EMC DD OS 5.2 Administration Guide

EMC DD OS 5.2 Administration Guide
DD OS 5.2 Administration
Guide
Backup Recovery Systems Division
Data Domain LLC
2421 Mission College Boulevard, Santa Clara, CA 95054
866-WE-DDUPE; 408-980-4800
759-0011-0007 Revision A
September 2012
Copyright © 2009-2012 EMC Corporation. All Rights Reserved.
EMC believes the information in this publication is accurate as of its
publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC
CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES
OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this
publication requires an applicable software license.
EMC2, EMC, Data Domain, Global Compression™, and the EMC logo are
registered trademarks or trademarks of EMC Corporation in the United States
and other countries. All other trademarks used herein are the property of their
respective owners.
2
Contents
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . .25
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Contacting Data Domain . . . . . . . . . . . . . . . . . . . . . . . . 27
1 Introducing the Data Domain System . . . . . . . . . . .29
Data Domain Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Data Domain System Features . . . . . . . . . . . . . . . . . . . . 30
Data Integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Data Compression . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Restore Operations . . . . . . . . . . . . . . . . . . . . . . . . . 32
Data Domain Replicator . . . . . . . . . . . . . . . . . . . . . . 32
Multipath and Load Balancing . . . . . . . . . . . . . . . . . . 33
System Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Licensed Features . . . . . . . . . . . . . . . . . . . . . . . . . . 34
How Data Domain Systems Integrate into the Storage
Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Backup Software Requirements . . . . . . . . . . . . . . . . . 38
Application Compatibility Matrices and Integration
Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
View Data Domain Application-Related Documents . . 39
Generic Application Configuration Guidelines . . . . . 39
DD OS 5.2 Administration Guide
3
2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . 41
Interacting with the System . . . . . . . . . . . . . . . . . . . . . .41
Using the Enterprise Manager . . . . . . . . . . . . . . . . . . . . .42
Log In and Out of the Enterprise Manager . . . . . . . . . . .42
Clear the Browser Cache . . . . . . . . . . . . . . . . . . .43
About the Enterprise Manager Interface . . . . . . . . . . . .43
DD Network Summary View . . . . . . . . . . . . . . . . . .43
Single System View . . . . . . . . . . . . . . . . . . . . . . .44
EM Page Elements . . . . . . . . . . . . . . . . . . . . . . . .44
Navigational Pane . . . . . . . . . . . . . . . . . . . . . . . .45
Masthead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Informational Pane . . . . . . . . . . . . . . . . . . . . . . .46
View End User License Agreement (EULA) . . . . . . . .47
Using the EM Configuration Wizard . . . . . . . . . . . . . . . . .48
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Log In to the System Using the CLI . . . . . . . . . . . . . . .48
Find Online Help for Commands . . . . . . . . . . . . . . . . .49
3 Managing Data Domain Systems . . . . . . . . . . . . . . 51
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Managing System Availability . . . . . . . . . . . . . . . . . . . . .53
Add a Data Domain System to the Enterprise Manager . .53
Remove a DD System from the Enterprise Manager . . . . .54
Reboot a Data Domain System . . . . . . . . . . . . . . . . . .54
Power On and Power Off a Data Domain System . . . . . .55
Working with Upgrade Images . . . . . . . . . . . . . . . . . . . . .55
List Upgrade Packages . . . . . . . . . . . . . . . . . . . . . . .56
4
Contents
Upload Upgrade Packages . . . . . . . . . . . . . . . . . . . . 56
Upgrade a Data Domain System . . . . . . . . . . . . . . . . . 57
Remove an Upgrade Image . . . . . . . . . . . . . . . . . . . . 58
Managing System Licenses . . . . . . . . . . . . . . . . . . . . . . 58
Display Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Add Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Remove Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Managing System Storage . . . . . . . . . . . . . . . . . . . . . . . 59
View System Storage Information . . . . . . . . . . . . . . . 60
Storage Overview . . . . . . . . . . . . . . . . . . . . . . . . 61
Status View . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Disks View . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Physically Locating a Disk. . . . . . . . . . . . . . . . . . . . . 65
Configuring Storage . . . . . . . . . . . . . . . . . . . . . . . . 65
Managing Network Connections . . . . . . . . . . . . . . . . . . . 66
Configuring Network Interfaces . . . . . . . . . . . . . . . . . 67
View Interface Information . . . . . . . . . . . . . . . . . 67
Configure Physical Interfaces . . . . . . . . . . . . . . . . 70
Configuring Virtual Interfaces . . . . . . . . . . . . . . . 72
Configuring a VLAN . . . . . . . . . . . . . . . . . . . . . . 82
Configuring an IP Alias . . . . . . . . . . . . . . . . . . . . 84
Registering a DDNS . . . . . . . . . . . . . . . . . . . . . . . 86
Destroying an Interface . . . . . . . . . . . . . . . . . . . . 87
View an Interface Hierarchy with the Tree View . . . 88
Configuring Network Settings . . . . . . . . . . . . . . . . . . 88
View Settings Information . . . . . . . . . . . . . . . . . . 88
Set Hostnames . . . . . . . . . . . . . . . . . . . . . . . . . 89
DD OS 5.2 Administration Guide
5
Manage a Domain Search List . . . . . . . . . . . . . . . . .90
Map Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Set DNS IP Addresses . . . . . . . . . . . . . . . . . . . . . .92
Configuring Routes . . . . . . . . . . . . . . . . . . . . . . . . . .93
View Route Information . . . . . . . . . . . . . . . . . . . .94
Set the Default Gateway . . . . . . . . . . . . . . . . . . .95
Create Static Routes . . . . . . . . . . . . . . . . . . . . . .96
Delete Static Routes . . . . . . . . . . . . . . . . . . . . . .97
Managing Access to the System . . . . . . . . . . . . . . . . . . . .97
Manage Administrator Access . . . . . . . . . . . . . . . . . . .98
View Administrator Access . . . . . . . . . . . . . . . . . .98
Manage Telnet Access . . . . . . . . . . . . . . . . . . . . .99
Manage FTP Access . . . . . . . . . . . . . . . . . . . . . . .99
Manage HTTP/HTTPS Access . . . . . . . . . . . . . . . . 100
Manage SSH Access . . . . . . . . . . . . . . . . . . . . . . 101
Manage Local User Access to the System . . . . . . . . . . 102
View Local User Information . . . . . . . . . . . . . . . . 102
User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Create Local Users . . . . . . . . . . . . . . . . . . . . . . 105
Modify a Local User Profile . . . . . . . . . . . . . . . . . 107
Delete Local User . . . . . . . . . . . . . . . . . . . . . . . 108
Enable and Disable Local User . . . . . . . . . . . . . . . 109
Enable Security Authorization . . . . . . . . . . . . . . . 109
Change User Passwords . . . . . . . . . . . . . . . . . . . 110
Modify Password Policy . . . . . . . . . . . . . . . . . . . . 110
Manage NIS Servers and Workgroups . . . . . . . . . . . . . 111
View NIS Information . . . . . . . . . . . . . . . . . . . . . 111
Enable and Disable NIS Authentication . . . . . . . . . 112
6
Contents
Edit Domain Name . . . . . . . . . . . . . . . . . . . . . . 112
Configure Authentication Servers . . . . . . . . . . . . 113
Configure NIS Groups . . . . . . . . . . . . . . . . . . . . 113
Manage Windows Servers and Workgroups . . . . . . . . . 114
View Windows Information . . . . . . . . . . . . . . . . 114
Configure Authentication for Workgroup . . . . . . . 115
Configure Authentication for Active Directory . . . . 115
Create Allowed Groups . . . . . . . . . . . . . . . . . . . 117
Modify Groups . . . . . . . . . . . . . . . . . . . . . . . . . 117
Delete Groups . . . . . . . . . . . . . . . . . . . . . . . . . 118
Managing General Configuration Settings . . . . . . . . . . . . 118
Working with Email Settings . . . . . . . . . . . . . . . . . . 118
Configure Mail Server Settings . . . . . . . . . . . . . . 119
View Autosupport Email List . . . . . . . . . . . . . . . 119
Configure the Autosupport Mailing List . . . . . . . . . 119
Test the Alerts Email List . . . . . . . . . . . . . . . . . 120
Working with Time and Date Settings . . . . . . . . . . . . 120
View Time and Date Information . . . . . . . . . . . . 121
Configure Time and Date Settings . . . . . . . . . . . . 121
Working with System Properties . . . . . . . . . . . . . . . 122
View System Properties . . . . . . . . . . . . . . . . . . . 122
Configure System Properties . . . . . . . . . . . . . . . 122
Working with SNMP . . . . . . . . . . . . . . . . . . . . . . . . 122
Check SNMP Status and Configuration . . . . . . . . . 124
Enable or Disable SNMP . . . . . . . . . . . . . . . . . . . 126
Download the SNMP MIB . . . . . . . . . . . . . . . . . . 126
Configure SNMP Properties . . . . . . . . . . . . . . . . 126
Managing SNMP V3 Users . . . . . . . . . . . . . . . . . . 127
DD OS 5.2 Administration Guide
7
Managing SNMP V3 and V2C Trap Hosts . . . . . . . . . 128
Managing SNMP V2C Communities . . . . . . . . . . . . . 130
Managing Reporting and Logging . . . . . . . . . . . . . . . . . . 132
Managing Autosupport Reporting. . . . . . . . . . . . . . . . 132
Add to the Autosupport Report Email List . . . . . . . 132
Review Generated Autosupport Reports . . . . . . . . . 133
Managing Support Bundles . . . . . . . . . . . . . . . . . . . . 133
Generate a Support Bundle . . . . . . . . . . . . . . . . . 133
Review the Support Bundles List . . . . . . . . . . . . . 134
Managing Log Files . . . . . . . . . . . . . . . . . . . . . . . . . 134
Review System Log List . . . . . . . . . . . . . . . . . . . 135
Send Log Messages to Another System . . . . . . . . . . 135
Add a Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Remove a Host . . . . . . . . . . . . . . . . . . . . . . . . . 136
Enable Sending Log Messages . . . . . . . . . . . . . . . . 136
Disable Sending Log Messages . . . . . . . . . . . . . . . 136
Display the List and State . . . . . . . . . . . . . . . . . . 137
List Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Display a Log File . . . . . . . . . . . . . . . . . . . . . . . 138
Understand a Log Message . . . . . . . . . . . . . . . . . 139
Save a Copy of Log Files . . . . . . . . . . . . . . . . . . . 140
Using IPMI to Control Remote Data Domain Systems . . . . . 141
Getting Started with IPMI . . . . . . . . . . . . . . . . . . . . 141
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
View IPMI Configuration Information . . . . . . . . . . . 142
Configuring IPMI for a Remote Data Domain System . . . 143
Set the IPMI Port on a Remote System . . . . . . . . . . 144
8
Contents
Enable or Disable the IPMI Network Port . . . . . . . 145
Managing IPMI Users . . . . . . . . . . . . . . . . . . . . . 145
Managing the Remote Data Domain System . . . . . . . . 146
Log In to an IPMI Remote Data Domain System . . . 146
Power Management on the Remote System . . . . . . 147
4 Monitoring Data Domain Systems . . . . . . . . . . . . 149
Monitoring with the DD Network Summary . . . . . . . . . . . 149
Check DD Network Status . . . . . . . . . . . . . . . . . . . . 150
About the System Status Pane . . . . . . . . . . . . . . 151
About the Space Usage Pane . . . . . . . . . . . . . . . 151
About the Systems Pane . . . . . . . . . . . . . . . . . . 152
Monitoring a Single System . . . . . . . . . . . . . . . . . . . . . 152
Check the System’s Status Summary . . . . . . . . . . . . 153
About the Alerts Pane . . . . . . . . . . . . . . . . . . . . 153
About the File System Pane . . . . . . . . . . . . . . . . 154
About the Services Pane . . . . . . . . . . . . . . . . . . 154
About the Hardware Pane . . . . . . . . . . . . . . . . . 154
Check the System Details . . . . . . . . . . . . . . . . . . . . 155
Monitoring Chassis Status . . . . . . . . . . . . . . . . . . . . . . 155
Fans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Power Supply. . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
PCI Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
NVRAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Working with Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Working with the Current Alerts Page . . . . . . . . . 159
DD OS 5.2 Administration Guide
9
Working with the Alerts History Page . . . . . . . . . . 161
Working with the Notification View . . . . . . . . . . . 163
Working with the Daily Alert Summary Page . . . . . . 167
Check Active Users. . . . . . . . . . . . . . . . . . . . . . . . . 168
Check System Statistics. . . . . . . . . . . . . . . . . . . . . . 168
CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
FS ops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Working with Reports . . . . . . . . . . . . . . . . . . . . . . . . . 170
Types of Reports . . . . . . . . . . . . . . . . . . . . . . . . . . 171
File System Cumulative Space Usage Report . . . . . . 171
File System Daily Space Usage Report . . . . . . . . . . 173
Replication Status Report . . . . . . . . . . . . . . . . . . 174
Replication Summary Report
. . . . . . . . . . . . . . . 175
Create a Report. . . . . . . . . . . . . . . . . . . . . . . . . . . 176
View Saved Reports . . . . . . . . . . . . . . . . . . . . . . . . 176
Print Saved Reports . . . . . . . . . . . . . . . . . . . . . . . . 177
Delete Saved Reports . . . . . . . . . . . . . . . . . . . . . . . 177
Rename Saved Reports . . . . . . . . . . . . . . . . . . . . . . 178
Viewing the Task Log . . . . . . . . . . . . . . . . . . . . . . . . . 178
5 Working with the File System . . . . . . . . . . . . . . 181
About the File System . . . . . . . . . . . . . . . . . . . . . . . . . 181
How the File System Stores Data. . . . . . . . . . . . . . . . 181
How the File System Reports Space Usage . . . . . . . . . 182
10
Contents
How the File System Uses Compression. . . . . . . . . . . 183
Types of Compression . . . . . . . . . . . . . . . . . . . . 184
How the File System Implements Data Integrity . . . . . 184
End-to-End Verification . . . . . . . . . . . . . . . . . . . 184
Fault Avoidance and Containment . . . . . . . . . . . . 185
Continuous Fault Detection and Healing . . . . . . . . 186
File System Recoverability . . . . . . . . . . . . . . . . . 187
How the File System Reclaims Storage Space with File
System Cleaning . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Supported Interfaces. . . . . . . . . . . . . . . . . . . . . . . 188
Supported Backup Software . . . . . . . . . . . . . . . . . . 188
Data Streams Sent to a Data Domain System . . . . . . . 189
File System Limitations . . . . . . . . . . . . . . . . . . . . . 191
Limits on Number of Files in a Data Domain System
191
Maximum Number of Supported Inodes . . . . . . . . 193
Maximum Path Name Length . . . . . . . . . . . . . . . 193
Monitoring File System Usage . . . . . . . . . . . . . . . . . . . 193
Access the File System View . . . . . . . . . . . . . . . . . . 194
About the File System Overview Pane . . . . . . . . . 194
About the Summary View . . . . . . . . . . . . . . . . . 195
About the Archive Units View . . . . . . . . . . . . . . . 196
About the Configuration View . . . . . . . . . . . . . . 197
About the Encryption View . . . . . . . . . . . . . . . . 198
About the Space Usage View . . . . . . . . . . . . . . . 199
About the Consumption View . . . . . . . . . . . . . . . 200
About the Daily Written View . . . . . . . . . . . . . . . 201
When the File System Is Full or Nearly Full . . . . . . 203
Monitor the Space Usage with Email Alerts . . . . . . 203
DD OS 5.2 Administration Guide
11
Managing File System Operations. . . . . . . . . . . . . . . . . . 204
Performing Basic Operations . . . . . . . . . . . . . . . . . . 204
Creating the File System . . . . . . . . . . . . . . . . . . . 204
Enable or Disable the File System . . . . . . . . . . . . . 205
Expand the File System . . . . . . . . . . . . . . . . . . . 205
Destroy the File System . . . . . . . . . . . . . . . . . . . 206
Performing Cleaning . . . . . . . . . . . . . . . . . . . . . . . . 207
Manually Start and Stop Cleaning . . . . . . . . . . . . . 207
Modify a Cleaning Schedule
. . . . . . . . . . . . . . . . 208
Throttle the Cleaning Operation . . . . . . . . . . . . . 208
Modifying Basic Settings . . . . . . . . . . . . . . . . . . . . . 208
Change Local Compression . . . . . . . . . . . . . . . . . 209
Change Read-only Settings . . . . . . . . . . . . . . . . . 209
Working with Disk Staging . . . . . . . . . . . . . . . . . . 210
Configure Disk Staging . . . . . . . . . . . . . . . . . . . . 211
Tape Marker Settings . . . . . . . . . . . . . . . . . . . . . 211
Managing Encryption of Data at Rest . . . . . . . . . . . . . . . 212
How Encryption of Data at Rest Works . . . . . . . . . . . . 212
About Key Management. . . . . . . . . . . . . . . . . . . . . . 214
Key Manager Support . . . . . . . . . . . . . . . . . . . . . 214
About the Local Key Manager . . . . . . . . . . . . . . . 215
About the RSA DPM Key Manager . . . . . . . . . . . . . 215
How the Cleaning Operation Works . . . . . . . . . . . . 219
Key Manager Setup< . . . . . . . . . . . . . . . . . . . . . . . . 219
Local Key Manager Encryption Setup . . . . . . . . . . . 219
RSA DPM Key Manager Encryption Setup . . . . . . . . 221
Changing Key Managers after Setup . . . . . . . . . . . . . . 226
12
Contents
Checking Settings for Encryption of Data at Rest . . . . 226
Enabling and Disabling Encryption of Data at Rest . . . 226
Enable Encryption of Data at Rest . . . . . . . . . . . . 226
Disable Encryption of Data at Rest . . . . . . . . . . . 227
Locking and Unlocking the File System . . . . . . . . . . . 227
Lock the File System . . . . . . . . . . . . . . . . . . . . 228
Unlock the File System . . . . . . . . . . . . . . . . . . . 229
Changing the Encryption Algorithm . . . . . . . . . . . . . 229
Managing the Encryption Passphrase . . . . . . . . . . . . 230
Change the Encryption Passphrase . . . . . . . . . . . 231
Fast Copy Operations . . . . . . . . . . . . . . . . . . . . . . . . . 232
Perform a Fast Copy Operation . . . . . . . . . . . . . . 232
6 DD Retention Lock . . . . . . . . . . . . . . . . . . . . . . 235
About DD Retention Lock . . . . . . . . . . . . . . . . . . . . . . 235
Retention-Locking Protocol . . . . . . . . . . . . . . . . . . 236
Supported Data Access Protocols . . . . . . . . . . . . . . . . . 239
Enabling DD Retention Lock on the System . . . . . . . . . . 241
Enable DD Retention Lock Governance . . . . . . . . . . . 241
Enable DD Retention Lock Compliance . . . . . . . . . . . 244
Client-Side Retention Lock File Control . . . . . . . . . . . . . 245
Create a File and Set the Retention Time . . . . . . . 246
Extend the Retention Time . . . . . . . . . . . . . . . . 247
Identify a Retention-Locked File . . . . . . . . . . . . . 248
Specify a Directory and Touch Only Those Files . . . 249
Read a List of Files and Touch Only Those Files . . . 249
Delete or Expire a File . . . . . . . . . . . . . . . . . . . 249
DD OS 5.2 Administration Guide
13
Using ctime or mtime on Retention-Locked Files . . . 250
System Behavior with Retention Lock . . . . . . . . . . . . . . . 250
DD Retention Lock Governance. . . . . . . . . . . . . . . . . 250
Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Fastcopy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Filesys Destroy . . . . . . . . . . . . . . . . . . . . . . . . . 252
MTree Delete . . . . . . . . . . . . . . . . . . . . . . . . . . 252
DD Retention Lock Compliance . . . . . . . . . . . . . . . . . 253
Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Fastcopy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
CLI Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
System Clock . . . . . . . . . . . . . . . . . . . . . . . . . . 255
7 Working with MTrees . . . . . . . . . . . . . . . . . . . . 257
About MTrees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Monitoring MTree Usage . . . . . . . . . . . . . . . . . . . . . 258
About the MTree Overview Pane . . . . . . . . . . . . . . . . 258
About the Summary View . . . . . . . . . . . . . . . . . . . . 259
View Detail Information . . . . . . . . . . . . . . . . . . . 259
View MTree Replication Information . . . . . . . . . . . 261
View MTree Snapshot Information . . . . . . . . . . . . 262
View MTree Retention Lock Information . . . . . . . . 262
Enabling and Managing DD Retention Lock Settings . 263
About the Space Usage View . . . . . . . . . . . . . . . . . . 263
About the Daily Written View . . . . . . . . . . . . . . . . . . 264
Managing MTree Operations . . . . . . . . . . . . . . . . . . . . . 265
Create an MTree . . . . . . . . . . . . . . . . . . . . . . . . . . 266
14
Contents
Configure and Enable/Disable MTree Quotas . . . . . . . 267
Configure MTree Quotas . . . . . . . . . . . . . . . . . . 268
Delete an MTree. . . . . . . . . . . . . . . . . . . . . . . . . . 269
Undelete an MTree . . . . . . . . . . . . . . . . . . . . . . . . 269
Rename an MTree. . . . . . . . . . . . . . . . . . . . . . . . . 270
Replicating a DD System with Quotas to a System
Without Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . 270
8 Working with Snapshots . . . . . . . . . . . . . . . . . . 273
About Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Monitoring Snapshots and Their Schedules . . . . . . . . . . . 274
About the Snapshots View . . . . . . . . . . . . . . . . . . . 274
Snapshots Overview Pane . . . . . . . . . . . . . . . . . 275
Snapshots View . . . . . . . . . . . . . . . . . . . . . . . . 275
Schedules View . . . . . . . . . . . . . . . . . . . . . . . . 276
Managing Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Create a Snapshot . . . . . . . . . . . . . . . . . . . . . . . . 276
Modify a Snapshot Expiration Date . . . . . . . . . . . . . . 277
Rename a Snapshot. . . . . . . . . . . . . . . . . . . . . . . . 278
Expire a Snapshot . . . . . . . . . . . . . . . . . . . . . . . . . 278
Managing Snapshot Schedules . . . . . . . . . . . . . . . . . . . 279
Create a Snapshot Schedule . . . . . . . . . . . . . . . . . . 279
Modify a Snapshot Schedule . . . . . . . . . . . . . . . . . . 281
Delete a Snapshot Schedule . . . . . . . . . . . . . . . . . . 282
Recover Data from a Snapshot . . . . . . . . . . . . . . . . . . . 282
DD OS 5.2 Administration Guide
15
9 Data Access for CIFS . . . . . . . . . . . . . . . . . . . . 283
Performing CIFS Setup . . . . . . . . . . . . . . . . . . . . . . . . . 284
Prepare Clients for Access to Data Domain Systems . . . 284
Enable CIFS Services . . . . . . . . . . . . . . . . . . . . . . . . 285
Naming the CIFS Server . . . . . . . . . . . . . . . . . . . . . . 285
Change the NetBIOS Hostname . . . . . . . . . . . . . . . 286
Setting Authentication Parameters . . . . . . . . . . . . . . 286
Configure Authentication for Active Directory . . . . 286
Configure Authentication for Workgroups . . . . . . . 288
Configure Authentication for NT4 Mode . . . . . . . . . 288
Resetting the Authentication Mode to the Default
(Workgroup) . . . . . . . . . . . . . . . . . . . . . . . . 289
Specify a WINS Server . . . . . . . . . . . . . . . . . . . . 289
Restrict CIFS Interfaces . . . . . . . . . . . . . . . . . . . . . . 289
Set CIFS Options . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Disable CIFS Services . . . . . . . . . . . . . . . . . . . . . . . 290
Working with Shares . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Creating Shares on the Data Domain System . . . . . . . . 291
Modify a Share on a Data Domain System . . . . . . . . . . 293
Create a Share from an Existing Share . . . . . . . . . . . . 294
Disable a Share on a Data Domain System. . . . . . . . . . 294
Enable a Share on a Data Domain System . . . . . . . . . . 294
Delete a Share on a Data Domain System . . . . . . . . . . 294
Performing MMC Administration . . . . . . . . . . . . . . . . 295
Connect to a Data Domain System from a CIFS Client . . 295
Create a \data\col1\backup Subfolder as Read-Only . 296
Display CIFS Information . . . . . . . . . . . . . . . . . . . . . 297
16
Contents
Managing Access Control . . . . . . . . . . . . . . . . . . . . . . 297
Accessing Shares from a Windows Client . . . . . . . . . . 298
Provide Domain Users Administrative Access . . . . . . . 298
Allow Access from Trusted Domain Users . . . . . . . . . 298
Allow Administrative Access to a Data Domain System
for Domain Users . . . . . . . . . . . . . . . . . . . . . . . . . 299
Restrict Administrative Access from Windows . . . . . . 299
File Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
NT Access Control Lists . . . . . . . . . . . . . . . . . . . 300
Set DACL Permissions Using the Windows Explorer . 302
Set SACL Permissions Using the Windows Explorer . 303
View or Change the Current Owner Security ID
(Owner SID) . . . . . . . . . . . . . . . . . . . . . . . . 303
Monitoring CIFS Operation . . . . . . . . . . . . . . . . . . . . . 304
Display CIFS Status . . . . . . . . . . . . . . . . . . . . . . . . 304
Display CIFS Configuration . . . . . . . . . . . . . . . . . . . 305
Authentication Configuration . . . . . . . . . . . . . . . 305
Display Share Information . . . . . . . . . . . . . . . . . . . 306
Viewing Configured Shares . . . . . . . . . . . . . . . . . 306
Viewing Detailed Share Information . . . . . . . . . . . 307
Display CIFS Statistics . . . . . . . . . . . . . . . . . . . . . . 308
Performing CIFS Troubleshooting . . . . . . . . . . . . . . . . . 308
Display Clients Current Activity . . . . . . . . . . . . . . . . 308
Set the Maximum Open Files on a Connection . . . . . . 309
Data Domain System Clock . . . . . . . . . . . . . . . . . . . 309
Synchronize from a Windows Domain Controller . . . . . 310
Synchronize from an NTP Server . . . . . . . . . . . . . . . 310
DD OS 5.2 Administration Guide
17
10 Data Access for NFS . . . . . . . . . . . . . . . . . . . . . 311
Managing NFS Client Access to the Data Domain System. . . 312
Enable NFS Services . . . . . . . . . . . . . . . . . . . . . . . . 312
Disable NFS Services . . . . . . . . . . . . . . . . . . . . . . . . 313
Create an Export . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Modify an Export . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Create an Export from an Existing Export . . . . . . . . . . 316
Delete an Export . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Displaying NFS Information. . . . . . . . . . . . . . . . . . . . . . 317
View NFS Status. . . . . . . . . . . . . . . . . . . . . . . . . . . 317
View NFS Exports . . . . . . . . . . . . . . . . . . . . . . . . . . 317
View Active NFS Clients . . . . . . . . . . . . . . . . . . . . . 318
11 Data Access for DD Boost . . . . . . . . . . . . . . . . . 319
About Data Domain DD Boost Software . . . . . . . . . . . . . . 319
Working with DD Boost . . . . . . . . . . . . . . . . . . . . . . . . 320
Set or Modify a DD Boost User Name . . . . . . . . . . . . . 321
Enable DD Boost . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Disable DD Boost . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Create a Storage Unit . . . . . . . . . . . . . . . . . . . . . . . 323
Delete a Storage Unit . . . . . . . . . . . . . . . . . . . . . . . 324
Clear DD Boost Statistics . . . . . . . . . . . . . . . . . . . . . 324
DD Boost Options . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Distributed Segment Processing . . . . . . . . . . . . . . 325
Low Bandwidth Optimization . . . . . . . . . . . . . . . . 326
File Replication Encryption . . . . . . . . . . . . . . . . . 326
18
Contents
Virtual Synthetics . . . . . . . . . . . . . . . . . . . . . . 326
About Interface Groups . . . . . . . . . . . . . . . . . . . . . 327
Create Interface Groups . . . . . . . . . . . . . . . . . . . . 328
Delete an Interface Group . . . . . . . . . . . . . . . . . 329
Enable/Disable an Interface Group . . . . . . . . . . . 329
Modify an Interface Group’s Name/Interfaces . . . . 330
Delete a Client from the Interface Group . . . . . . . 330
Modify a Client’s Name or Interface Group . . . . . . 330
Destroy DD Boost . . . . . . . . . . . . . . . . . . . . . . . . . 331
Monitoring DD Boost . . . . . . . . . . . . . . . . . . . . . . . . . 331
About the DD Boost Tabs . . . . . . . . . . . . . . . . . . . . 331
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Set Up Media Servers . . . . . . . . . . . . . . . . . . . . 332
Checking Activities . . . . . . . . . . . . . . . . . . . . . . 333
Checking Interface Groups and Clients . . . . . . . . . . . 335
Checking Storage Units . . . . . . . . . . . . . . . . . . . 335
Checking File Replication Stats . . . . . . . . . . . . . . 337
Checking DD Boost Statistics . . . . . . . . . . . . . . . 338
12 Working with VTL . . . . . . . . . . . . . . . . . . . . . . . 339
About the Virtual Tape Library (VTL) Feature . . . . . . . . . 339
Planning a Virtual Tape Library . . . . . . . . . . . . . . . . . . 341
Number of Supported Tape Drives and Data Streams . . 342
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
About Tape Barcodes . . . . . . . . . . . . . . . . . . . . . . 343
About the Enterprise Manager VTL Interface . . . . . . . . . 345
Setting Up a Virtual Tape Library . . . . . . . . . . . . . . . . . 346
DD OS 5.2 Administration Guide
19
Working with the VTL Service Operations . . . . . . . . . . . . 346
View the VTL Service Informational Pane . . . . . . . . 347
Enable VTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Disable VTL . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Configure VTL Options . . . . . . . . . . . . . . . . . . . . 349
Working with Libraries . . . . . . . . . . . . . . . . . . . . . . 350
View the Libraries Informational Pane . . . . . . . . . . 351
Create a Library . . . . . . . . . . . . . . . . . . . . . . . . 351
Delete a Library . . . . . . . . . . . . . . . . . . . . . . . . 352
Working with a Library . . . . . . . . . . . . . . . . . . . . . . 353
View the Library Informational Pane . . . . . . . . . . . 353
Viewing Changer Information . . . . . . . . . . . . . . . . . . 354
Working with Tape Drives . . . . . . . . . . . . . . . . . . . . 355
View Drives Information . . . . . . . . . . . . . . . . . . . 356
Create Tape Drives . . . . . . . . . . . . . . . . . . . . . . 356
Remove Tape Drives . . . . . . . . . . . . . . . . . . . . . 357
Migrating from LTO-1 to LTO-2 or LTO-3 Type Tapes 358
Access LTO Migration Guides . . . . . . . . . . . . . . . . 358
Working with Tapes . . . . . . . . . . . . . . . . . . . . . . . . 358
View Tape Information . . . . . . . . . . . . . . . . . . . . 359
Import Tapes . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Export Tapes . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Move Tapes . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Search for Tapes . . . . . . . . . . . . . . . . . . . . . . . . 366
Change Read, Write, or Retention Lock State . . . . . . . 367
Create Tapes . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Delete Tapes . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Copy Tapes Between Pools . . . . . . . . . . . . . . . . . 369
20
Contents
Working with Tape Slots and CAPs . . . . . . . . . . . . . . 371
Add Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Delete Slots . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Add CAPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Delete CAPs . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Working with the Vault . . . . . . . . . . . . . . . . . . . . . 373
View Vault Information . . . . . . . . . . . . . . . . . . . 373
Working with a Vault Pools . . . . . . . . . . . . . . . . . . . 374
View Vault Pool Information . . . . . . . . . . . . . . . 374
Working with Access Groups . . . . . . . . . . . . . . . . . . . . 375
View Access Groups Information . . . . . . . . . . . . . 376
Working with an Access Group . . . . . . . . . . . . . . . . 376
View Access Group Information . . . . . . . . . . . . . 376
Configure an Access Group . . . . . . . . . . . . . . . . 377
Delete an Access Group . . . . . . . . . . . . . . . . . . 382
Configure the NDMP Device TapeServer Group . . . . 382
Configure HBA Ports for an Access Group . . . . . . . 385
Working with Physical Resources . . . . . . . . . . . . . . . . . 386
Working with Initiators . . . . . . . . . . . . . . . . . . . . . 386
View Initiators Information . . . . . . . . . . . . . . . . 387
Set Initiators Alias . . . . . . . . . . . . . . . . . . . . . . 388
Working with an Initiator . . . . . . . . . . . . . . . . . . . . 388
View Initiator Information . . . . . . . . . . . . . . . . . 389
Reset an Initiator Alias . . . . . . . . . . . . . . . . . . . 389
Rename an Initiator Alias . . . . . . . . . . . . . . . . . 389
Set a Group for an Initiator . . . . . . . . . . . . . . . . 389
Delete an Initiator . . . . . . . . . . . . . . . . . . . . . . 390
DD OS 5.2 Administration Guide
21
Working with HBA Ports . . . . . . . . . . . . . . . . . . . . . 390
View HBA Ports Information . . . . . . . . . . . . . . . . 390
Enable HBA Ports . . . . . . . . . . . . . . . . . . . . . . . 392
Disable HBA Ports . . . . . . . . . . . . . . . . . . . . . . . 392
Working with an HBA Port . . . . . . . . . . . . . . . . . . . . 392
View HBA Port Information . . . . . . . . . . . . . . . . . 393
Working with Storage Pools . . . . . . . . . . . . . . . . . . . . . 395
View Pools Information . . . . . . . . . . . . . . . . . . . . 396
Create Storage Pools . . . . . . . . . . . . . . . . . . . . . 397
Convert Directory Pool to MTree Pool . . . . . . . . . . 398
Rename Storage Pools . . . . . . . . . . . . . . . . . . . . 400
Delete Storage Pools . . . . . . . . . . . . . . . . . . . . . 400
Replicate VTL Pools . . . . . . . . . . . . . . . . . . . . . . 401
Working with a Storage Pool . . . . . . . . . . . . . . . . . . 401
13 Working with Replication . . . . . . . . . . . . . . . . . 403
About Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
The Replication Types . . . . . . . . . . . . . . . . . . . . . . . . . 405
Collection Replication. . . . . . . . . . . . . . . . . . . . . . . 406
Directory Replication . . . . . . . . . . . . . . . . . . . . . . . 406
MTree Replication . . . . . . . . . . . . . . . . . . . . . . . . . 407
Supported Replication Topologies . . . . . . . . . . . . . . . . . 407
One-to-One Replication . . . . . . . . . . . . . . . . . . . 407
Bi-Directional Replication . . . . . . . . . . . . . . . . . . 408
One-to-Many Replication . . . . . . . . . . . . . . . . . . 408
Many-to-One Replication . . . . . . . . . . . . . . . . . . 409
Cascaded Replication . . . . . . . . . . . . . . . . . . . . . 410
Using Encryption of Data at Rest with Replication . . . . . . 411
22
Contents
Encryption on the Wire . . . . . . . . . . . . . . . . . . . . . . . 412
Low-Bandwidth Optimization . . . . . . . . . . . . . . . . . . . 412
Bandwidth Delay Settings . . . . . . . . . . . . . . . . . . . . . . 413
About the Replication View. . . . . . . . . . . . . . . . . . . . . 413
Replication Status. . . . . . . . . . . . . . . . . . . . . . . . . 414
Summary View . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Detailed Information . . . . . . . . . . . . . . . . . . . . 416
Topology View . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Performance View . . . . . . . . . . . . . . . . . . . . . . . . 418
Advanced Settings View . . . . . . . . . . . . . . . . . . . . . 419
Throttle Settings . . . . . . . . . . . . . . . . . . . . . . . 419
Network Settings . . . . . . . . . . . . . . . . . . . . . . . 419
Preparing to Configure Replication . . . . . . . . . . . . . . . . 420
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Configuring Replication . . . . . . . . . . . . . . . . . . . . . . . 421
Create a Replication Pair . . . . . . . . . . . . . . . . . . . . 421
Create a Collection Replication Pair . . . . . . . . . . 422
Create a Directory, MTree, or Pool Replication Pair 422
Enable and Disable Replication Pair . . . . . . . . . . . . . 425
Delete a Replication Pair . . . . . . . . . . . . . . . . . . . . 426
Convert a Directory Replication Pair to an MTree . . . . 426
Change Host Connection Settings. . . . . . . . . . . . . . . 427
Configuring Low Bandwidth Optimization . . . . . . . 427
Configuring Encryption Over Wire . . . . . . . . . . . . 428
Configuring a Non-Default Connection Port . . . . . . 428
Managing Bandwidth with Throttling . . . . . . . . . . . . 428
DD OS 5.2 Administration Guide
23
Add Throttle Settings . . . . . . . . . . . . . . . . . . . . . 429
Delete Throttle Settings . . . . . . . . . . . . . . . . . . . 429
Temporarily Override a Throttle Setting . . . . . . . . 430
Working with Low Bandwidth Optimization . . . . . . . . . 430
Change the Network Settings . . . . . . . . . . . . . . . . . . 431
Change the Global Network Settings . . . . . . . . . . . 431
Change the Global Listen Port . . . . . . . . . . . . . . . 432
Resynchronize Data in a Replication Pair . . . . . . . . . . . . 432
Resync a Directory, MTree, or Pool Replication Pair . . . 432
Convert from a Directory to an MTree Replication
Pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Abort a Resync of a Directory Replication Pair . . . . 434
Recover Data from Replication Pair . . . . . . . . . . . . . . . . 434
Recover Directory Pool Data . . . . . . . . . . . . . . . . . . 434
Recover Collection Replication Pair Data . . . . . . . . . . 435
Recover Directory Replication Pair Data . . . . . . . . . . . 435
Abort a Replication Pair Recover . . . . . . . . . . . . . . . 436
Replication Seeding . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Monitoring Replication . . . . . . . . . . . . . . . . . . . . . . . . 437
Checking Replication Status . . . . . . . . . . . . . . . . . . . 437
Check Replication Pair Status . . . . . . . . . . . . . . . 437
Track Status of a Backup Job's Replication Progress . 437
Track Status of a Replication Process . . . . . . . . . . 438
Check the Performance of a Replication Context . . 438
24
Contents
About This Guide
This guide explains how to manage the Data Domain® system
with an emphasis on procedures using the Data Domain
Enterprise Manager (EM), the browser-based graphical user
interface (GUI). If an important administrative task is not
supported from the Enterprise Manager, the Command Line
Interface (CLI) commands are described.
Note: In some cases, for an Enterprise Manager feature, the CLI
command may offer more options than those that are offered by
the Enterprise Manager. Refer to the DD OS 5.2 Command Reference
Guide for a complete description of the command and its options.
This chapter includes descriptions of the individual chapters,
related documentation, conventions, and audience, as well as
contact information.
Audience
This guide is for system administrators who are familiar with
standard backup software packages and general backup
administration.
Related Documents
The following Data Domain system documents provide additional
information:
•
Data Domain Operating System Release Notes, Version 5.2.x
•
DD OS 5.2 Initial Configuration Guide
•
DD OS 5.2 Command Quick Reference
•
DD OS 5.2 Command Reference Guide
DD OS 5.2 Administration Guide
25
•
Data Domain Hardware Guide
Data Domain Expansion Shelf Hardware Guide
(for shelf model ES20 or ES30)
•
Data Domain Extended Retention Administration Guide
•
Data Domain Boost for OpenStorage Administration Guide
•
The Data Domain system installation and setup guides for each
of the supported platforms (for example DD990, DD880, and so
forth).
If you have the optional Key Manager feature, see the latest
version of the RSA Data Protection Manager Server Administrator's
Guide, available with the RSA Key Manager product.
Conventions
The following table describes the typographical conventions used
in this guide.
Typeface or
Symbol
Usage
Examples
Monospace
Commands, command
options, and parameters
and computer output.
Use the config command to
manage the Data Domain
system configuration
settings.
Monospace
bold
Commands the user types at
the command prompt (#).
Enter:
# config setup
Monospace
italic bold
Command variables the user
types at the command prompt
(#).
# log view file_name
Italic
Book titles, and variables.
Refer to the DD OS 5.2
Command Reference Guide for
complete descriptions of DD
OS commands.
Pipe (|) and
curly braces
({})
Choose (pipe) between a
required argument (curly
braces) in the CLI.
{arg1 | arg2}
26
About This Guide
Typeface or
Symbol
Usage
Examples
Brackets ([])
and ellipses
(...)
One or more (list with
commas and ellipses)
optional (bracket)
arguments in the CLI.
[arg1, arg2, ...]
Contacting Data Domain
To resolve issues with Data Domain products, contact your
contracted support provider or visit us online at
https://my.datadomain.com.
DD OS 5.2 Administration Guide
27
28
About This Guide
1 Introducing the Data Domain
System
This chapter includes the following sections:
•
Data Domain Systems on page 29
•
Data Domain System Features on page 30
•
How Data Domain Systems Integrate into the Storage Environment
on page 35
Data Domain Systems
Data Domain systems are disk-based deduplication appliances
and gateways that provide data protection and disaster recovery
(DR) in the enterprise environment.
All Data Domain systems run the Data Domain operating system
(DD OS), which provides both a command line interface (CLI) for
performing all system operations, and the Enterprise Manager (a
graphical user interface, or GUI) for configuration operations,
management, and monitoring.
Data Domain systems are:
•
A range of appliances that vary in storage capacity and data
throughput.
•
Configurable with expansion shelves that add storage space.
•
Global Deduplication Array (GDA) systems which combine
two Data Domain systems into one global deduplication pool.
•
Gateway systems that store all data on qualified third-party
storage arrays through a Fibre Channel interface.
DD OS 5.2 Administration Guide
29
See the list of qualified arrays in the Storage Array Compatibility
List at https://my.datadomain.com/documentation >
Compatibility Matricies > Data Domain Storage Array Compatibility
List.
Data Domain System Features
The following sections describe how Data Domain systems ensure
data integrity and provide multiple levels of data compression,
reliable restorations, data replication, and multipath
configurations.
•
Data Integrity on page 30
•
Data Compression on page 31
•
Restore Operations on page 32
•
Data Domain Replicator on page 32
•
Multipath and Load Balancing on page 33
•
System Access on page 33
•
Licensed Features on page 34
Data Integrity
The DD OS Data Invulnerability Architecture™ protects against
data loss from hardware and software failures.
30
•
When writing to disk, the DD OS creates and stores checksums
and self-describing metadata for all data received. After
writing the data to disk, the DD OS then recomputes and
verifies the checksums and metadata.
•
An append-only write policy guards against overwriting valid
data.
•
After a backup completes, a validation process looks at what
was written to disk to see that all file segments are logically
correct within the file system and that the data is the same on
the disk as it was before being written to disk.
Introducing the Data Domain System
•
In the background, the online verify operation continuously
checks that data on the disks is correct and unchanged since
the earlier validation process.
•
Storage in most Data Domain systems is set up in a double
parity RAID 6 configuration (two parity drives). Additionally
most configurations include a hot spare in each enclosure,
except the DD1xx and DD400 series systems, which have eight
disks. Each parity stripe has block checksums to ensure that
data is correct. The checksums are constantly used during the
online verify operation and when data is read from the Data
Domain system. With double parity, the system can fix
simultaneous errors on up to two disks.
•
To keep data synchronized during a hardware or power
failure, the Data Domain system uses NVRAM (non-volatile
RAM) to track outstanding I/O operations. An NVRAM card
with fully-charged batteries (the typical state) can retain data
for a minimum of 48 hours.
•
When reading data back on a restore operation, the DD OS
uses multiple layers of consistency checks to verify that
restored data is correct.
Data Compression
DD OS stores only unique data. Through Global Compression, a
Data Domain system eliminates redundant data from each backup
image and only stores unique data.
Any duplicate data are stored only once. The storage of unique
data is invisible to backup software.
DD OS data compression is independent of data format. Data can
be structured, such as databases, or unstructured, such as text files.
Data can be from file systems or raw volumes.
Typical compression ratios are 20:1 on average over many weeks.
This assumes weekly full and daily incremental backups. A
backup that includes many duplicate or similar files (files copied
several times with minor changes) benefits the most from
compression.
DD OS 5.2 Administration Guide
31
Depending on backup volume, size, retention period, and rate of
change, the amount of compression can vary. The best
compression happens with backup volume sizes of at least 10 MiB
(the base 2 equivalent of MB).
To take full advantage of multiple Data Domain systems, a site that
has more than one Data Domain system should consistently
backup the same client system or set of data to the same Data
Domain system. For example, if a full back up of all sales data goes
to Data Domain system A, the incremental backups and future full
backups for sales data should also go to Data Domain system A.
Restore Operations
With disk backup through the Data Domain system, incremental
backups are always reliable and can be easily accessed.
Furthermore, with a Data Domain system, you can perform full
backups more frequently without the penalty of storing redundant
data. With tape backups, a restore operation may rely on multiple
tapes holding incremental backups. Also, the more incremental
backups a site has on multiple tapes, the more time-consuming
and risky the restore process. One bad tape can kill the restore.
From a Data Domain system, file restores create little or no
contention with backup or other restore operations. Unlike tape
drive backups, multiple processes can access a Data Domain
system simultaneously. A Data Domain system allows your site to
offer safe, user-driven, single-file restore operations.
Data Domain Replicator
The Data Domain Replicator sets up and manages the replication
of backup data between two Data Domain systems. After
replication is started, the source Data Domain system
automatically sends any new backup data to the destination Data
Domain system.
A Replicator pair deals with either a complete data set or a
directory from a source Data Domain system that is sent to a
destination Data Domain system. An individual Data Domain
system can be a part of multiple replication pairs and can serve as a
source for one or more pairs and a destination for one or more
pairs.
32
Introducing the Data Domain System
Multipath and Load Balancing
Multipath configuration and load balancing is supported on Data
Domain systems that have at least two HBA ports. In a multipath
configuration on a Data Domain system, each of two HBA ports on
the system is connected to a separate port on the backup server. On
a Data Domain gateway, each of two HBA ports are connected to a
separate port on the array that the gateway uses as a backup
destination. For more on multipath configuration, see the DD OS
5.2 Initial Configuration Guide and the DD OS 5.2 Command
Reference Guide.
System Access
The DD OS provides the following ways to access the system for
configuration and management:
•
CLI—A Data Domain system has a complete command set
available to users in a command line interface. Commands
perform initial system configuration and changes to individual
system settings as well as display system and operation status.
The command line interface is available through a serial
console or a keyboard and monitor attached directly to the
Data Domain system, or through Ethernet connections using
SSH or Telnet.
•
Enterprise Manager—A browser-based graphical user
interface, the Enterprise Manager (EM) is available through
Ethernet connections. Use the Enterprise Manager to perform
initial system configuration, make configuration changes after
initial configuration, display system and component status,
and generate reports and charts. The Enterprise Manager also
provides centralized management for one or multiple Data
Domain systems.
DD OS 5.2 Administration Guide
33
Licensed Features
A license is required to operate each of the following features on a
Data Domain system.
Table 1-1: Features Requiring Licenses
34
Feature/License Name
Description
DD Boost
Allows a system to use the Boost interface
on a Data Domain system.
Replication
Adds the Data Domain Replicator for
replication of data from one Data Domain
system to another.
Retention Lock
Governance
This software feature protects selected
files from modification and premature
deletion, that is, deletion before a
specified retention period has expired.
Retention Lock
Compliance
This software feature allows you to
meet the strictest data retention
requirements from regulatory standards
such as SEC17a-4.
VTL (Virtual Tape
Library)
Allows backup software to see a Data
Domain system as a tape library.
Encryption of Data at
Rest
Allows data on system drives or external
storage to be encrypted while being saved,
and then locked before moving to another
location.
Expansion Storage
Allows the upgrade of capacity for the Data
Domain system. Enables either the upgrade
of a 9-disk DD510/DD530 to 15 disks, or the
upgrade of a 7-disk DD610/DD630 to 12
disks.
Shelf Capacity
Allows ES30 and ES20 (purchased for use
with DD OS 5.1) external shelves to be
added to the Data Domain system for
additional capacity.
Gateway Expanded
Storage Level 2
Enables gateway systems to support up to
71 TB of usable capacity.
Introducing the Data Domain System
Table 1-1: Features Requiring Licenses
Feature/License Name
Description
Gateway Expanded
Storage Level 3
Enables gateway systems to support up to
145 TB of usable capacity.
DD Extended Retention
(formerly DD Archiver)
Long-term backup retention on the DD860
and DD990 platforms.
Global Deduplication
Licenses the global deduplication array.
Nearline
Identifies systems that are deployed for
archive and nearline workloads.
Contact your Data Domain representative to purchase licensed
features.
See Managing System Licenses on page 58 for instructions on
viewing and installing licenses.
How Data Domain Systems Integrate into the
Storage Environment
Data Domain systems integrate easily into existing data centers:
•
All Data Domain systems can be configured as storage
destinations for leading backup and archiving applications
using NFS, CIFS, Boost, or VTL protocols.
•
Consult the compatibility matrices at
https://my.datadomain.com for information the applications
that work with the different configurations.
•
The Data Domain gateway series uses external disk arrays for
storage. Data Domain gateways work with Data Domain
arrays and are also qualified with storage systems from several
leading enterprise storage providers.
•
Multiple backup servers can share one Data Domain system.
•
One Data Domain system can handle multiple simultaneous
backup and restore operations.
•
Multiple Data Domain systems can be connected to one or
more backup servers.
DD OS 5.2 Administration Guide
35
For use as a backup destination, a Data Domain system can be
configured either as a disk storage unit with a file system that is
accessed through an Ethernet connection or as a virtual tape
library (VTL) that is accessed through a Fibre Channel connection.
The VTL feature enables Data Domain systems to be integrated
into environments where backup software is already configured
for tape backups, minimizing disruption.
The configuration is performed both in the DD OS, as described in
the relevant sections of this guide, and in the backup application,
as described in the backup application’s administrator guides and
in Data Domain application-related guides and tech notes.
36
•
All backup applications can access a Data Domain system as
either an NFS or a CIFS file system on the Data Domain disk
device.
•
The Symantec Veritas NetBackup (NBU), Backup Exec, and
EMC NetWorker application work with a Data Domain system
using DD Boost interface.
Introducing the Data Domain System
The following figure shows a Data Domain system integrated into
an existing basic backup configuration.
Figure 1-1: Data Domain System Integrated in a Storage Environment
Referring to Figure 1-1, data flows to a Data Domain system
through an Ethernet or Fibre Channel connection. Immediately,
the data verification processes begin and are continued while the
data is on the Data Domain system. In the file system, the DD OS
Global Compression™ algorithms dedupe and compress the data
for storage. Data is then sent to the disk RAID subsystem. When a
restore operation is required, data is retrieved from Data Domain
storage, decompressed, verified for consistency, and transferred
via Ethernet to the backup servers using Ethernet (NFS, CIFS, DD
Boost) or using Fiber Channel (VTL).
DD OS 5.2 Administration Guide
37
Backup Software Requirements
This section provides information needed to set up a Data Domain
system as a storage destination for an application. It includes:
•
Application Compatibility Matrices and Integration Guides on
page 38
•
View Data Domain Application-Related Documents on page 39
•
Generic Application Configuration Guidelines on page 39
Application Compatibility Matrices and Integration Guides
The Data Domain support Web site provides compatibility
matrices and integration documents on how to integrate Data
Domain systems as storage destinations with qualified backup
applications. Integration is generally easy and straightforward.
The integration guides provide specific parameters and limitations
that must be understood and followed for the applications to be
able to work with Data Domain systems.
The Documentation page at
https://my.datadomain.com/documentation provides links to two
categories of documents.
•
•
38
The Compatibility Matrices area contains matrices describing the
backup applications that are qualified for use with Data
Domain systems as well as compatibility with the following
components:
•
Data Domain hardware product numbers
•
Data Domain operating system (DD OS) versions
•
Backup server and client operating system versions
•
Application software versions
•
Hardware driver versions
The Integration Documentation area displays a page with a dropdown list of backup software vendors. A page for each vendor
lists integration guides, application introductions, and tech
notes with application-specific integration guidelines.
Introducing the Data Domain System
View Data Domain Application-Related Documents
1. Log in to the Data Domain Support portal at
https://my.datadomain.com/documentation.
2. To view integration-related documents:
a. Click Integration Documentation.
b. Select the vendor of the backup application from the
Vendor menu.
For example, to find Symantec VERITAS NetBackup
guides, select Symantec. A list of related guides appears.
c. Select the desired title from the list and click View.
3. To view compatibility matrices, perform the following steps.
a. Click Compatibility Matrices.
b. Select the desired title from the product menu and click
View.
Generic Application Configuration Guidelines
The DD OS accommodates relatively large streams of sequential
data from backup software and is optimized for high throughput,
continuous data verification, and high compression. It also
accommodates the large numbers of smaller files in nearline
storage.
Data Domain system performance is best when storing data from
applications that are not specifically backup software when:
•
Data is sent to the Data Domain system as sequential writes (no
overwrites).
•
No compression or encryption is used before sending the data
to the Data Domain.
DD OS 5.2 Administration Guide
39
40
Introducing the Data Domain System
2
Getting Started
This chapter describes how to log in to the Data Domain system
and start using the Enterprise Manager and CLI.
This chapter describes the following topics:
•
Interacting with the System on page 41
•
Using the Enterprise Manager on page 42
•
Using the EM Configuration Wizard on page 48
•
Using the CLI on page 48
Interacting with the System
The Data Domain Enterprise Manager is a browser-based graphical
user interface, available through Ethernet connections, for
managing up to 20 Data Domain systems (depending on the
model) at any location. The Enterprise Manager provides a single,
consolidated management interface that allows for configuration
and monitoring of many system features and system settings.
The Enterprise Manager provides real-time graphs and tables that
allow you to monitor the status of system hardware components
and configured features.
Additionally, a command set that performs all system functions is
available to users at the Command Line Interface (CLI). Commands
configure system settings and provide displays of system
hardware status, feature configuration, and operation.
The command line interface is available through a serial console
when a keyboard and monitor are directly attached to the Data
Domain system, or remotely through an Ethernet connection using
SSH or Telnet.
DD OS 5.2 Administration Guide
41
Using the Enterprise Manager
This section describes how to log in to the Enterprise Manager and
describes the GUI elements. It includes:
•
Log In and Out of the Enterprise Manager on page 42
•
About the Enterprise Manager Interface on page 43
Log In and Out of the Enterprise Manager
1. Open a Web browser and enter the IP address or hostname to
connect to the management system. It must be:
•
A fully qualified domain name (for example,
http://dd01.datadomain.com)
•
A hostname (http://dd01)
•
An IP address (http://10.5.50.5)
Notes:
42
•
For a secure login, use https with an authorized certificate
instead of http. When https is used, the browser warns if the
certificate is not authorized.
•
The Enterprise Manager uses HTTP port 80 and HTTPS port
443. If your Data Domain system is behind a firewall, you may
need to enable port 80 if using HTTP or port 443 if using
HTTPS to reach the system. The port numbers can be easily
changed if security requirements dictate.
•
At the login dialog box, enter the login name and password
(assigned during the initial configuration. See the DD OS 5.2
Initial Configuration Guide for details).
•
Click Login. The Enterprise Manager Summary screen appears.
For details on this screen, see DD Network Summary View on
page 43.
•
To log out, click the Log Out link in the top pane.
•
For added security, you can use HTTPS by clicking the option
“Login using enhanced security” on the log in dialog box. This
may generate warnings by browsers if security certificates
need updated.
Getting Started
Clear the Browser Cache
Sometimes the information in the browser cache may override
real-time information in the system. To flush the browser cache:
•
In Firefox, go to Tools > Clear Private Data > Check Cache and
Clear then refresh the page.
•
In Internet Explorer, go to Tools > Internet Options. Click
Delete Files.
About the Enterprise Manager Interface
This section describes the main views of the Enterprise Manager
and its components. The following topics are included in this
sections
•
DD Network Summary View on page 43
•
Single System View on page 44
•
Navigational Pane on page 45
•
Masthead on page 45
•
Informational Pane on page 46
•
•
Tab Bar on page 46
•
More Tasks Menu on page 47
•
Help Buttons and Menus on page 47
View End User License Agreement (EULA) on page 47
DD Network Summary View
After you complete the login to the Enterprise Manager, the DD
Network Summary view appears (see Figure 2-1). This page
presents a status overview of all managed systems in the DD
Network devices list and summarizes key operating information.
A tally of alerts and charts of disk space allow problems to be
spotted quickly. See the section Monitoring with the DD Network
Summary on page 149 for more information about this view.
Clicking the plus sign ( + ) next to the DD Network icon exposes
the systems being managed by the Enterprise Manager.
DD OS 5.2 Administration Guide
43
Note: Systems configured for the Global Deduplication Array
feature also display in this view. See the DD OS 5.1 Global
Deduplication Array Administration Guide for details.
Single System View
After the DD Network entry has been opened (see above), clicking
on a managed system in the Navigational pane displays the Status
> Summary view. The Summary page displays important status
data about the selected system.
This page exposes a full set of tabs on the Menu bar that provide
the tools for configuring and monitoring the selected system. For
more information on understanding this view, see Monitoring a
Single System on page 152.
EM Page Elements
The following sections describe the elements on the Enterprise
Manager pages in detail.
Navigational Pane
Informational Pane
Masthead
Figure 2-1: Enterprise Manager Page Components
44
Getting Started
Navigational Pane
The Navigational pane, always visible on the left edge of the page,
displays a hierarchal tree of Data Domain systems managed by the
Enterprise Manager as well as the Reports and Task Log buttons.
•
Clicking the top-level DD Network icon displays the global
Summary page.
•
Clicking the Add and Remove icons adds and removes system
managed by the Enterprise Manager. See Add a Data Domain
System to the Enterprise Manager on page 53 and Remove a DD
System from the Enterprise Manager on page 54 for details.
•
Expanding the DD Network and clicking a system in the tree
opens the Status > Summary page, where tabs allow detailed
configuration and monitoring for the selected Data Domain
system.
•
Clicking the Reports button opens a report generator tool and
provides access to saved reports for the selected Data Domain
system. Reports for file system and replication usage statistics
can be generated. See Working with Reports on page 170 for
more information.
•
Clicking the Task Log shows a history of tasks that have been
performed on the Data Domain system you are logged into.
Viewing the Task Log on page 178 for more information.
Masthead
The masthead appears at the top of all pages in the Enterprise
Manager. Starting from the right edge and moving left, it includes:
•
User name—the current logged in user.
•
Log Out icon—click to log out of the current session.
•
Refresh icon—click to refresh the Enterprise Manager display.
•
Help icon—click to view the top-level online help. See Help
Buttons and Menus on page 47 for details.
DD OS 5.2 Administration Guide
45
Informational Pane
The Informational pane displays information about the selected
item in the Navigational pane (either the DD Network or an
individual system). The content may be one or many smaller
panes, depending on the type of view.
At the top of the Informational pane is a bar containing important
information about the system or group selected in the
Navigational pane.
Information includes the full system name, uptime, model
number, and Data Domain operating system (DD OS) version
number.
Tab Bar
When a single system is selected in the Navigational pane, the Tab
bar appears. It contains tabs that provide access to the
configuration and monitoring tools for the system. Many of the
these tabs have their own set of tabs. The top-level set of tabs are:
•
Status—displays important information about the system.
Subtabs include Summary, Alerts, Active Users, and Stats.
•
Data Management—contains subtabs for File System, MTree,
Quota, Snapshots, CIFS, NFS, VTL, and DD Boost.
•
Replication—provides data replication monitoring and
management tools.
•
Hardware—provides tabs for monitoring health and statistics
of hardware for Storage, Network, and Chassis.
•
System Settings—provides tabs for Licenses, Access
Management, and General Configuration.
•
Maintenance—provides tabs for System, Support, Logs and
IPMI.
Working with Table View Options
Many of the views with tables of items contain controls for
filtering, navigating and sorting the information in the table.
46
Getting Started
Some common table controls are:
•
Click the diamond icon in a column heading to reverse the sort
order of items in the column.
•
Click the < and > arrows at the bottom right of the view to
move forward or backward through the pages. To skip to the
beginning of the sequence of pages, click<< and to skip to the
end, click >>.
•
You can use the scroll bar to view all items in a table.
•
Enter text in the Filter By: text box to search for or prioritize the
listing of those items.
•
Click Update to refresh the list.
•
Click Reset to return to the default listing.
More Tasks Menu
Some pages have a More Tasks drop-down list at the top of the
view that contains tasks related to the configuration and
management of the current view.
Help Buttons and Menus
Help is available globally and from individual panes:
•
Help icon—This icon is always visible on the right side of the
Masthead pane. Click to display online help, which is derived
from this guide.
The Help window includes navigation icons that show the
guide contents, index, favorites, search field, and an option to
send to printer. Use the directional arrows to page through the
sections of the book.
•
Context-sensitive help—Most windows and individual views
have a Help icon (?). Click the icon to open detailed online help
for the current window. The tools described in the Help icon
above are also available.
View End User License Agreement (EULA)
To view the End User License Agreement at any time, choose
EULA from the More Tasks menu on the Maintenance page.
DD OS 5.2 Administration Guide
47
Using the EM Configuration Wizard
The EM Configuration Wizard allows you to initial configure the
Data Domain system using the Enterprise Manager. See the DD OS
5.2 Initial Configuration Guide for more information.
Using the CLI
The DD OS 5.2 Command Reference Guide provides information for
using the commands to accomplish specific administration tasks.
Each command also has an online help page that gives the
complete command syntax. Help pages are available at the CLI
using the help command.
Any Data Domain system command that accepts a list (such as a
list of IP addresses) accepts entries separated by commas, by
spaces, or both.
The Tab key can be used:
•
to complete a command entry when that entry is unique. Tab
completion is supported for all keywords. For example,
entering syst<Tab> sh<Tab> st<Tab> displays the command
system show stats.
•
to show next available option (if no characters are entered
before pressing the Tab key)
•
to show all the partial matched tokens or completes the entry if
it is unique (when characters are entered before pressing the
Tab key)
Log In to the System Using the CLI
After initial configuration, use the SSH or Telnet (if enabled)
utilities to access the system remotely and open the CLI.
48
•
From a serial console, use the communication settings 9600
baud, 8 data bits, no parity, and 1 stop bit.
•
From a directly attached keyboard and monitor, log in to the
Data Domain system at the login prompt.
Getting Started
•
From a remote machine over an Ethernet connection, use SSH
or Telnet to connect to the Data Domain system:
•
For SSH, use the following command (with the hostname
you chose for the Data Domain system at initial
configuration) and provide the sysadmin password.
# ssh -l sysadmin hostname
Data Domain OS 5.1.0.0-19899
Password:
Find Online Help for Commands
There are several ways to find help for commands:
•
To list Data Domain system commands, enter a question mark
(?) or the command help at the prompt.
•
To list the options for a particular command, enter the
command with no options at the prompt.
•
To find a keyword used in a command option when you do not
remember which command to use, enter a question mark (?) or
the help command followed by the keyword.
For example, the question mark followed by the keyword
password displays all Data Domain system command options
that include password. If the keyword matches a command,
such as net, then the command explanation appears.
•
To display a detailed explanation of a particular command,
enter the help command followed by a command name.
•
Use keyboard shortcuts:
•
Up and down arrow keys to move through a displayed
command
•
The q key to exit
•
A slash character (/) and a pattern to search for lines of
particular interest. Matches are highlighted.
DD OS 5.2 Administration Guide
49
50
Getting Started
3 Managing Data Domain
Systems
This chapter describes how to add Data Domain systems into the
Enterprise Manager and manage their operation.
This chapter includes the following sections:
•
Overview on page 51
•
Managing System Availability on page 53
•
Working with Upgrade Images on page 55
•
Managing System Licenses on page 58
•
Managing System Storage on page 59
•
Managing Network Connections on page 66
•
Managing Access to the System on page 97
•
Managing General Configuration Settings on page 118
•
Managing Reporting and Logging on page 132
•
Working with SNMP on page 122
•
Using IPMI to Control Remote Data Domain Systems on page 141
Overview
The Data Domain system running the Enterprise Manager
automatically displays in the Enterprise Manager Navigational
pane (and cannot be removed from that Enterprise Manager). This
system is known as the Management System.
DD OS 5.2 Administration Guide
51
Other accessible Data Domain system (network accessible and
sysadmin authenticated) can be added to an Enterprise Manager
on any Management System, and is known as a Managed System.
Notes:
•
A Managed System should be managed by only one
Management System at one time.
•
If you are an admin on the Management System you become a
global admin and you can configure and monitor all Managed
Systems.
•
If you are a user on the Management System you become a
global user and you can monitor all Managed Systems.
•
Any system that is part of a Global Deduplication Array can be
added and managed from the EM. For details on working with
systems that are configured for Global Deduplication Array,
see the DD OS 5.1 Global Deduplication Array Administration
Guide.
Table 3-1 recommends the maximum number of systems and user
sessions that can be managed by the Enterprise Manager.
Table 3-1: Maximum Number of Systems and Users Managed by
the Enterprise Manager
Data Domain
System Model
Maximum
Active
Users
Maximum
Logged In
Users
Maximum Data
Domain Systems
4 GB modelsa
5
10
8
8 GB modelsb
10
15
12
16 GB and greater
modelsc
10
20
20
a. Includes DD120, DD140, DD410, DD430, DD510, and DD530
b. Includes DD460, DD560, DD565, DD610, DD630, and DD560g
c. Includes DD580, DD660, DD670, DD690, DD860, DD880, DD890,
DD990, DD580g, DD670g, DD690g, and DD880g
52
Managing Data Domain Systems
Managing System Availability
The topics in this section include how to:
•
Add a Data Domain System to the Enterprise Manager on page 53
•
Remove a DD System from the Enterprise Manager on page 54
•
Reboot a Data Domain System on page 54
•
Power On and Power Off a Data Domain System on page 55
Add a Data Domain System to the Enterprise
Manager
Note: Make sure the Data Domain system being added is running
a DD OS version that is compatible with the Enterprise Manager.
1. Click the + Add icon on the Navigational pane.
The Add System(s) dialog box appears.
2. In the System Name text box, enter a hostname or IP address of
the system to be added.
Note: A Data Domain system should be added to and
managed by only one Enterprise Manager.
3. In the Administration Credentials, enter the sysadmin user
name in the User Name text field, followed by the password.
4. Optionally, click Advanced to enter a Proxy IP address (or
system name) of a system that cannot be reached directly. If
configured, enter a Custom Port instead of the default port
3009.
5. Click OK.
Note: If the system is unreachable after adding it to the
Enterprise Manager, ensure the following:
•
If a hostname (either a fully-qualified domain name
(FQDN) or non-FQDN) is entered, make sure it is
resolvable on the Enterprise Manager Data Domain system
(that is, either configure a domain name for the Enterprise
Manager Data Domain system, ensure a DNS entry for the
DD OS 5.2 Administration Guide
53
system exists, or ensure IP address to hostname mapping is
defined).
•
If an IP address or hostname is entered, ensure there is a
route from the Enterprise Manager Data Domain system to
the Data Domain system being added.
6. If the system certificate has not been verified, the Verify
Certificate dialog box displays, showing details about
certificate. Check the system credentials and click OK if you
trust the certificate or Cancel to abort.
Remove a DD System from the Enterprise Manager
Note: Removing a system only removes it from the DD Network
list. It does not delete any replication context configured to or from
that system.
To remove a system (other than the system hosting the Enterprise
Manager):
1. Click the X Remove icon on the Navigational pane.
The Remove System(s) dialog box appears.
2. Click the checkbox of the system or systems to be removed:
•
To remove all systems, click the box next to System.
•
To remove one or more specific systems, click the box next
to the name of the system.
3. Click OK.
Note: If only the Enterprise Manager host system is present,
clicking the X Remove icon displays the message No removable
systems found on Enterprise Manager.
Reboot a Data Domain System
1. Click a system in the Navigational pane.
2. Click Maintenance > System.
3. Click the More Tasks menu and select Reboot System.
4. Click OK at the Reboot System confirmation dialog box.
54
Managing Data Domain Systems
Power On and Power Off a Data Domain System
To turn on a Data Domain system:
1. Power on any expansion shelves before the controller. The
ES30 powers on when plugged in. Wait approximately three
minutes after all expansion shelves are turned on.
2. Push the controller’s power button (as shown in the Installation
and Setup Guide for your Data Domain system).
The system can be powered down only from the CLI. To shut
down power to the Data Domain system, use the system
poweroff command. The command automatically performs an
orderly shut down of DD OS processes. The command is available
to administrative users only.
Caution: Do not use the chassis power switch to power off the
system. Doing so will prevent the ability of the system to be
remotely powered up using IPMI. Use the following command
instead.
# system poweroff
The ‘system poweroff’ command shuts down the system
and turns off the power.
Continue? (yes|no|?) [no]:
Note: The IMPI Remote System Power Down feature does not
perform an orderly shutdown of the DD OS.
Working with Upgrade Images
When the Data Domain system needs to be upgraded to a newer
major release version (for example 5.1), the Enterprise Manager
provides a link to the Data Domain Support Web site where the
image can be located and downloaded to a local system. From
there, the image can be uploaded to the Data Domain controller,
where the upgrade can be performed from the EM.
To work with upgrade packages, you can:
•
List Upgrade Packages on page 56
•
Upload Upgrade Packages on page 56
DD OS 5.2 Administration Guide
55
•
Upgrade a Data Domain System on page 57
•
Remove an Upgrade Image on page 58
List Upgrade Packages
The Maintenance > System view provides a list of upgrade images
(.rpm files) currently stored on the Data Domain controller in the
Upgrade Packages Available on the Data Domain System pane.
The Upgrade Packages Available on the Data Domain system pane
lists the following information for an image:
Item
Description
File Name
The name of the .rpm file stored on the
system.
Size
The size of the .rpm file.
Last Modified
The date the .rpm file was last changed
(for example, if the image was touched).
Upload Upgrade Packages
To connect to the Data Domain Support Web site and obtain an
upgrade package:
1. Click a system in the Navigational pane.
2. Click Maintenance > System.
3. At the bottom of the Upgrade Packages Available on the Data
Domain System pane, click Upload Upgrade Package.
The Upload Upgrade Package dialog box displays.
Note: A maximum of five upgrade packages can be uploaded
using the Enterprise Manager. To continue with this
procedure, remove the excess images (see Remove an Upgrade
Image on page 58).
There are no restrictions, other than space limitations, if you
use FTP or NFS to copy an upgrade package to the Data
Domain system. (FTP is disabled by default; to use NFS /ddvar
needs to be exported and mounted from an external host).
56
Managing Data Domain Systems
4. To obtain an upgrade package from the Data Domain Support
site, click the Data Domain Support Portal link. Log in to the
site and use the Download Software link to navigate to the
image recommended for your system by Support personnel.
Save the upgrade image to a local computer with access to the
Data Domain system.
5. In the Upload Upgrade Package dialog box, click Browse to
open the File Upload dialog box. Navigate to the system with
the file, select the file, and click Open.
6. Click OK.
Progress on the status of the upload appears in the dialog box.
On successful completion of the upload, the new .rpm will be
listed in the Upgrade Packages Available on the Data Domain
system pane.
Upgrade a Data Domain System
To perform a system upgrade with an image that resides on the
Data Domain system:
1. After reading the Release Notes for specific instructions for a
DD OS upgrade, log in to the system where the upgrade is to
be performed.
Note: Upgrades are possible only from the two prior major
release versions.
You cannot select the system from the DD Network device list
while logged in on another system.
2. From the Upgrade Packages Available on this Data Domain
System list, click in the checkbox of the image to use for the
upgrade.
3. Click Perform System Upgrade.
The Upgrade System dialog box appears.
4. Verify the version of the target image (the upgrade image) and
click OK.
A progress dialog box advises the system needs to reboot to
complete the upgrade. After the upgrade is reported as
DD OS 5.2 Administration Guide
57
complete, the Data Domain system begins the process of
preparing to reboot itself. This process may take up to ten
minutes or longer, and the reboot does not begin until this
process is complete.
5. Wait for the automatic reboot to take place. Do not attempt a
manual reboot at this time, even if the Enterprise Manager does
not indicate that an upgrade is in progress. After the Data
Domain system reboots itself, the upgrade process continues
automatically until completion.
6. After the upgrade process completes, log back into the system.
Remove an Upgrade Image
To remove a system upgrade image that resides on the Data
Domain system:
1. From the Upgrade Packages Available on this Data Domain
System list, click the checkbox of the image to remove. One
image can be removed at a time.
2. Click Remove Upgrade Package.
Managing System Licenses
Optional features for the Data Domain system are licensed and
must be purchased separately. See Licensed Features on page 34 for
a list of licensed products. The following procedures describe how
to display and enable licenses.
•
Display Licenses on page 58
•
Add Licenses on page 59
•
Remove Licenses on page 59
Display Licenses
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Licenses tabs.
58
Managing Data Domain Systems
The Licensed Features pane appears, showing the list of license
keys and features.
Add Licenses
To add a feature license:
1. In the Feature Licenses pane, click Add Licenses.
The Add Licenses Key dialog box displays.
2. In the License Key text box, type or paste one or more license
keys, each on its own line or separated by a space or comma
(and they will be automatically placed on a new line).
3. Click Add.
The added licenses display in the Added license list.
If there are errors, they will be shown an the error license list.
Click a license with an error to edit the license and click Retry
Failed License(s) to retry the key. Otherwise, click Done to
ignore the errors and return to the Feature Licenses page.
Remove Licenses
To remove one or more feature license:
1. In the Feature Licenses pane, click a checkbox next to one or
more licenses you wish to remove and click Delete Selected
Licenses.
2. In the Warning dialog box, verify the license(s) to delete and
click OK.
The licenses are removed from the license list.
Managing System Storage
The Storage view provides a way of organizing the Data Domain
system storage so that disks can be viewed by usage type (Active,
Archive, Failed, and so on), operational status, and location. This
includes internal system storage and systems configured with
external disk shelves— the status and inventory are shown for all
enclosures, disks, and RAID groups. The system is automatically
DD OS 5.2 Administration Guide
59
scanned and inventoried so all storage is shown in the Storage
view.
Managing system storage includes:
•
View System Storage Information on page 60
•
Physically Locating a Disk on page 65
•
Configuring Storage on page 65
View System Storage Information
To open the Storage view:
1. Select the Data Domain system in the Navigational pane.
2. Click the Hardware > Storage tabs.
The Storage view appears.
The Storage view Status area shows the current status of the
storage (such as Operational or Non-Operational) and any
active alerts (these can be clicked to view alert details).
Below the Status area are tabs that organize how the storage
inventory is presented:
•
Storage Overview on page 61
•
Status View on page 63
•
Disks View on page 64
The Status area presents the following information.
Item
Description
Status
The status of the storage system can be:
• Normal—System operational (green). All disks in the
system are in good condition.
• Warning—System operational (yellow). The system is
operational, but there are problems that need to be
corrected. Warnings may result from a degraded
RAID group, presence of foreign storage, or failed or
absent disks.
• Error—System non-operational (red). The system is
not operational.
60
Managing Data Domain Systems
Item
Description
Operational Drives
Count of drives operating normally:
• Total—Total number of drives operating.
• In-Use—Number of drives the system is using.
• Spare—Number of spare drives (that can be activated
if an in-use disk fails).
Non-Operational Drives
Count of drives that are not operating normally.
• Total—Total number of non-operational drives.
• Failed—Number of known failed drives.
• Absent—Number of slots without drives.
• Foreign—Number of foreign or unsupported drives.
• Unknown—Number of new disks in a shelf.
Storage Overview
The Overview area displays information for all disks in the
selected Data Domain system organized by type. The categories
that display are dependent on the type of storage configuration in
use. The Overview section lists the storage that is found, and can
include the following sections, each of which is expandable to
display detailed information:
•
Active Tier—Disks in the Active Tier are currently marked as
usable by the Data Domain file system. Sections are organized
by Disks in Use and Disks Not in Use.
•
Archive Tier—If the optional ARCHIVER (DD Extended
Retention) license is installed, this section shows the disks that
are configured for archival storage. Sections are organized by
Disks in Use and Disks Not in Use. For more information, see
the Data Domain Extended Retention Administration Guide.
•
Usable Disks and Enclosures—For systems with optional
enclosures, this section shows the disks and enclosures that can
be added to the system.
•
Fail/Foreign/Absent Disks (Excluding Systems Disks)—
Shows the disks that are in a failed state; these cannot be added
to the system Active or Archive area.
DD OS 5.2 Administration Guide
61
•
Systems Disks—Shows the disks where the DD OS resides
when the Data Domain controller does not contain data storage
disks.
Each section heading displays a summary of the storage
configured for that section. The Summary shows tallies for the
total number of disks, disks in use, spare disks, reconstructing
spare disks, available disks and known disks.
Clicking the + icon for a section reveals tables presenting
information about the status and content of the storage present.
Sections with the Disks In Use section show the Disk Group Status
tallies and a table with the following information:
Item
Description
Disk Group
The name of the disk group that was created by the file
system (for example, dg1).
Status
The status of the disk (for example Normal, Warning).
Disks Reconstructing
The disks that are undergoing reconstruction, by disk
ID (for example, 1.11).
Total Disks
The total number of usable disks (for example, 14).
Disks
The disk IDs of the usable disks (for example, 2.1-2.14)
Sections with a Disks Not in Use section show the Disks Status
tallies and a table with the following information:
Item
Description
Disk
The disk identifier. It can be:
• The enclosure and disk number (in the form
Enclosure.Slot).
• A gateway disk (devn).
• A LUN.
Status
The status of the disk, for example In Use, Available,
Spare.
Size
The data storage capacity of the disk when used in a
Data Domain system.a
62
Managing Data Domain Systems
Item
Description
Manufacturer/Model
The manufacturer’s model designation. The display
may include a model ID or RAID type or other
information depending on the vendor string sent by the
storage array.
Firmware
The firmware level used by the third-party physicaldisk storage controller.
Serial Number
The manufacturer’s serial number for the disk.
a. The Data Domain convention for computing disk space defines one gibibyte as 230
bytes, giving a different disk capacity than the manufacturer’s rating.
Status View
The Status view shows the Disks Status table and the
Reconstructing table.
The Disks Status table presents the following information:
Item
Description
Total
The total number of inventoried disks in the Data
Domain system (including enclosures and gateway
storage).
In Use
The number of disks currently in use by the file system.
Spare
The number of spare disks (available to replaced failed
disks).
Spare (reconstructing)
The number of disks that are in the process of data
reconstruction (spare disks replacing failed disks).
Available
The number of disks that are available for allocation to
and Active or Archive storage tier.
Known
The number of known unallocated disks.
Unknown
The number of unknown unallocated disks.
Failed
The number of failed disks.
Foreign
The number of foreign disks.
Absent
The number of absent disks.
DD OS 5.2 Administration Guide
63
The Reconstructing table presents the following information:
Item
Description
Disk
Identifies disk being reconstructed. Disk labels are of
the format enclosure.disk. Enclosure 1 is the Data
Domain system, and external shelves start numbering
with enclosure 2. For example, the label 3.4 is the fourth
disk in the second shelf.
Disk Group
Shows the RAID group (dg#) for the reconstructing
disk.
Tier
The name of the tier where the failed disk is being
reconstructed.
Time Remaining
The amount of time before the reconstruction is
complete.
Percentage Complete
The percentage of reconstruction that has been
completed.
When a spare disk is available, the Data Domain file system
automatically replaces a failed disk with a spare and begins the
reconstruction process to integrate the spare into the RAID disk
group. The disk use displays Spare and the status becomes
Reconstructing.
Reconstruction is performed on one disk at a time. If more than
one disk is to be reconstructed, the disks waiting for reconstruction
show as Spare until reconstruction starts.
Disks View
Use the radio buttons to select how the disks are viewed—by All
Disks or by Tier, or by disk group.
64
Managing Data Domain Systems
The Disks view lists all the system disks in a scrollable table with
following information .
Item
Description
Disk
The disk identifier. It can be:
• The enclosure and disk number (in the form
Enclosure.Slot).
• A gateway disk (devn).
• A LUN.
Status
The status of the disk (for example In Use, Spare).
Manufacturer/Model
The manufacturer’s model designation. The display
may include a model ID or RAID type or other
information depending on the vendor string sent by the
storage array.
Firmware
The firmware level used by the third-party physicaldisk storage controller.
Serial Number
The manufacturer’s serial number for the disk.
Physically Locating a Disk
To locate a disk (for example, when a failed disk needs to be
replaced):
1. Select the Data Domain system in the Navigational pane.
2. Click the Hardware > Storage > Disks tabs.
The Disks view appears.
3. Select a disk from the Disks table and click Beacon.
Note: You can select only one disk at a time.
The Beaconing Disk dialog window appears, and the LED light
on the disk begins flashing.
4. Click Stop to stop the LED beaconing.
Configuring Storage
Note: Additional storage requires the appropriate license or
licenses, and the Data Domain system must have enough installed
DD OS 5.2 Administration Guide
65
memory to support it. Error messages display if more licenses or
memory is needed.
1. Within the Enterprise Manager, open the Hardware > Storage
tab.
2. In the Overview tab, click Configure Storage.
3. In the Configure Storage tab, select the storage to be added
from the Available Storage list.
4. Select the appropriate Tier Configuration (Archive or Active)
from the menu.
Note: The two bars show the portion of licensed capacity (used
and remaining) for each shelf model (ES20 and ES30).
5. Select the checkbox for the Shelf to be added.
6. Click the Add to Tier button.
7. Click OK to add the storage.
Note: To remove an added shelf, select it in the Tier Configuration
list, click Remove from Configuration, and click OK.
Managing Network Connections
The Network view presents status and configuration information
about the system’s Ethernet interfaces. It contains the Interfaces
view, Settings view, and Routes view.
Use the following topics to manage network connections:
•
Configuring Network Interfaces on page 67
•
Configuring Network Settings on page 88
•
Configuring Routes on page 93
The Network view provides a means to:
66
•
Configure network interfaces so that Data Domain system is
available for management and backup activities over network.
•
Configure network interfaces to maximize throughput and be
highly available.
Managing Data Domain Systems
•
Name the Data Domain system in the network environment
and resolve names of other systems in the environment.
•
Isolate backup/near line traffic in shared network
environments.
•
View all the network related settings.
•
Troubleshoot and diagnose network issues.
Configuring Network Interfaces
This section provides an overview of the types of connections,
physical and virtual, and how they are used to create VLANs, IP
aliases, and bonded interfaces for Data Domain system network
interface options.
This section includes the following tasks:
•
View Interface Information on page 67
•
Configure Physical Interfaces on page 70
•
Configuring Virtual Interfaces on page 72
•
Configuring a VLAN on page 82
•
Configuring an IP Alias on page 84
•
Registering a DDNS on page 86
•
Destroying an Interface on page 87
•
View an Interface Hierarchy with the Tree View on page 88
View Interface Information
The Interfaces view allows you to manage and configure virtual
interfaces, DHCP, DDNS, and IP addresses, and displays network
information and status.
The Data Domain system supports IPv6 addressing.
Note: DD OS 5.2 enables IPv6 for most low-level networking
features: low-level networking functionality is IPv6 capable, and
low-level networking CLIs allow operations for IPv6.
DD OS 5.2 Administration Guide
67
DD OS 5.2 does not support IPv6 for the Enterprise Manager.
There is no support for backup and replication protocols.
The IPv6 addresses may be viewed but not changed. The CLI
commands that are run on a system manage the IPv6 addresses.
There are some restriction to interfaces that have IPv6 addresses.
For example, the minimum MTU is 1280. If you try to set it lower
than this on an interface with an IPv6 address, it fails. The IPv6
address might affect an interface even though it is on an VLAN
attached to the interface and not directly on the interface.
To display the Interfaces view:
1. In the Navigational tree, select the Data Domain system to
view or configure.
2. Click the Hardware > Network tab.
The Network view appears, containing the Interfaces, Settings,
and Routes tabs.
The Interfaces table presents the following information.
Item
Description
Interface
The name of each interface associated with the selected Data
Domain system. Physical interfaces names start with eth.
Virtual interface names start with veth.
Enabled
Whether the interface is enabled.
• Select Yes to enable interface and connect it to the
network.
• Select No to disable interface and disconnect it from the
network.
Type
When the interface is part of a Global Deduplication Array
configuration, shows the value Cluster, otherwise, shows
N/A.
DHCP
Indicates if the interface is configured with an IP address
from a DHCP (Dynamic Host Configuration Protocol)
server (Yes/No).
IP Address
IP address associated with the interface. The address used
by the network to identify the interface. If the interface is
configured through DHCP, an asterisk appears after this
value.
68
Managing Data Domain Systems
Item
Description
Netmask
Netmask associated with the interface. Uses the standard IP
network mask format. If the interface is configured through
DHCP, an asterisk appears after this value.
Link
Whether the interface currently has a live Ethernet
connection (Yes/No).
Additional Info
Additional settings for the interface. For example, the
bonding mode.
Intelligent Platform Management Interface (IPMI)
Yes/No
Indicates if IPMI health and management monitoring is
configured for the interface.
View IPMI Interfaces Links to the Maintenance > IPMI configuration tab.
3. Select an interface in the table to populate the Interface Details
area.
The Interface Details area shows the following information:
Item
Description
Interface Name
Name of the selected interface.
Hardware Address
The MAC address of the selected interface. For example,
00:02:b3:b0:8a:d2
Cable
Shows whether the interface is Copper or Fiber.
MTU
MTU (Maximum Transfer Unit) value assigned to the
interface.
Autonegotiate
When the interface is configured to automatically negotiate
Speed and Duplex settings. Options are Enabled or
Disabled. If autonegotiate is Disabled, then Speed and
Duplex values are manually set.
Duplex
Protocol used in conjunction with Speed value, sets data
transfer protocol. Options are Unknown, Full, Half.
Speed
Used in conjunction with Duplex value, sets rate of data
transfer. Options are Unknown, 10 Mb/s, 100 Mb/s,
1000 Mb/s, 10 Gb/s.
Supported Speeds
Lists all the speeds the interface is capable of using.
DD OS 5.2 Administration Guide
69
Filter the Interfaces Table
The Interfaces table can be filtered by either:
•
Interface Name—Enter an interface name and click Update
to filter the Interface view.
•
Interface Type— Select an interface type and click Update
to filter to Interface view. The value All displays physical,
virtual (Failover and Aggregate), VLAN, and IP Alias
interfaces.
To filter the Interfaces table:
1. Enter a value in the Interface Name field or select a value from
the Interface Type menu.
Filters support wildcards, such as eth*, veth*, or eth0*
2. Click Update.
3. To return the interfaces table to the default listing, click Reset.
Configure Physical Interfaces
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tab.
3. Select an interface to configure.
4. Click Configure.
The Configure Interface dialog box appears.
5. Determine how the interface IP address is to be set:
•
Use DHCP to assign the IP address—in the IP Settings
pane, click the radio button Obtain Settings using DHCP.
Setting a physical interface to DHCP automatically enables
the interface.
•
Specify IP Settings manually—in the IP Settings pane, click
the radio button Manually configure IP Address.
The IP Address and Netmask fields become active.
a. Enter an IP Address.
70
Managing Data Domain Systems
The Internet Protocol (IP) Address is the numerical label
assigned to the interface. For example, 192.168.10.23
b. Enter a Netmask address.
The Netmask is the subnet portion of the IP address that is
assigned to the interface. If the interface is configured through
DHCP, an asterisk appears after this value.
Format is typically 255.255.255.000. If you do not specify a
netmask, the Data Domain system uses the netmask format
is determined by the TCP/IP address class (A,B,C) you are
using.
6. Specify Speed/Duplex settings.
The combination of speed and duplex settings define the rate
of data transfer through the interface. Select one of these
options:
•
Autonegotiate Speed/Duplex — Select this option to allow
the network interface card to autonegotiate the line speed
and duplex setting for an interface.
•
Manually configure Speed/Duplex — Select this option to
manually set an interface data transfer rate. Select the
speed and duplex from the drop-down lists.
-
Duplex options are half-duplex or full-duplex.
-
Speed options listed are limited to the capabilities of the
hardware device. Options are 10 Base-T, 100 Base-T,
1000 Base-T (Gigabit), and 10,000 (10 Gb).
-
Half-duplex is only available for 10 Base-T and 100
Base-T speeds.
-
1000 and 10000 line speeds require full-duplex.
-
Optical interfaces require the Autonegotiate option.
-
Copper interface default is 10 Gb. If a copper interface is
set to 1000 or 10000 line speed, duplex must be fullduplex.
7. Specify the MTU (Maximum Transfer Unit) size for the
physical (Ethernet) interface.
DD OS 5.2 Administration Guide
71
Supported values are from 350 to 9014. For 100 Base-T and
gigabit networks, 1500 is the standard default.
Notes:
•
Click the Default button to return the setting to the default
value.
•
Ensure that all of your network components support the
size set with this option.
8. Optionally, select Dynamic DNS Registration option.
Dynamic DNS (DDNS) is the protocol that allows machines on
a network to communicate with, and register their IP address
on, a Domain Name System (DNS) server.
The DDNS must be registered to enable this option.
Note: This option disables DHCP for this interface.
9. Click Next.
The Configure Interface Settings summary page appears. The
values listed reflect the new system and interface state, which
are applied on Finish.
10. Click Finish and OK.
Configuring Virtual Interfaces
The following describes how to create virtual interfaces:
•
Create a Virtual Interface for Failover on page 75
•
Creating a Virtual Interface for Link Aggregation on page 78
Before creating a virtual interface, become familiar with the
applicable guidelines:
•
Guidelines for Configuring Virtual Interfaces on page 73
•
Guidelines for Configuring a Virtual Interface for Failover on
page 75
•
Guidelines for Configuring a Virtual Interface for Link Aggregation
on page 78
72
Managing Data Domain Systems
Guidelines for Configuring Virtual Interfaces
The following considerations apply to both failover and aggregate
virtual interfaces. When you create a virtual interface:
•
The virtual-name must be in the form vethx where x is a
number.
•
You can create as many virtual interfaces as there are physical
interfaces.
•
The physical-name must be in the form ethx where x is an
alphanumeric string. For example, eth0a.
•
Each interface used in a virtual interface must first be disabled.
An interface that is part of a virtual interface is seen as disabled
for other network configuration options.
•
A virtual interface needs an IP address that is set manually.
•
After a virtual interface has been destroyed, the physical
interfaces associated with it remain disabled. You must
manually re-enable the physical interfaces.
•
The number and type of cards installed determines the number
of Ethernet ports available.
•
Each physical interface can belong to at most one virtual
interface.
•
A system can have multiple mixed failover and aggregation
virtual interfaces, subject to the restrictions above.
•
Virtual interfaces must be created from identical physical
interfaces. For example, all copper, all optical, all 1 Gb, or all
10 Gb. However, 1 Gb interfaces support bonding a mix of
copper and optical interfaces.
•
Failover and aggregate links improve network performance
and resiliency by using two or more network interfaces in
parallel, thus increasing the link speed and reliability over that
of a single interface.
•
Remove functionality is available using the Configure button.
Choose a virtual interface from the list of interfaces in the
interface tab, click the Configure button, then from list of
DD OS 5.2 Administration Guide
73
interfaces in the dialog that appears, uncheck the interface to
remove it from bonding (failover or aggregate) and click Next.
Interface Naming Changes
The physical interface name for Data Domain OS versions prior to
4.9 is ethx where x is a number from 0 to 5. Numbering is
sequential without gaps. Starting with Data Domain OS version 4.9
and later, the interface naming format is ethslot #[a-d].
The DDOS 4.9 naming uses the following method:
•
For on-board NIC vertical interfaces, the top interface is named
eth0a and the bottom interface is eth0b.
•
For on-board NIC horizontal interfaces, the left interface as
viewed from the rear, is named eth0a and the right is named
eth0b.
•
For optional cards whether they are installed vertical or
horizontal, the top interface at the top of the card is ethxa, the
next is ethxb, the next is ethxc, and so on until the bottom of the
card (where x is the slot number).
This naming convention ensures:
•
A deterministic way to identify the correct physical link from
the logical link.
•
That the interface names do not change if cards are added or
removed.
•
That the interface name is not dependent on the type of cards
in the system.
The following systems, if they are running DDOS version 4.9, can
use the DDOS version 4.9 interface naming: DD880, DD880g,
DD670, DD690, DD690g, DD660, DD630, DD610, DD140.
If the interface names are changed to the DDOS 4.9 naming
structure, associated configuration names are changed as well. For
example, eth1.236 becomes eth0a.236, eth1 and eth0 bonded to
veth1 becomes eth0a and eth0b bonded to veth1.
Virtual interfaces do not need to use the DDOS 4.9 naming
structure, although the slaves are renamed. So the virtual
interfaces continue to be veth0, veth1, etc. Note, starting with
74
Managing Data Domain Systems
DDOS version 4.8 the virtual interfaces can be completely removed
from the list of interfaces by the use of the destroy option.
Guidelines for Configuring a Virtual Interface for Failover
Ethernet failover provides improved network stability and
performance. A failover from one physical interface to another can
take up to 30 seconds. The delay is to guard against multiple
failovers when a network is unstable.
The failover-enabled virtual interface represents a group of
secondary physical interfaces, one of which can be specified as the
primary. The system makes the primary interface the active
interface whenever the primary interface is operational.
While planning, consider the following supported guidelines:
•
A primary interface must be part of the failover. If an interface
is removed from a failover, a warning message is sent.
•
When a primary interface is used in a failover configuration, it
must be explicitly specified and must also be a slave to the
virtual interface. If the primary interface goes down and
multiple interfaces are still available, the next interface used is
a random choice.
•
All interfaces in a virtual interface must be on the same subnet
and on the same LAN. Network switches used by a virtual
interface must be on the same subnet.
•
The recommended number of physical interfaces for failover is
greater than one. However, you can configure one primary
interface and one or more failover interfaces (except with 10 Gb
CX4 Ethernet cards, which are restricted to one primary
interface and one failover interface from the same card, and
with the 10 Gb single-port optical Ethernet cards, which cannot
be used).
Create a Virtual Interface for Failover
To create a virtual interface:
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
DD OS 5.2 Administration Guide
75
3. In the Interfaces table, disable the physical interface where the
virtual interface is to be added by clicking No in the Enabled
column.
4. From the Create menu, select Virtual Interface.
The Create Virtual Interface dialog box appears.
5. Specify a virtual interface name in the veth text box.
Enter a virtual interface name in the form vethx, where x is a
unique ID (typically one or two digits). A typical full virtual
interface name with VLAN and IP Alias is veth56.3999:199.
The maximum length of the full name is 15 characters. Special
characters are not allowed. Numbers must be between 0 and
4094 inclusive.
6. Select Failover from the Bonding Type drop-down list.
Note: Registry settings can be different from the bonding
configuration. When interfaces are added to the virtual
interface, the information is not sent to the bonding module
until the virtual interface is brought up. Until that time the
registry and the bonding driver configuration are different.
7. In the area Select an interface to add to the failover
configuration, click the checkbox corresponding to the
interface and click Next. Virtual aggregate interfaces can be
used for failover.
The Create virtual interface veth_name dialog appears.
8. Enter an IP Address.
The Internet Protocol (IP) Address is the numerical label
assigned to the interface. For example, 192.168.10.23
9. Enter a Netmask address.
The Netmask is the subnet portion of the IP address that is
assigned to the interface.
Format is typically 255.255.255.000. If you do not specify a
netmask, the Data Domain system uses the netmask format is
determined by the TCP/IP address class (A,B,C) you are using.
10. Specify Speed/Duplex options.
76
Managing Data Domain Systems
The combination of speed and duplex settings define the rate
of data transfer through the interface. Select either:
•
Autonegotiate Speed/Duplex — Select this option to allow
the network interface card to autonegotiate the line speed
and duplex setting for an interface.
•
Manually configure Speed/Duplex — Select this option to
manually set an interface data transfer rate.
-
Duplex options are half-duplex or full-duplex.
-
Speed options listed are limited to the capabilities of the
hardware device. Options are 10 Base-T, 100 Base-T,
1000 Base-T (Gigabit), and 10,000 (10 Gb).
-
Half-duplex is only available for 10 Base-T and 100
Base-T speeds.
-
1000 and 10000 line speeds require full-duplex.
-
Optical interfaces require the Autonegotiate option.
-
Copper interface default is 10 Gb. If a copper interface is
set to 1000 or 10000 line speed, duplex must be fullduplex.
11. Specify MTU Settings.
Warning:Incorrect MTU size can affect the system’s network
performance.
This sets the Maximum Transfer Unit (MTU) size for the
physical (Ethernet) interface. Supported values are from 350 to
9014. For 100 Base-T and gigabit networks, 1500 is the standard
default.
Notes:
•
Click the Default button to return the setting to the default
value.
•
Ensure that all of your network components support the
size set with this option.
12. Optionally, select Dynamic DNS Registration option.
DD OS 5.2 Administration Guide
77
Dynamic DNS (DDNS) is the protocol that allows machines on
a network to communicate with, and register their IP address
on, a Domain Name System (DNS) server.
The DDNS must be registered to enable this option. Refer to
Registering a DDNS for additional information.
Note: This option disables DHCP for this interface.
13. Click Next.
The Configure Interface Settings summary page appears. The
values listed reflect the new system and interface state.
14. Complete the Interface, click Finish and OK.
Guidelines for Configuring a Virtual Interface for Link
Aggregation
Link aggregation provides improved network performance and
resiliency by using one or more network interfaces in parallel, thus
increasing the link speed and reliability over that of a single
interface. For example, enable link aggregation on virtual interface
veth1 to physical interfaces eth1 and eth2 in mode LACP (Link
Aggregation Control Protocol) and hash XOR-L2.
While planning interface link aggregation, consider the following
supported guidelines:
•
Changes to disabled Ethernet interfaces flush the routing table.
Data Domain recommends making interface changes only
during scheduled maintenance downtime. After making
interface changes, reconfigure the routing rules and gateways.
•
Enable aggregation on an existing virtual interface by
specifying the physical interfaces and mode and giving it an IP
address.
Creating a Virtual Interface for Link Aggregation
To create a virtual interface for link aggregation:
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
78
Managing Data Domain Systems
3. In the Interfaces table, disable the physical interface where the
virtual interface is to be added by clicking No in the Enabled
column.
4. From the Create menu, select Virtual Interface.
The Create Virtual Interface dialog box appears.
5. Specify a virtual interface name in the veth text box.
Enter a virtual interface name in the form vethx, where x is a
unique ID (typically one or two digits). A typical full virtual
interface name with VLAN and IP Alias is veth56.3999:199.
The maximum length of the full name is 15 characters. Special
characters are not allowed. Numbers must be between 0 and
4094 inclusive.
6. Select Aggregate from the Bonding Type drop-down list.
Note: Registry settings can be different from the bonding
configuration. When interfaces are added to the virtual
interface the information is not sent to the bonding module
until the virtual interface is given an IP address and brought
up. Until that time the registry and the bonding driver
configuration are different.
7. From the General tab, specify the Bonding Mode.
Specify the mode that is compatible with the requirements of
the system to which the interfaces are directly attached.
Available modes are:
•
Round-robin — Transmit packets in sequential order from
the first available link through the last in the aggregated
group.
•
Balanced —Data is sent over interfaces as determined by
the hash method selected. This requires the associated
interfaces on the switch to be grouped into an Ether
channel (trunk) and given a hash via the Load Balance
parameter.
•
LACP —Link Aggregation Control Protocol. This is similar
to Balanced except it has a control protocol that
communicates to the other end and coordinates what links
DD OS 5.2 Administration Guide
79
within the bond are available to use. In a sense it provides
heartbeat failover.
8. Specify Bonding Hash.
From the General tab, select from the Bonding Hash menu.
Options are: the Layer 2 (L2)or Layer 3/Layer 4 (L3L4).
Layer 2 (XORL2)
Transmit through a slave interface based on
static balanced and LACP mode
aggregation with an XOR hash of Layer 2
(inbound and outbound MAC addresses).
Layer 2/Layer
3(XOR-L2L3)
Transmit through a slave interface based on
static balanced and LACP mode
aggregation with an XOR hash of Layer
2(inbound and outbound MAC addresses)
and Layer 3 (inbound and outbound IP
addresses).
Layer 3/Layer 4
(XOR-L3L4)
Transmit through a slave interface based on
static balanced and LACP mode
aggregation with an XOR hash of Layer 3
(inbound and outbound IP address) and
Layer 4 (inbound and outbound port).
9. Select an interface to add to the aggregate configuration by
clicking the checkbox corresponding to the interface, and then
click Next.
The Create virtual interface veth_name dialog appears.
10. Enter an IP Address.
The Internet Protocol (IP) Address is the numerical label
assigned to the interface. For example, 192.168.10.23
11. Enter a Netmask address.
The Netmask is the subnet portion of the IP address that is
assigned to the interface.
Format is typically 255.255.255.000. If you do not specify a
netmask, the Data Domain system uses the netmask format is
determined by the TCP/IP address class (A,B,C) you are using.
80
Managing Data Domain Systems
12. Specify Speed/Duplex options.
The combination of speed and duplex settings define the rate
of data transfer through the interface. Select either:
•
Autonegotiate Speed/Duplex — Select this option to allow
the network interface card to autonegotiate the line speed
and duplex setting for an interface.
•
Manually configure Speed/Duplex — Select this option to
manually set an interface data transfer rate.
-
Duplex options are half-duplex or full-duplex.
-
Speed options listed are limited to the capabilities of the
hardware device. Options are 10 Base-T, 100 Base-T,
1000 Base-T (Gigabit), and 10,000 (10 Gb).
-
Half-duplex is only available for 10 Base-T and 100
Base-T speeds.
-
1000 and 10000 line speeds require full-duplex.
-
Optical interfaces require the Autonegotiate option.
-
Copper interface default is 10 Gb. If a copper interface is
set to 1000 or 10000 line speed, duplex must be fullduplex.
13. Specify MTU Settings.
Warning:Incorrect MTU size can affect the system’s network
performance.
This sets the Maximum Transfer Unit (MTU) size for the
physical (Ethernet) interface. Supported values are from 350
(or from 1280 for IPv6) to 9014. For 100 Base-T and gigabit
networks, 1500 is the standard default.
Notes:
•
Click the Default button to return the setting to the default
value.
•
Ensure that all of your network components support the
size set with this option.
14. Optionally, select Dynamic DNS Registration option.
DD OS 5.2 Administration Guide
81
Dynamic DNS (DDNS) is the protocol that allows machines on
a network to communicate with, and register their IP address
on, a Domain Name System (DNS) server.
The DDNS must be registered to enable this option. Refer to
Registering a DDNS on page 86 for additional information.
15. Click Next.
The Configure Interface Settings summary page appears. The
values listed reflect the new system and interface state.
16. Click Finish and OK.
Modifying a Virtual Interface
To modify settings on an existing virtual interface:
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
3. In the Interfaces column, select the checkbox of the interface
and disable the virtual interface by clicking No in the Enabled
column and click OK in the warning dialog box.
4. In the Interfaces column, select the checkbox of the interface
and click Configure.
The Configure Virtual Interface dialog box appears.
5. Change the settings that are described in the procedures Create
a Virtual Interface for Failover on page 75 or Creating a Virtual
Interface for Link Aggregation on page 78.
6. Click Next and Finish.
Configuring a VLAN
Create a new VLAN interface from either a physical interface or a
virtual interface. The recommended total number of VLAN
interfaces that can be created is 80. It is, however, possible to create
up to 100 interfaces (minus the number of aliases, physical and
virtual interfaces) before the system prevents any more from being
created.
82
Managing Data Domain Systems
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
3. Click Create and select the VLAN option.
The Create VLAN dialog box appears.
4. Specify a VLAN ID by entering a number in the ID field.
The range of a VLAN ID is between 1 and 4094 inclusive.
5. Enter an IP Address.
The Internet Protocol (IP) Address is the numerical label
assigned to the interface. For example, 192.168.10.23
6. Enter a Netmask address.
The Netmask is the subnet portion of the IP address that is
assigned to the interface.
Format is typically 255.255.255.000. If you do not specify a
netmask, the Data Domain system uses the netmask format is
determined by the TCP/IP address class (A,B,C) you are using.
7. Specify MTU Settings.
Warning:Incorrect MTU size can affect the system’s network
performance.
This sets the Maximum Transfer Unit (MTU) size for the
physical (Ethernet) interface. Supported values are from 350 to
9014. For 100 Base-T and gigabit networks, 1500 is the standard
default.
Notes:
•
Click the Default button to return the setting to the default
value.
•
Ensure that all of your network components support the
size set with this option.
8. Specify Dynamic DNS Registration option.
Dynamic DNS (DDNS) is the protocol that allows machines on
a network to communicate with, and register their IP address
on, a Domain Name System (DNS) server.
DD OS 5.2 Administration Guide
83
The DDNS must be registered to enable this option. Refer to
Registering a DDNS for additional information.
9. Click Next.
The Configure Interface Settings summary page appears. The
values listed reflect the new system and interface state.
10. Click Finish and OK.
Modifying a VLAN Interface
To modify settings on an existing VLAN interface:
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
3. In the Interfaces column, select the checkbox of the interface
and disable the VLAN interface by clicking No in the Enabled
column and click OK in the warning dialog box.
4. In the Interfaces column, select the checkbox of the interface
and click Configure.
The Configure VLAN Interface dialog box appears.
5. Change the settings that are described in the procedures
Configuring a VLAN on page 82.
6. Click Next and Finish.
Configuring an IP Alias
Create a new IP Alias interface from a physical interface, a virtual
interface, or a VLAN.
The recommended total number of IP Aliases, VLAN, physical,
and virtual interfaces that can exist on the system is 80 though it is
possible to have up to 100 interfaces.
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
3. Click the Create menu and select the IP Alias option.
84
Managing Data Domain Systems
The Create IP Alias dialog box appears.
4. Specify a IP Alias ID by entering a number in the eth0a field.
Requirements are: 1 to 4094 inclusive.
5. Enter an IP Address.
The Internet Protocol (IP) Address is the numerical label
assigned to the interface. For example, 192.168.10.23
6. Enter a Netmask address.
The Netmask is the subnet portion of the IP address that is
assigned to the interface.
Format is typically 255.255.255.000. If you do not specify a
netmask, the Data Domain system uses the netmask format is
determined by the TCP/IP address class (A,B,C) you are using.
7. Specify Dynamic DNS Registration option.
Dynamic DNS (DDNS) is the protocol that allows machines on
a network to communicate with, and register their IP address
on, a Domain Name System (DNS) server.
The DDNS must be registered to enable this option. Refer to
Registering a DDNS for additional information.
8. Click Next.
The Configure Interface Settings summary page appears. The
values listed reflect the new system and interface state.
9. Click Finish and OK.
Modifying an IP Alias Interface
To modify settings on an existing virtual interface:
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
3. In the Interfaces column, select the checkbox of the interface
and disable the IP Alias interface by clicking No in the Enabled
column and click OK in the warning dialog box.
DD OS 5.2 Administration Guide
85
4. In the Interfaces column, select the checkbox of the interface
and click Configure.
The Configure IP Alias dialog box appears.
5. Change the settings that are described in the procedure
Configuring an IP Alias on page 84.
6. Click Next and Finish.
Registering a DDNS
DDNS (Dynamic DNS) is the protocol used by CIFS that allows
machines on a network to communicate with, and register their IP
address on, a DNS Server. Changes you can make to the DDNS
registration include:
•
Manually register (add) configured interfaces to the DDNS
registration list.
•
Remove interfaces from the DDNS registration list.
•
Enable or disable DNS updates. Display whether DDNS
registration is enabled or not.
•
Display interfaces in the DDNS registration list.
To register a DDNS:
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
3. Click DDNS Registration.
The DDNS Registration dialog box appears.
4. To add an interface to the DDNS, click Add.
The Add Interface dialog box appears.
a. Enter a name in the Interface field.
b. Click OK.
The system responds
5. Optionally, to remove an interface from the DDNS:
86
Managing Data Domain Systems
a. Click the checkbox of the interface to remove.
b. Click Remove.
The Confirm Remove dialog box appears.
c. Click OK.
The system responds
6. Specify Dynamic DNS Registration option.
•
Click the checkbox next to Enable DDNS updates for all
interface which are already registered.
•
Click the Default to set to default settings for DDNS
updates, and default value is disabled.
•
Uncheck the box to Disable DDNS updates for the
registered interfaces.
The DDNS must be registered to enable this option. Refer to
Registering a DDNS for additional information.
7. Complete the DDNS registration, click OK.
Destroying an Interface
Destroying an interface applies to virtual interface, VLAN, and IP
Alias interfaces. If virtual interfaces are destroyed, the system
deletes the veth and releases all it's bonded physical interfaces. If
there were VLAN/IP alias interfaces created on this virtual
interface these are also deleted. Destroy VLAN deletes the VLAN
and all IP Alias interfaces that are created under it, if any. Destroy
IP Alias deletes only that alias interface.
To destroy an Interface:
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Interfaces tabs.
3. Click the box next to the interface to destroy (Virtual or VLAN
or IP Alias).
4. Click Destroy .
The Confirm Destroy dialog box appears.
DD OS 5.2 Administration Guide
87
5. Click OK.
View an Interface Hierarchy with the Tree View
1. From the Navigational pane, select the Data Domain system to
view.
2. Click the Hardware > Network > Interfaces tabs.
3. Click Tree View.
The Tree View dialog box appears.
4. Click the plus or minus boxes to expand or contract the tree
view that shows the hierarchy.
5. Click Close to exit the Tree View.
Configuring Network Settings
Use the Hardware > Network > Settings view to view and
configure the network settings. This includes network parameters
such as the hostname, domain name, search domains, host
mapping, and DNS list.
Configuring network settings is described in the following
sections:
•
View Settings Information on page 88
•
Set Hostnames on page 89
•
Manage a Domain Search List on page 90
•
Map Hosts on page 91
•
Set DNS IP Addresses on page 92
View Settings Information
1. From the Navigational pane, select the Data Domain system to
view or configure.
2. Click the Hardware > Network > Settings tabs.
The Settings view appears containing the Host Settings, Search
Domain, and Host Mapping options.
88
Managing Data Domain Systems
The Settings tab displays the following information.
Item
Description
Host Settings
Host Name
The hostname of the selected Data Domain system.
Domain Name
The fully-qualified domain name associated with the
selected Data Domain system.
Search Domain List
Search Domain
A list of search domains that the Data Domain system
uses. The Data Domain system applies the search
domain as a suffix to the hostname.
Hosts Mapping
IP Address
IP address of the host to resolve.
Host Name
Hostnames associated with the IP address.
DNS List
DNS IP Address
Current DNS IP addresses associated with the selected
Data Domain system. An asterisk (*) indicates the IP
addresses were assigned through DHCP.
Set Hostnames
You can change the hostname and domain name that other
systems use to access the Data Domain System.
•
Do not include an underscore in the hostname. It is
incompatible with some browsers.
Changing the names of an active host can cause:
•
A break in the current connection. If this happens log back in
and check the saved settings.
•
Disrupt replication and CIFS active directory authentication. If
this happens reconfigure CIFS authentication after you change
the names.
To set a hostname:
1. In the Settings view, click Edit in the Host Settings area.
The Configure Host dialog box appears.
DD OS 5.2 Administration Guide
89
2. Determine how network connections are set. Either:
•
Select the radio button for Obtain Settings using DHCP. (At
least one of the interfaces must be configured using
DHCP.)
•
Select the radio button for Manually configure the host.
a. Enter an hostname in the Host Name text box.
For example, id##.yourcompany.com
b. Enter a domain name in the Domain Name text box.
This is the domain name associated with your Data
Domain system. Typically this is your company domain
name. For example, yourcompany.com
3. Click OK.
Progress messages display. When changes are applied, you are
returned to the Hardware > Network > Settings tab.
Manage a Domain Search List
To add a search domain:
1. In the Settings view, click Edit in the Search Domain List area.
The Configure Search Domains dialog box appears.
2. To add a search domain, click the add (plus) button.
The Add Search Domain dialog box appears.
a. Enter a name in the Search Domain text box.
For example, id##.yourcompany.com
b. Click OK.
The system adds the new domain to the list of searchable
domains, but the changes are not applied to system yet.
3. Click OK.
Changes are applied to the system. The system returns you
to the Settings view.
90
Managing Data Domain Systems
To remove a search domain:
1. In the Settings view, click Edit in the Search Domain List area.
The Configure Search Domains dialog box appears.
a. Click the checkbox of the search domain to remove.
b. Click the remove (X) button.
The system removes the selected domain from the list of
searchable domains, but changes are not applied to system
yet.
Note: There is no confirmation dialog.
2. Click OK.
Changes are applied to system.The system returns you to
the Settings tab.
Map Hosts
Use the Hosts Mapping area to add a mapping that ties an IP
address to a name. You can modify these mappings as follows:
•
Add a Host to Map on page 91
•
Delete a Host Mapping on page 92
Add a Host to Map
1. In the Settings view, click Add in the Hosts Mapping area.
The Add Hosts dialog box appears.
2. Enter the IP address of the host in the IP Address text boxes.
The Internet Protocol (IP) Address is the numerical label
assigned to the interface. For example, 192.168.10.23
3. Click the add (Plus) button.
The Add Host dialog box appears.
4. Enter a hostname in the Host Name text box for the listed
system.
For example, id##.yourcompany.com
DD OS 5.2 Administration Guide
91
5. Click OK.
The new hostname is added to the list of Host Names.
6. Click OK.
The system returns you to the Settings tab.
Delete a Host Mapping
1. In the Settings view, click the checkbox of the host mapping to
delete in the Hosts Mapping area.
2. Click Delete in the Hosts Mapping area.
The Delete Host confirmation dialog box appears.
3. Click Delete.
Confirmation messages are displayed.
4. Click Close, when the Completed message appears.
The system returns you to the Settings tab.
Set DNS IP Addresses
To add a DNS IP address:
1. In the Settings view, click Edit in the DNS List area.
The Configure DNS dialog box appears.
2. Determine the method for obtaining the DNS. Either:
•
Click the radio button for Obtain Settings using DHCP.(At
least one interface must be configured using DHCP.)
•
Click the radio button for the Manually configure DNS
radio button.
The DNS IP address checkboxes become available.
a. Click the plus (+) button.
The Add DNS dialog box appears.
b. Enter the DNS IP address to add.
c. Click OK.
92
Managing Data Domain Systems
The system adds the new IP address to the list of DNS
available IP addresses, but changes are not applied yet to
the system.
To delete an existing DNS IP address:
1. Click the Manually configure DNS radio button.
The DNS IP address checkboxes become active.
2. Click the DNS IP Address checkbox for the DNS IP address to
delete.
3. Click the delete (X) button.
The system removes the IP address from the list of DNS IP
Addresses, but changes are not applied yet to the system.
Note: There is no confirmation dialog.
4. Click OK.
The system processes the edits and returns you to the Settings
tab.
Configuring Routes
Routes determine the path taken to transfer data to and from the
localhost (the Data Domain system) to another network or host.
Data Domain systems do not generate or respond to any of the
network routing management protocols (RIP, EGRP/EIGRP, and
BGP) in any way. The only routing implemented on a Data
Domain system is based upon the internal route table, where the
administrator may define a specific network or subnet that a
physical interface (or interface group) uses.
Data Domain systems use source-based routing, which means that
outbound network packets that match the subnet of multiple
interfaces will only be routed over the physical interface from
which they originated.
Note: The routing for connections initiated from the Data Domain
system (such as for replication) depend on the source address used
for interfaces using the same subnet. To force traffic for a specific
interface to a specific destination (even if that interface is on the
DD OS 5.2 Administration Guide
93
same subnet as other interfaces), a static routing entry between two
systems can be configured and will override source routing.
Configuring routes is described in the following sections:
•
View Route Information on page 94
•
Set the Default Gateway on page 95
•
Create Static Routes on page 96
•
Delete Static Routes on page 97
View Route Information
1. From the Navigational s pane, select the Data Domain system
to view or configure.
2. Click the Hardware > Network > Routes tabs.
The Routes view presents the following information. IP routing
tables show the destination, gateway, netmask, and other
information for each route.
Item
Description
Static Routes
Route Spec
Lists the route specification that is being used to configure
routes.
Dynamic Routes
List of dynamically assigned routes using network or host paths
for data transmission.
Destination
The destination host/network where the network traffic (data)
is sent.
Gateway
The address of the router in the Data Domain network or 0.0.0.0
if no gateway is set.
Genmask
The netmask for the destination net. Set to 255.255.255.255 for a
host destination and 0.0.0.0 for the default route.
94
Managing Data Domain Systems
Item
Description
Flags
Possible flags include:
U—Route is up
H—Target is a host
G —Use gateway
R —Reinstate route for dynamic routing
D—Dynamically installed by daemon or redirect
M —Modified from routing daemon or redirect
A —Installed by addrconf
C —Cache entry
! —Reject route
Metric
The distance to the target (usually counted in hops). (It is not
used by the DD OS, but might be needed by routing daemons.)
MTU
Maximum Transfer Unit (MTU) size for the physical (Ethernet)
interface.
Window
Default window size for TCP connections over this route.
IRTT
Initial RTT (Round Trip Time). The kernel uses this to estimate
the best TCP protocol parameters without waiting on (possibly
slow) answers.
Interface
Interface name associated with the routing interface.
Set the Default Gateway
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Routes tabs.
3. Click Edit in the Default Gateway area.
The Configure Default Gateway dialog box appears.
4. Choose how the gateway address is set. Either:
•
Select Use DHCP value radio button for setting the
gateway.
Dynamic Host Configuration Protocol (DHCP) indicates if
the gateway is configured using value from DHCP server.
•
Select the Manually Configure radio button.
DD OS 5.2 Administration Guide
95
The Gateway address box becomes available.
-
Enter the gateway address in the Gateway field.
5. Click OK.
The system processes the information and returns you to the
Routes tab.
Create Static Routes
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Routes tabs.
3. Click Create in the Static Routes area
The Create Routes dialog box appears.
4. Select an interface to configure for the static route.
a. Click the checkboxes of the interface(s) whose route you are
configuring.
b. Click Next.
5. Specify the Destination. Select either of the following.
The Network Address and Netmask.
a. Click the Network radio button.
b. Enter destination information, by providing destination
network address and netmask.
Note: This is not the IP of any interface. The interface is
selected in the initial dialog and it is used for routing traffic.
The hostname or IP address of host destination.
a. Click the Host radio button.
b. Enter the hostname or IP address of the destination host to
use for the route.
6. Optionally, change the gateway for this route.
a. Click the checkbox, Specify different gateway for this route.
b. Enter a gateway address in the Gateway field.
96
Managing Data Domain Systems
7. Review changes, click Next.
The Create Routes > Summary page appears. The values listed
reflect the new configuration.
8. Complete the action, click Finish.
Progress messages display. When changes are applied, the
message indicates Completed. Click OK to close the dialog.
The new route specification is listed in the Route Spec list.
Delete Static Routes
1. From the Navigational pane, select the Data Domain system to
configure.
2. Click the Hardware > Network > Routes tabs.
3. Click the Route Spec checkbox of the route specification to
delete.
4. Click Delete in the Static Routes area.
The Delete Route confirmation dialog appears.
5. Click Delete and Close.
The selected route specification is removed from the Route
Spec list.
Managing Access to the System
Access management includes viewing and configuring the services
that provide administrator and user access to the system.
The tasks to manage access to the system include:
•
Manage Administrator Access on page 98
•
Manage Local User Access to the System on page 102
•
Manage NIS Servers and Workgroups on page 111
•
Manage Windows Servers and Workgroups on page 114
DD OS 5.2 Administration Guide
97
Manage Administrator Access
The following tasks can be performed to manage administrator
access:
•
View Administrator Access on page 98
•
Manage Telnet Access on page 99
•
Manage FTP Access on page 99
•
Manage HTTP/HTTPS Access on page 100
•
Manage SSH Access on page 101
View Administrator Access
To view Administrator Access information:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management tabs.
The Access Management page appears, containing the
Administrator Access, Local Users, NIS, and Windows tabs.
The Administrator Access view lists the following information.
98
Item
Description
Service
The name of a service/protocol that can access the
system.
Enabled
The status of the service, either enabled or disabled.
Allowed Hosts
The access permissions set for the named host.
HTTP port
The port number opened for the HTTP protocol
(port 80, by default).
HTTPS port
The port number opened for the HTTPS protocol
(port 443, by default).
Session Timeout
The amount of inactive time allowed before a
connection closes (10800 seconds, which is 3 hours,
by default).
Managing Data Domain Systems
Manage Telnet Access
To provides access to the system through a Telnet connection:
1. On the Access Management page, select Configure Telnet from
the More Tasks menu.
The Configure Telnet Access dialog box appears.
2. To enable Telnet access, click the Allow Telnet Access
checkbox.
3. Determine how hosts connect:
•
To allow complete access, click the Allow all hosts to
connect radio button.
•
To configure specific hosts, click the Limit Access to the
following systems radio button and click the appropriate
icon in the Allowed Hosts pane. Hostnames can be a fully
qualified hostname or an IP address.
-
To add a host, click the plus button ( +). Enter the
hostname, and click OK.
-
To modify a hostname, click the checkbox of the
hostname in the Hosts list and click the edit button
(pencil). Change the hostname and click OK.
-
To remove a hostname, click the checkbox of the
hostname in the Hosts list and click the minus button
(-), and click OK.
4. Click OK.
Manage FTP Access
To provides access to the system through an FTP connection:
1. On the Access Management page, select Configure FTP from
the More Tasks menu.
The Configure FTP Access dialog box appears.
2. To enable FTP access, click the Allow FTP Access checkbox.
3. Determine how hosts connect:
DD OS 5.2 Administration Guide
99
•
To allow complete access, click the Allow all hosts to
connect radio button.
•
To configure specific hosts, click the Limit Access to the
following systems radio button and click the appropriate
icon in the Allowed Hosts pane. Hostnames can be a fully
qualified hostname or an IP address.
-
To add a host, click the plus button (+). Enter the
hostname and click OK.
-
To modify a hostname, click the checkbox of the
hostname in the Hosts list and click the edit button
(pencil). Change the hostname and click OK.
-
To remove a hostname, click the checkbox of the
hostname in the Hosts list, click the minus button
(-), and click OK.
4. Click OK.
Manage HTTP/HTTPS Access
To provides access to the system through an HTTP and/or HTTPS
connection:
1. On the Access Management page, select Configure
HTTP/HTTPS from the More Tasks menu.
The Configure HTTP/HTTPS Access dialog box appears.
2. To enable HTTP and/or HTTPS access, click the checkbox for
Allow HTTP Access and/or the Allow HTTPS Access.
3. Determine how hosts connect:
•
To allow complete access, click the Allow all hosts to
connect radio button.
•
To configure specific hosts, click the Limit Access to the
following systems radio button and click the appropriate
icon in the Allowed Hosts pane. Hostnames can be a fully
qualified hostname or an IP address.
-
100
To add a host, click the plus button (+). Enter the
hostname and click OK.
Managing Data Domain Systems
-
To modify a hostname, click the checkbox next to the
hostname in the Hosts list and click the edit button
(pencil). Change the hostname and click OK.
-
To remove a hostname, click the checkbox of the
hostname in the Hosts list, click the minus button
( - ), and click OK.
4. To configure system ports and session timeout values, click the
Advanced tab.
•
In the HTTP Port text entry box, enter the port for
connection. Port 80 is assigned by default.
•
In the HTTPS Port text entry box, enter the port for
connection. Port 443 is assigned by default.
•
In the Session Timeout text entry box, enter the interval in
seconds that must elapse before connection closes. 10800
seconds (3 hours) is assigned by default.
Note: Click Default to return the setting back to the default value.
5. Click OK.
Manage SSH Access
To provides access to the system through an SSH connection:
1. On the Access Management page, select Configure SSH from
the More Tasks menu.
The Configure SSH Access dialog box appears.
2. To enable SSH access, click the Allow SSH Access checkbox.
3. Determine how hosts connect:
•
To allow complete access, click the Allow all hosts to
connect radio button.
•
To configure specific hosts, click the Limit Access to the
following systems radio button and click the appropriate
icon in the Allowed Hosts pane. Hostnames can be a fully
qualified hostname or an IP address.
-
To add a host, click the plus button (+). Enter the
hostname and click OK.
DD OS 5.2 Administration Guide
101
-
To modify a hostname, click the checkbox of the
hostname in the Hosts list and click the edit button
(pencil). Change the hostname and click OK.
-
To remove a hostname, click the checkbox of the
hostname in the Hosts list, click the minus button
( - ), and click OK.
4. Click OK.
Manage Local User Access to the System
The following sections describe the tasks to manage user access:
•
View Local User Information on page 102
•
Create Local Users on page 105
•
Modify a Local User Profile on page 107
•
Delete Local User on page 108
•
Enable and Disable Local User on page 109
•
Enable Security Authorization on page 109
•
Change User Passwords on page 110
•
Modify Password Policy on page 110
View Local User Information
Note: The user-authentication module considers Greenwich Mean
Time (GMT). Therefore, the expiration dates for disabling the
user’s account and the password expiration date should reflect
GMT instead of local time.
To view Local User information:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Local Users
tabs.
The Local Users view appears showing the Local Users table
and the Detailed Information area.
102
Managing Data Domain Systems
The Local Users table lists the following information.
Item
Description
Name
The user ID, as added to the system.
Role
Possible roles of users based on a set of privileges:
• Admin role: Allows one to administer, that is,
configure and monitor, the entire Data Domain
system.
• User role: Allows one to monitor Data Domain
systems and perform the fastcopy operation.
• Security role: In addition to the user role
privileges, allows one to set up security-officer
configurations and manage other security-officer
operators.
• Backup-operator role: In addition to the user role
privileges, allows one to create snapshots,
import and export tapes to a VTL library and
move tapes within a VTL library.
• Data-access role: Intended for DD Boost
authentication, an operator with this role cannot
monitor or configure a Data Domain system.
Status
• Active—User access to the account is permitted.
• Disabled—User access to the account is denied
because the expiration date for the account has
been reached or a locked account’s password has
not been renewed.
Admin users can disable/enable users with
admin or user roles, except SysAdmin User. No
users can disable SysAdmin. Security officers
can only disable/enable other security officers.
• Locked—User access the account is denied
because the password has expired.
Disable Date
The date the account is set to be disabled.
Last Login From
The location where the user last logged in.
Last Login Time
The time the user last logged in.
DD OS 5.2 Administration Guide
103
Note: Users who have admin or security officer roles can view
all users. Users with other roles can view only their own user
accounts.
3. Select the user you want to view from the list of users.
Information about the selected user displays in the Detailed
Information area.
The Detailed Information area displays the following
information about the selected user:
Item
Description
Password Last
Changed
The date the password was last changed.
Minimum Days
Between Change
The minimum number of days between password
changes that you allow a user. Default is 0.
Maximum Days
Between Change
The maximum number of days between password
changes that you allow a user. Default is 99999.
Warn Days Before
Expire
The number of days to warn the users before their
password expires. Default is 7.
Disable Days
After Expire
The number of days after a password expires to
disable the user account. Default is Never.
Note: The default password policy can change if the admin user
changes them from the Modify Password Policy task. The default
values are the initial default password policy values.
User Roles
To enhance security, each user can be assigned a different role.
Roles enable you to restrict system access to a set of privileges. A
Data Domain system supports the following roles:
104
•
Admin role: Allows one to administer, that is, configure and
monitor, the entire Data Domain system.
•
User role: Allows one to monitor Data Domain systems and
perform the fastcopy operation.
•
Security role: In addition to the user role privileges, allows one
to set up security-officer configurations and manage other
security-officer operators.
Managing Data Domain Systems
•
Backup-operator role: In addition to the user role privileges,
allows one to create snapshots, import and export tapes to a
VTL library and move tapes within a VTL library.
•
Data-access role: Intended for DD Boost authentication, an
operator with this role cannot monitor or configure a Data
Domain system.
Create Local Users
To create new users, follow these steps:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Local Users
tabs.
The Local Users view appears.
3. Click the Create button to create a new user.
The Create User dialog box appears.
4. Enter the following information in the General Tab:
Item
Description
User
The user ID or name.
Password
The user password. Set a default password, and the
user can change it later.
Verify Password
The user password, again.
DD OS 5.2 Administration Guide
105
Item
Description
Role
The role assigned to the user:
•
Admin role: Allows one to administer, that
is, configure and monitor, the entire Data
Domain system.
•
User role: Allows one to monitor Data
Domain systems and perform the fastcopy
operation.
•
Security role: In addition to the user role
privileges, allows one to set up securityofficer configurations and manage other
security-officer operators.
•
Backup-operator role: In addition to the user
role privileges, allows one to create
snapshots, import and export tapes to a
VTL library and move tapes within a VTL
library.
•
Data-access role: Intended for DD Boost
authentication, an operator with this role
cannot monitor or configure a Data
Domain system.
Note: The default value for the minimum length of a password
or minimum number of character classes required for a user
password is 1. Allowable character classes include:
•
Lowercase letters (a-z)
•
Uppercase letters (A-Z)
•
Numbers (0-9)
•
Special Characters ($, %, #, +, and so on)
Note: The available roles display based on user’s role. Only the
Sysadmin user can create the first security officer. After the
first security officer is created, only security officers can create
or modify other security officers. Sysadmin is the default
admin user and cannot be deleted or modified.
106
Managing Data Domain Systems
5. Enter the following information in the Advanced Tab:
Item
Description
Minimum Days
Between Change
The minimum number of days between password
changes that you allow a user. Default is 0.
Maximum Days
Between Change
The maximum number of days between password
changes that you allow a user. Default is 99999.
Warn Days Before
Expire
The number of days to warn the users before their
password expires. Default is 7.
Disable Days
After Expire
The number of days after a password expires to
disable the user account. Default is Never.
Disable account
on the following
date
Check this box and enter a date (mm/dd/yyyy)
when you want to disable this account. Also, you
can click the calendar to select a date.
6. Click OK.
Note: Note: The default password policy can change if the
admin user changes them from the Modify Password Policy
task. The default values are the initial default password policy
values.
Modify a Local User Profile
To change user profiles, follow these steps:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Local Users
tabs.
The Local Users view appears.
3. Click a user name from the list.
4. Click Modify to make changes to a user account.
The Modify User dialog box appears.
DD OS 5.2 Administration Guide
107
5. Enter the following information in the General Tab:
Item
Description
User
The user ID or name.
Role
Select the role from the list.
6. Enter the following information in the Advanced Tab:
Item
Description
Minimum Days
Between Change
The minimum number of days between password
changes that you allow a user. Default is 0.
Maximum Days
Between Change
The maximum number of days between password
changes that you allow a user. Default is 99999.
Warn Days Before
Expire
The number of days to warn the users before their
password expires. Default is 7.
Disable Days
After Expire
The number of days after a password expires to
disable the user account. Default is Never.
7. Click OK.
Delete Local User
You can delete certain users based on your user role. If one of the
selected users cannot be deleted, the Delete button is disabled. For
example, Sysadmin cannot be deleted. Admin users cannot delete
security officers. Security officers can delete, enable, and disable
other security officers.
To delete users, follow these steps:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Local Users
tabs.
The Local Users view appears.
3. Click one or more user names from the list.
4. Click Delete to delete the user accounts.
108
Managing Data Domain Systems
The Delete User dialog box appears.
5. Click OK and Close.
Enable and Disable Local User
To enable or disable users, follow these steps:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Local Users
tabs.
The Local Users view appears.
3. Click one or more user names from the list.
4. Click either the Enable or Disable button to enable or disable
user accounts.
The Enable or Disable User dialog box appears.
5. Click OK and Close.
Enable Security Authorization
You need to use the Data Domain system’s command-line interface
(CLI) to manage the security authorization policy. Log in using the
security officer credential.
Notes:
The Retention Lock Compliance license must be installed.
For more information about the commands used in this
procedure, see the DD OS 5.2 Command Reference Guide.
1. A security user is needed to invoke some of the commands for
Retention Lock Compliance. To set up a security user, see
Create Local Users on page 105.
2. Log in as with security role and enable the security officer
authorization policy by entering:
# authorization policy set security-officer enabled
DD OS 5.2 Administration Guide
109
Change User Passwords
To change user passwords, follow these steps:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Local Users
tabs.
The Local Users view appears.
3. Click a user name from the list.
4. Click Change Password to change the user password.
The Change Password dialog box appears.
If prompted, enter your old password.
5. Enter the new password into the New Password box.
6. Enter the new password again into Verify New Password box.
7. Click OK.
Modify Password Policy
To modify and configure the password policy:
1. On the Access Management page, select Modify Password
Policy from the More Tasks menu.
The Modify Password Policy dialog box appears.
2. Enter the password policy information in the appropriate
boxes. To select the default value, click the Default button next
to each value.
110
Item
Description
Minimum Days
Between Change
The minimum number of days between password
changes that you allow a user. Default is 0.
Maximum Days
Between Change
The maximum number of days between password
changes that you allow a user. Default is 99999.
Warn Days Before
Expire
The number of days to warn the users before their
password expires. Default is 7.
Managing Data Domain Systems
Item
Description
Disable Days
After Expire
The number of days after a password expires to
disable the user account. Default is Never.
Minimum Length
of Password
The minimum password length required. Default is
1.
Minimum
Number of
Character Classes
The minimum number of character classes
required for a user password. Default is 1.
Character classes include:
• Lowercase letters (a-z)
• Uppercase letters (A-Z)
• Numbers (0-9)
• Special Characters ($, %, #, +, and so on)
3. Click OK to save the password settings.
Manage NIS Servers and Workgroups
NIS workgroup management includes configuring NIS
authentication, domain names, and NIS groups.
The following topics are described:
•
View NIS Information on page 111
•
Enable and Disable NIS Authentication on page 112
•
Edit Domain Name on page 112
•
Configure Authentication Servers on page 113
•
Configure NIS Groups on page 113
View NIS Information
To view NIS information, follow these steps:
1. In the Navigational pane, expand the DD Network and select a
system.
DD OS 5.2 Administration Guide
111
2. Click the System Settings > Access Management> NIS tabs.
The NIS view appears.
The NIS view lists the following information.
Item
Description
Status
The status of the service, either enabled or disabled.
Domain Name
The name of the domain for this service.
Authentication Server
Server
The name of the server performing authentication.
Configured NIS Groups
Group
The name of the NIS group.
Role
The role of the group (admin or user).
Enable and Disable NIS Authentication
To enable or disable NIS Authentication, follow these steps:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> NIS tabs.
The NIS view appears.
3. Click Enable to enable or Disable to disable NIS
Authentication.
The Enable or Disable NIS dialog box appears.
4. Click OK.
Edit Domain Name
1. Click Edit next to Domain Name to edit the NIS domain name.
The Configure NIS Domain Name dialog box appears.
2. Enter the domain name in the Domain Name box, and click
OK.
112
Managing Data Domain Systems
Configure Authentication Servers
1. Click Edit below Authentication Servers to configure the
authentication server.
2. In the Configure NIS Authentication Servers dialog box, select
one of the following:
•
Obtain NIS Servers from DHCP
•
Manually Configure
a. To add an authentication server, click the plus button ( +).
Enter the server name, and click OK.
b. To modify an authentication server, click the checkbox of
the authentication server name in the server list and click
the edit icon (pencil). Change the server name, and click
OK.
c. To remove an authentication server name, click the
checkbox of the hostname in the server list, click the X icon,
and click OK.
3. Click OK.
Configure NIS Groups
1. Click Edit in the Configured NIS Groups area to configure the
NIS groups.
2. In the Configure Allowed NIS Groups dialog box, select an NIS
group.
•
To add an NIS group, click the plus button (+). Enter the
NIS group name and role, and click Validate. Click OK to
exit the add NIS group dialog box. Click OK again to exit
the Configure Allowed NIS Groups dialog box.
•
To modify an NIS group, click the checkbox of the NIS
group name in the NIS group list and click the edit button
(pencil). Change the NIS group name, and click OK.
•
To remove an NIS group name, click the checkbox of the
NIS group in the list and click the X button, and click OK.
DD OS 5.2 Administration Guide
113
Manage Windows Servers and Workgroups
Windows workgroup management includes configuring Windows
authentication, active directory, and assigning group roles.
The tasks to manage Windows workgroups include:
•
View Windows Information on page 114
•
Configure Authentication for Workgroup on page 115
•
Configure Authentication for Active Directory on page 115
View Windows Information
To view Windows information, follow these steps:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Windows
tabs.
The Windows view appears.
The Windows view lists the following information.
Item
Description
Authentication
Mode
The name type of authentication mode
(Workgroup or Active Directory).
Workgroup/Active
Directory Names
The name of the Workgroup or Active Directory.
CIFS Server Name
The name of the CIFS Server in use.
WINS Server
The name of the WINS Server in use.
Allowed Groups
114
Windows Group
The name of the Windows group.
Role
The role of the group (admin or user).
Managing Data Domain Systems
Configure Authentication for Workgroup
To configure Workgroup authentication parameters:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Windows
tabs.
The Windows view appears.
3. Select Configure Authentication.
The Configure Authentication dialog appears.
4. From the Mode drop-down list, select Workgroup.
The Workgroup mode joins a Data Domain system to a
workgroup domain.
5. Optionally, uncheck the Use Default box and enter a
Workgroup Name in the text box.
6. Click the Advanced tab to set additional information.
7. Optionally, uncheck the Use Default box and enter a CIFS
Server Name in the field.
8. Click OK.
Configure Authentication for Active Directory
The Data Domain system must meet all active-directory
requirements, such as a clock time that differs no more than five
minutes from that of the domain controller.
To set Active Directory authentication parameters:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Windows
tabs.
The Windows view appears.
3. Select Configure Authentication.
DD OS 5.2 Administration Guide
115
The Configure Authentication dialog appears.
4. From the Mode drop-down list, select Active Directory.
The active-directory mode joins a Data Domain system to an
active-directory domain.
5. In the Realm Name text box, enter the full realm name for the
system, such as domain1.local.
6. In the Domain Joining Credential area, enter a user name and
password. Enter either a user in a domain to be joined, or a
user in a domain that is a trusted domain of your company.
The user name and password must be compatible with
Microsoft requirements for the Active Directory domain being
joined. This user must have permission to create accounts in
this domain.
7. Click the Advanced tab to set additional information.
8. Optionally, to set a CIFS server name, in the CIFS Server Name
area:
•
Click the checkbox to use the default CIFS server name.
•
Deselect the checkbox and enter the CIFS server name in
the text box.
9. In the Domain Controller area, determine how domain
controllers are assigned:
•
For automatic assignment, click the radio button for
Automatically assign Domain Controllers. This is the
default and recommended method.
•
To add specific domain controllers, click the radio button
for Manually assign Domain Controllers and enter a
controller name in the text box. Up to three controller
names can be added. You can enter fully qualified domain
names, hostnames, or IP addresses.
10. Optionally, to set Organizational Units, in the Organizational
Unit area:
116
•
Click the checkbox to use the default Organizational Unit.
•
Deselect the checkbox and enter the Organizational Unit
name in the text box.
Managing Data Domain Systems
Note: The account is moved to the new Organizational Unit.
11. Click OK.
Create Allowed Groups
To create Allowed Groups:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Windows
tabs.
The Windows view appears.
3. Select Create in the Allowed Groups pane.
The Create Windows Group dialog appears.
4. Enter the Group name in the text box. The domain for the
group must be specified. For example, domain\group name.
5. Select a role from the drop-down list. Choose either Admin or
User.
6. Click OK.
Modify Groups
To modify existing workgroups:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Windows
tabs.
The Windows view appears.
3. Select a Windows Group from the list.
4. Select Modify in the Allowed Groups pane.
The Edit Windows Group dialog appears.
5. Edit the Group name in the text box. The domain for the group
must be specified. For example, domain\group name.
DD OS 5.2 Administration Guide
117
6. Select a role from the drop-down list. Choose from either
Admin or User.
7. Click OK.
Delete Groups
You cannot delete default Windows groups, such as Domain
Admins. If the default Windows group is selected, the Delete
button is grayed out. To delete existing workgroups:
1. In the Navigational pane, expand the DD Network and select a
system.
2. Click the System Settings > Access Management> Windows
tabs.
The Windows view appears.
3. Select a Windows Group from the list.
4. Select Delete in the Allowed Groups pane.
The Delete Windows Group dialog appears.
5. Click OK.
Managing General Configuration Settings
The System Settings > General Configuration area allows you to
view and set system configuration parameters.
General configuration settings include:
•
Working with Email Settings on page 118
•
Working with Time and Date Settings on page 120
•
Working with System Properties on page 122
•
Working with SNMP on page 122
Working with Email Settings
The procedures for working with email settings include:
•
118
Configure Mail Server Settings on page 119
Managing Data Domain Systems
•
Configure Mail Server Settings on page 119
•
Configure the Autosupport Mailing List on page 119
•
Test the Alerts Email List on page 120
Configure Mail Server Settings
To configure a mail server:
1. Click the System Settings > General Configuration >Mail
Server tabs.
2. From the More Tasks menu, select Set Mail Server.
The Set Mail Server dialog box appears.
3. In the Mail Server text box, enter the name of the mail server.
4. Click OK.
View Autosupport Email List
1. Select the system to be checked in the Navigational pane.
2. Click the Maintenance > Support tabs.
The configured emails for the autosupport email list are shown
below the Detailed Autosupport Mailing List area.
Configure the Autosupport Mailing List
To receive emails for autosupport reports, add a recipient’s email
address to the email list. It is advisable to test the setup to ensure
messages are received.
To set the list of email addresses receiving autosupport
notification:
1. Click the Maintenance > Support tabs.
2. Click Add or Modify next to the Detailed Autosupport Mailing
List.
The Add or Modify Detailed Autosupport Mailing Lists dialog
box appears.
3. In the Email area, click the plus ( + ) icon.
DD OS 5.2 Administration Guide
119
The Email dialog box appears.
4. Enter the recipients email address in the Autosupport Email
text box.
5. Click OK.
The new autosupport email addresses appear in the Detailed
Autosupport Mailing Lists area (see Configure Mail Server
Settings on page 119).
Test the Alerts Email List
After configuring the email lists, the addresses should be tested to
ensure they are receiving mail.
To test newly added alerts emails:
1. Click the Status > > Alerts > Notification tabs.
2. Select Send Test Alert from the More Tasks menu.
The Send Test Alert dialog box appears.
3. In the Notification Groups area, select the checkboxes of
groups to send test emails and click Next.
4. Optionally, add or create additional email addresses.
5. Click Send Now and OK.
To test newly added autosupport emails for mailer problems, use
the autosupport test command
autosupport test email email-addr
For example, after adding the email address
djones@yourcompany.com to the list, check the address with
the command:
# autosupport test email djones@yourcompany.com
Working with Time and Date Settings
The procedures for working with time and date settings include:
120
•
View Time and Date Information on page 121
•
Configure Time and Date Settings on page 121
Managing Data Domain Systems
View Time and Date Information
1. Select the system to be checked in the Navigational pane.
2. Click the System Settings > General Configuration > Time and
Date Settings tabs.
The Time and Date Settings page presents the current system date
and time, and shows whether NTP is enabled or not, and the IP
addresses or hostnames of configured NTP servers.
Configure Time and Date Settings
To configure time and date settings:
1. On the Time and Date Settings page, select Configure Time
Settings from the More Tasks menu.
The Configure Time Settings dialog box appears.
2. Click the Time Zone drop-down list and select the timezone
where the Data Domain system resides.
3. Set how system time is synchronized:
•
To manually set the time and date, click the None radio
button and enter the date in the text box, and use the dropdown lists to set the time.
•
To use NTP to synchronize the time, select the NTP radio
button. Set how the NTP server is accessed:
-
To use DHCP to automatically select a server, click the
Obtain NTP Servers using DHCP radio button.
-
To configure an NTP server IP address, click the
Manually Configure radio button, add the IP address of
the server, and click OK.
4. Click OK.
DD OS 5.2 Administration Guide
121
Working with System Properties
The procedures for working with system property settings include:
•
View System Properties on page 122
•
Configure System Properties on page 122
View System Properties
1. Select the system to be checked in the Navigational pane.
2. Click the System Settings > General Configuration > System
Properties tabs.
The System Properties page displays location of the system, the
administrator email address, and the administrator hostname.
Configure System Properties
To configure system properties:
1. On the System Properties page, select Set System Properties
from the More Tasks menu.
The Set System Properties dialog box appears.
2. In the Location text field enter information about where the
Data Domain system is located.
3. In the Admin Email text field, enter the email address of the
system administrator.
4. In the Admin Server, enter the name of the administration
server.
5. Click OK.
Working with SNMP
The Simple Network Management Protocol (SNMP) is a standard
protocol for exchanging network management information, and is
a part of the Transmission Control Protocol/Internet Protocol
(TCP/IP) protocol suite. SNMP provides a tool for network
administrators to manage and monitor network-attached devices,
122
Managing Data Domain Systems
such as Data Domain systems, for conditions that warrant
administrator attention.
To monitor Data Domain systems using SNMP, you will need to
install the Data Domain MIB in your SNMP Management system.
The Data Domain MIB can be obtained by following the
instructions in Download the SNMP MIB on page 126. The Data
Domain MIB will allow SNMP queries for Data Domain-specific
information.
DD OS also support the standard MIB-II so you can also query
MIB-II statistics for general data such as network statistics. For full
coverage of available data you should utilize both the Data
Domain MIB and the standard MIB-II MIB.
Data Domain systems support SNMP V2C and/or SNMP V3.
SNMP V3 provides a greater degree of security than V2C by
replacing cleartext community strings as a means of authentication
with user-based authentication using either MD5 or SHA1. As
well, with SNMP V3, user authentication packets can be encrypted
and their integrity verified with either DES or AES.
The default port that is open when SNMP is enabled is port 161.
Traps are sent out through port 162.
•
The DD OS 5.2 Initial Configuration Guide describes how to set
up the Data Domain system to use SNMP monitoring.
•
The DD OS 5.2 Command Reference Guide describes the full set
of MIB parameters included in the Data Domain MIB branch.
The procedures for working with SNMP include:
•
Check SNMP Status and Configuration on page 124
•
Enable or Disable SNMP on page 126
•
Download the SNMP MIB on page 126
•
Configure SNMP Properties on page 126
•
Managing SNMP V3 Users on page 127
•
Managing SNMP V3 and V2C Trap Hosts on page 128
•
Managing SNMP V2C Communities on page 130
DD OS 5.2 Administration Guide
123
Check SNMP Status and Configuration
1. Select the system to be checked in the Navigational pane.
2. Click the System Settings > General Configuration > SNMP
tabs.
The SNMP view showing the Status, SNMP Properties, and the
SNMP V3 Configuration and SNMP V2C Configuration panes.
Status
The SNMP Status pane displays the following status a
information:
Item
Description
Status
The operational status of the SNMP agent on the
Data Domain system: Enabled or Disabled.
SNMP Properties
Item
Description
SNMP System
Location
The location of the Data Domain system being
monitored.
SNMP System
Contact
The person designated as the person to contact
for the Data Domain system administration.
SNMP V3 Configuration
Item
Description
SNMP Users
Name
The name of the user on the SNMP manager
with access to the agent for the Data Domain
system.
Access
The access permissions for the SNMP user. This
can be:
• Read-only
• Read-write
124
Managing Data Domain Systems
Item
Description
Authentication
Protocols
The Authentication Protocol used to validate the
SNMP user. This can be:
• MD5
• SHA1
• None
Privacy Protocol
The encryption protocol used during the SNMP
user authentication. This can be:
• AES
• DES
• None
Trap Hosts
Host
The IP address or domain name of the SNMP
management host.
Port
The port used for SNMP trap communication
with the host. For example, 162 is the default.
User
The user on the trap host authenticated to access
the Data Domain SNMP information.
SNMP V2C Configuration
Item
Description
Communities
Community
The name of the community. For example,
public, private, or localCommunity.
Access
The access permission assigned. This can be:
• Read-only
• Read-write
Hosts
The hosts in this community.
Trap Hosts
Host
DD OS 5.2 Administration Guide
The systems designated to receive SNMP traps
generated by the Data Domain system. If this
parameter is set, systems receive alert messages,
even if the SNMP agent is disabled.
125
Item
Description
Port
The port used for SNMP trap communication
with the host. For example, 162 is the default.
Community
The name of the community. For example,
public, private, or localCommunity.
Enable or Disable SNMP
1. From the System Settings > General Configuration page, click
SNMP.
2. In the Status area, click Enable or Disable.
Download the SNMP MIB
1. From the System Settings > General Configuration > SNMP
page, click Download MIB file.
2. In the Opening DATA_DOMAIN.mib dialog box, select Open.
3. Click Browse and select a browser to view the MIB in a
browser window.
Note: If using the Microsoft Internet Explorer browser, enable
Automatic prompting for file download.
4. Save the MIB or exit the browser.
Configure SNMP Properties
1. From the System Settings > General Configuration page, click
SNMP.
2. In the SNMP Properties area, click Configure.
The SNMP Configuration dialog box appears.
3. In the text fields, add an SNMP system location (a description
of where the Data Domain system is located) and/or an SNMP
system contact (for example, the email address of the system
administrator for the Data Domain system).
4. Click OK.
126
Managing Data Domain Systems
Managing SNMP V3 Users
To manage SNMP V3 Users, you can:
•
Create SNMP V3 Users on page 127
•
Modify SNMP V3 Users on page 127
•
Remove SNMP V3 Users on page 128
Create SNMP V3 Users
1. From the System Settings > General Configuration page, click
SNMP.
2. In the SNMP Users area, click Create.
The Create SNMP User dialog box appears.
3. In the Name text field, enter the name of the user on the SNMP
manager who will have access to the agent for the Data Domain
system. The name must be a minimum of 8 characters.
4. Select either read-only or read-write access for this user.
5. To authenticate the user, click the checkbox for Authentication.
a. Select either the MD5 or the SHA1 protocol.
b. Enter the authentication key in the Key text field.
c. To provide encryption to the authentication session, click
the checkbox next to Privacy.
d. Select either the AES or the DES protocol.
e. Enter the encryption key in the Key text field.
6. Click OK.
The newly added user account appears in the SNMP Users
table.
Modify SNMP V3 Users
1. From the System Settings > General Configuration page, click
SNMP.
2. In the SNMP Users area, select a checkbox for the user and
click Modify.
DD OS 5.2 Administration Guide
127
The Modify SNMP User dialog box appears. Add or change
any of the following settings.
3. Select either read-only or read-write access for this user.
4. To authenticate the user, click the checkbox for Authentication.
a. Select either the MD5 or the SHA1 protocol.
b. Enter the authentication key in the Key text field.
c. To provide encryption to the authentication session, click
the checkbox next to Privacy.
d. Select either the AES or the DES protocol.
e. Enter the encryption key in the Key text field.
5. Click OK.
The new settings for this user account appear in the SNMP
Users table.
Remove SNMP V3 Users
1. From the System Settings > General Configuration page, click
SNMP.
2. In the SNMP Users area, select a checkbox for the user and
click Delete.
The Delete SNMP User dialog box appears.
Note: If the Delete button is disabled, the selected user is being
used by one or more trap hosts. Delete the trap hosts and then
delete the user.
3. Verify the user name to be deleted and click OK.
4. In the Delete SNMP User Status dialog box, click Close.
The user account is removed from the SNMP Users table.
Managing SNMP V3 and V2C Trap Hosts
To manage SNMP Trap Hosts, you can:
128
•
Create SNMP V3 and V2C Trap Hosts on page 129
•
Modify SNMP V3 and V2C Trap Hosts on page 129
Managing Data Domain Systems
•
Remove SNMP V3 and V2C Trap Hosts on page 130
Create SNMP V3 and V2C Trap Hosts
1. From the System Settings > General Configuration page, click
SNMP.
2. In the SNMP V3 Trap Hosts or SNMP V2C Trap Hosts area,
click Create.
The Create SNMP [V3 or V2C] Trap Hosts dialog box appears.
3. In the Host text field, enter the IP address or domain name of
the SNMP Host where traps will be sent.
4. In the Port text field, enter the port number for sending traps
(port 162 is a common port.
5. Select the user (SNMP V3) or the community (SNMP V2C)
from the drop-down menu.
Alternately, select Create New User (SNMP V3) to add an
SNMP user, or Create New Community (SNMP V2C) to add an
SNMP community from the drop-down menu.
6. Click OK.
Modify SNMP V3 and V2C Trap Hosts
1. From the System Settings > General Configuration page, click
SNMP.
2. In the SNMP V3 Trap Hosts or SNMP V2C Trap Hosts area,
select a Trap Host entry, and click Modify.
The Modify SNMP [V3 or V2C] Trap Hosts dialog box appears.
Modify any of the following items.
3. In the Port text field, enter the port number for sending traps
(port 162 is a common port.
4. Select the user (SNMP V3) or the community (SNMP V2C)
from the drop-down menu.
5. Click OK.
DD OS 5.2 Administration Guide
129
Remove SNMP V3 and V2C Trap Hosts
1. From the System Settings > General Configuration page, click
SNMP.
2. In the Trap Hosts area (either for V3 or V2C, select a checkbox
for the trap host and click Delete.
The Delete SNMP [V3 or V2C] Trap Hosts dialog box appears.
3. Verify the host name to be deleted and click OK.
4. In the Delete SNMP [V3 or V2C] Trap Hosts Status dialog box,
click Close.
The trap host entry is removed from the Trap Hosts table.
Managing SNMP V2C Communities
Note: The Community string is a sent in cleartext and is very easy
to intercept. If this occurs, the interceptor can retrieve information
from devices on your network, modify their configuration, and
possibly shut them down. Using the SNMP V3 Users configuration
instead provides authentication and encryption to avoid this.
Create SNMP V2C Communities
1. From the System Settings > General Configuration page, click
SNMP.
2. In the Communities area, click Create.
The Create SNMP V2C Community dialog box appears.
3. In the Community text field, enter the name of the community
name on the SNMP manager who will have access to the agent for the
Data Domain system. The community name must be a minimum of 8
characters.
4. Select either read-only or read-write access for this community.
5. In the Hosts area, select the checkbox of a host in the list, or:
a. Click + to add a host.
The Host dialog box appears.
b. In the Host text field, enter the IP address or domain name
of the host.
130
Managing Data Domain Systems
c. Click OK.
The Host is added to the host list.
6. Click OK.
The new community entry appears in the Communities table.
Modify SNMP V2C Communities
1. From the System Settings > General Configuration page, click
SNMP.
2. In the Communities area, select a checkbox for the community
and click Modify.
The Modify SNMP V2C Community dialog box appears. Add
or change any of the following settings.
3. Select either read-only or read-write access for this community.
4. In the Hosts area, select the checkbox of a new host in the list,
or:
a. Click + to add a host.
The Host dialog box appears.
b. In the Host text field, enter the IP address or domain name
of the host.
c. Click OK.
The Host is added to the host list.
5. Click OK.
The modified community entry appears in the Communities
table.
Delete SNMP V2C Communities
1. From the System Settings > General Configuration page, click
SNMP.
2. In the Communities area, select a checkbox for the community
and click Delete.
The Delete SNMP V2C Communities dialog box appears.
DD OS 5.2 Administration Guide
131
Note: If the Delete button is disabled, the selected community
is being used by one or more trap hosts. Delete the trap hosts
and then delete the community.
3. Verify the community name to be deleted and click OK.
4. In the Delete SNMP V2C Communities Status dialog box, click
Close. The community entry is removed from the
Communities table.
Managing Reporting and Logging
The Data Domain system provides several types of reporting and
logging, as described in the following sections:
•
Managing Autosupport Reporting on page 132
•
Managing Support Bundles on page 133
•
Managing Log Files on page 134
Managing Autosupport Reporting
The Autosupport feature sends to Data Domain Support a daily
report that shows system identification information and
consolidated output from a number of Data Domain system
commands and entries from various log files. At the end of the
report, extensive and detailed internal statistics and information
are included to aid Data Domain in debugging system problems.
The time the email is sent can be scheduled, the default time being
06.00 a.m.
The procedures for managing autosupport reporting include:
•
Add to the Autosupport Report Email List on page 132
•
Review Generated Autosupport Reports on page 133
Add to the Autosupport Report Email List
By default, autosupport reports are enabled and sent daily to Data
Domain Customer Support. You may wish to add additional email
addresses as recipients of autosupport reports. To add to the
132
Managing Data Domain Systems
autosupport mailing list, see Configure the Autosupport Mailing List
on page 119.
Review Generated Autosupport Reports
1. Select the system to be checked in the Navigational pane.
2. Click the Maintenance > Support >Autosupport Reports tabs.
The Autosupport Reports page shows the autosupport report
file name and file size, and the date the report was generated.
Reports are automatically named. The most current report is
autosupport, the previous day is autosupport.1, and the
number increments as the reports move back in time.
3. Click the file name link to view the report using a text editor. If
doing so is required by your browser, download the file first.
Managing Support Bundles
The following tasks are used to manage support bundles:
•
Generate a Support Bundle on page 133
•
Review the Support Bundles List on page 134
Generate a Support Bundle
When troubleshooting problems, Data Domain Customer Support
may ask for a support bundle, which is a tar-g-zipped selection of
log files with a README file that includes identifying autosupport
headers. To create a support bundle, use the following procedure:
1. Select the system to be checked in the Navigational pane.
2. On the Maintenance > Support page, click the More Tasks
menu and select Generate Support Bundle.
3. Click the link to download the bundle.
4. Email the file to Data Domain support at
support@datadomain.com.
Note: If the bundle is too large to be emailed, use the Data
Domain support site to upload the bundle. (Go to
https://my.datadomain.com > UploadFile.)
DD OS 5.2 Administration Guide
133
Review the Support Bundles List
1. Select the system to be checked in the Navigational pane.
2. Click the Maintenance > Support > Support Bundles tabs.
The Support Bundles page appears.
Listed are the support bundle file name, file size, and date the
bundle was generated. Bundles are automatically named,
where the most current bundle is support-bundle.tar.gz,
the previous bundle is support-bundle.tar.gz.1. The
number increments as the reports move back in time.
3. Click the file name link and select a gz/tar decompression tool
to view the ASCII contents of the bundle.
Managing Log Files
The Data Domain system logs a system status message every hour.
Log files can be bundled and sent to Data Domain Support to
provide the detailed system information that aids in
troubleshooting any system issues that may arise.
The Data Domain system log file entries contain messages from the
alerts feature, autosupport reports, and general system messages.
The log directory is /ddvar/log.
Every Sunday at 0:45 a.m., the Data Domain system automatically
opens new log files and renames the previous files with an
appended number of 1 (one) through 9, such as messages.1. Each
numbered file is rolled to the next number each week. For
example, at the second week, the file messages.1 is rolled to
messages.2. If a file messages.2 already existed, it rolls to
messages.3. An existing messages.9 is deleted when
messages.8 rolls to messages.9.
The procedures for working with log files include:
134
•
Review System Log List on page 135
•
Send Log Messages to Another System on page 135
•
Add a Host on page 136
•
Remove a Host on page 136
Managing Data Domain Systems
•
Enable Sending Log Messages on page 136
•
Disable Sending Log Messages on page 136
•
Display the List and State on page 137
•
Display a Log File on page 138
•
List Log Files on page 137
•
Understand a Log Message on page 139
•
Save a Copy of Log Files on page 140
Review System Log List
To review the log file list on the system:
1. Select the system to be checked in the Navigational pane.
2. Click the Maintenance > Logs tabs.
The Log Files page shows the log file name and file size, and
the date the log was generated. Log files are automatically
named. For more information on log files, see Managing Log
Files on page 134.
3. Click a log file name to view its contents. You may be
prompted to select an application, such as Notepad.exe, to
open the file.
Send Log Messages to Another System
Some log messages can be sent from the Data Domain system to
other systems. DD OS uses syslog to publish log messages to
remote systems.
A Data Domain system exports the following facility.priority
selectors for log files. For information on managing the selectors
and receiving messages on a third-party system, see your vendorsupplied documentation for the receiving system.
•
*.notice—Sends all messages at the notice priority and higher.
•
*.alert—Sends all messages at the alert priority and higher
(alerts are included in *.notice).
•
kern.*—Sends all kernel messages (kern.info log files).
DD OS 5.2 Administration Guide
135
•
local7.*—Sends all messages from system startups (boot.log
files).
The log host commands manage the process of sending log
messages to another system.
Add a Host
To add a system to the list that receives Data Domain system log
messages, use the log host add command.
log host add host
For example, the following command adds the system log-server
to the hosts that receive log messages:
# log host add log-server
Remove a Host
To remove a system from the list that receives Data Domain
system log messages, use the log host del command.
log host del host
For example, the following command removes the system logserver from the hosts that receive log messages:
# log host del log-server
Enable Sending Log Messages
To enable sending log messages to other systems, use the log
host enable command.
log host enable
Disable Sending Log Messages
To disable sending log messages to other systems, use the log
host disable command.
log host disable
136
Managing Data Domain Systems
Display the List and State
To display the list of systems that receive log messages and
logging status (enabled or disabled), use the log host show
command. The output is similar to the following:
# log host show
Remote logging is enabled.
Remote logging hosts
log-server
List Log Files
To view the log files, see Review System Log List on page 135, or
enter:
log list
The basic log files are:
•
messages—The system log, generated from Data Domain
system actions and general system operations.
•
space.log—Messages about disk space use by Data Domain
system components and data storage, and messages from the
cleaning process. A space use message is generated every hour.
Each time the cleaning process runs, it creates about 100
messages. All the messages are in comma-separated format
with tags that you can use to separate out the disk space or
cleaning messages. You can use third-party software to analyze
either set of messages. The tags are:
•
CLEAN for data lines from cleaning operations.
•
CLEAN_HEADER for lines that contain headers for the
cleaning operations data lines.
•
REPL for data lines from replication operations.
•
REPL_HEADER for lines that contain headers for the
replication data lines.
•
SPACE for disk space data lines.
DD OS 5.2 Administration Guide
137
•
•
SPACE_HEADER for lines that contain headers for the disk
space data lines.
ssi_request—Messages from the Data Domain Enterprise
Manager when users connect with HTTPS.
•
debug/cifs—Messages about CIFS-related activity from CIFS
clients attempting to connect to the Data Domain system.
Display a Log File
To view the log files, see Review System Log List on page 135, or use
the log view command to view a file in the list (see previous
section to list log files). With no argument, the command displays
the current messages file. When viewing the log, use the up and
down arrows to scroll through the file; use the q key to quit; enter a
slash character (/) and a pattern to search through the file.
log view [file_name]
The display of the messages file is similar to the following. The last
message in the example is an hourly system status message that
the Data Domain system generates automatically. The message
reports system uptime, the amount of data stored, NFS operations,
and the amount of disk space used for data storage (%). The hourly
messages go to the system log and to the serial console if one is
attached.
# log view
Jun 27 12:11:33 localhost rpc.mountd: authenticated
unmount request from perfsun-g.datadomain.com:668 for
/ddr/col1/segfs (/ddr/col1/segfs)
Jun 27 12:28:54 localhost sshd(pam_unix)[998]: session
opened for user jsmith10 by (uid=0)
Jun 27 13:00:00 localhost logger: at 1:00pm up 3 days,
3:42, 52324 NFS ops, 84763 GiB data col. (1%)
Note: GiB = Gibibytes = the binary equivalent of Gigabytes.
138
Managing Data Domain Systems
Understand a Log Message
1. View the log file. This can be done with the command log
view message or the command log view, or from the
Enterprise Manager (see Display a Log File on page 138).
In the log file is text similar to:
Jan 31 10:28:11 syrah19 bootbin: NOTICE: MSGSMTOOL-00006: No replication throttle schedules
found: setting throttle to unlimited.
The components of the message are:
DateTime Host Process [PID]: Severity: MSG-ModuleMessageID: Message
Severity levels, in descending order, are Emergency, Alert,
Critical, Error, Warning, Notice, Info, Debug.
2. Look for the file of log messages. A detailed description of log
messages can be obtained from the Data Domain support Web
site (https://my.datadomain.com/) for a specific DD OS release
by clicking Download Software > View > Details and
Download > Full Documentation on this Release, then Error
Message Catalog.
3. In the Error Messages Catalog, search for the message “MSG-
SMTOOL-00006.” Find the following:
ID: MSG-SMTOOL-00006 - Severity: NOTICE - Audience:
customer
Message: No replication throttle schedules found:
setting throttle to unlimited.
Description: The restorer cannot find a replication
throttle schedule. Replication is running with
throttle set to unlimited.
Action: To set a replication throttle schedule, run
the replication throttle add command.
4. Based on the message, one could run the replication
throttle add command to set the throttle.
DD OS 5.2 Administration Guide
139
Save a Copy of Log Files
To save a copy of log files, use FTP to move the files to another
machine.
1. On the Data Domain system, use the adminaccess show ftp
command to see whether FTP service is enabled. If the service
is disabled, use the command adminaccess enable ftp.
2. On the Data Domain system, use the adminaccess show ftp
command to see that the FTP access list has the IP address of
your remote machine or a class-C address that includes your
remote machine. If the address is not in the list, use the
command adminaccess add ftp ipaddr.
3. On the remote machine, open a web browser.
4. In the Address box at the top of the web browser, use FTP to
access the Data Domain system. For example:
ftp://Data Domain system_name.yourcompany.com/
Note: Some Web browsers do not automatically ask for a login
if a machine does not accept anonymous logins. In that case,
add a user name and password to the FTP line. For example:
ftp://sysadmin:your-pw@Data Domain
system_name.yourcompany.com/
5. At the login pop-up, log in to the Data Domain system as user
sysadmin.
6. On the Data Domain system, you are in the directory just
above the log directory. Open the log directory to list the
messages files.
7. Copy the file that you want to save. Right-click the file icon and
select Copy To Folder from the menu. Choose a location for the
file copy.
8. If you want the FTP service disabled on the Data Domain
system, after completing the file copy, use SSH to log in to the
Data Domain system as sysadmin and invoke the command
adminaccess disable ftp.
140
Managing Data Domain Systems
Using IPMI to Control Remote Data Domain
Systems
You can configure and use the Intelligent Platform Management
Interface (IPMI) to power up, power down, or power cycle a Data
Domain system in a remote location from a host Data Domain
system, if both systems support this standard.
IPMI runs independently of the DD OS and allows an IPMI user to
perform power management for the system, as long as the system
is connected to a power source and the Internet. The remote
system is contacted using an IP address of an Ethernet port that
has been configured for IPMI from the host Data Domain system.
This feature eliminates the need to be physically present to power
on or power off the remote system.
Caution: IPMI does not perform an orderly shutdown of the
DD OS file system and should not be used as the preferred way of
shutting down a Data Domain system. IPMI can be used in
emergency situations to remove power from a Data Domain
system that is not operating normally. IPMI can also be used after a
Data Domain system has been shutdown gracefully. The system
poweroff command should be used whenever possible and
completed before IPMI power removal.
The following sections describe IPMI use:
•
Getting Started with IPMI on page 141
•
Configuring IPMI for a Remote Data Domain System on page 143
•
Managing the Remote Data Domain System on page 146
Getting Started with IPMI
To use IPMI, your Data Domain systems must be able to support
the IPMI standard.
Note: If the ability to view the boot sequence of a remote Data
Domain system is required using Serial Over LAN (SOL), see the
ipmi chapter of the DD OS 5.2 Command Reference Guide.
DD OS 5.2 Administration Guide
141
Limitations
The following Data Domain systems do not support IPMI:
•
DD140
•
DD2xx
•
DD4xx
•
DD610 and DD630
Terminology
The following terms are used to describe the status and
responsibility of systems running IPMI:
•
Host system—This system performs the power management of
remote IPMI systems. It can manage and keep the status of
registered remote systems, and can also manage an IPMI
system that is not registered, as long as the system is accessible
on the network.
•
Remote system—A system that can be power managed by the
host system; also referred to as the target system. It does not
have to be present in the EM Navigational Tree to be power
managed. A remote system can be powered up or powered
down by the host system, depending on its powered-on state.
•
Managed system—An IPMI system that is registered and
actively monitored by the host system. This system’s BMC port
entry displays in the Network Ports pane of the IPMI page (see
View IPMI Configuration Information on page 142). The
configuration of managed systems are checked every 15
minutes.
View IPMI Configuration Information
To navigate to the IPMI page:
1. In the Navigational tree, select the system to view.
2. Navigate to Maintenance > IPMI.
The IPMI management page displays.
142
Managing Data Domain Systems
The IPMI management page shows configuration information
about the currently selected system and the list of IPMI users
for that system.
Table 3-2: Network Ports
Item
Description
Port
The IPMI Ethernet port being used on the
selected system. See Set the IPMI Port on a
Remote System on page 144 for configuration
details.
Enabled
Whether the port is enabled for IPMI (Yes or No).
See Enable or Disable the IPMI Network Port on
page 145 for details on how to change the status.
DHCP
Whether the port uses DHCP to set its IP address
(Yes or No).
MAC Address
The hardware MAC address for the IPMI port.
IP Address
The IP address for the IPMI port. This port is a
logical port bmc-eth0 or bmc-eth1, or bmc0a or
bmc0b, depending on the Data Domain system
model and port. Physically, these ports use the
Ethernet ports on the motherboard.
Netmask
The subnet bit mask for the IPMI port.
Gateway
The gateway IP address used for the IPMI port.
.
Table 3-3: IPMI Users
Item
Description
User Name
The name of the user with authority to power
manage the remote system. See Add an IPMI
User on page 145 for configuration details.
Configuring IPMI for a Remote Data Domain System
Prior to performing power management on a remote system, the
remote system must be configured to use IPMI and the IPMI
network port must be enabled.
DD OS 5.2 Administration Guide
143
When a remote system is configured for IPMI using the Enterprise
Manager, the IP address of the network port assigned for IPMI
communication is maintained by the host system and used when
power management is necessary. If you do not configure a remote
system using the EM, you must maintain the IPMI IP address
yourself (in a notebook, for example) and enter it manually when
power management is necessary.
To configure the remote system to be managed by IPMI, you need
to set an Ethernet port as an IPMI network port and add IPMI
users:
•
Set the IPMI Port on a Remote System on page 144
•
Enable or Disable the IPMI Network Port on page 145
•
Managing IPMI Users on page 145
Note: If a system does not have the correct hardware or software
to support IPMI, a message to that effect is generated when
navigating to the configuration page.
Set the IPMI Port on a Remote System
The BMC (Baseboard Management Controller) port, a logical port
assigned to one or both of the two Ethernet ports on the
motherboard, handles the IP communication between the host
system and the remote system and must be physically connected to
the LAN.
To set the IPMI port:
1. Select the remote system in the navigational tree and navigate
to the IPMI page (see View IPMI Configuration Information on
page 142).
2. In the Network Ports pane of the IPMI Configuration area,
click Configure.
The Configure Port dialog window appears.
3. Choose how network addressing is assigned, either with
DHCP or manually (addresses use the standard IP addressing
format, for example, 192.168.10.10)).
•
144
To use DHCP, click the Dynamic (DHCP) radio button.
Managing Data Domain Systems
•
To manually assign network addressing, click the Static
(Manual) radio button, and enter the IP address, Netmask,
and Gateway addresses.
4. Click Apply.
The port is enabled and appears in the Network Ports pane.
Enable or Disable the IPMI Network Port
To change the status of a managed system’s IPMI network port:
•
To enable a disabled IPMI network port, in the Network Ports
pane, click the checkbox of the network port and click Enable.
•
To disable an enabled IPMI network port, in the Network Ports
pane, click the checkbox of the network port and click Disable.
Managing IPMI Users
You can add, delete, and change passwords of users who can
manage IPMI operations on the remote system.
Note: IPMI users are not the same as users configured with the
Enterprise Manager.
•
Add an IPMI User on page 145
•
Modify an IPMI User Password on page 146
•
Remove an IPMI User on page 146
Add an IPMI User
To add an IPMI user:
1. In the IPMI Users pane of the IPMI Configuration area of the
selected system, click Add.
The Add User dialog window appears.
2. Enter the User Name (16 or less characters) and Password in
the appropriate text boxes (reenter the password in the
VerifyPassword box).
3. Click Apply.
The user entry appears in the IPMI User pane.
DD OS 5.2 Administration Guide
145
Modify an IPMI User Password
To modify the password of an IPMI user:
1. In the IPMI Users pane of the IPMI Configuration area of the
host system, select the row with the user name and click
Change Password.
The Change Password dialog box appears.
2. Enter the Password in the appropriate text box (reenter the
password in the VerifyPassword box).
3. Click Update.
Remove an IPMI User
To delete an IPMI user:
1. In the IPMI Users pane of the IPMI Configuration area of the
selected system, select the row with the user name and click
Delete.
The Delete User dialog box appears.
2. Verify the user deletion and click OK.
Managing the Remote Data Domain System
To manage a remote Data Domain system:
•
Log In to an IPMI Remote Data Domain System on page 146
•
Power Management on the Remote System on page 147
Log In to an IPMI Remote Data Domain System
To log in to a remote Data Domain system:
1. In the IPMI Power Management area, click Manage Another
System.
The IPMI Power Management dialog window appears.
2. In the Target System area, click the radio button for how to
access the remote system:
•
146
Managed System—Click the drop-down arrow to select the
name of a managed system.
Managing Data Domain Systems
•
Another System—Enter the IPMI IP address or hostname of
the system.
3. Enter the IPMI user name and password for the remote system.
4. Click Connect.
The IPMI Power Management dialog window appears.
Power Management on the Remote System
To perform power management on the IPMI remote system:
•
Check Power Status on page 147
•
Change the Power Status on page 147
Check Power Status
The Status area of the IPMI Power Management window shows
the current power status for the target system. The Status area
always shows the current status.
Note: The Refresh icon (the blue arrows) next to the status can be
used to refresh the configuration status (for example, if the IPMI IP
address or user configuration were changed within the last 15
minutes using the CLI commands).
Click Done to close the IPMI Power Management window.
Change the Power Status
The buttons that are active to change the power status are
dependent on the current power status of the remote system. The
available options are:
•
Power Up—Displays when the remote system is powered off.
Clicking this button starts a power up on the remote system.
•
Power Down—Displays when the remote system is powered
on. Clicking this button starts a power down on the remote
system.
DD OS 5.2 Administration Guide
147
Caution: The IPMI Power Down feature does not perform an
orderly shutdown of the DD OS. This option can be used if the DD
OS hangs and cannot be used to gracefully shutdown a system.
•
Power Cycle—Displays when the remote system is powered
on. Clicking this button starts a power cycle on the remote
system.
•
Manage Another System—Click this button to log in to another
IPMI remote system.
Click Done to close the IPMI Power Management window.
148
Managing Data Domain Systems
4 Monitoring Data Domain
Systems
For monitoring Data Domain systems, the Enterprise Manager
provides, at a glance, a composite view of important statistics for a
group of Data Domain systems, as well as detailed status for a
single system and its components.
You can monitor Data Domain system operation with a variety of
Enterprise Manager tools: reporting tools that automatically send
emails containing status and alerts, log files that contain a record of
important system events, and SNMP monitoring using third-party
SNMP managers.
Automatic logging and reporting tools that provide system status
to Customer Support and designated email recipients are
important in monitoring system operation. Their setup and use are
described in this chapter.
This chapter includes the following topics.
•
Monitoring with the DD Network Summary on page 149
•
Monitoring a Single System on page 152
•
Monitoring Chassis Status on page 155
•
Working with Alerts on page 159
•
Working with Reports on page 170
•
Viewing the Task Log on page 178
Monitoring with the DD Network Summary
The Enterprise Manager DD Network Summary presents key
statistics to help you understand the health of managed Data
Domain systems. The System Status, Space Usage, and Systems
DD OS 5.2 Administration Guide
149
panes provide key factors to help you recognize problems
immediately and to allow you to drill down to the system
exhibiting the problem.
Check DD Network Status
1. Select the DD Network icon in the Navigational pane.
2. Click the Summary tab.
The DD Network Summary view appears. It presents a highlevel view of important information for the systems in the
network. The summary view contains the System Status, Space
Usage, and Systems panes.
150
Monitoring Data Domain Systems
About the System Status Pane
System Status summarizes the following about the network.
Item
Description
Systems with Alerts The number of systems with active alerts.
Reachable Systems
The total number of systems reporting to the Enterprise
Manager. A system may not be reporting if:
• the system is offline
• the network path to the system is down
• a SSL certificate error occurred
Total Systems
The total number is the number of Data Domain systems
configured on this EM system.
About the Space Usage Pane
Space Usage summarizes the total networked storage amounts.
Item
Description
Total Pre-Compression
The total amount of data sent to all Data Domain systems
by backup servers. This is the data written before
compression.
Total Post-Compression
The total data amount of all systems after compression
has been performed.
Average Compression
(Reduction)
The average amount of compression as calculated on each
individual system.
DD OS 5.2 Administration Guide
151
About the Systems Pane
The Systems pane summarizes important data for each of the
systems.
Item
Description
System
The names of a system in the DD network.
Status
If the system is reachable, No Alerts or n Alerts displays,
where n is the number of active alerts. The status line
changes to red with an active alert.
If the system is not reachable, the status column displays
one of the following:
• Unknown
• Not reachable
• SSL certificate error
File System Status
The status of the file system. Status can be:
• Running
• Disabled
• N/A—The system is not reachable.
Compression
(Reduction)
The average amount of compression for the listed system
or N/A if the system is not reachable.
Space Usage
A bar graph showing the size, used, available, and
cleanable disk space (see Space Usage on page 195) or
N/A if the system is not reachable.
Clicking a system name in the Systems pane take you to that
system’s Summary page described in Monitoring a Single System on
page 152.
Monitoring a Single System
To help you proactively recognize trouble signs that keep a system
from operating normally, the Enterprise Manager presents system
alerts, graphs, and logs. Procedures for working with these tools
are provided in this section
Sometimes, the system needs troubleshooting from Data Domain
Customer Support. This section provides procedures for obtaining
and sending system logs and reports.
152
Monitoring Data Domain Systems
Check the System’s Status Summary
Click the plus sign ( + ) next to DD Network in the Navigational
pane and click a system name. The Status > Summary view
appears.
The Summary page shows important high-level information about
the selected system. It contains the Alerts, File System, Services,
and Hardware panes. Clicking any one of these panes takes you to
the area of the Enterprise Manager that provides more detail on
the topic
About the Alerts Pane
The Alerts pane shows the count, type, and the text of the most
recent alerts in the system, for each subsystem (Hardware,
Replication, File System, and Others).
Click an alert to go to the Alerts page. See View Current Alerts on
page 160.
DD OS 5.2 Administration Guide
153
About the File System Pane
The File System pane shows a summary of file system statistics,
including the operational status, compression factor, and data
written statistics.
Click in the File System pane to go to the File System page. See
Monitoring File System Usage on page 193.
About the Services Pane
The Services pane presents the status of the system services, such
as Replication, VTL, CIFS, NFS, and DD Boost. The color-coded
box shows the operational status (green for normal, yellow for
warnings, or red for errors). The total numbers for warnings and
errors are displayed as well.
Click a service to go to its area of the Enterprise Manager.
•
See Checking Replication Status on page 437.
•
See Working with VTL on page 339.
•
See Monitoring CIFS Operation on page 304.
•
See View NFS Status on page 317.
•
Monitoring DD Boost on page 331.
About the Hardware Pane
The Hardware pane presents the status of the system hardware,
such as disk drives and optional enclosures. The color-coded icons
show the operational status (green for normal, or red for degraded
or failed). A count shows the number of enclosures, and the
number of drives per condition (operational, spare, and failed).
Note: Counts on the dashboards refer to the total number of
errors, not the index number of the component exhibiting the
error.
Click an icon to go to the Hardware > Storage page (see Managing
System Storage on page 59).
154
Monitoring Data Domain Systems
Check the System Details
1. Select the system to be checked in the Navigational pane.
2. Click the Maintenance > System tabs.
The System pane appears and reports the model number of the
system, the DD OS version, and the amount of time since the
last reboot (System Uptime).
Monitoring Chassis Status
The Chassis view provides a block drawing of the chassis and its
components—disks, fans, power supplies, NVRAM, CPUs,
Memory, and so forth. The components that appear depend upon
the Data Domain system model.
1. Select the Data Domain system in the Navigational pane.
2. Click the Hardware > Chassis tabs.
The Chassis view appears, showing the system components.
Enclosures for systems show below the chassis.
Components with problems show yellow (warning) or red
(error); otherwise, the component displays OK.
3. Hover the cursor over a component to see detailed status.
The view includes information for:
•
Fans on page 156
•
Temperature on page 156
•
Power Supply on page 157
•
PCI Slots on page 158
•
NVRAM on page 158
DD OS 5.2 Administration Guide
155
Fans
Fans are numbered and correspond to their location in the chassis.
The tooltip provides the following.
Item
Description
Description
The name of the fan.
Level
The current operating speed range (Low,
Medium, High).
The operating speed changes depending on the
temperature inside the chassis.
Status
The health of the fan.
Temperature
The tooltips shows temperature measurements for the CPUs,
baseboard, midplane, and front panel of the chassis.
Item
Description
Description
The location within the chassis being measured.
Components are dependent on the model. Some
examples are:
• CPU 0 relative
• CPU 1 relative
• Baseboard
• Mid-plane
• Front panel
C/F
156
The C/F column displays temperature in degrees
Celsius and Fahrenheit.
For CPUs (CPU n Relative), this column displays
the number of degrees that each CPU is below the
maximum allowable temperature and the actual
temperature for the interior of the chassis (chassis
ambient).
Monitoring Data Domain Systems
Item
Description
Status
Shows the temperature status:
• OK—The temperature is acceptable
• Critical—The temperature is higher than the
shutdown temperature.
• Warning—The temperature is higher than the
warning temperature (but lower than the
shutdown temperature).
If the overall temperature for a Data Domain system reaches
50 degrees Celsius (122 degrees Fahrenheit), a warning message is
generated. If the temperature reaches 60 degrees Celsius
(140 degrees Fahrenheit), the Data Domain system shuts down.
The CPU temperature value is relative to the shutdown
temperature, and depends on the Data Domain system model.
With newer models, the numbers are negative when the status is
OK and move toward 0 (zero) as CPU temperature increases. If a
CPU temperature reaches 0 Celsius, the Data Domain system shuts
down. With older models, the numbers are positive. If the CPU
temperature reaches 80 Celsius (176 degrees Fahrenheit), the Data
Domain system shuts down.
Power Supply
The tooltips shows the status of the power supply (OK or
DEGRADED if a power supply is absent or failed). You can also
look at the back panel of the enclosure and check the LED for each
power supply to identify those that need replacing.
DD OS 5.2 Administration Guide
157
PCI Slots
The tooltips shows memory and battery information about the
various cards installed.
Item
Description
Component
The component within the chassis being
measured:
• Memory Size
• Battery 1
• Battery 2
Value
• Memory Size—size in MBs
• Battery 1—Percent charged, status
(Enabled/Disabled)
• Battery 2—Percent charged, status
(Enabled/Disabled)
NVRAM
NVRAM shows information about the Non-Volatile RAM.
Item
Description
Component
The component within the chassis being
measured:
• Firmware version
• Memory Size
• Board temperature
• CPU Temperature
• Battery 1
• Battery 2
• Battery 3
• Current slot number
Value
• Memory Size—size in MBs
• Battery 1—Percent charged, status
(Enabled/Disabled)
• Battery 2—Percent charged, status
(Enabled/Disabled)
158
Monitoring Data Domain Systems
Working with Alerts
During normal operation, a Data Domain system may produce
warnings or encounter failures whereby administrators must be
informed immediately. This communication is performed by
means of an alert.
Alerts are sent out to designated individuals or groups so that
appropriate actions can be taken promptly.
Alerts are sent as email (immediately via the notification settings
or cumulatively as Daily Alert Summary email) and logged on the
Current Alerts page. A subset of alerts are also sent as SNMP traps.
See the MIB Quick Reference Guide or the SNMP MIB for the full list
of traps
The Alerts views present lists of current and historical system
alerts, and clicking on an alert shows its details. The Alerts view
also allows you to configure alert notification settings and set
when and to whom daily alert summaries are sent.
To access the Alerts view:
1. Select the system in the Navigational pane.
2. Click the Status > Alerts tabs.
The Alerts page appears. It contains tabs for:
•
Working with the Current Alerts Page on page 159
•
Working with the Alerts History Page on page 161
•
Working with the Notification View on page 163
•
Working with the Daily Alert Summary Page on page 167
Working with the Current Alerts Page
The Current Alerts page list the alerts on the selected system that
have not been corrected or manually cleared. A total of the current
alerts displays at the bottom right of the list pane.
You can perform the following tasks on the Current Alert page:
•
View Current Alerts on page 160
•
Filter Current Alerts on page 161
DD OS 5.2 Administration Guide
159
•
Clear a Current Alert on page 161
View Current Alerts
The first pane lists the current alerts which displays the following
information. Clicking an alert in the list shows additional
information in the Details pane, which follows:
160
Item
Description
ID
A unique numerical identifier for the alert.
Message
The alert message text.
Severity
The level of seriousness of the alert.For example,
warning, critical, info, emergency,
Date
The time and date the alert occurred.
Class
The subsystem where the alert occurred.
Object
The physical component where the alert is
occurring.
Item
Description
Alert ID
A unique numerical identifier for the alert.
Name
A textual identifier for the alert.
Message
The alert message text.
Severity
The level of seriousness of the alert.For example,
warning, critical, info, emergency.
Class
The subsystem and device where the alert occurred.
Date
The time and date the alert occurred.
Object ID
The physical component where the alert is
occurring.
Event ID
An event identifier.
Description
More descriptive information about the alert.
Action
A suggestion to remedy the alert.
SNMP OID
SNMP object ID.
Monitoring Data Domain Systems
Filter Current Alerts
To rearrange or search the list of current alerts:
1. In the Filter By area, click the Severity and Class drop-down
lists to expose only alerts that pertain to those choices.
Severity levels, in descending order, are Emergency, Alert,
Critical, Error, Warning, Notice, Info, and Debug. The Alert
filter displays all alerts with the selected severity or higher. For
example, selecting Warning displays Warning and Critical
alerts.
2.
3. Click Update.
All alerts not matching the Severity and Class are removed
from the list.
To remove filtering and return to the full listing of current
alerts, click Reset.
Clear a Current Alert
An alert is automatically removed from the Current Alerts list
when the underlying situation is corrected or when manually
cleared. For example, an alert about a fan failure is removed when
the fan is replaced with a working unit.
To manually clear an alert and remove it from the Current Alerts
list:
1. Click the checkbox of the alert in the list.
2. Click Clear.
The alert is moved to the Alerts History list.
Working with the Alerts History Page
The Alerts History page lists cleared alert messages with the most
recent alert listed first. This page can be used to see how healthy a
Data Domain system has been in the past and to track the actions
that were taken to keep the system healthy. It is useful in spotting
trends and avoiding problems.
DD OS 5.2 Administration Guide
161
You can perform the following tasks on the Alert History page:
•
View Alerts History on page 162
•
Filter Alerts History on page 163
View Alerts History
The first pane lists the historical alerts which displays the
following information. Clicking an alert in the list shows
additional information in the Details pane, which follows:
162
Item
Description
ID
A unique numerical identifier for the alert.
Message
The alert message text.
Severity
The level of seriousness of the alert.For example,
warning, critical, info, emergency,
Date
The time and date the alert occurred.
Class
The subsystem where the alert occurred.
Object
The physical component where the alert is
occurring.
Status
The current disposition of the alert (for example,
Posted or Cleared).
Item
Description
Alert ID
A unique numerical identifier for the alert.
Name
A textual identifier for the alert.
Message
The alert message text.
Severity
The level of seriousness of the alert.For example,
warning, critical, info, emergency,
Class
The subsystem and device where the alert occurred.
Date
The time and date the alert occurred.
Object ID
The physical component where the alert is
occurring.
Event ID
An event identifier.
Monitoring Data Domain Systems
Item
Description
Additional
Information
More descriptive information about the alert.
Type
The type of alert.
Status
The status of the alert.
Clear By
The user name that cleared the alert.
Filter Alerts History
The Alerts History alert list can be rearranged with the following
options:
•
Click any diamond in a column heading to reverse the listing.
•
Use the Filter By options to search for the Severity, Date, Class,
and Status options, then Click Update.
•
Use the Other option in the Date list to set a specific start and
end date for when alerts were closed using the calendar
exposed with the calendar icon.
•
Click Reset to return to the default, where the latest alert is
listed first.
Working with the Notification View
The Notification view lists the group of email recipients who
receive alert notifications and allows you to view and configure the
notification groups.
You can perform the following tasks on the Notifications page:
•
View the Notifications List on page 164
•
Filter the Notifications List on page 164
•
Create a Notification Group on page 164
•
Verify Subscriber Emails in a Notification Group on page 165
•
Modify a Notification Group on page 165
•
Delete a Notification Group on page 166
•
Reset a Notification Group on page 166
DD OS 5.2 Administration Guide
163
•
Manage a Subscriber List on page 166
View the Notifications List
The first pane lists the notification groups which displays the
following information. Clicking a group in the list shows Class
Attributes and Subscribers in the Detailed Information pane,
which follows:
Item
Description
Group Name
The name of the group receiving the notification.
Class
The number of classes being tracked.
Subscribers
The number of email subscribers in the group.
Item
Description
Class Attributes
The name of a class and the severity ranking that
will trigger an alert.
Subscribers
The email addresses of subscribers in the group.
Filter the Notifications List
To filter (or search for an item) in the notifications group list, type a
group name and/or subscriber email in the appropriate text box in
Filter By area, and click Update. The result is brought to the top of
the notification list.
Note: Click Reset to return the group list to the default order.
Create a Notification Group
By default, all alerts are sent to the Alerts Summary email group,
but groups that receive specific classes of alert notification are
configurable.
To create a notification group:
1. Click Add.
The Add Group dialog window appears.
2. Type the name of the group in the Group Name text box.
164
Monitoring Data Domain Systems
3. Click the checkbox of one or more classes of which to be
notified.
4. Click the drop-down list to change the default severity level
(Warning) and select another level.
5. Click OK.
6. Click the checkbox of the group, now in the Notifications
group list, and click Modify.
The Modify Group dialog window appears.
7. Click Update Subscribers in the left pane.
8. In the Subscribers pane, click the + icon.
The Email Address dialog window appears.
9. Enter the email address of a subscriber and click OK.
10. Repeat steps 8 and 9 for each subscriber that needs to ba added
to the group.
11. Click Finish.
Verify Subscriber Emails in a Notification Group
To send a test email to subscribers in a notification group:
1. Click More Tasks and select Send Test Alert.
The Send Test Alert dialog window appears.
2. In the Notification Groups pane, click the checkboxes of the
groups to receive the test email and click Next.
3. In the Additional Email Addresses pane, add or modify email
addresses, if necessary.
4. Click Send Now.
Modify a Notification Group
To modify the attribute classes in an existing group:
1. Click the checkbox of the group in the Notifications group list,
and click Edit in the Class Attributes pane of the Detailed
Information area.
The Edit Group dialog window appears.
DD OS 5.2 Administration Guide
165
2. Click (or deselect) the checkbox of one or more classes.
3. Click the menu to change the severity level and select another
level.
4. Click OK.
Delete a Notification Group
To delete one or more existing notification group:
1. Click one or more checkboxes of groups in the Notifications
group list, and click Delete.
The Delete Group dialog window appears.
2. Verify the deletion and click OK.
Reset a Notification Group
To remove all notification groups that were added and any
changes to the Default group:
1. Click More Tasks and select Reset Notification Groups.
The Reset Notification Groups dialog window appears.
2. Click Yes in the verification dialog window and OK.
Manage a Subscriber List
To add, modify, or delete email addresses from a subscriber list:
1. Click the checkbox of the group in the Notifications group list,
and click Edit in the Subscribers pane of the Detailed
Information area.
The Edit Subscribers dialog window appears.
2. Manage a subscriber email:
166
•
To add a subscriber, click the + icon and enter the email
address in the Email Address dialog window, and click
OK.
•
To modify an email address, click the checkbox of the email
address in the Subscriber Email list and click the pencil
icon. Edit the email address in the Email Address dialog
window, and click OK.
Monitoring Data Domain Systems
•
To delete an email address, click the checkbox of the email
address in the Subscriber Email list and click the X icon.
Working with the Daily Alert Summary Page
Every morning at 8:00 a.m. (local time for your system), the Data
Domain system sends the Daily Alert Summary email to the
subscribers configured for the alertssummary.list email group. The
Daily Alert Summary email contains current and historical alerts
showing messages about non-critical hardware situations and disk
space usage numbers that should be addressed soon. An example
would be a fan failure. A failed fan should be replaced as soon as is
reasonably possible, but the system can continue operations. When
Support receives the failure notification, they contact you to
arrange a replacement component.
To configure the Daily Alerts Summary configuration:
1. If the default deliver time of 8 AM is not acceptable, click
Schedule in the Delivery Time pane.
The Schedule Alert Summary dialog window appears.
2. Click the drop-down lists to select the hour, minute, and
AM/PM, and click Finish.
3. Click Configure/Edit in the Subscribers pane.
The Daily Alert Summary Mailing List dialog window appears.
4. Manage a subscriber email:
•
To add a subscriber, click the + icon and enter the email
address in the Email Address dialog window, and click
OK.
•
To modify an email address, click the checkbox of the email
address in the Subscriber Email list and click the pencil
icon. Edit the email address in the Email Address dialog
window, and click OK.
•
To delete an email address, click the checkbox of the email
address in the Subscriber Email list and click the X icon.
5. Click Finish.
DD OS 5.2 Administration Guide
167
Check Active Users
1. From the Navigational pane, select the system.
2. Click the Status > Active Users tabs.
The Active Users page appears.
Item
Description
Name
User name of the logged-in user.
Idle
Time since last activity of user.
Last Login From
System from which the user logged in.
Last Login Time
Datestamp of when user logged in.
TTY
Terminal notation for CLI login.
Session
Identifier of the user session.
Note: To manage local users, click the Go to Active Users link (see
Manage Local User Access to the System on page 102).
Check System Statistics
The Performance Graph pane shows the performance of several
subsystems in the system. It contains graphs that show real-time
statistics for the CPU, the network, file system operation, disk
traffic, and so forth.
1. Select the system in the Navigational pane.
2. Click the Status > Stats tabs.
The Performance Graphs page appears.
168
Monitoring Data Domain Systems
Each graph shows a percentage of usage over the last 200 seconds.
Click Pause to temporarily stop the charting. The graphs are:
•
CPU on page 169
•
Network on page 169
•
Disk on page 170
•
Replication on page 170
•
FS ops on page 170
CPU
The percentage of time that all CPUs are busy.
Network
The amount of data in Megabytes per second passing through each
Ethernet connection. One line appears for each Ethernet port.
DD OS 5.2 Administration Guide
169
Disk
The amount of data in Mebibytes (binary equivalent of Megabytes)
per second going to and from all disks in the Data Domain system.
Note: 1 Mebibytes = 1 MiB = 220 bytes = 1,048,576 bytes
Replication
(Displays only if the Replicator feature is licensed)
•
KB/s in—The total number of kilobytes per second received by
this side from the other side of the Replicator pair. For the
destination, the value includes backup data, replication
overhead, and network overhead. For the source, the value
includes replication overhead and network overhead.
•
KB/s out—The total number of kilobytes per second sent by
this side to the other side of the Replicator pair. For the source,
the value includes backup data, replication overhead, and
network overhead. For the destination, the value includes
replication and network overhead.
FS ops
(File system operations per second)
•
NFS ops/s: The number of NFS operations per second.
•
CIFS ops/s: The number of CIFS operations per second.
Working with Reports
Data Domain Enterprise Manager allows you to generate reports
to track space usage on a Data Domain system for a period of up to
2 years back. In addition, you can generate reports to help
understand replication progress. You can view reports on file
system daily and cumulatively, over a period of time.
The Reports view is divided into two sections. The upper section
allows you to create the various types of reports. The lower section
allows you to view and manage saved reports.
170
Monitoring Data Domain Systems
Reports display in a table format, and as charts, depending on the
type of report. You can select a report for a specific Data Domain
system and specify a specific time period.
The reports display historical data, not real-time data. Once the
report is generated, the charts remain static and do not update.
Examples of type of information administrators can obtain from
reports are:
•
The amount of data that was backed up to the system and the
amount of de-duplication that was achieved
•
Estimates of when the Data Domain system will be full, based
on weekly space usage trends
•
Backup and compression utilization based on selected intervals
•
Historical cleaning performance, (including duration of
cleaning cycle, amount of space that can be cleaned, and
amount of space that was reclaimed)
•
Amount of WAN bandwidth used by replication, (for source
and destination, and if bandwidth is sufficient to meet
replication requirements)
•
System performance and resource utilization
Types of Reports
The types of reports that are available are:
•
File System Cumulative Space Usage Report on page 171
•
File System Daily Space Usage Report on page 173
•
Replication Status Report on page 174
•
Replication Summary Report on page 175
Note: Replication reports can only be created if the system has a
replication license and a valid replication context configured.
File System Cumulative Space Usage Report
File System Cumulative Space Usage Reports include cumulative
pre-compression, post-compression, and total compression factor
data on the system during the specified duration. This report is
DD OS 5.2 Administration Guide
171
used to analyze how much data is backed up, the amount of
deduplication performed, and how much space is consumed.
The File System Cumulative Space Usage report lists the following
information:
Item
Description
File System—Usage
Data Written (GiB)
The amount of data written before
compression. This is indicated by a purple shaded area on the report.
Time
The timeline for data that has been written.
The time displayed on this report changes
based upon the Duration selection when the
chart was created.
Total Compression
Factor
The total compression factor reports the
compression ratio.
File System—Consumption
Used (GiB)
The amount of space used after compression.
Time
The date the data was written. The time
displayed on this report changes based upon
the Duration selection when the chart was
created.
Post Comp
The amount of storage used after compression.
Usage Trend
The dotted black line shows the storage usage
trend. When the line reaches the red line at the
top, the storage is almost full.
Size and Cleaning
Size is the Total Capacity on a Data Domain
system. Cleaning is the Cleaning cycle (start
and end time for each cleaning cycle).
Administrators can use this information to
decide when space cleaning should run and
what throttle to set.
File System Weekly Cumulative Capacity
Date (or Time for 24
hour report)
172
The last day of each week, based on the criteria
set for the report. In reports, a 24-hour period
ranges from noon-to-noon.
Monitoring Data Domain Systems
Item
Description
Data Written (PreComp)
The cumulative data written before
compression for the specified time period.
Used (Post-Comp)
The cumulative data written after compression
for the specified time period.
Total Compression
Factor
The total compression factor. This is indicated
by a black line on the report.
File System Daily Space Usage Report
File System Daily Space Usage Reports include daily precompression written, post-compression used, and total
compression factor on the system during the specified duration.
This report is used to analyze daily activities
The File System Daily Space Usage report lists the following
information.
Item
Description
File System Daily Space Usage
Space Used (GiB)
The amount of space used. Post-comp is red
shaded area. Pre-Comp is purple shaded area.
Time
The date the data was written.
Compression Factor
The total compression factor. This is indicated
by a black square on the report.
File System Daily Capacity Utilization
Date
The date the data was written.
Data Written
(Pre-Comp)
The amount of data written pre-compression.
Used (Post-Comp)
The amount of storage used after compression.
Total Compression
Factor
The total compression factor.
File System Weekly Cumulative Capacity
Start Date
The first day of the week for this summary.
End Date
The last day of the week for this summary.
Available
Total amount of storage available.
DD OS 5.2 Administration Guide
173
Item
Description
Consumed
Total amount of storage used.
Data (Post -Comp)
The cumulative data written before
compression for the specified time period.
Replication (PostComp)
The cumulative data written after compression
for the specified time period.
Overhead
Extra space used for non-data storage.
Reclaimed by Cleaning The total space reclaimed after cleaning.
Replication Status Report
Replication Status reports include the status of the current
replication job running on the system. This report is used to
provide a snapshot of what is happening for all replication
contexts to help understand the overall replication status on a Data
Domain System
The Replication Status report lists the following information:
Item
Description
Replication Context Summary
174
ID
The Replication Context identification.
Source
Source system name.
Destination
Destination system name.
Type
Type of replication context: Directory,
Collection, or Pool.
Status
Replication status types include: Error,
Normal.
Sync as of Time
Time and date stamp of last sync.
Estimated Completion
The estimated time the replication should be
complete.
Pre-Comp Remaining
The amount of pre-compressed data to be
replicated. This only applies to Collection
type.
Monitoring Data Domain Systems
Item
Description
Post-Comp Remaining The amount of post-compressed data to be
replicated. This only applies to Directory and
Pool types.
Replication Context Error Status
ID
The Replication Context identification.
Source
Source system name.
Destination
Destination system name.
Type
Replication context type: Directory or Pool.
Status
Replication status types include: Error,
Normal, and Warning.
Description
Description of the error.
Replication Destination Space Availability
Destination
Destination system name.
Space Availability
(GiB)
Total amount of storage available.
Replication Summary Report
Replication Summary reports include network in and network out
usage for all replication, in addition to per-context levels on the
system during the specified duration. This report is used to
analyze network utilization during the replication process to help
understand the overall replication performance on a Data Domain
System.
The Replication Summary report lists the following information
for the system and for the selected context:
Item
Description
Replication Summary (shown for system and context)
Network In (Mbps)
The amount of date entering the system.
Network In is indicated by a thin red line.
Network Out (Mbps)
The amount of data sent from the system.
Network Out is indicated by a thick red line.
Time
The date the data was written.
DD OS 5.2 Administration Guide
175
Item
Description
Pre-Comp Remaining
(MiB)
The amount of pre-compressed data to be
replicated. Pre-Comp Remaining is indicated
by a blue line.
Create a Report
To create a report:
1. Click the Reports button on the Navigational pane.
The Reports pane appears.
2. Click the name of the report in the New Reports area (see Types
of Reports on page 171 for descriptions of available reports).
3. From the System menu, select the system for which you want
to create a report .
4. Select additional options for the report based on the type of
report:
•
Duration— Last 4 Weeks, Last 7 Days, or Custom
Note: In reports, the duration of a 24-hour day ranges from
noon-to-noon.
•
Contexts—Available contexts for working with the
Replication Summary report
5. If you select Custom, enter Start and End Date and Time in the
additional fields.
6. Click Create.
The report displays and is added to the end of the Saved
Reports list.
Note: If the report does not display, verify the option to block
pop-up windows is enabled on your browser.
View Saved Reports
Once you have generated some reports, you can view these reports
by selecting them from the Saved Reports section at the bottom of
the Reports pane.
176
Monitoring Data Domain Systems
1. Click the Reports button on the Navigational pane.
The Reports view appears.
2. Check the box for the report you want to view in the Saved
Reports area.
3. Click View.
The report displays in a new browser window.
Note: If the report does not display, verify the option to block
pop-up windows is enabled on your browser.
Print Saved Reports
To print a saved report, follow these steps:
1. Click the Reports button on the Navigational pane.
The Reports view appears.
2. Check the box for the report you want to view in the Saved
Reports pane.
3. Click View.
The report displays in a new browser window.
4. In the browser window, from the File menu, select Print.
Delete Saved Reports
1. Click the Reports button on the Navigational pane.
The Reports view appears.
2. Check the box for the report you want to delete under the
Saved Reports pane. You can select multiple reports to delete.
Click the box at the top to select all the reports to delete.
3. Click Delete.
A warning dialog box asks if you are sure you want to delete
the selected reports.
5. Click OK and Close.
DD OS 5.2 Administration Guide
177
Rename Saved Reports
1. Click the Reports button on the Navigational pane.
The Reports view appears.
2. Check the box for the report you want to rename under the
Saved Reports pane.
3. Click Rename.
The Rename Report dialog box appears.
4. Click in the New Report Name text box and enter a new name
for your report.
It is a good idea to give the report a simple, descriptive name
you can easily recognize.
5. Click OK.
Viewing the Task Log
The Task Log shows the status of currently running jobs, such as,
replication or system upgrades. An EM Management Station can
manage several Data Domain systems and can initiate tasks on
those systems. If a task is initiated on a remote system, the
progress of that task is tracked in the Management Station's Task
Log, not on the remote system’s Task Log.
To view the Task Log:
1. Click the Task Log button on the Navigational pane.
The Tasks pane appears.
2. Select a filter by which to display the Task Log from the Filter
By drop-down list. You can choose All, In Progress, Failed, or
Completed.
The Tasks pane displays the status of all tasks based on the
filter you select and refreshes every 60 seconds.
3. To manually refresh the Tasks pane:
•
178
Click Update to update the Task log.
Monitoring Data Domain Systems
•
Click Reset to display all tasks and remove any filters you
have set.
4. Click to select a task in the Task Log pane. The Detailed
Information pane at the bottom displays more details on the
selected task.
The following status information displays in the Detailed
Information pane:.
Item
Description
System
The descriptive name of the Data Domain
system.
Task Description
A description of the type of task.
Start Time
The date and time the task started.
Status
The status of the task (completed, failed, or in
progress).
End Time
The date and time the task ended.
Error Message
An applicable error message, if any.
5. To return to the managing a system, select the system in the
DD Network tree in the Navigational pane.
DD OS 5.2 Administration Guide
179
180
Monitoring Data Domain Systems
5
Working with the File System
This chapter includes the following topics.
•
About the File System on page 181
•
Monitoring File System Usage on page 193
•
Managing File System Operations on page 204
•
Managing Encryption of Data at Rest on page 212
•
Fast Copy Operations on page 232
About the File System
The topics that describe the file system include:
•
How the File System Stores Data on page 181
•
How the File System Reports Space Usage on page 182
•
How the File System Uses Compression on page 183
•
How the File System Implements Data Integrity on page 184
•
How the File System Reclaims Storage Space with File System
Cleaning on page 187
•
Supported Interfaces on page 188
•
Supported Backup Software on page 188
•
Data Streams Sent to a Data Domain System on page 189
•
File System Limitations on page 191
How the File System Stores Data
A Data Domain system is designed as a very reliable online system
for backups and archive data. As new backups are added to the
DD OS 5.2 Administration Guide
181
system, old backups are aged out. Such removals are normally
done under the control of backup or archive software based on the
configured retention period.
When backup software expires or deletes an old backup from a
Data Domain system, the space on the Data Domain system
becomes available only after the Data Domain system cleans the
data of the expired backups from disk. A good way to manage
space on a Data Domain system is to retain as many online
backups as possible with some empty space (about 20% of total
space available) to comfortably accommodate backups until the
next scheduled cleaning run, which runs once a week by default.
Some storage capacity is used by Data Domain systems for internal
indexes and other metadata. The amount of storage used over time
for metadata depends on the type of data stored and the sizes of
the stored files. With two otherwise identical systems, one system
may, over time, reserve more space for metadata and have less
space for actual backup data than the other if different data sets are
sent to each system.
Space utilization on a Data Domain system is primarily affected
by:
•
The size and compressibility of the backup data.
•
The retention period specified in the backup software.
High levels of compression result when backing up datasets with
many duplicates and retaining them for long periods of time.
How the File System Reports Space Usage
All Data Domain Enterprise Manager windows and system
commands display storage capacity using base 2 calculations. For
example, a command that displays 1 GiB of disk space as used is
reporting 230 bytes = 1,073,741,824 bytes.
182
•
1 KiB = 210 bytes = 1024 bytes
•
1 MiB = 220 bytes = 1,048,576 bytes
•
1 GiB = 230 bytes = 1,073,741,824 bytes
•
1 TiB = 240 bytes = 1,099,511,627,776 bytes
Working with the File System
How the File System Uses Compression
The file system uses compression to optimize available disk space
when storing data, so disk space is calculated two ways: physical
and logical. (See Data Compression on page 31 for details about
compression.) Physical space is the actual disk space used on the
Data Domain system. Logical space is the amount of
uncompressed data written to the system.
The file system space reporting tools (Enterprise Manager graphs
and filesys show space command, or the alias df) show both
physical and logical space. These tools also report the size and
amounts of used and available space.
From clients that mount a Data Domain system, use your usual
tools for displaying a file system’s physical use of space.
The Data Domain system generates warning messages as the file
system approaches its maximum capacity. The following
information about data compression gives guidelines for disk use
over time.
The amount of disk space used over time by a Data Domain system
depends on:
•
The size of the initial full backup.
•
The number of additional backups (incremental and full)
retained over time.
•
The rate of growth of the backup dataset.
For data sets with typical rates of change and growth, data
compression generally matches the following guidelines:
•
For the first full backup to a Data Domain system, the
compression factor is generally 3:1.
•
Each incremental backup to the initial full backup has a
compression factor generally in the range of 6:1.
•
The next full backup has a compression factor of about 60:1.
Over time, with a schedule of weekly full and daily incremental
backups, the aggregate compression factor for all the data is about
20:1. The compression factor is lower for incremental-only data or
DD OS 5.2 Administration Guide
183
for backups with less duplicate data. Compression is higher when
all backups are full backups.
Types of Compression
A Data Domain system compresses data at two levels: global and
local. Global compression compares received data to data already
stored on disks. Duplicate data does not need to be stored again,
while data that is new is locally compressed before being written
to disk.
Local Compression
A Data Domain system uses a local compression algorithm
developed specifically to maximize throughput as data is written
to disk. The default algorithm (lz) allows shorter backup windows
for backup jobs but uses more space. Local compression options
provide a trade-off between slower performance and space usage.
To change compression, see Change Local Compression on page 209.
Changing the algorithm immediately affects any new data written
to the system. Any data already stored on the system will be
recompressed during the next cleaning run, which may take much
longer to run than usual.
How the File System Implements Data Integrity
Multiple layers of data verification are performed by the DD OS
file system on data received from backup applications to ensure
that data is written correctly to the Data Domain system disks. This
ensures the data can be retrieved without error.
The DD OS is purpose-built for data protection and it is
architecturally designed for data invulnerability. There are four
critical areas of focus, described in the following sections.
End-to-End Verification
End-to-end checks protect all file system data and metadata. As
data comes into the system, a strong checksum is computed. The
data is deduplicated and stored in the file system. After all data is
flushed to disk, it is read back, and re-checksummed. The
184
Working with the File System
checksums are compared to verify that both the data and the file
system metadata are stored correctly.
Figure 5-1: End-to-End Verification
Fault Avoidance and Containment
New data never puts old data at risk. Data Domain uses a logstructured file system that never overwrites or updates existing
data. New data (in red) is always written in new containers and
appended to existing old containers (in blue). The old containers
and references remain in place and are safe even in the face of
software bugs or hardware faults that may occur when storing
new backups.
DD OS 5.2 Administration Guide
185
Figure 5-2: Fault Avoidance and Containment
Continuous Fault Detection and Healing
Continuous fault detection and healing protects against storage
system faults. The system periodically rechecks the integrity of the
RAID stripes, and uses the redundancy of the RAID system to heal
any faults. During a read, data integrity is reverified and any
errors are healed on the fly.
Figure 5-3: Fault Detection and Healing
186
Working with the File System
File System Recoverability
Data is written in a self-describing format. The file system can be
re-created, if necessary, by scanning the log and rebuilding it from
the metadata stored with the data.
Figure 5-4: File System Recoverability
How the File System Reclaims Storage Space with
File System Cleaning
When your backup application (such as NetBackup or NetWorker)
expires data, the data is marked by the Data Domain system for
deletion. However, the data is not deleted immediately; it is
removed during a cleaning operation.
•
During the cleaning operation, the file system is available for
all normal operations including backup (write) and restore
(read).
•
Although cleaning uses a significant amount of system
resources, cleaning is self-throttling and gives up system
resources in the presence of user traffic.
•
Data Domain recommends running a cleaning operation after
the first full backup to a Data Domain system. The initial local
compression on a full backup is generally a factor of 1.5 to 2.5.
An immediate cleaning operation gives additional
compression by another factor of 1.15 to 1.2 and reclaims a
corresponding amount of disk space.
•
When the cleaning operation finishes, a message is sent to the
system log giving the percentage of storage space that was
reclaimed.
DD OS 5.2 Administration Guide
187
A default schedule runs the cleaning operation every Tuesday at 6
a.m. (tue 0600). You can change the schedule or you can run the
operation manually (see Modify a Cleaning Schedule on page 208).
Data Domain recommends running the cleaning operation once a
week.
Notes:
Any operation that shuts down the file system (such as
disabling the file system) or the Data Domain system (such
as a system power-off or reboot) aborts the cleaning
operation. The cleaning operation does not restart when the
system restarts. Either manually restart the cleaning or wait
until the next scheduled cleaning operation.
Replication between Data Domain systems can affect
cleaning operations. If a source Data Domain system
receives large amounts of new or changed data while
disabled or disconnected, cleaning is not able to recover
data that may have been deleted but is pending replication
until the replication completes. Replication should be
monitored regularly to ensure that it does not fall too far
behind.
Supported Interfaces
The following interfaces are supported by the file system:
•
NFS
•
CIFS
•
DD Boost
•
VTL
Supported Backup Software
Data Domain offers guidance on setting up backup software and
backup servers for use with a Data Domain system. Because such
information tends to change often, it is available on the Data
Domain Support Web site (https://my.datadomain.com/).
188
Working with the File System
For more information about the backup applications that are
supported and instructions for accessing the Data Domain Support
Web site compatibility matrices, refer to the section Backup Software
Requirements on page 38.
Data Streams Sent to a Data Domain System
A data stream, in the context of Table 5-1, refers to a a large bytestream associated with a sequential file access, such a write stream
to a backup file or a read stream from a restore image. A Repl
Source or Destination stream refers to a directory replication
operation or an OptDup (optimized deduplication) stream
associated with a file replication operation for the Symantec
NetBackup and BackupExec applications.
For optimal performance, Data Domain recommends the limits on
simultaneous streams between Data Domain systems and your
backup servers, as described in Table 5-1.
Table 5-1: Data Streams Sent to a Data Domain System in DD OS 5.2
Model
RAM/
NVRAM
Backup
Write
Streams
Backup Repl
Read
Source
Streams Streams
Repl
Mixed
Dest
Streams
DD120
DD140,
DD4xx,
DD510,
DD530
DD610
6 GB or
4 GB/
0.5 GB
16
4
15
20
w<= 16 ; r<= 4
ReplSrc<=15;
ReplDest<=20;
ReplDest+w<=16;
Total<=16
DD560,
DD565,
DD630
8 GB/
0.5 GB
20
16
30
20
w<=20; r<=16;
ReplSrc<=30;
ReplDest<=20;
ReplDest+w<=20;
Total<=30
DD565,
DD560
12 GB/
0.5 GB
45
20
45
45
w<=20; r<=16;
ReplSrc<=45;
ReplDest<=45;
ReplDest+w<=45;
Total<=45
DD OS 5.2 Administration Guide
189
Table 5-1: Data Streams Sent to a Data Domain System in DD OS 5.2
Model
RAM/
NVRAM
Backup
Write
Streams
Backup Repl
Read
Source
Streams Streams
Repl
Mixed
Dest
Streams
DD580,
DD580g
16 GB/
0.5 GB
45
30
60
45
w<=45; r<=30;
ReplSrc<=60;
ReplDest<=45;
ReplDest+w<=45;
Total<=60
DD660,
DD670
DD690
16 GB/
1 GB
90
30
60
90
w<=90; r<=30;
ReplSrc<=60;
ReplDest<=90;
ReplDest+w<=90;
Total<=90
DD690
24 GB/
1 GB
90
50
90
90
w<=90; r<=50;
ReplSrc<=90;
ReplDest<=90;
ReplDest+w<=90;
Total<=90
DD670
DD860
36 GB/
1 GB
90
50
90
90
w<=90; r<=50;
ReplSrc<=90;
ReplDest<=90;
ReplDest+w<=90;
Total<=140
DD880,
DD880g
64 GB/
2 GB
180
50
90
180
w<=180; r<=50;
ReplSrc<=90;
ReplDest<=180;
ReplDest+w<=180;
Total<=180
DD860
72 GB/
1 GB
90
50
90
90
w<=90; r<=50;
ReplSrc<=90;
ReplDest<=90;
ReplDest+w<=90;
Total<=140
DD890
96 GB/
2 GB
180
50
90
180
w<=180; r<=50;
ReplSrc<=90;
ReplDest<=180;
ReplDest+w<=180;
Total<=TBD
190
Working with the File System
Table 5-1: Data Streams Sent to a Data Domain System in DD OS 5.2
Model
RAM/
NVRAM
Backup
Write
Streams
Backup Repl
Read
Source
Streams Streams
Repl
Mixed
Dest
Streams
DD990
128 or
256 GB/
4 GB
540
150
270
540
w<=540; r<=150;
ReplSrc<=270;
ReplDest<=540;
R`eplDest+w<=540;
Total<=540
DD880GDA
64 GB/
2 GB per
controller
270
75
135
270
w<=270; r<=75;
ReplSrca<=135;
ReplDest* <=270;
ReplDest*+w<=270;
Total<=270
DD890GDA
96 GB/
2 GB per
controller
270
75
135
270
w<=270; r<=75;
ReplSrc*<=135;
ReplDest* <=270;
ReplDest*+w<=270;
Total<=270
a. OptDup only
File System Limitations
There are some file system limitations to be aware of while
working with the Data Domain system, as described in the
following sections.
•
Limits on Number of Files in a Data Domain System on page 191
•
Maximum Number of Supported Inodes on page 193
•
Maximum Path Name Length on page 193
Limits on Number of Files in a Data Domain System
Data Domain recommends storing no more than 100 million files
on a system. A larger number of files can adversely affect
performance and the length of cleaning. Some processes, such as
file system cleaning, may run much longer with a very large
number of files. For example, the enumeration phase of cleaning
DD OS 5.2 Administration Guide
191
takes about 5 minutes for one million files and over 8 hours for 100
million files.
A system does not have a fixed limit on the number of files.
Available disk space is used as needed to store data and the
metadata that describes files and directories. In round numbers,
each file or directory uses about 1000 bytes of metadata. A Data
Domain system with 5 TB of space available could hold up to 5
billion empty files. The amount of space used by data in files
directly reduces the amount of space available for metadata, and
vice versa.
Note: The overall performance for the Data Domain system will
fall to unacceptable levels if the system is required to support the
maximum file amount, and the workload from the client machines
is not extremely carefully controlled.
As well, consider the overhead of about 500 post-comp bytes per
empty file and about 1K post-comp bytes per non-empty file.
Therefore, a 5 TB system could hold about 10 billion zero length
files (if they were spread across multiple Mtrees) is less than
5 billion non-empty files, depending on the data compression
factor. After that, the disk space occupied by user data will
dominate the equation and the total number of files the Data
Domain system can store will gradually decrease based upon the
overall compression factor of the user data.
Many systems operate without problems with hundreds of
millions of files. After a billion files, some processes or operations
may see an impact:
•
Lengthy cleaning or garbage collection operations (which
could be scheduled less frequently in a stable, archive
environment).
•
AutoSupport operations (you may wish to schedule these to
occur less frequently).
•
Any process or command that needs to enumerate all the files.
If there are many small files, other considerations arise:
•
192
Initial bulk migration of files may take a while. For example, at
70 MB/sec, the task will take at least four hours.
Working with the File System
•
The number of separate files that can be created per second,
(even if the files are very small) may be more of a limitation
than the number of MB/s that can be moved into a Data
Domain system. When files are large, the file creation rate does
not signify, but when files are small, the file creation rate
dominates and may become a factor. File creation rate is
measured in the low 10’s of files per second, and should be
taken into account during system sizing when a bulk ingest of
a large number of files is needed by a customer environment.
•
File access latencies are affected by the number of files in a
directory. To the extent possible, we recommend directory
sizes of less than a thousand files. Larger directory sizes will
experience slower responses to metadata operations such as
listing the files in the directory and opening or creating a file.
•
Time for backing up small files may increase for all storage
devices (overhead per file) but even greater for backupoptimized Data Domain systems. We recommend you
implement replication to another Data Domain system instead
of backup.
Maximum Number of Supported Inodes
An NFS or CIFS client request causes a Data Domain system to
report a capacity of about 2 billion inodes (files and directories). A
Data Domain system can exceed that number, but the reporting on
the client may be incorrect.
Maximum Path Name Length
The maximum length of a full path name (including the characters
in /data/col1/backup) is 1023 bytes. The maximum length of a
symbolic link is also 1023 bytes.
Monitoring File System Usage
The File System view has tabs that show real-time data storage
statistics, including current compression factors showing the space
saved by using data deduplication, graphs of space usage
amounts, consumption factors, and data written trends. There are
DD OS 5.2 Administration Guide
193
also some options for managing file system cleaning, expansion,
copying, and destruction.
Access the File System View
1. Select a system in the Navigational pane.
2. Click the Data Management > File System tabs.
The File System view has a File System overview pane and four
tabs which are described in detail in the following sections:
•
About the File System Overview Pane on page 194
•
About the Summary View on page 195
•
About the Configuration View on page 197
•
About the Encryption View on page 198
•
About the Space Usage View on page 199
•
About the Consumption View on page 200
•
About the Daily Written View on page 201
About the File System Overview Pane
The File System overview pane displays the file system State and
the Clean Status.
State
The State area contains an Enable/Disable button and the shows
the working state of the file system:
194
•
Enabled and running—and the latest consecutive length of
time the file system has been enabled and running.
•
Disabled and shutdown.
•
Enabling and disabling—in the process of becoming enabled or
disabled.
•
Destroying—if the file system is being deleted.
•
Error—if there is an error condition, such as a problem
initializing the file system.
Working with the File System
Clean Status
The Clean Status area contain a Start/Stop Cleaning button and
shows the date the last cleaning operation occurred, or the current
cleaning status if the cleaning operation is currently running. For
example:
Cleaning finished at 2009/01/13 06:00:43
or, if the file system is disabled, shows:
Unavailable
About the Summary View
Click the Summary tab to view important file system statistics, as
described in the following section.
Space Usage
The first Space Usage pane shows the amount of disk space
available and used by file system components, based on the last
cleaning.
•
The /data:post-comp line shows amounts for compressed
data in the /data directory.
•
The /ddvar line shows amounts for log and core files. (Remove
old logs and core files to free space in this area.)
For both of these, the following amounts are shown in real
numbers and in the color-coded graph as described in About the
Space Usage View on page 199:
•
Size—The amount of total physical disk space available for
data.
•
Used—The actual physical space used for compressed data.
Warning messages go to the system log and an email alert is
generated when the use reaches 90%, 95%, and 100%. At 100%,
the Data Domain system accepts no more data from backup
servers.
If the Used amount is always high, check the cleaning schedule
to see how often the cleaning operation runs automatically,
then use the procedure Modify a Cleaning Schedule on page 208
to run the operation more often. Also consider reducing the
DD OS 5.2 Administration Guide
195
data retention period or splitting off a portion of the backup
data to another Data Domain system.
•
Available (GiB)—The total amount of space available for data
storage. This figure can change because an internal index may
expand as the Data Domain system fills with data. The index
expansion takes space from the Avail GiB amount.
•
Cleanable (GiB)—The amount of space that could be reclaimed
if a cleaning operation were run.
The second Space Usage pane shows the compression factors:
•
Currently Used—The amounts currently in use by the file
system.
•
Written in Last 24 Hours—The compression activity over the
last day.
For both of these areas, the following is shown:
•
Pre-Compression (GiB)—Data written before compression.
•
Post-Compression (GiB)—Storage used after compression.
•
Global-Comp Factor—Pre-Compression / (Size after global
compression).
•
Local-Comp Factor—(Size after global compression) / PostCompression
•
Total-Comp Factor—Pre-Comp / Post-Comp
•
Reduction %—[(Pre-Comp - Post-Comp) / Pre-Comp] * 100
About the Archive Units View
The Archive Units view (shown only when the optional
ARCHIVER (DD Extended Retention) license is activated) on the
File System page lists each archive unit. It shows the unit’s state
(new, sealed, or target), its status (disabled or ready, and its size. If
the unit has been sealed, that is, no more data can be added, the
date that it was sealed is given.
Click the diamond symbol to the right of a column heading to sort
the order of the values in reverse.
196
Working with the File System
About the Configuration View
To check the file system configuration settings, click the
Configuration tab. The Configuration view presents the
configurable options and the current clean schedule, along with
Edit buttons to change those settings.
The Options settings and the descriptions of settings are shown
below:
Options Settings
Description
Local Compression
Type
The type of local compression in use. See:
• Types of Compression on page 184 for an
overview.
• Change Local Compression on page 209.
Report Relica as
Writable
How applications see a replica. See:
• Change Read-only Settings on page 209.
Marker Type
Backup software markers (tape markers, tag
headers, or other names are used) in data
streams. See: Tape Marker Settings on page 211.
Staging Reserve
Manage disk staging. See:
• Working with Disk Staging on page 210.
•
Configure Disk Staging on page 211.
Cleaning Schedule
Settings
Description
Time
The date time cleaning operations run. See:
• Modify a Cleaning Schedule on page 208.
Throttle
The system resources allocation. See:
• Throttle the Cleaning Operation on page 208.
DD OS 5.2 Administration Guide
197
About the Encryption View
The settings on the Encryption page are described below.
Setting
Description
Encryption
Status
Status can be one of the following:
• Not configured—Encryption is licensed but not
configured. See Local Key Manager Encryption
Setup on page 219 for the configuration
procedure.
• Enabled—Encryption is enabled and running.
• Disabled—Encryption is disabled.
Encryption
Algorithm
The algorithm used to encrypt the data:
• AES 256-bit (CBC) (default)
• AES 256-bit (GCM) (more secure but slower)
• AES 128-bit (CBC) (not as secure as 256-bit)
• AES 128-bit (GCM) (not as secure as 256-bit)
See Changing the Encryption Algorithm on
page 229 for details.
Encryption
Passphrase
When configured, shows as “*****.”
To change the passphrase, see Managing the
Encryption Passphrase on page 230.
File System Lock
Status
The File System Lock status is either:
• Unlocked—The feature is not enabled.
• Locked—The feature is enabled.
Key Management
198
Key Manager
Either the internal Data Domain Key Manager, or
the optional RSA Data Protection Manager (DPM)
Key Manager.
Click Configure to switch between key managers
(if both are configured), or to modify RSA DPM
Key Manager options.
Server
The name of the RSA Key Manager Server.
Working with the File System
Setting
Description
Server Status
Online or offline., or the error messages returned
by the RSA Key Manager Server.
Key Class
A specialized type of security class used by the
optional RSA Data Protection Manager (DPM) Key
Manager that groups crytopgraphic keys with
similar characteristics. The Data Domain system
retrieves a key from the RSA server by key class. A
key class to be set up to either return the current
key, or to generate a new key each time.
Note: For DD OS 5.2, the Data Domain system
supports only key classes configured to return the
current key.
Port
The port number of the RSA server.
FIPS mode
Whether or not the imported host certificate is
FIPS compliant. The default mode is enabled.
Encryption Keys
Lists keys by ID numbers. Shows when a key was
created, how long it is valid, its type (RSA DPM
Key Manager or the Data Domain internal key),
state (see Table 5-2, DPM Encryption Key States
Supported by Data Domain, on page 216), and its
post-compression size.
Selected keys in the list can be
• Synchronized so the list shows new keys added
to the RSA server (but are not usable until the
file system is restarted).
• Deleted.
• Destroyed.
About the Space Usage View
The Space Usage view contains a graph that displays a visual
representation of data usage, derived from the space.log file.
•
Click a point on a graph line to display a box with data at that
point.
DD OS 5.2 Administration Guide
199
•
Click Print (at the bottom on the graph) to open the standard
Print dialog box.
•
Click Show in new window to display the graph in a new
browser window.
The lines of the graph denote measurement for:
•
Pre-comp Written—The total amount of data sent to the Data
Domain system by backup servers. Pre-compressed data on a
Data Domain system is what a backup server sees as the total
uncompressed data held by a Data Domain system-as-storageunit. Shown with the Space Used (left) vertical axis of the
graph.
•
Post-comp Used—The total amount of disk storage in use on
the Data Domain system. Shown with the Space Used (left)
vertical axis of the graph.
•
Comp Factor—The amount of compression the Data Domain
system has performed with the data it received (compression
ratio). Shown with the Compression Factor (right) vertical axis
of the graph.
Checking Historical Space Usage
On the Space Usage graph, clicking an interval (ie, 7d, 30d, 60d,
120d) on the Duration line above the graph allows you to change
the number of days of data shown on the graph, from 7 to 120
days.
To see space usage for intervals over 120 days, use the following
command on the command line:
filesys show compression [summary | daily | daily-detailed]
{[last n {hours | days | weeks | months}] | [start date [end
date]]}
About the Consumption View
The Consumption view presents the space used over time, shown
in relation to total system capacity.
•
200
Click a point on a graph line to display a box with data at that
point.
Working with the File System
•
Click Print (at the bottom on the graph) to open the standard
Print dialog box.
•
Click Show in new window to display the graph in a new
browser window.
The lines of the graph denote measurement for:
•
Capacity—The total amount of disk storage available for data
on the Data Domain system. The amount is shown with the
Space Used (left) vertical axis of the graph. Clicking the
Capacity checkbox toggles this line on and off.
•
Post-comp—The total amount of disk storage in use on the
Data Domain system. Shown with the Space Used (left) vertical
axis of the graph.
•
Comp Factor—The amount of compression the Data Domain
system has performed with the data it received (compression
ratio). Shown with the Compression Factor (right) vertical axis
of the graph.
•
Cleaning—A grey diamond appears on the chart each time a
file system cleaning operation was started.
•
Data Movement—The amount of disk space moved to the
archiving storage area (if the Archive license is enabled).
Checking Historical Consumption Usage
On the Consumption graph, clicking an interval (ie, 7d, 30d, 60d,
120d) on the Duration line above the graph allows you to change
the number of days of data shown on the graph, from 7 to 120
days.
About the Daily Written View
The Daily Written view contains a graph that displays a visual
representation of data that is written daily to the system over a
period of time, selectable from 7 to 120 days. The data amounts are
shown over time for pre- and post-compression amounts.
It also provides totals for global and local compression amounts,
and pre-compression and post-compression amounts.
DD OS 5.2 Administration Guide
201
•
Click a point on a graph line to display a box with data at that
point.
•
Click Print (at the bottom on the graph) to open the standard
Print dialog box.
•
Click Show in new window to display the graph in a new
browser window.
The lines on the graph denote measurements for:
•
Pre-Comp—The total amount of data written to the Data
Domain system by backup servers. Pre-compressed data on a
Data Domain system is what a backup server sees as the total
uncompressed data held by a Data Domain system-as-storageunit.
•
Post-Comp—The total amount of data written to the Data
Domain system after compression has been performed, as
shown in GiBs.
•
Total Comp—The total amount of compression the Data
Domain system has performed with the data it received
(compression ratio). Shown with the Total Compression Factor
(right) vertical axis of the graph.
Checking Historical Written Data
On the Daily Written graph, clicking an interval (7d, 30d, 60d,
120d) on the Duration line above the graph allows you to change
the number of days of data shown on the graph, from 7 to 120
days.
Below the Daily Written graph, the following totals display for the
current duration value:
202
•
Pre-comp
•
Post-comp
•
Global-comp factor
•
Local-comp factor
•
Total-comp factor
Working with the File System
When the File System Is Full or Nearly Full
A Data Domain system has three progressive levels of being full.
As each level is reached, progressively more operations are
disallowed. At each level, deleting data and performing a file
system cleaning operation makes disk space available for
continued operation. Deleting files and removing snapshots do not
immediately reclaim disk space, but allow the next cleaning
operation to reclaim the space.
1. Level 1—At the first level of fullness, no more new data can be
written to the file system. An informative out of space message
is generated.
Remedy—Delete unneeded datasets, reduce the retention
period, delete snapshots, and perform a file system cleaning
operation.
2. Level 2—At the second level of fullness, files cannot be deleted.
This is because deleting files also require free space but the
system has so little free space available that it cannot even
delete files.
Remedy—Expire snapshots and perform a file system cleaning
operation.
3. Level 3—At the third and final level of fullness, attempts to
expire snapshots, delete files, or write new data fail.
Remedy—Perform a file system cleaning operation to free
enough space to at least delete some files or expire some
snapshots and then rerun cleaning.
Monitor the Space Usage with Email Alerts
Alerts are generated when the file system is at 90%, 95%, and 100%
full. To receive these alerts, add the user to the alert emailing list.
To join the alert email list, see Working with the Notification View on
page 163.
DD OS 5.2 Administration Guide
203
Managing File System Operations
The following file system operations are described in this section:
•
Performing Basic Operations on page 204
•
Performing Cleaning on page 207
•
Modifying Basic Settings on page 208
Performing Basic Operations
Basic file system operations include enabling and disabling the file
system, and in the rare occasion, destroying a file system.
Creating the File System
There are three reasons to create a file system:
•
For a new Data Domain system.
•
When a system is started after a clean installation.
•
After a file system has been destroyed.
To create the file system:
1. Verify that storage has been installed and configured. If the
system does not meet this prerequisite, a warning message is
displayed. Install and configure the storage before attempting
to create the file system.
2. Select a system in the Navigational pane.
3. Click the Data Management > File System tabs.
4. From the More Tasks menu, select Create File System.
The File System Create dialog box shows the approximate size
of the file system. Check Enable file system after creation to
start using this file system as soon as it is created. Click Next.
5. A summary displays the file system size and whether the file
system is to be automatically enabled. Click Back if you want to
change the enable the file system option. Clicking Finish starts
the file system creation.
204
Working with the File System
6. A progress bar measures the file system creation’s progress. A
check mark indicates that a step of the procedure has
completed. When a check mark Completed is displayed, click
OK.
Enable or Disable the File System
The option to enable or disable the file system is dependent on the
current state of the file system—if its enabled, you can disable it
and vice versa.
•
Enabling the file system allows Data Domain system
operations to begin. This ability is available to administrative
users only.
•
Disabling the file system halts all Data Domain system
operations, including cleaning. This ability is available to
administrative users only.
Caution: Disabling the file system when a backup application is
sending data to the system can cause the backup process to fail.
Some backup software applications are able to recover by
restarting where they left off when they are able to successfully
resume copying files; others might fail, leaving the user with an
incomplete backup.
1. Select a system in the Navigational pane.
2. Click the Data Management > File System tabs.
3. In the Overview pane, click Enable or Disable in the State area.
4. Click OK and Close.
Expand the File System
The size of a file system may need to be expanded if the remedies
in the section When the File System Is Full or Nearly Full on page 203
do not sufficiently clear enough space for normal operations.
The file system may not be expandable because there are no
unused disks or enclosures in the Active or Archive tiers; an
expanded storage license is not installed; or there are not enough
capacity licenses installed.
To expand the file system:
DD OS 5.2 Administration Guide
205
1. Select a system in the Navigational pane.
2. Click the Data Management > File System tabs.
3. From the More Tasks menu, select Expand Capacity.
The Expand File System Capacity dialog window appears,
showing the current size of the file system, and noting how
much additonal storage space is available for expansion.
•
If enough capacity is available for expansion requirements,
continue to step 7.
•
If capacity needs to be added, continue with the next step.
4. Click Configure to allocate existing storage to the file system.
The Configure Storage dialog window appears.
5. In the Available Storage area, click the checkboxes of the
storage devices to use and click Move to Tier.
System storage must be moved from the Available Storage area
to the Active Tier storage area before the file system can be
created.
6. Click OK and Close in the progress dialog box.
7. Click Finish to expand the file system into the available
storage.
Destroy the File System
Destroying the file system deletes all data in the Data Domain file
system (including virtual tapes). This operation also removes
Replication configuration settings.
Caution: Deleted data is not recoverable.
This operation is used when it is necessary to cleaning out existing
data, to create a new collection replication destination, or to
replace a collection source, or for security reasons because the
system is being removed from operation.
The optional Write zeros to disk operation writes zeros to all file
system disks, effectively removing all traces of data. If the Data
Domain system contains a large amount of data, this can take
many hours, or a day to complete.
206
Working with the File System
Note: As this is a destructive procedure, this operation is available
to administrative users only.
1. From the More Tasks menu, select Destroy.
2. In the Destroy File System dialog box, enter the sysadmin
password. (It is the only accepted password.)
3. Optionally, click the checkbox for Write zeros to disk to
completely remove data.
4. Click OK.
Performing Cleaning
To start or stop cleaning, or to modify the default cleaning
schedule (every Tuesday at 6 a.m. with 50% throttle), use one of
the procedures below.
Manually Start and Stop Cleaning
To immediately start a cleaning operation:
1. In the Overview pane, click Start Cleaning in the Clean Status
area.
The Start File System Clean dialog box appears.
2. In the Throttle Percentage text box, enter a system throttle
amount. This is the percentage of CPU usage dedicated to
cleaning.
3. Click OK.
4. The Start File System Clean dialog box appears where you can
watch the cleaning operation progress. Click Close to exit the
progress dialog box.
DD OS 5.2 Administration Guide
207
To immediately stop a cleaning operation (stopping the process
means that all work done so far is lost):
1. In the Overview pane, click Stop Cleaning in the Clean Status
area.
The Stop File System Clean dialog box appears.
2. Click OK.
Modify a Cleaning Schedule
To change the schedule for cleaning:
1. Click the Data Management > File System > Configuration
tabs.
2. In the Clean Schedule area, click Edit.
The Modify Schedule dialog box appears.
3. Click the Custom Clean Schedule radio button.
4. Enter the start time, throttle percentage, and days (either
weekly or monthly).
Note: The throttle setting affects cleaning only when the
system is servicing user requests. When there are no user
requests, cleaning always runs at full throttle.
5. Click OK.
Throttle the Cleaning Operation
If the cleaning operation is slowing down the rest of the system,
consider modifying the throttle settings to change the amount of
system resources used by the cleaning process. Stop and restart the
cleaning operation, using the procedures above.
Modifying Basic Settings
The Modify Settings option allows you to change the type of
compression used, marker types, Replica write status, and Staging
Reserve percentage, as described in the following sections:
•
208
Change Local Compression on page 209
Working with the File System
•
Change Read-only Settings on page 209
•
Configure Disk Staging on page 211
Change Local Compression
To change the type of local compression in use:
1. Click the Data Management > File System > Configuration
tabs.
2. In the Options area, click Edit.
The Modify Settings dialog box appears.
3. In the Local Compression Type area, click the drop-down list
and select a new compression type.
Option
Description
none
Do not compress data.
lz
The default algorithm that gives the best throughput.
Data Domain recommends the lz option.
gzfast
A zip-style compression that uses less space for
compressed data, but more CPU cycles (twice as much as
lz). Gzfast is the recommended alternative for sites that
want more compression at the cost of lower performance.
gz
A zip-style compression that uses the least amount of
space for data storage (10% to 20% less than lz on average;
however, some datasets get much higher compression).
This also uses the most CPU cycles (up to five times as
much as lz). The gz compression type is commonly used
for nearline storage applications in which performance
requirements are low.
4. Click OK at the confirmation dialog box.
5. Click Close to exit the status dialog box.
Change Read-only Settings
Some backup applications must see the replica as writable to do a
restore or vault operation from the replica. To change the replica to
writable:
DD OS 5.2 Administration Guide
209
1. Click the Data Management > File System > Configuration
tabs.
2. In the Options area, click Edit.
The Modify Settings dialog box appears.
3. In the Report Replica as Writable pane, click the Enable
checkbox.
4. Click OK.
5. Click Close to exit the status dialog box.
Working with Disk Staging
Disk staging enables a Data Domain system to serve as a staging
device, where the system is viewed as a basic disk via a CIFS share
or NFS mount point. Disk staging can be used in conjunction with
your backup software, such as Symantec’s NetBackup (NBU) and
EMC’s NetWorker.
The Data Domain disk staging feature does not require a license
and is disabled by default.
Note: The VTL feature is not required or supported when the Data
Domain system is used as a Disk Staging device.
The reason that some backup applications use disk staging devices
is to enable tape drives to stream continuously. After the data is
copied to tape, it is retained on disk for as long as space is
available. Should a restore be needed from a recent backup, more
than likely the data is still on disk and can be restored from it more
conveniently than from tape. When the disk fills up, old backups
can be deleted to make space. This delete-on-demand policy
maximizes the use of the disk.
In normal operation, the Data Domain System does not reclaim
space from deleted files until a cleaning operation is done. This is
not compatible with backup software that operates in a staging
mode, which expects space to be reclaimed when files are deleted.
When you configure disk staging, you reserve a percentage of the
total space—typically 20 to 30 percent—in order to allow the
system to simulate the immediate freeing of space.
210
Working with the File System
The amount of available space is reduced by the amount of the
staging reserve. When the amount of data stored uses all of the
available space, the system is full. However, whenever a file is
deleted, the system estimates the amount of space that will be
recovered by cleaning and borrows from the staging reserve to
increase the available space by that amount. When a cleaning
operation runs, the space is actually recovered and the reserve
restored to its initial size. Since the amount of space made available
by deleting files is only an estimate, the actual space reclaimed by
cleaning may not match the estimate. The goal of disk staging is to
configure enough reserve so that you do not run out before
cleaning is scheduled to run.
Configure Disk Staging
To enable disk staging and specify the staging reserve percentage:
1. Click the Data Management > File System > Configuration
tabs.
2. In the Options area, click Edit.
The Modify Settings dialog box appears.
3. In the Staging Reserve pane, click the Enable checkbox.
4. Enter a value in the % of Total Space text box.
This value represents the percentage of the total disk space to
be reserved for disk staging, typically 20 to 30 percent.
5. Click OK.
Tape Marker Settings
Backup software from some vendors insert markers (tape markers,
tag headers, or other names are used) in all data streams (both file
system and VTL backups) sent to a Data Domain system. Markers
can significantly degrade data compression on a Data Domain
system. As such, the default marker type auto is set and cannot be
changed by the user. If this setting is not compatible with your
backup software, contact your contracted support provider.
DD OS 5.2 Administration Guide
211
Managing Encryption of Data at Rest
The optional Encryption of Data at Rest feature encrypts all
incoming (and optionally, existing) data to the Data Domain
system before it is written to the physical storage media. The data
is physically stored in an encrypted manner and cannot be read on
the existing Data Domain system or in any other environment
without first decrypting it.
This section consists of these topics:
•
How Encryption of Data at Rest Works on page 212
•
About Key Management on page 214
•
Local Key Manager Encryption Setup on page 219
•
RSA DPM Key Manager Encryption Setup on page 221
•
Changing Key Managers after Setup on page 226
•
Checking Settings for Encryption of Data at Rest on page 226
•
Enabling and Disabling Encryption of Data at Rest on page 226
•
Locking and Unlocking the File System on page 227
•
Changing the Encryption Algorithm on page 229
How Encryption of Data at Rest Works
Data encryption protects user data if the Data Domain system is
stolen or if the physical storage media is lost during transit, and
eliminates accidental exposure of a failed drive if it is replaced. If
an intruder circumvents network security controls and gains
access to encrypted data, the data is unreadable and unusable
without the proper cryptographic keys.
When data enters the Data Domain system using any of the
supported protocols (NFS, CIFS, VTL, DD Boost, and NDMP Tape
Server), the stream is segmented, fingerprinted, de-duplicated
(global compression), then grouped into multi-segment
compression regions, locally compressed, and then encrypted
before stored to disk.
212
Working with the File System
Note: Once enabled, the Encryption at Rest feature encrypts all
data entering the Data Domain system. You cannot enable
encryption at a more granular level.
Caution: Data that has been stored before the encryption feature is
enabled does not automatically get encrypted. To protect all of the
data on the system, be sure to enable the option to encrypt existing
data. See Local Key Manager Encryption Setup on page 219.
Notes:
The filesys encryption apply-changes command
applies any encryption configuration changes to all data
present in the file system during the next cleaning cycle. For
more information about this command, see the DD OS 5.2
Command Reference Guide.
To use the Enterprise Manager to encrypt existing data, see
Local Key Manager Encryption Setup on page 219 and RSA DPM
Key Manager Encryption Setup on page 221.
You can use all of the currently supported backup applications
described in the Backup Application Matrix on the Support portal
with the Encryption of Data at Rest feature.
Data Domain Replicator software can be used with the encryption
option, enabling encrypted data to be replicated using collection,
directory, MTree, or application-specific managed file replication
and with the various topologies. Each replication form works
uniquely with encryption and offers the same level of security. For
more information, see the section Using Encryption of Data at Rest
with Replication on page 411.
Files locked using the Data Domain Retention Lock software
options can be stored, encrypted, and replicated.
The autosupport feature includes information about the state of
encryption on the Data Domain system:
•
Whether or not encryption is enabled
•
The Key Manager in effect and which keys are used
•
The encryption algorithm that is configured
•
The state of the file system
DD OS 5.2 Administration Guide
213
About Key Management
As of DD OS 5.2, an optional external encryption key management
capability has been added, the RSA Data Protection Manager
(DPM) Key Manager. The preexisting local encryption key
administration method is still in place. You can choose either
method to manage the Data Domain encryption key.
The Local Key Manager provides a single encryption key per Data
Domain system. The RSA DPM Key Manager enables the use of
multiple, rotating keys on a Data Domain system.
Note: Only one encryption key can be active on a Data Domain
system. The DPM Key Manager provides the active key. If the
same DPM Key Manager manages multiple Data Domain systems,
all will have the same active key—if they are synced and the Data
Domain file system has been restarted.
The section covers the following major topics:
•
Key Manager Support on page 214
•
About the Local Key Manager on page 215
•
About the RSA DPM Key Manager on page 215
•
How the Cleaning Operation Works on page 219
•
Perform this Setup on the RSA DPM Server on page 221
•
Perform this Setup on the Data Domain System on page 223
Key Manager Support
Both Key Managers support all DD OS file system protocols.
DD Extended Retention
Note: Data Domain Extended Retention (formerly known as the
Data Domain Archiver system) is now a software option on
supported Data Domain systems.
Data Domain systems with DD Extended Retention Software do
not support encryption of data at rest. Therefore, DD Extended
Retention software cannot be added to those Data Domain systems
that are encryption enabled or either have encrypted data on them.
214
Working with the File System
Replication
When configuring Data Domain systems for directory MTree
replication, configure each Data Domain system separately. The
two systems can use either the same or a different key class, and
the same or different key managers.
For collection replication configuration, the Data Domain system
must be configured on the source. After a replication break the
original replica Data Domain system has to be configured for Key
Manager. If not, the Data Domain system continues to use the
latest known key. You cannot delete a key that has been configured
for collection replication. You need to contact your contracted
support provider to delete these kinds of keys.
About the Local Key Manager
An single internal Data Domain encryption key is available on all
Data Domain systems.
The first time Encryption of Data at Rest is enabled, the Data
Domain system randomly generates an internal system encryption
key. Once the key is generated, the system encryption key cannot
be changed and is not accessible to a user.
The Encryption key is further protected by a passphrase, which is
used to encrypt the encryption key before it is stored in multiple
locations on disk. The passphrase is user generated and requires
both an administrator and a security officer to change it.
About the RSA DPM Key Manager
RSA DPM Key Manager consists of a centralized RSA DPM Key
Manager Server and the embedded DPM client on each Data
Domain system.
The RSA DPM Key Manager is in charge of the generation,
distribution, and lifecycle management of multiple encryption
keys. Keys can be rotated on a regular basis, depending on the
policy. A maximum number of 254 keys is supported.
If the RSA DPM Key Manager is configured and enabled, the Data
Domain systems uses keys provided by the RSA DPM Key
Manager Server.
DD OS 5.2 Administration Guide
215
Encryption Key States
One Activated-RW key is always in effect. If the active key is
compromised, the RSA DPM Key Manager provides a new key.
When the Data Domain system detects the new key, it issues an
alert for the administrator to restart the file system.
Expired keys becomes read only for the existing data on the Data
Domain system, and a new, active key is applied to all new data
that is ingested. When a key is compromised, the existing data is
re-encrypted using new encryption key after a filesystem clean is
run. After the number of keys exceeds the maximum, rather than
deleting excess keys, you would keep them for auditing purposes.
To view information about the encyption keys that are on Data
Domain system, open the Enterprise Manager and go to the Data
Management > File System > Encryption tab. Keys are listed by ID
number in the Encryption Key section of the Encryption page. The
following information is given for each key: when a key was
created, how long it is valid, its type (RSA DPM or Data Domain),
its state, such as Activated-RW or Deactivated, and its postcompression size.
Table 5-2: DPM Encryption Key States Supported by Data
Domain
216
State
Definition
Pending-Activated
The key has just been created. After a file system
restarts, the key becomes Activated-RW.
Activated-RW and
Activated-RO
Both Activated-RW and Activated-RO read the
data encrypted with their keys, respectively.
Activated-RW is the latest activated key.
De-Activated
A key becomes deactivated when the current
time exceeds the validity period. The key is used
for reading.
Compromised
The key can only decrypt. After all of the data
encrypted with the compromised key is reencrypted, the state changes to Destroyed
Compromised. The keys are re-encrypted when a
file system clean is run. You can delete a
Destroyed Compromised key, if necessary.
Working with the File System
Table 5-2: DPM Encryption Key States Supported by Data
Domain
State
Definition
Marked-ForDestroy
You have marked the key as destroyed for the
data to be re-encrypted.
Destroyed
After re-encrypting all data encrypted with this
key, the DD OS changes it from Marked-ForDestroy to Destroyed.
Also, when the key that is destroyed is
compromised, it becomes CompromisedDestroyed. You can delete keys that are
Destroyed and Compromised-Destroyed.
Note: A key is not destroyed in the Data
Domain system until a cleaning operation is run
and completed.
How Keys are Kept in Sync with the RSA DPM Key Manager
An automatic key sync is performed every day at midnight. A
manual key sync is required only if you cannot wait for the
scheduled sync. Whenever new keys are synced on the Data
Domain system, an alert is generated. This alert is cleared after the
Data Domain file system is restarted.
After the RSA DPM Key Manager Server generates new keys, click
the Sync button to have them display in the Encryption Key list on
the Enterprise Manager’s Encryption tab.
Note: A file system restart is necessary if keys have changed since
the last sync.
1. Using the Enterprise Manager, select the Data Domain system
you are working with in the Navigation pane.
Note: Always perform Enterprise Manager functions on the
system you have selected in the Navigation pane.
2. Click Data Management > File System and then select the
Encryption tab.
3. In the Encryption Keys section, select the RSA DPM key.
DD OS 5.2 Administration Guide
217
4. Click Sync.
How to Destroy a Key
Destroy a key if you do not want any data to be encrypted with it.
Follow this procedure only when you are running out of keys (no
more keys can be added). The maximum number of keys is 254.
This procedure requires security officer credentials. For
information about the security officer, see Create Local Users on
page 105 and Enable Security Authorization on page 109.
To change an RSA DPM key to a state in which it can be deleted:
1. Deactivate the key on the RSA DPM Server.
2. Restart the file system for the key to be deactivated on the Data
Domain system.
3. Using the Enterprise Manager, navigate to the Data
Management > File System > Encryption tabs.
4. In the Encryption Keys section, select the key in the list to be
destroyed.
5. Click Destroy Key.
6. Enter your security officer user name and password.
7. Confirm that you want to destroy the key by clicking OK.
8. After the file system clean has run, the key state changes to
Destroyed.
9. Delete the key. See How to Delete a Key on page 218.
How to Delete a Key
You need to delete a key only when the number of keys has
exceeded the maximum 254 limit.
This procedure requires security officer credentials.
You can delete Key Manager keys that are in the Destroyed or
Compromised-Destroyed states.
1. Using the Enterprise Manager, navigate to the Data
Management > File System > Encryption tabs.
218
Working with the File System
2. In the Encryption Keys section, select the key or keys in the list
to be deleted.
3. Click Delete Keys.
4. Enter your security officer user name and password.
5. Confirm that you want to delete the key or keys by clicking
OK.
How the Cleaning Operation Works
Encryption affects the performance of cleaning operations during
which all data encrypted with the Compromised or Marked-ForDestroyed keys is re-keyed using the Activated-RW key. At the
end of the cleaning operation, there will be no data that is
encrypted with the Compromised or Marked-For-Destroyed keys.
Also, any data written by the cleaning operation is encrypted with
the Activated-RW key.
Key Manager Setup<
Follow the instructions for the type of key manager you are using:
•
Local Key Manager Encryption Setup on page 219
•
RSA DPM Key Manager Encryption Setup on page 221
Local Key Manager Encryption Setup
To set up Encryption of Data at Rest:
1. Using the Enterprise Manager, click the Data Management >
File System > Encryption tabs.
If Encryption is not licensed, it reports that and provides an
Add License link. Click the link, add your assigned license in
the License Key entry field, and click OK.
Once Encryption is licensed, the initial status shows Not
configured.
2. To set up the Encryption feature and globally enable
encryption on the Data Domain system, click Configure.
DD OS 5.2 Administration Guide
219
In the Configure Encryption dialog box, type a passphrase of at
least one character in the New Passphrase text field, re-enter it
in the Confirm New Passphrase field, and click Next.
Note: As of DD OS 5.2, the maximum number of characters for
the passphrase is 254; previously, it was 1023. The minimum is
one.
Caution:Unless you can reenter the correct passphrase, you
cannot unlock the file system and access the data. The data will
be irrevocably lost.
For more information about the using and changing the
Passphrase, see *Managing the Encryption Passphrase on
page 230.
3. Select an encryption algorithm from the menu or accept the
default AES 256-bit (CBC). Clicking Reset to Default selects this
encryption algorithm.
The AES 256-bit Galois/Counter Mode (GMC) is the most
secure algorithm, but it is significantly slower than the Cipher
Block Chaining (CBC) mode.
4. To encrypt both new and existing data on the system, select
Apply to Existing data. Existing data will be encrypted during
the first cleaning cycle after the file system is restarted.
5. Click Next.
Warning:Encryption of existing data can take longer than a
standard file system clean operation.
6. Select that you want to obtain the encryption key from the Data
Domain system, and click Next.
7. The Summary shows the selected configuration values. Review
them for correctness. To change a value, click Back to the page
where it was entered and modify it.
8. Because a system restart is necessary to enable encryption, to
apply the new configuration, select the option Restart the file
system now.
9. Click Finish.
220
Working with the File System
Note: Applications may experience an interruption while the file
system is restarted.
RSA DPM Key Manager Encryption Setup
DPM Key Manager must be set up on both the RSA DPM Server
and on the Data Domain system.
Perform this Setup on the RSA DPM Server
The main steps for setting up the RSA DPM Server (using its
graphical user interface) are as follows:
Notes:
See the latest version of the RSA Data Protection Manager Server
Administrator’s Guide for more information about each step of
this procedure.
Algorithm and cipher mode settings set on the RSA DPM Key
Manager Server are ignored by the Data Domain system.
Configure these settings on the Data Domain system.
1. Create an identify for the Data Domain system using the X509
certificate. A secure channel is created based on this certificate.
2. Create a key class with the proper attributes:
•
Key length: 256 bits
•
Duration: For example, six months or whatever matches
your policy.
•
Auto-key generation: Select to have keys automatically
generated.
Note: Multiple Data Domain systems can share the same key
class. For more information about key classes, see About RSA
DPM Key Classes on page 222.
3. Create an identity using the Data Domain system’s host
certificate as its identity certificate. The identity and the key
class have to be in the same identity group.
4. Import the certificates. See Importing the Certificates on
page 222.
DD OS 5.2 Administration Guide
221
About RSA DPM Key Classes
The Data Domain system retrieves a key from RSA DPM Key
Manager by key class. A key class is a specialized type of security
class used by the RSA DPM Key Manager that groups
crytopgraphic keys with similar characteristics.
The RSA DPM Key Manager Server allows a key class to be set up
to either return the current key, or to generate a new key each time.
For DD OS 5.2, the Data Domain system supports only the key
classes configured to return the current key. Do not use a key class
that is configured to generate a new key each time.
Note: If the key length is not 256 bits, the DPM configuration will
fail.
Importing the Certificates
DD OS 5.2 does not support the RSA DPM Key Manager Server’s
Auto Registration Certificate capability, which uploads an auto
registered certificate directly, or imports multiple certificates. This
means that you must import the CA and Host certificates for a
Data Domain system.
Notes:
You must obtain CA and Host certificates that are compatible
with the RSA DPM Key Manager. You can request these
certificates from third-party certificates authorities, or create
them using appropriate SSL utility tools.
DD OS 5.2 supports certificates without any extension and
certificates with server and client extensions for use with both
the Enterprise Manager and RSA DPM Key Manager.
Certificates with client extensions are supported only by RSA
DPM Key Manager, and certificates with server extensions are
supported only by the Enterprise Manager.
Alerts:
•
222
If HTTPS fails to restart due to corrupted imported
certificates, self-signed certificates are used. If this occurs, a
managed alert, UnusableHostCertificate, is issued. To clear
the alert, delete the corrupted certificates and re-import
new certificates.
Working with the File System
•
If imported certificates are removed; for example during a
system headswap and the imported certificates fail to copy
over, a managed alert, MissingHostCertificate, is issued.
Re-import the certificates to clear the alert.
After obtaining the certificates, import them to the Data Domain
system as follows:
Note: The following perquisites must be met:
•
The Host certificate should be in PKCS12 format.
•
The CA certificate should be in PEM format.
•
If the system passphrase is not set, you cannot import the
host certificate. The passphrase is set when you enable
encryption. To change it, see Change the Encryption
Passphrase on page 231.
1. Configure the RSA DPM Key Manager Server to use the CA
and Host certificates. For instructions, see the RSA DPM Key
Manager Server Administration Guide.
2. Import the certificates by redirecting the certificate files using
ssh command syntax. See the DD OS 5.2 Command Reference
Guide for details.
ssh sysadmin@<Data-Domain-system> adminaccess
certificate import {host password password |ca } <
path_to_the_certificate
For example, to import the host certificate host.p12 from your
personal computer’s desktop over to the Data Domain system
DD1 using ssh, enter:
# ssh sysadmin@DD1 adminaccess certificate import
host password abc123 < C:\host.p12
3. Import the CA certificate, for example, ca.pem, from your
desktop to DDR1 via SSH by entering:
Note: # ssh sysadmin@DDR1 adminaccess certificate
import ca < C:\ca.pem
Perform this Setup on the Data Domain System
Using the Data Domain Enterprise Manager for the Data Domain
system setup, follow these steps:
DD OS 5.2 Administration Guide
223
1. Complete the DPM Key Manager setup on the RSA DPM
Server.
Note: If using the Local Key Manager, complete its setup as
described in Local Key Manager Encryption Setup on page 219.
The process for enabling encryption is the same.
2. The Data Domain system must be able to resolves its own IP
address using its hostname. If this mapping has not been
added to the DNS server, use this command line to add the
entry to the /etc/hosts file:
# net hosts add ipaddr host-list
where ipaddr is the IP address of Data Domain system and
host-list is the hostname of the Data Domain system.
Note: By default, the fips-mode is enabled. If the PKCS #12
client credential is not encrypted with the FIPS 140-2 approved
algorithm, such as RC2, then you must disable the fips-mode.
3. Log into the Enterprise Manager and select the Data Domain
system you are working with in the Navigation pane.
Note: Always perform Enterprise Manager functions on the
system you have selected in the Navigation pane.
4. Click the Data Management > File System > Encryption tabs.
If Encryption is not licensed, it reports that and provides an
Add License link. Click the link, add your assigned license in
the License Key entry field, and click OK.
Once Encryption is licensed, the initial status shows Not
configured.
5. To set up the Encryption feature and globally enable
encryption on the Data Domain system, click Configure.
In the Configure Encryption dialog box, type a passphrase in
the New Passphrase text field, re-enter it in the Confirm New
Passphrase field, and click Next.
Note: As of DD OS 5.2, the maximum number of characters for
the passphrase is 254; previously, it was 1023. There is no
minimum.
224
Working with the File System
Caution:Unless you can reenter the correct passphrase, you
cannot unlock the file system and access the data. The data will
be irrevocably lost.
For more information about the using and changing the
Passphrase, see page 230.
6. Select an encryption algorithm from the menu or accept the
default AES 256-bit (CBC). Clicking Reset to Default selects this
encryption algorithm.
The AES 256-bit Galois/Counter Mode (GMC) is the most
secure algorithm, but it is significantly slower than the Cipher
Block Chaining (CBC) mode.
7. To encrypt both new and existing data on the system, select
Apply to Existing data. Existing data will be encrypted during
the first cleaning cycle after the file system is restarted. Click
Next.
Warning:Encryption of existing data can take longer than a
standard file system clean operation.
8. Select the Key Manager. For the RSA DPM Key Manager.
a. Enter the name or the IP address of the Key Manager server
in the Server Name text box.
b. Choose the key class that the Data Domain system is to use
to generate the key from the menu.
c. Enter the port number; 443 is the default.
d. Select whether or not the imported host certificate is FIPS
compliant. The default mode is enabled. Click Next.
9. The Summary shows the selected configuration values. Review
them for correctness. To change a value, click Back to the page
where it was entered and modify it.
10. Because a system restart is necessary to enable encryption, to
apply the new configuration, select the option Restart the file
system now.
11. Click Finish.
Note: Applications may experience an interruption while the file
system is restarted.
DD OS 5.2 Administration Guide
225
Changing Key Managers after Setup
Note: To use the optional RSA DPM Key Manager instead of the
Data Domain Key Manager, fulfill the prerequisites as given in
RSA DPM Key Manager Encryption Setup on page 221.
Follow these steps:
1. Using the Enterprise Manager, select the Data Domain system
you are working with in the Navigation pane.
2. Click Data Management > File System and select the
Encryption tab.
3. Under Key Management, click Configure.
4. Enter your security officer username and password.
5. Select which Key Manager to use.
•
If Data Domain, select Restart the file system now, and click
OK.
•
If RSA DPM Key Manager, enter the server name, key class,
port (the default is 443), and whether or not the imported
host certificate is FIPS compliant. The default mode is
enabled. Select Restart the file system now, and click OK.
Checking Settings for Encryption of Data at Rest
To check the settings for the Encryption feature, use the Enterprise
Manage. Click the Data Management > File System > Encryption
tabs. The currently used Key Manager is shown as Enabled.
For a description of the Encryption settings, see About the
Encryption View on page 198.
Enabling and Disabling Encryption of Data at Rest
After configuring Encryption, the status is enabled and the
Disabled button is active. When Encryption is disabled, the
Enabled button is active.
Enable Encryption of Data at Rest
Use the Enterprise Manager to enable the Encryption feature:
226
Working with the File System
1. Using the Enterprise Manager, select the Data Domain system
you are working with in the Navigation pane.
2. In the Encryption view, click the Enable button.
3. In the Enable Encryption dialog box, select Restart the file
system and click OK.
4. The Configure Encryption Status dialog box appears and
shows the implementation status. Click Close when the process
is complete or OK to exit.
Note: Applications may experience an interruption while the file
system is restarted.
Encryption will be enabled once the file system is restarted.
Disable Encryption of Data at Rest
Use the Enterprise Manager to disable the Encryption feature:
1. Using the Enterprise Manager, select the Data Domain system
you are working with in the Navigation pane.
2. In the Encryption view, click the Disable button.
The Disable Encryption dialog box appears.
3. In the Security Officer Credentials area, enter the user name
and password of a security officer.
4. Select Restart the file system now and click OK.
Locking and Unlocking the File System
Use this procedure when an encryption-enabled Data Domain
system (and its external storage devices) are being transported, or
if you want to lock a disk that is being replaced. The procedure
requires two accounts: Security Officer and system administration
roles.
1. Using the Enterprise Manager, select the Data Domain system
you are working with in the Navigation pane.
2. Go the File System Lock area of the Data Management > File
System > Encryption view.
DD OS 5.2 Administration Guide
227
The Status shows whether the file system is Locked or
Unlocked.
3. Disable the file system by clicking the Disabled button in the
File System status area.
4. Use either the procedure Lock the File System on page 228 or
Unlock the File System on page 229.
Lock the File System
To lock the file system, Encryption must be enabled and the file
system must be disabled.
1. Using the Enterprise Manager, select the Data Domain system
you are working with in the Navigation pane.
2. Navigate to the File System Lock area of the Data Management
> File System > Encryption view. Click Lock File System.
The Lock File System dialog box appears.
3. In the text fields, provide:
•
The user name and password of a Security Officer account
(an authorized user in the Security User group on that Data
Domain system).
•
The current and a new passphrase.
4. Click OK.
This procedure creates a new passphrase and destroys the
cached copy of the current passphrase. Therefore, anyone who
does not possess the new passphrase will not be able to decrypt
the data.
Note: Changing the passphrase requires two-user
authentication to protect against “rogue” employee shredding
the data.
Caution: Be sure to take care of the passphrase. If the passphrase is
lost, you will never be able to unlock the file system and access the
data. The data will be irrevocably lost.
5. Shut down the system:
228
Working with the File System
Caution: Do not use the chassis power switch to power off the
system. Enter the following command on the command line
instead.
# system poweroff
The ‘system poweroff’ command shuts down the system
and turns off the power.
Continue? (yes|no|?) [no]:
6. Transport the system or remove the disk being replaced.
7. Power on the system and continue with Unlock the File System
on page 229.
Unlock the File System
This procedure prepares an encrypted file system for use after it
has arrived at its destination.
1. Using the Enterprise Manager, select the Data Domain system
you are working with in the Navigation pane.
2. Navigate to the File System Lock area of the Data Management
> File System > Encryption view. Click Unlock File System.
The Unlock File System dialog box appears.
3. In the text fields, provide the current passphrase.
4. Click OK.
The Enable File System Status dialog box displays.
5. Click Close to exit.
If the passphrase is incorrect, the file system does not start and
the system reports the error. Re-enter the correct passphrase, as
directed in the previous step.
Changing the Encryption Algorithm
To change the encryption algorithm:
1. Using the Enterprise Manager, select the Data Domain system
you are working with in the Navigation pane.
DD OS 5.2 Administration Guide
229
2. Go to the Data Management > File System and select the
Encryption tab.
3. To change the Encryption Algorithm used to encrypt the Data
Domain system, click Change Algorithm.
The Change Algorithm dialog box appears.
4. Select an encryption algorithm from the drop-down list or
accept the default AES 256-bit (CBC).
The AES 256-bit Galois/Counter Mode (GMC) is the most
secure algorithm but it is significantly slower than the Cipher
Block Chaining (CBC) mode.
Note: To reset the algorithm to the default AES 256-bit (CBC)
click Reset to default.
5. Determine what data will be encrypted:
•
To encrypt existing and new data on the system, click the
checkboxes for Apply to Existing data, Restart file system
now, and click OK.
Existing data will be encrypted during the first cleaning
cycle after the file system is restarted.
Warning: Encryption of existing data can take longer than a
standard file system clean operation
•
To encrypt only new data, click the checkbox for Restart file
system now and click OK.
6. The Configure Encryption Status dialog box appears and
shows the implementation status. Click Close when the process
is complete or OK to exit.
Note: Applications may experience an interruption while the file
system is restarted.
Managing the Encryption Passphrase
The encryption passphrase is a human-readable (understandable)
key (like a smart card) which is used to generate a machine usable
AES256 encryption key.
230
Working with the File System
•
The passphase is set during the initial configuration, but can be
changed at any time. To set the passphrase, see Local Key
Manager Encryption Setup on page 219 for the initial
configuration procedure.
•
The administrator can change the passphrase without having
to manipulate the actual encryption keys. Changing the
passphrase indirectly changes the encryption of the keys, but
does not affect user data or the underlying encryption key. To
change the passphase, see Change the Encryption Passphrase on
page 231.
The passphrase allows a Data Domain system to be transported
with encryption keys on the system, but without the passphrase
being stored on it. If the system is stolen in transit, an attacker
cannot easily recover the data; at most, they can recover the
encrypted user data and the encrypted keys.
The passphrase is stored internally on a hidden part the Data
Domain storage subsystem. This allows the Data Domain system
to boot and continue servicing data access without any
administrator intervention.
Changing the passphrase requires two-user authentication to
protect against “rogue” employee shredding the data.
Change the Encryption Passphrase
The passphrase is set when encryption is enabled, but it can be
changed with the following procedure:
1. Using the Enterprise Manager, click the Data Management >
File System > Encryption tabs.
2. To change the Encryption Passphrase , click Change
Passphrase.
The Change Passphrase dialog box appears.
3. In the text fields, provide:
•
The user name and password of a Security Officer account
(an authorized user in the Security User group on that Data
Domain system).
•
The current and a new passphrase.
DD OS 5.2 Administration Guide
231
4. To enable the encryption feature, click the checkbox for Enable
the file system now.
5. Click OK.
Caution: Be sure to take care of the passphrase. If the passphrase is
lost, you will never be able to unlock the file system and access the
data. The data will be irrevocably lost.
Fast Copy Operations
A fast copy operation copies files and directory trees of a source
directory to a target directory on a Data Domain system. The force
option allows the destination directory to be overwritten if it exists.
Executing the fastcopy operation displays a progress status dialog
box.
Note: A fast copy operation makes the destination equal to the
source, but not at a particular point in time. There are no
guarantees that the two are or were ever equal if you change either
folder while copying.
Perform a Fast Copy Operation
1. Using the Enterprise Manager, click the Data Management >
File System tabs and select Fast Copy from More Tasks.
The Fast Copy dialog box appears.
2. In the Source text box, enter the pathname of the directory
where the data to be copied resides. For example,
/data/col1/backup/.snapshot/snapshot-name/dir1.
Note: col1 uses an ell followed by the number 1.
3. In the Destination text box, enter the pathname of the directory
where the data will be copied to. For example,
/data/col1/backup/dir2. This destination directory must be
empty, or the operation fails.
•
If the Destination directory exists, click the checkbox
“Overwrite existing destination if it exists.”
4. Click OK.
232
Working with the File System
5. In the progress dialog box that appears, click Close to exit.
DD OS 5.2 Administration Guide
233
234
Working with the File System
6
DD Retention Lock
This chapter includes the following topics.
•
About DD Retention Lock on page 235
•
Supported Data Access Protocols on page 239
•
Enabling DD Retention Lock on the System on page 241
•
Client-Side Retention Lock File Control on page 245
•
System Behavior with Retention Lock on page 250
Notes:
•
For information on versions of EMC Data Domain
Retention Lock Software prior to DD OS 5.2, see the EMC
Data Domain Operating System 4.6–5.1 Retention Lock
Software User’s Guide.
•
DD Retention Lock is not supported on GDA systems.
About DD Retention Lock
With DD OS 5.2, the previous EMC Data Domain Retention Lock
Software product was renamed EMC Data Domain Retention Lock
Governance Edition and a second EMC Data Domain Retention
Lock Compliance Edition was launched. Each edition requires a
separate, add-on license, and either or both can be used on a single
Data Domain system.
•
EMC Data Domain Retention Lock Governance Edition retains the
functionality of the Data Domain Retention Lock product prior
to DD OS 5.2. You can use Data Domain Retention Lock
Governance software to define retention policies on data that is
to be retained for a specific period of time to meet internal IT
governance policies implemented by the system administrator.
DD OS 5.2 Administration Guide
235
Although the level of security protection is not as high as for
Data Domain Retention Lock Compliance, it does not require a
security officer for certain data management and control
operations and provides customers with a higher degree of
flexibility and manageability.
•
EMC Data Domain Retention Lock Compliance Edition enables you
to meet the strictest data permanence requirements of
regulatory standards, such as those of SEC 17a-4(f). It ensures
that files locked on the Data Domain system using the Data
Domain Retention Lock Compliance software cannot be altered
or destroyed before the retention period expires. Data Domain
Retention Lock Compliance requires a security officer for
implementation of policies. An audit log file is accessible by the
administrator or security officer.
The retention locking protocol is the same for DD Retention Lock
Governance and Compliance. The differences in use stem from the
system behavior for DD Retention Lock Compliance, since it places
strict restrictions to meet compliance requirements. For more
information, see System Behavior with Retention Lock on page 250.
Retention-Locking Protocol
Retention locking is used to prevent specified files from being
overwritten, modified, or deleted for a user-defined retention
period of up to 70 years (or until January 19, 2038 if you are using
NFS, because of protocol constraints).
Only files that are explicitly committed to be retained files (as
described in this document) can be retention locked on the Data
Domain system. Files are committed to be retention-locked files on
the Data Domain system through client-side file commands issued
while DD Retention Lock Governance or Compliance is enabled on
the MTree containing the files (see Client-Side Retention Lock File
Control on page 245).
Note: Linux, Unix, and Windows client environments are
supported.
Files that are written to shares or exports that are not committed to
be retained (even if DD Retention Lock Governance or Compliance
is enabled on the MTree containing the files) can be modified or
deleted at any time.
236
DD Retention Lock
Retention locking prevents any modification or deletion of files
under retention from occurring directly from the Data Domain
share(s) or export(s) during the retention period specified by the
client-side command. Some archiving applications and backup
applications can issue these commands when appropriately
configured (see Supported Data Access Protocols on page 239).
Applications that do not issue these commands cannot lock files
using DD Retention Lock.
Retention-locked files are always protected from modification and
premature deletion if retention locking has ever been enabled on
the Data Domain system (even if retention locking is subsequently
disabled or if the retention-lock license is no longer valid). You
cannot rename non-empty folders or directories within an MTree
that is retention-lock enabled. However, you can rename empty
folders or directories and create new ones.
The retention period of a retention-locked file can be extended but
not reduced. The access control information of a retention-locked
file can be updated.
Once the retention period for a file expires, the file can be deleted
using a client-side command, script, or application. However, the
file cannot be modified even after the retention period for the file
expires. The Data Domain system does not automatically delete a
file when its retention period expires.
SEC rules for compliance require that a separate copy of retentionlocked data must be stored with the same retention requirements as
the original. Retention-locked files can be replicated to another
Data Domain system. If a retention-locked file is replicated, it
remains retention locked on the destination system, with the same
level of protection as the source file. For more information see
page 250 for using replication with DD Retention Lock Governance,
and page 253 for using replication with DD Retention Lock
Compliance.
DD OS 5.2 Administration Guide
237
Figure 1 shows the steps to enable and use DD Retention Lock
software.
Enable DD Retention Lock Governance or
Compliance (or both) on the Data Domain
system. Then enable MTrees for governance or
compliance retention locking using Enterprise
Manager or DD OS commands issued from the
system console.
(See Enabling DD Retention Lock on
the System on page 241.)
Commit files to be retention locked on the
Data Domain system using client-side
commands issued by an appropriately
configured archiving or backup application,
manually, or via scripts.
Note: Windows clients may need to download
utility programs for DD OS compatibility.
(See Client-Side Retention Lock File Control
on page 245.)
Optionally, extend file retention times or
delete files with expired retention periods
using client-side commands.
(See Extend the Retention Time on page 247
and Delete or Expire a File on page 249.)
Figure 1:
238
DD Retention Lock Flow
DD Retention Lock
Supported Data Access Protocols
DD Retention Lock is compatible with industry-standard, NASbased Write-Once-Read-Many (WORM) protocols, and integration
is qualified with archive applications such as Symantec Enterprise
Vault and EMC DiskXtender. Customers using backup
applications such as CommVault can also develop custom scripts
to use the EMC Data Domain Retention Lock Software product.
To check whether an application is tested and certified for DD
Retention Lock, refer to the EMC Data Domain Archive Product
Compatibility Matrix, available on the Data Domain Support
Portal at:
https://my.datadomain.com/custom-view/matrices
/appliance/Archive_compatibility_matrix.pdf
DD Retention Lock data protocol support status is as follows:
•
NFS is supported.
•
CIFS is supported.
•
VTL is supported by DD Retention Lock Governance, but not
by DD Retention Lock Compliance.
Note: Virtual tapes, here referred to as tapes are represented as
files on the Data Domain file system.
•
When you create a storage pool, a collection of tapes that
map to a directory on the file system, you are creating an
MTree, unless you specifically select to create the older
style directory pool (for backward compatibility). You can
also convert storage pools created prior to DD OS 5.2 to
MTrees. These MTrees can be retention locked and
replicated.
•
You can retention lock one or more tapes using the
vtl tape modify command, described in the DD OS 5.2
Command Reference Guide.
The mtree retention-lock revert <path> command
can be used to revert the retention-locked state of tapes
locked with the vtl tape modify command. After the
tape is unlocked, updates can be made to it. The unlocked
DD OS 5.2 Administration Guide
239
state won't be visible via the Data Domain Enterprise
Manager or CLI until the VTL service is disabled then enabled;
however, updates will be applied to the unlocked tape.
This capability is only for the DD Retention Lock
Governance Edition.
•
•
The retention time for tapes can be displayed using the
vtl tape show command with the time-display
retention argument.
•
You can retention lock an individual tape using Enterprise
Manager. For instructions, see Chapter 12, Working with
VTL.
DD Boost is not supported.
Currently, DD Retention Lock is not integrated with DD Boost.
So, when files or backup images are retention-locked (via
scripts) on a Data Domain system and a backup application
(Symantec NetBackup, for example) via DD Boost is not in the
loop, the administrator needs to be careful with scripts that
lock files or images from a backup application perspective.
If these scripts are not properly configured or deployed, there
could be a scenario where a backup application attempts to
expire backup files or images, but space is not released on the
Data Domain system because these are still retention locked
from the scripts.
Data Domain recommends that administrators change their
retention period policy to align with the retention lock time.
This applies to all the backup applications that are integrated
with DD Boost: Avamar, Symantec NetBackup, Symantec
Backup Exec, EMC NetWorker, and so on.
240
DD Retention Lock
Enabling DD Retention Lock on the System
Before files can be retention locked:
•
DD Retention Lock Governance or Compliance software must
be enabled on the Data Domain system.
•
MTrees that will contain the retention-locked files must be
enabled as a governance or compliance MTree.
Enabling governance or compliance retention locking on an MTree
allows you to:
•
Turn non-retention-locked files into retention-locked files on
the Data Domain system using client-side commands (see
page 246).
•
Extend the retention time of retention-locked files using clientside commands (see page 247).
Note: MTrees enabled with DD Retention Lock Governance
cannot be converted to Compliance MTrees and vice versa.
Enable DD Retention Lock Governance
1. Log in to the Enterprise Manager.
The Enterprise Manager window appears with DD Network in
the Navigational pane.
2. Select a Data Domain system.
In the Navigational pane, expand DD Network and select a
system.
3. Add the DD Retention Lock Governance license, if it is not
present.
Click the System Settings > Licenses tabs. If RETENTIONLOCK-GOVERNANCE is not listed, add it as follows:
a. In the Licensed Features pane, click Add. The Add License
Key dialog box appears.
b. In the License Key text box, enter the license key.
Note: License keys are case-insensitive. Include the hyphens when
entering keys.
DD OS 5.2 Administration Guide
241
c. Click OK. The added license appears in the license list.
4. Select an MTree for retention locking.
Click the Data Management > MTree tab, then the checkbox for
the MTree you want to use for retention locking. (You can also
create an empty MTree and add files to it later.)
5. Display information for the MTree you selected.
Click the MTree Summary tab.
6. Bring up the MTree’s Modify Retention Lock dialog box.
Scroll down to Retention Lock and click Edit in the Retention
Lock area. The dialog box appears.
7. Enable DD Retention Lock Governance on the MTree and
change the default minimum and maximum retention lock
periods for the MTree, if necessary.
Perform the following actions in the Modify Retention Lock
dialog box:
a. Click the Enable checkbox to enable DD Retention Lock
Governance on the MTree.
b. To change the minimum or maximum retention period for
the MTree, go to the Retention Period pane and modify the
minimum or maximum time period:
i.
Type a number for the interval in the text box (for
example, 5 or 14).
ii. From the drop-down list, select an interval (minutes,
hours, days, years).
Note: Specifying a minimum retention period of less than 12 hours,
or a maximum retention period longer than 70 years, results in an
error.
c. Click OK to save your settings.
After you close the Modify Retention Lock dialog box,
updated MTree information is displayed.
242
DD Retention Lock
8. Check retention lock information for the MTree.
Note the following retention lock fields:
•
Top:
-
•
Status indicates the Read/Write access for the MTree,
the type of retention locking on the MTree, and whether
retention locking is enabled or disabled.
Bottom:
-
Status indicates whether retention locking is enabled for
the MTree.
-
Retention Period indicates minimum and maximum
retention periods for the MTree. The retention period
specified for a file in the MTree must be equal to or
greater than the minimum retention period and equal
to or less than the maximum retention period.
-
UUID is a unique identification number generated for
the MTree.
Note: To check retention lock configuration settings for any
MTree, select the MTree in the Navigational pane, then click the
Summary tab.
9. When you are finished, exit the Enterprise Manager.
Go to Client-Side Retention Lock File Control on page 245 to retention
lock files in a retention-lock-enabled MTree.
DD OS 5.2 Administration Guide
243
Enable DD Retention Lock Compliance
Note: For DD OS 5.2, the Enterprise Manager does not support
DD Retention Lock Compliance.
1. Add the DD Retention Lock Compliance license on the system,
if it is not present.
First, check whether the license is already installed. Enter:
# license show
If the RETENTION-LOCK-COMPLIANCE feature is not
displayed, install the license. Enter:
# license add license-code
Note: License keys are case-insensitive. Include the hyphens when
entering keys.
2. Set up a system administrator and one or more security officer
accounts according to Role-Base Access Control (RBAC) rules
and enable security officer authorization. For instructions, refer
to the DD OS 5.2 Command Reference Guide.
3. Configure and enable the system to use DD Retention Lock
Compliance, and enable compliance on an MTree that will
contain retention-locked files. For instructions refer to the
DD OS 5.2 Command Reference Guide.
Note: Compliance cannot be enabled on /backup, DD Boost
storage unit MTrees, or pool MTrees.
4. To change the default minimum and maximum retention lock
periods for a compliance-enabled MTree, enter the following
commands with security officer authorization:
# mtree retention-lock set min-retention-period
period mtree mtree-path
# mtree retention-lock set max-retention-period
period mtree mtree-path
Note: Specifying a minimum retention period of less than 12 hours,
or a maximum retention period longer than 70 years, results in an
error.
Go to Client-Side Retention Lock File Control to retention lock files in
a retention-lock-enabled MTree.
244
DD Retention Lock
Client-Side Retention Lock File Control
This section describes the DD Retention Lock client command
interface for locking files stored on EMC Data Domain systems.
Client commands are the same for DD Retention Lock Governance
and Compliance. Linux, Unix, and Windows client environments
are supported; however, Windows clients may need to download
utility programs for DD OS compatibility.
Note: If your application already supports industry-standard
WORM, writing a WORM file to a DD Retention Lock Governance
or Compliance enabled MTree will lock the file on the Data
Domain system. The retention time in the application should agree
with the DD Retention Lock settings. You do not need to use the
commands described in this section. To check whether an
application is tested and certified for the DD Retention Lock, refer
to the EMC Data Domain Archive Product Compatibility Matrix,
available on the Data Domain Support Portal at:
https://my.datadomain.com/custom-view/matrices
/appliance/Archive_compatibility_matrix.pdf
Warning: If you are using NFS, the retention time cannot be greater
than January 19, 2038, because of protocol constraints.
Client-side commands are used to manage the retention locking of
individual files. These commands apply to all retention-lockcapable Data Domain systems and must be issued in addition to
the setup and configuration of the DD Retention Lock software on
the Data Domain system (see Enabling DD Retention Lock on
the System on page 241).
Client Access to Data Domain System Files
After an MTree is enabled for DD Retention Lock Governance or
Compliance, you can:
•
Create a CIFS share based on the MTree. This CIFS share can be
used on a client machine.
•
Create an NFS mount for the MTree and access its files from
the NFS mount point on a client machine.
DD OS 5.2 Administration Guide
245
Notes:
•
The commands listed in this section are to be used only on
the client. They cannot be issued through the Data Domain
Enterprise Manager or CLI.
•
Command syntax may vary slightly, depending on the
utility you are using.
Create a File and Set the Retention Time
Create a file in the usual way and then set the last access time
(atime) of the file to the desired retention time of the file, that is, the
time at which the file may be deleted. The retention period (atime)
specified for a file in the MTree must be equal to or greater than the
minimum retention period and equal to or less than the maximum
retention period.
Warning: If you are using NFS, the retention time cannot be greater
than January 19, 2038, because of protocol constraints.
Be aware that:
•
Setting a file’s atime to less than the current time plus 12 hours
will be ignored without error, and the file will not become a
retention-locked file on the Data Domain system. (The file’s
atime may appear updated, but this is only temporary and is
not written to disk.)
•
Setting a file’s atime to more than the current time plus 12 hours,
but less than the minimum retention period, will result in an
error.
•
Setting a file’s atime to more than the current time plus the
maximum retention period will result in an error.
Errors are permission-denied errors (referred to as EACCESS, a
standard POSIX error). These are returned to the archiving
application.
Note: A file must be completely written to the Data Domain
system before it is committed to be a retention-locked file.
246
DD Retention Lock
The following command can be used on clients to set the atime:
ClientOS# touch -a -t [atime] [filename]
The format of atime is: [[YY]YY]MMDDhhmm[.ss]
For example, suppose the current date and time is 1 p.m. on
January 18, 2012 (that is, 201201181300), and the minimum
retention period is 12 hours. Adding the minimum retention
period of 12 hours to that date and time results in a value of
201201190100. Therefore, if the atime for a file is set to a value
greater than 201201190100, that file becomes retention locked. For
example, the following command
ClientOS# touch -a -t 201412312230 SavedData.dat
will lock file SavedData.dat until 10:30 p.m. December 31, 2014.
Extend the Retention Time
To extend the retention time of a retention-locked file, set the file’s
atime to a value greater than the current retention time. For
example, changing the atime from 201412312230 to 202012121230
using the following command
ClientOS# touch -a -t 202012121230 SavedData.dat
will cause the file to be locked until 12:30 p.m. December 12, 2020.
The retention time (atime) specified for a file in the MTree must be
equal to or greater than the minimum retention period and equal
to or less than the maximum retention period.
Warning: If you are using NFS, the retention time cannot be greater
than January 19, 2038, because of protocol constraints.
Be aware that:
•
Setting a file’s atime to less than the current time plus 12 hours
will be ignored without error, and the file will not become a
retention-locked file on the Data Domain system. (The file’s
atime may appear updated, but this is only temporary and is
not written to disk.)
DD OS 5.2 Administration Guide
247
•
Setting a file’s atime to more than the current time plus 12 hours,
but less than the minimum retention period, will result in an
error.
•
Setting a file’s atime to more than the current time plus the
maximum retention period will result in an error.
Errors are permission-denied errors (referred to as EACCESS, a
standard POSIX error). These are returned to the archiving
application.
Identify a Retention-Locked File
The atime value for a retention-locked file is its retention time. To
determine whether a file is retention locked, try to set the atime of
the file to a value earlier than its current atime. This action will fail
with a permission-denied error if and only if the file is a retentionlocked file.
First, list the current atime value, then execute the touch command
with an earlier atime.
ClientOS# ls -l --time=atime [filename]
ClientOS# touch -a -t [atime] [filename]
The following example shows the command sequence.
ClientOS# ls -l --time=atime SavedData.dat
ClientOS# touch -a -t 202012111230 SavedData.dat
If the atime of SavedData.dat is 202012121230 (12:30 p.m.
December 12, 2020) and the touch command specifies an earlier
atime, 202012111230 (12:30 p.m. December 11, 2020), the touch
command fails, indicating that SavedData.dat is retention locked.
Note: The --time=atime option is not supported in all versions of
Unix.
248
DD Retention Lock
Specify a Directory and Touch Only Those Files
In this routine, root directory to start from contains the files
on which you want to change access times.
ClientOS# find [root directory to start from] -exec
touch -a -t [expiration time] {} \;
For example:
ClientOS# find [/backup/data1/] -exec touch -a -t
202012121230 {} \;
Read a List of Files and Touch Only Those Files
In this routine, name of file list is the name of a text file that
contains the names of the files on which you want to change access
times. Each line contains the name of one file.
ClientOS# touch -a -t [expiration time] `cat
[name of file list]`
For example:
ClientOS# touch -a -t 202012121230 ‘cat
/backup/data1/filelist.txt‘
Delete or Expire a File
You can delete or expire a file with an expired retention lock using
a client application, or delete a file using a standard file-delete
command.
Expiring a file using an application makes the file inaccessible to
the application. The file may or may not actually be removed from
the Data Domain system by the expiration operation. If it is not
removed, the application often provides a separate delete
operation.
Note: If the retention period of the retention-locked file has not
expired, the delete operation results in a permission-denied error.
You must have the appropriate access rights to delete the file,
independent of the DD Retention Lock software.
DD OS 5.2 Administration Guide
249
Using ctime or mtime on Retention-Locked Files
ctime
ctime is the last-metadata-change time of a file. It gets set to the
current time when any of the follow events occur:
•
A non-retention-locked file is retention locked.
•
The retention time of a retention-locked file is extended.
•
A retention-locked file is reverted.
mtime
mtime is the last-modified time of a file. It changes only when the
contents of the file change. So, the mtime of a retention-locked file
cannot change.
System Behavior with Retention Lock
System behavior topics are under the following categories:
•
DD Retention Lock Governance (below).
•
DD Retention Lock Compliance (see page 253).
DD Retention Lock Governance
Replication
Note: For information on using replication software, see Chapter 13,
Working with Replication.
Collection replication, MTree replication, and directory replication
replicate the locked or unlocked state of files. That is, files that are
governance retention locked on the source are governance
retention locked on the destination and have the same level of
protection. Only the source system needs a DD Retention Lock
Governance license (named Retention Lock prior to DD OS 5.2).
Replication is supported between systems that are:
•
250
Running the same major DD OS version (for example, both
systems are running DD OS 5.2.x.x).
DD Retention Lock
•
Running DD OS versions within the next two consecutive
higher or lower major releases (for example, 5.0.x.x to 5.2.x.x or
5.2.x.x to 5.0.x.x). Cross-release replication is supported only
for directory and MTree replication.
Note: MTree replication is not supported for DD OS 5.0 and earlier.
Be aware that:
•
Collection replication and MTree replication replicate the
minimum and maximum retention periods configured on the
MTree to the destination system.
•
Directory replication does not replicate the minimum and
maximum retention periods to the destination system.
The procedure for configuring and using collection, MTree, and
directory replication is the same as for Data Domain systems that
do not have a DD Retention Lock Governance license.
Replication Resync
The replication resync <destination> command tries to bring
the destination into sync with the source when the MTree or
directory replication context is broken between destination and
source systems. This command cannot be used with collection
replication. Note that:
•
If the destination MTree or directory contains retention-locked
files that do not exist on the source, then resync will fail.
•
If the destination directory has retention lock enabled, but the
source directory does not have retention lock enabled, then a
resync of a directory replication will fail.
•
With MTree replication, resync will succeed if the source
MTree does not have retention lock enabled while the
destination MTree has retention lock enabled or vice versa, as
long as the destination MTree does not contain retentionlocked files not present on the source.
DD OS 5.2 Administration Guide
251
Fastcopy
When filesys fastcopy source <src> destination
<dest> is run on a system, it does not copy the locked or unlocked
state of files. Files that are retention locked on the source are not
retention locked on the destination.
If you try to fastcopy to a destination that has retention-locked
files, the fastcopy operation aborts when it encounters retentionlocked files on the destination.
Filesys Destroy
When filesys destroy is run on a system with DD Retention
Lock Governance enabled:
1. All data is destroyed, including retention-locked data.
2. All filesys options are returned to their defaults. This means
that retention locking is disabled and the minimum and
maximum retention periods are set back to their default values
on the newly created file system.
Note: This command is not allowed if DD Retention Lock
Compliance is also enabled on the system.
MTree Delete
When mtree delete <mtree-path> attempts to delete an
MTree that has retention lock enabled (or previously has had
retention lock enabled) and currently contains data, the mtree
delete command returns an error.
Note: The behavior of mtree delete is a similar to a directory
delete command—an MTree with retention lock enabled (or
previously enabled) can be deleted only if the MTree is empty.
252
DD Retention Lock
DD Retention Lock Compliance
Replication
Note: For information on using replication software, see Chapter 13,
Working with Replication.
In DD OS 5.2, Retention Lock Compliance can be replicated via
collection replication only. MTree and directory replication are not
supported.
Collection replication replicates the locked or unlocked state of
files. Files that are compliance retention locked on the source are
compliance retention locked on the destination and have the same
level of protection. Minimum and maximum retention periods
configured on MTrees are replicated to the destination system.
Both the source and destination systems need a DD Retention Lock
Compliance license, and both must be configured and enabled for
DD Retention Lock Compliance before configuring collection
replication (see Enable DD Retention Lock Compliance on page 244).
Otherwise, collection replication fails when attempting to
associate.
The procedure for configuring and using collection replication is
the same as for Data Domain systems that do not have a DD
Retention Lock Compliance license.
Replication Resync
The replication resync <destination> command cannot be
used with DD Retention Lock Compliance collection replication.
Fastcopy
When filesys fastcopy source <src> destination
<dest> is run on a system, it does not copy the locked or unlocked
state of files. Files that are retention locked on the source are not
retention locked on the destination.
If you try to fastcopy to a destination that has retention-locked
files, the fastcopy operation aborts when it encounters retentionlocked files on the destination.
DD OS 5.2 Administration Guide
253
CLI Usage
A Data Domain system with DD Retention Lock Compliance
differs from one without it in four ways:
1. Commands that break compliance cannot be run. The
following commands are disallowed:
•
filesys archive unit del archive-unit
•
filesys destroy
•
mtree delete mtree-path
•
mtree retention-lock reset {min-retentionperiod | max-retention-period} mtree mtreepath
•
mtree retention-lock disable mtree mtreepath
•
mtree retention-lock revert
•
user reset
2. The following command requires a security officer sign-off if
the license being deleted is for DD Retention Lock Compliance.
•
license del license-feature [licensefeature ...] | license-code [license-code
...]
3. The following commands require a security officer sign-off if
DD Retention Lock Compliance is enabled on an MTree
specified in the command:
•
mtree retention-lock set {min-retentionperiod | max-retention-period} period mtree
mtree-path
•
mtree rename mtree-path new-mtree-path
4. The following commands require a security officer sign-off if
DD Retention Lock Compliance is enabled on the system:
254
•
alerts notify-list reset
•
config set timezone zonename
DD Retention Lock
•
config reset timezone
•
cifs set authentication active-directory
realm { [dc1 [dc2> ...]]
•
license reset
•
ntp add timeserver time server list
•
ntp del timeserver time server list
•
ntp disable
•
ntp enable
•
ntp reset
•
ntp reset timeservers
•
replication break {destination | all}
•
replication disable {destination | all}
•
system set date MMDDhhmm[[CC]YY]
System Clock
DD Retention Lock Compliance implements an internal security
clock to prevent malicious tampering with the system clock. The
security clock closely monitors and records the system clock. If
there is an accumulated two week skew within a year between the
security clock and the system clock, the Data Domain file system
(DDFS) is disabled and can be resumed only by a security officer.
To restart the file system and remove the skew between security
and system clocks, complete these steps.
1. At the system console, enter:
# filesys enable
2. At the prompt, confirm that you want to quit the filesys
enable command and check whether the system date is right.
3. Display the system date:
# system show date
DD OS 5.2 Administration Guide
255
4. If the system date is not correct, set the correct date and
confirm it:
# system set date MMDDhhmm[[CC]YY]
# system show date
5. Run filesys enable again:
# filesys enable
6. At the prompt, continue to the enabling procedure.
7. A security officer prompt appears. Complete the security
officer sign-off to start the file system. The security clock will
automatically be updated to the current system date.
256
DD Retention Lock
7
Working with MTrees
This chapter includes the following topics.
•
About MTrees on page 257
•
Monitoring MTree Usage on page 258
•
Managing MTree Operations on page 265
About MTrees
An MTree is a type of directory that allows more granular
reporting of space usage and finer management of snapshots and
Retention Locking.
DD OS 5.2 introduces quota management with MTrees. There are
two kinds of quotas: hard limits and soft limits. You can set either a
soft or hard limit or both a soft and hard limit. Both values must be
integers and the soft value must be less than the hard value.
With a soft limit an alert is sent when the MTree size exceeds the
limit, but data can still be written to it. When a hard limit is set,
data cannot be written to the MTree when the hard limit is
reached. Therefore, all copy and backup operations fail.
The advantage of MTree operations is that they can be performed
on a specific MTree as opposed to the entire file system.
Note: Although a Data Domain system supports a maximum of
100 MTrees, system performance might degrade rapidly if more
than 14 MTrees are actively engaged in read or write streams. The
degree of degradation depends on overall I/O intensity and other
file system loads. For optimum performance, constrain the number
of simultaneously active MTrees to a maximum of 14. And,
whenever possible, aggregate operations on the same MTree into a
single operation.
DD OS 5.2 Administration Guide
257
Monitoring MTree Usage
1. Select a system in the Navigational pane.
2. Click the Data Management > MTree tabs.
The MTree view shows a list of configured MTrees, and when
selected in the list, details of the MTree in the Summary tab.
The Space Usage and Daily Written tabs show graphs that
visually display space usage amounts and data written trends
for a selected MTree. The view also contains options that allow
MTree configuration for CIFS, NFS, and DD Boost, as well as
sections for managing snapshots and Retention Lock for an
MTree.
The MTree view has an MTree overview pane and three tabs
which are described in detail in the following sections:
•
About the MTree Overview Pane on page 258
•
About the Summary View on page 259
•
About the Space Usage View on page 263
•
About the Daily Written View on page 264
About the MTree Overview Pane
By default, the MTree overview lists all the active MTrees on the
system and shows real-time data storage statistics. Information in
the overview area is helpful in visualizing space usage trends.
•
Click a checkbox of an MTree in the list to display details and
perform configuration in the Summary view.
•
Enter text (wildcards are supported) in the Filter By MTree
Name and click Update to list specifics MTree names in the list.
•
Delete filter text and click Rest to return to the default list.
The MTree overview information includes:
258
Item
Description
MTree Name
The pathname of the MTree.
Quota Hard Limit
Percentage of hard limit quota used.
Working with MTrees
Item
Description
Quota Soft Limit
Percentage of hard limit quota used.
Last 24 hr Pre-Comp
Amount of raw data from the backup
application that has been written in the last
24 hours.
Last 24 hr Post-Comp Amount of storage used after compression
in the last 24 hours:.
Last 24 hr Comp
Ratio
The compression ratio for the last 24 hours.
Weekly Avg PostComp
Average amount of compressed storage
used in the last five weeks.
Last Week PostComp
Average amount of compressed storage
used in the last seven days.
Weekly Avg Comp
Ratio
The average compression ratio for the last five
weeks.
Last Week Comp
Ratio
The average compression ratio for the last seven
days.
About the Summary View
Click the Summary tab to view detailed MTree information, as
described in the following sections:
•
View Detail Information on page 259
•
View MTree Replication Information on page 261
•
View MTree Snapshot Information on page 262
•
View MTree Retention Lock Information on page 262
View Detail Information
Selecting an MTree in the overview list displays additional details
in this area.
DD OS 5.2 Administration Guide
259
The detailed information for a selected MTree includes:
Item
Description
Full Path
The pathname of the MTree.
Pre-Comp Size
The current amount of raw data from the
backup application that has been written to the
MTree.
Status
The current status of the MTree (combinations
are supported). Status can be:
• D—Deleted
• RO—Read-only
• RW—Read/write
• RD—Replication destination
• RLCE—Retention Lock Compliance enabled
• RLCD—Retention Lock Compliance disabled
• RLGE—Retention Lock Governance enabled
• RLGD—Retention Lock Governance disabled
Quota
Quota Enforcement
Enabled or Disabled.
Pre-Comp Soft Limit
Current value. Click Configure to revise the
quota limits.
Pre-Comp Hard
Limit
Current value. Click Configure to revise the
quota limits.
Quota Summary
Percentage of Hard Limit used.
Protocols
CIFS Shared
The CIFS share status. Status can be:
• Yes—The MTree or its parent directory is
shared.
• Partial—The subdirectory under this MTree
is shared.
• No—This MTree and its parent or child
directories are not shared.
Click the CIFS link to go to the CIFS view.
260
Working with MTrees
Item
Description
NFS Exported
The NFS export status. Status can be:
• Yes—The MTree or its parent directory is
exported.
• Partial—The subdirectory under this MTree
is exported.
• No—This MTree and its parent or child
directories are not exported.
Click the NFS link to go to the NFS view.
DD Boost Storage
Unit
The DD Boost export status. Status can be:
• Yes—The MTree is exported.
• No—This MTree is not exported.
• Unknown—There is no information.
Click the DD Boost link to go to the DD Boost
view.
VTL Pool
Name of VTL pool that was converted to an
MTree.
View MTree Replication Information
If the selected MTree is configured for replication, summary
information about the configuration displays in this area.
Otherwise, this area displays No Record Found.
•
Click the Replication link to go to the Replication page for
configuration and to see additional details.
The Replication information includes:
Item
Description
Source
The source MTree replication pathname.
Destination
The destination MTree replication pathname.
Status
The status of the MTree replication pair. Status
can be Normal, Error, or Warning. .
Synced As Of Time
The last day and time the replication pair was
synchronized.
DD OS 5.2 Administration Guide
261
View MTree Snapshot Information
If the selected MTree is configured for snapshots, summary
information about the snapshot configuration displays in this area.
•
Click the Snapshots link to go to the Snapshots page to perform
configuration or to see additional details.
•
Click Assign Snapshot Schedules to assign a snapshot schedule
to the selected MTree. Select the schedule’s checkbox; click OK
and Close. To create a snapshot schedule, click Create Snapshot
Schedule (see Create a Snapshot Schedule on page 279 for
instructions).
The Snapshot information includes:
Item
Description
Total Snapshots
The total number of snapshots created for this
MTree. A total of 750 snapshots can be created
for each MTree.
Expired
The number of snapshots in this MTree that
have been marked for deletion, but have not
been removed with the clean operation as yet.
Unexpired
The number of snapshots in this MTree that are
marked for keeping.
Oldest Snapshot
The date of the oldest snapshot for this MTree.
Newest Snapshot
The date of the newest snapshot for this MTree.
Next Scheduled
The date of the next scheduled snapshot.
Assigned Snapshot
Schedules
The name of the snapshot schedule assigned to
this MTree.
View MTree Retention Lock Information
If the selected MTree is configured for one of the Retention Lock
software options, summary information about the Retention Lock
configuration displays in this area.
Note: To manage Retention Lock for an MTree, see Chapter 6, DD
Retention Lock.
262
Working with MTrees
The Retention Lock information includes:
Item
Description
Status
Indicates whether Retention Lock is enabled or
disabled.
Retention Period
Indicates the minimum and maximum
Retention Lock time periods.
UUID
Shows either:
• the unique identification number generated
for an MTree when the MTree is enabled for
Retention Lock
• that the Retention Lock on a file in the MTree
has been reverted
Enabling and Managing DD Retention Lock Settings
1. Go to the Data Management > MTree > Summary tab.
2. In the Retention Lock area, click Edit.
3. In the Modify Retention Lock dialog box, select Enable to
enable Retention Lock on the Data Domain system.
4. Modify the minimum or maximum retention period (the
feature must be enabled first), in the Retention Period pane.
5. Select an interval (minutes, hours, days, years). Click Default to
show the default values.
6. Click OK.
After you close the Modify Retention Lock dialog box, updated
MTree information is displayed in the Retention Lock summary
area.
About the Space Usage View
The Space Usage view contains a graph that displays a visual
representation of data usage for the MTree.
•
Click a point on a graph line to display a box with data at that
point.
DD OS 5.2 Administration Guide
263
•
Click Print (at the bottom on the graph) to open the standard
Print dialog box.
•
Click Show in new window to display the graph in a new
browser window.
The lines of the graph denote measurement for:
•
Pre-comp Written—The total amount of data sent to the MTree
by backup servers. Pre-compressed data on an MTree is what a
backup server sees as the total uncompressed data held by an
MTree-as-storage-unit. Shown with the Space Used (left)
vertical axis of the graph.
•
Post-comp Used—The total amount of disk storage in use on
the MTree. Shown with the Space Used (left) vertical axis of the
graph.
•
Comp Factor—The amount of compression the Data Domain
system has performed with the data it received (compression
ratio). Shown with the Compression Factor (right) vertical axis
of the graph.
Checking Historical Space Usage
On the Space Usage graph, clicking an interval (ie, 7d, 30d, 60d,
120d) on the Duration line above the graph allows you to change
the number of days of data shown on the graph, from 7 to 120
days.
About the Daily Written View
The Data Written pane contains a graph that displays a visual
representation of data that is written daily to the MTree over a
period of time, selectable from 7 to 120 days. The data amounts are
shown over time for pre- and post-compression amounts.
It also provides totals for global and local compression amounts,
and pre-compression and post-compression amounts.
264
•
Click a point on a graph line to display a box with data at that
point.
•
Click Print (at the bottom on the graph) to open the standard
Print dialog box.
Working with MTrees
•
Click Show in new window to display the graph in a new
browser window.
The lines on the graph denote measurements for:
•
Pre-Comp—The total amount of data written to the MTree by
backup servers. Pre-compressed data on an MTree is what a
backup server sees as the total uncompressed data held by an
MTree -as-storage-unit.
•
Post-Comp—The total amount of data written to the MTree
after compression has been performed, as shown in GiBs.
•
Total Comp—The total amount of compression the Data
Domain system has performed with the data it received
(compression ratio). Shown with the Total Compression Factor
(right) vertical axis of the graph.
Checking Historical Written Data
On the Daily Written graph, clicking an interval (7d, 30d, 60d,
120d) on the Duration line above the graph allows you to change
the number of days of data shown on the graph, from 7 to 120
days.
Below the Daily Written graph, the following totals display for the
current duration value:
•
Pre-comp
•
Post-comp
•
Global-comp factor
•
Local-comp factor
•
Total-comp factor
Managing MTree Operations
The following MTree operations are described in this section:
•
Create an MTree on page 266
•
Configure and Enable/Disable MTree Quotas on page 267
•
Delete an MTree on page 269
DD OS 5.2 Administration Guide
265
•
Undelete an MTree on page 269
•
Rename an MTree on page 270
•
Replicating a DD System with Quotas to a System Without Quotas
on page 270
Create an MTree
MTrees are created in the area /data/col1/mtree_name.
To create an MTree:
1. Select a system in the Navigational pane.
2. Click the Data Management > MTree tabs.
3. In the MTree overview area, click Create.
The Create MTree dialog box appears.
4. Enter the name of the MTree in the MTree Name text box.
MTree names can be up to 50 characters. The following
characters are acceptable:
266
•
Upper- and lower-case alphabetical characters: A-Z, a-z
•
Numbers: 0-9
•
Embedded space
•
comma (,)
•
period (.), as long as it does not precede the name.
•
explanation mark (!)
•
number sign (#)
•
dollar sign ($)
•
per cent sign (%)
•
plus sign (+)
•
at sign @)
•
equal sign (=)
•
ampersand (&)
Working with MTrees
•
semi-colon (;)
•
parenthesis [ ( and )]
•
square brackets ([ and ])
•
curly brackets ({ and })
•
caret (^)
•
tilde (~)
•
apostrophe (unslanted single quotation mark)
•
single slanted quotation mark (‘)
5. Setting storage space restrictions for the MTree to prevent an
MTree from consuming excess space, enter either a soft or hard
limit quota setting, or both a hard and soft limit. With a soft
limit an alert is sent when the MTree size exceeds the limit, but
data can still be written to the MTree. Data cannot be written to
the MTree when the hard limit is reached.
Note: The quota limits are pre-compressed values.
To set quota limits for the MTree, select Set to Specific value
and enter the value. Select the unit of measurement: MiB, GiB,
TiB, or PiB.
Note: When setting both soft and hard limits, a quota’s soft
limit cannot exceed the quota’s hard limit.
6. Click OK.
The new MTree displays in the MTree table.
Note: You may need to expand the width of the MTree Name
column to see the entire pathname.
Configure and Enable/Disable MTree Quotas
An administrator can set the storage space restriction for an
MTree, Storage Unit, or VTL pool to prevent it from consuming
excess space. The Data Management > Quota page shows the
administrator how many MTree have no soft or hard quotas set,
and for MTrees with quotas set, the percentage of pre-compressed
soft and hard limits used.
DD OS 5.2 Administration Guide
267
Notes:
MTree quotas apply to ingest operations. These quotas can be
applied to data on systems that have the DD Extended
Retention software, regardless of which tier it resides on; as
well as VTL, DD Boost, CIFS, and NFS.
Snapshots are not counted.
Quota cannot be set on the /data/col1/backup directory.
The maximum quota value allowed is 4096 PiB.
There are two kinds of quotas: hard limits and soft limits. You can
set either a soft or hard limit or both a soft and hard limit. Both
values must be integers and the soft value must be less than the
hard value.
With a soft limit an alert is sent when the MTree size exceeds the
limit, but data can still be written to it. When a hard limit is set,
data cannot be written to the MTree when the hard limit is
reached. Therefore, all copy and backup operations fail.
Configure MTree Quotas
You can use the MTree tab or the Quota tab to configure MTree
quotas.
Configure MTree Quotas (MTree Tab
To configure MTree quotas using the MTree tab:
1. Select a system in the Navigational pane.
2. Click the Data Management > MTree tab.
3. Click the Summary tab. In the Quota area, click the Configure
button.
4. In the Configure Quota for MTrees dialog box, enter values for
hard and soft quotas and select the unit of measurement: MiB,
GiB, TiB, or PiB.
5. Click OK.
Configure MTree Quotas (Quota Tab)
1. Select a system in the Navigational pane.
268
Working with MTrees
2. Click the Data Management > Quota tab.
3. Click the Configure Quota button.
4. In the Configure Quota for MTrees dialog box, enter values for
hard and soft quotas and select the unit of measurement: MiB,
GiB, TiB, or PiB.
5. Click OK.
Enable/Disable MTree Quotas
To enable or disable MTree quotas:
1. Select a system in the Navigational pane.
2. Click the Data Management > Quota tab.
3. In Quota Settings, Quota Enforcement, click the Disable button
if quota enforcement is Enabled. Click Enable if it is disabled.
Delete an MTree
Deleting an MTree removes the MTree from the MTree table and
removes all data in that MTree at the next file system cleaning.
Note: Because the MTree and its associated data are not removed
until file cleaning is run, you cannot create a new MTree with the
same name as a deleted MTree until the deleted MTree is
completely removed from the file system via cleaning.
1. Select a system in the Navigational pane.
2. Click the Data Management > MTree tabs.
3. In the MTree overview area, click Delete.
4. Click OK at the Warning dialog box.
5. Click Close in the Delete MTree Status dialog box after viewing
the progress.
Undelete an MTree
An undelete of an MTree retrieves a deleted MTree and its data
and places it back in the MTree table. This undelete is possible only
if file cleaning has not been run after the MTree was marked for
deletion.
DD OS 5.2 Administration Guide
269
1. Select a system in the Navigational pane.
2. Click the Data Management > MTree tabs.
3. From the More Tasks menu, select Undelete.
The Undelete MTree dialog box appears.
4. Click the checkboxes of the MTrees you wish to bring back and
click OK.
5. Click Close in the Undelete MTree Status dialog box after
viewing the progress.
The recovered MTree displays in the MTree table.
Rename an MTree
1. Select a system in the Navigational pane.
2. Click the Data Management > MTree tabs.
3. Select an MTree in the MTree table.
4. In the Summary Detailed Information overview area, click
Rename.
The Rename MTree dialog box appears.
5. Enter the name of the MTree in the New MTree Name text box.
See Create an MTree on page 266 for a list of allowed characters.
6. Click OK.
The renamed MTree displays in the MTree table.
Replicating a DD System with Quotas to a System
Without Quotas
Note: Quotas were introduced as of DD OS 5.2.
When replicating a Data Domain system with a DD OS that
supports quotas to a system with a DD OS that does not have
quotas, do one of the following:
•
270
A reverse resync, which takes the data from the system
without quotas and puts it back in an MTree on the system that
Working with MTrees
has quotas enabled (and which continues to have quotas
enabled).
•
A reverse initialization from the system without quotas, which
takes its data and creates a new MTree on the system that
supports quotas but does not have quotas enabled because it
was created from data on a system without quotas.
DD OS 5.2 Administration Guide
271
272
Working with MTrees
8
Working with Snapshots
This chapter describes how to use the snapshot feature with
MTrees. The following topics are included in this section:
•
About Snapshots on page 273
•
Monitoring Snapshots and Their Schedules on page 274
•
Managing Snapshots on page 276
•
Managing Snapshot Schedules on page 279
•
Recover Data from a Snapshot on page 282
About Snapshots
A snapshot saves a read-only copy of the designated MTree (for
background on MTrees, see Working with MTrees on page 257). A
snapshot is useful for saving a copy of an MTree at a specific point
in time, where it can later be used as restore point if files need to be
restored from that specific point in time.
Use the snapshot feature to take an image of an MTree, to manage
MTree snapshots and schedules, and display information about
the status of existing snapshots.
Note: Snapshots created on the source Data Domain system are
replicated to the destination with collection and MTree replication.
It is not possible to create snapshots on a Data Domain system that
is a replica for collection replication. It is also not possible to create
a snapshot on the destination MTree of MTree replication.
Directory replication does not replicate the snapshots, and requires
you to create snapshots separately on the destination system.
Snapshots for the MTree named “backup” are created in the
system directory /data/col1/backup/.snapshot. Each
directory under /data/col1/backup also has a .snapshot
DD OS 5.2 Administration Guide
273
directory with the name of each snapshot that includes the
directory. Each MTree has the same type of structure, so an
MTree named SantaClara would have a system directory
/data/col1/SantaClara/.snapshot, and each subdirectory
in /data/col1/SantaClara would have a .snapshot
directory as well.
Note: The .snapshot directory is not visible if only /data is
mounted. When the MTree itself is mounted, the .snapshot
directory is visible.
An expired snapshot remains available until the next file system
cleaning operation.
The maximum number of snapshots allowed per MTree is 750.
Warnings are sent when the number of snapshots per MTree
reaches 90% of the maximum allowed number (from 675 to 749
snapshots), and an alert is generated when the maximum number
is reached. To clear the warning, expire snapshots and then run the
file system cleaning operation.
Note: To identify an MTree that is nearing the maximum number
of snapshots, check the Snapshots pane of the MTree page (see
View MTree Snapshot Information on page 262).
Snapshot retention for an MTree does not take any extra space, but
if a snapshot exists and the original file is no longer there, the space
cannot be reclaimed.
Monitoring Snapshots and Their Schedules
The Snapshots view provides detailed and summary information
about the status of snapshots and snapshot schedules.
About the Snapshots View
The Snapshot view contains the following components:
274
•
Snapshots Overview Pane on page 275
•
Snapshots View on page 275
•
Schedules View on page 276
Working with Snapshots
Snapshots Overview Pane
The Snapshots overview pane displays following snapshot
information.
Field
Description
Total Snapshots
The total number of snapshots, active and
(Across all MTrees) expired, on all MTrees in the system.
Expired
The number of snapshots that have been marked
for deletion, but have not been removed with the
clean operation as yet.
Unexpired
The number of snapshots that are marked for
keeping.
Next file system
clean scheduled
The date the next scheduled file system clean
operation will be performed.
Snapshots View
The Snapshots tab displays a list of snapshots and lists the
following information.
Field
Description
Selected Mtree
A drop-down list that selects the MTree the
snapshot operates on.
Filter By
Items to search for in the list of snapshots that
display. Options are:
• Name—Name of the snapshot (wildcards are
accepted).
• Year—Drop-down list to select the year.
• Status—Drop-down list to select the status
(Expired or Unexpired).
Name
The name of the snapshot image.
Creation Time
The date the snapshot was created.
Expires On
The date the snapshot expires.
Status
The status of the snapshot, which can be Expired
or blank if the snapshot is active.
DD OS 5.2 Administration Guide
275
Schedules View
The Schedules tab displays a list of snapshot schedules and lists
the following information.
Field
Description
Name
The name of the snapshot schedule
Days
The days the snapshots will be taken.
Times
The time of day the snapshots will be taken.
Retention Period
The amount of time the snapshot will be retained.
Snapshot Name
Pattern
A string of characters and variables that translate
into a snapshot name (for example, scheduled%Y-%m-%d-%H-%M, which translates to
scheduled-2010-04-12-17-33).
Managing Snapshots
Managing snapshots includes the following topics:
•
Create a Snapshot on page 276
•
Modify a Snapshot Expiration Date on page 277
•
Rename a Snapshot on page 278
•
Expire a Snapshot on page 278
Create a Snapshot
A snapshot can be created manually, when an unscheduled
snapshot is required.
To manually create a snapshot, use the following procedure.
1. Click the Data Management > Snapshots tabs to open the
Snapshots view.
The Snapshots tab is active by default.
2. In the Snapshots view, click Create.
The Create dialog box appears.
3. In the Name text field, enter the name of the snapshot.
276
Working with Snapshots
4. In the MTree(s) area, select a checkbox of one or more MTrees
in the Available MTrees pane and click Add.
The MTrees move to the Selected MTrees pane.
5. In the Expiration area, click the radio button for when the
snapshot should be expired:
a. Never Expire
b. Enter a number for the In text field, and select Days, Weeks,
Month, or Years from the drop-down list. The snapshot will
be retained until the same time of day as when it is created.
c. Enter a date (using the format mm/dd/yyyy) in the On
text field, or click Calendar and click a date. The snapshot
will be retained until midnight (00:00, the first minute of
the day) of the given date.
6. Click OK and Close.
The snapshot is added to the list.
Modify a Snapshot Expiration Date
The administrator may wish to modify snapshot expiration dates,
for example, when snapshots take up too much disk space, if
snapshots were created too frequently, or if a date needs to be
extended for auditing or compliance.
To modify a scheduled snapshot expiration date:
1. Click the Data Management > Snapshots > tabs to open the
Snapshots view.
The Snapshots tab is active by default.
2. Click the checkbox of the snapshot entry in the list and click
Modify Expiration Date. The Modify dialog box appears.
Note: More than one snapshot can be selected by clicking
additional checkboxes.
3. In the Expiration area, select one of the following for the
expiration date:
a. Never Expire
DD OS 5.2 Administration Guide
277
b. In the In text field, enter a number and select Days, Weeks,
Month, or Years from the drop-down list. The snapshot will
be retained until the same time of day as when it is created.
c. In the On text field, enter a date (using the format
mm/dd/yyyy) or click Calendar and click a date. The
snapshot will be retained until midnight (00:00, the first
minute of the day) of the given date.
4. Click OK.
Rename a Snapshot
To rename a snapshot:
1. Click the Data Management > Snapshots tabs to open the
Snapshots view.
The Snapshots tab is active by default.
2. Click the checkbox of the snapshot entry in the list and click
Rename.
The Rename dialog box appears.
3. In the Name text field, enter a new name.
4. Click OK.
Expire a Snapshot
Snapshots cannot be deleted. To free up disk space, you can expire
snapshots manually and they will be deleted in the next cleaning
operation after the expiry date. This operation can be used to
remove snapshots that are no longer needed, but their scheduled
expiration date has not occurred, or that have no expiration date.
To expire a scheduled snapshot:
1. Click the Data Management > Snapshots tabs to open the
Snapshots view.
The Snapshots tab is active by default.
2. Click the checkbox next to snapshot entry in the list and click
Expire.
278
Working with Snapshots
Note: More than one snapshot can be selected by clicking
additional checkboxes.
The snapshot is marked as Expired in the Status column and
will be deleted at the next cleaning operation.
Managing Snapshot Schedules
The previous section describes manually creating a one-time
snapshot. This section describes how to set up and manage a series
of snapshots that are automatically taken at regular intervals in the
future. Such a series of snapshots is called a “snapshot schedule,”
or “schedule” for short.
Multiple snapshot schedules can be active at the same time.
Note: If multiple snapshots are scheduled to occur at the same
time, only one is retained. Which one is retained is indeterminate,
thus only one snapshot should be scheduled for a given time.
Create a Snapshot Schedule
To add a snapshot schedule:
1. Click the Data Management > Snapshots >Schedules tabs to
open the Schedules view.
2. Click Create.
The Create dialog appears.
3. In the Name text field, enter the name of the schedule.
4. In the Snapshot Name Pattern text box, enter a name pattern.
Use alphabets, numbers, _, -, and variables (such as %Y-%m%d-%H-%M that translate into current values).
5. Click Validate Pattern & Update Sample. The name displays in
the Live Sample field.
6. Click Next.
7. Click a radio button to set the date when the schedule will be
executed:
DD OS 5.2 Administration Guide
279
a. Weekly—Click checkboxes next to the days of the week or
select Every Day.
b. Monthly—Click the Selected Days option and click the
dates on the calendar, or select the Last Day of the Month
option.
c. Click Next.
8. Click a radio button to set the time of day when the schedule
will be executed:
a. At Specific Times—Click Add and in the Time dialog that
appears, enter the time in the format hh:mm, and click OK.
b. In Intervals—Click the drop-down arrows to select the start
and end time hh:mm and AM or PM. Click the Interval
drop-down arrows to select a number and then the hours
or minutes of the interval.
c. Click Next.
9. In the Retention Period text entry field, enter a number and
click the drop-down arrow to select days, months, or years,
and click Next.
Schedules must explicitly specify a retention time.
10. Review the parameters in the schedule summary and click
Finish to complete the schedule or Back to change any entries.
11. If an MTree is not associated with the schedule, a warning
dialog box appears asking if you’d like to add an MTree to the
schedule. Click OK to continue (or Cancel to exit). See the
chapter
12. To assign an MTree to the schedule, in the MTree area, click the
checkbox of one or more MTrees in the Available MTrees pane,
click Add and OK.
The MTrees move to the Selected MTrees pane.
Naming Conventions for Snapshots Created by a Schedule
The naming convention for scheduled snapshots is the word
scheduled followed by the date when the snapshot is to occur, in
the format scheduled-yyyy-mm-dd-hh-mm. For example,
scheduled-2009-04-27-13-30.
280
Working with Snapshots
The name mon_thurs is the name of a snapshot schedule.
Snapshots generated by that schedule might have the names
scheduled-2008-03-24-20-00, scheduled-2008-03-25-20-00,
etc.
Modify a Snapshot Schedule
To modify a snapshot schedule:
1. In the schedule list, select the schedule and click Modify.
The Modify Schedule dialog appears.
2. In the Name text field, enter the name of the schedule and click
Next.
Use alphanumeric characters, and the _ and -.
3. Click a radio button to set the date when the schedule will be
executed:
a. Weekly—Click checkboxes next to the days of the week or
select Every Day.
b. Monthly—Click the Selected Days option and click the
dates on the calendar, or select the Last Day of the Month
option.
c. Click Next.
4. Click a radio button to set the time of day when the schedule
will be executed:
a. At Specific Times—Click the checkbox of the scheduled
time in the Times list and click Edit. In the Times dialog
that appears, enter a new time in the format hh:mm, and
click OK. Or click Delete to remove the scheduled time.
b. In Intervals—Click the drop-down arrows to select the start
and end time hh:mm and AM or PM. Click the Interval
drop-down arrows to select a number and then the hours
or minutes of the interval.
c. Click Next.
DD OS 5.2 Administration Guide
281
5. In the Retention Period text entry field, enter a number and
click the drop-down arrow to select days, months, or years,
and click Next.
6. Review the parameters in the schedule summary and click
Finish to complete the schedule or Back to change any entries.
Delete a Snapshot Schedule
To delete a snapshot schedule, in the schedule list, click the
checkbox to select the schedule and click Delete. In the verification
dialog window, click OK and then Close.
Recover Data from a Snapshot
The fastcopy operation can be used to retrieve data stored in a
snapshot. See Fast Copy Operations on page 232 for details.
282
Working with Snapshots
9
Data Access for CIFS
The Common Internet File System (CIFS) clients can have access to
the system directories on the Data Domain system. The
/data/col1/backup directory is the destination directory for
compressed backup server data. The /ddvar directory contains
Data Domain system core and log files.
Clients, such as backup servers that perform backup and restore
operations with a Data Domain System, at the least, need access to
the /data/col1/backup directory. Clients that have
administrative access need to be able to access the /ddvar
directory to retrieve core and log files.
As part of the initial Data Domain system configuration, CIFS
clients were configured to access these directories. This chapter
describes how to modify these settings and how to manage data
access using the Enterprise Manager and cifs command.
Notes:
•
The Enterprise Manager Data Management > CIFS page
allows you to perform major CIFS operations (such as
enabling and disabling CIFS, setting authentication,
managing shares, and viewing configuration and share
information.
•
The cifs command contains all the options to manage
CIFS backup and restores between Windows clients and
Data Domain systems, and display CIFS statistics and
status. For complete information about the cifs command,
see the DD OS 5.2 Command Reference Guide.
•
For information about the initial system configuration, see
the DD OS 5.2 Initial Configuration Guide.
•
For information about setting up clients to use the Data
Domain system as a server, see the related tuning guide,
such as the CIFS Tuning Guide, which is available from the
DD OS 5.2 Administration Guide
283
Data Domain support Web site. From the Documentation >
Integration Documentation page, select the vendor from
the list and click OK. Select the tuning guide from the list.
This chapter consists of these major sections.
•
Performing CIFS Setup on page 284
•
Working with Shares on page 291
•
Managing Access Control on page 297
•
Monitoring CIFS Operation on page 304
•
Performing CIFS Troubleshooting on page 308
Performing CIFS Setup
The following sections describe tasks that are performed to set up
CIFS:
•
Prepare Clients for Access to Data Domain Systems on page 284
•
Enable CIFS Services on page 285
•
Naming the CIFS Server on page 285
•
Setting Authentication Parameters on page 286
•
Restrict CIFS Interfaces on page 289
•
Set CIFS Options on page 290
•
Disable CIFS Services on page 290
Prepare Clients for Access to Data Domain Systems
1. Log in to the Data Domain Support Web site.
2. In the Systems pane, click Documentation.
3. On the Documentation page, clink Integration Documentation.
4. Select the vendor for the client system’s operating system, such
as Microsoft, and click OK.
5. Select the appropriate tuning document, such as the CIFS
Tuning Guide.
284
Data Access for CIFS
6. Follow the instructions given in the tuning document.
Enable CIFS Services
After configuring client access, as described in Prepare Clients for
Access to Data Domain Systems on page 284, enable CIFS services,
which allow the client to access the system using the CIFS protocol.
1. For the Data Domain system that is selected in the Enterprise
Manager Navigational tree, click Data Management > CIFS.
2. In the CIFS Status area, click Enable.
Naming the CIFS Server
The hostname for the Data Domain system that serves as the CIFS
server was set during the system’s initial configuration. To change
a CIFS server name, see the procedures in Setting Authentication
Parameters on page 286.
A Data Domain system’s hostname should match the name
assigned to its IP address, or addresses, in the DNS table.
Otherwise, there might be problems when the system attempts to
join a domain, and authentication failures can occur. If you need to
change the Data Domain system’s hostname, use the net set
hostname command, and also modify the system’s entry in the
DNS table.
When the Data Domain system acts as a CIFS server, it takes the
hostname of the system. For compatibility, it also creates a
NetBIOS name. The NetBIOS name is the first component of the
hostname in all uppercase letters. For example, the hostname
jp9.oasis.local is truncated to the NetBIOS name JP9. The CIFS
server responds to both names.
You can have the CIFS server respond to different names at the
NetBIOS levels by changing the NetBIOS hostname.
DD OS 5.2 Administration Guide
285
Change the NetBIOS Hostname
1. Display the current NetBIOS name by entering:
# cifs show config
2. Enter:
# cifs set nb-hostname nb-hostname
Setting Authentication Parameters
The Enterprise Manager Configure Authentication dialog box
allows you to set the authentication parameters the Data Domain
system uses for working with CIFS.
The Data Domain system can join the active directory (AD)
domain or the NT4 domain, or be part of a workgroup (the
default). If you did not use the Enterprise Manager’s Configuration
Wizard to set the join mode, use the procedures in this section to
choose or change a mode.
The authentication configuration procedures are:
•
Configure Authentication for Active Directory on page 286
•
Configure Authentication for Workgroups on page 288
•
Configure Authentication for NT4 Mode on page 288
•
Resetting the Authentication Mode to the Default (Workgroup) on
page 289
Configure Authentication for Active Directory
The Data Domain system must meet all active-directory
requirements, such as a clock time that differs no more than five
minutes from that of the domain controller.
Note: See Managing Access Control on page 297 for information
about synchronizing clock time with a domain controller.
To set Active Directory authentication parameters:
1. On the CIFS page, click Configure Authentication.
2. Select Configure Authentication.
286
Data Access for CIFS
The Configure Authentication dialog appears.
3. From the Mode drop-down list, select Active Directory.
The active-directory mode joins a Data Domain System to an
active-directory domain.
4. In the Realm Name text box, enter the full realm name for the
system, such as domain1.local.
5. In the Domain Joining Credential area, enter a user name and
password.
Enter either a user on your company’s domain, or a user in a
domain that is a trusted domain of your company. The user
name and password must be compatible with Microsoft
requirements for the Active Directory domain being joined.
This user must have permission to create accounts in domain.
6. Click the Advanced tab to set additional information.
7. Optionally, to modify a CIFS server name, in the CIFS Server
Name area, change the name of the CIFS server (for
information about the CIFS server name, see Naming the CIFS
Server on page 285):
•
Click the checkbox to use the default CIFS server name.
•
Deselect the checkbox and enter the CIFS server name in
the text box.
8. In the Domain Controller area, determine how domain
controllers are assigned:
•
For automatic assignment, click the radio button next to
Automatically assign Domain Controllers. This is the
default and recommended method.
•
To add specific domain controllers, click the radio button
next to Manually assign Domain Controllers and enter a
controller name in the text box. Up to three controller
names can be added.
You can enter fully qualified domain names, hostnames, or
IP addresses.
DD OS 5.2 Administration Guide
287
9. Optionally, to join a specific Organizational Unit in the active
directory, in the Organizational Unit area, set the name of the
Organizational Unit:
•
Click the checkbox to use the default Organizational Unit
•
Deselect the checkbox and enter the Organizational Unit
name in the text box.
10. Optionally, to use DDNS, click the Enable checkbox.
11. Click OK.
Configure Authentication for Workgroups
The workgroup mode means that the Data Domain system
authenticates CIFS clients using local user accounts that are
defined on the Data Domain system.
To set Workgroup authentication parameters:
1. On the CIFS page, click Configure Authentication.
The Configure Authentication dialog appears.
2. From the Mode drop-down list, select Workgroup.
3. Enter the name of the workgroup in the Workgroup Name text
box.
4. Click the Advanced tab to configure additional settings.
5. Optionally, to modify a CIFS server name, in the CIFS Server
Name area, change the name of the CIFS server:
•
Click the checkbox to use the default CIFS server name.
•
Deselect the checkbox and enter the CIFS server name in
the text box.
Configure Authentication for NT4 Mode
This mode allows the Data Domain System to join NT4 domains.
Note: NT4 domain support will be removed in a future release of
DD OS.
288
Data Access for CIFS
Specify the NT4 domain authentication mode using the cifs set
authentication command, using the mode’s syntax.
cifs set authentication nt4 domain [ [pdc [bdc]] |
* ]
This command sets the authentication mode to the NT4 domain for
pdc or bdc domain controllers or all domain controllers ( * ).
Resetting the Authentication Mode to the Default
(Workgroup)
1. On the CIFS page, click Configure Authentication.
The Configure Authentication dialog appears.
2. From the Mode drop-down list, select Workgroup (default).
3. Click OK.
Specify a WINS Server
The WINS server can be set when the Data Domain system needs
to join a NT4 domain. This option does not need to be set for active
directory domain or workgroup authentication.
Enter:
# cifs set wins-server ipaddr
Note: If CIFS clients are using NetBIOS, a WINS server may be
needed to resolve NetBIOS names to IP addresses.
Restrict CIFS Interfaces
By default, the CIFS server listens on all Data Domain system NICactive interfaces.
Enter:
# cifs option set interfaces value
The value is a list of interfaces, such as Ethernet port names.
Multiple interfaces must be separated by a space and enclosed
within double quotation marks; for example, "eth0 eth2".
DD OS 5.2 Administration Guide
289
Set CIFS Options
1. Select the Data Domain system in the Navigational tree and
click the Data Management > CIFS > Configuration tabs.
2. In the Options area, click Configure Options.
The Configure Options dialog box appears.
3. To restrict anonymous connections, click the checkbox of the
Enable option in the Restrict Anonymous Connections area.
4. In the LogLevel area, click the drop-down list to select the level
number.
The level is an integer from 0 (zero) to 10 (ten). One is the
default system level that sends the least-detailed level of CIFSrelated log messages; ten results in the most detail. Log
messages are located in the files
/ddvar/log/debug/cifs/clients.log and
/ddvar/log/debug/cifs/cifs.log.
Note: A log level of 10 degrades system performance. Click the
Default in the Log Level area after debugging an issue. This
sets the level back to 1.
Disable CIFS Services
To prevent clients from accessing the Data Domain system:
1. Select the Data Domain system in the Navigational tree and
click the Data Management > CIFS tabs.
1. In the Status area, click Disable.
The Disable CIFS dialog box appears.
2. Click OK.
Even after disabling CIFS access, CIFS authentication services
continue to run on the Data Domain system. This continuation
is required to authenticate active directory domain users for
management access.
290
Data Access for CIFS
Working with Shares
To share data, create shares on the Data Domain system. Shares are
administered on the Data Domain system and the CIFS systems.
This section describes the following topics:
•
Creating Shares on the Data Domain System on page 291
•
Modify a Share on a Data Domain System on page 293
•
Delete a Share on a Data Domain System on page 294
•
Disable a Share on a Data Domain System on page 294
•
Enable a Share on a Data Domain System on page 294
•
Performing MMC Administration on page 295
•
Connect to a Data Domain System from a CIFS Client on page 295
Creating Shares on the Data Domain System
When creating shares, you have to assign client access to each
directory separately and to remove access from each directory
separately. For example, a client can be removed from /ddvar and
still have access to /data/col1/backup.
Note: If Replication is to be implemented, a Data Domain system
can receive backups from both CIFS clients and NFS clients as long
as separate directories are used for each. Do not mix CIFS and NFS
data in the same directory.
1. From the Navigational pane, select a Data Domain system to
configure shares.
2. Click Data Management > CIFS tabs to navigate to the CIFS
view.
3. Ensure authentication has been configured, as described in
Setting Authentication Parameters on page 286.
4. On the CIFS client, set shared directory permissions or security
options.
5. On the CIFS view, click the Shares tab.
6. Click Create.
DD OS 5.2 Administration Guide
291
The Create Shares dialog box appears.
7. In the Create Shares dialog box, enter the following
information:
Item
Description
Share Name
A descriptive name for the share.
Directory Path
The path to the target directory (for
example, /data/col1/backup/dir1).
Note: col1 uses the letter ell followed by the
number 1.
Comment
A descriptive comment about the share.
8. Add a client by clicking the plus sign ( + ) in the Clients area.
The Client dialog box appears. Enter the name of the client in
the Client text box and click OK.
No blanks or tabs (white space) characters are allowed.
Repeat this step for each client that you need to configure.
Notes:
It is not recommended to use both an asterisk (*) and
individual client name or IP address for a given share. When
an asterisk (*) is present, any other client entries for that share
are not used.
It is not required to use both client name and client IP address
for the same client on a given share. Use client names when the
client names are defined in the DNS table.
To make share available to all clients specify an asterisk
( * ) as the client. All users in the client list can access the share,
unless one or more user names are specified, in which case
only the listed names can access the share.
9. In the Max Connections area, click the radio button beside the
text box and enter the maximum number of connections to the
share that are allowed at one time. The default value is zero,
(also settable with the Unlimited radio button) which enforces
no limit on the number of connections.
10. Click OK.
292
Data Access for CIFS
The newly created share appears at the end of the list of shares,
located in the center of the Shares pane.
Modify a Share on a Data Domain System
To modify the setup of an existing share:
1. In the Shares tab, click the checkbox next the share you wish to
modify in the Share Name list.
2. Click Modify.
The Modify Share dialog box appears.
3. Modify share information:
a. To change the comment, enter new text in the Comment
text field.
b. To modify a User or Group names, in the User/Group list,
click the checkbox of the user or group and click edit
(pencil icon) or delete ( X ). To add a user or group, click
( + ), and in the User/Group dialog box select the Type
radio button for User or Group, and enter the user or group
name.
Group names must be proceeded by the at (@) symbol. For
example, @group1.
c. To modify a client name, in the Client list, click the
checkbox of the client and click edit (pencil icon) or delete
( X ). To add a client, click ( + ) and add the name in the
Client dialog box.
Note: To make share available to all clients specify an asterisk
( * ) as the client. All users in the client list can access the share,
unless one or more user names are specified, in which case
only the listed names can access the share.
d. Click OK.
4. In the Max Connections area, in the text box, change the
maximum number of connections to the share that are allowed
at one time. Or select the Unlimited radio button to enforce no
limit on the number of connections.
5. Click OK.
DD OS 5.2 Administration Guide
293
Create a Share from an Existing Share
To create a share from an existing share, and then modify as
needed:
1. In the CIFS Shares table, click the checkbox of share you wish
to use as the source
2. Click Create From.
The Create From Existing Share dialog box appears.
3. Modify the share information, as described in Modify a Share on
a Data Domain System on page 293.
Disable a Share on a Data Domain System
To disable one or more existing shares:
1. In the Shares tab, click the checkbox of the share you wish to
disable in the Share Name list.
2. Click Disable.
The Disable Shares Status dialog box appears.
3. Click Close.
Enable a Share on a Data Domain System
To enable one or more existing share:
1. In the Shares tab, click the checkbox of the shares you wish to
enable in the Share Name list.
2. Click Enable.
The Enable Shares Status dialog box appears.
3. Click Close.
Delete a Share on a Data Domain System
To delete one or more existing shares:
1. In the Shares tab, click the checkbox of the shares you wish to
delete in the Share Name list.
294
Data Access for CIFS
2. Click Delete.
The Warning dialog box appears.
3. Click OK.
The shares are removed.
Performing MMC Administration
You can use the Microsoft Management Console (MMC) for
administration. DD OS supports these MMC features:
•
Share management, except for browsing when adding a share,
or the changing of the offline settings default, which is a
manual procedure.
•
Session management.
•
Open file management, except for deleting files.
Connect to a Data Domain System from a CIFS
Client
1. On the Data Domain system CIFS page, verify that CIFS Status
shows CIFS is enabled and running.
2. In the Control Panel, open Administrative Tools and select
Computer Management.
3. In the Computer Management dialog box, right-click
Computer Management (Local) and select Connect to another
computer from the menu.
4. In the Select Computer dialog box, select Another computer
and enter the name or IP address for the Data Domain system.
5. Create a \backup subfolder as read-only. See Create a
\data\col1\backup Subfolder as Read-Only on page 296.
DD OS 5.2 Administration Guide
295
Figure 9-1: Computer Management Dialog Box
Create a \data\col1\backup Subfolder as Read-Only
1. In the Control Panel, open Administrative Tools and select
Computer Management.
2. Right-click Shares in the Shared Folders directory.
3. Select New File Share from the menu.
The Create a Shared Folder Wizard opens. The computer name
should be the name or IP address of the Data Domain system.
4. Enter the path for the Folder to share; for example, enter
C:\data\col1\backup\newshare.
5. Enter the Share name; for example, enter newshare. Click Next.
6. For the Share Folder Permissions, selected Administrators have
full access; other users have read-only access. Click Next.
296
Data Access for CIFS
Figure 9-2: Completing the Create a Shared Folder Wizard
7. The Completing screen shows that you have successfully
shared the folder with all Microsoft Windows clients in the
network. Click Finish.
The newly created shared folder is listed in the Computer
Management dialog box.
Display CIFS Information
1. In the Control Panel, open Administrative Tools and select
Computer Management.
2. Select one of the Shared Folders (Shares, Sessions, or Open
Files) in the System Tools directory.
Information about shared folders, sessions, and open files is
shown in the right pane.
Managing Access Control
To manage access controller, refer to the following topics:
•
Accessing Shares from a Windows Client on page 298
•
Provide Domain Users Administrative Access on page 298
•
Allow Access from Trusted Domain Users on page 298
DD OS 5.2 Administration Guide
297
•
Allow Administrative Access to a Data Domain System for Domain
Users on page 299
•
Restrict Administrative Access from Windows on page 299
Accessing Shares from a Windows Client
From the Windows client enter:
> net use drive: \\DD_sys\backup
For example, enter:
> net use H: \\dd02\backup /USER:dd02\backup22
This command maps the backup share from Data Domain system
dd02 to drive H on the Windows system and gives the user named
backup22 access to the \\DD_sys\backup directory.
Provide Domain Users Administrative Access
Enter:
# adminaccess authentication add cifs
The SSH, Telnet, or FTP command that accesses the Data Domain
system must include, in double quotation marks, the domain
name, a backslash, and the user name. For example:
C:> ssh “domain2\djones” @ddr22
Allow Access from Trusted Domain Users
You do not need to set this option because trusted domain users
are always allowed to access shares from the Data Domain system.
Enter:
# cifs option set allowtrusteddomains {enabled |
disabled}
Note: These are domains that are trusted by the domain that
includes the Data Domain system.
298
Data Access for CIFS
Allow Administrative Access to a Data Domain
System for Domain Users
1. To map a Data Domain System default group number to a
Windows group name that differs from the default group
name enter:
# cifs option set "dd admin group2"
["windows grp-name"]
The Windows group name is a group that exists on a Windows
domain controller.
2. Enable CIFS administrative access by entering:
# adminaccess authentication add cifs
•
The default Data Domain System group dd admin group1
is mapped to the Windows group Domain Admins.
•
You can map the default Data Domain System group dd
admin group2 to a Windows group named Data Domain
that you create on a Windows domain controller.
•
Access is available through SSH, Telnet, FTP, HTTP, and
HTTPS.
•
After setting up administrative access to the Data Domain
system from the Windows group Data Domain, you must
enable CIFS administrative access using the adminaccess
command.
Restrict Administrative Access from Windows
Enter:
# adminaccess authentication del cifs
This commands prohibits Windows users access to the Data
Domain system if they do not have an account on the Data Domain
system.
File Access
The following sections describe file access options:
•
NT Access Control Lists on page 300
DD OS 5.2 Administration Guide
299
•
Set DACL Permissions Using the Windows Explorer on page 302
•
Set SACL Permissions Using the Windows Explorer on page 303
•
View or Change the Current Owner Security ID (Owner SID) on
page 303
NT Access Control Lists
Access control lists (ACLs) are enabled by default on the Data
Domain system.
Note: When CIFS ACLs are disabled via the command
cifs option set ntfs-acls disabled, the Data Domain
system generates an ACL that approximates the UNIX
permissions, whether or not there were previously set CIFS ACLs.
For more detailed information about ACLs than is provided in this
section, see your Windows Operating System documentation.
Caution: Data Domain recommends that you do not disable NTFS
ACLs once they have been enabled. Contact Data Domain Support
prior to disabling NTFS ACLs.
Default ACL Permissions
The default permissions, which are assigned to new objects created
through the CIFS protocol when ACLs are enabled, depend on the
status of the parent directory. There are three different
possibilities:
•
The parent directory has no ACL because it was created
through NFS protocol.
•
The parent directory has an inheritable ACL, either because it
was created through the CIFS protocol or because ACL had
been explicitly set. The inherited ACL is set on new objects.
•
The parent directory has an ACL, but it is not inheritable. The
permissions are as follows:
Table 9-1: Permissions for Parent Directory with Non-Inheritable ACLs
Type
Name
Permission
Apply To
Allow
SYSTEM
Full control
This folder only
300
Data Access for CIFS
Table 9-1: Permissions for Parent Directory with Non-Inheritable ACLs
Type
Name
Permission
Apply To
Allow
CREATOR
OWNER
Full control
This folder only
Note: CREATOR OWNER is replaced by the user creating the
file/folder for normal users and by Administrators for
administrative users.
Permissions for a New Object when the Parent Directory Has
No ACL
The permissions are as follows:
•
BUILTIN\Administrators:(OI)(CI)F
•
NT AUTHORITY\SYSTEM:(OI)(CI)F
•
CREATOR OWNER:(OI)(CI)(IO)F
•
BUILTIN\Users:(OI)(CI)R
•
BUILTIN\Users:(CI)(special access:)FILE_APPEND_DATA
•
BUILTIN\Users:(CI)(IO)(special access:)FILE_WRITE_DATA
•
Everyone:(OI)(CI)R
These permissions are described in more detail below.
Table 9-2: Permissions for a Parent Directory with No ACL
Type
Name
Permission
Apply To
Allow
Administrators
Full control
This folder, subfolders,
and files
Allow
SYSTEM
Full control
This folder, subfolders,
and files
Allow
CREATOR OWNER
Full control
Subfolders and files
only
Allow
Users
Read & execute
This folder, subfolders,
and files
Allow
Users
Create subfolders
This folder and
subfolders only
Allow
Users
Create files
Subfolders only
DD OS 5.2 Administration Guide
301
Table 9-2: Permissions for a Parent Directory with No ACL
Type
Name
Permission
Apply To
Allow
Everyone
Read & execute
This folder, subfolders,
and files
Setting ACL Permissions and Security
Windows-based backup and restore tools such as NetBackup can
be used to back up DACL- and SACL-protected files to the Data
Domain system, and to restore them from the Data Domain
system.
Granular and Complex Permissions (DACL)
You can set granular and complex permissions (DACL) on any file
or folder object within the DDFS file systems, either through using
Windows commands such as cacls, xcacls, xcopy and scopy, or
through the CIFS protocol using the Windows Explorer GUI.
Audit ACL (SACL)
You can set audit ACL (SACL) on any object in the Data Domain
File System (DDFS), either through commands or through the CIFS
protocol using the Windows Explorer GUI.
Set DACL Permissions Using the Windows Explorer
1. Right-click the file or folder and select Properties from the
menu.
2. In the Properties dialog box, click the Security tab.
3. Select the group or user name, such as Administrators, from
the list. The permissions appear, in this case for
Administrators, Full Control.
4. Click the Advanced button, which enables you to set special
permissions.
5. In the Advanced Security Settings for acl dialog box, click the
Permissions tab.
6. Select the permission entry in the list.
302
Data Access for CIFS
7. To view more information about a permission entry, select the
entry and click Edit.
8. Select the Inherit from parent option to have the permissions of
parent entries inherited by their child objects, and click OK.
Set SACL Permissions Using the Windows Explorer
1. Right-click the file or folder and select Properties from the
menu.
2. In the Properties dialog box, click the Security tab.
3. Select the group or user name, such as Administrators, from
the list, which displays its permissions, in this case, Full
Control.
4. Click the Advanced button, which enables you to set special
permissions.
5. In the Advanced Security Settings for ACL dialog box, click the
Auditing tab.
6. Select the auditing entry in the list.
7. To view more information about special auditing entries, select
the entry and click Edit.
8. Select the Inherit from parent option to have the permissions of
parent entries inherited by their child objects, and click OK.
View or Change the Current Owner Security ID (Owner
SID)
1. In the Advanced Security Settings for ACL dialog box, click the
Owner tab.
2. To change the owner, select a name from the Change owner
list, and click OK.
Controlling ID Account Mapping
The CIFS option idmap-type controls ID account mapping
behavior. It has two values: rid (the default) and none. When the
option is set to rid, the ID-to -id mapping is performed internally.
When the option is set to none, all CIFS users are mapped to a local
DD OS 5.2 Administration Guide
303
UNIX user named cifsuser belonging to the local UNIX group
users.
Notes:CIFS must be disabled to set this option. If CIFS is running,
disable CIFS services.
idmap-type can set to none only when ACL support is enabled.
Whenever the idmap type is changed, a file system metadata
conversion might be required for correct file access. Without any
conversion, the user might not be able to access the data. To
converted the metadata, consult your contracted support provider.
Monitoring CIFS Operation
The following topics describe how to monitor CIFS operation.
•
Display CIFS Status on page 304
•
Display CIFS Configuration on page 305
•
Display Share Information on page 306
•
Display CIFS Statistics on page 308
Display CIFS Status
1. In the Enterprise Manager, select Data Management > CIFS.
2. Check CIFS information, as follows:
•
Status is either enabled and running, or disabled but CIFS
authentication is running.
To enable CIFS, see Enable CIFS Services on page 285. To
disable CIFS, see Disable CIFS Services on page 290.
•
Connections lists the tally of open connections and open
files.
Click Connection Details to see more connection
information.
•
Configuration details are described in Display CIFS
Configuration on page 305.
304
Data Access for CIFS
•
Share information is described in Display Share Information
on page 306.
Display CIFS Configuration
On the CIFS page, click the Configuration tab. See information for:
•
Authentication Configuration on page 305
•
Display Share Information on page 306
Authentication Configuration
The information in the Authentication pane changes, depending
on the type of authentication that is configured:
•
Active Directory Configuration on page 305
•
Workgroup Configuration on page 306
Active Directory Configuration
The following Authentication information is displays for Active
Directory configuration:
Item
Description
Mode
The Active Directory mode displays.
Realm
The configured realm displays.
DDNS
The status of the DDNS Server displays: either
enabled or disabled.
Domain Controller
The name of the configured domain controller
displays or a * if all controllers are permitted.
Organizational Unit
The name of the configured organizational
units displays.
CIFS Server Name
The name of the configured CIFS server
displays.
WINS Server Name
The name of the configured WINS server
displays.
Short Domain Name
The short domain name displays.
DD OS 5.2 Administration Guide
305
Workgroup Configuration
The following Authentication information is displays for
Workgroup configuration:
Item
Description
Mode
The Workgroup mode displays.
Workgroup Name
The configured workgroup name displays.
DDNS
The status of the DDNS Server displays: either
enabled or disabled.
CIFS Server Name
The name of the configured CIFS server
displays.
WINS Server Name
The name of the configured WINS server
displays.
Display Share Information
On the CIFS page, click the Shares tab. See information for:
•
Viewing Configured Shares on page 306
•
Viewing Detailed Share Information on page 307
Viewing Configured Shares
By default, the list of configured shares displays, showing the
following:
Item
Description
Share Name
The name of the share (for example, share1).
Share Status
The status of the share: either enabled or
disabled.
Directory Path
The directory path to the share (for example,
/data/col1/backup/dir1).
Note: col1 uses the letter ell followed by the
number 1.
Directory Path Status
The status of the directory path.
•
306
To list information about a specific share, enter the share name
in the Filter by Share Name text box and click Update.
Data Access for CIFS
•
Click Update to return to the default list.
•
To page through the list of shares, click the < and > arrows at
the bottom right of the view to page forward or backward. To
skip to the beginning of the list, click|< and to skip to the end,
click >|.
•
Click the Items per Page drop-down arrow to change the
number of share entries listed on a page. Choices are 15, 30, or
45 entries.
Viewing Detailed Share Information
To see detailed information about a share, click the share name in
the share list. The following detailed information displays:
Item
Description
Share Name
The name of the share (for example, share1).
Directory Path
The directory path to the share (for example,
/data/col1/backup/dir1).
Note: col1 uses the letter ell followed by the
number 1.
Comment
The comment that was configured when the
share was created.
Share Status
The status of the share: either enabled or
disabled.
Number of ACE’s
The number of Access Control Entries.
•
The Clients area lists the clients that are configured to access
the share, along with a client tally beneath the list.
•
The User/Groups area lists the names and type of users or
groups that are configured to access the share, along with a
user or group tally beneath the list.
•
The Options area lists the name and value of configured
options.
DD OS 5.2 Administration Guide
307
Display CIFS Statistics
Enter:
# cifs show detailed-stats
The output shows number of various SMB requests received and
the time taken to process them.
Performing CIFS Troubleshooting
This section provides basic troubleshooting procedures.
Note: The cifs troubleshooting commands provide detailed
information about CIFS users and groups.
Display Clients Current Activity
Enter:
# cifs show active
The output shows shares accessed from a client system, current
data transfer, and locked files.
PID
Username
Group
Machine
568
sysadmin
admin
srvr24 (192.168.1.5)
566
sysadmin
admin
srvr22 (192.168,1,6
Services
PID
Machine
Connected at
ddvar
566
server22
Tues Jan 13 12:11:03 2009
backup
568
server24
Tues Jan 13 12:09:44 2009
The output for locked files provides the following information by
file name or date.
308
PID
Deny Mode
Access
Read/Write
Oplock
566
DENY_WRITE
0x20089
RDONLY
NONE
Data Access for CIFS
PID
Deny Mode
Access
Read/Write
Oplock
566
DENY_ALL
0x30196
WRONLY
NONE
Set the Maximum Open Files on a Connection
Enter:
# cifs option set maxopenfiles value
The value for the maximum number of files that can be open
concurrently on a given connection is an integer from 128 to 59412.
The default is 10000.
If the system runs out of open files, increase the value’s number.
Because each open file requires a certain amount of memory, the
server may run out of memory if you set the value to the
maximum. If a value is not within the accepted range, the system
automatically resets it to 128 or 59412, depending on whether the
value was below 128 or above 59412.
Data Domain System Clock
When using active directory mode for CIFS access, the Data
Domain System clock time can differ by no more than five minutes
from that of the domain controller. The Enterprise Manager
System Settings > General Configuration Configure Time Settings
option synchronizes the clock with a time server.
Because the Windows domain controller obtains the time from an
external source, NTP must be configured. See the Microsoft
documentation on how to configure NTP for the Windows
operating system version or service pack that is running on your
domain controller.
In active directory authentication mode, the Data Domain system
periodically synchronizes the clock with a Windows Active
Directory Domain Controller.
DD OS 5.2 Administration Guide
309
Synchronize from a Windows Domain Controller
Note: This example is for Windows 2003 SP1; substitute your
domain server for the NTP server’s name.
1. On the Windows system, enter commands similar to the
following:
C:\>w32tm /config /syncfromflags:manual
/manualpeerlist: ntp-server-name
C:\>w32tm /config /update
C:\>w32tm /resync
2. After NTP is configured on the domain controller, configure
the time server synchronization, as described in Working with
Time and Date Settings on page 120.
Synchronize from an NTP Server
To synchronize from an NTP server, configure the time server
synchronization, as described in Working with Time and Date
Settings on page 120.
310
Data Access for CIFS
10 Data Access for NFS
Network File System (NFS) clients can have access to the system
directories or MTrees on the Data Domain system.
•
/backup is the default destination for non-MTree compressed
backup server data.
•
The /data/col1/backup path is the root destination when
using MTrees for compressed backup server data.
•
The /ddvar directory contains Data Domain System core and
log files.
Clients, such as backup servers that perform backup and restore
operations with a Data Domain System, need access to the
/backup or /data/col1/backup areas. Clients that have
administrative access need to be able to access the /ddvar
directory to retrieve core and log files.
As part of the initial Data Domain system configuration, NFS
clients were configured to access these areas. This chapter
describes how to modify these settings and how to manage data
access.
Notes:
•
For information about the initial system configuration, see the
DD OS 5.2 Initial Configuration Guide.
•
The nfs command manages backups and restores between
NFS clients and Data Domain systems, and displays NFS
statistics and status. For complete information about the nfs
command, see the DD OS 5.2 Command Reference Guide.
•
For information about setting up third-party clients to use the
Data Domain system as a server, see the related tuning guide,
such as the Solaris System Tuning, which is available from the
Data Domain support Web site. From the Documentation >
DD OS 5.2 Administration Guide
311
Integration Documentation page, select the vendor from the
list and click OK. Select the tuning guide from the list.
This chapter consists of these major topics.
•
Managing NFS Client Access to the Data Domain System on
page 312
•
Displaying NFS Information on page 317
Managing NFS Client Access to the Data
Domain System
Topics for managing NFS include:
•
Enable NFS Services on page 312
•
Disable NFS Services on page 313
•
Create an Export on page 313
•
Modify an Export on page 315
•
Create an Export from an Existing Export on page 316
•
Delete an Export on page 316
Enable NFS Services
To enable NFS services, which allows the client to access the
system using the NFS protocol:
1. Select the Data Domain system from the Navigational tree.
The Summary page for the system displays.
2. Select the Data Management > NFS tabs.
The NFS view showing the Exports tab appears.
3. Click Enable.
312
Data Access for NFS
Disable NFS Services
To disable NFS services, which prevents the client access to the
system using the NFS protocol.
1. Select the Data Domain system from the Navigational tree.
The Summary page for the system displays.
2. Select the Data Management > NFS tabs.
The NFS view showing the Exports tab appears.
3. Click Disable.
Create an Export
You can use Enterprise Manager’s Create button on the NFS view
or the Configuration Wizard to specify the NFS clients that can
access the /backup, /data/col1/backup, and /ddvar areas.
Note: You have to assign client access to each export separately
and to remove access from each export separately. For example, a
client can be removed from /ddvar and still have access to
/data/col1/backup.
Caution: If Replication is to be implemented, a single destination
Data Domain system can receive backups from both CIFS clients
and NFS clients as long as separate directories or MTrees are used
for each. Do not mix CIFS and NFS data in the same area.
1. Select the Data Domain system from the Navigational tree.
The Summary page for this system is displayed.
2. Select the Data Management > NFS tabs.
The NFS view showing the Exports tab appears.
3. Click Create.
The Create NFS Exports dialog box appears.
4. Enter the pathname in the Directory Path text box (for example,
/data/col1/backup/dir1).
Note: col1 uses the letter ell followed by the number 1.
DD OS 5.2 Administration Guide
313
5. In the Clients area, select an existing client or click the + icon to
create a client.
The Clients dialog box appears.
a. Enter a server name in the text box.
Enter fully qualified domain names, hostnames, or IP
addresses. A single asterisk (*) as a wild card indicates that
all backup servers are to be used as clients.
Note: Clients given access to the /data/col1/backup
directory have access to the entire directory. A client given
access to a subdirectory of /data/col1/backup has access
only to that subdirectory.
-
A client can be a fully-qualified domain hostname,
class-C IP addresses, IP addresses with either netmasks
or length, an NIS netgroup name with the prefix @, or
an asterisk (*) wildcard with a domain name, such as
*.yourcompany.com.
A client added to a subdirectory under
/data/col1/backup has access only to that subdirectory.
-
Enter an asterisk (*) as the client list to give access to all
clients on the network.
b. Select the checkboxes of the NFS options for the client.
-
Read-only permission.
-
(Default) Requires that requests originate on an Internet
port that is less than IPPORT_RESERVED (1024).
-
Map requests from uid or gid 0 to the anonymous uid or
gid.
-
Map all user requests to the anonymous uid or gid.
-
Use default anonymous UID or GID.
c. Click OK.
6. Click OK to create the export.
314
Data Access for NFS
Modify an Export
1. Select the Data Domain system from the Navigational tree.
The Summary page for this system is displayed.
2. Select the Data Management > NFS tabs.
The NFS view showing the Exports tab appears.
3. Click the checkbox of an export in the NFS Exports table.
4. Click Modify.
The Modify NFS Exports dialog box appears.
5. Modify the pathname in the Directory Path text box.
6. In the Clients area, select another client or click the + icon to
create a client.
The Clients dialog box appears.
a. Enter a server name in the text box.
Enter fully qualified domain names, hostnames, or IP
addresses. A single asterisk (*) as a wild card indicates that
all backup servers are to be used as clients.
Note: Clients given access to the /data/col1/backup
directory have access to the entire directory. A client given
access to a subdirectory of /data/col1/backup has access
only to that subdirectory.
-
A client can be a fully-qualified domain hostname,
class-C IP addresses, IP addresses with either netmasks
or length, an NIS netgroup name with the prefix @, or
an asterisk (*) wildcard with a domain name, such as
*.yourcompany.com.
A client added to a subdirectory under
/data/col1/backup has access only to that subdirectory.
-
Enter an asterisk (*) as the client list to give access to all
clients on the network.
b. Select the checkboxes of the NFS options for the client.
-
Read-only permission.
DD OS 5.2 Administration Guide
315
-
(Default) Requires that requests originate on an Internet
port that is less than IPPORT_RESERVED (1024).
-
Map requests from uid or gid 0 to the anonymous uid or
gid.
-
Map all user requests to the anonymous uid or gid.
-
Use default anonymous UID or GID.
c. Click OK.
7. Click OK to modify the export.
Create an Export from an Existing Export
To create an export from an existing export, and then modify as
needed:
1. In the NFS Exports table, click the checkbox of the export you
wish to use as the source .
2. Click Create From.
The Create NFS Export From dialog box appears.
3. Modify the export information, as described in Modify an Export
on page 315.
Delete an Export
To delete an export:
1. In the NFS Exports table, click the checkbox of the export you
wish to delete .
2. Click Delete.
The Warning dialog box appears.
3. Click OK and Close to delete the export.
316
Data Access for NFS
Displaying NFS Information
You can use the Data Domain Enterprise Manager to monitor
NFS client status and NFS configuration:
•
View NFS Status on page 317
•
View NFS Exports on page 317
•
View Active NFS Clients on page 318
View NFS Status
1. Log in to the Enterprise Manager.
2. Select the Data Domain system in the Navigational tree.
3. Click the Data Management > NFS tabs.
The top pane shows the operational status of NFS, for example,
NFS is currently active and running.
View NFS Exports
To see the list of clients allowed to access the Data Domain System:
1. Log in to the Enterprise Manager.
2. Select the Data Domain system in the Navigational pane.
3. Select the Data Management > NFS tabs.
The Exports view shows a table of NFS exports that are
configured for Data Domain System and the mount path,
status, and NFS options for each export.
4. Click an export in the table to populate the Detailed
Information area, below the Exports table.
In addition to the export’s directory path, configured options,
and status, a list of clients displays.
DD OS 5.2 Administration Guide
317
View Active NFS Clients
1. Log in to the Enterprise Manager.
2. Select the Data Domain system in the Navigational pane.
3. Select the Data Management > NFS > Active Clients tabs.
The Active Clients view displays, showing all clients that have
been connected in the past 15 minutes and their mount path.
Use the Filter By text boxes to sort by mount path and client
name.
318
Data Access for NFS
11 Data Access for DD Boost
This chapter describes how to use the Enterprise Manager to
manage and monitor an installed Data Domain Boost (DD Boost)
software option, and consists of the following major topics.
•
About Data Domain DD Boost Software on page 319
•
Working with DD Boost on page 320
•
Monitoring DD Boost on page 331
Notes:
•
DD Boost software is an optional product that requires a
license to operate on the Data Domain system. You can
purchase a DD Boost software license key for a Data Domain
system directly from Data Domain.
•
This chapter does not contain installation instructions. For
complete information about setting up DD Boost with
Symantec backup applications (NetBackup and Backup Exec),
see the Data Domain Boost for OpenStorage Administration Guide.
For EMC NetWorker, refer to the EMC NetWorker
documentation.
•
Additional in-depth information about configuring and
managing DD Boost on the Data Domain system can be found
in the ddboost chapter of the DD OS 5.2 Command Reference
Guide.
About Data Domain DD Boost Software
DD Boost software enables backup servers to communicate with
storage systems without the need for Data Domain systems to
emulate tape. There are two components to DD Boost: one
component that runs on the backup server and another that runs
on the Data Domain system.
DD OS 5.2 Administration Guide
319
•
In the context of the EMC NetWorker backup application, the
component that runs on the backup server (DD Boost libraries)
is integrated into the NetWorker storage node.
•
In the context of Symantec backup applications (NetBackup
and Backup Exec), you need to download an appropriate
version of the DD Boost SDK that is installed on each media
server. The DD Boost SDK includes the DD Boost libraries for
integrating with the DD Boost server running on the Data
Domain system.
A Data Domain system can be a single Data Domain system, a
gateway, or a Global Deduplication Array.
The backup application (NetWorker, NetBackup or Backup Exec)
sets policies that control when backups and duplications occur.
Administrators manage backup, duplication, and restores from a
single console and can use all of the features of DD Boost,
including WAN-efficient replicator software. The application
manages all files (collections of data) in the catalog, even those
created by the Data Domain system.
The Data Domain system exposes pre-made disk volumes called
storage units to a DD Boost-enabled backup server. Multiple
backup servers, can use the same storage unit on a Data Domain
system as a storage server. Each backup server can run a different
operating system, provided that it is supported by Data Domain.
Working with DD Boost
To start working with the DD Boost using the Enterprise Manager:
1. Select the Data Domain system in the Navigational Pane.
2. Verify that the file system is enabled and running by clicking
Data Management > File System and checking the state.
3.
If you go to the DD Boost page without a license, you are
prompted to add the license.
4. Click Data Management > DD Boost tabs to access the DD
Boost view.
The DD Boost Settings tab is displayed.
320
Data Access for DD Boost
5. Set or Modify the DD Boost user (see Set or Modify a DD Boost
User Name on page 321).
6. Enable DD Boost (see Enable DD Boost on page 322).
7. Create a storage unit (see Create a Storage Unit on page 323).
Tasks you can perform to manage DD Boost and include:
•
Set or Modify a DD Boost User Name on page 321
•
Enable DD Boost on page 322
•
Disable DD Boost on page 323
•
Create a Storage Unit on page 323
•
Delete a Storage Unit on page 324
•
Clear DD Boost Statistics on page 324
•
DD Boost Options on page 325
•
About Interface Groups on page 327
•
Create Interface Groups on page 328
•
Destroy DD Boost on page 331
•
About the DD Boost Tabs on page 331
•
Checking Interface Groups and Clients on page 335
Set or Modify a DD Boost User Name
A DD Boost user is a Data Domain user. Before setting the DD
Boost user access, the username and password must have already
been set up on the Data Domain system. See Managing Access to the
System on page 97 for more information.
•
Backup applications use this user’s credentials to connect to the
Data Domain System. You must add the credentials to each
backup server that connects to this Data Domain System. For
complete information about setting up DD Boost with
Symantec backup applications, NetBackup and Backup Exec,
see the Data Domain Boost for OpenStorage Administration Guide.
For NetWorker, refer to the EMC NetWorker documentation.
DD OS 5.2 Administration Guide
321
When DD Boost is enabled, a DD OS administrative user can set or
change to another DD Boost user. Only one DD Boost user can
operate DD Boost at a time.
To set or modify the DD Boost user name:
1. In the DD Boost Settings tab, click Add or Modify in the DD
Boost User area.
The Set or Modify DD Boost User Name dialog box is
displayed.
2. To add a user, select New User.
a. Enter the user name in the DD Boost User Name text field.
The user must be configured in the backup application to
connect to the Data Domain system.
b. Enter the password twice in the text fields.
c. Select the role for the user: admin, user, backup-operator,
or data-access.
3. To switch to a user that has already been added, select Existing
User and select the user name from the menu.
4. Click OK.
Enable DD Boost
DD Boost cannot be enabled without a DD Boost user. If you try to
enable DD Boost without a user, you are asked to select one.
To enable DD Boost:
1. In the DD Boost Settings tab, click Enable in the DD Boost
Status area.
The Enable DD Boost dialog box is displayed.
2. Select an existing user name from the menu, or add a new user
by supplying the name, password, and role.
322
Data Access for DD Boost
Disable DD Boost
Disabling DD Boost drops all active connections to the backup
server.
Note: Ensure there are no jobs running from your backup
application before disabling.
To disable DD Boost:
1. In the DD Boost Settings tab, click Disable in the DD Boost
Status area.
2. Click OK in the Disable DD Boost confirmation dialog box.
Create a Storage Unit
You need to create at least one storage unit on the Data Domain
system.
Each storage unit is a top-level subdirectory of the /data/col1
directory; there is no hierarchy among storage units.
To create a storage unit:
1. Click the storage unit tab.
2. Click Create Storage Unit.
The Create Storage Unit dialog box is displayed.
3. Enter the storage unit name in the Name text field.
Each storage unit name must be unique.
4. To set storage space restrictions to prevent a storage unit from
consuming excess space: enter either a soft or hard limit quota
setting, or both a hard and soft limit. With a soft limit an alert is
sent when the storage unit size exceeds the limit, but data can
still be written to it. Data cannot be written to the storage unit
when the hard limit is reached.
Note: Quota limits are pre-compressed values.
To set quota limits, select Set to Specific value and enter the
value. Select the unit of measurement: MiB, GiB, TiB, or PiB.
DD OS 5.2 Administration Guide
323
Note: When setting both soft and hard limits, a quota’s soft
limit cannot exceed the quota’s hard limit.
5. Click OK.
6. Repeat the above steps for each Data Domain Boost-enabled
system.
Delete a Storage Unit
Deleting a storage unit removes all images contained in the storage
unit.
To delete a storage unit:
1. Click the Storage Unit tab.
2. In the Storage Unit Name list, select the storage unit you want
to delete.
3. Click Delete Storage Unit.
4. Enter the system administration password, and click OK.
The storage unit is removed from your Data Domain system. You
must also manually remove the corresponding backup application
catalog entries.
Clear DD Boost Statistics
When this option is used, all DD Boost statistics are removed from
the system and cannot be recovered.
Note: DD Boost must be enabled for statistics to be removed.
To clear DD Boost statistics:
1. From the Statistics area of the Statistic tab, click the Clear
Statistics button.
The Clear DD Boost Statistics dialog box is displayed.
2. Click OK.
324
Data Access for DD Boost
DD Boost Options
There are three DD Boost options:
•
Distributed Segment Processing on page 325
•
Low Bandwidth Optimization on page 326
•
File Replication Encryption on page 326
•
Virtual Synthetics on page 326
To enable or disable a DD Boost option:
1. From the More Tasks menu on the DD Boost page, select Set
Options.
2. Select any option to be enabled.
3. Deselect any option to be disabled.
4. Click OK.
Distributed Segment Processing
Distributed segment processing increases backup throughput in
almost all cases by eliminating duplicate data transmission
between the media server and the Data Domain system.
Notes:
•
You can also manage distributed segment processing via the
ddboost option commands, which are described in detail in
the DD OS 5.2 Command Reference Guide.
•
Distributed segment processing is enabled by default on a
system initially installed with DD OS 4.8. If a system is
upgraded from DD OS 4.6.x or 4.7.x to DD OS 4.8, and the DD
Boost license is installed at the time of the upgrade, distributed
segment processing is not automatically enabled.
•
Distributed segment processing is enabled by default on
Global Deduplication Array configurations and cannot be
disabled.
DD OS 5.2 Administration Guide
325
Low Bandwidth Optimization
Customers who utilize file replication over a low-bandwidth
network (WAN) can increase replication speed by using low
bandwidth optimization. This feature provides additional
compression during data transfer. Low bandwidth compression is
available to Data Domain systems with an installed Replication
license.
Low-bandwidth optimization, which is disabled by default, is
designed for use on networks with less than 6 Mbps aggregate
bandwidth. Do not use this option if maximum file system write
performance is required.
Note: You can also manage low bandwidth optimization via the
ddboost file-replication commands, which are described in
detail in the DD OS 5.2 Command Reference Guide.
File Replication Encryption
You can encrypt the data replication stream by enabling its DD
Boost Option.
Note: For encryption other than for systems with the Data at Rest
option: If DD Boost file-replication encryption is set to on, it must
be set to on for both the source and destination systems.
Managed File Replication TCP Port Setting
For DD Boost managed file replication, set the global listen port the
same on both the source and target Data Domain systems. Use the
replication option command for the listen-port to manage
this setting as described in the DD OS 5.2 Command Reference Guide.
Virtual Synthetics
The virtual synthetic full is the combination of the last full
(synthetic or full) backup and all subsequent incremental backups.
Virtual synthetics are disabled by default and should be enabled
before configuring the backup application for use.
Note: Virtual synthetics are not supported on Global
Deduplication Array configurations.
326
Data Access for DD Boost
Virtual synthetics are managed via the ddboost options
commands, which are described in detail in the DD OS 5.2
Command Reference Guide.
About Interface Groups
Configuring an interface group creates a private network within
the Data Domain system, comprised of the IP addresses
designated as a group. Clients are assigned to a single group by
specifying client name (client.emc.com) or wild card name
(*.emc). The group interface uses the Advanced Load Balancing
and Failover feature to improve data transfer performance and
increase reliability.
For example, in the Symantec NetBackup environment, media
server clients use a single public network IP address to access the
Data Domain system. All communication with the Data Domain
system is initiated via this administered IP connection, which is
configured on the NetBackup server.
If an interface group is configured, when the Data Domain system
receives data from the media server clients, the data transfer is
load-balanced and distributed on all the interfaces in the group,
providing higher input/output throughput, especially for
customers who use multiple 1 GigE connections.
The data transfer is load-balanced based on the number of
connections outstanding on the interfaces. Only connections for
backup and restore jobs are load-balanced. Check the Active
Connections for more information on the number of outstanding
connections on the interfaces in a group (see Checking Activities on
page 333 for details).
Should an interface in the group fail, all the in-flight jobs to that
interface are automatically resumed on healthy operational links
(unbeknownst to the backup applications). Any jobs that are
started subsequent to the failure are also routed to a healthy
interface in the group. If the group is disabled or an attempt to
recover on an alternate interface fails, the administered IP is used
for recovery. Failure in one group will not utilize interfaces from
another group.
DD OS 5.2 Administration Guide
327
Notes:
•
The IP address must be configured on the Data Domain
system, and its interface enabled. To check the interface
configuration, see the Network Settings tab in the Hardware >
Network page, and check for free ports. See the net chapter of
the DD OS 5.2 Command Reference Guide or the DD OS 5.2 Initial
Configuration Guide for information about configuring an IP
address for an interface.
•
A client or wild card client must be configured on the Data Domain system for each group. See the net chapter of the DD OS 5.2
Command Reference Guide or the DD OS 5.2 Initial Configuration
Guide for information about how to configure a client.
•
You can also manage Advanced Load Balancing and Failover
via the ddboost ifgroup commands, which are described in
detail in the DD OS 5.2 Command Reference Guide.
Configured interfaces are listed in Active Connections, on the
lower portion of the Activities page (see Checking Activities on
page 333).
The management options for interfaces are:
•
Create Interface Groups on page 328
•
Enable/Disable an Interface Group on page 329
•
Modify an Interface Group’s Name/Interfaces on page 330
•
Delete a Client from the Interface Group on page 330
•
Modify a Client’s Name or Interface Group on page 330
Create Interface Groups
Use this option to select the interfaces that are used in interface
groups. Multiple interface groups improve the efficiency of DD
Boost by allowing you to do the following:
328
•
Configure DD Boost to use specific interfaces configured into
groups.
•
Assign clients to one of those interface groups.
•
Monitor which interfaces are active with DD Boost clients.
Data Access for DD Boost
First create interface groups. then add clients (as new media
servers become available) to an interface group:
Follow these steps:
1. Select the plus sign (+) button associated with interface groups.
2. Enter the interface group name.
3. Select one or more interfaces. A maximum of 32 interfaces can
be configured.
Note: Depending upon aliasing configurations, some
interfaces may not be selectable if they are sharing a physical
interface with another interface in the same group. This is
because each interface within the group must be on a different
physical interface to ensure fail-over recovery.
4. Click OK.
5. Select the plus sign (+) button associated with clients.
6. Enter a fully qualified client name or *.mydomain.com.
Note: The * client is initially available to the default group. The
* client may only be a member of one ifgroup.
7. Select a previously configured interface group, and click OK.
Delete an Interface Group
To delete the interface group, which also deletes all associated
interfaces and clients:
1. On the IP Network page, select the interface group in the list.
The default group cannot be deleted.
2. Click the associated delete (X) button.
3. Confirm the deletion.
Enable/Disable an Interface Group
1. On the IP Network page, select the interface group in the list.
Note: If the interface group does not have both clients and
interfaces assigned, you cannot enable the group.
DD OS 5.2 Administration Guide
329
2. Click the associated modify (pencil) button.
3. Select the Enabled button to enable; deselect to disable.
4. Click OK.
Modify an Interface Group’s Name/Interfaces
1. On the IP Network page, select the interface group in the list.
2. Click the associated modify (pencil) button.
3. Retype the name to modify the name.
The group name must be one to 24 characters long and contain
only letters, numbers, underscores, and dashes. It cannot be the
same as any other group name and cannot be default, yes, no, or
all.
4. Select or deselect client interfaces in the Interfaces list.
Note: If you remove all interfaces from the group, it will be
automatically disabled.
5. Click OK.
Delete a Client from the Interface Group
Note: To delete a client from the interface group:
1. On the IP Network page, select the client in the list.
2. Click the associated delete (X) button.
Note: If the interface group to which it belongs has no other
clients, the interface group is disabled.
3. Confirm the deletion.
Modify a Client’s Name or Interface Group
To modify the name or interface group for a client:
1. On the IP Network page, select the client in the list.
2. Click the associated modify (pencil) button.
3. Type a new client name.
330
Data Access for DD Boost
Client names must be unique and either FQDN, *.domain, or
for the default group only, an asterisk (*). Client names have a
maximum length of 128 characters.
4. Select a new interface group from the menu.
Note: The old interface group is disabled if it has no clients.
5. Click OK.
Destroy DD Boost
This option permanently removes all of the data (images)
contained in the storage units.
Only an administrative user can destroy DD Boost.
1. Manually remove (expire) the corresponding backup
application catalog entries.
Note: If multiple backup applications are using the same Data
Domain system, then remove all entries from each of those
applications’ catalogs.
2. From the More Tasks menu, select Destroy DD Boost.
3. Enter your administrative credentials when prompted.
4. Click OK.
Monitoring DD Boost
To check DD Boost status and activity, look at the Settings and
other tabs, described in the following sections:
About the DD Boost Tabs
Tabs include:
•
Settings
•
Active Connections (see Checking Activities on page 333)
•
IP Network (see Checking Interface Groups and Clients on
page 335).
•
Storage Units (see Checking Storage Units on page 335)
DD OS 5.2 Administration Guide
331
•
File Replication Stats (see Checking File Replication Stats on
page 337)
Note: The tab name has been abbreviated to File Repl Stats.
•
Statistics (see Checking DD Boost Statistics on page 338)
Settings
The Settings tab shows the DD Boost status (Enabled or Disabled)
and the name of the DD Boost user. Use the Status button to switch
between Enabled or Disabled. Use the Modify button to select
another authorized user.
The Settings tab lists the allowed clients and shows whether or not
the Advanced Options are enabled or disabled. You can change the
status of these options via More Tasks > Set Options.
Also use this tab to set up the media servers that have access to DD
Boost protocol. See Set Up Media Servers on page 332.
Set Up Media Servers
Use the Allowed Clients section of the Settings tab to control the
number of clients with access to the DD Boost protocol. A
maximum of three media servers is allowed.
To create access clients, or modify existing client’s names:
1. From the DD Boost tab, click the Settings tab.
2. Delete the * client by selecting it and then clicking the
associated delete (X) button. Click OK.
3. Click the plus sign (+) button to add a new client.
4. Enter the client name and click OK to add the client. The list
refreshes to show the new client.
Client names must be unique and either FQDN, *.domain, or
for the default group only, an asterisk (*). Client names have a
maximum length of 128 characters.
332
Data Access for DD Boost
5. To modify an existing client name, click the Modify (pencil)
button and enter a new name.
6. Add the client names for the other two media servers.
Checking Activities
The Active Connections page list the following information:
•
Clients—Shows the following information for a connected
client.
Item
Description
Client
The name of the connected client.
Idle
Whether the client is idle (Yes) or not (No).
CPUs
The number of CPUs that the client has, such
as 8.
Memory (GiB)
The amount of memory (in GiB) the client has,
such as 7.8.
Plug-In Version
The DD Boost plug-in version installed, such
as 2.2.1.1.
OS Version
The operating system version installed, such
as Linux 2.6.1 7-1.2142_FC4smp x86_64.
Application Version
The backup application version installed, such
as NetBackup 6.5.6.
DD OS 5.2 Administration Guide
333
•
Interfaces—Shows the following information about configured
interface connections:
Item
Description
Interface
The IP address of the interface.
Interface Group
One of the following:
• The name of the interface group.
• None, if not a member of one.
• N/A if a GDA interconnect interface.
Backup
The number of active backup connections.
Restore
The number of active restore connections.
Replication
The number of active replication connections.
Total
The total number of connections for the
interface.
•
334
Out-Bound File Replications—Shows the following
information for out-bound files:
Out-bound Files Item
Description
File Name
The name of the out-going image file.
Target Host
The name of the host receiving the file.
Logical Bytes to
Transfer
The number of logical bytes to be transferred.
Logical Bytes
Transferred
The number of logical bytes already
transferred.
Low Bandwidth
Optimization
The number of low-bandwidth bytes already
transferred.
Data Access for DD Boost
Checking Interface Groups and Clients
The IP Network tab lists configured interface groups. Details
include whether or not a group is enabled, and any configured
client interfaces. The administrator can also use the Interface
Group menu to view which clients are associated with an interface
group.
Checking Storage Units
The Storage Unit page provides a button to Create a storage unit
and a button to delete one or more selected storage units. It lists the
names of the storage units that have been created at the top of the
page. For more information about any storage unit, select it in the
list, which displays its details.
Details for a Storage Unit include:
Item
Description
Existing Storage Units
Storage Unit Name
The name of the storage unit.
Pre-Comp Used
The amount of pre-compressed storage
already used.
Pre-Comp Soft Limit
Current value of soft quota set for the storage
unit.
% of Pre-Comp Soft
Limit Used
Percentage of hard limit quota used.
Pre-Comp Hard Limit
Current value of hard quota set for the storage
unit.
% of Pre-Comp Hard
Limit Used
Percentage of hard limit quota used.
Storage Unit Details
Select the storage unit in the list.
Total Files
The total number of file images on the storage
unit.
Download Files
Link to download storage unit file
details in .tsv format. You must allow pop-ups
to use this function.
Compression Ratio
The compression ratio achieved on the files.
DD OS 5.2 Administration Guide
335
Item
Description
Metadata Size
The amount of space used for metadata
information.
Storage Unit Status
The current status of the storage unit
(combinations are supported). Status can be:
• D—Deleted
• RO—Read-only
• RW—Read/write
• RD—Replication destination
• RLE—Retention lock enabled
• RLD—Retention lock disabled
336
Quota Enforcement
Click Quota to go to the Data Management
Quota page, which lists hard and soft quota
values/percentage used by MTrees.
Quota Summary
******************************************
Original Size
The size of the file before compression was
performed.
Global Compression
Size
The total size after global compression of the
files in the storage unit when they were
written.
Locally Compressed
Size
Total size after local compression of the files
in the storage unit when they were written.
Data Access for DD Boost
Checking File Replication Stats
The File Replication Stats page lists detailed summary information
about inbound and outbound traffic in the top panes. Below that,
use the filtering controls to list a historical summary of File
Replication statistics.
The top panes list the following for both in-bound and out-bound
data:
Item
Description
Direction
Which way the data is traveling: inbound or
outbound.
Network bytes
The number of network bytes.
Pre-comp bytes
The number of bytes before compression.
Bytes after filtering
The number of bytes after filtering.
Bytes after Low-bwoptim
The number of bytes after low-bandwidth
optimization.
Bytes after local comp
The number of bytes after local compression
was performed.
Compression ratio
The compression ratio achieved.
The History area lists the following information:
Item
Description
Data Time
The date and time of the summary.
Direction
The direction the is data travelling: inbound
or outbound.
Pre-comp (KiB)
The number of KiBs before compression.
Post-comp (KiB)
The number of KiBs after compression.
Network (KiB)
The number of network KiBs.
Low Bandwidth
Optimization
The effective optimization ratio, if enabled.
Number of Errors
The number of errors that occurred in the
transmission.
DD OS 5.2 Administration Guide
337
Checking DD Boost Statistics
The DD Boost Statistics page has a button in the Statistics area you
can click to Clear Statistics.
This page covers these categories of statistics:
•
Histogram Statistics on page 338
•
Statistics on page 338
•
File Statistics on page 338
Histogram Statistics
This area displays the latencies of DD Boost operations in the form
of a histogram that Data Domain can use to analyze performance.
Statistics
Statistics list count and error amounts for DD Boost operations.
File Statistics
File statistics list count and error amounts for the following:
338
•
File creates
•
File deletes
•
Pre-compressed bytes received
•
Bytes after filtering
•
Bytes after local compression
•
Network bytes received
•
Compression Ratio
•
Total bytes read
Data Access for DD Boost
12 Working with VTL
This chapter includes the following topics:
•
About the Virtual Tape Library (VTL) Feature on page 339
•
Planning a Virtual Tape Library on page 341
•
About the Enterprise Manager VTL Interface on page 345
•
Setting Up a Virtual Tape Library on page 346
•
Working with the VTL Service Operations on page 346
•
Working with Access Groups on page 375
•
Working with Physical Resources on page 386
•
Working with Storage Pools on page 395
About the Virtual Tape Library (VTL) Feature
Using the Data Domain VTL feature, backup applications can
connect to and manage Data Domain system storage as if it were a
tape library. All of the functionality generally supported by a
physical tape library is available with a Data Domain system
configured as a VTL. The movement of media changer and backup
images are managed by backup software and not by the Data
Domain system configured as VTL.
Virtual tape drives are accessible to backup software in the same
way physical tape drives are. Once drives are created in the VTL,
they appear to the backup software as SCSI tape drives. A virtual
tape library appears to the backup software as a SCSI robotic
device accessed through standard driver interfaces.
When DR is needed, pools and tapes can be replicated to a remote
Data Domain system using the Data Domain Replicator. See
Replicate VTL Pools on page 401 for details.
DD OS 5.2 Administration Guide
339
To protect data on tapes from modification, tapes can be locked
using the Retention Lock Governance software only. See Change
Read, Write, or Retention Lock State on page 367.
Some terms that are important for working with VTL are:
•
Library—Emulates a physical tape library with tape drives,
changer, CAPs (cartridge access ports) and slots (cartridge
slots).
•
Tapes—Tapes are represented in the system as files. Tapes can
be exported or imported from a vault to the library. Tapes can
be moved within a library across drives, slots, and CAPs.
•
Pool—A collection of tapes that map to a directory on the file
system. A pool is used to replicate tapes to a destination.
Note: You can convert VTL pools to MTrees to take advantage
of MTree’s greater functionality.
•
Vault—Tapes that are not being used by any library are in the
vault. Tapes reside in either a library or the vault.
Data Domain VTL has been tested and is supported with specific
backup software and hardware configurations that are listed in the
VTL matrices. For specific backup software and hardware
configurations tested and supported by Data Domain, see
Application Compatibility Matrices and Integration Guides on page 38.
Data Domain VTL supports simultaneous use of tape library and
file system (NFS/CIFS/DD Boost) interfaces.
340
Working with VTL
Planning a Virtual Tape Library
Before starting to use Data Domain VTL, you need:
•
A license.
VTL is a licensed feature. See your Data Domain sales
representative to purchase a license.
See the section Managing System Licenses on page 58 for
instructions to activate the license.
Note: Some configuration functions are available without a
VTL license, but a license is required to perform any
configuration or functions that involve the Fibre Channel.
Adding a VTL license via the Enterprise Manager
automatically disables and enables VTL. If you add a VTL
license via the command line, you must disable and enable
VTL in order to use Fibre Channel-related commands.
•
An installed Fibre Channel (FC) interface card or VTL
configured to use NDMP.
Note: NDMP is not supported on DD Extended Retention. (
If the VTL communication between a backup server and a Data
Domain system is through a Fibre Channel interface, the Data
Domain system must have a Fibre Channel interface card
installed.
If the VTL communication between a backup server and a Data
Domain system is through NDMP, no FC is required, and the
Tape Server Access Group is configured. Also, when using
NDMP, all initiator and port functionality does not apply. See
Configure the NDMP Device TapeServer Group on page 382.
•
A backup software minimum record (block) size.
Data Domain strongly recommends that backup software be
set to use a minimum record (block) size of 64 KiB or larger.
Larger sizes usually give faster performance and better data
compression.
Caution:If you change the size after initial configuration, data
written with the original size becomes unreadable.
DD OS 5.2 Administration Guide
341
•
User access to the system
User login can be used for basic tape operations and
monitoring. Sysadmin login is needed to enable and configure
the VTL service and to perform other configuration.
Number of Supported Tape Drives and Data
Streams
The maximum number of tape drives supported is dependent on
the amount of memory installed in your Data Domain system.
•
Data Domain systems with 4 GB of memory (DD4xx, DD510
and DD530) can have a maximum of 64 tape drives per system.
•
Data Domain systems with more than 4 GB up to 38 GB of
memory (DD560 to DD690 models) can have a maximum of
128 tape drives per system.
•
Data Domain systems with more than 38 GB up to 128 GB of
memory (DD880 and DD890 models) can have a maximum of
256 tape drives per system.
•
Data Domain systems with 128 GB of memory (DD990 model)
can have a maximum of 256 tape drives per system.
•
Data Domain systems with more than 128 GB of memory
(DD990 model) can have a maximum of 540 tape drives per
system.
See Table 5-1, Data Streams Sent to a Data Domain System in DD OS 5.2,
on page 189 for the maximum stream limit for each Data Domain
system.
Limitations
The following limitations should be considered when planning a
virtual tape library:
342
•
Libraries—A maximum of 64 libraries per system are
supported (that is, 64 concurrently active virtual tape library
instances on each Data Domain system).
•
Drives and Data Streams—See Number of Supported Tape Drives
and Data Streams on page 342.
Working with VTL
•
Initiators—A maximum of 128 initiators or WWPNs can be
added to an access group.
•
Slots—Maximum number of slots in the library:
•
•
32,000 slots per library
•
64,000 slots per system
•
The system automatically adds slots to keep number of
slots equal to or greater than the number of drives.
CAPs—Maximum number of cartridge access ports (CAPs):
•
100 CAPs per library
•
1000 CAPs per system
About Tape Barcodes
When a tape is created, you assign a bar code that is a unique
identifier of that tape.
The eight-character barcode must start with six numeric or uppercase alphabetic characters (from the set {0-9, A-Z}) and end in a
two-character tag for the supported LT0-1, LT0-2, and LT0-3 tape
type.
Tape Code
Capacity
Tape Type
L1
100 GiB
LTO-1
L2
200 GiB
LTO-2
L3
400 GiB
LTO-3
LAa
50 GiB
LTO-1
LB
30 GiB
LTO-1
LC
10 GiB
LTO-1
a. For TSM, use the L2 tape code if the LA code is ignored.
These capacities are the default sizes used if the capacity option is
not included when creating the tape cartridge. If a capacity value is
included, then it overrides the two-character tag.
The numeric characters immediately to the left of L set the number
for the first tape created. To make use of automatic incrementing of
DD OS 5.2 Administration Guide
343
the barcode when creating more than one tape, Data Domain
numbering starts at the sixth character position, just before L. If
this is a digit, then the system increments it. If an overflow occurs
(9 to 0), numbering moves one position to the left. If the next
character to increment is an alphabetic character, incrementation
stops.
For example, a barcode of ABC100L1 starts numbering the tapes at
100 and can go to a maximum of 999.
A few representative sample barcodes:
•
000000L1 creates tapes of 100 GiB capacity and can accept a
count of up to 100,000 tapes (from 000000 to 99999).
•
AA0000LA creates tapes of 50 GiB capacity and can accept a
count of up to 10,000 tapes (from 0000 to 9999).
•
AAAA00LB creates tapes of 30GiB capacity and can accept a
count of up to 100 tapes (from 00 to 99).
•
AAAAAALC creates one tape of 10 GiB capacity. Only one
tape can be created with this name.
•
AAA350L1 creates tapes of 100 GiB capacity and can accept a
count of up to 650 tapes (from 350 to 999).
•
000AAALA creates one tape of 50 GiB capacity. Only one tape
can be created with this name.
•
5M7Q3KLB creates one tape of 30 GiB capacity. Only one tape
can be created with this name.
Note: Data Domain recommends creating tapes with unique
barcodes only. Duplicate bar codes in the same tape pool create an
error. Although no error is created for duplicate barcodes in
different pools, duplicate bar codes may cause unpredictable
behavior in backup applications.
344
Working with VTL
About the Enterprise Manager VTL Interface
1. To open the VTL page, select a system from the Navigational
pane.
2. Click the Data Management > VTL tabs.
The VTL page appears:
Click a Stack Menu button
to expose a tree view.
The Informational pane presents detailed
information about the selected item.
The VTL page provides the following views of the tape storage,
which are accessed by clicking a Stack menu button:
•
Virtual Tape Libraries
•
Access Groups
•
Physical Resources
•
Pools
The Stack menu is a stack of individual menus; clicking a button
brings it to the top of the stack and reveals its elements. Clicking an
DD OS 5.2 Administration Guide
345
element (for example, a library within the Virtual Tape Libraries,
or a drive within that library) displays informational content
specific to that element in the Informational pane.
The More Tasks menu (when it is available) lists operations that
can be performed on the object selected in Stack menu. Available
operations differ, depending on the item that is selected.
Setting Up a Virtual Tape Library
If you haven’t already done so, use the Configuration Wizard to set
up a simple VTL. See the DD OS 5.2 Initial Configuration Guide for
details.
Then follow these procedures:
•
Enable VTL on page 349
•
Create a Library on page 351
•
Create Tapes on page 367
•
Import Tapes on page 360
Working with the VTL Service Operations
In the stack menu, click Virtual Tape Libraries > VTL Service.
The VTL Service area is where you perform basic VTL operations,
which include:
346
•
View the VTL Service Informational Pane on page 347
•
Enable VTL on page 349
•
Disable VTL on page 349
•
Configure VTL Options on page 349
•
Working with Libraries on page 350
•
Working with the Vault on page 373
Working with VTL
View the VTL Service Informational Pane
The Virtual Tape Libraries > VTL Service page includes the:
•
Operational Status on page 347
•
Compression Tab on page 348
•
Options Tab on page 348
Operational Status
At the top left of the Informational pane, a two-part status code
displays, for example, Enabled:Running shown in a color coded to
the status.
As well, the license status displays. Licensed is color-coded in
green, and Not Licensed is color-coded in red. If not licensed, a
link labeled Add License displays to allow adding the license
directly from this area.
The first part of the status code can be Enabled (On) or Disabled
(Off). The possible states after the colon are:
State
Description
Running
The VTL process is enabled and active.
The status color is green.
Starting
The VTL process is being started.
Stopping
The VTL process is being shut down.
Stopped
The VTL process is disabled. The status
color is red.
Timing out
The VTL process crashed and is
attempting an automatic restart.
Stuck
After a number of VTL process automatic
restarts fail, the process is not able to shut
down normally and attempts to kill the
failed process.
DD OS 5.2 Administration Guide
347
Compression Tab
The Compression tab displays the following information:
Item
Description
Duration
The interval of time for the following items.
Pre-Compression
The amount of pre-compressed data written to
the VTL in this time duration.
Post-Compression
The amount of post-compressed data that was
actually written to disk.
Compression Factor
Amount of space saved by compression (ratio).
Options Tab
The Options tab displays the following information (see Configure
VTL Options on page 349 to set options):
Item
Description
Property
Configured options. For example:
• Loop ID
• Auto-eject
• Auto-offline
• I/OS License
Value
Value of the configured option. For example:
• Loop-id—The ID of the loop. This is a hard
address that does not conflict with another
node. The range for the loop ID is 0-125.
• Auto-eject—The state, either enabled or
disabled.
• Auto-offline—The state, either enabled or
disabled.When enabled, automatically takes
a drive offline before a tape move operation
is performed.
• I/OS License—Displays license. Click Add
License to add a license for I/OS.
348
Working with VTL
Enable VTL
To start VTL and enable all libraries and library drives:
1. Click the VTL tab and click the Virtual Tape Libraries stack
menu.
2. Select Service VTL Services from the Virtual Tape Libraries list.
3. In the Status area of the Informational pane, click Enable.
When VTL is enabled, the status in the Informational pane
displays Enabled: Running in green text. (See View the VTL
Service Informational Pane on page 347 for details.) A summary
of the compression statistics and options configured is
displayed in the Informational pane.
Disable VTL
To disable VTL and shut down the VTL operation:
1. Click the VTL tab and click the Virtual Tape Libraries stack
menu.
2. Select Service VTL Services from the Virtual Tape Libraries list.
3. In the Status area of the Informational pane, click Disable.
The status in the Informational pane changes to
Disabled: Stopped in red text.
Configure VTL Options
VTL configuration options include setting a loop-id, and enabling
or disabling auto-eject and auto-offline.
Some backup software requires all private-loop targets to have a
hard address (loop ID) that does not conflict with another node.
Enabling auto-eject causes any tape that is put into a CAP to
automatically move to the virtual vault, unless the tape came from
the vault, in which case the tape stays in the CAP.
Enabling auto-offline automatically takes a drive offline before a
tape move operation is performed.
To configure the VTL options:
DD OS 5.2 Administration Guide
349
1. Click the VTL > Options tab.
2. Click the Configure button.
The Configure Option dialog box appears.
3. In the optional Loop ID field, you can enter a value for the
address.
The range for the value is 0 - 125.
4. In the auto-eject drop-down list, select Enabled.
Note: With auto-eject enabled, a tape moved from any element
to a CAP is ejected to the vault unless an
ALLOW_MEDIUM_REMOVAL command with a 0 value (false) was
issued to the library to prevent the removal of the medium
from the CAP to the outside world.
5. In the auto-offline drop-down list, select Enabled.
When enabled, the Data Domain system automatically takes a
drive offline before a tape move operation is performed.
6. Click OK.
Note: To disable all of these options, click the Reset to Default
button in the Configure Option dialog box.
Working with Libraries
In the stack menu, expand Virtual Tape Libraries > VTL Service >
Libraries.
From the Libraries page, you can perform the following functions:
350
•
View the Libraries Informational Pane
•
Create a Library on page 351
•
Delete a Library on page 352
•
Search for Tapes on page 366
Working with VTL
View the Libraries Informational Pane
The Virtual Tape Libraries > VTL Service > Libraries page displays
the following information:
Item
Description
Name
Name of a configured library.
Drives
Number of drives configured in the library.
Slots
Number of slots configured in the library.
CAPs
Number of CAPs configured in the library.
Create a Library
A maximum number of 64 libraries per system is supported (that
is, 64 concurrently active virtual tape library instances on each
Data Domain system).
1. In the More Tasks menu, select Library > Create.
The Create Library dialog box appears.
2. Enter the VTL library information:
Field
User Input
Library Name
Name can be from 1 to 32 alphanumeric
characters.
Number of Drives
See Number of Supported Tape Drives and
Data Streams on page 342
Drive Model
Click the drop-down list and select the
model:
• IBM-LTO-1
• IBM-LTO-2
• IBM-LTO-3 (the default)
Number of Slots
Number of slots in the library:
• Up to 32,000 slots per library
• Up to 64,000 slots per system
• This should be equal or greater than the
number of drives.
DD OS 5.2 Administration Guide
351
Field
User Input
Number of CAPs
(Optional) Number of cartridge access
ports (CAPs):
• Up to 100 CAPs per library
• Up to 1000 CAPs per system
Changer Model Name
Click the drop-down list and select the
model:
• L180
• RESTORER-L180
• TS3500
Check the backup software application
documentation on the Data Domain
support site for the model name that you
should use.
3. Click OK.
After the Create Library status dialog box shows Completed,
click OK.
The new library appears under the Libraries icon in the VTL
Service tree and options configured above appear as icons
under the library. Clicking the library displays details about
the library in the Informational pane.
Note: Access to VTLs and tape drives can be managed with the
Access Grouping feature. See Working with Access Groups on
page 375.
Delete a Library
To remove a library:
1. In the More Tasks menu, select Library > Delete.
The Delete Libraries dialog box appears.
2. Click or confirm the checkbox of the items to delete:
•
The name of each library, or
•
Library Names, to delete all libraries
3. Click Next.
352
Working with VTL
4. Verify the libraries to delete and click Submit in the
confirmation dialog boxes.
5. After the Delete Libraries Status dialog box shows Completed,
click Close.
The selected libraries are deleted from the VTL.
Note: If any tapes are in the library when it is deleted, they are
moved to the vault.
Working with a Library
1. In the stack menu, click Virtual Tape Libraries > VTL Service >
Libraries.
2. Click the icon of a specific library.
From the library page, the tasks that are available include:
•
View the Library Informational Pane on page 353
•
Viewing Changer Information on page 354
•
Delete a Library on page 352
•
Create Tapes on page 367
•
Delete Tapes on page 368
•
Import Tapes on page 360
•
Export Tapes on page 362
•
Move Tapes on page 363
•
Add Slots on page 371
•
Delete Slots on page 372
•
Add CAPs on page 372
•
Delete CAPs on page 372
View the Library Informational Pane
The Virtual Tape Libraries > VTL Service > Libraries/library page
displays detailed library information:
DD OS 5.2 Administration Guide
353
Devices
Item
Description
Device
Elements in the library, such a drives, slots,
and CAPs.
Loaded
Number of devices with media loaded.
Empty
Number of devices without media loaded.
Total
Total of loaded and empty devices.
Tapes
Item
Description
Pool
The name of the pool where tapes are located.
Tape Count
Number of tapes in the pool.
Capacity
Total configured data capacity of the tapes in
that pool, in GiB (Gibibytes, the base-2
equivalent of GB, Gigabytes).
Used
Amount of space used on the virtual tapes in
that pool.
Average Compression
Average amount of compression achieved on
the data on the tapes in that pool.
Viewing Changer Information
1. In the stack menu, click Virtual Tape Libraries > VTL Service >
Libraries.
2. Click the name of a specific library.
3. Click the library plus sign ( + ) to open the library and click a
Changer element to display the Changer Informational pane,
containing the following information:
354
Item
Description
Vendor
The name of the vendor who manufactured
the changer.
Product
The model name.
Revision
The revision level.
Working with VTL
Item
Description
Serial Number
The changer serial number.
Working with Tape Drives
1. In the stack menu, click Virtual Tape Libraries > VTL Service >
Libraries.
2. Click the name of a specific library.
3. Click the library plus sign ( + ) to open the library and click the
Drives icon.
From the Drives page, the available tasks include:
•
View Drives Information on page 356
•
Create Tape Drives on page 356
•
Remove Tape Drives on page 357
To work with tape drives, you need to use the tape and library
drivers supplied by your backup software vendor that support the
IBM LTO-1, IBM LTO-2, or IBM LTO- 3 (the default) drives and the
IBM 3500, StorageTek L180 or RESTORER-L180 library drivers (see
the Application Compatibility Matrices and Integration Guides on
page 38).
Because the Data Domain system treats the IBM LTO drives as
virtual drives, you can set a maximum capacity to 4 TiB (4000 GiB)
for each drive type.
The default capacities for each IBM LTO drive type are as follows:
•
LTO-1 drive: 100 GB
•
LTO-2 drive: 200 GB
•
LTO-3 drive: 400 GB
When configuring tape drives, keep in mind the limits on backup
streams, which are determined by the platform in use. See Data
Streams Sent to a Data Domain System on page 189 for details.
DD OS 5.2 Administration Guide
355
View Drives Information
The Virtual Tape Libraries > VTL Service > Libraries> library >
Drives page displays detailed Drives information.
Column
Description
Drive
A list of the drives by name. The name is of
the form “Drive #” where # is a number
between 1 and n that represents the
address or location of the drive in the list
of drives.
Vendor
Manufacturer or vendor of the drive. For
example, IBM.
Product
The product name of the drive. For
example, ULTRIUM-TD1.
Revision
The revision number of the drive product.
For example, 4561.
Serial Number
The serial number of the drive product.
For example, 6666660001.
Status
Empty, Open, Locked, or Loaded,
depending on the state of the drive. A tape
must be present for the drive to be locked
or loaded.
Tape
The barcode of the tape that is in the drive
(if any).
Pool
The pool of the tape that is in the drive (if
any).
Create Tape Drives
VTL supports the IBM TS3500 and the StorageTek L180 and
RESTORER-L180 tape libraries.
Notes:
See Number of Supported Tape Drives and Data Streams on
page 342.
You cannot mix drive types (such as LTO-1 and LTO-2) in the
same library.
356
Working with VTL
To create tape drives:
1. In the More Tasks menu, click Drives Create.
The Create Drive dialog box appears.
2. Enter information about the drives being added:
Field
User Input
Location
Select a library name or leave the name as
selected.
Number of Drives
Model Name
Click drop-down and select the model
(must be the same as existing model in
library):
• IBM-LTO-1
• IBM-LTO-2
• IBM-LTO-3
Note: If a drive already exists, this option
is inactive and existing drive type is used.
3. Click OK and when the status shows Completed, click OK.
The added drive entry appears in the Drives list.
Remove Tape Drives
1. In the More Tasks menu, click Drives Delete.
The Delete Drives dialog box appears.
Note: If a tape is in the drive, you are prompted to remove the
tape.
2. Click the checkboxes of the drives to delete or the Drive
checkbox to delete all drives.
3. Click Next, and after verifying drive deletion, click Submit.
4. After the Delete Drives Status dialog box shows Completed,
click Close.
The drive entry is removed from the Drives list.
DD OS 5.2 Administration Guide
357
Migrating from LTO-1 to LTO-2 or LTO-3 Type Tapes
You can migrate tapes from existing LTO-1 type VTLs to VTLs that
include either or all supported LTO type tapes and drives. The
migration options differ in different backup applications. Follow
the instructions in the application-specific LTO migration guides
posted at the Data Domain support portal lists if you want to
migrate existing LTO-1 tapes.
Access LTO Migration Guides
1. Go to the Data Domain Support Web site and log in:
https://my.datadomain.com/documentation
2. Select Integration Documentation > vendor_name.
3. In the list of integration documents for the vendor, click the
LTO Migration link. A page appears with generic LTO
migration information and a list of application-specific
migration guides.
4. Read the generic LTO migration information and then click the
name of the migration document for a particular application.
Working with Tapes
When tapes are created, they are placed into the vault. Once they
have been added to the vault, they can be imported, exported,
moved, searched, and removed.
1. In the stack menu, click Virtual Tape Libraries > VTL Service >
Libraries.
2. Click the name of a specific library.
3. Click the Tapes icon.
From the Tapes page, the available tasks include:
358
•
View Tape Information on page 359
•
Import Tapes on page 360
•
Export Tapes on page 362
•
Move Tapes on page 363
Working with VTL
•
Search for Tapes on page 366
•
Change Read, Write, or Retention Lock State on page 367
•
Create Tapes on page 367
•
Delete Tapes on page 368
•
Copy Tapes Between Pools on page 369
View Tape Information
The Virtual Tape Libraries > VTL Service > Libraries > library >
Tapes page displays this information:
Item
Description
Barcode
Each tape is identified by its barcode.
Pool
The name of the pool that holds the tape. The
default pool holds all tapes that are not
assigned to a user-created pool.
Location
Displays whether tapes are in a library (and
which drive, CAP, or slot number) or in the
virtual vault.
State
The state of the tape:
• RW—Read-writable
• RL—Retention-locked
• RO—Read-only
• WP—Write-protected
• RD—Replication destination
Capacity
The total capacity of the tape.
Used
The amount of space used on the tape.
Compression
The amount of compression performed on the
data on a tape.
Last Modified
Date of last change to the tape’s information.
Note: Modification times that the system uses
for age-based policies might differ from the
last modified time displayed in the tape
information sections of the Enterprise
Manager.
DD OS 5.2 Administration Guide
359
Item
Description
Locked Until
If a Retention Lock deadline has been set, the
time set is shown. If no retention lock exists,
this value is Not specified.
Import Tapes
Importing moves existing tapes from the vault to a library slot,
drive, or cartridge access port (CAP).
The number of tapes that you can import at one time is limited by
the number of empty slots in the library. (You cannot import more
tapes than the number of currently empty slots.)
•
To view the available slots for a library, select the library from
the stack menu. The Information pane for the library shows the
count in the Empty column.
•
If a tape is in a drive and the tape origin is known to be a slot,
the slot is reserved.
•
If a tape is in a drive and the tape origin is unknown (slot or
CAP), a slot is reserved.
•
A tape that is known to have come from a CAP and that is in a
drive does not get a reserved slot. (The tape returns to the CAP
when removed from the drive.)
•
To move a tape to a drive, see the procedure Move Tapes on
page 363.
To import tapes:
1. In the Tapes view, either:
a. Enter search information about the tapes to import and
click Search:
360
Field
User Input
Location
Select the location of the tape, for example,
Vault.
Note: Only tapes with the location Vault
selected will be imported.
Working with VTL
Field
User Input
Pool
Select the name of the pool where the tapes
reside. If no pools have been created, use
the default pool.
Barcode
• Leave the default (*) selected to search
for a group of tapes.
• Specify a specific barcode to search for,
and only that tape is imported.
• Barcode allows the wildcards ? and *,
where ? matches any single character
and * matches 0 or more characters.
Count
The maximum number of tapes the search
can find.
• Enter a specific maximum value
• Leave blank to find all matching tapes
(the Barcode group default (*) is used)
Tapes Per Page
Select the maximum number of tapes to
display per page. Possible values are 15,
30, and 45.
Items Selected
The number of tapes that are selected
across multiple pages. Updated
automatically for each tape selection.
Note: Based on the conditions above, a default set of tapes is
searched to select the tapes to import. If pool, barcode, or count
are changed, click Search to update the set of tapes that are
available to choose from.
b. Select tapes to import by clicking the checkbox next to:
-
An individual tape,
-
The Barcode column to select all tapes on the current
page, or
-
Click the Select All Pages checkbox to select all tapes
returned by the search query.
Note: Only tapes showing Vault in the Location will be
imported.
DD OS 5.2 Administration Guide
361
c. Click Import from Vault. This button is disabled by default
and enabled only if the all selected tapes are from the Vault.
2. From the Import Tapes: library view, verify the summary
information and the tape list, and click OK.
3. Click Close on the status window.
Export Tapes
To export tapes from a library to the vault:
1. In the Tapes view, either:
a. Select the tape(s) from the list and click Export from Vault.
b. Enter search information about the tapes to export and
click Search:
Field
User Input
Location
Select the name of the library where the
tape is located.
Pool
Select the name of the pool to which the
tape is to be exported. If no pools have
been created, use the default pool.
Barcode
• The default (*) selected for a group of
tapes.
• Specify a specific barcode to search for,
and only that tape is exported.
• Barcode allows the wildcards ? and *,
where ? matches any single character
and * matches 0 or more characters.
362
Count
The maximum number of tapes the search
can find.
• Enter a specific maximum value, or
• Leave blank and use the Barcode
group default (*).
Tapes Per Page
Select the maximum number of tapes to
display per page. Possible values are 15,
30, and 45.
Working with VTL
Field
User Input
Select All Pages
Click the Select All Pages checkbox to
select all tapes returned by the search
query.
Items Selected
The number of tapes that are selected
across multiple pages. Updated
automatically for each tape selection.
c. Select tapes to export by clicking the checkbox next to:
-
An individual tape
-
The Barcode column to select all tapes on the current
page, or
-
Click the Select All Pages checkbox to select all tapes
returned by the search query.
Note: Only tapes showing a library name in the Location
column will be exported.
d. Click Export from Library.
2. From the Export Tapes: library view, verify the summary
information and the tape list, and click OK.
3. Click Close on the status window.
Move Tapes
One or more tapes can be moved between physical devices from
within a library, or several tapes can be moved between pools. See:
•
Move Tapes Between Devices within a Library on page 363
•
Move Tapes Between Pools on page 365
Move Tapes Between Devices within a Library
Tapes can be moved between physical devices within a library to
mimic backup software procedures for physical tape libraries
(which moves a tape in a library from a slot to a drive, a slot to a
CAP, a CAP to a drive, and the reverse). In a physical tape library,
the backup software never moves a tape outside the library.
DD OS 5.2 Administration Guide
363
Therefore, the destination library cannot change and is shown only
for clarification.
1. In the More Tasks menu, click Tapes Move.
The Move Tapes dialog box appears.
When invoked from a library, the Tapes pane allows tapes to
be moved only between devices.
2. Enter information to search for the tapes to move and click
Search:
Field
User Input
Location
The location cannot be changed.
Pool
N/A
Barcode
• Leave the default (*) selected to search
among a group of tapes, or
• Specify a specific barcode to search for.
Count
The maximum number of tapes the search
can find.
Tapes Per Page
The number of tape entries to display per
page.
Items Selected
The number of tapes that are selected
across multiple pages. Updated
automatically for each tape selection.
3. From the search results list, select the tape or tapes to move.
4. Do one of the following:
a. Select the device from the Device list (for example, a slot,
drive, or CAP) and enter a starting address using
sequential numbers for the second and subsequent tapes
(slot address 1-32000, drive address 1-540, and CAP
address 1-100). For each tape to be moved, if the specified
address is occupied, the next available address is used.
b. Leave the address blank if the tape in a drive originally
came from a slot and is to be returned to that slot; or if the
tape is to be moved to the next available slot.
5. Click Next.
364
Working with VTL
6. From the Move Tapes view, verify the summary information
and the tape listing, and click Submit.
7. Click Close on the status window.
Move Tapes Between Pools
Tapes can be moved between pools to accommodate replication
activities. For example, pools are needed if all tapes were created
in the Default pool, but it is later determined that independent
groups are needed for replicating groups of tapes. The user can
create named pools and re-organize the groups of the tapes into
the new pools. To move tapes between pools, the tapes must be in
the vault.
1. In the More Tasks menu, click Tapes Move.
The Move Tapes dialog box appears.
When invoked from a pool, the Tapes pane allows tapes to be
moved only between pools.
2. Enter information to search for the tapes to move and click
Search:
Field
User Input
Location
The location cannot be changed.
Pool
To move tapes between pools, select the
name of the pool where the tapes currently
reside. If no pools have been created, use
the default pool.
Barcode
• Leave the default (*) selected to search
for a group of tapes, or
• Specify a specific barcode to search for,
and only that tape is found.
Count
The maximum number of tapes the search
can find.
Tapes Per Page
Select the maximum number of tapes to
display per page. Possible values are 15,
30, and 45.
Items Selected
The number of tapes that are selected
across multiple pages.
DD OS 5.2 Administration Guide
365
3. From the search results list, select the tapes to move.
4. From the Select Destination: Location list, select the location of
the pool to which tapes are to be moved. This option is
available only when invoked from the (named) Pool view.
5. Click Next.
6. From the Move Tapes view, verify the summary information
and the tape list, and click Submit.
7. Click Close on the status window.
Search for Tapes
1. In the VTL Navigation tree, click the area to search (library,
vault, and Vault > Any Pool.
2. From the More Tasks menu, select Tapes Search.
The Search Tapes dialog box appears.
3. Enter information about the tapes to search for:
Field
User Input
Location
Select the location or leave the default
library selection.
Pool
Select the name of the pool in which to
search for the tape. If no pools have been
created, use the default pool.
Barcode
• Leave the default (*) selected to search
for a group of tapes, or
• Specify a specific barcode to search for.
Count
The maximum number of tapes the search
can find.
• Enter a specific maximum value, or
• Leave blank and use the Barcode
group default (*).
4. Click Search.
366
Working with VTL
Change Read, Write, or Retention Lock State
The tape must already be created and imported.
1. Click the Data Management > VTL tab.
2. In the stack menu, click Virtual Tape Libraries > VTL Service >
Libraries > library > Tapes.
3. In the Tapes page, select the tape to modify from the list and
click the Set State button above the list.
4. In the Set Tape State dialog box, select read-writeable, write-
protected, or retention-lock.
5. If the state is retention-lock, either
•
enter the tape’s expiration date in a specified number of
days, weeks, months, years, or
•
click the calender icon (12) and select a date from the
calendar. The retention lock expires at 12:00 noon on the
selected date.
6. Click Next, and then click Submit to change the state.
Create Tapes
Note: This procedure can be performed from either a library or a
pool. If initiated from a library, the system will first create the tapes
then import them to the library.
Although the number of supported tapes is unlimited, you can
create no more than 100,000 tapes at a time.
The following procedure creates tapes in a specified pool then
imports them to the current library.
1. In the More Tasks menu, click Tapes Create.
The Create Tapes dialog box appears.
2. Enter information about the tape:
Field
User Input
Location
If a drop-down menu is enabled, select the
library or leave the default selection.
DD OS 5.2 Administration Guide
367
Field
User Input
Pool Name
Click the drop-down list and select the
name of the pool where the tape will
reside. If no pools have been created, use
the default pool.
Number of Tapes
From 1 to 100,000 tapes.
Starting Barcode
Enter the initial barcode number (using the
format A99000LA, for example). See the
section About Tape Barcodes on page 343
for details.
Tape Capacity
Optional. Specify the number of GBs from
1 to 4000 for each tape (this setting
overrides the barcode capacity setting). For
efficient use of disk space, use 100 GB or
less.
3. Click OK and Close.
Delete Tapes
Note: This procedure can be performed from both a library and a
pool. If initiated from a library, it will first export the tapes and
then delete them.
To remove one or more tapes from the vault and delete all of the
data in the tapes, use the Tapes Delete option. The tapes must be in
the vault, not in a library.
Note: On a Replication destination Data Domain system, deleting
a tape is not permitted.
To delete tapes from the vault:
1. In the More Tasks menu, click Tapes Delete.
The Delete Tapes dialog box appears.
2. Enter information about the tape to delete:
368
Field
User Input
Location
Select a library or leave the default Vault
selection.
Working with VTL
Field
User Input
Pool
Select the name of the pool from which to
delete the tape. If no pools have been
created, use the default pool.
Barcode
• Leave the default (*) selected to search
for a group of tapes, or
• Specify a specific barcode to search for.
• Barcode allows the wildcards ? and *,
where ? matches any single character
and * matches 0 or more characters.
Count
Enter the number of tapes to delete.
• Enter a specific maximum value, or
• Leave blank and use the Barcode
group default (*).
Tapes Per Page
Select the maximum number of tapes to
display per page. Possible values are 15,
30, and 45.
Select All Pages
Click the Select All Pages checkbox to
select all tapes returned by the search
query.
Items Selected
The number of tapes that are selected
across multiple pages. Updated
automatically for each tape selection.
3. Click the checkbox of the tape that should be deleted or the
checkbox on the heading column to delete all tapes and click
Next
4. Click Submit in the confirmation window and click Close.
After a tape is removed, the physical disk space used for the
tape is not reclaimed until after a file system cleaning
operation.
Copy Tapes Between Pools
Tapes can be copied between pools or from the Vault to a pool to
accommodate replication activities. This option is available only
when invoked from the (named) Pool view.
DD OS 5.2 Administration Guide
369
1. In the More Tasks menu, click Tapes Copy.
The Copy Tapes dialog box appears.
2. Click check boxes of tapes to copy or enter information to
search for the tapes to copy and click Search:
Field
User Input
Location
Select either a library or the Vault for
locating the tape.
Note: While tapes always show up in a
pool (under the Pools menu), technically,
they are in either a library or the Vault but
not both, and never in two libraries at the
same time. Use the import/export options
to move tapes between the Vault and a
library.
Pool
To copy tapes between pools, select the
name of the pool where the tapes currently
reside. If no pools have been created, use
the Default pool.
Barcode
• Leave the default (*) selected to search
for a group of tapes, or
• Specify a specific barcode to search for a
single barcode or use the wildcard * or ?
to search for a set of barcodes.
Count
The maximum number of tapes the search
can find.
Tapes Per Page
Select the maximum number of tapes to
display per page. Possible values are 15,
30, and 45.
Items Selected
The number of tapes that are selected
across multiple pages. Updated
automatically for each tape selection.
3. From the search results list, select the tapes to copy.
4. From the Select Destination: Pool list, select the pool where
tapes are to be copied.
Note: If a tape with a matching barcode already resides in the
destination pool, an error is displayed and the copy aborts.
370
Working with VTL
5. Click Next.
6. From the Copy Tapes Between Pools dialog box, verify the
summary information and the tape list, and click Submit.
7. Click Close on the Copy Tapes Between Pools Status window.
Working with Tape Slots and CAPs
You can add and delete slots and CAPs (cartridge access ports)
from a configured library to change the number of storage
elements.
Note: Some backup applications do not automatically recognize
that drives, slots, or CAPs have been added to a VTL. For example,
when a tape drive is added to a VTL, the administrator may need
to remove the VTL from the application and then add it back in
before the tape drive can be detected by the application. Refer to
the application documentation for information on how to
configure the application to recognize changes.
1. In the stack menu, click Virtual Tape Libraries > VTL Service >
Libraries.
2. Click the name of a specific library.
Tasks for working with slots and CAPs include:
•
Add Slots on page 371
•
Delete Slots on page 372
•
Add CAPs on page 372
•
Delete CAPs on page 372
Add Slots
The total number of slots in a library or all libraries on a system
cannot exceed 32,000 for a library, and 64,000 for a system.
1. In the More Tasks menu, click Slots Add.
The Add Slots dialog box appears.
2. In the Number of Slots text field, type in the number of slots to
add.
DD OS 5.2 Administration Guide
371
3. Click OK and Close when the status shows Completed.
Delete Slots
If there are tape cartridges loaded in the slots to be deleted, the
cartridges should be moved to the vault. The system will delete
only empty, uncommitted slots. If you enter a slot count less than
In the More Tasks menu, click Slots Delete.
The Delete Slots dialog box appears.
1. In the Number of Slots text field, type in the number of slots to
delete.
From 1 to 32,000 slots can be deleted.
2. Click OK and Close when the status shows Completed.
Add CAPs
Note: CAPs are used by a limited number of backup applications.
Refer to your backup application documentation to ensure that
CAPs are supported.
The total number of CAPs cannot exceed 100 per library or 1000
per system.
1. In the Task menu, click CAPs Add.
The Add CAPs dialog box appears.
2. In the Number of CAPs text field, type in the number of CAPs
to add.
From 1 to 100 CAPs per library and 1000 CAPs per system can
be added.
3. Click OK and Close when the status shows Completed.
Delete CAPs
If there are tape cartridges loaded in CAPs to be deleted, the
cartridges are moved to vault.
1. In the More Tasks menu, click CAPs Delete.
The Delete CAPs dialog box appears.
372
Working with VTL
2. In the Number of CAPs text field, type in the number of CAPs
to delete.
A maximum of 100 CAPs per library and 1000 CAPs per
system can be deleted.
3. Click OK and Close when the status shows Completed.
Working with the Vault
In the stack menu, click Virtual Tape Libraries > VTL Service >
Vault.
From the Vault page, the tasks that are available include:
•
View Vault Information on page 373
•
Create Storage Pools on page 397
•
Delete Storage Pools on page 400
•
Create Tapes on page 367
•
Delete Tapes on page 368
•
Search for Tapes on page 366
View Vault Information
The Virtual Tape Libraries > VTL Service > Vault page provide the
following information for the Default pool and any other existing
pools:
Item
Description
Location
Name of the pool.
Type
Directory or MTree.
Tape Count
Number of tapes in the pool.
Capacity
Total amount of space in the pool.
Used
Amount of space used on in the pool.
Average Compression
Average amount of compression in the pool.
DD OS 5.2 Administration Guide
373
Working with a Vault Pools
The vault contains storage pools that can be replicated.
To access a vault pool, click Virtual Tape Libraries > VTL Service >
Vault > pool. Notice that pool Default always exists.
From a vault pool, the following tasks can be performed:
•
View Vault Pool Information on page 374
•
Create Tapes on page 367
•
Delete Tapes on page 368
•
Move Tapes on page 363
•
Copy Tapes Between Pools on page 369
•
Search for Tapes on page 366
View Vault Pool Information
The Virtual Tape Libraries > VTL Service > Vault > pool page
includes the:
•
Pool Tab on page 374
•
Replication Tab on page 375
Pool Tab
The Pool tab contains the following information:
Item
Description
Convert to MTree Pool Click to convert selected pool to an MTree
pool.
374
Type
Directory or MTree.
Tape Count
Number of tapes in the pool.
Capacity
Total configured data capacity of the tapes in
that pool, in GiB (Gibibytes, the base-2
equivalent of GB, Gigabytes).
Used
Amount of space used on the virtual tapes in
that pool.
Working with VTL
Item
Description
Average Compression
Average amount of compression achieved on
the data on the tapes in that pool.
Replication Tab
The Replication tab presents the following replication information:
Item
Description
Name
Name of the storage pool.
Configured
Shows whether or not replication is configured
for the pool: yes or no.
Source
The path for the source pool that will be
replicated.
Destination
The path to where the pool will be replicated.
Working with Access Groups
A VTL access group (or VTL group) is created to hold a collection
of initiator WWPNs or aliases and the drives and changers they are
allowed to access.
A default group exists named TapeServer, where you can add
devices that will support NDMP-based backup applications. See
Configure the NDMP Device TapeServer Group on page 382 for
details.
Access group configuration allows initiators (in general backup
applications) to read and write data to the devices that are also in
the access group.
Access groups allow clients to access only selected LUNs (media
changers or virtual tape drives) on a system. A client that is set up
for an access group can access only devices that are in its access
group.
Note: Avoid making access group changes on a Data Domain
system during active backup or restore jobs. A change may cause
an active job to fail. The impact of changes during active jobs
depends on a combination of backup software and host
configurations.
DD OS 5.2 Administration Guide
375
In the stack menu, click Access Groups > Groups.
From the Groups page, the tasks that are available include:
•
View Access Groups Information on page 376
•
Configure an Access Group on page 377
•
Delete an Access Group on page 382
View Access Groups Information
The Access Groups > Groups pane displays the following
information:
Item
Description
Group Name
Name of the group.
Initiators
Number of initiators in the group.
Devices
Number of devices in the group.
Working with an Access Group
To start working with an access group, click an access group in the
Access Groups > Groups list.
From the Access Group page, tasks that are available include:
•
View Access Group Information on page 376
•
Configure an Access Group on page 377
•
Delete an Access Group on page 382
•
Configure the NDMP Device TapeServer Group on page 382
•
Configure HBA Ports for an Access Group on page 385
View Access Group Information
The Access Groups > Groups > group page includes the:
376
•
LUNs Tab on page 377
•
Initiators Tab on page 377
Working with VTL
LUNs Tab
The LUNs pane contains the following information:
Item
Description
LUN
A device address. The maximum number is
16383. A LUN can be used only once within a
group, but can be used again within another
group. VTL devices added to a group must use
contiguous LUN numbers.
Library
The name of the library associated with the
LUN.
Device
The changers and drives.
In-Use Ports
The port that is currently being used (one of
the ports listed in primary and secondary
ports).
Primary Ports
The initial (or default) port used by the backup
application. In the event of a failure on this
port, the Secondary ports may be used, if
available.
Secondary Ports
The set of fail-over ports to use should a
primary port fail. Use the task Configure HBA
Ports for an Access Group on page 385 to
manually fail-over to the Secondary ports.
Initiators Tab
The Initiators pane contains the following information:
Item
Description
Initiator
The name of the initiator. This is either the
WWPN or the alias assigned to the initiator
(see Set Initiators Alias on page 388).
WWPN
World-Wide Port Name of the Fibre Channel
port in the media server.
Configure an Access Group
When you create or configure an access group on a Data Domain
system, each Data Domain system device (media changer or drive)
can be assigned to multiple groups. Devices assigned to other
DD OS 5.2 Administration Guide
377
groups, however, cannot be assigned to TapeServer. A maximum
of 128 groups can be created.
To configure or modify an Access Group:
1. Click the Access Groups Stack menu.
The Groups icon should be highlighted, or select an existing
group from the list to change the configuration.
2. In the More Tasks menu, click Group Create.
The Create Group dialog box appears if the Groups icon is
selected. If an existing group is selected, the Configure Group
dialog box appears showing a table listing the devices that
have been configured for the group.
3. In the Group Name text box, enter a name for the group. (This
field is required.)
The group name must be a unique name of up to 128
characters, and can contain only the characters 0-9, a-z, A-Z,
underscore(_), and hyphen (-). Group names are not case
sensitive. Up to 128 groups can be created.
The names “TapeServer,” “all,” and “summary” are reserved
and cannot be used as group names.
4. To configure initiators to the access group, check the box next
to the initiator in the Initiators pane. You can add initiators to
the group later (see Set Initiators Alias on page 388).
5. Click Next.
The Devices dialog box appears showing a table listing the
devices that have been configured for the group. The name of
the library, devices in the group, LUN number, and primary or
secondary status is displayed in the table.
6. Click the plus (+) icon to add devices to the Access Group, as
described in the steps a-e. In this dialog, you can also modify or
delete a set of devices that were previously added. See Modify
Access Group Devices on page 380 and Delete Access Group
Devices on page 382.
a. Verify the correct library is selected in the Library Name
drop-down list, or select another library.
378
Working with VTL
b. In the Device area, click the checkboxes of the devices
(changer and drives) that are to be included in the group.
c. Optionally, specify a starting LUN number in the Starting
LUN text box.
This is the LUN number that the Data Domain system
returns to the initiator. Each device is uniquely identified
by the library and the device name. (For example, it is
possible to have drive 1 in Library 1 and drive 1 in Library
2). Therefore, a LUN is associated with a device, which is
identified by its library and device name.
The initiators in the access group interact with the LUN
devices that are added to the group.
The maximum LUN number accepted when creating an
access group is 16383.
A LUN number can be used only once for an individual
group. The same LUN number can be used with multiple
groups.
Note: Some VTL initiators (clients) have specific rules for VTL
target LUN numbering; for example, requiring LUN 0 or
requiring contiguous LUN numbers. If these rules are not
followed, an initiator may not be able to access some or all of
the LUNs assigned to a VTL target port.
Check your initiator documentation for special rules and, if
necessary, alter the device LUNs on the VTL target port to
follow the rules. For example, if an initiator requires LUN 0 to
be assigned on the VTL target port, check the LUNs for devices
assigned to ports, and if there is no device assigned to LUN 0,
change the LUN of a device so that it is assigned to LUN 0.
d. In the Primary and Secondary Ports area, select an option
to determine which ports the selected device is seen from.
The following conditions apply for designated ports:
-
All—The checked device is seen from all ports.
-
None—The checked device is not seen from any port.
-
Select—The checked device is seen from selected ports.
Click the checkboxes of the ports that are seen.
DD OS 5.2 Administration Guide
379
If only primary ports are selected, the checked device is
visible only from primary ports.
If only secondary ports are selected, the checked device
is visible only from secondary ports. Secondary ports
can be used if the primary ports become unavailable.
Note: The switch over to a secondary port is not an automatic
operation. The user must manually switch the VTL device to
the secondary ports manually if the primary ports become
unavailable Configure HBA Ports for an Access Group on
page 385.
The port list is a list of physical port numbers. A port
number denotes the PCI slot and a letter denotes the
port on a PCI card. Examples are 1a, 1b, or 2a, 2b.
Note: A drive appears with the same LUN number on all the
ports that the user has configured.
e. Click OK.
You are returned to the Devices dialog box where the
new group is listed. To add more devices, repeat steps
6a-e.
7. Click Next.
The Summary dialog box appears.
8. In the Summary dialog box, verify that the configuration is
correct and click Finish, or click Back and correct the
configuration.
9. Click Close when the Completed status message displays.
Modify Access Group Devices
The Create Group dialog allows the list of devices for the group to
be modified.
1. Select a device in the group table and click the edit (pencil) icon
to modify devices in the access group, as described in the steps
a-e.
The Modify Devices dialog box appears.
380
Working with VTL
a. Verify the correct library is selected in the Library Name
drop-down list, or select another library.
b. In the Device to Modify area, click the checkboxes of the
devices (changer and drives) that are to modified.
c. Optionally, modify the starting LUN number in the
Starting LUN text box.
This is the LUN number that the Data Domain system
returns to the initiator. Each device is uniquely identified
by the library and the device name. (For example, it is
possible to have drive 1 in Library 1 and drive 1 in Library
2). Therefore, a LUN is associated with a device, which is
identified by its library and device name.
The initiators in the access group interact with the LUN
devices that are added to the group.
The maximum LUN number accepted when creating an
access group is 16383.
A LUN number can be used only once for an individual
group. The same LUN number can be used with multiple
groups.
d. In the Primary and Secondary Ports area, change the option
that determines which ports the selected device is seen
from. The following conditions apply for designated ports:
-
All—The checked device is seen from all ports.
-
None—The checked device is not seen from any port.
-
Select—The checked device is seen from selected ports.
Click the checkboxes of the ports that are seen.
If only primary ports are selected, the checked device is
visible only from primary ports.
If only secondary ports are selected, the checked device
is visible only from secondary ports. Secondary ports
can be used if the primary ports become unavailable.
Note: The switch over to a secondary port is not an automatic
operation. The user must manually switch the VTL device to
the secondary ports manually if the primary ports become
DD OS 5.2 Administration Guide
381
unavailable Configure HBA Ports for an Access Group on
page 385.
The port list is a list of physical port numbers. A port
number denotes the PCI slot and a letter denotes the
port on a PCI card. Examples are 1a, 1b, or 2a, 2b.
Note: A drive appears with the same LUN number on all the
ports that the user has configured.
e. Click OK.
Delete Access Group Devices
The Create Group dialog allows devices for the group to be
deleted.
Select a device in the group table and click the remove (X) icon to
delete a device. The device is deleted.
Delete an Access Group
Before a group can be removed, you must remove the initiators
and LUNs from the group.
To remove an access group:
1. Delete devices in the group using the procedure Configure an
Access Group on page 377.
2. In the More Tasks menu, click Group Delete.
The Delete Group dialog box appears.
3. Click the checkbox of the group to be removed and click Next.
4. In the groups confirmation dialog box, verify the deletion, and
click Submit.
5. Click Close when the Delete Groups Status displays
Completed.
Configure the NDMP Device TapeServer Group
The TapeServer group holds tape drives that interface with
NDMP-based backup applications, and which send its control
information and data streams over IP instead of FC.
382
Working with VTL
Note: A device used by the NDMP TapeServer must be in the VTL
group TapeServer and that device will then be available to only the
NDMP TapeServer.
To configure the TapeServer group:
1. Add tape drives to a new or existing library (named dd660-16
in this example), as described in the section Create Tape Drives
on page 356.
2. Create slots and CAPS to the library, as described in Add Slots
on page 371 and Add CAPs on page 372.
3. Add the all the created devices in the library dd660-16 to the
TapeServer access group using the procedure in Configure an
Access Group on page 377.
4. Enable NDMPD:
sysadmin@dd660-16# ndmpd enable
Starting NDMP daemon, please wait...............
NDMP daemon is enabled.
5. Ensure that the NDMP daemon sees the devices in the
TapeServer group:
sysadmin@dd660-16# ndmpd show devicenames
NDMP Device
Virtual Name
Vendor
Product
Serial Number
-----------------
----------------
------
-----------
-------------
/dev/dd_ch_c0t0l0
dd660-16 changer
STK
L180
6290820000
/dev/dd_st_c0t1l0
dd660-16 drive 1
IBM
ULTRIUM-TD3
6290820001
/dev/dd_st_c0t2l0
dd660-16 drive 2
IBM
ULTRIUM-TD3
6290820002
/dev/dd_st_c0t3l0
dd660-16 drive 3
IBM
ULTRIUM-TD3
6290820003
/dev/dd_st_c0t4l0
dd660-16 drive 4
IBM
ULTRIUM-TD3
6290820004
-----------------
----------------
------
-----------
-------------
6. Add an NDMP user (ndmp in this example) with the following
command:
sysadmin@dd660-16# ndmpd user add ndmp
Enter password:
Verify password:
7. Verify the user ndmp is added correctly:
DD OS 5.2 Administration Guide
383
sysadmin@dd660-16# ndmpd user show
ndmp
8. Show the NDMP configuration:
sysadmin@dd660-16# ndmpd option show all
Name
Value
--------------
--------
authentication
text
debug
disabled
port
10000
preferred-ip
--------------
--------
9. Change the default user password authentication to use MD5
encryption for enhanced security and verify the change (notice
the authentication value changes from text to md5):
384
Working with VTL
sysadmin@dd660-16# ndmpd option set authentication md5
sysadmin@dd660-16# ndmpd option show all
Name
Value
--------------
--------
authentication
md5
debug
disabled
port
10000
preferred-ip
--------------
--------
NDMP is now configured and the TapeServer access group shows
the device configuration. See the ndmpd chapter of the DD OS 5.2
Command Reference Guide for the complete command set and
options.
Configure HBA Ports for an Access Group
Use this dialog to change the manual fail-over state of devices to
either primary or secondary ports.
1. Click the group from the Access Group tree.
2. In the Task menu, click Ports Configure.
The Configure Ports dialog box appears.
3. Verify the correct group is selected, or select another group.
4. Verify the correct library is selected, or click the drop-down list
to select another library.
5. Click a checkbox to select a specific device or click the Devices
checkbox to select all devices.
6. Click the radio button to assign ports as primary or secondary
status.
7. Click OK.
8. After the Configure Ports Status dialog box displays
Completed, click Close.
DD OS 5.2 Administration Guide
385
Working with Physical Resources
The Physical Resources area of the stack menu provides
management operations for Initiators and HBA ports. The Physical
Resources informational pane provides the:
•
Initiators Tab on page 386
•
Ports Tab on page 386
Initiators Tab
The Initiators pane displays the following information:
Item
Description
Initiator
The name of the initiator. This is either the
WWPN or the alias assigned to the initiator
(see Set Initiators Alias on page 388).
WWPN
World-Wide Port Name of the Fibre Channel
port in the media server.
Online Ports
Group name where ports are seen by this
initiator. Displays “none” or “offline” if the
initiator is not available.
Ports Tab
The Ports pane displays the following information:
Item
Description
Port
The physical port number.
Port ID
The port ID.
Enabled
The port operational state; either Enabled or
Disabled.
Status
Either Online or Offline; that is, whether or not
the port is up and capable of handling traffic.
Working with Initiators
An initiator is a client system FC HBA (fibre channel host bus
adapter) world-wide port name (WWPN) that the Data Domain
system interfaces with. An initiator name is an alias for the client’s
WWPN for ease of use.
386
Working with VTL
Note: During the time that a client is mapped as an initiator and
before adding an access group, the client cannot access any data on
the Data Domain system.
After adding an access group for the initiator or client, the client
can access only the devices in the access group. A client can have
access groups for multiple devices.
Note: An Access Group may contain multiple Initiators (a
maximum of 128) but an Initiator can exist in only one Access
Group.
A maximum of 512 initiators can be configured for a Data Domain
system.
To start working with initiators, click Physical Resources >
Initiators.
From the Initiators page, the tasks that are available include:
•
View Initiators Information on page 387
•
Set Initiators Alias on page 388
View Initiators Information
The Initiators pane contains the following information:
Item
Description
Initiator
Name of the initiator.
Group
Group associated with the initiator.
Online Ports
Ports seen by this Initiator. Displays “none” or
“offline” if the initiator is not available.
WWNN
World-Wide Node Name of the Fibre Channel
port in the media server.
WWPN
World-Wide Port Name of the Fibre Channel
port in the media server.
Symbolic Port Name
Symbolic Port Name of the Fibre Channel port
in the media server.
DD OS 5.2 Administration Guide
387
Set Initiators Alias
Note: In general, VTL can detect the initiators it can see, but it is
possible to also add an initiator or alias name without it being
detected. If this is the case, use the following procedure:
To set an alias for the Initiators WWPN:
1. In the Physical Resources stack, select Initiators.
2. In the More Tasks menu, click Initiators Set Alias.
The Set Initiators Alias dialog box appears.
3. In the WWPN text field, add the port name of the WWPN.
4. In the Alias text field, add the alias (using from 1 to 32
characters).
5. Click OK.
Working with an Initiator
1. To work with a specific initiator, click Physical Resources >
Initiators.
2. Click the name of an individual initiator.
From the Initiator page, the tasks that are available include:
388
•
View Initiator Information on page 389
•
Set Initiators Alias on page 388
•
Reset an Initiator Alias on page 389
•
Rename an Initiator Alias on page 389
•
Set a Group for an Initiator on page 389
•
Delete an Initiator on page 390
Working with VTL
View Initiator Information
The Initiator pane contains the following information:
Item
Description
Initiator
Name of the initiator.
Group
Group associated with the initiator.
Online Ports
Ports seen by this Initiator. Displays “none” or
“offline” if the initiator is not available.
WWNN
World-Wide Node Name of the Fibre Channel
port in the media server.
WWPN
World-Wide Port Name of the Fibre Channel
port in the media server.
Symbolic Port Name
Symbolic Port Name of the Fibre Channel port
in the media server.
Reset an Initiator Alias
To delete (reset) an alias that is set for an initiator:
1. To work with a specific initiator, click Physical Resources >
Initiators.
2. Click the name of an individual initiator.
3. In the More Tasks menu, click Initiators Reset Alias.
The Reset Initiators Alias dialog box appears.
4. Click OK.
Rename an Initiator Alias
To rename an alias that is set for an initiator, use the procedure in
Set Initiators Alias on page 388.
Set a Group for an Initiator
To assign an initiator to an access group:
1. Click Physical Resources > Initiators.
2. Click the name of an individual initiator.
DD OS 5.2 Administration Guide
389
3. In the More Tasks menu, click Set Group.
The Set Group dialog box appears.
4. Click a group name in the list of groups to set the group.
5. Click OK.
Delete an Initiator
To delete an initiator from an access group, remove the initiator
from the group and reset the initiator alias. See Configure an Access
Group on page 377.
Working with HBA Ports
To start working with HBA Ports, click Physical Resources > HBA
Ports.
From the HBA Ports page, the tasks that are available include:
•
View HBA Ports Information on page 390
•
Enable HBA Ports on page 392
•
Disable HBA Ports on page 392
View HBA Ports Information
The HBA Ports Information page includes the:
•
Hardware Tab on page 390
•
Ports Tab on page 391
Hardware Tab
The Hardware pane contains the following information:
390
Item
Description
Port
HBA port number (for example, 6a). The
number corresponds to the Data Domain
system slot in which the HBA is installed,
where a is the top HBA port and b is the
bottom HBA port.
Model
Model number of the HBA controller.
Working with VTL
Item
Description
Firmware
Firmware version running on the HBA
controller.
WWNN
World-Wide Node Name of the Fibre Channel
port.
WWPN
World-Wide Port Name of the Fibre Channel
port in the media server.
Ports Tab
The Ports pane displays the following information
Item
Description
Port
HBA port number (for example, 6a). The
number corresponds to the Data Domain
system slot in which the HBA is installed,
where a is the top HBA port and b is the
bottom HBA port.
Connection Type
Fibre Channel connection type, such as loop or
SAN.
Link Speed
Transmission speed of the link.
Port ID
Fibre Channel port ID.
Enabled
HBA port operational state; that is, whether it
has been enabled or disabled.
Status
Data Domain system VTL link status; that is,
whether it is online and capable of handling
traffic, or offline.
DD OS 5.2 Administration Guide
391
Enable HBA Ports
Only ports currently disabled will be listed.
1. In the More Tasks menu, select Ports Enable.
The Enable Ports dialog box appears. Only ports currently
disabled will be listed.
2. In the Enable Ports dialog box, click the checkboxes of the ports
to enable.
3. Click Next.
4. After the confirmation page is displayed, click Submit.
Disable HBA Ports
1. In the More Tasks menu, select Ports Disable.
The Disable Ports dialog box appears. Only ports currently
enabled will be listed.
2. In the Disable Ports dialog box, click the checkboxes of the
ports to disable.
3. Click Next to verify the configuration.
4. When the Disable Ports Status dialog box displays Completed,
click Close.
Working with an HBA Port
To start working with HBA Ports, click Physical Resources > HBA
Ports > port.
From the HBA Ports page, the tasks that are available include:
•
View HBA Ports Information on page 390
•
Enable HBA Ports on page 392
•
Disable HBA Ports on page 392
To refresh an HBA port, select the Ports Refresh option in the More
Tasks menu.
392
Working with VTL
View HBA Port Information
The HBA Port Information page includes the:
•
Hardware Tab on page 390
•
Summary Tab on page 393
•
Statistics Tab on page 394
•
Detailed Statistics on page 394
Hardware Tab
The Hardware tab contains the following information:
Item
Description
Port
HBA port number (for example, 6a). The
number corresponds to the Data Domain
system slot in which the HBA is installed,
where a is the top HBA port and b is the
bottom HBA port.
Model
Model number of the HBA controller.
Firmware
Firmware version running on the HBA
controller.
WWNN
World-Wide Node Name of the Fibre Channel
port.
WWPN
World-Wide Port Name of the Fibre Channel
port in the media server.
Summary Tab
The Summary tab contains the following information:
Item
Description
Port
HBA port number (for example, 6a). The
number corresponds to the Data Domain
system slot in which the HBA is installed,
where a is the top HBA port and b is the
bottom HBA port.
Connection Type
Fibre Channel connection type, such as loop or
SAN.
Link Speed
Transmission speed of the link.
DD OS 5.2 Administration Guide
393
Item
Description
Port ID
Fibre Channel port ID.
Enabled
HBA port operational state; that is, whether it
has been enabled or disabled.
Status
Data Domain system VTL link status; that is,
whether it is online and capable of handling
traffic, or offline.
Statistics Tab
The Statistics tab contains the following information:
Item
Description
Port
HBA port number (for example, 6a). This
number corresponds to the Data Domain
system slot in which the HBA is installed,
where a is the top HBA port and b is the
bottom HBA port.
Library
The library that contains the specified device
as associated in a LUN Mask Group.
Device
A device associated with this port via a LUN
Mask Group definition.
Ops/s
The average number of operations per second
in the current sample.
Read KiB/s
The average number of 1024 bytes per second
read in the current sample.
Write KiB/s
The average number of 1024 bytes per second
written in the current sample.
Detailed Statistics
The Detailed Statistics tab contains the following information:
394
Item
Description
Port
HBA port number (for example, 6a). This
number corresponds to the Data Domain
system slot in which the HBA is installed,
where a is the top HBA port and b is the
bottom HBA port.
Working with VTL
Item
Description
# of Control
Commands
Number of control commands.
# of Read Commands
Number of read commands.
# of Write Commands
Number of write commands.
In (MiB)
Number of MiBs (1,048,576 bytes) written.
Out (MiB)
Number of MiBs (1,048,576 bytes) read.
# of Error Protocol
Number of protocol errors.
# of Link Fail
Number of link failures.
# of Invalid Crc
Number of frames received with a bad CRC.
# of Invalid TxWord
Number of invalid transmit words.
# of Lip
LIP (Loop Initialization Primitive) count.
# of Loss Signal
Number of signal losses.
# of Loss Sync
Number of sync losses.
Working with Storage Pools
VTL storage pools allow replication of pools of VTL virtual tapes.
VTL virtual tapes can be replicated from multiple replication
originators to a single replication destination (many-to-one
configurations).
When using pools, consider the following:
•
A pool can be replicated no matter where individual tapes are
located. Tapes can be in the vault, a library, or a drive.
•
You can copy and move tapes from one pool to another.
•
Two tapes in different pools on one Data Domain system can
have the same name (except if the tape will be moved between
those pools).
•
Pools can be of two types: MTree or Directory, which is
backward compatible.
•
A pool sent to a replication destination must have a pool name
that is unique on the destination.
DD OS 5.2 Administration Guide
395
•
Data Domain pools are not accessible by backup software.
•
No VTL configuration or license is needed on a replication
destination when replicating pools.
•
Data Domain recommends creating tapes with unique bar
codes only. Having duplicate bar codes in the same tape pool
creates an error. Although no error is created for duplicate bar
codes in different pools, duplicate bar codes may cause
unpredictable behavior in backup applications and can lead to
operator confusion.
In the stack menu, click Pools > Pools.
From the Pools page, the tasks that are available include:
•
View Pools Information on page 396
•
Create Storage Pools on page 397
•
Convert Directory Pool to MTree Pool on page 398
•
Delete Storage Pools on page 400
•
Search for Tapes on page 366
View Pools Information
The Pools page includes the:
•
Pools Tab on page 396
•
Replication Tab on page 397
Pools Tab
The Pools tab displays the following information:
396
Item
Description
Location
Location of pool.
Type
Directory or MTree.
Tape Count
Number of tapes in the pool.
Capacity
Total configured data capacity of the tapes in
that pool, in GiB (Gibibytes, the base-2
equivalent of GB, Gigabytes).
Working with VTL
Item
Description
Used
Amount of space used on the virtual tapes in
that pool.
Average Compression
Average amount of compression achieved on
the data on the tapes in that pool.
Replication Tab
The Replication tab presents the following detailed replication
information:
Item
Description
Name
Name of the storage pool.
Configured
Shows whether or not replication is configured
for the pool: yes or no.
Source
When configured, shows the path where the
pool is replicating from, or both, if a cascaded
configuration.
Destination
When configured, shows the path where the
pool is replicating to, or both, if a cascaded
configuration.
Create Storage Pools
When you create a pool, you are creating an MTree, unless you
specifically select to create the older style directory pool (one that
is backwards compatible).
The advantages of an MTree over a storage pool:
•
Support of snapshot and schedule of snapshot capability at the
individual Mtree-based storage pool.
•
You can apply retention locks.
•
You can set an individual retention policy for an Mtree-based
storage pool.
•
Compression information is available.
•
Data migration policies to the archive tier are available.
DD OS 5.2 Administration Guide
397
•
Quota support to set storage space usage policy by setting hard
limits and soft limits.
When creating pools, consider the following:
•
A pool name cannot have the restricted names all, vault, or
summary.
•
A pool can be replicated no matter where individual tapes are
located in a virtual tape library provided by the Data Domain
system. Tapes can be in the vault, a library, or a drive.
•
A pool sent to a replication destination must have a pool name
that is unique on the destination.
To create a pool:
1. In the More Tasks menu, click Pool Create.
The Create Pool dialog box appears.
2. In the Pool Name text box, enter a name containing between 1
and 32 characters for the pool (excluding the characters
“*/<>?:\| and do not use a space or period at the beginning or
end of a name). Pool names are case-sensitive so the pool
“TEST” is not the same as the pool “test.”
3. If you want the pool to be a directory and compatible with the
previous version of Enterprise Manager, select the option
Create a directory backwards compatibility mode pool.
4. Click OK.
The Create Pool Status dialog appears.
5. After the Create Pool Status dialog box shows Completed, click
Close.
The pool is added in the Pools subtree and is ready to have
virtual tapes added to it.
Convert Directory Pool to MTree Pool
To change a directory pool to an MTree pool:
1. In the Pools submenu, select the pool you wish to convert.
2. In the Pool tab, click Convert to MTree Pool.
398
Working with VTL
3. Click OK.
DD OS 5.2 and later: If the pool is being replicated, and the
replicated pool is a directory, click OK to convert the target
replication directory to MTree format.
Notes:
VTL is temporarily disabled on the replicated systems during
pool conversion.
Replication pairs are broken before pool conversion and reestablished afterwards if no errors occur.
The following conditions affect conversion to an MTree pool:
•
Rentention Lock cannot be enabled on the systems
involved in MTree pool conversion.
•
If a directory pool is replicated on multiple systems, those
replicating systems must be known to the managing
system for the conversion to work properly.
•
If the directory pool was replicated to an older DD OS, such
as DD OS 5.2 to DD OS 5.1, the conversion is not allowed.
As a workaround:
i.
Replicate a directory pool to a second Data Domain
system.
ii. Replicate the directory pool from the second Data
Domain system to a third Data Domain system.
iii. Remove the second and third Data Domain systems
from the managing Data Domain system's Data
Domain network.
iv. On any of the systems running DD OS 5.2 systems,
from the Pools submenu, select Pools and a
directory pool. In the Pools tab, click the Convert to
MTree Pool menu. The message that is displayed
states that the conversion cannot proceed because
some replication system information is missing.
Click the Help (question mark) in the Convert to
MTree Pool dialog box to display the Convert
DD OS 5.2 Administration Guide
399
Storage Pool to MTree Pool online help (the text in
this section).
Rename Storage Pools
To rename a pool:
1. In the Pools submenu, select the pool you wish to rename.
2. In the More Tasks menu, click Pool Rename.
The Rename Pool dialog box appears.
3. In the Pool Name text box, re-enter a name containing between
1 and 32 characters for the pool (excluding the characters
“*/<>?:\| and using a space or period at the beginning or end
of a name). Pool names are case-sensitive so the pool “TEST” is
not the same as the pool “test.”
4. Click OK.
The Rename Pool status dialog appears.
5. After the Rename Pool status dialog box shows Completed,
click Close.
The pool is renamed in the Pools subtree.
Delete Storage Pools
Note: Before a pool can be deleted, you must delete any tapes
contained within it. If replication is configured for the pool, the
replication pair must be deleted.
1. In the More Tasks menu, click Pool Delete.
The Delete Pools dialog box appears.
2. Click the checkbox of items to delete:
•
The name of each pool, or
•
Pool Names, to delete all pools.
3. Click Submit in the confirmation dialog boxes.
The selected pools are deleted.
400
Working with VTL
4. After the Delete Pool Status dialog box shows Completed, click
Close.
The pool entry is removed from the pool list.
Replicate VTL Pools
Pools can be replicated and monitored through the Replication tab
of the Enterprise Manager.
•
See Create a Directory, MTree, or Pool Replication Pair on page 422.
•
See Track Status of a Replication Process on page 438
Working with a Storage Pool
To access a storage pool, on the stack menu, click Pools > Pools >
pool. Notice that pool Default always exists.
From a storage pool page, the following tasks can be performed:
•
Rename Storage Pools on page 400
•
Delete Storage Pools
•
Create Tapes on page 367
•
Delete Tapes on page 368
•
Move Tapes on page 363
•
Search for Tapes on page 366
DD OS 5.2 Administration Guide
401
402
Working with VTL
13 Working with Replication
This chapter includes the following topics:
•
About Replication on page 403
•
The Replication Types on page 405
•
Supported Replication Topologies on page 407
•
Using Encryption of Data at Rest with Replication on page 411
•
About the Replication View on page 413
•
Configuring Replication on page 421
•
Resynchronize Data in a Replication Pair on page 432
•
Recover Data from Replication Pair on page 434
•
Replication Seeding on page 436
•
Monitoring Replication on page 437
About Replication
DD Replicator software provides automated, fast, and reliable
replication of data for disaster recovery (DR), remote office data
protection, and multiple site tape consolidation. DD Replicator
replicates deduplicated and compressed data over a network
(including WANs), greatly reducing the demands on the network.
Once replication has been configured between a source and
destination, any new data written to the source is automatically
replicated to the destination.
A replication pair is sometimes referred to as a context.
•
DD Replicator performs two levels of deduplication to
significantly reduce the bandwidth requirements: local and
cross-site deduplication. Local deduplication determines the
DD OS 5.2 Administration Guide
403
unique segments to be replicated over a WAN. Cross-site
deduplication avoids sending any segments that may already
exist on the destination due to replication from another site, or
a local backup or archive at that site.
•
DD Replicator enables automated offsite replication and
integrates with the existing network and backup infrastructure.
•
DD Replicator supports online data recovery from a remote
location.
•
Network-efficient replication eliminates the security risks
associated with human intervention and physical tape
transportation.
•
To meet a broad scope of data protection needs, multiple
replication topologies are supported: full systems mirroring,
selective, bi-directional, many-to-one, one-to-many, and
cascaded.
•
DD Replicator eliminates the need for tape backup at a remote
office and enables organizations to consolidate tape
infrastructure at a central hub.
Notes:
404
•
A file (or directory) may not be renamed or moved into or out
of a replication source. Note that this includes a Cut operation
followed by a Paste operation in Windows.
•
Replicator is a licensed product. Contact Data Domain Sales to
obtain a license, then install the license, as described in
Managing System Licenses on page 58.
•
If you are unable to manage and monitor DD OS 4.9
Replication from the DD OS 5.0 or DD OS 5.1 version of the
Enterprise Manager, use the Replication commands described
in DD OS 5.2 Command Reference Guide.
•
For encryption other than for systems with the Data at Rest
option: If DD Boost file-replication encryption is set to on, it
must be set to on for both the source and destination systems.
Working with Replication
The Replication Types
Replication typically consists of a source Data Domain system
(which receives data from a backup system), and one or more
destination Data Domain systems.
DD Replicator performs two levels of deduplication to
significantly reduce the bandwidth requirements: local and crosssite deduplication. Local deduplication determines the unique
segments to be replicated over a WAN. Cross-site deduplication
avoids sending any segments that may already exist on the
destination due to replication from another site or a local backup
or archive at that site.
Choose a replication type based on the how you wish to
replicate.The replication types are:
•
Collection Replication on page 406
where the contents of the entire Data Domain system are
replicated. This is useful when all the contents being written to
the DD system need to be protected at a secondary site. See
Collection Replication on page 406.
•
Directory Replication on page 406
where only specific subdirectories under data/col1/backup
are replicated. Useful when the data on the Data Domain
systems needs to be protected. See Directory Replication on
page 406.
•
MTree Replication on page 407
where an entire MTree is replicated (see Working with MTrees
on page 257 for information about creating an MTree.) This is
useful when users create MTrees and want to have a DR copy
of their data. Replicating directories under an MTree is not
permitted.
Note: In DD OS 5.2, Retention Lock Compliance supports
collection replication only. MTree and directory replication are not
supported. For more information on using replication with
Retention Lock Compliance, see page 253.
DD OS 5.2 Administration Guide
405
Collection Replication
Collection replication replicates the entire /data/col1 area from
a source Data Domain system to a destination Data Domain
system.
The Data Domain system to be used as the collection replication
destination must be empty before configuring replication. Once
replication is configured, this system is dedicated to receive data
from the source system, and data can be read only from this
system.
With collection replication, all user accounts and passwords are
replicated from the source to the destination.
Directory Replication
Directory replication replicates data at the level of individual
subdirectories under /data/col1/backup.
With directory replication, a Data Domain system can
simultaneously be the source of some replication contexts and the
destination for other contexts. The Data Domain system can also
receive data from backup and archive applications while it is
replicating data. See The Replication Types on page 405.
Some points to consider with directory replication:
406
•
A destination Data Domain system must have available
storage capacity that is at least the post-compressed size of the
expected maximum post-compressed size of the source
directory.
•
When replication is initialized, a destination directory is
created automatically.
•
After replication is initialized, ownership and permissions of
the destination directory are always identical to those of the
source directory. As long as the context exists, the destination
directory is kept in a read-only state and can receive data only
from the source directory.
•
At any time, due to differences in global compression, the
source and destination directory can differ in size.
Working with Replication
MTree Replication
MTree replication replicates data for an MTree specified by the
/data/col1/mtree pathname. With MTree replication, a Data
Domain system can simultaneously be the source of some
replication contexts and the destination for other contexts. The
Data Domain system can also receive data from backup and
archive applications while it is replicating data.
Some points to consider with MTree replication:
•
A destination Data Domain system must have available
storage capacity that is at least the post-compressed size of the
expected maximum post compressed size of the source MTree.
•
When replication is initialized, a destination MTree is created
automatically.
•
After replication is initialized, ownership and permissions of
the destination MTree are always identical to those of the
source MTree. If the context is configured, the destination
MTree is kept in a read-only state and can receive data only
from the source MTree.
•
At any time, due to differences in global compression, the
source and destination MTree can differ in size.
Supported Replication Topologies
This section describes the various supported replication topologies
and the typical uses for those configurations.
One-to-One Replication
The simplest type of replication is from a Data Domain source
system to a Data Domain destination system, otherwise known as
a one-to-one replication pair. This replication topology can be
configured with directory, MTree, or collection replication types.
To set up this type of configuration, see Create a Replication Pair on
page 421.
DD OS 5.2 Administration Guide
407
Figure 13-1: One-to-One Replication Pair
DD System B
DD System A
Source
Data
Dest
Data flows from the source to the destination system
Bi-Directional Replication
In a bi-directional replication pair, data from a directory or MTree
on System A is replicated to System B, and from another directory
or MTree on System B to System A.
To set up this type of configuration, see Configure Bi-Directional
Replication on page 424.
Figure 13-2: Bi-directional Replication
DD System B
DD System A
Source
Data
Dest
Dest
Source
Data flows in both directions between two systems
One-to-Many Replication
In one-to-many replication data flows from a source directory or
MTree on a system A to several destination systems. You could use
this type of replication to create more than two copies for increased
data protection, or to distribute data for multi-site usage.
To set up this type of configuration, see Configure One-to-Many
Replication on page 424.
408
Working with Replication
Figure 13-3: One-to-Many Replication
DD System A
Data
Source
Dest
DD System B
Dest
DD System C
Dest
DD System D
Data flows from a directory or MTree source system to many
destination systems
Many-to-One Replication
In many-to-one replication, whether with MTree or directory,
replication data flows from several source systems to a single
destination system. This type of replication can be used to provide
data recovery protection for several branch offices at the corporate
headquarter’s IT systems.
To set up this type of configuration, see Configure Many-to-One
Replication on page 425.
Figure 13-4: Many-to-One Replication
DD Systems
DD System
Source
Data
Source
Dest 1
Dest 2
Dest 3
Source
Data flows from many source systems to one destination system
DD OS 5.2 Administration Guide
409
Cascaded Replication
In a cascaded replication topology, a source directory or MTree is
chained among three Data Domain systems. The last hop in the
chain can be configured as collection replication, MTree, or as
directory replication depending on whether the source is directory
or MTree. For example, DD System A replicates one or more
MTrees to DD System B, which then replicates those MTrees to DD
System C. The MTrees on DD System B are both a destination
(from DD System A) and a source (to DD System C).
Figure 13-5: Cascaded Directory Replication
Data recovery can be performed from the non-degradated
replication pair context. For example:
410
•
In the event DD System A requires a recover, data can be
recovered from DD System B.
•
In the event DD System B requires a recover, the simplest
method is to perform a replication resync from DD System A to
(the replacement) DD System B. In this case, the replication
context from DD System B to DD System C should be broken
first. After the DD System A to DD System B replication
Working with Replication
context finishes resync, a new DD System B to DD System C
context should be configured and resync'd.
To set up this type of configuration, see Configure Cascaded
Replication on page 425.
Using Encryption of Data at Rest with
Replication
Data Domain Replicator software can be used with the optional
Encryption of Data at Rest feature, enabling encrypted data to be
replicated using collection, directory, or MTree for all of the
supported topologies.
To configure and work with Encryption of Data at Rest, see
Managing Encryption of Data at Rest on page 212.
Replication contexts are always authenticated with a shared secret.
That shared secret is used to establish a session key using a DiffieHellman key exchange protocol and that session key is used to
encrypt and decrypt the Data Domain system encryption key
when appropriate.
Each replication form works uniquely with encryption and offers
the same level of security.
•
Collection replication requires the source and target to have the
exact same encryption configuration because the target is
expected to be an exact replica of the source data. In particular,
the encryption feature must be turned on or off at both source
and target and if the feature is turned on, then the encryption
algorithm and the system passphrases must also match. The
parameters are checked during the replication association
phase.
During collection replication, the source system transmits the
encrypted user data along with the encrypted system
encryption key. The data can be recovered at the target because
the target machine has the same passphrase and the same
system encryption key.
•
MTree or directory replication does not require encryption
configuration to be the same at both the source and target Data
DD OS 5.2 Administration Guide
411
Domain systems. Instead, the source and target securely
exchange the target system’s encryption key during the
replication association phase and the data at rest is first
decrypted and then re-encrypted at the source using the target
system’s encryption key before transmission to the target.
If the target machine has a different encryption configuration,
then the data transmitted is prepared appropriately. For
example, if the feature is turned off at the target, then the
source decrypts the data and it is sent to the target unencrypted.
•
In a cascaded replication topology, a replica is chained among
three Data Domain systems. The last system in the chain can be
configured as a collection, MTree, or directory. If the last
system is a collection replication target, then it uses the same
encryption keys and encrypted data as its source. If the last
system is an MTree or directory replication target, then it uses
its own key and the data is encrypted at its source. The
encryption key for the target at each link is used for encryption.
Encryption for systems in the chain works as in a replication
pair.
Encryption on the Wire
DD Replicator supports encryption of data-in-flight by using
standard Secure Socket Layer (SSL) protocol version 3, which
uses the ADH-AES256-SHA cipher suite to establish secure
replication connections.
Low-Bandwidth Optimization
For enterprises with small datasets and 6 Mb/s or less
bandwidth networks, DD Replicator can further reduce the
amount of data to be sent using the low-bandwidth
optimization mode. This enables remote sites with limited
bandwidth to use less bandwidth or to replicate and protect
more of their data over existing networks.
After enabling low-bandwidth optimization on the source and
target systems, both systems must undergo a full cleaning
412
Working with Replication
cycle to prepare the existing data. Issue the command
filesys clean start on both systems. The duration of the
cleaning cycle depends on the amount of data on the Data
Domain system, but takes longer than a normal cleaning.
Bandwidth Delay Settings
The bandwidth delay settings are used to control the TCP
buffer size. This allows the source system to send enough data
to the destination while waiting for an acknowledgement. Both
the source and destination system must have the same
bandwidth delay settings. These tuning controls can benefit
replication performance over higher latency links.
About the Replication View
The Replication view allows you to configure replication pairs and
see the configured replicas as a list and as a topology map, check
performance graphs, and configure network settings that affect
performance.
The Replication view contains the following components:
•
Replication Status on page 414
•
Summary View on page 414
•
Topology View on page 418
•
Performance View on page 418
•
Advanced Settings View on page 419
To display to the Replication view:
1. Click the source system in the Navigational pane of the
Enterprise Manager.
2. Click the Replication tab to access the Replication view.
The Replication Status and Summary view displays.
3. Click a replication context in the table to populate the Detailed
Information area of the Summary view.
DD OS 5.2 Administration Guide
413
Replication Status
The replication Status area shows the system-wide count of
replication contexts exhibiting warning (yellow text) and error (red
text) state, or if conditions are normal.
Summary View
The Summary view contains a table that lists the configured
replication contexts for the system. Selecting a context in the table
populates the content’s information in Detailed Information area.
The Summary table shows aggregated information about the
selected Data Domain system—that is, summary information
about all of the system’s inbound replication pairs, and all of that
system’s outbound replication pairs. The focus is the Data Domain
system itself and the inputs to it and outputs from it.
The Detailed Information pane, by contrast, shows the information
for a selected individual replication pair.
The Summary view table can be filtered by entering a Source or
Destination name, or selecting a State (Error, Warning, or Normal).
The Summary view includes the following information:.
414
Item
Description
Source
The system and path name of the source context,
with the format system.path. For example, for a
directory dir1 on the system dd120-22, the entry
displays dd12022.datadomain.com/data/col1/dir1.
Destination
The system and path name of the destination
context, with the format system.path.For example,
for an MTree MTree1 on the system dd120-44, the
entry displays dd12044.datadomain.com/data/col1/MTree1.
Type
The type of context: Collection (col), MTree, or
directory (dir).
Working with Replication
Item
Description
State
The Current state describes the replication pair
status. Possible states include:
• Normal—If the replica is Initializing,
Replicating, Recovering, Resynching,
Migrating.
• Idle—For MTree replication, this state can
display if the replication process is not
currently active or for network errors (such as
the destination system being inaccessible).
• Warning—If there is an unusual delay for the
first five states, or for the Uninitialized state.
• Error—Any possible error states, such as
Disconnected.
Synced as of Time
The timestamp for last automatic replication sync
operation performed by the source. For MTree
replication, this value is updated when a snapshot
is exposed on the destination. For directory
replication, it is updated when a sync point
inserted by the source is applied. A value of
unknown displays during replication
initialization.
Pre-Comp
Remaining
Amount of pre-compressed data left to be
replicated.
Time to
Completion
The value is either Completed, or the estimated
amount of time required to complete the
replication data transfer based on the last 24
hours’ transfer rate.
DD OS 5.2 Administration Guide
415
Detailed Information
The Detailed Information area provides the following information
for the selected replication context:.
Item
Description
State Description
Informational message about the state of the
replica.
Source
The system and path name of the source context,
with the format system.path. For example, for an
MTreedir1 on the system dd120-22, the entry
displays dd12022.datadomain.com/data/col1/dir1.
Destination
The system and path name of the destination
context, with the format system.path. For example,
for an MTreedir1 on the system dd120-44, the
entry displays dd12044.datadomain.com/data/col1/dir1.
Connection Port
The system name and listen port used for the
replication connection. See Change Host
Connection Settings on page 427.
Completion Stats
416
Synced as of Time
The timestamp for last automatic replication sync
operation performed by the source. For MTree
replication, this value is updated when a snapshot
is exposed on the destination. For directory
replication, it is updated when a sync point
inserted by the source is applied. A value of
unknown displays during replication
initialization.
Time to
Completion
The value is either Completed, or the estimated
amount of time required to complete the
replication data transfer based on the last 24
hours’ transfer rate.
Working with Replication
Item
Description
Pre-Comp
Remaining
The amount of data that is yet to be replicated.
Status
For the source and destination endpoints, shows
the status (Enabled, Disabled, Not Licensed, etc)
of major components on the system, such as:
• Replication
• File System
• Replication Lock
• Encryption at Rest
• Encryption over Wire
• Available Space
• Low Bandwidth Optimization
• Compression Ratio
• Low Bandwidth Ratio
Performance Chart
Click Performance Chart to open a Replication graph for the
selected context.
The Replication Performance graph shows performance over time,
and differs depending on whether it is for a collection or a
directory pair, or for an MTree or Pool.
Item
Description for Collection
Description for a Directory,
MTree, or Pool
Pre-Comp
Remaining
Pre-compressed data that is
remaining to be replicated.
Pre-compressed data that is
remaining to be replicated.
Pre-Comp
Written
Pre-compressed data that has
been written on the source.
Pre-compressed data that has
been written on the source.
Post-Comp
Replicated
Post-compressed data that has
been replicated.
Post-compressed data that has
been replicated.
Completion Predictor
A widget for predicting when replication will complete for the
selected context. See Track Status of a Backup Job's Replication
Progress on page 437
DD OS 5.2 Administration Guide
417
Topology View
The Topology view shows how the selected Data Domain system’s
replication pairs are configured in the network.
•
The arrow between Data Domain systems represents one or
more replication pairs.
•
Depending on the status of the contexts between the two
systems, the arrow displays as normal (green), warning
(yellow), or error (red).
•
Click a context to open the Context Summary dialog box,
where context details can be viewed (paths, status), and links
to other operations are available (Show Summary, Modify
Options, Enable/Disable Pair, Graph Performance).
•
Click Collapse All to roll-up the Expand All context view and
show only the name of the system and the count of destination
contexts.
•
Click Expand All to show all the destination directory and
MTree contexts configured on other systems.
•
Click Reset Layout to return to the default view.
•
Click Print to open a standard print dialog box.
Performance View
The Performance view holds a graph that accurately represents the
fluctuation of data during replication. However, during times of
inactivity, (when no data is being transferred), the shape of the
graph may display a gradually descending line instead of an
expected sharply descending line.
The Performance view displays a replication’s historical data for:
•
Network In: Total replication network bytes entering the
system (all contexts)
•
Network Out: Total replication network bytes leaving the
system (all contexts)
These are aggregated statistics of each replication pair for this Data
Domain system. The duration (x-axis) is 21 days by default. The
418
Working with Replication
y-axis is in GibiBytes or MebiBytes (the binary equivalents of
GigaBytes and MegaBytes).
Hover the cursor over points in the chart for an accurate reading.
The tooltip displays the ReplIn, ReplOut, date/time and amount of
data for a given point in time.
Advanced Settings View
The Advanced Settings view provides management of and
detailed information about the replication settings.
Throttle Settings
The Throttle Settings area shows the current settings for:
•
Temporary Override— If configured, shows the throttle rate or
0, which means all replication traffic is stopped.
•
Permanent Schedule—Shows the time for days of the week
that scheduled throttling occurs.
For details about configuring these options, see the section Add
Throttle Settings on page 429.
Network Settings
The following settings affect data transfer over the network.
Bandwidth Settings
Shows (Default) if bandwidth has not been configured or the
configured data stream rate. The average data stream to the
replication destination is at least 98,304 bits per second (12 KiB). To
configure bandwidth, see Change the Global Network Settings on
page 431.
Also see Bandwidth Delay Settings on page 413.
Delay
Shows (Default) if a network delay has not been configured or the
configured network delay setting (in milliseconds). To configure
network delay, see Change the Global Network Settings on page 431.
Also see Bandwidth Delay Settings on page 413.
DD OS 5.2 Administration Guide
419
Listen Port
Shows (Default) if a listen port has not been configured or the
configured global listen port. To configure the global listen port,
see Change the Global Listen Port on page 432.
Preparing to Configure Replication
Before starting the Replication configuration, be sure to consider
the following:
•
Configuring replication from the Enterprise Manager can be
performed only if both the source and destination Data
Domain systems are managed by the Enterprise Manager.
•
Ensure adequate storage is available on the source and
destination. At a minimum, the destination must have the
same amount of space than the source.
•
Ensure that the destination directory for the context does not
contain the destination directory for another context, or is not
contained within the destination directory for another context.
•
Determine the type of replication configuration to use (see The
Replication Types on page 405).
•
For directory replication, ensure the destination directory is
empty or its contents not required. It will be overwritten.
Limitations
Before configuring directory replication, determine the maximum
number of contexts for your Data Domain system. This is the value
shown in the Replication Source Streams column of Table 5-1 on
page 189.
420
•
If the source holds a lot of data, the replication operation can
take many hours. Consider putting both Data Domain systems
in the Replicator pair in the same location with a direct link to
cut down on initialization time.
•
A subdirectory that is under a source directory in a replication
context cannot be used in another directory replication context.
A directory can be in only one context at a time.
Working with Replication
Configuring Replication
To configure replication, follow the procedures for creating the
replications contexts in Create a Replication Pair. Once the
replication pair has been created, data replication begins and the
progression of the data copy can be monitored from the
Replication Enterprise Manager Summary view (see Monitoring
Replication).
Other optional replication configuration tasks include the
following:
•
Create a Replication Pair on page 421
•
Enable and Disable Replication Pair on page 425
•
Delete a Replication Pair on page 426
•
Convert a Directory Replication Pair to an MTree on page 426
•
Change Host Connection Settings on page 427
•
Managing Bandwidth with Throttling on page 428
•
Change the Network Settings on page 431
Create a Replication Pair
To create and start initiation of a replication pair, use the following
procedure. This function is available to administrative users only.
To create a successful replication pair, the following is required:
•
The destination system must have the same amount of space as
the source system.
•
For collection replication only, the destination file system must
be destroyed and subsequently created, but not enabled.
1. Click the source system in the Navigational tree of the
Enterprise Manager.
2. Click the Replication tab to access the Replication view.
3. In the Summary view, click Create Pair.
DD OS 5.2 Administration Guide
421
The Create Pair dialog box appears, where you add specific
information to create a collection, directory, MTree, or pool
replication pair, as described in the following sections:
•
Create a Collection Replication Pair on page 422
•
Create a Directory, MTree, or Pool Replication Pair on page 422
Note: For information on configuring parameters in the Advanced
tab, see Change Host Connection Settings on page 427.
Create a Collection Replication Pair
1. In the Create Pair dialog box, select Collection from the
Replication Type menu.
2. Select the source system hostname from the Source System
menu.
3. Select the destination system hostname from the Destination
System menu.
The list includes only those hosts in the DD-Network list.
4. Click OK.
Replication from the source to the destination begins.
Test results from Data Domain returned the following
performance guidelines for replication initialization. Note that the
following are guidelines and actual performance seen in
production environments may vary.
•
Over a gibibit LAN: With a high enough shelf count to drive
maximum input/output and ideal conditions, collection
replication can saturate a 1GigE link (modulo 10% protocol
overhead), as well as 400-900 MB/sec on 10gigE, depending on
the platform.
•
Over a WAN, performance is governed by the WAN link line
speed, bandwidth, latency, and packet loss rate.
Create a Directory, MTree, or Pool Replication Pair
The following describes the procedure for creating a basic
directory or MTree replication pair. Advanced directory or MTree
422
Working with Replication
replication pair configurations, which build on this procedure are
described in:
•
Configure Bi-Directional Replication on page 424
•
Configure One-to-Many Replication on page 424
•
Configure Many-to-One Replication on page 425
•
Configure Cascaded Replication on page 425
1. In the Create Pair dialog box, select Directory, MTree (default),
or Pool from the Replication Type menu.
2. Select the source system hostname from the Source System
menu.
3. Select the destination system hostname from the Destination
System menu.
4. Enter the source path in the Source Path text box (notice the
first part of the path is a constant that changes based on the
type of replication chosen).
5. Enter the destination path in the Destination Directory text box
(notice the first part of the path is a constant that changes based
on the type of replication chosen).
6. Click OK.
The Replication from the source to the destination begins.
Notes:
•
If an MTree replication context is created with a destination
MTree that exists prior to initialization, an error message
warns that the destination MTree already exists. Ensure the
MTree named as the destination doesn't exist before the
replication initialization. If the MTree already exists, it can be
renamed. Deleting the MTree will not take effect until the next
garbage collection is run, therefore, deleting the MTree may
not be the best choice.
•
The following occurs during the first phase of directory
replication initialization only: When a new directory, MTree, or
pool replication pair is being created, the source directory
cannot be written to until the replication relationship between
source and destination systems has been established. Attempts
DD OS 5.2 Administration Guide
423
to write to the newly configured replication source directory
will fail until the replication relationship has been established.
Instead, schedule the replication configuration at a time when
backups are not occurring.
•
(Directory Replication Only) Replicated files can arrive on the
destination system in a different order from which they were
closed (or last written) on the source. If file order is important
to your site, refer to the release notes for additional details and
a workaround or contact Technical Support.
Test results from Data Domain returned the following guidelines
for estimating the time needed for replication initialization. Note
that the following are guidelines only and may not be accurate in
specific production environments.
•
Using a T3 connection, 100ms WAN, performance is about
40 MiB/sec of pre-compressed data, which gives data transfer
of:
40 MiB/sec = 25 seconds/GiB = 3.456 TiB/day
•
Using a gibibit (the base-2 equivalent of gigabit) LAN,
performance is about 80 MiB/sec of pre-compressed data,
which gives data transfer of about double the rate for a T3
WAN.
Configure Bi-Directional Replication
To create the configuration described in Bi-Directional Replication on
page 408, use the procedure Create a Directory, MTree, or Pool
Replication Pair on page 422 to create a replication pair (for
example, using mtree2) from host A to host B. Use the same
procedure to create a replication pair (for example, using mtree1)
from host B to host A. For this configuration, destination
pathnames cannot be the same. Guidelines for directory and
MTree replication are applicable.
Configure One-to-Many Replication
To create the configuration described in One-to-Many Replication on
page 408, use the procedure Create a Directory, MTree, or Pool
Replication Pair on page 422 to create pairs (for example, using
mtree1) on host A to:
•
424
mtree1 on host B
Working with Replication
•
mtree1 on host C
•
mtree1 on host D
Note: A replication recover cannot be done to a source context
whose path is the source path for other contexts; the other contexts
need to be broken and resync'd subsequent to the recovery.
Configure Many-to-One Replication
To create the configuration described in Many-to-One Replication on
page 409, use the procedure Create a Directory, MTree, or Pool
Replication Pair on page 422 to create a pair, for example:
•
mtree1 from host A to mtree1 on host C
•
mtree2 on host B to mtree2 on host C
Configure Cascaded Replication
To create the configuration described in Cascaded Replication on
page 410, use the procedure Create a Directory, MTree, or Pool
Replication Pair on page 422 to create a pair for:
•
mtee1 on host A to mtree1 on host B
•
On host B, create a pair for mtree1 to mtree1 on host C
The final destination context (on host C in this example, but
more than three hops are supported) can be a collection replica
or a directory or MTree replica.
Enable and Disable Replication Pair
Disabling a replication pair temporarily pauses the active
replication of data between a source and a destination. The source
stops sending data to the destination and the destination stops
serving an active connection to the source.
To disable a replication pair, from either the source or the
destination:
1. Select one or more replication pairs in the Summary table, and
click Disable Pair.
The Disable Pair dialog box appears.
2. Click Next and then OK.
DD OS 5.2 Administration Guide
425
To resume operation of a disabled replication pair:
1. Select one or more replication pairs in the Summary table, and
click Enable Pair.
The Enable Pair dialog box appears.
2. Click Next and then OK.
Replication of data is resumed.
Delete a Replication Pair
Note: With collection replication, the file system is disabled when
deleting the replication pair.
To delete a replication pair:
1. Select one or more replication pairs in the Summary table, and
click Delete Pair.
The Delete Pair dialog box appears.
2. Click Next and then OK.
The Replication pairs are deleted.
When a directory or MTree replication context is deleted, the
destination directory or MTree, respectively, becomes writeable.
When a collection replication pair is broken, the destination Data
Domain system becomes a stand-alone read/write system.
Convert a Directory Replication Pair to an MTree
When a directory replication pair is converted to an MTree, the
directory data is initialized in an MTree, and the directory
replication configuration is deleted.
To convert a directory context to MTree:
1. Select the directory replication pair in the Summary table, and
click Convert to MTree.
The Convert to MTree dialog box appears. The directory name
is now the MTree name.
2. Click OK.
426
Working with Replication
A Warning dialog box appears indicating the directory data is
being initialized in the new MTree and the old directory
replication configuration is being deleted.
3. Click OK.
The Convert to MTree Status dialog box appears, showing the
progress of the conversion.
4. Click Close.
Change Host Connection Settings
To change a replication pair connection settings:
1. Select the replication pair in the Summary table, and click
Modify Settings.
The Modify Connection Settings dialog box appears.
2. Implement any of the following options:
•
Configuring Low Bandwidth Optimization on page 427.
•
Configuring Encryption Over Wire on page 428.
•
Configuring a Non-Default Connection Port on page 428.
3. Click Next and then Close.
The replication pair settings are updated and replication
resumes.
Configuring Low Bandwidth Optimization
Low bandwidth optimization can be enabled on a per-context
basis. Low bandwidth optimization must be enabled on both the
source and destination Data Domain systems. If the source and
destination have incompatible low bandwidth optimization
settings, low bandwidth optimization will be inactive for that
context.
•
To configure low bandwidth optimization, in the Modify
Connection Settings dialog box, click the checkbox for Use Low
Bandwidth Optimization.
DD OS 5.2 Administration Guide
427
•
In the Create Pair, Start Resync, or Start Recover window
(either for collection or directory), click the Advanced tab, and
click the checkbox for Use Low Bandwidth Optimization.
Configuring Encryption Over Wire
To encrypt the data that is sent over the replication network
connection, in the Modify Connection Settings dialog box, click the
checkbox for Enable Encryption Over Wire.
Both sides of the connection must enable this feature for the
encryption to proceed. Encrypted replication will use the ADHAES256-SHA cipher suite.
Configuring a Non-Default Connection Port
The source system transmits data to a destination system listen
port. As a source system can have replication configured for many
destination systems (each of which can have a different listen
port), each context on the source can configure the connection port
to the corresponding listen port of the destination.
To change the connection port:
•
In the Modify Connection Settings dialog box, in the Details
area, click the checkbox for Use Non-default Connection Host,
and in the source Connection Port text box, change the listen
port to a new value.
•
In the Create Pair, Start Resync, or Start Recover window
(either for collection or directory), click the Advanced tab, and
in the Connection area, click the checkbox for Use Non-default
Connection Host, and change the listen port to a new value.
Managing Bandwidth with Throttling
To modify the amount of bandwidth used in the network, modify
the throttle setting for the replication data stream. Throttling can
be implemented via a schedule to occur at certain times.
The average data stream to the replication destination is at least
98,304 bits per second (12 KiB).
Throttle options:
428
Working with Replication
•
Apply equally to all replication pairs and all network interfaces
on a system.
•
Affect only outbound network traffic.
•
Calculate the proper TCP buffer size for replication usage,
using bandwidth settings.
Add Throttle Settings
1. Click the Replication > Advanced Settings tabs and click Add
Throttle Setting.
The Add Throttle Setting dialog box appears.
2. Set the days of the week that throttling is active by clicking the
checkboxes next to the days.
3. Set the time that throttling starts with the Start Time drop-
down selectors for the hour:minute and AM/PM.
4. In the Throttle Rate area:
•
Click the Unlimited radio button to set no limits.
•
Enter a number in the text entry box (for example, 20000)
and select the rate from the menu (bps, Bps, Kibps, or
KiBps).
•
Select the 0 Bps (Disabled) option to disable all replication
traffic.
5. Click OK to set the schedule.
The new schedule is shown in the Throttle Settings Permanent
Schedule area.
Replication runs at the given rate until the next scheduled change
or until a new throttle setting forces a change.
Delete Throttle Settings
1. Click the Replication > Advanced Settings tabs and click Delete
Throttle Setting.
The Delete Throttle Setting dialog box appears.
DD OS 5.2 Administration Guide
429
2. Click the checkbox for the throttle setting to delete or the
heading checkbox to delete all settings. This list can include
settings for the “disabled” state.
3. Click OK to remote the setting.
4. On the Delete Throttle Setting Status dialog box, click Close.
Temporarily Override a Throttle Setting
A throttle override temporarily changes a throttle setting. The
current setting is listed at the top of the window.
With the clear option enabled, the setting is in effect until a
scheduled change or a system reboot. If the clear option is
disabled, the change is in effect indefinitely.
1. Click the Replication > Advanced Settings tabs and click Set
Throttle Override.
The Throttle Override dialog box appears.
2. Click the radio button to change how the current throttle
setting is to be overridden.
•
Unlimited—Reverts to the system-set throttle rate (no
throttling performed).
•
Set the throttling bit and rate in the text entry box (for
example, 20000) and (bps, Bps, Kibps, or KiBps).
•
0 Bps (Disabled—Sets the throttle rate to 0, effectively
stopping all replication network traffic.
3. To enforce the change temporarily, check the box Clear at next
scheduled throttle event.
4. Click OK to save the setting.
Note: To clear an override that has been set, click the Clear
Throttle Override radio button and click OK.
Working with Low Bandwidth Optimization
Low bandwidth optimization can be used to improve data transfer
over low bandwidth links. Using low bandwidth optimization
adds increased data compression to optimize network bandwidth.
430
Working with Replication
More compression directly translates to more throughput on lowbandwidth links. On high-bandwidth links, the computational
overhead of low bandwidth optimization may actually reduce
throughput. For this reason, low bandwidth optimization is
recommended on T2 and lower bandwidth links.
•
To configure low bandwidth optimization, see Change Host
Connection Settings on page 427.
•
To check the status of a low bandwidth optimization
configuration, see Detailed Information on page 416.
Change the Network Settings
To change network settings for bandwidth, network delay, and
global IP listen port:
1. Click the source system in the Navigational tree of the
Enterprise Manager.
2. Click the Replication > Advanced Settings tabs.
3. In the Network Settings area, click Change Network Settings.
The Network Settings dialog box appears.
4. Implement any of the following options:
•
Change the Global Network Settings on page 431
•
Change the Global Listen Port on page 432
5. Click OK.
The new settings appear in the Network Settings table.
Change the Global Network Settings
Using the bandwidth and network-delay settings together,
replication calculates the proper TCP buffer size for replication
usage.
Notes:
•
Changing these values should be needed only for high-latency,
low-bandwidth WANs where the default TCP setting is not
sufficient to provide the best throughput.
DD OS 5.2 Administration Guide
431
•
Find the actual bandwidth and the actual network delay values
for each server (for example, by using the ping command).
These network settings are global to the Data Domain system and
need be set only once per system.
1. In the Network Settings area, click the Custom Values radio
button.
2. Enter Delay and Bandwidth values in the text boxes.
The network delay setting is in milliseconds and bandwidth is
in bytes per second.
Change the Global Listen Port
The default IP Listen port for a replication destination for receiving
data streams from the replication source is 2051. This is a global
setting for the Data Domain system.
•
In the Listen Port pane, enter the new value in the text box.
Resynchronize Data in a Replication Pair
Resynchronization is the process of recovering (or bringing back
into sync) the data between a source and destination replication
pair after a manual break. The replication pair are resynchronized
so both endpoints contain the same data.
A replication resynchronization can also be used:
•
To re-create a context has been deleted.
•
When a directory replication destination runs out of space
while the source destination still has data to replicate.
•
To convert a collection replication to directory replication
Resync a Directory, MTree, or Pool Replication Pair
1. Delete the context on both the source and destination directory
replication systems.
2. From either the source or the destination directory replication
system, click the More menu and select Start Resync.
432
Working with Replication
The Start Resync dialog box is displayed.
3. Select the Replication Type to be resynced: Directory, MTree,
or Pool
4. Select the source system hostname from the Source System
menu.
5. Select the destination system hostname from the Destination
System menu.
6. Enter the directory path in the Source Path text box.
7. Enter the directory path in the Destination Path text box.
8. Click OK.
Convert from a Directory to an MTree Replication Pair
A directory replication pair can be converted to an MTree
replication pair.
A conversion is started with a replication resync that filters all data
from the source Data Domain system to the destination Data
Domain system. The filtering performance over a T3, 100ms WAN
is about 100 MiB/sec, which gives data transfer of:
100 MiB/sec = 10 seconds/GiB = 8.6 TiB/day
Note: MiB = MibiBytes, the base-2 equivalent of Megabytes.
GiB = GibiBytes, the bas- 2 equivalent of Gigabytes.
TiB = TibiBytes, the base-2 equivalent of Terabytes.
Over a gibibit LAN, performance is about 120 MiB/sec, which
gives data transfer of:
120 MiB/sec = 8.3 seconds/GiB = 10.3 TiB/day
1. Create a new MTree on the both the source and the destination
(see for Create an MTree on page 266 details).
2. From the Replication > Summary view, select the Directory
context to convert.
3. From the More menu, select Convert to MTree.
The Convert to MTree dialog window appears.
DD OS 5.2 Administration Guide
433
4. Add the new MTree paths to the source and destination text
fields.
5. Click OK
MTree replication is established after data is copied to the
source MTree.
Abort a Resync of a Directory Replication Pair
Use this procedure to abort a resync that is in progress.
1. From either the source or destination directory replication
system, click the More menu and select Abort Resync.
The Abort Resync dialog box appears. It lists all the contexts
that are currently performing resynchronization.
2. Select the checkboxes of one or more contexts to abort their
resync.
3. Click OK.
Replication resynchronization is aborted.
Recover Data from Replication Pair
If something has occurred that makes the source replication data
inaccessible, the data can be recovered from the replication pair
destination. Either collection or directory can be recovered to the
source, as described in the following procedures:
•
Recover Directory Pool Data on page 434
•
Recover Collection Replication Pair Data on page 435
•
Recover Directory Replication Pair Data on page 435
Note: The source must be empty for the recovery to proceed.
Recovery can be performed for all types of replication topologies.
Recover Directory Pool Data
1. Click the More menu and select Start Recover.
The Start Recover dialog box appears.
434
Working with Replication
2. Select Pool from the Replication Type menu.
3. Select the source system hostname from the System to Recover
To menu.
4. Select the destination system hostname from the System to
Recover From menu.
5. Select the context on the destination from which data is
recovered.
6. Click OK to start the recovery.
Recover Collection Replication Pair Data
Use this procedure if it becomes necessary to recover a replication
pair source.
Note: The source file system must be in a pristine state for the
recovery to proceed. The destination context must be fully
initialized for the recover to be successful.
1. Click the More menu and select Start Recover.
The Start Recover dialog box appears.
2. Select Collection from the Replication Type menu.
3. Select the source system hostname from the System to Recover
To menu.
4. Select the destination system hostname from the System to
Recover From menu.
5. Select the context on the destination from which data is
recovered. Only one collection will exist on the destination.
6. Click OK to start the recovery.
Recover Directory Replication Pair Data
Use this procedure if it becomes necessary to recover one or more
directory replication pairs.
Note: The same directory used in the original context must be
created (but left empty) in order for recover to work.
1. Click the More menu and select Start Recover.
DD OS 5.2 Administration Guide
435
The Start Recover dialog box appears.
2. Select Directory from the Replication Type menu.
3. Select the hostname of the system that needs to have data
restored to it from the System to Recover To menu.
4. Select the hostname of the system that will be the data source
from the System to Recover From menu.
5. Select the context to restore from the context list.
6. Click OK to start the recovery.
Abort a Replication Pair Recover
If a recovery fails or must be terminated, the replication recover
can be aborted.
1. Click the More menu and select Abort Recover.
The Abort Recover dialog box appears showing the contexts
that are currently performing recovery.
2. Click the checkbox of one or more contexts to abort from the
list.
3. Click OK.
Recovery on the source should be restarted again as soon as
possible by restarting the recovery.
Replication Seeding
If the source has a lot of data, the initial replication seeding can
take some time over a slow link. To expedite the initial seeding,
bring the destination system to the same location as the source
system to use a high-speed, low-latency link. Once data is initially
seeded using the high speed network, move the system back to its
intended location. As data is initially seeded, only new data is sent
from that point onwards.
All replication topologies are supported and the procedures to
start the replication are found in Configuring Replication on
page 421.
436
Working with Replication
Monitoring Replication
This section describes how to use the Enterprise Manager interface
to check the status of replication operations. For an overview of the
visual components of the Replication page, see About the
Replication View on page 413.
Checking Replication Status
Replication status is available at all levels of the Replication page,
as described in the following procedures.
•
Check Replication Pair Status on page 437
•
Track Status of a Backup Job's Replication Progress on page 437
•
Track Status of a Replication Process on page 438
•
Check the Performance of a Replication Context on page 438
Check Replication Pair Status
1. Click the Data Domain system to be checked in the
Navigational pane.
The content of the Replication > Topology view changes to
focus on that system. The system has a blue arrow pointing to
it in the Topology pane.
2. In the Topology pane, check the colors of the arrows showing
status of the context (for more information, see Topology View
on page 418).
3. In the Replication > Summary view, from the Filter By drop-
down list (beneath the Overview pane), select State and select
Error, Warning, or Normal from the state menu.
The Replication contexts are sorted according to the selection.
Track Status of a Backup Job's Replication Progress
To check the progress of a replication for a point in time:
1. Click the Summary tab and select a Replication context to
display the Detailed Information area.
DD OS 5.2 Administration Guide
437
2. In the Completion Predictor area, select options from the
Source Time drop-down list for a replication’s completion time
and click Track.
The estimated time displays in the Completion Time area for
when a particular backup will finish its replication to the
destination. If the replication is finished, the area shows
Completed.
Track Status of a Replication Process
To display the progress of a replication initialization, resync, or
recovery operation, use the Summary table view to check the
current state.
Check the Performance of a Replication Context
To check the performance of a replication context over time, select
a Replication context in the Summary view and click Performance
Graph in the Detailed Information area.
438
Working with Replication
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising