- Manuals
- Brands
- Dell
- Data Manager
- PowerProtect
- Administration And User Guide
Dell PowerProtect 19.12 Data Manager Administration And User Guide PDF
en
Summary of Content for Dell PowerProtect 19.12 Data Manager Administration And User Guide PDF
PowerProtect Data Manager 19.12 Administration and User Guide
October 2022 Rev. 01
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
2016 - 2022 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
Preface.........................................................................................................................................................................................8
Chapter 1: Getting Started...........................................................................................................12 Introducing the PowerProtect Data Manager software...........................................................................................12 Supported Internet Protocol versions...........................................................................................................................13 Unsupported file-system modifications........................................................................................................................ 15 References...........................................................................................................................................................................15 Terminology......................................................................................................................................................................... 15 Access the PowerProtect Data Manager UI............................................................................................................... 16
Get Started window.....................................................................................................................................................17 UI tools and options ....................................................................................................................................................18
Export data......................................................................................................................................................................... 22 Exported fields............................................................................................................................................................. 23
Customer feedback...........................................................................................................................................................24 Provide general feedback.......................................................................................................................................... 24
Security configuration......................................................................................................................................................24 Role-based security.................................................................................................................................................... 24
Chapter 2: System Maintenance..................................................................................................26 Deploying and maintaining the health of PowerProtect Data Manager...............................................................26 Deploying and updating PowerProtect Data Manager.............................................................................................26 Licensing PowerProtect Data Manager.......................................................................................................................26
License types................................................................................................................................................................ 27 Add a license................................................................................................................................................................. 27
Specifying the PowerProtect Data Manager host.................................................................................................... 28 Specify a vCenter server as the PowerProtect Data Manager host..............................................................28 vCenter server PowerProtect Data Manager host privileges.......................................................................... 28
Memory optimization........................................................................................................................................................29 Adjust the virtual machine memory.........................................................................................................................29
Restricted mode................................................................................................................................................................ 30 System support..................................................................................................................................................................30
Configuring SupportAssist for PowerProtect Data Manager...........................................................................30 Telemetry Collector ................................................................................................................................................... 34 CloudIQ reporting........................................................................................................................................................ 35 Set up the email server.............................................................................................................................................. 35 Add AutoSupport.........................................................................................................................................................35 Enabling automatic update package checks and downloads............................................................................ 36 Add a log bundle.......................................................................................................................................................... 36 Audit logging and monitoring system activity.......................................................................................................36 Monitor system services and system health.........................................................................................................38 Access the open source software package information....................................................................................39 Security certificates....................................................................................................................................................39
Restarting PowerProtect Data Manager.....................................................................................................................39 System maintenance troubleshooting..........................................................................................................................40
Contents
Contents 3
Chapter 3: Managing Storage...................................................................................................... 41 Protection storage.............................................................................................................................................................41
PowerProtect DD Management Center automatic discovery...........................................................................41 High Availability PowerProtect DD support.......................................................................................................... 42 Smart Scale system pools......................................................................................................................................... 42 Add protection storage.............................................................................................................................................. 45 Edit protection storage.............................................................................................................................................. 46
Storage units...................................................................................................................................................................... 46 Storage unit limitations.............................................................................................................................................. 47 Storage unit considerations for PowerProtect DD............................................................................................. 48 Retention locking.........................................................................................................................................................49 Create a storage unit..................................................................................................................................................49 Edit a storage unit.......................................................................................................................................................50 Delete a storage unit................................................................................................................................................... 51 Working with storage unit passwords.................................................................................................................... 52
Differences in storage system and storage unit space reporting..........................................................................52 Monitoring storage capacity thresholds...................................................................................................................... 52
Chapter 4: Using the PowerProtect Search Engine......................................................................53 Introducing the PowerProtect Search Engine........................................................................................................... 53 Set up and manage indexing...........................................................................................................................................53 Search Engine node deletion..........................................................................................................................................55
Delete operational Search Engine nodes............................................................................................................... 55 Redeploy or delete failed Search Engine nodes...................................................................................................56
Edit the network configuration for a Search Engine node......................................................................................56 Perform a search...............................................................................................................................................................57 Troubleshooting Search Engine issues.........................................................................................................................57
Chapter 5: Managing Assets........................................................................................................62 About asset sources, assets, and storage...................................................................................................................62 About other asset sources..............................................................................................................................................62 Prerequisites for discovering asset sources............................................................................................................... 64
Discovering asset sources in a GCVE environment............................................................................................ 64 Full discovery of application asset sources...........................................................................................................64
Enable an asset source.................................................................................................................................................... 65 Disable an asset source............................................................................................................................................. 65
Delete an asset source.....................................................................................................................................................66 Adding a Cloud Snapshot Manager tenant................................................................................................................. 66
Add a Cloud Snapshot Manager Tenant................................................................................................................66
Chapter 6: Managing Protection Policies.....................................................................................68 Protection policies............................................................................................................................................................ 68 Before you create a protection policy..........................................................................................................................68
Replication triggers..................................................................................................................................................... 72 Adding or editing a protection policy............................................................................................................................ 73
Modify a policy name and description, objectives, or options.......................................................................... 74 Changing storage targets.......................................................................................................................................... 74 Replication to shared protection storage.............................................................................................................. 76
4 Contents
Add or remove assets in a protection policy.........................................................................................................76 Edit the retention period for backup copies..........................................................................................................77
Overview of PowerProtect Data Manager Cloud Tier............................................................................................. 77 Add a Cloud Tier objective to a protection policy................................................................................................78 Manage Cloud Tier asset copies.............................................................................................................................. 79 Restore Cloud Tier backups to protection storage............................................................................................. 79 Recall and restore from Cloud Tier......................................................................................................................... 79
Manual backups of protected assets........................................................................................................................... 80 Manual backups of a single protected asset........................................................................................................ 80
Manual replication of protected assets........................................................................................................................ 81 Manual Cloud Tiering of protected assets.................................................................................................................. 82 Viewing a summary of protection policies...................................................................................................................82
View assets assigned to a protection policy......................................................................................................... 83 View the status of the last-run job of a protection policy................................................................................ 83
Extended retention (for protection policies created in PowerProtect Data Manager 19.11 and earlier)..... 83 Delete backup copies....................................................................................................................................................... 85
Retry a failed backup copy deletion........................................................................................................................86 Export data for deleted backup copies.................................................................................................................. 87 Remove backup copies from the PowerProtect Data Manager database.................................................... 87
Removing expired backup copies.................................................................................................................................. 88 Removing assets from PowerProtect Data Manager...............................................................................................88
Remove assets and associated protection copies.............................................................................................. 89 Run an asset-protection report..................................................................................................................................... 89 Disable a protection policy.............................................................................................................................................. 90
Protection jobs running for a disabled policy........................................................................................................90 Enable a disabled protection policy..........................................................................................................................91 Customize the default behavior of disabled policies........................................................................................... 91
Delete a protection policy................................................................................................................................................ 91 Add a service-level agreement.......................................................................................................................................92 Run a compliance report..................................................................................................................................................94 Protecting client assets after a client hostname change........................................................................................95 ifGroup configuration and PowerProtect Data Manager policies......................................................................... 95
Chapter 7: Restoring Data and Assets..........................................................................................97 View backup copies available for restore.................................................................................................................... 97 Restoring a protection policy......................................................................................................................................... 98 Restore the PowerProtect Data Manager server ....................................................................................................98 Restore Cloud Tier backups to protection storage...................................................................................................99
Recall and restore from Cloud Tier......................................................................................................................... 99
Chapter 8: Preparing for and Recovering From a Disaster...........................................................101 About server disaster recovery.....................................................................................................................................101
Differences between server DR methods............................................................................................................102 System recovery for server DR....................................................................................................................................102
Server DR protection storage types..................................................................................................................... 102 Automatic server DR.................................................................................................................................................103 Prepare the DD system recovery target (NFS)................................................................................................. 103 Manually configure server DR backups................................................................................................................ 104 Record settings for server DR................................................................................................................................105
Contents 5
Manage PowerProtect Data Manager server DR backups............................................................................. 106 Restore PowerProtect Data Manager from server DR backups....................................................................106 Change the IP address or hostname of a DD system........................................................................................ 110 Troubleshooting NFS backup configuration issues............................................................................................ 112 Troubleshoot recovery of PowerProtect Data Manager.................................................................................. 112 Recover a failed PowerProtect Data Manager restore..................................................................................... 112 Disable server DR backups....................................................................................................................................... 113
Quick recovery for server DR........................................................................................................................................113 Quick recovery prerequisites................................................................................................................................... 116 Identifying a remote system.....................................................................................................................................117 Add a remote system for quick recovery.............................................................................................................. 117 Edit a remote system.................................................................................................................................................118 Quick recovery remote view.................................................................................................................................... 118
Overview of PowerProtect Data Manager Cloud Disaster Recovery................................................................. 119
Chapter 9: Managing Alerts, Jobs, and Tasks............................................................................. 120 Configure Alert Notifications........................................................................................................................................ 120 View and manage alerts.................................................................................................................................................. 121 View and manage Audit Logs........................................................................................................................................ 121 Monitoring jobs and tasks..............................................................................................................................................122
Monitor and view jobs and assets..........................................................................................................................122 View details for protection jobs..............................................................................................................................124 View details for asset jobs....................................................................................................................................... 126 View details for system jobs and tasks.................................................................................................................128 Filter, group, and sort jobs.......................................................................................................................................129
Restart a job or task manually....................................................................................................................................... 131 Restart a job or task automatically.............................................................................................................................. 132 Resume misfire jobs after a PowerProtect Data Manager update......................................................................133 Cancel a job or task.........................................................................................................................................................134 Exporting logs...................................................................................................................................................................135
Export logs for jobs................................................................................................................................................... 135 Export logs for assets or tasks............................................................................................................................... 136
Limitations for alerts, jobs, and tasks......................................................................................................................... 136
Chapter 10: Modifying the System Settings............................................................................... 137 System settings................................................................................................................................................................137
Modify the network settings................................................................................................................................... 137 Synchronize time on PowerProtect Data Manager and other systems....................................................... 139 Modify the appliance time zone and NTP server...............................................................................................139 Enable replication encryption..................................................................................................................................140 Backup and restore encryption.............................................................................................................................. 140 Server monitoring with syslog................................................................................................................................ 142 Additional system settings....................................................................................................................................... 143
Modifying the PowerProtect Data Manager virtual machine disk settings....................................................... 144 Modify the data disk size......................................................................................................................................... 144 Modify the system disk size.................................................................................................................................... 145
Configure the DD system.............................................................................................................................................. 145 Virtual networks (VLANs)............................................................................................................................................. 146
Virtual network traffic types................................................................................................................................... 147
6 Contents
Virtual network topologies.......................................................................................................................................149 Supported scenarios................................................................................................................................................. 152 Virtual network prerequisites.................................................................................................................................. 153 Configuring virtual networks...................................................................................................................................153 Virtual network asset assignment..........................................................................................................................157
Syslog server disaster recovery ..................................................................................................................................159 Troubleshooting the syslog connection..................................................................................................................... 159
No messages are transmitted to the syslog server...........................................................................................159
Chapter 11: Managing Reports....................................................................................................160 PowerProtect Data Manager reporting..................................................................................................................... 160 Port requirements........................................................................................................................................................... 160 Server requirements........................................................................................................................................................ 161 Known issues with the reporting engine and Report Browser.............................................................................. 161 Configure and deploy the reporting engine...............................................................................................................162 Updating the reporting engine from version 19.10.................................................................................................. 162 Report Browser................................................................................................................................................................ 163
Backup Jobs Summary............................................................................................................................................. 166 Restore Jobs Summary.............................................................................................................................................167 Replication Jobs Summary...................................................................................................................................... 168 Asset Summary.......................................................................................................................................................... 169 Filter and customize reports................................................................................................................................... 169
Deleting the reporting engine........................................................................................................................................ 171 Managing disaster recovery of the reporting engine...............................................................................................171
Recover the reporting engine from a DR backup............................................................................................... 171
Chapter 12: Configuring and Managing the PowerProtect Agent Service ...................................175 About the PowerProtect agent service..................................................................................................................... 175 Start, stop, or obtain the status of the PowerProtect agent service................................................................ 176 Register the PowerProtect agent service to a different server address...........................................................176 Recovering the PowerProtect agent service from a disaster...............................................................................177
Restore the PowerProtect Data Manager agent service datastore..............................................................177 Troubleshooting agent registration ............................................................................................................................ 178
Appendix A: Glossary of Acronyms ....................................................................................... 180
Glossary..................................................................................................................................... 181
Contents 7
Preface As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.
If a product does not function correctly or does not function as described in this document, contact Customer Support.
NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this document,
go to the Customer Support website.
Product naming Data Domain (DD) is now PowerProtect DD. References to Data Domain or Data Domain systems in this documentation, in the user interface, and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many cases the user interface has not yet been updated to reflect this change.
Language use This document might contain language that is not consistent with Dell Technologies current guidelines. Dell Technologies plans to update the document over subsequent future releases to revise the language accordingly.
This document might contain language from third-party content that is not under Dell Technologies control and is not consistent with the current guidelines for Dell Technologies own content. When such third-party content is updated by the relevant third parties, this document will be revised accordingly.
Acronyms The acronyms used in this document might not be familiar to everyone. Although most acronyms are defined on their first use, a definition is not always provided with later uses of the acronym. For a list of all acronyms and their definitions, see the glossary at the end of the document.
Website links The website links used in this document were valid at publication time. If you find a broken link, provide feedback on the document, and a Dell Technologies employee will update the link in the next release as necessary.
Purpose The Dell PowerProtect Data Manager Administration and User Guide describes how to configure, use, and administer PowerProtect Data Manager software.
Audience This document is intended for the host system administrator who is involved in managing, protecting, and reusing data across the enterprise by deploying PowerProtect Data Manager software.
Revision history The following table presents the revision history of this document.
8 Preface
Table 1. Revision history
Revision Date Description
01 October 25, 2022 Initial release of this document for PowerProtect Data Manager version 19.12.
Compatibility information Software compatibility information for the PowerProtect Data Manager software is provided by the E-Lab Navigator.
Related documentation The following publications are available at Customer Support and provide additional information:
Table 2. Related documentation
Title Content
PowerProtect Data Manager Administration and User Guide Describes how to configure the software.
PowerProtect Data Manager Deployment Guide Describes how to deploy the software.
PowerProtect Data Manager Licensing Guide Describes how to license the software.
PowerProtect Data Manager Release Notes Contains information about new features, known limitations, environment, and system requirements for the software.
PowerProtect Data Manager Security Configuration Guide Contains security information.
PowerProtect Data Manager Amazon Web Services Deployment Guide
Describes how to deploy the software to Amazon Web Services (AWS).
PowerProtect Data Manager Azure Deployment Guide Describes how to deploy the software to Microsoft Azure.
PowerProtect Data Manager Google Cloud Platform Deployment Guide
Describes how to deploy the software to Google Cloud Platform (GCP).
PowerProtect Data Manager Cloud Disaster Recovery Administration and User Guide
Describes how to deploy Cloud Disaster Recovery (Cloud DR), protect virtual machines in the AWS or Azure cloud, and run recovery operations.
PowerProtect Data Manager Cyber Recovery User Guide Describes how to install, update, patch, and uninstall the PowerProtect Cyber Recovery software.
PowerProtect Data Manager File System User Guide Describes how to configure and use the software with the File System agent for file-system data protection.
PowerProtect Data Manager Kubernetes User Guide Describes how to configure and use the software to back up and restore namespaces and PVCs in a Kubernetes cluster.
PowerProtect Data Manager Microsoft Exchange Server User Guide
Describes how to configure and use the software to back up and restore the data in a Microsoft Exchange Server environment.
PowerProtect Data Manager Microsoft SQL Server User Guide
Describes how to configure and use the software to back up and restore the data in a Microsoft SQL Server environment.
PowerProtect Data Manager Oracle RMAN User Guide Describes how to configure and use the software to back up and restore the data in an Oracle Server environment.
PowerProtect Data Manager SAP HANA User Guide Describes how to configure and use the software to back up and restore the data in an SAP HANA Server environment.
PowerProtect Data Manager Storage Direct User Guide Describes how to configure and use the software with the Storage Direct agent to protect data on VMAX storage arrays through snapshot backup technology.
Preface 9
Table 2. Related documentation (continued)
Title Content
PowerProtect Data Manager Network Attached Storage User Guide
Describes how to configure and use the software to protect and recover the data on network-attached storage (NAS) shares and appliances.
PowerProtect Data Manager Virtual Machine User Guide Describes how to configure and use the software to back up and restore virtual machines and virtual machine disks (VMDKs) in a vCenter Server environment.
VMware Cloud Foundation Disaster Recovery With PowerProtect Data Manager
Provides a detailed description of how to perform an end-to- end disaster recovery of a VMware Cloud Foundation (VCF) environment.
PowerProtect Data Manager Public REST API documentation Contains the Dell Technologies APIs and includes tutorials to guide you in their use.
vRealize Automation Data Protection Extension for Data Protection Systems Installation and Administration Guide
Describes how to install, configure, and use the vRealize Data Protection Extension.
Typographical conventions The following type style conventions are used in this document:
Table 3. Style conventions
Formatting Description
Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.
Italic Used for full titles of publications that are referenced in text.
Monospace Used for: System code System output, such as an error message or script Pathnames, file names, file name extensions, prompts, and syntax Commands and options
Monospace italic Used for variables.
Monospace bold Used for user input.
[ ] Square brackets enclose optional values.
| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.
{ } Braces enclose content that the user must specify, such as x, y, or z.
... Ellipses indicate non-essential information that is omitted from the example.
You can use the following resources to find more information about this product, obtain support, and provide feedback.
Where to find product documentation The Customer Support website The Community Network The PowerProtect Data Manager Info Hub
10 Preface
Where to get support The Customer Support website provides access to product licensing, documentation, advisories, downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Customer Support.
To access a product-specific page:
1. Go to the Customer Support website. 2. In the search box, type a product name, and then from the list that appears, select the product.
Support Library The Support Library contains a knowledge base of applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by keyword.
To search the Support Library:
1. Go to the Customer Support website. 2. On the Support tab, click Support Library. 3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by
typing a product name in the search box, and then selecting the product from the list that appears.
Live chat To participate in a live interactive chat with a support agent:
1. Go to the Customer Support website. 2. On the Support tab, click Contact Support. 3. On the Contact Information page, click the relevant support, and then proceed.
Service requests To obtain in-depth help from a support agent, submit a service request. To submit a service request:
1. Go to the Customer Support website. 2. On the Support tab, click Service Requests.
NOTE: To create a service request, you must have a valid support agreement. For details about either an account or
obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the
Service Request Number field, type the service request number, and then click the right arrow.
To review an open service request:
1. Go to the Customer Support website. 2. On the Support tab, click Service Requests. 3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.
Online communities For peer contacts, conversations, and content on product support and solutions, go to the Community Network. Interactively engage with customers, partners, and certified professionals online.
How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPADDocFeedback@dell.com.
Preface 11
Getting Started
Topics:
Introducing the PowerProtect Data Manager software Supported Internet Protocol versions Unsupported file-system modifications References Terminology Access the PowerProtect Data Manager UI Export data Customer feedback Security configuration
Introducing the PowerProtect Data Manager software PowerProtect Data Manager software is an enterprise solution that provides software-defined data protection, deduplication, operational agility, self-service, and IT governance.
PowerProtect Data Manager key features include the following:
Table 4. Key features
Software-defined data protection with integrated deduplication, replication, and reuse
Data backup and recovery self-service operations from native applications that are combined with central IT governance
Multicloud optimization with integrated Cloud Tiering
SaaS-based monitoring and reporting
Modern services-based architecture for ease of deployment, scaling, and updating
PowerProtect Data Manager integrates multiple data-protection products within the Data Protection portfolio to enable data protection as a service, providing the following benefits:
Table 5. Benefits
Enables data-protection teams to create data paths with provisioning, automation, and scheduling to embed protection engines into their data-protection infrastructure for high-performance backup and recovery
Enables backup administrators of large-scale environments to schedule backups for the following asset types from a central location on the PowerProtect Data Manager server: VMware virtual machines File systems VMAX storage groups Kubernetes clusters Microsoft Exchange Server and Microsoft SQL Server databases Oracle databases SAP HANA databases Network-attached storage (NAS) shares
Provides an agent-based approach to automatically discover and protect databases on an application server
Enables self-service and centralized protection by: Monitoring service-level objectives (SLOs) Identifying violations of recovery-point objectives (RPOs)
1
12 Getting Started
Table 5. Benefits (continued)
Supports deploying an external VM Direct appliance that moves data with a VM Direct Engine that is optimized for performing high-capacity backup streams
Comes with a basic embedded VM Direct Engine that has the following functions and capabilities: It is automatically used as a fallback proxy for performing backup and restore operations when an external VM Direct
Engine fails, is disabled, or is unavailable It has a limited capacity for performing backup streams It can work with virtual-machine crash-consistent protection policies that use the Transparent Snapshot Data Mover
(TSDM) protection mechanism It enables the Search Service used by PowerProtect Search
Supports PowerProtect Search, which enables backup administrators to quickly search for and restore VM and NAS file copies
Supports the vRealize Automation DP extension, which enables the automatic provisioning of virtual machines and on-demand backups and restores
Integrates with Cloud Disaster Recovery (Cloud DR), including workflows for Cloud DR deployment, protection, and recovery operations in the AWS and Azure clouds
Integrates with PowerProtect Cloud Snapshot Manager to view PowerProtect Cloud Snapshot Manager jobs, alerts, and reports from a consolidated PowerProtect Data Manager dashboard
Integrates with PowerProtect Cyber Recovery to protect the integrity of a PowerProtect Data Manager environment from cyber threats
Provides a RESTful API interface that allows PowerProtect Data Manager to be monitored, configured, and orchestrated: Existing automation frameworks can be integrated New scripts can be quickly written Easy-to-follow tutorials are provided
Supported Internet Protocol versions PowerProtect Data Manager and its components support IPv4 and IPv6 addresses in certain configurations.
Table 6. Supported configurations
Component Internet Protocol
PowerProtect Data Manager core
IPv4 only or both IPv4 and IPv6
VM Direct and Search IPv4 only or IPv6 only NOTE: Virtual machines that are backed up must use the same protocol that VM Direct uses. Virtual machines can use both IPv4 and IPv6, even though VM Direct cannot.
Application agents integrated with PowerProtect Data Manager:
NOTE: If both IPv4 and IPv6 are configured and the PowerProtect Data Manager FQDN is used, the agent uses IPv6 for network communication.
File System IPv4, IPv6, or both
Microsoft Exchange Server IPv4 only or both IPv4 and IPv6
Microsoft SQL Server (Application Direct)
IPv4, IPv6, or both
Microsoft SQL Server (VM Direct)
IPv4 only or IPv6 only
NOTE: Only the Microsoft SQL Server agent supports VM Direct.
Oracle RMAN IPv4, IPv6, or both
SAP HANA IPv4, IPv6, or both
Storage Direct IPv4 only
Standalone application agents IPv4 only
Getting Started 13
Table 6. Supported configurations (continued)
Component Internet Protocol
Network-attached storage (NAS)
IPv4 only
Kubernetes IPv4 only
PowerProtect Data Manager management
IPv4 or IPv6
PowerProtect DD communication
IPv4 or IPv6
Report Browser IPv4 only
SupportAssist IPv4, IPv6, or both
Syslog Log Server Gateway IPv4 or IPv6
The following limitations and considerations apply.
Communication with components
If PowerProtect Data Manager is configured to only use one protocol, all components it communicates with must also use that protocol. If some components that PowerProtect Data Manager communicates with use IPv4 and others use IPv6, PowerProtect Data Manager must be configured to use both IPv4 and IPv6.
DD systems and DDVE
If a DD system or a DDVE instance uses only IPv6, the required IPv6 interface must be manually selected when a protection policy is added or edited.
Disaster recovery
Recovering a PowerProtect Data Manager server might result in a conflict with protection-policy configurations. For instance, if the recovered server is configured to use only IPv4, a protection policy that is configured to use IPv6 cannot run.
Name resolution
Name resolution and reverse IP lookup must be configured to ensure the following:
Fully qualified domain names of PowerProtect Data Manager, its components, and DD components resolve to a valid IPv4 or IPv6 address.
If both IPv4 and IPv6 addresses are used for DD, both addresses resolve to the same FQDN. All IPv4 and IPv6 addresses are valid and reachable.
Server updates
IPv6 is only supported with new installations. Using IPv6 after updating from PowerProtect Data Manager 19.11 or earlier is unsupported.
Storage Policy Based Management
If using vCenter or ESXi 7.0u2 or earlier with only IPv6, SPBM providers must be added using their PowerProtect Data Manager FQDN.
14 Getting Started
Service Unavailable messages with the vSphere Client PowerProtect plug-in
If vCenter uses the vSphere Client PowerProtect plug-in with IPv6 and the vCenter host is added to PowerProtect Data Manager using its IPv6 address or FQDN, Service Unavailable messages might be seen for the protected virtual machine. Backups and restores of the protected virtual machine are unaffected, and these messages can be ignored.
Uncompressed IPv6 formatting
Network interfaces that exist on a DD 7.4.x or earlier system and that are configured to use an uncompressed IPv6 format cannot be discovered. An example of an uncompressed IPv6 format is 2620:0000:0170:0597:0000:0000:0001:001a. An example of a compressed IPv6 format is 2620:0:170:597::1:1a. To use these network interfaces, reconfigure them to use either an IPv4 address or a compressed IPv6 address, and then initiate a discovery.
Unsupported file-system modifications Files and directories on PowerProtect Data Manager and PowerProtect DD systems should only be modified according to documentation and guidance.
Performing any of the following file-system operations that have not been documented in a product guide or communicated by Customer Support is unsupported:
Adding, removing, editing, or otherwise modifying a file or directory Manually mounting a DD file system with anything other than read-only permissions Altering a file-system procedure Replacing a command in the step of a file-system procedure with a different command
References Some procedures in this document reference other publications for further details.
For a list of PowerProtect Data Manager publications, see "Related documentation" in the preface.
For information about DD Virtual Edition, see the following publications at Customer Support:
Table 7. Related PowerProtect DD Virtual Edition documentation
PowerProtect DD Virtual Edition in VMware Cloud Installation and Administration Guide
PowerProtect DD Virtual Edition in Google Cloud Platform Installation and Administration Guide
PowerProtect DD Virtual Edition on Premise Installation and Administration Guide
PowerProtect DD Virtual Edition in Azure Installation and Administration Guide
PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide
Terminology Familiarize yourself with the terminology for the PowerProtect Data Manager user interface and documentation.
The following table provides more information about names and terms that you should know to use PowerProtect Data Manager:
Getting Started 15
Table 8. Term list
Term Description
Application agent Application agents are installed on application or database host servers to manage protection using PowerProtect Data Manager. These agents are commonly known as DD Boost Enterprise Agents (DDBEAs) for databases and applications.
Application-aware A virtual machine protection policy that includes additional application-aware data protection for Microsoft SQL Servers. An application-aware virtual machine protection policy provides the ability to quiesce the application during virtual machine image backup to perform a full backup of Microsoft SQL Server databases. You can also schedule Microsoft SQL Server log backups for the virtual machines in the policy.
Asset Assets are objects in PowerProtect Data Manager for which you want to manage protection, including virtual machines, databases, and file systems.
Asset source Assets that PowerProtect Data Manager protects reside within asset sources, which include vCenter servers, application or database hosts, and file servers.
Cloud Tier storage Cloud Tier storage can be added to a protection storage system to expand the deduplication storage capacity onto less expensive object storage in public or private object storage clouds, including secure Elastic Cloud Storage appliances.
Copy A PowerProtect Data Manager copy is a point-in-time backup copy of an asset.
Copy Map The PowerProtect Data Manager Copy Map is a visual representation of backup copy locations on your protection storage and is available for all protected assets that have copies.
Discovery Discovery is an internal process that scans asset sources to find new assets to protect and scans infrastructure components to monitor their health and status.
Instant Access PowerProtect Data Manager virtual machine backup copies can be accessed, mounted, and booted directly from the protection storage targets as running virtual machines. This operation is called Instant Access. Copies can also be moved to a production VMware datastore using vMotion. PowerProtect Data Manager Virtual machine application-aware backup copies can be mounted directly from protection storage as running Microsoft SQL Server databases, which includes the ability to roll forward log backups. These Microsoft SQL Server database disks can also be moved to a production VMware datastore using vMotion.
PowerProtect Data Manager agent
An agent that is included in PowerProtect Data Manager and installed on each application agent host server so that you can monitor and manage the application agent through PowerProtect Data Manager.
Protection policy Protection policies configure and manage the entire life cycle of backup data, which includes backup types, assets, backup start and stop times, backup devices, and backup retention.
Service-level agreement (SLA) An optional policy that you can layer on top of a protection policy. An SLA performs additional checks on protection activities to ensure that protection goals meet the standards of an organization. SLAs are made up of one or more service-level objectives.
Service-level objective (SLO) A definable rule that sets the criteria for recovery-point objectives (RPOs), encryption, and the location of backups according to company requirements.
Access the PowerProtect Data Manager UI PowerProtect Data Manager provides a web-based UI that you can use to manage and monitor system features and settings from any location over a network.
Steps
1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:
https://<appliance_hostname> NOTE: You can specify the hostname or the IP address of the appliance.
2. Log in with your username and password.
16 Getting Started
Usernames follow the format user[@domain], where domain is an optional identifier that associates the user with a particular identity provider.
For example: jsmith or administrator@test-lab.
If you do not supply a domain, the authentication service checks the default identity provider. If you supply a domain, the authentication service consults the external identity provider for that domain and determines
whether to allow the login.
NOTE:
If the user interface is left unattended for more than 30 minutes and times out, the login page might display with the
error 503: Unknown Error. If this occurs, dismiss the error and log in again with your username and password.
If you log in with an expired password, reset the password immediately. Clicking Cancel, closing the browser, or
navigating away from the page before changing your password disables your credentials for subsequent logins. If you log
in and receive a prompt to change your password because of outdated login credentials, provide your current password,
a new password, and confirmation of the new password to continue.
When the identity provider validates the credentials, the authentication service issues a user token. The PowerProtect Data Manager UI uses the token information to authorize activities.
Unless you have changed the system configuration, the default identity provider is the local identity provider.
The PowerProtect Data Manager Security Configuration Guide provides more information about the available user roles and their associated permissions. The associated roles for an account determine what parts of the UI a user can see and use, and what operations a user can perform.
If this is your first time accessing the PowerProtect Data Manager UI, an unsigned certificate warning might appear in the web browser.
The security certificate that encrypts communication between the PowerProtect Data Manager UI and the web browser is self-signed. A self-signed certificate is signed by the web server that hosts the secure web page. There is nothing wrong with this certificate. This certificate is sufficient to establish an encrypted channel between the web browser and the server. However, it is not signed by a trusted authority.
The Get Started window appears with configuration options that are required on first deployment. To skip this window and go right to the Dashboard, click Launch.
From the Dashboard window:
The left pane provides links to the available menu items. Expand a menu item for more options. The icons in the PowerProtect Data Manager banner provide additional options.
Get Started window
The Get Started window provides configuration options that are required when the PowerProtect Data Manager system is first deployed. This window continues to display by default each time you log in until you click Launch.
You can access the Get Started window at any time, or view any getting started options that have yet to be configured, by
clicking , and then selecting Getting Started.
The Get Started window enables you to configure or edit the following menu items:
Table 9. PowerProtect Data Manager Get Started menu items
Options Description
License Launches the License window, which prompts you to add a license file to PowerProtect Data Manager. Once a license is uploaded, you can view license details, such as capacity usage and software ID.
Support Launches the Support window, which enables you to configure SupportAssist, AutoSupport, and set up the email server for application notifications and messages.
Assets Launches the Asset Sources window, where you can enable any of the asset source types that PowerProtect Data Manager supports. After enabling an asset source, you can add and register the source for the protection of assets.
Getting Started 17
Table 9. PowerProtect Data Manager Get Started menu items (continued)
Options Description
Storage Launches the Add Storage window, where you can add a PowerProtect DD System or PowerProtect DD Management Center as protection storage for primary backup and replicated copies.
UI tools and options
Learn about the tools, windows, and banner options available in the PowerProtect Data Manager UI.
Dashboard
The Dashboard is visible when you log in to the PowerProtect Data Manager UI, and can be accessed from the left navigation pane. This window provides a high-level view of the overall state of the PowerProtect Data Manager system through six widgets. The following table describes each widget.
Figure 1. Dashboard widgets
Table 10. PowerProtect Data Manager Dashboard
Dashboard widget Description
Jobs | Protection
Jobs | Restore
Jobs | System
Jobs | Asset Level
This widget provides a color-coded status of backup, restore, and system jobs that are in progress or have been performed in PowerProtect Data Manager over a specified period. Jobs | Protection displays by default, showing jobs performed over the last 24 hours.
Click the three vertical dots at the top of the widget to:
Select Protection, Restore, System or Asset Level to switch the jobs view in the widget.
Choose the time period for the jobs that you want to view (last 24 hours, last 3 days, last 7 days, or all). Once a time period is selected, the widget updates to display only jobs performed within that time period.
Click a color in the chart to view details about jobs with a specific status, or click the links next to each status. This will open the appropriate Jobs window, which is filtered to display the jobs that match the selected status and time period. From this window, you can manage jobs, view more details, and search jobs.
Assets | Count and Assets | Size
Details in this widget include the number of protected assets, unprotected assets, and excluded assets for each asset source that has been added and enabled in PowerProtect Data Manager. You can also view the total number of assets for each asset source, and the total size of these assets. Assets | Count displays by default, and the asset types are sorted
18 Getting Started
Table 10. PowerProtect Data Manager Dashboard (continued)
Dashboard widget Description
based on the percentage of the total asset count that are unprotected, or the total size of the unprotected assets for the asset source, depending on the view.
Click the three vertical dots at the top of the widget to:
Select Count or Size to switch the assets view in the widget. Select one or more asset sources from the list. You can display asset statistics for a single
asset source, multiple asset sources, or all asset sources.
Hover over a color to view the exact number of protected, unprotected, and excluded assets and the total size of these assets. Click a color to open the Infrastructure > Assets window, which is filtered to display the assets that match the selected status.
Health This widget provides a score for the overall PowerProtect Data Manager system health (Good, Fair, or Poor). Health details and status are provided for the following categories:
Components: Identifies the state of hardware and software services, such as Running or Failed.
Configuration: Identifies whether any aspects of the PowerProtect Data Manager configuration are incomplete, such as System Support configuration.
Capacity: Identifies the provisioned and currently allocated size of the associated storage system.
Performance: Identifies key performance indicators, such as memory use. Data Protection: Identifies key protection indicators, such as service-level agreements not
being met and disaster-recovery backup copies not being present.
Click View All to view more details about the system health issues for all categories.
Compliance This widget provides compliance verification statistics for protection policies that are linked to a Service Level Agreement (SLA). The widget also identifies the number of assets within these policies that are compliant and non-compliant.
Click the three vertical dots at the top of the widget to select one or more asset sources from the list. You can display compliance statistics for a single asset source, multiple asset sources, or all asset sources. By default, the total count and number of protection policies for compliant and non-compliant assets displays for all asset sources.
Click View All to open the Protection > SLA Compliance window, where you can view more details about the specific policies and assets that are non-compliant.
Capacity | Active Tier and Capacity | Cloud Tier
This widget displays the capacity status of the DD protection storage systems that are associated with this instance of PowerProtect Data Manager for the active tier and cloud tier. Based on the available capacity on each DD system, a color coded bar graph displays the number of systems that are Good (>20% available), Fair (<20% available), or Poor (<10%).
Click the three vertical dots at the top of the widget to:
Select Active Tier or Cloud Tier to switch between a view of protection storage systems for the active tier and cloud tier in the widget. By default, the widget displays Capacity | Active Tier.
Select a DD system from the list. The widget updates to display capacity statistics for the selected DD system. You can only display capacity statistics for one system at a time.
Click View All to open the Infrastructure > Storage window, where you can view more details about specific protection storage systems.
Space Optimization This widget provides information about how efficient the active tier storage capacity is on individual DD systems associated with this instance of PowerProtect Data Manager. Efficiency is determined based on the size of pre-compression data compared with the size of post- compression data on the system.
Click the three vertical dots at the top of the widget to select a DD system from the list. The widget updates to display space optimization statistics for the selected DD system.
Getting Started 19
PowerProtect Data Manager UI tools and windows
The following table describes the tools and windows in the PowerProtect Data Manager UI left navigation pane.
Table 11. PowerProtect Data Manager tools
Menu item Description
Dashboard
Click Dashboard to view the overall state of the PowerProtect Data Manager system.
Health
Click Health to view a score for the overall PowerProtect Data Manager system health (Good, Fair, or Poor).
Infrastructure
Click Infrastructure to: View and manage all assets:
VMware virtual machines File systems VMAX storage Groups Kubernetes clusters Microsoft Exchange Server databases Network Attached Storage (NAS) Microsoft SQL Server databases Oracle databases SAP HANA databases
Add vCenter and application and File System host asset sources. View and manage Integrated Storage. Add a VM Direct appliance with the VM Direct protection engine for virtual machine data
protection. Manage the vSphere Installation Bundle (VIB) for virtual machine crash-consistent data
protection performed with the Transparent Snapshot Data Mover (TSDM) protection mechanism.
Manage registration of Oracle RMAN agent, Microsoft application agent, SAP HANA agent, and File System agent.
View and manage Cloud Disaster Recovery. Create and manage a Search Cluster. Add PowerProtect Cloud Snapshot Manager tenants as asset sources for jobs, alerts, and
reports.
Protection
Click Protection to: Add protection policies to back up assets. Manage service-level agreements (SLAs). Add, edit, and delete protection rules for asset inclusion in policies. Add, edit, and delete file exclusion templates for File System protection policies.
Restore
Click Restore to: View asset copy location details and initiate a Restore operation. Manage Instant Access Sessions. Use the File Search feature to find and restore virtual machine file copies.
Alerts
Click Alerts to: View and acknowledge alerts and events. Filter alerts by critical, warning, and informational status, and specify the time range. View and examine Audit logs. Export audit logs to CSV files. Set audit log boundaries. Configure alert notifications.
20 Getting Started
Table 11. PowerProtect Data Manager tools (continued)
Menu item Description
There is also a banner UI option, represented by the icon, which provides links that enable you to view all unacknowledged alerts.
Administration
Click Administration to: Configure users and roles. Set password credentials and manage key chains. View and replace certificates. Add external identity providers. View and manage resource groups.
Reports
Click Reports to access the PowerProtect Data Manager Report Browser and Reporting Engine.
Jobs
Click Jobs to manage jobs, view by protection or system, filter, and view details.
Banner UI options
The following table describes the icons in the PowerProtect Data Manager UI banner.
Table 12. Banner UI options
Option Description
Click to provide customer feedback.
Click to enter search criteria to find assets, jobs, logs, and alerts.
The number next to this icon indicates the critical unacknowledged alerts over the last 24 hours.
Click to expand for more information about unacknowledged alerts, including:
The total number of alerts (all statuses critical, warning, or informational) that have yet to be acknowledged, or just the unacknowledged alerts from the last 24 hours (marked with the New tag).
The number of critical alerts that have yet to be acknowledged, or just the unacknowledged critical alerts from the last 24 hours (marked with the New tag).
Within this menu, click any of these links to open the Alerts window, where you can view specific details about these unacknowledged alerts.
Click to restore assets from replicated copies through quick recovery. This icon only appears when this system receives replicated metadata from a source system.
Click to configure and manage PowerProtect Data Manager system network, time zone, and NTP settings, DR backups, security, licenses, updates, authentication, agent downloads, and support, and to access the Get Started window.
Click to obtain more information about PowerProtect Data Manager, access Customer Support, or view the REST API documentation.
Click to log out, and log in as a different user, or change the current user password.
Click to launch CloudIQ, APEX Backup Services, Cloud Snapshot Manager, or vProtect.
Getting Started 21
Export data PowerProtect Data Manager enables you to export and save table data in CSV format.
Prerequisites
In the PowerProtect Data Manager UI, browse to a window that includes the Export All functionality.
About this task
The following table lists the windows that support the Export All functionality.
Table 13. Supported windows
Menu item Window
Health Health
Infrastructure Assets
Application Agents
Protection Protection Policies
You can also export records for assets that are assigned to a protection policy. Select a protection policy to view its details, and then click the asset count link next to Assets.
SLA Compliance
Protection Rules
You can also export records for assets that are applied to a protection rule. Click the link in the Assigned Assets Count column for the protection rule.
Restore Assets
Alerts System
Administration Access Control > Users/Groups
Access Control > Resource Groups
You can also export records for assets that are assigned to a resource group.
Click next to the resource group, and then click View Assets in the right pane.
Audit Logs
Jobs Protection Jobs
System Jobs
Steps
1. (Optional) Filter and sort the information that appears in the table.
2. In the window, click Export All to export the data to a CSV file.
NOTE: Filters applied to the table in the Protection Policy window are not applied to the exported CSV file. Exported
protection records include all data that is shown in the table. Download the Excel file to sort and filter the protection
results.
22 Getting Started
Exported fields
The following tables list the fields that are exported using the Export All functionality. The fields are exported in CSV format.
Table 14. Exported fields
Resource Exported fields
Jobs Job ID, Status, Description, Job Type, Sub Type, Asset Type, Assets, Start Time, End Time, Duration, Next Scheduled, Policy Name, Data Transferred, Storage System, Asset Size, Data Compressed, Average Throughput, Total Compression Factor, Reduction Percentage
Application Agents Host Name, IP, Registration Status, OS, Agent Type, Current Version, Update Status, Port, Application Version, Created Date, Registered Date
Alerts Message ID, Details, Recommended Action, Severity, Date, Summary, Category, Status
Protection Policies Name, Category, Asset Type, Asset Count, Protected Asset Size, Last Run Status, Violations, State
Resource Groups Name, Description, Created At, Number of Resources SLA Compliance Name, Compliance Type, Policies At Risk, Objectives out of
Compliance, Impacted Assets System Health Issues Deduction, Issue, Category, Component, Remediation, Date Users User/Group Name, Type, First Name, Last Name, Email Address,
Roles and Resources, Added Date
The following fields are common to each asset type:
ID, Status, Asset Type, Sub Type, Protection Policy ID, Protection Policy, Protection, Size, Protection Capacity Size, Protection Capacity Time, Last Copy, Network, Protection Rule Name, Resource Group Name The following table lists the fields that are unique to each asset type.
Table 15. Exported fields for asset types
Resource (asset type) Exported fields
VMware Virtual Machines Name, Tags, Operating System, Apps, Disk Excluded, vCenter, Protection Mechanism, ESX Host Name, VM BIOS Uuid, Resource Pool, VM Folder, Data Center
Kubernetes Namespace, Labels, Age, Cluster, PVCs Excluded, Storage Class Name, Volume Mode, PVC Namespace
Microsoft SQL Server Name, Protection Engine Flow, Host Type, Host/Cluster/Group Name, Application Server ID, Application Server Name
Oracle Name, Host/Cluster/Group Name, Host Type, OS Type, Application Server Name, Application Server ID, SID
Microsoft Exchange Server Name, Host/Cluster/Group Name, Host Type, Application Server Name, Application Server ID
SAP HANA Name, Host/Cluster/Group Name, Host Type, Application Server Name, Application Server ID
File System Name, OS Type, File System Type, Host Name, Host Operating System
NAS Name, Asset Source, Appliance Name, Array Type, Server Name/IP, Protocol, File Stubs, File System Path, File System Name
Getting Started 23
Table 15. Exported fields for asset types (continued)
Resource (asset type) Exported fields
VMAX storage group Name, VMAX Serial No, Host
Customer feedback Use the customer feedback feature in the PowerProtect Data Manager UI to report your satisfaction with PowerProtect Data Manager, provide feedback, and send requests for enhancements. Customer feedback is used to improve the customer experience.
Provide general feedback
Use the following procedure to report your satisfaction with PowerProtect Data Manager and provide feedback.
Steps
1. Log in to the PowerProtect Data Manager UI.
2. From the banner, click .
The customer feedback survey opens in a new window. NOTE: In environments with limited external connectivity, such as dark sites, an error appears in the web browser and
the customer feedback survey is not displayed.
3. (Optional) Complete the fields in the customer feedback survey, and when finished, click Submit.
You have the option to rate your satisfaction with PowerProtect Data Manager and make a recommendation for how to improve the customer experience. You also have the option to provide an email address so that can follow up with you regarding your feedback.
NOTE: Customer contact information is not used for marketing purposes.
Security configuration A separate guide provides some server configuration tasks which are intended specifically for security administrators, whose role may be separate from the host system administrator.
The PowerProtect Data Manager Security Configuration Guide provides detailed instructions for all security-related tasks, including but not limited to:
Port requirements Configuring identity providers Managing local and external user accounts Changing and resetting passwords Assigning users and groups to roles and associated privileges Managing credentials for local and remote components Creating resource groups to define scopes of authority Managing security certificates, where applicable
Role-based security
PowerProtect Data Manager provides predefined user roles that control access to areas of the user interface and to protected operations. Some of the functionality in this guide is reserved for particular roles and may not be accessible from every user account.
By using the predefined roles, you can limit access to PowerProtect Data Manager and to backup data by applying the principle of least privilege.
24 Getting Started
The PowerProtect Data Manager Security Configuration Guide provides more information about user roles, including the associated privileges and the tasks that each role can perform.
Getting Started 25
System Maintenance
Topics:
Deploying and maintaining the health of PowerProtect Data Manager Deploying and updating PowerProtect Data Manager Licensing PowerProtect Data Manager Specifying the PowerProtect Data Manager host Memory optimization Restricted mode System support Restarting PowerProtect Data Manager System maintenance troubleshooting
Deploying and maintaining the health of PowerProtect Data Manager In order for PowerProtect Data Manager to function as efficiently as possible, you should deploy and maintain it according to recommended guidelines.
Deploying and updating PowerProtect Data Manager You can deploy PowerProtect Data Manager, update it to the latest version, and install other important package updates.
Update paths
CAUTION: If recommended guidelines are not followed, the update of PowerProtect Data Manager or one of its
components can fail.
When deploying or updating PowerProtect Data Manager, see the PowerProtect Data Manager Deployment Guide. It contains detailed instructions and guidelines that must be followed in certain environments and configurations.
Updating from PowerProtect Data Manager versions 19.8 through 19.11 to version 19.12 is supported.
Security advisories
CAUTION: If the latest Dell security advisories (DSAs) are not followed, PowerProtect Data Manager can be
exposed to security vulnerabilities.
To review the latest DSAs, search for PowerProtect Data Manager at the Dell Technologies Security Advisories and Notices website.
Licensing PowerProtect Data Manager PowerProtect Data Manager can be licensed in several different ways. This section describes the different types of available licenses and how to install a license.
For more information about licensing, see the PowerProtect Data Manager Licensing Guide.
2
26 System Maintenance
License types
There are several different types of licenses, and they can provide licensing for different periods of time.
The available license types are described in the following table.
Table 16. License types
License type Description
Trial The license applied by default when PowerProtect Data Manager is deployed. It enables full use of the product without applying a license key for up to 90 days. When the trial period ends, PowerProtect Data Manager continues to operate with full functionality so that you can apply a permanent license.
NOTE: A trial license does not allow the use of SupportAssist.
Front-end protected capacity by terabyte (FETB)
The primary model of licensing, which is based on the capacity that you want to protect. For example, you can purchase a 100-TB license, which enables you to protect up to 100 TB of data.
Socket-based Licensed per CPU socket on virtual machine hosts that are being backed up or replicated.
Perpetual and term-based (subscription) licenses
Licensed software is offered with perpetual or term-based licenses. Your quote identifies whether your license rights are perpetual or term-based.
A perpetual license enables you to use the software while you are in compliance with the terms of the license agreement.
A term-based license enables you to use the software for a specified time, while you are in compliance with the terms of the license agreement. At the end of the license term, you must stop using the software, extend the license term, or purchase a new license.
Add a license
You can add a license file to PowerProtect Data Manager and view license details, such as capacity usage and software ID number.
Prerequisites
To obtain the XML license file from the license management website, you must have the License Authorization Code (LAC), which is emailed from . If you have not received the LAC, contact your Customer Support representative.
About this task
To review existing license information, go to Settings > License.
To add a license, perform the following steps:
Steps
1. From the PowerProtect Data Manager user interface, click , and then select License.
2. On the License window, perform one of the following actions: Copy and paste the text from the license file into the text box. Click Upload File, browse to the location of the license file and select the file, and then click Open. The license file content appears in the License window.
3. Click Save.
Results
A message appears in the License window to confirm that the license is successfully added.
System Maintenance 27
Specifying the PowerProtect Data Manager host When you specify a vCenter server as the PowerProtect Data Manager host, it allows the vCenter server to perform operations unique to PowerProtect Data Manager.
The PowerProtect Data Manager host performs several operations, including the following:
Virtual-machine configuration and other system activities. Taking a PowerProtect Data Manager snapshot, if required during a software update. Allowing memory that is assigned to PowerProtect Data Manager to be automatically increased as necessary when
performing a software update. Enabling Cloud Disaster Recovery (Cloud DR) in order to increase required PowerProtect Data Manager CPU and memory.
A vCenter host is a prerequisite for Cloud DR, as specified in the Cloud Disaster Recovery tab of the Infrastructure > Asset Sources window in the PowerProtect Data Manager user interface.
Specify a vCenter server as the PowerProtect Data Manager host
You select a vCenter server to be used as the PowerProtect Data Manager host from those already added or discovered.
About this task
Perform the following operations:
Steps
1. From the PowerProtect Data Manager user interface, click , and then select Hosting vCenter.
The Hosting vCenter window appears.
2. Choose from one of the following options: Enter FQDN/IPSelect this option to manually enter the fully qualified domain name or IP of the vCenter server, the
port number, and to select the vCenter Host Credentials. The Host Credentials list is populated with vCenter servers that have already been added and discovered in PowerProtect Data Manager. If the host vCenter credentials do not appear in the list, select Add Credentials to enter this information.
Select FQDN/IP from asset sourcesSelect this option to obtain the host vCenter server information automatically from a vCenter asset source that has already been added and discovered in PowerProtect Data Manager.
3. Click Save.
Results
If the host vCenter server is added as an asset source in PowerProtect Data Manager, a icon displays next to this vCenter server in the Infrastructure > Asset Sources window.
vCenter server PowerProtect Data Manager host privileges
In order for the vCenter server that is specified as the PowerProtect Data Manager host to have the ability to take snapshots, the user account associated with it must have certain privileges.
Setting vCenter 6.0 and later required privileges PowerCLI equivalent required privileges
Global Manage custom attributes Set custom attributes
Global.ManageCustomFields Global.SetCustomField
Virtual Machine Snapshot Management Create snapshot Revert to snapshot Remove snapshot Rename snapshot
VirtualMachine.State.CreateSnapshot VirtualMachine.State.RevertToSnapshot VirtualMachine.State.RemoveSnapshot VirtualMachine.State.RenameSnapshot
NOTE: A complete list of the privileges required for a dedicated vCenter user account is provided in the PowerProtect Data
Manager Virtual Machine User Guide.
28 System Maintenance
Memory optimization You can use adjust the amount of memory that is assigned to the PowerProtect Data Manager virtual machine in order to optimize server performance.
The following table indicates the default amount of memory assigned to the PowerProtect Data Manager virtual machine in a standard environment. The default values are the minimum recommended values.
Table 17. PowerProtect Data Manager memory requirements
Deployment type Memory Swap space Cores
Default 24 GB 8 GB 10
With the Cloud Disaster Recovery (Cloud DR) Add-On
28 GB 8 GB 14
The recommended number of cores is 14. Also consider the following:
Depending on the environment, increasing the amount of memory can increase performance. If low-memory alerts are seen, increase the amount of memory. Do not increase the amount of memory beyond 32 GB of RAM. PowerProtect Data Manager is not designed to support more
than 32 GB of RAM. If you are deploying PowerProtect Data Manager to a virtual machine in a cloud Marketplace environment, it is automatically
assigned 32 GB of RAM. This amount of memory should not be changed after it is deployed. Most of the services from PowerProtect Data Manager are memory intensive. When the available physical memory drops to
a certain threshold value, these services start leveraging swap memory. If swap memory resides on a slow disk, then there can be significant impact on the Java Garbage Collection activity from each of these services when memory that has not been recently used needs to be swapped into physical memory.
Therefore, it is highly recommended to configure swap memory on a solid-state drive (SSD). During deployment of the PowerProtect Data Manager server, use the SSD data store to avoid the high latency disk impact from swap and metadata operations.
NOTE: For help with optimizing memory, contact your Customer Support representative.
Memory and updating from an earlier version of PowerProtect Data Manager
Features in the current version of PowerProtect Data Manager might require more memory than required in previous versions. When updating from an earlier version of PowerProtect Data Manager, ensure that you increase the amount of assigned memory as necessary.
Adjust the virtual machine memory
Adjust the amount of memory assigned to the PowerProtect Data Manager virtual machine to support changes in the protection environment.
Steps
1. Log in to the vSphere Web Client.
2. Right-click the appliance and select Edit Settings. The Edit Settings window appears with the Virtual Hardware button selected.
3. In the Memory field, specify the new memory value.
Ensure that the value you specify does not exceed 32 GB of memory and that it is a multiple of 4 GB.
4. Click OK.
System Maintenance 29
Restricted mode You can enable restricted mode to prevent scheduled writes to storage. You might want to enable restricted mode to limit access to storage during a storage upgrade.
Enabling restricted mode during a storage upgrade provides the following benefits:
Storage writes can be eliminated in a controlled manner. Once writes have stopped, storage can be upgraded. Storage writes can be tested after storage has been upgraded. Once testing is complete, storage can be returned to full
production.
Restricted mode prevents the following scheduled operations:
Backups and replication Backup-copy deletion Server disaster-recovery backups
Restricted mode allows the following operations:
Any jobs in progress or queued to run Manual backups and restores Discovery jobs
To enable restricted mode from the PowerProtect Data Manager user interface, click , select System Settings > Restricted Mode, and then click Enable Restricted Mode.
System support You can use the PowerProtect Data Manager user interface to manage and modify support settings that are typically configured during deployment. Typically configured support settings include the mail server setup and Secure Remote Services registration.
To access the Support window, click , and then select Support.
Configuring SupportAssist for PowerProtect Data Manager
SupportAssist is a support tool that communicates with PowerProtect Data Manager to monitor your environment, automatically detect current and potential issues, and collect and store diagnostic data. SupportAssist securely sends the data that is required for troubleshooting an issue to Customer Support for diagnostic purposes and customer support.
SupportAssist is at heart of the connectivity platform as a unified communication point between PowerProtect Data Manager and Customer Support.
SupportAssist provides the following features and benefits:
Proactive monitoring and issue prevention Facilitates update package downloads Automatic health checks Communicates telemetry data Real-time troubleshooting Customer support
Configure SupportAssist to receive automated support capabilities for your PowerProtect Data Manager system.
SupportAssist cannot be configured when PowerProtect Data Manager uses a trial license.
Migrating to SupportAssist
SupportAssist provides automated support capabilities for PowerProtect Data Manager systems. SupportAssist replaces Secure Remote Services (SRS) and SupportAssist Enterprise (SAE) in this release of PowerProtect Data Manager
If you have configured the SRS or SAE gateway previously, you must update the SRS or SAE gateway to Secure Connect Gateway (SCG) version 5.10 or higher.
30 System Maintenance
The PowerProtect Data Manager system automatically migrates SCG to SupportAssist when you update PowerProtect Data Manager.
If you do not have the SRS or SAE gateway configured, you can configure SupportAssist directly.
Use the following procedures to configure SupportAssist.
Generate SupportAssist access key and PIN
An access key and PIN are required to configure a secure connection between PowerProtect Data Manager and SupportAssist. You only need to apply the access key and PIN once.
About this task
Use the following procedure to generate your SupportAssist access key and PIN:
Steps
1. Go to the Customer Support website and log in to your account.
2. In the search box, type PowerProtect Data Manager and click Search.
3. Click Generate Access Key in the Quick links pane.
4. Enter the product ID (serial number) in the search box.
5. In the Create PIN field, enter a 4-digit PIN.
Record the PIN for later use.
6. Click Generate Access Key.
The access key is sent to the email address for your account.
NOTE: It might take up to 5 minutes to receive the access key in your email.
Connect to support services through SupportAssist
Establish a connection through SupportAssist to ensure access to Customer Support. SupportAssist enables PowerProtect Data Manager to connect to support services directly or through a gateway server.
Prerequisites
Apply a valid PowerProtect Data Manager license. If you are connecting through the gateway server, the SCG gateway version must be 5.10 or later. Apply a valid access key and PIN. HTTPS port 443 of esrs3-core.emc.com and esrs3-coredr.emc.com is not blocked by the network firewall.
Steps
1. From the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist. The Support window opens to the SupportAssist page.
2. On the Connection tab, click Connect Now.
3. Select one of the following options: Connect Directly
Select this option to connect PowerProtect Data Manager directly, and then enter the SupportAssist Access Key and PIN.
Connect via Gateway
Select this option to connect PowerProtect Data Manager through a gateway server, and then enter the gateway server IP address and port number.
4. Enter the SupportAssist Access Key and PIN.
5. Click Enable Connect.
System Maintenance 31
Results
PowerProtect Data Manager is connected to support services.
Update or configure contact data
Provide contact information for the person that Customer Support will contact with diagnostic reports. You can add or update contact data for SupportAssist at any time.
Steps
1. From the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist. The Support window opens to the SupportAssist page.
2. Select the Contacts tab.
3. To add a primary contact, complete the following steps:
a. Enter the following information:
First Name Last Name Email Phone
b. Select the Preferred Language from the list. c. Click Save.
4. To add a secondary contact, click + Add Secondary Contact and enter the required information.
Add AutoSupport
When AutoSupport is enabled, automated support information, telemetry reports, alert summaries, and CloudIQ reports are sent.
About this task
If SupportAssist and SMTP are both configured, this information is sent using the option that you choose in the System Settings > Support > AutoSupport window.
Steps
1. From the PowerProtect Data Manager UI, click , select Support, and then click AutoSupport.
The AutoSupport window appears.
2. Change the Enable AutoSupport option to Disabled or Enabled, and click Save.
When you enable AutoSupport, select whether to receive the AutoSupport communications through SupportAssist or email server.
When you enable AutoSupport, the Telemetry Software Terms page displays. Review and scroll down to the bottom of the page to accept the terms, and then click Save to save your changes.
When you disable AutoSupport, PowerProtect Data Manager stops sending error and telemetry data to SupportAssist or the SMTP server. PowerProtect Data Manager continues to send information for updates and other information.
NOTE: To disable SupportAssist, clear the SupportAssist option in the AutoSupport window.
Change SupportAssist connection settings
Use the following procedure to change SupportAssist connection settings.
Steps
1. From the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist.
32 System Maintenance
The Support window opens to the SupportAssist page.
2. Select one of the following connection options: Connect Directly Connect via Gateway
To add a new gateway connection, complete the following steps:
a. Enter the gateway IP address and port number. b. Click Test.
Wait until the connection test is complete. If the connection is successful, a green check mark is displayed next to the gateway IP address and port number.
3. Enter the SupportAssist Access Key and PIN.
NOTE: If you are not connecting with a new access key, skip this step.
4. Click Reconnect.
Enable or disable SupportAssist
Enable the SupportAssist feature to automatically detect issues and collect diagnostic and usage data. You can also disable SupportAssist at any time.
Steps
1. From the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist. The Support window opens to the SupportAssist page.
2. To enable SupportAssist, move the Connect to SupportAssist slider to the right. To disable SupportAssist, move the Connect to SupportAssist slider to the left.
The operation might take up to 5 minutes to complete.
Troubleshooting SupportAssist
Review the following information that is related to troubleshooting SupportAssist.
Failed to establish a SupportAssist connection
If you are connecting to SupportAssist with an access key and PIN that is already in use, the connection fails with error:
Connection is failed: Get universalkey error: Access Key and Pin used If this issue occurs, obtain a new access key and PIN from Customer Support. Generate SupportAssist access key and PIN provides instructions.
The following error might display if the SWID is not added to the PowerProtect Data Manager back-end: Connection is failed: Get universalkey error: Invalid Access Key and Pin If this issue occurs, contact Customer Support and ask them to check whether the SWID has been added to the PowerProtect Data Manager back-end.
Test gateway connection failed
If you are using a gateway that is not Secure Connect Gateway (SCG), the connection to the gateway might fail. As a result, the SCG gateway configuration is not transferred to SupportAssist after you update PowerProtect Data Manager.
When updating PowerProtect Data Manager, the precheck dialog box displays a warning indicating that the SCG gateway version 5.10 or higher is required. Make sure that you update the Secure Remote Services (SRS) or SupportAssist Enterprise (SAE) gateway to a version compatible with the SCG version.
If you are using a SCG or SAE gateway, the update fails with the following error:
SYS0034 Unable to upgrade from Secure Remote Services to SupportAssist.
System Maintenance 33
Details The upgrade to SupportAssist is unsuccessful for one or more of the following reasons: 1) The SupportAssist service cannot start. 2) The gateway is not accessible. 3) An issue occurs during Gen3 key upgrade.
Recommended Action In the PowerProtect Data Manager UI: 1) To open the Support dialog, click Settings and select Support. 2) In the left pane, select SupportAssist to set up SupportAssist. If this issue occurs, perform the following:
1. Check that you are using the SCG gateway and that the version is 5.10 or higher.
2. Set up SupportAssist. In the PowerProtect Data Manager UI, click , select Support, and then click SupportAssist.
Connection status changes to "Not Connected"
If the connection status changes to "Not Connected":
1. Ensure that all prerequisites are met in Connect to support services through SupportAssist . 2. If the issue persists, contact Customer Support.
Telemetry Collector
Telemetry Collector gathers information related to this system, including configuration, usage characteristics, performance, and deployment location information. Telemetry Collector manages remote access and the exchange of system data with Dell Inc. or its subsidiaries. The information that is gathered by Telemetry Collector is confidential and this data cannot be shared.
When you enable SupportAssist, you also enable Telemetry Collector, which allows Customer Support engineers to collect data that is related to troubleshooting device and PowerProtect Data Manager software issues. Telemetry Collector does not collect any personal information.
Telemetry Collector populates three reportsa telemetry report, an alert summary report, and a CloudIQ report. Telemetry Collector collects details about the following objects:
Alerts Assets Asset sources Audit logs Cloud Data Recovery Cloud Disaster Recovery metrics Compliance details Compliance in the last 24 hours Data targets DD inventory Host information Integrated storage Licensing PowerProtect Data Manager operational inventory Protection details Protection policies Quick-recovery synchronization information Service-level agreements Storage systems Time spent on generating reports Traffic metrics Update summaries Usage
34 System Maintenance
CloudIQ reporting
When you enable AutoSupport, you also enable reporting. CloudIQ is a no-cost SaaS/cloud-based management application that proactively monitors and measures the overall health of systems through intelligent, comprehensive, and predictive analytics. The data reported to CloudIQ includes configuration data, historical metrics and health score data.
Ensure that the following requirements are met:
Add a valid license in System Settings > License. Set up SupportAssist in System Settings > Support > SupportAssist. Enable AutoSupport and select SupportAssist.
When AutoSupport is enabled, CloudIQ reports are sent automatically. To log in to CloudIQ, click , and then click CloudIQ. You can also go to https://cloudiq.dell.com. For more information on CloudIQ, refer to the CloudIQ Online Support site.
Set up the email server
The Email Setup page of the PowerProtect Data Manager Support window enables you to configure SMTP email server settings that control sending and receiving email related to resetting local user passwords and customizing alert notifications.
Steps
1. From the PowerProtect Data Manager user interface, click , select Support, and then click Email Setup.
2. Populate the following fields:
a. Mail Server
The SMTP mail server.
b. Email from:
The email address at which you would like to receive PowerProtect Data Manager AutoSupport email.
c. [Optional] Recipient for Test Email:
The email address to which you would like to send PowerProtect Data Manager test email.
d. [Optional] Port:
The default port is 25. PowerProtect Data Manager supports using non-default ports.
If the email setup is deleted, you must manually choose any non-default port that is not in use anywhere else.
e. User Name:
The user name associated with thePowerProtect Data Manager SMTP email server.
f. Password:
The password associated with the PowerProtect Data Manager SMTP email server.
3. Click Send Test Email. PowerProtect Data Manager sends a test email.
4. Click Save.
Add AutoSupport
When AutoSupport is enabled, automated support information, telemetry reports, alert summaries, and CloudIQ reports are sent.
About this task
If SupportAssist and SMTP are both configured, this information is sent using the option that you choose in the System Settings > Support > AutoSupport window.
Steps
1. From the PowerProtect Data Manager UI, click , select Support, and then click AutoSupport.
The AutoSupport window appears.
2. Change the Enable AutoSupport option to Disabled or Enabled, and click Save.
System Maintenance 35
When you enable AutoSupport, select whether to receive the AutoSupport communications through SupportAssist or email server.
When you enable AutoSupport, the Telemetry Software Terms page displays. Review and scroll down to the bottom of the page to accept the terms, and then click Save to save your changes.
When you disable AutoSupport, PowerProtect Data Manager stops sending error and telemetry data to SupportAssist or the SMTP server. PowerProtect Data Manager continues to send information for updates and other information.
NOTE: To disable SupportAssist, clear the SupportAssist option in the AutoSupport window.
Enabling automatic update package checks and downloads
If SupportAssist is enabled, you can configure PowerProtect Data Manager to automatically check for update packages, and either alert you or automatically download them.
For more information about these options, see the PowerProtect Data Manager Deployment Guide
Add a log bundle
Use the following procedure to add a log bundle.
About this task
NOTE: You can add a maximum of 10 log bundles.
Steps
1. From the PowerProtect Data Manager user interface, click , and then click Logs.
2. Click Add to add a log bundle. The Add Log Bundle window appears.
3. Select the systems for the log bundle (Data Manager, VM Direct Engines, or, if Cloud DR is deployed, CDRS), set the log bundle duration, and click Save. The Jobs window displays the progress of the log bundle creation. Also, a green banner in the UI indicates that the log bundle has successfully been created. If you want to dismiss the banner, click X.
4. To delete the log bundle, select the box to the left of log bundle and click Delete.
The Log Capacity indicates how much space (in GB) remains on the disk for logs and the percentage of the disk in use for log storage.
5. To download the log bundle, click the bundle name in the Bundle Name column.
Audit logging and monitoring system activity
The Linux audit daemon (auditd) tracks and logs security-relevant events on the PowerProtect Data Manager system.
Users with the Administrator role can use auditd to monitor the following events:
File access System calls Login and logout activity of users
Audit logging enables you to discover access violations, changed or deleted files, failed authentication, and so on.
36 System Maintenance
Viewing audit events in the UI
With the Administrator, Backup Administrator, Restore Administrator, and User roles, you can view audit events to monitor system activity.
About this task
The following actions generate an audit event:
User login and logout Creating, deleting, or updating a user Assigning or unassigning a role to a user
To view audit events in the UI, perform the following steps.
Steps
1. Log in to the PowerProtect Data Manager UI with an account that has one of the indicated roles.
2. Go to Alerts > Audit Logs.
View and manage alerts
Alerts enable you to track the performance of data protection operations in PowerProtect Data Manager so that you can determine whether there is compliance to service level objectives. With the Administrator, Backup Administrator, Restore Administrator, or User role, you can access the alerts from the Alerts window. However, only some of these roles can manage alerts.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Alerts.
You can also click the icon in the top banner, and then click the links to view unacknowledged alerts of all statuses (critical, warning, and informational), or only the unacknowledged critical alerts.
NOTE: Clicking the New tag displays only the unacknowledged alerts that have been generated within the last 24 hours.
The number that appears next to the is the total number of unacknowledged critical alerts over the last 24 hours.
The Alerts window displays.
2. Select the System tab. A table with an entry for each applicable alert displays.
By default, only unacknowledged critical alerts from the last 24 hours display, unless you selected to view all
unacknowledged alerts from the links under the icon.
If filter tags have already been applied, the window displays these filter tags. Click X next to any of these filter tags to clear a filter, and the table view updates with the applicable selections. You can sort the alerts in the table by Severity (Critical, Warning, Informational), Date, Category, or Status (Acknowledged or Unacknowledged).
3. Select the time (last 24 hours, last 3 days/7 days/30 days), a specific date, or a time range for the alerts that you want to view. You can also select All Alerts from this list to display information for all alerts that match the filter tags.
4. Optionally, clear the Show only unacknowledged alerts checkbox if you want to view both acknowledged and unacknowledged alerts. If you clear this checkbox, the Unacknowledged filter tag is also cleared.
5. To view more details about a specific entry, click next to the entry in the table.
6. For the following steps, log in to the PowerProtect Data Manager UI with an account that has the Administrator, Backup Administrator, or Restore Administrator role.
7. To acknowledge one or more alerts, select the alerts and then click Acknowledge.
8. To add or edit a note for the alert, click Add/Edit Note, and when finished, click Save.
9. To export a report of alert information to a .csv file which you can download for Excel, click Export All.
NOTE: If you apply any filters in the table, exported alerts include only those alerts that satisfy the filter conditions.
System Maintenance 37
Export audit logs
With the Administrator or Security Administrator role, you can export audit log records to a CSV file of audit data that you can download and open in Excel. Only the Administrator role can change the retention period.
Steps
1. Go to Administration > Audit Logs.
The list of audit logs appears, which displays the following information: Changed at Audit Type Description Changed By Object Changed Previous Values New Values
2. To set the retention period (in days) for the audit log, select Set Boundaries and update the retention period.
Only the Administrator role can perform this step.
3. To add a note for the audit log, click >, enter a note in the Note field, and click Save.
4. Click Export All.
Monitor system services and system health
The status of system services can be monitored from the System Services Status pane, and system health information can be monitored from the Health pane.
Monitor system services
You can monitor the status of each system service from the System Services Status pane.
To view the status of system services, click , select Support, and then click System Services Status.
The following table provides a summary of the status of each system service and component:
Table 18. System service and component status
Status Description
Running This state appears when the associated service or component is running with full functionality. When all services are in running state, the state of the appliance is operational.
Initializing This state appears when the service is starting. When the service successfully starts, the state changes to Running.
Maintenance This state appears when the associated service is in maintenance. In the maintenance state, components have limited functionality. Infrastructure services do not go into maintenance state. When other services or components are in maintenance, the appliance state is also maintenance.
Quiesce This state appears when the service or service associated with the component is stopping.
Shut down This state appears when the service has stopped.
No response This state appears when the service that is associated with the component is running, but the service is not responding.
Monitor system health
You can monitor system health information from the Health pane.
To view a summary of any issues affecting the health of PowerProtect Data Manager, select Health from the navigation pane or View All from the Dashboard health widget.
38 System Maintenance
PowerProtect Data Manager automatically performs a health check every two minutes. If an issue is detected, it is assigned a category and a deduction value based on its severity. All issues are displayed on the Health pane. Issues that have been resolved are automatically removed the next time a health check is performed.
The categories of Components, Configuration, Capacity, Performance, and Data Protection each start with a score of 100. If a category is affected by an issue, its score is reduced by the deduction value assigned to the issue. If a category is affected by more than one issue, its score is only reduced by the most severe issue.
Click next to an entry to see the details of the issue.
In the Health pane, you can export health data by using the Export All functionality.
The overall health score of the system is represented by the most severe issue and the category with the lowest score.
Table 19. Health score
Health score Indicates
95100 System is in good health.
7194 System is in fair health.
070 System is in poor health.
Access the open source software package information
All open source software (OSS) package information used by PowerProtect Data Manager is stored in a common directory.
To access this information, SSH login to PowerProtect Data Manager and retrieve the OSS reports from the /usr/ local/brs/puppet/licenses directory.
Security certificates
A default deployment of PowerProtect Data Manager creates self-signed security certificates that secure communication with other components. As you configure the server and add assets, PowerProtect Data Manager stores additional certificates for each component.
The Administrator and Security Administrator roles can review the Administration > Certificates page in the UI. This page contains three tabs that list the installed security certificates. Each tab provides information about certificate uses, expiry dates, issuers, and so forth.
The certificates on the Internal tab secure access to components that are part of the PowerProtect Data Manager server, such as the UI and REST API. The certificates on the Application Agents tab secure access to the agents, which are under the control of PowerProtect Data Manager but exist outside the server. The certificates on the External Servers tab secure access to components or systems that are beyond the control of the server, but where you have approved the communication.
The PowerProtect Data Manager Security Configuration Guide contains more information about cryptography and security certificates. This guide provides instructions for how to manage the installed certificates, including important prerequisites, operational considerations, associated tasks, and troubleshooting. For example, you can replace the default self-signed security certificates for PowerProtect Data Manager with certificates from an approved certificate authority. This guide also contains instructions for establishing certificate-based trust with external components and systems.
Restarting PowerProtect Data Manager When a PowerProtect Data Manager restart is required, It is recommended that you avoid directly powering off the virtual machine unless it is necessary.
To ensure that PowerProtect Data Manager is able to properly restart, use the reboot or shutdown command. For example, on Linux, run the command shutdown -r or shutdown -h now.
System Maintenance 39
System maintenance troubleshooting
Services do not start after restarting PowerProtect Data Manager
If the operating system root password expires and you do not change the password before you restart PowerProtect Data Manager, some scripts fail to obtain root privileges. In this situation, the PowerProtect Data Manager services cannot start.
Follow the guidance in the PowerProtect Data Manager Security Configuration Guide for operating system expired password behavior to change the root password. Then, restart PowerProtect Data Manager again.
40 System Maintenance
Managing Storage
Topics:
Protection storage Storage units Differences in storage system and storage unit space reporting Monitoring storage capacity thresholds
Protection storage Protection storage is the set of configured storage systems where PowerProtect Data Manager stores backup copies, replicated copies, and other important information. Protection storage can include any of the following: A DD system, including High Availability PowerProtect DD mode An instance of PowerProtect DD Management Center (DDMC) that manages multiple DD systems A DDMC Smart Scale system pool
NOTE: Data Domain is now PowerProtect DD. References to Data Domain or DD systems in this documentation, in the UI,
and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many cases the UI has
not yet been updated to reflect this change.
The most up-to-date software compatibility information for PowerProtect Data Manager is provided by the E-Lab Navigator.
Observe the following information before you configure protection storage:
Adding and configuring protection storage requires the Administrator role. You cannot add protection storage that runs incompatible versions of DDOS. You can only add the same protection storage system once, whether you specify the hostname, FQDN, or IP address. You cannot add a PowerProtect DD Management Center instance which has no managed DD systems. The first time that you add protection storage, PowerProtect Data Manager automatically configures and enables server DR.
The first protection storage system is the default target. System recovery for server DR provides more information. Adding protection storage by hostname or FQDN provides maximum flexibility for future IP address changes. PowerProtect
Data Manager uses DNS to resolve hostnames and FQDNs when you select these entries for the Management network interfaces. Should you later change the DNS mapping, PowerProtect Data Manager resolves the new address and directs Management communication there. Communication with the Data network is by IP address.
Protection storage is further divided into logical groupings that are called storage units, which hold related data and apply more detailed configuration options.
Click to open the Details pane and see more information about an existing protection storage system.
NOTE: Adding a PowerProtect DD Management Center instance is not required for the Storage Direct agent.
PowerProtect DD Management Center automatic discovery
When you add an instance of PowerProtect DD Management Center, PowerProtect Data Manager automatically discovers all the supported DD systems which that PowerProtect DD Management Center instance manages.
PowerProtect Data Manager displays the discovered DD systems on the Protection Storage tab of the Infrastructure > Storage window after discovery finishes. It may take a few minutes for the discovered systems to appear.
For each DD system, the Managed By column in the table indicates the PowerProtect DD Management Center instance that manages the DD system.
If you add a DD system directly to PowerProtect Data Manager, the Managed By column displays the name that you provided for the DD system.
3
Managing Storage 41
High Availability PowerProtect DD support
PowerProtect Data Manager supports DD systems with High Availability (HA) enabled. The Active-Standby configuration provides redundancy in the event of a system failure. HA keeps the active and standby systems synchronized, so that if the active node were to fail, the standby node can take over services and continue where the failing node left off.
When an active High Availability PowerProtect DD system fails over to its standby High Availability PowerProtect DD system, all in progress PowerProtect Data Manager operations including backup, restore, replication, and Cloud Tier continue unaffected.
To add a High Availability PowerProtect DD configuration as a storage target in PowerProtect Data Manager, select Infrastucture > Storage in the PowerProtect Data Manager UI. Add protection storage provides more information.
Virtual machine application-aware protection are only be supported with DDOS version 7.0 or later for HA. The most up-to-date software compatibility information for PowerProtect Data Manager is provided by the E-Lab Navigator.
For details on DD systems with HA enabled, see the DDOS Administration Guide.
Smart Scale system pools
A system pool is a logical group of DD systems with one interface to flexible storage options. PowerProtect Data Manager can use a system pool as protection storage.
The DDOS Administration Guide and PowerProtect DD Management Center Installation and Administration Guide provide more information about Smart Scale, system pools, and the available features. The DDMC instance must be Smart Scale-enabled to use system pools.
After you add the DDMC instance, PowerProtect Data Manager automatically discovers any available system pools. The Model column on the Protection Storage tab indicates that the protection storage system is a system pool.
PowerProtect Data Manager groups system pools under a separate heading in the list for protection storage selection when working with protection policies.
NOTE:
Adding a DDMC instance with system pools also discovers the individual systems within the system pool. PowerProtect
Data Manager includes these systems in lists of available storage targets, such as for protection policy creation. As with
a non-Smart Scale DDMC instance, the Infrastructure > Storage page groups and identifies these systems through the
Managed By column in the list of protection storage systems.
Some roles do not allow you to view the Infrastructure > Storage page to identify the relationships between systems
and system pools. If your role does not allow you to view this information, coordinate storage target assignments with your
system administrator.
Protection policies that target a system pool can replicate to another system pool or to a stand-alone protection storage system. Conversely, policies that target a stand-alone protection storage system can replicate to another protection storage system or to a system pool.
System pool reporting
Protection storage reporting differs slightly between individual protection storage systems and system pools. These differences are visible on the Storage page and the protection storage details pane.
The following table describes how specific columns in the list of protection storage systems behave for system pools.
Table 20. System pool reporting
Column Description
Total The total capacity of the system pool.
Available The largest available space for storage unit placement on a single system in the system pool.
Free The remaining unused space in the pool.
Encryption On if any DD system in the system pool has enabled encryption.
Adding the values for Available and Free yields the total amount of unused space within the system pool.
42 Managing Storage
Mobile DD Boost users
Smart Scale mobile DD Boost users own mobile storage units on system pools. This concept extends the association between DD Boost users and ordinary storage units to the system pool scope.
Mobile DD Boost users provide a unique user ID within a DDMC data center and control access to the associated mobile storage units. These users are centrally managed and unique across data centers.
Mobile DD Boost users send their requests to the DDMC instance which manages the entire system pool. DDMC, in turn, forwards the request to the correct system within the system pool.
As with other storage units, PowerProtect Data Manager associates a mobile DD Boost user with each mobile storage unit under the control of PowerProtect Data Manager.
Storage units provides more information about mobile storage units.
System pool limitations
Before you use system pools, review the following information: If the primary backup or retention targets a system pool, PowerProtect Data Manager removes this system pool and
the individual pool members from the list of available replication targets. This limitation prevents a protection policy from inadvertently replicating to the same protection storage system that holds the primary copies.
Storage Direct policies do not support system pools. The storage target list shows all protection storage systems, regardless of membership, but does not show system pools.
Cloud Tiering does not support system pools. If the primary backup or retention targets a system pool, you cannot add a Cloud Tiering objective to the protection policy. If the replication objective targets a system pool, you cannot add a Cloud Tiering objective to the replication objective.
Server disaster recovery (DR) does not support system pools for protection policies. Protection policies that target system pools do not synchronize to the remote server.
Server DR does not support system pools as a recovery target. The list of target protection storage systems does not include system pools.
When automatically creating a mobile storage unit on a system pool for a protection policy:
If the policy encryption setting is enabled, PowerProtect Data Manager requests placement on a pool member where DD Boost file replication encryption is enabled.
If the policy encryption setting is disabled, PowerProtect Data Manager makes no specific placement request. The mobile storage unit may reside on a pool member where DD Boost file replication encryption could be either enabled or disabled.
The retention lock setting for the system pool and pool members must match the retention lock setting for the protection policy. If retention lock is disabled for the system pool or pool members but enabled for the protection policy, or conversely, mobile storage unit creation fails.
Mobile storage unit migration within a system pool
Review the following PowerProtect Data Manager prerequisites and postrequisites before you migrate mobile storage units within a system pool through DDMC.
During a migration, the selected storage units are unavailable for protection workflows. However, you can coordinate the backup and migration schedules to reduce downtime for the affected workflows.
You can only migrate to a destination that matches the requirements of the mobile storage unit. The PowerProtect DD documentation provides more information about these requirements.
Supported asset types
VMware virtual machines Oracle databases Microsoft SQL Server databases Microsoft Exchange Server databases File systems Network-attached storage (NAS) shares SAP HANA databases Kubernetes clusters
Managing Storage 43
Migration
Perform the following actions:
1. Review the PowerProtect DD documentation for migration instructions. 2. Start the migration and complete all steps leading up to the commit stage. 3. Before you commit the migration, stop the related PowerProtect Data Manager operations for the selected storage units.
Stop PowerProtect Data Manager operations before mobile storage unit migration provides instructions. 4. Commit the migration and wait for migration to complete. 5. Restore full PowerProtect Data Manager operation. Restore PowerProtect Data Manager operations after mobile storage
unit migration provides information. 6. Optionally, verify operation. Verify operation after mobile storage unit migration provides information.
Stop PowerProtect Data Manager operations before mobile storage unit migration
To quiesce PowerProtect Data Manager before you commit the migration, complete the following actions:
Steps
1. Disable any protection policies that use the selected storage units. Disable a protection policy provides instructions.
2. If the affected protection policies have replication objectives, perform manual replication to eliminate any replication backlog. Manual replication of protected assets provides instructions.
Scheduled replication activities continue after you disable a protection policy.
3. Allow all running protection and restore activities for the affected protection policies to complete.
4. Disable server disaster recovery (DR). Disable server DR backups provides instructions.
5. Delete any Instant Access sessions which were started from the selected storage units. The PowerProtect Data Manager Virtual Machine User Guide provides instructions.
6. Disable compliance verification. The PowerProtect Data Manager Security Configuration Guide provides instructions.
Next steps
Refrain from the following activities until the migration completes and you resume normal operations:
Performing manual backups of assets for the affected protection policies. Changing retention periods on the affected protection policies.
Restore PowerProtect Data Manager operations after mobile storage unit migration
To unquiesce PowerProtect Data Manager after migration, complete the following actions:
Steps
1. Enable compliance verification. The PowerProtect Data Manager Security Configuration Guide provides instructions.
2. Enable server DR. Manually configure server DR backups provides instructions.
3. Enable any protection policies that use the selected storage units. Enable a disabled protection policy provides instructions.
Verify operation after mobile storage unit migration
After you unquiesce PowerProtect Data Manager following a migration, optionally verify the operation of all protection policies that use the selected mobile storage units:
Steps
1. Perform a manual backup for each affected protection policy. Manual backups of protected assets provides instructions.
2. If the affected protection policies have replication objectives, perform manual replication. Manual replication of protected assets provides instructions.
3. Browse the existing and new backups of assets for the affected protection policies.
4. Verify that you can restore from the new backups and their replicas, including Instant Access restores.
5. Verify that you can delete existing backups and replicas. Delete backup copies provides instructions.
44 Managing Storage
Add protection storage
Add and configure a storage system to use as a target for protection policies. Only the Administrator role can add protection storage.
Prerequisites
NOTE:
When adding a High Availability PowerProtect DD system, observe the following points:
Do not add the individual active and standby DD systems to PowerProtect Data Manager.
In the Address field, use the hostname that corresponds to the floating IP address of the High Availability PowerProtect
DD system.
The High Availability PowerProtect DD system is verified with the root certificate.
Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. In the Protection Storage tab, click Add.
3. In the Add Storage dialog box, select a storage system (PowerProtect DD System or PowerProtect DD Management Center).
For a system pool, select DDMC.
4. To add a High Availability PowerProtect DD system, select the checkbox.
5. Specify the storage system attributes:
a. In the Name field, specify a storage name. b. In the Address field, specify the hostname, fully qualified domain name (FQDN), or the IP address. c. In the Port field, specify the port for SSL communication. Default is 3009.
6. Under Host Credentials click Add, if you have already configured protection storage credentials that are common across storage systems, select an existing password. Alternatively, you can add new credentials, and then click Save.
7. If a trusted certificate does not exist on the storage system, a dialog box appears requesting certificate approval. Click Verify to review the certificate, and then click Accept.
8. Click Save to exit the Add Storage dialog and initiate the discovery of the storage system.
A dialog box appears to indicate that the request to add storage has been initiated.
9. In the Storage window, click Discover to refresh the window with any newly discovered storage systems. When a discovery completes successfully, the Status column updates to OK. If DDMC is selected, all DD systems managed by the host will be listed after discovery.
10. To modify a storage system location, complete the following steps:
A storage system location is a label that is applied to a storage system. If you want to store your copies in a specific location, the label helps you select the correct storage system during policy creation.
a. In the Storage window, select the storage system from the table. b. Click More Actions > Set Location.
The Set Location window appears. c. Click Add in the Location list.
The Add Location window appears. d. In the Name field, type a location name for the asset, and click Save.
Results
PowerProtect Data Manager displays the available protection storage systems. For each protection storage system, the Managed By column contains one of the following:
Table 21. Managed By column values
Protection storage type Value
A stand-alone protection storage system. The name of the protection storage system.
Managing Storage 45
Table 21. Managed By column values (continued)
Protection storage type Value
A protection storage system or a system pool that is managed by DDMC.
The name of the DDMC instance.
Edit protection storage
You can change the name, port number, and credentials for an existing protection storage system. You cannot change the address. Only the Administrator role can edit protection storage.
Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. In the Protection Storage tab, select a protection storage system and then click the link in the Managed By column. Edit Storage dialog box appears.
3. In the Edit Storage dialog box, specify the storage system attributes:
a. In the Name field, specify a new storage name. b. In the Port field, specify the port for SSL communication. Default is 3009. c. Under Host Credentials, select a new set of credentials or click Add.
4. If a trusted certificate does not exist for the protection storage system, a dialog box appears requesting certificate approval. Click Verify to review the certificate, and then click Accept.
5. Click Save to exit the Edit Storage dialog box.
Storage units PowerProtect Data Manager can create, configure, and reuse storage units on a protection storage system. These storage units are the targets for protection and replication policies.
The term "storage unit under the control of PowerProtect Data Manager" describes a storage unit that was created through one of the methods that are discussed here.
Review the applicable limitations before you create or change a storage unit, or change the protection or replication target for a policy. The PowerProtect DD Virtual Edition Installation and Administration Guide for the appropriate platform provides more information about storage units (MTrees).
Mobile storage units
For Smart Scale, mobile storage units extend the concept of a storage unit to the scope of an entire system pool. A mobile storage unit has the potential to move from one pool member to another. Thus:
When you browse the storage units in a system pool, PowerProtect Data Manager displays only mobile storage units. When you browse the storage units on a DD system, PowerProtect Data Manager displays only regular (non-mobile) storage
units. You must work with mobile storage units at the system pool level.
Aside from scope differences, PowerProtect Data Manager treats mobile storage units and regular storage units as equivalent.
Storage unit creation and configuration
PowerProtect Data Manager provides two ways to create storage units on the protection storage system:
If you do not select an existing storage unit when you create a protection policy, PowerProtect Data Manager automatically creates a storage unit for you.
Through the PowerProtect Data Manager UI, you can directly create storage units as required.
You can use the UI to configure the quotas and credentials for storage units under the control of PowerProtect Data Manager.
46 Managing Storage
Click to open the Details pane and see more information about an existing storage unit, including configuration values.
Storage unit selection
When you create or edit a protection policy, PowerProtect Data Manager provides the option to select a storage unit as the protection or replication target. The storage unit can be on the same or another protection storage system.
The Storage page lists all storage units that were discovered on a protection storage system. Only storage units under the control of PowerProtect Data Manager are available to select for a protection policy. Other storage units are not available to select, even if known.
A storage unit under the control of PowerProtect Data Manager can be the target for multiple protection policies. When you select an existing storage unit as a policy target, the policy inherits the storage unit's quota settings.
Managing Protection Policies provides more information about using storage units with policies.
Security
All protection policies and applications that share a storage unit can access any data in that storage unit. Reuse a storage unit only for policies and applications that belong to the same organizational unit or which share a trusted relationship. Policies and applications for different organizational units should use different storage units.
Any other external applications that also use the storage unit should protect and restrict access to the DD Boost credentials. These credentials provide access to the PowerProtect Data Manager data.
Automatic storage unit maintenance
For automatically-created storage units, automatic maintenance removes the storage unit when both the following conditions are true:
No protection policies target the storage unit for backups or replication. The storage unit contains no backups.
Automatic maintenance removes these empty, unused storage units. For governance mode retention, automatic maintenance removes these storage units even if retention lock is enabled. Because deleting a storage unit with compliance mode enabled requires security officer credentials, automatic maintenance cannot remove these storage units.
For directly-created storage units, automatic maintenance does not remove the storage unit even when these conditions are true. In this case, contact the protection storage system administrator to remove the storage units.
Updating from previous releases
Any protection policy can use storage units that were automatically created for policies in a previous release of PowerProtect Data Manager. Policies that were created in a previous release continue to function as before.
Previous releases of the Oracle agent do not support storage units with multiple protection policies. The PowerProtect Data Manager Oracle RMAN User Guide provides more information.
Storage unit limitations
When using storage units with multiple protection policies, the following limitations apply: PowerProtect Data Manager cannot target or configure storage units that were not created through PowerProtect Data
Manager. PowerProtect Data Manager cannot target storage units that were configured elsewhere for Cloud Tiering. Moving a protection policy to another storage unit or protection storage system may require a full backup.
For virtual machines, file system backups, Kubernetes, and Microsoft Exchange Server backups, the next backup is automatically promoted to a full backup.
For Microsoft SQL Server, Oracle, and SAP HANA backups, complete a manual full backup of these assets with the new storage unit.
Protection policies for Storage Data Management cannot share a storage unit with other protection policies.
Managing Storage 47
Retention lock on a storage unit is disabled if any protection policy on that storage unit has retention lock disabled. Previous releases of the Oracle agent do not support sharing a storage unit between protection policies. The PowerProtect
Data Manager Oracle RMAN User Guide provides more information.
Storage unit considerations for PowerProtect DD
With respect to PowerProtect DD, storage units have certain restrictions and best practices. Be aware of the following considerations: In order to avoid synchronization issues with PowerProtect Data Manager, any storage units that PowerProtect Data
Manager is managing or using should not be deleted directly from the DD. Storage units that you create in PowerProtect Data Manager must not be changed by the DD administrator to set up
storage unit replication. Storage units that you create in PowerProtect Data Manager must not be configured for Cloud Tiering. The following limitations apply to the number of supported storage units by PowerProtect DD model:
Table 22. Supported storage units for PowerProtect DD Operating System (DDOS) versions
PowerProtect DD system
DDOS version Maximum number of storage units supported
Supported configurable concurrently active storage units
DD9800 6.0 and later 256 256
DD9500 5.7 and later 256 256
DD6800, DD9300 6.0 and later 128 128
DD6300 6.0 and later 100 32
DD990, DD4200, DD4500, DD7200
5.7 and later 128 128
All other DD systems 5.7 and later 100 Up to 32, based on the model
DD9500 5.6 100 64
DD990, DD890 5.3 and later 100 Up to 32, based on the model
DD7200, DD4500, DD4200
5.4 and later 100 Up to 32, based on the model
All other DD systems 5.2 and later 100 Up to 14, based on the model
Table 23. Supported storage units in PowerProtect DD Virtual Edition (DDVE) by TB
Number of TBs Maximum number of storage units
Supported configurable concurrently active storage units
4 100 6
6
8
32 100 14
48
64 100 32
96
48 Managing Storage
Retention locking
Retention locking prevents the deletion or alteration of data on a protection storage system for a specified period. PowerProtect Data Manager supports both governance mode and compliance mode retention locking for backups and replicas.
The PowerProtect DD documentation provides more information about each retention lock mode, including the differences between modes. Retention locking requires enablement and licensing on the protection storage system before use with PowerProtect Data Manager.
Retention locking is a two-stage process:
1. Create a storage unit on which you configure the appropriate retention lock mode. Configuration enables but does not activate retention locking.
2. Configure protection policies that both target this storage unit and activate retention locking. Toggling the retention lock setting for a protection policy activates retention locking in accordance with the configuration of the selected storage unit.
Once set, you cannot change the retention lock mode on a storage unit. To use a different retention lock mode with a protection policy, target a different storage unit. The original retention lock mode persists for existing backups or replicas that were created before the change.
The choice of retention lock mode may impact which protection policies can share a storage unit. Consider the retention lock settings when you design your storage unit architecture.
Compliance mode
Observe the following details before you configure or activate compliance mode retention locking:
Compliance mode requires DDOS 7.10 or later. Earlier versions support only governance mode. Compliance mode requires the security officer credentials for the associated protection storage system. PowerProtect Data
Manager does not store the security officer credentials. The Storage Direct agent for Storage Data Management does not support compliance mode. The option to create a storage unit through the selection drop-down list during protection policy configuration does not
support compliance mode, only governance mode. To use compliance mode, create and configure a storage unit before you configure an associated protection policy.
Deleting a storage unit with compliance mode enabled requires the security officer credentials for the associated protection storage system.
System pools and compliance mode retention locking
Mobile storage unit creation can place the storage unit on any pool member. However, the security officer credentials are unique to each pool member. Use the following roadmap to create a mobile storage unit and enable retention locking after creation. 1. Ensure that compliance mode is enabled for all pool members. 2. Create a mobile storage unit and set the retention lock mode to None.
3. Review the details for the mobile storage unit and note the pool member where the storage unit resides. 4. Edit the mobile storage unit and change the retention lock mode to compliance mode. Provide the security officer credentials
for that pool member.
Create a storage unit
Directly create a storage unit through the PowerProtect Data Manager UI for use with protection policies.
Prerequisites
Add at least one protection storage system for PowerProtect Data Manager.
Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. On the Protection Storage tab, select a storage system, and then select More Actions > Manage Storage Units. The Storage Units page opens and displays a list of the storage units under the control of PowerProtect Data Manager.
Managing Storage 49
3. Select Add. The Create Storage Unit or Create Mobile Storage Unit dialog box opens.
4. Type a name for the new storage unit.
5. For mobile storage units in system pools, select a Network Group.
Network groups are configured in DDMC to provide access to the system pool over different physical or virtual networks. A network group contains information about the IP addresses for the pool members and the IP address that clients use for access to the system pool.
6. Set the capacity and stream quotas that restrict the storage unit resource consumption.
There are two kinds of quota limitshard limits and soft limits. You can set either a soft or hard limit or both a soft and hard limit. Both values must be integers, and the soft value must be less than the hard value.
NOTE: When you set a soft limit and the limit is reached, an alert is generated, but data can still be written. When you
set a hard limit and the limit is reached, data cannot be written. All data protection operations fail until data is deleted
from the storage unit. The PowerProtect DD Virtual Edition Installation and Administration Guide for the appropriate
platform provides more information about quota configuration.
a. Capacity QuotaControls the total size of precompression data that is written to the protection storage. b. Stream QuotaThe number of concurrent streams allowed during data protection operations. Setting a Stream Quota
limit can help ensure that performance is not impacted negatively when a data protection operation consumes too many resources.
7. Set a Retention Lock Mode from the available modes: None, Compliance, or Governance.
This field displays only the licensed and enabled options for the selected protection storage system. If no retention lock modes are enabled, the only option is None.
If you select Compliance, provide the username and password for the security officer who is associated with the protection storage system.
8. Select Save.
Results
PowerProtect Data Manager creates the storage unit on the selected protection storage system.
Edit a storage unit
Configure the settings for an existing storage unit through the PowerProtect Data Manager UI. You can also view a list of protection policies that target the storage unit.
About this task
Any changes to these storage unit attributes that you make directly on the protection storage system are also reflected in PowerProtect Data Manager.
Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. On the Protection Storage tab, select a storage system, and then select More Actions > Manage Storage Units. The Storage Units page opens and displays a list of the storage units under the control of PowerProtect Data Manager.
3. To view the details or usage for a storage unit, select for that storage unit.
The Details pane opens and displays the name, type, capacity, quota information, and a list of protection policies that currently target the storage unit.
The storage unit may contain copies from protection policies that no longer target the storage unit.
4. Select a storage unit from the list, and then select Edit. The Edit Storage Unit or Edit Mobile Storage Unit dialog box opens.
5. For mobile storage units in system pools, select a Network Group.
50 Managing Storage
Network groups are configured in DDMC to provide access to the system pool over different physical or virtual networks. A network group contains information about the IP addresses for the pool members and the IP address that clients use for access to the system pool.
6. Set the capacity and stream quotas that restrict the storage unit resource consumption.
There are two kinds of quota limitshard limits and soft limits. You can set either a soft or hard limit or both a soft and hard limit. Both values must be integers, and the soft value must be less than the hard value.
NOTE: When you set a soft limit and the limit is reached, an alert is generated, but data can still be written. When you
set a hard limit and the limit is reached, data cannot be written. All data protection operations fail until data is deleted
from the storage unit. The PowerProtect DD Virtual Edition Installation and Administration Guide for the appropriate
platform provides more information about quota configuration.
a. Capacity QuotaControls the total size of precompression data that is written to the protection storage. b. Stream QuotaThe number of concurrent streams allowed during data protection operations. Setting a Stream Quota
limit can help ensure that performance is not impacted negatively when a data protection operation consumes too many resources.
7. If the Retention Lock Mode is None, set a Retention Lock Mode from the available modes: Compliance or Governance.
This field displays only the licensed and enabled options for the selected protection storage system. If no retention lock modes are enabled, the only option is None.
If you select Compliance, provide the username and password for the security officer who is associated with the protection storage system.
8. Select Save.
Results
PowerProtect Data Manager updates the storage unit settings.
Delete a storage unit
Because deleting a storage unit with compliance mode retention locking requires security officer credentials, automatic maintenance cannot remove these storage units. Instead, use this procedure to remove storage units with compliance mode retention locking.
Prerequisites
Before you can delete a storage unit, the storage unit must be empty and not targeted by any protection policies. The storage unit must be under the control of PowerProtect Data Manager and created by this instance of PowerProtect Data Manager.
If compliance mode retention locking is enabled, the security officer credentials for the associated protection storage system are required.
Steps
1. From the left navigation pane, select Infrastructure > Storage.
The Storage window appears.
2. On the Protection Storage tab, select a storage system, and then select More Actions > Manage Storage Units. The Storage Units page opens and displays a list of the storage units under the control of PowerProtect Data Manager.
3. Select a storage unit from the list, and then select Delete. The Enter Security Officer Credential dialog box opens.
4. Provide the security officer credentials and then click OK.
Results
PowerProtect Data Manager removes the storage unit.
Managing Storage 51
Working with storage unit passwords
The PowerProtect Data Manager Security Configuration Guide provides instructions for the following topics:
Viewing an existing storage unit password Changing a storage unit password through the UI Changing the storage unit password policy
Differences in storage system and storage unit space reporting Review the following sections for information about differences in the manner that storage space is reported in PowerProtect Data Manager.
Base 10 standard used for size calculations in the PowerProtect Data Manager UI
For size calculations (for example, asset size, storage system capacity), the PowerProtect Data Manager UI uses the Base 10 standard, which specifies the size in MB, GB, and TB.
Other components, however, might use the Base 2 standard, which specifies the size in MiB, GiB, and TiB. When there is a discrepancy in reported size, use the UI to obtain the most correct information.
How storage unit capacity is reported in PowerProtect Data Manager and DD Virtual Edition
Due to differences in space calculation (physical capacity vs logical capacity), there is a discrepancy between how storage unit capacity is reported in PowerProtect Data Manager and DD Virtual Edition.
For example, because PowerProtect Data Manager displays the DD storage unit logical capacity, the value that is reported when you select More Actions > Manage Storage Units in the PowerProtect Data Manager UI Infrastructure > Storage window might be greater than the amount reported in DDVE, which displays the physical capacity.
To determine the physical storage unit capacity, use DDVE instead.
Monitoring storage capacity thresholds PowerProtect Data Manager periodically monitors protection storage usage and reports alerts when a system reaches two capacity thresholds. As a best practice, check for these alerts and respond before the system exhausts storage capacity.
At 80% capacity, PowerProtect Data Manager generates a weekly warning alert. At this threshold, you should develop a strategy to add capacity or move protection policies to another storage target. Managing Protection Policies provides more information about moving policies.
At 95% capacity, PowerProtect Data Manager generates a daily critical alert. At this threshold, capacity exhaustion is imminent.
Changing the capacity alerting thresholds requires contacting Support.
52 Managing Storage
Using the PowerProtect Search Engine
Topics:
Introducing the PowerProtect Search Engine Set up and manage indexing Search Engine node deletion Edit the network configuration for a Search Engine node Perform a search Troubleshooting Search Engine issues
Introducing the PowerProtect Search Engine When you deploy PowerProtect Data Manager, the PowerProtect Search Engine software is installed by default.
The PowerProtect Search Engine indexes virtual machine file metadata to enable searches based on configurable parameters. To use this feature, add at least one Search Engine node to the Search Engine to form a cluster. Adding a Search Engine node enables the indexing feature.
You can enable the indexing option when creating protection policies so that the assets are indexed while they are backed up. Recovering indexes from a disaster is a manual process. The indexing recovery process will be automated in a future release.
When a DR backup is run, scheduled, or manually triggered, the cluster backup workflow backs up the cluster index data. A backup task is created, and you can view the individual status of the Search Component backup under Details.
NOTE: Scheduled backups with Search cluster integration appear in the Jobs pane as two identical jobs: an initialization job,
which runs immediately, and the backup job, which runs both server DR and Search cluster backups.
Deploy Search Engine nodes with fully qualified domain names (FQDNs) only. PowerProtect Data Manager verifies that the hostname is an FQDN before deployment.
Limitations
PowerProtect Search Engine is an optional feature that can be enabled, set up, and configured for virtual machine backups and protection policies. When you enable this feature, a backup of the Search Engine is taken as part of the server backup process. As of this release, you cannot disable these backups. Therefore, when Search is enabled, you must add the Search Engine node on the DD system that contains the ServerBackup MTree to the Allow list. If you use NFS for server DR, add the Search Engine node IP address or hostname to the client list for the NFS export.
After an update to PowerProtect Data Manager, with the Search Engine already configured, and the first time that you use the Networks page to add a virtual network to an environment, PowerProtect Data Manager does not automatically add the virtual network to the Search Engine. Instead, manually edit each node to add the virtual network. This action makes the Search Engine aware of virtual networks. Any subsequent new virtual networks are automatically added to the Search Engine.
Set up and manage indexing Set up a Search Engine node and configure indexing.
Prerequisites
Ensure that: A vCenter datastore has been configured. The PowerProtect Data Manager Virtual Machine User Guide provides detailed
steps for adding a vCenter server as an asset source. PowerProtect Data Manager has discovered the networks for the vCenter server.
4
Using the PowerProtect Search Engine 53
The following requirements for the PowerProtect Search Engine are met:
NOTE: Each Search Engine node must meet the system requirements.
CPU: 4 * 2 GHz (4 virtual sockets, 1 core for each socket) Memory: 8 GB RAM Disks: 3 disks (50 GB each) and 1 disk (1 TB) Internet Protocol: Either only IPv4 or only IPv6 NIC: One vmxnet3 NIC with one port
The PowerProtect Data Manager system is configured to use an NTP server. NTP server configuration is required to synchronize the time across the Search Engine nodes in a multi-node cluster.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine, and then click Add Node.
2. In the Add Search Engine Node wizard, provide the required parameters.
Hostname, IP Address, Gateway, DNS, and Netmask. vCenterIf you have added multiple vCenter server instances, select the vCenter server on which to deploy the Search
Engine node.
NOTE: Ensure that you do not select the internal vCenter server.
ESX Host/ClusterSelect on which cluster or ESXi host you want to deploy the Search Engine node. NetworkDisplays all the networks that are available under the selected ESXi Host/Cluster. For virtual networks
(VLANs), this network carries management traffic. Data StoreDisplays all datastores that are accessible to the selected ESXi Host/Cluster.
3. Click Next. The Networks Configuration page displays.
4. On the Networks Configuration page:
The Networks Configuration page configures the virtual network (VLAN) to use for Data for Management Components traffic. To continue without virtual network configuration, leave the Preferred Network Portgroup selection blank and then click Next.
a. From the Preferred Network Portgroup list, select a Virtual Guest Tagging (VGT) group.
VST (Virtual Switch Tagging) groups are not supported.
The list displays all virtual networks within the trunk range. If you select a portgroup that contains multiple networks, PowerProtect Data Manager automatically selects all networks. Individual networks cannot be selected.
A Search Engine node requires an IP address from the static IP pool for each selected virtual network. If there are not enough IP addresses in a pool, the wizard prompts you to supply additional addresses for that network.
Ensure that the selected virtual networks support a traffic type that is compatible with Search Engine nodes. b. If required, type an available static IP address or IP address range in the Additional IP Addresses column for the
indicated virtual network.
For convenience when working with multiple virtual networks, you can also use one of the Auto Expand options:
Expand Last IPThe wizard increments the host portion of the last IP address in the static IP pool. Click Apply. Same Last DigitThe wizard adds the network portion of the IP address to the specified value. Type the host
portion of the IP address and then click Apply.
The wizard updates the value in the Additional IP addresses column for each network. Verify the proposed IP addresses.
c. Click Next.
5. On the Summary page, review the information and then click Finish. The new Search Engine node is deployed, and details are displayed in the lower panel.
6. (Optional) Repeat the previous steps to deploy additional Search Engine nodes to the cluster.
NOTE: Ensure that the previous Search Engine node successfully deploys before you add another.
7. In the Configure Search Engine dialog box, enable or disable indexing, accept or change the expiration period, and then click OK.
NOTE:
54 Using the PowerProtect Search Engine
When the index cluster reaches 70 percent, an alert is generated. When it reaches 90 percent, an alert is generated
and indexing is suspended. Specify a global index expiry interval to periodically clean up indexes, which frees up
space.
To turn off or modify indexing, select Infrastructure > Search Engine, select the cluster, and click Configure
Cluster. From the Configure Search Cluster dialog box, you can enable/disable the service or change the number
of expiration days.
Indexes expire according to the global setting or when the associated copies expire, whichever occurs first.
To stop indexing assets that have been added to a protected protection policy, disable the indexing option during
protection policy configuration.
You can add up to a maximum of 5 Search Engine nodes.
Next steps
NOTE:
When you edit or retry an operation that failed and there are additional IP addresses in the address pool, PowerProtect Data
Manager marks the last failed IP address as abandoned. PowerProtect Data Manager does not try to reuse any IP addresses
that are marked as abandoned. The UI does not display this condition.
KB article 000181120 provides more information about how to use the REST API to detect when an IP address is marked as
abandoned. The article also provides steps to correct this condition so that the IP address can be used again.
Search Engine node deletion PowerProtect Data Manager supports the deletion of a Search Engine node from a multi-node cluster in the PowerProtect Data Manager UI.
You can delete an operational node from a Search Engine cluster to decrease cluster capacity if the space is no longer required. You can also redeploy or delete nodes that could not be successfully added to the Search Engine.
When you delete an operational node, PowerProtect Data Manager moves the index data to the remaining nodes to avoid data loss.
When you delete a node, the operation is triggered and a new job is created, which you can view in the Jobs > System Jobs window to track its progress.
Delete operational Search Engine nodes
You can delete Search Engine nodes that have been added to the Search Engine and are in an operational state.
About this task
CAUTION: Deleting the primary node deletes the index data and makes the cluster inactive. Add a node to make
the cluster operational.
Before you can delete the primary node, you must delete all other nodes.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine.
2. Select the node from the list that you want to delete and click More Actions > Delete Node.
In the Delete Search Engine Node window, choose one of the following options:
CAUTION: When you delete a node and its data, the Search Engine deletes the node without redistributing
the data to the remaining nodes in the cluster. If the index data is deleted, the cluster becomes inactive.
Delete the node without data loss.
To delete the node and move the index data to the remaining nodes in the cluster, click Delete Node.
Using the PowerProtect Search Engine 55
Delete the node and its data.
To allow the Search Engine to delete the node along with the index data it holds, select the check box and click Delete Node.
3. Go to the Jobs > System Jobs window to monitor the progress of the node deletion operation.
Results
The node is deleted from the cluster.
Redeploy or delete failed Search Engine nodes
PowerProtect Data Manager enables you to redeploy or delete Search Engine nodes that could not be successfully deployed.
About this task
The Redeploy Node functionality is only enabled for nodes that could not be successfully added to the Search Engine.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine.
2. Select the failed node that you want to either redeploy or delete from the cluster.
3. Do one of the following: To redeploy the failed node, click More Actions > Redeploy Node.
The Redeploy Search Engine Node wizard opens. The Search Engine populates the fields with the information that you supplied when you added the node. Verify that the information is correct.
To delete the failed node, click More Actions > Delete Node.
Results
You can view the details for the operation in the Jobs > System Jobs window.
Next steps
Optionally, if you want to update the DNS or gateway during the Search Engine node redeployment, you can use one of the following commands:
To update both the gateway and DNS, run ./infranodemgmt redeploy -node_id Search Node ID -updateDns DNS IPv4 address -updateGateway Gateway IP address
To update the gateway only, run ./infranodemgmt redeploy -node_id Search Node ID -updateGateway Gateway IP address
To update DNS only, run ./infranodemgmt redeploy -node_id Search Node ID -updateDns DNS IP address
Edit the network configuration for a Search Engine node To change the virtual network configuration, perform the following steps. To change any other network configuration settings, contact Customer Support.
Prerequisites
Before you remove a network, disable indexing. Set up and manage indexing provides instructions.
About this task
If Search Engine node deployment failed because of a virtual network configuration problem, you can update the configuration to add additional IP addresses to the static IP pool. If you did not configure a virtual network during initial deployment, you can also add the Search Engine node to a virtual network in the same Virtual Guest Tagging (VGT) port group.
56 Using the PowerProtect Search Engine
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine and then select the applicable Search Engine node.
2. Select More Actions > Edit Networks. The Edit Search Engine Node wizard opens to the Network Configuration page.
3. If applicable, from the Preferred Network Portgroup list, select a VGT network to carry Data for Management Components traffic.
The list displays all virtual networks within the trunk range. If you select a portgroup that contains multiple networks, PowerProtect Data Manager automatically selects all networks. Individual networks cannot be selected.
A Search Engine node requires an IP address from the static IP pool for each selected virtual network. If there are not enough IP addresses in a pool, the wizard prompts you to supply additional addresses for that network.
Virtual networks with a warning symbol ( ) beside the network name require attention and review. For example, if you changed the network configuration, the configured traffic types may not support Search Engine nodes. Clear any interfaces which no longer apply to the Search Engine node.
4. If required, type an available static IP address or IP address range in the Additional IP Addresses column for the indicated virtual network.
For convenience when working with multiple virtual networks, you can also use one of the Auto Expand options:
Expand Last IPThe wizard increments the host portion of the last IP address in the static IP pool. Click Apply. Same Last DigitThe wizard adds the network portion of the IP address to the specified value. Type the host portion
of the IP address and then click Apply.
The wizard updates the value in the Additional IP addresses column for each network. Verify the proposed IP addresses.
5. Click Next.
6. On the Summary page, review the information and then click Finish.
Next steps
If you disabled indexing, re-enable indexing. Set up and manage indexing provides instructions.
Perform a search When the Search Engine is deployed and configured, you can use the File Search functionality in the PowerProtect Data Manager UI to search across all indexed data to locate protected files and folders within backup copies. When asset types are set up for index searching, the File Search button appears in the Restore menu for assets.
Before performing a search, ensure that:
A Search Engine node is set up. Search indexing is enabled.
Troubleshooting Search Engine issues This section lists troubleshooting for Search Engine issues.
Some Search Engine troubleshooting procedures require the credentials for individual Search Engine nodes. Search Engine nodes have admin and root user accounts that are used for troubleshooting software issues. The PowerProtect Data Manager Security Configuration Guide provides instructions to manage Search Engine node credentials.
Error displays during Search Engine node failure
The following error might display during a search when a Search Engine node fails:
Not able to deploy search-node.com. Another session "
Using the PowerProtect Search Engine 57
Certificate issues
Issues with indexing backups and/or performing search queries might result when certificates that were deployed on the Search Engine node were corrupted.
Perform one of the following tests to determine certificate issues:
Use the log bundle download utility in PowerProtect Data Manager to examine the Backup VM logs in VM Direct, and look for a log entry like the following:
ERROR: Failed to Upload File: /opt/emc/vproxy/runtime/tmp/vproxyd/ plugin/search/e6c356a1-fbaf-4231-9f6f-a0166b74909a/
Examine the REST engine logs in the Search Engine node (/opt/emc/search/logs/rest-engine/*.log), and look for certificate verification errors.
Run a search either through the UI or through the API
Examine the certificate files on each Search Engine node to investigate further. If necessary, regenerate the certificate files.
Verify certificates
Use this procedure to verify that certificates are valid and uncorrupted:
1. Verify that the rootca.pem file is the same in all the relevant nodes (Search Engine node, PowerProtect Data Manager, and VM Direct node).
NOTE: The rootca.pem file name is different on each node:
PowerProtect Data Manager/etc/ssl/certificates/rootca/rootca.pem Search Engine node/var/lib/dellemc/vmboot/trust/thumbprint VM Direct/var/lib/dellemc/vmboot/trust/thumbprint
2. Run the following OpenSSL command to find out whether the root certificate file is corrupt or invalid: openssl verify
Response:
/var/lib/dellemc/vmboot/trust/thumbprint: C = US, O = DELL Corporation, CN = PPDM Root CA ID-4c9de850-24ab-42ec-a9a7-6080849d0d24
error 18 at 0 depth lookup:self signed certificate
OK
Ensure that the CN values match.
Certificate verification fails
If the certificate verification steps fail, you must re-create the certificates on the Search Engine node or VM Direct node:
1. Connect to the PowerProtect Data Manager console and change to the root user. 2. Use the Get command in the infranodemgmt utility to determine the Search Engine node FQDN.
3. Run /usr/local/brs/puppet/scripts/generate_certificates.sh -n -c -b
4. Open this file to determine the location of the generated certificates. They should be located in /etc/ssl/ certificates/
58 Using the PowerProtect Search Engine
5. Obtain the Search Engine node credentials. The PowerProtect Data Manager Security Configuration Guide provides instructions.
6. From a separate terminal, SSH into the Search Engine node. 7. Change directory to /var/lib/dellemc/vmboot/trust and move the key, cert, and thumbprint files over.
8. Copy the certificate files that were generated in PowerProtect Data Manager as follows: rootca.pem to thumbprint
9. Paste the files to /var/lib/dellemc/vmboot/trust.
10. Set the permissions for the key, cert, and thumbprint files to 0644, and then set the ownership of these files to root:app.
11. Restart the REST engine service to pick up the new certificates: systemctl restart search-rest-engine.
12. Check the REST engine log file (/opt/emc/search/logs/rest-engine/rest-engine-daemon-<fqdn>.log) to verify that the service started successfully.
Ensure that the following message appears:
A valid Root CA certificate of backup server was provided during deployment Result: Backup with indexing executes successfully and the Search Engine is functional.
Search Engine cluster is full
If the Search Engine is full, you can deploy additional nodes by following the steps in Set up and manage indexing.
If the Search Engine runs out of space and you do not want to deploy an additional node, you have the following options:
Disable the service Shorten the expiration time to remove indexes sooner Remove indexes manually
To disable the service, complete the following steps:
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine. 2. Select the cluster, and then click Configure Cluster. 3. In the Configure Search Cluster dialog box, switch the Search Indexing button to turn it off, and then click Save.
NOTE: This setting applies to all indexes in all protection policies in the Search Cluster.
To shorten the expiration time to remove indexes sooner, complete the following steps:
1. From the PowerProtect Data Manager UI, select Infrastructure > Search Engine. 2. Select the cluster, and then click Configure Cluster. 3. In the Configure Search Cluster dialog box, modify the Search Index Expiration and click Save. A recommended formula
to determine the expiration time is: Delete Index when Today = Backup-Date + Expiration Days + 1 day. That is, one day after the backup expires.
NOTE: This setting applies to all indexes in all protection policies in the Search Engine.
To remove indexes manually, complete the following steps:
1. Use SSH to log in to the Search Engine. 2. Create a snapshot of the cluster using the following format:
{ Command: "APP_SNAPSHOT", Title: "Initiate Index/Search Cluster Snapshot Process", AsyncCmd: false, Properties: { "Name": { Description: "Used to uniquely identify a particular snapshot", Type: STRING }, "Action": { Description: "Action to perform, 'Create', 'Delete', 'Restore' or 'Cancel' a Snapshot", Type: STRING },
Using the PowerProtect Search Engine 59
"NFSHost": { Description: "NFS Host serving snapshot backup area.", Type: STRING }, "NFSExport": { Description: "NFS Export path to mount too.", Type: STRING }, "NFSDirPath": { Description: "NFS directory path to write too.", Type: STRING } } }
For example:
{ "Command": "APP_SNAPSHOT", "Title": "", "AsyncCmd": false, "Properties": { "Action": { "Description": "", "Required": false, "Type": "string", "IsArray": false, "Value": "Create", "Default": null }, "Name": { "Description": "", "Required": false, "Type": "string", "IsArray": false, "Value": "DataManager_Catalog_Cluster_snapshot_2019-10-16-12-57-16", "Default": null }, "NFSHost": { "Value": "10.25.87.88" }, "NFSExport": { "Value": "/mnt/shared" }, "NFSDirPath": { "Value": "" } } }
3. You can delete indexes by protection policy or by asset. If the JSON command is stored at /home/admin/remove- plc.json, run the command, ./searchmgmt -I /home/admin/remove-plc.json.
Use the following format to delete indexes by protection policy:
{ "Command": "APP_REMOVE_ITEMS", "AsyncCmd": false, "Properties": { "Action": { "Description": "Action to perform, 'AssetDelete', 'PLCDelete'", "Required": true, "Value": "PLCDelete", } "PLCID": { "Description": "PLC ID of item(s) to delete.", "Required": true, "Value": "7676d753-b57e-a572-6daf-33689933456d", } } }
60 Using the PowerProtect Search Engine
Use the following format to delete indexes by asset type:
{ "Command": "APP_REMOVE_ITEMS", "AsyncCmd": false, "Properties": { "Action": { "Description": "Action to perform, 'AssetDelete', 'PLCDelete'", "Required": true, "Value": "AssetDelete", }, "AssetID": { "Description": "Optional, Asset ID of item(s) to delete.", "Required": false, "Value": "503dd753-b57e-a572-6daf-44680033755f", }, "PLCID": { "Description": "PLC ID of item(s) to delete.", "Required": true, "Value": "7676d753-b57e-a572-6daf-33689933456d", } } }
NOTE:
The time to complete the execution of these procedures depends on the number of backup copy asset indexes being
deleted.
This procedure does not impact regular operation of the cluster.
Troubleshooting a locked Search Engine node
The PowerProtect Data Manager Security Configuration Guide provides information about Search Engine node user accounts and credentials, including password management policies. The password management policies for these accounts are set to lock the admin user account after three failed attempts within five minutes. If you try to access the node while the admin user account is locked, the amount of time that the account remains locked increases.
A Search Engine node might become locked for the following reasons:
A user or program makes three failed attempts to SSH into the Search Engine node. Running monitoring software that tries to log in to the Search Engine node with the wrong admin credentials. Running penetration testing on the virtual machines in a vCenter server.
The Search Engine node admin user accounts enable PowerProtect Data Manager to perform operations on each node, such as obtaining the health status of the node. If the account is locked, the health status of the node is reported as "Failed." When one of the nodes in the cluster is in a failed state, the entire cluster becomes unavailable. As a result, the cluster is unable to perform any indexing or search operations.
Workaround
To work around this issue, reset the Search Engine node admin credentials. Before you reset the credentials, determine why the admin account is locked.
Obtain the Search Engine node root credentials. Then, reset the Search Engine node admin credentials. The PowerProtect Data Manager Security Configuration Guide provides instructions.
Using the PowerProtect Search Engine 61
Managing Assets
Topics:
About asset sources, assets, and storage About other asset sources Prerequisites for discovering asset sources Enable an asset source Delete an asset source Adding a Cloud Snapshot Manager tenant
About asset sources, assets, and storage In PowerProtect Data Manager, assets are the basic units that PowerProtect Data Manager protects. Asset sources are the mechanism that PowerProtect Data Manager uses to manage assets and communicate with the protection storage where backup copies of the assets are stored.
PowerProtect Data Manager supports PowerProtect DD Management Center (DDMC) as the storage and programmatic interface for controlling protection storage systems.
Asset sources can be a vCenter server, Kubernetes cluster, application host, SMIS server, or Cloud Snapshot Manager tenant. Assets can be virtual machines, Microsoft Exchange Server databases, Microsoft SQL Server databases, Oracle databases, SAP HANA databases, file systems, Kubernetes namespaces, or storage groups.
Before you can add an asset source, you must enable the source within the PowerProtect Data Manager user interface.
In the Assets window, you can export asset records by using the Export All functionality.
IPv6 information not displayed by the Asset Sources window
The Asset Sources window does not display IPv6 information. If an asset only uses IPv6, the IPV4 column displays a blank entry. To select an IPv6-only asset, refer to the Name column.
Maximum supported number of characters in an asset or storage name is 25
PowerProtect Data Manager does not support more than 25 characters in an asset or storage name.
CAUTION: If this maximum is exceeded, protection policy configuration fails.
About other asset sources In addition to vCenter server asset sources, PowerProtect Data Manager provides the option to enable the following asset sources to protect other asset types.
NOTE: The PowerProtect Data Manager Administration and User Guide does not provide instructions for Kubernetes
clusters or agent asset source management. Refer to the PowerProtect Data Manager online help or individual Kubernetes
and agent user guides for more information.
5
62 Managing Assets
File System agent
After the File System agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager integrates with the agent to enable an application administrator to protect and recover data on the File System host, and to check and monitor backup compliance against protection policies.
Kubernetes cluster
After the Kubernetes cluster asset source is added and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager enables protection of PVCs and namespace data on the Kubernetes or Tanzu Kubernetes cluster.
NAS agent
After the NAS asset source is added and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager enables protection of NAS assets.
Microsoft application agent for Microsoft Exchange Server
After the Microsoft application agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager integrates with the agent to enable an application administrator to protect and recover the Microsoft Exchange Server application data on the application host, and to check and monitor backup compliance against protection policies.
Microsoft application agent for Microsoft SQL Server
After the Microsoft application agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager integrates with the agent to enable an application administrator to protect and recover the Microsoft SQL Server application data on the application host, and to check and monitor backup compliance against protection policies.
Oracle RMAN agent
After the Oracle RMAN agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager integrates with the agent to enable an application administrator to protect and recover the Oracle application data on the application host, and to check and monitor backup compliance against protection policies.
SAP HANA agent
After the SAP HANA agent is approved and registered in the PowerProtect Data Manager UI, PowerProtect Data Manager integrates with the agent to enable an application administrator to protect and recover the SAP HANA application data on the application host, and to check and monitor backup compliance against protection policies.
Storage Direct agent for Storage Data Management
Storage Data Management uses snapshot backup technology to protect data on VMAX and PowerMax storage arrays by moving storage group data from the array to a DD system. After the Storage Direct agent is approved and registered in the PowerProtect Data Manager UI, and the DD system and the SMIS server are added and discovered, the Storage Direct agent enables you to discover the storage groups in the storage arrays, and assign unprotected storage groups to a protection policy for backup and recovery operations.
Managing Assets 63
Prerequisites for discovering asset sources Perform these tasks before you discover an asset source. Ensure that the PowerProtect Data Manager is deployed and configured in the environment. The PowerProtect Data
Manager deployment guides provide information. Log in as a user with the Administrator role. Only the Administrator role can manage asset sources. For a new system, enable one or more asset sources for the types of assets that you want to protect. Enable an asset
source provides more information. Configure all asset sources with an NTP server. Before you register a Microsoft SQL Server application, ensure that the DD system has been discovered successfully. For discovery of application agents and File System asset sources:
Ensure that all clocks on the application and File System hosts and PowerProtect Data Manager are time-synchronized to the local NTP server to ensure discovery of the backups.
Ensure that the application and File System hosts and the PowerProtect Data Manager network can see and resolve each other.
Ensure that port 7000 is open on the application and File System hosts. Discovery of a vCenter Server asset source excludes the following:
Virtual machines with a status of Inaccessible, Invalid, or Orphaned. The virtual machine template. The shadow or standby virtual machine created by RecoverPoint for Virtual Machines, also referred to as the vRPA copy. The vSphere Cluster Service (vCLS) virtual machine.
NOTE: Virtual machines created by the vCLS are managed by VMware, and do not require PowerProtect Data
Manager protection. Even when selected as part of a container, they are automatically excluded from protection.
The vmdm-discovery.log provides a list of vCLS virtual machines that are excluded from protection.
Prior to performing the vCenter discovery, verify the status of any virtual machines that you want to discover.
Discovering asset sources in a GCVE environment
There are special discovery considerations in a GCVE environment. Discovery fails unless GCVE-located vCenter servers have additional permissions.
Ensure the following permissions of any GCVE-located vCenter server:
The GVE.LOCAL\CloudOwner user is mapped to the Cloud-Owner-Role role at the vCenter level. The GVE.LOCAL\CloudOwner to Cloud-Owner-Role mapping is not restricted to a lower-level container object in the
vSphere object hierarchy.
Full discovery of application asset sources
If some application assets are not discovered, you can perform an immediate full discovery of application asset sources by using the on-demand discovery feature in the PowerProtect Data Manager UI.
Full discovery is available for the following application asset sources:
Microsoft SQL Server Microsoft Exchange Server Oracle SAP HANA File System
To initiate a full discovery of application asset sources, complete the following steps:
1. Select Infrastructure > Asset Sources. 2. Select an application asset source and click Discover. 3. Select the Initiate a full discovery option, and then click Yes.
64 Managing Assets
Enable an asset source An asset source must be enabled in PowerProtect Data Manager before you can add and register the asset source for the protection of assets.
About this task
Only the Administrator role can manage asset sources.
In some circumstances, the enabling of multiple asset sources is required. For example, a vCenter Server and a Kubernetes cluster asset source must be enabled for Tanzu Kubernetes guest cluster protection.
There are other circumstances where enabling an asset source is not required, such as the following:
For application agents and other agents such as File System and Storage Direct, an asset source is enabled automatically when you register and approve the agent host. For example, if you have not enabled an Oracle asset source but have registered the application host though the API or the PowerProtect Data Manager user interface, PowerProtect Data Manager automatically enables the Oracle asset source.
When you update to the latest version of PowerProtect Data Manager from an earlier release, any asset sources that were previously enabled appear in the PowerProtect Data Manager user interface. On a new deployment, however, no asset sources are enabled by default.
Steps
1. From the PowerProtect Data Manager user interface, select Infrastructure > Asset Sources, and then click + to reveal the New Asset Source tab.
2. In the pane for the asset source that you want to add, click Enable Source. The Asset Sources window updates to display a tab for the new asset source.
Results
You can now add or approve the asset source for use in PowerProtect Data Manager. For a vCenter server, Kubernetes cluster, SMIS Server, or PowerProtect Cloud Snapshot Manager tenant, select the appropriate tab in this window and click Add. For an application host, select Infrastructure > Application Agents and click Add or Approve as required.
NOTE: Although you can add a Cloud Snapshot Manager tenant to PowerProtect Data Manager in order to view its health,
alerts, and the status of its protection, recovery, and system jobs, you cannot manage the protection of its assets from
PowerProtect Data Manager. To manage the protection of its assets, use Cloud Snapshot Manager. For more information,
see the PowerProtect Cloud Snapshot Manager Online Help.
Disable an asset source
If you enabled an asset source that you no longer require, and the host has not been registered in PowerProtect Data Manager, perform the following steps to disable the asset source.
About this task
NOTE: An asset source cannot be disabled when one or more sources are still registered or there are backup copies of the
source assets. For example, if you registered a vCenter server and created policy backups for the vCenter Server virtual
machines, then you cannot disable the vCenter Server asset source. But if you register a vCenter server and then delete it
without creating any backups, you can disable the asset source.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Asset Sources, and then select the tab of the asset source that you want to disable. If no host registration is detected, a red Disable button appears.
2. Click Disable.
Results
PowerProtect Data Manager removes the tab for this asset source.
Managing Assets 65
Delete an asset source If you want to remove an asset source that you no longer require, perform the following steps to delete the asset source in the PowerProtect Data Manager UI.
About this task
Only the Administrator role can manage the asset sources.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Asset Sources, and then select the tab for the type of asset source that you want to delete.
2. Select the asset source name in the asset source list, and then click Delete.
3. At the warning prompt that appears, click Continue. The asset source is deleted from the list.
Results
PowerProtect Data Manager removes the specified asset source in the Asset Sources window.
For all asset sources except the vCenter Server, any associated assets that are protected by the protection policy are removed from the protection policy and their status is changed to deleted. These assets are removed automatically as part of daily PowerProtect Data Manager cleanup after all associated backup copies have been deleted. These assets can also be removed manually. The PowerProtect Data Manager Administration and User Guide provides details on how to remove assets from PowerProtect Data Manager.
The copies of assets from the asset source are retained (not deleted). You can delete the copies from the copies page, if required.
Adding a Cloud Snapshot Manager tenant After you enable the Cloud Snapshot Manager tenant asset-source with PowerProtect Data Manager, you use the Asset Sources window in PowerProtect Data Manager to add a Cloud Snapshot Manager tenant to the PowerProtect Data Manager environment.
Adding a Cloud Snapshot Manager tenant is required if you want to view Cloud Snapshot Manager jobs, alerts, and reports from a consolidated PowerProtect Data Manager dashboard.
Add a Cloud Snapshot Manager Tenant
Perform the following steps to add a Cloud Snapshot Manager tenant as an asset source in the PowerProtect Data Manager UI.
Prerequisites
Ensure that the asset source is enabled. Enable an asset source provides instructions. Log in as a user with the Administrator role. Only the Administrator role can manage asset sources. The PowerProtect Data Manager server has Internet access and is able to reach https://ssgosge.emc.com.
NOTE: If this access is removed during normal operation, any existing Cloud Snapshot Manager information will continue
to be displayed in the Dashboard window, but there will be no updates until Internet access is restored.
This procedure requires the entry of values specific to Cloud Snapshot Manager. For more information, see the PowerProtect Cloud Snapshot Manager Online Help.
Steps
1. From the left navigation pane, select Infrastructure > Asset Sources.
The Asset Sources window appears.
2. Select the Cloud Snapshot Manager tab.
3. Click Add. The Add Cloud Snapshot Manager Account Details dialog displays.
66 Managing Assets
4. In the Name field, enter a descriptive name for the Cloud Snapshot Manager tenant.
5. In the Tenant ID field, enter the Cloud Snapshot Manager tenant ID.
6. Click the drop-down control next to Cloud Snapshot Manager Credentials, and then click Add Credentials.
a. In the Name field, enter the name of the Cloud Snapshot Manager tenant credentials. b. In the Client ID field, enter the ID of the Cloud Snapshot Manager tenant. c. In the Client Secret field, enter the secret of the Cloud Snapshot Manager tenant. d. Click Save.
7. Click Save.
Managing Assets 67
Managing Protection Policies
Topics:
Protection policies Before you create a protection policy Adding or editing a protection policy Overview of PowerProtect Data Manager Cloud Tier Manual backups of protected assets Manual replication of protected assets Manual Cloud Tiering of protected assets Viewing a summary of protection policies Extended retention (for protection policies created in PowerProtect Data Manager 19.11 and earlier) Delete backup copies Removing expired backup copies Removing assets from PowerProtect Data Manager Run an asset-protection report Disable a protection policy Delete a protection policy Add a service-level agreement Run a compliance report Protecting client assets after a client hostname change ifGroup configuration and PowerProtect Data Manager policies
Protection policies Protection policies define sets of objectives that apply to specific periods of time. These objectives drive configuration, active protection, and copy-data-management operations that satisfy the business requirements for the specified data. Each policy type has its own set of user objectives.
Only the Administrator role can create or edit protection policies.
You can create protection policies for the following asset types:
VMware virtual machines Microsoft Exchange Server databases Microsoft SQL Server databases Oracle databases SAP HANA databases File systems Kubernetes clusters Storage groups Network-attached storage (NAS)
For each policy type, refer to the individual user guides.
In the Protection Policies window, you can export protection policy data by using the Export All functionality.
Before you create a protection policy Consider the following best practices before creating a protection policy. You can only protect an asset with one policy at a time. Protection rules do not automatically move assets that were
manually added to a policy to a different policy.
6
68 Managing Protection Policies
NOTE: If a Microsoft SQL Server is installed on a virtual machine, you can protect the Microsoft SQL Server database
with an application-consistent backup without interfering with the Microsoft SQL Server agent-based backup.
When creating a policy, limit the number of database assets within the policy to under 500 and stagger the start time of replication policies. These actions prevent potential replication failures.
Before adding replication to a protection policy, ensure that you add remote protection storage as the replication location. Add protection storage provides detailed instructions about adding remote protection storage.
Before scheduling weekly, monthly, or yearly backups, ensure that the PowerProtect Data Manager time zone is set to the local time zone.
Understanding backup technologies
PowerProtect Data Manager uses block-based backup technology when performing full or synthetic-full backups. The File System agent scans a volume or disk and backs up every block on the file system that is allocated to it. If only data that has changed is backed up, the block-based backup uses Changed Block Tracking.
Block-based backups support the following capabilities:
High-performance backups with a predictable backup window Efficient backups of the deduplicated file systems used by PowerProtect DD Mounting of a backup as a file system Support for sparse-file backups
PowerProtect Data Manager uses traditional file-based backup technology when backing up a specific set of files or directories. During these backups, the entire directory structure of the file system is traversed. These backups take longer to complete than block-based backups.
NOTE: Applying an exclusion filter to a protection policy automatically results in a file-based backup. If you are backing up a
large file system, it might be more efficient to back up all the data instead. Alternatively, move the assets being filtered to a
different protection policy, allowing the remaining unfiltered assets to use a block-based backup.
Understanding backup terminology and managing backup frequency
When scheduling backups in a protection policy, be aware of the following: Different protection-policy types can use different terminology to describe available backup levels. This terminology can
differ not only between protection-policy types, but also from traditional terminology. To avoid high CPU usage that can lead to failure issues, do not schedule backups more often than recommended.
To understand the different backup levels to manage backup frequencies, see the following table.
Table 24. Backup terminology and frequency
Protection-policy types
Available backup levels
Description Equivalent traditional terminology
Recommended minimum backup interval
VMware application-aware
Full All the data is backed up. Full Monthly
Synthetic Full Only the data that has changed since the last synthetic-full or full backup is backup up. An operation to merge these changes with the last synthetic-full or full backup produces a full backup in storage. Only the changed blocks are copied over the network, but the result is still a full backup in storage.
A differential backup is performed, followed by a merge operation that produces a full backup in storage.
12 hours
Log The transaction logs are backed up.
30 minutes
VMware crash- consistent
Full All the data is backed up. Full Monthly
Managing Protection Policies 69
Table 24. Backup terminology and frequency (continued)
Protection-policy types
Available backup levels
Description Equivalent traditional terminology
Recommended minimum backup interval
Synthetic Full Only the data that has changed since the last synthetic-full or full backup is backed up. An operation to merge these changes with the last synthetic-full or full backup produces a full backup in storage. Only the changed blocks are copied over the network, but the result is still a full backup in storage.
A differential backup is performed, followed by a merge operation that produces a full backup in storage.
12 hours
Kubernetes crash- consistent
Full The namespace metadata and persistent volumes are backed up.
Full Daily
Synthetic Full Only the data that has changed for persistent volumes on VMware first- class disks since the last synthetic-full or full backup is backed up. The namespace metadata and all other persistent volumes are backed up in full. Although not all the data is copied over the network, the result is still a full backup in storage.
A combination of full and differential backups are performed, followed by a merge operation that produces a full backup in storage.
12 Hours
File System centralized
Full All the data is backed up. Full Monthly
Synthetic Full Only the data that has changed since the last synthetic-full or full backup is backed up. An operation to merge these changes with the last synthetic-full or full backup produces a full backup in storage. Only the changed blocks are copied over the network, but the result is still a full backup in storage.
A differential backup is performed, followed by a merge operation that produces a full backup in storage.
12 hours
Microsoft Exchange Server centralized
Full All the data is backed up. Full Weekly
Synthetic Full Only the data that has changed since the last synthetic-full or full backup is backed up. An operation to merge these changes with the last synthetic-full or full backup produces a full backup in storage. Only the changed blocks are copied over the network, but the result is still a full backup in storage.
A differential backup is performed, followed by a merge operation that produces a full backup in storage.
12 hours
Microsoft SQL Server centralized
Full All the data is backed up. Full Daily
Differential Only the data that has changed since the last differential backup or the last
A differential backup is performed, followed by a merge operation that
12 hours
70 Managing Protection Policies
Table 24. Backup terminology and frequency (continued)
Protection-policy types
Available backup levels
Description Equivalent traditional terminology
Recommended minimum backup interval
full backup if there are no other differential backups is backed up.
produces a full backup in storage.
Log The transaction logs are backed up.
30 minutes
Network Attached Storage
Full All the data is backed up. Full Daily NOTE: It is recommended to perform a full backup after updating to PowerProtect Data Manager 19.12.
Synthetic Full Only the data that has changed since the last synthetic-full or full backup is backup up. An operation to merge these changes with the last synthetic-full or full backup produces a full backup in storage. Only the changed files are copied over the network, but the result is still a full backup in storage.
An incremental backup is performed, followed by a merge operation that produces a full backup in storage.
Daily
Oracle centralized Full All the data is backed up. Full Daily
Incremental Cumulative
Only the data that has changed since the last level 0 full backup is backed up.
Differential 12 hours
Incremental Differential
Only the data that has changed since the last incremental differential backup or the last full backup if there are no other incremental differential backups is backed up.
Incremental 6 hours
Log The archived logs are backed up.
30 minutes
SAP HANA centralized
Full All the data is backed up. Full Daily
Differential Only the data that has changed since the last full backup is backed up.
Differential 12 hours
Incremental Only the data that has changed since the last data backup. The last data backup could be an incremental, differential, or full backup.
Incremental 6 hours
VMAX storage group centralized
Synthetic Full Only the data that has changed since the last synthetic-full or full backup is backed up. An operation to merge these changes with the last synthetic-full or full
A differential backup is performed, followed by a merge operation that produces a full backup in storage.
12 hours
Managing Protection Policies 71
Table 24. Backup terminology and frequency (continued)
Protection-policy types
Available backup levels
Description Equivalent traditional terminology
Recommended minimum backup interval
backup produces a full backup in storage. Only the changed blocks are copied over the network, but the result is still a full backup in storage.
NOTE: In some situations, a full backup might be performed even though a synthetic-full backup was scheduled. Possible
reasons for a full backup include the following:
There is no existing full backup.
The size of a volume has changed.
There has been a file path change.
The asset host has been rebooted.
The backup frequency of log, differential, incremental-cumulative, incremental-differential, and incremental backups cannot be greater than the backup frequency of either full or synthetic-full backups. If you attempt to add or edit a protection policy that uses an invalid backup frequency, PowerProtect Data Manager prevents you from saving the protection policy. You can increase the backup frequency of a protection poicy by scheduling more full or synthetic-full backups with different retention times to meet your requirements.
Replication triggers
PowerProtect Data Manager orchestrates protection policy replication objectives independently of the primary backup. When you add a replication objective to a policy, select one of the available triggers.
The default replication trigger is a schedule window that you define by setting a recurrence period plus start and end times. Replication occurs during the defined window. For example, every day between 8 p.m. and 12 a.m.
You can also trigger replication immediately after the completion of the associated primary backup, whether scheduled or manual. At the start of the primary backup, PowerProtect Data Manager generates an associated replication job that remains queued until the end of the protection job. If the backup fails or completes with exception, the associated replication job is skipped. Restarting the protection job queues the associated replication job again.
When you create a replication objective, you can specify either scheduled replication or replication after backup completion, which is applicable to both centralized and self-service protection policies.
NOTE: For replication after backup completion, PowerProtect Data Manager 19.12 or later and application agents 19.10 or
later are required. It is recommended that you update the application agents to the latest version.
Using a schedule can help you manage network traffic by replicating during off-peak hours. However, for larger backup sets, the primary backup may not finish before the start of the replication schedule, which creates a replication backlog. Replication after backup completion prevents a replication backlog from forming.
To prevent data loss, the replication after backup completion trigger replicates new backups from the primary objective and any outstanding backups that have not yet replicated.
A job status of Completed with Exceptions during replication
After a triggered replication job, you might see a job status message similar to the following:
Completed with Exceptions ABA0017: plc_linux_rac: Backup was successful for the ORACLE_DATABASE asset ORCLPP on the host blrv009d132.blr.lab.emc.com but the copy metadata information is currently unavailable.
The backup of this asset completed successfully but the copy metadata information has not yet been discovered by PowerProtect Data Manager. If the 'Replicate immediately upon backup completion' option is enabled for this protection policy, the replication job for the copy might appear in 'Unknown' or 'Cancel' state. Once the copy metadata is discovered by PowerProtect Data Manager, the copy will be replicated.
72 Managing Protection Policies
Review the backup copy details in the View Copies pane of the PowerProtect Data Manager UI Infrastructure > Assets window to determine when the discovery is complete.
If you see this message, the replication backup is not immediately available.
To correct this issue, either wait for the next automatic discovery or initiate a discovery.
Adding or editing a protection policy You can use the PowerProtect Data Manager user interface to add a protection policy to protect an asset. You can also change the details of an existing protection policy.
Adding a protection policy
You can add a protection policy to protect any of the following asset types. For more information, see the appropriate publication.
Table 25. Protection-policy asset types
Asset type Publication
File System data PowerProtect Data Manager File System User Guide
Kubernetes cluster namespaces and PVCs
PowerProtect Data Manager Kubernetes User Guide
Microsoft Exchange Server databases
PowerProtect Data Manager Microsoft Exchange Server User Guide
Microsoft SQL Server databases
PowerProtect Data Manager Microsoft SQL Server User Guide
Network Attached Storage (NAS) share and appliance data
PowerProtect Data Manager Network Attached Storage User Guide
Oracle RMAN databases PowerProtect Data Manager Oracle RMAN User Guide
SAP HANA databases PowerProtect Data Manager SAP HANA User Guide
Storage Direct data PowerProtect Data Manager Storage Direct User Guide
Virtual machines PowerProtect Data Manager Virtual Machine User Guide
Editing a protection policy
You can change any of the following information for an existing enabled or disabled protection policy:
Policy name and description Adding or removing assets from the policy Backup and replication schedule Backup optimization mode Settings for network interface, storage target, storage unit, retention lock and Service Level Agreement (SLA).
You cannot modify a protection policy type or purpose. For these actions, add a policy. Storage quotas cannot be changed by editing a policy.
NOTE: Once you save changes for an enabled or disabled policy, most changes take effect immediately. For a disabled
policy's primary backup schedules, however, the changes do not take effect until you reenable the policy, since these
schedules do not run in Disabled state.
Managing Protection Policies 73
Modify a policy name and description, objectives, or options
The following procedure describes how to change an existing policy name and description, schedule and objectives, or additional backup options in the PowerProtect Data Manager UI.
Prerequisites
If applicable, complete all of the virtual network configuration tasks before you assign any virtual networks to the protection policy.
About this task
NOTE: You can also edit a protection policy to add or remove assets. Detailed instructions for adding assets to a policy or
removing assets from a policy are provided in the section Add or remove assets in a protection policy.
Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window appears.
2. Select the protection policy that you want to modify, and click Edit.
The Edit Policy window opens on the Summary page. From this page, you can click edit next to any available row to change specific policy details.
3. In the Name or Description rows, click Edit. The Type page displays.
NOTE: You cannot change the type or purpose of an existing policy.
4. In the Objectives row, click Edit.
The Objectives page displays. From this page, you can change the backup schedule, modify the settings for the network interface, and enable or disable the retention lock.
You can also change the storage targets by selecting a new Storage Name in the Primary Backup and Replicate rows. For more information about changing storage targets, see the section Changing storage targets.
5. In the Options row, click Edit. The Options page displays. From this page, you can change the backup optimization mode (for example, from Performance to Capacity), select whether to include or exclude swap files from the backup, and select whether to quiesce the guest file system during the backup.
NOTE: For virtual machine protection policies, two types of protection mechanisms are usedTransparent Snapshot
Data Mover (TSDM), and VMware vStorage API for Data Protection (VADP). Updates to the policy options can result
in changes to the protection mechanism used to move virtual machine data. When the protection mechanism changes, a
new, full backup is performed, which might take awhile to complete.
6. After making your changes, click Next to save the changes and return to the Summary page.
7. On the Summary page, click Finish. An informational dialog displays.
8. Click OK to exit the dialog, or click Go to Jobs to open the Jobs window to monitor the backup of the new protection policy.
Changing storage targets
A storage target consists of a protection storage system and associated storage unit. You can change the selected storage target elements for each protection policy.
When you edit the primary backup and replication objectives for protection policies:
The Storage Name drop-down list shows the current protection storage system. The drop-down list also contains other protection storage systems that are available. Select Add to configure more protection storage.
The Storage Unit drop-down list shows the storage unit that PowerProtect Data Manager targets on the selected protection storage system. From this drop-down list, you can select other storage units under the control of PowerProtect Data Manager. Select New to create a storage unit.
74 Managing Protection Policies
When you change the storage target, appropriately configure any dependencies. For example, configure a cloud provider for the updated storage target in the dependent protection policy objective.
NOTE: Network interfaces that exist on a DD 7.4.x or earlier system and that are configured
to use an uncompressed IPv6 format cannot be discovered. An example of an uncompressed IPv6
format is 2620:0000:0170:0597:0000:0000:0001:001a. An example of a compressed IPv6 format is
2620:0:170:597::1:1a. To use these network interfaces, reconfigure them to use either an IPv4 address or a
compressed IPv6 address, and then initiate a discovery.
Impacts
Changing the primary objective storage target for some asset types may cause skipped backups until the next scheduled full backup:
VMware virtual machine application-aware SAP HANA Oracle RMAN
Perform a manual full backup for these policies. Manual backups of protected assets provides instructions.
The following asset types do not require additional action:
VMware virtual machine crash-consistent Kubernetes Network Attached Storage (NAS) Storage Group Microsoft Exchange Server Microsoft SQL Server File systems
For these asset types, the next backup automatically becomes a full backup.
Replication objectives do not require additional action.
Protection storage
Managing Storage provides more information about working with protection storage, including configuring additional protection storage systems and changing quota settings.
When reviewing the list of selected and available protection storage systems, consider the following:
It is not recommended that policy objectives share protection storage systems because this configuration does not increase data availability. However, some environments may require replicas with different retention periods, where multiple objectives share a protection storage system.
Only protection storage that has been licensed and configured for use by the current protection policy appears in the drop-down list.
Changing protection storage systems for Storage Group protection policies is not supported.
Storage units
Storage units provides more information about working with storage units, including applicable limitations and maintenance considerations.
If you select New, PowerProtect Data Manager creates a storage unit for this protection policy. The new storage unit name is based on the protection policy name plus an identifier. Storage units provides more instructions for changing the quota configuration.
You can also select an existing storage unit under the control of PowerProtect Data Manager. The drop-down list displays the available storage units on the selected protection storage system. If the storage unit name is truncated due to space limitations, hover over the list entry to see the full storage unit name and quota information.
Changing storage units for Storage Group protection policies is not supported.
Managing Protection Policies 75
Replication to shared protection storage
To improve flexibility for external workflows and reduce infrastructure costs, PowerProtect Data Manager supports sharing protection storage across multiple objectives.
To service workflows outside of PowerProtect Data Manager, you may require different retention periods for different replicas. Since retention periods are set at the objective level, configuring different retention periods requires additional replication objectives.
Under most circumstances, additional replication objectives target storage units that reside on different protection storage systems. Replicating to separate protection storage provides additional data availability.
To support external workflows without requiring separate protection storage systems for each additional objective, PowerProtect Data Manager supports targeting different storage units on the same protection storage system. To further reduce costs, you can target the same protection storage system where the primary backup resides. In this case, the external workflow provides the additional data safety.
NOTE:
Because PowerProtect Data Manager is unaware of external workflows, the UI issues a warning when you configure a
policy with multiple objectives that share the same protection storage system. This configuration is uncommon, so verify the
storage targets and the use case before you continue.
The UI also issues a warning where the selected storage unit is the source for any MTree replication workflow. This
workflow may belong to another application. Verify the storage targets before you continue. These notifications require
DDOS 7.7 or later.
Add or remove assets in a protection policy
Perform the following steps in the PowerProtect Data Manager UI to add or remove an asset in a protection policy.
About this task
When a protection policy is edited and new assets are added, backups for the new assets start from the next scheduled FULL backup job for the protection policy.
Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window appears.
2. Select the protection policy that you want to modify, and click Edit.
The Edit Policy window opens on the Summary page.
3. In the Assets row, click Edit. The Assets page appears.
NOTE: For virtual machine protection policies, the view that you selected when creating the policy is retained in
this page, and cannot be changed. For example, if you set up this policy with View Asset Table selected, all assets
protected by this policy will display in a table on this page, and the option to select View by Host will be disabled. Both
views provide additional information about the virtual machines, such as any currently associated tags, protection rules,
and whether the virtual machine is already assigned to another policy, to help you identify which assets you want to add
or remove from this policy.
4. To remove containers or assets from the protection policy, select the object and click Remove.
The Assets page updates with the changes.
5. To add a container or asset to the protection policy:
a. Click + Add.
The Add Unprotected Assets dialog displays any objects that are unprotected.
b. Select the individual unprotected assets that you want to add to the policy, or select a container level within the hierarchy to add all assets within that level, and then click Add.
The Assets page updates with the changes.
6. Optionally, if you want to exclude non-production VMDKs such as network shares or test disks from a protection policy:
76 Managing Protection Policies
a. Select the virtual machine asset from the list, and then click Manage Exclusions in the Disk Excluded column.
The Exclude Disks dialog box appears. By default, the slider next to each VMDK is set to Included.
b. For each disk that you want to exclude, move the slider to the right. The status updates to Excluded. c. Click Save. The Assets page updates to indicate the number of disks for that particular asset that will be excluded from
the protection policy.
7. Click Next to save the changes and go to the Summary page.
8. In the Summary page, click Finish An informational dialog box appears.
9. Click OK to exit the dialog box, or click Go to Jobs to open the Jobs window to monitor the backup of the new protection policy.
Edit the retention period for backup copies
You can edit the retention period of one or more backup copies to extend or shorten the amount of time that backups are retained.
About this task
You can edit retention for all asset types and backup types.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. On the Assets window, select the tab for the asset type for which you want to edit retention. If a policy has been assigned, the table lists the assets that have been discovered, along with the associated protection policy.
NOTE: For virtual machine assets, you can click the link in the Disk Excluded column next to a virtual machine asset to
view VMDKs that have been excluded from the protection policy. You cannot, however, edit disk inclusion or exclusion
from this window. To change the disks that are excluded for a protected asset, select the policy from the Protection
Policies window and click Edit.
3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the backups are stored.
4. In the left pane, click the storage icon to the right of the icon for the asset, for example, DD. The table in the right pane lists the backup copies.
5. Select one or more backup copies from the table and click Edit Retention.
6. Choose one of the following options: To select a calendar date as the expiration date for backups, select Retention Date. To define a fixed retention period in days, weeks, months, or years after the backup is performed, select Retention
Value. For example, you could specify that backups expire after 6 months.
NOTE: When you edit the retention period for copies that are retention locked, you can only extend the retention
period.
7. When satisfied with the changes, click Save. The asset is displayed in the list with the changes. The Retention column displays both the original and new retention period, and indicates whether the retention period has been extended or shortened.
Overview of PowerProtect Data Manager Cloud Tier The PowerProtect Data Manager Cloud Tier feature works in tandem with the Cloud Tier feature of DD systems to move PowerProtect Data Manager backups to the cloud. This provides long-term storage of PowerProtect Data Manager backups by seamlessly and securely tiering data to the cloud.
From the PowerProtect Data Manager UI, you configure Cloud Tier to move PowerProtect Data Manager backups from protection storage to the cloud, and you can perform seamless recovery of these backups.
Cloud storage units must be pre-configured on the protection storage system before they are configured for Cloud Tier in the PowerProtect Data Manager UI. The DDOS Administration Guide provides further information.
Managing Protection Policies 77
Add a Cloud Tier objective to a protection policy
For some protection policy types, you can add a Cloud Tier objective to a protection policy in order to move local full backups to Cloud Tier after a predefined number of days.
Prerequisites
Ensure that a protection storage system is set up for Cloud Tiering.
About this task
You can create the Cloud Tier objective from Primary Backup and Replicate objectives.
Cloud Tiering happens at 00:00 UTC each day. Depending on your time zone, this time may be within business hours and thus Cloud Tiering may impact available network bandwidth. Cloud Tiering applies to both centralized and self-service protection policies.
Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
2. From the PowerProtect Data Manager UI, select Protection > Protection Policies, and then click Add.
The Add Policy wizard appears.
3. On the Type page, enter a name and description, select the type of system to back up, and click Next.
The following protection policy types support Cloud Tiering:
Virtual machine Microsoft SQL Server Microsoft Exchange Server Network Attached Storage (NAS) Oracle SAP HANA File System Kubernetes
4. On the Purpose page, select from the available options to indicate the purpose of the new protection policy, and then click Next.
5. On the Assets page, select the assets that you want to protect with this policy, and then click Next.
6. On the Objectives page, click Add under Primary Backup if the primary backup objective is not already created, and fill out the fields in the Target and Schedules panes on the Add Primary Backup dialog.
NOTE: There is no minimum recurrence required for the Cloud objective, however, the Cloud Tier objective requires a
minimum retention period of 14 days in the Retain for field.
7. Click Cloud Tier next to Primary Backup or, if adding a Cloud objective for a replication objective that you have added, click Cloud Tier under Replicate. An entry for Cloud Tier is created to the right of the primary backup objective, or below the replication objective.
8. Under the entry for Cloud Tier, click Add. The Add Cloud Tier Backup dialog appears, with summary information for the parent node. This information indicates whether you are adding this Cloud Tier objective for the primary backup objective or the replication objective.
9. In the Add Cloud Tier Backup dialog box, set the following parameters and then click Save:
Select one or more of the upstream full backups. Select the appropriate Cloud Unit from the Cloud Target list. For Tier After, set a time of 14 days or more.
The protection policy is now enabled with Cloud Tiering. NOTE: If the retention period of a copy is less than the time specified in the Tier After field, and you do not edit the
Retain for value of this schedule or its copy to a value greater than the Tier After field before the retention period of
the copy expires, the copy will not be cloud tiered.
10. Click Next to proceed with the remaining pages of the Add Policy wizard, verify the information, and then click Finish. A new job is created, which you can view under the Jobs tab after the job completes.
78 Managing Protection Policies
Manage Cloud Tier asset copies
You can manage Cloud Tier copies of assets by changing copy retention time, deleting copies, and recalling copies.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. Select an asset and click View Copies.
3. Click an asset copy icon. Cloud Tier backups are listed by cloud storage in the Location column.
4. To change how long copies remain in cloud storage, complete the following steps:
a. Select a Cloud Tier backup and click Edit Retention. b. Choose one of the following options:
To select a calendar date as the expiration date for backups, select Retention Date. To define a fixed retention period in days, weeks, months, or years after the backup is performed, select Retention
Value. For example, you could specify that backups expire after 6 months.
c. When satisfied with the changes, click Save. The asset is displayed in the list with the changes. The Retention column displays both the original and new retention period, and indicates whether the retention period has been extended or shortened.
NOTE: When you edit the retention period for copies that are retention locked, you can only extend the retention
period.
5. To delete the copy in cloud storage, select a Cloud Tier backup and click Delete. To delete the copy records from the PowerProtect Data Manager database while the copy remains in the protection storage, select Remove from PowerProtect.
Delete backup copies and Remove backup copies from the PowerProtect Data Manager database provides more information.
6. Select a Cloud Tier backup and click Recall from Cloud to return the cloud backup to your local protection storage for recovery or backup.
NOTE: If you use Amazon's network to copy data from AWS storage, Amazon charges you for the data transfer.
7. To extend the date to retier the copy back to the cloud, select Edit Recall Retention.
8. To manually move a copy back to cloud storage, select Retier.
Restore Cloud Tier backups to protection storage
Once a Cloud Tier backup is recalled, restore operations of these backups are identical to normal restore operations.
The PowerProtect Data Manager software recalls a copy of the backup from the Cloud Unit to the local (active) tier of protection storage, which then allows you to perform a restore of the backup from the active tier to the client. The status appears as Cloud, and changes to Local Recalled after cloud recall completes. After the restore, the backup copy is removed from Cloud Tier, and is stored on the active tier of protection storage for a minimum of 14 days, after which the backup may be returned to the cloud depending on your protection policy.
Recall and restore from Cloud Tier
Perform the following steps to recall a backup on Cloud Tier to the active tier on protection storage and restore this backup.
Prerequisites
NOTE: When a backup is recalled from Cloud Tier to the active tier, the copy is removed from Cloud Tier.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. On the Assets window, select the tab that contains the asset you want to recall from Cloud Tier, and then click View Copies.
Managing Protection Policies 79
3. Click DD, and then select from one of the available copies that appear in the table.
4. Click Recall. The Recall from Cloud dialog box appears.
5. In the Retain until box, specify how long you want to keep the copy on the active tier, and then click OK.
6. Go to the Jobs window to monitor the recall operation. When the copy has been moved successfully, the Location changes from Cloud to Local.
7. Select Restore > Assets, and then select the tab that contains the recalled asset.
8. Select the recalled asset, and then click Restore.
NOTE: If you are unsure whether the asset has been recalled, click View Copies and select DD to view the available
backup copies. If the asset backup is a recalled copy, the Status column indicates Local Recalled.
9. Select the recalled copy to re-tier the copy to the active tier.
Manual backups of protected assets Once assets have been added to a protection policy, you can perform manual backups by using the Protect Now functionality in the PowerProtect Data Manager UI.
About this task
You can use a single manual backup from the Protection > Protection Policies window to back up multiple assets that are protected in the designated protection policy. The protection policy can be enabled or disabled, but its purpose must not be Exclusion or Self-Service Protection.
When a virtual machine is part of an application-aware protection policy, the manual backup is a full application-aware backup.
The manual backup is managed by other configured objectives (replication, Cloud Tier, Cloud DR) of the parent protection policy. Other properties, such as retention lock, storage target, quotas, and network interfaces, are inherited from the parent protection policy. Jobs managed by this protection policy, such as replication, cloud tiering, and Cloud DR, continue to run after the manual backup job completes.
Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window appears.
2. Select the protection policy that contains the assets that you want to back up, and click Protect Now. The Protect Now wizard appears.
3. On the Assets Selection page, select whether you want to back up all assets or choose individual assets that are defined in the protection policy, and then click Next.
If you selected the option to choose individual assets for manual backup instead of all assets, the Assets page appears with the individual assets available for selection.
a. Select the assets that you want to include in the manual backup, and then click Next to display the Configuration page.
If you selected to back up all assets, the Configuration page appears.
4. On the Configuration page, select Back up now, and then select from the available backup types.
5. Edit the retention period if you want to change the default settings, and then click Next.
The default settings are inherited from the primary backup objective of the parent protection policy.
6. On the Summary page, review the settings and then click Protect Now. A notification appears indicating whether the request was processed successfully.
Manual backups of a single protected asset
You can also perform a manual backup from the Infrastructure > Assets window, but only for one asset at a time.
About this task
Review the information at Manual backups of protected assets. The protection policy can be enabled or disabled, but its purpose must not be Exclusion or Self-Service Protection. This task creates a full backup for the selected asset.
80 Managing Protection Policies
Steps
1. From the left navigation pane, select Infrastructure > Assets.
The Assets window appears.
2. Select the tab for the asset type you want to back up. A list of assets appears.
3. Select an asset from the table that has an associated protection policy.
4. Click Protect Now. A notification appears indicating whether the request was processed successfully.
Manual replication of protected assets You can replicate one or more protected assets within a protection policy by using the Protect Now functionality in the PowerProtect Data Manager UI. Replication can include all assets which are defined on the protection policy or a subset of these assets. After you select assets, you can replicate all backups or a subset of backups.
Prerequisites
The protection policy purpose must not be Exclusion, and the policy must already be configured with a replication objective. You can only manually replicate the replication objectives for the primary backup.
NOTE: VMAX storage groups only support MTree replication, which is performed and scheduled from the DD system.
Therefore, manual replication for assets in a VMAX storage group is not supported.
About this task
Replicating a subset of backups is useful when the replication backlog is too large to catch up. For example, when the destination was offline for an extended period or where bandwidth and capacity issues prevent a full replication during the available window.
If the backlog is too large, you can ensure that the destination receives the most recent backups first. You can also reduce the backlog by skipping the future replication of backups that are too old to match the selection criteria.
Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
2. Select the protection policy that contains the assets that you want to replicate, and click Protect Now. The Protect Now wizard opens to the Assets Selection page.
3. Select whether you want to replicate All Assets or a Custom selection of assets. If you selected All Assets, click Next. If you selected Custom, a list appears from which you can select individual assets. You can see these assets in tree view
or list view.
a. Select the assets that you want manually replicate, and then click Next.
The Configuration page appears.
4. Select Replicate Now.
5. Select a destination storage target from the Storage Name and Storage Unit drop-down lists.
The selection of storage system and storage unit from these drop-down lists corresponds to the associated replication objective for the primary backup. In some cases, a protection storage system may have more than one storage unit for this policy.
The wizard loads the default settings from the protection policy.
6. If you want to change the default settings:
You can configure different retention periods for all applicable backup types, or configure the same retention period for all backup types.
The default retention period settings are inherited from the settings in the corresponding replication objective of the protection policy.
For VMDM, File System, Microsoft Exchange Server, and NAS assets, the retention period for full and synthetic full backups should be the same value.
a. Select or clear Set the same retention time for all replicated copies. b. Edit the retention period for all applicable backup types.
Managing Protection Policies 81
c. Resolve any conflicts or errors, as indicated by the and symbols.
7. Select whether you want to replicate All Copies or a Custom subset of backups.
If you selected Custom, additional options appear:
a. To replicate recent backups by time, select the first option and then type the number of days. b. To replicate a specific number of recent backups, select the second option and then type the number of backups. c. (Optional) To remove all nonmatching backups from the replication backlog for this objective, select Do not replicate
copies outside the selection and mark them as skipped.
PowerProtect Data Manager excludes any skipped backups from future replication activities by this objective. This decision is permanent and the wizard prompts for confirmation.
If the chain for the selected backups has not already replicated, the resulting activity replicates the chain from the last full backup to the selection.
NOTE: Manual replication of a FULL backup for any asset type with a dependency chain (for example, a backup that
includes transaction logs) is skipped when the FULL copy has already been replicated, even if the dependencies have
not yet been replicated. To replicate any of these dependencies in the backup chain, wait for the scheduled replication,
or perform a manual replication with the All Copies option selected instead of the Custom option.
8. (Optional) Click Select Replication and then repeat the previous steps to configure manual replication for additional replication policy objectives.
9. Click Next.
10. On the Summary page, review the settings and then click Protect Now. A notification appears indicating whether the request was processed successfully.
Manual Cloud Tiering of protected assets Once you add assets to a protection policy that contains a Cloud Tier objective, you can perform a manual tiering of these assets by using the PowerProtect Data Manager UI.
NOTE: Manual Cloud Tiering of a copy set requires the related protection policy to have a Cloud Tier objective.
To perform on-demand Cloud Tiering:
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets. 2. On the Assets window, select the tab for the asset type you want to tier. A list of assets appears. 3. Select an asset from the table that has an associated protection policy, and then click View Copies.
NOTE: You can only select one asset at a time, and the protection policy that is associated with the asset cannot be an
exclusion policy.
4. Click the DD icon to display the available backup copies in the right pane. 5. Select a backup copy, and then click Tier. A notification appears indicating whether the request was processed successfully.
Go to the Jobs window to monitor the progress of the tiering operation.
Viewing a summary of protection policies You can use the PowerProtect Data Manager UI to view a summary of information about a protection policy.
From the left navigation pane, select Protection > Protection Policies to view the Protection Policies window.
The Protection Policies window displays the following columns of information for each protection policy.
Name Category Asset Type Protected Asset Size Last run status Violations State
The entries in the Name and Last Run Status columns are links to additional information about the related protection policy.
82 Managing Protection Policies
View assets assigned to a protection policy
You can view assets that are assigned to a protection policy. If assets move from one protection policy to another, you can verify the results from the details window for the protection policy.
About this task
To view the assets that are assigned to a protection policy, complete the following steps:
Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window opens.
2. Click the name link of the protection policy to view its details.
The details window for the selected protection policy opens and displays information about the policy.
3. Click the asset count link next to Assets.
The Assets window appears and displays the assets that are assigned to the protection policy.
4. To export asset records for the protection policy, in the Assets window, click Export All.
View the status of the last-run job of a protection policy
You can use the Protection Policies window to determine if the last-run job of a protection policy was successful.
About this task
To view the status of the last-run job of a protection policy, complete the following steps:
Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window opens.
2. Review the information displayed in the Last Run Status column for the protection policy.
3. Optionally, click the last-run status link of the protection policy to view the Protection Jobs window for more information about the job .
NOTE: The Protection Jobs window displays only the most recently run protection jobs. To view the most recently run
system jobs, select Jobs > System Jobs from the left navigation pane to view the System Jobs window.
Extended retention (for protection policies created in PowerProtect Data Manager 19.11 and earlier)
NOTE: This section applies to protection policies created in PowerProtect Data Manager 19.11 and earlier only. For
protection policies created in PowerProtect Data Manager 19.12, instead of using the Extend Retention objective to
extend the retention period of certain full copies, you can now add multiple full schedules for primary backup and replication
objectives. When updating to PowerProtect Data Manager 19.12 from a previous release, any protection policies created
in the earlier release with the Extend Retention objective will continue to be supported, however, you will not be able
to edit existing extended retention objectives, or add new extended retention objectives, in these policies. The Knowledge
Base article 000204454 at https://www.dell.com/support/ provides detailed information about specific Extend Retention
objective migration scenarios when updating to PowerProtect Data Manager 19.12.
For protection policies created in PowerProtect Data Manager 19.11 and earlier, the Extend Retention objective allows you to extend the retention period for the primary backup copy for long-term retention. For example, your regular schedule for daily backups can use a retention period of 30 days, but you can extend the retention period to keep the full backups taken on Mondays for 10 weeks.
Managing Protection Policies 83
Both centralized and self-service protection policies support weekly, monthly, and yearly recurrence schedules to meet the demands of your compliance objectives. For example, you can retain the last full backup containing the last transaction of a fiscal year for 10 years. When you extend the retention period of a backup in a protection policy, you can retain scheduled full backups with a repeating pattern for a specified amount of time.
For example:
Retain full yearly backups that are set to repeat on the first day of January for 5 years. Retain full monthly backups that are set to repeat on the last day of every month for 1 year. Retain full yearly backups that are set to repeat on the third Monday of December for 7 years.
Preferred alternatives
When you define an extended retention objective for a protection policy, you define a set of matching criteria that select preferred backups to retain. If the matching criteria do not identify a matching backup, PowerProtect Data Manager automatically retains the preferred alternative backup according to one of the following methods:
Look-backRetain the last available full backup that was taken before the matching criteria. Look-forwardRetain the next available full backup that was taken after the matching criteria.
For example, consider a situation where you configured a protection policy to retain the daily backup for the last day of the month to extended retention. However, a network issue caused that backup to fail. In this case, look-back matching retains the backup that was taken the previous day, while look-forward matching retains the backup that was taken the following day.
By default, PowerProtect Data Manager uses look-back matching to select the preferred alternative backup. A grace period defines how far PowerProtect Data Manager can look in the configured direction for an alternative backup. If PowerProtect Data Manager cannot find an alternative backup within the grace period, extended retention fails.
You can use the REST API to change the matching method or the grace period for look-forward matching. The PowerProtect Data Manager Public REST API documentation provides instructions. If there are no available backups for the defined matching period, you can change the matching method to a different backup.
For look-forward matching, the next available backup can be a manual backup or the next scheduled backup.
Selecting backups by weekday
This section applies to centralized protection policies. Self-service protection policies have no primary backup objective configuration.
When you configure extended retention to match backups by weekday, PowerProtect Data Manager may identify a backup that was taken on one weekday as being taken on a different weekday. This behavior happens where the backup window does not align with the start of the day. PowerProtect Data Manager identifies backups according to the day on which the corresponding backup window started, rather than the start of the backup itself.
For example, consider a backup schedule with an 8:00 p.m. to 6:00 a.m. backup window:
Backups that start at 12:00 a.m. on Sunday and end at 6:00 a.m. on Sunday are identified as Saturday backups, since the backup window started on Saturday.
Backups that start at 8:01 p.m. on Sunday and end at 12:00 a.m. on Monday are identified as Sunday backups, since the backup window started on Sunday.
Backups that start at 12:00 a.m. on Monday and end at 6:00 a.m. on Monday are identified as Sunday backups, since the backup window started on Sunday.
In this example, when you select Sunday backups for extended retention, PowerProtect Data Manager does not retain backups that were taken between 12:00 a.m. and 8:00 p.m. This behavior happens even though the backups occurred on Sunday. Instead, PowerProtect Data Manager selects the first available backup that started after 8:00 p.m. on Sunday for extended retention.
If no backups were created between 8:01 p.m. on Sunday and 6:00 a.m. on Monday, PowerProtect Data Manager retains the next alternative to extended retention. In this example, the alternative was taken after 6:00 a.m. on Monday.
Extended retention backup behavior
When PowerProtect Data Manager identifies a matching backup, automatic extended retention creates a job at the beginning of the backup window for the primary objective. This job remains queued until the end of the backup window and then starts.
84 Managing Protection Policies
The following examples describe the behavior of backups with extended retention for centralized and self-service protection.
Centralized protection
For an hourly primary backup schedule that starts on Sunday at 8:00 p.m. and ends on Monday at 6:00 p.m. with a weekly extended retention objective that is set to repeat every Sunday, PowerProtect Data Manager selects the first available backup starting after 8:00 p.m. on Sunday for long-term retention.
The following diagram illustrates the behavior of backups with extended retention for a configured protection policy. In this example, full daily backups starting at 10:00 p.m. and ending at 6:00 a.m. are kept for 1 week. Full weekly backups are set to repeat every Sunday and are kept for 1 month.
Figure 2. Extend retention backup behavior
Self-service protection
For self-service backups, PowerProtect Data Manager uses a default backup window of 24 hours. For a backup schedule that starts on Sunday at 12:00 p.m and ends on Monday at 12:00 p.m. with a weekly extended retention objective that is set to repeat every Sunday, PowerProtect Data Manager selects the first available backup that is taken between 12:00 p.m. on Sunday and 12:00 p.m. on Monday for long-term retention.
Replication of extended retention backups
You can change the retention time of selected full primary backups in a replication objective by adding a replication objective to the extended retention backup. The rules in the extended retention objective define the selected full primary backups. Review the following information about replication of extended retention backups.
Before you configure replication of extended retention backups, create a replication objective for the primary backup. Configure the replication objective of the extended retention and match this objective with one of the existing replication
objectives based on the primary backup. Any changes to a new or existing storage unit in the extended retention replication objective or the replication objective of the primary backup is applied to both replication objectives.
The replication objective of extended retention backups only updates the retention time of replicated backup copies and does not create any new backup copies in the replication storage.
Delete backup copies In addition to deleting backups after the retention period expires, PowerProtect Data Manager enables you to manually delete backup copies from protection storage.
About this task
If you no longer require a backup copy and the retention lock is not enabled, you can delete backup copies prior to their expiration date.
Managing Protection Policies 85
You can perform a backup copy deletion that deletes only a specified part of a backup copy chain, without impacting the ability to restore other backup copies in the chain. When you select a specific backup copy for deletion, only that backup copy and the backup copies that depend on the selected backup copy are deleted. For example, when you select to delete a full backup copy, any other backup copies that depend on the full backup copy are also deleted.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to delete copies. If a policy has been assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the backups are stored.
4. In the left pane, click the storage icon to the right of the icon for the asset, for example, DD. The table in the right pane lists the backup copies.
5. Select one or more copies from the table that you want to delete from the DD system, and then click Delete.
A preview window opens and displays the selected backup copies.
NOTE: For assets with backup copies that are chained together such as Microsoft SQL Server databases, Oracle
databases, SAP HANA databases, and application-aware virtual machines, the preview window lists all the backup copies
that depend on the specified backup copy. If you delete a backup copy, PowerProtect Data Manager deletes the
specified backup copy and all backup copies that depend on the specified backup copy.
6. For all asset types, you can choose to keep the latest backup copies or delete them. By default, PowerProtect Data Manager keeps the latest backup copies. To delete the latest backup copies, clear the checkbox next to Include latest copies.
For VMAX storage group backup copies, you can choose to delete copies that are grouped together in the same protection transaction or delete only selected copies. By default, PowerProtect Data Manager deletes copies that are grouped together in the same protection transaction. To delete only selected copies, clear the checkbox next to Include copies in the same protection transaction.
7. To delete the backup copies, in the preview window, click Delete.
NOTE: The delete operation may take a few minutes and cannot be undone.
An informational dialog box opens to confirm the copies are being deleted. To monitor the progress of the operation, click Go to Jobs. To view the list of backup copies and their status, click OK.
NOTE: If the data deletion is successful but the catalog deletion is unsuccessful, then the overall deletion job status
appears as Completed with Exceptions.
When the job completes, the task summary provides details of each deleted backup copy, including the time that each copy was created, the backup level, and the retention time. The time of copy creation and the retention time are shown in UTC.
An audit log is also generated and provides details of each deleted backup copy, including the time that each copy was created, the backup level, and the retention time. The time of copy creation and the retention time are shown in UTC. Go to Alerts > Audit Logs to view the audit log.
8. Verify that the copies are deleted successfully from protection storage. If the deletion is successful, the deleted copies no longer appear in the table.
Retry a failed backup copy deletion
If a backup copy is not deleted successfully, you can manually retry the operation.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to delete copies. If a policy has been assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the backups are stored.
4. In the left pane, click the storage icon to the right of the icon for the asset, for example, DD. The table in the right pane lists the backup copies.
5. Select one or more backup copies with the Deletion Failed status from the table, and then click Delete.
86 Managing Protection Policies
You can also filter and sort the list of backup copies by status in the Copy Status column.
The system displays a warning to confirm that you want to delete the selected backup copies.
6. Click OK. An informational dialog box opens to confirm that the copies are being deleted. To monitor the progress of the operation, click Go to Jobs. To view the list of backup copies and their status, click OK.
7. Verify that the copies are successfully deleted from protection storage. If the deletion is successful, the deleted copies no longer appear in the table.
Export data for deleted backup copies
This option enables you to export results of deleted backup copies to a .csv file so that you can download an Excel file of the data.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. From the Assets window, select the tab for the asset type for which you want to export results of deleted backup copies. If a policy has been assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select one or more protected assets from the table, and then select More Actions > Export Deleted Copies.
If you do not select an asset, PowerProtect Data Manager exports the data for deleted backup copies for all assets for the specific asset type.
4. Specify the following fields for the export:
a. Time Range
The default is Last 24 Hours.
b. Copy Status
In order to export data for deleted backup copies, the backup copies must be in one of the following states:
DeletedThe copy is deleted successfully from protection storage, and, if applicable, the agent catalog is deleted successfully from the agent host.
DeletingCopy deletion is in progress. Deletion FailedCopy deletion from protection storage is unsuccessful. Deletion Failed (Agent Catalog)The copy is deleted successfully from protection storage, but is not deleted
from the agent host.
NOTE: This state is not applicable to virtual machine and Kubernetes backup copies.
NOTE: You cannot export data for backup copies that are in an Available state.
5. Click Download. If applicable, the navigation window appears for you to select the location to save the .csv file.
6. Save the .csv file in the desired location and click Save.
Remove backup copies from the PowerProtect Data Manager database
This option enables you to delete the backup copy records from the PowerProtect Data Manager database, but keep the backup copies in protection storage.
About this task
For backup copies that could not be deleted from protection storage, you can remove the backup copies from the PowerProtect Data Manager database. Removing the backup copies from PowerProtect Data Manager does not delete the copies in protection storage.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
Managing Protection Policies 87
2. From the Assets window, select the tab for the asset type for which you want to delete copies. If a policy has been assigned, the table lists the assets that have been discovered, along with the associated protection policy.
3. Select a protected asset from the table, and then click View Copies. The Copy Locations pane identifies where the backups are stored.
4. In the left pane, click the storage icon to the right of the icon for the asset, for example, DD. The table in the right pane lists the backup copies.
5. Select one or more backup copies with the Deletion Failed status from the table, and then click Remove from PowerProtect. The system displays a warning to confirm that you want to delete the selected backup copies.
6. Click OK. An informational dialog box opens to confirm that the copies are being deleted. To monitor the progress of the operation, click Go to Jobs. To view the list of backup copies and their status, click OK.
7. Verify that the copies are deleted from the PowerProtect Data Manager database. If the deletion is successful, the deleted copies no longer appear in the table. The backup copies remain in protection storage.
Removing expired backup copies PowerProtect Data Manager deletes the backup copies of an asset automatically when the retention period of the copy expires.
Information about specifying retention periods for a protection policy objective is provided within the user guide for each asset type.
In order for an expired copy to be deleted, the asset must be managed by PowerProtect Data Manager and in one of the following states:
Exclusion The asset is assigned to an exclusion protection policy. Disabled The asset is assigned to a disabled protection policy. Protected The asset is assigned to an enabled protection policy. Previously Protected The asset has been unassigned from a protection policy and has not yet been reassigned to
another policy or assigned to an Exclusion policy.
For an asset assigned to either an exclusion or disabled protection policy, PowerProtect Data Manager deletes the expired backup copies for the asset when the following settings are set to true:
expiredCopyDeletionEnabledForAssetInExclusionPolicy expiredCopyDeletionEnabledForAssetInDisabledPolicy The expired copy deletion settings for exclusion and disabled protection policies are set to true by default. If either setting is set to false, PowerProtect Data Manager skips deletion of the expired backup copies. The PowerProtect Data Manager Public REST API documentation provides more information.
Expired copy cleanup occurs at 00:00 AM UTC each day. If a copy deletion fails, a warning alert appears in the audit log under Alerts > System.
You can monitor the progress of the expired copy removal job from the Jobs window.
Removing assets from PowerProtect Data Manager PowerProtect Data Manager automatically removes assets if certain conditions are met. However, some assets can be manually removed.
Assets are automatically removed if the following conditions are met:
The status of the asset is Deleted. The asset has no backup copies. The asset has existed for longer than the value of the asset TTL setting. This is 0 minutes by default, but it can be changed
with the REST API. For more information, see PowerProtect Data Manager Public REST API documentation.
NOTE: This value has changed from earlier versions of PowerProtect Data Manager.
The manual removal of assets allows for the following increased control over the process:
The asset can be removed on demand. The status of the asset can be Not Detected.
88 Managing Protection Policies
All protection copies of the asset, including replicated and cloud tiered copies, can be manually removed, followed by the manual removal of the asset.
All protection copies of the asset can be automatically removed, if this option is selected during manual asset removal from PowerProtect Data Manager,
Remove assets and associated protection copies
In the PowerProtect Data Manager UI, you can manually remove some assets ahead of their scheduled removal, or remove assets that have not been automatically removed.
Prerequisites
The asset has a status of Deleted or Not Detected. The asset has no protection copies. If copies still exist in the storage system for the asset, you can delete these copies
before following the steps in this procedure or select an option to automatically delete the copies when the asset is removed. For information on deleting backup copies, see Delete backup copies.
Steps
1. Select Infrastructure > Assets.
2. Select the tab that corresponds to the type of assets that you want to remove. For example, for vCenter virtual machine assets, click Virtual Machine.
Assets that are associated with protection copies of this type are listed. By default, only assets with Available or Not Detected status display. You can also search for assets by name.
3. Select one or more assets from the list. and then click More Actions > Remove Asset. The Remove Assets dialog displays.
4. Select from one of the following options:
NOTE: All of these options might not display for the selected assets. The available options depend on the protection
copy status of the selected assets.
Remove assets and associated protection copiesremoves these assets from PowerProtect Data Manager, and automatically removes any protection copies for these assets from storage.
Only remove assets with no associated protection copiesthese assets will not be deleted if PowerProtect Data Manager detects that protection copies for these assets still exist in the storage system.
Mark "Not Detected" assets as "Deleted" but keep associated protection copiesmark assets with Not Detected status as Deleted in the PowerProtect Data Manager UI, but retain protection copies for these assets in the storage system. You can view assets marked as Deleted from the Infrastructure > Assets pane.
5. Click OK to confirm the asset removal.
Run an asset-protection report This option enables you to run an asset-protection report and save the report in CSV format so that you can download an Excel file of protection results data.
Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
2. Select the protection policy for which you would like to export the protection records.
If you do not select a protection policy, PowerProtect Data Manager exports the protection records for all the protection policies.
3. Click Run Asset Protection Report. The Export Asset Protection window appears.
4. Specify the following fields for the export:
a. The Time Range.
The default is Last 24 hours.
This refers to the last complete midnight-to-midnight 24-hour period; that is, yesterday. So, any events that have occurred since the most recent midnight are not in the CSV export. For example, if you run the CSV export at 9am, any
Managing Protection Policies 89
events that have occurred in the last 9 hours are not in the CSV export. This is to prevent the overlapping of or partial exporting when queried mid-day on a regular or irregular basis.
b. The Job Status. c. Click Download.
If applicable, the navigation window appears for you to select the location to save the CSV file.
5. If applicable, save the .CSV file in the desired location and then click Save.
Disable a protection policy From the PowerProtect Data Manager UI, you can disable a protection policy to temporarily stop running certain backup objectives of this policy.
About this task
There are several reasons why you might want to disable a protection policy. For example, by disabling a policy, you can:
Edit the policy and determine the impact of your changes before these changes take effect. Stop backup activity on primary storage if the storage is in maintenance or is temporarily unavailable (for example, during a
storage upgrade).
By default, disabling a centralized protection policy stops the primary backup objectives of this policy, including synthetic full backups, full backups, and so on. Any replication and cloud tier objectives, however, continue to run while the policy is disabled. You can also perform manual primary backups of a policy that is in Disabled state by using the Protect Now functionality in the PowerProtect Data Manager UI. Protection jobs running for a disabled policy provides information about jobs that continue to run when a policy is disabled.
You can modify the default behavior to make changes regarding which jobs continue to run when a policy is disabled by using System Level overwrites in the REST API. The PowerProtect Data Manager Public REST API documentation provides instructions.
When a protection policy is disabled, you can edit the policy in the same manner that you would edit an enabled policy. The advantage of editing a policy in Disabled state is that you can preview the changes before resuming primary backups of the policy. Adding or editing a protection policy provides more information about modifying the details of an existing policy.
Steps
1. From the left navigation pane, select Protection > Protection Policies.
The Protection Policies window opens.
2. Select one or more policies in Enabled state. You can also select the checkbox at the top of the table to select all policies on the current page.
3. Click Disable.
Results
The policy status changes to Disabled. In Disabled state: In progress primary backup jobs that are associated with this policy continue to run until complete. If primary backups are
scheduled to run during the time that the policy is disabled, those backups do not run, even when you enable the policy again. When you re-enable the policy, future scheduled backups resume.
All other protection jobs for the policy continue to run according to schedule, unless no primary backup copy exists for the policy. In this case, protection jobs are skipped.
Manual backups of primary objectives can still be performed.
Protection jobs running for a disabled policy
When a protection policy is disabled, only protection jobs related to the primary backup objectives stop running.
The following table provides information about the types of protection jobs that continue to run when a policy is in Disabled state. The column System level ovewrite? indicates whether the default behavior for this job can be overwritten by using the API command. Note, however, that when a policy is disabled, the setting for at least one of these jobs must remain disabled.
NOTE: If no primary backup copy exists for the disabled policy, other scheduled protection jobs such as replication will
display as Skipped in the Protection Jobs window of the PowerProtect Data Manager UI.
90 Managing Protection Policies
Table 26. Protection jobs running when a policy is disabled
Job category Purpose Runs when policy is disabled?
System level overwrite?
Centralized scheduled primary protection
Create a primary backup No Yes
Manual backup and replication (Protect Now, Replicate Now)
Create a primary backup (Protect Now)
Replicates primary backup (Replicate Now)
Yes No
Self-service protection Create a primary backup Yes No
Policy and asset configuration Prepare for protection or copy management jobs
Yes No
Replication Copy management (location) Yes Yes
Cloud DR Copy management (location) Yes Yes
Extended Retention Copy management (retention) Yes Yes
Cloud Tier Copy management (location) Yes Yes
SLA compliance verification Copy management (report and alert)
Yes Yes
Delete expired copy Copy management (reclaiming space on DD)
Yes Yes
Enable a disabled protection policy
To reenable a disabled policy, perform the following steps:
Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
2. Select one or more policies in Disabled state. You can also select the checkbox at the top of the table to select all policies on the current page.
3. Click Enable.
Results
The status changes to Enabled. Primary backups for the reenabled policies resume according to the protection policy schedule.
Customize the default behavior of disabled policies
By default, a protection policy in Disabled state prevents the primary backup objectives of this policy from running, but does not stop other protection jobs. You can, however, change the default behavior to also stop other activities, such as replication and cloud tiering, by using the REST API.
The PowerProtect Data Manager Public REST API documentation provides instructions.
Delete a protection policy Perform the following steps to delete a protection policy that is not protecting any assets.
Prerequisites
If the policy you want to delete protects assets, you must associate those assets with a different protection policy before you can delete the policy.
Managing Protection Policies 91
Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
2. Select the policy that you want to delete, and then click Delete.
Results
After you delete a policy, clean-up of unnecessary components within protection storage occurs automatically according to schedule. Clean-up includes storage units under the control of PowerProtect Data Manager and the corresponding DD Boost users, according to the rules for storage units.
Add a service-level agreement SLA Compliance in the PowerProtect Data Manager UI enables you to add a service-level agreement (SLA) that identifies your service-level objectives (SLOs). You use the SLOs to verify that your protected assets are meeting the service-level agreements (SLAs).
About this task
NOTE: When you create an SLA for Cloud Tier, you can include only full backups in the SLA. Also, the Extended Retention
SLA applies to protection policies created in PowerProtect Data Manager 19.11 and earlier only. The Extended Retention
objective was removed in PowerProtect Data Manager 19.12. When updating to PowerProtect Data Manager 19.12 from a
previous release, any protection policies created in the earlier release with the Extended Retention SLA will continue to be
supported, however, you will not be able to edit the Extended Retention SLA in these policies.
In the SLA Compliance window, you can export compliance data by using the Export All functionality.
Steps
1. From the PowerProtect Data Manager UI, select Protection > SLA Compliance.
The SLA Compliance window appears.
2. Click Add or, if the assets that you want to apply the SLA to are listed, select these assets and then click Add.
The Add Service Level Agreement wizard appears.
3. Select the type of SLA that you want to add, and then click Next. Policy. If you choose this type, go to step 4. Backup. If you choose this type, go to step 5. Replication. If you choose this type, go to step 6. Cloud Tier. If you choose this type, go to step 7.
You can select only one type of Service Level Agreement.
4. If you selected Policy, specify the following fields regarding the purpose of the new Policy SLA:
a. The SLA Name. b. If applicable, select Minimum Copies, and specify the number of Backup, Replication, and Cloud Tier copies. c. If applicable, select Maximum Copies, and specify the number of Backup, Replication, and Cloud Tier copies. d. If applicable, select Available Location and select the applicable locations. To add a location, click Add Location.
Options include the following: InInclude locations of all copies in the SLO locations. Selecting this option does not require every SLO location to
have a copy. Must InInclude locations of all copies in the SLO locations. Selecting this option requires every SLO location to
have at least one copy. ExcludeLocations of all copies must be non-SLO locations.
e. If applicable, select Allowed in Cloud through Cloud Tier/Cloud DR. f. Click Finish, and then go to step 9.
5. If you selected Backup, specify the following fields regarding the purpose of the new Backup SLA:
a. The SLA Name. b. If applicable, select Recovery Point Objective required (RPO), and then set the duration. The purpose of an RPO is
business continuity planning, and indicates the maximum targeted period in which data (transactions) might be lost from an IT service due to a major incident.
92 Managing Protection Policies
NOTE: You can select only Recovery Point Objective required to configure as an independent objective in the
SLA, or select both Recovery Point Objective required and Compliance Window for copy type. If you select
both, the RPO setting must be one of the following:
Greater than 24 hours or more than the Compliance window duration, in which case RPO validation occurs
independent of the Compliance Window.
Less than or equal to the Compliance Window duration, in which case RPO validation occurs within the
Compliance Window.
c. If applicable, select Compliance Window for copy type, and then select a schedule level from the list, for example, All, Full, Cumulative, and set the duration. Duration indicates the amount of time necessary to create the backup copy. Ensure that the Start Time and End Time of backup copy creation falls within the Compliance Window duration specified.
This window specifies the time during which you expect the specified activity to take place. Any specified activity that occurs outside of this Start Time and End Time triggers an alert.
d. If applicable, select the Verify expired copies are deleted option.
Verify expired copies are deleted is a compliance check to see if PowerProtect Data Manager is deleting expired copies. This option is disabled by default.
e. If applicable, select Retention Time Objective, and specify the number of Days, Months, Weeks, or Years.
NOTE: For compliance validation to pass, the value set for the Retention Time Objective must match the lowest
retention value set for the backup levels of this policy's target objectives. For example, if you set the synthetic full
backup Retain For to 30 days but set the full backup Retain For to 60 days, the Retention Time Objective must be
set to the lower value, in this case, 30 days.
f. If applicable, select the Verify Retention Lock is enabled for all copies option. This option is disabled by default. g. Click Finish, and go to step 9.
The SLA Compliance window appears with the new SLA.
6. If you selected Replication, specify the following fields regarding the purpose of the new Replication SLA:
a. The SLA Name. b. If applicable, select the Compliance Window, and specify the Start Time and End Time.
This window specifies the times that are permissible and during which you can expect the specified activity to occur. Any specified activity that occurs outside of this start time and end time triggers an alert.
c. If applicable, select the Verify expired copies are deleted option.
Verify expired copies are deleted is a compliance check to see if PowerProtect Data Manager is deleting expired copies. This option is disabled by default.
d. If applicable, select Retention Time Objective, and specify the number of Days, Months, Weeks, or Years.
NOTE: For compliance validation to pass, the value set for the Retention Time Objective must match the lowest
retention value set for the backup levels of this policy's target objectives.
e. If applicable, select the Verify Retention Lock is enabled for all copies option. This option is disabled by default. f. Click Finish, and go to step 9.
The SLA Compliance window appears with the newly added SLA.
7. If you selected Cloud Tier type SLA, specify the following fields regarding the purpose of the new Cloud Tier SLA:
a. The SLA Name. b. If applicable, select the Verify expired copies are deleted option.
This option is a compliance check to determine if PowerProtect Data Manager is deleting expired copies. This option is disabled by default.
c. If applicable, select Retention Time Objective and specify the number of Days, Months, Weeks, or Years.
NOTE: For compliance validation to pass, the value set for the Retention Time Objective must match the lowest
retention value set for the backup levels of this policy's target objectives.
d. If applicable, select the Verify Retention Lock is enabled for all copies option. This option is disabled by default. e. Click Finish.
8. If the SLA has not already been applied to a protection policy:
a. Go to Protection > Protection Policies. b. Select the policy, and then click Edit.
9. In the Objectives row of the Summary window, click Edit.
Managing Protection Policies 93
10. Do one of the following, and then click Next: Select the added Policy SLA from the Set Policy Level SLA list. Create and add the SLA policy from the Set Policy Level SLA list. The Summary window appears.
11. Click Finish. An informational message appears to confirm that PowerProtect Data Manager has saved the protection policy.
12. Click Go to Jobs to open the Jobs window to monitor the backup and compliance results, or click OK to exit.
NOTE: Compliance checks occur automatically every day at 2 a.m. Coordinated Universal Time (UTC). If any objectives
are out of compliance, an alert is generated at 2 a.m. UTC. The Validate job in the System Jobs window indicates the
results of the daily compliance check.
For a backup SLA with a required RPO setting that is less than 24 hours, PowerProtect Data Manager performs real-time compliance checks. If you selected Compliance Window for copy type and set the backup level to All, the real-time compliance check occurs every 15 minutes only within the compliance window. If the backup level is not All, or if a compliance window is not specified, the real-time compliance check occurs every 15 minutes without stop.
NOTE: If the backup SLA has a required RPO setting of 24 hours or greater, compliance checks occur daily at 2 a.m.
UTC. Real-time compliance checks do not occur for backup SLAs with an RPO setting of 24 hours or greater.
Real-time compliance-check behavior
If the interval of time between the most recent backup of the asset and the compliance check is greater than the RPO requirement, then an alert indicates the RPO of the asset is out of compliance. This alert is generated once within an RPO period. If the same backup copy is missed when the next compliance check occurs, no further alerts are generated.
If the interval of time between the most recent backup of the asset and the compliance check is less than the RPO requirement, the RPO of the asset is in compliance.
If multiple assets in a policy are out of compliance at the same time when a compliance check occurs, a single alert is generated and includes information for all assets that are out of compliance in the policy. In the Alerts window, the asset count next to the alert summary indicates the number of assets that are out of compliance in the policy.
13. In the Jobs window, click next to an entry to view details on the SLA Compliance result.
Run a compliance report This option enables you to run a compliance report and save the report in CSV format so that you can download an Excel file of compliance results data.
Steps
1. From the PowerProtect Data Manager UI, select Protection > SLA Compliance.
The SLA Compliance window appears. The PowerProtect Data Manager SLA Compliance window displays the following information: SLA Name Stage Type Policies At Risk Objectives Out of Compliance Impacted Assets
2. Select the SLA for which you would like to export the compliance records.
3. Click Run Compliance Report. The Run Compliance Report window appears.
4. Specify the following fields for the export:
a. The Time Range.
The default is Last 24 hours.
This refers to the last complete midnight-to-midnight 24 hour period; that is, yesterday. So, any events that have occurred since the most recent midnight are not included in the CSV export. For example, if you run the CSV export at 9am, any events that have occurred in the last 9 hours are not included in the CSV export. This is to prevent the overlapping of or partial exporting when queried mid-day on a regular or irregular basis.
b. The Job Status.
94 Managing Protection Policies
c. Click Download.CSV. If applicable, the navigation window appears for you to select the location to save the CSV file.
5. If applicable, save the CSV file in the desired location and click Save.
Protecting client assets after a client hostname change If the hostname of a client is changed, its assets are no longer protected without further action.
When changing a client hostname, you must delete its existing lockbox files and generate new ones. For more information, see the documentation of the relevant application agent.
ifGroup configuration and PowerProtect Data Manager policies If an ifGroup is configured on the DD, the IP address selected in the PowerProtect Data Manager protection policy is only used for the initial connection, and redirection (for example, for load balancing) occurs according to the ifGroup setting on the DD. LACP and other failover options on the DD work independently from what is selected in the PowerProtect Data Manager policy.
The following examples and diagrams demonstrate common scenarios in PowerProtect Data Manager when an ifGroup is configured on the DD.
PowerProtect Data Manager policy with no ifGroup DD configuration:
eth1/eth2 1G eth3/eth4/eth5/eth6 10G No ifGroup
PowerProtect Data Manager policy with one ifGroup DD configuration:
eth1/eth2 1G eth3/eth4/eth5/eth6 10G ifGroup * eth3/eth4/eth5/eth6
Managing Protection Policies 95
PowerProtect Data Manager policy with multiple ifGroups DD configuration:
eth1/eth2 1G eth3/eth4/eth5/eth6 10G ifGroup VLAN-VM eth3/eth4 ifGroup VLAN-SQL eth5/eth6
96 Managing Protection Policies
Restoring Data and Assets
Topics:
View backup copies available for restore Restoring a protection policy Restore the PowerProtect Data Manager server Restore Cloud Tier backups to protection storage
View backup copies available for restore When a protection policy is successfully backed up, PowerProtect Data Manager displays details such as the name of the storage system containing the asset backup, location, the creation and expiry date, and the size. To view a backup summary:
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets or Restore > Assets.
2. Select the tab that corresponds to the type of assets that you want to view. For example, for vCenter virtual machine assets, click Virtual Machine.
Assets that are associated with protection copies of this type are listed. By default, only assets with Available or Not Detected status display. You can also search for assets by name.
For virtual machines, you can also click the File Search button to search on specific criteria.
NOTE: In the Restore > Assets window, only tabs for asset types supported for recovery within PowerProtect Data
Manager display. Supported asset types include the following:
Virtual Machines
File System
Storage Group
Kubernetes
3. To view more details, select an asset and click View copies.
The copy map consists of the root node and its child nodes. The root node in the left pane represents an asset, and information about copy locations appears in the right pane. The child nodes represent storage systems.
When you click a child node, the right pane displays the following information:
Storage system where the copy is stored. The number of copies Details of each copy, including the time that each copy was created, the consistency level, the size of the copy, the
backup type, the copy status, and the retention time. The indexing status of each copy at the time of copy creation:
Success indicates that all files or disks are successfully indexed. Partial Success indicates that only some disks or files are indexed and might return partial results on file search. Failed indicates that all files or disks are not indexed. In Progress indicates that the indexing job is in progress.
If indexing has not been configured for a backup copy, or if global expiration has been configured and indexed disks or files have been deleted before the backup copy expiration date, the File Indexing column displays N/A.
The indexing status updates periodically which enables you to view the latest status. For virtual machine backups, a Disk Excluded column enables you to view any virtual disks (VMDKs) that were excluded
from the backup.
7
Restoring Data and Assets 97
Restoring a protection policy You can use the PowerProtect Data Manager user interface to perform centralized and self-service restores of protection policy backups for any of the following asset types. For more information, see the appropriate publication.
Table 27. Protection-policy asset types
Asset type Publication
File system data PowerProtect Data Manager File System User Guide
Kubernetes cluster namespaces and PVCs
PowerProtect Data Manager Kubernetes User Guide
Microsoft Exchange Server databases
PowerProtect Data Manager Microsoft Exchange Server User Guide
Microsoft SQL Server databases
PowerProtect Data Manager Microsoft SQL Server User Guide
Network Attached Storage (NAS) share and appliance data
PowerProtect Data Manager Network Attached Storage User Guide
Oracle RMAN databases PowerProtect Data Manager Oracle RMAN User Guide
SAP HANA databases PowerProtect Data Manager SAP HANA User Guide
Storage Direct VMAX storage groups
PowerProtect Data Manager Storage Direct User Guide
Virtual machines PowerProtect Data Manager Virtual Machine User Guide
Restore the PowerProtect Data Manager server You can restore PowerProtect Data Manager server persisted data as a new instance using any of the backups. Only the Administrator role can carry out the restore.
Prerequisites
Ensure that: The PowerProtect Data Manager version that is deployed on your system and the backups you are using for the restore
match. The network configuration is the same on the newly deployed PowerProtect Data Manager system as on the failed instance
that you are restoring.
Steps
1. Deploy the PowerProtect Data Manager OVA and power it on.
2. Select Restore Backup.
To delay jobs defined by your protection policies until otherwise specified, select After restore, keep the product in recovery mode so that scheduled workflows are not triggered. When selected, after restore the system enters recovery maintenance mode. During recovery maintenance mode:
All jobs defined by your protection policies that modify the backup storage (for example, backup creation, backup deletion, and PowerProtect Data Manager Server DR jobs) are not triggered.
All operations that write to the backup storage are disabled. A system alert is displayed in PowerProtect Data Manager.
98 Restoring Data and Assets
To enable automatically scheduled operations and user operations that write to the backup storage, click Return to full Operational mode in the alert.
3. Specify the following storage information:
a. DD system IP where the recovery backups are stored. b. DD NSF Export Path where the recovery backups are stored. c. Click Connect.
4. Select the PowerProtect Data Manager instance that you would like to restore, and then click OK.
5. Select the backup file that you would like to use for recovery, and then click Recover.
6. Specify the lockbox passphrase associated with the backup, and start the recovery. This step initiates the recovery and display the progress status. The recovery process can take approximately eight minutes before the URI is redirected to the PowerProtect Data Manager login.
Results
The PowerProtect Data Manager server is recovered.
Next steps
After a successful recovery:
The time zone of the PowerProtect Data Manager instance is set to the same as that of the backup. All preloaded accounts are reset to default passwords, as described in the PowerProtect Data Manager Security
Configuration Guide. The preloaded UI administrator account is an exception and retains its password. Change the passwords for all preloaded accounts as soon as possible.
Restore Cloud Tier backups to protection storage Once a Cloud Tier backup is recalled, restore operations of these backups are identical to normal restore operations.
The PowerProtect Data Manager software recalls a copy of the backup from the Cloud Unit to the local (active) tier of protection storage, which then allows you to perform a restore of the backup from the active tier to the client. The status appears as Cloud, and changes to Local Recalled after cloud recall completes. After the restore, the backup copy is removed from Cloud Tier, and is stored on the active tier of protection storage for a minimum of 14 days, after which the backup may be returned to the cloud depending on your protection policy.
Recall and restore from Cloud Tier
Perform the following steps to recall a backup on Cloud Tier to the active tier on protection storage and restore this backup.
Prerequisites
NOTE: When a backup is recalled from Cloud Tier to the active tier, the copy is removed from Cloud Tier.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets.
2. On the Assets window, select the tab that contains the asset you want to recall from Cloud Tier, and then click View Copies.
3. Click DD, and then select from one of the available copies that appear in the table.
4. Click Recall. The Recall from Cloud dialog box appears.
5. In the Retain until box, specify how long you want to keep the copy on the active tier, and then click OK.
6. Go to the Jobs window to monitor the recall operation. When the copy has been moved successfully, the Location changes from Cloud to Local.
7. Select Restore > Assets, and then select the tab that contains the recalled asset.
8. Select the recalled asset, and then click Restore.
Restoring Data and Assets 99
NOTE: If you are unsure whether the asset has been recalled, click View Copies and select DD to view the available
backup copies. If the asset backup is a recalled copy, the Status column indicates Local Recalled.
9. Select the recalled copy to re-tier the copy to the active tier.
100 Restoring Data and Assets
Preparing for and Recovering From a Disaster
Topics:
About server disaster recovery System recovery for server DR Quick recovery for server DR Overview of PowerProtect Data Manager Cloud Disaster Recovery
About server disaster recovery The PowerProtect Data Manager system protection service enables you to protect the persistent data of a PowerProtect Data Manager system from catastrophic loss by creating a series of server disaster recovery (DR) backups.
Preparing for server DR requires the consideration of two scenarios: loss of the PowerProtect Data Manager server and loss of the entire site. Some of the information that you record during the server DR configuration process may only apply to one scenario or the other. As a best practice, you should gather and record all applicable information for both scenarios.
PowerProtect Data Manager supports three methods of server DR:
System recovery
System recovery creates point-in-time snapshots of the PowerProtect Data Manager server in protection storage. During a DR activity, recover the server from protection storage and then restore protected assets.
System recovery for server DR provides more information.
Quick recovery
Quick recovery makes a remote PowerProtect Data Manager replication destination aware of replicated backups and enables the recovery view. During a DR activity, you can restore assets from these replicated backups at the destination without first restoring the source server.
Quick recovery for server DR provides more information.
Cloud Disaster Recovery
Cloud DR enables you to restore to a DR site in a supported public cloud environment. During a DR activity, restore virtual machines to a Cloud DR server and recover those workloads in the cloud.
Overview of PowerProtect Data Manager Cloud Disaster Recovery provides more information.
8
Preparing for and Recovering From a Disaster 101
Differences between server DR methods
The following table highlights the differences between the three server DR methods,
Table 28. Server DR comparison
Criteria System recovery Quick recovery Cloud DR
Requires another running PowerProtect Data Manager server
No a Yes No
Requires additional configuration after setup Optional b No No
Requires configuration outside of the PowerProtect Data Manager UI during recovery
Yes No No
Preserves backup workflows Yes No No
Supports server DR replication Yes Automatic Automatic
Recovery time objective (RTO) for backup infrastructure >1 hour a N/A N/A
a. Optionally, you can configure a second server and leave this server unconfigured to decrease the RTO for system recovery. However, the RTO for system recovery cannot match the RTO for quick recovery or Cloud DR.
b. Configuration of server DR replication.
System recovery for server DR The system recovery process creates periodic backups of a PowerProtect Data Manager server, from which you can restore the server after a disaster. Each backup is considered a full backup although it is created in an incremental manner.
System recovery backups include persistent data such as the lockbox and the PowerProtect Data Manager databases. The backup operation quiesces the server and creates a point-in-time snapshot of the databases. This quiescent state limits user functionality. After the snapshot completes and while PowerProtect Data Manager copies the snapshot to protection storage, the server restores full user functionality. System recovery backups also include File Search indexes and other component DR backups.
The system protection service enables you to manage the frequency and retention of an automated server DR backup. You can also perform manual backups. However, the system protection service does not manage the retention of manual backups and you must delete any outdated manual backups yourself. Manage PowerProtect Data Manager server DR backups provides instructions.
You can select one protection storage system as a server DR backup target and one protection storage system as a replication target. Replication provides an extra layer of protection for server DR backups. Manually configure server DR backups provides instructions for configuring server DR replication, while Restore PowerProtect Data Manager from server DR backups contains instructions for restoring from a replica.
Since only one backup target and one replication target are supported at a time, when you specify a new protection storage system, you overwrite the existing selection. If you have more protection storage systems, you can change which protection storage system holds the server DR backup or receives the replica.
PowerProtect Data Manager server DR replication is independent of any legacy methods, such as MTree replication on an individual DD system. Backups and configuration from legacy methods are not detected or migrated.
Server DR protection storage types
PowerProtect Data Manager supports two types of protection storage for server DR: NFS and DD Boost.
DD Boost is the recommended storage type for PowerProtect Data Manager server DR. NFS is the legacy storage type for PowerProtect Data Manager server DR.
Updating the PowerProtect Data Manager server does not automatically change the storage type. Instead, select the appropriate storage type and manually configure server DR backups. Do not alternate between storage types.
Switching from NFS to DD Boost creates new server DR backups, rather than migrating existing backups. The previous NFS backups are no longer visible in the list of DR backups. However, you can still recover from older NFS server DR backups even after switching to DD Boost, should you experience a disaster before the initial DD Boost system backup completes.
102 Preparing for and Recovering From a Disaster
DD Boost
DD Boost provides security and efficiency advantages over NFS, including password-protected authentication. When you use DD Boost, PowerProtect Data Manager creates and manages a storage unit on the DD system and a corresponding user account.
The storage unit and user account name are based on the PowerProtect Data Manager hostname. For example, SysDR_
The DD Boost user password is based on the PowerProtect Data Manager predefined administrator account (admin) password.
NOTE: The password is based on the admin account even if you use other accounts with the Administrator role, such
as external identity provider users, to administer PowerProtect Data Manager.
Changes to the PowerProtect Data Manager predefined administrator password prompt corresponding updates to the DD Boost user password. If you configured server DR replication, password changes also prompt corresponding updates to the credentials on the replication target. Recovery from server DR backups requires the PowerProtect Data Manager predefined administrator password. If you do not know this password, contact Customer Support.
If you plan to use DD Boost, add the DD system as protection storage before you configure server DR. Protection storage provides instructions.
The DD Boost storage type allows for automatic server DR configuration. Automatic server DR provides more information.
Only the DD Boost storage type supports server DR replication.
NFS
To store backups over NFS, you must configure and assign a private storage unit for the PowerProtect Data Manager system. Then, prepare the DD recovery target by creating an NFS export. With the DD system address and the NFS export path, you can configure PowerProtect Data Manager to perform server DR backups.
NFS storage is deprecated in favor of DD Boost.
Automatic server DR
New installations of PowerProtect Data Manager automatically configure and enable server DR with minimal input. This process ensures that the server is protected as soon as you add protection storage.
Automatic server DR detects when you first add a protection storage system. The automatic configuration mechanism uses the recommended DD Boost storage type and default settings to create a managed storage unit for server DR. This process generates server DR jobs that you can track through the Jobs page.
Automatic configuration selects the first protection storage system that you add to PowerProtect Data Manager. However, you can configure server DR to change the target to another protection storage system or enable replication. Manually configure server DR backups provides instructions. Manual configuration of the backup target is not recommended unless you must target a different protection storage system.
If automatic server DR fails, Manually configure server DR backups provides an alternate method to configure server DR. The job details provide information that you can use to troubleshoot the configuration process.
Prepare the DD system recovery target (NFS)
If you plan to use NFS for system backup storage, configure the NFS export on the DD target system and select the required permissions. Configuring PowerProtect Data Manager for backup and recovery requires this NFS export path.
About this task
NOTE: NFS is the legacy storage type for PowerProtect Data Manager server DR.
Steps
1. Use a web browser to log in to DD System Manager as the system administrator user.
2. On the Summary tab in the Protocols pane, select NFS Exports > Create Export.
Preparing for and Recovering From a Disaster 103
3. In the Create NFS Export window, provide the following information, and then click OK.
Export Namethe name of the DD MTree. Directory Paththe full directory path for DD MTree that you created. Ensure that you use the same name for the
directory. NOTE: For an external DD system, specify a path similar to the following, /data/col1/
the MTree that stores the system backups.
4. Add PowerProtect Data Manager by hostname or IP address to the NFS client list.
To configure DR protection for an existing Search cluster, add the IP address or hostname of the Search cluster to the NFS client list.
5. Ensure that the Current Selection list includes no_root_squash, which is required for permission for PowerProtect Data Manager to change the directory structure on the NFS share.
6. When the progress message indicates that the save operation is complete, click Close.
Manually configure server DR backups
For new installations, PowerProtect Data Manager automatically configures and enables server DR. However, you can manually configure DR protection for the PowerProtect Data Manager system and the system metadata.
Prerequisites
If you plan to use NFS for protection storage, prepare the target DD system as described in Prepare the DD system recovery target (NFS).
If you plan to use DD Boost for protection storage, add the DD system as protection storage. Protection storage provides instructions. If you plan to replicate server DR backups, the replication target must be a different protection storage system.
Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
2. Click , select Disaster Recovery, and then click Configuration.
3. Select Enable backup.
4. For DD Boost, configure the backup with the following attributes:
a. For Protocol, select DDBoost. b. From the PowerProtect DD System drop-down list, select a backup destination from the list of existing protection
storage systems, or select Add to add a system and complete the details in the Add Storage window. For initial DR configuration, the Storage Unit field is empty. If DR was already configured, the Storage Unit field displays the name of the storage unit that holds server DR backups.
5. For NFS, configure the backup with the following attributes:
a. For Protocol, select NFS. b. In the PowerProtect DD System field, type the IP address or hostname of the DD system for the backup. c. In the NFS Export Path field, type the NFS path where server DR backups are stored on the target DD system.
6. Configure the backup frequency and duration:
a. Type an interval between server DR backups, in hours.
This setting controls backup frequency, and the allowed values are 1 to 24 hours.
b. Type the number of days for which PowerProtect Data Manager should retain server DR backups.
The allowed values are 2 to 30 days.
7. To enable server DR replication:
a. Check Enable Replication. b. From the Replicate Backup To drop-down list, select a target from the list of existing protection storage systems, or
select Add to add a system and complete the details in the Add Storage window.
The replication target cannot be the backup destination.
The replication frequency and retention time are the same as for the backup.
8. Click Save.
104 Preparing for and Recovering From a Disaster
Results
For DD Boost, PowerProtect Data Manager creates system jobs to prepare the new storage unit and to configure the server DR protection policy.
For both storage types, PowerProtect Data Manager creates a system job for the first server DR backup.
If you configured replication, PowerProtect Data Manager creates a DD Boost user and storage unit on the destination. Server DR backups begin replicating according to the protection schedule.
Next steps
Verify that the system jobs succeed.
Record settings for server DR
Plan for DR by recording vital information. In the event of a major outage, you will need this information to recover your systems. Some items are only required for particular DR scenarios. Record the following information on a local drive outside PowerProtect Data Manager:
Steps
1. If PowerProtect Data Manager is deployed to vSphere, record the port groups:
a. Log in to the vSphere client. b. Right-click the appliance name and select Edit Settings. c. Record the port group settings that are assigned to PowerProtect Data Manager.
This information is useful when restoring to the same VMware environment.
2. Record the PowerProtect Data Manager FQDN.
3. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
4. Record the PowerProtect Data Manager version and build numbers.
Customer Support can provide this information, which is not mandatory.
5. Click , select Disaster Recovery, and then click Configuration.
6. Record whether server DR storage uses NFS or DD Boost.
7. Record the protection storage system IP address or FQDN.
8. If you configured server DR replication, record the FQDN for the replication target.
9. If you use NFS for server DR storage, record the NFS export path.
10. If you use DD Boost for server DR storage, perform the following substeps:
a. Connect to the PowerProtect Data Manager console and change to the root user. b. Change directory:
cd /usr/local/brs/puppet/scripts c. Obtain and record the server DR DD Boost credentials:
./get_sdr_config_credential.py SysDR_$(hostname -s) d. Connect to the protection storage system console. e. Obtain and record the user ID (UID) for the server DR DD Boost user:
user show list
Results
Table 29. Recorded DR settings
System Setting or Property Example Recorded Value
PowerProtect Data Manager
Version and build 19.12 FQDN server1.example.com Backup protocol NFS or DD Boost
Server DR replica
FQDN dd-replica.example.com
Preparing for and Recovering From a Disaster 105
Table 29. Recorded DR settings (continued)
System Setting or Property Example Recorded Value
Protection storage system
FQDN dd.example.com NFS export path N/A
DD Boost username SysDR_server1 DD Boost password zD0_56c-b4e-ad4-dbb- DD Boost UID 501
Manage PowerProtect Data Manager server DR backups
View PowerProtect Data Manager server DR backups and perform manual backups.
About this task
For DR backups, PowerProtect Data Manager supports a default retention period of 7 days plus the last 3 hourly backup copies for the current day. You can change the frequency and retention of DR backups from the Disaster Recovery > Configuration tab.
The system protection service automatically deletes scheduled backups according to the configured retention policy.
You can manually delete all backups except for the most recent backup marked as FULL and the most recent backup marked as PARTIAL.
Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
2. Click , select Disaster Recovery, and then click Manage Backups.
3. To perform a manual backup:
a. Click Backup Now.
The Enter a name for your backup dialog appears.
b. [Optional] Type a name for your backup.
You can leave the backup name blank, and PowerProtect Data Manager provides a name for the backup by using the naming convention UserDR-. If you provide a name with the convention that PowerProtect Data Manager uses for scheduled backups, which is SystemDR, PowerProtect Data Manager displays an error.
c. Click Start Backup.
The backup appears as an entry in the table. To view details for the backup, click the arrow icon.
If the Search Engine is deployed,PowerProtect Data Manager also backs up the Search Engine. The backup details provide the status of the Search Engine backup.
To monitor the status of the backup, select Jobs > Protection and look for a job with the name Protect the server datastore.
4. To delete a backup:
a. Select a backup from the list.
b. Click for that row. The system displays a warning to confirm you want to delete the backup. Click Yes to proceed.
5. Click Cancel.
Restore PowerProtect Data Manager from server DR backups
You can restore PowerProtect Data Manager from a server DR backup on a protection storage system.
Prerequisites
Only the Administrator role can carry out the restore.
106 Preparing for and Recovering From a Disaster
Ensure that all the information listed in Record settings for server DR is available. Ensure that the FQDN of the PowerProtect Data Manager is the same as the host name. To restore from NFS, ensure that you have set up the recovery target system. See Prepare the DD system recovery target
(NFS). To restore from DD Boost, ensure that you have the current password for the PowerProtect Data Manager UI predefined
administrator account. If you do not know this password, contact Customer Support. To restore from a server DR replica, ensure that you have the IP address or FQDN for the replication target, the
PowerProtect Data Manager hostname, and the current password for the PowerProtect Data Manager UI predefined administrator account.
If the Search Engine or reporting engine nodes from the previous PowerProtect Data Manager deployment are still hosted on the vCenter server, delete the Search Engine and reporting engine nodes from the vCenter server before you restore the PowerProtect Data Manager system. The recovery process redeploys the Search Engine and reporting engine nodes as part of the restore operation.
The recovery process does not automatically redeploy protection engines. After recovery, redeploy the protection engines.
About this task
When a primary PowerProtect Data Manager system fails because of a major event, deploy a new PowerProtect Data Manager system and recover the backup from the external DD system.
NOTE: If the recovery system is on a different FQDN, see Troubleshoot recovery of PowerProtect Data Manager.
If a Search Engine is present in the recovery backup when you restore the PowerProtect Data Manager system, the Search Engine is automatically restored.
Steps
1. Deploy a new PowerProtect Data Manager virtual appliance.
The PowerProtect Data Manager Deployment Guide for the appropriate platform provides instructions.
2. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:
https://<appliance_hostname> NOTE: You can specify the hostname or the IP address of the appliance.
3. On the Install window under Welcome, select Restore Backup.
4. Select After restore, keep the product in recovery mode so that scheduled workflows are not triggered.
Recovery mode provides more information.
5. To restore from NFS:
a. For Protocol, select NFS. b. Under Select File, enter the DD System and NFS Export Path where the backup is located, and then click Connect.
A list of the available recovery backups appears.
6. To restore from DD Boost:
a. For Protocol, select DDBoost. b. Type the hostname or IP address for the protection storage system that stores server DR backups. c. If the hostname is not already populated, type the hostname for the original PowerProtect Data Manager system. d. To restore from a server DR replica, append /R to the hostname.
For example, system1.example.com/R.
e. Type the password for the predefined administrator account (admin) of the original PowerProtect Data Manager.
f. Click Connect.
A list of the available recovery backups appears. If restoring from a replica, the list of backups includes those on the replica.
7. Select the backup from which to recover the system, and then click Recover. The recovery starts. Recovery can take a few minutes.
Results
When recovery is complete, the PowerProtect Data Manager login page appears.
The time zone of the PowerProtect Data Manager instance is set to that of the backup.
If restoring from a replica, the replication target protection storage system is configured as the new server DR backup target.
Preparing for and Recovering From a Disaster 107
All preloaded accounts are reset to default passwords, as described in the PowerProtect Data Manager Security Configuration Guide. The preloaded UI administrator account is an exception and retains its password. Change the passwords for all preloaded accounts as soon as possible.
NOTE: Backup copies that are created after a Server DR restore point are discovered after the server is restored to a state
where the backup copies did not exist. However, any backup copies that had replication or cloud tier copies before the
restore are replicated or cloud tiered during the next manual or scheduled job. objective.
Recovery mode
If you select After restore, keep the product in recovery mode so that scheduled workflows are not triggered during deployment, PowerProtect Data Manager enables recovery mode.
With recovery mode active, when you log in to PowerProtect Data Manager:
A red banner appears at the top of the PowerProtect Data Manager UI. The banner indicates that the PowerProtect Data Manager system is operational but scheduled workflows are disabled.
All jobs defined by your protection policies that modify the backup storage (for example, backup creation, backup deletion, and PowerProtect Data Manager Server DR jobs) are not triggered.
All operations that write to the backup storage are disabled.
To return PowerProtect Data Manager to full operational mode and enable scheduled workflows, click Return to full operational mode.
Recover the Search Engine from a DR backup
PowerProtect Data Manager automatically restores the Search cluster after disaster recovery of the PowerProtect Data Manager system is complete. If the PowerProtect Data Manager system could not restore the Search cluster automatically, use the steps in this procedure to restore only the Search cluster through the REST API. Recovery of a Search cluster must be performed on an operational PowerProtect Data Manager system. Only the Administrator role can restore the Search cluster.
Prerequisites
Obtain the name of the Search cluster backup from System Settings > Disaster Recovery > Manage Backups.
About this task
Use the backup manifest file to create a new text document that will be used issue a POST command with the REST API:
CAUTION: Do not edit the manifest file itself.
Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
Use the same credentials that you used before PowerProtect Data Manager was restored.
2. Connect to the PowerProtect Data Manager console as an admin user.
3. Change directories to /data01/server_backups/
Normally, there is only a single subdirectory in /data01/server_backups, so change to that subdirectory. However, if there is more than one subdirectory and you don't know which
a. From /data01/server_backups, run the following commands, changing the username and password as required:
TOKEN=$(curl -X POST https://localhost:8443/api/v2/login -k -d '{ "username": "admin","password": "admin_password" }' --header "Content-Type: application/json" | python3 -c "import sys, json; print(json.load(sys.stdin)['access_token'])")
curl -X GET https://localhost:8443/api/v2/nodes -k --header "Content-Type: application/json" --header "Authorization:Bearer $TOKEN"
b. Run the command grep -Rnwa -e '
4. Copy the manifest file to a temporary file.
108 Preparing for and Recovering From a Disaster
5. Open the temporary file.
6. Review the following example, and make the changes documented by the // comment entries.
NOTE: The // comment entries displayed here do not exist in the temporary file itself. These comment entries are
displayed here only as a guide.
{ "id": "ca8cbb13-6f3d-4ac5-87e5-de47a634379f", "jobId": "990b4ea7-c0e4-4069-8dd5-7d0e084370fc", // DELETE LINE "creationTime": "2022-08-25T19:38:54.622275+0000", "lastUpdated": "2022-08-25T19:40:18.165497Z",// DELETE LINE "elapsedSeconds": 11, "sequenceNumber": 2, "state": "Successful",// DELETE LINE "version": "19.12.0-1-SNAPSHOT", // DELETE LINE "hostname": "ldpdb141.hop.lab.emc.com", // DELETE LINE "name": "mercijTestDr", // DELETE LINE "nodeId": "a8d2df8e-5c3e-4160-87d4-32b9bfe6c283", // DELETE LINE "sizeInBytes": 29759075, "consistency": "CRASH_CONSISTENT", // DELETE LINE "checksum": "bbd97a04f296a8ed116e4a9272982d8e8411f3d0cf50dea131d5c2cd4ce224f8", // DELETE LINE "backupConsistencyType": "FULL", // DELETE LINE "esSnapshotState": "UNKNOWN", // DELETE LINE "backupTriggerSource": "USER", // DELETE LINE "configType": "standalone", // DELETE LINE "deployedPlatform": "vmware", // DELETE LINE "replicationTargets": [], // DELETE LINE "repositoryFileSystem": "BOOST_FILE_SYSTEM", // DELETE LINE "ddHostname": "ldpdg251.hop.lab.emc.com", // DELETE LINE and add line "recover":true, "Components": [ // change Components to components with lower case c { // DELETE WHOLE PPDM COMPONENT LEAVING ONLY SEARCHCLUSTER "name": "PPDM", "id": "ca7cbb13-6f3d-4ac5-87e5-de47a634379f", "lastActivityId": "2bdbe7a8-7c57-446d-b072-ad8081e2953d", "version": "v2", "backupPath": "ldpdg251.hop.lab.emc.com:SysDR_ldpdb141/ ldpdb141_a8d2df8e-5c3e-4160-87d4-32b9bfe6c283/PPDM", "backupStatus": "SUCCESSFUL", "backupsEnabled": true, "errorResults": [] }, // STOP DELETING HERE { "name": "SearchCluster", "id": "ca7cbb13-6f3d-4ac5-87e5-de47a634379f", "lastActivityId": "198a93b1-7382-474b-89c8-c7b6b0ab4987", "version": "v2", "backupPath": "ldpdg251.hop.lab.emc.com:SysDR_ldpdb141/ ldpdb141_a8d2df8e-5c3e-4160-87d4-32b9bfe6c283/SearchCluster", "backupStatus": "SUCCESSFUL", "backupsEnabled": true, // DELETE TRAILING COMMA "errorResults": [] // DELETE LINE } ] }
In summary:
remove all lines with the // DELETE LINE comment entry displayed here
add recover: true change Components to components remove all listed component blocks except for Search Cluster remove the trailing comma from "backupsEnabled": true, The result of these changes should look similar to the following:
{ "id": "ca8cbb13-6f3d-4ac5-87e5-de47a634379f", "creationTime": "2022-08-25T19:38:54.622275+0000",
Preparing for and Recovering From a Disaster 109
"elapsedSeconds": 11, "sequenceNumber": 2, "sizeInBytes": 29759075, "recover" : true, "components": [ { "name": "SearchCluster", "id": "ca7cbb13-6f3d-4ac5-87e5-de47a634379f", "lastActivityId": "198a93b1-7382-474b-89c8-c7b6b0ab4987", "version": "v2", "backupPath": "ldpdg251.hop.lab.emc.com:SysDR_ldpdb141/ ldpdb141_a8d2df8e-5c3e-4160-87d4-32b9bfe6c283/SearchCluster", "backupStatus": "SUCCESSFUL", "backupsEnabled": true } ] }
7. Copy the value of the text inside the quotation marks that follow "id":.
This value replaces the variable
8. Remove all carriage returns from the temporary file, so that all the text is on a single line.
9. Copy all of the text from the temporary file.
This value replaces the variable
10. Run the following command, changing the username and password credentials as required:
NOTE: Even if you ran this command in step 3.a, run it again. The validity of the value of TOKEN is time sensitive.
TOKEN=$(curl -X POST https://localhost:8443/api/v2/login -k -d '{ "username": "admin","password": "admin_password" }' --header "Content-Type: application/json" | python3 -c "import sys, json; print(json.load(sys.stdin)['access_token'])")
11. Run the following command:
curl -X PUT 'https://localhost:8443/api/v2/server-disaster-recovery-backups/
Replace
12. To monitor the status of the restore process in the PowerProtect Data Manager UI, select Jobs > System Jobs and look for a job with the description Restoring backup Search Node.
Next steps
Delete the temporary file created in step 4.
Change the IP address or hostname of a DD system
You can change the IP address or hostname of a DD system without affecting server DR.
About this task
Before changing the IP address or hostname of a DD system, perform the following steps.
NOTE: If you have changed the IP address or hostname of a DD system without following these steps, you can recover DR
functionality. For more information, see Recover from a changed DD system IP address or hostname.
Steps
1. Disable Server DR backups.
2. Log in to the PowerProtect Data Manager server by using SSH.
3. Run the following command:
110 Preparing for and Recovering From a Disaster
sudo umount /data01/server_backups 4. For each Search Engine node, perform the following substeps:
a. Log in to the Search Engine node by using SSH. b. Run the following command:
sudo umount /mnt/PPDM_Snapshots 5. Remove the DD system from PowerProtect Data Manager:
a. From the PowerProtect Data Manager UI, select Infrastructure > Storage. b. Select the DD system to remove. c. Click Delete.
6. Change the IP address or hostname of the DD system.
7. Add the DD back to PowerProtect Data Manager.
8. Enable server DR backups.
Recover from a changed DD system IP address or hostname
If you changed the IP address or hostname of a DD system without following the supported procedure, you can recover your server DR functionality.
About this task
Steps
1. Disable Server DR backups.
2. Log in to the PowerProtect Data Manager server by using SSH.
3. Run the following command:
ps aux | grep /data01/server_backups | grep boostfs Make a note of the process ID next to the boostfs entry in the command output.
4. Run the following command, replacing
sudo kill -9
sudo umount /data01/server_backups 6. For each Search Engine node, perform the following substeps:
a. Log in to the Search Engine node by using SSH. b. Run the following command:
sudo umount /mnt/PPDM_Snapshots 7. Remove the DD system from PowerProtect Data Manager:
a. From the PowerProtect Data Manager UI, select Infrastructure > Storage. b. Select the DD system to remove. c. Click Delete.
8. Add the DD back to PowerProtect Data Manager.
9. Enable server DR backups.
Preparing for and Recovering From a Disaster 111
Troubleshooting NFS backup configuration issues
The following sections provide a list of error messages that might appear when you configure a server DR backup configuration that uses NFS.
DD storage unit mount command failed with error: 'Cannot mount full path: Access is denied'
This error message appears when an NFS export does not exist on the DD system for the full path to the server DR storage unit. This error message also appears when the redeployed virtual appliance was not added as a client for access to the NFS export.
To resolve this issue, ensure that you have configured an NFS export for the full path of the DD Boost storage unit and that the appliance is an Export client.
DD storage unit mount command failed with error: 'Cannot resolve FQDN: The name or service not known'
This error message appears when PowerProtect Data Manager cannot contact the DD system by using the specified FQDN. To resolve this issue, ensure that you can resolve the FQDN and IP address of the DD system.
Troubleshoot recovery of PowerProtect Data Manager
When the FQDN of the recovery site is different from the FQDN of the primary site, a mount error might occur and the recovery process requires a few extra steps.
About this task
If a mount error occurs during recovery, follow this work-around procedure.
Steps
1. On the DD system where the backup is located, delete the replication pair and mount it for PowerProtect Data Manager.
2. When recovery is complete, on PowerProtect Data Manager, regenerate the certificates using the following command.
sudo -H -u admin /usr/local/brs/puppet/scripts/generate_certificates.sh -c 3. Restart the system and select the URL of the primary PowerProtect Data Manager system.
The https://PowerProtect Data Manager IP/#/progress page appears and recovery resumes.
4. Log in to the primary PowerProtect Data Manager. The PowerProtect Data Manager VM vCenter console shows an error, which you can ignore.
5. Open the primary PowerProtect Data Manager using the original IP address and log in.
Results
Recovery is complete.
Recover a failed PowerProtect Data Manager restore
Steps
1. Deploy a new PowerProtect Data Manager virtual appliance.
The PowerProtect Data Manager Deployment Guide for the appropriate platform provides instructions.
2. Contact Customer Support.
112 Preparing for and Recovering From a Disaster
Disable server DR backups
Some maintenance procedures may require you to disable server DR backups during the procedure. Use this task only when referenced elsewhere.
Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
2. Click , select Disaster Recovery, and then click Configuration.
3. Record the existing server DR settings on the Configuration page.
4. Deselect Enable backup.
5. Click Save.
Next steps
After completing the maintenance procedure, re-enable server DR backups. Manually configure server DR backups provides instructions.
Quick recovery for server DR After a disaster, the quick recovery feature enables you to restore assets and data that you replicated to a destination system at a remote site.
NOTE: Quick recovery does not re-create the original backup environment and source system which protected the restored
assets. Thus, quick recovery is not a substitute for a server DR restore. To continue backing up the restored assets at the
remote site, add the restored assets to a protection policy on the destination system.
Quick recovery is supported for the protected assets of the following PowerProtect Data Manager asset sources:
Virtual machines Kubernetes File system
Quick recovery sends metadata from the source system to the destination system, following the flow of backup copies. This metadata makes the replication destination aware of the copies and enables the recovery view. You can recover your workloads at the remote site before you have the opportunity to restore the source PowerProtect Data Manager system.
For example, the following figures show two sites that are named A and B, with independent PowerProtect Data Manager and DD systems for protection storage. Each site contains unique assets. Figure Separate datacenters, before disaster shows the initial configuration with both sites replicating copies to each other. Figure Separate datacenters, after disaster shows the aftermath, with site A down. The site A assets have been restored with quick recovery into the site B environment from the replicated copies.
Preparing for and Recovering From a Disaster 113
Figure 3. Separate datacenters, before disaster
114 Preparing for and Recovering From a Disaster
Figure 4. Separate datacenters, after disaster
PowerProtect Data Manager supports quick recovery for alternate topologies. You can configure quick recovery for one-to- many and many-to-one replication. For example, the following figure shows a source PowerProtect Data Manager replicating to a standby DD system with its own PowerProtect Data Manager, all in the same data center. If the source system fails, the quick recovery feature ensures that you can still restore from those replicated copies before you restore the source.
Preparing for and Recovering From a Disaster 115
Figure 5. Standby DD system
The following topics explain the prerequisites, how to configure PowerProtect Data Manager to support quick recovery, and how to use the recovery view to restore assets.
Quick recovery prerequisites
Before you configure quick recovery, complete the following items: Ensure that the source system and the destination system can ping each other using the same method: hostname or IP
address. Ensure that the version of PowerProtect Data Manager is the same for both the source system and the remote (destination)
system. Attach at least two protection storage systems to the source system: one for local protection storage and one for
replication. Register asset sources with the source system and configure protection policies to protect those assets. Configure protection policies to replicate backup copies to the protection storage system at the remote site. Back up the protected assets and confirm that backup data successfully replicates to the destination protection storage
system. Ensure that the replication protection storage is discovered in the remote (destination) system. Add and enable the asset source on the remote PowerProtect Data Manager instance.
116 Preparing for and Recovering From a Disaster
For agent quick recovery operations, ensure that the agent version on the destination client is 19.9 or later. For Kubernetes quick recovery operations, ensure that the same Kubernetes cluster is not managed by more than one
PowerProtect Data Manager instance.
Before you use the quick recovery remote view, add the destination system to the list of remote systems on the source.
Identifying a remote system
Remote systems added to PowerProtect Data Manager for quick recovery can be identified using either a fully qualified domain name (FQDN) or an Internet protocol (IP) address. If the incorrect identification is used, quick recovery fails with a certificate error.
If a remote system is already identified in the PowerProtect Data Manager certificate list, it must be added to PowerProtect Data Manager for quick recovery with the same identification.
If you always use either FQDNs or IP addresses for all remote systems, do the same for quick recovery.
If a certificate entry for the remote system exists, you must use the same identification when adding it for quick recovery. If you are unsure if a remote system you want to add for quick recovery is already in the PowerProtect Data Manager certificate list, perform the following steps:
Log in to the console as the root user. Type keytool -list -keystore.
Review the output and look for a certificate entry that corresponds to either the FQDN or IP address of the remote system.
Add a remote system for quick recovery
Configure PowerProtect Data Manager to send metadata to another system to which you have replicated backups. Only the Administrator role can add remote systems.
Steps
1. Click , select Disaster Recovery, and then click Remote Systems.
The Remote Systems tab opens and displays a table of configured remote PowerProtect Data Manager systems.
2. Click Add. The Add Remote PowerProtect System window opens.
3. Complete the Name and FQDN/IP fields.
The Name field is a descriptive name to identify the remote system. To determine if you should enter the FQDN or IP address of the remote system, see Identifying a remote system.
4. In the Port field, type the port number for the REST API on the remote system.
The default port number for the REST API is 8443.
5. From the Credentials field, select an existing set of credentials with the Administrator role from the list.
Alternatively, you can click Add Credentials from this list to add new credentials with the Administrator role. Provide a descriptive name for the credentials, a username, and a password. Then, click Save to store the credentials.
6. Click Verify.
PowerProtect Data Manager contacts the remote system and obtains a security certificate for identity verification.
The Verify Certificate window opens to present the certificate details.
7. Review the certificate details and confirm each field against the expected value for the remote system. Then, click Accept to store the certificate. The Certificate field changes to VERIFIED and lists the server's identify.
8. Click Save. PowerProtect Data Manager returns to the Remote Systems tab of the Disaster Recovery window. The configuration change may take a moment to complete.
9. Click Cancel. The Disaster Recovery window closes.
10. Click , select Disaster Recovery, and then click Remote Systems.
The Remote Systems tab opens.
Preparing for and Recovering From a Disaster 117
11. Verify that the table of remote systems contains the new PowerProtect Data Manager system.
12. Click Cancel. The Disaster Recovery window closes.
Next steps
On the remote system, enable the same asset sources that are enabled on this system. Enable an asset source provides more information. Enabling an asset source on the remote system makes replicated backups of that type visible and accessible.
On the remote system, open the recovery view and verify that backups are visible and accessible. It is recommended that you perform a test restore.
Metadata synchronizes between source and destination systems every three hours. If backups are not visible, allow sufficient time for the first synchronization before troubleshooting.
Edit a remote system
You can use the PowerProtect Data Manager user interface to change the descriptive name of the remote system, as well as the REST API port number and credentials. You can also enable or disable synchronization with the remote system. Only the Administrator role can edit remote systems.
Steps
1. Click , select Disaster Recovery, and then click Remote Systems.
The Remote Systems tab opens and displays a table of configured remote PowerProtect Data Manager systems.
2. Locate the row that corresponds to the appropriate remote system, and then select the checkbox for that row. The PowerProtect Data Manager enables the Edit button.
3. Click Edit. The Edit Remote PowerProtect System window opens.
4. Modify the appropriate parameters, and then click Save.
To enable or disable synchronization, select or deselect Enable sync. If you change the port number, you may need to re-verify the remote system security certificate.
PowerProtect Data Manager returns to the Remote Systems tab of the Disaster Recovery window. The configuration change may take a moment to complete.
5. Click Cancel. The Disaster Recovery window closes.
Quick recovery remote view
Use the remote view to work with replicated copies on the destination system after the source is no longer available. For example, to restore critical assets before you are able to restore the source system.
On the destination system, log in as a user with the Administrator role. The remote server contains an additional Remote
Systems icon in the banner.
When you click Remote Systems, PowerProtect Data Manager presents a drop-down that contains the names of the local system and any connected systems. Each entry has the identifying suffix (Local) or (Remote).
Select the source system from which you have replicated backups. PowerProtect Data Manager opens the remote view and presents a subset of the regular UI navigation tools:
Restore Assets Shows replicated copies. Running Sessions Allows you to manage and monitor Instant Access sessions.
Alerts Shows alert information in a table, including audit logs. Jobs Shows the status of any running restore jobs.
Each tool has the same function as for the local system. However, since the remote view is intended only for restore operations, the scope is limited to the replicated copies from the selected source system. While in remote view, a banner identifies the selected system.
118 Preparing for and Recovering From a Disaster
NOTE: For virtual machines, the quick recovery restore workflow does not include the Restore VM Tags option to restore
vCenter tags and categories from the backup.
Use Restore > Assets to locate copies. The instructions for restoring each type of asset provide more information about restore operations.
When the recovery is complete, click Remote Systems and select the name of the local system to exit remote view.
Overview of PowerProtect Data Manager Cloud Disaster Recovery The Cloud Disaster Recovery (DR) feature enables you to utilize a cloud DR site by deploying the Cloud DR Server in the public cloud. You can use the PowerProtect Data Manager UI for the purpose of running VM protection and DR workflows in the cloud.
Examples of Cloud DR workflows include the following:
Cloud DR site copy managementSet the Cloud DR site by creating a VM protection policy in the PowerProtect Data Manager UI.
VM copy failover validationBefore a disaster occurs, you can validate the failover of a VM copy to the cloud within PowerProtect Data Manager by running a DR test and then monitoring the test progress.
Fail over a production VMYou can fail over a production virtual machine within PowerProtect Data Manager by running a DR failover operation and then verifying that the restored VM appears within Amazon Web Services (AWS) or Microsoft Azure cloud.
Restore a production VMYou can restore virtual machines from copies that are stored in the cloud account (Amazon Web Services (AWS) or Microsoft Azure cloud) directly to vCenter. Restore operations are performed on one virtual machine at a time. You must manually select the target vCenter server.
The PowerProtect Data Manager Cloud Disaster Recovery Administration and User Guide provides more information about Cloud DR workflows within PowerProtect Data Manager.
Preparing for and Recovering From a Disaster 119
Managing Alerts, Jobs, and Tasks
Topics:
Configure Alert Notifications View and manage alerts View and manage Audit Logs Monitoring jobs and tasks Restart a job or task manually Restart a job or task automatically Resume misfire jobs after a PowerProtect Data Manager update Cancel a job or task Exporting logs Limitations for alerts, jobs, and tasks
Configure Alert Notifications The Alert Notifications window of the PowerProtect Data Manager UI enables you to configure email notifications for PowerProtect Data Manager alerts.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Alerts, and then select the Alert Notifications tab.
The Alert Notifications window appears with a table that displays the details for existing notifications.
2. Click Add.
The Add Alert Notification dialog appears. NOTE: The Add button is disabled until you set up the email server. To add an alert notification, set up the email server
in System Settings > Support > Email Setup. Set up the email server provides more information.
3. In the Name field, type name of the individual or group who will receive the notification email.
4. In the Email field:
a. Specify the email address or alias to receive notifications. This field is required in order to create an alert notification. Separate multiple entries with a comma.
b. Click Test Email to ensure that a valid SMTP configuration exists.
5. From the Category list, select the notification category.
6. From the Severity list, select the notification severity.
7. In the Duration field, specify how often the notification email will be sent out. For example, you can set the duration to 60 minutes in order to send out a notification email every 60 minutes. If you set the duration to 0, PowerProtect Data Manager does not send out an email notification.
8. In the Subject field, optionally type the subject that you would like to attach to the notification email.
9. Click Save to save your changes and exit the dialog.
Results
The Alert Notifications window updates with the new alert notification. At any time, you can Edit, Delete, or Disable the notification by selecting the entry in the table and using the buttons in this window.
9
120 Managing Alerts, Jobs, and Tasks
View and manage alerts Alerts enable you to track the performance of data protection operations in PowerProtect Data Manager so that you can determine whether there is compliance to service level objectives. With the Administrator, Backup Administrator, Restore Administrator, or User role, you can access the alerts from the Alerts window. However, only some of these roles can manage alerts.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Alerts.
You can also click the icon in the top banner, and then click the links to view unacknowledged alerts of all statuses (critical, warning, and informational), or only the unacknowledged critical alerts.
NOTE: Clicking the New tag displays only the unacknowledged alerts that have been generated within the last 24 hours.
The number that appears next to the is the total number of unacknowledged critical alerts over the last 24 hours.
The Alerts window displays.
2. Select the System tab. A table with an entry for each applicable alert displays.
By default, only unacknowledged critical alerts from the last 24 hours display, unless you selected to view all
unacknowledged alerts from the links under the icon.
If filter tags have already been applied, the window displays these filter tags. Click X next to any of these filter tags to clear a filter, and the table view updates with the applicable selections. You can sort the alerts in the table by Severity (Critical, Warning, Informational), Date, Category, or Status (Acknowledged or Unacknowledged).
3. Select the time (last 24 hours, last 3 days/7 days/30 days), a specific date, or a time range for the alerts that you want to view. You can also select All Alerts from this list to display information for all alerts that match the filter tags.
4. Optionally, clear the Show only unacknowledged alerts checkbox if you want to view both acknowledged and unacknowledged alerts. If you clear this checkbox, the Unacknowledged filter tag is also cleared.
5. To view more details about a specific entry, click next to the entry in the table.
6. For the following steps, log in to the PowerProtect Data Manager UI with an account that has the Administrator, Backup Administrator, or Restore Administrator role.
7. To acknowledge one or more alerts, select the alerts and then click Acknowledge.
8. To add or edit a note for the alert, click Add/Edit Note, and when finished, click Save.
9. To export a report of alert information to a .csv file which you can download for Excel, click Export All.
NOTE: If you apply any filters in the table, exported alerts include only those alerts that satisfy the filter conditions.
View and manage Audit Logs Audit logs enable you to view specific information about jobs that are initiated in PowerProtect Data Manager so that you can determine compliance to service level objectives. You can access the audit logs from the Administration > Audit Logs window.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Administration > Audit Logs.
The Audit Logs window displays audit information in a table.
2. (Optional) Sort and filter audit information:
To filter audits by Audit Type, Changed By, or Object Changed, click . To sort audits by Changed At, Audit Type, Changed By, or Object Changed, click a column heading. To filter audits based on a search string, type a keyword in the Search field.
3. To view more details about a specific entry, click next to the entry in the table.
Review the information for the audit log.
Managing Alerts, Jobs, and Tasks 121
Optionally, add a note for this audit log in the Notes field.
4. To export an audit log report to a .csv file which you can download as an Excel file, click Export All.
NOTE: If you apply any filters in the table, exported audit logs include only those logs that satisfy the filter conditions.
5. To change the retention period for audit logs, click Set Boundaries, select the number of days from the Days of Retention menu, and then click Save.
Monitoring jobs and tasks Use the Protection Jobs, Asset Jobs and System Jobs windows in the PowerProtect Data Manager UI to monitor the status of certain data protection, system, and maintenance jobs and to view details about failed, in progress, or recently completed jobs. To perform analysis or troubleshooting, you can view a detailed log of a failed job or task. Jobs are categorized as protection jobs, asset jobs, or system jobs.
For protection and system jobs, you can also view details for a job group in addition to individual jobs and tasks. When you click the job ID next to the job entry, the Job ID Summary window displays the information for only this job group, job, or task, so that you can monitor the status of individual jobs and tasks, view job and task details, and perform certain operations on jobs and tasks.
Use the filtering and sorting options in each window to find specific jobs or tasks, and to organize the information that you see. Filter, group, and sort jobs provides more information.
NOTE: The Jobs windows have been optimized for a screen resolution of at least 1920 x 1080 pixels with 100% scaling.
Display issues might occur for smaller screens. Set your screen resolution to at least 1920 x 1080 pixels with 100% scaling.
Monitor and view jobs and assets
Use the Protection Jobs, Asset Jobs and System Jobs windows to monitor and view status information for PowerProtect Data Manager operations.
Within these windows, you can export job records and asset activities by using the Export All functionality.
Protection jobs
To view protection jobs and job groups, from the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs.
The Protection Jobs window opens to display a list of protection jobs and job groups.
Protection jobs include:
Cloud Tier Cloud Protect Consolidated Cloud Snapshot Manager jobs
NOTE: This job type does not apply to SAP HANA databases.
Export Reuse Protect Replicate Restore
You can monitor and view detailed information for both centralized and self-service backup and restores of database application assets.
NOTE: The Cancel and Retry options are not available for self-service jobs that are created by database application
agents.
For application assets, the Protect, Restore, and Replicate job types can be monitored at the host or individual asset level. For all other asset types, the Protect and Replicate job types can be monitored at the host or individual asset level.
122 Managing Alerts, Jobs, and Tasks
Asset jobs
The Asset Jobs window allows you to view all jobs for a specific asset or application agent host, and to view the history of protection activities at the asset/agent host level.
To view information about assets for which jobs have been run, from the PowerProtect Data Manager UI left navigation pane, select Jobs > Asset Jobs.
The Asset Jobs window opens to display a list of assets. For application agent assets, you can also view the associated host. You can filter by asset/host name or by job type.
Examples of asset job types include:
Application Host Configuration Cloud Copy Recover Cloud Disaster Recovery Cloud Protect Cloud Tier Config Delete Disaster Recovery Export Reuse Manage Notify Protect Push Update Replicate Restore System Validate
NOTE: The PowerProtect Data Manager UI Dashboard additionally provides details for any successful, partially successful,
failed and canceled jobs at the asset/host level.
System jobs
To view system jobs and job groups, from the PowerProtect Data Manager UI left navigation pane, select Jobs > System Jobs.
The System Jobs window opens to display a list of system jobs and job groups.
System jobs include:
Config Console Delete Disaster Recovery Cloud Disaster Recovery Cloud Copy Recovery Discovery Manage Notify System Validate
System jobs can be monitored at the job group or job level.
Job information
The main Protection Jobs and System Jobs windows lists basic job information.
The following information is available in the Protection Jobs and System Jobs windows.
Managing Alerts, Jobs, and Tasks 123
Table 30. Job information
Column Description
Job ID The unique and searchable identifier for the job.
Status Indicates the current state of the job. A job can be in one of the following states: Success Completed with Exceptions Failed Canceled Unknown Skipped Running Queued Canceling
For jobs that do not have a Success status, a count of jobs is shown next to the status.
Description Description of the job.
Policy Name Name of the protection policy that started the job.
Assets Number of individual assets or tasks within the job group.
Job Type Type of protection job or system job.
Asset Type Type of asset.
Start Time Date and time that the job is scheduled to begin.
End Time Date and time that this job completed. This column is not shown by default. To see a complete list of filtering and sorting columns,
click .
Duration Overall duration of the job. This column is not shown by default. To see a complete list of filtering and sorting columns,
click .
View details for protection jobs
In the Job ID Summary window for protection jobs, you can view details and status of specific jobs. For application protection jobs, you can view details and status of specific jobs and assets. This information can be helpful when troubleshooting to determine whether one or more assets caused a job to fail.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs.
2. Click the job ID next to the job name.
The Job ID Summary window opens and lists all jobs as entries in the table.
You can filter, group, and sort the information that appears in the window. Filter, group, and sort jobs provides more information.
The policy name, job type, and asset type appear at the top of the Job ID Summary window.
The overall job group metrics and details also appear, as shown in the following figure.
124 Managing Alerts, Jobs, and Tasks
Figure 6. Job Metrics and Job Details
The Job Metrics section displays the number of assets, the total size of the data transferred, and the overall duration of the job group. The total duration of jobs within the job group is shorter than the duration indicated in the job metrics. When you restart a protection job that is part of a completed job group, the duration that is indicated in the job metrics does not include the time that is elapsed between when the job group completed and when the job was restarted. In addition, it does not include the time that it takes for the retried job to run.
The Job Details section displays more specific information such as the job start and end time, the protection storage target, the average data transfer rate, the amount of data changed since the last protection job, the average throughput, and the rate of compression applied. For restore jobs of Microsoft SQL Server databases, some fields are either not applicable or set to zero.
Job metrics and details do not display or might be incomplete for job groups that contain Oracle database assets.
Click Hide Summary to hide job metrics and details, or click Show Summary to view job metrics and details.
When you hover over a job, the Job ID Summary displays a message for the job to indicate its progress. Depending on the job and if any issues are detected, one of the following statuses is shown:
No reported issuesNo issues affecting the job.
Timeout issuesTimeout issues might be affecting the job.
Connectivity issuesNetwork connectivity issues might be affecting the job.
Stats stall issuesProgress for this job is stalled.
The Job ID Summary window provides summary data for specific jobs and assets in a table view. For grouped assets, the host-level entry indicates the sum of the values of a given metric for every asset on the host.
The following table describes the columns that might appear in the window. Not all columns appear in the Job ID Summary window of every asset type.
Managing Alerts, Jobs, and Tasks 125
Table 31. Job ID Summary window details
Column Description
Details Click in the Details column to view job statistics and summary information.
Asset Name of the job for the asset.
Status Indicates the current state of the job. A job can be in one of the following states: Success Completed with Exceptions Failed Canceled Unknown Skipped Running Queued Canceling
Size Size of job for the asset.
Data Transferred Total data that is transferred to storage.
Reduction % Total reduction percentage of storage capacity for the job.
Start Time Date and time that the job is scheduled to begin.
End Time Date and time that this job completed.
Error Code If the job did not successfully complete, a numeric error code appears. To view a detailed explanation, double-click the error code.
Host/Cluster/Group Name The hostname, cluster, or group name that is associated with the asset.
Duration Overall duration of the job. This column only appears for Protect and Replicate job types for application assets.
Asset Size Total size of the asset in bytes.
Data Compressed Capacity that is used after client compression of the data in bytes. This column only appears for Protect and Replicate job types for application assets.
Download log Detailed log for an asset or task that you can export and download.
3. To view job details and summary information, click in the Details column next to the job, or expand the entry for the job
group by clicking .
For grouped assets, the Job ID Summary window lists the individual jobs for each asset within the job group.
The right pane appears and displays the following information about the job or task:
Step LogDisplays a list of steps that have been completed for the job or task, and indicates the amount of time that was required to complete each step.
DetailsDisplays statistics and summary information, such as the start time and end time, asset size, duration, and so forth.
ErrorDisplays error details for failed jobs. CanceledDisplays details for canceled jobs. SkippedDisplays details for skipped jobs. UnknownDisplays details for jobs with an unknown status.
View details for asset jobs
In the right pane of the Asset Jobs window, you can view details and status information for assets that have been included in active, completed or failed PowerProtect Data Manager jobs. This information can be helpful when tracking the progress of a job, or when troubleshooting to determine why the configuration or protection of a particular asset was unsuccessful.
126 Managing Alerts, Jobs, and Tasks
About this task
If a job is in progress or has been performed for an asset within the last 45 days, the asset appears with a link in the Infrastructure > Assets window. When clicked, this link opens the Jobs > Asset Jobs window.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Asset Jobs. By default, the table displays a list of assets for which jobs have been run in the last 24 hours.
The following table describes the asset job details that might appear, depending on which columns have been customized.
Table 32. Asset Jobs window details
Column Description
Asset Name of the asset in the protection job.
Host For application agent assets, the hostname that is associated with the asset.
Status Indicates the current state of the job. A job can be in one of the following states: Success Completed with Exceptions Failed Canceled Unknown Skipped % (indicating the progress of the job) Queued Canceling
Policy Name The protection policy that contains this asset
Job Type Supported asset job types include Config, Protect, Replicate, Restore, and Cloud Tier
Asset Type Indicates the specific type of asset. For example, VMware Virtual Machine.
Start Time Date and time that the job is scheduled to begin.
Duration Overall duration of the job.
Details Select the row of the asset to open the Details tab in the right pane, where you can view statistics and summary information.
Step Log From the right pane, select the Step Log tab to view a list of steps that ave been completed for the asset job, along with the amount of time that was required to complete each step.
Errors If the job did not complete successfully, select the row of the asset to open the Errors tab in the right pane, where you can view any errors along with a numeric error code.
2. Optionally, customize the asset jobs that display:
a. Select a different time period or specify a time range by clicking the Start Time box. b. Use the filter in each column to display only assets that match the search criteria. c. Click a status in the window's summary information to view only assets with a particular job status. d. Sort the information by clicking the up and down arrows within each column.
When the view is customized, the time range, search filter and status filter persist in the PowerProtect Data Manager UI until the filters are cleared. Filter, group, and sort jobs provides more information.
3. Select the row of the asset job.
A pane to the right of the window opens to display specific asset details in one tab, and a step log that shows the steps and progress of the asset job in another tab, as shown in the following figure. Any errors that occurred if the asset job failed or completed with exceptions will also display under a tab in this pane. At any time, click the horizontal arrow icon at the top of the pane to hide or show the details.
Figure 7. Asset details, step log, and errors
Managing Alerts, Jobs, and Tasks 127
4. If the job failed, was canceled, or completed with exceptions, and is eligible for restarting, select the radio button next ot the asset and click Restart.
5. To export the step log for an asset job, select the radio button next to the asset job and click Export Log, or click Export All to create a .CSV file for all asset jobs.
View details for system jobs and tasks
In the Job ID Summary window for system jobs, you can view details and status of specific jobs and tasks. This information can be helpful when troubleshooting to determine whether one or more jobs or tasks caused a job to fail.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > System Jobs.
2. Click the job ID next to the job name.
The Job ID Summary window opens to display a list of all system jobs or tasks.
You can filter, group, and sort the information that appears in the window. Filter, group, and sort jobs provides more information.
For jobs and tasks, a table appears at the bottom of the window. The success or failure of individual tasks is indicated in the Status column. If a failed job or task requires action, a status of Critical appears.
You can view job status and summary information for scheduled discovery of application assets and application systems. If a discovery job fails, PowerProtect Data Manager displays error details and steps to resolve the issue. An alert is also generated in the Alerts window.
When you hover over a job or task, the Job ID Summary displays a message for the job to indicate its progress. Depending on the job and if any issues are detected, one of the following statuses is shown:
No reported issuesNo issues affecting the job.
Timeout issuesTimeout issues might be affecting the job.
Connectivity issuesNetwork connectivity issues might be affecting the job.
Stats stall issuesProgress for this job is stalled.
The Job ID Summary window provides summary data for specific jobs and tasks in a table view. The following table describes the columns that might appear in the window. Not all columns will appear in the Job ID Summary window of every asset type.
Table 33. Job ID Summary window details
Column Description
Details Click in the Details column to view job or task statistics and summary information.
Task Name Name of the task.
Status Indicates the current state of the job or task. A job or task can be in one of the following states: Success Completed with Exceptions Failed Canceled Unknown Skipped Running Queued Canceling
Asset Name of the asset.
Start Time Date and time that the job or task is scheduled to begin.
Duration Overall duration of the job or task.
Data Transferred Total data that is transferred to storage.
128 Managing Alerts, Jobs, and Tasks
3. To view job or task details and summary information, click in the Details column next to the individual job or task.
The right pane appears and displays the following information about the job or task:
Step LogDisplays a list of steps that have been completed for the job or task and indicates the amount of time that was required to complete each step.
DetailsDisplays statistics and summary information, such as the start time and end time, asset size, duration, and so forth.
ErrorDisplays error details for failed jobs. CanceledDisplays details for canceled jobs. SkippedDisplays details for skipped jobs. UnknownDisplays details for jobs with an unknown status.
Filter, group, and sort jobs
The Protection Jobs, Asset Jobs, and System Jobs windows provide options to filter, group, and sort the information that appears.
Filter jobs by status
Use the quick filters at the top of the window to filter jobs by status. By default, all jobs are shown regardless of status. To display only jobs with a specific status, at the top of the window, select one of the following options:
Failed Completed with Exceptions Success Canceled In Progress
In Progress jobs include Running, Queued, and Canceling jobs.
When you select a quick filter to filter jobs by a certain status, the window displays the filter above the table. To stop filtering by the selected status, click x.
Filter jobs by start time
Use the Start Time filter to display jobs that started in a specified period. Jobs are retained for a maximum of 45 days. Select from one of the following options:
All jobs Last 24 hours Last 3 days Last 7 days Last 30 days Specific date Custom date range
Group jobs
In the Protection Jobs and System Jobs windows, select a job to display its Job ID Summary window. The Group by feature in the Job ID Summary window provides options to group assets within a protection job.
The following asset types support the Group by feature:
Microsoft SQL Server databases Microsoft Exchange Server databases Oracle databases File Systems SAP HANA databases Kubernetes clusters
Managing Alerts, Jobs, and Tasks 129
Network-attached storage (NAS) shares VMware Virtual Machines
To group assets in a protection job, in the Job ID Summary window for the job, select an option from the Group By drop-down list. To display all assets, select Group by > None. For example, to group virtual machine assets by ESX host, click Group by > ESX Host.
The following table lists the available Group by options:
Table 34. Group by options
Asset type Options
Microsoft SQL Server database SQL Host
SQL Instance
Oracle database Oracle Host
Oracle Instance
File System File System Host
File System Host OS
Microsoft Exchange Server database Exchange Host
SAP HANA database SAP HANA Host
Kubernetes Kubernetes Cluster
Kubernetes Namespace
NAS NAS Server
NAS Appliance
VMware Virtual Machine Datastore
ESX Host
Virtual Datacenter
VM Guest OS
VMware Cluster
NOTE: Currently, the Group by filter is only available for the Protect job types.
Search filter
Use the Search field to filter jobs based on a search string. When you type a keyword in the Search field, the PowerProtect Data Manager UI filters the results as you type. To clear the search filter, remove all keywords from the Search field.
Filter and sort information in tables
You can filter and sort the information that appears in table columns. Click in the column heading to filter the information in a table column, or click a table column heading to sort that column.
To see a complete list of filtering and sorting columns, click . Depending on the type of job, the available filtering and sorting columns might differ.
The following filtering and sorting options are available for jobs and tasks:
130 Managing Alerts, Jobs, and Tasks
Table 35. Protection, Asset ,and System Jobs windows
Filtering options Sorting options
Filter jobs or tasks by Job ID, Status, Description, Policy Name, Job Type, End Time, and Asset Type.
Sort jobs or tasks by Job ID, Description, Policy Name, Job Type, Asset Type, Start Time, and End Time.
Table 36. Job ID Summary window for protection jobs
Filtering options Sorting options
Filter jobs by Asset, Status, Error Code, Start Time, or End Time. For application assets, you can also filter jobs by Host/ Cluster/Group Name.
NOTE: For application assets, these options are only available when you select Group by > None.
Sort jobs by Asset, Status, Error Code, Size, Data Transferred, Reduction %, Start Time, End Time, or Duration. For application assets, you can also sort jobs by Host/ Cluster/Group Name.
NOTE: For application assets, these options are only available when you select Group by > None.
Table 37. Job ID Summary window for system jobs
Filtering options Sorting options
Filter jobs or tasks by Task Name, Status, Asset, or Start Time.
Sort jobs or tasks by Task Name, Status, Asset, Start Time, Duration, or Data Transferred.
Restart a job or task manually You can manually restart a failed virtual machine backup.
About this task
When you click Restart, the job or task restarts immediately, regardless of the scheduled activity window. NOTE:
If a policy with both protection and Cloud Data Recovery objectives fails, the Cloud Data Recovery job is canceled and
cannot be restarted.
Cloud Native Entity jobs cannot be restarted.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs, Jobs > Asset Jobs, or Jobs > System Jobs.
The window displays all completed and running jobs.
2. To restart a failed job or job group, select the failed job or job group from the list, and then click Restart. If the job is ineligible for restart, the button will be grayed out.
3. To restart a failed system or protection job or task from the Job ID Summary window:
a. Click the job ID next to the name of the job or job group.
The Job ID Summary window opens to display a list of all jobs or tasks.
b. Select the job or task from the list, and then click Restart.
Results
After the job or task has been restarted, the status indicates Running or Queued. NOTE: When you restart a protection job that is part of a completed job group, the duration indicated in the Job Metrics
includes the time that elapsed between when the job group completed and when the job was restarted, in addition to the
time it takes for the retried job to run.
Managing Alerts, Jobs, and Tasks 131
Restart a job or task automatically If a backup job fails or one of the tasks within the job fails, you can enable automatic restart of the failure by configuring auto retry in the entrypoint.sh file. Auto retry can be useful in situations where the failure is due to an intermittent issue, such as a network or service interruption.
Prerequisites
In PowerProtect Data Manager, some services that are required for auto retry, such as the workflow service, have been moved into a docker container. In order to enable auto retry, ensure that the workflow service is running in a docker.
About this task
Auto retry is only supported for daily, weekly, or monthly schedules for virtual machine and File System agent protection operations.
Steps
1. Log in to the PowerProtect Data Manager server by using SSH.
2. Copy the entrypoint.sh file from the workflow container by typing the following:
docker cp workflow:/workflow/bin/entrypoint.sh . 3. Configure auto retry by adding a line to entrypoint.sh:
a. Type vi entrypoint.sh b. Before the last line in the output, -jar /${APP_NAME}/lib/workflow-manager.jar), add the following:
-Denable.auto.retry.scheduler=true \ NOTE: Auto retry is disabled by default. After adding this line, if you want to disable this setting at any point, change
the entry to -Denable.auto.retry.scheduler=false \
4. Optionally, add the following application properties to the file to specify a maximum number of auto retries and a time interval at which subsequent auto retry attempts will occur:
-Dfailed.job.retry.max.count=2 \ -Dfailed.job.retry.interval=PT30M \
NOTE: The values specified above are the recommended default values. Auto retries will only occur during the activity
window. If you perform a manual retry in the PowerProtect Data Manager UI, this retry will not count towards the auto
retry max count.
For the interval duration, the value must be specified in ISO-8601 format.
5. Save the entrypoint.sh file to the workflow container by typing the following:
docker cp entrypoint.sh workflow:/workflow/bin/ 6. Restart the workflow service by using one of the following methods:
Type docker container restart workflow NOTE: For the configuration to be applied successfully using this method, you can only restart the container. If you
restart your workflow service or your PowerProtect Data Manager operating system, the configuration will be lost.
Type the following to save the docker image and restart the workflow service. For example:
docker commit workflow dpd/ppdm/ppdmc-workflow:PowerProtect Data Manager version workflow restart where PowerProtect Data Manager version is the PowerProtect Data Manager version that is deployed on your system.
You can use this method to permanently apply the configuration change after restoring the docker image.
Results
After configuration, the workflow service is scheduled to run every 30 minutes to determine if any jobs or tasks have failed. If a restart occurs, the status indicates Running or Queued. To view whether a failed job or task has restarted, go to the Jobs window in the PowerProtect Data Manager UI and select Running or Queued.
132 Managing Alerts, Jobs, and Tasks
Resume misfire jobs after a PowerProtect Data Manager update During an update, the PowerProtect Data Manager system enters maintenance mode. Any job that is not in queue and is scheduled to run during the time that the PowerProtect Data Manager system is in maintenance mode will be missed. These missed jobs are known as misfires. As of this release, PowerProtect Data Manager uses the Quartz Scheduler to resume scheduled workflows when the service recovers or when the schedule resumes.
About this task
The trigger and firing data of jobs are stored in a database application. If the schedule service is down, such as during an update, the Quartz Scheduler recovers this data and resumes the jobs when the PowerProtect Data Manager system is operational again.
NOTE: In the current release, this feature is enabled by default.
You can enable or disable the misfire feature by configuring the entrypoint.sh file.
Steps
1. Log in to the PowerProtect Data Manager server by using SSH.
2. Copy the entrypoint.sh file from the scheduler container by typing the following:
docker cp scheduler:/scheduler/bin/entrypoint.sh . 3. Configure the misfire conditions in the entrypoint.sh file:
NOTE: Before the last line in the output, -jar /${APP_NAME}/lib/scheduler-core.jar), add the lines for
each misfire condition.
a. To enable misfire and trigger each job once, add the following properties and corresponding values:
-Dspring.quartz.properties.misfire.cron.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION_FIR E_AND_PROCEED \
NOTE: This condition is enabled by default.
-Dspring.quartz.properties.misfire.calendar.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION _FIRE_AND_PROCEED \
b. To enable misfire and trigger each job as many times as misfire happens, add the following properties and corresponding values:
-Dspring.quartz.properties.misfire.cron.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION_IGN ORE_MISFIRES \ -Dspring.quartz.properties.misfire.calendar.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION _IGNORE_MISFIRES \
c. To disable misfire, add the following properties and corresponding values:
-Dspring.quartz.properties.misfire.cron.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION_DO_ NOTHING \ -Dspring.quartz.properties.misfire.calendar.strategy=WITH_MISFIRE_HANDLING_INSTRUCTION _DO_NOTHING \
4. Save the entrypoint.sh file to the scheduler container by typing the following:
docker cp entrypoint.sh scheduler:/scheduler/bin/ 5. Restart the scheduler service by using one of the following methods:
Type docker container restart scheduler NOTE: For the configuration to be applied successfully using this method, you can only restart the container. If you
restart your scheduler service or your PowerProtect Data Manager operating system, the configuration will be lost.
Type the following to save the docker image and restart the scheduler service:
docker commit scheduler dpd/ppdm/ppdmc-scheduler:PowerProtect Data Manager version
Managing Alerts, Jobs, and Tasks 133
scheduler restart where PowerProtect Data Manager version is the PowerProtect Data Manager version that is deployed on your system.
You can use this method to permanently apply the configuration change after restoring the docker image.
NOTE: Ensure that the PowerProtect Data Manager version specified in the commit command matches the
PowerProtect Data Manager version that is deployed on your system.
Cancel a job or task From the PowerProtect Data Manager UI, you can cancel a backup or restore that is still in progress, or any asset protection and replication activities when the tasks are queued.
About this task
NOTE: The Cancel operation is available for the following supported jobs and tasks only:
Backup and restore of:
Virtual machine assets
Kubernetes assets
NAS assets
File System assets
Microsoft SQL Server assets
Server DR
Cloud DR
Backup (only) of:
Microsoft Exchange Server assets
Oracle assets
SAP HANA assets
Transaction logs of application-aware asset backups
Replication
Compliance
Copy deletion
Compliance verification
Auto promotion to full backup
Cleaning MTree or deleting user
On-demand update retention
Support
Communication of telemetry data
Export of job and job group logs
Adding log bundles
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs, Jobs > Asset Jobs, or Jobs > System Jobs.
The relevant Jobs window appears, displaying all completed and running jobs.
2. To cancel a job or job group, select a job or job group that is in-progress, and then click Cancel.
NOTE: If a job is almost complete, the cancellation might fail. If the cancellation fails, a message displays indicating that
the job cannot be canceled.
The window displays the status of the canceled job or job group. If the cancellation is successful, then the status eventually changes to Canceled. If the cancellation is not successful, then the status might indicate either Success or Critical.
3. For protection and system jobs, to cancel an individual job or task from the Job ID Summary window:
134 Managing Alerts, Jobs, and Tasks
a. Click the job ID next to the name of the job or job group.
The Job ID Summary window opens to display a list of all jobs or tasks.
b. Select a job or task that is in-progress, and then click Cancel.
NOTE: If a job or task is almost complete, the cancellation might fail. If the cancellation fails, a message displays
indicating that the task cannot be canceled.
c. Click Close.
The Job ID Summary window displays the status of the canceled job or task. If the cancellation is successful, then the status eventually changes to Canceled. If the cancellation is not successful, then the status might indicate either Success or Critical.
Exporting logs The PowerProtect Data Manager UI enables you to export and download a detailed log of a job, asset, or task to perform analysis or troubleshooting.
You can export and download a log for a job, asset, or task with any status. After you export a log, you can download it by
clicking .
Export logs for jobs
You can export and download a log for a protection job or system job by using the PowerProtect Data Manager UI.
About this task
PowerProtect Data Manager restricts the log export function in the following situations:
The job contains more than 1000 asset jobs. The job is from a different PowerProtect Data Manager tenant. The job supports exporting an external log at the current stage for the following asset sources:
Virtual machines Kubernetes Microsoft SQL Server Microsoft Exchange Server File Systems Oracle SAP HANA Network-attached storage (NAS)
In these situations, create a log bundle instead. In the PowerProtect Data Manager UI, select Settings > Support > Logs to add a log bundle.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Protection Jobs, Jobs > Asset Jobs, or Jobs > System Jobs.
The relevant Jobs window appears, displaying all jobs.
2. Select a job from the list, and then click Export Log.
indicates the log export operation is in progress, and is shown next to the asset or task in the Download Log column. Hover over the icon to display the progress. When the log export is complete, you can download the log.
3. Click next to the ID for the job to download the exported log.
Managing Alerts, Jobs, and Tasks 135
Export logs for assets or tasks
You can export and download a log for an individual asset or task.
Steps
1. From the PowerProtect Data Manager UI left navigation pane, select Jobs > Asset Jobs.
The Asset Jobs window appears.
2. Select the row of the asset, and then click Export Log.
indicates the log export operation is in progress, and is shown next to the asset or task in the Download Log column. Hover over the icon to display the progress. When the log export is complete, you can download the log.
3. Click in the Download Log column to download the exported log.
Limitations for alerts, jobs, and tasks Review the following limitations that are related to alerts, jobs, and tasks.
For in-progress jobs, the details pane displays the "Error" tab and indicates "Failed"
When you open the Details pane for in-progress jobs, the Error tab appears and incorrectly indicates Failed in the error details.
Workaround
Ignore the Error tab for in-progress jobs.
Self-service jobs are not showing on PowerProtect Data Manager Protection Jobs window after recreating lockbox entry
On both Windows and Linux, self-service jobs do not appear on PowerProtect Data Manager Protection Jobs window after recreating a lockbox entry.
Workaround
Restart the agent service or change the system time (+24 hrs).
The history of viewable backup jobs is limited to the 10,000 most recent
If viewing a history of backup jobs and trying to move to a page in the interface that would show the 10,000th or earlier backup job, the following error is seen:
error: 416: "The query will return too many results."
Workaround
To view earlier backup jobs, use a filter that includes the earlier backup jobs but limits the number of entries to less than 10,000.
Total protection jobs count on the PowerProtect Data Manager dashboard does not include skipped jobs
The Total Jobs count shown in the Jobs | Protection widget on the dashboard does not include skipped jobs. As a result, this count does not reflect the total count of protection jobs that is shown in the Protection Jobs window.
136 Managing Alerts, Jobs, and Tasks
Modifying the System Settings
Topics:
System settings Modifying the PowerProtect Data Manager virtual machine disk settings Configure the DD system Virtual networks (VLANs) Syslog server disaster recovery Troubleshooting the syslog connection
System settings You can use the PowerProtect Data Manager UI to modify system settings that are typically configured during PowerProtect Data Manager deployment.
To access System Settings, click .
Modify the network settings
Perform the following steps if you want to change the IP address of the PowerProtect Data Manager appliance, or modify other network settings such as the hostname, subnet mask, gateway, or DNS servers.
About this task
CAUTION: If you change the hostname or IP address, ensure you follow all the steps in Change the hostname or
IP address.
Steps
1. From the PowerProtect Data Manager UI, click , and then click Default Network.
2. Update the following fields as necessary:
Hostname Primary DNS Secondary DNS
3. In the Configuration Details pane, click Edit, and then update the following fields for the IP address as necessary:
IP Address Subnet Mask Gateway
4. Click Save.
Change the hostname or IP address
Perform the following steps to change the hostname or IP address of the PowerProtect Data Manager appliance.
About this task
CAUTION: If you do not follow all these steps, PowerProtect Data Manager can become unstable and perform
unpredictably.
10
Modifying the System Settings 137
Steps
1. Change the hostname or IP address from the PowerProtect Data Manager user interface using the steps in Modify the network settings.
2. Perform the following substeps on each enabled Search Engine node:
a. Connect to the Search Engine node console. b. Open /opt/emc/search/conf/search.cfg in a text editor.
c. Look for the PPDMServer section, and edit the value of Value, replacing
"PPDMServer": { "Description": "PowerProtect Data Manager server name", "Required": true, "Type": "string", "IsArray": false, "Value": "
d. Look for the PPDMUrl section, and edit the value of Value, replacing
"PPDMUrl": { "Description": "PowerProtect Data Manager server URL with port, for backup synchronization, (
e. Run the command sudo systemctl restart search-monitor.service.
f. Run the command sudo systemctl restart search-rest-engine.service.
3. If DD Boost is used, perform the following substeps:
NOTE: If NFS is used, skip this step.
a. Connect to the PowerProtect Data Manager console and change to the root user. b. Run the command service elasticsearch status. If the service is running, wait 5 minutes and run the command
again. If the service is still running, run the command service elasticsearch stop.
c. From the vSphere Client user interface, select the PowerProtect Data Manager appliance, click ACTIONS > Power, and then select Restart Guest OS.
NOTE: Use the vSphere Client to restart the PowerProtect Data Manager appliance instead of the normal
procedure.
d. After the appliance has restarted, connect to the PowerProtect Data Manager console and change to the root user. e. Run the following commands:
sudo rm /opt/emc/boostfs/lockbox/*.bak sudo mv /opt/emc/boostfs/lockbox/boostfs.lockbox.FCD /opt/emc/boostfs/lockbox/ boostfs.lockbox.FCD.bak sudo mv /opt/emc/boostfs/lockbox/boostfs.lockbox /opt/emc/boostfs/lockbox/ boostfs.lockbox.bak sudo umount -l /data01/server_backups
f. From the PowerProtect Data Manager user interface, click System Settings > Disaster Recovery and select Manage Backups.
NOTE: Viewing the Manage Backups pane triggers a necessary server process, and no further action is required.
Next steps
If a VM Direct Engine was deployed for VMware virtual machine, Tanzu Kubernetes, or NAS protection, redeploy the protection engine. The PowerProtect Data Manager Virtual Machine User Guide provides instructions.
138 Modifying the System Settings
Modify the DNS search domain
Perform the following steps if you want to change the DNS search domain of the PowerProtect Data Manager appliance.
About this task
PowerProtect Data Manager automatically configures a search domain that is based on the domain name of the appliance. For example, if the FQDN of PowerProtect Data Manager is ppdm.subdomain.domain.com, the search domain is configured as subdomain.domain.com. This value can be modified, and more than one search domain can be used.
Steps
1. Use ssh to log in to PowerProtect Data Manager.
2. Run the following commands:
cd /usr/local/brs/puppet/scripts ./search_domains.sh
3. Follow the prompts to provide the new search domain information.
The following example adds the search domain domain2.com to the existing search domain subdomain.domain.com:
Setting search domains. Current search domains: subdomain.domain.com Change search domains to: subdomain.domain.com domain2.com Applying search domains to [subdomain.domain.com domain2.com], input root password to continue [sudo] password for root: New search domains: subdomain.domain.com domain2.com
Synchronize time on PowerProtect Data Manager and other systems
The PowerProtect Data Manager system time is synchronized with the ESXi host system.
The PowerProtect Data Manager system time must match the systems with which it interfaces or compliance checks fail. It is recommended that all systems be configured to use an NTP server.
NOTE: Times in the UI are always displayed as local to the users time zone based on their browser or system settings.
The PowerProtect Data Manager system might be in a different time zone but when viewing the UI it always shows the
times local to the user. All log-file entries use the UTC time zone except those entries that are related to client browser
connections, which use the server time zone.
Modify the appliance time zone and NTP server
Use this procedure to modify the time zone and NTP server for the PowerProtect Data Manager appliance.
Steps
1. From the PowerProtect Data Manager UI, click , select System, and then click Timezone.
2. From the Timezone list, select the applicable time zone.
3. (Optional) In NTP Server, provide the hostname or IP address of an NTP server.
NOTE: You cannot provide an IPv6 NTP server. To use an IPv6 NTP server, contact Customer Support.
4. Click Save.
Modifying the System Settings 139
Enable replication encryption
You can ensure that replicated content is encrypted while in-flight to the destination storage, and then decrypted before it is saved on the destination storage.
About this task
The encryption settings on both the source and destination systems must match to ensure successful replication.
For example, if you enable in-flight encryption in PowerProtect Data Manager, the setting must be enabled on each source and destination server before defining the PowerProtect Data Manager replication objective. If encryption is enabled after the initial definition of replication objectives, any replication jobs that were initiated during the period when the source and destination server encryption settings did not match will fail.
Steps
1. From the PowerProtect Data Manager UI, click , and then select Security.
The Security dialog box appears.
2. Click the Replication Encryption switch so it is enabled, and then click Save.
Next steps
The Infrastructure > Storage window of the PowerProtect Data Manager UI displays the status of the in-flight encryption setting for all attached storage systems.
NOTE: For systems with DDOS version 6.2 and earlier installed, the status might display as Unknown. DDOS version 6.3
and later supports authentication mode. DDOS versions earlier than version 6.3 support only anonymous authentication
mode. PowerProtect Data Manager supports only anonymous and two-way authentication modes. Ensure that both source
and destination system servers use the same authentication mode.
You can take additional steps on your PowerProtect Data Manager server to enable in-flight encryption on connected DD systems by using DD System Manager, as described in the DDOS Administration Guide.
Backup and restore encryption
Using Transport Layer Security (TLS), you can encrypt backup or restore data that is in transit for centralized and self-service operations with DD Boost encryption. Encryption of backup and restore data in-flight is available for agent host assets, Kubernetes cluster assets and Network-attached storage (NAS) assets only.
By default, PowerProtect Data Manager supports an encryption strength of HIGH and uses DD Boost anonymous authentication mode. The DD Boost encryption software uses the ADH-AES256-SHA cipher suite. The DD Boost for OpenStorage Administration Guide provides more information about the cipher suite for high encryption.
The following table lists the workloads and operations that support encryption of data in-flight:
NOTE: Refer to the agent user guides for more information about the centralized and self-service operations that are
supported.
Table 38. Supported workloads
Workload Centralized backup Centralized restore Self-service backup Self-service restore
File System with Application Direct
Yes Yes (image-level restore only)
Yes Yes (image-level restore only)
Kubernetes cluster Yes Yes N/A Yes (from the most recent backup)
Microsoft SQL Server with Application Direct
Yes Yes (database-level restore only)
Yes Yes (database-level restore only)
Microsoft Exchange Server with Application Direct
Yes N/A Yes Yes
140 Modifying the System Settings
Table 38. Supported workloads (continued)
Workload Centralized backup Centralized restore Self-service backup Self-service restore
NAS Yes Yes N/A N/A
Oracle with Application Direct
Yes N/A Yes Yes
SAP HANA with Application Direct
Yes N/A Yes Yes
Enabling encryption imposes additional overhead. Backup and restore performance for any client could be affected by 5-20% with encryption enabled.
You can enable or disable backup and restore encryption in the PowerProtect Data Manager UI.
PowerProtect Data Manager supports backup and restore encryption for all supported DD Boost and DDOS versions. The most up-to-date software compatibility information for PowerProtect Data Manager is provided by the E-Lab Navigator.
NOTE: You do not need to enable in-flight encryption on connected DD systems. If DD encryption settings exist, the higher
setting takes precedence.
Enable backup and restore encryption
You can ensure that the backup and restore content is encrypted when read on the source system, transmitted in encrypted form, and then decrypted before it is saved on the destination storage.
Prerequisites
Review the information in Backup and restore encryption to learn more about backup and restore encryption.
The encryption settings determine if the data transfer is encrypted while in-flight during backup and restore operations.
For File System, Microsoft SQL Server, Microsoft Exchange Server, Oracle, SAP HANA, and Network Attached Storage (NAS) workloads, backup and restore encryption is only supported for Application Direct hosts.
When a new host is added to PowerProtect Data Manager, host configuration is run to push the encryption settings to the host.
Only hosts that have the same version of PowerProtect Data Manager application agents installed support the host configuration.
About this task
Steps
1. From the PowerProtect Data Manager UI, click , and then select Security.
The Security dialog box appears.
2. Click the Backup/Restore Encryption switch so it is enabled, and then click Save.
Next steps
The Jobs > System Job window of the PowerProtect Data Manager UI creates a job to enable protection encryption. This job pushes encryption settings to the hosts to be used for self-service operations. Within the system job, a host configuration job is created for each host. If an error occurs, you can retry the system job or individual host configuration job.
NOTE: For centralized backup and restore operations, PowerProtect Data Manager sends the encryption settings to the
application agents on the Application Direct hosts and network-attached storage (NAS).
You can disable encryption for backup and restore content by clicking the Backup/Restore Encryption switch. PowerProtect Data Manager creates a system job in the Jobs > System Job window to disable protection encryption.
Modifying the System Settings 141
Additional considerations
Review the following additional considerations for backup and restore encryption.
To validate whether encryption is being used, you can check the status of existing connections on the DD system by running the ddboost show connections command in the DD Boost CLI:
The value in the Encrypted column is set to Yes if a connection has been established with encryption. If a client establishes a connection with encryption, and establishes another connection without encryption, the value in the
Encrypted column is set to Mixed. This might occur for one of the following reasons: Encryption settings that are defined on a per-client basis remain in place for a while after the client has disconnected. If
the client previously established a connection without encryption and then later established a connection with encryption, the value shows as Mixed.
Encryption settings are not specified for the DD Boost connections that are created on the application agent. Refer to the individual user guides for more information.
If encryption settings exist on the DD and are also enabled in PowerProtect Data Manager, the higher encryption setting takes precedence. As a result, the Encrypted column will always show Mixed or Yes.
Server monitoring with syslog
The syslog system logging feature collects system log messages and writes them to a designated log file. You can configure the PowerProtect Data Manager server to send event information in syslog format.
PowerProtect Data Manager serves as a syslog client to send diagnostic and monitoring data to the syslog server. You can access this data to perform audits, monitoring, and troubleshooting tasks.
The syslog server firewall is configured to receive data from PowerProtect Data Manager using the required ports listed in the PowerProtect Data Manager Security Configuration Guide. If your syslog server uses a port that is not listed, open the corresponding port on the PowerProtect Data Manager system.
Refer to the PowerProtect Data Manager Security Configuration Guide for the following information:
Port usage Instructions for modifying firewall rules to add custom ports
It is recommended that you configure the PowerProtect Data Manager system to use an NTP server. NTP configuration is required to synchronize the PowerProtect Data Manager system time with the syslog server.
The selected severity level applies to all selected components. You cannot apply independent severity levels to each component. For example, selecting Critical forwards critical messages from all selected components. An exception is when you select OS Kernel or PPDM Alert and Audit, the corresponding audit log is forwarded by default, regardless of the selected severity level.
If no log messages are transmitted during a 24-hour period, PowerProtect Data Manager generates an alert to check the PowerProtect Data Manager and syslog server connection to verify that there are no problems preventing the exchange of messages.
Configure the syslog server
Use the following procedure to enable the syslog server, change the syslog server, change which events are forwarded, and disable syslog forwarding.
Prerequisites
To use TLS for the syslog connection:
Import the syslog server security certificate into PowerProtect Data Manager. The PowerProtect Data Manager Security Configuration Guide provides instructions.
By default, PowerProtect Data Manager uses anon authentication. If your syslog server uses another form of authentication, contact Customer Support.
Steps
1. From the PowerProtect Data Manager UI, click , select Logs, and then click Syslog. The Logs window opens to the Syslog page.
142 Modifying the System Settings
To enable syslog forwarding:
2. Move the Syslog Forwarding slider to the right to enable syslog forwarding.
3. Provide the following information:
IP Address / FQDNIP address or fully qualified domain name of the syslog server. PortPort number for PowerProtect Data Manager and syslog server communications. ProtocolProtocol to use for communications (TLS, UDP, or TCP). ComponentsSyslog message components. Severity LevelSpecify the scope of the messages to forward to the syslog server.
To change the syslog server:
4. From the PowerProtect Data Manager UI, click , select Logs, and then click Syslog. The Logs window opens to the Syslog page.
5. Change the following syslog configuration details:
IP Address / FQDNIP address or fully qualified domain name of the syslog server. PortPort number for PowerProtect Data Manager and syslog server communications. ProtocolProtocol to use for communications (TLS, UDP, or TCP).
To change which events are forwarded:
6. From the PowerProtect Data Manager UI, click , select Logs, and then click Syslog. The Logs window opens to the Syslog page.
7. Change the Components and Severity Level.
To disable syslog forwarding:
8. From the PowerProtect Data Manager UI, click , select Logs, and then click Syslog. The Logs window opens to the Syslog page.
9. Move the Syslog Forwarding slider to the left to disable syslog forwarding.
To apply the changes:
10. Click Save.
Next steps
Once the syslog configuration is complete, check the connection status. Go to System Settings > Logs > Syslog and verify that the syslog server connection status indicates Connected. If the syslog server is not connected, the status indicates Not Connected.
Additional system settings
Some system settings directly relate to the deployment and maintenance of PowerProtect Data Manager.
For detailed information about the following topics, see System Maintenance.
Licensing PowerProtect Data Manager Specifying a PowerProtect Data Manager host
Modifying the System Settings 143
Modifying the PowerProtect Data Manager virtual machine disk settings Follow the steps in this section, under the guidance and recommendations of Customer Support, to expand the size of the data disk and system disk.
Modify the data disk size
Follow these steps to expand the size of a data disk that is single partitioned and has the log partition is on the system disk.
Steps
1. Perform the following steps from the vSphere Web Client:
a. Right-click the VM Direct appliance and select Shut Down Guest OS. b. After the power off completes, right-click the appliance and select Edit Settings.
The Edit Settings window appears with the Virtual Hardware button selected. c. Increase the provisioned size of Hard disk 2 to the desired size, and then click OK.
NOTE: You cannot decrease the provisioned size of the disk.
d. Right-click the VM Direct appliance and select Power On.
2. Perform the following steps from the appliance console, as the root user.
NOTE: If you use ssh to connect to the appliance, log in with the admin account, and then use the su command to
change to the root account.
a. Reboot the appliance by typing reboot.
b. On the GNU GRUB menu, press Esc to edit the GNU GRUB menu.
c. In the edit screen, search for the line that starts with Linux, and then add word single before the entry splash=0
The following figure provides an example of the edit screen with the updated text.
Figure 8. Editing the GNU GRUB menu
d. Press Ctrl-x to reboot into single-user mode.
144 Modifying the System Settings
e. When prompted, type the password for the root account. f. Unmount the data disk, by typing umount /data01.
g. Start the partition utility, by typing parted, and then perform the following tasks:
i. Type select /dev/sdb.
ii. Type print. If you are prompted to fix issues, type fix at each prompt. The output displays the new disk size in the Size field and the current size in the table.
iii. Type resize 1 new_size. Where new_size is the value that appears in the Size field in the output of the print command.
For example, to resize the disk to 700 GB, type: resize 1 752GB iv. Type quit.
3. Reboot the VM Direct appliance by typing systemctl reboot.
4. Log in to the console as the root user.
NOTE: If you use ssh protocol to connect to the VM Direct appliance, log in with the admin account, and then use the
su command to change to the root account.
5. Grow the xfs file system by typing xfs_growfs -d /data01.
6. Confirm the new partition size by typing df -h.
Modify the system disk size
Follow these steps to expand the size of a data disk when the log partition is the last partition on the system disk.
Steps
1. Perform the following steps from the vSphere Web Client:
a. Right-click the VM Direct appliance and select Shut Down Guest OS. b. After the power off completes, right-click the appliance and select Edit Settings.
The Edit Settings window appears with the Virtual Hardware button selected. c. Increase the provisioned size of Hard disk 1 to the desired size, and then click OK.
NOTE: You cannot decrease the provisioned size of the disk.
d. Right-click the VM Direct appliance and select Power On.
2. Boot from a SuSE Linux Enterprise Server (SLES) version 12 CD.
3. Start the partition utility, by typing parted, and then perform the following tasks.
a. Type select /dev/sdx.
b. Type print. If you are prompted to fix issues, type fix at each prompt. The output displays the new disk size in the Size field and the current size in the table.
c. Type quit.
4. Reboot the VM Direct appliance by typing systemctl reboot.
5. Log in to the console as the root user.
NOTE: If you use ssh protocol to connect to the VM Direct appliance, log in with the admin account, and then use the
su command to change to the root account.
6. Grow the xfs file system by typing xfs_growfs -d /data01.
7. Confirm the new partition size by typing df -h.
Configure the DD system
Prerequisites
Before you can use DD to protect the system, use NFS to export the MTree that PowerProtect Data Manager uses on the DD system. The setup on the DD system requires that you add the PowerProtect Data Manager client with no_root_squash.
Modifying the System Settings 145
Steps
1. Use a web browser to log in to the DD System Manager as the system administrator.
2. In the Summary tab, Protocols pane, select NFS export > create export. The Create NFS Exports window appears.
3. In the Create NFS Exports window:
a. In the Export Name field, specify the name of the DD MTree. b. If you have not yet created the DD MTree, follow the prompts to create the MTree and click Close. c. In the Directory path field, specify the full directory path for DD MTree that you created. Ensure that you use the same
name for the directory. d. Click OK.
A message appears to indicate that the NFS export configuration save is in progress and then complete. e. Click Close.
Virtual networks (VLANs) PowerProtect Data Manager can separate management and backup traffic onto different virtual networks (VLANs). Virtual networks help to improve data traffic routing, security, and organization.
The default configuration routes the management traffic over the same network as backup traffic. All assets are part of the same network.
Figure 9. Flat network
You can also configure virtual networks to separate management traffic from backup traffic. This configuration can also separate traffic that originates from different networks. In that case, you can use the same virtual network for management and backup traffic, or separate virtual networks for each.
146 Modifying the System Settings
Figure 10. Virtual networks
To use virtual networks with PowerProtect Data Manager, you must configure the DD and network infrastructure before you configure the PowerProtect Data Manager or assign networks to assets.
Configuration follows a multistep workflow:
1. Configure the virtual network on the DD. 2. Add the DD as storage and name the network interface. 3. Add the virtual network to the PowerProtect Data Manager. 4. Register the assets with the PowerProtect Data Manager. 5. Create a protection policy (or edit an existing policy) and assign the preferred virtual network. 6. Optionally, assign the virtual network to individual assets. This action overrides any preferred virtual network that you may
have specified through a protection policy.
The initial steps to configure and add each virtual network are one-time events. The subsequent steps to assign virtual networks to protection policies or assets happen as required.
Configuration is nondisruptive. You can add, edit, or delete virtual networks without affecting background activities, disconnecting network interfaces, or affecting the PowerProtect Data Manager user interface.
PowerProtect Data Manager logs network changes in the audit log. Failed network changes appear in the System alerts.
Virtual network traffic types
PowerProtect Data Manager supports virtual networks for the following traffic types:
Table 39. Traffic types
Type Description
Management Control traffic, typically HTTPS REST API operations; small file transfers, such as logs and update packages; other essential traffic, such as identity provider authentication.
Data Large amounts of customer data, such as backup and restore traffic, cloud tiering, and CloudDR traffic.
Data for Management Components
Customer data that is related to management and control operations, such as ServerDR, indexing and searching, replication monitoring, and copy deletion.
The Data for Management Components type carries traffic which relates to management operations but which can contain customer information. Where required, you can separate this traffic from either the Management network, the Data network, or both.
Modifying the System Settings 147
For example, some environments may support different speeds for each network: a 1 Gbps network for management and a 10 Gbps network for data. Other environments may have policies or rules that govern whether customer data can flow across the Management network. Separating the Data for Management Components traffic enables you to optimize flow for security, speed, and other priorities.
Virtual network planning
When you plan your virtual network configuration, observe the following requirements:
Table 40. Component traffic type requirements
Component Compatible types Incompatible types
PowerProtect Data Manager Management, Data for Management Components
Data
Protection engines Data for Management Components, Data Management
Search Engine nodes Data for Management Components Management, Data
While the table indicates compatible traffic types, protection engines can operate without virtual networks.
Separating the Data for Management Components traffic from the Management traffic requires you to name the virtual networks for protection storage. Change network settings for protection storage provides instructions. If you do not name the virtual networks for protection storage, this traffic defaults to the Management network.
Parallel virtual networks
Your environment may have more than one virtual network for each traffic type, such as different Data networks for different departments. Where parallel virtual networks exist, all protection engines require an interface to at least one virtual network of each required type. However, each protection engine does not require connections to all virtual networks of the required types.
For example:
Your environment has Finance and Engineering departments with their own assets. Your environment has the following virtual networks: Management, Finance Data, and Engineering Data.
The following table describes the connections to each virtual network for scenarios where both departments share a protection engine and where departments have private protection engines.
Table 41. Example: virtual network interfaces
Virtual network name Shared protection engine Private protection engines
Finance protection engine Engineering protection engine
Management Yes Yes Yes
Finance Data Yes Yes No
Engineering Data Yes No Yes
Even though protection engines require connections for Data traffic, the private protection engines maintain separation between the virtual networks for each department.
Several of the diagrams for supported virtual network topologies include parallel virtual networks.
148 Modifying the System Settings
Virtual network topologies
The following diagrams illustrate the supported virtual network topologies and how they relate to traffic types:
Single network
This topology assigns all traffic types to the same network. There is no separation between Management and Data or between agents which belong to different logical organizations.
Figure 11. Single network
Data for Management Components traffic on Management network
This topology separates Management traffic from Data traffic but keeps the Data for Management Components traffic with the Management traffic.
This tradeoff operates well in environments where the Management network can support frequent large data transfers and which allow customer data on the Management network.
Thick lines indicate paths that transfer comparatively more data, such as files and update packages. Thin lines indicate paths that transfer comparatively less data, such as HTTPS API traffic only.
Modifying the System Settings 149
Figure 12. Data for Management Components traffic on Management network
Data for Management Components traffic on Data network
This topology separates Management traffic from Data traffic but keeps the Data for Management Components traffic with the Data traffic.
This tradeoff operates well in environments where the Management network cannot support frequent large transfers or which do not allow customer data on the Management network. However, there is no separation between backup data and control data, and Data for Management Components traffic competes with other traffic.
Thick lines indicate paths that transfer comparatively more data, such as files and update packages. Thin lines indicate paths that transfer comparatively less data, such as HTTPS API traffic only.
150 Modifying the System Settings
Figure 13. Data for Management Components traffic on Data network
Full separation
This topology implements complete separation between all traffic types for maximum throughput and security. Customer data does not flow across the Management network.
Thick lines indicate paths that transfer comparatively more data, such as files and update packages. Thin lines indicate paths that transfer comparatively less data, such as HTTPS API traffic only.
Modifying the System Settings 151
Figure 14. Full separation
Supported scenarios
PowerProtect Data Manager supports virtual networks for the following use cases: Virtual machine backups Kubernetes backups Database backups Microsoft Exchange Server backups File system backups Replication Disaster recovery Cloud DR Storage Data Management Search Engine
NOTE: The first time that you use the Networks page to add a virtual network to an environment with existing Search
Engine nodes, PowerProtect Data Manager does not automatically add the virtual network to the Search Engine. Instead,
manually edit each Search Engine node to add the virtual network. This action makes the Search Engine aware of virtual
networks. Any subsequent new virtual networks are automatically added to the Search Engine.
152 Modifying the System Settings
Virtual network prerequisites
Before you configure a virtual network, complete the following actions: Register the vCenter server on which PowerProtect Data Manager is deployed. You can verify this on the vCenter tab of
the Asset Sources page. You can also add a hosting vCenter. Specifying the PowerProtect Data Manager host provides instructions.
Configure the network switch port for trunk mode. This setting allows the port to carry traffic for multiple VLANs. Enable Virtual Guest Tagging (VGT) or Virtual Switch Tagging (VST) mode on the VMware ESXi virtual network switch port
for PowerProtect Data Manager. You can use a standard port group or a distributed port group.
VGTFor port groups on standard virtual switches, configure the virtual switch port for VLAN ID 4095, which makes all VLANs accessible. For port groups on distributed virtual switches, use VLAN trunking, which supports specifying multiple VLANs by ID or range. For more information, see the VMware ESXi documentation.
VSTYou can configure the port group with a VLAN ID from 1-4094. Configure a VLAN interface for the DD through the Interfaces tab on the Hardware > Ethernet window in the DD System
Manager. The DD documentation provides more information.
It is recommended that you choose an interface name that incorporates the VLAN ID. For example, the interface name ethV1.850 for VLAN ID 850.
Add the DD as protection storage for PowerProtect Data Manager.
PowerProtect Data Manager does not verify the network switch configurations. If the physical or virtual network switch is incorrectly configured, then virtual network configuration fails.
Configuring virtual networks
The following topics create and maintain virtual networks in PowerProtect Data Manager for use with assets on different VLANs.
PowerProtect Data Manager names each virtual network in two places: the interface to the protection storage system and the interface to the protected assets. These names are not required to match. However, it is strongly recommended that you use the same network name in both locations for each virtual network. Record each network name for later use.
It is also recommended that you choose network names that incorporate the VLAN ID. For example, sales-vlan850 for VLAN ID 850.
Adding a virtual network includes creating a pool of static IP addresses. PowerProtect Data Manager uses these addresses for the local interfaces to the virtual network and for any VM Direct protection engines or Search Engine nodes that you deploy on this network.
Each VM Direct protection engine or Search Engine node requires an IP address on the virtual network. The PowerProtect Data Manager interface requires one IP address. Ensure that you have enough IP addresses available on each network to meet this requirement. To prepare for future expansion, you can add more IP addresses than are initially required.
When you review the list of virtual networks, rows that require attention are indicated with a beside the name. View the network details for more information.
Add a virtual network
Configure a new virtual network for use with assets and protection policies.
About this task
Each new virtual network requires at least one IP address for each PowerProtect Data Manager network interface. Review the Number of IP addresses needed field before you supply the required static IP addresses.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Networks. The Networks window appears.
2. Click Add. The Add Network wizard opens.
3. For Purpose, select one or more traffic types.
Modifying the System Settings 153
Virtual network traffic types provides more information.
4. In the Network Name field, type the name of the new virtual network.
It is recommended that you keep the network names consistent for each VLAN.
5. In the VLAN ID field, type the numeric value 1 through 4094 that corresponds to the VLAN which this virtual network represents.
6. Provide the MTU (maximum trr the virtual network.
Allowable MTU values range from 1500 to 9000.
7. Click Next. The Add Network wizard moves to the Static IP Pool page.
8. From the Static IP Pool page:
a. Select the Type of IP pool.
If you need more than one type of IP pool, click Add Alternate Configuration Details. You can edit this additional IP pool by clicking Edit, or delete it by clicking Delete.
b. Provide the Subnet Mask for an IPv4 pool or the Prefix for an IPv6 pool. c. Provide the number of reserved IP addresses for PowerProtect Data Manager to use for communication on this virtual
network.
You can add or remove individual IP addresses or ranges of IP addresses.
To add an individual IP address or range of IP addresses, click , select Value or Range, and then provide the value or range.
To remove an individual IP address or range of IP addresses, click next to its entry.
9. Verify that the static IP address pool contains enough addresses to add the virtual network.
10. Click Next. The Add Network wizard moves to the Routes page.
11. If applicable, click Add to define any required routes.
The Add Routes page opens. Complete the following substeps:
a. Select a route type:
If you select Subnet, define the subnet in CIDR format. For example, 10.0.0.0/24 for IPv4 or fe80:7f03:79a5:2d11::f9a5/64 for IPv6.
If you select Host, type the IP address.
b. Type the IP address of the default gateway through which PowerProtect Data Manager should reach the subnet or host. c. Click Add.
The Add Routes page closes. The Routes list displays the new route. d. Review the route information.
If any parameters are incorrect, select the checkbox for that route and then click Delete.
e. Repeat these substeps for any additional required routes.
12. Click Next. The Add Network wizard moves to the Summary page.
13. Verify the network configuration information, and then click Finish. The Add Network wizard closes. The Networks page displays the new network with the Initiating status.
Next steps
PowerProtect Data Manager may take a short time to configure the virtual network.
If the virtual network status changes to Failed, then a corresponding system alert contains more information about the cause of the failure. Troubleshoot the failure and then complete one of the following actions:
If the failure was caused by a configuration issue, click Edit to update the network configuration. If the failure was transient or had an external cause, and the configuration is correct, click Retry to use the same settings.
NOTE:
When you edit or retry a virtual network operation that failed and there are additional IP addresses in the address pool,
PowerProtect Data Manager marks the last failed IP address as abandoned. PowerProtect Data Manager does not try to
reuse any IP addresses that are marked as abandoned. The UI does not display this condition.
154 Modifying the System Settings
KB article 000181120 provides more information about how to use the REST API to detect when an IP address is marked as
abandoned. The article also provides steps to correct this condition so that the IP address can be used again.
View the details of a virtual network
If the virtual network name is ambiguous, you can view the details to further identify the virtual network before making changes. You can also identify components that require attention after a change.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Networks. The Networks window appears.
2. Locate the row that corresponds to the appropriate virtual network.
The columns for each row indicate the associated VLAN ID and network status. Rows that require attention are indicated
with a beside the name.
3. Click for that row.
The Details pane opens to the right.
This pane contains information about the virtual network configuration, such as the static IP address pool details, assigned traffic types, and configured routes. This pane also lists any components that are configured with an interface on this network, their types, and their assigned IP addresses.
4. Click X to close the details pane.
Changing virtual network traffic types after configuration
Under normal operation, you configure a virtual network and then assign the interface to new or existing components which support the selected traffic types. However, should your environment change, you can later change the traffic type settings for a virtual network.
After you reconfigure a virtual network, the new traffic type settings may no longer align with the interface assignments for existing components on that virtual network. In these cases, PowerProtect Data Manager notifies you about conflicts between traffic types and interface assignments, but does not take automatic action.
Instead, the UI marks conflicts with a warning symbol ( ). Administrators should review any warnings and edit the indicated components to manually remove the incompatible network interfaces. For example:
Search Engine node interfaces to virtual networks that carry Data traffic, but not Data for Management Components traffic. Protection engine interfaces to virtual networks that carry Data for Management Components traffic. PowerProtect Data Manager interfaces to virtual networks that carry Data traffic, but not Data for Management
Components traffic.
Under these circumstances, PowerProtect Data Manager continues to operate normally. However, resolving the conflict returns the IP address to the address pool.
Edit a virtual network
You can change any parameter for a virtual network without deleting the network. For example, to add more IP addresses to the static IP pool.
Prerequisites
If an IP address from the static IP pool is already in use, you cannot remove the address from the pool.
Before you change the traffic types for a network, disable indexing. Set up and manage indexing provides instructions.
About this task
After deployment, the default network has all traffic types enabled. You can remove the Data and Data for Management Components types from this network, but not the Management type.
Modifying the System Settings 155
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Networks. The Networks window appears.
2. Locate the row that corresponds to the appropriate virtual network, and then click the radio button to select that row. The PowerProtect Data Manager enables the Edit and Delete buttons.
3. Click Edit. The Edit Network wizard opens to the Summary page.
4. Click Edit for the Configuration, Static IP Pool, and Routes sections. The Edit Network wizard moves to the Configuration, Static IP Pool, or Routes page.
5. Modify the appropriate network parameters, and then click Next.
If you modify the virtual network in a way that requires more IP addresses, you cannot continue until you add more addresses to the static IP address pool.
The Edit Network wizard moves to the Summary page.
6. Verify the network configuration information, and then click Finish.
The Edit Network wizard closes. The Networks page reflects the updated information, where applicable.
You may need to view the details for the virtual network to verify some changes.
Next steps
If you disabled indexing, re-enable indexing. Set up and manage indexing provides instructions.
Delete a virtual network
Although optional, it is recommended that you delete virtual networks when they are no longer required.
Prerequisites
Unassign the virtual network from any applicable assets. Disable indexing. Set up and manage indexing provides instructions. Disable every VM Direct Engine that is configured to use the virtual network. Disable every Search cluster that uses the virtual network.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Networks. The Networks window appears.
2. Locate the row that corresponds to the appropriate virtual network, and then click the radio button to select that row. PowerProtect Data Manager enables the Edit and Delete buttons.
3. Click Delete.
4. Verify the network information, and then click OK to acknowledge the deletion warning. The PowerProtect Data Manager removes the virtual network from the list on the Networks page.
Next steps
Re-enable indexing, VM Direct Engines, and Search clusters.
Change network settings for protection storage
After you add protection storage, name the virtual network or networks between the PowerProtect Data Manager and the protection storage system. To rename a virtual network (edit the network name), repeat these steps.
About this task
Separating the Data for Management Components traffic from the Management traffic requires you to name the virtual networks for protection storage. If you do not name the virtual networks for protection storage, components such PowerProtect Data Manager and Search Engine nodes have no route to protection storage over the Data for Management Components network. This traffic defaults to the Management network.
156 Modifying the System Settings
NOTE: Network interfaces that exist on a DD 7.4.x or earlier system and that are configured
to use an uncompressed IPv6 format cannot be discovered. An example of an uncompressed IPv6
format is 2620:0000:0170:0597:0000:0000:0001:001a. An example of a compressed IPv6 format is
2620:0:170:597::1:1a. To use these network interfaces, reconfigure them to use either an IPv4 address or a
compressed IPv6 address, and then initiate a discovery.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Storage. The Storage window appears.
2. On the Protection Storage tab, select the storage system, and then select More Actions > Change Network Settings. The Change Network Settings window opens and displays a list of known network interfaces, assigned IP addresses, link speeds, and network purposes.
3. Identify the interfaces for each new virtual network, and then select or type names for the virtual networks in the corresponding fields.
Each interface indicates an IP address, link speed, and network purposes. NOTE: If the storage system is DDVE 7.9, the interface displays undefined-bit/s. To determine the speed of the
virtual interface, refer to the settings of the ESXi host and its physical network adapter.
4. If you typed a name for a virtual network in step 3, select one or more network purposes for the virtual network.
5. Click Save. The PowerProtect Data Manager stores the network names.
Virtual network asset assignment
Assignments identify which assets should use each virtual network. There are two methods to associate an asset with a virtual network: By protection policy
You can configure the PowerProtect Data Manager to choose a preferred virtual network for all assets on a protection policy.
By asset
You can assign virtual networks to individual assets. This method is optional and overrides any virtual network assignment from a protection policy. Assets which are not individually assigned automatically use the preferred virtual network.
You can use this method to specify a virtual network for any asset. However, this method is especially suited to configuring assets which are exceptions to the rule. You can also split assets on the same application host across multiple virtual networks. For example, when an asset has its own network interface or belongs to another department.
It is recommended that you assign assets to virtual networks by protection policy, where possible.
Before you assign an asset, perform the following actions:
Test connectivity from the asset host to the PowerProtect Data Manager by pinging the PowerProtect Data Manager IP address on that virtual network.
Register the asset source with the PowerProtect Data Manager. Approve the asset source.
Assign a virtual network by protection policy
The following steps apply a virtual network to an existing protection policy. You can also assign a virtual network when you create a protection policy.
About this task
The Network Interface field selects the network interface for communication with the destination protection storage system. This network carries the backup data.
Steps
1. From the PowerProtect Data Manager UI, select Protection > Protection Policies.
Modifying the System Settings 157
The Protection Policies window appears.
2. Locate an existing protection policy for which you want to configure a virtual network.
3. Select the radio button for the protection policy, and then click Edit. The Edit Policy wizard opens to the Summary page.
4. In the Objectives block, click Edit. The Edit Policy wizard moves to the Objectives page.
5. Select the checkbox for the appropriate schedule.
6. In the Network Interface field, select the correct virtual network from the list.
Each list entry indicates the interface name, interface speed, and virtual network name.
If the network was not named, a combination of the interface name and VLAN ID replaces the virtual network name. For example, ethV1.850. An interface without a virtual network name behaves as if a virtual network was not configured.
7. Click Next. The Edit Policy wizard moves to the Summary page.
8. Verify the policy information, and then click Finish.
Ensure that the selected assets are part of the virtual network.
The Edit Policy wizard closes.
9. Click OK to acknowledge the update, or click Go to Jobs to monitor the update.
Assign a virtual network by asset
This procedure is optional. You can assign a virtual network for individual assets or for all assets on a particular application host.
About this task
This setting overrides the network assignment from the protection policy. If PowerProtect Data Manager cannot use this network assignment for any reason, the setting falls back to the assignment from the protection policy.
NOTE: You cannot back up individual assets across different networks on the same protection policy and application host.
Instead, create a separate protection policy for the assets on each network.
Steps
1. From the PowerProtect Data Manager UI, select Infrastructure > Assets. The Assets window appears.
2. Locate the appropriate assets from the list on any tab.
Use the checkbox to select each asset. You can select more than one asset at a time.
3. Click More Actions > Assign Network. The Associated Assets window opens.
4. To use the virtual network for all assets on the same application host, click Include.
Otherwise, to use the virtual network for only the selected assets, click Do Not Include. Consider whether you require a separate protection policy for assets on different networks.
The Assign Network window opens.
5. Select a virtual network from the Network Label list, and then click Save.
Results
The PowerProtect Data Manager applies the network selection to the selected assets. The Network column in the list of assets for each tab now indicates the selected virtual network.
158 Modifying the System Settings
Syslog server disaster recovery Use the following procedure to restart the log manager service for the syslog server in a server disaster recovery (DR) scenario.
Prerequisites
After disaster recovery of the PowerProtect Data Manager system is complete, perform the following steps on the restored PowerProtect Data Manager system.
Steps
1. Verify that all PowerProtect Data Manager services are running in System Settings > Support > System Services Status.
2. Restart the logmgr service by running the command logmgr restart, and then wait for a few seconds for the service to restart.
Next steps
If your syslog server uses a custom port, open the corresponding port on the restored PowerProtect Data Manager system. The PowerProtect Data Manager Security Configuration Guide provides more information.
Troubleshooting the syslog connection Review the following information that is related to troubleshooting the syslog connection.
No messages are transmitted to the syslog server
Log messages are generated in the PowerProtect Data Manager services log files, however these messages are not transmitted to the syslog server. If this issue occurs, complete the following tasks:
1. Verify that the PowerProtect Data Manager firewall is using the required ports. If your syslog server uses a different port, open the corresponding port on the PowerProtect Data Manager system.
2. Verify the syslog server firewall. Ensure that the ports are configured to accept data. 3. Verify that the protocol is the same for both PowerProtect Data Manager and the syslog server. If you are using TLS,
PowerProtect Data Manager uses anon authentication by default. If your syslog server uses another form of authentication, contact Customer Support.
Modifying the System Settings 159
Managing Reports
Topics:
PowerProtect Data Manager reporting Port requirements Server requirements Known issues with the reporting engine and Report Browser Configure and deploy the reporting engine Updating the reporting engine from version 19.10 Report Browser Deleting the reporting engine Managing disaster recovery of the reporting engine
PowerProtect Data Manager reporting PowerProtect Data Manager comes with a reporting engine that offers reporting capabilities from within the PowerProtect Data Manager user interface. You can access built-in report templates that you can directly run to generate reports. Feedback can be provided for future releases.
These reports help you retrieve information about the data protection activities in your environment. Using these reports, you can diagnose problems, plan to mitigate risks, and forecast future trends. You can also run reports on-demand and export reports in CSV format.
All events in report data are shown in UTC.
PowerProtect Data Manager reporting is available for on-premises PowerProtect Data Manager deployments.
NOTE: PowerProtect Data Manager reporting is not supported with PowerProtect Data Manager in cloud environments.
Configure the reporting engine to set up reporting capabilities for PowerProtect Data Manager. After the reporting engine is configured, you can run reports from Reports > Report Browser.
NOTE: If you are using another reporting tool such as CloudIQ, you can choose not to configure PowerProtect Data
Manager reporting.
Port requirements The following table summarizes the port requirements for PowerProtect Data Manager and the reporting engine. The PowerProtect Data Manager Security Configuration Guide provides more information about ports for PowerProtect Data Manager. Read this table in conjunction with the port usage topic for PowerProtect Data Manager.
Table 42. Reporting engine port requirements
Source system Destination system Port Protocol TLS supported
Notes
PowerProtect Data Manager
Reporting engine 9002 TCP TLS 1.2 REST API service.
PowerProtect Data Manager
Reporting engine 9613d Proprietary TLS 1.2 Infrastructure node agent management of the reporting engine.
Reporting engine PowerProtect Data Manager
8443 TCP TLS 1.2 REST API service for collecting reporting data.
11
160 Managing Reports
Table 42. Reporting engine port requirements (continued)
Source system Destination system Port Protocol TLS supported
Notes
User Reporting engine 22 SSH TLS 1.2 SSH for support and administration. Encrypted by private key or optional certificates.
Server requirements Observe the following requirements for the reporting engine.
SUSE Linux Enterprise Server (SLES) version 12 SP5 8 vCPUs, 16 GB RAM Disk 01: 48 GB to install the operating system and Reporting Application Server Disk 02: 512 GB to store the reporting data Disk 03: 8 GB to store log information
Known issues with the reporting engine and Report Browser Administrators should familiarize themselves with the known issues of the new reporting feature before using it. Understanding the known issues will help with the maintenance of the feature and interpretation of the reports.
The following table describes the known issues of the new reporting feature.
Table 43. Known issues with the reporting engine and Report Browser
Issue
The selection of SMIS assets from a custom filter is ignored. Even if these assets are selected, they are not displayed on the report that uses the filter.
If the total amount of data transferred for a job is less than 1 MB, the job entry shows 0 bytes in the Data Transferred column.
When a report is exported to a CSV file, the timestamp in the Last Copy column is displayed in an unreadable format.
Workaround
To convert the timestamp to a regular date and time format, copy the value into an Excel cell, and then complete the following steps:
1. Assuming the timestamp is in cell A2, use the following formula to generate the GMT Excel time value:
=(A2/86400)+DATE(1970,1,1) 2. Format the cell to use one of the following date formats, or create a custom date format.
dd-mmm-yy dd-mmm-yyyy
The Jobs Distribution table for reports displays a long entry for the Job ID whereas the Jobs page displays a short entry for the Job ID.
In the Backup Jobs Summary report, the search functionality for the Jobs Distribution table only supports an "equals" filter type.
In the Backup Jobs Summary report, the Start Time column in the Jobs Distribution table cannot be sorted.
The reporting engine status indicates the configuration is successful for failed deployments.
Managing Reports 161
Configure and deploy the reporting engine Perform the following steps in the PowerProtect Data Manager UI to configure and deploy the reporting engine.
Prerequisites
You must deploy the reporting engine on a separate virtual machine. The vCenter server must be added as an asset source from Infrastructure > Asset Sources. The virtual machine requires 500 GB to function properly. Configure your firewall so that the reporting engine IP address is only accessible using the PowerProtect Data Manager IP
address.
About this task
It is recommended that you deploy the reporting engine to the vCenter server that hosts PowerProtect Data Manager. To verify the hosting vCenter:
1. Click the Settings > Hosting vCenter link. 2. Provide the details for the vCenter server that hosts PowerProtect Data Manager or select the hosting vCenter server from
asset sources.
Steps
1. From the PowerProtect Data Manager UI, select Reports > Reporting Engine.
2. Click Configure.
The Configure Reporting Engine dialog box opens.
3. In the Configure Reporting Engine dialog box, complete the required fields:
vCenter server to deploySpecify the vCenter server on which to deploy the reporting engine.
If you specified the hosting vCenter server, PowerProtect Data Manager populates the fields with the required information.
ESX host or clusterSelect on which cluster or ESXi host you want to configure the reporting engine. Host FQDNSpecify the fully qualified domain name (FQDN). IP address, Gateway, Netmask, and Primary DNSNote that only IPv4 addresses are supported. NetworkDisplays all the networks that are available under the selected ESXi host or cluster. Data StoreDisplays all datastores that are accessible to the selected ESXi host or cluster. Select the datastore.
4. Click Deploy.
Results
PowerProtect Data Manager starts the configuration process. Go to Reporting Engine to check the status. You can also go to the System Jobs window to monitor the progress of the configuration job.
When the process is complete, a notification appears in the Reporting Engine window to indicate that the configuration is successful. You can now access reports from Reports > Report Browser.
Updating the reporting engine from version 19.10 Unless certain procedures are followed when updating PowerProtect Data Manager from version 19.10, any deployed reporting engine fails to update.
If you have deployed the reporting engine and are updating from PowerProtect Data Manager version 19.10, you must decide if you want to keep existing reporting data or delete it.
Keep reporting data
To update PowerProtect Data Manager and keep reporting data, see KB article 000199837: PowerProtect Data Manager (PPDM) 19.10 Reporting update procedure.
162 Managing Reports
Delete reporting data
To update PowerProtect Data Manager and delete reporting data, follow these steps:
1. Delete the reporting engine. For more information, see Deleting the reporting engine. 2. Install the PowerProtect Data Manager update package. 3. Reconfigure and redeploy the reporting engine.
Report Browser Use the Report Browser to view detailed reports for the data protection activities in your environment. When you open the Report Browser, the reports are displayed in the window.
Go to Reports > Report Browser to access the reports.
Each report displays as a card. When you click a report, the report displays as one tab in the Report Browser view.
Reports
Learn about the reports that are available in the Report Browser.
The following table describes the reports:
Table 44. Reports
Report Description
Backup Jobs Summary Provides key performance indicators on backup jobs, based on the selected filters of status, assets, and duration. Information includes success and failure metrics (total and per asset type), job success, data transfer rates, and a list of top offenders.
Restore Jobs Summary Provides key performance indicators on restore jobs, based on the selected filters of status, assets, and duration. Information includes success and failure metrics (total and per asset type), job success, and data transfer rates.
Replication Jobs Summary Provides key performance indicators on replication jobs, based on the selected filters of status, assets, and duration. Information includes success and failure metrics (total and per asset type), job success, and data transfer rates.
Asset Summary Provides distribution information of all assets, based on asset protection status, size, and type. This report includes a tabular format and a graph of protected and unprotected assets in the last 7 days.
The following figure provides an example Backup Jobs Summary report. The Backup Jobs Summary, Restore Jobs Summary, and Replication Jobs Summary reports display the same widget types.
Managing Reports 163
Figure 15. Backup Jobs Summary report
164 Managing Reports
For each report, you can:
Filter reports by choosing specific metrics. Customize reports by hiding and showing columns in tables, or hiding and showing widgets. Export individual widgets in CSV format. Remove widgets from a report.
Add a report
To add a report for the first time, in the Report Browser view, click the report type that you want to add.
To add another report, click + next to the existing tab. A new report tab is added.
Data collection frequency
PowerProtect Data Manager collects report data at regular intervals. The following table provides information about the type of data that PowerProtect Data Manager collects and the data collection frequency.
Table 45. Data collection frequency
Type of data Description Data collection frequency
Status Overall status of the PowerProtect Data Manager server.
Every 15 minutes.
Configuration Information about assets. Every hour.
Protection jobs Information about data protection activities, including Protect, Restore, and Replicate jobs.
Every 5 minutes.
NOTE: Report data is not live and is as up-to-date as the last successful data collection request. Therefore, reports should
be used for historical purposes only.
To view live jobs data, go to Jobs > Protection Jobs.
To view live asset data, go to Infrastructure > Assets.
For a high-level view of the overall state of the PowerProtect Data Manager system, go to Dashboard.
Report Browser options
A report icon (three vertical dots) appears in the upper-right corner of the Report Browser pane. Clicking this icon opens a menu and allows you to configure options for your reports.
The following table describes the menu items for reports:
Table 46. Report options
Menu item Select the menu item to:
Edit Configure filters and customization options.
Email Email the report to one or more recipients.
Filters and customization options for reports
Click the report icon in the upper-right corner of the Report Browser pane, and select Edit. The filters and layout pane opens.
Use the Filters and Layout tabs to filter and sort the content that you want to include in a report:
FiltersSelect and apply filters. LayoutShow or hide widgets and show or hide table columns:
VisualizationsSelect the widgets that you want to include in the report. Clear the checkbox next to the widget name to hide it from the report.
Managing Reports 165
Show / Hide Columns (Data Table)Select the columns that you want to see in the table. Clear the checkbox next to the column name to hide it.
When satisfied with your selections, click Apply.
To reset the filters and settings, click Reset. This action ensures that filters and settings are reset to the default value.
You can also filter and sort the information that appears in table columns. Click in the column heading to filter the information in a table column, or click a table column heading to sort that column.
To see a complete list of filtering and sorting columns, click at the bottom left of the window.
See Filter and customize reports for more information.
Emailing a report to one or more recipients
To send a report in .csv format, perform the following actions:
NOTE: SMTP must be configured before performing these actions. For more information, see Set up the email server.
1. Click the report icon in the upper-right corner of the Report Browser pane, and select Email. The email pane opens. 2. Provide information for Report Name. 3. From the Report Sections, select the picture of a widget that represents the type of report to send. 4. Provide information for To, Subject, and Body. 5. Click Send.
Widget report actions
A report icon (three vertical dots) appears in the upper-right corner of each widget. Clicking this icon opens a menu and allows you to perform more actions on your reports.
The following table describes the menu items for a widget:
Table 47. Widget report actions
Menu item Select the menu item to:
Export to CSV Export the content of a selected widget to a CSV file.
Remove Delete the selected widget from the report. NOTE: You can add the widget again by clicking Edit > Layout, selecting the widget, and then clicking Apply. This action displays the selected widget in the report.
Backup Jobs Summary
Backup Jobs Summary provides key performance indicators on backup jobs that are based on the asset type and scope, job status, and duration. The report includes success and failure metrics in total and per asset type, as well as information about job success or failure, data transfer rates, and a top 10 list of backups with the highest consecutive failure count.
Click Backup Jobs Summary in the Report Browser to open the report. The report displays as one tab in the Report Browser.
The following table describes the widgets that are available in the Backup Jobs Summary report.
Table 48. Backup Jobs Summary widgets
Widget Description
Total Jobs Summary Displays the total number of successful and failed backup jobs, along with a percentage summary.
Asset Types Displays the total number of successful and failed backup jobs, based on asset type.
166 Managing Reports
Table 48. Backup Jobs Summary widgets (continued)
Widget Description
Job Success and Fail Rate Displays the number of successful and failed backup jobs over a period of time.
Data Transfer Rate Displays the rate of data transfer over a period of time.
3 Strike Summary Displays the total number of assets that have not been backed up for one or more days consecutively: One StrikeCount of the number of assets that have one protection job failure. Two StrikesCount of the number of assets that have two consecutive protection job
failures. Three StrikesCount of the number of assets that have three consecutive protection job
failures.
NOTE: Assets on the strike summary are reported once in the strike category for which it has the most strikes. Assets are not double counted in the specific categories for fewer strikes even if that might match the criteria.
Top 10 Offenders Displays the assets with the highest count of consecutive primary backup failures, indicating the number of failures along with the time of the last successful backup.
Jobs Distribution Displays details and status of all jobs, including: Job ID Asset Name Asset Type Host Start Time Job Status Policy Name Data Transferred
Restore Jobs Summary
Restore Jobs Summary provides key performance indicators on restore jobs that are based on the asset type and scope, job status, and duration. The report includes success and failure metrics in total or by asset type, as well as information about job success or failure, data transfer rates, and a top 10 list of restores with the highest consecutive failure count.
Click Restore Jobs Summary in the Report Browser to open the report. The report displays as one tab in the Report Browser.
The following table describes the widgets that are available in the Restore Jobs Summary report.
Table 49. Restore Jobs Summary widgets
Widget Description
Total Jobs Summary Displays the total number of successful and failed restore jobs, along with a percentage summary.
Asset Types Displays the total number of successful and failed restore jobs, based on asset type.
Job Success and Fail Rate Displays the number of successful and failed restore jobs over a period of time.
Data Transfer Rate Displays the rate of data transfer over a period of time.
3 Strike Summary Displays the total number of assets that have not been backed up for one or more days consecutively: One StrikeCount of the number of assets that have one restore job failure. Two StrikesCount of the number of assets that have two consecutive restore job failures. Three StrikesCount of the number of assets that have three consecutive restore job
failures.
Managing Reports 167
Table 49. Restore Jobs Summary widgets (continued)
Widget Description
NOTE: Assets on the strike summary are reported once in the strike category for which it has the most strikes. Assets are not double counted in the specific categories for fewer strikes even if that might match the criteria.
Top Offenders Displays the assets with the highest count of consecutive primary backup failures, indicating the number of failures along with the time of the last successful restore.
Jobs Distribution Displays details and status of all jobs, including: Job ID Asset Name Asset Type Host Start Time Job Status Policy Name Data Transferred
Replication Jobs Summary
Replication Jobs Summary provides key performance indicators on replication jobs that are based on the asset type and scope, job status, and duration. The report includes success and failure metrics in total or per asset type, as well as information about job success or failure, data transfer rates, and a top 10 list of backups with the highest consecutive failure count.
Click Replication Jobs Summary in the Report Browser to open the report. The report displays as one tab in the Report Browser.
The following table describes the widgets that are available in the Replication Jobs Summary report.
Table 50. Replication Jobs Summary widgets
Widget Description
Total Jobs Summary Displays the total number of successful and failed replication jobs, along with a percentage summary.
Asset Types Displays the total number of successful and failed replication jobs, based on asset type.
Job Success and Fail Rate Displays the number of successful and failed replication jobs over a period of time.
Data Transfer Rate Displays the rate of data transfer over a period of time.
3 Strike Summary Displays the total number of assets that have not been backed up for one or more days consecutively: One StrikeCount of the number of assets that have one replication job failure. Two StrikesCount of the number of assets that have two consecutive replication job
failures. Three StrikesCount of the number of assets that have three consecutive replication job
failures.
NOTE: Assets on the strike summary are reported once in the strike category for which it has the most strikes. Assets are not double counted in the specific categories for fewer strikes even if that might match the criteria.
Top 10 Offenders Displays the assets with the highest count of consecutive primary backup failures, indicating the number of failures along with the time of the last successful backup.
Jobs Distribution Displays details and status of all jobs, including: Job ID Asset Name Asset Type
168 Managing Reports
Table 50. Replication Jobs Summary widgets (continued)
Widget Description
Host Start Time Job Status Policy Name Data Transferred
Asset Summary
Asset Summary provides information about how assets are distributed in your environment. You can view details about asset protection status, asset type, and protection rates. You can also view asset details in a table view, which you can filter and sort.
Click Asset Summary in the Report Browser to open the report. The report displays as a tab in the Report Browser.
Noteworthy information about the Asset Summary report includes the following:
The data displayed is updated every hour. Additions and deletions of assets are reflected on the report no more than an hour after the additions and deletions.
The asset count is the same as what is displayed by Infrastructure > Assets.
The following table describes the widgets that are available in the Asset Summary report.
Table 51. Asset Summary widgets
Widget Description
Asset Protection Status Displays the total number of assets and size of the assets that are either protected, unprotected, or excluded from protection, along with a percentage summary.
Asset Types Displays the total number of assets and size of the assets that are either protected, unprotected, or excluded from protection for each asset type.
Protection Displays the rate of protected and unprotected assets for the last 7 days. NOTE: Although this widget did not exist in PowerProtect Data Manager 19.11 or earlier, data was still collected. However, this data was inaccurate. If you updated PowerProtect Data Manager from PowerProtect Data Manager 19.11 or earlier within the last 7 days, this widget displays inaccurate data. To resolve this issue and see accurate data, wait until 7 days after the PowerProtect Data Manager update.
Assets Displays details and status of all assets, including: Name Asset Type Host Policy Name Self Service Last Copy Asset Status Protection Status
Filter and customize reports
The Report Browser provides options to filter and customize report data.
The following table provides steps to filter and customize the Backup Jobs Summary, Restore Jobs Summary, and Replication Jobs Summary reports.
NOTE: Filters that are applied to open reports are retained for the duration of the browser session. However, if a report is
closed and then reopened during the same browser session, applied filters are not retained.
Managing Reports 169
Table 52. Filtering and customizing the Backup Jobs Summary, Restore Jobs Summary, and Replication Jobs Summary reports
Options Steps
(Optional) Filter based on asset type, asset scope, job status, and duration.
1. Click Edit at the top of the report.
The filters and layout pane opens to the Filters tab.
2. Select one or more asset types from the list. 3. Select whether to include all assets or custom assets:
Select All to include all assets. Select Custom to choose specific assets. If you select Custom, click the Select assets
link and select one or more assets from the list. When complete, click Next, and then click OK.
4. Select one or more job statuses that you want to filter on. Status types include: Successful Partially Successful Failed In Progress Canceled & Skipped
5. DurationSelect the time range for the report: All Last 24 hours Last 7 days (default) Last 30 days Specific date Custom date range
NOTE: The report data reflects the data that is collected during the specified period. If you select All, the report populates all available data.
6. Click Apply. 7. To reset the filters and settings, click Reset.
(Optional) Hide or show widgets, and hide or show table columns.
By default, all widgets and table columns are selected.
1. Click the Layout tab. 2. Expand Visualizations and select the widgets that you want to include in the report. Clear
the checkbox next to the widget to hide it from the report. 3. Expand Show / Hide Columns (Data Table) and select the table columns that you want to
appear in the report. Clear the checkbox next to the table column to hide it from the report.
Alternatively, click at the bottom of the table to show or hide table columns. 4. Click Apply. 5. To reset the filters and settings, click Reset.
Table 53. Filtering and customizing the Asset Summary report
Options Steps
(Optional) Filter based on asset status, asset type, asset scope, protection status, and duration.
1. Click Edit at the top of the report.
The filters and layout pane opens to the Filters tab.
2. Select one or more status types from the list. Status types include: Available Not Detected Deleted
3. Select one or more asset types. 4. Select wehteher to include all assets or custom assets:
Select All to include all assets. Select Custom to choose specific assets. If you select Custom, click Select assets, and
select one or more assets from the list. When complete, click Next, and then click OK. 5. Select one or more protection status types that you want to filter on. Status types include:
Protected Unprotected
170 Managing Reports
Table 53. Filtering and customizing the Asset Summary report (continued)
Options Steps
Excluded 6. Click Apply. 7. To reset the filters and settings, click Reset.
(Optional) Hide or show widgets, and hide or show table columns.
By default, all widgets and table columns are selected.
1. Click the Layout tab. 2. Expand Visualizations and select the widgets that you want to include in the report. Clear
the checkbox next to the widget to hide it from the report. 3. Expand Show / Hide Columns (Data Table) and select the table columns that you want to
appear in the report. Clear the checkbox next to the table column to hide it from the report.
Alternatively, click at the bottom of the table to show or hide table columns. 4. Click Apply. 5. To reset the filters and settings, click Reset.
Deleting the reporting engine Review the following information about deleting the reporting engine.
CAUTION: Deleting the reporting engine deletes all report data.
It is recommended that you do not delete the reporting engine.
To delete the reporting engine from PowerProtect Data Manager, go to Reports > Reporting Engine and click Delete. A notification appears in the window to indicate that deleting the reporting engine results in data loss.
Reconfiguring the reporting engine after deletion
To reconfigure the reporting engine, go to Reports > Reporting Engine and click Configure. For detailed steps on how to configure the reporting engine, go to Configure and deploy the reporting engine.
Managing disaster recovery of the reporting engine As an administrator, you want to ensure that the reporting engine is protected from a disaster.
When the reporting engine is deployed, the following occurs:
The reporting engine and all reporting data are automatically backed up with configured server DR backups. If PowerProtect Data Manager is recovered from a server DR backup, the reporting engine and all reporting data are also
recovered.
Recover the reporting engine from a DR backup
PowerProtect Data Manager automatically restores the reporting engine after disaster recovery of the PowerProtect Data Manager system is complete. If the PowerProtect Data Manager system could not restore the reporting engine automatically, use the steps in this procedure to restore only the reporting engine through the REST API. Recovery of a reporting engine must be performed on an operational PowerProtect Data Manager system. Only the Administrator role can restore the reporting engine.
Prerequisites
Obtain the name of the reporting engine backup from System Settings > Disaster Recovery > Manage Backups.
About this task
Use the backup manifest file to create a new text document that will be used issue a POST command with the REST API:
CAUTION: Do not edit the manifest file itself.
Managing Reports 171
Steps
1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.
Use the same credentials that you used before PowerProtect Data Manager was restored.
2. Connect to the PowerProtect Data Manager console as an admin user.
3. Change directories to /data01/server_backups/
Normally, there is only a single subdirectory in /data01/server_backups, so change to that subdirectory. However, if there is more than one subdirectory and you don't know which
a. From /data01/server_backups, run the following commands, changing the username and password as required:
TOKEN=$(curl -X POST https://localhost:8443/api/v2/login -k -d '{ "username": "admin","password": "admin_password" }' --header "Content-Type: application/json" | python3 -c "import sys, json; print(json.load(sys.stdin)['access_token'])")
curl -X GET https://localhost:8443/api/v2/nodes -k --header "Content-Type: application/json" --header "Authorization:Bearer $TOKEN"
b. Run the command grep -Rnwa -e '
4. Copy the manifest file to a temporary file.
5. Open the temporary file.
6. Review the following example, and make the changes documented by the // comment entries.
NOTE: The // comment entries displayed here do not exist in the temporary file itself. These comment entries are
displayed here only as a guide.
{ "id": "ca8cbb13-6f3d-4ac5-87e5-de47a634379f", "jobId": "990b4ea7-c0e4-4069-8dd5-7d0e084370fc", // DELETE LINE "creationTime": "34e1c9dd-1b54-48b4-8283-151331d193ff", "lastUpdated": "2022-08-25T19:40:18.165497Z",// DELETE LINE "elapsedSeconds": 115, "sequenceNumber": 89 "state": "Successful",// DELETE LINE "version": "19.12.0-1-SNAPSHOT", // DELETE LINE "hostname": "ldpdb141.hop.lab.emc.com", // DELETE LINE "name": "mercijTestDr", // DELETE LINE "nodeId": "a8d2df8e-5c3e-4160-87d4-32b9bfe6c283", // DELETE LINE "sizeInBytes": 18244130, "consistency": "CRASH_CONSISTENT", // DELETE LINE "checksum": "bbd97a04f296a8ed116e4a9272982d8e8411f3d0cf50dea131d5c2cd4ce224f8", // DELETE LINE "backupConsistencyType": "FULL", // DELETE LINE "esSnapshotState": "UNKNOWN", // DELETE LINE "backupTriggerSource": "USER", // DELETE LINE "configType": "standalone", // DELETE LINE "deployedPlatform": "vmware", // DELETE LINE "replicationTargets": [], // DELETE LINE "repositoryFileSystem": "BOOST_FILE_SYSTEM", // DELETE LINE "ddHostname": "ldpdg251.hop.lab.emc.com", // DELETE LINE and add line "recover":true, "Components": [ // change Components to components with lower case c { // DELETE WHOLE PPDM COMPONENT LEAVING ONLY REPORTING "name": "PPDM", "id": "ca7cbb13-6f3d-4ac5-87e5-de47a634379f", "lastActivityId": "2bdbe7a8-7c57-446d-b072-ad8081e2953d", "version": "v2", "backupPath": "ldpdg251.hop.lab.emc.com:SysDR_ldpdb141/ ldpdb141_a8d2df8e-5c3e-4160-87d4-32b9bfe6c283/PPDM", "backupStatus": "SUCCESSFUL", "backupsEnabled": true, "errorResults": [] }, // STOP DELETING HERE { "name": "REPORTING", "id": "34e1c9dd-1b54-48b4-8283-151331d193ff",
172 Managing Reports
"lastActivityId": "ed2dc805-c1f7-42fd-b9af-71897fc1da01", "version": "v2", "backupPath": "192.168.100.109:SysDR_DPDII2201IDPA10/ ppdm_64d2f00a-1ce0-47b5-9c60-914ea7d0e1e8/REPORTING", "backupStatus": "SUCCESSFUL", "backupsEnabled": true, // DELETE TRAILING COMMA "errorResults": [] // DELETE LINE } ] }
In summary:
remove all lines with the // DELETE LINE comment entry displayed here
add recover: true change Components to components remove all listed component blocks except for REPORTING remove the trailing comma from "backupsEnabled": true, The result of these changes should look similar to the following:
{ "id":"ca8cbb13-6f3d-4ac5-87e5-de47a634379f", "creationTime":"2022-10-12T15:01:13.476401+0000", "elapsedSeconds":115, "sequenceNumber":89, "sizeInBytes":18244130, "recover":true, "components":[ { "name":"REPORTING", "id":"ca8cbb13-6f3d-4ac5-87e5-de47a634379f", "lastActivityId":"ed2dc805-c1f7-42fd-b9af-71897fc1da01", "version":"v2", "backupPath":"192.168.100.109:SysDR_DPDII2201IDPA10/ ppdm_64d2f00a-1ce0-47b5-9c60-914ea7d0e1e8/REPORTING", "backupStatus":"SUCCESSFUL", "backupsEnabled":true } ] }
7. Copy the value of the text inside the quotation marks that follow "id":.
This value replaces the variable
8. Remove all carriage returns from the temporary file, so that all the text is on a single line.
9. Copy all of the text from the temporary file.
This value replaces the variable
10. Run the following command, changing the username and password credentials as required:
NOTE: Even if you ran this command in step 3.a, run it again. The validity of the value of TOKEN is time sensitive.
TOKEN=$(curl -X POST https://localhost:8443/api/v2/login -k -d '{ "username": "admin","password": "admin_password" }' --header "Content-Type: application/json" | python3 -c "import sys, json; print(json.load(sys.stdin)['access_token'])")
11. Run the following command:
curl -X PUT 'https://localhost:8443/api/v2/server-disaster-recovery-backups/
Replace
12. To monitor the status of the restore process in the PowerProtect Data Manager UI, select Jobs > System Jobs and look for a job with the description Server Disaster Recovery Restore.
Managing Reports 173
Next steps
Delete the temporary file created in step 4.
174 Managing Reports
Configuring and Managing the PowerProtect Agent Service
Topics:
About the PowerProtect agent service Start, stop, or obtain the status of the PowerProtect agent service Register the PowerProtect agent service to a different server address Recovering the PowerProtect agent service from a disaster Troubleshooting agent registration
About the PowerProtect agent service The PowerProtect agent service is a REST API based service that is installed by the application agent on the application host. The agent service provides services and APIs for discovery, protection, restore, instant access, and other related operations. The PowerProtect Data Manager uses the agent service to provide integrated data protection for the application assets.
This section uses
The PowerProtect agent service performs the following operations:
Addon detectionAn addon integrates the application agent into the agent service. The agent service automatically detects the addons on the system for each application asset type and notifies the PowerProtect Data Manager. While multiple addons can operate with different asset types, only one agent service runs on the application host. Specific asset types can coexist on the same application host.
DiscoveryThe agent service discovers both stand-alone and clustered database servers (application systems), databases and file systems (assets), and their backup copies on the application agent host. After the initial discovery, when the agent service discovers any new application systems, assets, or copies, the agent service notifies the PowerProtect Data Manager.
Self-service configurationThe agent service can configure the application agent for self-service operations by using information that is provided by the PowerProtect Data Manager. When you add an asset to a protection policy for self-service or centralized protection, or modify the protection policy, including changing the DD Boost credentials, the PowerProtect Data Manager automatically pushes the protection configuration to the agents.
NOTE: If you change the DD Boost credentials to include \ in the password, the protection policy configuration will not
be pushed to the agents unless you also select the protection policy from the Protection Policies window, and then
click Set LockBox.
Centralized backupsThe agent service performs the centralized backups as requested by the PowerProtect Data Manager.
Centralized restoresThe agent service performs the centralized restores as requested by the PowerProtect Data Manager.
NOTE: In the current release, the centralized restores are only available for the File System agent, Microsoft SQL
Server agent, and Storage Direct agent.
Backup deletion and catalog cleanupThe PowerProtect Data Manager deletes the backup files directly from the protection storage when a backup expires or an explicit delete request is received and no dependent (incremental or log) backups exist. The PowerProtect Data Manager goes through the agent service to delete the catalog entries from the database vendor's catalog and the agent's local datastore.
NOTE: Deletion of any backup copies manually or through the command line is not recommended. PowerProtect Data
Manager deletes all the expired copies as needed.
The agent service is started during the agent installation by the installer. The agent service runs in the background as a service and you do not interact with it directly.
12
Configuring and Managing the PowerProtect Agent Service 175
The config.yml file contains the configuration information for the agent service, including several parameter settings that you can change within the file. The config.yml file is located in the
The agent service periodically starts subprocesses to perform the discovery jobs. You can see the type and frequency of these jobs in the jobs: section of the config.yml file. The job interval unit is minutes.
The agent service maintains a datastore in the
NOTE: The size of each datastore backup is the same as the datastore itself. By default, a backup is created every hour.
To save space on the file system, you can reduce this datastore backup frequency for large datastores. By default, the
datastore backup is retained for one week. You can change the datastore backup frequency, retention period, and backup
location in the config.yml file.
Start, stop, or obtain the status of the PowerProtect agent service The PowerProtect agent service is started during the agent installation by the installer. If needed, you can use the appropriate procedure to start, stop, or obtain the status of the agent service.
On Linux, you can start, stop, or obtain the status of the agent service by running the register.sh script that is found in the
To start the agent service:
# register.sh --start
Started agent service with PID - 1234 To stop the agent service:
# register.sh --stop
Successfully stopped agent-service. To obtain the status when the agent service is running:
# register.sh --status
Agent-service is running with PID - 1234 To obtain the status when the agent service is not running:
# register.sh --status
Agent-service is not running.
On Windows, you can start, stop, or obtain the status of the PowerProtect agent service from the Services Manager, similar to other Windows services. The name of the service in Services Manager is PowerProtect Agent Service.
Register the PowerProtect agent service to a different server address The PowerProtect agent service is registered to a particular PowerProtect Data Manager server during the agent installation by the installer. If needed, you can register the agent service to a different PowerProtect Data Manager server address.
The agent service can only be registered to a single PowerProtect Data Manager server. When you register the agent service to a new server, the agent service will automatically unregister from the previous server address.
176 Configuring and Managing the PowerProtect Agent Service
Before you register the agent service to a new server, ensure that you complete the following steps:
1. Stop the agent service as described in the preceding topic. 2. Delete the
On Linux, you can register the agent service to a different server address by running the register.sh script that is found in the
NOTE: The register.sh script stops the currently running agent service.
The following command prompts for the new IP address or hostname:
# register.sh
Enter the PowerProtect Data Manager IP address or hostname: 10.0.01
Warning: Changing IP of PowerProtect Server from 192.168.0.1 to 10.0.0.1
Started agent service with PID - 1234 The following command includes the new IP address on the command line:
# register.sh --ppdmServer=10.0.0.1
Warning: Changing IP of PowerProtect Server from 192.168.0.1 to 10.0.0.1
Started agent service with PID - 1234
On Windows, you can change the PowerProtect Data Manager server address by launching the agent installer and selecting the change option. Change the PowerProtect Data Manager service address from the Configuration Install Options page.
Recovering the PowerProtect agent service from a disaster You can perform self-service restores of application assets by using a file system or application agent, regardless of the state of the agent service or PowerProtect Data Manager. The information in this section describes how to bring the agent service to an operational state to continue if a disaster occurs and the agent service datastore is lost.
The agent service periodically creates a backup of its datastore in the
By default, the agent service backs up consistent copies of its datastore files to the local disk every hour and keeps the copies for 7 days. Each time the agent service backs up the contents of the datastore, it creates a subdirectory under the
By default, the datastore repository is on the local disk. To ensure that the agent service datastore and its local backups are not lost, it is recommended that you back up the datastore through file system backups. You can also change the datastore backup location to a different location that is not local to the system. To change the datastore backup location, update the values in the config.yml file.
Restore the PowerProtect Data Manager agent service datastore
Prerequisites
NOTE: Ensure that the agent service is powered off. Do not start the agent service until disaster recovery is complete.
Configuring and Managing the PowerProtect Agent Service 177
About this task
You can restore the datastore from the datastore backup repository. If the repository is no longer on the local disk, restore the datastore from file system backups first.
To restore the datastore from a backup in the datastore backup repository, complete the following steps:
Steps
1. Move the files in the
NOTE: Do not move or delete any
2. Select the most recent datastore backup.
The directories in the datastore backup repository are named after the time the backup was created.
3. Copy the contents of the datastore backup directory to the
4. Start the agent service.
Troubleshooting agent registration Review the following information that is related to troubleshooting agent registration issues.
On Windows, if the agent fails to establish a connection with the PowerProtect Data Manager server, agent registration might fail with the following error message:
During a network connectivity test, the agent is unable to reach the PowerProtect Data Manager server by using ping.
1. If the ping command is blocked in the environment, the agent registration can still complete successfully. Review the agent service logs at INSTALL_DIR\DPSAPPS\AgentService\logs to verify that the registration is successful. If the registration is successful, the status of the agent host indicates Registered in the PowerProtect Data Manager UI. 2. If the ping command is not blocked in the environment, the agent registration might not complete successfully because a network connection cannot be started. If this occurs, complete the following steps to troubleshoot the issue:
On Linux or AIX, if the agent fails to establish a connection with the PowerProtect Data Manager server, agent registration might fail with the following error message:
During a network connectivity test, the agent is unable to reach the PowerProtect Data Manager server by using ping and curl.
1. If the ping command is blocked in the environment and curl is not installed, the agent registration can still complete successfully. Review the agent service logs at /opt/dpsapps/agentsvc/logs to verify that the registration is successful. If the registration is successful, the status of the agent host indicates Registered in the PowerProtect Data Manager UI. 2. If the ping command is not blocked in the environment, the agent registration might not complete successfully because a network connection cannot be started. If this occurs, complete the following steps to troubleshoot the issue:
If agent registration fails with these error messages, complete the following operation:
1. Use any network packet tracing tool to trace the packets from the agent system to PowerProtect Data Manager. 2. Start the packet tracing between the source IP of the agent system and the destination IP of PowerProtect Data Manager. 3. Start the network traffic between the agent system and PowerProtect Data Manager.
178 Configuring and Managing the PowerProtect Agent Service
Wait 10 to 15 seconds.
4. Analyze the captured packets. 5. Look for SYN and SYN_ACK packets to see if a 3-way handshake is being performed.
Determine whether the source agent or the destination PowerProtect Data Manager is blocking the connection.
If network traffic is blocked, contact your network security team to resolve the port communication issue.
Configuring and Managing the PowerProtect Agent Service 179
Glossary of Acronyms This glossary provides definitions of acronyms used in the PowerProtect Data Manager documentation.
A
180 Glossary of Acronyms
A
AAG: Always On availability group
ACL: access control list
AD: Active Directory
AKS: Azure Kubernetes Service
API: application programming interface
ARM: Azure Resource Manager
AVS: Azure VMware Solution
AWS: Amazon Web Services
AZ: availability zone
B
BBB: block-based backup
C
CA: certificate authority
CBT: Changed Block Tracking
CDC: change data capture
CIFS: Common Internet File System
CLI: command-line interface
CLR: Common Language Runtime
CN: common name
CPU: central processing unit
CR: custom resource
CRD: custom resource definition
CSI: container storage interface
CSV: Cluster Shared Volume
D
DA: database administrator
DAG: database availability group
Glossary
Glossary 181
DBID: database identifier
DDMC: DD Management Center
DDOS: DD Operating System
DDVE: DD Virtual Edition
DFC: DD Boost over Fibre Channel
DNS: Domain Name System
DPC: Data Protection Central
DR: disaster recovery
DRS: Distributed Resource Scheduler
DSA: Dell security advisory
E
EBS: Elastic Block Store
EC2: Elastic Compute Cloud
eCDM: Enterprise Copy Data Management
ECS: Elastic Cloud Storage
EFI: Extensible Firmware Interface
EKS: Elastic Kubernetes Service
ENI: Elastic Network Interface
EULA: end-user license agreement
F
FC: Fibre Channel
FCD: first class disk
FCI: failover cluster instance
FETB: front-end protected capacity by terabyte
FLR: file-level restore
FQDN: fully qualified domain name
FTP: File Transfer Protocol
G
GB: gigabyte At Dell, this is 230 bytes.
Gb/s: gigabits per second At Dell, this is 230 bits per second.
182 Glossary
GCP: Google Cloud Platform
GCVE: Google Cloud Virtual Edition
GID: group identifier
GLR: granular-level restore
GUI: graphical user interface
GUID: globally unique identifier
H
HA: High Availability
HANA: high-performance analytic appliance
HTML: Hypertext Markup Language
HTTP: Hypertext Transfer Protocol
HTTPS: Hypertext Transfer Protocol Secure
I
IAM: identity and access management
IDE: Integrated Device Electronics
IP: Internet Protocol
IPv4: Internet Protocol version 4
IPv6: Internet Protocol version 6
K
KB: kilobyte At Dell, this is 210 bytes.
L
LAC: License Authorization Code
LAN: local area network
M
MB: megabyte At Dell, this is 220 bytes.
ms: millisecond
MTU: maximum transmission unit
Glossary 183
N
NAS: network-attached storage
NBD: network block device
NBDSSL: network block device over SSL
NDMP: Network Data Management Protocol
NFC: Network File Copy
NFS: Network File System
NIC: network interface card
NTFS: New Technology File System
NTP: Network Time Protocol
O
OS: operating system
OSS: open-source software
OVA: Open Virtualization Appliance
P
PCS: Protection Copy Set
PDF: Portable Document Format
PEM: Privacy-enhanced Electronic Mail
PIN: personal identification number
PIT: point in time
PKCS: Public Key Cryptography Standards
PSC: Platform Service Controller
PVC (cloud computing): private virtual cloud
PVC (Kubernetes): Persistent Volume Claim
R
RAC: Real Application Clusters
RAM: random-access memory
RBAC: role-based access control
ReFS: Resilient File System
REST API: representational-state transfer API
RHEL: RedHat Enterprise Linux
184 Glossary
RMAN: Recovery Manager
RPO: recovery-point objective
RSA: Rivest-Shamir-Adleman
S
S3: Simple Storage Services
SaaS: software as a service
SAP: System Analysis Program Development From the SAP website (2022), "the name is an initialism of the company's original German name: Systemanalyse Programmentwicklung, which translates to System Analysis Program Development. Today the company's legal corporate name is SAP SE - SE stands for societas Europaea, a public company registered in accordance with the European Union corporate law.
SCSI: Small Computer System Interface
SDDC: software-defined data center
SELinux: Security-Enhanced Linux
SFTP: Secure File Transfer Protocol
SLA: service-level agreement
SLES: SuSE Linux Enterprise Server
SLO: service-level objective
SPBM: Storage Policy Based Management
SQL: Structured Query Language
SRS: Secure Remote Services
SSD: solid-state drive
SSH: Secure Shell
SSL: Secure Sockets Layer
SSMS: SQL Server Management Studio
SSVs: System Stable Values
T
TB: terabyte At Dell, this is 240 bytes.
TCP: Transmission Control Protocol
TDE: Transparent Data Encryption
TLS: Transport Layer Security
TPM: Trusted Platform Module
TSDM: Transparent Snapshot Data Mover
T-SQL: Transact-SQL
Glossary 185
U
UAC: user account control
UDP: User Datagram Protocol
UI: user interface
UID: user identifier
UTC: Coordinated Universal Time From Wikipedia (2022), "this abbreviation comes as a result of the International Telecommunication Union and the International Astronomical Union wanting to use the same abbreviation in all languages. English speakers originally proposed CUT (for 'coordinated universal time'), while French speakers proposed TUC (for 'temps universel coordonn')."
V
VADP: VMware vStorage APIs for Storage Awareness
VBS: virtualization-based security
VCF: VMware Cloud Foundation
vCLS: vSphere Cluster Service
vCSA: vCenter Server Appliance
VCSA: vCenter Server Appliance
VDI: Virtual Device Interface
vDisk: virtual disk
vDS: virtual distributed switch
vFRC: Virtual Flash Read Cache
VGT: Virtual Guest Tagging
VIB: vSphere Installation Bundle
VLAN: virtual LAN
VM: virtual machine
VMC: VMware Cloud
VMDK: virtual machine disk
VNet: virtual network
VPC: virtual private cloud
vRSLCM: vRea
Related manuals for Dell PowerProtect 19.12 Data Manager Administration And User Guide
Manualsnet FAQs
If you want to find out how the PowerProtect Dell works, you can view and download the Dell PowerProtect 19.12 Data Manager Administration And User Guide on the Manualsnet website.
Yes, we have the Administration And User Guide for Dell PowerProtect as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.
The Administration And User Guide should include all the details that are needed to use a Dell PowerProtect. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.
The best way to navigate the Dell PowerProtect 19.12 Data Manager Administration And User Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.
This Dell PowerProtect 19.12 Data Manager Administration And User Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.
You can download Dell PowerProtect 19.12 Data Manager Administration And User Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.
To be able to print Dell PowerProtect 19.12 Data Manager Administration And User Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.12 Data Manager Administration And User Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.