Integrating Symantec NetBackup with Data Domain · PDF fileIntegrating Symantec NetBackup with Data Domain Secure Multi-Tenancy Version 1.0 White Paper H13514 REV 01

Integrating Symantec NetBackupwith Data Domain Secure Multi-TenancyVersion 1.0

White PaperH13514

REV 01

Copyright © 2014 EMC Corporation. All rights reserved. Published in USA.

Published October, 2014

EMC believes the information in this publication is accurate as of its publication date. The information is subject to changewithout notice.

The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind withrespect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for aparticular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicablesoftware license.

EMC², EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and othercountries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date regulatory document for your product line, go to EMC Online Support (https://support.emc.com).

EMC CorporationHopkinton, Massachusetts 01748-91031-508-435-1000 In North America 1-866-464-7381www.EMC.com

2 Integrating Symantec NetBackup with Data Domain Secure Multi-Tenancy 1.0 White Paper

Executive Summary 5

Why you should take the time to read this paper............................................. 6Audience.........................................................................................................6Overview......................................................................................................... 6

Secure multi-tenancy......................................................................... 7NetBackup and SMT...........................................................................8

SMT for Data Domain systems and NetBackup.................................................8Replication....................................................................................................10

Terminology 11

Data Domain terminology..............................................................................12NetBackup terminology................................................................................. 13

Planning 15

Host naming guidelines.................................................................................16Tenant units.................................................................................................. 16Network planning..........................................................................................17

DD Boost..........................................................................................17NetBackup....................................................................................... 17

Storage capacity planning............................................................................. 17Stream quota planning..................................................................................19

Configuring a new multi-tenant Data Domain system 23

Creating the tenant-unit................................................................................ 24Creating tenant user accounts....................................................................... 24Configuring DD Boost ................................................................................... 26Registering the Data Domain system and add the DD Boost user credentials inNetBackup.................................................................................................... 30Creating a disk pool...................................................................................... 31Creating a storage unit.................................................................................. 33Creating a backup policy and enabling replication.........................................34

Upgrading to a Multi-tenant Data Domain system 39

Creating the tenant-unit................................................................................ 40Creating tenant user accounts....................................................................... 40Configuring DD Boost.................................................................................... 42Creating a backup policy and enabling replication.........................................46

Conclusion 51

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

CONTENTS

Integrating Symantec NetBackup with Data Domain Secure Multi-Tenancy 1.0 White Paper 3

CONTENTS


CHAPTER 1

Executive Summary

l Why you should take the time to read this paper..................................................... 6l Audience.................................................................................................................6l Overview................................................................................................................. 6l SMT for Data Domain systems and NetBackup.........................................................8l Replication............................................................................................................10

Executive Summary 5

Why you should take the time to read this paperProvide data path isolation by tenantSecure logical data path isolation for each tenant by department or customer on a sharedData Domain system.

Enable Data Protection-as-a-Service with protection storageImprove operational efficiency for the provider while enhancing the tenant experience.

Enable NetBackup to function in a SMT environmentImprove operational efficiency and integrate into an existing backup framework.

Reduce service requests timeReduce bottlenecks to customer service requests through tenant self-service.

Reduce backup storage costsProvide efficient utilization of Data Domain system resources.

Manage Data Domain system resources per tenantEnable the Data Domain Admin to control the amount of storage capacity used andstream counts per tenant.

AudienceThis paper is intended for EMC customers, EMC sales, EMC systems engineers, EMCpartners, and anyone else who is interested in learning more about the differentiatingtechnology and all of the unique advantages that Data Domain systems can provide foryour backup and archive data.

OverviewThis white paper discusses Data Domain systems technology leadership, differentiation,and why this matters to you.

Data Domain system in a secure multi-tenancy environment has the following features:

l Enables Enterprises to deliver protection storage-as-a-service in private cloudenvironments.

l Enables Service Providers to deliver protection storage-as-a-service in hybrid orpublic cloud environments.

l Supports multiple cloud models for storage protection:

n Local Backup, or Backup-as-a-service for hosted applications

n Replicated Backup, or DR-as-a-service

n Remote Backup, or Backup-as-a-service over WAN

Executive Summary


The following table summarizes the supported cloud models.

Table 1 Cloud models enabled by secure multi-tenancy

Cloud Model Large Enterprise(Private Cloud)

Service Providers(Public/Hybrid Cloud)

Local Backup Example:

Local backup for multiplebusiness units

Example:

Hosted Applicationsincluding BaaS

Replicated Backup Example:

Remote offices with localbackup

Example:

Disaster Recovery-as-a-service

Remote Backup Example:

Remote offices withoutlocal backup

Example:

Backup-as-a-service overWAN

The Why Secure Multi-tenancy with Data Domain Systems white paper provides moreinformation about the business value of using multi-tenancy with Data Domain systems.

The purpose of this paper is to explore the technical and financial reasons as to why DataDomain systems are ideal for backup and archive operations in a secure multiple tenantenvironment, and how to apply the advantages of using Data Domain systems in aSymantec Netbackup environment.

Secure multi-tenancyMulti-tenancy refers to the hosting of an IT infrastructure by an internal IT department orby an external service provider for more than one concurrent consumer or workload.

Secure multi-tenancy (SMT) has three main elements:

l Secure isolation. SMT provides logical isolation at the administrative and data pathlevels, which provides support for the following actions between different tenants onthe same system:

n Data Domain system sharing

n Secure access

l Multi-tenant Management. SMT provides the Data Domain Admin with a wizard thatcreates and provisions tenant-units with MTrees or Storage Units, and assigns tenantusers to the tenant units.

l Multi-tenant Reporting. SMT allows providers to monitor alerts and report on differentmetrics on a per tenant basis. For example, logical capacity, historical streamsperformance, and replication statistics.

Executive Summary

Secure multi-tenancy 7

https://www.emc.com/collateral/white-papers/h12937-why-data-domain-secure-multi-tenancy-wp.pdf

NetBackup and SMTEMC Data Domain Boost (DD Boost) for OpenStorage enables media servers tocommunicate with storage systems without the need for Data Domain storage systems toemulate tape.

DD Boost for OpenStorage has two components:

l An OST plug-in that you install on each media server. This plug-in includes the DDBoost libraries, which integrates with the DD Boost server that runs on the DataDomain system.

l The DD Boost server that runs on Data Domain systems.

You must install the OST plug-in on each media server. If a master server is alsoconfigured as a media server, then you must install the OST plug-in on the master/mediaserver.

The Data Domain Boost 3.0 Administration Guide describes how to install the OST plug-in.

SMT for Data Domain systems and NetBackupData Domain systems that run DDOS 5.5 or later support SMT. The EMC implementationof SMT for Data Domain systems improves cost efficiency by providing you with the abilityto securely isolate many tenants and workloads on a shared system. This implementationprovides each tenant with the same visibility, isolation, and control that they would havewith their own stand-alone Data Domain systems.

Based on the way that SMT works with storage units and tenant units, NetBackupseamlessly supports SMT with Data Domain systems. The NetBackup application is notaware of SMT but the application is aware of multiple storage units.This functionalityprovides the following benefits:

l Deployment of all NetBackup protection work flows, such as:

n Comprehensive application protection and replication management

n As-a-service model with logical isolation

n Multi-tenant-management

n Tenant level reporting on the hardware side

l Consolidation of multiple tenant data on a single Data Domain system.

l Logical path isolation of the NetBackup backup data on a single Data Domain systemwhen you configure Data Domain devices with different DD Boost users and storageunits.

l Integration between DD Boost components in the NetBackup software and in the DDBoost logical storage devices on Data Domain systems.

The following diagram illustrates a NetBackup environment without SMT.

Executive Summary


Figure 1 NetBackup without SMT

This configuration requires three different physical Data Domain systems, which leads toinefficient use of capacity, power, space and cooling resources. When you enable SMT inthe environment, you consolidate the three physical Data Domain systems into a singlesystem and create individual tenants. The following diagram illustrates a NetBackupenvironment that uses SMT on the Data Domain system.

Figure 2 NetBackup with SMT

Executive Summary

SMT for Data Domain systems and NetBackup 9

ReplicationThe DD Boost software enables applications to control the Data Domain Replicatorsoftware. Data Domain Replicator allows NetBackup to use network-efficient Data Domainreplication technology to copy the data from one Data Domain system to a second DataDomain system.

Replication requires 99% less bandwidth than a backup operation, which dramaticallyreduces the time and WAN bandwidth needed to create multiple copies of backups fordisk consolidation or disaster recovery purposes. Replication also reduces resourceusage on the application server because the data is not in the data path when thereplication process creates duplicate copies of the backup.

NetBackup controls the replication of data between multiple Data Domain systems, andprovides backup administrators with a single application that can:

l Manage and track all backups and duplicate copies.

l Create disaster recovery copies of backups over the WAN using Data DomainReplicator software.

l Track all copies of a backup in the NetBackup catalog for easy recovery.

l Manage individual retention periods for each copy of a backup, which results in amore flexible disaster recovery deployment.

When you leverage network-efficient Data Domain replication, DD Boost eliminates theneed for tape-based backup and recovery procedures at remote sites. As a result, you candeploy Data Domain systems with DD Boost software as the key foundational elements ofa multi-site tape consolidation strategy.

Note

Other OpenStorage devices do not use Data Domain directory replication at the storage-unit level because the replica images are read-only and not known by the OpenStorageapplication. Data Domain collection replication, which replicates the entire OpenStoragestored data of one Data Domain system to another Data Domain system also becomesread-only on the destination Data Domain system and the OpenStorage application isunaware of the data.

Executive Summary


CHAPTER 2

Terminology

l Data Domain terminology...................................................................................... 12l NetBackup terminology......................................................................................... 13

Terminology 11

Data Domain terminologyData Domain hostname

Identifies the Data Domain system. EMC recommends that you:

l Use the assigned fully-qualified hostname.

l When possible, avoid creating secondary host names to associate with alternateIP interfaces.

Data Domain AdminA user role that has full control to configure and monitor the entire Data Domainsystem.

Multi-tenancyThe hosting of an IT infrastructure by an internal IT department or an external serviceprovider for more than one consumer or workload at the same time.

TenantA consumer, for example a business unit, department, or customer, who maintains apersistent presence in a hosted environment.

Tenant unitThe basic unit of a multi-tenancy configuration. A tenant unit is a secure, isolatedpartition for a tenant-specific data and control flow within a Data Domain system.

Tenant UserA new user role created for secure multi-tenancy that has privileges to monitor andreport on only the assigned tenant units.

Tenant AdminA new user role created for secure multi-tenancy that has privileges to monitor,report, and perform limited modifications of the assigned tenant units. A TenantAdmin has more privileges than a Tenant User.

Storage UnitA Logical unit of disk storage on a Data Domain system that is associated with aNetBackup storage unit.

DDBoost UserA DD OS user that backup applications use to connect to the Data Domain system.You must configure these credentials on each backup server that connects to thissystem. When you specify a DD Boost user name on a Data Domain system, you canselect an existing DD OS username, or you can create a new DD OS user then makethat user name a DD Boost User. DD OS 5.5 and later supports the creation ofmultiple DD Boost users.

Data deduplicationA type of data compression that removes duplicate information to dramaticallyreduce the amount of backup data sent to the storage devices and to reduce thebandwidth required to transport the backup data.

Managed Trees (Mtree)A logical partition of the namespace in a Data Domain 5.0 and later file system thatyou can use to group a set of files together for management purposes. Also referredto as storage units.

Terminology


IfgroupA private network configured on the Data Domain system, which consists of multiplenetwork interfaces that are logically designated as a single group IP address. Theifgroup provides dynamic load balancing, fault tolerance within the group, andbetter network bandwidth usage than traditional network aggregation.

Managed File Replication (MFR)MFR provides optimized duplication of data between two Data Domain systems. Youconfigure MFR in an SLP.

NetBackup terminologyOpen Storage (OST)An intelligent disk storage option that provides API level integration with third party diskvendors and enables disk backups without tape emulation. EMC recommends that youuse the OST Storage Unit type configuration instead of the Basic Disk Storage Unit typefor the following reasons:

l Better ease of use.

l OST Storage Lifecycle Policy (SLP), which manages the movement and lifecycle ofbackup copies between storage units.

l Backup configurations to OST Storage Units with SLP support optimized duplication.

The Symantec NetBackup Administrator's Guide provides detailed information about how toconfigure SLP. The Symantec NetBackup OpenStorage Solutions Guide providesconfiguration instructions.

Master serverThe host on the network that runs the NetBackup software, contains the NetBackupdatabase, and manages NetBackup clients and media servers.

Media serverThe host on the network that manages NetBackup client backup and restores to the DataDomain system. The master server can function as a media server.

Storage serverThe host on the network that manages the disks that the NetBackup software uses tobackup and restore data.

Storage Lifecycle Policy (SLP)A plan or map that specifies:

l The storage units that will receive the backup data.

l The storage units that will receive the deduplicated data.

l The length of time that the storage unit will store the data.

You can configure all Storage Unit types except Basic Disk in an SLP. Multiple backuppolicies can reuse an SLP, so a change to an SLP is easily propagated.

Auto image replication (AIR)A feature that uses SLPs to replicate backup copies and the associated metadata toanother master server. The primary purpose of AIR is to create off-site copies of missioncritical backups to protect against site loss.

The duplication operation starts as soon as the backup completes at the primary site andthe duplicates copy is available at the disaster recovery site as soon as the duplicationoperation completes.

Terminology

NetBackup terminology 13

Note

AIR is not intended to extend the storage capacity of a backup domain or to provide day-to-day data recoveries.

AIR works by duplicating backups from a disk pool in the source domain to a disk pool inthe target domain. The replication operation requires two SLPs, one in the source domainand one in the target domain, both of which must have the same name. The SLP in thesource domain is associated with the backup policy and controls the writing of backupand the subsequent duplication to the target domain. The SLP in the target domain is notassociated with a backup policy. An alerting mechanism starts the SLP when a new image(duplicated from the source domain) is detected. This SLP runs the process to add theinformation about the backup to the target domain and you can also configure the SLP toduplicate the backup to other storage locations in the target domain.

An AIR backup image is different than a normal NetBackup backup image because afterthe backup completes, the image database information associated with the backup (thepart of the NetBackup catalog that lists what the backup actually contains) is appendedto the end of the backup image before it is duplicated to the target domain. When a newbackup is detected in the target domain, this information is read from the backup andused to populate the NetBackup catalog in the target domain. This information onlyexists in the source domain copies and the initial copy in the target domain. Allsubsequent duplicate copies created in the target domain do not include thisinformation.

NetBackup Storage UnitThe device that receives and stores backup data. The Data Domain system supports thefollowing types of Storage Units:

l Disk Storage Units:

n Basic Disk, which uses an NFS file system or CIFS share on the Data Domainsystem.

n OpenStorage, which uses a special plug-in on the backup server. OpenStoragerequires a DD Boost license on the Data Domain system.

l Network Data Management Protocol (NDMP) Storage Units, which support backupsfrom NDMP-enabled Network Attached Storage (NAS) filers to a Data Domain systemthat is configured as a Virtual Tape Library (VTL).

l Media Manager Storage Units, where the Data Domain system is a VTL that emulatesa physical tape library and is connected directly to the backup server.

Disk poolsA collection of disk volumes that NetBackup administers as single entities. Disk poolscorrespond to storage units.

Terminology


CHAPTER 3

Planning

l Host naming guidelines.........................................................................................16l Tenant units.......................................................................................................... 16l Network planning.................................................................................................. 17l Storage capacity planning..................................................................................... 17l Stream quota planning..........................................................................................19

Planning 15

Host naming guidelinesReview this section for information about host, device, and NetBackup resource namingrecommendations. Examples of NetBackup resources include media servers, pools, andvolume labels. The network environment has an impact on hostname resolution methodsand you need to follow the manufacturer recommendations.

Use the following guidelines to create consistent, easy to identify host names, devicenames, and resource names that improve the configuration, report generation, andtroubleshooting experience in the DD Boost environment:

l Create hostnames that are unique across all NetBackup data zones. Use names thatidentify the network role, such as administration, backup, or production. A name canalso include a location or a server name.

l Associate a single hostname with each NIC, IP, or FC interface within the sameNetBackup data zone.

l Use short, easy-to-identify, descriptive names instead of IP addresses or fullyqualified name strings for media servers. Long names may not fit into some views.

l With the exception of pool resource names and hostnames, use standardalphanumeric characters, including dot (.), hyphen (-), and underscore (_), with nospaces and no special characters. Do not use an underscore (_) in pool resourcenames and hostnames.

l Use a consistent format for the text field length and text case up to a maximum of 50characters. Include leading zeros when you specify numbers.

l Avoid the use of dates. Dates can change or become meaningless in the future.

l Avoid the use of IP addresses. IP addresses are harder to identify and troubleshootthan hostnames.

l Use operating system tools, such as nslookup to confirm that you can consistentlyand correctly resolves all names and IP addresses for each NetBackup host and DataDomain system in the data zone. For example, ensure that you can resolve the shortname to IP address, long name to IP address, IP address to short name, and IPaddress to long name.

l Use a local hosts file to help diagnose and resolve naming issues. You can use thenet hosts add command on the Data Domain system to add hosts to the /etc/hosts file.

Tenant unitsA tenant unit is a logical partition of a Data Domain system that serves as the unit ofadministrative isolation between tenants. Before you create tenant units, it is importantto have a strategy in place.

Typically you associate one tenant unit with a single customer. A tenant can have tenantunits on multiple Data Domain systems for the same tenant. To group data differentlywithin a tenant unit, create multiple storage units. A tenant unit can contain many storageunits, but you can only associate a storage unit with a single tenant unit. When youdeploy tenant units, consider resource availability from a capacity perspective as well asa backup stream perspective. If you put too many tenants on a single Data Domainsystem, you can overwhelm the Data Domain system and cause backups to miss requiredSLAs. Use the quota abilities available in Data Domain systems to provision or allocate

Planning


and monitor resources from both a stream and capacity perspective, as described later inthis paper.

Network planningReview this section before you deploy NetBackup with Data Domain SMT to help you planinfrastructure support.

DD BoostDD Boost devices support data transport over both Fiber Channel (FC) and Ethernet IPnetwork connections for data backup and data recovery operations.

To use FC connectivity for DD Boost devices with SMT, the environment requires:

l NetBackup 7.6 or later

l DD OS 5.5 or later

l FC deployed as a SAN

DD Boost devices do not distinguish TCP/IP network types (LAN, WAN, or MAN) and cansuccessfully operate where packet loss is strictly 0% and latency is less than 5 ms.

NetBackupThe NetBackup server requires Ethernet IP connections to communicate with all hostsinvolved in DD Boost operations and to move data during NetBackup replicationoperations.

Backups over a WANBackup configuration is the same in a WAN and LAN when you back up clients over theWAN, however there are characteristics of the WAN that are important to note.

NetBackup support for DD Boost devices does not distinguish network types (LAN, WAN,or MAN) and can successfully operate when packet loss is strictly 0% and latency is lessthan 20 milliseconds.

In a WAN environment, EMC recommends that you use:

l NetBackup Accelerator with the Data Domain system to avoid sending large amountsof redundant data across the WAN link.

l QoS features, like stream quotas on the Data Domain system.

l ifgroups to provide as many interfaces as possible to service the backup requests.

Storage capacity planningAs a Data Domain admin, when you leverage SMT on a Data Domain system, you candefine the amount of storage allocated to specific tenants and monitor the amount ofavailable storage space. SMT uses two management units for capacity quotas: MTreesand DDBoost storage units.

You can define two types of storage capacity quotas:

l Soft limits: When the amount of available storage reaches a soft limit quota, the DataDomain system triggers an alert that lets the administrator know that the storage unithas reached the maximum allocated storage limit. The Data Domain system clearsthe alert after the amount of available storage drops below the soft limit.

Planning

Network planning 17

l Hard limits: When the amount of available storage reaches a hard limit quota, theData Domain system will not allow backup or replication operations to write any datato the system until the used storage space is less than the specified hard limit quota.Backup and replication operations will fail.

In a Multi-Tenant environment, to prevent one tenant from consuming adisproportionately high amount of storage space on a Data Domain system, EMCrecommends that you define soft and hard limits on a storage unit. Use the ddbooststorage-unit create command to apply a capacity quota when you create thestorage unit. Use the ddboost storage-unit modify command or the quotacapacity command to apply a capacity quota after you create the storage unit.

To set the capacity quota limits for a storage unit, first enable quota capacity and thenuse the quota capacity set command:

1. To enable quota capacity, type: quota capacity enable.

2. To set capacity quotas:

l For storage units, type:

quota capacity set storage-units storage_unit soft-limit soft_limit_size hard-limit hard_limit_size

For example, to set the capacity quota limits for a storage unit namedstorage_unit1, type:

quota capacity set storage-units storage-unit1 soft-limit 30 GiB hard-limit 50 GiB

l For Mtrees, type:

quota capacity set mtrees path soft-limit soft_limit_size hard-limit hard_limit_size

For example, to set the capacity quota limits for an MTree with a files ystemlocation of /data/col1/mtree1, type:

quota capacity set mtrees /data/col1/mtree1 soft-limit 30GiB hard-limit 50 GiB

To display the capacity quotas assigned to a tenant unit, use the quota capacityshow command.

For example:

quota capacity show tenant-unit tenant_unit_name

The following output provides an example of how to view the capacity quotas assigned tostorage units and MTrees within a tenant-unit named tenant-unit1.

netbackup@dd660-4# quota capacity show tenant-unit tenant-unit1Tenant-unit: tenant-unit1Mtree Pre-Comp (MiB) Soft-Limit (MiB) Hard-Limit (MiB)------------------------ -------------- ---------------- ----------------/data/col1/storage-unit1 0 100000 1000000000------------------------ -------------- ---------------- ----------------

Planning


Note

Be careful when you use SMT with NetBackup and DD Boost for capacity management.The DD Boost API attempts to convert the soft limit to a hard limit by dividing the soft limitby the deduplication ration. You may need to adjust soft quota limits when thededuplication ration changes.

Stream quota planningDDOS 5.5 and later allows the Data Domain Admin to set soft quota limits for DD Booststreams on each storage unit. Soft quota limits allow the Data Domain Admin to monitorwhen a storage unit for a tenant exceeds the expected maximum number of streams.

The number of DD Boost streams on a Data Domain system is a limited resource thatdefines the capability of a tenant to backup or replicate data to another Data Domainsystem. A Data Domain Admin can generate reports for active or historical DD Booststreams usage for each tenant unit. These reports enable the Data Domain Admin andTenant Users to assess performance issues and to plan resource usage.

When the number of active streams reaches the soft limit quota, the Data Domain systemtriggers an alert that lets the administrator know that the storage unit has reached themaximum number of streams. The Data Domain system clears the alert after the numberof streams consumed drops below the soft limit.

You can apply four types of stream quotas:l Write-stream-soft-limit. The maximum number of streams that write operations can

use to write to a specified storage unit.l Read-stream-soft-limit. The maximum number of streams that read operations can

use to read from a specified storage unit.l Repl-stream-soft-limit. The maximum number of streams that replication operations

can use, to replicate to or from a specified storage unit.l Combined-stream-soft-limit. The maximum total number of write, read and replication

streams that a specified storage unit can use.You can set the soft limit value for any single stream quota up to the highest number ofstreams that the Data Domain system supports. When you set the combined-stream-soft-limit quota, ensure that you set a value that is equal to or higher than the highest valueset for the write, read or replication stream quota.

To configure stream soft limits on a storage unit, use the quota streams setcommand:

quota streams set storage-units storage_unit_name write-stream-soft-limit value1 repl-stream-soft-limit value2 combined-stream-soft-limit value3

For example, to set the quota stream limits to a storage unit named storage-unit1, type:

quota streams set storage-units storage-unit1 write-stream-soft-limit2 repl-stream-soft-limit 2 combined-stream-soft-limit 5To view the stream soft limits set for a storage unit and the maximum stream limits for theData Domain system, use the quota streams show command.

The following output provides an example of how to view the soft limits for all of thestorage units on a Data Domain system.

netbackup@dd660-4# quota streams show allStorage Unit Write Streams Read Streams Repl Streams Combined Streams

Planning

Stream quota planning 19

Soft-Limit Soft-Limit Soft-Limit Soft-Limit -------------- ------------- ------------ ------------ ----------------storage-unit1 10 3 10 10 -------------- ------------- ------------ ------------ ----------------DD System Stream Limits: write=90 read=30 repl-in=90 repl-out=90 combined=90

To validate the number of active streams for a storage unit, use the ddboost streamsshow active command, which provides you with a point-in-time picture of the activestreams by stream type for a storage unit. The following output provides an example ofthis command.

netbackup@dd660-4# ddboost streams show activeName Read Write Repl-out Repl-in Read Write Repl Combined Tenant-Unit Streams Streams Streams Streams Limit Limit Limit Limit-------------- ------- ------- -------- ------- ----- ----- ----- -------- ------------storage-unit1 0 0 0 0 2 3 - - tenant-unit1------------- ------- ------- -------- ------- ----- ----- ----- -------- ------------DD System Stream Limits: read=30 write=90 repl-in=90 repl-out=90 combined=90

To display historical information about the number of streams consumed by a specifictenant unit or storage unit, use the ddboost streams show history command.The output of this command provides you with the ability to:

l View when an SMT tenant may have exceeded a quota.

l Determine if the number of streams in use may have an impact on the performance ofthe Data Domain system.

The following output provides an example of this command for tenant-unit tenant-unit1:

netbackup@dd660-4# ddboost streams show history tenant-unit tenant-unit1INTERVAL: 10 mins"-" indicates that the data is not available for the intervals

Storage-Unit: "storage-unit1", Tenant Unit: "tenant-unit1"Date Time read write repl-out repl-inYYYY/MM/DD HH:MM streams streams streams streams----------------- ------- ------- --------- --------2014/07/17 13:00 0 0 0 02014/07/17 13:10 1 4 0 02014/07/17 13:20 0 0 1 02014/07/17 13:30 2 0 0 0

In addition to setting the stream soft limits on the Data Domain system, you should alsoset limits within the NetBackup configuration. In the NBU Console, on the Change DiskPool window, set the number of I/O streams per volume, to ensure that a single tenantdoes not exceed the allowable number of streams. The following figure provides anexample of the Change Disk Pool window.

Planning


Figure 3 Change Disk Pool window

Planning

Stream quota planning 21

Planning


CHAPTER 4

Configuring a new multi-tenant Data Domainsystem

Use the information in this chapter to configure muti-tenancy with NetBackup and a newData Domain system that runs DDOS 5.5 or later.

l Creating the tenant-unit........................................................................................ 24l Creating tenant user accounts............................................................................... 24l Configuring DD Boost ........................................................................................... 26l Registering the Data Domain system and add the DD Boost user credentials in

NetBackup............................................................................................................ 30l Creating a disk pool.............................................................................................. 31l Creating a storage unit.......................................................................................... 33l Creating a backup policy and enabling replication.................................................34

Configuring a new multi-tenant Data Domain system 23

Creating the tenant-unitEnable SMT, then create one empty tenant-unit for each tenant.

Before you begin

Perform the following steps on the Data Domain system with a Data Domain Adminaccount.

Procedure

1. Use the smt enable command to enable SMT.

For example:

netbackup@dd660-4# smt enableSMT enabled.

2. Use the smt tenant-unit create command to create the tenant-unit:

For example:

smt tenant-unit create tenant_unit_name

The following output provides an example of how to create a new tenant unit calledtenant-unit1.

netbackup@dd660-4# smt tenant-unit create tenant-unit1Tenant-unit "tenant-unit1" created.

Creating tenant user accountsMultiple roles with different privilege levels combine to provide administrative isolationon a multi-tenant Data Domain system. Tenant self-service enables the two mainpersonas and roles: Tenant Admin and Tenant User. Users with these roles can only run asubset of management operations on the tenant-unit management objects. The subset ofoperations are deemed useful for the Tenant Admin and Tenant User users, and are safefrom an overall Multi-Tenant environment perspective.

You can control which tenant-units and the related management objects that the userscan manage.

Note

You only use tenant-units from a management perspective, you will never write datadirectly to a tenant-unit. Backup operations write data to the storage unit, which belongsto the tenant-unit.

Procedure

1. Use the user add command or the Create User option in the Data DomainAdmin GUI to create two Data Domain users with a role of none.

Note

If you assign the users to a role other than none, then you cannot assign these usersas a tenant admin or tenant user.

user add user_acct role none

Configuring a new multi-tenant Data Domain system


The following output provides an example of how to create the two user accounts,tenant-admin1 and tenant-user1 from a command prompt.

netbackup@dd660-4# user add tenant-admin1 role none Enter new password: Re-enter new password:Passwords matched.User "tenant-admin1" added.netbackup@dd660-4# user add tenant-user1 role none Enter new password: Re-enter new password:Passwords matched.User "tenant-user1" added.

2. Assign one user to the tenant-admin role and one user to the tenant-user role for therequired tenant-unit.

For example:

smt tenant-unit management-user assign username tenant-unit tenant_unit_name role tenant-admin

The following output provides an example of how to assign the tenant-admin role touser tenant-admin1, and the tenant-user role to the user tenant-user1 for a tenant unitnamed tenant-unit1.

netbackup@dd660-4# smt tenant-unit management-user assign tenant-admin1 tenant-unit tenant-unit1 role tenant-adminManagement user "tenant-admin1" is assigned to tenant-unit "tenant-unit1" as "tenant-admin".netbackup@dd660-4# smt tenant-unit management-user assign tenant-user1 tenant-unit tenant-unit1 role tenant-userManagement user "tenant-user1" is assigned to tenant-unit "tenant-unit1" as "tenant-user".

The users can now use the ssh command to log in to the Data Domain system andwill only see the tenant units to which they were assigned.

3. Enable self-service on the tenant unit.

For example:

smt tenant-unit option set tenant_unit_name self-service enabled

The following output provides an example of how to enable self-service on a tenant-unit called tenant-unit1.

netbackup@dd660-4# smt tenant-unit option set tenant-unit1 self-service enabledTenant self-service enabled for tenant-unit "tenant-unit1".

Note

If you do not enable self-service, the tenant-users can only run the user command.

To determine the commands that a tenant-user is allowed to run, use the help option.The following output provides an example of a tenant user account that uses the helpoption when self-service is not enabled on the tenant-unit.


Creating tenant user accounts 25

tenant-user1@dd660-4> ?

Help is available on the following topics:

user

Type "help <topic>" to view help for the given topic.

Type "help <keyword>" to search the commands for a specific keyword.For example, "help timezone" shows all commands relating to timezones.

The following output provides an example of a tenant user account that uses the helpoption when self-service is enabled on the tenant-unit. The user has all of the tenant-user privileged commands available



alerts mtree snapshot ddboost quota system filesys smt user



4. Use the dd boost user option command to set the default tenant unit for theddboost user. This ensures that the Data Domain system will assign the newly createdstorage units to the specified tenant unit for the ddboost user.

For example:

ddboost user option set username default-tenant-unit tenant_unit_name

The following output provides an example of how to set tenant unit tenant-unit1 as thedefault tenant-unit for the ddboost user tenant1-boost.

netbackup@dd660-4# ddboost user option set tenant1-boost default-tenant-unit tenant-unit1

Default-tenant-unit is set to "tenant-unit1" for user "tenant1-boost".

Configuring DD BoostBefore you can deploy a tenant-unit, you must create the DD Boost user account.NetBackup and SMT use the DD Boost user to establish and maintain a connectionbetween NetBackup and the Data Domain system. This user account is different from thetenant-admin or tenant-user accounts. After you create the DD Boost user, create the DDBoost storage-unit for the tenant, and then specify the DD Boost user as the owner of thestorage-unit. You can create the DD Boost user account from the command line or fromthe Data Domain Enterprise Manager (DDEM).

Before you begin




Procedure

1. Use the user add command to create the DD Boost user account and assign apassword.

For example:

user add username password password role none

The following output provides an example of how to create a new user with the nametenant1-boost.

netbackup@dd660-4# user add tenant1-boost password abc123 role noneUser "tenant1-boost" added.

2. Use the ddboost user assign command to assign the user account to DD Boost.

For example:

ddboost user assign username

The following output provides an example of how to assign the user tenant1-boost toDD Boost.

netbackup@dd660-4# ddboost user assign tenant1-boostUser "tenant1-boost" assigned to DD Boost.

3. Use the dd boost user option command to set the default tenant unit for theDD Boost user. This ensures that the Data Domain system will assign the newlycreated storage units to the specified tenant unit for the DD Boost user.

For example:


The following output provides an example of how to set the tenant-unittenant-unit1 asthe default tenant-unit for the DD Boost user tenant1-boost.

netbackup@dd660-4# ddboost user option set tenant1-boost default-tenant-unit tenant-unit1Default-tenant-unit is set to "tenant-unit1" for user "tenant1-boost".

4. Use the ddboost storage-unit create command to create the storage unit,add the storage unit to the tenant-unit, and assign the DD Boost user as the owner ofthe storage unit.

For example:

ddboost storage-unit create storage_unit_name user DDboost_user tenant-unit tenant_unit_name

The following output provides an example of how to create a new storage unit calledstorage-unit1, which is assigned to the DD Boost user tenant1-boost and added totenant-unit tenant-unit1.

netbackup@dd660-4# ddboost storage-unit create storage-unit1 user tenant1-boost tenant-unit tenant-unit1Created storage-unit "storage-unit1" for "tenant1-boost".

5. Use the mtree modify command to specify the tenant-unit for each Mtree thatbelongs to a tenant.


Configuring DD Boost 27

For example:

mtree modify path tenant-unit tenant_unit_name

The following output provides an example of how to assign an Mtree with a datapath /data/col1/mtree1 to a tenant-unit named tenant-unit1:

netbackup @dd660-4# mtree modify /data/col1/mtree1 tenant-unit tenant-unit1

6. Use the ddboost option set command to enable distributed segmentprocessing.

For example:

netbackup@dd660-4# ddboost option set distributed-segment-processing enabledDD Boost option "distributed-segment-processing" set to enabled.



7. Optionally, use the smt tenant-unit show detailed all command todisplay a detailed summary of the tenant unit configuration on the Data Domainsystem. The following output provides an example of the summary information for atenant-unit named tenant-unit1:

netbackup@dd660-4# smt tenant-unit show detailed tenant-unit1Tenant-unit: "tenant-unit1" Summary: Name Tenant Number of Pre-Comp Self-service Mtrees (GiB) ------------ ------------ --------- -------- tenant-unit1 Enabled 1 0.0 ------------ ------------ --------- --------

Management-User: User Role ------------- ------------ tenant-admin1 tenant-admin tenant-user1 tenant-user ------------- ------------

Management-Group: No management-groups.

DDBoost: Name Pre-Comp (GiB) Status User Tenant-Unit ------------- -------------- ------ ------------- ------------ storage-unit1 0.0 RW tenant1-boost tenant-unit1 ------------- -------------- ------ ------------- ------------ Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination

Getting users with default-tenant-unit tenant-unit1 DD Boost user Default tenant-unit ------------- ------------------- tenant1-boost tenant-unit1 ------------- -------------------

Mtrees: Name Pre-Comp (GiB) Status Tenant-Unit ------------------------ -------------- ------ ------------ /data/col1/storage-unit1 0.0 RW tenant-unit1 ------------------------ -------------- ------ ------------ D : Deleted Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination RLGE : Retention-Lock Governance Enabled RLGD : Retention-Lock Governance Disabled RLCE : Retention-Lock Compliance Enabled

Quota: Tenant-unit: tenant-unit1 Mtree Pre-Comp (MiB) Soft-Limit (MiB) Hard-Limit (MiB) ------------------------ -------------- ---------------- ---------------- /data/col1/storage-unit1 0 none none ------------------------ -------------- ---------------- ----------------

Alerts: No notification lists. No such active alerts.



8. Optionally, use the ddboost storage-unit show command to display summaryinformation about the storage unit.

The following output provides an example of summary information for a storage unitcalled storage-unit1:

netbackup@dd660-4# ddboost storage-unit show storage-unit1Name Pre-Comp (GiB) Status User Tenant-Unit------------- -------------- ------ ------------- ------------storage-unit1 0.0 RW tenant1-boost tenant-unit1------------- -------------- ------ ------------- ------------ Q : Quota Defined RO : Read Only RW : Read Write RD : Replication DestinationStorage-unit storage-unit1 does not contain any files.

9. Optionally, configure an alert notification group list, which contains the email addressof tenant administrator(s).

a. Use the use the alerts notify-list create command to create adistribution list. For example: alerts notify-list create new_group_nametenant-unit tenant_unit_name

b. Use the alerts notify-list add command to add email addresses to thedistribution list. For example: alerts notify-list add new_group_nameemails [email protected], [email protected]

Note

When you configure alert notifications, tenant administrators will receive emailnotifications under the following conditions:

l When a storage unit reaches the defined hard capacity quota limit.

l When a storage unit exceeds the defined soft capacity quota limit.

l When a storage unit exceeds a defined soft stream limit.

l When a Data Domain system outage occurs.

Registering the Data Domain system and add the DD Boost usercredentials in NetBackup

Register the Data Domain system on the NBU Master server, and then add the DD Boostuser credentials.

Before you begin

Configure the storage units, SMT tenant units, and DD Boost users on the Data Domainsystems.

Perform the following steps on each media server, for each Data Domain system in thebackup configuration.

Procedure

1. To register the Data Domain system, type one of the following commands:



l For DD Boost-over-IP, type:

nbdevconfig -creatests -stype DataDomain -storage_server data_domain_host_name -media_server media-server-name

l For DD Boost-over-FC, type:

nbdevconfig -creatests -stype DataDomain -storage_server DFC-data_domain_host_name -media_server media-server-name

2. To store the DD Boost user credentials, you can use the NBU Console or from the CLI.

For example, to use the CLI, type on of the following commands:

l For DD Boost-over-IP, type:

tpconfig -add -storage_server data_domain_host_name -stype DataDomain -sts_user_id dd-boost-user -password dd-boost-password

l For DD Boost-over-FC, type:

tpconfig -add -storage_server DFC- data_domain_host_name -stype DataDomain -sts_user_id dd-boost-user -password dd-boost-password

Results

The backup application server performs the following actions:

l Saves the credentials, which enables the media server to log in to the Data Domainsystem.

l Configures the media server as a data mover that can transfer data between theprimary storage (the NetBackup client) and the storage server (the Data Domainsystem). The NetBackup software maintains the access path between the mediaserver and the storage server.

Creating a disk poolUse the NBU Console or the CLI to create a new disk pool.

To use the NBU Console, perform the following steps.

Procedure

1. Click Disk Pools and then select New.

The following figure provides and example of the NBU Console.


Creating a disk pool 31

Figure 4 Creating a new disk pool

The Disk Pool Configuration Wizard appears.

2. Use the wizard to configure the new disk pool. Ensure that you perform the followingactions:

l Select the OpenStorage (DataDomain) pool type.

l Specify the correct Data Domain system for the storage server.

l Specify a unique disk pool name.

The following figure provides an example of the Disk Pool Configuration Wizard Summarywindow.



Figure 5 Disk Pool Configuration Wizard Summary window

Creating a storage unitUse the CLI or NBU Console to create a storage unit, then assign the disk pool to thestorage unit. You can group multiple storage units into a Storage Unit Group.

To use the NBU Console, perform the following steps.

Procedure

1. Right-click Storage Unit and then select New Storage Unit.

The following figure provides an example of the Storage Units menu.

Figure 6 Creating a new Storage Unit

2. In the New Storage Unit properties window, perform the following tasks:


Creating a storage unit 33

a. In the Storage Unit Name field, specify a unique name for the new storage unit.

b. From the Storage Unit type drop-down, select Disk.

c. From the Disk Type drop-down, select OpenStorage (DataDomain).

d. From the Storage unit configured for drop-down, select Backup.

e. From the Select Disk Pool drop-down, select the disk pools that you created in Creating a disk_pool on page 31.

f. Click Ok.

The following figure provides an example of the New Storage Unit properties window.

Figure 7 New Storage Unit properties window

Creating a backup policy and enabling replicationBefore you perform an initial setup of backups, you must create a backup policy.

The backup policy contains information about which clients to backup, the target locationfor the backup data, the frequency of the backup, and when NetBackup should back up



the system. The NetBackup Administration Guide describes how to create and configure abackup policy.To setup a SLP, perform the following steps in the NBU Console:

Procedure

1. Right-click Storage Lifecycle Policies, and then select New Storage Lifecycle Policy.

The following figure provides an example of the New Storage Lifecycle Policy option.Figure 8 Creating a new storage lifecycle policy

2. In the New Storage Lifecycle Policy window, perform the following steps to create apolicy for the backup operation:

a. In the Storage lifecycle policy name field, specify a unique name for the policy.

b. In the Data classification field, select the data classification.

c. Select Add.

d. In the Operation field, select Backup.

e. Select the storage system to receive the backup data.

f. Specify how long to retain the data.

For the local backup, you can choose a shorter retention time.

g. Click Ok.

The following figure provides an example of the New Storage Lifecycle Policy windowafter you create the backup SLP.


Creating a backup policy and enabling replication 35

Figure 9 New backup SLP

3. In the New Storage Lifecycle Policy window, perform the following steps to create apolicy for the replication operation:



c. Select Add.

d. In the Operation field, select Deduplication.

e. Select a the storage system to receive the replicated data.


For duplicated data, select a longer period of time.

g. Optionally, to delay the replication of data until the source data is about to expire,select the Postpone creation of this copy until the source copy is about to expireoption.

h. Optionally, specify the replication window.

i. Click Ok.

The following figure provides an example of the New Storage Lifecycle Policy windowafter you create the replication SLP.



Figure 10 New replication SLP

4. Validate that the backup policy is leveraging the correct SLP.

The following figure provides an example of the SLP.

Figure 11 Validating SLP





CHAPTER 5

Upgrading to a Multi-tenant Data Domain system

Use the information in this chapter to upgrade an existing Data Domain system that runsDDOS 5.5 or later to a muti-tenant configuration and NetBackup.

l Creating the tenant-unit........................................................................................ 40l Creating tenant user accounts............................................................................... 40l Configuring DD Boost............................................................................................ 42l Creating a backup policy and enabling replication.................................................46

Upgrading to a Multi-tenant Data Domain system 39

Creating the tenant-unitEnable SMT, then create one empty tenant-unit for each tenant.

Before you begin


Procedure

1. Use the smt enable command to enable SMT.

For example:

netbackup@dd660-4# smt enableSMT enabled.

2. Use the smt tenant-unit create command to create the tenant-unit:

For example:

smt tenant-unit create tenant_unit_name

The following output provides an example of how to create a new tenant unit calledtenant-unit1.

netbackup@dd660-4# smt tenant-unit create tenant-unit1Tenant-unit "tenant-unit1" created.

Creating tenant user accountsMultiple roles with different privilege levels combine to provide administrative isolationon a multi-tenant Data Domain system. Tenant self-service enables the two mainpersonas and roles: Tenant Admin and Tenant User. Users with these roles can only run asubset of management operations on the tenant-unit management objects. The subset ofoperations are deemed useful for the Tenant Admin and Tenant User users, and are safefrom an overall Multi-Tenant environment perspective.

You can control which tenant-units and the related management objects that the userscan manage.

Note

You only use tenant-units from a management perspective, you will never write datadirectly to a tenant-unit. Backup operations write data to the storage unit, which belongsto the tenant-unit.

Procedure

1. Use the user add command or the Create User option in the Data DomainAdmin GUI to create two Data Domain users with a role of none.

Note

If you assign the users to a role other than none, then you cannot assign these usersas a tenant admin or tenant user.

user add user_acct role none



The following output provides an example of how to create the two user accounts,tenant-admin1 and tenant-user1 from a command prompt.

netbackup@dd660-4# user add tenant-admin1 role none Enter new password: Re-enter new password:Passwords matched.User "tenant-admin1" added.netbackup@dd660-4# user add tenant-user1 role none Enter new password: Re-enter new password:Passwords matched.User "tenant-user1" added.

2. Assign one user to the tenant-admin role and one user to the tenant-user role for therequired tenant-unit.

For example:

smt tenant-unit management-user assign username tenant-unit tenant_unit_name role tenant-admin

The following output provides an example of how to assign the tenant-admin role touser tenant-admin1, and the tenant-user role to the user tenant-user1 for a tenant unitnamed tenant-unit1.

netbackup@dd660-4# smt tenant-unit management-user assign tenant-admin1 tenant-unit tenant-unit1 role tenant-adminManagement user "tenant-admin1" is assigned to tenant-unit "tenant-unit1" as "tenant-admin".netbackup@dd660-4# smt tenant-unit management-user assign tenant-user1 tenant-unit tenant-unit1 role tenant-userManagement user "tenant-user1" is assigned to tenant-unit "tenant-unit1" as "tenant-user".

The users can now use the ssh command to log in to the Data Domain system andwill only see the tenant units to which they were assigned.

3. Enable self-service on the tenant unit.

For example:

smt tenant-unit option set tenant_unit_name self-service enabled

The following output provides an example of how to enable self-service on a tenant-unit called tenant-unit1.

netbackup@dd660-4# smt tenant-unit option set tenant-unit1 self-service enabledTenant self-service enabled for tenant-unit "tenant-unit1".

Note

If you do not enable self-service, the tenant-users can only run the user command.

To determine the commands that a tenant-user is allowed to run, use the help option.The following output provides an example of a tenant user account that uses the helpoption when self-service is not enabled on the tenant-unit.


Creating tenant user accounts 41



user



The following output provides an example of a tenant user account that uses the helpoption when self-service is enabled on the tenant-unit. The user has all of the tenant-user privileged commands available



alerts mtree snapshot ddboost quota system filesys smt user



4. Use the dd boost user option command to set the default tenant unit for theddboost user. This ensures that the Data Domain system will assign the newly createdstorage units to the specified tenant unit for the ddboost user.

For example:


The following output provides an example of how to set tenant unit tenant-unit1 as thedefault tenant-unit for the ddboost user tenant1-boost.

netbackup@dd660-4# ddboost user option set tenant1-boost default-tenant-unit tenant-unit1

Default-tenant-unit is set to "tenant-unit1" for user "tenant1-boost".

Configuring DD BoostBefore you can deploy a tenant-unit, you must create the DD Boost user account.NetBackup and SMT use the DD Boost user to establish and maintain a connectionbetween NetBackup and the Data Domain system. This user account is different from thetenant-admin or tenant-user accounts. After you create the DD Boost user, modify the DDBoost storage-unit for the tenant, and then specify the DD Boost user as the owner of thestorage-unit. You can create the DD Boost user account from the command line or fromthe Data Domain Enterprise Manager (DDEM).

Before you begin




Procedure

1. Use the user add command to create the DD Boost user account and assign apassword.

For example:

user add username password password role none

The following output provides an example of how to create a new user with the nametenant1-boost.

netbackup@dd660-4# user add tenant1-boost password abc123 role noneUser "tenant1-boost" added.

2. Use the ddboost user assign command to assign the user account to DD Boost.

For example:

ddboost user assign username

The following output provides an example of how to assign the user tenant1-boost toDD Boost.

netbackup@dd660-4# ddboost user assign tenant1-boostUser "tenant1-boost" assigned to DD Boost.

3. Use the dd boost user option command to set the default tenant unit for theDD Boost user. This ensures that the Data Domain system will assign the newlycreated storage units to the specified tenant unit for the DD Boost user.

For example:


The following output provides an example of how to set the tenant-unittenant-unit1 asthe default tenant-unit for the DD Boost user tenant1-boost.

netbackup@dd660-4# ddboost user option set tenant1-boost default-tenant-unit tenant-unit1Default-tenant-unit is set to "tenant-unit1" for user "tenant1-boost".

4. Use the ddboost storage-unit modify command to associate an existingstorage unit with the tenant-unit, and assign the DD Boost user as the owner of thestorage unit.

For example:

ddboost storage-unit modify storage_unit_name user DDboost_user tenant-unit tenant_unit_name

The following output provides an example of how to associate a storage unit calledstorage-unit1 to tenant-unit tenant-unit1, and assign the DD Boost user tenant1-boostto the storage unit.

netbackup@dd660-4# ddboost storage-unit modify storage-unit1 user tenant1-boost tenant-unit tenant-unit1Modified storage-unit "storage-unit1" for "tenant1-boost".

5. Use the mtree modify command to specify the tenant-unit for each Mtree thatbelongs to a tenant.



For example:

mtree modify path tenant-unit tenant_unit_name

The following output provides an example of how to assign an Mtree with a datapath /data/col1/mtree1 to a tenant-unit named tenant-unit1:

netbackup @dd660-4# mtree modify /data/col1/mtree1 tenant-unit tenant-unit1

6. Use the ddboost option set command to enable distributed segmentprocessing.

For example:

netbackup@dd660-4# ddboost option set distributed-segment-processing enabledDD Boost option "distributed-segment-processing" set to enabled.



7. Optionally, use the smt tenant-unit show detailed all command todisplay a detailed summary of the tenant unit configuration on the Data Domainsystem. The following output provides an example of the summary information for atenant-unit named tenant-unit1:

netbackup@dd660-4# smt tenant-unit show detailed tenant-unit1Tenant-unit: "tenant-unit1" Summary: Name Tenant Number of Pre-Comp Self-service Mtrees (GiB) ------------ ------------ --------- -------- tenant-unit1 Enabled 1 0.0 ------------ ------------ --------- --------

Management-User: User Role ------------- ------------ tenant-admin1 tenant-admin tenant-user1 tenant-user ------------- ------------

Management-Group: No management-groups.

DDBoost: Name Pre-Comp (GiB) Status User Tenant-Unit ------------- -------------- ------ ------------- ------------ storage-unit1 0.0 RW tenant1-boost tenant-unit1 ------------- -------------- ------ ------------- ------------ Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination

Getting users with default-tenant-unit tenant-unit1 DD Boost user Default tenant-unit ------------- ------------------- tenant1-boost tenant-unit1 ------------- -------------------

Mtrees: Name Pre-Comp (GiB) Status Tenant-Unit ------------------------ -------------- ------ ------------ /data/col1/storage-unit1 0.0 RW tenant-unit1 ------------------------ -------------- ------ ------------ D : Deleted Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination RLGE : Retention-Lock Governance Enabled RLGD : Retention-Lock Governance Disabled RLCE : Retention-Lock Compliance Enabled

Quota: Tenant-unit: tenant-unit1 Mtree Pre-Comp (MiB) Soft-Limit (MiB) Hard-Limit (MiB) ------------------------ -------------- ---------------- ---------------- /data/col1/storage-unit1 0 none none ------------------------ -------------- ---------------- ----------------

Alerts: No notification lists. No such active alerts.



8. Optionally, use the ddboost storage-unit show command to display summaryinformation about the storage unit.

The following output provides an example of summary information for a storage unitcalled storage-unit1:

netbackup@dd660-4# ddboost storage-unit show storage-unit1Name Pre-Comp (GiB) Status User Tenant-Unit------------- -------------- ------ ------------- ------------storage-unit1 0.0 RW tenant1-boost tenant-unit1------------- -------------- ------ ------------- ------------ Q : Quota Defined RO : Read Only RW : Read Write RD : Replication DestinationStorage-unit storage-unit1 does not contain any files.

9. Optionally, configure an alert notification group list, which contains the email addressof tenant administrator(s).

a. Use the use the alerts notify-list create command to create adistribution list. For example: alerts notify-list create new_group_nametenant-unit tenant_unit_name

b. Use the alerts notify-list add command to add email addresses to thedistribution list. For example: alerts notify-list add new_group_nameemails [email protected], [email protected]

Note

When you configure alert notifications, tenant administrators will receive emailnotifications under the following conditions:

l When a storage unit reaches the defined hard capacity quota limit.

l When a storage unit exceeds the defined soft capacity quota limit.

l When a storage unit exceeds a defined soft stream limit.

l When a Data Domain system outage occurs.

Creating a backup policy and enabling replicationBefore you perform an initial setup of backups, you must create a backup policy.

The backup policy contains information about which clients to backup, the target locationfor the backup data, the frequency of the backup, and when NetBackup should back upthe system. The NetBackup Administration Guide describes how to create and configure abackup policy.To setup a SLP, perform the following steps in the NBU Console:

Procedure

1. Right-click Storage Lifecycle Policies, and then select New Storage Lifecycle Policy.

The following figure provides an example of the New Storage Lifecycle Policy option.



Figure 12 Creating a new storage lifecycle policy

2. In the New Storage Lifecycle Policy window, perform the following steps to create apolicy for the backup operation:



c. Select Add.

d. In the Operation field, select Backup.

e. Select the storage system to receive the backup data.


For the local backup, you can choose a shorter retention time.

g. Click Ok.

The following figure provides an example of the New Storage Lifecycle Policy windowafter you create the backup SLP.

Figure 13 New backup SLP

3. In the New Storage Lifecycle Policy window, perform the following steps to create apolicy for the replication operation:





c. Select Add.

d. In the Operation field, select Deduplication.

e. Select a the storage system to receive the replicated data.


For duplicated data, select a longer period of time.

g. Optionally, to delay the replication of data until the source data is about to expire,select the Postpone creation of this copy until the source copy is about to expireoption.

h. Optionally, specify the replication window.

i. Click Ok.

The following figure provides an example of the New Storage Lifecycle Policy windowafter you create the replication SLP.

Figure 14 New replication SLP

4. Validate that the backup policy is leveraging the correct SLP.

The following figure provides an example of the SLP.



Figure 15 Validating SLP





CHAPTER 6

Conclusion

After you read this paper, you should have a better understanding of how an integrationof SMT and NetBackup into a backup and recovery solution provides companies with theability to consolidate dedicated devices into a single system.

To summarize, the integration of SMT and NetBackup provides you the following benefits:

l Reduces the current backup hardware and software footprint.

l Achieves secure data isolation by tenant on shared Data Domain systems.

l Writes backup data with NetBackup to a secure storage unit.

l Reduces data protection storage costs.

l Provides tenant self-service administration and reporting.

l Gives the provider control over capacity and stream count resources assigned to eachtenant on shared Data Domain systems.

l Enables increased utilization of existing Data Domain assets.

Conclusion 51

Conclusion


Documents

Integrating Symantec NetBackup with Data Domain · PDF fileIntegrating Symantec NetBackup with Data Domain Secure Multi-Tenancy Version 1.0 White Paper H13514 REV 01