple virtual
disk files, each of which appears as a separate disk drive to the VM.
18 Stores the memory contents of a VM and is used to resume a VM that is
in a suspended state.
19 Used to keep a record of the VM’s activity and is often used for
troubleshooting purposes.
20 A clustered file system can be mounted on multiple compute systems
simultaneously. This enables multiple compute systems running

hypervisor to access the same file system simultaneously.

• Virtual appliances21 are not so different from the physical appliances

which are used in kitchen, office, and data centers to perform specific
tasks.
• Created using Open Virtualization Format (OVF)22 and simplifies the
deployment of an application.
Traditional Application Virtual Appliance Deployment

Deployment
Deploy an application on a VM is Deployment is faster

time-consuming and error-prone
It involves setting up a new VM, The VM is preconfigured and has

installing the guest OS and then preinstalled software
the application
More expensive Less expensive
To learn about deployment of virtual appliance image in a cloud

environment, select here.23
21 The virtual appliance is a software packaged into a virtual format that is

quickly and easily deployed on a hypervisor.
22 An open hypervisor-independent packaging and distribution format.
23 Virtual appliance image should be uploaded in the cloud’s image
repository before deploying it in a cloud environment.

Appliance should be planned in such a way that it can easily run on the
hypervisor that is used in the organization’s cloud environment.
Performance is limited to the resources of the hypervisor and it may
compete for resources with other VMs running on the same hypervisor.
When deploying a virtual appliance, VM attributes need to be described by
providing the virtual appliance’s metadata. Metadata contains attributes of
virtual machine such as RAM size and number of processors.

Containers
Container
• Containerization is an operating system-level virtualization method that

simplifies application deployment and requires fewer resources than
virtual machines. Containers are application-centric methods that:
− Delivers microservices by providing portable, isolated virtual

environments for applications to run without interference from other
running applications.
− Bundles applications with the software libraries that they depend
on, allowing developers to create “build once, run anywhere” code
making applications very portable.
− Becomes the norm for modern applications and cloud-native
applications.
To learn more about containers, select here.

Containers vs. VMs
1
VM container^
App 1 | App 2 App 3
Bins/Libs | Bins/Libs Bins/Libs

Operating System
Container Engine
Hypervisor
Containers vs. VMs (Select image to enlarge)
Containers VMs
Shared Operating Separate Operating System

System
Small Image Footprint, Large Image Footprint, (GB)

(MB)
Quick start times Full boots
Stateless Stateful
Easily transportable Not easily portable, (exports/conversions/etc)

Knowledge Check: Application and Hypervisor
Knowledge Check: Application and Hypervisor
1. Which of the following statements are correct?

a. A hypervisor abstracts the business application from the guest
OS.
b. An API enables interaction between a user and a business
application.
c. A hypervisor allocates the processing and memory resources to
each VM.
d. A virtual appliance has direct access to the hardware of a physical
compute system.
e. Each VM is isolated from the other VMs on the same physical
compute system.

Data Source – Primary Storage
Objectives

→ Describe primary storage devices and the system architecture.
→ Understand scale-up and scale-out architecture.
→ Understand common types of primary storage systems.
Primary Storage Device
Storage system environment (Select image to enlarge)
• A primary storage device is the persistent storage for data used by

business applications to perform transactions.
• Data from a primary storage device can be copied or moved directly to
a protection storage to run business applications and hypervisors.
For detailed information about primary storage device, selecthere.

Architecture of Primary Storage Systems
Storage system architecture (Select image to enlarge)
A primary storage system has two key components – controller and

storage.
• Controllers are connected to the compute systems either directly or via

a network. They read or write data to the storage while processing the
I/O requests from the compute systems.
• A primary storage system can have all hard disk drives (HDDs), all
solid state drives (SSDs), or a combination of both. It may contain
several storage drives to provide petabytes of storage capacity.

Scale-up and Scale-out Architecture
A storage system may be built either based on a scale-up or a scale-out

architecture.
Select on "Scale-up" or "Scale-out" in this image for more information

about the architecture.
none 5 1 >
none
i— Storage
Storage System
1:
It provides the capability to scale the capacity and performance of a single

storage system based on requirements. Scaling up a storage system24
involves upgrading or adding controllers and storage.
2:
24Storage systems typically have a fixed capacity ceiling, which limits their
scalability. Performance may also start to degrade when reaching the
capacity limit.

• It provides the capability to maximize storage capacity and

performance by simply adding storage nodes consisting of multiple
controllers and storage devices to a cluster of nodes.
− This provides the flexibility to use many storage nodes up to the
limit supported by a cluster of moderate performance and capacity
to produce a total storage system that has large aggregate
performance and capacity.
• Scale-out architecture pools the storage resources in the cluster and
distributes the workload across all the storage nodes.
− This results in linear performance improvement as more storage

nodes are added to the cluster.
Common Types of Primary Storage System
Based on the supported level of data access, primary storage systems

can be classified as:
SAN-Attached Storage
Data Center 1 Data Center 2
SAN environment (Select image to enlarge)

A SAN-attached storage is a block-based storage system.
• SAN connects block-based storage with each other and to the

compute systems.
• SAN-attached storage improves the utilization of storage resources
compared to a direct-attached storage (DAS) environment.
− This reduces the total amount of storage that an organization needs
to purchase and manage.
− Storage management becomes centralized and less complex,
which further reduces the cost of managing data.
• The long-distance SAN25 connectivity enables:
− The compute systems across locations to access shared data.

− Replication26 of data between SAN-attached storage systems that
reside in separate locations.
25 With long-distance SAN, data transfer between SAN-attached storage

systems can be extended across geographic locations. The long-distance
SAN connectivity facilitates remote backup of application data. Backup
data can be transferred through a SAN to SAN-attached backup storage
that may reside at a remote location. This avoids the need to ship backup
media such as tapes from the primary site to the remote site and removes
the associated pitfalls such as packing and shipping expenses and the risk
of losing tapes in transit.
26 The replication over long-distances helps in protecting data against local
and regional disaster.

Network-Attached Storage (NAS)
NAS Clients
NAS Device
NAS environment (Select image to enlarge)
NAS27 is a dedicated, high-performance file sharing28 and storage device.
• Administrators create file systems on NAS systems, create shares, and

export shares to NAS clients.
• Enables clients to share files over an IP-based network.
− It enables both UNIX and Microsoft Windows users to share the
same data.
• Uses file-sharing protocols such as CIFS and NFS to provide access to
the file data.
• NAS device uses its own OS and integrated hardware and software
components to meet specific file-service needs.
− Helps in performing file-level I/O better than a general-purpose

server.
− Can serve more clients and provides the benefit of server
consolidation by eliminating the need for multiple file servers.
27 Also referred as unstructured storage which is used to store

unstructured data.
28 File sharing, as the name implies, enables users to share files with other
users.

Object Based Storage Device (OSD)
Application Server
Object storage environment (Select image to enlarge)
OSD stores data in the form of objects on a flat address space29. All
objects exist at the same level and an object cannot be placed inside
another object.
• Object stored in an OSD is identified by a unique identifier called the

object ID30.
• OSD provides a metadata service that is responsible for generating
object ID from the content of a file.
− Metadata service maintains the mapping of the object IDs and the
file system namespace.
• When an application server sends a read request to the OSD, the
metadata service retrieves the object ID for the requested file.
− The object ID is used to retrieve and send the file to the application
server.
29 Unlike file systems that have restrictions on the number of files,

directories and levels of hierarchy, the flat address space has no hierarchy
of directories and files. As a result, billions of objects can be stored in a
single namespace.
30 The object ID allows easy access to objects without the need to specify
their storage locations.

Unified Storage
Application Servers and NAS Clients
Block File Object

Request Request Request
SAN- attached Storage NAS OSD

Functionality Functionality Functionality
Unified Controller
Block
Request
Storage
Unified Controller
Unified storage system environment (Select image to enlarge)
Unified storage31 is a single storage system that consolidates block-level,

file-level, and object-level access and is managed centrally. It combines
SAN-attached storage functionality, NAS functionality, and OSD
functionality in a single system.
• In some implementations, there are dedicated or separate controllers

for handling block I/O, file I/O, and object I/O.
• The sharing of the storage resources increases storage utilization.
− Reduces the capital expenditure (CAPEX) on new storage
resources and the associated operational expenditure (OPEX).
• Eliminates the guesswork associated with planning for block, file, and
object storage capacity separately.
31Unified storage includes a unified controller. The unified controller is

capable of processing block-level, file-level, and object-level I/O requests
concurrently.

Knowledge Check: Primary Storage
Knowledge Check: Primary Storage
1. Which of the following types of primary storage system provides file-

level access? Choose all that apply.
a. SAN-attached storage
b. Network-attached storage
c. Object-based storage device
d. Unified storage

Protection Application and Storage
Objectives

→ Explain the functions of protection applications.
→ Understand the concept of protection storage.
→ Describe disk-based protection storage.
→ Describe tape-based protection storage.
→ Explain virtual tape library.
Data Protection and Availability Products Overview
1: A backup application is software that creates a copy of the data so that

the backup copy can be used to restore the original data in the event of
data loss or corruption.
The key functions of backup and recovery application are:
• Provides a user interface to centrally manage the backup environment.

• Allows the backup administrator to perform backup and recovery
configurations.
• Create a copy of backup data (Cloning).

• Transfer data from one storage device to another (Staging).

• Integrate with deduplication software to eliminate redundancy in
backup data.
2:
A replication application is a software32 that creates a copy (replica) of the

data so that the data copy may be used to restore the original data in the
event of a data loss or corruption, or to restart business operations in case
the primary storage is not operational.
The key functions of a replication software are:
• Create both local and remote copies of data33.

• Performs data migration that moves data between storage systems or
compute systems.
• Perform compression and encryption when transferring data to the
remote location for reducing network bandwidth and improving data
security.
3: The key functions of data archiving application are:
• Identifies and moves inactive data out of primary storage systems into
lower cost storage systems, called data archives, for long term
retention.
• Creates a stub file34 on the primary storage after moving the original
data to archive storage.
32 Replication software can run on a compute system, a storage system,

or on an appliance.
33 Typically a technology or a system upgrade requires the existing data to
be moved to a new system before withdrawing the old system to avoid

downtime.
34 The stub file contains the address of the archived data.

• Performs retrieval of archived data when required by the client.

• Creates index35 archived data to facilitate user searches and data
retrieval.
4: The key functions of Data management application are:
• Provides end-to-end visibility of data protection environment.

• Stores data across cloud environment and on-premise.
• Analyzes data while it is in use to obtain live and real-time results.
• Ensures data is used, managed, and retained in compliance with
regulations.
• Optimizes tools and storage to minimize the cost of using and storing
data.
• Helps in consolidating reports, correlating issues to find root cause,
and tracking migration of data and services.
• A packaged application running on a compute system or a data

protection feature embedded in any IT equipment.
• Organizations implement data protection and availability applications
such as management, backup, replication, and archiving. These
applications help to:
− Protect the data from accidental deletion, application crashes, data

corruption, and disaster.
− Ensure data availability on a long-term basis and helps
organizations to meet compliance requirements.
35By utilizing the index, users may also search and retrieve their data with
the web search tool.

Protection Storage Overview
Primary
Storage
Device
Protection storage environment (Select image to enlarge)
• Protection storage is used to store the data to be protected.

• Organizations typically use tape-based and disk-based protection
storage.
• Protection storage36 can be deployed within a data center or may exist
in the cloud.
36Typically organizations have protection storage at the remote data

center for DR purpose.

Disk-based Protection Storage
Types of disk-based data protection storage
Disk density has increased dramatically over the past few years, lowering
the cost per gigabyte to the point where disk is a viable protection storage
option for organizations.
Types of disk-based data protection storage are:
• SAN-attached Storage
• Network-attached Storage (NAS)
• Object-based Storage
• Cloud-based Storage

To learn about the benefits of disk-based protection storage, select here.37
Tape-based Protection Storage
Tape Library
37 Provides enhanced performance, scalability, and reliability.

Offers faster recovery when compared to tapes. In addition, these
protection storage systems come with RAID or erasure coding features to
protect data from loss.
Supports replicate data to a remote site to help an organization comply
with off-site requirements. This avoids the need to ship tapes from the
primary site to the remote site and thus reduces the risk of losing tapes in
transit.
Includes features such as data deduplication, compression, and
encryption to support various business objectives.

1: A tape library contains one or more tape drives that record and retrieve
data on magnetic tape.
2: A tape cartridge is composed of magnetic tape in a plastic enclosure.

Tape cartridges are placed in slots when not in use by a tape drive.
3: Robotic arms are used to move tapes around the library such as
moving a tape drive into a slot.
4: Used to add or remove tapes from the library without opening the
access doors because opening the access doors causes a library to go
offline.
A tape library is a tape-based protection storage system that has tape

drives and tape cartridges, along with a robotic arm or picker mechanism
as shown in the image.
To learn more about tape devices, select here38.
38A low-cost, portable solution and can be used for long-term, off-site
storage. Physical transportation of tapes to offsite locations also adds
management overhead and increases the possibility of loss of tapes
during offsite shipment.
Must be stored in locations with a controlled environment to ensure
preservation of media and prevention of data corruption.
Highly susceptible to wear and tear and may have a short shelf life.
Traditional backup process using tapes is not optimized to recognize
duplicate content.
Storing and retrieving the data takes more time with tape.
Data integrity and recoverability are also major issues with tape-based
media.

Virtual Tape Library
• Disks are emulated and presented as tapes to backup software.
• Does not require any additional modules or changes in the legacy
backup software.
− Emulation software has a database with a list of virtual tapes, and
each virtual tape is created on a disk.
• Provides better performance, reliability, and random disk access
characteristics over physical tape.
• Does not require the usual maintenance tasks associated with a
physical tape drive such as periodic cleaning and drive calibration.
• Offers several features that are not available with physical tape
libraries such as replication.
Knowledge Check: Protection Storage Overview
Knowledge Check: Protection Storage Overview
1. Which type of protection storage provides portability of media?

a. Disk storage
b. Tape storage
c. Virtual tape storage

Data Security and Management
Objectives

→ Explain the goals of data security and management.
→ Understand governance, risk, and compliance.
→ Define security threats and controls.
→ Describe key data protection management functions.
Introduction to Data Security and Management
Data Security and Management functions:

C onfidentiality
• Helps in protecting data, data sources,
and protection components from I ntegrity
unauthorized access, modification, and
disruption.
A vailability
• Involves implementing various kinds of

countermeasures or controls, in order to lessen the risk of an
exploitation or a vulnerability in the data source and protection
components.
• Controls secure implementation of data based on the organization’s
governance, risk mitigation, and compliance requirements.

The goal of data security is to provide confidentiality39, integrity40, and

availability41, commonly referred to as the security triad or CIA.
Governance, Risk, and Compliance (GRC)
Governance, Risk, and Compliance (GRC)

G overnance
helps an organization to ensure that their
acts are ethically correct and in
R isk
accordance with their risk appetite (the risk
level an organization chooses to accept),
C ompliance
internal policies, and external regulations.
Governance • Governance determines the purpose, strategy, and

operational rules by which organizations are
directed and managed.
− For example, governance policies define the

access rights to users based on their roles and
privileges.
39 Confidentiality provides the required secrecy of data to ensure that only

authorized users have access to data.
40 Integrity ensures that unauthorized changes to data are not allowed.
Also ensure to detect and protect against unauthorized alteration or

deletion of data.
41 Availability ensures that authorized users have reliable and timely
access to data and services.

Risk • Risk42 management involves identification,

assessment, and prioritization of risks and
establishing controls to minimize the impact of those
risks.
− For example, a key risk management activity is

to identify resources that should not be accessed
by certain users in order to preserve
confidentiality, integrity, and availability.
Compliance • Compliance is the act of adhering to, and

demonstrating adherence to, external laws and
regulations as well as corporate policies and
procedures.
− An example of compliance is to enforce a

security rule relating to identity management.
42 Risk is the effect of uncertainty on business objectives.

Security Threats and Controls
Data is one of the most important assets for any organization. Other
assets include hardware, software, and other infrastructure components
required to access and protect data.
The implementation and effectiveness of any security control is primarily

governed by the GRC processes and policies.
Understanding security domain (Select image to enlarge)
• Organizations (asset owners) want to safeguard assets from threat

agents (attackers).
• Threats are the potential attacks43 that can be carried out on assets to
impact the confidentiality, integrity, and availability of data and
services.
43Examples of attacks include: attempts to gain unauthorized access into

the system, unauthorized data modification, denial of service (DoS) and
ransomware.

• Attackers exploit vulnerabilities or weaknesses of an asset to carry out

attacks.
• Risk happens when the likelihood of a threat agent (an attacker) to
exploit the vulnerability arises.
− Therefore, organizations deploy various security controls44 to

minimize risk by reducing the vulnerabilities.
44Security controls have two key objectives:

To ensure that the assets are easily accessible to authorized users.
To make it difficult for potential attackers to access and compromise the
assets.

Ransomware Protection (Air Gapped Solution)
Data protection and vaulting process (Select image to enlarge)
Ransomware45 is a malware method that:
• Encodes the targeted system or files. To decode the system or files the
hacker demands for some ransom mostly in form of cryptocurrency.
• Spreads through phishing emails that contain malicious attachments or
through drive-by downloading46.
To protect your dynamically huge data from cyber-attacks requires proven

and modern solutions. Here are some components for proven and modern
solution:
45 Data is the currency of the internet economy and a critical asset that
must be protected, kept confidential and made available at a moment’s
notice. Global business relies on the constant flow of data across
interconnected networks, and digital transformation means an increase of
sensitive data. This presents ample opportunity for cyber threats and
exposure to leverage data for ransom, corporate espionage or even cyber
warfare.
46 Occurs when an end-user by mistake visits an infected website and
then malware is downloaded and installed without the user’s information.

Data Isolation and Governance
An isolated data center environment that is disconnected from corporate

and backup networks and restricted from users other than those with
proper clearance.
Automated Data Copy and Air Gap
Create unchangeable data copies in a secure digital vault and processes

that create an operational air gap between the production / backup
environment and the vault.
Intelligent Analytics and Tools
Machine learning and full-content indexing with powerful analytics within

the safety of the vault. Automated integrity checks to determine whether
data has been impacted by malware and tools to support remediation if
needed.
Recovery and Remediation
Workflows and tools to perform recovery after an incident using dynamic

restore processes and your existing data recovery procedures.
Solution Planning and Design
Expert guidance to select critical data sets, applications, and other vital
assets to determine RTOs and RPOs and streamline recovery.

Data Management Functions
Data protection management functions are necessary for the visibility and
control of data source and protection components, and data protection
operations.
Discovery
Configuration ....
Performance ....
Protection Status ....
Availability ....
VM Movement ....
Monitor
Threshold Exceptions ....
Missed SLA ....
Data management functions (Click image to enlarge)
• Discovery involves collecting and storing information about

infrastructure components, data protection operations, and services.
• Gathers information about VM movement, threshold exceptions,
repeated failures, growth of a backup that will exceed the backup
window, missed service level agreements (SLAs), and compliance
breaches.
• Provides the visibility needed to monitor, troubleshoot, optimize, plan,
and report about IT infrastructure components.
• Discovery is typically scheduled by setting an interval for its periodic
occurrence.
− Can be initiated by an administrator or triggered automatically when

a change occurs in an IT infrastructure.

Operations Management
• Operations management involves on-going management activities to

maintain the IT infrastructure, protection operations, and the deployed
services.
• Operations management activities ensure that the data protection
services, and service levels are delivered as committed.
− Activities such as monitoring, capacity planning, troubleshooting,

resource optimization, and reporting.

Orchestration
• Orchestration refers to the automated arrangement, coordination, and

management of various component functions to provide and manage
IT operations and services.
• Orchestration is performed by orchestration software called an
orchestrator.
• Orchestrator provides a library of predefined workflows as well as
enables defining new workflows47.
− A workflow logically integrates and sequences various component
functions to automate data protection operations and services.
• Orchestrator interacts with various components to trigger execution of
the component functions.
47A workflow refers to a series of inter-related component functions to

perform an IT operation and to provide a service.

Provisioning Data Protection Services
Data protection services are provisioned to meet the availability and data
protection requirements of business applications and IT services.
• Data protection services leverage the protection technologies and

solutions provided by protection applications and other infrastructure
components.
− Examples of data protection services are backup as a service,
replication as a service, disaster recovery as a service, and data
migration as a service.
• Provisioning of protection services is commonly orchestrated using an
orchestrator48.
• An administrator may provision data protection services49 using
management tools.
48 Interacts and coordinates the execution of protection functions of

various infrastructure components.
49 Services are usually visible and accessible to the users through a
service catalog that is hosted on a web portal.

Governance and Compliance
• Data governance is an umbrella term that encompasses several

policies and processes which help to ensure the effective management
of data assets within the organization.
• Data governance50 establishes the processes

and responsibilities and defines who can take
what action, upon what data, in what
situations, using what methods?
• Data governance is required because it:
− Implements and enforce policies that helps in protecting data from

any mislead.
− Ensures compliance51 with data privacy laws and other rules and
regulations.
Users can request a service in a self-service way by simply clicking an

appropriate service on the service catalog.
Orchestrator automatically triggers a workflow after protection request is
placed from the service catalog and does not require manual interaction
between administrators and users.
50 Governance determines the purpose, strategy, and operational rules by
which organizations are directed and managed.

For example, governance policies define the access rights to users based
on their roles and privileges.
51 Compliance is the act of adhering to, and demonstrating adherence to,
external laws and regulations as well as corporate policies and

procedures.
An example of compliance is to enforce a security rule relating to identity
management.

Knowledge Check: Data Security and Management
Knowledge Check: Data Security and Management
1. Match the following elements with their descriptions:
A. Discovery A Collecting information about

components, operations, and
services.
B. Governance C Automated arrangement and

coordination of component
functions.
C. Orchestration B Determination of strategy and

rules for managing
organizations.
D. Integrity D Disallowing of unauthorized

changes to data.

Click the right and left arrows to view all the concepts in practice.
Dell PowerEdge Server
Dell PowerEdge Server family includes various types of servers that

include Tower servers52, Rack servers53, and Modular Servers54.
Dell PowerStore
PowerStore’s unified design consolidates block, enterprise file, and vVols

storage formats in a single high-density footprint, providing a convenient,
easy to manage platform for broad innovation. Ideal for both general
purpose and specialized workloads, PowerStore supports applications as
diverse as largescale databases, cloud native apps, edge-based IoT
analytics, and file-based content repositories. The platform fits seamlessly
52 Tower servers generally contain more disk drives bays and expansion
card slots than other server form factors. The advantages of a tower
server lie in its compact shape. Tower servers can be used in work areas
which are not designed to contain servers. Its simplicity and robustness
make the tower server an ideal place for a small company to begin using a
server.
53 A rack server is also called a rack-mounted server. Rack-mount servers
are designed to save space when there are several servers in a confined
area. Rack servers are generally more expensive. They are better suited
to medium-sized businesses or micro-businesses.
54 Modular servers are the latest development in the history of the different
server types. Also defined as a server that is hosted with a dedicated

chassis, including network and storage components.

into existing infrastructures, with multi-protocol physical network support

and options to meet specialized industry requirements.
Dell PowerMax
Dell’s next-gen PowerMax is a mission-critical storage and designed to be

secure, intelligent, and always modern so that businesses can fully unlock
the power of data. The latest PowerMaxOS software builds on decades of
software innovation to provide trusted, intelligent, secure storage for the
most demanding mission critical workloads while simplifying operations.
Based on NVMe Dynamic Fabric technology, the new PowerMax systems
eliminate traditional storage boundaries in every possible dimension—
performance, scalability, capacity, security—to meet the increasing
demands of traditional workloads and next generation cloud-based
applications.
Dell Unity XT
Unity XT Hybrid and All Flash storage systems implement an integrated

architecture for block, file, and VMware vVols with concurrent support for
native NAS, iSCSI, and Fibre Channel protocols based on the powerful
family of Intel processors. Dell Unity delivers a full block and file unified
environment in a single 2U enclosure. Use the same Pool to provision and
host LUNs, Consistency Groups, NAS Servers, File Systems, and Virtual
Volumes alike.
The Unisphere management interface offers a consistent look and feel

whether you are managing block resources, file resources, or both. Dell
Unity Data Reduction provides space savings by using data deduplication
and compression. Data reduction is easy to manage, and once enabled, is
intelligently controlled by the storage system. A diverse variety of
connectivity is supported on the purpose-built Dell Unity platform.
Dell PowerScale
Dell PowerScale enterprise class storage platform includes all-flash,

hybrid and archive nodes as well as multi-cloud solutions. The software
defined architecture of PowerScale OneFS, the operating system that
powers secure NAS storage array, enables simplicity at scale, intelligent

insights, and the ability to place the data anywhere it needs to be – at the
edge, in the core or in the cloud.
PowerScale can be deployed and consumed anywhere your data is – in

your on-premises data center as an appliance, in multi-cloud and native
cloud solutions or in APEX delivered as-a-service. Whether you are
hosting file shares, home directories or delivering high performance data
access for applications like analytics, AI/ML, video rendering or life
sciences, PowerScale can seamlessly scale performance, capacity, and
efficiency to handle any unstructured data workload to drive both,
traditional and modern applications.
Dell ECS
ECS has been purpose-built to store unstructured data at public cloud

scale with the reliability and control of a private cloud. Capable of scaling
to exabytes and beyond, ECS empowers organizations to manage a
globally distributed storage infrastructure under a single global namespace
with anywhere access to content.
ECS features rich S3 compatibility and multiprotocol interoperability,

making it the ideal modern data lake. When combined with the extreme
performance of the all-flash EXF900 appliance, your organization can fuel
the next wave of data-hungry AI, machine learning, analytics, and cloud-
native applications.

Exercise - Data Protection Architecture

• IT infrastructure of an organization includes 20 physical computing

systems.
• Compute systems consist of both Microsoft Windows and UNIX

platforms.
• Compute systems host financial, email, and backup applications,

and the organization’s website.
• Each compute system runs a single application to avoid resource

conflict.
• Utilization of these compute systems is mostly around 20%.
• Compute systems are connected to six file servers with direct-

attached storage.
− Three file servers for Windows users and the remaining three file
servers for UNIX users.
• Email application uses a SAN-attached (block-based) storage
system as primary storage.
• Email application uses an aging OSD to archive old emails.
• A SAN-attached tape library is used to store all backup data.
• Backup application is purpose-built for backup-to-tape operations.
2. Organization’s Challenges:
• Tape library is aging and is a performance bottleneck during

backup operations.
• Multiple management tools are used to manage different types of

storage systems.

− Creates complexity and delays storage provisioning decisions and

troubleshooting.
• Management tools cannot provide real-time, end-to-end visibility
and reporting on the IT infrastructure, and backup and archiving
operations.
• SAN-attached storage system has only 10% of its storage capacity

available.
• UNIX users and Microsoft Windows users are unable to share files.
• Some of the file servers are overly utilized and therefore new file
servers must be deployed.
3. Organization’s Requirements:
• Need to deploy new applications on social networking,

eCommerce, and big data analytics.
• Need to purchase 30 new compute systems to deploy the new

applications.
Propose a solution that will:
• Optimize utilization of compute resources.
• Eliminate the performance bottleneck caused by the tape library

without changing the existing backup application.
• Reduce management complexity.
• Provide real-time, end-to-end visibility of the infrastructure and

operations.
• Allow UNIX and Windows users to share files.
• Reduce proliferation of file servers and improve file serving

performance.

Solution
The proposed solution is as follows:
• Install a hypervisor on each physical compute system to run multiple

VMs/applications and improve its utilization.
− Organization can use fewer physical compute systems to run both
the existing and the new applications.
− Organization can reduce the acquisition and operational cost of
new compute systems.
• To overcome the performance bottleneck of tape library, following can
be considered:
− Implement disk-based backup solution, this will improve the backup
performance.
− Aging tape library can be replaced with a virtual tape library.
• Deploy a unified storage system that will consolidate block-level, file-
level, and object-level access.
− Migrate data from the tape library and the OSD to the unified
storage system before decommissioning.
− A single management tool can be used for unified management of
storage systems.
• The management tool should support the discovery of the IT
infrastructure periodically and when a change occurs in the
infrastructure.
− A unified management tool with an ability to discover the entire
infrastructure will provide end-to-end visibility.
• Use the NAS-functionality of the unified storage for file sharing among
the compute systems.
− Organization can consolidate multiple file servers to a NAS system

and thereby avoid proliferation of file servers.
− NAS is optimized for file serving and thus provides better
performance than a file server.
− NAS allows UNIX and Microsoft Windows users to share files.

Fault Tolerance Techniques

Fault Tolerance Techniques

Fault Tolerance Overview
Objectives
• Define and explain the need for fault tolerance.

• Review fault tolerance implementations.
• Understand key requirements for fault tolerance.

Impact of Fault
Service interruption Causes deviation Results in

due to failure from expected degraded
behavior output/failure
Impact of fault (Select image to enlarge)
IT services may experience interruptions due to the presence of faults in

the underlying software and hardware systems.
• A fault in a system component causes a deviation from its expected

behavior.
− Results in degraded output or complete failure of system.

− Faults can be due to software bug, signal distortion, storage media
error, server crash, network error, application time out, operator
error, and physical damage to the hardware.

Need for Fault Tolerance
• Service interruptions can be reduced by improving the reliability and

availability of IT systems.
• Reliability55 and Availability56 can be improved through fault tolerance.
• Fault tolerance must be achieved in:
− Compute
− Network
− Storage
− Application
To learn about the need for fault tolerance, select here.
55 Improved by using systems that can consistently perform their

operations as expected without performance degradation or failure.
56 Improved by ensuring that the IT systems and services can perform
their required functions during their operating time. Dependent on the

reliability of systems on which the services are created.

What is Fault Tolerance?
Transient
Unavailability
Intermittent
Fault Tolerance Unavailability
Permanent
Unavailability
Fault tolerance (Select image to enlarge)
The ability of a system to continue functioning in the event of a fault within

or failure of some of its components.
The common reasons for a fault or a failure are:
• Hardware failure
• Software bugs
• Administrator/user errors
Fault tolerance protects a system or a service against three types of

unavailability:
• Transient unavailability57
57Occurs once for a short time and then disappears.

Example: An online transaction times out but works fine when a user
retries the operation.

• Intermittent unavailability58
• Permanent unavailability59
To learn more about fault tolerance, select here.
Key Requirements for Fault Tolerance
• Elimination of single point of failure (SPOF)

• Fault isolation
• Fault recovery
58 Recurring unavailability that is characterized by an outage, then

availability again, then another outage, and so on.
59 Exists until the faulty component is repaired or replaced. Examples of
permanent unavailability are network link outage, application bugs, and

manufacturing defects.

Elimination of SPOF
Clustered Compute
Systems
Eliminating SPOF (Select image to enlarge)
• The example shown in the image represents an infrastructure

designed to mitigate the single points of failure at component level.
− The single points of failure at the compute level can be avoided by
implementing redundant compute systems in a clustered
configuration.
• Single points of failure at the network level can be avoided via path
redundancy60 and various fault tolerance protocols.
• Single points of failure at the storage level can be eliminated by
configuring redundant ports and controllers on each storage system
and also by deploying redundant storage systems61.
60 Multiple independent paths can be configured between nodes so that if

a component along the active path fails, traffic is rerouted along another
path.
61 These storage systems may be located in separate regions or sites to
reduce the risk of data loss in the event of a disaster.

Fault Isolation
Pending I/Os are

redirected to live
path
Fault isolation (Select image to enlarge)
• Limits the scope of a fault into local area so that the other areas of a
system is not impacted by the fault.
• Does not prevent failure of a component but ensures that the failure
does not impact the overall system.
• Requires a fault detection mechanism that identifies the location of a
fault and a contained system design (like sandbox) that prevents a
faulty system component from impacting other components.
To learn more about fault isolation, select here.

Fault Recovery
Restores a system to the desired operating level after a fault has occurred
in the system.
Restores a
system to the Functional
Complete Degraded
Recovery Using
desired Functional
Alternative
Functional
operating level Recovery Recovery
Logic/Process
after a fault
Types of fault recovery
There are three types of fault recovery:
Complete
functional recovery
• System should be designed so that when a component fails, a

redundant component can take over its functions automatically (in
some cases, manually).
• If maintaining redundant resources is cost prohibitive, then the second
category of fault recovery may be considered.
Functional
recovery using an alternative logic or process
• Uses an alternate module, process, or path to recover a system in the

event of a fault.
• The alternate module, process, or path may not achieve the full
capabilities of the original functions because of cost-effective system
design, limiting resource, and design constraints.

Degraded
functional recovery
• System should be designed to operate at some compromised level of

performance after a fault occurs.
• Some of the functions of the system may be inaccessible until repairs
are made. But, the system remains available to continue business
operations.
Fault Recovery (Cont'd.)
There are two approaches to fault recovery:
Forward
recovery
• Involves correcting the fault in a system to continue system operations

from the faulty state. It is useful only when the cause and the impact of
a fault is understood.
− Example, consider a group of two mirrored disk drives that store

same data. Each write I/O is written to both the disk drives. If one of
the drives in the mirrored pair fails and is replaced by a new drive,
the surviving drive in the mirrored pair will be used for data
recovery and continuous operation. Therefore, I/O operations can
be continued from the fault condition.
Backward
recovery
• Involves rolling back or restoring a system to a previous recovery point.

Instead of finding the cause of a fault, it aborts changes that have
produced a fault and resorts to reversing previous operation or state of
a process.
− For example, the memory state, settings state, and power state (on,
off, or suspended) of a virtual machine (VM) is saved at a specific

recovery point so that the VM can be restored to its previous state if

anything goes wrong.

Knowledge Check: Fault Tolerance Overview
Knowledge Check: Fault Tolerance Overview
1. Which of the following are types of fault recovery? Choose all that
apply.
a. Complete functional recovery
b. Functional recovery using an alternative logic
c. Degraded functional recovery
d. Backwards recovery

Compute and Network
Compute and Network
Compute and Network
Objectives
• Review compute-based fault tolerance techniques.

• Understand network-based fault tolerance techniques.
Introduction to Compute and Network Fault Tolerance

Techniques
• Common compute and network-based fault tolerance techniques are:
− Compute clustering
− Virtual machine (VM) live shadow copy
− Link aggregation
− NIC teaming
− Switch aggregation
− Multipathing
− Configuring hot-swappable components

Compute and Network
Compute Clustering
Compute clustering (Select image to enlarge)
• Two or more compute systems/hypervisors are clustered to provide

high availability and load balancing.
• Service running on a failed compute system moves to another
compute system.
• Heartbeat mechanism determines the health of compute systems in a
cluster.
To learn more about Compute Clustering, select here.

Compute and Network
Virtual Machine (VM) Live Shadow Copy
Hypervisor
duster
1: Enables failover to secondary VM immediately, if primary VM fails.
2: VM live shadow copy works on a hypervisor cluster.
3: Creates a live copy of a primary VM on another compute system.
Secondary VM executes events that occur on primary VM.
4: New secondary VM ensures redundancy after failover.
• Provides continuous availability of services running on VMs even if the

host physical compute system or hypervisor fails.
• When enabled for a VM, creates a live copy (i.e., a secondary VM) of a
primary VM on another compute system.
− If the primary VM fails due to hardware failure, the technique

enables failover to the secondary VM immediately. After the failover
occurs, a new secondary VM is created, and redundancy is
reestablished.
To learn more about VM Live Shadow Copy, select here.

Compute and Network
Link Aggregation
1: Combines two or more parallel interswitch links (ISLs) into a single

logical ISL, called a link aggregation group.
Optimizes network performance by distributing network traffic across the

shared bandwidth of all the ISLs in a link aggregation group.
Enables network traffic failover in the event of a link failure. If a link in a

link aggregation group is lost, all network traffic on that link is redistributed
across the remaining links.
• Combines multiple ISLs into a single logical ISL (link aggregation

group).
− Distributes network traffic over ISLs, ensuring even ISL utilization.

− Enables network traffic failover in the event of a link failure.
For more information, select on the highlighted box on the image.
To learn more about Link Aggregation, select here.

Compute and Network
NIC Teaming
1: Provides automatic failover in the event of an NIC/link failure.
• Groups NICs so that they appear as a logical NIC.

• Provides network traffic failover in the event of a NIC/link failure.
• Distributes network traffic across NICs.

Compute and Network
Switch Aggregation
Compute Systems
OS OS
Hypervisor
Ethernet Switch
Aggregated Links
1 I I I I 11 I I I I I l~3
Ethernet Detector ,11111! 1 1 1 1 1 1 !
* Switch Aggregation
Aggregated Links
Ethernet Switch
Switch aggregation (Select image to enlarge)
• Combines two physical switches to make them appear as a single

logical switch.
• Distributes network traffic across all links from aggregated switches.
• Continues network traffic flow through another switch if one switch
fails.
• Provides higher throughput than a single switch could provide.
− Improves node performance.

Compute and Network
Multipathing
Compute System
1: Enables a compute system to use multiple paths for transferring data to

a storage device on a storage system. Multipathing enables automated
path failover. This eliminates the possibility of disrupting an application or
a service due to failure of a component on the path such as network
adapter, cable, port, and storage controller (SC).
• Enables a compute system to use multiple paths for transferring data

to a storage device.
• Enables failover by redirecting I/O from failed path to the available
path.
• Performs load balancing by distributing I/Os across paths.
To learn more about Multipathing, select here.

Compute and Network
Configuring Hot-swappable Components
Hot Swappable
Controller Blade
• Components can be replaced while a system is powered-on and

remains in operation.
• Hot-swapping does not require shutting down and then restarting a
system.
• A system should have redundant components for hot-swapping.
• System operation will continue while the faulty component is removed
and replaced.
To see an example of Hot-swapping, select here.

Knowledge Check: Compute and Network
Knowledge Check: Compute and Network
1. Which of the following statements are correct? Select all correct

options.
a. Clustering enables service failover from a failed server to an
active server.
b. VM live shadow copy balances client’s traffic across primary and
secondary VMs.
c. Switch aggregation creates a group of active and passive
switches.
d. Link aggregation combines multiple logical ISLs to create a single
physical ISL .
e. Hot-swappable components can be replaced while a system
remains available.

Storage
Storage
Storage
Objectives
• Understand Redundant Array of Independent Disks (RAID).

• Understand Redundant Array of Independent Nodes (RAIN).
• Explain Erasure Coding.
• Explore Hot Sparing.
• Describe Cache protection: Mirroring and Vaulting.
Why Storage Fault-tolerant Techniques?
Storage fault tolerance techniques
• Data centers usually comprise of storage systems with many storage

media. The greater the number of drives in use, the greater the
probability of a drive failure.

Storage
• Some of the storage systems are comprised of multiple nodes where

each node is a compute system that has processing power and
storage.
• Failure of cache memory can result in data unavailability. So,
protecting the data in the cache is also important.
Redundant Array of Independent Disks (RAID)
Storage Pool
HDD/SDD
Storage System
1: Key Functions:
• Managing drive aggregations.

• Translation of I/O requests between logical and physical drives.
• Data regeneration in the event of drive failures.
2: A logical unit that consists of multiple drives where the data is written in
blocks across the drives in the pool.
• RAID is a technique that combines multiple disk drives into a logical

unit and provides protection, performance, or both.
− Provides data protection against drive failures.

− Improves storage system performance by serving I/Os from
multiple drives simultaneously.
To learn more about RAID, select here.

Storage
Redundant Array of Independent Nodes (RAIN)
External Switch External Switch
RAIN (Select image to enlarge)
• Nodes are clustered in a network with redundant storage.

• Provides increased fault tolerance by allowing automated data
recovery even if multiple nodes fail.
• New nodes can be added to the cluster dynamically to meet
performance and capacity requirements.

Storage
Erasure Coding Technique
Encoded Fragments
k=3 m=9
Erasure coding illustration (Select image to enlarge)
• Provides space-optimal data redundancy to protect data loss against

multiple drive/node failures.
− A set of 'n' disks is divided into 'm' disks to hold data and 'k' disks to
hold coding information.
− Coding information is calculated from data.
To understand the illustration, select here.

Storage
Hot Spare (Dynamic Drive Sparing)
Hot spare (Select image to enlarge)
• Hot spare62 refers to a spare disk drive that replaces a failed drive by
taking the identity of the failed drive.
• When a new disk drive is added to the system, data from the hot spare
is copied to it. The hot spare63 returns to its idle state, ready to replace
the next failed drive.
62 With the hot spare, one of the following methods of data recovery is
performed depending on the RAID implementation:
If parity RAID is used, the data is rebuilt onto the hot spare from the parity
and the data on the surviving disk drives in the RAID set.
If mirroring is used, the data from the surviving mirror is used to copy the
data onto the hot spare.
63 A hot spare should be large enough to accommodate data from a failed
drive. Some systems implement multiple hot spares to improve data

availability.

Storage
Cache Protection - Mirroring
Disk
Drives
Storage
systems
1: Each write is mirrored and stored in two independent cache memory

cards
2: Even if one cache fails, the data is still available in the mirrored cache
• Each write to cache64 is held in two different memory locations on two

independent memory cards.
− If a cache failure occurs, the write data will still be safe in the
mirrored location and can be committed to the storage drive.
64 Cache is a volatile memory. So, a power failure or any kind of cache

failure will cause loss of data that is not yet committed to the storage drive.
The risk of losing uncommitted data held in cache can be mitigated using
cache mirroring and cache vaulting.

Storage
Cache Protection - Vaulting
Data
Disk Drives
1: Cache content is copied to vault drive during power failure.
After power is restored, the data from the drive is written back to cache.
• Storage vendors use a set of physical disks to dump the contents of

cache during power failure65. This is called cache vaulting and the
disks are called vault drives.
• When power is restored, data from these disks is written back to write
cache and then written to the intended disks.
65The risk of data loss due to power failure can be addressed in various
ways; powering the memory with a battery until the AC power is restored
or using battery power to write the cache content to the storage drives. If
an extended power failure occurs, using batteries is not a viable option.

Knowledge Check: Storage
Knowledge Check: Storage
1. A storage system is configured with an erasure coding technique. If

the data is divided into seven data segments and four coding
segments, and each segment written in different drives, how many
drive failures can be withstood without losing the data in this
configuration?
a. 3
b. 4
c. 7
d. 11

Application and Availability Zone
Objectives
• Explain graceful degradation of application functionality.

• Explore fault detect and retry logic in an application code.
• Understand persistent state mode.
• Understand database (DB) rollback.
• Review checkpointing.
• Multiple availability zones.

Introduction to Fault-tolerant Application
• A well-designed application has to be designed to deal with IT

resource failures to guarantee the required availability.
• Fault-tolerant applications have logic to detect and handle fault
conditions to avoid application downtime.

Graceful Degradation
1: In case of failure, when a module is down and when client is accessing

the application, the application is still available to the client with degraded
functionality and performance.
• Application maintains limited functionality even when some of the

modules or supporting services are not available.
• Unavailability of certain application component or modules should not
take the entire application down.
To learn more about graceful degradation, select here.

Fault Detection and Retry Logic
1: When failure happens, the retry logic sends a second request and the
service becomes available then.
• Refer to a mechanism that implements a logic in the code of an

application to improve the availability.
• Detect and retry the service that is temporarily down which may result
in a successful restore of the service.
Select on the highlighted box for more information.
To understand the Fault Detection and Retry logic, select here.
Persistent State Model

Clients
Repository
1: State information can be accessed by the new server from the

repository

• State information is stored out of the memory and stored in a data

repository.
• If an instance fails, the state information will still be available in the
repository.
To learn about Persistent State Model in detail, select here.
Database Rollback
1: Restores a DB to a previous state by cancelling transactions D and E
• Rollback restores a DB to a previous state by cancelling transaction(s).

• DB can be restored to a consistent previous state even after erroneous
operations are performed.
− Important for database integrity.

Select on the highlighted box for more information.
To learn about Database Rollback, select here.

Checkpointing
• Saves a copy of the state (checkpoint) of a process/ application

periodically.
• Enables rolling back to a previous state and continuing tasks.
• Provides protection against transient unavailability. Upon rollback to a
previous checkpoint, the applications and processes continue
operation in the same manner as they did before a failure. However, if
the fault is caused by a software bug or an administrative error, then
the application will continue to fail and rollback endlessly.
Configuring Multiple Availability Zones
Service Failover
1: In the event of a zone outage, services can fail over to another zone.
Availability zones, although isolated from each other, are connected

through low-latency network links.
• Availability zone is a location with its own set of resources and isolated
from other zones.

• Availability zones, although isolated from each other, are connected

through low-latency network links.
• In the event of a zone outage, services can fail over to another zone.

Knowledge Check: Application and Availability Zone
Knowledge Check: Application and Availability Zone
1. Which of the following refers to the ability of an application to maintain

limited functionality even when some of the components, modules, or
supporting services are not available?
a. Retry logic
b. Persistent state model
c. Graceful degradation
d. Availability zone

Click the right and left arrows for more information.
Dell PowerPath
Dell PowerPath is host-based software that provides automated data path

management and load-balancing capabilities for heterogeneous server,
network, and storage deployed in physical and virtual environments. It
enables you to meet your aggressive service levels with the highest
application availability and performance, and with all the advantages of the
industry's leading information storage systems.
The PowerPath family includes PowerPath Multipathing for physical

environments for Linux and Windows and PowerPath/VE Multipathing for
VMware vSphere and Microsoft Hyper-V virtual environments.

Exercise
Exercise
Exercise: Fault Tolerance Techniques

An organization has two availability zones.
Each zone has:
• A cluster of 10 physical compute systems running 50 VMs.
• Two block-based storage systems.
• Four Ethernet switches.
− Three active and one on standby.

• Applications running on VMs are used to provide eCommerce
services.
2. Organization Challenges:
• Some over-utilized ISLs cause degradation of service performance.
• Service performance is impacted during peak workload hours due

to limited bandwidth of switch 2.
• Failure of a VM, physical compute system, or HBA causes a brief

service interruption and data loss for in-progress transactions.
• Recently a payment gateway fault caused a service outage.
− Customers were unable to view product catalog, shopping cart, and

order status.
• Recently a power supply failure caused an entire zone outage and
loss of in-progress transactional data.
3. Organization requirements:
• High availability and performance must be ensured to meet service

level commitments.

Exercise
• Even a brief service interruption or loss of transactional data is

unacceptable.
Propose the fault tolerance techniques to address the organization’s

challenges and requirements.
Solution
• Aggregate ISLs between two Ethernet switches to distribute traffic.

• Aggregate switch 2 and switch 3 to allow both switches to be active.
• Use VM live shadow copy to provide continuous availability of services.
• Implement multipathing to prevent service disruption due to an HBA
failure.
• Ensure that application/service design supports graceful degradation.
• Configure redundant power supplies in each zone to avoid data loss.

Data Backup

Exercise
Data Backup

Introduction to Backup
Objectives

→ Describe backup architecture.
→ Understand various backup and recovery operations.
→ Describe backup granularity.
→ Describe backup multiplexing.
→ Understand backup cloning and staging.

Why Do We Need Data Backup?
Organizations implement backup to protect the data from accidentally

deleting files, application crashes, data corruption, and disaster. Data
should be protected at local location as well as to a remote location for
ensuring the availability of service.
An organization needs data backup to:
• Recover the lost or corrupted data for smooth functioning of business

operations.
• Meet the demanding SLAs.
• Comply with regulatory requirements.
• Avoid financial and business loss.
For more details about need for data backup, select here

Backup Architecture
In a backup environment, the common backup components are backup

client, backup server, storage node, and backup target.
Tracking Backup Server

Information
Tracking
Information
Backup Data
Backup Device
Backup Clients
Backup Architecture (Select image to enlarge)
Component Role
Backup Client • Gathers data to be backed up.

• Sends data to the backup storage node.
• Sends metadata to the backup server.
• Retrieves data during a recovery.
Backup • Manages the backup operations and maintains the

Server backup catalog.
• Contains information about the backup
configuration66 and backup metadata67.
66 The backup configuration contains information about when to run

backups, which client data to be backed up, and more.
67 The backup metadata contains information about the backed up data.

Storage Node • Responsible for organizing the client’s data and

writing the data to a backup device.
• Controls one or more backup devices68.
• Sends the tracking information about the data
written to the backup device to the backup server.
• Reads data from the backup device during
recoveries .
• A wide range of backup targets are currently available such as tape,

disk, and virtual tape library.
− Organizations can also back up their data to the cloud storage69.
68 Backup devices may be attached directly or through a network to the

storage node.
69 Many service providers offer backup as a service that enables an
organization to reduce its backup management overhead.

Backup Operations
Backup Clients
X VM I VM n VM r VM K
Backup clients send data to the

Backup server instructs backup clients storage node and update the
to send data to be backed up to the backup catalog on the
storage node backup server.
Storage node sends data to the backup device. Illi

Storage Node
Hill
Hill
4 0 Hill
Backup server instructs storage Storage node sends metadata and media
node to load backup media in the information to the backup server.
backup device.
Backup Device
Backup operations (Select image to enlarge)
Following are the steps for performing backup operations:
• Backup server initiates scheduled backup process.

• Backup server retrieves backup-related information from the backup
catalog.
• Backup server instructs storage node to load backup media in the
backup device.
• Backup server instructs backup clients to send data to be backed up to
the storage node.
• Backup clients send data to the storage node and update the backup
catalog on the backup server.
• Storage node sends data to the backup device.
• Storage node sends metadata and media information to the backup
server.
• Backup server updates the backup catalog.
To learn more about backup operations, select here.

Backup Operations (Cont'd.)
Some backup operations along with their description are:
Backup Description
Operation
Backup • Client-initiated backup

Initiation Manual process performed on a backup client
Method from either a GUI or the command line.
• Server initiated backup
Initiated from server, usually configured to start

automatically, but may also be started manually.
Backup Mode • Cold backup (Offline)

Requires the application to be shut down during
the backup process.
• Hot backup (Online)
Application is up-and-running with users

accessing their data during the backup process.
Backup-Type • File-level
One or more files are backed up on a client
system.
• Block-level
Backup data at block-level instead of file-level.
• Image-level
Backup is saved as a single file, called an image.
For more details about backup operations, select here.

Recovery Operations
Backup Clients
7 VM 1 VM
Hill
Backup client requests

backup server for
data restore.
Data Is then read and sent to the backup client.
Storage Node
Hill
Hill
Hill
Backup server instructs Storage node sends restore

storage node to load backup metadata to backup server
Backup Device media in backup device.
Backup Server
Backup server scans backup catalog to identify data to be restored and the
client that will receive data.
Backup server updates the backup catalog
Recovery operations (Select image to enlarge)
After the data is backed up, it can be restored70 when required. A recovery
operation restores data to its original state at a specific PIT. Typically,
backup applications support restoring one or more individual files,
directories, or VMs.
Following are the steps for performing recovery operations:
• Backup client requests backup server for data restore.

• Backup server scans backup catalog to identify data to be restored and
the client that will receive data.
• Backup server instructs storage node to load backup media in backup
device.
• Data is then read and sent to the backup client.
70A restore process can be manually initiated from the client. It can also
be initiated from the server interface.

• Storage node sends restore metadata to backup server.

• Backup server updates the backup catalog.
To understand the recovery operations in detail, select here.
Types of Recovery
The various types of recoveries are data recovery, disaster recovery, bare
metal recovery and cloud disaster recovery.
Types of Description
Recovery
Operational Restores small numbers of files after they have been

Recovery accidentally deleted or corrupted.
or restore
Disaster Restores IT infrastructure to an operational state following

Recovery a disaster.
Full VM Restores the entire backed up VMs to the same host or to

Recovery a different virtual host (ESXi host).
Cloud Data and applications (VM) can be replicated to the cloud

Disaster environment from on-premise data center. During disaster,
Recovery the data and application (VM) can be recovered from the
cloud or the services can be restored from the cloud
environment.
For detailed information about different recovery types, select here.

Achieving Consistency in Backup
Consistency71 is critical to ensure that a backup can restore a file,

directory, file system, or database to a specific point-in-time.
Offline Online
File System Un-mount file • Flushing compute system buffers

system • Using open file agent
Database Shutdown Database backup agents

or database
Application
To understand more on how consistency in backup can be achieved,

select here.
Backup Granularities
Backup granularity depends on business needs and the required

RTO/RPO. Based on the granularity, backups can be categorized as full,
incremental, cumulative (or differential), incremental forever, and synthetic
full backup.
Most organizations use a combination of these backup types to meet their

backup and recovery requirements. Let us understand each of them in
detail:
71Consistency is a primary requirement to ensure the usability of backup

copy after restore.

Full Backup
• Copies full data on production volume to a backup storage device.

• Provides a faster data recovery.
• Requires more storage space.
• Takes more time to back up.
Full Backup-Restore
In the graphics shown below, a full backup is created on every Sunday.

When there is a data loss in the production on Monday, the recent full
backup that is created on the previous Sunday is used to restore the data
in the production.
• RPO determines which backup copy is used to restore the production.

Incremental Backup
Incremental backup copies the data that has changed since the last
backup.
• The main advantage of incremental backups is that less files are

backed up daily, allowing for shorter backup windows.
• The primary disadvantage to incremental backups is that they can be
time-consuming72 to restore.
• Select here73 to view the example of incremental backup.
72 Suppose if there is a data loss on Wednesday morning before doing

incremental backup for that day and requires a recovery from the backup
copies, the administrator has to first restore Sunday's full backup. After
that, the administrator has to restore Monday's copy, followed by
Tuesday's copy.
73 For example, as shown in the motion graphic, a full backup is created
on Sunday, and incremental backups are created for the rest of the week.
Monday's backup would contain only the data that has changed since
Sunday. Tuesday's backup would contain only the data that has changed
since Monday.

• Wednesday
Cumulative Backup
Cumulative (differential) backup copies the data that has changed since
the last full backup.
• The advantage of differential backups over incremental backup is

shorter restore74 times.
• The tradeoff is that as time progresses, a differential backup can grow
to contain much more data75 than an incremental backup.
• Select here76 to view the example of cumulative backup.
74 Restoring a differential backup never requires more than two copies.

75 Suppose if there is a data loss on Wednesday morning before doing
cumulative backup for that day and requires a recovery from backup
copies, the administrator has to first restore Sunday's full backup and
restore the Tuesday’s backup copy.
76 For example, the administrator created a full backup on Sunday and
differential backups for the rest of the week. Monday’s backup would
contain all of the data that has changed since Sunday. It would therefore
be identical to an incremental backup at this point. On Tuesday, however,
the differential backup would backup any data that had changed since
Sunday (full backup).

Wednesday
Incremental Forever Backup
Rather than scheduling periodic full backups, this backup solution requires
only one initial full backup.
• Initial full backup followed by ongoing sequence of incremental

backups.
• Incremental backups are automatically combined with the initial full
backup in such a way that you never need to perform a full backup
again.
− Enables to use a single set of backups to restore.
• Reduces77 the amount of data that goes across the network and
reduces the length of the backup window.
77Also reduces the data growth because all incremental backups contain
only the blocks that have changed since the previous backup.

IKflllWllI
Updates to the
Incremental backup
production data
is combined with
the full backup
Synthetic Full Backup
Another way to implement full backup is by performing synthetic backup.

This method is used when the production volume resources cannot be
exclusively reserved for a backup process for extended periods to perform
a full backup.
• Created from an existing full backup and is merged with the data from
any existing incremental backups.
• This backup is not created directly from production data.
For more information about synthetic full backup, select here.

Backup Multiplexing
Multiplexing
lipe
(Backup Ohkc>
One of the ways that backup software achieves backup efficiency with
tapes is by interleaving or multiplexing multiple backups onto a backup
device. Multiplexing allows:
• Backups of multiple client machines to send data to a single tape drive

simultaneously.
• May decrease backup time for large numbers of clients over slow
networks, but it does so at the cost of recovery time.
For more information about multiplexing, select here.

Backup Cloning and Staging
Some of the backup software provides the ability to further manage and
protect the backup data using cloning78 and staging79.
Task Description
Cloning • It is the process of creating copies of backup data to

enhance data protection.
• These copies are then sent to the off-site vault while
one copy of the backup is kept at the production site.
Staging • It is a process of transferring data from one storage

device to another, and then removing the data from its
original location.
• It reduces the time it takes to complete a backup by
directing the initial backup to a high- performance
device (disk-based backup device).
• The data can then be staged to a storage medium
(tape-based backup device), freeing up the disk space.
78 Cloning improves data protection through redundancy, since each

backup has a clone at a geographically-dispersed location. Some backup
software supports the capability of performing copy operation at the same
time as backups.
79 Staging also allows data to be moved off the device outside the backup
period, ensuring that sufficient disk space is available for the next backup
session.

Knowledge Check: Introduction to Backup
Knowledge Check: Introduction to Backup
1. From the list of steps provided - drag and drop each into the correct
sequence to perform a backup operation.
1 Backup server initiates scheduled backup process.

3 Backup server instructs storage node to load backup media in
backup device and instructs backup clients to send data to be
backed up to the storage node.
4 Backup clients send data to storage node and update the
backup catalog on the backup server.
6 Backup server updates the backup catalog.
2 Backup server retrieves backup-related information from the
backup catalog.
5 Storage node sends data to the backup device and sends
metadata and media information to the backup server.
2. Does an incremental forever backup require periodic full backup?

a. Yes
b. No

Backup Topologies
Backup Topologies
Backup Topologies
Objectives

→ Explain direct-attached backup.
→ Understand LAN-based backup.
→ Understand SAN-based and NAS-based backup.
→ Describe cloud-based backup.
Direct-Attached Backup
Backup Server
Backup Client/Storage
Node
Direct-attached backup (Select image to enlarge)
In a direct-attached backup, a backup device is attached directly to the

client. Only the metadata is sent to the backup server through the LAN.
In the image shown, the client acts as a storage node that writes data on
the backup device.
• The key advantage of direct-attached backups is speed.

− The backup device can operate at the speed of the channels.
− Frees the LAN from backup traffic.
• Disadvantages of direct-attached backup are:

Backup Topologies
− Backup device is not shared, which may lead to silos of backup

device in the environment.
− In a large data center environment, backup devices may be
underutilized.
To understand more about direct-attached backup, select here.
LAN-based Backup
Storage Node
Data
Metadata
Backup Server
LAN-based backup (Select image to enlarge)
In a LAN-based backup, the data to be backed up is transferred from the

backup client (source) to the backup device (destination) over the LAN,
which may affect network performance.
• Advantage:
− Centralized backups reduce management complexity.
• Disadvantage:
− Impacts the network performance.

− Impacts the application’s performance.
To know more about LAN-based backup, select here.

Backup Topologies
SAN-based Backup
Application Server/Backup Client
Backup Server Backup Device
SAN-based backup (Select image to enlarge)
The SAN-based backup80 (as shown in the image) is also known as the
LAN-free backup. The high-speed and extended distance capabilities of
Fiber Channel are used for the backup data movement path.
• Advantage:
− Production LAN environment is not impacted.
− Backup device can be shared among the clients.
− Offers improved backup and restore performance due to FC SAN.
• Disadvantage:
− Impacts the application’s performance.
• In the shown image, clients read the data from the application servers
in the SAN and write to the SAN-attached backup device.
− The backup data traffic is restricted to the SAN and the backup
metadata is transported over the LAN.
− However, the volume of metadata is insignificant when compared to
production data.
80The SAN-based backup topology is the most appropriate solution when

a backup device needs to be shared among the clients. In this case the
backup device and clients are attached to the SAN.

Backup Topologies
NAS-based Backup
Storage System
Backup Device
NAS-based backup (Select image to enlarge)
Network-attached storage (NAS) enables its clients to share files over an

IP network.
• It communicates by using the Network File System (NFS) for Unix

environments, Common Internet File System (CIFS) for Microsoft
Windows environments.
• The image shown, illustrates a server-based backup topology in a NAS
environment.
− In this approach, the NAS head retrieves data from storage over
the network and transfers it to the backup client running on the
application server.
− The backup client sends this data to a storage node, which in turn
writes the data to the backup device.

Backup Topologies
Cloud-based Backup
Cloud-based backup (Select image to enlarge)
Also known as backup-as-a-service (BUaaS) that provides clients with a

online solution for storage, backup, and recovery of files.
• Monitor the health of the data protection environment and comply with
government and industry regulations.
• Manages the data backup with robust on-site, off-site and hybrid
cloud–based security.
• Advantages:
− Scaled up and down the data quickly.

− Easily handles security and control issues.
− Quickly restore the backed-up data.
− Provide quick access to most needed data and apps to the clients
in case of disaster.

Knowledge Check: Backup Topologies
Knowledge Check: Backup Topologies
Carefully inspect the given image.
Application Server/
Backup Client
Backup Backup
Server Device
1. Which backup topology is represented in the above image?

a. Direct-attached
b. LAN-based
c. SAN-based
d. NAS-based

Backup Methods
Backup Methods
Backup Methods
Objectives

→ Describe agent-based backup.
→ Describe image-based backup.
→ Explain recovery-in-place (instant recovery).
→ Describe NDMP-based backup.
→ Understand the concept of a direct backup from primary storage.
Agent-Based Backup Approach
Agent-based backup approach (Select image to enlarge)
In this approach, an agent or client is installed on a virtual machine (VM)

or on a physical compute system. The agent streams the backup data to
the backup device as shown in the image.
• Advantage:

Backup Methods
− Backup configurations and recovery options follow traditional

methods that administrators are already familiar with, so there are
no added configuration requirements.
− Supports a single file backup and restore.
• Disadvantage:
− Impacts performance of applications running on compute systems.

− Does not provide the ability to backup and restore the VM.
For detailed information about agent-based backup approach, select here.
Image-Based Backup
Create Snapshot
VM Management Server
Application Servers
Image-based backup (Select image to enlarge)
Image-level backup81 (as shown in the image) makes a copy of the virtual
machine disk and configuration associated with a particular VM. The
backup is saved as a single entity called VM image.
81This type of backup is suitable for restoring an entire VM in the event of

a hardware failure or human error such as the accidental deletion of the
VM.

Backup Methods
In an image-level backup, the backup software can:
• Sends request to the VM management server to create a snapshot of

the VMs to be backed up and mount it on the proxy server.
• Create snapshot and mount it on the proxy server.
• Backup is performed using the snapshot by the proxy server.
For more information about image-based backup, select here.
Image-Based Backup – Changed Block Tracking
101010101010101010 101010101010101010
101010101010101010 101010101010101010
Application Server 101010101010101010 101010101010101010
101010101010101010 101010101010101010
101010101010101010 101010101010101010
101010101010101010 101010101010101010
101010101010101010 101010101010101010
VM Kernel creates an 101010101010101010 101010101010101010
—
101010101010101010 101010101010101010
Hypervisor additional file where it 101010101010101010 101010101010101010
stores a map of all the VM 101010101010101010 101010101010101010
::::: VM Kernel disk's blocks 101010101010101010
101010101010101010
101010101010101010
101010101010101010
101010101010101010 101010101010101010
101010101010101010 101010101010101010
x
Virtual Machine Disk Block Map

File
(where changed blocks are
tracked)
Backup Device
Image-Based Backup – Changed Block Tracking (Select image to enlarge)
To further enhance the image-based backup some of the vendors support

changed block tracking82 mechanism.
82This feature identifies and tags any blocks that have changed since the
last VM snapshot. This enables the backup application to backup only the
blocks that have changed, rather than backing up every block.

Backup Methods
Changed block tracking technique dramatically:
• Reduces the amount of data to be copied before additional data

reduction technologies (deduplication) are applied.
• Reduces the backup windows and the amount of required storage for
protecting VMs.
For more details about the changed block tracking mechanism, select
here.
Recovery-in-Place (Instant Recovery)
Backup Device
VM is startpri directly from thp hackun ripvirp
VM is recovered in the background
VM Disk
Files
FS Volume
(Production)
Recovery-in-Place (Select image to enlarge)
Certain VMs running mission critical applications need to be brought

online immediately with no time to spare waiting for a full VM image
recovery. This is achieved with the help of recovery-in-place technique.
Recovery-in-place (Instant VM recovery) is a term that:
• Enables to run a VM directly from the purpose-built backup appliance,

using a backed up copy of the VM image.
• Provides an almost instant recovery of a failed VM.

Backup Methods
− Reduces the RTO.

As shown in the image, if VM has failed due to some reason, the instant
recovery technique enables to restart VM directly from the backup device.
At the same time the VM is restored to the production storage.
For more information about Recovery-in-Place, select here.
NDMP-Based Backup
Backup Server
NDMP Server
Running on NAS
Head
NDMP-based backup (Select image to enlarge)
An open standard TCP/IP-based protocol specifically designed for a

backup in a NAS environment.
• Data can be backed up using NDMP regardless of the OS.

• Backup data is sent directly from NAS to the backup device.
• No longer necessary to transport data through application servers.
• Backs up and restores data while preserving security attributes of file
system (NFS and CIFS).

Backup Methods
The key components of an NDMP infrastructure are NDMP client83 and

NDMP server.
• The NDMP server has two components- data server84 and media
server85.
The backup operation occurs as follows:
• Backup server uses NDMP client and instructs the NAS head to start
the backup.
• The NAS head uses its data server to read the data from the storage.
• The NAS head then uses its media server to send the data read by the
data server to the backup device.
Direct Primary Storage Backup
Direct primary storage backup approach backs up data directly from a

primary storage system to a backup target without any additional backup
software.
This data protection solution integrates primary storage and protection

storage (backup device).
Direct primary storage provides the following advantages:
• Backs up data directly from a primary storage system to a backup

target.
• Integrates primary storage and backup devices.
83 NDMP client is the NDMP enabled backup software installed as an add-

on software on backup server.
84 The data server is a component on a NAS system that has access to
the file systems containing the data to be backed up.

85 The media server is a component on a NAS system that has access to
the backup device.

Backup Methods
• Eliminates the impact on applications.

• Reduces cost and complexity by eliminating excess infrastructure,
including a traditional backup application.

Knowledge Check: Backup Methods
Knowledge Check: Backup Methods
Storage
Application
Servers
Backup
Backup
Device
Data
NAS Client
Instructs NAS to Start Backup Backup Data
r
NAS
Device
Backup
Server
NAS Server
1. In the above image, which component runs NDMP client?

a. Backup Server
b. Application Server
c. NAS Device
d. Backup Device

Dell NetWorker
Dell NetWorker is a backup and recovery solution for mission-critical

business applications in physical and virtual environments for on-premises
and cloud. NetWorker is available as part of Dell Data Protection Suite,
which offers comprehensive data protection software applications and
tools. It provides a robust cloud capability enabling long term retention to
the cloud, backup to the cloud and backup in the cloud.
Dell Data Protection Suite
Dell Data Protection Suite offers comprehensive data protection for

increasingly complex modern IT environments, with solutions to meet your
organization’s specific needs. Built on a foundation Dell PowerProtect
Data Manager, NetWorker, and Avamar. Data Protection Suite provides
efficient and flexible cloud data protection while taking advantage of cost-
effective object storage. Back up data and applications in the cloud as well
as to the cloud with AWS, Microsoft Azure, or Google Cloud. In addition,
you can extend data protection to the cloud with disaster recovery, long-
term retention, and protect cloud native workloads across single or
multiple cloud environments.
Dell PowerProtect Data Manager Appliance
Dell PowerProtect Data Manager Appliance includes PowerProtect Data

Manager to deliver next generation multicloud data protection. Data
Manager gives you valuable insights into protected on-premises and in
cloud workloads, applications, file systems, and virtual machines (VMs).
Plus, complete oversight and governance to ensure compliance. The Data
Manager Appliance offers complete backup, deduplication, replication,
recovery, instant access and restore, search and analytics, and seamless

VMware integration – plus, cloud readiness with disaster recovery, long-

term retention to the cloud as well as support for multicloud workloads.
The Data Manager Appliance ensures availability of all your VMs at scale
without business disruption with Transparent Snapshots, simplifying VM
image backups for near-zero impact to your VMs or VM resources.
Dell PowerProtect Appliances
Dell PowerProtect Appliances is a purpose-built backup appliance and has

integrated and target systems. The next generation of Integrated Data
Protection Appliance (IDPA) is all-in-one data protection software and
storage in a single appliance that delivers backup, replication, recovery,
search, analytics and more.
Dell PowerProtect DD series appliance enables your organization to

protect, manage and recover data at scale. As the next generation of Dell
Data Domain appliances, DD series sets the bar for efficient data
management from edge to core to cloud and includes the ecosystem
support and comprehensive data protection that customers have come to
appreciate from Data Domain. Deploy PowerProtect DD Virtual Edition for
on premises data protection. Supports leading enterprise backup and
archive applications.

Exercise- Data Backup

• A financial organization runs business-critical applications in a

virtualized data center.
• The organization:
− Currently uses tape as their primary backup storage media for

backing up application data.
− Uses an agent-based backup solution for backing up data.
− Has a file-sharing environment in which multiple NAS systems
serve all the clients including application servers.
• Backup operations consume resources on the compute systems

that are running multiple VMs.
− Significantly impacting the applications deployed on the VMs.

• During NAS backup, the application servers are impacted.
− Data is backed up from these servers to the backup device.

• Backing up and recovering of data also take more time.
• Need faster backup and restore to meet the SLAs.
• Need to offload the backup workload from the compute system to

avoid performance impact on applications.
• Need a solution to avoid performing regular full backup.
• Require a solution to overcome the backup challenges in NAS

environment.

• Propose a solution to address the organization’s challenges and

requirements.
Solution
• Implement disk-based backup solution to improve the backup and

recovery performance for meeting SLAs.
• Implement recovery-in-place to speed up the recovery operations.
• Implement image-based backup that helps to offloaded backup
operation from VMs to a proxy server.
− No backup agent is required inside the VM to backup.
• Implement incremental forever backup to avoid performing regular full
backup.
• Deploy NDMP-based backup solution for NAS environment.
− In NDMP-based backup, data is sent directly from the NAS head to

the backup device without impacting the application servers.

Data Deduplication

Data Deduplication

Data Deduplication Overview
Objectives
• List the key data deduplication components.

• Explain the data deduplication and backup processes.
• Define the hardware and software-based deduplication.
• Explain deduplication ratio and the factors affecting it.

Why Do We Need Data Deduplication?
Stores multiple copies

(duplicate)of thesame
document
Backup device
Traditional backup environment (Select image to enlarge)
Challenges of duplicate data in a data center:
• Difficult to protect the data within the budget.

• Impacts the backup window.
• Increases the network bandwidth.
Data deduplication is the process of detecting and identifying the unique

data segments (chunk) within a given set of data to eliminate redundancy.
Only one copy of the data is stored; the subsequent copies are replaced
with a pointer to the original data. Deduplication addresses all the
aforesaid challenges.

Deduplication Ratio
The effectiveness of data deduplication is expressed as a deduplication or

reduction ratio, denoting the ratio of data before deduplication to the
amount of data after deduplication.
Total data before reduction

Deduplication Ratio =
Total data after reduction
Factors affecting Description

deduplication ratio
Retention period The longer the data retention period, the greater
is the chance of identical data existence in the
backup.
Frequency of full The more frequently the full backups are

backup conducted, the greater is the advantage of
deduplication.
Change rate The fewer the changes to the content between

backups, the greater is the efficiency of
deduplication.
Data type The more unique the data, the less intrinsic
duplication exists.
Deduplication Variable-length, sub-file deduplication discover

method the highest amount of deduplication across an
organization.

Key Benefits of Data Deduplication
Click the icons shown below for information on the benefits of

deduplication.
1: By eliminating redundant data from the backup, the infrastructure

requirement is minimized. Data deduplication directly results in reduced
storage capacities to hold backup images. Smaller capacity requirements
mean lower acquisition costs as well as reduced power and cooling costs.
2: As data deduplication reduces the amount of content in the daily

backup, users can extend their retention policies. This can have a
significant benefit to users who currently require longer retention.
3: Data deduplication eliminates redundant content of backup data, which

results in backing up less data and reduced backup window.
4: By utilizing data deduplication at the client, redundant data is removed

before the data is transferred over the network. This considerably reduces
the network bandwidth required for sending backup data to remote site for
DR purpose.

Example: Data Deduplication and Backup Process
The backup source takes the data, segments it out, compares it with
segments already on the backup device, and only sends over new, unique
segments.
Step 1
Client agent checks the file system and determines if a file has been
backed up before.
Step 2
Modified files are broken into chunks and hashed.
ce62c34ab
e15acee22
362ae92b2
362ae92b2

Step 3
Hashes are compared with chunks already existing on the backup device.
c23f038d2
e1 5acee22
Step 4
Only new and unique data chunks are backed up on the backup device.

Knowledge Check: Deduplication Granularity and Methods
Knowledge Check: Deduplication Granularity and

Methods
1. Which factor affects the deduplication ratio?

a. Type of backup media
b. Data type
c. Size of backup media

Deduplication Granularity and Methods
Objectives
• Define deduplication granularity.

• Explain source and target-based deduplication.
• Illustrate the deduplication use case: Disaster Recovery (DR).
Deduplication Granularity
File-level
Deduplication
Object-level Block-level
Deduplication Deduplication Deduplication
(Fixed-length)
Granularity
Block-level
Deduplication
(Variable Length)
• Some deduplication approaches operate at the file level, while others

go deeper to examine data at a sub-file or block-level.
• Even deduplication can happen at the object-level. Determining the
uniqueness at either the file, block, or object-level will offer benefits,
though result may vary.

File-level Deduplication
The key characteristics of file-level deduplication is as follows:
File-level deduplication example (Select image to enlarge)
• Detects and removes redundant copies of identical files in a backup

environment.
• Only one copy of the file is stored; the subsequent copies are replaced
with a pointer to the original file.
• Very effective for documents, spreadsheets, etc., where multiple users
save copies of the same file.
• Small change in a file result in another copy of the file.
• Does not address the problem of duplicate content inside the files.

Block-level Deduplication - Fixed-length
Fixed-length
Deduplication
AB/Q DEFGHIJK LMNO >
The changed segment is now considered Backup

as a unique data, so it is backed up.
Remaining unchanged segment is
considered as a duplicate data and not
backed up. ABCD EFGH IJKL MNOP
ABQD Backup device
Since all the segments are changed, all

of them are now considered as a
unique data. All the data segments are AB/QIDEFG HIJK ILMNO
backed up.
Block-level deduplication - Fixed-length example (Select image to enlarge)
The key characteristics of block-level deduplication-fixed-length are as

follows:
• Breaks files down to smaller segments and fixes the chunking at a

specific size, for example 8 KB or may be 64 KB.
• Detects redundant data within and across files.
Fixed-length block may miss many opportunities to discover the redundant

data because the block boundary of similar data may be different.

Block-level Deduplication - Variable-length
Client ABCDEFGH ijklmzJnop Variable-length

Deduplication
Backup
There is a change in the block, so

the boundary for that block is only
adjusted, leaving the remaining
blocks unchanged. So only that
block is backed up.
Block-level deduplication - Variable-length example (Select image to enlarge)
The key characteristics of block-level deduplication-Variable-length are as

follows:
• The length of the segments varies and provide greater storage

efficiency for redundant data regardless of where new data has been
inserted.
• If there is a change in the block, then the boundary for that block is
only adjusted, leaving the remaining blocks unchanged.
• It yields a greater granularity in identifying duplicate data.

Object-level Deduplication
rBi
BlClient 2
Object ID is created from the content of
the file (Apr.Txt) and the value is
checked against the already existing
hash values. Since this hash value
already exists, the object is not stored,
only a pointer to that object is created.
Object-level deduplication (Select image to enlarge)
Object-level deduplication is also referred as single instance storage. In an

object-based storage system86, a file is stored as an object.
• Object-level deduplication is also referred as single instance storage.
− In an object-based storage system,87 a file is stored as an object.

During data write, the object-based storage system is polled to see if it
already has an object with the same signature. If the object is already on
the system, it is not stored, rather only a pointer to that object is created.
86 Rather than accessing an object by its file name at a physical location,

object-based storage device uses an object ID (signature) that is derived
from each object's unique binary representation to store and retrieve the
object.
87 This object ID is unique to ensure that only one protected copy of the
content is stored (single instance storage), no matter how many times

clients store the same information. This significantly reduces the total
number of data stored, and is a key factor in lowering the cost of storing
and managing content.

Deduplication Methods
Deduplication Methods
Inline
Deduplication
Target-based
Deduplication
Deduplication
Post-process
Methods
Deduplication
Source-based
Deduplication
Data deduplication can be classified based on where it occurs.
• When the deduplication occurs close to where the data is created

(backup client), it is referred to as source-based deduplication.
• When it occurs near where the data is stored (backup device), it is
referred as target-based deduplication. In a target-based deduplication,
the deduplication can happen in-line or post-process.
Source-based Deduplication
Source-based deduplication (Select image to enlarge)

In this deduplication method, the data is deduplicated at the source

(backup client).
• The backup client sends only new, unique segments across the
network.
• Source-based data deduplication88 method is suitable for environment
where storage and network are a constraint.
88 However, it may require a change in the backup software if this option is

not supported by the existing backup software. Source-based
deduplication consumes CPU cycles on client and may impact the
application performance. So, it is recommended for remote office branch
office environment for performing centralized backup.

Target-based Deduplication
The characteristics of target-based deduplication are as follows:
Deduplication
Appliance
Data deduplication occurs

at the backup target
Target-based deduplication (Select the image to enlarge)
• Data is deduplicated at the target.

• Supports current backup environment and no operational changes are
required.
• Client is not affected since deduplication process takes place at target.
• Requires sufficient network bandwidth to send data across LAN or
WAN during the backup.
• Data is deduplicated at the backup device, either inline or post-
process.

Deduplication Use Case: Disaster Recovery
Typically, organizations maintain a copy of data at the remote site (DR site
or cloud) for DR purpose. If the primary site goes down due to disaster or
any other reasons, the data at the remote site will enable restoring of
services and data to the primary site. Data deduplication can enhance DR
because of the following reasons:
• Deduplication significantly reduces the network bandwidth to transfer

the data from the primary site to the remote site (DR site or Cloud) for
DR purpose.
• Deduplication also reduces the storage requirement at the remote site.

Knowledge Check: Deduplication Granularity and Methods
Knowledge Check: Deduplication Granularity and

Methods
1. Match the following:
A. 4. File-level C C. Data is deduplicated at

deduplication the backup client
B. 2. Target- B A. Requires sufficient

based network bandwidth to send
deduplication duplicate data across
LAN or WAN during the
backup
C. 1. Source- D D. Detects redundant data

based within and across files
deduplication
D. 3. Fixed-length A B. Does not address the

deduplication problem of duplicate
content across the files

Exercise - Data Deduplication

An organization runs business applications in a data center. The

organization:
• Has multiple remote/branch offices (ROBO) across different

locations.
• Stores application data on SAN-based storage systems in the data

center.
• Currently uses disk as their backup storage media for backing up

application data.
• Uses tapes for protecting data at the remote site for DR purpose.
• Backup and production environments have huge amount of

redundant data - increases the infrastructure cost and impacts the
backup window.
• Backing up data from branch offices to a centralized data center is

restricted due to the time and cost involved in sending huge
volumes of data over the WAN.
• Sending tapes to offsite locations would increase the risk of losing

sensitive data.
• Need to eliminate redundant copies of data in both production and

backup environment.
• During backup, the business-critical applications should not get

impacted.

• Need an effective solution to address the backup challenges of

remote and branch offices.
• Need an effective solution to address the challenges of remote site

backup using tapes for DR purpose.
Propose a solution to address the organization’s challenges and

requirements.
Solution
Implement deduplication solution to eliminate redundant data.
• Implement target-based deduplication solution for business-critical

applications. This will not impact the performance of business- critical
applications.
• Implement source-based deduplication at branch offices. This will
eliminate the challenges associated with centrally backing up of branch
office data and considerably reduce the required network bandwidth.
• Organization can transfer deduplicated data over WAN to the remote
site. This will eliminate the need for shipping the tape to the remote site
and reduces the network bandwidth requirements.
• Organization can also utilize the deduplication capability of their SAN
storage. This will reduce the redundant data in production and reduce
the primary storage cost.

Replication

Replication

Data Replication Overview
Objectives

→ Understand the primary uses of replica.
→ Define different characteristics of replica.
→ Describe various methods to ensure replica consistency.
→ Describe different types of replication.
Introduction to Data Replication
Data replication (Select image to enlarge)
A data replication solution is one of the key data protection solutions that:
• Enables organizations to achieve business continuity, high availability,

and data protection.

• Creates an exact copy (replica) of data. These replicas are used to

restore and restart operations if data loss occurs.
− For example, if a production VM goes down, then the replica VM
can be used to restart the production operations with minimum
disruption.
• Categorizes into two characteristics- recoverability89 and
restartability90.
For more information on data replication, select here.
Primary Uses of Replicas
Replicas are created for various purposes, including the following:
To learn more about uses of replicas, select here.
89 Enables restoration of data to the source if there is a data loss at the

source.
90 Enables to restart the business operations on it, if the source is not
available due to some reasons.

Methods to Ensure Replica Consistency
Consistency ensures the usability of replica devices.
Offline Online
File System Unmount file Flushing compute system buffers

system
Database Shutdown • Using dependent write I/O

Database principle
• Holding I/O to the source
before creating the replica
To learn more about replica consistency, select here.

Types of Replication
Replication can be classified into two major categories: local and remote
replication.
Local Replication Remote Replication
• Refers to replicating data • Refers to replicating data to remote

within the same location locations (locations can be
geographically dispersed)
− Within a data center
in compute-based • Data can be synchronously or
replication asynchronously replicated
− Within a storage • Helps to mitigate the risks associated

system in storage with regional outages
system-based • Enables organizations to replicate the
replication data to cloud for DR purpose
• Typically used for • Can be implemented at compute,
operational restore of storage, and network
data in the event of data
loss
• Can be implemented at
compute, storage, and
network
To learn more about types of replication, select here.

Knowledge Check: Data Replication Overview
Knowledge Check: Data Replication Overview
1. Does local replication provide a solution for disaster recovery?

a. Yes
b. No

Local Replication
Local Replication
Local Replication
Objectives

→ Understand the concept of file system snapshot.
→ Describe VM snapshot.
→ Describe VM clone.
→ Understand various key components of continuous data protection
(CDP).
→ Describe local CDP replication.
→ Describe hypervisor-based CDP replication.

Local Replication
Local Replication Overview
Storage System
Local Replication
• In local replication, the replication is performed within the storage

system. In other words, the source, and the target logical unit numbers
(LUNs) reside on the same storage system.
− Enables one to perform operational recovery in the event of data

loss and provides the support for other business operations such as
backup.

Local Replication
File System Snapshot
File system (FS) snapshot creates a copy of a file system at a specific

point-in-time, even when the original file system continues to be updated
and used normally.
• When a snapshot is created, a bitmap and blockmap are created in the

metadata of the snapshot FS. The bitmap is used to keep track of
blocks that are changed on the production FS after the snapshot
creation.
• After the creation of the FS snapshot, all reads from the snapshot are
served by reading the production FS.
− To read from the snapshot FS, the bitmap is consulted.

− If the bit is 0, then the read will be directed to the production FS.
− If the bit is 1, then the block address will be obtained from the
blockmap and the data will be read from that address on the
snapshot FS.
FS Snapshot 3
Wednesday View
Tuesday View
Monday View
FS Snapshot 2
FS Snapshot 1
Production File System (FS)
To learn more about snapshot, select here.

Local Replication
VM Snapshot
• A VM snapshot preserves the state91 and data92 of a VM at a specific

PIT.
− This includes disks, memory, and other devices such as virtual
network interface cards.
• Useful for quick restore of a VM considering the storage space they
consume.
− For example, an administrator can create a snapshot of a VM, then

make changes such as applying patches and software upgrades to
the VM.
− If anything goes wrong, the administrator can simply restore the VM
to its previous state using the VM snapshot.
VM Snapshot
91 The state includes the VM’s power state (for example, powered-on,
powered-off, or suspended).
92 The data includes all of the files that make up the VM.

Local Replication
VM Clone
VM Clone Types (Select image to enlarge)
• Clone is a copy of an existing virtual machine (parent VM).

− The clone VM’s MAC address is different from the parent VM.
• Typically, clones are deployed when many identical VMs are required.
− Reduces the time required to deploy a new VM.
• Two types of clones:
Full clone Independent copy of a VM that shares nothing

with the parent VM.
Linked clone Created from a snapshot of the parent VM.
For detailed information about VM clone, select here.

Local Replication
Full Volume Replication- Clone
Local Replication
Only th« updated data is copied to the Clone
Source
Primary
Compute System
Secondary
Compute System
Full volume local replication provides the ability to create fully populated
point-in-time copies of LUNs within a storage system.
• When the replication session is started, an initial synchronization93 is

performed between the source LUN and the replica (clone).
− During the synchronization process, the replica will not be available
for any compute system access. Once the synchronization is
completed, the replica will be exactly same as the source LUN.
• The replica can be detached (fractured) from the source LUN and it
can be made available to another compute system for business
operations.
− After detachment, the changes made to both the source and the
replica can be tracked at some predefined granularity.
93Synchronization is the process of copying data from the source LUN to

the clone.

Local Replication
• The tracking table enables incremental resynchronization (source to

target) or incremental restore (target to source).
• In the image shown, re-synchronization happens from the source to
the target. In a full volume replication, the clone must be of the same
size as the source LUN.
Pointer-based Virtual Replication – Snapshot
Replication Session
Save
Location
Source Snapshot
In pointer-based virtual replication:
• At the time of replication session (time duration in which the replication

happens) activation:
− Target contains pointers to the location of the data on the source.

− Target does not contain data at any time. Therefore, the target is
known as a virtual replica.
In a pointer-based replication:
• Target is immediately accessible after the replication session

activation.

Local Replication
− A predefined area in the storage system (save location) is used to

store the original data or the new data, based on the snapshot
implementation.
• Can be implemented by using a technique named redirect on write
(RoW).
Continuous Data Protection (CDP)
• CDP provides the capability to restore data and VMs to any previous
point-in-time (PIT).
− Data changes are continuously captured and stored on separate

location from the production volume so that the data can be
restored to any previous PIT.
The key benefits of CDP are as follows:
Click on each label to get more information about benefits.
Continue 1 plication
Supports heterogt 2 ’ storage systems
HCFTWRC
Supports both loca 3 remote replications
Supports WAN o 4 ation techniques
Multi-! 5 pport
1: CDP provides continuous replication, tracks all the changes to the

production volumes that enable to recover to any point-in-time.
2: CDP solutions have the capability to replicate data across

heterogeneous storage systems.
3: CDP supports both local and remote replication of data and VMs to
meet operational and disaster recovery respectively.

Local Replication
4: CDP supports various WAN optimization techniques (deduplication,

compression, and fast write) to reduce bandwidth requirements and also
optimally utilizes the available bandwidth.
5: CDP supports multi-site replication, where the data can be replicated to

more than two sites using synchronous and asynchronous replication.
Key CDP Components
•Contains all the data that •Intelligent hardware •Intercepts writes to the
has changed from the time platform that runs the CDP production volume from the
the replication session software compute system and splits
started to the production •Manages both the local and each write into two copies
volume the remote replications •Can be implemented at the
•Journal volumes hold •Appliance could also be compute, fabric, or storage
snapshots of data to be virtual, where CDP software system
replicated runs on VMs
Journal
Volume
Local CDP Replication Operations
In this method, before the start of replication, the replica is synchronized

with the source and then the replication process starts. After the
replication starts:

Local Replication
Write splitter creates a

copy of a write data and
sends it to the CDP Compute
appliance and production System
volume
Write I/O
CDP
Appliance
Write I/O
Data is written to the journal
volume along with its timestamp
is written
to replica
Production Replica Journal

Volume
Storage System
CDP Local Replication (Select image to enlarge)
• All the writes to the source are split into two copies.
− One of the copies is sent to the CDP appliance and the other to the
production volume.
• CDP appliance writes the data to the journal volume.
• Data from the journal volume is sent to the replica at predefined
intervals.
• While recovering data to the source, the appliance restores data from
the replica and applies journal entries up to the point-in-time chosen for
recovery.

Local Replication
Hypervisor-based CDP Implementation- Local

Replication
Virtual Appliance
Write Splitter
Hypervisor-based CDP -
Local Replication
Hypervisor-based CDP Local Replication (Select image to enlarge)
Some vendors offer continuous data protection for VMs through

hypervisor-based CDP implementation. This deployment option:
• Protects a single or multiple VMs locally or remotely.

• Enables to restore VM to any PIT.
• Virtual appliance is running on a hypervisor.
• Write splitter is embedded in the hypervisor.
The image shows a hypervisor-based CDP implementation.

Knowledge Check: Local Replication
Knowledge Check: Local Replication
1. Which of the following statement is incorrect about VM Clone?

a. Clone is a copy of an existing parent VM
b. Clones are deployed when many identical VMs are required
c. Clone VM’s MAC address is same as of parent VM
d. Clones do not affect the parent VM during any type of changes
2. Which CDP component holds snapshots of the data to be replicated?

a. CDP appliance
b. Replica volume
c. Journal volume
d. Write splitter

Remote Replication
Remote Replication
Remote Replication
Objectives
The objectives of the topic are:

→ Explain remote replication.
→ Describe synchronous and asynchronous replication.
→ Understand the concepts of multi-site replication.
→ Understand the concept of hypervisor-based remote replication.
→ Describe remote CDP replication operations.
Remote Replication Overview
Remote Replication (Select image to enlarge)
• In remote replication, the storage system operating environment

performs the replication process.

Remote Replication
− One of the storage systems is in the source site and the other
system is in the remote site for DR purpose. Data can be
transmitted from the source storage system to the target system
over a shared or a dedicated network.
− Replication between storage systems may be performed in
synchronous or asynchronous modes.
− Hypervisor-based remote replication replicates VMs between a
primary site and a remote site.
o Initial synchronization is required between the source and the
target.
o Copies all the data from source to target.
o Only the changes are replicated; this reduces network
utilization.
Remote Replication
Remote replication can be performed in synchronous and asynchronous

mode.
Synchronous
Write I/O Is received from the

production compute system
to the cache of the source The write I/O is transmitted to
and placed in the queue the cache of the target storage
/ VM " VM ’ VM ” VM K
Production Receipt acknowledgment is

Ending status is presented
Compute System provided by the target storage
to the production
compute system back to the cache of the source Storage at
Remote Site
Synchronous Remote Replication (Select image to enlarge)
• Writes must be committed to the source and the target prior to

acknowledging “write complete” to the production compute system.

Remote Replication
− Provides near zero RPO.

• The shown image illustrates an example of synchronous remote
replication. If the source site is unavailable due to disaster, then the
service can be restarted immediately in the remote site to meet the
required SLA.
To learn more about synchronous remote replication, select here.
Asynchronous
Write I/O Is received from the Writes are collected In the delta set
production compute system
to the cache of the source The write I/O is
and placed in the queue transmitted
to the cache of the
Source target storage
Production Receipt acknowledgment is

Compute System provided by the source Target acknowledges back to
storage back to the production the source Storage at
compute system Remote Site
Synchronous Remote Replication (Select image to enlarge)
• A write from a production compute system is committed to the source

and immediately acknowledged to the compute system.
− Data is buffered at the source and sent to the remote site

periodically.
− Replica will be behind the source by a finite amount (finite RPO).
To learn more about asynchronous remote replication, select here.

Remote Replication
Multi-site Replication
Storage System at Storage System at

Source site Remote Site 1
Production
Compute System
Storage System at
Remote Site 2
Multi-site Replication (Select image to enlarge)
In a two-site synchronous replication, the source and the target sites are
usually within a short distance.
• In synchronous replication, if a regional disaster occurs, both the

source and the target sites might become unavailable.
• In asynchronous replication, if the source site fails, production can be
shifted to the target site, but there will be no further remote protection
of data until the failure is resolved.
Multi-site replication mitigates the risks identified in two-site replication. In

a multi-site replication:
• Data from source site is replicated to multiple remote sites for DR

purpose.
− Disaster recovery protection is always available if any one-site
failure occurs.
• Mitigates the risk in two-site replication.
− No DR protection after source or remote site failure.

To learn more about multi-site replication, select here.

Remote Replication
Remote CDP Replication Operations
1. Write splitter creates a

2. Data is sequenced,
copy of a write data and compressed, and
sends it to the CDP replicated to the remote 3 Data is received,
appliance and production Compute appliance uncompressed, and
volume System sequenced
Write
Splitter
Remote CDP
5. Data is copied to the
remote replica
Local CDP
Appliance
4. Data is written to
the journal
Production Journal Remote

Volume Replica
Source Site Remote Site
CDP Remote Replication (Select image to enlarge)
In this method, the replica is synchronized with the source, and then the
replication process starts. After the replication starts:
• All the writes from the host to the source are split into two copies.
− Write splitter creates a copy of a write data and sends it to the CDP
appliance and production volume.
• Data is sequenced, compressed, and replicated to the remote
appliance.
• Data is received, uncompressed, and sequenced.
• Data is written to the journal.
• Data is copied to the remote replica.
For more information about remote replication CDP operation, select here.

Knowledge Check: Remote Replication
Knowledge Check: Remote Replication
1. Match the following elements with their functions:
A. Multi-site B Writes must be committed

Replication to the source and the target
prior to acknowledging
“write complete” to
compute.
B. Synchronous C Data is buffered at the

Replication source and sent to the
remote site periodically.
C. Asynchronous A Disaster recovery

Replication protection is always
available if any one-site
failure occurs
2. In hypervisor-based remote replication, initial synchronization is

required between the source system and the target system.
a. Yes
b. No

Dell TimeFinder
Dell TimeFinder software delivers point-in-time copies of volumes that can

be used for backups, decision support, data warehouse refreshes, or any
other process that requires parallel access to production data. TimeFinder
SnapVX is a local replication solution with cloud scalable snaps and
clones to protect your data.
Dell SRDF
SRDF replicates data between two, three, or four arrays located in the
same room, on the same campus, or thousands of kilometers apart.
SRDF synchronous (SRDF/S): Maintains a real-time copy at arrays

located within 200 kilometers. Writes from the production host are
acknowledged from the local array when they are written to cache at the
remote array.
SRDF asynchronous (SRDF/A): Maintains a dependent-write, consistent

copy at arrays located at unlimited distances. Writes from the production
host are acknowledged immediately by the local array. Thus, replication
has no impact on host performance. Data at the remote array is typically
only seconds behind the primary site.
Dell RecoverPoint for Virtual Machines
Dell RecoverPoint for Virtual Machines redefines data protection for

VMware Virtual Machines (VMs) enabling local, remote, and concurrent
local and remote replication with continuous data protection for on-
premises recovery to any point-in time (PiT).

Exercise- Replication
• A multinational bank runs a business-critical application that stores

data in a LUN with RAID 1 configuration.
• Application is write-intensive with about 75% write operations.
• Every month-end the bank runs billing and reporting applications to

generate bills and statement of customer’s account.
• The bank has two data centers which are 100 miles apart.
• The backup window is too long and is negatively impacting the

application performance.
• These billing and reporting applications have huge impact on the

source volume.
• In the past year, the top management has become extremely

concerned about DR because they do not have any DR plans in
place.
• During billing and reporting, the source volume should not have any
impact.
• During backup the business-critical applications should not get

impacted.
• Bank cannot afford any data loss; therefore, needs a disaster

recovery solution with near zero RPO.

• Propose a storage system-based local replication solution to

address the organization’s concern.
• Propose a solution to address the organization’s DR requirements.
Solution
• Deploying a full volume (clone) local replication solution.

− All the data will be available on the replica after synchronization.
− Replica can be used as a source to take backup; this will not impact
the source volume.
− Create one more replica that can be used for billing and reporting.
• To meet the DR requirement, the organization can implement
synchronous remote replication.
− Provides near zero RPO.

Data Archiving

Data Archiving

Data Archiving Overview
Objectives
• Understand the need for data archiving.

• Review the benefits of data archiving.
• Learn about fixed content assets.
• Perform a comparison between backup and archiving.
• Explore archiving architecture and archive storage implementations.
• Explore examples of data archiving regulations.
Why Do We Need Data Archiving?
What are the challenges of keeping

fixed data in primary storage?
Data Archiving addresses these

challenges
Primary Storage Systems
Primary Storage Environment (Select image to enlarge)

What are the challenges of keeping fixed data in primary storage?
• Increasing consumption of expensive primary storage.

• High performance storage for less frequently accessed data.
• Risk of compliance breach.
• Increased data backup window and cost.
To learn more about the need for data archiving, select here.
Data Archiving and Its Benefits
Data archiving moves fixed data94 that is no longer actively accessed to a

separate low-cost archive storage system for long term retention and
future reference:
• Saves primary storage capacity.

• Reduces backup window and backup storage cost.
• Moves less frequently accessed data to lower cost archive storage.
• Preserves data for future reference and adherence to regulatory
compliance.
To understand more about Data Archiving Benefits, select here.
94 Data that is no longer actively accessed by users. It still however needs

to be stored for business and regulatory requirements.

Backup vs. Archiving
Data Backup Data Archiving
Secondary copy of data Primary copy of data
Used for data recovery operations Available for data retrieval
Primary objective – operational Primary objective – compliance

recovery and disaster recovery adherence and lower cost
Typically, short-term (weeks or Long-term (months, years, or

months) retention decades) retention
Archiving Architecture
Application Server
Archive Server Primary Storage
(Policy Engine)
Archiving
Archive Agent
Storage
Clients
Archiving Architecture (Select image to enlarge)
The archiving architecture consists of three key components:

• Archiving agent- It is a software installed on the application and file

servers. The agent is responsible for scanning the files and archiving
them, based on the policy defined on the archive server (policy
engine).
• Archive server- It is a software installed on a server that enables
administrators to configure policies for archiving data. Organizations
set their own policies for qualifying data to be moved into archive
storage. Policies can be defined based on file size, file type, or
creation/modification/access time. Once the files are identified for
archiving, the archive server creates an index for the files. By utilizing
the index, users may search and retrieve their data.
• Archive storage- It stores the fixed data.
Examples of Data Archiving Regulations
SEC
Rule 17a-4
• Part of the US Securities Exchange Act of 1934.

• Describes the requirements for data retention, indexing, and
accessibility for companies which deal in the trade or brokering of
financial securities such as stocks, bonds, and futures.
• Companies must retain the records of various types of transactions for
a certain period of time.
Sarbanes-Oxley
Act
• Passed in 2002 and it protects the shareholders and the public from
accounting errors and fraudulent practices in the enterprise.
• Created to protect investors by improving the accuracy and reliability of
corporate disclosures.
• Applies to all public companies and accounting firms.

• Not a set of business practices and does not specify how a business
should store records.
• Defines which records are to be retained and for how long.
Health
Insurance Portability and Accountability Act
• Was passed in 1996 and is a set of federal regulations establishing

national standards for the players in healthcare industry. For example,
healthcare insurance and healthcare providers.
• Provides guidelines for protection and retention of patient records,
including email.

Knowledge Check: Data Archiving Overview
Knowledge Check: Data Archiving Overview
1. Which of the following statements are correct? Choose all that apply
a. Archiving fixed data before taking backup reduces the backup
window
b. Primary objectives of archiving are compliance adherence and
lower cost
c. Nearline archive makes the data immediately accessible
d. Data archiving must occur outside the application operating time
e. Archiving agent indexes and moves fixed data to high-
performance storage

Archiving Operation and Storage
Objectives
• Data archiving and retrieval operations.

• Correlation between storage tiering and archive.
• Storage tiering policies.
• File movement from NAS to archive.
• Email archiving.
• Content addressed storage (CAS) features and operations.

Data Archiving Operation
Clients
Archive Server
Data Archiving Operation (Select image to enlarge)
• Archiving agent scans primary storage to find files that meet the
archiving policy. The archive server indexes the files.
• Once the files have been indexed, they are moved to archive storage
and small stub files are left on the primary storage.
To understand more about Data Archiving Operations, select here.

Data Retrieval Operation
When a client attempts to access By utilizing the index for archived

the files through an application or files, users may also search and
file server, the stub file is used to retrieve files. The retrieval of files
retrieve the file from archive from the archive storage is
storage. transparent to the clients.

Correlating Storage Tiering and Archive
Storage Tiering (Select image to enlarge)
Storage tiering is a technique of establishing a hierarchy of storage types

(tiers) and identifying the candidate data to relocate to the appropriate
storage type to meet service level requirements at a low cost.
To learn more about Correlating Storage Tiering and Archive, select here.

Storage Tiering Policy
Data Movement
• Movement of data between storage tiers happens based on predefined

tiering policies.
• A tiering policy is a set of rules to move data from a source tier to a
destination tier.
Example: If a policy states, “move the files from tier 2 to tier 3 storage that
are not accessed for the last six months,” then all the files in tier 2 storage
that match this condition are moved to tier 3 storage. Multiple rules may
also be combined to create a policy as shown in the image.

Tiering Example: NAS to Archive File Movement
3)File is stored in the archive

Application Servers storage system
Archive Storage System
1) Policy Engine Scans the 2) Policy Engine creates a

NAS device stub file on the NAS device
NAS Device
Tiering Example in NAS Environment (Select image to enlarge)
The image illustrates an example of file-level storage tiering, where files

are moved from a NAS device (primary storage system) to an archive
storage system. The environment includes a policy engine, where tiering
policies are configured.
For more on the Tiering example, Select here.

Archiving Use Case: Email Archiving
Legal Dispute/Government Compliance
• An organization may be involved in a legal dispute and they need to

produce all emails within a specified time period containing specific
keywords that were sent to or from certain people.
• Email archiving also helps to meet government compliance
requirements such as Sarbanes-Oxley and SEC regulations.
Mailbox Space Saving
• Email archiving allows to free up space in user mailboxes and still

provide user access to older emails.
To learn more about Email Archiving, select here.

Purpose-built Archive Storage – CAS
Application
Server
CAS Environment (Select image to enlarge)
• Content addressed storage (CAS) is an object-based storage device

that is purposely built for storing and managing fixed data.
• Each object stored in CAS is assigned a globally unique content
address (digital fingerprint of the content).
• Application server accesses the CAS device via the CAS API.

Key Features of CAS
Feature Description
Content integrity Provides assurance that the stored data

has not been altered.
Content authenticity Assures the genuineness of the stored

content.
Single instance storage Uses a unique content address to

guarantee the storage of only a single
instance of an object.
Retention enforcement Configurable retention settings ensure

content is not erased prior to the expiration
of its defined retention period.
To learn more about CAS, select here.
Key Features of CAS (Cont'd.)
Feature Description
Location independence Physical location of the stored data is

irrelevant to the application that requests
the data.
Data protection Provides both local and remote protection

to the objects stored on CAS.
Performance CAS stores all objects on disks which

provide faster access to the objects
compared to tapes and optical discs.

Self-healing Automatically detects and repairs

corrupted objects.
Audit trails Keeps track of management activities and

any access or disposition of data.
To get a little more detail about the key features of CAS, select here.

Knowledge Check: Archiving Operation and Storage
Knowledge Check: Archiving Operation and Storage
Archive
Servers
Clients
1. In the image shown, in which component of the data archiving

environment does the sub file reside?
a. Primary Storage
b. Clients
c. Archive Servers
d. Archive Storage

Dell PowerScale Archive
PowerScale family of archive nodes for highly efficient and resilient active
archive storage or long-term data retention for large-scale data archives.
With the scale-out architecture of PowerScale, an organization can keep
pace with growing archive needs. Keep archive data safe with a choice of
enterprise-grade data protection and security options.

Exercise: Data Archiving

• IT infrastructure of a healthcare organization includes a cluster of

six physical computing systems that are running hypervisors.
• Clustered compute systems host a total of 24 VMs.
• VMs run healthcare, email, and backup applications; and file

servers.
• Physical compute systems are connected to two disk-based, high-

performance storage systems.
• Physical compute systems are also connected to a tape library that

is used as backup storage system.
• One of the storage systems has mostly SSDs while another has
only HDDs.
• Disk-based storage systems have about:
− 20% frequently accessed data

− 40% moderately accessed data
− 40% fixed data
• Each patient record is preserved for seven years even after a
patient’s death.
• Old records are needed when patients revisit the healthcare

organization.
• The organization performs daily backup of all patient records.
• Each backup copy is retained in the tape library for one month and
then the tapes are moved and maintained in a vault.

• Storage systems have only 10% storage capacity available for

storing new data.
• Budget constraints prevent buying another high-performance, high-

cost storage system.
• Last year, some of the old records were altered resulting in a delay
in treatment.
− Old records were retrieved by bringing the old tapes from the vault
and making them online.
• A long backup window impacts application performance during
peak hours.
• Cost of purchasing and maintaining many tapes often exceeds

budgeted cost.
• Maintaining many tapes poses risks of labeling errors and lost

tapes.
3. Organization Requirements:
• Need to purchase a storage system immediately to meet capacity

requirements.
• Need to ensure that the old records are authentic and are not
altered.
• Need faster retrieval of old records in case a patient revisits the

organization.
• Need to reduce the backup window and the associated costs and
risks.
• Need to optimize application performance.
Propose a solution that will address the organization’s challenges and

requirements.

Solution
• Deploy a CAS and move fixed data to the CAS.

− CAS will provide content authenticity and integrity.
− CAS will enable faster retrieval of patient records compared to
tapes.
− Moving fixed data to the CAS will reduce the backup window,
backup storage and tape maintenance costs, and associated risks.
− Reduced backup window will mitigate the impact of backups on
application performance.
• If budget permits, replace the tape library with a disk-based storage
system or virtual tape library.
− A disk-based backup storage system will further reduce the backup
window and eliminate costs and risks associated with tape
maintenance.
• Implement storage tiering to optimize application performance and
eliminate the need to buy a high-performance, high-cost storage
system.
• Create a hierarchy of storage tiers:
− Tier 0: Storage system with mostly SSDs
− Tier 1: Storage system with only HDDs
− Tier 2: CAS
• Deploy a policy engine and configure policies to automatically move:
− Frequently accessed data to tier 0

− Moderately accessed data to tier 1
− Fixed data to tier 2

Data Migration

Data Migration

Data Migration
Data Migration
Why Data Migration?

Data migration95 is a specialized replication technique that enables to
move data from one system to another within a data center, between data
centers, between cloud, and between data center and cloud.
Organizations deploys data migration solutions for the following reasons.
1. Data center maintenance without downtime
Typically, in an IT environment, a scheduled maintenance is

performed in a data center. During maintenance the systems
(compute, storage, and network) are usually down, which may impact
the availability of applications running on those systems. Data
migration solutions enable to move the applications and data to other
systems or data center without impacting the downtime.
2. Disaster avoidance
Data centers in the path of natural calamities (such as hurricanes)

can proactively migrate the applications to another data center
without impacting the business.
3. Technology refresh
As technology keeps changing, a requirement to purchase a new

hardware (for example, storage system) arises in order to meet the
business requirements. In such cases, IT organizations have to
95To meet the business challenges presented by today’s on-demand 24x7

world, data must be highly available – in the right place, at the right time,
and at the right cost to the enterprise. Data migration provides solution to
these challenges.

Data Migration
migrate their data and applications to the new system from the old
one.
4. Data center migration or consolidation
Sometime, IT organization may require data center migration or

consolidation. Data migration solutions enable to move applications
from one data center to another as part of a data center migration or
consolidation effort without downtime.
5. Workload balancing across multiple sites
IT organizations having multiple data centers may face challenges.

For example, one of the data center infrastructure components
(compute system, storage, and network) are highly utilized or
overloaded and the other data center infrastructure components are
underutilized. To overcome this challenge, organization can migrate
some of the VMs and data to the underutilized data center to provide
load balancing across data centers to meet the performance and
availability requirements.

Data Migration
Data Migration Techniques
The various data migration techniques are as follows:
SAN-based Migration NAS-based Migration

NAS to NAS direct data migration
Storage system to storage system direct
data migration
NAS to NAS data migration through
intermediary compute system
Storage system to storage system data
migration through intermediary
virtualization appliance NAS to NAS data migration using
virtualization appliance
Host-based Migration Application Migration

Host-based migration tool Migration of application from one
environment to another
Hypervisor-based migration
- VM live migration
- VM storage migration

Data Migration
SAN-based Data Migration - Storage to Storage

Migration
Compute system access to

the remote device is not
allowed in both pull and
push operations
Compute
system
Hypervisor
Control
device
Old storage system control system New storage system
(ControlStorageSystem) (RemoteStorageSystem)
Compute system can access

the control device in both hot
push and pull operations
Storage to Storage Migration (Select image to enlarge)
• SAN-based migration96 moves block-level data between

heterogeneous storage systems over SAN.
• Data can be moved from or to devices in the control storage system to
or from a remote storage system. Data migration solutions perform
push97 and pull98 operations for data movement. These terms are
defined from the perspective of control storage system.
96 This technology is application and operating system independent

because the migration operations are performed by one of the storage
systems. The storage system performing the migration operations is called
the control storage system.
97 Data is pushed from control system to remote system.
98 Data is pulled from the remote system to control system.

Data Migration
SAN-based Data Migration - Through Intermediary

Virtualization Appliance
Virtual Volume is created

from the pool and assigned
tothecomputesystem Virtualization Appliance
(Handles the migration of data)
LUNs are assigned to

the appliance
Storage pool is created using
the assigned LUNs from the
storage systems
Non-disruptive data
migration from storage
system A to B
SAN-based Migration Via Virtual Appliance (Select image to enlarge)
• Virtualization appliance (controller) provides a translation layer in the

SAN, between the compute systems and the storage systems.
• LUNs created at the storage systems are assigned to the appliance.
Appliance abstracts the identity of these LUNs and creates a storage
pool by aggregating LUNs from the storage systems.
• Virtual volume is created from the storage pool and assigned to the
compute system.
• When an I/O is sent to a virtual volume, it is redirected through the
virtualization layer at the SAN to the mapped LUNs.

Data Migration
NAS-based Data Migration - NAS to NAS Direct Data

Migration
Clients
Old NAS New NAS

System System
NAS to NAS Direct Data Migration (Select image to enlarge)
• In a NAS to NAS direct data migration, file-level data is migrated from

one NAS system to another directly over the LAN without the
involvement of any external server.
• The two primary options of performing NAS-based migration are either
by using NDMP protocol or software tool. In this example, the new
NAS system initiates the migration operation and pulls the data directly
from the old NAS system over the LAN.

Data Migration
NAS to NAS Data Migration Using an Intermediary

Compute System
Compute system
Old NAS system New NAS system
NAS to NAS Migration through Compute System (Select image to enlarge)
In a NAS to NAS data migration through intermediary compute system, all

the data is transferred through the compute system from the old NAS
system to the new NAS system. In this method of migration:
• An intermediary compute system executes a migration between the

NAS systems.
• The compute system, executing the migration, makes a connection to
the old NAS system and the target system.

Data Migration
NAS to NAS Data Migration Using a Virtualization

Appliance
Old NAS system New NAS system
NAS Migration through Virtualization Appliance (Select image to enlarge)
• Virtualization appliance facilitates the movement of files from old NAS

system to new NAS system.
− While the files are being moved, clients can access their files non-
disruptively. Clients can also read their files from the old location
and write them back to the new location without realizing that the
physical location has changed.
• Virtualization appliance creates a virtualization layer that eliminates the
dependencies between the data accessed at the file level and the
location where the files are physically stored.
− A global namespace is used to map the logical path of a file to the

physical path names.
−

Data Migration
Host-based Migration
In a host-based migration, a migration tool is installed on a compute

system to perform data migration. This tool performs migration in one of
the following ways:
• It uses host operating system to migrate data from one storage to

another. This approach uses host resources to move data non-
disruptively from a source to a target.
• It works in conjunction with storage system-based replication and
migration solutions to migrate data from one storage to another.
Hypervisor-based Migration - VM Migrations
In this type of migration, virtual machines (VMs) are moved from one
physical compute system to another without any downtime. This enables -
• Scheduled maintenance without any downtime

• VM load balancing

Data Migration
Hypervisor-based Migration - VM Storage Migration
Compute System
Network
VM Storage
Migration
Storage Storage
system system
In a VM storage migration, VM files are moved from one storage system to

another system without any downtime or service disruption.
Key benefits of this type of migration are as follows:
• Simplifies array migration and storage upgrades

• Dynamically optimizes storage I/O performance
• Efficiently manages storage capacity

Data Migration
Application Migration
App
Application
Migration
OS
Migration of disk content
(app, OS, and data) to an VM
OS empty VM
Hypervisor
Physical
compute
system VM disk
Network
Application Migration (Select image to enlarge)
Application migration typically involves moving the application from one

data center environment to another.
• Application migration typically involves moving the application from one

data center environment to another.
• Typically, the organization can move the application from physical to
virtual environment99.
• In an application migration from a physical to virtual environment, the
physical server running the application is converted into a virtual
machine.
− This option usually requires a converter software that clones the
data on the hard disk of the physical compute system and migrates
99In a virtualized environment, the application can also be moved from

one hypervisor to another for various business reasons such as balancing
workload for improving performance and availability.

Data Migration
the disk content (application, OS, and data) to an empty VM. After
this, the VM is configured based on the physical compute system
configuration and the VM is booted to run the application.
• Now-a-days the applications are deployed using containers, and it is
easy to migrate the containers from one platform to another.

Knowledge Check: Data Migration
Knowledge Check: Data Migration
1. Which migration technique is shown in the figure?

a. VM Storage Migration
b. Application Migration
c. NAS-based Data Migration - NAS to NAS Direct Data Migration
d. NAS to NAS data migration using intermediary compute system

Click the right and left arrows for more information.
Dell Intelligent Data Mobility
Dell Intelligent Data Mobility services enable organizations to reduce the

time, cost, and complexity of data migration. Dell Intelligent Data Mobility
enables fast and simple data migration to storage solutions like Dell Unity,
a simple, modern, flexible, and affordable flash storage solution for
midrange storage. It provides customers with the flexibility, simplicity, and
efficiency to seamlessly move data and workloads by using technology,
automation and Dell expertise. Intelligent Data Mobility follows a
standardized methodology to minimize the time and expense of
onboarding new storage.

Exercise - Data Migration

Please click each sub-title for more information on the exercise.
An organization runs business-critical applications in a traditional data

center. The organization:
• Currently runs applications on physical compute systems - Each

compute system runs a single application.
• Uses a block-based storage system to provision storage capacity

for the business applications.
• Has another block-based storage system from a different vendor

that supports internal applications.
• Has a file-sharing environment in which multiple NAS systems

serve all the clients including application servers.
• Plans to deploy more applications to expand their business.
• Compute systems are running at 15% to 20% utilization.
• Organization has limited budget to buy compute systems to run

new business applications.
• Business-critical applications are impacted during the maintenance

of the storage system - the storage system is down during
maintenance, and it does not have any migration capability.
• It is also identified that some of the NAS systems are over utilized
and some of the NAS systems are underutilized - Clients are
impacted when accessing the over utilized NAS systems.

• They want to virtualize their compute infrastructure and run multiple

applications on each physical compute system. Running multiple
applications on each physical compute system reduces the need to
invest on purchasing new compute systems.
• Business-critical applications should not get impacted during the

maintenance of block-based storage system.
• Need an effective solution to address the challenges in the NAS

environment.
Propose a solution to address the organization’s challenges and

requirements.
Solution
The organization can perform application migration by converting their

physical compute systems to virtual machines.
• Perform online migration that avoids the impact on application

availability.
• Improves the overall utilization of the compute systems.
To avoid downtime during storage system maintenance, the organization

can implement SAN-based data migration solution.
• Migrates data to another storage system by using virtualization

appliance.
• Supports data migration between multi-vendor storage systems.

To overcome the challenges in the NAS environment, the organization can

implement NAS-based data migration.
• Allows to move files from over utilized NAS system to underutilized

NAS system without impacting the client.

Data Protection in Software-Defined Data Center

Data Protection in Software-Defined Data Center

Software-Defined Data Center Overview
Objectives

→ Define and describe the attributes of a software-defined data
center.
→ Describe the architecture of a software-defined data center.
→ Explain the functions of a software controller.
→ Describe the key benefits of a software-defined data center.
Software-Defined Data Center
• Software-defined data center (SDDC) is an approach to IT

infrastructure.
− Abstracts, pools, and automates all resources in a data center
environment to achieve IT as a service (ITaaS).
− Controlled and managed by intelligent, policy-driven software.
• All IT infrastructure resources are virtualized, abstracted, and delivered
as a service, and the control of this data center is entirely automated
by software.
The key attributes of SDDC are:
Key Attributes Description
Abstraction and Abstracts and pools IT resources across data

pooling centers.

Automated policy- IT services are created from available resources

driven dynamically based on defined policy.
provisioning
including data
protection
Unified Provides a single control point for the entire

management infrastructure across all physical and virtual
resources.
Self-service Allows users to select IT services from a self-

service catalog.
Metering Usage of resources per user is measured and

reported by a metering system.
Open and Enables integrating multi-vendor IT resources and

extensible external management interfaces and applications
into the environment using APIs.
To learn more about SDDC key attributes, select here.
Architecture of Software-Defined Data Center
Software-defined data center (SDDC) architecture includes four

distinguished planes – data plane, control plane, management plane, and
service plane. As mentioned in the below image:
To learn about key components of software controller, select SDDC

Controller.

Set -| Self-service Portal
Orchestrator and
Plane Management Tools
Mana 2 (CLI, GUI, API)
Software
SDDC Controller
Co 3 Controller
IT
Infrastructure
1: Allows a user to request or order a service from the catalog in a self-

service way.
2: Used to perform administrative operations such as configuring a system

and changing policies.
3: Provides the programming logic and policies that the data plane follows
to perform its operations.
The key functions of the control plane include asset discovery, resource
abstraction and pooling, provisioning resources for services.
4: Performs the data processing and transmission operations.
For detailed information about SDDC architecture, select here.

Key Benefits of SDDC
By extending virtualization throughout the data center, SDDC provides

several benefits to organizations. Some of the key benefits are described
below:
Benefits Description
Agility • On-demand self-service

• Faster resource provisioning
Cost efficiency • Use of the existing infrastructure and

commodity hardware lowers CAPEX
Improved control • Policy-based governance

• Automated data protection/disaster recovery
• Automated, policy-driven operations help in
reducing errors
Centralized • Unified management platform for centralized

management monitoring and administration
Flexibility • Use of commodity and advanced hardware

technologies
• Cloud support
For detailed information about key benefits of SDDC, select here.

Knowledge Check: Software-Defined Data Center Overview
Knowledge Check: Software-Defined Data Center

Overview
1. Which of the following statement is correct about software-defined

controller? Choose all that apply.
a. Performs resource abstraction and pooling.
b. Provides interfaces that enable only cloud applications external to
the controller to request resources.
c. Allows rapid provisioning of resources based on pre-defined
policies.
d. Performs asset discovery.

Software-Defined Compute, Storage, and Networking
Software-Defined Compute, Storage, and

Networking
Objectives

→ Define software-defined compute (SDC) and software-defined
storage (SDS).
→ Explain the functions of SDS controller.
→ Describe virtual storage system and virtual storage pool.
→ Describe software-defined networking (SDN) and functions of SDN
controller.
→ Describe virtual machine network and compute-based SAN.

Software-Defined Compute (SDC)
Software- Defined
Compute
Software-defined compute (Select image to enlarge)
• SDC is an approach to provision compute resources using compute

virtualization technology enabled by the hypervisor.
• Hypervisor decouples the application and the OS from the hardware
and encapsulates them in an isolated virtual container called a virtual
machine (VM).
• Hypervisor controls the allocation of hardware resources to the VMs
based on policies, which means the hardware configuration of a VM is
maintained using a software.

Software-Defined Storage (SDS)
SDS is an approach that:
Software-defined Storage (Select image to enlarge)
• Provisions the storage resources in which a software (SDS controller)

controls storage-related operations independent of the underlying
physical storage infrastructure.
• Abstracts the physical details of storage and delivers virtual storage
resources.
• Controls the allocation of storage capacity based on policies
configured on the SDS controller.
The key functions of the SDS controller are:
• Discovery100
100 SDS controller discovers physical storage systems to gather data and
bring them under its control and management.

• Resource abstraction and pooling101

• Service provisioning102
To learn more about functions of SDS controller, select here.
Virtual Storage System and Pool
Physical storage systems are separated into two parts- virtual storage
system and virtual storage pool. Let us understand each of them.
Virtual Storage System
Virtual Storage System A Virtual Storage System B
101 SDS controller abstracts physical storage systems into virtual storage
systems and virtual storage pools as per policies and also enables an
administrator to define storage services.
102 SDS controller automates the storage provisioning tasks and delivers
virtual storage resources based on the service request issued through a

service catalog.

• A virtual storage system is a logical grouping of physical storage

systems. It abstracts the physical storage systems and network
connectivity.
• An administrator may create multiple virtual storage systems to
partition a data center into multiple groups of connected compute,
network, and storage resources.
− All physical components within a virtual storage system should be
able to communicate with each other.
• Multiple virtual storage systems may be configured for the purpose of
fault tolerance, network traffic isolation, and user group/tenant
isolation.
Virtual Storage Pool
• A virtual storage pool is a logical entity that maps to the storage pools
in the virtual storage systems.
• Administrator may configure multiple virtual storage pools of different
capacity, performance, and protection characteristics based on the
policy.
• A virtual storage pool may include storage pools from multiple virtual
storage systems.
For detailed information about virtual storage pool, select here.

Software-Defined Networking (SDN)
SDN Controller (Control Plane)
Programming Logic for

Switching/Routing
Network Traffic
Network Components (Data Plane)

Switch Switch
natTTTTTlIUmm
1 ih 11;1 11ni:
Switch
L jimmiiiim
Switch Switch
Software-defined Controller (Select image to enlarge)
A network component such as a switch or a router consists of a data

plane103 and a control plane104. These planes are implemented in the
firmware of the network components.
Software-defined networking (SDN) is the networking approach that

enables an SDN software or controller to:
• Controls the switching and routing of the network traffic independent of

the underlying network.
• Abstracts the physical details of the network components and
separates the control plane functions from the data plane functions.
103 The function of the data plane is to transfer the network traffic from one
physical port to another by following rules that are programmed into the
component.
104 The function of the control plane is to provide the programming logic
that the data plane follows for switching or routing of the network traffic.

• Provides instructions for data plane to handle network traffic based on

policies.
• Provides CLI and GUI for administrators to manage the network
infrastructure and configure policies and APIs for external
management tools and application to interact with the SDN controller.
The common functions of SDN controller are:
• Discovery105
• Network component management106
• Network flow management107
105 SDN controller interacts with network components to discover

information on their configuration, topology, capacity, utilization, and
performance.
106 SDN controller configures network components to maintain
interconnections among the components and isolate network traffic

through virtual networks.
107 SDN controller controls the network traffic flow between the
components and chooses the optimal path for network traffic.

Virtual Network
Virtual networks are software-defined logical networks that are created on

a physical network.
• Virtual networks can be created by segmenting a single physical

network into multiple logical networks.
• Multiple physical networks can also be consolidated into a single virtual
network108.
• Virtual networks are automatically or manually created, provisioned,
and managed through the SDN controller.
• Virtual networks are isolated and independent of each other. Nodes
with a common set of requirements can be functionally grouped in a
virtual network.
108A virtual network appears as a physical network to the compute and

storage systems (called nodes) connected to it, because the existing
network services are reproduced in a virtual network.

• Organizations may create multiple virtual networks on a common

network infrastructure for the use of different user groups or tenants.
− Enables isolation of network traffic between various user groups or
tenants.
− Also span physical boundaries, allowing network extension and
optimizing resource utilization across clusters and data centers.
• Common examples of virtual network are virtual LAN (VLAN), virtual
extensible LAN (VXLAN), and virtual SAN (VSAN).
Virtual Machine Network
Virtual Switch
• A logical network that provides Ethernet connectivity.

− Enables communication between the VMs running on a hypervisor
within a compute system.
• VM network includes logical switches called virtual switches.
• Virtual switches function similar to physical Ethernet switches.
• To understand the working of virtual switch with an example, select
here.

Virtual Router
Physical Compute System
• A software-based router that can be installed on a VM or implemented

using a virtual appliance.
• Works like a physical router.
− Virtual router does not exist as a separate box with physical
connections.
• Enables a VM to have the abilities of a router by performing the
network and packet routing functionality of the router via a software
application.

Compute-based SAN
C Client Program
s Server Instance (server program)
Compute-based SAN (Select image to enlarge)
A compute-based storage area network (SAN) is a:
• Software-defined SAN created from direct-attached storage.

− Located locally on the compute systems in a cluster.
− Creates a large block-based storage pool.
• A compute system that requires access to the block storage volumes
runs a client program.
• The compute systems that contribute their local storage to the shared
storage pool within the virtual SAN, run an instance of a server
program.
− Owns the local storage and performs I/O operations as requested

by a client from a compute system within the cluster.

Knowledge Check: Software-Defined Compute, Storage, and Networking
Knowledge Check: Software-Defined Compute,

Storage, and Networking
1. Which of the following statement is correct? Choose all that apply.

a. Compute-based SAN is created from the direct-attached storage
on the compute systems in a cluster.
b. Virtual storage system is an abstraction of physical storage
systems and the network connectivity between them.
c. Software-defined networking integrates control plane with data
plane.
d. A virtual switch is a logical aggregation of physical Ethernet
switches.

Data Protection Process in SDDC
Objectives

→ Understand the key phases of data protection process.
→ Understand the key steps for defining data protection services.
→ Describe orchestration of data protection operations.
→ Explain the integration of components using orchestrator.
Introduction to Data Protection in SDDC
Protection technologies are usually

offered to the users as protection
services through self-service portal
Management Tools
@ API
Controller leverages the protection

technologies that are either natively
Software Controller
built into infrastructure components
or provided by a separate
protection applications
IT Infrastructure
Data protection in SDDC (Select image to enlarge)
• SDDC ensures data availability and protection against data corruption,

hardware failures, and data center disasters.

• Protection technologies such as continuous data protection, image-

based backup, and snapshot are usually offered to the users as
protection services.
− Each service is standardized to meet a specific level of
performance, protection, and availability requirements.
− User may request for a protection service from the self-service
portal and the software controller will fulfill the requests
automatically.
• Software controller leverages the protection technologies that are
either natively built into the underlying IT infrastructure components or
provided by a separate protection application.
− Controls and manages the protection applications, storage, and
operations according to predefined policies.
• The data protection process in an SDDC consists of three key phases.
These are:
− Discovering data protection architecture109

− Defining data protection services110
− Orchestrating data protection operations111
Defining Data Protection Services

Data protection services are defined with the help of following steps:
1. Selecting resources for data protection
109 The software controller performs discovery operation to collect and

store information about the components of data protection architecture
and bring them under its control and management.
110 Data protection services are defined by administrators using the
service catalog.
111 Orchestration of protection operations enables automated coordination
among various infrastructure components to deliver data protection

services.

• An administrator identifies and configures interrelated hardware,

software, and virtual components that will constitute a data
protection service and work together upon deployment of a service.
2. Defining data protection policies
• Based on business requirement, an administrator defines policies

for each service. Policies include the:
− Schedule and performance level of protection operations.

− Data retention period.
− Data availability level.
− Recovery point objective (RPO) and recovery time objective (RTO).
− Type of protection storage.
• Once defined in the service catalog, the data protection services
are automatically created, and the policy settings become the
attributes of the services.

Orchestrating Data Protection Operations
• Orchestration refers to the automated arrangement, coordination, and

management of various system or component-related tasks in an IT
infrastructure to manage IT resources and provide services.
− Tasks are programmatically integrated and sequenced into
orchestration workflows.
• SDDC controller has built-in workflows.
− Orchestration software/orchestrator is used to orchestrate service
delivery and management operation.
• Orchestrator interacts with the SDDC controller through APIs to enable
orchestration based on its workflows.
− Provides an interface for administrators to define new workflows.

Integration of Components using Orchestrator
Component integration is the connection of multiple component-related

tasks which are essential for carrying out resource management and
service delivery into a workflow. The orchestrator provides component
integration capability.
• Users request for services from a service catalog on self-service portal.

The portal interacts with the orchestrator and transfers service
requests.
• Orchestrator interacts with appropriate components to orchestrate
execution of component-related tasks based on pre-defined workflows.
• Components that may be considered for integration are shown in the
image. Select on each integration components for detailed information.
Self-service Portal
User Interaction
between
Components Components
1: It authenticates and authorizes users, which help in verifying user-

credentials when they logon to the portal.
2: These tools automate various management operations in the data

protection environment such as logging service-related issues, notifying
events, monitoring capacity, and approving changes in the infrastructure.

3: It is responsible for controlling and managing infrastructure resources

centrally and provisioning services. A single controller may have capability
to control the entire infrastructure.
• Separate controllers may also be deployed to control compute,

storage, or networking operations.
4: It is a federated database that provides a single view about the

managed resources and services in a data protection environment.
• CMS is updated automatically as changes are made in the

infrastructure. Both the portal and the management tools use data from
the CMS when appropriate.
5: It collects and records the usage of services per user group or

consumer in number of units consumed of a service.
Examples of a service unit are: per GB of storage, per transaction, and per
hour of application usage.
• It also generates billing report112 based on price per unit and number of
units consumed of a service.
112 The billing report is visible to the user through the cloud portal.

Knowledge Check: Data Protection Process in SDDC
Knowledge Check: Data Protection Process in

SDDC
1. Match the following activities with their descriptions:
A. Defining data D Collect and store

protection information about
policies protection components.
B. Orchestrating C Identify and configure

data protection interrelated components
operations that will constitute a data
protection service.
C. Selecting A Define ‘schedule’ and

resources for ‘performance level’ of
data protection protection operations.
D. Discovering B Protection component-

data protection related tasks are
architecture programmatically
integrated and sequenced
into workflows.

Dell PowerFlex
Dell PowerFlex, a software-defined infrastructure, provides a solid

foundation for the customers for their IT infrastructure modernization.
PowerFlex offers a rich out-of-the-box toolset that includes PowerFlex
REST API, Dell Container Storage Modules (CSM) and CSI drivers, and
PowerFlex Ansible modules, that help streamline operations and boost
business agility. It unifies the delivery of block and file storage, and
compute resources in an engineered integrated system while supporting a
wide range of operating environments on a common platform. It supports
multiple container management and hyperscaler environments while
simplifying workload and infrastructure coordination across your on-
premises and cloud assets.
Dell ObjectScale
Dell ObjectScale is the software-defined object storage, designed for S3

and Kubernetes. Capable of scaling to any capacity and connecting sites
with a few simple clicks, ObjectScale serves as your globally accessible
data lake for enterprise workloads such as cloud-native, AI, analytics and
archiving. ObjectScale Replication enables objects to be replicated
anywhere you have an ObjectScale footprint, from the edge to a core data
center.

Exercise: Data Protection in SDDC

• An organization uses its data center to provide email service to its

customers globally.
• A cluster of 20 VMs is used to provide the email service.
• Data center storage infrastructure is controlled and managed by an

SDS controller.
• SDS controller provides a single virtual storage pool for all the VMs
to store email data.
2. Organization’s Requirement:
• Organization wants to use another data center in a separate

geographic region to provide the email service.
• Both data centers must be active.
• Both the data centers must have capability to failover services

automatically in the event of a disaster.
• Organization wants to implement three categories of data

protection policy – ’Gold’, ‘Silver’, and ‘Bronze’.
• Features of ‘Gold’ policy includes CDP and DR protection.
• Features of ‘Silver’ policy includes asynchronous remote replication

and DR protection.
• Features of ‘Bronze’ policy includes periodic local replication.
• Propose a solution that will meet the organization’s requirements.

Solution
• Deploy and connect SDS controllers at both the sites.

• Span the VM cluster across the data centers.
• Configure SDS controllers to support active/active configuration with
automated service failover.
• Create three virtual pools and associate a data protection service
(Gold, Silver, or Bronze) with each of them.

Cloud-Based Data Protection

Cloud-based Data Protection

Cloud Computing Overview
Objectives
• Understand traditional IT vs. cloud computing.

• Review essential cloud characteristics.
• Explore cloud service models.
• Explore cloud deployment models.
What is Cloud Computing
Mobile
Devices
Cloud computing (Select image to enlarge)
• According to the NIST, “Cloud computing is a model for enabling

ubiquitous, convenient, on-demand network access to a shared pool of

configurable computing resources that can be rapidly provisioned and

released with minimal management effort or service provider
interaction.”
• Consumers pay only for the services that they use, either based on a
subscription or based on resource consumption.
To learn more about Cloud Computing, select here.
Traditional IT vs. Cloud Computing
Traditional IT Cloud Computing
IT resources are owned and IT resources are rented as

managed services
Needs considerable time to acquire On-demand resource provisioning

and provision resources and scalability
Lacks ability to support needed Self service provisioning of

business agility resources
IT resources are planned for peak Resource consumption is metered

usage
Underutilized resources Provides business agility and high

utilization
High up-front CAPEX Offers reduced CAPEX
To understand more about the differences between Traditional IT and

Cloud Computing, select here.

Essential Cloud Characteristics
Rapid elasticity is the

capability to quickly scale- Measured service is the process
out and rapidly release used by cloud systems to
resources to quickly scale-in automatically control and optimize
resource use by leveraging a
metering capability
On-demand Broad network access

self service provides capabilities that
enables are available over the
consumers to network and accessed
unilaterally through standard
provision echanisms
computing
capabilities a
needed
Resource pooling combines a

provider s computing resources
to serve multiple consumers
a multi-tenant mode
Cloud Computing Characteristic (Select image to enlarge)
The five essential characteristics or tenets of a cloud (as defined by NIST)

are:
Rapid
elasticity
• Capabilities can be elastically provisioned and released, with

automation these can even be rapidly and automatically scaled
outward and inward, commensurate with demand.
• To the consumer, the capabilities available for provisioning often
appear to be unlimited and can be appropriated in any quantity at any
time.
On-Demand
self-service
• The end user can provision computing capabilities themselves allowing

them to allocate things such as server time and network storage, as
needed automatically without requiring human interaction with each
service provider.

Resource pooling
• The provider’s computing resources are pooled to serve multiple

consumers using a multi-tenant model, with different physical and
virtual resources dynamically assigned and reassigned according to
consumer demand.
• There is a sense of location independence in that the customer
generally has no control or knowledge over the exact location of the
provided resources but may be able to specify location at a higher level
of abstraction (e.g., country, state, or datacenter).
• Examples of resources include storage, processing, memory, and
network bandwidth.
Measured
service
• Cloud systems automatically control and optimize resource use by

leveraging a metering capability at some level of abstraction
appropriate to the type of service (e.g., storage, processing,
bandwidth, and active user accounts).
• Resource usage can be monitored, controlled, and reported, providing
transparency for both the provider and consumer of the utilized
service.
Broad
network
access
• Capabilities are available over the network and accessed through

standard mechanisms that promote use by heterogeneous thin or thick
client platforms (e.g., mobile phones, tablets, laptops, and
workstations).

Cloud Service Offering Examples
I want to back up my files, so

that I can retrieve from
anywhere, anytime.
Secured online backup service

Cloud
On-Demand computing
resources
My organization needs to
grow butcannotspendmuch
tobuynewservers.storage. Tria| on wide variety
Leverage
ofplatform/infrastructure latest
Rent resoun technology
temporaril
Access on-
deman
I need a word
processing application
for a brief period to
prepare my documen
My organization handles ।
My organization wants
to test a software, My organization
before investing on it. can not afford
investment for
seasonal peaks.
To learn more about Cloud Service Offering, select here.
Cloud Service Models
Infrastructure as a Service (IaaS)
laas Examples:
Amazon, EC2, S3
Google Compute Engine
Microsoft Azure
• Provides capability to the consumer to hire infrastructure components

such as servers, storage, and network.

• Enables consumers to deploy and run software, including OS and

applications.
• Pays for infrastructure components usage, for example, storage
capacity, CPU usage, etc.
To learn more about Cloud Service Models and Infrastructure as a

Service, select here.
Platform as a Service (PaaS)
Consumer Resources Application
PaaS Example
AWS Elastic Beanstalk
Google App Engine
Microsoft Azure
Provider's Resources < Force.com
Network
• Capability provided to the consumer to deploy consumer-created or

acquired applications on the provider’s infrastructure.
• Consumer has control over:
− Deployed applications.
− Possible application hosting environment configurations.
• Consumer is billed for platform software components:
− OS, Database, Middleware.

To learn more about the Platform as a Service model, select here.

Software as a Service (SaaS)
• Capability provided to the consumer to use provider’s applications

running in a cloud infrastructure.
Application
SaaS Example
Salesforce.com
Google Apps
Provider's Resources < Microsoft Office 365
Network
• Complete stack including application is provided as a service.

• Application is accessible from various client devices, for example, via a
thin client interface such as a Web browser
• Billing is based on the application usage.
To learn more about Software as a Service, select here.

Cloud Deployment Models
• Cloud deployment models provide basis for how cloud infrastructure is

built, managed, and accessed.
• Each cloud deployment model may be used for any of the cloud
service models: IaaS, PaaS, and SaaS. The different deployment
models present several tradeoffs in terms of control, scale, cost, and
availability of resources.

Public Cloud
Enterprise Q
Enterprise P
| | f
|
I 11 n ,
I
Individual R
IT resources are made available to the public or organizations and are

owned by the cloud service provider.
To learn more about Public Cloud, select here.
Private Cloud

Cloud infrastructure is operated solely for one organization and is not

shared with other organizations. This cloud model offers the greatest level
of security and control.
To learn more about Private Cloud, select here.
Multi Cloud
The multi-cloud approach is taken to meet business demands if no single

cloud model can suit the various requirements and workloads.
Some application workloads run better on one cloud platform while other
workloads achieve higher performance and lower cost on another one.
The wide variety of business requirements result in a need for various

cloud offerings. For example, one might use Amazon EC2 for computing
and Microsoft Azure for data lake storage while leveraging Google Cloud
SQL.
Cost optimization, availability, and performance requirements are other

factors contributing to selection of multiple cloud offerings.
Some organizations also pursue multi-cloud strategies for data

sovereignty or regulatory reasons. Certain laws, regulations and
organization policies require enterprise data to physically reside in certain
locations.

Community Cloud -On-Premise
Enterprise R
i n
One or more participant organizations provide cloud services that are

consumed by the community.
To learn more about On-Premise Community Cloud, select here.

Community Cloud - Externally Hosted
Community Users
Resources Dedicated
for Community
IT resources are hosted on the premises of the external cloud service

provider and not within the premises of any of the participant
organizations.
To learn more about Externally Hosted Community Cloud, select here.

Hybrid Cloud
Enterprise Q
IT resources are consumed from two or more distinct cloud infrastructures

(private, community, or public).
To learn more about Hybrid Cloud, select here.

Cloud Benefits
• Cloud provides the capability to provision IT resources quickly at any

time, thereby considerably reducing the time required to deploy new
applications and services. This enables businesses to reduce the time-
to-market and to respond more quickly to market changes.
To understand more about the benefits of Cloud, select here.

Knowledge Check: Cloud Computing Overview
Knowledge Check: Cloud Computing Overview
A. Community C Cloud infrastructure is

Cloud operated solely for one
organization and is not shared
with other organizations.
B. Hybrid D IT resources are made

Cloud available to the general public
or organizations and are
owned by the cloud service
provider.
C. Private B IT resources are consumed

Cloud from two or more distinct cloud
infrastructures.
D. Public A Cloud infrastructure that is set

Cloud up for the sole use by a group
of organizations with common
goals or requirements.

Objectives
• Identify drivers for cloud-based data protection.

• Identify types of backup service.
• Review restoring data from cloud.
• Review cloud-based replication.
• Understand Disaster Recovery as a Service.
Drivers for Cloud-based Data Protection
Recover data to any

location/devices
Drivers for Cloud-based Data Protection (Select image to enlarge)
• Simplified Management: Configuration, applying the latest patches

and updates, and carrying out upgrades and replacements.
• On-demand self-service provisioning: IT resources can be
provisioned on-demand through service catalog.

• Reduced CAPEX: Enables the organization to hire the IT resources

based on pay per use or subscription pricing.
• Flexible Scalability: Provides the capability to scale-in or scale-out
the resources as per the requirement.
• Recover data to any location/devices: Enables the organization to
recover the data from any place to any device.
To learn more about Cloud-based Data Protection, select here.
Backup as a Service
• Enables consumers to procure backup services on-demand.

• Reduces the backup management overhead.
• Backing up to cloud ensures regular and automated backup of data.
• Gives the consumers the flexibility to select a backup technology
based on their current requirements.
To learn more about Backup as a Service, click here.

Types of Backup Services
The three common backup service deployment options that cloud service
providers offer to their consumers are:
• Local Backup Service (Managed backup service).

• Remote Backup Service.
• Replicated Backup Service.

Local Backup Service (Managed Backup Service)
• Suitable when a cloud service provider already hosts consumer

applications and data.
• Service is offered by the provider to protect consumer’s data.
• Managed by the service provider.
Remote Backup Service
Backup data
is sent to the
cloud
. r~llOn ,
I I
Agent is running on Consumer
thebackupclienton
Organization
consumer'slocation

• Service provider receives data from consumers.

• Managed by the service provider.
To learn more about Remote Backup Service, select here.
Replicated Backup Service
Backup data
is replicated to the
cloud
Agent is running on
thebackupclienton Consumer
consumer'slocation Organization
• Service provider only manage data replication and IT infrastructure at

disaster recovery sites.
• Local backups are managed by consumers.

Cloud to Cloud Backup
Consumer organization
accesses cloud-hosted
applications (SaaS-based Backup data to the
application) third party cloud
This service provider is
backing up data from the
location of service
provider 1 to their data
center
Consumer
Organization
Allows consumers to backup cloud-hosted applications (SaaS) data to

other cloud.
To read about an example of Cloud to Cloud Backup, select here.

Restoring Data from the Cloud
Web Based Restore
Disasters sometimes | I User restoring

happen at the the data from
consumer production the cloud
Data Center
Organization's Data Center
Web-based Restore (Select image to enlarge)
• Requested data is gathered and sent to the server, running cloud

backup agent.
• Received data is in an encrypted form. The agent software on the
server decrypts the files and restores it on the server.
• Considered if sufficient bandwidth is available to download large
amounts of data or if the restore data is small in size.

Media Based Restore
I I
Organization's
Data Center
Media-based Restore (Select image to enlarge)
• If a large amount of data needs to be restored and sufficient bandwidth

is not available, then the consumer may request the service provider
for data restoration using backup media such as DVD or disk drives.
• Service provider gathers the data to restore, stores data to a set of
backup media, and ships it to the consumer for a fee.

Use case: ROBO Backup in the Cloud
Challenges associated with ROBO backup:
non
| | | |
Backup to Backup to
cloud cloud
Remote Remote
Office 1 Office 2
Cloud Service Provider
Backup to
cloud
|I |
Remote
Office 3
• Lack of qualified IT staff with backup skills.

• Less IT infrastructure to manage the backup copies.
• Huge volume of redundant content.
• Silos of data repository leads to security threat.
• High cost to manage backup across remote offices.
ROBO Backup in cloud:
• Cloud backup services deploy disk-based backup solutions along with

source-based deduplication to eliminate the challenges associated with
centrally backing up remote-office data.
• Performing backup to the cloud, reduces the cost of managing the
organization’s ROBO backup environment.

Replication to the Cloud
• Replicating application data and VM to the cloud enables organization

to restart the application from the cloud.
• Replication to the cloud can be performed using compute-based,
network-based, or storage-based replication techniques.
To learn more about Replication to Cloud, select here.
Disaster Recovery as a Service
VM instances are not

running (standby)
Consumer Production Data Center
DRaaS (Select image to enlarge)
• Service provider offers resources to enable consumers to run their IT

services in the event of a disaster.
To know more about Disaster Recovery as a Service, select here.

Disaster Recovery as a Service: Disaster Scenario
VM instances are invoked
Consumer Production Data Center
DRaaS - Disaster Scenario (Select image to enlarge)
In the event of a business disruption or disaster, the business operations

will failover to the provider’s infrastructure as shown in the image.
To learn more about Disaster Recovery as a Service, select here.

Knowledge Check: Cloud-Based Data Protection
Knowledge Check: Cloud-Based Data Protection
Carefully study the given image.
Backup data is sent to the

cloud for DR purpose
Backup is performed in
consumer's location Consumer Organization
1. Which backup service deployment is shown in the above image?

a. Managed Backup Service
b. Replication Backup Service
c. Remote Backup Service
d. Cloud-to-cloud Backup Service

Cloud-Based Data Archiving
Objectives
• Understand drivers for cloud-based data archiving.

• Review cloud-based archiving options.
• Review cloud-based storage tiering.
• Understand Data migration to cloud.
• Explore cloud-to-cloud data migration.
• Study cloud gateway appliance.
Drivers for Cloud-based Data Archiving
Cloud-based Data Archiving is a process in which inactive data is moved

and stored in a cloud for long-term retention and adhering to regulatory
and compliance requirements.
Cloud-based Data Archiving:
• Provides capital cost saving and agility.

• Reduces the complexity of managing archiving infrastructure.
• Services are accessed in a self-service manner.
• Solutions are highly scalable and available on demand as a service.
• Accessible from worldwide location, by using any device.

Cloud-based Archiving Options
Cloud-only Archiving
Archive server
determines which data
needs to be archived
Email Servers based on policies Cloud Archive Storage
Archive Server Non-critical data on the

(Policy Engine) primary storage system is
moved to the public cloud
Archive Data
File Server
Public Cloud
Critical data on the primary

storage system is moved to the
private cloud
Primary Archive
Storage Storage Active Data
System System
Critical Data
Organization's Private Cloud Inactive Data
Cloud-only Archiving (Select image to enlarge)
• Archives critical data to the on-premise archiving infrastructure and

archives non-critical data to the cloud archiving infrastructure.
• Allows organizations to distribute the archiving workload and allows to
make use of public cloud for rapid resource provisioning.

Hybrid Archiving
Cloud Archive
Storage
Archive server determines
which data needs to be
archived based on policies
Email Servers
Archive Server (Policy

Engine)
! Archive Data
Network WAN
File Server Cloud
Inactive data (both critical and

non-critical) on the primary
storage system is moved to
cloud-based archive storage
Primary Storage System
Active Data
Inactive Data
Hybrid Archiving (Select image to enlarge)
• Organization’s inactive data (both critical and non-critical) that meets

the organization’s archiving policies is archived to the cloud.
− IaaS - Archiving server on its data center and the archiving storage
will reside on the cloud.
− SaaS - Both the archiving server and the archiving storage reside
on cloud infrastructure.

Cloud-based Storage-Tiering
Cloud-based Tiering (Select image to enlarge)
Establishes a hierarchy of different storage types (tiers) including cloud

storage as one of the tiers.
To learn more about Cloud Based Storage-tiering, select here.
Data Migration to the Cloud
Backup
Application Data Migration
Application
Servers
=1 Cloud
Archive Server
Moves data from an

organization's data center to
the cloud
Archive
Storage
Clients Primary
Storage
Data Migration to Cloud (Select image to enlarge)

• Process of moving data from an organization’s data center to the

cloud.
• A replication technique is used to create remote point-in-time copies in
the cloud. The migration is application and OS independent.
Cloud-to-cloud Data Migration
Cloud-to-Cloud Data Migration (Select image to enlarge)
• An organization may decide to migrate from one cloud provider to

another when it identifies that the cloud service provider is not able to
meet the SLAs, not adhering to security best practices, not meeting
acceptable performance, or not able to fulfill its future requirements.
• Since different cloud vendors may have different protocols and
architecture, data migration between clouds requires integration tools
that will migrate the data from one cloud to another.
• Cloud integration tool should provide features such as simplicity,
flexibility, interoperability, data portability, data integrity, security,
reliability, and ease of management.

Cloud Gateway Appliance
•Performs protocol conversion to send

•Encrypts the data before it transmits to th<
data directly to the cloud storage cloud storage
•Resides in the data center and
presents file and block-based storage •Supports automated storage tiering
interfaces to applications capability
Supports deduplication and Provides a local cache to reduce latency

compression
Application Servers
Cloud Gateway
Block Based Appliance
REST
Interface
Data Center
Cloud Gateway Appliance Deployment (Select image to enlarge)
• Performs protocol conversion to send data directly to the cloud

storage.
• Resides in the data center and presents file and block-based storage
interfaces to applications.
• Supports deduplication and compression.
• Encrypts the data before it transmits to the cloud storage.
• Supports automated storage tiering capability.
• Provides a local cache to reduce latency.
To learn more about Cloud Gateway Appliance, select here.

Knowledge Check: Cloud-Based Data Archiving
Knowledge Check: Cloud-Based Data Archiving
1. Which archiving method is most suitable and cost effective for a large
organization having both sensitive data and non-sensitive data?
a. Cloud-only Archiving
b. Hybrid Archiving
c. In-house Archiving

Dell APEX Backup Services
Dell APEX Backup Services delivers high performance and secure

backup, long-term retention, and automated compliance. Through a single
console, customers have complete visibility and a consistent management
experience across SaaS applications, endpoints, and hybrid workloads.
Dell APEX Backup Services offers infinite, on-demand scalability and
ensures predictable and controllable costs. Dell APEX Backup Services
offers unique features including:
• Centralized monitoring and management

• Automated, no touch feature updates
• Regulatory compliance
• Source-side deduplication
• Encryption in-flight and at rest
• Cloud-to-cloud backup and restore

Exercise: Cloud-based Data Protection

A product-based company
• Uses its own IT resources.
• Has multiple remote offices/branch offices (ROBO) across the

globe.
• Plans to build the cloud infrastructure using existing IT

infrastructure components.
• Has heterogeneous infrastructure components.
• Does not have remote site for DR purpose.
• Performs archiving within its data center.
• Exposes the business to the risk of losing data at ROBO sites.
− Lack of qualified IT staff with backup skills.

− Less IT infrastructure to manage the backup copies.
• Does not have adequate resources to manage peak workload that
occurs from time to time.
• Does not want to build and manage its own DR site due to budget
constraint.
• Increases the complexity and cost while managing the huge volume
of inactive data within its data center.
• To protect data at remote sites using OPEX cost model.

• To manage the peak workload that occurs from time to time.
• To protect the data at DR site without involving CAPEX.
• To reduce the complexity and cost in managing archived data.

requirements.
Solution
• Implement ROBO cloud backup solution to back up data to a

centralized location (cloud).
− Provides an effective solution to address the data backup and
recovery challenges of remote and branch offices.
• Deploy Hybrid Cloud model to accommodate the peak workload that
may occur from time to time.
• Adopt Disaster Recovery-as-a-Service (DRaaS) in cloud which
reduces the need for data center space and IT infrastructure and
eliminates the need for upfront capital expenditure.
• Implement Cloud-based archiving to reduce the complexity of
managing archiving infrastructure which enables capital cost savings.

Protecting Big Data and Mobile Device Data

Protecting Big Data and Mobile Device Data

Big Data Overview
Big Data Overview
Big Data Overview
Objectives
• Explore the characteristics of Big Data.

• Review Big Data analytics.
• Understand Hadoop File System (HDFS).
• Learn about data lake.
• Examine some Big Data analytics use cases.
What is Big Data?
• Big Data represents the information assets whose high volume, high
velocity, and high variety require the use of new technical architectures
and analytical methods to gain insights and derive business value.
• The definition of Big Data has three principal aspects. Select each tab
to know more about the principal aspects of Big Data.
Characteristic of Data
• Apart from its considerable size (volume), the data is generated rapidly
(velocity) and is highly complex as it comes from diverse sources
(variety). Nearly 80-90 percent of the data getting generated is
unstructured data.
Data Processing Needs
Big Data exceeds the storage and processing capability of conventional IT

infrastructure and software systems such as:

Big Data Overview
• Highly-scalable architecture for efficient storage and new and

innovative technologies and methods for programming and processing
to realize business benefits.
• Use of platforms such as distributed processing, massively-parallel
processing, machine learning, and so on.
• New analytical and IT skills required along with business and domain
knowledge in a complex data-centric business environment.
Business Value
• Big Data has tremendous business importance to organizations and

even to the advancement on society.
• Proper analysis of big data will help to make better business decisions
and add value to business.
• Big Data analytics has many applications spanning numerous industry
sectors and scientific fields.
Characteristics of Big Data
In 2001, Gartner analyst Douglas Laney specified volume, velocity, and

variety as the three dimensions of the challenges associated with data
management. These dimensions— popularly known as “the 3Vs"—are
now widely accepted in the industry as the three primary characteristics of
Big Data. In addition to the 3Vs, there are three other characteristics
identified by the industry namely variability, veracity, and value.
Volume
• “Big” in Big Data refers to the massive volumes of data.

• Growth in data of all types such as transaction-based data stored over
the years, sensor data, and unstructured data streaming in from social
media.
• Growth in data is reaching Petabyte—and even Exabyte—scales.
• Requires substantial cost-effective storage, but also gives rise to
challenges in data analysis.

Big Data Overview
Velocity
• Refers to the rate at which data is produced and changes, and how
fast the data must be processed to meet business requirements.
• Real-time or near real-time analysis of the data is a challenge for many
organizations.
− For example: real-time face recognition for screening passengers at

airports.
Variety
• Variety (also termed as “complexity”) refers to the diversity in the

formats and types of data.
• Data is generated by numerous sources in various structured and
unstructured forms. New insights are found when these various data
types are correlated and analyzed.
• Pertains to challenge of managing, merging, and analyzing different
varieties of data in a cost-effective manner.
• The combination of data from a variety of data sources and in a variety
of formats is a key requirement in Big Data analytics.
− For example: Combining a large number of changing records of a

particular patient with various published medical research to find
the best treatment.
Variability
• Variability (unlike variety) refers to the constantly changing meaning of

data, particularly when data collection and analysis involve Natural
Language Processing.
− For example, natural language search and analyzing social media

posts require interpretation of complex and highly-variable
grammar. The inconsistency in the meaning of data gives rise to
challenges related to gathering the data and in interpreting its
context.

Big Data Overview
Veracity
• Refers to the reliability and accuracy of data. Accuracy of analysis

depends on the veracity of the source data.
• Establishing trust in Big Data presents a major challenge because as
the variety and number of sources grow, the likelihood of noise and
errors in the data increases.
• Significant effort goes into cleaning data to remove noise and errors,
and to produce accurate data sets before analysis can begin.
− For example, a retail organization may have gathered customer

behavior data from across systems to analyze product purchase
patterns and predict the purchase intent.
Value
• Refers to both the cost-effectiveness and the business value derived

from the use of Big Data analytics technology.
• Many organizations have maintained large data repositories such as
data warehouses, managed non-structured data, and carried out real-
time data analytics for many years.

Big Data Overview
Why Big Data Analytics?
Business Driver Examples
Desire to optimize business Sales, pricing, profitability,

operations efficiency
Desire to identify business risk Loss of customer, fraud, default
Predict promising new business Upsell, cross-sell, best new

opportunities customer prospects
Comply with laws or regulatory Anti-money laundering, Fair

requirements lending, Basel II-III, Sarbanes-
Oxley (SOX)
To learn more about Big Data Analytics, select here.
Big Data Analytics
Process of examining data to determine a useful piece of information or

insight. The primary goal of Big Data Analytics is to help organizations
improve business decisions.
Storage
• Distributed architecture (HDFS).

• Non-relational, unstructured content.
MapReduce
• Distributes (parallel) computation over many servers.

• Batch processing model.

Big Data Overview
Query
• Efficient way to process, store and retrieve data.

• Platform for user-friendly analytics systems.
To learn more about SMAQ Stack, select here.
Hadoop Distributed File System (HDFS)
HDFS is a distributed file system that provides access to data across

nodes – collectively called a “Hadoop Clusters”. HDFS architecture has
two key components:
Hadoop Distributed File System (HDFS) architecture
• Name Node:
− Acts as a Primary server and has in-memory maps of every file, file
locations, as well as all the blocks within the file and the Data
Nodes to which they reside on.
− Responsible for managing FS namespace and controlling the
access of files by the clients.
• Data Node:

Big Data Overview
− Acts as secondary that serves R/W requests as well as performs

block creation, deletion, and replication.
Data Lake – Repository for Big Data
Evolution of an Enterprise Data Warehouse (EDW) into an active

repository for structured, semi-structured, and unstructured data.
Data is classified, organized, or analyzed only when it is accessed.
Ingest
Repository for Big Data
Big Data Analytics Use Cases
Use Cases Description
Healthcare • Analyze consolidated diagnostic information.

• Monitor patients in real-time.
• Improve patient care and services.
Finance • Analyze purchase history and create customer

profiles.
• Improve sales promotions.
• Enable fraud detection.

Big Data Overview
Retail • Analyze historical transactions, pricing, and

customer behavior.
• Optimize pricing, anticipate demand, improve
marketing, and inventory management.
Government • Manage and use Big Data in social services,

education, defense, crime prevention, finance,
and so on.
• Improve the existing processes and enable the
new ventures.

Knowledge Check: Big Data Overview
Knowledge Check: Big Data Overview
1. Which is responsible for managing FS namespace and controlling

accessing of files by clients in an HDFS environment?
a. Data Node
b. Secondary Node
c. Name Node
d. Database Node

Protecting Big Data
Protecting Big Data
Protecting Big Data
Objectives
• Understand Big Data protection challenges.

• Examine key data protection solutions for data lake.
• Explore Big Data as a Service.
• Review data protection optimization method.
Big Data Protection Challenges
Protecting a big data environment requires new strategies about how to

use the existing tools and adopting new technologies that help in
protecting the data more efficiently.
• Need to protect massive volumes of data which exceeds the

capabilities of traditional data protection solutions.
• Hard to determine what data needs to be protected.
• More data may affect the service level agreements.
• Requires seamless integration of data repository (data lake) with data
protection software.
• Difficult to protect the data within budget.
To learn more about Big Data Protection Challenges, select here.

Protecting Big Data
Data Lake – Repository for Big Data
Sources
Repository for Big Data
• Evolution of an Enterprise Data Warehouse (EDW) into an active

repository for structured, semi-structured, and unstructured data.
• Data is classified, organized, or analyzed only when it is accessed.
To learn more about Data Lake as a Repository for Big Data, select here.

Protecting Big Data
Key Data Protection Solutions for Data Lake
Backup and Deduplication
Backup Data
Backup
Device
Backup of a Snapshot
Backup of a Snapshot created in a Scale-out NAS using NDMP.
• HDFS data lake is created in a scale-out NAS.

• Snapshot is created for the data to be protected and is backed up
using NDMP.
• Snapshot data can be backed up to a backup device – scale-out NAS,
and scale-out object storage.

Protecting Big Data
Replication
Replication of a snapshot
• Snapshot is created for the data to be protected.

• Snapshot data can be replicated to another scale-out NAS within a
data center or across data centers.
• Data can be synchronously or asynchronously replicated across data
centers.
Mirroring and Erasure Coding
Data Mirroring Parity Protection(Erasure Coding)
Data is mirrored to Method to protect striped data from disk drive

multiple nodes. failure or node failure.
If the cluster is setup Data is fragmented and encoded with parity

for 3X mirroring, the data and stored across a set of different
original file will be locations (drives and nodes).
stored along with two
copies of the file in
various locations within
the cluster.

Protecting Big Data
Requires more storage Supports higher levels of protection than

space. RAID.
Provides good space efficiency compared to
mirroring.
To learn more about Data Mirroring and Parity Protection, select here.
Big Data as a Service
Service provider offers resources to enable the consumers to run big data
analytics workload in the cloud
Big Data - Infrastructure as a Service
• Typically, the service provider offers infrastructure (Compute as a

Service, Storage as a Service) to store and process the huge volume
of data.
Big Data - Platform as a Service
• Allows the consumers to analyze and build analytics applications on

top of huge volume of data. The service provider offers platform
(database, Hadoop) and cloud infrastructure to run or build analytics
applications.
Big Data - Software as a Service (Analytics)
• Consumers interact with an analytics application on a higher

abstraction level; that is, they would typically execute scripts and
queries or generate reports.
• Service provider offers the complete stack including infrastructure to
host data lake for big data, platform software, and big data analytics
application.

Protecting Big Data
Data Protection Optimization Method
Data Protection Description

Optimization
Method
Incremental • Copies the data that has changed since the

backup last backup, that enables to backup of lesser
files daily.
• Allows for shorter backup windows.
Deduplication • Allows to store only unique data on data

protection storage.
• Reduces the backup window.
• Eliminates redundant data that can
significantly shrink storage requirements and
reduce bandwidth requirements.
Compression • Reduces the storage capacity requirement for

backup and replication.
• Compression rate depends on the type of data
being compressed.

Knowledge Check: Protecting Big Data
Knowledge Check: Protecting Big Data
1. Which native utility is built into HDFS to backup and restore data from
the data lake to a backup device?
a. HDFS Mirroring
b. Hadoop Distributed Copy
c. Erasure Coding
d. Hadoop Data Copy

Protecting Mobile Devices
Objectives
• Identify challenges in protecting mobile device data.

• Understand mobile device backup.
• Explore the File sync-and-share application.
• Review mobile cloud computing.
• Understand cloud-based mobile device data protection.
Mobile Device Overview
Data Center Mobile Devices
Mobile device compute system
A compute system that is portable and typically a handheld device with a

display and has either a keyboard and/or touch input.

• Enables users to access applications and information from their

personal devices from any location.
• Increases collaboration and enhances workforce productivity.
To learn more about Mobile Devices, select here.
Key Challenges in Protecting Mobile Device Data
• Data is protected (backed up) only when the mobile device is online.
• Data protection from mobile device to data center is impacted due to
intermittent network connectivity.
• Devices are not always connected to the corporate network, so it
connects over the Internet, which may rise to a security threat.
• Data protection software must support the mobile device OS.
• Network bandwidth limitations.
• Security features on the mobile devices restrict the access of the data
stored on the device.
To learn more about Challenges in Protecting Mobile Device Data, select

here.

Mobile Device Backup
Mobile Backup
Clients
Enterprise Data
Center
Backup client application on enterprise data center
• Requires installing backup client application (agent) on the mobile

devices.
− Backs up the data to the enterprise data center.
• Data can be backed up manually or automatically from mobile devices.
• Deduplication, compression, encryption, and incremental backup can
be implemented for performing mobile device backup.
− Provides network and backup storage optimization, and security.

To read about Mobile Device Backup, select here.

File Sync-and-Share Application
Mobile Devices
Files are backed up from

File Storage
File Storage
Two-way synchronization between the device and a designated network location
• Automatically establishes two-way synchronization between the device

and a designated network location (enterprise data center).
• Files are backed up from the remote storage instead of the mobile
devices.
• Improves productivity by allowing users to access data from any
device, anywhere, at any time.
To learn more about File Sync-and-Share Applications, select here.

Mobile Cloud Computing
Mobile Devices
Compute processing and storage from the mobile device in the cloud
• Compute processing and storage are moved away from the mobile
device and takes place in a computing platform located in the cloud.
• Applications running in the cloud are accessed over wireless
connection using a thin client application/web browser on the mobile
devices.
• Cloud services accessed over mobile devices.
− SaaS examples: Cloud storage, travel and expense management,

and CRM.

Cloud-based Mobile Device Data Protection
Backup client application from the mobile device to the cloud
• Backup client application (agent) that is installed on the device enables

access to perform backup to the cloud.
− Typically backs up only the changed blocks to the cloud storage.
• Some mobile applications have built-in backup feature that backs up
the data to the cloud.
• Most of the cloud backup solutions available today offer a self-service
portal that allows users to recover data without manual intervention.
To learn more about Mobile Devices, select here.

Benefits of Cloud-based Backup for Mobile Devices
Comprehensive business continuity

and accessibility
• Establishing a common repository of data that is used by the entire

organization leads to comprehensive business continuity and
protection against data loss across the organization.
• Ideal for larger businesses or multiple branch offices working together
over geographically dispersed environments.
• Backup solutions that span multiple types of devices (from servers to
PCs to mobile devices) will serve the organization well to provide
business continuity and reduce backup and data sharing complexities.
Lower
capital cost
• Depending on the level of adoption, a cloud-based backup service

allows the customer to reduce, if not eliminate, the need for capital on
storage capacity (disk, tape, and/or other removable media) associated
with backup processes.
• With a subscription-based pricing model, the cost associated with
backup becomes a more predictable operational expenditure.
Reduced
management complexity
• The limited IT staff is not overwhelmed because cloud-based backup

can reduce or eliminate cumbersome management procedures that
must be manually monitored and maintained.

Increased
backup consistency
• Cloud-based backup easily institutes policies that govern backup

processes and access control.
• Establishing particular levels of service can be well defined through
service-level agreements (SLAs).

Knowledge Check: Protecting Mobile Devices
Knowledge Check: Protecting Mobile Devices
1. What is a key benefit of the file sync-and-share application?

a. Offers a self-service portal that allows users to recover data
without manual intervention.
b. Improves the productivity by allowing users to access data from
any device, anywhere, at any time.
c. Moves compute processing and storage from the mobile device
and takes place in a computing platform located in the cloud.
d. Recovers the corrupted data from a copy that is stored in the
cloud.

Exercise: Data Protection in Big Data and Mobile Device Environment
Exercise: Data Protection in Big Data and Mobile

Device Environment
Exercise: Data Protection in Big Data and Mobile Device

Environment
An organization runs business applications and internal applications

across data centers.
• Plans to implement big data analytics for their business along with
necessary data protection solutions.
• Provides mobile banking applications to its customers

and employees.
− Business critical data resides in mobile devices.

− Supports BYOD (Bring Your Own Device).
• Currently, it does not have infrastructure to support big

data analytics and its protection.
− They do not have budget to implement infrastructure.

• Lack of IT professionals to manage the big data analytics
infrastructure.
• Facing challenges in sharing the documents among employees that

impacts the collaborative work culture.
• Mobile device theft causes critical data loss.
• Need a solution to implement big data analytics but looking for

OPEX cost model.

• Need a solution to effectively share the documents among

employees to improve the collaborative work.
• Need a solution to effectively protect the data on mobile devices.
Propose a solution that will meet the organization’s requirements.
Solution
• Adopt cloud-based big data analytics solutions:

− No CAPEX.
− Data can be protected in the cloud itself.
• Deploy file sync-and-share application that improves collaborative
work.
− Improves productivity by allowing employees to access and share
documents (files) from any device, anywhere, at any time.
• Backs up the data from mobile devices to organization’s data center or
to the cloud for protecting the mobile device data.

Securing the Data Protection Environment

Securing the Data Protection Environment

Overview of Data Security
Objectives

→ Understand the key drivers for data security.
→ Define various key security terminologies.
→ Understand the concepts of governance, risk and compliance.
Introduction to Data Security
Data Protection Services

Orchestration
Discovery
Data Protection Management
Interaction
Backup
«=
Hypervisor
Applications
Replication
Applications
Interaction
Archiving
Applications
Business Applications Protection Applications

Primary Storage
Data Source Protection Application and Storage
Data protection management system in an organization
Data is an organizations most valuable asset. Organizations data:
• Includes intellectual property, personal identities, and financial

transactions.

• Requires protection against the events such as component failures,

disaster, and security attacks.
• Requires protection from unauthorized access, unauthorized
modification, and unauthorized deletion.
Data security includes a set of practices that protect data and information
systems from unauthorized disclosure, access, use, destruction, deletion,
modification, and disruption.
• Involves implementing various kinds of safeguards or controls to

lessen the risk of an exploitation or a vulnerability in the information
system.
• Deploys various tools within their infrastructure to protect the asset
such as compute, storage, and network.
Drivers for Data Security
• The two key drivers for organization’s data security are Confidentiality,
Integrity, and Availability (CIA); and Governance, Risk, and
Compliance (GRC) requirements.
• Enables organizations to • Enables the organizations to

provide right privileges and develop the policies and
access to the right users at the procedures and enforce them
right time. to minimize potential risks.

Governance, Risk and Compliance
Governance
Business strategy driven the by board of directors
Governance determines the purpose, strategy, and operational rules by

which companies are directed and managed.
• Based on the company’s business strategy and driven by the Board of

Directors.
− Business strategy includes legal, HR, finance, and the office of the
CEO.
• IT governance main objective is to determine the results to achieve the
IT's strategic goals.
− Leaders monitor, evaluate, and direct IT management to ensure IT
effectiveness, accountability, and compliance.
• Roles and responsibilities must be clearly defined such as:
− Who is responsible for directing, controlling, and executing
decisions?
− What information is required to make the decisions.

− How exceptions will be handled.

• Defines policy that determines whether the data should be protected
either on-premise or on the cloud.
Risk
• A systematic process of assessing its assets, placing a realistic

valuation on each asset, and creating a risk profile that is rationalized
for each information asset across the business.
− Involves identification, assessment, and prioritization of risks.
• There are four key steps of risk management that an organization must
perform before offering resources or services to the users.
Steps Description
Risk • Identifies source of threats that give rise to risk.

Identification • Should be performed before building an IT
infrastructure.
Risk • Determines the likelihood of a risk.

Assessment • Helps to identify appropriate controls.
Risk Mitigation • Involves planning and deploying security

mechanisms.
• Helps mitigate risks/minimize impact.
Monitoring • Involves continuous observation of existing risks.

• Ensures proper control of security mechanisms.
To learn more about risk management steps, select here.

Compliance
Types of Compliance
Types of compliance
• An act of adhering to, and demonstrating adherence to, external laws

and regulations as well as to corporate policies and procedures.
• There are primarily two types of policies controlling IT operations in an
enterprise that require compliance: internal policy compliance and
external policy compliance.
• Compliance management activities include:
− Periodic reviews of compliance enforcement.

− Identifying deviations and initiating corrective actions.
To learn more about compliance, select here.

Authentication, Authorization, and Auditing
1:
• A process to ensure that users or assets are who they claim to be by

verifying their identity credentials.
• A user may be authenticated by a single-factor113 or multi-factor114
method.
2:
• A process of determining whether and in which manner, a user, device,

application, or process is allowed to access only the particular service
or resource.
− For example, a user with administrator’s privileges is authorized115

to access more services or resources compared to a user with non-
administrator (for example, read-only) privileges.
113 Involves the use of only one factor such as a password.

114 Uses more than one factor to authenticate a user.
115 Authorization should be performed only if authentication is successful.

3:
• Refers to the logging of all transactions for the purpose of assessing

the effectiveness of security mechanisms.
• Helps to validate the behavior of the infrastructure components, and to
perform forensics, debugging, and monitoring activities.
Authentication, Authorization, and Auditing processes support the

objectives of IT security implementation to implement effective CIA and
GRC.
Vulnerabilities
Three factors for security considerations
1:
• Refers to the various entry points that an attacker can use to launch an
attack, which include people, process, and technology.
• For example, each component of a storage infrastructure is a source of
potential vulnerability.

− An attacker can use all the external interfaces116 supported by that

component, such as the hardware and the management interfaces,
to execute various attacks.
• Unused network services, if enabled, can become a part of the attack
surface.
2:
• A step or a series of steps necessary to complete an attack.
− For example, an attacker might exploit a bug in the management

interface to execute a snoop attack.
3:
• Refers to the amount of time and effort required to exploit an attack

vector.
• A weakness of any information system that an attacker exploits to

carry out an attack.
− Components that provide a path enabling access to information are
vulnerable to potential attacks.
• Vulnerabilities give rise to threats which are the potential attacks that
can be carried out on an IT infrastructure.
• Three factors that needs to be consider when assessing the extent to
which an environment is vulnerable to security threats are:
− Attack Surface
− Attack Vector
− Work Factor
• Organizations can deploy specific security controls at reducing
vulnerabilities by:
116 Forms the attack surface for the attacker.

− Minimize the attack surface

− Maximize the work factor
Defense-in-depth
Multiple layers of defense strategies
A multilayered security mechanism in which multiple layers of defense

strategies are deployed throughout the infrastructure to help mitigate the
risk of security threats if one layer of the defense is compromised.
• Defense-in-depth increases the barrier to exploitation.
− An attacker must breach each layer of defense to be successful.

− Provides additional time to detect and respond to an attack.
o Reduces the scope of a security breach.

Knowledge Check: Overview of Data Security
Knowledge Check: Overview of Data Security
A. Authentication B Logging of all transactions

for assessing the
effectiveness of security
mechanisms.
B. Auditing C Demonstrating adherence to

external laws and regulations
as well as to policies and
procedures.
C. Compliance D Determines the purpose,

strategy, and operational
rules by which companies
are directed and managed.
D. Governance A Process to ensure that users

or assets verify their identity
credentials.

Security Threats in Data Protection Environment
Objectives
The objective of the topic is to:

→ Explain various security threats in data protection environment.
Introduction to Security Threats
Modification of system
configuration by unauthorized
access to management
Data Security and Management application
Data Protection Services

Orchestration
Discovery
Data Protection Management

Unauthorized modification or Restore data to unauthorized
deletion of data through destinationviaprotection
application, file system, or application
database Interaction Interaction
App1
Applications
Replication
App2 Applications
Interaction Archiving
*ppi
Applications
Business Applications Protection Applications

Primary Storage Protection Storage
Data Source Protection Application and Storage
Security threats in data protection environment
The threats in the data protection environment may exist at data source,
protection application and protection storage, and data management
domain.
• Security threats at data source involves unauthorized access to

primary storage, business application, and hypervisor that impact CIA.

− Threat includes gaining access to primary storage through

application, file system, or a database interface, and modifying or
deleting the files residing on primary storage.
• Security threats to protection application includes unauthorized
access to protection applications such as backup, replication, and
archiving.
− Also includes security threats to protection storage which could be
on-premise or in the cloud.
− Major threat is that an attacker may gain access to the backup
application, and the attacker can recover the data to an
unauthorized destination.
• Security threats in management domain involves unauthorized
access to management application which can enable an attacker to
carry out the attack by modifying the system configurations.
Threats to Data Source
Email An attacker is elevating the user Primary Storage

Application OLTP privileges or spoofing identity to System A
gain access to the application
and modify or delete the data
Itlil
•■•I
Util
Compute
System A SAN
Database Multimedia
Application Application
An attacker may gain
unauthorized access to
application by bypassing access
control
Hill
ill
*r
Primary Storage
System B
An attacker installs a rogue
An attacker can access business hypervisor to takecontrolof
application by using stolen computesystem
mobile devices
An attacker gaining unauthorized access to the organization’s application, data, or

primary storage
• Data source can be a business application, a hypervisor, or a primary

storage.
• An attacker may gain unauthorized access to the organization’s
application, data, or primary storage by various ways such as:

− Bypassing the access control, operating system, or application.

− Exploiting a vulnerability in the hypervisor.
o Failure of hypervisor may expose user’s data to other users.
o Hyperjacking is an example of this type of attack in which the
attacker installs a rogue hypervisor that takes control of the
compute system.
− Elevating the privileges, spoofing identity, and device theft.
For detailed information about threats to data source, select here.
Threats to Protection Applications
An attacker exploits the vulnerability and attacking to the backup and replication
application
The protection applications are responsible for creating backups and

replicas to ensure business continuity.
• Security threats can negatively impact the confidentiality, integrity, and

availability of data.
− Therefore, it is important to identify the threats that are posed to the
protection application.

• The image shows the backup and replication environment. In this

environment, an attacker may:
− Spoof the administrator’s identity and take control of the backup
and replication application to carry out the attack.
− Exploit the vulnerabilities of the backup and replication application
to carry out the attack.
• Some of the control mechanisms that can reduce the security threats
are:
− Identity and access management

− Installing security updates (patches) of the backup and replication
applications.
Threats to Protection Storage
An attacker is gaining
Primary Cloud access to user data
Storage Protection
Storage
Backup Agent
Media theft while shipping

Compute Backup to Cloud backup media to the DR
site
System A
Backup
Agent
Shipping media to DR site
Compute
Backup Device
System B (Protection
Storage)
An attacker is stealing the
Protection physical media by gaining
Storage access to protection storage
An attacker is stealing the
physical media by gaining
Backup access to protection storage
Server/Storage Node
An attacker gaining unauthorized access to the protection storage system
The protection storage is exposed to various kinds of threats in both the

backup and the replication environment.
• In replication environment the protection storage may be a block-

based, file-based, or object-based storage. In this environment an
attacker may:

− Gain unauthorized access to the protection storage system and

steal the physical media to carry out an attack.
− Steal backup media either from the backup storage or while
transporting to the DR site as shown in the image.
• Many organizations backup their data to the cloud. In such
environment an attacker may:
− Compromise cloud storage and gain unauthorized access to an

organization’s data.
− Spoof the DR site identity to copy the backup data to an
unauthorized protection storage.
To know how control mechanisms can help in reducing the risks caused
due to threats, select here.

Threats to Management Applications
Storage Storage
System System
Attacker may gain unauthorized access to A
managementapplicationtoperform B
unauthonzedresourceprovisioning.
VSAN
Management
Applications Compute System A Compute System B
VLAN
Management VLAN
An attacker gaining access to management application
The management application provides visibility and control of the

components and protection operations.
• Protecting the management domain is important because the impact of

security breach on the data protection infrastructure is significant.
• In such environment, an attacker may:
− Gain access to management application by either spoofing user

identity, elevating privileges, or by bypassing the security to carry
out an attack.
− Carry out attack such as unauthorized resource provisioning,
modification, or deletion of resource configuration, and so on.
For more information about threats to management applications, select
here.

Knowledge Check: Security Threats in Data Protection Environment
Knowledge Check: Security Threats in Data

Protection Environment
1. Which threat applies to management domain?

a. Media theft
b. Insecure APIs
c. Spoofing DR site identity
d. Bypassing security of production application

Security Controls in a Data Protection Environment – 1
Security Controls in a Data Protection Environment

–1
Objectives

→ Understand the concept of physical security.
→ Explain identity and access management and role-based access
control.
→ Describe various security controls.
Introduction to Security Controls
Types of security controls
Security controls should involve all the three aspects of infrastructure:

people, process, and technology, and their relationships.
• To authenticate and authorize a user or a system, first step should be

to:
− Establish and assure their identity.

− Implement selective controls to access data and resources.

• Security measures are governed by the processes and policies.
• The processes should be based on a thorough understanding of risks
in the environment. The process should:
− Recognizes the relative sensitivity of different types of data and

resources.
− Helps to determine the needs of various stakeholders to access the
data and resources.
For detailed information about security controls, select here.
Physical Security
©
o©
Different types of physical security controls in an organization
Physical security is the foundation of the overall IT security strategy.
• Strict enforcement of policies, processes, and procedures by an

organization are the critical elements of successful physical security.

• Social engineering117 is a kind of attack that can lead to physical

security breaches.
• To secure the data protection environment, the following physical
security measures may be deployed:
− Disable all unused IT infrastructure devices and ports.

− Provide 24x7x365 onsite security guard.
− Implement biometric or security badge-based authentication to
grant access to the facilities.
− Install surveillance cameras [CCTV] to monitor activity throughout
the facility.
− Install sensors and alarms to detect motion and fire.
117 An attack that relies heavily on human interaction and often involves
tricking people into breaching security measures.

Identity and Access Management (IAM)
Network
Backup Application
User
Cloud
Storage
IT Resources
Identity and access management process
• Identity and access management (IAM) is the process of:

− Managing user’s identifiers and their authentication and
authorization to access IT infrastructure resources.
− Controlling access to resources by placing restrictions based on
user identities.
o For example, only an authorized user, such as a backup
administrator, is allowed to login to the backup management
software and perform backup operations, configure resources,
and provision backup resources.
− Identifying the user and the privileges assigned to the user.

• Select the example to know how a user is validated for identity and
privileges.
• Multi-factor authentication118 uses more than one factor to authenticate
a user.
Role-Based Access Control
Roles Permissions
Security
+ Create, delete, and modify security settings
Administrator
Create, edit, and delete backup policies
Backup I Schedule,configure start/stop backup, and

Administrator j recover operations
Provision resources for backup
Monitor backup and recover operations

Activity Monitor *
Monitor security and application settings
Implementation of RBAC in a data protection environment
• Role-based access control (RBAC) is an approach to restrict access to

the authorized users based on their respective roles119.
− Minimum privileges are assigned to a role that is required to
perform the tasks associated with that role.
118 A commonly implemented two-factor authentication process requires

the user to supply both something he or she knows (such as a password)
and also something he or she has (such as a device).
119 A role may represent a job function, for example a backup
administrator.

• Always consider administrative controls, such as separation of

duties120, when defining the data center security procedures.
− For example, the person who authorizes the creation of
administrative accounts in a data protection environment should not
be the person who uses those accounts.
• The image shows the implementation of RBAC in a data protection
environment.
Security Controls
Click the right and left arrows to view all security controls.
Firewall
I Data Packets
Firewall-Demilitarized Zone
120Clear separation of duties ensures that no individual can both specify

an action and carry it out.

• A firewall is a security control designed to examine data packets

traversing a network and compare them to a set of filtering rules121.
− Rules can be set for both the incoming and the outgoing traffic.
− Effectiveness of a firewall depends on how robustly and extensively
the security rules are defined.
− Packets that are not authorized by a filtering rule are dropped and
are not allowed to continue to the requested destination.
• Can be deployed at the network, compute system, and hypervisor
levels.
• Can be either physical122 or virtual123.
For more information about firewall- demilitarized zone, select here.
121 A rule may use various filtering parameters such as source address,
destination address, port numbers, and protocols.
122 A physical firewall is a device that has custom hardware and software
on which filtering rules can be configured. Physical firewalls are deployed

at the network level.
123 A virtual firewall is a software that runs on a hypervisor to provide traffic
filtering service. Virtual firewalls give visibility and control over virtual
machine traffic and enforce policies at the virtual machine level.

IDPS
Anomalous activity detected
Intrusion detection system
Intrusion detection is the process of detecting events that can compromise

the confidentiality, integrity, or availability of IT resources.
• Intrusion Detection System (IDS)124 and Intrusion Prevention System

(IPS)125 are the two controls usually work together and are generally
referred to as intrusion detection and prevention system (IDPS).
• The key techniques used by an IDPS to identify intrusion in the
environment are:
− Signature-based detection126
124 A security tool that automates the detection process. An IDS generates
alerts, in case anomalous activity is detected.
125 A tool that has the capability to stop the events after they have been
detected by the IDS.

126 IDPS relies on a database that contains known attack patterns or
signatures, and scans events against it.

− Anomaly-based detection127
Virtual Private Network

Organization needs to perform remote
replication between two sites using VPN
connection
Application VPN-enabled VPN-enabled

Server router Standby Server
router
Internet
VPN Connection Established SAN

SAN
LAN LAN
Tunnel
Clients Clients Storage
Primary Site VPN Connection Disaster Recovery Site

Established
Remote user connects to the

corporate network using VPN Remote User
connection
Virtual private network system
• A virtual private network (VPN) can be used to provide a user a secure

connection to the IT resources. In the data protection environment,
VPN is used to provide:
− Secure site-to-site connection between a primary site and a DR site
when performing remote replication.
− Secure site-to-site connection between an organization’s data
center and cloud when performing cloud-based backup and
replication.
• There are two methods in which a VPN connection can be established:
127IDPS scans and analyzes events to determine whether they are

statistically different from events normally occurring in the system.

− Remote access VPN connection128

− Site-to-site VPN connection129
For detailed information about virtual private network, select here.
VLAN
VLAN10 VLAN20
VLAN10 allows traffic between Compute VLAN30 (HR)
(Engineering) (Finance)
System A, Compute System B, and
Storage
System A. VLAN 10 also restricts traffic to
and from VLAN 20 and VLAN 30
Compute
System E
Compute
VLAN configured on Ethernet Switch System C
A provides traffic isolation and
therefore enhanced security Compute
Ethernet Switch A
System A
Compute
System F
IP Router
Compute
System D
Replication traffic between
Storage System A and Storage Compute
System B has to pass through the Ethernet Switch B System B
IP Router
Storage
System C
Storage
Ethernet Switch C
System B
Storage
System A
Example presenting a three VLANs network
• VLAN ensures security by providing isolation over the shared

infrastructure. VLAN
− Ensures that the data is separated from one department to another
department.
128 A remote client (typically client software installed on the user’s compute
system) initiates a remote VPN connection request. A VPN server
authenticates and provides the user access to the network.
129 The remote site initiates a site-to-site VPN connection. The VPN server
authenticates and provides access to internal network.

− Enables communication among a group of nodes based on the

functional requirements of the group, independent of the node’s
location in the network.
• Consider the example shown in the image three VLANs are created:
VLAN 10, VLAN 20, and VLAN 30. To understand this example in
details, select here.
VSAN
VSAN 10 VSAN 20
VSAN10 allows traffic between (Engineering) (Finance)
Compute System A and Storage
System A. VSAN 10 also
restncts traffic from VSAN 20
2333 FC Switch A
Hypervisor
Compute Compute
System A System B
VSAN configured on FC Switch A

provides traffic isolation and
therefore enhanced security
FC Switch B
F=~
Storage Storage
System A System B
Example presenting the two VSANs network
• VSAN ensures security by providing isolation over the shared

infrastructure. VSAN:
− Ensures that the data is separated from one department to another
department.
− Enables communication among a group of nodes based on the
functional requirements of the group, independent of the node’s
location in the network.
• Consider the example shown in the image, two VSANs are created:
VSAN 10 and VSAN 20. To understand this example in details, select
here.

Zoning
Switch Domain ID = 15
Compute Storage
System System
WWN 10:00:00:00:C9:20:DC:40
min
nun
mm
WWN 50:06:04:82:E8:91:2B:9E
WWN 10:00:00:00:C9:20:DC:82 (WWN Zone) =10:00:00:00:C9:20:DC:82; 50:06:04:82:E8:91:2B:9E
Types of zoning in a network
• Zoning is an Fibre Channel (FC) switch-based security control that:

− Enables node ports connected to an FC SAN to be logically
segmented into groups and communicate with each other within the
group.
− Provides access control, along with other access control
mechanisms such as LUN masking.
− Provides control by restricting the access only to the members in
the same zone to establish communication with each other.
• Zoning can be categorized into three types:
− WWN zoning
− Port zoning
− Mixed zoning
To learn more about types of zoning, select here.

LUN Masking
Compute system A can have access to LUN A and

restricts the access to LUN B
Hypervisor
11111 D
mu :
mu
mu
Compute System A - HR
min.*
SAN
mm.*
Storage System
Compute System B - Finance

Compute system B can have access to LUN B and
restricts the access to LUN A
Storage system with two LUNs
• LUN masking is the storage system-based security control that is used

to:
− Protects against unauthorized access to LUNs of a Storage
System.
− Grants LUN access only to the authorized hosts.
• Consider a Storage System with two LUNs that store data of the HR
and finance departments as shown in the image.
− Without LUN masking, both the departments can easily see and
modify each other’s data, posing a high risk to data integrity and
security.
− With LUN masking, LUNs are accessible only to the designated
hosts.

Discovery Domain
System B
Discovery domains in an iSNS environment
• Internet Storage Name Service (iSNS) discovery domains work in the

same way as FC zones and primarily used in IP-based network.
• Provides functional groupings of devices in an IP-SAN.
• For devices to communicate with one another, they must be configured
in the same discovery domain.
− State change notifications inform the iSNS server when devices are
added or removed from a discovery domain.
• The image shows the discovery domains in an iSNS environment.
− Compute System A can access only Storage System A and

Compute System B can only access Storage System B.

Knowledge Check: Security Controls in a Data Protection Environment – 1
Knowledge Check: Security Controls in a Data

Protection Environment – 1
1. Which statement is true when implementing RBAC?

a. An individual can both specify an action and carry it out.
b. Maximum privileges are assigned to a role to perform multiple
tasks.
c. No individual can both specify an action and carry it out.
d. Activity monitor’s role can create and delete the security settings.

Security Controls in a Data Protection Environment

–2
Objectives

→ Explain securing hypervisor, management server, VM, OS, and
application.
→ Understand malware protection software and mobile device
management.
→ Describe data encryption and data shredding.
Securing Hypervisor, Management Server, VM, OS,

and Application
Storage
System B
•Design with proper architecture, threat modeling,

and secure coding
•Include process spawning control, executable file

protection, and system tampering protection
VSAN
•Delete unused files and applications

Management Server
’Install current OS updates
•Perform vulnerability scan and penetration

•Install security-critical hypervisor updates Hypervisor
•Harden hypervisor usingspecificationsby CIS •Change default configuration of a VM

and DISA •Tune configuration of VM features to operate in
Compute Compute secure manner
System A System B •VM templates must be hardened to a known security
VLAN
Management VLAN
IT infrastructure components and their roles against security attacks

• The hypervisor and the related management servers are critical

components of an IT infrastructure because they control the operation
and management of the virtualized compute environment.
− Compromising a hypervisor or a management server places all

VMs at a high risk of attack.
Component Roles
Management Server • Restrict core functionality to selected

administrators.
• Encrypt network traffic when managing
remotely.
• Deploy firewall between management
system and rest of the network.
Hypervisor • Install security-critical hypervisor updates

• Harden hypervisor using specifications by
CIS and DISA.
Operating System • Delete unused files and applications.

• Install current OS updates.
• Perform vulnerability scan and penetration.
Virtual Machine • Change default configuration of a VM.

• Tune configuration of VM features to
operate in secure manner.
• VM templates must be hardened to a
known security baseline.

Application • Design with proper architecture, threat

modeling, and secure coding.
• Include process spawning control,
executable file protection, and system
tampering protection.
For detailed information about IT infrastructure components and their roles

against security attacks, select here.
Malware Protection Software
Malware protection software using various techniques to detect malware
• Software installed on a compute system or on a mobile device to

provide protection for operating system and applications. The malware
protection software:
− Detects, prevents, and removes malware and malicious programs

such as viruses, worms, Trojan horses, key loggers, and spyware.
− Uses various techniques to detect malware.

o Most common techniques used is signature-based detection130.

− Identifies malware by examining the behavior of programs.
− Protects operating system against attacks.
To learn more about malware protection software, select here.
Mobile Device Management
Authorized devices with

MDM Client installed
Demilitarized Zone
Mobile device management (MDM) controlling access to organization’s resources only to

authorized mobile devices.
• Several organizations allow their employees to access organization’s

internal application and resources via mobile devices.
− Introduces a threat that may expose resources to an attacker.
• Mobile device management (MDM) is a control that restricts access to
organization’s resources only to authorized mobile devices.
130In this technique, the malware protection software scans the files to
identify a malware signature.

• MDM solution consists of two components: the server component131

and the client component132.
• MDM solution enables organizations to enforce organization’s security
policies on the user’s mobile devices.
For detailed information about mobile device management, select here.
Data Encryption
TSL and SSL protocols

encrypt the data Compute System
traversing over the Hypervisor
network
Compute System A Compute System B
WAN SAN
Encryption Decryption
Appliance Appliance
Replication
Encryption Appliance
encrypts the data before
sending on the Replication
Network Decryption Appliance decrypts the
data before storing on the Storage
System
Storage System encrypts the

data before storing on the Storage System
Storage System storage media
Production Site DR Site
Data encryption providing protection from threats
• Data encryption is a cryptographic technique in which data is encoded

and made indecipherable to eavesdroppers or hackers.
− Provides protection from threats such as tampering with data which
violates data integrity, media theft which compromises data
131 Responsible for performing device enrollment, administration, and

management of mobile devices.
132 Installed on the mobile device that needs access to the organization’s
resources. The client receives commands from the server component

which it executes on the mobile device.

availability, and confidentiality and sniffing attacks which

compromise confidentiality.
• Data encryption is one of the most important controls for securing data
in-flight133 and at-rest134 in data protection environment.
For more information about data encryption, select here.
Data Shredding
• A process of deleting data or residual representations (sometimes

called remanence) of data which makes it unrecoverable.
• Organizations must deploy data shredding controls at all location to
ensure that all the copies are shred.
• Organizations can deploy data shredding controls in their data
protection environment to protect from loss of confidentiality of their
data.
• Degauss techniques to shred data stored on tape includes:
Destruction Description
Techniques
Physically Damaging the storage media physically.

destroying
Degaussing Process of decreasing or eliminating the magnetic

field of media.
133 Refers to data that is being transferred over a network.

134 Refers to data that is stored on a storage medium.

Overwriting Data on the disk or flash drives can be shared by

overwriting the disks several times with invalid
data.

Knowledge Check: Security Controls in a Data Protection Environment – 2
Knowledge Check: Security Controls in a Data

Protection Environment – 2
1. Match the following:
A. Signature- C A process of deleting data

based and making it unrecoverable.
Detection
B. VM Hardening D A technique in which data is

encoded.
C. Data A A technique which scans the

Shredding files to identify a malware.
D. Data B A process in which the

Encryption default configuration is
changed to achieve security.

Cyber Recovery
Cyber Recovery
Cyber Recovery
Objectives

→ Define different types of cyber attacks.
→ Understand the impact of cyber attacks.
→ Explain best practices against cyber attacks.
→ Describe cyber recovery architecture.
Cyber Attacks
A cyber attack is an attempt by hackers to damage, destroy, or control a

network or system. It includes any type of offensive action and can also
target information systems, infrastructures, networks, or personal
computers. The purpose of the attacks includes stealing, altering,
hijacking, or destroying data or information systems.
Denial of Digital Currency Spam Adware

Service Mining

Cyber Recovery
Malicious Web Business Email Banking Ransomware

Scripts Compromise Trojan
Best Practice Against Cyber Attacks
Cyber-attacks have become a common occurrence. Reports of companies

that have experienced IT infrastructure security breaches are on the rise.
There is a growing concern that the cyber attacks can lead to the
destruction of mission critical data and held hostage for ransom.
• Backup of data is the most important and effective way of combating

ransomware.
• The data protection best practice approach is to:
− Keep the backup copies offline, where cyber attacks cannot access
the secure copies.
− Keep security software up to date on latest definitions of virus and
malware.
− Keep operating systems and software updated with security
patches.

Cyber Recovery
− Educate employees to be aware of links or attachments in

suspicious email messages.
Cyber Recovery Architecture
• True data protection emphasizes keeping an isolated copy of your

critical data such as essential applications and intellectual property off
the network.
• Cyber recovery architecture:
− Maintains critical business data and technology configurations in a
secure, air-gapped 'vault' environment that can be used for
recovery or analysis.
− Isolates data from an unsecure system or network and ensure an
uncompromised copy always exists.
− Creates point-in-time (PIT) retention-locked copies that can be
validated and then used for recovery of the production system.
• Policies135 and retention locks make part of the architecture.
• The image shows the basic Synch-Copy-Lock operation of data
protection and vaulting process.
Basic Synch-Copy-Lock operation of data protection and vaulting process
135 What, where, when and how data is secured in the vault.

Cyber Recovery
1: Security mechanism that involves isolating a network and preventing it

from establishing an external connection.
2: Creates point-in-time copies that can serve as restore points in case

production backup data is subject to destructive cyberattack.
Synchronizes the latest data, creates a copy, and then secures it.
3: Immutable file locking and secure data retention to meet both corporate
governance and compliance standards.
4: Determines if a replication copy contains malware or other anomalies

that must be removed.
5:
• Provides comprehensive alerting and reporting that enable

administrators to monitor ongoing activities.
• Detects affected copies, and alert is sent and actions must be taken to
resolve the problems that might occur.
6: The data in a point-in-time copy can be re-orchestrated and then used

to replace the lost data in production.

Knowledge Check: Cyber Recovery
Knowledge Check: Cyber Recovery
1. Match the type of attack description with the name of the attack.
A. Denial of A This attack overwhelms the

Service resources of the system with
excessive requests that
consume all the resources.
B. Malicious C This attack tricks user into

Web downloading a "harmless" file
Scripts that becomes malware.
C. Trojan B This attack when run can detect

and exploit the vulnerabilities of
a system of visitors to the
website.
D. Spam D This attack sends unsolicited

bulk messages sent through
email, instant messaging, or
other digital communication
assets.
2. What is the purpose of having point-in-time replication copies in the

cyber recovery vault?
a. Enable restore points if production backup data is jeopardized.
b. Secure data from corruption of malicious data changes.
c. Determine if copy contains malware or anomalies.
d. Provide comprehensive alerting and reporting to monitor activities.

Dell APEX Cyber Recovery Services
APEX Cyber Recovery Services is a complete on-premises solution –

delivered as-a-Service – for customers seeking to protect their critical data
against the increasing threat of cyberattacks and ransomware. Dell
provides expert guidance at every step, helping you optimize the selection
of applications and data to protect in your vault and simplified Dell-
assisted recovery options, allowing for predictable business recovery from
a cyberattack.

Exercise: Securing the Data Protection Environment

A large multinational bank:
• Provides mobile banking to its customers that enables them to

access the application and data from any location.
• Enables their employees to access internal banking applications

using mobile devices.
• Has multiple remote/branch offices (ROBO) across various

locations.
• Offers single factor authentication solution for security.
• Sends physical tape media to offsite.
• Currently performs remote replication between the primary site and

the secondary site for DR.
• Mobile device theft may expose resources to an attacker.
• Difficulty in tracking anomalous activity in the data center.
• Sending tapes to offsite locations would increase the risk of losing

sensitive data in transit.
• Data is exposed to attackers when data is replicated between the

primary site and the secondary site for DR.
• An attack was attempted by exploiting loophole in the hypervisor

management system.

• Need to protect the confidentiality of data if employee’s mobile

device theft occurs.
• Requires security controls to identify anomalous activity.
• Need to protect data on tapes when sending tapes to offsite

location.
• Need to protect data when performing replication between sites.
• Need to have security controls to protect hypervisor management

system.
4. Expected Deliverable:
• Propose a solution that will address the organization’s challenges

and requirements.
Solution
• Implement Mobile Device Management (MDM).

• Implement intrusion detection and prevention system (IDPS).
• Implement data encryption at rest and in flight.
− Encrypt data at rest for tapes.
− Encrypt data in flight for remote replication.
• Implement hypervisor management security controls.
− Perform hypervisor hardening based on CIS and DISA best

practices.
− Perform security-critical hypervisor management updates.
− Implement separate firewall with strong filtering rules.

Managing the Data Protection Environment

Managing the Data Protection Environment

Introduction to Data Protection Management
Objectives
• Explain the need for data protection management.

• List the traditional data protection management challenges.
• Discuss the important data protection management functions.
Need for Data Protection Management
Data Protection Management includes all the protection-related functions

that are necessary for the management of data protection environment
and services.
Data protection management is also necessary for the maintenance of

data throughout its lifecycle. Data protection management
• Aligns protection operations and services to the strategic business goal

and service level requirements.
• Ensures that the data protection environment is operated optimally by
using as few resources as needed.
• Ensures better utilization of existing data protection components.

Traditional Data Protection Management Challenges
Component or asset-specific management
Traditionally, data protection management is component-specific. The

management tools only enable monitoring and management of specific
component(s). This may cause management complexity and system
interoperability issues in a large environment.
Component or asset-specific management
Overly complex
Management operations are very complex, especially in large environment

that includes many multi-vendor components residing in world-wide
locations.
Overly complex

Manual operations
Traditional management operations, such as provisioning a backup

storage and creating a replica of a volume, are mostly manual. The
provisioning tasks often take days to weeks to complete, due to rigid
resource acquisition process and long approval cycle.
Manual operations
May not support service-oriented infrastructure
The traditional management processes and tools may not support a

service-oriented infrastructure, especially if the requirement is to provide
cloud services.
May not support service

oriented infrastructure
May not support service-oriented infrastructure
Interoperability issues
Interoperability issues exist among multi-vendor IT components.

Interoperability issues
Unsuitable for on-demand service provisioning
They usually lack the ability to execute management operations in an agile

manner, scale resources rapidly, respond to adverse events quickly,
orchestrate the functions of distributed infrastructure components, and
meet sustained service levels. This component-specific, extremely
manual, time consuming, and overly complex management is simply not
appropriate for modern-day data protection management.
Unsuitable for on-demand service provisioning

Key Characteristics of Modern-day Data Protection

Management
Modern-day management is different in many ways from the traditional

management and have the following characteristics:
Service-focused approach
Modern storage infrastructure management has a service-based focus. It

is linked to the service requirements and service level agreement (SLA).
An SLA is a formalized contract document that describes service level

targets, service support guarantee, service location, and the
responsibilities of the service provider and the user. These parameters of
a service determine how the components of the data protection
environment will be managed.
Examples of Management Functions Linked to Service Requirements

and Service-Level Agreements (SLAs):
• Determining the optimal amount of storage space needed in a backup

storage system to meet the capacity requirement of a service.
• Creating a disaster recovery plan to meet the recovery time objective
(RTO) of services.
• Ensuring that the management processes, management tools, and
staffing are appropriate to provide a data archiving service.

Software-defined data center-aware
• Software-defined data center management is more valued over

hardware-specific management.
• Many common, repeatable, hardware-specific management tasks are
automated. Management is focused on strategic, value-driven
activities.
• Management functions move to an external software controller.
• Management operations become independent of underlying hardware.
End-to-end visibility
e END-TO-END
• End-to-end visibility of the data protection environment enables

comprehensive and centralized management.
• It provides information on configuration, connectivity, capacity,
performance, and interrelationships between components centrally.
• It helps in consolidating reports, correlating issues to find root-cause,
and tracking migration of data and services.
• End-to-end visibility is provided by specialized monitoring tools.

Orchestrated operations
• Software-defined data center controller or orchestrator

programmatically integrates and sequences component functions into
workflows.
• Orchestrator triggers an appropriate workflow upon receiving a service
provisioning or management request.
• Management operations are orchestrated as much as possible to
provide business agility.
• Orchestration reduces service provisioning time, risk of manual errors,
and administration cost.

Key Data Management Functions
Discovery and operations management
Data protection management performs two key functions, which are as

follows:
• Discovery
• Operations management
Discovery
Discovery creates an inventory of infrastructure components and provides

information about the components including their:
Periodic discovery

Discovery provides the visibility needed to monitor and manage data center infrastructure
Discovery tool
interacts and
collects information
from the
components
Monitor and manage data center infrastructure
• Configuration and connectivity

• Functions
• Performance and capacity
• Availability and utilization
• Physical-to-virtual dependencies
Discovery is performed using a specialized tool that interacts with

infrastructure components commonly through the native APIs of these
components. Through the interaction, it collects information from the
infrastructure components. A discovery tool may be integrated with the
software-defined data center (SDDC) controller, bundled with a
management software, or an independent software that passes
discovered information to a management software.
Discovery may be scheduled by setting an interval for its periodic

occurrence. Discovery may also be initiated by an administrator or
triggered by an orchestrator when a change occurs in the data protection
infrastructure.

Key processes that support operations management activities
Monitoring
Configuration
Management
Availability If Incident
Management Management
Performance
Management
Change Capacity Problem Security
Management Management Management Management
Operations management activities
Operations management involves on-going management activities to

maintain the data protection infrastructure and the deployed services.
• Operations management involves on-going management activities to

maintain the data protection infrastructure and the deployed services.
• It ensures that the services and service levels are delivered as
committed. Operations management involves several management
processes.
• Ideally, operations management should be automated to ensure the
operational agility. Management tools are usually capable of
automating many management operations.
• Further, the automated operations of management tools can also be
logically integrated and sequenced through orchestration.

Knowledge Check: Introduction to Data Protection Management
Knowledge Check: Introduction to Data Protection

Management
1. "Discovery creates an inventory of infrastructure components and

provides information about...". Select the right answer from the given
options.
a. Configuration and connectivity
b. Capacity
c. Physical-to-virtual dependencies
d. All of the given options

Operations Management – 1
Objectives
• Define monitoring.
• Explain alerting.
• Understand the concept of reporting.
Introduction to Monitoring
Monitoring provides visibility into the data protection environment and

forms the basis for performing management operations. It offers the
following benefits:
Monitoring
Tracks the performance and availability Measures the utilization and consumption of
status of components and services protection storage by the services
Generates reports for protection

Tracks events impacting data status, potential risks, and trends
recovery and availability of
components and services
Tracks environmental parameters

(HVAC) and deviations from their
normal status
Triggers alerts when backup window is exceeded, policies

are violated, and SLA is missed
Monitoring data protection environment

Monitoring Parameters
The data protection environment is primarily monitored for the following:
Data protection monitoring parameters
Monitoring Configuration
Monitoring configuration involves:
• Tracking configuration changes.

• Deploying protection components and services.
• Detects configuration errors, non-compliance with protection policies,
and unauthorized configuration changes
The table shows a list of backup clients (VMs), their type, CPU and
memory configurations, and compliance to a predefined backup policy.
The VM configurations are captured and reported by a monitoring tool.

Backup VM Type CPU (GHz) Memory Compliance

Client (VM) (GB) Breach
VM49 Windows 4.8 2.0 Not backed

Server 2003 up since last
(64-bit) week
VM50 Windows 3.2 2.0 --

Server 2003
(32-bit)
VM51 Windows 4.8 2.0 --

Server 2003
(32-bit)
VM52 Windows 3.2 2.0 Not backed

Server 2003 up since last
(32-bit) week

Monitoring Availability
Monitoring availability of hardware components
Monitoring availability of hardware components (for example, a port, an

HBA, or a storage controller) or software components (for example, a
database instance, an SDDC controller, or an orchestration software)
involves checking their availability status by reviewing the alerts generated
from the system. It identifies the failure of any component or protection
operation that may lead to data and service unavailability or degraded
performance.
For more information about the example, select here.

Monitoring Capacity
Pool expanded
Notification: Pool is 66% full
Monitoring the capacity of a storage pool in a NAS system
Inadequate capacity leads to degraded performance or even service

unavailability. Monitoring capacity involves examining the amount of
infrastructure resources used and usable such as the free space available
on a file system or a storage pool, the numbers of ports available on a
switch, or the utilization of protection storage space. Monitoring capacity
helps an administrator to ensure uninterrupted data protection and
availability by averting outages before they occur.

Monitoring Performance
Application servers / Node

backup clients
Monitoring performance in a backup environment
Performance monitoring tracks how efficiently different protection

components and services are performing and helps to identify bottlenecks.
Performance monitoring -
• Measures and analyzes behavior in terms of number of completed and

failed protection operations per hour, amount of data backed up daily,
and throughput of protection storage.
• Identifies whether the behavior of components and services meets the
acceptable and agreed performance level.

Monitoring Security
Importance of monitoring security in a storage system.
Monitoring a data protection environment for security includes tracking

unauthorized access, whether accidental or malicious, and unauthorized
configuration changes. For example, monitoring tracks and reports the
initial zoning configuration performed in an FC SAN and all the
subsequent changes. Another example of monitoring security is to track
login failures and the unauthorized access to protection storage for
performing administrative changes.

Alerting
An alert is a system-to-user notification that

provides information about events or
impending threats or issues. Alerting keeps
administrators informed about the status of
various components and operations, which
can impact the availability of services and
require immediate administrative attention
such as:
• Failure of power for storage drives, memory, switches, or availability

zones.
• A storage pool reaching a capacity threshold.
• A replication operation breaching a protection policy.
• A soft media error on storage drives.
Type of Alert Description Example
Information • Provide useful • Creation of zone or

information VSAN
• Does not require • Creation of a
administrator storage pool
intervention
Warning • Require • File system is

administrative becoming full
attention • Soft media errors
Fatal • Require immediate • Orchestration

attention failure
• Data migration
failure

Reporting
Reporting on the data protection environment involves keeping track and

gathering information from various components and protection operations
that are monitored. The gathered information is compiled to generate
reports for trend analysis, capacity planning, configuration changes,
deduplication ratio, chargeback, performance, and security breaches.
Select the report type for more information about that report.
1: Capacity planning reports contain current and historic information about

the utilization of protection storage, file systems, ports, etc.
2: Configuration and asset management reports include details about the

allocation of protection storage, local or remote replicas, network topology,
and unprotected systems. This report also lists all the equipment, with
details, such as their purchase date, license, lease status, and
maintenance records.
3: Chargeback reports contain information about the number of backup

and restore operations, amount of data backed up and restored, amount
of data retained over a period of time, and the number of tapes as archive

storage media used by various user groups or tenants along with the
associated cost.
4: Performance reports provide current and historical information about

the performance of various protection components and operations
including success rate, failed backup and recovery operations, and
compliance with agreed service levels.
5: Security breach reports provide details on the security violations,

duration of breach and its impact.

Knowledge Check: Operations Management – 1
Knowledge Check: Operations Management – 1
1. Identify the monitoring parameters? Select all that apply.

a. Configuration
b. Availability
c. Performance
d. Profit

Operations Management - 2
Operations Management -2
Objectives
• Define configuration management and change management.

• Define capacity management and performance management.
• Explain availability management.
• Define incident management and problem management.
• Explain security management.
Configuration Management
Configuration management is responsible for maintaining information

about configuration items (CIs). CIs include components such as:
CIs components
The information about CIs includes their attributes, used and available
capacity, history of issues, and inter-relationships.

Change Management
Change management
Change management standardizes change-related procedures in a data

protection environment for prompt handling of all changes with minimal
impact on data protection operations and service quality.
Examples of changes include:
• Introduction of a new data replication service.

• Replacing an archive storage system.
• Expansion of a storage pool.
• Upgrade of a backup application.
• Change in process or procedural documentation.

Capacity Management
Capacity management
Capacity management ensures that the data protection environment is

able to meet the required capacity demands for protection operations and
services in a cost effective and timely manner.
Examples of capacity management activities include:
• Adding new nodes to a scale-out NAS cluster or an OSD.

• Expanding a storage pool and setting a utilization threshold.
• Forecasting the usage of storage media.
• Removing unused resources from a service and reassigning those to
another.

Performance Management
Performance management
Performance management ensures the optimal operational efficiency of all

infrastructure components so that data protection operations and services
can meet or exceed the required performance level. Management tools
also proactively alert administrators about potential performance issues
and may prescribe a course of action to improve a situation.
Examples of performance management activities include:
• Adjusting conflicting backup schedules.

• Fine-tuning file system configuration.
• Adding new VMs or allocating more resources to the existing VMs.
• Adding new ISLs and aggregating links to eliminate bottleneck.
• Adding new nodes to a protection storage.
• Changing storage tiering and cache configuration.

Availability Management
Availability management
Availability management ensures that the availability requirements of data

protection operations and services are consistently met.
Examples of availability management activities include:
• Deploying redundant, fault-tolerant, and hot-swappable components.

• Implementing compute cluster, VM live shadow copy, and multi-
pathing solutions.

Incident Management
Incident Management136 is responsible for detecting and recording all

incidents in a data protection environment. It investigates the incidents
and provides appropriate solutions to resolve them.
The following table illustrates an example of an incident that was detected

by the Incident Management tool:
Severity Event Type Device Priority Status Last Updated Owner Escalation
Summary
Fatal Pool A Incident NAS 1 None New 2016/03/0712:38:34 - No

usage is
95%
Fatal Database Incident DB High WIP 2016/03/0710:11:03 L. John Support

1 is down server Group 2
1
Warning Port 3 Incident Switch Medium WIP 2016/03/0709:48:14 P. Kim Support

utilization A Group 1
is 85%
136An incident is an unplanned event such as a switch failure, security

attack, or replication software error that may cause an interruption to the
protection operations and services or degrade their quality.

Problem Management
Problem management
Problem management prevents incidents that share common symptoms

or root causes from reoccurring and minimizes the adverse impact of
incidents that cannot be prevented.
Problem management:
• Reviews incident history to detect problems in a data protection

environment.
• Identifies the underlying root cause that creates a problem.
• Uses integrated incident and problem management tools to mark
specific incidents as problem and perform root cause analysis.
• Provides most appropriate solution or preventive remediation for
problems.
• Analyzes and solves errors proactively before they become an
incident/problem.
For more information about problem management, select here.

Data Security Management
Security management
Security management prevents occurrence of security-related incidents or

activities. These incidents adversely affect the confidentiality, integrity, and
availability of organizations' data. Security management ensures the
regulatory or compliance requirements for data protection of organizations
are met for protecting data at reasonable costs. It develops data security
policies and also deploys required security architecture, processes,
mechanisms, and tools.
Examples of security management activities are:
• Managing user accounts and access policies that authorize users to

use a backup/replication service.
• Implementing controls at multiple levels (defense in depth) to access
data and services.
• Scanning applications and databases to identify vulnerabilities.
• Configuring zoning, LUN masking, and data encryption services.

Data Protection Regulations
Data protection regulations
With the flow of personal data across industries and on a global scale,
data security governance and data protection compliance requirements
are becoming stronger day by day. Organizations, which are dealing with
personally identifiable information (PII) must comply with stringent data
protection regulations, including:
• Payment Card Industry Data Security Standard (PCI DSS) in the USA.
• Health Insurance Portability and Accountability Act (HIPAA) in the
USA.
• General Data Protection Regulation (GDPR) in Europe.
• California Consumer Privacy Act (CCPA) in California.
• POPI in South Africa.
Data Security Governance
Data Security Governance
Data Security Governance (DSG) according to Gartner is “a subset of

information governance that deals specifically with protecting corporate
data (in both structured database and unstructured file-based forms)
through defined data policies and processes.”
There is no single product or an all-in-one solution to DSG. The

organizations must analyze their data requirements and select all the

valuable data that needs to be protected. Data governance must be

treated with importance to avoid data security management disasters.
There are three primary software methods for DSG: classification,

discovery, and de-identification or masking. These methods have been
successfully employed by IRI customers for PII and other sensitive data.
Select each primary software method type on the given figure for more
information.
Primary software methods
De-identification
1: Data Classification refers to categorizing or grouping of data in order to

protect it. This categorization can be done with respect to its name,
attributes, subject to computational validation (so that it can be
distinguished from other 9-digit strings), and sensitivity attribution such as
sensitive, secret and so on.
2: Sensitive data can be found by using certain search functions, which

may or may not be associated with data classes. This function is know as
discovery technique. Examples of discovery include:
• Perl Compatible Regular Expression (PCRE)

• Fuzzy (soundalike) matching algorithms

• Named entity recognition (NER)

• Facial recognition
3: A great way to reduce or even eliminate data breach risks is masking of

data, at rest or in motion. This process masks or shields sensitive or
confidential data, such as names, addresses, credit card information,
Social Security numbers etc. from the risk of unintended exposure to
prevent data breaches.

Knowledge Check: Operations Management - 2
Knowledge Check: Operations Management - 2
1. Match the following management processes with their descriptions:
A. 3. Change C B. Determines the optimal

management amount of resources
required to meet the needs
of protection operations.
B. 4. Availability D A. Prevents incidents that

management share common symptoms
or root causes from
reoccurring.
C. 1. Capacity A D. Makes a decision to

management approve or reject the
request for creating a new
data protection service.
D. 2. Problem B C. Ensures that the fault

management tolerance requirements of
data protection services are
consistently met.

Dell CloudIQ
CloudIQ combines proactive monitoring, machine learning and predictive

analytics so you can take quick action and simplify operations of your on-
premises infrastructure and data protection in the cloud. CloudIQ supports
a broad range of Dell Technologies products, including servers, data
protection, converged and hyperconverged infrastructure, and networking
for Ethernet/ SAN) - plus Dell Technologies APEX Data Storage Services.
CloudIQ helps anticipate business needs by intelligently projecting
capacity utilization, so you can plan capacity requirements and budget
accordingly.
Dell PowerProtect Data Manager
Dell PowerProtect Data Manager provides software-defined data

protection, automated discovery, deduplication, self-service and IT
governance for physical, virtual and multicloud environments. With
operational simplicity, agility and flexibility at its core, PowerProtect Data
Manager enables the protection, management, and recovery of data in on-
premises, virtualized and cloud deployments, including protection of in-
cloud workloads. You can also protect cloud-native workloads across
multiple public clouds via our integrated SaaS-based PowerProtect Cloud
Snapshot Manager.

Exercise - Managing the Data Protection Environment
Exercise - Managing the Data Protection

Environment
An organization maintaining multiple data centers provide data

protection services to its customers. The details are as follows:
• Protection services cover both at local site as well as at remote site

protection for disaster recovery.
• The enterprise allows all its customer’s data to be stored, protected,

and accessed from worldwide location.
• It has virtualized compute, network, and storage components and

deployed various backup, replication, and archiving solutions.
• It provides automated reports that are generated by monitoring and

reporting tools.
• The management operations in the data center are mostly manual.
• Difficulty in locating and resolving errors in infrastructure

components and data protection operations.
• Difficulty in allocating resources to meet dynamic resource

consumption and seasonal spikes in resource demand.
• Occasionally, the performance of replication operation gets

degraded.
• Difficulty in creating the inventory of various infrastructure

components including their configuration, connectivity, functions,
and performance.

• Need to ensure adequate availability of IT resources to provide

data protection services.
• Need to gather and maintain information about all the infrastructure

components in a centralized database.
• Administrators should get proactive alerts about potential

performance issues on data protection operations.
• Need to reduce manual errors and administration cost related

to common, repetitive management tasks.
• Planning to deploy a new multi-site data protection service. It needs

to implement a management process for architecting the new multi-
site data protection solution.

requirements.
Solution
• Implement a capacity management process that will help in planning

for current and future resource requirements. This may include
dynamic resource consumption and seasonal spikes in resource
demand.
• Deploy discovery tool that gathers and stores data in a configuration
management system.
• Deploy performance management tool that can proactively alert
administrators about potential performance issues.
• Orchestrate management operations that are common and repetitive to
reduce manual errors and administration cost.
• Implement an availability management process that will help in
architecting the new multi-site data protection solution.

Summary

Summary
Upon successful completion of this course, participants should be able to:

→ Explain data protection architecture and its building blocks.
→ Evaluate fault-tolerance techniques in a data center.
→ Describe data backup methods and data deduplication.
→ Describe data replication, data archiving and data migration
methods.
→ Describe the data protection process in a software-defined data
center.
→ Articulate cloud-based data protection techniques.
→ Describe various solutions for protecting Big data and mobile
device data.
→ Describe security controls and management processes in a data
protection environment.

You Have Completed This eLearning
Data Protection and Management – Associate
The Data Protection and Management certification provides a

comprehensive understanding of the various data protection infrastructure
components in modern data center environments. This certification will
qualify towards all Backup Recovery Specialist level certifications in the
Dell EMC Proven Professional Technology Architect, Implementation
Engineer, Systems Administrator, and Infrastructure Security tracks. The
course is available in Classroom, Virtual Classroom and On Demand
Course modalities.
CERTIFIED Technology Architect Implementation Engineer Systems Administrator Infrastructure Security

SPECIALIST
•Data Protection • PowerProtect Data Manager •PowerProtect Data Manager • Implementing the NIST
-Data Protection Training Bundle - PowerProtect Data Manager - PowerProtect Data Manager Cybersecurity Framework
tXM-Llachnologies Training Bundle Training Bundle
• Avamar • Avamar
- Avamar Implementation and - Avamar Administration
Administration •DataDomain
• Data Domain -DataDomain System
- Data Domain System Administration
Administration •NetWorker
• NetWorker -NetWorker Implementation and
- NetWorker Implementation and Administration
Administration
Data Protection and Management (C, VC, ODC)
(C)- Classroom
(VC)- VirtualClassroom
(ODC)- OnDemandCourse
For more information, visit: http://dell.com/certification

Appendix
Data protection is one of the least glamorous yet important aspect in any
organization. In many aspect it’s like being the goalkeeper in a soccer
game—when you do your job effectively, it’s easy to get overlooked. But if
you fail, it generally results in a loss. Data can exist in a variety of forms
such as photographs and drawings, alphanumeric text and images, and
tabular results of a scientific survey. In computing, digital data is a
collection of facts that is transmitted and stored in electronic form and
processed through software. Digital data is generated by various devices
such as desktops, laptops, tablets, mobile phones, and electronic sensors.
It is stored as strings of binary values (0s and 1s). In this course, the word
“data” implies the digital data. Most organizations use one or more data
protection methods to protect their digital data from disruption and
disaster.
For example, backing up data creates a duplicate copy of data. The

duplicate copy or data backup is used to restore data in case the original
data is corrupted or destroyed. If a disaster occurs, an organization’s
onsite data backup could be lost along with the original data. Hence, it is a
good practice to keep a copy of data in a remote site. In addition, data
archives are used to preserve older but important files. Organizations also
test data recovery operations periodically to examine the readiness of their
data protection mechanisms.
Further, security mechanisms such as anti-malware software and firewalls

help in protecting data from security attacks. A key question that should be
answered at this point is—what are the reasons for spending money, time,
and effort on data protection? Let us list the reasons that make data
protection and its management important for an organization. Note: The
terms “data” and “information” are closely related, and it is common for the
two to be used interchangeably. However, when data is processed and
presented in a specific context it can be interpreted in a useful manner.
This processed and organized data is called information.
As the business markets become increasingly connected, ensuring that

data is protected and always available becomes absolutely critical.
Accessing data constantly through numerous activities, such as web

Appendix
searches, social networking, emailing, uploading and downloading

content, and sharing media files are common. Moreover, internet-enabled
smartphones, tablets, and wearable gadgets such as a fitness activity
tracker, along with Internet of Things (IoT) add to anytime, anywhere data
access via any device. The IoT is a technology trend wherein “smart”
devices with embedded electronics, software, and sensors exchange data
with other devices over the Internet.
Application areas of IoT include remote controlling of household

appliances and remote monitoring of atmospheric conditions. For business
applications, it is essential to have uninterrupted, fast, reliable, and secure
access to data for enabling these services. This access, in turn, relies on
how well the data is protected and managed.
An organization’s data is its most valuable asset. An organization can

leverage its data to efficiently bill customers, advertise relevant products to
the existing and potential customers, launch new products and services,
and perform trend analysis to devise targeted marketing plans. These
sensitive data, if lost, may lead to significant financial, legal, and business
loss apart from serious damage to the organization’s reputation.
An organization seeks to reduce the risk of sensitive data loss to operate

its business successfully. It should focus its protection efforts where the
need exists—its high-risk data. Many governments laws mandate that an
organization must be responsible for protecting its employee’s and
customer’s personal data. The data should be safe from unauthorized
modification, loss, and unlawful processing. Examples of such laws are
U.S. Health Insurance Portability and Accountability Act (HIPAA), U.S.
Gramm-Leach-Bliley Act (GLBA), and U.K. Data Protection Act. An
organization must be adept at protecting and managing personal data in
compliance with legal requirements.
GDPR - The EU General Data Protection Regulation (GDPR), launched in

2018, ensures that any organization dealing with data on EU citizens must
be compliant with the terms of GDPR, irrespective of where the
organization is located. If the organization fails to be complaint, the EU will
levy a huge fine. This regulation increased the accountability and
responsibility of the company towards safeguarding of its client data.

Appendix
Data protection is the process of safeguarding data from corruption and

loss. It focuses on technologies or solutions that can prevent data loss and
recover data in the event of a failure or corruption. Data protection lays the
foundation of improving data availability.
Data protection technologies and solutions are used to meet data

availability requirements of business applications and IT services.
Examples of IT services are email service, data upload service, and video
conferencing service. Data availability refers to the ability of an IT
infrastructure component or service to function according to business
requirements and end users’ expectations during its operating time,
ensuring that data is accessible at a required level of performance. The
operating time is the specified or agreed time of operation when a
component or service is supposed to be available.
For example, a service that is offered from 9 AM to 5 PM Monday to

Friday, 52 weeks per year, would have an operating time of 8 * 5 * 52 =
2080 hours per year. Any disruption to the service outside of this time slot
is not considered to affect the availability of the service. Data availability is
not all about technologies; it also involves strategy, procedure, and IT
resource readiness appropriate for each application or service. Based on
a data availability strategy, necessary data protection technologies and
solutions are picked up.
For example, an application owner cares about the availability of their

application, and the application strategically requires 24x7 access to data.
The backup administrator is responsible for protecting the application data
aptly using an appropriate backup technology. In the event of a data
corruption or loss, the application owner relies on the backup administrator
to restore data from a backup.
Note: ITIL defines a service as “a means of delivering value to customers

by facilitating outcomes customers want to achieve without the ownership
of specific costs and risks”. According to Gartner, “IT services refers to the
application of business and technical expertise to enable organizations in
the creation, management and optimization of or access to information
and business processes.”
The goal of data availability is to ensure that users can access an

application or a service during its operating time. But failure of an

Appendix
infrastructure component or a service might disrupt data availability and

result in downtime. A failure is the termination of a component’s or
service’s ability to perform its required function. The component’s or
service’s ability can be restored by performing various external corrective
actions such as a manual reboot, a repair, or replacement of the failed
component(s). Therefore, both operating time and downtime of a
component or a service are factored in the measurement of data
availability. Data availability is usually calculated as a percentage of
uptime, where uptime is equal to the operating time minus the downtime. It
is often measured by “Nines”. For example, a service that is said to be
“five 9s available” is available for 99.999 percent of the agreed operating
time in a year.
Data availability is also measured as a factor of the reliability of

components or services—as reliability increases, so does availability. It is
calculated as the mean time between failure (MTBF) divided by the MTBF
plus the mean time to repair (MTTR). Both MTBF and MTTR are reliability
metrics. MTBF is the average time available for a component or a service
to perform its normal operations between failures.
It is calculated as the total uptime divided by the number of failures. MTTR

is the average time required to repair a failed component or service. It is
calculated as the total downtime divided by the number of failures. These
metrics are usually expressed in hours.
For example, if the annual uptime of a component is 9609 hours, the

annual downtime of the component is 11 hours, and the component has
failed thrice in an year, then MTBF = 9609 hours / 3 = 3203 hours and
MTTR = 11 hours / 3 = 3.66 Hours. Note: Mean Time to Restore Service
(MTRS) is considered to be a better metric than MTTR for measuring data
availability. MTRS is the average time taken to restore a failed component
or a service.
The problem with MTTR is that while a component (or part of a service)
may have been repaired, the service itself is still not available to an end
user. MTRS takes care of the end user’s interest by encompassing the
entire elapsed time after a failure till the end user can get access to a
service.

Appendix
Mechanical damages of hardware are common reasons for device

failures. In addition, manufacturing defects, spilling coffee, and other water
damages may cause device outage. As a result of hardware failures,
users may not be able to access data.
Loss of power or even sudden changes in voltage affects IT infrastructure

components, which may lead to data unavailability. Poor application
design or resource configuration errors can also lead to data unavailability.
For example, if the database crashes for some reason, then the data will
be inaccessible to the users, which may lead to IT service outage.
The IT department of an organization performs routine activities such as

application upgrade, database reorganization, hardware upgrade, data
migration, server maintenance, and relocating services to another site.
Any of these activities can have its own significant and negative impact on
data availability.
Natural disasters such as flood, earthquake, tornadoes, and volcanic

eruptions can affect businesses and availability of data in every part of the
globe. In addition, man-made disasters such as civil unrest, terrorist
attacks, and accidents can impact data availability.
Ransomware - It is a malware, created using Cryptovirology and is used

to threaten victims of leaking their valuable data or blocking access to it.
The threat is accompanied by a demand for a ransom. The simple forms
of Ransomware may lock the victim's system, which may be reversed by
someone with IT knowledge. However, the more advanced malware uses
cryptoviral extortion techniques to encrypt the victim's data and demand
for a large ransom in exchange for decrypting it. This is yet another
instance of data unavailability and may result in a huge financial loss for
the victim.
In addition, loss of data due to data corruption, intentional or accidental

deletion of files or programs, and misplacement or theft of DVDs and
tapes may lead to data unavailability.
Note: In general, the outages can be broadly categorized into planned and
unplanned outages. Planned outages may include installation and
maintenance of new hardware, software upgrades or patches, performing
application and data restores, facility operations (renovation and

Appendix
construction), and migration. Unplanned outages include failure caused by

human errors, database corruption, failure of components, and natural or
man-made disasters.
A data center provides centralized data-processing capability. It is used to

provide worldwide access to business applications and IT services over a
network, commonly the Internet.
Data center usually stores large amounts of data and provides services to
a vast number of users. Therefore, data protection in a data center is vital
for carrying out business operations. There are several methods available
to protect data in a data center.
For example, a primary (production) database server may periodically

transfer a copy of transaction data to a standby database server. This
method ensures that the standby database is consistent up to a point-in-
time with the primary database. In case the primary database server fails,
the standby database server may start production operations.
In another method, data is copied directly from a primary storage to a

standby protection storage without involving application servers. The
protection storage may be used for data recovery or restarting business
operations in the event of primary storage failure.
Large organizations often maintain multiple data centers to distribute data-

processing workloads and provide remote protection of data. Data is
copied between data centers to provide remote protection and high
availability. If one data center experiences an outage, other data centers
continue providing services to the users.
In an enterprise data center, data is typically stored in storage systems (or

storage “arrays”). A storage system is a hardware component that
contains a group of storage devices assembled within a cabinet. It is
controlled and managed by one or more storage controllers. These
enterprise-class storage systems are designed for providing high capacity,
scalability, performance, reliability, and security to meet business
requirements. The compute systems that run business applications are
provided storage capacity from storage systems.
Connectivity elements create communication paths between compute

systems and storage for data exchange and resource sharing. Examples

Appendix
of connectivity elements are Open Systems Interconnection (OSI) layer-2

network switches, OSI layer-3 switches or routers, cables, and network
adapters such as a NIC. Switches and routers are the commonly used
interconnecting devices. An OSI layer-2 switch enables multiple compute
and storage systems in a network to communicate with each other. A
router (or an OSI layer-3 switch) allows multiple networks to communicate
with each other.
The commonly used cables are copper and optical fiber. A network
adapter on a compute or storage system provides a physical interface for
communicating with other systems.
The connectivity elements help in connecting IT equipment together in a

data center. The two primary types of connectivity include the
interconnection between compute systems and between compute systems
and storage systems.
Note: The OSI model defines a layered framework to categorize various

functions performed by the communication systems. The model has seven
layers, and each layer includes specific communication functions.
Characteristics of Converged infrastructure:
• Pre-configured and optimized, which reduces the time to acquire and

deploy the infrastructure
• Less power and space requirements
• All hardware and software components can be managed from a single
management console
A potential area of concern regarding converged infrastructure solutions is

the lack of flexibility to use IT components from different vendors. Some
vendors may provide the flexibility to choose multi-vendor IT components
for a converged infrastructure.
Notes
The fundamental principle of DR is to maintain a secondary data center or

site, called a DR site. The primary data center and the DR data center
should be located in different geographical regions to avoid the impact of a
regional disaster. The DR site must house a complete copy of the

Appendix
production data. Commonly, all production data is replicated from the

primary site to the DR site either continuously or periodically. A backup
copy can also be maintained at the DR site. Usually, the IT infrastructure
at the primary site is unlikely to be restored within a short time after a
catastrophic event.
Organizations often keep their DR site ready to restart business

operations if there is an outage at the primary data center. This may
require the maintenance of a complete set of IT resources at the DR site
that matches the IT resources at the primary site. Organization can either
build their own DR site, or they can use cloud to build DR site.
Fault-tolerant IT infrastructure is designed based on the concept of fault

tolerance. Fault tolerance is the property that enables a system to
continue its operation in the event of the failure of some of its components.
Fault-tolerant IT infrastructure eliminates single points of failure. In the

event of a component failure, a redundant component can immediately
take its place with no loss of service. The fault-tolerant infrastructure
improves availability because a single failure cannot make the entire
infrastructure or a service unavailable.
Fault tolerance can be provided at the software level, or at the hardware

level, or by combining both of them. The fault-tolerant design can also be
extended to include multiple data centers or sites wherein redundant data
centers are used to provide site-level fault tolerance.
Why Data Protection Architecture?

• Organizations need a data protection architecture137 to combat
accidental architecture.
137A data protection architecture is a blueprint that specifies the protection

components and their interrelationships and guides an organization to
provide centralized data protection services.

Appendix
• Enables cost-optimized and consolidated data protection, simplifies

data protection management, and helps organizations to meet service
level requirements.
− An intentional data protection architecture is explicitly identified and
then implemented.
• Evolving data protection technology and expanding requirements have
transformed the IT industry.
− Organizations can choose from many new data protection options
integrated into their applications, operating systems (OSs), and
storage systems.
− Unfortunately, with such a transformation, many organizations have
fallen into the chaos of an accidental architecture138.
• Multiple entities within an organization perform their own data
protection operations without a clear picture of the ownership of
protection processes and resources.
− Results in an ad hoc approach to data protection with no central

visibility to the data protection environment.
Business Applications
• Business applications run on compute systems139.
• Various types of business applications are enterprise resource
planning (ERP) applications, customer relationship management
(CRM) applications, email applications, ecommerce applications,
database applications, and analytic applications.
138 An accidental architecture consists of a fragmented set of data

protection processes, multiple unconnected data protection tools, and
infrastructure silos. An accidental architecture causes complexity in
scaling the protection resources.
139 Execute the requests from users or clients and pass back the
generated responses.

Appendix
• A business application commonly provides a user interface such as a

command line interface (CLI) and graphical user interface (GUI).
− The user interface enables users to send requests and view
responses.
− Also provide an application programming interface (API)140 that
enables other applications to interact with it.
• The protection applications and storage leverage these interfaces to
track the application data as it changes and also track the protection
status of the data.
Hypervisors
• From a hypervisor’s perspective, each VM is a discrete set of files that
store the VM configuration, VM memory content, and guest OS and
application data.
− Availability of these files is the key to run the VMs and continue
business operations. Therefore, protection of VMs should be
included in the data protection plan.
• Protection at the hypervisor level requires the hypervisor to function as
the source of all VM files managed by it.
Virtual Machine
• A VM does not have direct access to the hardware of the physical
compute system (host machine) on which it is created.
− The hypervisor translates the VM’s resource requests and maps

the virtual hardware of the VM to the hardware of the physical
compute system.
140Provides a flexible, easy-to-use means for integrating protection tools

with the business applications.

Appendix
− For example, a VM’s I/O requests to a virtual disk drive are

translated by the hypervisor and mapped to a file on the physical
compute system’s disk drive.
A VM can be configured with one or more virtual CPUs. When a VM
starts, its virtual CPUs are scheduled by the hypervisor to run on the
physical CPUs. Virtual RAM is the amount of physical memory allocated to
a VM and it can be configured based on the requirements.
The virtual disk stores the VM’s OS, program files, and application data. A
virtual network adapter provides connectivity between VMs running on the
same or different compute systems, and between a VM and the physical
compute systems.
Virtual optical drives and floppy drives can be configured to connect to

either the physical devices or to the image files, such as ISO and floppy
images (.flp), on the storage. SCSI/IDE virtual controllers provide a way
for the VMs to connect to the storage devices.
The virtual USB controller is used to connect to a physical USB controller

and to access the connected USB devices. Serial and parallel ports
provide an interface for connecting peripherals to the VM.
Containers
Imagine needing multiple versions of applications for testing or production.
IT team would need multiple Virtual Machines which are running multiple
iterations of applications with necessary binaries and libraries. This would
be challenging as moving around large amounts of data limits VM mobility.
• Multiple containers can run on the same machine and share the
Operating System Kernel with other containers.
− For example, you might have one container on a system running
Red Hat Linux, serving a database, through a virtual network to
another container running Ubuntu Linux, running a web server that
talks to that database, and that web server might also be talking to
a caching server that runs in a SUSE Linux based container.
• Containers are lightweight in nature but running them in production
environment can quickly become a massive effort. Especially when

Appendix
used with microservices, a containerized application might be

translated into multiple containers. This can introduce significant
complexity if managed manually.
− Container orchestration141 is what makes that operational

complexity manageable for DevOps since it provides a way of
automating much of the work.
− The widely deployed container orchestration platforms are based
on open-source versions like Kubernetes, Docker Swarm.

A primary storage device is the persistent storage for data used by
business applications to perform transactions. A primary storage can be a
standalone hard disk drive (HDD) or solid-state drive (SSD) that is directly
attached to a compute system.
An entire storage system or some of its storage drives that store business
application data can also be the primary storage device. In addition to
transactional data, a primary storage device may also store OS and
application software.
A primary storage device can be leveraged as a data source during

protection operations. Data from a primary storage device can be copied
or moved directly to protection storage without using the CPU cycles of
the compute systems that run business applications and hypervisors.
Therefore, application performance is not impacted during data protection.
This may also improve the performance of data protection operations.
141An automatic process of managing or scheduling the work of individual

containers for applications based on microservices within multiple clusters.

Appendix
Cloud Based Storage

In cloud based storage model data is stored in cloud and managed by
cloud data storage service provider.
Cloud based protection storage provides the following features:
• Improves productivity and competence and manage cost because of

on-demand delivery within the time.
• Eliminates the unnecessary investment on infrastructure, as an
organization can subscribe and pay as per their storage requirement.
• Gives access to the data anytime and from anywhere.
• Provides data security during data transfer and storage by encrypting
the files using encryption techniques and is maintained by the service
provider.
Need for Fault Tolerance

Fault tolerance is needed to improve the reliability and availability of a
service. It ensures that a system remains up and a service remains
available in the event of a failure or fault within a system component. Fault
tolerance is achieved by deploying fault-tolerant compute, network,
storage, and application systems in a data center.
What is fault tolerance

Fault tolerance may be provided by software, hardware, or a combination
of both. However, end-to-end data center fault tolerance is difficult and
costly to achieve. The closer an organization reaches 100 percent fault
tolerance, the more costly is the infrastructure.
Fault Isolation
The example shown image represents two I/O paths between a compute
system and a storage system.

Appendix
The compute system uses both the paths to send I/O requests to the
storage system. If an error or fault occurs on a path causing a path failure,
the fault isolation mechanism present in the environment automatically
detects the failed path. It isolates the failed path from the set of available
paths and marks it as a dead path to avoid sending the pending I/Os
through it.
All pending I/Os are redirected to the live path. This helps avoiding the
time-out and the retry delays.
Compute Clustering
Compute clustering provides continuous availability of services even when
a virtual machine (VM), physical compute system, OS, or hypervisor fails.
In compute clustering technique, at least two compute systems or
hypervisors work together and are viewed as a single compute system to
provide high availability and load balancing. If one of the compute systems
in a cluster fails, the service running on the failed compute system moves
to another compute system in the cluster to minimize or avoid outage.
Clustering uses a heartbeat mechanism to determine the health of each
compute system in the cluster. The exchange of heartbeat signals, usually
happens over a private network, allows participating cluster members to
monitor each other’s status. Clustering can be implemented among
multiple physical compute systems, or multiple VMs, or VM and physical
compute system, or multiple hypervisors
Virtual Machine (VM) Live Shadow Copy

The VM live shadow copy technique ensures that the secondary VM is
always synchronized with the primary VM. The hypervisor running the
primary VM captures the sequence of events that occur on the primary
VM. Then it transfers this sequence of events to the hypervisor running on
another compute system. The hypervisor running the secondary VM
receives these event sequences and sends them to the secondary VM for
execution. The primary and the secondary VMs share the same storage,
but all output operations are performed only by the primary VM. A locking
mechanism ensures that the secondary VM does not perform write
operations on the shared storage. The hypervisor posts all events to the

Appendix
secondary VM at the same execution point as they occurred on the

primary VM. This way, these VMs “play” exactly the same set of events
and their states are synchronized with each other.
Link Aggregation
Link aggregation combines two or more parallel interswitch links (ISLs)
into a single logical ISL, called a link aggregation group. It optimizes
network performance by distributing network traffic across the shared
bandwidth of all the ISLs in a link aggregation group. This allows the
network traffic for a pair of node (compute system and storage system)
ports to flow through all the available ISLs in the group rather than
restricting the traffic to a specific, potentially congested ISL. The number
of ISLs in a link aggregation group can be scaled depending on
application’s performance requirement.
Link aggregation also enables network traffic failover in the event of a link
failure. If a link in a link aggregation group is lost, all network traffic on that
link is redistributed across the remaining links.
By combining ISLs, link aggregation also provides higher throughput than

a single ISL could provide. For example, the aggregation of three ISLs into
a link aggregation group provides up to 48 Gb/s throughput assuming the
bandwidth of an ISL is 16 Gb/s.
Multipathing
Enables automated path failover. This eliminates the possibility of
disrupting an application or a service due to failure of a component on the
path such as network adapter, cable, port, and storage controller (SC). In
the event of a path failure, all outstanding and subsequent I/O requests
are automatically directed to alternative paths.
Can be a built-in OS and hypervisor function or a third-party software

module that can be installed to the OS or hypervisor. To use multipathing,
multiple paths must exist between the compute and the storage systems.
If a path fails, the multipathing software or process detects the failed path

Appendix
and then redirects the pending I/Os of the failed path to another available
path.
Can also perform load balancing by distributing I/Os across all available
paths. The figure on the page shows a configuration where four paths
between a compute system (with dual-port HBAs) and a storage device
enable multipathing.
Configuring Hot-swappable Components

For example, a high-end switch or director contains redundant
components with automated failover capability. Its key components such
as controller blades, port blades, power supplies, and fan modules are all
hot-swappable. If a switch controller blade fails, it is hot-swapped for a
new one.
RAID
Disk and solid state drives are susceptible to failures. A drive failure may
result in data loss. Today, a single storage system may support thousands
of drives. Greater the number of drives in a storage system, the greater is
the probability of a drive failure in the system.
Redundant Array of Independent Disks (RAID) is a technique in which

multiple drives are combined into a logical unit called storage pool and
data is written in blocks across the disks in the pool. The logical units are
created from the pool by partitioning the available capacity into smaller
units. These units are then assigned to the compute system based on
their storage requirements. Logical units are spread across all the physical
drives that belong to that pool. Each logical unit created from the pool is
assigned a unique ID, called a logical unit number (LUN).
RAID protects against data loss when a drive fails, through the use of
redundant drives and parity. Typically, in a RAID storage system, the data
is distributed across physical drives and these set of physical drives are
viewed as single logical drive or volume by operating system. RAID also
helps in improving the storage system performance as read and write
operations are served simultaneously from multiple drives.

Appendix
Erasure Coding Technique

The image illustrates an example of dividing a data into nine data
segments (m = 9) and three coding fragments (k = 3). The maximum
number of drive failure supported in this example is three. Erasure coding
offers higher fault tolerance (tolerates k faults) than replication with less
storage cost.
Graceful Degradation
Graceful degradation of application functionality refers to the ability of an
application to maintain limited functionality even when some of the
components, modules, or supporting services are not available.
A well-designed application (modern application) or service typically uses

a collection of loosely coupled modules that communicate with each other.
Especially a business application requires separation of concerns at the
module level so that an outage of a dependent service or module would
not bring down the entire application. The purpose of graceful degradation
of application functionality is to prevent the complete failure of a business
application or service.
For example, consider an e-commerce application that consists of

modules such as product catalog, shopping cart, order status, order
submission, and order processing. Assume that the payment gateway is
unavailable due to some problem. It is impossible for the order processing
module of the application to continue. If the application or service is not
designed to handle this scenario, the entire application might go offline.
However, in this same scenario, it is possible that the product catalog

module can still be available to consumers to view the product catalog.
The application can also allow the consumers to place the order and move
it into the shopping cart. This provides the ability to process the orders
when the payment gateway is available or after failing over to a secondary
payment gateway.

Appendix
Fault Detection and Retry Logic

A key mechanism in a highly available application design is to implement
retry logic within a code to handle service that is temporarily down.
When applications use other services, errors can occur because of

temporary conditions such as intermittent service, infrastructure-level
faults, or network issues. Very often this form of problem can be solved by
retrying the operation a few milliseconds later, and the operation may
succeed. The simplest form of transient fault handling is to implement this
retry logic in the application itself.
To implement this retry logic in an application, it is important to detect and

identify that particular exception which is likely to be caused by a transient
fault condition.
A retry strategy must also be defined to state how many retries can be
attempted before deciding that the fault is not transient and define what
the intervals should be between the retries. The logic will typically attempt
to execute the action(s) a certain number of times, registering an error,
and utilizing a secondary service if the fault continues.
Persistent State Model

In a stateful application model, the session state information (for example
user ID, selected products in a shopping cart, and so on) is usually stored
in compute system memory. However, the information stored in the
memory can be lost if there is an outage with the compute system where
the application runs.
In a persistent state model, the state information is stored out of the

memory and is usually stored in a repository (database). If a compute
system (server) running the application instance fails, the state information
will still be available in the repository.
A new application instance is created on another server which can access

the state information from the database and resume the processing.

Appendix
Database Rollback
A rollback is the operation of restoring a database to a previous state by
canceling a specific transaction or transaction set. Rollbacks are important
for database integrity because they mean that the database can be
restored to a consistent previous state even after erroneous operations
are performed.
Thus, a rollback occurs when a user begins to change data and realizes
that the wrong record is being updated and then cancels the operation to
undo any pending changes. Rollbacks may also be issued automatically
after a server or database crashes, e.g. after a sudden power loss. When
the database restarts, all logged transactions are reviewed; then all
pending transactions are rolled back, allowing users to reenter and save
appropriate changes.
In the example shown in the image, transactions A,B, and C are

performed and committed to the database. Then, transactions D and E are
performed, and an issue is identified. In such case, transactions D and E
should be rolled back. After the database is rolled back, transactions D
and E are cancelled, and database is restored to the previous state with
only committed data.
Need for Data Backup

A backup is an additional copy of production data, created and retained for
the sole purpose of recovering the lost or corrupted data. Typically,
organizations implement backup in order to protect the data from
accidentally deleting files, application crashes, data corruption, and
disaster. Data should be protected at local location as well as to a remote
location for ensuring the availability of service.
The organizations are under pressure to deliver services to customers in

accordance with service level agreements (SLAs). The cost of
unavailability of information is greater than ever, and outages in key
industries cost millions of dollars per hour. So, it is important for any
organization to have backup and recovery solutions in place for meeting
the required SLAs.

Appendix
Recent world events including acts of terrorism, natural disasters, and

large-scale company fraud have resulted in a new raft of legislation
designed to protect company data from loss or corruption. Many
government and regulatory laws mandate that an organization must be
responsible for protecting its employee’s and customer’s personal data.
Backup enables organizations to comply with regulatory requirements.

Data loss can have a financial impact to organizations of all sizes. The
financial impact on a company is a combination of loss of business, low
productivity, legal action, and the cost of re-creating data. Backup
solutions help organizations to avoid financial and business loss in the
event of any disaster.
Backup Operations
The backup server initiates the backup process for different clients based
on the backup schedule configured for them. For example, the backup for
a group of clients may be scheduled to start at 3:00 a.m. every day. The
backup server coordinates the backup process with all the components in
a backup environment.
The backup server maintains the information about backup clients to be

backed up and storage nodes to be used in a backup operation. The
backup server retrieves the backup-related information from the backup
catalog. Based on this information, the backup server instructs the storage
node to load the appropriate backup media into the backup devices.
Simultaneously, it instructs the backup clients to gather the data to be

backed up and sends it over the network to the assigned storage node.
After the backup data is sent to the storage node, the client sends the
backup metadata (the number of files, name of the files, storage node
details, and so on) to the backup server. The storage node receives the
client data, organizes it, and sends it to the backup device.
The storage node then sends additional backup metadata (location of the
data on the backup device, time of backup, and so on) to the backup
server. The backup server updates the backup catalog with this
information. The backup data from the client can be sent to the backup
device over a LAN or a SAN network.

Appendix
Backup Operations Description

Backup initiation method: The backup operation is typically initiated by a
server, but it can also be initiated by a client. A client-initiated backup is a
manual process performed on a backup client. This type of backup is
useful when a user wants to perform backup any time outside of the
regular backup schedule. The user specifies which files, directories, and
file systems need to be backed up. When the client performs a backup, it
sends the backup data to the assigned storage node, and sends the
tracking information to the backup server. A server-initiated backup is a
backup initiated from the backup server. Although backup process can be
run manually, it is normally scheduled to start automatically. The backup
server sends a backup request to a configured group of clients, causing
the clients to gather the data to be backed up.
Backup mode: Hot backup and cold backup are the two modes deployed
for backup. They are based on the state of the application when the
backup is performed. A cold backup requires the application to be
shutdown during the backup process. Hence, this method is also referred
to as offline backup. The disadvantage of a cold backup is that the
application is inaccessible to users during the backup process. In a hot
backup, the application is up-and-running, with users accessing their data
during the backup process. This method of backup is also referred to as
online backup. The hot backup of online production data is challenging
because data is actively being used and changed. If a file is open, it is
normally not backed up during the backup process. In such situations, an
open file agent is required to back up the open file. These agents interact
directly with the operating system or application and enable the creation of
consistent copies of open files.
Backup-type: Typically, backup can be performed at file-level, block-level,

or image-level. In a file-level backup, one or more files on a client system
is backed up. In a block-level backup, data is backed up at block-level
instead of file-level and typically requires client-side processing to identify
the changed blocks. An image-based backup is an image of a physical
compute system or VM, consisting of the block by block contents of a hard
drive. The backup is saved as a single file that is called an image. In the
event of a disaster, a business’ entire data set is preserved, allowing
movement to a new hardware and performing a swift restore of all
information.

Appendix
Recovery Operations
Upon receiving a restore request, an administrator opens the restore
application to view the list of clients that have been backed up. While
selecting the client for which a restore request has been made, the
administrator also needs to identify the client that will receive the restored
data. Data can be restored on the same client for whom the restore
request has been made or on any other client.
The administrator then selects the data to be restored and the specific
point-in-time to which the data must be restored based on the RPO.
Because all this information comes from the backup catalog, the restore
application needs to communicate with the backup server.
The backup server instructs the appropriate storage node to mount the
specific backup media onto the backup device. Data is then read and sent
to the client that has been identified to receive the restored data.
Some restorations are successfully accomplished by recovering only the

requested production data. For example, the recovery process of a
spreadsheet is completed when the specific file is restored. In database
restorations, additional data, such as log files, must be restored along with
the production data.
This ensures consistency for the restored data. In these cases, the RTO is
extended due to the additional steps in the restore operation. It is also
important to have security mechanisms on the backup and recovery
applications to avoid recovery of data by non-authorized users.
Types of Recovery
Operational recovery or restore typically involves the recovery of
individual files or directories after they have been accidentally deleted or
corrupted.
Disaster recovery involves bringing a data center or a large part of a data

center to an operational state in case of a disaster affecting the production
site location. Data for recovery are located in offsite locations. Portable
media, such as tapes, sent to an offsite location could be used for
recovery. In another example, data backed up locally can be replicated to

Appendix
an offsite location by the backup application. Recovery can be from the

most recent point-in-time replicated backup data.
Full VM recovery permanently restore your VMs either to the same host
or to a different virtual host, it can be done through the Live Recovery to
ESXi Server option. The VMs will be restored into the data store that is
present in the storage repositories.
Cloud disaster recovery (Cloud DR) allows enterprises to copy backed-

up VMs from their on-premises environments to the public cloud to
orchestrate DR testing, failover and failback of cloud workloads in a
disaster recovery scenario. These workloads can be run directly in the
public cloud, so full deployment of your on-premises data protection
solutions in the cloud is not required to protect and recover your VMs.
Organizations can manage, recover, failback and test DR plans through
the Cloud DR Server (CDRS) UI. Cloud DR takes advantage of the agility
and cost-effectiveness of cloud object storage (Dell EMC ECS, AWS S3 or
Azure Blob), requires minimal footprint in the public cloud, as well as
minimal compute cycles, delivering a highly efficient disaster recovery
solution.
Achieving Consistency in Backup

Typically while backing up file system data, the data to be backed up is
accessed at the file level. The backup application must have the
necessary file permissions to access the data. The backup is taken at a
specific point-in-time. To ensure consistency of the backup, no changes to
the data should be allowed while the backup is being created.
In case of file systems, consistency can be achieved by taking the file

system offline, i.e. by un-mounting the file system or by keeping the file
system online and flushing host buffers before creating the backup to
ensure that all writes are committed. No further writes are allowed to the
data while the backup is being created.
Backing up data while files are open becomes more challenging because
data is actively being used and changed. An open file is locked by the
operating system and is not copied during the backup process until the

Appendix
user closes it. The backup application can back up open files by retrying
the operation on files that were opened earlier.
During the backup process, it may be possible that files opened earlier will
be closed and a retry will be successful. However, this method is not
considered robust because in some environments certain files are always
open. In such situations, the backup application or the operating system
can provide open file agents. These agents interact directly with the
operating system and enable the creation of copies of open files.
A database is composed of different files which may occupy several file

systems. Data in one file may be dependent upon data in another. A
single transaction may cause updates to several files and these updates
may need to occur in a defined order. A consistent backup of a database
means that all files need to be backed up at the same “point” or state.
Consistent backups of databases can be done using a cold (or offline)
method which means that the database is shutdown while the backup is
running.
The downside is that the database will not be accessible by users. Hot
backup is used in situations where it is not possible to shutdown the
database. Backup is facilitated by database backup agents that can
perform a backup while the database is active. The disadvantage
associated with a hot database backup is that the agents can negatively
affect the performance of the database application server.
Working of Synthetic Full Backup

A synthetic backup takes data from an existing full backup and merges it
with the data from any existing incremental backup. This effectively results
in a new full backup of the data. This backup is called synthetic because
the backup is not created directly from the production data.
All subsequent increments use the created synthetic full backup as a new
starting point. A previously used full backup file remains on backup device
until it is automatically deleted according to the backup retention policy.
A synthetic full backup enables a full backup copy to be created offline

without disrupting the I/O operation on the production volume. This also
frees up network resources from the backup process, making them

Appendix
available for other production uses. Synthetic backups enable to take

advantage of reduced backup window.
Backup Multiplexing
Multiplexing allows backups of multiple client machines to send data to a
single tape drive simultaneously. Multiplexing is useful when your tape
drive throughput is faster than the rate at which data can be extracted
from the source (client).
Multiplexing may decrease backup time for large numbers of clients over
slow networks, but it does so at the cost of recovery time. Restores from
multiplexed tapes must pass over all non-applicable data.
This action increases restore times. When recovery is required,

demultiplexing causes delays in the restore. Multiplexing is primarily used
in physical tape drives to keep it streaming and avoid the “shoe shining”
effect.
Note: Multistreaming
• Multistreaming is a process that divides the backup jobs into multiple

sub-jobs (streams) that run simultaneously and sends data to the
destination backup device.
• Multistreaming allows to use all of the available backup devices on the
system by splitting the backup jobs into multiple jobs using all available
tape devices.
− It will increase the overall backup throughput compared to the
sequential method.
• Multistreaming is useful when performing large backup jobs, since it is
more efficient to divide multiple jobs between multiple backup devices.
Direct-Attached Backup
Direct-attached backups are generally better suited for smaller
environments. The key advantage of direct-attached backups is speed.
The tape devices can operate at the speed of the channels.

Appendix
In a direct-attached backup, the backup device is not shared, which may

lead to silos of backup device in the environment. It might be difficult to
determine if everything is being backed up properly.
As the environment grows, however, there will be a need for central

management of all backup devices and to share the resources to optimize
costs. An appropriate solution is to share the backup devices among
multiple servers.
LAN-Based Backup
In a LAN-based backup, the data to be backed up is transferred from the
backup client (source), to the backup device (destination) over the LAN,
which may affect network performance.
Streaming across the LAN also affects network performance of all

systems connected to the same segment as the backup server.
Network resources are severely constrained when multiple clients access

and share the same backup device. This impact can be minimized by
adopting several measures such as configuring separate networks for
backup and installing dedicated storage nodes for some application
servers.
Agent-Based Backup Approach

This is a popular way to protect virtual machines due to the same workflow
implemented for a physical machine. This means backup configurations
and recovery options follow traditional methods that administrators are
already familiar with.
This approach allows to do a file-level backup and restoration. However,

this backup approach doesn’t capture virtual machine configuration files.
This approach doesn’t provide the ability to backup and restore the VM.
The agent running on the compute system consumes CPU cycles and
memory resources.

Appendix
If multiple VMs on a compute system are backed up simultaneously, then

the combined I/O and bandwidth demands placed on the compute system
by the various backup operations can deplete the compute system
resources.
This may impact the performance of the services or applications running

on the VMs. To overcome these challenges, the backup process can be
offloaded from the VMs to a proxy server. This can be achieved by using
the image-based backup approach.
Image-Based Backup
Image-level backup makes a copy of the virtual machine disk and
configuration associated with a particular VM. The backup is saved as a
single entity called VM image. This type of backup is suitable for restoring
an entire VM in the event of a hardware failure or human error such as the
accidental deletion of the VM. It is also possible to restore individual files
and folders/directories within a virtual machine.
In an image-level backup, the backup software can backup VMs without

installing backup agents inside the VMs or at the hypervisor-level. The
backup processing is performed by a proxy server that acts as the backup
client, thereby offloading the backup processing from the VMs.
The proxy server communicates to the management server responsible

for managing the virtualized compute environment. It sends commands to
create a snapshot of the VM to be backed up and to mount the snapshot
to the proxy server. A snapshot captures the configuration and virtual disk
data of the target VM and provides a point-in-time view of the VM.
The proxy server then performs backup by using the snapshot. Performing
an image-level backup of a virtual machine disk provides the ability to
execute a bare metal restore of a VM.
Given the scalability and sheer explosion in the size of virtualized and
cloud environments, the workload burden placed on one proxy server can
quickly be built. In this scenario, the recommendation is to provision
multiple proxies to handle the combined workload and increase the
amount of parallelism.

Appendix
Changed Block Tracking Mechanism

To further enhance the image-based backup some of the vendors support
changed block tracking mechanism. This feature identifies and tags any
blocks that have changed since the last VM snapshot.
This enables the backup application to backup only the blocks that have
changed, rather than backing up every block. If changed block tracking is
enabled for a VM disk, the virtual machine kernel will create an additional
file where it stores a map of all the VM disk's blocks.
Once a block is changed it will be recorded in this map file. This way the
kernel can easily communicate to a backup application about the blocks of
a file that have changed since a certain point-in-time.
The backup application can then perform a backup by copying only these
changed blocks. Changed block tracking technique dramatically reduces
the amount of data to be copied before additional data reduction
technologies (deduplication) are applied. It also reduces the backup
windows and the amount of storage required for protecting VMs.
Note: Changed block tracking to restore
This technique reduces the recovery time (RTO) compared to full image
restores by only restoring the delta of the changed VM blocks. During a
restore process, it is determined which blocks have changed since the last
backup. For example, if a large database is corrupted, a changed block
recovery would just restore the parts of the database that has changed
since the last backup was made.
Recovery-in-Place
Recovery-in-place (Instant VM recovery) is a term that refers to running a
VM directly from the purpose-built backup appliance, using a backed up
copy of the VM image instead of restoring that image file to the production
system. In the meantime, the VM data is restored to the primary storage
from the backup copy. Once the recovery has been completed, the
workload is redirected to the original VM.

Appendix
One of the primary benefits of recovery-in-place mechanism is that it

eliminates the need to transfer the image from the backup area to the
primary storage (production) area before it is restarted; so the application
that are running on those VMs can be accessed more quickly. It reduces
the RTO.
In a data center environment, a certain percentage of data, which is

retained on a backup media is redundant. The typical backup process for
most organizations consists of a series of daily incremental backups and
weekly full backups. Daily backups are usually retained for a few weeks
and weekly full backups are retained for several months. Because of this
process, multiple copies of identical or slowly-changing data are retained
on backup media, leading to a high level of data redundancy.
A large number of operating systems, application files and data files are
common across multiple systems in a data center environment. Identical
files such as Word documents, PowerPoint presentations and Excel
spreadsheets, are stored by many users across an environment. Backups
of these systems will contain many identical files. Additionally, many users
keep multiple versions of files that they are currently working on. Many of
these files differ only slightly from other versions but are seen by backup
applications as new data that must be protected.
Due to this redundant data, the organizations are facing many challenges.
Backing up redundant data increases the amount of storage needed to
protect the data and subsequently increases the storage infrastructure
cost. It is important for organizations to protect the data within the limited
budget. Organizations are running out of backup window time and facing
difficulties meeting recovery objectives. Backing up large amount of
duplicate data at the remote site or cloud for DR purpose is also very
cumbersome and requires lots of bandwidth.
Data deduplication provides a solution for organizations to overcome

these challenges in a backup and production environment. Deduplication
is the process of detecting and identifying the unique data segments
(chunk) within a given set of data to eliminate redundancy. Only one copy
of the data is stored; the subsequent copies are replaced with a pointer to
the original data.

Appendix
The effectiveness of data deduplication is expressed as a deduplication or

reduction ratio, denoting the ratio of data before deduplication to the
amount of data after deduplication. This ratio is typically depicted as
“ratio:1” or “ratio X”, (10:1 or 10 X). For example, if 200 GB of data
consumes 20 GB of storage capacity after data deduplication, the space
reduction ratio is 10:1. Every data deduplication vendor claims that their
product offers a certain ratio of data reduction. However, the actual data
deduplication ratio varies, based on many factors.
These factors are as follows:
•Retention period: This is the period that defines how long the backup
copies are retained. The longer the retention, the greater is the chance of
identical data existence in the backup set which would increase the
deduplication ratio and storage space savings.
•Frequency of full backup: As more full backups are performed, it

increases the amount of same data being repeatedly backed up. So, it
results in high deduplication ratio.
•Change rate: This is the rate at which the data received from the backup
application changes from backup to backup. Client data with a few
changes between backups produces higher deduplication ratios.
•Data type: Backups of user data such as text documents, PowerPoint

presentations, spreadsheets, and e-mails are known to contain redundant
data and are good deduplication candidates. Other data such as audio,
video, and scanned images are highly unique and typically do not yield
good deduplication ratio.
•Deduplication method: Deduplication method also determines the

effective deduplication ratio. Variable-length, sub-file deduplication
(discussed later in this module) discover the highest amount of
deduplication of data.
File-level deduplication (also called single instance storage) detects and

removes redundant copies of identical files in a backup environment. File-
level deduplication compares a file to be backed up with those already
stored by checking its attributes against an index. If the file is unique, it is
stored and the index is updated; if not, only a pointer to the existing file is
stored. The result is that only one instance of the file is saved and the

Appendix
subsequent copies are replaced with a pointer that points to the original
file. Indexes for file-level deduplication are significantly smaller, which
takes less computational time when duplicates are being determined.
Backup performance is, therefore, less affected by the deduplication
process. File-level deduplication is simple but does not address the
problem of duplicate content inside the files. A change in any part of a file
results in classifying that as a new file and saving it as a separate copy as
shown in the figure. Typically, the file-level deduplication is implemented in
a NAS environment.
Block-level deduplication (sub-file deduplication) operates by inspecting

data segments within files and removing duplication. Smaller segments
make it easier for the deduplication system to find duplicates efficiently.
Sub-file deduplication not only detects duplicate data within a single file,
but also across the files. There are two forms of sub-file deduplication,
fixed-length and variable-length. The fixed-length block deduplication
divides the files into fixed length blocks and uses hash algorithm to find
duplicate data.
Fixed-length block deduplication fixes the chunking at a specific size, for

example 8 KB or may be 64 KB. The difference is that the smaller the
chunk, the more likely is the opportunity to identify it as redundant and
results into greater reductions. However, fixed-length block deduplication
has challenge when a data is inserted or deleted from a file. Inserting or
deleting data causes a shift in all the data after the point of insertion or
deletion. This causes all the blocks after that point to be different. The
data is the same, but the blocks get cut at different points. So a small
insertion of data near the beginning of a file can cause the entire file to be
backed up and stored again.
Variable-length block-level deduplication is an advanced deduplication

technique that provides greater storage efficiency for redundant data,
regardless of where the new data has been inserted. As the name
suggests, the length of the segments vary, thus achieving higher
deduplication ratios. In this method, if there is a change in the block, then
the boundary for that block only is adjusted, leaving the remaining blocks
unchanged. Variable-length block deduplication yields a greater
granularity in identifying duplicate data, improving upon the limitations of
file-level and fixed-length block-level deduplication.

Appendix
Organizations with fast data growth, highly virtualized environments, and

remote offices greatly benefit from variable-length deduplication over a
fixed-block approach. Variable-length deduplication reduces backup
storage and, when performed at the client, also reduces network traffic,
making it ideal for remote backup.
Source-based data deduplication eliminates redundant data at the source

(backup clients) before it transmits to the backup device. The
deduplication agent is installed in the backup client to perform
deduplication. The deduplication server maintains a hash index of the
deduplicated data. The deduplication agent running on the clients checks
each file for duplicate content. It creates the hash value for each chunk of
the file. It checks the hash value with the deduplication server, whether the
hash is present on the server due to its corresponding chunk being stored
previously.
If there is no match on the server, the client will send the hash and the
corresponding chunk to the deduplication server to store the backup data.
If the chunk has already been backed up, then the chunk will not be sent
to the deduplication server by the client, which ensures that the redundant
backup data is eliminated at the client. The deduplication server can be
deployed in different ways. The deduplication server software can be
installed on a general purpose physical server (as shown in the figure) or
on VMs. Some vendors offer deduplication server along with backup
device as an appliance.
The deduplication server would support encryption for secure backup data
transmission and would support replication for disaster recovery purpose.
Source-based deduplication reduces the amount of data that is
transmitted over a network from the source to the backup device, thus
requiring less network bandwidth. There is also a substantial reduction in
the capacity required to store the backup data. Backing up only unique
data from clients reduces the backup window. However, a deduplication
agent running on the client may impact the backup performance,
especially when a large amount of data needs to be backed up. When an
image-level backup is implemented, the backup workload is moved to a
proxy server.
The deduplication agent is installed on the proxy server to perform

deduplication without impacting the VMs that are running applications.

Appendix
Organization can implement source-based deduplication when performing

remote office branch office (ROBO) backup to their centralized data
center. Cloud service providers can also implement source-based
deduplication when performing backup (backup as a service) from
consumer’s location to their location.
Inline deduplication performs deduplication on the backup data before it is

stored on the backup device. With inline data deduplication, the incoming
backup stream is divided into small chunks, and then compared to data
that has already been deduplicated. The inline deduplication method
requires less storage space than the post process approach because
duplicate data is removed as it enters the system. However, inline
deduplication may slow down the overall backup process.
Application Server Deduplication Backup Device

Server
In post-processing deduplication, the backup data is first stored to the disk

in its native backup format and deduplicated after the backup is
completed. In this approach, the deduplication process is separated from
the backup process and the deduplication happens outside the backup
window. However, the full backup data set is transmitted across the
network to the storage target before the redundancies are eliminated. So,
this approach requires adequate storage capacity and network bandwidth
to accommodate the full backup data set. Organizations can consider
implementing target-based deduplication when their backup application
would not have built-in deduplication capabilities.

Appendix
Target
Data Replication
Data is one of the most valuable assets of any organization. It is being
stored, mined, transformed, and utilized continuously. It is a critical
component in the operation and function of organizations. Outages,
whatever may be the cause, are extremely costly, and customers are
always concerned about data availability.
Safeguarding and keeping the data highly available are some of the top
priorities of any organization. To avoid disruptions in business operations,
it is necessary to implement data protection technologies in a data center.
Based on business requirements, data can be replicated to one or more

locations. For example, data can be replicated within a data center,
between data centers, from a data center to a cloud, or between clouds.
In a replication environment, a compute system accessing the production

data from one or more LUNs on storage system(s) is called a production
compute system. These LUNs are known as source LUNs, production
LUNs, or simply the source. A LUN on which the production data is
replicated to is called the target LUN or simply the target or replica.

Appendix
Primary Uses of Replicas

• Alternative source for backup: Under normal backup operations,
data is read from the production LUNs and written to the backup
device. This places an additional burden on the production
infrastructure because production LUNs are simultaneously involved in
production operations and servicing data for backup operations. To
avoid this situation, a replica can be created from production LUN and
it can be used as a source to perform backup operations. This
alleviates the backup I/O workload on the production LUNs.
• Fast recovery and restart: For critical applications, replicas can be
taken at short, regular intervals. This allows easy and fast recovery
from data loss. If a complete failure of the source (production) LUN
occurs, the replication solution enables one to restart the production
operation on the replica to reduce the RTO.
• Decision-support activities, such as reporting: Running reports
using the data on the replicas greatly reduces the I/O burden placed on
the production device.
• Testing platform: Replicas are also used for testing new applications
or upgrades. For example, an organization may use the replica to test
the production application upgrade; if the test is successful, the
upgrade may be implemented on the production environment.
• Data migration: Another use for a replica is data migration. Data
migrations are performed for various reasons such as migrating from a
smaller capacity LUN to one of a larger capacity for newer versions of
the application.
Replica Consistency
Consistency is a primary requirement to ensure the usability of replica
device. In case of file systems (FS), consistency can be achieved either by
taking FS offline i.e. by un-mounting FS or by keeping FS online by
flushing compute system buffers before creating replica.
File systems buffer the data in the compute system memory to improve
the application response time. Compute system memory buffers must be
flushed to the disks to ensure data consistency on the replica, prior to its

Appendix
creation. If the memory buffers are not flushed to the disk, the data on the
replica will not contain the information that was buffered in the compute
system.
Similarly in case of databases, consistency can be achieved either by

taking database offline for creating consistent replica or by keeping online.
If the database is online, it is available for I/O operations, and transactions
to the database update the data continuously.
When a database is replicated while it is online, changes made to the

database at this time must be applied to the replica to make it consistent.
A consistent replica of an online database is created by using the
dependent write I/O principle or by holding I/O momentarily to the source
before creating the replica.
Types of Replication
• Local replication helps to
− Replicate data within the same storage system (in case of remote
replication) or the same data center (in case of local replication).
− Restore the data in the event of data loss or enables restarting the
application immediately to ensure business continuity. Local
replication can be implemented at compute, storage, and network.
• Remote replication helps to
− Replicate data to remote locations (locations can be geographically

dispersed).
− Mitigate the risks associated with regional outages resulting from
natural or human-made disasters.
o During disasters, the services can be moved (failover) to a
remote location to ensure continuous business operation.
− Replicate the data to the cloud for DR purpose. Remote replication
can also be implemented at compute, storage, and network.
o Data can be synchronously or asynchronously replicated.

Appendix
File System Snapshot

• A snapshot is a virtual copy of a set of files, VM, or LUN as they
appeared at a specific point-in-time (PIT). A point-in-time copy of data
contains a consistent image of the data as it appeared at a given point
in time.
• Snapshots can establish recovery points in just a small fraction of time
and can significantly reduce RPO by supporting more frequent
recovery points. If a file is lost or corrupted, it can typically be restored
from the latest snapshot data in just a few seconds.
• FS snapshot is a pointer-based replica that requires a fraction of the
space used by the production FS.
• When a snapshot is created, a bitmap and blockmap are created in the
metadata of the snapshot FS. The bitmap is used to keep track of
blocks that are changed on the production FS after the snapshot
creation. The blockmap is used to indicate the exact address from
which the data is to be read when the data is accessed from the
snapshot FS.
• After the creation of the FS snapshot, all reads from the snapshot are
actually served by reading the production FS. If a write I/O is issued to
the production FS for the first time after the creation of a snapshot, the
I/O is held and the original data of production FS corresponding to that
location is moved to the snapshot FS. Then, the write is allowed to the
production FS.
• The bitmap and the blockmap are updated accordingly. To read from
the snapshot FS, the bitmap is consulted. If the bit is 0, then the read
will be directed to the production FS. If the bit is 1, then the block
address will be obtained from the blockmap and the data will be read
from that address on the snapshot FS. Read requests from the
production FS work as normal.
• Typically read-only snapshots are created to preserve the state of the
production FS at some PIT, but sometime the writeable FS snapshots
are also created for some business operations such as testing and
decision support.

Appendix
VM Clone
• When the cloning operation completes, the clone becomes a separate
VM. The changes made to a clone do not affect the parent VM.
Changes made to the parent VM do not appear in a clone.
• Installing a guest OS and applications on a VM is a time-consuming
task. With clones, administrators can make many copies of a virtual
machine from a single installation and configuration process.
− For example, in an organization, the administrator can clone a VM
for each new employee, with a suite of preconfigured software
applications.
• Snapshot is used to save the current state of the virtual machine, so
that it can allow to revert to that state in case of any error. But clone is
used when a copy of a VM is required for separate use.
− A full clone is an independent copy of a VM that shares nothing
with the parent VM. Because a full clone needs to have its own
independent copy of the virtual disks, the cloning process may take
a relatively longer time.
− A linked clone is made from a snapshot of the parent VM. The
snapshot is given a separate network identity and assigned to the
hypervisor to run as an independent VM.
• All files available on the parent now of the snapshot creation continue
to remain available to the linked clone VM in read-only mode.
− The ongoing changes (writes) to the virtual disk of the parent do not
affect the linked clone and the changes to the virtual disk of the
linked clone do not affect the parent. All the writes by the linked
clone are captured in a delta disk.
Snapshot – RoW
Some pointer-based virtual replication implementation use redirect on

write technology (RoW).

Appendix
• Redirects new writes destined for the source LUN to a reserved LUN in
the storage pool.
• Replica (snapshot) still points to the source LUN.
− All reads from the replica are served from the source LUN.
To learn more about snapshot-RoW, click here.
Remote Replication – Synchronous

• Storage-based synchronous remote replication provides near zero
RPO where the target is always identical to the source.
• Writes must be committed to the source and the remote target prior to
acknowledging “write complete” to the production compute system.
− Writes on the source cannot occur until each preceding write has
been completed and acknowledged. This ensures that data is
always identical on the source and the target.
− Writes are transmitted to the remote site exactly in the order in
which they are received at the source. Therefore, write ordering is
maintained and it ensures transactional consistency when the
applications are restarted at the remote location.
• Most of the storage systems support consistency groups, which allow
all LUNs belonging to a given application, usually a database, to be
treated as a single entity and managed as a whole. This helps to
ensure that the remote images are consistent.
− The remote images are always restartable copies.

Note:
Application response time is increased with synchronous remote

replication because writes must be committed on both the source and the
target before sending the “write complete” acknowledgment to the
compute system. The degree of impact on response time depends
primarily on the distance and the network bandwidth between sites. If the
bandwidth provided for synchronous remote replication is less than the
maximum write workload, there will be times during the day when the
response time might be excessively elongated, causing applications to

Appendix
time out. The distances over which synchronous replication can be

deployed depends on the application’s capability to tolerate the extensions
in response time. Typically, synchronous remote replication is deployed
for distances less than 200 KM (125 miles) between the two sites.
Remote Replication – Asynchronous

• In asynchronous remote replication, a write from a production compute
system is committed to the source and immediately acknowledged to
the compute system.
• Asynchronous replication also mitigates the impact to the application’s
response time because the writes are acknowledged immediately to
the compute system. This enables to replicate data over distances of
up to several thousand kilometers between the source site and the
secondary site (remote locations).
• Compute system writes are collected into buffer (delta set) at the
source. This delta set is transferred to the remote site in regular
intervals.
• Adequate buffer capacity should be provisioned to perform
asynchronous replication.
• Makes asynchronous replication resilient to temporary increase in
the write workload or loss of network link.
• RPO depends on the size of the buffer, the available network
bandwidth, and the write workload to the source. This replication can
take advantage of locality of reference (repeated writes to the same
location).
− If the same location is written multiple times in the buffer prior to

transmission to the remote site, only the final version of the data will
transmit.
− Conserves link bandwidth.
Multi-Site Replication
• Multi-site replication mitigates the risks identified in two-site replication.
In a multi-site replication, data from the source site is replicated to two

Appendix
or more remote sites. The example shown in the figure is a three-site

remote replication solution.
• In this approach, data at the source is replicated to two different
storage systems at two different sites. The source to remote site 1
(target 1) replication is synchronous with a near-zero RPO. The source
to remote site 2 (target 2) replication is asynchronous with an RPO in
the order of minutes.
− At any given instant, the data at the remote site 1 and the source is
identical. The data at the remote site 2 is behind the data at the
source and the remote site 1.
− The replication network links between the remote sites will be in
place but not in use.
− The difference in the data between the remote sites is tracked so
that if a source site disaster occurs, operations can be resumed at
the remote site 1 or the remote site 2 with incremental
resynchronization between these two sites.
• The key benefit of this replication is the ability to failover to either of the
two remote sites in the case of source site failure, with disaster
recovery (asynchronous) protection between the remote sites.
− Disaster recovery protection is always available if any one-site

failure occurs. During normal operations, all three sites will be
available, and the production workload will be at the source site.
Remote Replication CDP Operation

• For an asynchronous operation, writes at the source CDP appliance
are accumulated, and redundant blocks are eliminated. Then, the
writes are sequenced and stored with their corresponding timestamp.
− The data is then compressed, and a checksum is generated. It is
then scheduled for delivery across the IP or FC network to the
remote CDP appliance.
− After the data is received, the remote appliance verifies the
checksum to ensure the integrity of the data. The data is then
written to the remote journal volume.

Appendix
− Data is then copied to the remote replica from the journal.

• In the synchronous replication mode, the host application waits for an
acknowledgment from the CDP appliance at the remote site before
initiating the next write.
− The synchronous replication mode impacts the application’s

performance under heavy write loads.
Why do we need data archiving?

Data in the primary storage is actively accessed and changed. As data
ages, it is less likely to change and eventually becomes “fixed” but
continues to be accessed by applications and users. This data is called
fixed data. Fixed data is growing at over 90 percent annually. Keeping the
fixed data in primary storage systems poses several challenges.
Firstly, preserving data on the primary storage system causes increasing

consumption of expensive primary storage.
Secondly, high performance primary storage is used to store less

frequently accessed data, making it difficult to justify the cost of storage.
Thirdly, data that must be preserved over a long period for compliance
reasons may be modified or deleted by the users.
This poses a risk of a compliance breach. Finally, the backup of high-

growth fixed data results in an increased backup window and related
backup storage cost. Data archiving addresses these challenges.
Data Archiving and Its Benefits

Data archiving is the process of moving fixed data that is no longer
actively accessed to a separate lower cost archive storage system for long
term retention and future reference. With archiving, the capacity on
expensive primary storage can be reclaimed by moving infrequently-
accessed data to lower-cost archive storage.
Archiving fixed data before taking backup helps to reduce the backup
window and backup storage acquisition costs. Data archiving helps in

Appendix
preserving data that may be needed for future reference and data that
must be retained for regulatory compliance. For example, new product
innovation can be fostered if engineers can access archived project
materials such as designs, test results, and requirement documents.
Similarly, both active and archived data can help data scientists drive new
innovations or help to improve current business processes. In addition,
government regulations and legal/contractual obligations mandate
organizations to retain their data for an extended period.
Data Archiving Operation

The data archiving operation involves the archiving agent, the archive
server/policy engine, and the archive storage. The archiving agent scans
the primary storage to find files that meet the archiving policy defined on
the archive server (policy engine).
After the files are identified for archiving, the archive server creates the
index for the files. Once the files have been indexed, they are moved to
the archive storage and small stub files are left on the primary storage.
Each archived file on primary storage is replaced with a stub file. The stub
file contains the address of the archived file. As the size of the stub file is
small, it significantly saves space on primary storage.
From a client’s perspective, the data movement from primary storage to

secondary storage is completely transparent.
Correlating Storage Tiering and Archive

Storage tiering is a technique of establishing a hierarchy of storage types
(tiers) and identifying the candidate data to relocate to the appropriate
storage type to meet service level requirements at a minimal cost. Each
storage tier has different levels of protection, performance, and cost.
As the tier number reduces, the storage performance improves but the
cost of storage increases which limits the usage of storage capacity. The
higher the tier number, the higher can be the storage capacity due to its
cost advantage.

Appendix
Archive storage is typically configured as the final tier or highest numbered

tier in the storage tiering. Keeping frequently used data in lowered
numbered tiers, called performance tiers, improves application
performance.
Moving less-frequently accessed data or fixed data to the highest

numbered tier, called the archive tier, can free up storage space in
performance tiers and reduce the cost of storage.
Tiering Example: NAS to Archive File Movement

The image illustrates an example of file-level storage tiering, where files
are moved from a NAS device (primary storage system) to an archive
storage system. The environment includes a policy engine, where tiering
policies are configured. The policy engine facilitates automatically moving
files from primary to archive storage.
Before moving a file to archive storage, the policy engine scans the NAS
device to identify files that meet the predefined tiering policies. After
identifying the candidate files, the policy engine creates stub files on the
NAS device and then moves the candidate files to the destination archive
storage.
The small, space-saving stub files point to the actual files in the archive
storage. When an application server (NAS client) tries to access a file from
its original location on the NAS device, the actual file is provided from the
archive storage.
Archiving Use Case: Email Archiving

• Email archiving is the process of archiving emails from the mail server
to an archive storage. After the email is archived, it is retained for
years, based on the retention policy.
• Legal Dispute/Government Compliance:
− An organization may need to produce all emails from all individuals
involved in stock sales or transfers. Failure to comply with these
requirements could cause an organization to incur penalties. Email
archiving allows to retrieve the required emails from the archive

Appendix
storage. Email archiving helps to meet government compliance

requirements such as Sarbanes-Oxley and SEC regulations.
− An organization may be involved in a legal dispute and they need to
produce all emails within a specified time period containing specific
keywords that were sent to or from certain people. Email archiving
allows to retrieve the required emails from the archive storage.
• Mailbox Space Saving:
− An organization may configure a quota on each mailbox to limit its

size. A fixed quota for a mailbox forces users to delete emails as
they approach the quota size. However, end users often need to
access emails that are weeks, months, or even years old. With
email archiving, organizations can free up space in user mailboxes
and still provide user access to older emails. Email archiving also
provides more mailbox space by moving old emails to archive
storage.
Key Features of CAS

The key features of CAS are as follows:
Content integrity: It provides assurance that the stored data has not
been altered. If the fixed data is altered, CAS generates a new content
address for the altered data, rather than overwriting the original fixed data.
Content authenticity: It assures the genuineness of stored data. This is

achieved by generating a unique content address for each object and
validating the content address for stored objects at regular intervals.
Content authenticity is assured because the address assigned to each
object is as unique as a fingerprint. Every time an object is read, CAS
uses a hashing algorithm to recalculate the object’s content address as a
validation step and compares the result to its original content address. If
the object validation fails, CAS rebuilds the object.
Single-instance storage: CAS uses a unique content address to

guarantee the storage of only a single instance of an object. When a new
object is written, the CAS system is polled to see whether an object is
already available with the same content address. If the object is available

Appendix
in the system, it is not stored; instead, only a pointer to that object is

created.
Retention enforcement: Protecting and retaining objects is a core

requirement of an archive storage. After an object is stored in CAS system
and the retention policy is defined, CAS does not make the object
available for deletion until the policy expires.
Key Features of CAS - Contd.,

• Location independence: CAS uses a unique content address, rather
than directory path names or URLs, to retrieve data. This makes the
physical location of the stored data irrelevant to the application that
requests the data.
• Data protection: CAS provides both local and remote protection to the
objects stored on it. In the local protection option, data objects are
either mirrored or parity protected. For remote protection, objects are
replicated to a secondary CAS at a remote location. In this case, the
objects remain accessible from the secondary CAS if the primary CAS
fails
• Performance: CAS stores all objects on disks which provide faster
access to the objects compared to tapes and optical discs.
• Self-healing: CAS automatically detects and repairs corrupted objects
and alerts the administrator about the potential problem. CAS can be
configured to alert remote support teams who can diagnose and repair
it remotely.
• Audit trails: CAS keeps track of management activities and any access
or disposition of data. Audit trails are mandated by compliance
requirements.
The various data migration techniques are as follows:
SAN-based data migration involves migrating data at the block-level

between storage systems within a data center or across data centers. In a
SAN-based technique, the migration software installed on the storage
system performs direct data migration between storage systems. Even the
data migration between storage systems can happen by using
virtualization appliance.

Appendix
NAS-based data migration involves migrating data at the file-level

between NAS systems. Even the file migration between NAS systems can
happen by using intermediary compute systems or virtualization
appliance.
In a host-based migration, a specialized tool is installed on the compute

system to perform migration. In a virtualized environment, it is important to
migrate running VMs between hypervisors for various reasons such as
avoiding downtime and balancing the workload across hypervisors. The
two key hypervisor-based migration techniques are VM live migration and
VM storage migration.
Application migration typically involves the migration of application from

one environment to another. Organizations have numerous migration
options and choosing the appropriate solution depends on several factors.
Ease of configuration and management, hardware capabilities, ability to
throttle the rate of data movement, and determining application impact are
critical when making a choice.
The best solution in one migration may not necessarily be the best
solution for another migration. No one-size-fits-all migration tool or solution
exists. Each migration solution has its own set of advantages and
challenges. So, it is important to choose an appropriate solution to
successfully perform migration operation.
SAN-based data migration can also be implemented using a virtualization

appliance at the SAN. Typically for data migration, the virtualization
appliance (controller) provides a translation layer in the SAN, between the
compute systems and the storage systems. The LUNs created at the
storage systems are assigned to the appliance. The appliance abstracts
the identity of these LUNs and creates a storage pool by aggregating
LUNs from the storage systems. A virtual volume is created from the
storage pool and assigned to the compute system. When an I/O is sent to
a virtual volume, it is redirected through the virtualization layer at the SAN
to the mapped LUNs.
For example, an administrator wants to perform a data migration from

storage system A to system B as shown in the figure. The virtualization
layer handles the migration of data, which enables LUNs to remain online
and accessible while data is migrating. In this case, physical changes are

Appendix
not required because the compute system still points to the same virtual
volume on the virtualization layer. However, the mapping information on
the virtualization layer should be changed. These changes can be
executed dynamically and made transparent to the end user. The key
advantage of using virtualization appliance is to support data migration
between multi-vendor heterogeneous storage systems.
Organizations require a robust file sharing environment that is dynamically

expandable, easily maintained, and flexible. When businesses outgrow
their current file servers and feel concerned about regulatory compliance,
it is time for them to upgrade the infrastructure. NAS-based data migration
allows the organizations to move the data from their old file servers to the
NAS systems. Now-a-days the organizations want to move the file-level
data to the new NAS systems especially scale-out NAS, to meet their
business demands. The key requirements for NAS-based data migration
is the file-level data that needs to be accessed all the times by the clients.
In a NAS to NAS direct data migration, file-level data is migrated from one
NAS system to another directly over the LAN without the involvement of
any external server. The two primary options of performing NAS-based
migration is either by using NDMP protocol or software tool. In this
example, the new NAS system initiates the migration operation and pulls
the data directly from the old NAS system over the LAN. The key
advantage of NAS to NAS direct data migration is that there is no need for
an external component (host or appliance) to perform or initiate the
migration process.
Application migration typically involves moving the application from one

data center environment to another. Typically, the organization can move
the application from physical to virtual environment. In a virtualized
environment, the application can also be moved from one hypervisor to
another for various business reasons such as balancing workload for
improving performance and availability. In an application migration from a
physical to virtual environment, the physical server running the application
is converted into a virtual machine. This option usually requires a
converter software that clones the data on the hard disk of the physical
compute system and migrates the disk content (application, OS, and data)
to an empty VM.

Appendix
After this, the VM is configured based on the physical compute system

configuration and the VM is booted to run the application. Virtual machine
live migration technique can be used to move a running application from a
VM to another VM without any downtime. This method involves copying
the contents of VM memory from the source hypervisor to the target and
then transferring the control of the VM’s disk files to the target hypervisor.
Next, the VM is suspended on the source hypervisor, and the VM is
resumed on the target hypervisor.
Application Migration Strategies
Forklift Migration Strategy: In this strategy, rather than moving

applications in parts over the time, all applications are picked up at once
and moved to the new environment. Tightly coupled applications (multiple
applications that are dependent on each other and cannot be separated)
or self-contained applications might be better served by using the forklift
approach.
Hybrid Migration Strategy: In this strategy, some parts of the application

are moved to the new environment while leaving the other parts of the
application in place. Rather than moving the entire application at once,
parts of it can be moved and optimized, one at a time. This strategy is
good for large systems that involve several applications and those that are
not tightly coupled.
Key Attributes of SDDC

• SDDC is viewed as an important step to progress towards a complete
virtualized data center (VDC), and is regarded as the necessary
foundational infrastructure for third platform transformation.
• The key attributes of SDDC are:
− Abstraction and pooling: SDDC abstracts and pools IT resources

across heterogeneous infrastructure. IT resources are pooled to
serve multiple users or consumers using a multi-tenant model.
Multi-tenancy enables multiple consumers to share the pooled
resources, which improves utilization of the resource pool.
Resources from the pool are dynamically assigned and reassigned
according to consumer demand.

Appendix
− Automated, policy-driven provisioning including data

protection: In the SDDC model, IT services are dynamically
created and provisioned including data protection from available
resources based on defined policy. If the policy changes, the
environment dynamically and automatically responds with the new
requested service level.
− Unified management: Traditional multi-vendor, siloed
environments require independent management, which is complex
and time consuming. SDDC provides a unified storage
management interface that provides an abstract view of the IT
infrastructure. Unified management provides a single control point
for the entire infrastructure across all physical and virtual resources.
− Self-service: SDDC enables automated provisioning and self-
service access to IT resources. This enables organizations to allow
users to select services from a self-service catalog and self-
provision them.
− Metering: The usage of resources per user is measured and
reported by a metering system. Metering helps in controlling and
optimizing resource usage as well as generating bills for the utilized
resources.
− Open and extensible: An SDDC environment is open and easy to
extend, which enables adding new capabilities. An extensible
architecture enables integrating multi-vendor resources, and
external management interfaces and applications into the SDDC
environment using APIs.
Software Controller
• The control plane in software-defined data center is implemented by a
software controller. The controller is a software that:
• Discovers the available underlying resources and provides an
aggregated view of resources. It abstracts the underlying hardware
resources (compute, storage, and network) and pools them.
− This enables the rapid provisioning of resources from the pool,
based on pre-defined policies that align to the service level
agreements for different users.

Appendix
− Enables storage management and provisioning.

• Enables organizations to dynamically, uniformly, and easily modify and
manage their infrastructure.
• Enables an administrator to manage the resources, node connectivity,
and traffic flow. It also controls the behavior of underlying components,
allows applying policies uniformly across the infrastructure
components, and enforces security, all from a software interface.
• Provides interfaces that enable software external to the controller to
request resources and access these resources as services.
• CLI and GUI are native management interfaces of the controller. API is
used by external software to interact with controller.
Architecture of SDDC
• The SDDC architecture decouples the control plane from the data
plane.
− It separates the control functions from the underlying infrastructure
components and provides it to an external software controller.
− The centralized control plane provides policies for processing and
transmission of data, which can be uniformly applied across the
multi-vendor infrastructure components.
− The policies can also be upgraded centrally to add new features
and to address application requirements.
• The controller usually provides CLI and GUI for administrators to
manage the IT infrastructure and configure the policies. It also
automates and orchestrates many hardware-based or component-
specific management operations.
− This reduces the need for manual operations that are repetitive,
error-prone, and time-consuming.
• The software controller provides APIs for external management tools
and orchestrators to manage data center infrastructure and orchestrate
controller operations.
• The SDDC architecture enables users to view and access IT resources
as a service from a self-service portal.

Appendix
− The portal provides a service catalog that lists a standardized set of

services available to the users.
• The service catalog allows a user to request or order a service from
the catalog in a self-service way.
− The request is forwarded to the software controller by an

orchestrator or a management tool. Upon receiving the request, the
controller provisions appropriate resources to deliver the service.
Key Benefits of SDDC

• Agility: SDDC enables faster provisioning of resources based on
workload policies. Consumers provision infrastructure resources via
self-service portal. These significantly improve business agility.
• Cost efficiency: SDDC enables organizations to use commodity
hardware and existing infrastructure, which significantly lowers
CAPEX.
• Improved control: SDDC provides improved control over application
availability and security through policy-based governance. SDDC
provides automated data protection and disaster recovery features.
Automated, policy-driven operations help in reducing manual errors.
• Centralized management: An SDDC is automated, and managed by
intelligent, policy-based data center management software, vastly
simplifying governance and operations.
− A single, unified management platform allows centrally monitoring
and administering of all applications across physical geographies,
heterogeneous infrastructure, and hybrid clouds.
− Organizations can deploy and manage workloads in physical,
virtual, and cloud environments with a unified management
experience.
• Flexibility: SDDC enables organizations to use heterogeneous
commodity hardware and the most advanced hardware technologies
as they see fit.

Appendix
− Lower-value workloads can run on commodity hardware, while

software-based services and mission-critical applications can run
on advanced, more-intelligent infrastructure.
− SDDC also supports the adoption of cloud model through the use of
standard protocols and APIs.
Functions of SDS Controller

• Discovery: The SDS controller discovers various types of physical
storage systems available in a data center to gather data about the
components and bring them under its control and management.
− Includes information on the storage pools and the storage ports for
each storage system.
• Resource abstraction and pooling: The SDS controller abstracts the
physical storage systems into virtual storage systems and virtual
storage pools according to the policies configured by the
administrators. The SDS controller also:
− Enables an administrator to define storage services for the end
users.
− Provides three types of interfaces to configure and monitor the SDS
environment as well as provision virtual storage resources.
− Command line interface (CLI), graphical user interface (GUI), and
application programming interface (API)142.
• Service provisioning: The defined storage services are typically visible
and accessible to the end users through a service catalog. The service
catalog:
142API enables the external management tools and applications to interact

with the SDS controller for extracting data, monitoring SDS environment,
and creating logical storage resources.

Appendix
− Allows the end user to specify a compute system for which a virtual
storage must be provisioned and a virtual storage system and
virtual storage pool from which the storage has to be derived.
− Automates the storage provisioning tasks and delivers virtual
storage resources based on the requested services.
Virtual Storage Pool

• Virtual storage resources are provisioned to the end users from the
virtual storage pools. While provisioning a storage resource, users
choose the virtual storage pool from which the storage will be used and
the SDS controller automatically selects an appropriate storage pool to
meet the provisioning request.
− Users do not need to know the details of the underlying physical
storage infrastructure. This is in contrast to the traditional storage
provisioning where users provision storage resources from the
physical storage systems.
− Examples of virtual storage pool are block storage virtual pool and
file storage virtual pool.
• Multiple storage pools help to create tiered storage services such as
gold pool (high), silver pool (moderate), and bronze pool (low).
• The SDS controller is usually capable of matching the existing storage
pools to the virtual storage pool characteristics specified by an
administrator.
− The administrator can enable automatic assignment of the
matching storage pools to the virtual storage pool or carry out the
process manually.
• A storage pool may belong to multiple virtual storage pools. A virtual
storage pool may reside in a single data center or it may span multiple
data centers.

Appendix
Virtual Switch Example
Physical Compute System Physical Compute System
Consider the example of a web application that runs on a VM and needs

to communicate with a database (DB) server as shown in the image.
• The database server is hosted on another VM on the same compute

system.
• The two VMs can be connected via a virtual switch to enable them to
communicate with each other.
− Because the traffic between the VMs does not travel over a network
external to the compute system, the data transfer speed between
the VMs is increased.
• The VMs residing on different compute systems may need to
communicate either with each other, or with other physical compute
systems such as a client machine.
− The virtual switch must be connected to the network of physical

compute systems.
− The VM traffic travels over both the virtual switch and the network
of physical compute systems as shown in the image.

Appendix
What is Cloud Computing

According to U.S. National Institute of Standards and Technology, Special
Publication 800-145, “Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction.”
The cloud model is like utility services such as electricity, water, and
telephone. When consumers use these utilities, they are typically unaware
of how the utilities are generated or distributed. The consumers
periodically pay for the utilities based on usage. Consumers simply hire IT
resources as services from the cloud without the risks and costs
associated with owning the resources.
Cloud services are accessed from different types of client devices over
wired and wireless network connections. Consumers pay only for the
services that they use, either based on a subscription or based on
resource consumption. The figure on the slide illustrates a generic cloud
computing environment, wherein various types of cloud services are
accessed by consumers from different client devices over different
network types.
Traditional IT vs. Cloud Computing

Traditionally, IT resources such as hardware and software are often
acquired by the organization to support their business applications. The
acquisition and provisioning of new resources commonly follow a rigid
procedure that includes approvals from the concerned authorities.
As a result, they may take up a considerable amount of time. This can

delay operations and increase the time-to-market. Additionally, to the
extent allowed by the budget, the IT resources required for an application
are sized based on peak usage. This results in incurring high up-front
capital expenditure (CAPEX) even though the resources remain
underutilized for most of the time.

Appendix
As workloads continue to grow and new technologies emerge, businesses

may not afford for investments to increase proportionally. Further, a
significant portion of the IT budget goes to support and maintain the
existing IT infrastructure, leaving a little to provide innovative solutions to
the business.
In cloud computing, users rent IT resources such as storage, processing,

network bandwidth, application, or a combination of them as cloud
services. Cloud computing enables on-demand resource provisioning and
scalability. IT resources are provisioned by the users using a self-service
portal backed by an automated fulfillment process. These provide quick
time-to-market, and potentially competitive advantage.
Resource consumption is measured by using a metering service which

may help in billing users as per consumption. Users can de-provision the
rented resources when resources are no longer needed. This reduces the
investment in IT infrastructure and improves the resource utilization. This
also reduces expenses associated with IT infrastructure management,
floor space, power, and cooling. Further, reduction of IT maintenance
tasks can drive new business initiatives, discovery of new markets, and
innovation.
A computing infrastructure can be classified as a cloud only if it has some

specific essential characteristics, which are subsequently discussed.
From a business perspective, each advancing wave of technology and

business sophistication changes the way IT works. Businesses must
adopt new IT products and solutions rapidly to stay competitive in the
market. This may enforce organizations to periodically upgrade their IT
infrastructure and acquire new software and hardware resources. As an
organization’s capital expenditure (CAPEX) rises, the risk associated with
the investment also increases. For small and medium sized businesses,
this may be a big challenge, which eventually restricts their ability to grow.
As an individual, it may not be sensible or affordable to purchase new
applications every time if you need them only for a brief period. This image
shows various requirements and constraints from a business perspective
as well as an individual perspective and shows the way a cloud can
address these constraints and requirements.

Appendix
Cloud Service Models - IaaS

• Defined as “the capability provided to the consumer is to provision
processing, storage, networks, and other fundamental computing
resources where the consumer is able to deploy and run arbitrary
software, which can include operating systems and applications. "
• Consumer does not manage or control the underlying cloud
infrastructure but has control over operating systems, storage, and
deployed applications; and possibly limited control of select networking
components
• IaaS can even be implemented internally by an organization with
internal IT managing the resources and services. IaaS pricing can be
subscription-based or based on resource usage. Keeping in line with
the cloud characteristics, the provider pools the underlying IT
resources which are shared by multiple consumers through a multi-
tenant model.
Cloud as a Service - Platform as a Service (PaaS)

• Defined as “the capability provided to the consumer is to deploy onto
the cloud infrastructure consumer-created or acquired applications
created using programming languages, libraries, services, and tools
supported by the provider. "
infrastructure including network, servers, operating systems, or
storage, but has control over the deployed applications and possibly
configuration settings for the application-hosting environment
configurations.
• Includes compute, storage, and network resources along with platform
software. Platform software includes software such as OS, database,
programming frameworks, middleware, and tools to develop, test,
deploy, and manage applications
• PaaS usage fees are typically calculated based on factors such as the
number of consumers, the types of consumers (developer, tester, and
so on), the time for which the platform is in use, and the compute,
storage, or network resources consumed by the platform.

Appendix
Software as a Service - SaaS

• Defined as “the capability provided to the consumer is to use the
provider’s applications running on a cloud infrastructure. The
applications are accessible from various client devices through either a
thin client interface, such as a web browser, (e.g., web-based email),
or a program interface."
infrastructure including network, servers, operating systems, storage,
or even individual application capabilities, with the possible exception
of limited user-specific application configuration settings
• SaaS applications execute in the cloud and usually do not need
installation on end-point devices. This enables a consumer to access
the application on demand from any location and use it through a web
browser on a variety of end-point devices.
• Customer Relationship Management (CRM), email, Enterprise
Resource Planning (ERP), and office suites are examples of
applications delivered through SaaS.
Public Cloud
A cloud infrastructure deployed by a provider to offer cloud services to the
general public and/or organizations over the Internet.
There may be multiple tenants (consumers) who share common cloud

resources. A provider typically has default service levels for all consumers
of the public cloud. The provider may migrate a consumer’s workload at
any time, to any location.
Some providers may optionally provide features that enable a consumer to

configure their account with specific location restrictions.
Services may be free, subscription-based or provided on a pay-per-use

model. Public cloud provides the benefits of low up-front expenditure on
IT resources and enormous scalability. However, some concerns for the
consumers include network availability, risks associated with multi-
tenancy, limited or no visibility and control over the cloud resources and
data, and restrictive default service levels.

Appendix
Private Cloud
Many organizations may not wish to adopt public clouds as they are
accessed over the open Internet and used by the general public. With a
public cloud, an organization may have concerns related to privacy,
external threats, and lack of control over the IT resources and data.
When compared to a public cloud, a private cloud offers organizations a

greater degree of privacy and control over the cloud infrastructure,
applications, and data. The private cloud model is typically adopted by
larger-sized organizations that have the resources to deploy and operate
private clouds.
There are two variants of a private cloud: on-premise and externally-

hosted.
Community Cloud - On Premise

A community cloud is a cloud infrastructure that is set up for the sole use
by a group of organizations with common goals or requirements. The
organizations participating in the community typically share the cost of the
community cloud service. If various organizations operate under common
guidelines and have similar requirements, they can all share the same
cloud infrastructure and lower their individual investments.
Since the costs are shared by lesser consumers than in a public cloud,
this option may be more expensive. However, a community cloud may
offer a higher level of control and protection against external threats than a
public cloud. There are two variants of a community cloud: on-premise
and externally-hosted. In an on-premise community cloud, one or more
participant organizations provide cloud services that are consumed by the
community.
Each participant organization may provide cloud services, consume

services, or both. At least one community member must provide cloud
services for the community cloud to be functional. The cloud infrastructure
is deployed on the premises of the participant organization(s) providing
the cloud services. The organizations consuming the cloud services
connect to the clouds of the provider organizations over a secure network.

Appendix
The organizations providing cloud services require IT personnel to

manage the community cloud infrastructure.
Participant organizations that provide cloud services may implement a

security perimeter around their cloud resources to separate them from
their other non-cloud IT resources. Additionally, the organizations that
consume community cloud services may also implement a security
perimeter around their IT resources that access the community cloud.
Many network configurations are possible in a community cloud. The

figure on the slide illustrates an on-premise community cloud, the services
of which are consumed by enterprises P, Q, and R. The community cloud
comprises two cloud infrastructures that are deployed on the premises of
Enterprise P and Enterprise Q, and combined to form a community
cloud.
Externally Hosted Community Cloud - Appendix

Participant organizations of the community outsource the implementation
of the community cloud to an external cloud service provider.
The cloud infrastructure is hosted on the premises of the external cloud

service provider and not within the premises of any of the participant
organizations.
The provider:
• Manages the cloud infrastructure and facilitates an exclusive

community cloud environment for the participant organizations. The IT
infrastructure of each of the participant organizations connects to the
externally-hosted community cloud over a secure network.
• Enforces security mechanisms in the community cloud as per the
requirements of the participant organizations. The cloud infrastructure
may be shared by multiple tenants.
• Provides a security perimeter around the community cloud resources;
and they are separated from other cloud tenants by access policies
implemented by the provider’s software.

Appendix
Using an external provider’s cloud infrastructure for the community cloud

may offer access to a larger pool of resources as compared to an on-
premise community cloud.
Hybrid Cloud
Is composed of two or more individual clouds, each of which can be
private, community, or public clouds. There can be several possible
compositions of a hybrid cloud as each constituent cloud may be of one of
the five variants as discussed previously.
Each hybrid cloud has different properties in terms of parameters such as

performance, cost, security, and so on.
May change over the period as component clouds join and leave. In a
hybrid cloud environment, the component clouds are combined using
open or proprietary technology such as interoperable standards,
architectures, protocols, data formats, application programming interfaces
(APIs), and so on.
The use of such technology enables data and application portability.
The image illustrates a hybrid cloud that is composed of an on-premise

private cloud deployed by enterprise Q and a public cloud serving
enterprise and individual consumers in addition to enterprise Q.
Cloud Computing Benefits

Provides the capability to provision IT resources quickly and at any time,
thereby considerably reducing the time required to deploy new
applications and services. This enables businesses to reduce the time-to-
market and to respond more quickly to market changes.
Enables the consumers to rent any required IT resources based on the

pay-per-use or subscription pricing. This reduces a consumer’s IT capital
expenditure as investment is required only for the resources needed to
access the cloud services

Appendix
Has the ability to ensure availability at varying levels, depending on the

provider’s policy towards service availability. Redundant infrastructure
components enable fault tolerance for cloud deployments.
Data in a cloud can be broken into small pieces and distributed across a
large cluster of nodes in such a manner that an entire data set can be
reconstructed even if there is failure of individual nodes.
Cloud-based applications may be capable of maintaining limited

functionality even when some of their components, modules, or supporting
services are not available. A service provider may also create multiple
service availability zones both within and across geographically dispersed
data centers.
A service availability zone is a location with its own set of resources. Each
zone is isolated from the other zone so that a failure in one zone does not
impact the other. If a service is distributed among several zones,
consumers of that service can fail over to other zones in the event of a
zone failure.
Consumers can unilaterally and automatically scale IT resources to meet

the workload demand.
Applications and data reside centrally and can be accessed from

anywhere over a network from any device such as desktop, mobile, and
thin client.
Infrastructure management tasks are reduced to managing only those

resources that are required to access the cloud services. The cloud
infrastructure is managed by the cloud provider and tasks such as
software updates and renewals are handled by the provider.
Enables collaboration between disparate groups of people by allowing

them to share the resources and information and access them
simultaneously from wide locations.
A cloud can also be leveraged to ensure business continuity. It is possible

for IT services to be rendered unavailable due to causes such as natural
disasters, human error, technical failures, and planned maintenance.

Appendix
Drivers for Cloud-based Data Protection

Organizations need to regularly protect the data to avoid losses, stay
compliant, and preserve data integrity. Data explosion poses challenges
such as strains on the backup window, IT budget, and IT management.
Enterprises must also comply with regulatory and litigation requirements.
These challenges can be addressed with the emergence of cloud-based
data protection.
• Simplified Management: The growth of data protection environment

in an organization will lead to management of wide range of software
and hardware resources. The tasks involve configuration, applying the
latest patches and updates, and carrying out upgrades and
replacements. Furthermore, workloads and manpower requirements
increase with the size of the IT infrastructure. When an organization
uses cloud-based data protection services, their infrastructure
management tasks are reduced to managing only those resources that
are required to access the cloud services.
• On-demand self-service provisioning: In a traditional data protection
environment, provisioning IT resources takes more time because of
rigid procedures and approvals. In a cloud-based data protection IT
resources can be provisioned on-demand through service catalog. This
considerably reduces time for provisioning resources for data
protection.
• Reduced CAPEX: Organizations in their data protection environment
may have the need for additional IT resources at times when
workloads are greater. However, they would not want to incur the
capital expense of purchasing the additional IT resources for
supporting data protection environment. The cloud-based data
protection enables the organization to hire the IT resources based on
pay per use or subscription pricing. This reduces the organization’s IT
capital expenditure.
• Flexible Scalability: Consumers in the data protection environment
may have the need to increase the IT resources to meet the workload
demand for a short period of time. However, the consumer is not ready
to invest for new IT resources. The cloud-based data protection

Appendix
provides the capability to scale-in or scale-out the resources as per the

requirement.
• Recover data to any location/devices: Organizations need to plan
for risks of disaster. To overcome these risks, data needs to be
replicated to the remote locations. The cloud- based data protection
enables the organization to recover the data from any place to any
device.
Backup as a Service
• Enables organizations to procure backup services on-demand in the
cloud. Organizations can build their own cloud infrastructure and
provide backup services on demand to their employees/users. Some
organizations prefer hybrid cloud option for their backup strategy,
keeping a local backup copy in their private cloud and using public
cloud for keeping their remote copy for DR purpose. For providing
backup as a service, the organizations and service providers should
have necessary backup technologies in place in order to meet the
required service levels.
• Enables individual consumers or organizations to reduce their backup
management overhead. It also enables the individual consumer/user to
perform backup and recovery anytime, from anywhere, using a
network connection. Consumers do not need to invest in capital
equipment to implement and manage their backup infrastructure.
These infrastructure resources are rented without obtaining ownership
of the resources.
• Backups can be scheduled and infrastructure resources can be
allocated with a metering service. This will help to monitor and report
resource consumption. Many organizations’ remote and branch offices
have limited or no backup in place. Mobile workers represent a
particular risk because of the increased possibility of lost or stolen
devices.
• Ensures regular and automated backup of data. Cloud computing
gives consumers the flexibility to select a backup technology, based on
their requirement, and quickly move to a different technology when
their backup requirement changes.

Appendix
Remote Backup Service

Consumers do not perform any backup at their local site. Instead, their
data is transferred over a network to a backup infrastructure, managed by
the cloud service provider.
To perform backup to the cloud, typically the cloud backup agent software
is installed on the servers that need to be backed up. After installation, this
software establishes a connection between the server and the cloud
where the data will be stored.
The backup data transferred between the server and the cloud is typically
encrypted to make the data unreadable to an unauthorized person or
system.
Deduplication can also be implemented to reduce the amount of data to

be sent over the network (bandwidth reduction) and reduce the cost of
backup storage.
Cloud to Cloud Backup

It is important for organizations to protect their data, regardless of where it
resides. When an organization uses SaaS-based applications, their data is
stored on the cloud service provider’s location. Typically, the service
provider protects the data. But some of the service providers may not
provide the required data protection. This imposes challenges to the
organizations in recovering the data in the event of data loss. For
example, the organization might want to recover a purged email from
several months or years ago to be used as legal evidence. The service
provider might be unable to help the organization to recover the data.
Replication to Cloud
Cloud-based replication helps organizations to mitigate the risk associated
with outages at the consumer production data center. Organization of all
levels are looking for the cloud to be a part of the business continuity.
Replicating application data and VM to the cloud enable organization to

Appendix
restart the application from the cloud and also allow to restore the data
from any location.
Data and the VM replicated to the cloud is hardware independent; this

further reduces the recovery time.
Replication to the cloud can be performed using compute-based, network-

based, and storage-based replication techniques. Typically, when
replication occurs, the data is encrypted and compressed at the
production environment to improve the security of data and reduce the
network bandwidth requirements.

Facing an increased reliance on IT and the ever-present threat of natural
or man-made disasters, organizations need to rely on business continuity
processes to mitigate the impact of service disruptions.
Disaster Recovery as a Service (DRaaS) has emerged as a solution to

strengthen the portfolio of a cloud service provider, while offering a viable
DR solution to consumer organizations. The cloud service provider
assumes the responsibility for providing resources to enable organizations
to continue running their IT services in the event of a disaster.
Having a DR site in the cloud reduces the need for data center space and
IT infrastructure, which leads to significant cost reduction, and eliminates
the need for upfront capital expenditure. Resources at the service provider
can be dedicated to the consumer or they can be shared. The service
provider should design, implement, and document a DRaaS solution
specific to the customer’s infrastructure.
They must conduct an initial recovery test with the consumer to validate
complete understanding of the requirements and documentation of the
correct, expected recovery procedures.
Replication of data occurs from the consumer production environment to

the service provider’s location over the network, as shown in the image.
Typically, when replication occurs, the data is encrypted and compressed
at the production environment to improve the security of data and reduce
the network bandwidth requirements.

Appendix
Typically, during normal operating conditions, a DRaaS implementation

may only need a small share of resources to synchronize the application
data and VM configurations from the consumer’s site to the cloud. The full
set of resources required to run the application in the cloud is consumed
only if a disaster occurs.

In the event of a business disruption or disaster, the business operations
will failover to the provider’s infrastructure as shown in the image.
For applications or groups of applications that require restart in a specific

order, a sequence is worked out during the initial cloud setup for the
consumer and recorded in the disaster recovery plan.
Typically, VMs are allocated from a pool of compute resources located in

the provider’s location. Returning business operations back to the
consumer’s production environment is referred to as failback. This
requires replicating the updated data from the cloud repository back to the
in-house production system before resuming the normal business
operations at consumer’s location.
After starting the business operations at the consumer’s infrastructure,

replication to the cloud is re-established. To offer DRaaS, the service
provider should have all the necessary resources and technologies to
meet the required service level.
Cloud-based Storage Tiering

Establishes a hierarchy of different storage types (tiers) including cloud
storage as one of the tiers.
Enables storing the right data to the right tier, based on service level
requirements, at a minimal cost. Each tier has different levels of
protection, performance, and cost.
For example, high performance solid-state drives (SSDs) can be

configured as tier 1 storage to keep the frequently accessed data, lower

Appendix
cost HDDs as tier 2 storage to keep the less frequently accessed data,
and cloud as tier 3 storage to keep the rarely used data.
Improves application performance. The movement of data happens based

on defined tiering policies. The process of moving the data from one type
of tier to another is typically automated. Cloud-based storage tiering
provides flexible storage positioning and the ability to increase or
decrease the capacity on demand.
Cloud Gateway Appliance

A physical or virtual appliance that resides in the data center and presents
file and block-based storage interfaces to the applications.
• Service providers offer cloud-based object storage with interfaces such

as Representational State Transfer(REST) or Simple Object Access
Protocol(SOAP), but most of the business applications expect storage
resources with block-based interface, or file-based interfaces such as
NFS or CIFS.
Provides a translation layer between these standard interfaces and

service provider's REST API. It performs protocol conversion so that data
can be sent directly to the cloud storage. To provide security for the data
sent to the cloud, most gateways automatically encrypt the data before it
is sent. To speed up the data transmission times (as well as to minimize
cloud storage costs), most gateways support data deduplication and
compression.
Provides a local cache to reduce the latency associated with having the
storage capacity far away from the data center.
Why Big data Analytics

The table shown on the page outlines four categories of common business
problems that organizations contend with where they have an opportunity
to leverage advanced analytics to create competitive advantage.

Appendix
• In addition to doing standard reporting on these areas, organizations

can apply advanced analytical techniques to optimize processes and
derive more value from these common tasks.
• Many compliance and regulatory laws have been in existence for
decades, but additional requirements are added every year, which
represent additional complexities and data requirements for
organizations. Laws related to anti-money laundering and fraud
prevention require advanced analytical techniques to comply with and
manage properly.
Big Data Analytics

Primary goal of Big Data Analytics is to help organizations to improve
business decisions by enabling data scientists and other users to analyze
huge volumes of transaction data as well as other data sources that may
be left untapped by conventional business intelligence programs.
The technology layers in a Big Data analytics solution consist of storage,

MapReduce technologies, and query technologies. These components—
collectively called the “SMAQ stack”—are described below:
• Characterized by a distributed architecture with primarily non-

structured content in non-relational form. A storage system in the
SMAQ stack is based on either a proprietary or open-source
distributed file system, a common file system is Hadoop Distributed
File System (HDFS).
• The intermediate layer consists of MapReduce technologies that
enable the distribution of computation across multiple servers for
parallel processing. It also supports a batch-oriented processing model
of data retrieval and computation as opposed to the record-set
orientation of most SQL-based databases.
• The top of the stack is the Query layer that typically implements a
NoSQL database for storing, retrieving, and processing data. It also
provides a user-friendly platform for analytics and reporting.
• SMAQ solutions may be implemented as a combination of multi-
component systems or offered as a product with a self-contained
system comprising storage, MapReduce, and query – all in one.

Appendix
Big Data Protection Challenges

• More data in the data center from various data sources require tougher
choices to be made regarding what to protect and when.
• Over-running the backup windows affect the performance and
availability of systems, reducing user’s productivity. Recovery
processes are time-consuming and unreliable, often failing to meet the
organization’s recovery time objective (RTO) and recovery point
objective (RPO).
• Data protection software should seamlessly integrate with data
repository (data lake). Protecting a big data environment requires new
strategies about how to use the existing tools and adopting the new
technologies that help in protecting the data more efficiently.
Data Lake - Repository for Big Data

• A data lake is the evolution of an Enterprise Data Warehouse (EDW)
into an active repository for structured, semi-structured, and
unstructured data.
• The data lake is formed by the combination of Hadoop and NoSQL.
• Does not require an upfront schema which means it is much more
flexible and makes it easy to add new data sources and store them in
their native format.
• Allows customers to easily add and leverage many other data sources
in order to make more holistic business decisions on their data.
• Is less structured compared to a data warehouse.
• Data is classified, organized, or analyzed only when it is accessed.
• Presents an unrefined view of data
• By eliminating a number of parallel linear data flows, enterprises can
consolidated vast amounts of their data into a single store (as shown in
the image)

Appendix
Data Mirroring and Parity Protection

• Typically, the data lake is created by using scale-out NAS or object-
based storage.
• In a mirror data protection, when a file is written to the cluster, multiple
copies of the file is stored on the cluster in different locations that
enhance fault tolerance.
− For example, if the cluster is setup for 3X mirroring, the original file
will be stored along with two copies of the file in various locations
within the cluster. Data mirroring requires significant amount of
additional capacity.
• Parity-based protection (Erasure coding) is a method to protect striped
data from disk drive failure or node failure without the cost of mirroring.
This technique breaks the data written to the storage system into
fragments, encoded with parity data and stored across a set of
different locations such as drives and nodes. This protection technique
is represented as N+M data protection model, N represents the
number of nodes and M represents the number of simultaneous
failures of nodes or drives or a combination of nodes and drives – that
the cluster can withstand without incurring data loss.
Mobile Device Overview

• Organizations are increasingly providing their workforce with
ubiquitous access to information and business applications over mobile
devices.
• Organizations are also increasingly exploring the option of Bring Your
Own Device (BYOD), whereby employees are allowed to use non-
company devices, such as laptops and tablets as business machines.
• BYOD enables employees to have access to applications and
information from their personal devices while on the move. This
enables the employees to stay informed and carry out business
operations, irrespective of their location.

Appendix
Key Challenges in Protecting Mobile Device Data

• Potential loss of corporate data if the device is lost or stolen.
• Device should be online.
• Backing up or replicating data from mobile devices to corporate data
center or to the cloud can be challenging due to intermittent (and
sometimes poor) connectivity.
• Devices are not always connected to a corporate network. So, the data
is copied over the Internet, which may rise to security threat.
• Protecting data from mobile devices to the corporate data center or to
the cloud requires huge bandwidth to transfer data.
• Smartphone and tablet operating systems have security features built-
in that limit the access to the data stored on the device.
• Some of the mobile devices, particularly tablet and smartphone, may
not allow traditional backup applications to access data.
Mobile Device Backup

• Mobile Device Management (MDM) solution is used by an IT
department to monitor, manage, protect (backup), and secure (remote
password locks, full data wipes) employees' mobile devices that are
deployed across multiple mobile service providers and across multiple
mobile operating systems being used in the organization.
• The Gartner research firm defines mobile device management as "a
range of products and services that enables organizations to deploy
and support corporate applications to mobile devices, such as
smartphones and tablets, possibly for personal use — enforcing
policies and maintaining the desired level of IT control across multiple
platforms”.
• MDM software also reduces the overhead on IT administration
associated with deploying and updating applications on mobile
devices.

Appendix
File Sync-and-Share Application

• The storage capacity is limited on mobile devices; many users store
data remotely rather than on the device itself. Storing data remotely is
the best way to share user’s data across all devices such as desktops,
laptops, tablets, and smartphones.
• As shown in the image, the key components of file sync-and-share
environment include file sync-and-share client (agent) that runs on
mobile devices, enterprise file sync-and-share application that runs on
a server, and storage that stores data (file/object).
• Any data a user creates or modifies on the mobile device is
automatically synchronized with the server. This software typically
synchronizes a dedicated folder(s) on mobile devices with folders
created in the server. This creates a secondary copy of a file in another
location.
• The files are backed up from the remote storage instead of the mobile
devices. File sync-and-share also improves employee productivity by
allowing the users to access data from any device, anywhere, at any
time.
Cloud-based Mobile Device Data Protection

• Copies the data over the Internet to a shared storage infrastructure in a
cloud, maintained by a service provider. Cloud-based backup is one of
the key data protection mechanisms for protecting mobile device data.
• Typically use a backup client application (agent) that is installed on the
device to access and back up data to the cloud. These agents typically
scan the mobile devices for newly created or modified blocks and then
backs up only these changed blocks to the cloud storage. This
considerably saves network bandwidth.
• Some of the mobile applications have built-in feature that automatically
backs up the mobile application data to the cloud. Even file sync-and-
share applications synchronize data between the mobile device and
the cloud storage.
• In a mobile cloud computing environment, if an application runs in a
cloud, the application data is usually stored in the cloud. This data is

Appendix
backed up by the service provider based on the SLAs. If the data on

the mobile device is lost, the data can be recovered from the cloud.
Most of the cloud backup solutions available today offer a self-service
portal that allows users to recover data without manual intervention.
Steps of Risk Management

• Step 1: Risk identification points to the various sources of threats
that give rise to risk.
− After identifying risks in a data protection environment, these risks
and their sources need to be classified into meaningful severity
levels.
o For example, organization performs remote replication over an
unsecured network. The risk identification step points to the
sources of threat that give rise to risk in this replication
environment.
• Step 2: Risk assessment determines the extent of potential threat
and the risk associated with data protection resources.
− The output of this process helps organizations to identify
appropriate controls for reducing or eliminating risk during the risk
mitigation process.
− All the assets at risk (data, data source, protection application and
storage, and management applications) must be carefully
evaluated to assess their criticality to the business.
− After the risks are assessed, the critical assets should be
associated with potential risks.
o For example, a company’s Intellectual Property records can be
identified as critical assets, and the disclosure of these records
can be a risk of high severity level.
• Step 3: Risk mitigation involves planning and deploying various
security controls (such as those discussed in Security Controls in Data
Protection Environment lessons) that can either mitigate the risks or
minimize the impact of the risks.
• Step 4: Monitoring involves continuous observation of existing risks
and security controls to ensure the risks are mitigated.

Appendix
− Monitoring can be performed using inputs from deployed security

controls in a data protection environment such as Identity and
access management, firewalls, IDPS, and malware protection
software.
o Controls typically have alerts configured to indicate any
observed malicious activity or security breach.
o Observes new risks that may arise. If a new risk is identified
then the entire process will be repeated.
Compliance
• Internal policy compliance controls the nature of IT operations within
an organization. This requires clear assessment of the potential
difficulties in maintaining the compliance and processes to ensure that
this is effectively achieved.
• External policy compliance includes legal requirements, legislation,
and industry regulations. These external compliance policies control
the nature of IT operations related to the flow of data out of an
organization.
− They may differ, based upon the type of information (for example,
source code versus employee records), and business (for example,
medical services versus financial services).
• Compliance management ensures that an organization adheres to
relevant policies and legal requirements. Policies and regulations can
be based on configuration best practices and security rules.
− These include administrator roles and responsibilities, physical
infrastructure maintenance timelines, information backup
schedules, and change control processes.
• Ensuring CIA and GRC are the primary objectives of any IT security
implementation.
− These are supported using authentication, authorization, and

auditing processes.

Appendix
Threats to Data Source

• Data centers deploy hypervisor to provide multi-tenant143 environment
enabling the sharing of resources.
• Failure of these mechanisms may expose user’s data to other users,
raising security risks.
− Compromising a hypervisor is a serious event because it exposes
the entire environment to potential attacks.
• Hyperjacking is an example of this type of attack in which the attacker
installs a rogue hypervisor that takes control of the compute system.
− The attacker now can use this hypervisor to run unauthorized
virtual machines in the environment.
− Detecting this attack is difficult and involves examining components
such as program memory and processor core which registers
anomalies.
• Many organizations allow their employees to access some of the
applications through mobile devices.
− This enables employees to access the application and data from
any location. Mobile device theft may increase the risk of exposure
of data to an attacker.
• Some of the control mechanisms that may reduce the risk of these
threats includes
− Strong authentication and authorization

− Installing security updates of operating systems and hypervisors
− Mobile device management, and encryption
143 Multi-tenancy is achieved by using mechanisms that provide separation

of computing resources such as memory and storage for each user.

Appendix
Control Mechanisms for Protection Storage

• Some of the control mechanisms that can reduce the risks due to
these threats include:
− Always encrypt the data on the protection storage.

− Shred the data that is no longer required.
− Use strong physical security controls such as CCTV cameras, 24X7
on premise security guard, alarms, and badge IDs.
Threats to Management Applications

• The management component of the data protection architecture
interacts with other components to exchange data, command, and
status. These interactions occur with the help of Application
programming interfaces (APIs). APIs are used extensively in today’s
data centers to:
− Perform activities such as resource provisioning, configuration,
monitoring, management, and orchestration.
− Secure the data protection environment and the APIs.
• An attacker may exploit vulnerability in an API to breach an
organization’s infrastructure perimeter and carry out an attack.
• To provide protection against both accidental and malicious attempts,
an API must be designed and developed by following security best
practices such as:
− Requiring authentication and authorization

− Avoiding buffer overflows
− Accessing to the APIs must be restricted to authorized users
Introduction to Security Controls

• Security controls can be technical or non-technical.

Appendix
− Technical controls are usually implemented at compute144,

network145, and storage146 level.
− Non-technical controls are implemented through administrative and
physical controls.
• Data protection environment also requires identity and access
management, role-based access control, and physical security
arrangements.
• Security controls are categorized as preventive, detective, and
corrective.
• Preventive: Avoid problems before they occur.

• Detective: Detect the problem that has occurred.
• Corrective: Correct the problem that has occurred.
Identity and Access Management Example

• A user tries to gain access to the IT resources. While doing so:
o The IAM controls prompt for the user’s credentials. Depending on

the type of IAM control deployed in this environment the user
provides the necessary credentials.
o Credentials are then verified against a system that can authenticate
and authorize the user.
144 At the compute system level, security mechanisms are deployed to

secure hypervisors and hypervisor management systems, virtual
machines, guest operating systems, and applications.
145 Security controls at the network level commonly include firewalls,
demilitarized zones, intrusion detection systems, virtual private networks,

zoning and iSNS discovery domains, VLAN and VSAN.
146 At the storage level, security mechanisms include LUN masking, data
shredding, and data encryption.

Appendix
o Upon successfully verifying the credentials, the authorized user is

granted access to the IT resources.
Firewall-Demilitarized Zone
• A demilitarized zone is a control to secure internal assets while
allowing Internet-based access to selected resources.
• In a demilitarized zone environment, servers that need Internet access
are placed between two sets of firewall.
• Servers in the demilitarized zone may or may not be allowed to
communicate with internal resources.
• Application-specific ports such as those designated for HTTP or FTP
traffic are allowed through the firewall to the demilitarized zone
servers.
• No Internet-based traffic is allowed to go through the second set of
firewall and gain access to the internal network.
Virtual Private Network

• A virtual private network:
− Extends an organization’s private network across a public network
such as Internet.
− Establishes a point-to-point connection between two networks over
which encrypted data is transferred.
− Enables organizations to apply the same security and management
policies to the data transferred over the VPN connection as applied
to the data transferred over the organization’s internal network.
o User is authenticated before the security and management
policies are applied.
• Remote access VPN connection method can be used by
administrators to establish a secure connection to the data center and
carry out multiple management operations.
• A typical usage scenario for site-to-site VPN connection method will be
while deploying a remote replication or connecting to the cloud.

Appendix
VLAN Example
• Consider the example with three VLANs: VLAN 10, VLAN 20, and
VLAN 30.
− VLAN 10 includes Compute System A, Compute System B, and

Storage System A.
− VLAN 20 includes Compute System C, Compute System D, and
Storage System B.
− VLAN 30 includes Compute System E, Compute System F, and
Storage System C.
− VLAN 10 allows only Compute System A, Compute System B, and
Storage System A to communicate with each other.
o Any traffic from other VLANs to VLAN 10 must pass through the
IP router.
o This isolation provides enhanced security even though the traffic
of multiple VLANs traverse over the same physical switch.
VSAN Example
• Consider the example with two VSANs: VSAN 10 and VSAN 20.
− VSAN 10 includes Compute System A and Storage System A.

− VSAN 20 includes Compute System B and Storage System B.
− VSAN 10 allows only Compute System A and Storage System A to
communicate with each other.
o Any traffic from VSAN 20 to VSAN 10 will be blocked.
o This isolation provides enhanced security even though the traffic
of multiple VSANs traverse over the same physical switch.
Types of Zoning
• WWN zoning: It uses World Wide Names to define zones. The zone
members are the unique WWN addresses of the FC HBA and its
targets (storage systems).

Appendix
− A major advantage of WWN zoning is its flexibility. If an

administrator moves a node to another SAN switch port, the node
will maintain connectivity to its zone partners without modifying the
zone configuration. This is possible because WWN is static to the
node port.
− WWN zoning could run the risk of WWN spoofing, enabling a host
to gain access to resources from another host. Switches protect
this by reviewing WWN and FCID of the host match.
• Port zoning: It uses the switch port ID to define zones. In port zoning,
access to the node is determined by the physical switch port to which a
node is connected.
− The zone members are the port identifiers (switch domain ID and
port number) to which FC HBA and its targets (storage systems)
are connected.
− If a node is moved to another switch port in the SAN, port zoning
must be modified to allow the node in its new port to participate in
its original zone.
− If an FC HBA or a storage system port fails, an administrator just
needs to replace the failed device without changing the zoning
configuration.
• Mixed zoning: It combines the qualities of both WWN zoning and port
zoning. Using mixed zoning enables a specific node port to be tied to
the WWN of another node.
Securing IT infrastructure components

• Hypervisors may be compromised by hyperjacking or other forms of
attack.
− Management server may be compromised by exploiting
vulnerabilities in the management software or by an insecure
configuration.
o For example, an administrator may have configured a non-
secured or non-encrypted remote access mechanism.
− Malicious attacker may take control of the management server by
exploiting a security loophole of the system.

Appendix
o This enables the attacker to perform unauthorized activities

such as controlling all the existing VMs, creating new VMs,
deleting VMs, and modifying VM resources.
• Hypervisor updates should be installed when they are released by the
hypervisor vendor.
− Hypervisor hardening should be performed using specifications
provided by organizations such as the Center for Internet Security
(CIS) and Defense Information Systems Agency (DISA).
− Access to the management server should be restricted to
authorized administrators. Access to core levels of functionality
should be restricted to selected administrators.
− Network traffic should be encrypted when management is
performed remotely. A separate firewall with strong filtering rules
installed between the management system and the rest of the
network can enhance security.
• Virtual machines store troubleshooting information in a log file that is
stored on the storage presented to a hypervisor.
− An attacker may cause a virtual machine to abuse the logging

function, causing the size of the log file to grow rapidly.
o Log file can consume all the capacity of the storage presented
to the hypervisor, effectively causing a denial of service. This
can be prevented by configuring the hypervisor to rotate or
delete log files when they reach a certain size.
− Administrator can configure settings to:
o Maximum size of the log file. When this size is reached, the
hypervisor makes an archive copy of the log file and starts
storing information in a new log file.
o Maintain a specific number of old log files. When the configured
limit is reached, the hypervisor automatically deletes the oldest
file.
Learn more about VM hardening, OS hardening and Application
hardening.

Appendix
Malware Protection Software

• Malware protection software uses various techniques to detect
malware.
− One of the most common techniques used is signature-based
detection.
o In this technique, the malware protection software scans the
files to identify a malware signature.
o A signature is a specific bit pattern in a file.
o Signatures are cataloged by malware protection software
vendors and are made available to users as updates.
o Must be configured to regularly update these signatures to
provide protection against new malware programs.
− Another technique, called heuristics, can be used to detect malware
by examining suspicious characteristics of files.
o For example, malware protection software may scan a file to
determine the presence of rare instructions or code.
• Also identify malware by examining the behavior of programs.
− For example, malware protection software may observe program
execution to identify inappropriate behavior such as keystroke
capture.
• Also be used to protect operating system against attacks.
− A common type of attack that is carried out on operating systems is

by modifying its sensitive areas, such as registry keys or
configuration files, with the intention of causing the application to
function incorrectly or fail.
o Can be prevented by disallowing the unauthorized modification
of sensitive areas by adjusting operating system configuration
settings or via malware protection software.
o When a modification is attempted, the operating system or the
malware protection software challenges the administrator for
authorization.

Appendix
Mobile Device Management

• To enroll the device, an MDM client is installed on the mobile device.
− The client component is used to connect to the server component
to receive administration and management commands.
− To connect to the server component, the user is required to provide
MDM authentication server details and user credentials.
− Typically, the authentication server is placed in a DMZ. These
credentials are authenticated by the MDM authentication server.
o Devices that are successfully authenticated are redirected to the
MDM server.
o Now the authenticated mobile devices are enrolled and can be
managed. Further, these mobile devices can be granted access
to the applications and other resources.
• MDM solution enables organizations to enforce organization’s security
policies on the user’s mobile devices.
− The solution also provides the organizations the administrative and

management control to the user’s mobile device.
− With this control the organization will have the ability to remotely
wipe the data on the enrolled devices or brick the device when a
threat is detected.
Data Encryption
• Data should be encrypted as close to its origin as possible. Data
encryption:
− Can be used for encrypting data at the point of entry into the
storage network.
− Can be implemented on the fabric to encrypt data between the
compute system and the storage media. These controls can protect
both the data at-rest on the destination device and the data in-
transit.

Appendix
− Can be deployed at the storage-level, which can encrypt data-at-

rest.
• Another way to encrypt network traffic is by using cryptographic
protocols such as Transport Layer Security (TLS) which is a successor
to Secure Socket Layer (SSL).
− These are application layer protocols and provide an encrypted

connection for client-server communication.
− These protocols are designed to prevent eavesdropping and
tampering of data on the connection over which it is being
transmitted.
Types of Attacks
Denial of Service
Denial of service attacks attempt to bring systems to a

halt. These attacks overwhelm the resources of the
system with excessive requests that consume all the
resources. Distributed Denial of Service launches the
attack from many other host machines.
The purpose of denial of service attacks is to bring

down a system to initiate another attack or affect the system by a business
competitor.
Types of Attacks
Digital Currency Mining
Digital currency relies on block chain, which requires

distributed computing power to mine and process
operations. The systems involved in mining receive a
commission for facilitating the transaction. While digital
mining is a legitimate operation, hackers can use
compute resources of many victims to mine for
cryptocurrencies without their authorization.

Appendix
Types of Attacks
Spam
Unsolicited bulk messages sent through email, instant

messaging, or other digital communication assets are
known as spam. While spam might be a common practice
for marketing, it can be used to trick victims into providing
sensitive information that can be used later to perpetrate a
crime.
Types of Attacks
Adware
EEI
Adware is part greyware, potentially unwanted
programs that are not a virus or malicious software, but
have problematic code or hidden intensions. Adware
collects information about a user with the purpose of
advertisement.
These programs on a computer are usually referred to

as adware, while programs on a mobile device are referred to as
madware. Adware has the potential of slowing down a system and can
work with spyware.
Types of Attacks
Malicious Web Scripts
Malicious web scripts can be in existing legitimate

websites or in websites that are redirected from
legitimate websites. Malicious web scripts are scripts
that when run can detect and exploit the vulnerabilities
of a system of visitors to the website.
Whether they are a redirect or embedded in the

legitimate website, customers feel safe because they
are visiting a known source.

Appendix
Types of Attacks
Business Email Compromise
Business email compromise is a phishing attempt that

relies on deception. There are several forms of this
scam, but the common trait is that scammers target
employees. If their interests are financial, attackers trick
employees into transferring to bank accounts.
Employees believe that these bank accounts belong to
their trusted partners.
Attackers can be interested in proprietary information or trade secrets.

After gaining their victim's trust, they can obtain company private
information that should not be public.
These attacks can be perpetrated through email spoofing, social

engineering, identity theft, and malware among others.
Types of Attacks
Banking Trojan
A banking trojan tricks users into downloading a

“harmless” file that becomes malware that identifies a
user’s banking information. This attack is very profitable
because it gains access to bank accounts and can
transfer funds from it. This malware can target
businesses or individuals and is also perpetrated through
social engineering, phishing and spam emails, exploit
kits, and so on.
Types of Attacks
Ransomware

Appendix
Ransomware is also a form of malware, different from

adware; it is malicious software that encrypts the entire
hard drive of the computer, locking a user out of the
system. Alternatively, it can be crypto ransomware,
which encrypts specific files, most commonly
documents and images in the systems.
When a system is infected with ransomware malware, it asks the user to

pay a fee to unlock and reclaim the data, or else the data is lost or made
public.
Ransomware is normally distributed through phishing emails or exploit

kits. It is more common than the different categories of cybercrime
because it provides significantly less effort for a greater gain.
In this example, a backup environment includes three physical compute

systems (H1, H2, and H3) that host backup clients (VMs). Two SAN
switches (SW1 and SW2) connect the compute systems to a storage node
and the storage node to the backup storage system. Multipathing software
is installed on hypervisor running on all the three compute systems. If one
of the switches, SW1, fails, the multipathing software will initiate a path
failover, and all the backup clients will continue to send backup data
through the other switch, SW2. However, due to the absence of a
redundant switch, a second switch failure could result in failure of the
backup operation. Monitoring for availability enables detecting the switch
failure and helps administrator to take corrective action before another
failure occurs.
This example illustrates the importance of monitoring the capacity of a

storage pool in a NAS system. Monitoring tools can be configured to issue
a notification when thresholds are reached on the storage pool capacity.
For example, notifications are issued when the pool capacity reaches 66
percent and 80 percent so that the administrator can take the right action.
Proactively monitoring the storage pool can prevent service outages
caused due to lack of space in the storage pool.
This example shows a backup environment that includes three physical

compute systems—H1, H2, and H3—that host backup clients (VMs). Two
SAN switches (SW1 and SW2) connect the compute systems to a storage
node and the storage node to the backup storage system. A new compute

Appendix
system running backup clients with a high workload must be deployed.

The backup data from the new compute system must be ingested through
the same backup storage system port as H1, H2, and H3. Monitoring
backup storage system port utilization ensures that the new compute
system does not adversely affect the performance of the backup clients
running on other compute systems.
Here, utilization of the shared backup storage system port is shown by the
solid and dotted lines in the graph. If the port utilization prior to deploying
the new compute system is close to 100 percent, then deploying the new
compute system is not recommended because it might impact the
performance of the backup clients running on other compute systems.
However, if the utilization of the port prior to deploying the new compute
system is closer to the dotted line, then there is room to add a new
compute system.
IT organizations typically comply with various data security policies that

may be specific to government regulations, organizational rules, or
deployed services. Monitoring detects all protection operations and data
migration that deviate from predefined security policies. Monitoring also
detects unavailability of data and services to authorized users due to a
security breach. Further, physical security of a data center can also be
continuously monitored using badge readers, biometric scans, or video
cameras. This topic illustrates the importance of monitoring security in a
storage system.
In this example, the storage system is shared between two workgroups,

WG1 and WG2. The data of WG1 should not be accessible by WG2 and
vice versa. A user from WG1 might try to make a local replica of the data
that belongs to WG2. If this action is not monitored or recorded, it is
difficult to track such a violation of security protocols. Conversely, if this
action is monitored, a notification can be sent to prompt a corrective action
or at least enable discovery as part of regular auditing operations.
Examples of CI attribute are the CI’s name, manufacturer name, serial

number, license status, version, description of modification, location, and
inventory status (for example, on order, available, allocated, or retired).
The inter-relationships among CIs in a data protection environment
commonly include service-to-user, virtual storage pool-to-service, virtual

Appendix
storage system-to-virtual storage pool, physical storage system-to-virtual

storage system, and data center-to geographic location.
All information about CIs is usually collected and stored by the discovery
tools in a single database or in multiple autonomous databases mapped
into a federated database called a configuration management system
(CMS). Discovery tools also update the CMS when new CIs are deployed
or when attributes of CIs change. CMS provides a consolidated view of CI
attributes and relationships, which is used by other management
processes for their operations. For example, CMS helps the security
management process to examine the deployment of a security patch on
VMs, the problem management to resolve a remote replication issue, or
the capacity management to identify the CIs affected on expansion of a
virtual storage pool.
Change management typically uses an orchestrated approval process that

helps making decision on changes in an agile manner. Through an
orchestration workflow, the change management receives and processes
the requests for changes. Changes that are at low risk, routine, and
compliant to predefined change policies go through the change
management process only once to determine that they can be exempted
from change management review thereafter. After that, these requests are
typically treated as service requests and approved automatically. All other
changes are presented for review to the change management team. The
change management team assesses the potential risks of the changes,
prioritizes, and makes a decision on the requested changes.
Capacity management ensures adequate availability of IT resources to

provide data protection services and meet the SLA requirements. It
determines the optimal amount of resources required to meet the needs of
protection operations and services regardless of dynamic resource
consumption and seasonal spikes in resource demand. It also maximizes
the utilization of available capacity and minimizes spare and stranded
capacity without compromising the service levels. Capacity management
team uses several methods to maximize the utilization of capacity such as
data deduplication, compression, and storage tiering.
Capacity management tools are usually capable of gathering historical

information on the usage of backup/archiving servers and protection
storage over a period of time. In addition, they establish trends on capacity

Appendix
consumption and perform predictive analysis of future demand. This

analysis serves as input to the capacity planning activities and enables the
procurement and provisioning of additional capacity in the most cost
effective and least disruptive manner.
Availability management is responsible for establishing a proper guideline

based on the defined availability levels of data protection operations and
services. The guideline includes the procedures and technical features
required to meet or exceed both the current and the future data availability
needs at a justifiable cost. Availability management also identifies all
availability-related issues in a data protection environment and areas
where availability must be improved. The availability management team
proactively monitors whether the availability of protection components and
services is maintained within acceptable and agreed levels.
The monitoring tools also help the administrators to identify the gap
between the required availability and the achieved availability. With this
information, the administrators can quickly identify errors or faults in the
components that may cause data unavailability in future. Based on the
data availability requirements and areas found for improvement, the
availability management team may propose and architect new data
protection and availability solutions or changes in the existing solutions.
For example, the availability management team may propose an NDMP

backup solution to support a data protection service or any critical
business function that requires high availability. The team may propose
both component-level and site-level redundancy. This is generally
accomplished by deploying two or more network adapters per backup
component, multi-pathing software, and compute clustering. The backup
components must be connected to each other using redundant switches
and/or network. The switches must have built-in redundancy and hot-
swappable components. The VMs hosting backup applications must be
protected from hardware failure/unavailability through VM live shadow
copy mechanisms. The backup storage system should also have built-in
redundancy for various components and should support local and remote
backup.
The example shown illustrates the resolution of a problem that impacts the
performance of a synchronous replication over a SAN recurrently. The
problem is detected by an integrated incident and problem management

Appendix
tool deployed in the data protection environment. The problem is

recognized by correlating multiple incidents that pertain to the same
performance-related issue. The integrated incident and problem
management tool performs root cause analysis, which reveals that
insufficient bandwidth of network links that carry replication traffic is the
root cause of the problem. The tool also logs the problem for
administrative action.
Administrators of the problem management team can view the problem

details including the root cause recorded by the integrated incident and
problem management tool. They determine the remedial steps to correct
the root cause. In this case, the administrators decide to add a new
network link to increase the bandwidth for replication traffic. For that, they
generate a request for change. Upon obtaining approval from the change
management, they ensure that the new link is created by the
implementation engineers. Thereafter, the problem management team
closes the problem.
Snapshot – RoW: Details

• RoW redirects new writes destined for the source LUN to a reserved
LUN in the storage pool.
• In RoW, a new write from production compute system is simply written
to a new location (redirected) inside the pool.
− The original data remains where it is, and is therefore read from the
original location on the source LUN and is untouched by the RoW
process.
• Some vendor’s local replication software provide the capability to
create target-less snapshots. They only relate to a source device and
cannot be otherwise accessed directly.
− Snapshots can be restored back to the source devices or linked to

another set of target devices which can be made accessible to the
compute system.

Appendix
Virtual Machine Hardening

• Virtual machine hardening is a key security control to protect virtual
machines from various attacks.
• A virtual machine is created with several default virtual components
and configurations.
− Some of the configurations and components may not be used by
the operating system and application running on it.
o These default configurations may be exploited by an attacker to
carry out an attack.
• A virtual machine hardening process should be used in which the
default configuration is changed to achieve greater security. In this
process:
− Virtual machine’s devices that are not required are removed or
disabled.
− Configuration of VM features is tuned to operate in a secure
manner such as changing default passwords, setting permissions
to VM files, and disallowing changes to the MAC address assigned
to a virtual NIC, mitigating spoofing attacks.
• Hardening is highly recommended while creating virtual machine
templates. This way, the virtual machines created from the template
start from a known security baseline.
Operating System Hardening

• Operating system hardening typically includes
− Deleting unused files and applications
− Installing current operating system updates (patches)
− Configuring system and network components following a hardening
checklist

Appendix
• These hardening checklists are typically provided by operating system

vendors or organizations such as the CIS and DISA, who also provide
security best practices.
• Vulnerability scanning and penetration testing can be performed to
identify existing vulnerabilities and determine the feasibility of an
attack.
− These controls assess the potential impact of an attack on the

business.
Application Hardening
• Application hardening is a process followed during application
development, with the goal of preventing the exploitation of
vulnerabilities that are typically introduced during the development
cycle.
• Application architects and developers must focus on various factors
such as proper application architecture, threat modeling, and secure
coding while designing and developing an application.
− Installing current application updates or patches provided by the
application developers can reduce some of the vulnerabilities
identified after the application is released.
• Application hardening process also includes process spawning control,
executable file protection, and system tampering protection.
• A common type of attack that can be imparted on applications is
tampering with executable files.
− In this type of attack, virus code is incorporated into the

application’s executable files. When the infected application runs,
the virus code is also executed. This type of attack can be
prevented by disallowing the application executable from being
modified.
− This type of attack can be prevented by disallowing the application
executable from being modified.

Appendix
− Countermeasures for this type of attack are typically implemented

in operating system configuration settings or via malware protection
software.
o When an attempt of modification is performed, the OS or the
malware protection stops the modification of the executable
files.


D0LL Technologies
DELL AVAMAR VIRTUAL EDITION

IMPLEMENTATION
PARTICIPANT GUIDE
PARTICIPANT GUIDE
Dell Avamar Virtual Edition Implementation-SSP
© Copyright 2022 Dell Inc. Page i

Table of Contents
Explore Avamar Virtual Edition ................................................................................................... 2

Avamar Virtual Edition (AVE) ............................................................................................... 3
Supported Environments for AVE ........................................................................................ 4
Avamar Virtual Edition Supported Environments .................................................................. 6
Avamar Virtual Edition Configurations and Pre-Requisites ................................................... 7
Examining AVE Configurations .............................................................................. 10

VM Disk Configuration ....................................................................................................... 11
Template Deployment for AVE ........................................................................................... 12
Simulation Activity .............................................................................................................. 13
Simulation Activity Conversation 1 ..................................................................................... 14
Simulation Activity Conversation 2 ..................................................................................... 15
AVE Deployment on KVM Infrastructure ............................................................................ 16
Deploy AVE VM in Hyper-V ............................................................................................... 22
Explore Upgrades and Post Installation Activities................................................ 26

Upgrading AVE .................................................................................................................. 27
Additional Avamar Upgrades ............................................................................................. 34
Post Installation Activities................................................................................................... 36
Analyze Expanding AVE with ave_scale Command ............................................. 38

Using ave_scale Command ............................................................................................ 39
Running the ave_scale Command .................................................................................. 41
Examples of ave_scale Command ..................................................................................... 46
You Have Completed This Content .................................................................................... 50
Glossary .................................................................................................. 51
Page ii © Copyright 2022 Dell Inc.

Examining AVE Configurations

Explore Avamar Virtual Edition

Avamar Virtual Edition (AVE)
Avamar Virtual Edition (AVE) is a simplified, single-node version of Avamar

software for simple deployment in virtual environments. AVE is integrated as a
prepackaged virtual machine, instance, or machine image depending on the
environment.
The AVE provides the following features:
• Supports multiple environments such as VMware, Hyper-V, AWS, and Azure.

• Enables simplified management by virtualizing all aspects of the backup and
recovery solution.
• Lowers the cost of ownership by sharing server and storage infrastructure.
• Reduces the cost of support and maintenance on the hardware and the need
for backup administrators at the remote sites.

Supported Environments for AVE
The following factors affect the reliability, availability, and supportability of an AVE
virtual machine:
• I/O performance capability of an AVE storage subsystem
• Amount of data added daily to the AVE virtual machine
• Capacity used within the AVE virtual machine
The file server and mixed environments determine the proper implementation of an
AVE. File server environments include only file system data and mixed
environments include file system data and structured data (for example, database
data).
Capacity File Server Data Mixed Data

Configuration
0.5 TB AVE Less than 2 GB per Less than 5 GB per day

day
1 TB AVE Less than 4 GB per Less than 10 GB per day

day
2 TB AVE Less than 8 GB per Less than 20 GB per day

day
4 TB AVE Less than 20 GB Less than 20 GB per day

per day

per day

per day

Important: The capacities that are mentioned in the above table

are post deduplication.

Avamar Virtual Edition Supported Environments
AVE is deployed in the following environments:
• VMware ESXi
• Microsoft Azure
• Hyper-V
• Kernel Virtual Machine (KVM)
• Amazon Web Services (AWS)
Go to: See the E-Lab Navigator on Dell Support for the latest
supported versions.

Avamar Virtual Edition Configurations and Pre-Requisites
The following pre-requisites must be reviewed before an AVE installation in a

VMware environment:
System Requirements
Requireme 0.5 TB 1 TB 2 TB 4 TB 8 TB 16 TB
nts AVE AVE AVE AVE AVE AVE
Processors Minimum Minimum Minimum Minimum Minimum Minimum

two 2 two 2 two 2 four 2 eight 2 sixteen 2
GHz GHz GHz GHz GHz GHz
processo processo processo processo processo processo
rs rs rs rs rs rs
Memory 6 GB 8 GB 16 GB 36 GB 48 GB 96 GB
Disk Space 935 GB 1,685 3,185 6,185 12,185 24,185

GB GB GB GB GB
Network 1 GbE connection

Connection
Virtual Disk Requirements
The AVE disk layout consists of one operating system disk and several storage
partitions1. The table below defines the number and size of the virtual disks that are
1Backup data is stored in the storage partitions. All the data is evenly distributed
across the storage partitions. The primary portion of the disk read, write, and seek
usage occurs on the storage partitions. Distribute the storage partitions across
high-performance logical units in order to improve the performance in a storage
configuration.

required for each capacity configuration. The operating system disk stores the
operating system, Avamar application, and log files.
Capacity Configuration Number of Virtual Disks
0.5 TB Three storage partitions (250

GB each)2
1 TB Six storage partitions (250 GB

each)
2 TB Three storage partitions (1000

GB each)
4 TB Six storage partitions (1000

GB each)
8 TB 12 storage partitions (1000 GB

each)
16 TB 12 storage partitions (2000 GB

each)
Software Requirements
Be sure to have the following in order to perform the installation:
2 An AVE .ova installation creates three 250 GB storage partitions along with the
operating system disk and hence requires approximately 935 GB of free disk space
during the installation. However, an AVE .ovf installation does not create storage
partitions during installation and therefore requires only enough disk space for the
operating system disk at the time of installation. Then manually create additional
storage partitions.

• AVE installation packages

• Operating System patches
• PuTTY
Network Requirements
The following information needs to be gathered before installing AVE:
• Hostnames and IP addresses for the AVE virtual machine and the DNS server
• Gateway, netmask, and domain of the AVE virtual machine
• Firewall access


VM Disk Configuration
Virtual machines use virtual disks for storage. These disks can be set to thin
provision or thick provision, which are also seen as dynamic and fixed in Hyper-V.
Avamar Virtual Edition uses thick-provisioning disks. When thick provisioning is
used, all disk space is allocated upon creation of the virtual disk.
Similarly, virtual disks can be either eager zeroed or lazy zeroed. Eager-zeroing
zeroes out all disk blocks at the time of disk creation. Lazy zeroing waits until the
first write to a disk block before that block is zeroed out.
Lazy zeroing is used during installation which can be converted to eager zeroing
later for better performance. The drawback of using eager zeroing is even though
eager zeroing provides better initial performance during the operation of the AVE,
creating these disks can take hours and can lead to timeout errors during
installation.

Template Deployment for AVE
Perform the AVE virtual machine environment using one of the two following
templates:
OVA
During an AVE OVA template deployment, three 250 GB virtual disks are created
that match the 0.5 TB configuration. These virtual disks can be reused for the 1 TB
configuration as well. For any other configurations (2 TB, 4 TB, 8 TB, and 16 TB)
deployment requires the removal of these virtual disks and create disks of the
appropriate size.
The following tasks must be performed while deploying AVE virtual machine using
an OVA template:
1. Prepare a virtual machine OVA.

2. Create additional virtual hard disks (for 2, 4, 8, and 16 TB configuration).
3. Install and configure the Avamar software.
OVF
During an AVE OVF template deployment, no virtual disks are created. Manually
create the virtual disks as per the configurations used in the environment. Users
must configure additional network configuration during the deployment itself. If
there is an AVE OVF template deployment, all supporting files should be available
in the system.
The following tasks must be performed while deploying AVE virtual machine using
an OVF template:
1. Prepare a virtual machine OVF.

2. Create additional virtual hard disks.
3. Configure network settings.
4. Install and configure the Avamar software.

Simulation Activity
Simulation Activity
The Online Course Contains an Interaction Here.
This interactive simulation shows the student how to install the AVE.OVA.
Simulation Activity Wrap Up

Simulation Activity Conversation 1
1. In the simulation we selected thin provision for the disk format because this
deployment is in a virtual lab. Why is thin provision the best choice for a lab
environment?
a. Thin provisioning is a fixed size.
b. Thin provisioning uses the entire allocated space.

Simulation Activity Conversation 2
2. In the Avamar Installation Manager, the America/New_York time zone was

selected. What time zone should an AVE be set to?
a. An AVE should be set to the time zone where it is backing up.
b. An AVE should be set to the time zone of the ESXI host.

AVE Deployment on KVM Infrastructure
The steps below show how to deploy and configure the AVE VM in a KVM
Infrastructure using the AVE .zip file and KVM tools. The Avamar Installation
Manager installs and configures the Avamar server.
Go to: For complete steps on installing Avamar, see the Dell

Avamar Virtual Edition and Upgrade Guide on the Dell Support.
Extract the Zip File and Create Disks
Using the host CLI to extract the .zip file, and create VM disks
In the following steps, the primary and storage partitions are created for the virtual
machine.
• Extract the .zip file.

− 7za x KVM_IMAGE_FILE_NAME
• Create primary disk for the operating system.

− qemu-img create -f qcow2 -o

backing_file=KVM_IMAGE_FILE_NAME PRIMARY_DISK_NAME
• Create the disks that are used for storage by typing the following commands for
each disk.
− qemu-img create -f qcow2 FIRST_DISK_NAME FIRST_DISK_SIZE
New Virtual Machine Manager
(CM noj c« »<« । ;«« g« x uw

in*/i n 4 b LL4«»M
0
- .u. ;•«-
Create a new virtual machine wizard
The following step describes importing the AVE image into the VM and choosing
the storage volume.
• Launch the KVM Virtual Machine Manager wizard to create an AVE instance.
− Select Import existing disk image and click Forward.

Choose Operating System

New VM
G? Create a new virtual machine

ProvxJe the existing storage path
/kvnVkvm.server/19 4.0 124/KVM/AVE - 19 4 0.L Browse .
Choose an operating system type and version
OS type Linux
Version: SUSE Linux Enterprise f
Cancel Bark Forward
Carxel
G Home kvm kwn.server 13 40 124 KVM
D Documents Name Sire Modified
ave-2T-lqcow2 200 7 kB 0912

Downloads
*
•Q Mine
ave-2T-2qcow2
ave-2T-lqcow2
200 7 KB 0912
2OO7KB 0912
ave-2T-4 qcow2 200 7 kB 0912
Pictures
ave-2T-5qcow2 200 7 kB 0912
Videos ave-2T-6.gcow2 200 7 KB 0913
19 40 124-Oskl qcow? 105GB Ulan
Other locations
Selecting operating system and the primary disk
In the following steps, the storage path is provided and primary disk is selected.
Select the primary disk, and then click Forward.
Add VM Resources
<
New VM
Create a new virtual machine

Lt?
Choose Memory and CPU strongs
Memory (RAM) 6144
Upto 0171SMlNWM(«ilitliMl New VM
CPUs (2 a new virtual machine
Ready to begin the installation
Name slesl2sp5-2
OS: SUSE Linux Enterprise Server 12 SP5
install Import existing OS image
Memory 6144 M6
Cancel Back Forward CPUs. 2

Storage j4*w**vtH40
Customise configuration before mst.w i
Network selection
Vrtual network default NAT
Cancel Back Ftlish
Adding VM resources
The following step describes selecting the resources for the VM.
• Select Memory and CPU requirements for the size of AVE being deployed and
then click Forward.

Add Storage Disks
Md* »»»»7
< *K ««*•)
O’-V—
*W**— 0^-*
•in tM.M
KVMJI It -Hr
10310X3«
X root root X04<SX<Y0<0 Son X3 09« 27 AVt-X>H,0.U4-m»»J.qcw3
1 root root 200704 Jan SI O»;1J ave-JT-l.qccnrJ
1 root root S00704 Jan 21 09U3
X root root 200704 Jan 21 WtU avw-JT-S.qeov; Add Mew Wrti* H»tfw
X root root 200704•n 21 09H J .re-JT-^.qcowa
X root root 200704 Jan 21 09 US Storage
1 root root 09U3 avw-ST-d.qwnrS
Morale
Comrotke.
Create a dtk image fcr the vrtud m« hew
* Nefmxk
200 QB
300 68 *»a*att»
Gfaphct
* Ow <MauH locator.
Sound • (re ata (intern câgr
Ser*
/*vwv*»m.ierver/19 4 Q 12W
Partial
Come*
Channet
Dew* type ;i DM dew •
USB Hoit Dewe SCSI
PCI Hott Device
V»o » Advanced cîom
Watchdog
Smartcard
USBRe*e«t«i
TPM
RNG
Parvr No*W»
Cancel Fm*
Adding storage disks
The storage disks are added to the AVE.
• On the virtual machine main page click on Overview.

− Click button Add Hardware.
− Add new storage disks one at a time and then click Finish.
• Change the permissions of the storage disks using the CLI.

Select Network Interface and Deploy the AVE
Network interface
In the main page of the VM user interface, networking is set up and the VM is
deployed.
• In the left navigation pane of the Basic Details window, select the NIC.
− From the Virtual Network Interface fields, configure the NIC to ensure that
you can access AVE from outside of the KVM host.
• Select Overview from the menu and then click the Begin Installation button.
Verify Network
The AVE starts the CLI automatically.

»le$12sp5-2 on QEMU/KVM x
Fte Virtual Machine View Send Key
- in: root
iO ! • ®
» This is an Avanar Uirtuai Appliance

ilesl2sp5-2 on QEMU/KVM x
Please read the documentation before performing
• any administrative functions on this node.
For help, contact ENC at https:zzsupport.cnc.com.
• To continue configuring this AVE. run AveConf ig workflow at

URL https:zz<AUE addresskzauizavigui .html
:"z«:
is an Auanar Uirtuai Appliance •
Please read the documentation before performing
any administrative functions on this node. “
For help, contact ENC at https:zzsupport.emc.com.
To continue configuring this AUE. run AveConf ig workflow at •

URL https:zz<AUE addresskzavlzavigui .html
hyperuisor only
KgEEKUM uirtio enui eminent detected
^^^^^■Detect i nq current network configuration
nc ludc. conf DSYSTEND DFOREGROURD -k start

I Z50B zusrzsbinzhttpd-prefork -D8YSC0NFIG -DSSL ~C PidFile zvarzrunzhttpd .pid -C Include zetczapacheZzsysconf ig .dz
‘.idnodu Ie .conf -C Include zetczapacheZzsysconf ig .dzzg Ioba I .conf -f zetczapacheZzhttpd .conf -c Include zetczapacheZzsysconf ig .d.
include. conf -D3YSTD1D DFOREGROUND k start
'-Z509 zusrzsbinzhttpd prefork DSYSCONFIG DSSL C PidFile zuarzrunzhttpd pid C Include zetczapacheZzsysconf ig dz
>adnodule.conf -C Include zetczapacheZzsysconf ig .dzzgloba I .conf -f zetczapacheZzhttpd .conf -c Include zetczapacheZzsysconf ig .d
include.conf -DSYSTEND DFOREGROUND k start
lan 21 01:40:37 node systemdill: Starting The Apache Webserver...
Ian Z1 01:10:37 node start_apacheZ(Z153l: AH0S557: httpd -prefork: aprsockaddr i nf oget ( ) failed for node
Ian Z1 01:10:37 node start _apacheZ(Z153 J : AH0B558: httpd prefork: Could not reliably determine the server’s fully qualified do
in name, using 127. 0.0.1. Set the 'SerucrNane * directive globally to suppress this message
lan 21 01:10:37 node systemdlll: Started The Apache Webserver,

zsbinzservice apacheZ stop
zsblnzservice apacheZ start
ien-ssl-cert: INFO: Regenerating avinstailer SSL certlfcate
jen-ssl-cert : INFO: Successfully deleted tomcat from Java keystore - generating new certificate
ien-ssl-cert: INFO: Successfully created tomcat In Java keystore
ien-ssl-cert: INFO: Restarting avinstailer service
ien-ssl-cert: INFO: avinstailer service restart complete
ien-ssl-cert: INFO: Restarting LDLS service
ien-ssl-cert: INFO: LDLS service restart complete
NETWORK CORI IQIR..TIUN hI I IhH:; TO OK CAN PIN, THE DEFAULT GATEWAY
JARRING : ntpd (S911 > still running
ARRING: ntpd (5911) still running
.'aRRING: ntpd (5911) still running
ARNING: ntpd (5911) still running
EARNING: ntpd (5911) still running
JARRING: ntpd (5911) still running
ARNING: ntpd (5911) -.till running
JARRING: ntpd (5911) still running
<x>t9nodc:~zg:
Verify Network settings
• Log in to the AVE.

• Configure the network by typing avenetconfig.
• Review the network setting and verify they are running.

Deploy AVE VM in Hyper-V
The steps below show how to deploy and configure an AVE VM on Hyper-V using
the AVE .zip file and Hyper-V tools. These steps are only for the deployment of the
VM. Use the Avamar Installation Manager to install and configure the Avamar
server.

Avamar Virtual Edition and Upgrade Guide on Dell Support.
Import Virtual Machine
The Hyper-V Manager Import Virtual Machine Wizard uses the VM to deploy the
AVE.
Hyper- V Manager O X
File Action View Help
*4 S0 Q
MI Hypet -V Manager Ac Hom
11 QA-HYPERVAVEOI Virtual Machines
QA-HYPERVAVEO4
Name Stt" CPU Usage Assigned Memory Uptime Stetui New
j JUL.HTB_yrn-ave6O.224 Ruminfl 0* 6144 MB 13.20:3045
| HARSP1_HTB_vma*e62 Import Virtual Machine...
Ruminfl 0* 6144 MB 1320.3055
Hyper-V Settings ..
Virtual Switch Manager..
Virtual SAN Manager...
Edit Disk .
a Inspect Dis*-..
Stop Service
Remove Server
Q Refresh
View
Q He*>
H ARSP 1 _HTB_vm-ave62
Checkpoints $ Connect,.
L Settings..
Turn Off.
ut Down.
Save
ii Pause
is Reset
& Checkpoint
i* Move...
-I Rename..
Enable Replication-
Help
HARSP1_HTB_vm-ave62
Created: 12/31/16004 0000 PM (krttwpd No

Vernon: 50 Heartbeat: OK (Ho Appfccaton Data)
Generation: 1 Integration
Services:
Note* Nene
Memov | Helwig | ReptwhaT
11:00 PM
7/1/2016
Import Virtual Machine Wizard
• In the Hyper-V Manager, click Import Virtual Machine under Actions.

• Browse to locate the AVE .zip file.

• Select Virtual Machine select the Virtual Machine and click Next.
• Choose Import Type, select Copy the virtual machine (create a new unique ID)
and click Next.
VM File Locations
File Action View Help

*4 Bl
32 Hyper-V Manager Action*
|| QAMYPERVAVEM
QA-HVPERVAVE04
New
^0 Import Virtual Machine...

Hyper-V Settings
ZJ Vrtual Switch Manager...

A Vvtual SAN Manager...
Edit Disk...
a nspect Disk...
•) Stop Service
Remove Server
Q Refresh
View
Help
HARSP1_HTB_vm-ave62
Connect..
C- Settings
@ Turn Off-.
® Shut Down..
O Save
|| Pause
|> Reset
2^ Checkpoint
gP Move...
Export. .
•I Rename...
J® Enable Replication-
Q Help
El 11:00 PM
* 7/3Z2O16
Folders for virtual machine files
Selecting the location for the VM files is the next step in the wizard.
• Choose Destination, accept the default settings, and click Next.

• Choose Storage Folders, accept the default settings, and click Next.
• Summary, review the selections, and if correct, click Finish.

Configure VM Resources
Settings for VM resources
In the following steps the VM resources that are selected include Memory, CPU,
and Networking.
• In the Settings window, under Hardware, choose SCSI Controller. Select

Hard Drive and click Add.
− In the Hard Drive window, select Virtual hard disk, and click Browse.
− Repeat steps for each VHD associated with the AVE virtual machine size.
Click Apply.
• In the Settings window, under Hardware, select Add Hardware and for the
type choose Network Adapter click Add.
− Select the new Network Adapter under Virtual switch, select the network
virtual switch from the drop-down menu. Click Apply.
• In the Processor window, update the number of virtual CPUs based on the size
of the AVE license, and click Apply.
• In the Memory window, update the memory size which is based on the size of
the AVE license and click Apply click OK.
• Power on the virtual machine. The system will reboot once after initial power on.

Configure Network Settings

* 10.6.196 127 • Remote Desktop Connection
EMC_Avamar_Virtual_Edition on QA-HYPERVAVE04 - Virtual Machine Connection
Fik Action File Action Media Clipboard View Help
9® ©Q II Ik b d H
H H/per-VM; At least one IP address is required (IPv4 or IPv6) and if both are provided
Action*
|1QAHYI the AUE will be configured for dual stack. QA HYPERVAVEM
IPv4 Address and Prefix: 10.6.241 ,44zZ4 New
IPod Default Gateway: 10.6.241.1
IPv6 Address and Prefix: 0 Import Virtual Machine...
IPv6 Default Gateway:
£ HyperV Settings...
IS Settings: Virtual Switch Manager...
Prinary Naneserver: 10.6.254.4
Secondary Naneserver:
J Virtual SAN Manager..
Tertiary Naneserver: Edit Disk...
Alternate Search Dona inis):
HostnanezFQDfl : aue ju I ian-gaZ-44 a Inspect Disk-
@ Stop Senate
T Settings:
NTP Servers : 10.6.254.4 2S Remove Server
Rehash
- Change IPv4 Configuration
- Change IPv6 Configuration View 6
Change DNS Configuration Q Help
- Change NTP Conf igurat ion
- Apply changes and exit HARSP1_HTB_vm-ave62
- Quit and discard all changes
ter selection fron nenu (1-61:5 nJ Connect..
Settings—
11 changes and exit (YzN) (N1?Y
@ TumOFF...
new network configuration 0 Save
Resume
Ik Reset
Revert...
3* Move...
0, Export
•I Rename...
Q Help
- ' E1EJLJE3
12:21AM
7/4/2016
Network setting in the AVE CLI
The avenetconfig command runs automatically when the virtual machine is first
booted.
• To enter the IPv4 IP Configuration, press 1.
− Press 2 to enter the IPv4 Default Gateway address.

• Press 3 to enter the DNS Settings.
− Press appropriate number to enter Alternative Search Domain.
− Press the appropriate number to enter the Hostname or FQDN.
• Press 4 to enter or change the NTP Settings.
• Press 1 to enter the IP address for the NTP server.
• Press 3 to return to the main menu.
• At the main menu, review the configuration and press 5 to save the changes
and exit.

Explore Upgrades and Post Installation Activities

Upgrading AVE
The AVE upgrade workflow package provides a customer-enabled way to upgrade

the Avamar software on an AVE virtual machine. If upgrading from version 19.4 or
later, the SLES 12 SP5 is in the update.
Tip: An active replication session may cause the upgrade to fail. Be

sure that all replication processes have completed or stopped.

Avamar Virtual Edition and Upgrade Guide on Dell Support.

Avamar Installation Manager User Interface
Open a web browser and log in to the Avamar Installation Manager by entering
the following:
https://Avamar-server:7543/avi where Avamar-server is the IP address

or the hostname of the Avamar server.
Log in as root for the Avamar software.

Download Package
Nippon
Products Solutions Services Support Community

Chat with Support
Product Support Knowtadge Base Warranty & Convicts Service Requests Order Support Contact Support
Create Service Request
Welcome to Support
sr a Service Tag, Serial Number, Service Request, Model, or Keyword, o Recently viewed
Cookie Consent
Avamar Web Restore
<>Hpme .Search 6 W; Browsed A Downloads 5 AAjjminjWW!
Search Browse
Search backed up directories and Files Browse backed up directories and Files
£9
Downloads Documentation
Get Avamar Software Get Avamar Documentation
£9 £S
Avamar Web Restore User Interface
Download the AVE upgrade workflow package from Dell Support Avamar
Downloader Service or Local Downloader Service (LDLS).

Upload the Package
Open
t Installation Files Search Installation Files P
Organize Nev* folder [J to
Name Date modified Type

. Favorites
Desktop AvamarUpgrade-19.4.avp
Avamar® Installation Manager Downloads 1/22/2020 438 AM OVA File
SW Updates
Repository
History Repository Configuration ...* Recent places ddve- 62 020- 624005.ova 1/22/2020 437 AM OVA File
2 proactive_check.pl 3/1/2019 11:35 AM PL File
*• This PC
P«ck»O» Upload B<owm
Network
PacMpaa Repository
Stam* Noto
Filename AvamariJpgrade-19.4.avp
Avamar® Installation Manager

SW Upgrades History Repository Configuration
Repository
This page displays the files and download status m the Installation Manager Repository.
Package Upload
Brov.-se .
Packages in Repository
FileName Status Hole
AvamarUpgrade-19.4.avp Accepted Package Is Available
Under the Repository tab, upload the Avamar Upgrades (AvamarUpgrade-

<version>.avp) package, and wait until the status of the package is accepted.
Initiate the Upgrades

SW Upgrades History Repository Configuration
k Step 1 Package SelecSon > Step 2 Installation Setup > Step 3 Installation Progress
SW Upgrades
Select a package and then click the appropriate button Io proceed
Nota: For Support-Only packages the action buttons wH be disabled for Non-Support users Server ave01.emc.edu
Package Litt Grouping SW Upgrades v Sort by’ Description j 3
Avamar Upgrade Install

Version 19 4 Priority: Normal
Delete
Description: Upgrade To Avamar vT 9.4 . This package upgrades the Avamar software running on your server to v'1^ Installation of this package suspends Avamar

Click the SW Upgrade tab, and click Install to initiate the Avamar upgrade.
Required Information
> Step 1 Package Selection > Step 2 Instalabon Setup > Step 3 InstataOon Progress
Installation Setup Server aveO1.emc.edu

Instating We packape requires specific system settings Complete We instalaticn setup Oy providing We requested nformabon
On the Installation Setup page, enter the required information, click Save, and
click Continue.

Installation Manager

|SW Upgrade* History Repository Corrfipjration
> Slap 3 mumai P<og>en
Installation Progress 5e,vt.»>TQi rtf
TIM page <Mpiaf> tie eWUke progri Cl A.anrtrUM.Aa*19X>'
Rebooting Utility Node (79 of 162)
I
lagmg ave01.rnK.edu
Server » Mil maelng...
Information log
Tart flame Progre** V Teneetamp Uter Acton*

Perfcmeig Cwwion Chert* Pie Server Retool «6 202M>M7^*4241
Enable titan wr.xe fw turtip (77 o> M2> 47 MW^t 7-04 4247
Oertxig Pautmg H Regoetted Before Reboot 47 »2fM>2>17^4 4244
*
Reeoobeg UMf, Mode (7* of t«7i 44 3O2O«2I17^425O
Rrtooorg Urttr t-Me 17» <* l«i 202O02J17O6 4252 CM Sogporl

© 2001-2019 Dell Inc. or its subsidiaries. All Rights Reserved. V19.2.0 155
D0LLEMC
Username
During the upgrade process, the Avamar server restarts and the Avamar
Installation Manager UI is displayed.

Complete the Upgrade
Available Packages
/ Step i Package Selection Step 2 insUr'ation Setup > Step 3. installation Progress
Installation Progress
SW Releases
This page displays the installation progress and details If issues occur, the program Server aveot.emc.edu
provides actions to take. Currently installing j AvamarUpgrade192O
SW Upgrades
Restore Postgres databases after upgrade. (115 of 162)
SW Updates
Maintenance ©
History
Information Log a
Repository Task Name Progress(... Timestamp User Actions Installation Messages
Modifying Chunkiist Cache for 69 2020/02/17-06 50

Configuration
2O2O/O2/17-O6.51.C Operation not needed Decause Data Domain System not .
Upgrading AvFS RPMs (113 Of 1_ 70 2020/02/17-06 51 C
Starting AvFS Service (114 of 1 70 2020/02/17-06:51:6
Export.
Log in to the Avamar Installation Manager and click Monitor to view the progress
of the upgrade.
The upgrade is now complete. Continue to the post installation activities.

Additional Avamar Upgrades
Upgrades for the Avamar host operating system and the client plugins are installed
independently from the Avamar upgrades.
Security Rollups
Security rollups patch vulnerabilities in the SUSE Linux operating system that
Avamar runs on.
The Avamar security team collects patches that are released by SUSE. The
patches are and then packaged and made available as quarterly security rollup
downloads. The rollups include bug fixes and Common Vulnerabilities and
Exposures (CVE).
Verify that the latest security rollup is installed on the Avamar system using the
following methods:
• Checking the Avamar Installation Manager for previously installed security

rollups
• Running the proactive_check.pl health check script3 on Avamar
Client Only Upgrades
Avamar upgrades do not include the client plugins, the following upgrade packages
are available:
Client downloads
3The proactive_check.pl script is a Technical Support tool for checking the health
of an Avamar server.

• Upgrades all client downloads on the Avamar Web Restore web page.
• Upgrades the Avamar client plugin catalog4.
Avamar Client Manager client installers
• Upgrades the client push feature of the Avamar Client Manager5.
Go to: Security Rollups and client only upgrade packages are

downloaded from the Dell Support.
4 The Avamar plugin catalog lets the Avamar system know what versions of clients
it can support.
5 The Avamar Client Manager helps Avamar administrators manage and update
multiple clients in the company enterprise.

Post Installation Activities
Once the upgrade has completed, verify the following:
Tasks Description of Task
Verify all Avamar services are up Log in to the Avamar server and run the
and running. command dpnctl status. Verify the gsan
version6 and all nodes are up and running. If
any services are not running the command
dpnctl start resumes all services.
Confirm access to existing Go to the AUI and confirm a restore of a

backups. clients previous backup. Administrators
should see all existing backups available for
the restore.
Run a test backup. From the AUI choose an existing client to

backup.
Test replication. Select a suitable replication group or policy,

and perform an on-demand replication.
If PowerProtect DD is integrated A new certificate must be generated after an

with the Avamar, generate new Avamar has been upgraded. Test a backup
certificates. to the target PowerProtect DD. To prevent
accidental backups to the Avamar metadata
node, verify the PowerProtect DD7 is chosen
to store all backups.
6This file shows the version of Avamar from the upgrade.

7By default, all Avamar and PowerProtect DD integrations enable client backups to
be stored on either the Avamar or PowerProtect DD system.

Best Practice: Always review the Dell Avamar Installation and Upgrade
Guide on Dell Support before doing any installations or upgrades.
Go to: To generate a new certificate, refer to the steps outlined in

the Dell Avamar Installation and Upgrade Guide on Dell Support.

Analyze Expanding AVE with ave_scale Command

Using ave_scale Command
The Avamar ave_scale command is the tool that enables an administrator to

expand the data capacity on an AVE supported by a vSphere host. The tool also
expands the capacity of the /space partition of an AVE instance to 96 GB.
The tool is available in the following binaries:
• ave_scale.exe for Windows

• ave_scale for Linux
The upgrade path for the tool is the following:
Old New Version

Version
0.5 1 TB, 2 TB, 4 TB, 8 TB, 16 TB
1 TB 2TB.M, 4 TB, 8 TB, 16 TB
2 TB 4 TB, 8 TB, 16 TB
4 TB 8 TB, 16 TB
8 TB 16 TB
Best Practice: Before expanding the AVE, Dell Technologies

recommends that users replicate Avamar server to another Avamar
server or back up checkpoints to a PowerProtect DD system.

Important: If the Avamar server is connected to a PowerProtect

DD, backup all checkpoints to the PowerProtect DD system and
create a checkpoint.
Important: Replicate the Avamar server to another Avamar server

and all the latest backups to the destination Avamar server, if
Avamar is not connected to a PowerProtect DD appliance.

Running the ave_scale Command
Before running the ave_scale command, validate the following:
• The Avamar version must be 19.4 or higher.

• Run the ave_scale tool on an external system.
• Systems can be either Windows or LINUX and does not have to be the AVE
instance.
Tip: For more information about the ave_scale command, run the
command ave_scale <command> --help
Tip: If the --vc-password, --ave-password or --upgrade-to

options are not specified, the precheck command interactively asks
for the values.
Important: Running ave_scale expand may require a new

Avamar License.
Supported Commands
The command ave_scale <command> options are the following:
Command Description Global Option Global Option

Description

precheck Checks the AVE -d --debug Debugs output

to see if its
configuration
and environment
allow for storage
expansion
expand Expands AVE -h --help Help for the tool.

storage capacity
to one of the
supported
sizes: 1 TB, 2
TB, 4 TB, 8 TB,
16 TB
createspace Creates a space -l --log Path to the log file

partition if the string • Default path is
existing one is ./ave_scale.log
not already at
• Use "-" for stderr
the target size of
96 GB.
help Help on any -v -- Version of the ave_scale

command. version command
Running the ave_scale precheck Command
The precheck command identifies the AVE and finds out possible scalable
options. Also, the command checks whether the datastore, on which the virtual
machine is present, has sufficient space for expansion.
The ave_scale precheck <options> are the following:
Option Description
--ave-admin- AVE guest operating system admin user password.

password
<value>

--ave-hostname Avamar server resolvable hostname or IP address (this is

<value> mandatory for the use of the tool).
--ave-password Avamar server root password (default port number is 22).

<value>
--ave-ssh-port AVE SSH port number.

<value>
--ave-vm-name AVE name from vCenter Server (mandatory for the use of
<value> the tool).
--upgrade-to Selected upgrade configuration name.

<value>
--vc-name vCenter Server name (mandatory for the use of the tool).
<value>
--vc-username vCenter Server username (mandatory for the use of the

<value> tool)
--vc-password vCenter Server password

<value>
--vc-port vCenter Server port number (default port number is 443).

<value>
Running the ave_scale expand Command
The ave_scale expand command expands the capacity of an AVE. The

ave_scale expand <options> are the following:
Option Description
--ave-admin- AVE guest operating system admin user password

password <value>
--ave-hostname Avamar server resolvable hostname or IP address

<value> (mandatory for the use of the tool).

--ave-password Avamar server root password

<value>
--ave-ssh-port AVE SSH port number (the default port number is 22).
<value>
--ave-vm-name AVE name from vCenter Server (mandatory for the use
<value> of the tool).
--upgrade-to Selected upgrade configuration name, value would be

<value> the size of AVE.
--vc-name <value> vCenter Server name (mandatory for the use of the
tool).
--vc-username vCenter Server username (mandatory for the use of the

<value> tool).
--vc-password vCenter Server password.

<value>
--vc-port <value> vCenter Server port number (default port number is

443).
--non-interactive Runs the command in the noninteractive mode.

This option is useful in automating the tasks on multiple
AVEs.
This option works only if you specify the other options.
Running the createspace Command
The createspace expand <options> are the following:
Option Description
--ave-admin- AVE guest operating system admin user password

password
<value>

--ave-hostname Avamar server resolvable hostname or IP address

<value> (mandatory for the use of the tool)
--ave-password AVE guest operating system root user password

<value>
--ave-vm-name AVE guest name from vCenter Server (mandatory for the
<value> use of the tool).
--vc-name vCenter Server resolvable hostname (mandatory for the

<value> use of the tool)
--vc-username vCenter Server username

<value> This value is a mandatory option.
--vc-password vCenter Server password

<value>
--vc-port vCenter HTTPS port number (the default port number is

<value> 443).
--non- Runs the command in the noninteractive mode when all

interactive the required passwords are provided in the command line.

Examples of ave_scale Command
The ave_scale createspace adds a 96 GB storage partition to an existing

AVE. The purpose of the expansion is to provide addition space for upgrading.
The following table provides examples of the ave_scale createspace

command:
Examples Descriptio
n

$ sudo /home/jsweet/bin/ave_scale createspace -non-int

In this
--vc-name ny-vcenter. lab.dell.com \
example of
- -vc -username myVcenterUserld \
the
ave_scal
- -vc-password myVcenterPass \
e
-ave- hostname test-ave-2021-09 \
createsp
- -ave-vm-name "testave-2021-09 (no. 3, Fred's)" \
ace
--ave- password testAveOsRootPas sword \
command.
-ave-admin-password testAveOsAdminPassword
in this
example
ave_scale createspace command
the
command
is being ran
with the --
non
interact
ive option.
With the --
non
interact
ive option
the user will
not be
prompted
for the
mandatory
information.

—
The output
ave_scale : 19.4.0-5
Date : 03 Sep 2021 11:58 POT
of the
Logging to : .Zave_scale.log ave_scal
e
ave_scale: [INFO]: 2021-09-03Tll:58:57-0700 :
5 starting - logging to .Zave_scale.log
—— ave_scale version 19.4.0-
createsp
ave_scale: [INFO]: 2021-09-03111:58:57-0700 : Create new space partition ace
operation invoked
ave_scale: [INFO]: 2021-09-03Tll:58:57-0700 : Pinging ae-283d command
ave_scale: [INFO]: 2021-09-03111:58:57-0700 : Ping ae-283d rtt -
378.553ps
shows that
ave_scale: [INFO]: 2021-09-03111:58:57-0700 : Logging into aevc2
ave_scale: [INFO]: 2021-09-03Tll:58:58-0700 : VM ae-283d (no. 3, Terry's) found on a 96GB
host-781, vSphere version 6.7.0
partition
ave_scale: [INFO]: 2021-09-03Tll:58:58-0700 : Creating a working directory on ae-
283d exists. The
av o At . ^*111 VJ . avia a j J i aa . w •
partition is
<snipZ> found to be
ave_scale: [INFO]: 2021-09-03112:00:00-0700 : found a Z space partition of
adequate -
size 96 GB
ave_scale: [INFO]: 2021-09-03T12:00:00-0700 : The 96 GB Zspace partition on ae- no
283d is adequate - no expansion needed
expansion
ave_scale: [INFO]: 2021-09-03112:00:00-0700 : exit status 0
ave_scale: [INFO]: 2021-09-03T12:00:00-0700 : ....
ave_scale version 19.4.0- needed.
5 ending at 03 Sep 2021 12:00 PDT - exit status 0 - log file: -Zave_scale.log
sss s
ave_scale createspace command output

T
vSphere Client Menu Before the
ave_scal
Edit Settings ae-283d (no.3. Jerry's)
e
Virtual Hardware VM Options createsp
1 ADD NEW ace
> CPU 2 v command
> Memory 6 1
I
w
।
1 GB is run there
> Hard disk 1 126 GB
are three
> Hard disk 2 250 GB storage
> Hard disk 3 250 GB partitions
> Hard disk 4 250 GB v with 250
> SCSI controller O LSI Logic Parallel GB.
CANCEL
vCenter storage view before ave_scale createspace.
After the
Edit Settings ae-283d eno. 3. Jerry’s)
command
is run, the
vCenter
storage for
the AVE
shows an
additional
partition of
96 GB
created.
vCenter storage view after ave_scale createspace.

You Have Completed This Content
Click the Save Progress and Exit button in the course menu or below
to record this content as complete.
Go to the next learning or assessment, if applicable.

Glossary
CVE
Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed
information security vulnerabilities and exposures.
© Copyright 2021 Page 51


Avamar Book ALL

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Avamar Book ALL

Uploaded by

Copyright:

Available Formats

D0LL Technologies

DELL AVAMAR CONCEPTS

© Copyright 2022 Dell Inc. Page i

Explore Avamar ......................................................................................................................... 2

Examine Avamar Architecture ................................................................................ 10

Integrating with Avamar .......................................................................................... 19

Dell Avamar Concepts Participant Guide

Page ii © Copyright 2022 Dell Inc.

Dell Avamar Concepts Participant Guide

© Copyright 2022 Dell Inc. Page 1

Dell Avamar Concepts Participant Guide

Page 2 © Copyright 2022 Dell Inc.

Avamar is a comprehensive backup and recovery solution addressing data

Dell Avamar Concepts Participant Guide

© Copyright 2022 Dell Inc. Page 3

Global Reduces the backup storage needs by eliminating

Minimal Scalable server architecture, flexible deployment, and no

Centralized Avamar Administrator and Avamar User Interface (AUI)

Scalable Extra storage nodes can be added to an Avamar multi-

Flexible Options include Avamar Virtual Edition (AVE) and Avamar

Dell Avamar Concepts Participant Guide

Page 4 © Copyright 2022 Dell Inc.

Disk Storage The random-access nature of the disk makes deduplication

Data Deduplication is one of the key features of an Avamar system. Deduplication

Variable Block Level

Variable Block Level

2 This can be performed only if Avamar is integrated with a PowerProtect DD.

Dell Avamar Concepts Participant Guide

© Copyright 2022 Dell Inc. Page 5

Important: For more detailed information, see the Avamar

Dell Avamar Concepts Participant Guide

Page 6 © Copyright 2022 Dell Inc.

Avamar System Components

Avamar Backup Avamar Server5 Avamar Web User Interface or

using either Avamar Administrator or AUI. AUI is a web-based application that is

Dell Avamar Concepts Participant Guide

© Copyright 2022 Dell Inc. Page 7

Avamar Backup Clients

Avamar System Components

Important: Data Domain is now PowerProtect DD. References to

Dell Avamar Concepts Participant Guide

Page 8 © Copyright 2022 Dell Inc.

Exploring Dell Avamar User Interface - Simulation Activity

The Online Course Contains an Interaction Here.

[Detailed description of the Interaction for Guides]

Dell Avamar Concepts Participant Guide

© Copyright 2022 Dell Inc. Page 9

Examine Avamar Architecture

Dell Avamar Concepts Participant Guide

Page 10 © Copyright 2022 Dell Inc.

Systematic Fault Tolerance

To ensure system integrity, Avamar provides systematic fault tolerance at the

Redundant Array of Independent Disks (RAID) provides the following:

• A method of protection against disk failure or corruption.

Redundant Array of Independent Nodes (RAIN) provides the following:

• A flexible, fault-tolerant architecture that enables an Avamar server to maintain

HA Uplinks and Switches

• Provide high availability in the event of hardware failure.

Dell Avamar Concepts Participant Guide

© Copyright 2022 Dell Inc. Page 11

The use of checkpoints7 (CP) provides the following:

• Protects data that is stored in Avamar in the event of operational failures.

7 Checkpoints provide redundancy across time. Checkpoints enable you to recover

Dell Avamar Concepts Participant Guide