Install and Configure the Integrated Data Protection Appliance for DP4400. Dell PowerProtect Data Protection Software

Add to My manuals
116 Pages

advertisement

Install and Configure the Integrated Data Protection Appliance for DP4400. Dell PowerProtect Data Protection Software | Manualzz

2

Install and Configure the Integrated Data

Protection Appliance for DP4400

This section details how to install the IDPA for DP4400 hardware. It also explains how to perform the initial software configuration after the appliance hardware is set up.

Topics:

Install the Integrated Data Protection Appliance Hardware

Install the DP4400 Software

Configure IDPA DP4400 Software

Troubleshooting Installation Failures

Install the IDPA post-installation patch on DataProtection-ACM

Install the Integrated Data Protection Appliance

Hardware

This section is designed for the personnel who install, configure, and maintain the Integrated Data Protection Appliance for

DP4400, and such you should be familiar with digital storage equipment and cabling.

Prerequisites

The following are the prerequisites to install the Integrated Data Protection Appliance hardware.

Prerequisites

Verify that you have the following components:

● 2U DP4400 system

● Rail kit, including:

○ Two sliding rails

○ Two velcro straps

○ Four screws

○ Four washers

● Two power cables

● Bezel

● Phillips-head screwdriver with magnetic tip (not provided)

● Anti-static wrist strap and conductive foam pad

Table 4. Qualified Ethernet cables

Type of switch

10 Gb SFP+

NIC Type

SFP+ (optical)

Speed

10 Gb

1 Gb or 10 Gb RJ45

1 Gb or 10 Gb RJ45

SFP+ with 1GbBASE-T GBIC

10 GbBASE-T (RJ45)

1 Gb

1 Gb or 10 Gb (depending on the switch)

Cable Required

LC-to-LC with SR optical

GBICs or twinax

UTP with RJ45 (Cat5e or

Cat6)

UTP/STP with RJ45 (Cat6a or Cat7)

Install and Configure the Integrated Data Protection Appliance for DP4400 9

Install the rails

About this task

The rails are labeled left and right, and cannot be interchanged. The front side of each rail is labeled Left Front or Right Front when viewed from the cabinet front.

Steps

1. Determine where to mount the system, and use masking tape or a felt-tip pen to mark the location at the front and back of the cabinet.

NOTE: Install the left rail assembly first.

2. Fully extend the rear sliding bracket of the rail.

3. Position the rail end piece labeled Left Front facing inward and orient the rear end piece to align with the holes on the rear cabinet flanges.

4. Push the rail straight toward the rear of the rack until the latch locks in place.

Figure 1. Installing the rear end of the rail

5. For the front end piece, rotate the latch outward and pull the rail forward until the pins slide into the flange, and release the latch to secure the rail in place.

10 Install and Configure the Integrated Data Protection Appliance for DP4400

Figure 2. Installing the front end of the rail

6. Repeat the preceding steps to install the right rail assembly.

Secure the rails to the cabinet

The supplied screws and washers are used to secure the rail assemblies to the front and rear of the cabinet.

About this task

NOTE: For square hole cabinets, install the supplied conical washer before installing the screw. For unthreaded round hole cabinets, install only the screw without the conical washer.

Steps

1. Align the screws with the designated U spaces on the front and rear rack flanges.

Ensure that the screw holes on the tab of the system retention bracket are seated on the designated U spaces.

2. Insert and tighten the two screws using the Phillips #2 screwdriver.

Figure 3. Installing screws

Install and Configure the Integrated Data Protection Appliance for DP4400 11

Install the system in the cabinet

About this task

WARNING: The system is heavy. To avoid personal injury and/or damage to the equipment, do not attempt to install the system in a cabinet without a mechanical lift and/or help from another person.

Steps

1. At front of the cabinet, pull the inner slide rails out of the cabinet until they lock into place.

Figure 4. Pull the inner rails out of the cabinet

2. Locate the rear rail standoff on each side of the system. Position the system above the rails and lower the rear rail standoffs into the rear J-slots on the slide assemblies.

3. Rotate the system downward until all the rail standoffs are seated in the J-slots.

12 Install and Configure the Integrated Data Protection Appliance for DP4400

Figure 5. Install the system in the rails

4. Push the system inward until the lock levers click into place.

5. Pull the blue slide release lock tabs forward on both rails and slide the system into the cabinet. The slam latches will engage to secure the system in the cabinet.

NOTE: Ensure that the inner rail slides completely into the middle rail. The middle rail locks if the inner rail is not fully engaged.

Figure 6. Slide the system into the cabinet

Install and Configure the Integrated Data Protection Appliance for DP4400 13

Install the bezel

Steps

1. Align and insert the right end of the bezel onto the system.

2. Press the release button and fit the left end of the bezel onto the system.

3. Lock the bezel by using the key.

Figure 7. Installing the front bezel

Connect the system to the network

The following figure shows the location of the DP4400 network ports and iDRAC port.

About this task

Figure 8. DP4400 network and iDRAC connections

14 Install and Configure the Integrated Data Protection Appliance for DP4400

Steps

1. Use a Cat5e or Cat6 UTP copper Ethernet cable to connect a 1 GbE port (10) to the service computer.

2. If the DP4400 contains 10 Gb SFP network cards, use fiber cables with a 10 Gb optical SFP to connect the four required 10

GbE ports (2, 3, 8, 9) to access ports on the switch in your network.

3. If the DP4400 contains 10 Gb BASE-T network cards, use Cat6a UTP or Cat7 copper cables to connect the four required 10

GbE ports (2, 3, 8, 9) to access ports on the switch in your network

4. Use a Cat5e or Cat6 copper Ethernet cable to connect the iDRAC port (1) in the lower left of the system chassis to the network.

DP4400 ports

About this task

Table 5. DP4400 port types

Callout number

1

2

6

7

8

9

3

4

5

10

11

Port type iDRAC

10 GbE (required)

10 GbE (required)

10 GbE (unused)

10 GbE (unused)

10 GbE (unused)

10 GbE (unused)

10 GbE (required)

10 GbE (required)

1 GbE

1 GbE (unused)

NOTE: Ports 2 and 9 are a vSwitch0 network team. Ports 3 and 8 are a vSwitch1 network team and are used during appliance configuration.

NOTE: Ensure that the four required 10 GbE ports (2, 3, 8, and 9) are connected to the access ports on the switch in your network.

NOTE: For more information about Separate Management Network prerequisites and procedure, see .

Separate management network requirements

on page 20.

NOTE: Switch MTU should be 1528 or higher for IDPA DP4400. Jumbo frames are not supported.IDPA DP4400 sometimes may fail with the following error message:

Adding back-end storage. Exception occurred while executing Avamar integration task.

Failed to add Data Domain as Avamar back-end storage.

To resolve this problem, you must either remove the MTU or increase it to 1518 or higher.

See KB Article 539946 for a detailed information on this.

Install and Configure the Integrated Data Protection Appliance for DP4400 15

Connect the power cables and power on

This topic describes how to connect the power cables and power on the system

About this task

NOTE: Use an uninterruptible power supply (UPS) to protect against data loss caused by unplanned power outages.

Steps

1. Connect the power supply units to the rack.

The system may not power on automatically after plugging in the AC power cords. The system identification button located on the rear of the chassis, on the lower left-hand side illuminates blue when power is on.

2. If the system does not power on automatically after connecting the power cables, press the power button on the right control panel at the front of the chassis to power on the system .

Configure IDPA with a Juniper switch

About this task

The following sections in this chapter describe configuration tasks for a IDPA deployment using a Dell switch. If your IDPA deployment uses a Juniper switch with Hypervisor hosts running a 10G X710 NIC card, you must perform the following configuration tasks.

Steps

1. Disable the Data Center Bridging Capability Exchange (DCBX) protocol on the Juniper switch port.

For more information, see KB article 000057774 .

2. Install the i40e driver, uninstall the i40en driver, and then reboot Hypervisor.

You can download the i40e driver from https://my.vmware.com/group/vmware/downloads/details?

%20downloadGroup=DT-ESXI60-INTEL-l40E-207&productld=743 .

For more information, see KB article 000042326 .

Configure iDRAC

You must configure the Integrated Dell Remote Access Controller (iDRAC) for system upgrade and maintenance operations.

Additionally, IDPA supports the use of iDRAC to change security settings and enables you to remotely power the system on.

Prerequisites

Connect to the unit using a VGA monitor with a keyboard or a serial port, power on the appliance, and perform the following steps:

NOTE: Do not use iDRAC to change the storage configuration, system settings, or BIOS settings, as making changes to these will impact the system functionality. Contact Support if changes are required in any of these areas.

Steps

1. During the system boot process, press F2 to access the BIOS menu.

2. In the System Setup Main Menu page, click iDRAC Settings .

The iDRAC Settings page is displayed.

16 Install and Configure the Integrated Data Protection Appliance for DP4400

3. Click Network .

The Network page is displayed.

4. Under IPv4 Settings , specify static IP address details.

5. Press Esc to return to the previous menu.

6. Select User Configuration .

a. Enable the root user.

b. Change the root user password.

Note that the default password is Idpa_1234 .

Install the DP4400 Software

The following topics provide detailed instructions on installing and configuring Integrated Data Protection ApplianceDP4400 software.

Preinstallation requirements

Before installing the Integrated Data Protection Appliance DP4400 software, you must meet the below preinstallation requirements.

Cable connectivity

The following image shows the location of DP4400 network ports and iDRAC port.

Figure 9. DP4400 network and iDRAC connections

1. Ports 2 and 9 are for vSwitch0 network team. Ports 3 and 8 are for vSwitch1 network team and are used during appliance configuration.

2. Ensure that the four required 10 GbE ports (2, 3, 8, and 9) are connected to the access ports on the switch in your network.

NOTE: All ports on switch should be in "Access mode or untagged" and the MTU must not be less than 1528 bytes. All switch ports should be active and should not be configured in LACP.

NOTE: If the CISCO switch port security is enabled on the IDPA ports, then the IDPA deployment fails due sporadic networking ping issues. A virtual machine fails to ping any other host on the physical network, or it cannot ping the gateway

IP address due to the Cisco Port security restriction. Find a detailed explanation, see https://kb.vmware.com/s/article/

1002811

IP address requirements

The tables below details the IP addresses required by IDPA for various components.

Using a range is the preferred method as it simplifies the assignment and reduces the chance for errors while entering the IP addresses.

Install and Configure the Integrated Data Protection Appliance for DP4400 17

When you reserve the IP addresses, you must assign the IP addresses to a fully qualified domain name (FQDN) in the DNS server. The following is the supported format for a FQDN:

● Supported characters:

○ Upper or lower case letters (A-z, a-z)

○ Numbers (0-9)

○ Hyphen ( - )

● Must not exceed the 255 character limit.

● Must not include any special characters, symbols, spaces, or punctuation other than a hyphen ( - ).

Labels are the strings in the FQDN which are separated by a period ( . ). Use a period only as a separator between labels. The following is the supported format for labels:

● Each label must start with a letter or number.

● Must not exceed the 63 character limit.

● Each label must have at least one letter.

● A label must not start or end with a hyphen ( - )

When you configure the DNS server settings during appliance configuration, ensure that you configure the settings properly.

After you configure the hostname and domain name of the point products, you cannot modify the hostnames for the point products. However, you can modify the DNS server IP address on the point products after the appliance is configured.

Ensure that the new DNS server has the same hostname and domain names that are associated with the corresponding point product IP addresses. For more information about modifying the DNS server IP address, see KB Article 537628 .

Ensure to have a valid NTP IP address which is reachable from the appliance.

NOTE: Ensure that the time difference between the NTP and Hypervisor server is not more than 10 minutes. If the time difference between the two servers is more than 10 minutes, then the appliance network configuration may fail.

In case there is no valid IP address for DNS, NTP, and Gateway, the appliance can be configured using the ACM IP address. See

Self Contained Deployment (optional)

for more information.

When a range of IP addresses is used during the IDPA configuration, the IP addresses are assigned in a standard order. Once assigned, each IP should be registered in DNS with forward and reverse lookup entries.

A total of 13 IP addresses are needed for all components and one each for Hypervisor and ACM. Total number of IP address requirement varies according to optional component (shown in below table) selection. iDRAC also needs an IP address.

2

1

1

1

1

1

1

1

1

2

Table 6. IP address requirements

Number of

IP addresses required

1

Component

Appliance Configuration Manager

IDPA Hypervisor

IDPA Hypervisor Manager

Protection storage (management)

Protection Storage (backup)

Protection Software

Protection Software internal proxy

Data Protection Central

Reporting and Analytics (optional)

Search (optional)

Cloud DR (optional)

DNS entry required

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

It is recommended to assign the range of IP addresses in the following sequence. The table also shows how these IPs will be allocated to different components when an IP range option is selected during deployment on the ACM wizard.

18 Install and Configure the Integrated Data Protection Appliance for DP4400

+6

+7

+8

+9

+10

+1

+2

+3

+4

+5

Table 7. IP address assignment for single network for the DP4400 model

IP Range

Allocation

+0

Example

192.0.2.1

Component

Hypervisor Manager (Service)

Assigned Field

VMware Hypervisor Manager (Service) Server

Service

192.0.2.2

192.0.2.3

192.0.2.4

192.0.2.5

192.0.2.6

192.0.2.7

192.0.2.8

192.0.2.9

192.0.2.10

192.0.2.11

Protection storage

Protection storage

Protection storage

Management IP

Backup IP 1

Backup IP 2

Protection Software

Protection Software internal proxy

Data Protection Central

Server IP

Protection Software Proxy Service

Data Protection Central VM

Reporting and Analytics (optional) Application Server Host Service

Reporting and Analytics (optional) Datastore Server Host Service

Search (optional) Index Primary Node Host Service

Cloud DR (optional) CDRA (optional) Add-on Virtual Appliance

Install and Configure the Integrated Data Protection Appliance for DP4400 19

Separate management network requirements

You can configure separate management network on IDPA during the appliance installation.

Data and control flow

In IDPA, Protection Software stores only the metadata information about the backup, and actual backup data in stored on Protection Storage. In a separate management network, the Protection Software remains on management network and

Protection Storage is configured with both management and backup IPs.

Figure 10. Data and control flow

1. User initiates the backup request from Protection Software UI.

2. Protection Software initiates communication with client over management network.

3. Client receives the Protection Storage details for backing up the data, and starts the data back up through the backup network.

NOTE: The management (or corporate network) as well as the backup network should be accessible from client.

20 Install and Configure the Integrated Data Protection Appliance for DP4400

IP address requirement for separate management network

The tables below details the IP addresses required by Integrated Data Protection Appliance for various components.

About this task

Using a range is the preferred method as it simplifies the assignment and reduces the chance for errors while entering the IP addresses.

When a range of IP addresses is used during the Integrated Data Protection Appliance configuration, the IP addresses are assigned in a standard order. Once assigned, each IP should be registered in DNS with forward and reverse lookup entries.

A total of 14 IPs are needed for all components and one each for Hypervisor and ACM. The total number of IP address requirement varies according to optional component (shown in below table) selection. iDRAC also needs an IP address.

The following tables details the total IP address requirements.

1

1

1

1

1

1

1

1

1

2

Table 8. Management network IP address requirements for the DP4400

Number of

IP addresses required

Component DNS entry required

Appliance Configuration Manager

IDPA Hypervisor

IDPA Hypervisor Manager

Protection Storage (management)

Protection Software (backup)

Protection Software internal proxy

Data Protection Central

Reporting & Analytics (optional)

Search (optional)

Cloud DR (optional)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Table 9. Backup network IP address requirements for the DP4400

Number of IP addresses required for Component DNS entry

Component DNS entry required

2 Protection Storage No

1 Protection Software internal proxy No

It is recommended to assign range of IP addresses which are in sequence. Below table shows how these IP addresses will be allocated when the IP range option is selected during deployment.

+1

+2

+3

+4

+5

+6

Table 10. Management IP range allocation

Management IP

Range Allocation

+0

Component

Hypervisor Manager (Service)

Protection storage

Protection Software

Protection Software internal proxy

Data Protection Central

Reporting & Analytics (optional)

Reporting & Analytics (optional)

Assigned Field

VMware Hypervisor Manager (Service) Server Service

Management IP

Server IP

Protection Storage Service

Data Protection Central Service

Application Server Host Service

Datastore Server Host Service

Install and Configure the Integrated Data Protection Appliance for DP4400 21

Table 10. Management IP range allocation (continued)

Management IP

Range Allocation

+7

+8

Component

Search (optional)

Cloud DR (optional)

Assigned Field

Index Primary Node Host Service

CDRA (optional) Add-on Virtual Appliance

See below tables for Backup IP address range assignments with Dedicated Backup Network

Table 11. Backup IP Address range assignments with Dedicated Backup Network

Backup IP Range Allocation

+0

+1

Component

Protection Storage

Protection Storage

Assigned Field

Backup IP1

Backup IP 2

+2 Protection Software internal proxy Protection Software Service

Install Network Validation Tool

The Network Validation Tool (NVT) for IDPA runs multiple automated tests to validate the network configuration. You must run the NVT for IDPA from a system on the management network.

Before you install IDPA, network configuration must be completed for the data center. After completing all network configurations required for IDPA installation, install and run the Network Validation Tool to validate the network requirements for a successful deployment of IDPA in the data center. To download the NVT, and for more information about NVT, see https://central.dell.com/solutions/NVT-PP .

Firewall Ports

For IDPA 2.7 to function properly, the firewall ports need to be open. For more information see the appendix section.

Secure Remote Services (SRS)

If your organization enables communication through the Internet, as part of the initial configuration of the system, you can register the IDPA, Protection Software, Protection Storage and Reporting and Analytics components with Secure Remote

Services. The Secure Remote Services is a secure, IP-based, distributed, customer service support system that provides Dell

EMC customers with command, control, and visibility of support-related activities.

It is strongly recommended to complete the Secure Remote Services registration process. To prepare the IDPA environment for

Secure Remote Services registration, add the customer site IDs to the SRS gateway and confirm the site ID is visible through the ServiceLink .

Your SRS Server must be either version v3.20.00.08

or higher and accessible to the IDPA. The DataProtection-ACM can be configured with SRS during the installation process or can be configured later from the ACM dashboard. The SRS gateway hostname must be registered in the DNS and both forward and reverse lookup must work.

Complete information about SRS is available at the Online Support site . The SRS registration is done by the Customer Service

(CS) during deployment or by the Solution Architect (SA).

It is recommended to complete the SRS registration process, which enables you to have the following advantages:

● Dell EMC delivers product event reports such as error alerts, thus greatly increasing the availability of your information infrastructure.

● Dell EMC provides rapid remote services either through automated recognition and notification or through interpretation and response when a support event occurs, eliminating the need for on-site support visits.

● Provides increased protection of your information

● Reduced risk

● Improved time-to-repair

If the customer opts not to deploy the SRS, the Project Manager (PM) must log in to http://gcsdocs.corp.emc.com

and complete the details in the opt-out form.

22 Install and Configure the Integrated Data Protection Appliance for DP4400

Online Support

To create an Online Support account, go to https://www.dell.com/support . Your username and password is required for Secure

Remote Services configuration

Site ID

A Site ID is created in Support systems for each location within your organization where Dell EMC products are installed. Your

Site ID is required during initial configuration. To verify your Site ID number on Online Support, perform the following steps:

1. Log in to Online Support with your credentials.

2. Hover over your username and select Manage Company Information .

3. Click View Sites .

NOTE: You can also search for a site and add it to the My Sites list. If a site ID is not available or the correct site ID is not listed, you must notify your local field representative to request one.

License activation

You need a license to use IDPA. To use all the features of IDPA you need to activate the license that you have received. To activate the licenses you need to be connected to a network with an internet connection for In-product activation or you must have received the License Activation Code (LAC) letter through email during the fulfillment process to manually activate the licenses. The LAC letter includes the license authorization code that is associated with your order, instructions for downloading software binaries, and instructions for activating the entitlements online through Dell EMC Software Licensing Central.

The IDPA licenses are automatically downloaded. In case you are at a dark site or if you are having any network restrictions, and if the licenses are not automatically downloaded, then you must manually activate the license. See

Manual Activation

for more details.

In-product activation

The In-product license activation is a feature where the ACM automatically downloads the licenses for Protection Storage ,

Backup Server , and Reporting and Analytics point products from the ELMS server.

Ensure that the appliance is connected to a network to automatically download the licenses. After the licenses are successfully downloaded, the License tab on the IDPA Configuration page is not displayed. If the licenses are not downloaded successfully during network configuration, the License tab is displayed on the Integrated Data Protection Appliance Configuration page with a Check online for licenses button. You can click Check online for licenses to download the licenses from the ELMS server.

NOTE: In-product license activation is not supported in the following cases:

● On a IPv6 enabled network

● When ACM is being used as DNS

NOTE: If the system is unable to download the licenses automatically from the ELMS server, an error message is displayed,

and you must manually activate the licenses. For more information about how to manually activate the licenses, see Manual

Activation

.

Manual activation

The manual license activation feature enables you to upload and activate the licenses that you have downloaded from the ELMS server.

About this task

To manually activate the licenses, download the license files for Protection Storage, Protection Software, and Reporting &

Analyticsfrom the Dell EMC Software Licensing Central.

The contact person mentioned on your sales order should have received the License Authorization Code (LAC) letter through an email during the order fulfillment process. This LAC letter includes the license authorization code associated with your order, instructions for downloading software binaries, and instructions for activating the entitlements online through Dell EMC

Software Licensing Central.

Install and Configure the Integrated Data Protection Appliance for DP4400 23

Configure IDPA DP4400 Software

The following topics describe how to configure IDPA DP4400 Software.

Connect to the ACM

Connect to the ACM user interface and begin the configuration process. For a seamless experience, enable both private and public network connections to your service computer.

Prerequisites

● After powering on the appliance, wait 5 minutes for startup to finish.

● Verify that the service computer is connected to the 1 GbE port identified as (10) in

DP4400 network and iDRAC connections

on page 24.

● On the service computer, record the IP address settings for the Ethernet interface that is connected to the DP4400.

NOTE: IDPA uses the 192.168.100.xxx

IP addresses for the internal components. Ensure that 192.168.100

network is not used in your environment. If the network addresses are in use, contact Customer Support for assistance.

Figure 11. DP4400 network and iDRAC connections

Steps

1. On the service computer, assign the static IP address 192.168.100.98

and the subnet mask 255.255.255.224

for the

Ethernet interface that is connected to the DP4400.

A default gateway is not required.

2. Verify that the ACM responds to a ping on the default ACM IP address, 192.168.100.100

.

3. To connect to the ACM user interface, type https://192.168.100.100:8543/ in a browser window.

4. Log in to the ACM with the default system account username and password:

● User Name: root

● Password: Idpa_1234

Configure ACM with IP range

After a successful login, the Change Appliance Password screen is displayed.

Steps

1. Log in to the ACM with the default system account username and password.

2. The Change Appliance Password page is displayed.

The Change Appliance Password page consists of Update Appliance Password .

● Update Appliance Password

24 Install and Configure the Integrated Data Protection Appliance for DP4400

This password will be assigned to all components of the appliance. It must contain 9–20 characters and include at least one of each type of supported character.

The following types of characters are supported:

○ Uppercase letters ( A – Z )

○ Lowercase letters ( a – z )

○ Numbers ( 0 – 9 )

○ Special characters: period ( .

), hyphen ( ), and underscore ( _ ) .

The password must not include common names or usernames such as root or admin . Also, the password must not start with a hyphen ( ) and end with a period ( .

).

3. Once you successfully change the passwords, the system logs you out. You must log in again with your new credentials.

4. On the End User License Agreement screen, accept the EULA.

The Network Configuration screen is displayed.

After accepting the EULA, configure the initial network connectivity to the DP4400 appliance. The IDPA supports both IPv4 and IPv6-enabled networks. Network configuration wizard will configure public network for the and the Hypervisor Server.

Configure the ACM settings for single network

Depending on the type of the network you have selected (IPv4 or IPv6), provide the following information to configure ACM for single network.

Steps

● IPv4 network

Subnet mask IP address mask that identifies the range of IP addresses in the subnet where the appliance is connected.

● IPv6 network

Prefix Length IP address length that identifies the range of IP addresses where the appliance is connected.

IP Address

IP Address/

Hostname

Gateway IP address

Domain name

NTP server

IP Address/

Hostname

This is the IP address to assign to the ACM. This is the first IP address of the 13 IP addresses that are reserved for the ACM.

This is the IP address to assign to the Hypervisor Server. This is the second IP address of the 13 IP addresses that are reserved for Hypervisor.

The default gateway IP address of the appliance.

The domain name for your network environment.

The NTP server IP address for your network environment

Primary DNS server IP address

Secondary DNS server IP address

The primary DNS server for your network environment.

The secondary DNS server for your network environment.

Configure the ACM settings for separate management network

If you want to configure the ACM settings for separate management and backup network, perform the following steps.

Steps

1. Click the Separate Management Network check box.

2. Provide the following information to configure the Management network settings :

Install and Configure the Integrated Data Protection Appliance for DP4400 25

Appliance

Configuration

Manager

IP Address/

Hostname

ESXi IP Address/

Hostname

Subnet mask

Gateway IP address

Domain name

NTP server

IP Address/

Hostname

Primary DNS server IP address

Secondary DNS server IP address

The IP address to assign to the ACM. This is the first IP address of the 14 IPs that is reserved for the

ACM.

The IP address to assign to the Hypervisor server. This is the second IP address of the 14 IPs that is reserved for Hypervisor.

The IP address mask that identifies the range of IP addresses in the subnet where the appliance is connected.

The default gateway IP address of the appliance.

The domain name for your network environment.

The NTP server IP address for your network environment.

The primary DNS server for your network environment.

The secondary DNS server for your network environment.

3. Click Yes to continue.

After you configure the basic networking infrastructure, your web browser automatically redirects to the ACM IP address assigned during the network configuration.

For automatic forwarding to work correctly, the system that you use to complete the configuration must be connected to the same network as the configured ACM IP address.

If you cannot have connections to both public and private networks simultaneously, disconnect from the private appliance configuration network and then connect to the network that the ACM IP address is on, to complete the rest of the configuration.

Once the network configuration is complete, revert the network adapter IP address settings on the service computer to their previous state.

If the network configuration fails, you can click Retry to revert all the settings. You must review the settings, make any changes if required, and then configure the network settings again.

4. Login to the ACM using the public IP Address.

The SRS page appears.

5. On the Dell EMC Secure Remote Services configuration for Integrated Data Protection Appliance, perform the following steps: a. Specify the SRS Gateway IP address.

b. Specify the online support credentials in the Username and Password fields.

c. Click Configure .

If the SRS configuration fails, you will get an error message. Refer to SRS Troubleshooting section to resolve the issue and configure again.

It is strongly recommended that skip the SRS configuration and configure it from the ACM dashboard later.

6. The Integrated Data Protection Appliance configuration page appears. On the Integrated Data Protection Appliance configuration page, perform the following steps.

NOTE: Ensure that you click the prerequisites link available on the Welcome page and read them before you continue.

a. On the Welcome page, select the optional components that you want to install in the configuration and click Next .

NOTE: If you have selected IPv6 as your network, then the optional components such as Search and CDR are not available to install as they do not support IPv6-enabled networks.

7. If you are connected to the network with an Internet connection, the system automatically downloads the licenses for

Protection Storage, Protection Software, and Reporting and Analytics point products.

26 Install and Configure the Integrated Data Protection Appliance for DP4400

In-product activation is not supported on IPv6-enabled network and dark side appliance. If you are not connected to the network or the licenses are not downloaded from the ELMS Server, click Browse to locate and upload the license files manually. The system validates the license files with the following checks:

● The maximum storage capacity for the appliance cannot be more than 24 TB (appliance with 8 TB to 24 TB capacity) and 96 TB (appliance with capacity of 24 TB to 96 TB) based on the appliance you have. Depending on the appliance you have, you can upgrade the storage capacity from 8 TB to 24 TB in increments of 4 TB or 24 TB to 96 TB in increments of

12 TB.

● The license file should not have the hash ( # ) character.

● The license must be in multiples of 4 TB.

8. Click Next .

The General settings page is displayed.

9. On the General settings page, perform the following actions:

● Verify the number in the Serial Number field, which is the Locking ID mentioned in the Dell EMC software license activation notification email.

● Select the Time zone from the list.

● Select and enter the IP address in the IP address range (11) field. The system automatically assigns 11 IP addresses in a chronological order, which is based on the IP address that you specify to configure the other components of the appliance. For example, if you specify 10.200.1.10

, the system automatically generates a range of IP address from

10.200.1.10 to 20.

NOTE: If any of the optional components such as Reporting & Analytics, Search, and CDR is not selected on

Welcome page, then the IP address range will be reduced here.

● If you have configured separate management network, specify the IP addresses in the IP address range (9) and IP address range (3) fields in the Management network settings and Backup network settings sections respectively.

NOTE: If any of the optional components such as Reporting & Analytics, Search, and CDR is not selected on

Welcome page, then the IP address range will be reduced here.

● Click Validate .

The system validates the availability of the IP addresses and allocates them to the IDPA components. To view the list of

IP addresses allocated to the individual components, hover on the green check mark.

NOTE: If you do not select the IP address range checkbox, you must manually configure and specify the IP addresses for each component. See

Single Network Configuration without IP range

for more info.

10. Click Next .

The Customer Information Settings page is displayed.

11. On the Customer information settings page, perform the following actions: a. On the Customer information section, enter information in the mandatory fields.

● Enter the name of the company in the Company name field.

● Enter the name of the administrator in the Admin contact name field.

● Enter the contact number of the administrator in the Admin contact number field.

● Enter the location in the Location field.

● Enter the site ID in the Site ID field.

NOTE: If you select the Email notification checkbox, the Email Configuration section is displayed.

b. In the Email Configuration section, enter information in the mandatory fields.

NOTE: If you select the Email notification check box, the Email Configuration section is displayed .

● Enter the SMTP server IP address in the SMTP server field.

● Enter the port number in the Port field.

NOTE: The Port field is auto populated and is the default SMTP port.

● Enter the email address of the administrator in the Administrator email field.

● Click Test Email to send a test email to the administrator's email address.

12. Click Next .

13. In the Summary page, review the information that you entered and click Submit to start the configuration.

14. Click the Submit button. A confirmation message is displayed.

15. Click Yes to continue to configure the Appliance.

Install and Configure the Integrated Data Protection Appliance for DP4400 27

Configure ACM without IP range

Configuring the ACM without IP range consists of two parts, namely Single Network Configuration without IP Range and

Separate Network Configuration without IP Range.

Single network configuration without IP range

The following procedure details configuring the ACM without IP range.

Steps

1. On the Network Configuration page, ensure that you do not select the Separate Management Network checkbox.

2. On the General Settings page, ensure that you do not select the IP address range checkbox in the Network section.

3. Click Next .

The Customer Information page is displayed.

4. Provide all the required inputs on the Customer Information page.

5. Click Next .

The Hypervisor Manager (Service) Configuration page is displayed.

6.

On the Hypervisor Manager (Service) Configuration page, specify a unique IP address in the IP address field to configure the internal Hypervisor Manager (Service). The associated hostname will be automatically populated on the right-hand side.

7. Click Next .

The Protection Storage Configuration page is displayed.

8. On the Protection Storage Configuration page, specify a unique IP addresses under the Protection Storage and Data

Network sections for the following fields:

● Management Network IP address.

● Backup IP address1.

● Backup IP address 2.

9. Click Next .

The Backup Server Configuration page is displayed.

10. On the Backup Server Configuration page, specify a unique IP address under the Backup node and Image Proxy section for the following fields.

● Backup Node IP.

● Image Proxy IP address.

11. Click Next .

The DPC page is displayed.

12. On the DPC page, specify a unique IP address in the Management Network IP field.

13. Click Next .

14. If you selected any optional component such as Reporting and Analytics, Search, or Cloud DR in Welcome page , specify a unique IP address for the optional component.

15. Click Next and go to the Summary page.

16. Review the information that you specified, and click Submit to start the configuration.

17. On the Configuration progress page, you can download the following when Integrated Data Protection Appliance is configured successfully:

● Solution ID.

● Configuration.

● Configuration XML file.

18. Click Finish . The First Security Officer User Update confirmation message is displayed.

19. Click OK .

The Secure Remote Services configuration for Protection Software, Protection Storage Operating System, and Reporting and Analytics pages are displayed. If you want, you can skip the Secure Remote Services configuration as you have an option to configure Secure Remote Services from the ACM dashboard.

28 Install and Configure the Integrated Data Protection Appliance for DP4400

20. The Integrated Data Protection Appliance is installed and deployed.

You are prompted to log in to the DPC in a new browser window. The default username for the DPC is Idpauser . In case it takes longer to login, refresh the browser and login to the ACMACM Dashboard.

Separate network configuration without IP range

The following procedure details configuring separate network without IP range.

Steps

1. On the Network Configuration page, ensure that you select the Separate Management Network checkbox.

2. On the General Settings page, ensure that you do not select the IP address range checkbox in the Network section.

3. Click Next .

The Customer Information page is displayed.

4. Provide all the required inputs on the Customer Information page.

5. Click Next .

The Hypervisor Manager (Service) Configuration page is displayed.

6.

On the Hypervisor Manager (Service) Configuration page, specify a unique IP address in the IP address field to configure the internal Hypervisor Manager (Service). The associated hostname will be automatically populated on the right-hand side.

7. Click Next .

The Protection Storage Configuration page is displayed.

8. On the Protection Storage Configuration page, specify a unique IP addresses under the Protection Storage and Data

Network sections for the following fields:

● Management Network IP address.

● Backup IP address1.

● Backup IP address 2.

9. Click Next .

10. The Backup Server Configuration page is displayed. In the Backup Server Configuration page, specify a unique IP address under the Backup Node and the Image Proxy section for the following fields:

● Backup Node IP

● Image Proxy IP address

● Backup Proxy IP address

11. Click Next .

The page is displayed.

12. In the page, specify a unique IP address under the Management Network IP field.

13. Click Next .

14. If you selected any optional component such as Reporting and Analytics, Search, or Cloud DR in Welcome page , specify a unique IP address under the Management Network IP field for the optional component.

15. Click Next and go to the Summary page.

16. Review the information that you specified, and click Submit to start the configuration.

17. On the Configuration progress page, you can download the following when Integrated Data Protection Appliance is configured successfully:

● Solution ID.

● Configuration.

● Configuration XML file.

18. Click Finish .

The Secure Remote Services configuration for Protection Software, Protection Storage Operating System, and Reporting and Analytics pages are displayed. If you want, you can skip the Secure Remote Services configuration as you have an option to configure Secure Remote Services from the ACM dashboard.

19. The Integrated Data Protection Appliance is installed and deployed.

Install and Configure the Integrated Data Protection Appliance for DP4400 29

You are prompted to log in to the DPC in a new browser window. The default username for the DPC is Idpauser . In case it take longer to login, refresh the browser and login to the ACMACM using the URL <https:<ACM_IPAddress>:8543/ dataprotection>, using the common credentials.

Troubleshooting Installation Failures

This section contains basic troubleshooting information to help resolve the possible issues.

Retry installation

If the installation fails, you can continue from the point where the installation failed.

About this task

During the appliance deployment, if any of the critical components fail to install you can retry the installation of the component from the point where the installation failed. To retry the installation, perform the following actions.

Steps

1. Click Retry on the Configuration progress page.

If the Retry operation is done after 5 days of configuration failure, Note that the user can retry without destroying file system warning message is displayed.

The Retry Configuration dialog box is displayed.

NOTE: The ACM reverts the changes that are made to the component that failed during installation and resumes the appliance configuration.

2. Click Yes to continue the installation.

The Configuration progress page is displayed. The installation continues from the point where the installation failed.

NOTE: If the ACM is rebooting or the ACM web service is restarting during IDPA deployment the Retry option is not available, you can only Rollback the installation.

Rollback installation

If the installation fails, you can rollback the installation when the Retry functionality does not resolve the issue, and follow the wizard to set up and deploy the Integrated Data Protection Appliance.IDPA. The Rollback feature reverts the changes that are made to the appliance configuration. You can review the settings and start the appliance installation and configuration again.

Prerequisites

Ensure that you click Download log bundle to download the logs before you start the Rollback .

About this task

To Rollback the appliance configuration, perform the following actions.

Steps

1. Click Rollback on the Configuration progress page.

The Rollback Configuration page is displayed.

NOTE: The ACM reverts the changes that are made to the appliance configuration.

If the Retry operation is done after 5 days of configuration failure, Note that without destroying the filesystem on Protection Storage, next configuration can be submitted warning message is displayed.

2. Click Yes to continue the installation.

The Configuration progress page is displayed. The system reverts all the changes that are made to the appliance.

30 Install and Configure the Integrated Data Protection Appliance for DP4400

NOTE: You can see the details of the Rollback progress of all the components on the Configuration progress page.

Results

After the Rollback is successful, the Configuration Welcome page is displayed. Configure the appliance from the

Configuration Welcome page.

Creating and downloading a log bundle

You can create and download a log bundle that can be analyzed or sent to customer support.

Steps

1. In the ACM dashboard, click the log bundle icon in the upper right and select Create log bundle .

2. On the Create log bundle dialog, select the components you want included in the log bundle and click OK .

3. When the log bundle is created, reselect the log bundle icon and select Download log bundle . .

4. Specify the download location and click OK .

First Security Officer user account

After you click the Finish button to complete the appliance installation, the First Security Officer User Update pop-up window is displayed.

It is recommended to create the Protection Storage Security Officer user account for compliance and security requirements.

See section Create first Security Officer user in Integrated Data Protection Appliance Product Guide and create a Security

Officer user account on the system.

Accessing Hypervisor Manager (Service)

If you need to log in to Hypervisor Manager (Service) to troubleshoot an issue encountered during installation, use the user idpauser@localos and the common password for the Integrated Data Protection Appliance. This user account has limited privileges but has access to information that can help identify and address problems.

Troubleshooting Secure Remote Services

For the DP4400 model, the Appliance Serial ID is always auto populated on the Secure Remote Services configuration page.

About this task

After the appliance and component product serial numbers are verified, continue to register the appliance and the components with Secure Remote Services, by performing the following steps:

Steps

1. Configure Secure Remote Services through the ACM for the Appliance, Protection Storage, Protection Software and

Reporting and Analytics either during the fresh install through the ACM wizard or from the ACMDashboard.

2. Enter customer Secure Remote Services Gateway IP.

3. Enter the Online Support credentials (username and password).

In case you encounter any issues, refer to the following table for some common issues and the associated resolution.

Table 12. Common Issues and Resolution while troubleshooting Secure Remote Services

Issue

Authentication failure

Resolution

Verify the credentials

Point of Contact

Security Team

Authorization errors if the user account address is not assigned to the Site ID:

Open an IT incident in SNOW to request assistance on

Install and Configure the Integrated Data Protection Appliance for DP4400 31

Table 12. Common Issues and Resolution while troubleshooting Secure Remote Services (continued)

Issue

● Unauthorized user

● Error occurred while communicating to DRM

Service

Resolution these Secure Remote Services registration errors.

Point of Contact

Device mismatch

● Serial number may not be associated with the correct

Site ID

● Serial number may not be added in Secure Remote

Services Device Extract

Appliance, Protection Storage,

Protection Software, Reporting and Analytics registration failure.

● Verify that the Site ID is added in the Secure Remote

Services Gateway.

● Verify the SWID from license activation notification email.

● Verify and request for Serial

Number (SWID), Site ID (Ship to Party/Reg ID from SO), and SWID part number (item number).

● Devices may be registered under a different Site ID.

Verify from the Device

Extract page and update the

Site IDs in the customer

Secure Remote Services

Gateway accordingly.

● If the ACM server.log

file has an entry for the error that occurred while communicating with the DRM

Service, restart the services on the customer Secure

Remote Services Gateway

Server.

● If the ACM server.log

file has an entry with the error message Failed to register device: SSL peer certificate or

SSH remote key was not OK , ensure that the exact gateway hostname used during gateway deployment is used in this command also.

Secure Remote Services Support.

Secure Remote Services Support or chat with

Licensing Team.

Re-registering theSecure Remote Services and updating the Appliance

Serial Number

The following are some of the cases where re-registration of the Appliance Serial Number is required:

Case 1

Incorrect Appliance Serial Number is registered with Secure Remote Services

Case 2

A dummy serial number was set on the appliance during the installation, but not registered with Secure Remote Services

32 Install and Configure the Integrated Data Protection Appliance for DP4400

High-level steps to resolve Case 1 and Case 2

1. Get the correct Appliance Serial Number for re-registration.

2. Unregister the Appliance if it is already registered with the Secure Remote Services.

3. Set the correct Appliance Serial Number on the Appliance.

4. Register or re-register the Appliance with the Secure Remote Services once again.

Files that are required to be edited to re-register the Appliance

● esrsconfigstatus.xml

- This file contains the status of the Secure Remote Services registration configuration for the

Protection Storage, Protection Software, Reporting and Analytics and the Appliance components. This file is read to check the status of the Secure Remote Services registration when a request to configure Secure Remote Services is received.

● selskuconfig.xml

- This file contains the Serial ID for the appliance. This file is read when the request to configure the

Secure Remote Services for the appliance is received.

○ If you encounter the serial number mismatch in the selskuconfig.xml

file, then contact Licensing Escalation Team through chat.

● solutionId.xml

- This file also contains the Appliance Serial Number.

Performing high-level tasks

1. Get the correct Appliance Serial Number for re-registration.

For Case 1, contact Support.

For Case 2, the correct Appliance Serial Number can be obtained from the sales order.

2. Unregister the Appliance if it is already registered with Secure Remote Services.

● a. Login to the customer Secure Remote Services Gateway.

b. Click the Device tab and click Manage Device .

c. Select the checkbox for the model with the corresponding incorrect Appliance Serial Number that you want to unregister d. Click the Remove button.

3. Contact the Secure Remote Services Support to approve the Pending Delete status of the device on the Secure Remote

Services ServiceLink Server ( https://servicelink.emc.com

).

4. Set the correct Appliance Serial Number on the appliance.

a. Connect to the ACM using SSH.

b. Open the /usr/local/dataprotection/var/configmgr/server_data/config/esrsconfigstatus.xml

file.

c. Remove the product tag from the esrsconfigstatus.xml

file. An example of the esrsconfigstatus.xml

file has been provided below

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<EsrsConfigStatus>

<isAcmRegistered>true</isAcmRegistered>

<isComponentRegistered>false</isComponentRegistered>

<isDdRegistered>false</isDdRegistered>

<isDpaRegistetred>false</isDpaRegistetred>

<product>

<productName>ACM</productName>

<ipAddress>10.241.180.37</ipAddress>

<serialNumber>DPAPPLIANCEDEV09-ACM</serialNumber>

<deviceKey>uKsnjbSc7zjmrK5G4Wpe4xszfGkYPNc0EOTqKQTpnK9A0QrGj8DPTOFV6a7Ejc7m1Zb1KnzIC qXzrdUaR1kTAEsp58ZU+6jXEjy+zMYI3e2FJ1TKPdtbrhC0O8pZbwJ60mCTUMr4Q9T9Lo0DHGDQM0kgGw6uC

57Ab/ULG8ougWqJpKVEZtNtYqntEequSnt53qtXAkLuUtk3g1WP</deviceKey>

</product>

</EsrsConfigStatus> d. Change the value of the isAcmRegistered parameter to false if it is true . An example of the isAcmRegistered parameter has been provided below

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<EsrsConfigStatus>

Install and Configure the Integrated Data Protection Appliance for DP4400 33

<isAcmRegistered>true</isAcmRegistered>

<isComponentRegistered>false</isComponentRegistered>

<isDdRegistered>false</isDdRegistered>

<isDpaRegistetred>false</isDpaRegistetred>

</EsrsConfigStatus> e. Open the /usr/local/dataprotection/var/configmgr/server_data/skuconfig/selskuconfig.xml

file. An example has been provided below

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<VCEDPA>

<Model Name="Integrated Data Protection Appliance" Version="4400S">

<SerialID>IDP00180200001</SerialID>

<singleNetworkIpCount>10</singleNetworkIpCount>

<MultipleNetworkIpCount>

<managementNetworkIpCount>0</managementNetworkIpCount>

<backupNetworkIpCount>0</backupNetworkIpCount>

...

f. Update the SerialID parameter with the new ACM Serial Number. An example has been provided below

<SerialID>IDP00180200001</SerialID> g. Open the /usr/local/dataprotection/var/configmgr/server_data/config/solutionId.xml

file. An example has been provided below.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<SolutionIdentifier>

<solutionName>Integrated Data Protection Appliance</solutionName>

<solutionSerialNumber>IDP00180200001</solutionSerialNumber>

<components>

...

h. Update the solutionSerialNumber parameter with the new Appliance Serial Number. An example has been provided below.

<solutionSerialNumber>IDP00180200001</solutionSerialNumber> i.

Run the rm command to delete the following file.

/usr/local/dataprotection/var/configmgr/server_data/config/

DataProtectionConfiguration.pdf

DataProtectionConfiguration.pdf

/usr/local/dataprotection/var/configmgr/server_data/config/

DataProtectionConfiguration.xml

j.

Use the Refresh button on theACM ACM Dashboard to reflect these changes.

5. Re-register the Appliance with Secure Remote Services. You can now re-register the Appliance from the ACM Dashboard.

Once Secure Remote Services registration is done successfully, Support staff and the users get notifications related to critical and fatal events or errors on the Appliance through the Connectivity Lifecycle Management ( https://clm.isus.emc.com/clmdashboard/dashboard/index.jsp

).

Adding Site IDs to Secure Remote Services Gateway

Adding Site IDs to the Secure Remote Services Gateway is no longer required for Secure Remote Services Gateway version 3.34

and above.

For Secure Remote Services Gateway version 3.34 and above, your account address is assigned to the Site ID, so that you can use the specified user account address during Secure Remote Services registration, without having to add the Site ID in the

Secure Remote Services Gateway.

34 Install and Configure the Integrated Data Protection Appliance for DP4400

Errors encountered if the user account address is not assigned to the Site ID are as follows:

● User un-authorized .

● Error occurred while communicating to DRM Service.

Open an IT incident in SNOW to request assistance on the above Secure Remote Services registration errors.

For users with Secure Remote Services Gateway version 3.34 and below, perform the following steps to connect and add Site

IDs to the Secure Remote Services Gateway:

1. Connect to the customer Secure Remote Services Gateway by navigating to https:// srs_gateway_ip_address :9443/ .

2. Log in using your Secure Remote Services Gateway username and password.

If you encounter any of the following issues:

● Customer Secure Remote Services Gateway not reachable by IP and/or hostname - Customer environment network issue

Verify that the customer Secure Remote Services Gateway hostname is registered in the DNS forward and reverse lookup zones. Ensure ping and nslookup are successful and valid. The point of contact for this issue is Customer environment IT Team/Secure Remote Services Support.

● SRS Gateway connection denied - Incorrect credentials

Login directly to support portal to validate credentials. Wait for the SSO token rollover if you are using a token for authorization between login/registration attempts. Point of Contact for this issue is IDPA/SRS Support Team.

3. Verify the status of the services running on the Secure Remote Services Gateway by clicking on the Dashboard > Service

Status tab and verify the status of the services running on the Secure Remote Services Gateway system.

4. Ensure network connectivity from the Secure Remote Services Gateway to all the required Dell EMC Servers by clicking on the Configuration > Network Check > Run Test .

Add SiteID to Secure Remote Services

Add site IDs to the Secure Remote Services gateway host.

Steps

1. From the Devices menu, select Manage Device .

The following figure shows the Secure Remote Services console and the Devices menu.

Figure 12. Secure Remote Services Devices menu

2. Click the Add SiteID button.

NOTE: Do not add the Site ID without customer’s permission.

Install and Configure the Integrated Data Protection Appliance for DP4400 35

Figure 13. Secure Remote Services Add SiteID window

3. In the Secure Remote Services Add SiteID window, type the Site ID , and then click OK .

If you encounter any issues, see below where common issues and their resolutions are documented.

● The Site ID already exists, please enter another Site ID or The Site ID is invalid.

Please contact your local EMC representative or The specified Site ID is not a valid site Number .

Verify if a valid Site ID is entered. You can find the Site ID in the (Ship to Party/Reg ID from SO). The Point of Contact for this issue is the Accounts Team.

Required Serial IDs for Integrated Data Protection Appliance, Protection

Storage, Protection Software and Reporting and Analytics

The Serial ID that is required on the Secure Remote Services configuration window for the Appliance, Protection Storage,

Protection Software and Reporting and Analytics components, is referred as follows:

● Activation Serial Number - In the Dell EMC software license activation notification email, under the Software IDs section, or the Locking ID that is listed at the beginning of the email.

● SWID or LOCKING_ID - In the component product license files.

1. Get the Activation Serial Numbers for the Appliance, Protection Storage, Protection StorageProtection Software and

Reporting and Analytics components from the Software IDs section of the Dell EMC software license activation notification email.

The following table lists the input for the Serial ID field in the Secure Remote Services configuration window:

Table 13. Secure Remote ServicesSerial ID Fields

Component

DP4400 model

Protection Storage(DP4400 model)

Protection Software/Protection Software

Reporting and Analytics

Software ID / Serial Number

Locking ID (auto-populated)

Locking ID (auto-populated)

Software ID (auto-populated)

Software ID (auto-populated)

If you encounter any issues such as Dell EMC software license activation notification email is not readily available with the customer :

● Secure Remote Services registration can be performed later after the appliance is configured from the ACM Dashboard.

● The Software IDs (SWID) and Locking IDs for the Appliance, Protection Storage, Protection Software, and Reporting and

Analytics components can be found in the corresponding component license files.

● The serial number for the Appliance (DP4400) can be found in the selskuconfig.xml file. More information about this file is provided later in this document.

● The Point of Contact for this issue is the Licensing Escalation Team.

36 Install and Configure the Integrated Data Protection Appliance for DP4400

Additionally, for Protection Storage, where the DP4400 models have an instance of Protection Storage instead of a physical Protection Storage, the Instance software-id is used for Secure Remote Services registration. An example is provided below:

# system show serialno detailed

Serial number: IDP00180200004

System software-id: ELMDDV0218XCG5

Instance software-id: ELMDDV04199S11

...

In the DP4400 model, for Protection Storage, the auto-populated Serial Number displayed in the Serial ID field is the same as the Locking_ID of the Appliance when configuring Secure Remote Services for Protection Storage.

However, the Instance ID obtained from the above command is what will be used for Secure Remote Services registration and can be verified from the Device Extract DB after the Secure Remote Services registration is successful.

Install the IDPA post-installation patch on

DataProtection-ACM

Perform the following steps to install a postinstallation patch:

Prerequisites

NOTE: Failing to update the firmware before running the software upgrade workflow (installing the preinstallation or postinstallation patches) causes loss of capability of receiving hardware fault alerts on the ACM.

You must go through the readme file available along with this postinstallation patch to verify if there are any preinstallation tasks that you must perform before applying this postinstallation patch.

Steps

1. Identify the current version of your IDPA by running the following command:.

# rpm -qa | grep dataprotection

2. Go to https://www.dell.com/support/home/en-in/product-support/product/integrated-data-protection-appliance/drivers to see if any postinstallation patches are available for your version of IDPA. If any postinstallation patch is available, download it to your local folder.

3. Extract the contents of this ( Idpa_post_update_ N.N.N

.

nnnnnn .zip

file.

This zip file contains the Idpa_post_update_N.N.N.nnnnnn.tar.gz

patch and an associated ReadMe.txt

file.

Where:

N.N.N

is the latest postinstallation patch version.

nnnnnn is the build number.

4. Copy the Idpa_post_update_ N.N.N

.

nnnnnn .tar.gz

file to /data01/upgrade location on the ACM.

NOTE: Ensure that only the postinstallation patch file exists in this folder and no other packages exist. If there are any other install files in this folder, you must delete them before installing the patch.

5. Ensure that you have the executable permission for the install package that you copied to the /data01/upgrade directory. If you do not have the executable permission, run the chmod 644 Idpa_post_update _< version.build

number > .tar.gz

command to obtain the permission.

6. Log in to the ACM and click the Upgrade tab.

The latest upgrade package file is automatically detected and is displayed in Upgrade Binary Location .

7. Click Extract .

The browser redirects to https://<acm_configured_public_ip>:9443 with a changed port number.

NOTE: The validation process takes approximately 15 minutes, and the ACM can time out while waiting. To resume the session, you must log in once again.

The system validates the following:

● VLAN status

Install and Configure the Integrated Data Protection Appliance for DP4400 37

○ Validates if it can connect to all 3 Hypervisor servers

○ Validates the number of Storage Pool clusters

○ Validates if the Storage Pool datastore is greater than 16.2 TB.

● Validates the connection to all components.

● Validates the license status.

● Validates if Protection Software services are running.

● Validates to ensure that no backup jobs are running on Protection Software.

● Validates if the DD capacity used is less than 85%.

● Protection Software checkpoint validation

● Storage Pool requirements:

○ Checks for inaccessible Storage Pool objects or virtual machines.

○ Checks if the Storage Pool cluster requires a disk data rebalance.

○ Checks if a component rebuilding task is in progress in the Storage Pool cluster.

○ Checks for sufficient disk space requirements (30%).

● Hypervisor upgrade prerequisites:

○ Requires valid connection points to all the required Hypervisor servers.

○ Requires that the applicable Hypervisor servers are in maintenance mode.

○ Requires that the Hypervisor Manager version is higher than Hypervisor version. In case, there is a major upgrade to

Hypervisor Manager, then the private IP address of the Hypervisor Manager, 192.168.100.108 should not be in use.

NOTE: The private IP address of the Hypervisor Manager, 192.168.100.108, is only required temporarily during the upgrade process.

A table displays the current version, new version, and type (for example, major, patch) of each component for which an upgrade is available.

If the validation is not successful, check the errors that are displayed when you hover over the exclamation mark. Resolve all the errors and then click Extract .

8. Click Upgrade , type the ACM password, and click Authenticate .

9. To start the upgrade, click Yes .

The upgrade process starts.

NOTE: The upgrade process can take five to six hours, during which all activity on the IDPA must be quiesced. The system is not accessible during parts of the upgrade.

WARNING: If the upgrade process is still running, do not shut down/reboot the ACM or restart the

dataprotection_webapp

service. For some reason, if you have shut down/rebooted the ACM or restarted the

dataprotection_webapp

service while the upgrade process is still running, and if you are unable to see the progress of the upgrade after the ACM is rebooted, then contact a technical support professional.

The Upgrade Progress displays the following:

● The ACM upgrade progress bar with the progress percentage and description of the upgrade step in progress

● Individual component upgrade progress bar with progress percentage and description of the upgrade step in progress

10. After all the components are upgraded successfully and the overall IDPA upgrade progress bar shows 100%, click Finish .

11. Click OK on the Upgrade Finish window.

NOTE: After the upgrade is complete, there can be a scenario where Protection Software is in maintenance mode andthe jobs cannot be run then. After Protection Software comes out of the maintenance mode, the jobs are run.

NOTE: After the upgrade is complete, acknowledge the notification Event Connect EMC notification failed on the

Protection Software Administrator. This notification is generated during upgrade when the MC service is disconnected.

NOTE: After the upgrade is complete, there is a warning on Hypervisor Manager about a potential vulnerable issue that is described in CVE-2018-3646. Integrated Data Protection Appliance uses the Hypervisor version which has the fix for this vulnerability, however this fix is not enabled by default as it has severe performance impact. See the Integrated

Data Protection Appliance Security Configuration Guide for more information.

NOTE: If you have NDMP Accelerator nodes added to IDPA, you must manually upgrade the NDMP accelerator nodes.

To upgrade NDMP accelerator nodes, see the Upgrading the accelerator software section in the Dell EMC Avamar

NDMP Accelerator for Dell EMC NAS Systems User Guide .

38 Install and Configure the Integrated Data Protection Appliance for DP4400

The dashboard with all the products and their upgraded versions are displayed along with the newly configured ACM.

If the upgrade for any component fails, then the upgrade process is stopped until you troubleshoot and resolve the failure.

However, if there are any noncritical warnings, the upgrade process continues. These warnings must be resolved once the upgrade process is completed.

Install and Configure the Integrated Data Protection Appliance for DP4400 39

advertisement

Related manuals

advertisement

Table of contents