Contents

Dell PowerProtect 19.10 Data Manager Amazon Web Services Deployment Guide PDF

1 of 34
1 of 34

Summary of Content for Dell PowerProtect 19.10 Data Manager Amazon Web Services Deployment Guide PDF

PowerProtect Data Manager 19.10 Amazon Web Services Deployment Guide

March 2022 Rev. 01

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid

the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

2020 - 2022 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Tables........................................................................................................................................... 4

Preface.........................................................................................................................................................................................5

Chapter 1: Getting Started............................................................................................................ 9 Introducing the PowerProtect Data Manager software............................................................................................ 9 Supported Internet Protocol versions...........................................................................................................................10 PowerProtect Data Manager on AWS.......................................................................................................................... 10 Unsupported features....................................................................................................................................................... 10 PowerProtect Data Manager and DDVE.......................................................................................................................11 AWS data-transfer costs.................................................................................................................................................. 11 Architecture overview....................................................................................................................................................... 11 References...........................................................................................................................................................................15 Terminology......................................................................................................................................................................... 16

Chapter 2: Preparing for a Deployment........................................................................................ 17 PowerProtect Data Manager interoperability............................................................................................................. 17 Microsoft application agent and Oracle RMAN agent interoperability................................................................. 17 Networking interoperability..............................................................................................................................................17 Check VMware certification............................................................................................................................................18 Preparing your environment to deploy PowerProtect Data Manager to AWS................................................... 19

General requirements.................................................................................................................................................. 19 Resources assigned.................................................................................................................................................... 20 VPC DNS requirements............................................................................................................................................. 20

Minimum AWS IAM role permissions for deployment............................................................................................... 21

Chapter 3: Deployment................................................................................................................24 Deploy PowerProtect Data Manager to AWS............................................................................................................ 24

Chapter 4: Configuration.............................................................................................................28 Configure the PowerProtect Data Manager virtual appliance............................................................................... 28 Configuring network traffic rules.................................................................................................................................. 30

Configure network traffic rules................................................................................................................................30 Configuring DDVE and storage...................................................................................................................................... 30 Configuring and monitoring system health................................................................................................................. 30 Configuring disaster recovery........................................................................................................................................ 30 Deploying SupportAssist to AWS................................................................................................................................... 31 Using SSH............................................................................................................................................................................ 31 Accessing the PowerProtect Data Manager UI..........................................................................................................31

The Getting Started page.......................................................................................................................................... 31 UI tools and options ................................................................................................................................................... 32

Updating PowerProtect Data Manager....................................................................................................................... 34

Contents

Contents 3

1 Revision history.......................................................................................................................................................... 5

2 Related documentation.............................................................................................................................................6

3 Style conventions....................................................................................................................................................... 7

4 Key features................................................................................................................................................................ 9

5 Benefits........................................................................................................................................................................ 9

6 Related PowerProtect DD Virtual Edition documentation............................................................................. 15

7 Term list...................................................................................................................................................................... 16

8 Microsoft application agent and Oracle RMAN agent support matrix........................................................ 17

9 Minimum permissions of IAM user roles required to deploy PowerProtect Data Manager....................21

10 Selection of IAM PowerProtect Data Manager and DDVE roles during stack creation......................... 22

11 Minimum permissions of IAM CloudFormation role required to deploy PowerProtect Data

Manager..................................................................................................................................................................... 22

12 PowerProtect Data Manager Instance and Network Configuration........................................................... 24

13 PowerProtect Data Manager DNS Configuration............................................................................................25

14 DDVE Instance Configuration............................................................................................................................... 25

15 Automatic Configuration Settings (Optional)................................................................................................... 26

16 PowerProtect Data Manager Getting Started menu items........................................................................... 31

17 PowerProtect Data Manager tools......................................................................................................................32

18 Banner UI options.................................................................................................................................................... 33

Tables

4 Tables

Preface As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.

If a product does not function correctly or does not function as described in this document, contact Customer Support.

NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this document,

go to the Customer Support website.

Product naming Data Domain (DD) is now PowerProtect DD. References to Data Domain or Data Domain systems in this documentation, in the user interface, and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many cases the user interface has not yet been updated to reflect this change.

Language use This document might contain language that is not consistent with Dell Technologies current guidelines. Dell Technologies plans to update the document over subsequent future releases to revise the language accordingly.

This document might contain language from third-party content that is not under Dell Technologies control and is not consistent with the current guidelines for Dell Technologies own content. When such third-party content is updated by the relevant third parties, this document will be revised accordingly.

Website links The website links used in this document were valid at publication time. If you find a broken link, provide feedback on the document, and a Dell employee will update the document as necessary.

Purpose This document describes how to deploy the Dell EMC PowerProtect Data Manager software to an Amazon Web Services (AWS) environment.

Audience This document is intended for the system administrator who will deploy the PowerProtect Data Manager software to an AWS environment.

Revision history The following table presents the revision history of this document.

Table 1. Revision history

Revision Date Description

01 March 22, 2022 Initial release of this document for PowerProtect Data Manager version 19.10.

Preface 5

Compatibility information Software compatibility information for the PowerProtect Data Manager software is provided at the E-Lab Navigator.

Related documentation The following publications are available at Customer Support and provide additional information:

Table 2. Related documentation

Title Content

PowerProtect Data Manager Administration and User Guide Describes how to configure the software.

PowerProtect Data Manager Deployment Guide Describes how to deploy the software.

PowerProtect Data Manager Licensing Guide Describes how to license the software.

PowerProtect Data Manager Release Notes Contains information on new features, known limitations, environment, and system requirements for the software.

PowerProtect Data Manager Security Configuration Guide Contains security information.

PowerProtect Data Manager Amazon Web Services Deployment Guide

Describes how to deploy the software to Amazon Web Services (AWS).

PowerProtect Data Manager Azure Deployment Guide Describes how to deploy the software to Microsoft Azure.

PowerProtect Data Manager Google Cloud Platform Deployment Guide

Describes how to deploy the software to Google Cloud Platform (GCP).

PowerProtect Data Manager Cloud Disaster Recovery Administration and User Guide

Describes how to deploy Cloud Disaster Recovery (Cloud DR), protect virtual machines in the AWS or Azure cloud, and run recovery operations.

PowerProtect Data Manager Cyber Recovery User Guide Describes how to install, update, patch, and uninstall the Dell EMC PowerProtect Cyber Recovery software.

PowerProtect Data Manager File System User Guide Describes how to configure and use the software with the File System agent for file-system data protection.

PowerProtect Data Manager Kubernetes User Guide Describes how to configure and use the software to back up and restore namespaces and PVCs in a Kubernetes cluster.

PowerProtect Data Manager Microsoft Exchange Server User Guide

Describes how to configure and use the software to back up and restore the data in a Microsoft Exchange Server environment.

PowerProtect Data Manager Microsoft SQL Server User Guide

Describes how to configure and use the software to back up and restore the data in a Microsoft SQL Server environment.

PowerProtect Data Manager Oracle RMAN User Guide Describes how to configure and use the software to back up and restore the data in an Oracle Server environment.

PowerProtect Data Manager SAP HANA User Guide Describes how to configure and use the software to back up and restore the data in an SAP HANA Server environment.

PowerProtect Data Manager Storage Direct User Guide Describes how to configure and use the software with the Storage Direct agent to protect data on VMAX storage arrays through snapshot backup technology.

PowerProtect Data Manager Network Attached Storage User Guide

Describes how to configure and use the software to protect and recover the data on network-attached storage (NAS) shares and appliances.

PowerProtect Data Manager Virtual Machine User Guide Describes how to configure and use the software to back up and restore virtual machines and virtual-machine disks (VMDKs) in a vCenter Server environment.

6 Preface

Table 2. Related documentation (continued)

Title Content

VMware Cloud Foundation Disaster Recovery With PowerProtect Data Manager

Provides a detailed description of how to perform an end-to- end disaster recovery of a VMware Cloud Foundation (VCF) environment.

PowerProtect Data Manager Disaster Recovery Best Practices Guide

Provides guidance and best practices for a PowerProtect Data Manager server disaster-recovery solution.

PowerProtect Data Manager Public REST API documentation Contains the PowerProtect Data Manager APIs and includes tutorials to guide you in their use.

vRealize Automation Data Protection Extension for Data Protection Systems Installation and Administration Guide

Describes how to install, configure, and use the Dell EMC vRealize Data Protection Extension.

Typographical conventions The following type style conventions are used in this document:

Table 3. Style conventions

Formatting Description

Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.

Italic Used for full titles of publications that are referenced in text.

Monospace Used for: System code System output, such as an error message or script Pathnames, file names, file name extensions, prompts, and syntax Commands and options

Monospace italic Used for variables.

Monospace bold Used for user input.

[ ] Square brackets enclose optional values.

| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.

{ } Braces enclose content that the user must specify, such as x, y, or z.

... Ellipses indicate non-essential information that is omitted from the example.

You can use the following resources to find more information about this product, obtain support, and provide feedback.

Where to find product documentation The Customer Support website The Community Network

Where to get support The Customer Support website provides access to product licensing, documentation, advisories, downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Customer Support.

To access a product-specific page:

1. Go to the Customer Support website.

Preface 7

2. In the search box, type a product name, and then from the list that appears, select the product.

Knowledgebase The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by keyword.

To search the Knowledgebase:

1. Go to the Customer Support website. 2. On the Support tab, click Knowledge Base. 3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by

typing a product name in the search box, and then selecting the product from the list that appears.

Live chat To participate in a live interactive chat with a support agent:

1. Go to the Customer Support website. 2. On the Support tab, click Contact Support. 3. On the Contact Information page, click the relevant support, and then proceed.

Service requests To obtain in-depth help from a support agent, submit a service request. To submit a service request:

1. Go to the Customer Support website. 2. On the Support tab, click Service Requests.

NOTE: To create a service request, you must have a valid support agreement. For details about either an account or

obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the

Service Request Number field, type the service request number, and then click the right arrow.

To review an open service request:

1. Go to the Customer Support website. 2. On the Support tab, click Service Requests. 3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.

Online communities For peer contacts, conversations, and content on product support and solutions, go to the Community Network. Interactively engage with customers, partners, and certified professionals online.

How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPAD.Doc.Feedback@emc.com.

8 Preface

Getting Started

Topics:

Introducing the PowerProtect Data Manager software Supported Internet Protocol versions PowerProtect Data Manager on AWS Unsupported features PowerProtect Data Manager and DDVE AWS data-transfer costs Architecture overview References Terminology

Introducing the PowerProtect Data Manager software PowerProtect Data Manager software is an enterprise solution that provides software-defined data protection, deduplication, operational agility, self-service, and IT governance.

PowerProtect Data Manager key features include the following:

Table 4. Key features

Software-defined data protection with integrated deduplication, replication, and reuse

Data backup and recovery self-service operations from native applications that are combined with central IT governance

Multicloud optimization with integrated Cloud Tiering

SaaS-based monitoring and reporting

Modern services-based architecture for ease of deployment, scaling, and updating

PowerProtect Data Manager integrates multiple data-protection products within the Dell EMC Data Protection portfolio to enable data protection as a service, providing the following benefits:

Table 5. Benefits

Enables data-protection teams to create data paths with provisioning, automation, and scheduling to embed protection engines into their data-protection infrastructure for high-performance backup and recovery

Enables backup administrators of large-scale environments to schedule backups for the following asset types from a central location on the PowerProtect Data Manager server: VMware virtual machines File systems VMAX storage groups Kubernetes clusters Microsoft Exchange Server and Microsoft SQL Server databases Oracle databases SAP HANA databases Network-attached storage (NAS) shares

Provides an agent-based approach to automatically discover and protect databases on an application server

Enables self-service and centralized protection by: Monitoring service-level objectives (SLOs) Identifying violations of recovery-point objectives (RPOs)

1

Getting Started 9

Table 5. Benefits (continued)

Supports deploying an external VM Direct appliance that moves data with a VM Direct Engine that is optimized for performing high-capacity backup streams

Comes with a basic embedded VM Direct Engine that has the following functions and capabilities: It is automatically used as a fallback proxy for performing backup and restore operations when an external VM Direct

Engine fails, is disabled, or is unavailable It has a limited capacity for performing backup streams It can work with virtual-machine crash-consistent protection policies that use the Transparent Snapshot Data Mover

(TSDM) protection mechanism It enables the Search Service used by PowerProtect Search

Supports PowerProtect Search, which enables backup administrators to quickly search for and restore VM and NAS file copies

Supports the vRealize Automation DP extension, which enables the automatic provisioning of virtual machines and on-demand backups and restores

Integrates with Dell EMC Cloud Disaster Recovery (Cloud DR), including workflows for Cloud DR deployment, protection, and recovery operations in the AWS and Azure clouds

Integrates with Dell EMC PowerProtect Cloud Snapshot Manager to view PowerProtect Cloud Snapshot Manager jobs, alerts, and reports from a consolidated PowerProtect Data Manager dashboard

Integrates with Dell EMC PowerProtect Cyber Recovery to protect the integrity of a PowerProtect Data Manager environment from cyber threats

Provides a RESTful API interface that allows PowerProtect Data Manager to be monitored, configured, and orchestrated: Existing automation frameworks can be integrated New scripts can be quickly written Easy-to-follow tutorials are provided

Supported Internet Protocol versions PowerProtect Data Manager only supports the use of IPv4 addresses.

Using an IPv6 address can result in errors or other unexpected behavior. When configuring devices to connect over the network with PowerProtect Data Manager, use only IPv4 addresses.

PowerProtect Data Manager on AWS You use an Amazon Web Services (AWS) CloudFormation template to deploy an Elastic Compute Cloud (EC2) instance with PowerProtect Data Manager to a virtual private cloud (VPC).

PowerProtect Data Manager on AWS provides protection for cloud-based assets such as the following:

Oracle, SQL, and SAP HANA databases Virtual machines in VMware Cloud on AWS Kubernetes clusters deployed to AWS

Backed up data is stored in Amazon Simple Storage Service buckets with a high level of deduplication.

Amazon AWS Documentation and the AWS CloudFormation User Guide provide more information about Amazon Web Services.

Unsupported features Familiarize yourself with those features that are not supported when deploying PowerProtect Data Manager to AWS.

With the exception of the following, PowerProtect Data Manager on AWS supports all features supported by on-premises PowerProtect Data Manager and PowerProtect Data Manager deployed to VMware Cloud on AWS:

Cloud Disaster Recovery Search Clusters

10 Getting Started

Backing up and restoring virtual machines with the Transparent Snapshot Data Mover (TSDM)

PowerProtect Data Manager and DDVE In order to function in an AWS environment, PowerProtect Data Manager requires that DD Virtual Edition (DDVE) also be present.

DDVE is a software-only protection storage appliance: a virtual deduplication appliance that provides data protection for entry, enterprise, and service-provider environments. Like any PowerProtect DD System, DDVE is always paired with backup software.

When you deploy PowerProtect Data Manager to AWS, DDVE can be deployed to AWS at the same time. You can also deploy DDVE to AWS outside of the PowerProtect Data Manager deployment process. For more information, see the PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide at Customer Support

AWS data-transfer costs Amazon charges a monthly fee based on the amount and types of data transferred by PowerProtect Data Manager and DDVE in an AWS cloud.

Consider the following information when planning your AWS architecture:

Most of the data that is transferred in an AWS cloud occurs between the hosts being protected and DDVE. If Kubernetes is being used, data is also transferred between the protection engine hosts and DDVE. Amazon does not have data-transfer fees for hosts that are in the same availability zone (AZ). For details of all Amazon data-transfer fees, see Amazon EC2 Pricing.

NOTE:

To minimize data-transfer costs, minimize the path that data transfers take by using as few availability zones and regions as

possible.

For pricing of Amazon monthly hosting in general, see the Amazon Pricing Calculator.

An example of data transfer

The following items describe a possible data-protection scenario.

Twenty 100 GB databases that each have a daily change rate of 5 percent Weekly full backups Daily incremental backups and archived-log backups An average deduplication ratio of 2:1 for initial full backups and for incremental backups An average deduplication ratio of between 20:1 and 30:1 for subsequent full backups

This data-protection scenario would result in approximately 3,600 GB of data transfer in the first month.

Architecture overview PowerProtect Data Manager is deployed with a private IP address. For access from an external site, configure a VPN gateway.

The following diagram represents the basic architecture of PowerProtect Data Manager on AWS. The diagram shows a single region, single virtual private cloud (VPC), and single availability zone (AZ).

Getting Started 11

Figure 1. Basic PowerProtect Data Manager architecture

Sensitive PowerProtect Data Manager data, such as passwords, is encrypted and stored in a lockbox. For more information about PowerProtect Data Manager security, see the PowerProtect Data Manager Security Configuration Guide at Customer Support. When deployed to AWS, the PowerProtect Data Manager lockbox is located in a secure Elastic Block Store (EBS) volume.

Backup data is stored in a Simple Storage Services (S3) bucket, and the backup metadata is stored on a DDVE EBS volume. For more information, see the PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide at Customer Support.

DDVE and a single availability zone

To minimize data-transfer costs, application hosts and DDVE can be located in the same AZ.

12 Getting Started

Figure 2. PowerProtect Data Manager and DDVE in a single AZ

DDVE and multiple availability zones

If application hosts are distributed across more than one AZ, you can minimize data-transfer costs by installing a separate instance of DDVE in each AZ.

NOTE: To deploy additional instances of DDVE to AWS outside of the PowerProtect Data Manager deployment process,

see the PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide at Customer

Support

Getting Started 13

Figure 3. PowerProtect Data Manager and DDVE in two AZs

DDVE and multiple availability zones with only a single DDVE instance

If application hosts are distributed across more than one availability zone, but a DDVE instance exists in only one of the AZs, additional data-transfer costs will be incurred.

14 Getting Started

Figure 4. PowerProtect Data Manager and a single DDVE instance for two AZs

PowerProtect Data Manager policies and DDVE

If a different DDVE instance is in each AZ or region, ensure that PowerProtect Data Manager policies are configured to protect all the hosts in the same AZ or region as each DDVE instance.

References Some procedures in this document reference other publications for further details. Additionally, updates to documentation after initial publication are provided in the release notes.

For a list of PowerProtect Data Manager publications, see "Related documentation" in the preface.

For information about DD Virtual Edition, see the following publications at Customer Support:

Table 6. Related PowerProtect DD Virtual Edition documentation

PowerProtect DD Virtual Edition in VMware Cloud Installation and Administration Guide

PowerProtect DD Virtual Edition in Google Cloud Platform Installation and Administration Guide

PowerProtect DD Virtual Edition on Premise Installation and Administration Guide

PowerProtect DD Virtual Edition in Azure Installation and Administration Guide

PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide

Getting Started 15

Terminology Familiarize yourself with the terminology for the PowerProtect Data Manager user interface and documentation.

The following table provides more information about names and terms that you should know to use PowerProtect Data Manager:

Table 7. Term list

Term Description

Application agent Application agents are installed on application or database host servers to manage protection using PowerProtect Data Manager. These agents are commonly known as DD Boost Enterprise Agents (DDBEAs) for databases and applications.

Application-aware A virtual machine protection policy that includes additional application-aware data protection for Microsoft SQL Servers. An application-aware virtual machine protection policy provides the ability to quiesce the application during virtual machine image backup to perform a full backup of Microsoft SQL Server databases. You can also schedule Microsoft SQL Server log backups for the virtual machines in the policy.

Asset Assets are objects in PowerProtect Data Manager for which you want to manage protection, including virtual machines, databases, and file systems.

Asset source Assets that PowerProtect Data Manager protects reside within asset sources, which include vCenter servers, application or database hosts, and file servers.

Cloud Tier storage Cloud Tier storage can be added to a protection storage system to expand the deduplication storage capacity onto less expensive object storage in public or private object storage clouds, including Dell EMC secure Elastic Cloud Storage appliances.

Copy A PowerProtect Data Manager copy is a point-in-time backup copy of an asset.

Copy Map The PowerProtect Data Manager Copy Map is a visual representation of backup copy locations on your protection storage and is available for all protected assets that have copies.

Discovery Discovery is an internal process that scans asset sources to find new assets to protect and scans infrastructure components to monitor their health and status.

Instant Access PowerProtect Data Manager virtual machine backup copies can be accessed, mounted, and booted directly from the protection storage targets as running virtual machines. This operation is called Instant Access. Copies can also be moved to a production VMware datastore using vMotion. PowerProtect Data Manager Virtual machine application-aware backup copies can be mounted directly from protection storage as running Microsoft SQL Server databases, which includes the ability to roll forward log backups. These Microsoft SQL Server database disks can also be moved to a production VMware datastore using vMotion.

PowerProtect Data Manager agent

An agent that is included in PowerProtect Data Manager and installed on each application agent host server so that you can monitor and manage the application agent through PowerProtect Data Manager.

Protection policy Protection policies configure and manage the entire life cycle of backup data, which includes backup types, assets, backup start and stop times, backup devices, and backup retention.

Service-level agreement (SLA) An optional policy that you can layer on top of a protection policy. An SLA performs additional checks on protection activities to ensure that protection goals meet the standards of an organization. SLAs are made up of one or more service-level objectives.

Service-level objective (SLO) A definable rule that sets the criteria for recovery-point objectives (RPOs), encryption, and the location of backups according to company requirements.

16 Getting Started

Preparing for a Deployment

Topics:

PowerProtect Data Manager interoperability Microsoft application agent and Oracle RMAN agent interoperability Networking interoperability Check VMware certification Preparing your environment to deploy PowerProtect Data Manager to AWS Minimum AWS IAM role permissions for deployment

PowerProtect Data Manager interoperability PowerProtect Data Manager integrates multiple data protection products within the Dell EMC Data Protection portfolio to enable data protection as a service. PowerProtect Data Manager enables new data paths with provisioning, automation, and scheduling that enable a data protection team to embed protection engines into the infrastructure for high-performance backup and recovery.

NOTE: PowerProtect Data Manager on AWS is only compatible with DDVE 6.0.

This section includes several tables that list the supported software and hardware configurations for an PowerProtect Data Manager deployment for each direct data path.

Microsoft application agent and Oracle RMAN agent interoperability The Microsoft application agent and Oracle RMAN agent enable an application administrator to protect and recover data on a SQL Server host and Oracle server host. PowerProtect Data Manager integrates with the Microsoft application agent and Oracle RMAN agent to check and monitor the backup compliance against protection policies. PowerProtect Data Manager also supports central scheduling for backups.

You can install the Microsoft application agent or Oracle RMAN agent on the host that you plan to protect by using the installation instructions that are provided in the PowerProtect Data Manager Microsoft SQL Server User Guide and PowerProtect Data Manager Oracle RMAN User Guide.

NOTE: The most up-to-date software compatibility information for the PowerProtect Data Manager software and

application agents is provided by the E-Lab Navigator.

Table 8. Microsoft application agent and Oracle RMAN agent support matrix

Product Supported versions

Microsoft application agent Refer to the E-Lab Navigator.

Oracle RMAN agent Refer to the E-Lab Navigator.

Networking interoperability This section details PowerProtect Data Manager on AWS networking interoperability and requirements.

2

Preparing for a Deployment 17

VMware Cloud interoperability

PowerProtect Data Manager on AWS works with VMware Cloud (VMC) on AWS, and can be used to protect virtual-machine assets in a VMC-on-AWS environment. Unless otherwise noted in Unsupported features, PowerProtect Data Manager on AWS supports all of the features that are supported by VMC on AWS. For information about what is not supported by VMC on AWS, see the PowerProtect Data Manager Virtual Machine User Guide.

For the purpose of the following sections, the network used in a VMC-on-AWS environment will be called the VMC network, and the network used in a PowerProtect Data Manager-on-AWS environment will be called the VPC network.

Required DNS configuration

If using a custom DNS server, you must configure a DNS server to be used for name resolution of hosts in both the VMC and VPC networks. This server can be located in either the VMC network or the VPC network.

Forward and reverse lookups are required for the following hosts:

the PowerProtect Data Manager instance all DDVE instances the VM Direct protection engines vCenter and ESXi

Set this DNS server as the primary DNS server for the PowerProtect Data Manager instance during deployment. For more information, see the PowerProtect Data Manager Administration and User Guide.

Required network traffic rules

You must configure certain network traffic rules in order for hosts in the VPC network to communicate with hosts in the VMC network.

PowerProtect Data Manager requires inbound and outbound traffic between it and the following hosts in the VMC network:

the VM Direct protection engines the primary DNS server vCenter and ESXi

To configure PowerProtect Data Manager or DDVE traffic rules on an instance after it has been deployed, see Configure network traffic rules. To configure traffic rules on VMC-on-AWS hosts, see the PowerProtect Data Manager Administration and User Guide.

Check VMware certification Use this method to check the versions of PowerProtect Data Manager on AWS that VMware has certified to work with their products.

About this task

VMware certification allows customers to receive support from VMware for any VMware-specific features related to PowerProtect Data Manager on AWS.

NOTE: VMware will only certify a version of PowerProtect Data Manager on AWS after it has been released and tested. If

you are waiting for the current version of PowerProtect Data Manager on AWS to be certified, you can continue to check

its status.

Steps

1. In a browser, navigate to the VMware Compatibility Guide.

2. Select All > Dell EMC > All.

3. Click Update and View Results.

4. In the Solution Name column, look for EMC PowerProtect Data Manager entries.

5. Review the information in the corresponding Solution Version and Supported Releases columns.

18 Preparing for a Deployment

Preparing your environment to deploy PowerProtect Data Manager to AWS The following sections provide general guidelines to deploy PowerProtect Data Manager to AWS.

The guidelines are as follows:

1. For a secure login to PowerProtect Data Manager, create an EC2 key access pair. See Amazon EC2 Key Pairs for instructions.

2. Set up the network environment.

For secure access to the PowerProtect Data Manager on AWS, it is recommended that you use the virtual private cloud (VPC) architecture provided by AWS. Set up and configure the following components:

The VPC A subnet Routing tables Security groups A network access control list

General requirements

Review the general requirements for deploying PowerProtect Data Manager to AWS.

Create an AWS account

To deploy PowerProtect Data Manager to AWS, you must have an AWS account. To set up an account, navigate to https:// aws.amazon.com/getting-started/.

Identity and access management

AWS recommends that you create an identity and access management (IAM) user or role for authenticating with AWS and never use root credentials to deploy a CloudFormation template. The IAM user must be allowed to perform AWS CloudFormation actions.

The following links provide more information about AWS best practices:

Creating an IAM User in Your AWS Account Using IAM Roles What is AWS CloudFormation?

Security and operational best practices

Amazon recommends that you enable AWS CloudTrail logs to enable governance, compliance, and operational and risk auditing of your AWS account. AWS CloudTrail enables you to do the following:

View the event history of your AWS account activity, including AWS Management Console actions, AWS SDKs, CLI, and other AWS services.

Identify the initiator of actions, resources involved, and event timing.

This event history helps to simplify security analysis, resource change tracking, and troubleshooting.

The following links provide more information:

Working with CloudTrail Turn on CloudTrail across all regions and support for Multiple Trails

Preparing for a Deployment 19

AWS service limits and restrictions

The following links provide more information about AWS service limits and restrictions:

Bucket Restrictions and Limitations IAM and STS Limits How do I manage my AWS service limits? AWS Service Quotas

Additional links

The following additional links provide more information about the AWS features that are used with a PowerProtect Data Manager deployment:

Working with the AWS Management Console AWS Cloud Formation AWS Identity and Access Management (IAM) Amazon Virtual Private Cloud Amazon Elastic Compute Cloud Documentation

Resources assigned

Learn the system resources assigned to PowerProtect Data Manager in an AWS environment.

NOTE: These system resources belong to the required m5.2xlarge PowerProtect Data Manager EC2 instance type.

8 CPU cores 32 GB of RAM Seven disks

Disk 1: 100 GB Disk 2: 500 GB Disks 34: 10 GB each Disks 57: 5 GB each

One 1-GB NIC

NOTE: These resources cannot be changed. If they are insufficient for a required protection workload, multiple

PowerProtect Data Manager instances can be deployed.

VPC DNS requirements

Learn the VPC DNS (Domain Name System) requirements to host PowerProtect Data Manager in an AWS environment.

DNS resolution is critical for the deployment and configuration of the PowerProtect Data Manager external proxy and the PowerProtect Data Manager and DDVE appliances. Every infrastructure component should be resolvable through a fully qualified domain name (FQDN). Both forward (A) and reverse (PTR) lookups are required.

When configuring VPC DNS, enable the following:

DNS resolution DNS hostnames

NOTE: DNS hostnames are disabled by default when you create a VPC. You must change this.

20 Preparing for a Deployment

Minimum AWS IAM role permissions for deployment When deploying an AWS-based PowerProtect Data Manager instance, you can use IAM user roles assigned a minimum number of permissions to restrict user access. You can also use an IAM CloudFormation role assigned a minimum number of permissions to restrict CloudFormation access.

IAM user roles and permissions

The following table lists the minimum permissions that are required for the IAM user roles.

Table 9. Minimum permissions of IAM user roles required to deploy PowerProtect Data Manager

Service Actions Resources Request conditions

EC2 All EC2 actions (*) All resources None

SNS ListTopics GetTopicAttributes

All resources None

Marketplace ViewSubscriptions Subscribe Unsubscribe ListBuilds DescribeBuilds

All resources None

IAM Write PassRole ListRoles

All resources None

CloudFormation All CloudFormation actions (*) All resources None

The following JSON code can be used set these permissions:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe", "aws-marketplace:ListBuilds", "aws-marketplace:DescribeBuilds", "iam:ListRoles", "iam:ListInstanceProfiles", "sns:GetTopicAttributes", "sns:ListTopics" ], "Effect": "Allow", "Resource": "*" }, { "Action": "ec2:*", "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudformation:*" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*"

Preparing for a Deployment 21

], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com" ] } } } ] }

IAM PowerProtect Data Manager and DDVE roles

The following table lists where the PowerProtect Data Manager and DDVE roles are selected from when creating the CloudFormation stack.

Table 10. Selection of IAM PowerProtect Data Manager and DDVE roles during stack creation

Role CloudFormation template location

PowerProtect Data Manager CloudFormation > Stacks > Create stack > Configure stack options > PowerProtect Data Manager Instance and Network Configuration > IAM Role (Optional)

DDVE CloudFormation > Stacks > Create stack > Configure stack options > DDVE Instance Configuration > IAM Role for S3 access

IAM CloudFormation role and permissions

The AWS CloudFormation service deploys the PowerProtect Data Manager and DDVE instances. By default, this service uses the same roles and permissions as the logged-in user. These permissions can be changed by selecting an IAM CloudFormation role.

When you create the CloudFormation stack, the IAM CloudFormation role is selected from CloudFormation > Stacks > Create stack > Configure stack options > Permissions > IAM role name.

The following table lists the minimum permissions that are required for the IAM CloudFormation role.

Table 11. Minimum permissions of IAM CloudFormation role required to deploy PowerProtect Data Manager

Service Actions Resources Request conditions

EC2 All EC2 actions (*) All resources None

IAM Write PassRole ListRoles

All resources IAM:PassedToService (StringLike ecs.amazonaws.com)

The following JSON code can be used set these permissions:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": "ec2.amazonaws.com" } }

22 Preparing for a Deployment

} ] }

Preparing for a Deployment 23

Deployment

Topics:

Deploy PowerProtect Data Manager to AWS

Deploy PowerProtect Data Manager to AWS Use this procedure to deploy PowerProtect Data Manager and DDVE to AWS.

About this task

This procedure takes approximately 20 minutes if automatic configuration is enabled. If automatic configuration is not enabled, then this procedure takes approximately 15 minutes, but PowerProtect Data Manager and DDVE must be manually configured after they are deployed. For more information on manual configuration, see Configure the PowerProtect Data Manager virtual appliance.

Steps

1. In a browser, navigate to https://aws.amazon.com/marketplace.

2. Search for PowerProtect Data Manager and Data Domain Virtual Edition.

3. Select Dell EMC PowerProtect Data Manager, and then click Continue to Subscribe.

4. Click Continue to Configuration.

5. Select the following configuration, and then click Continue to Launch.

Fulfillment OptionSelect Cloud Formation Template. Software VersionSelect the correct version. RegionSelect where to deploy PowerProtect Data Manager and DDVE.

6. Review the configuration details, select Launch the Cloud Formation template, and then select Launch. The template URL is populated.

7. From the CloudFormation > Stacks > Create stack pane, click Next

8. From the CloudFormation > Stacks > Create stack > Specify stack details pane, enter a name for the PowerProtect Data Manager and DDVE instances in the Stack name text box, and then specify additional stack details as described in the tables below.

Table 12. PowerProtect Data Manager Instance and Network Configuration

Parameters Description

IAM Role (Optional) The IAM Role that grants access to resources for the PowerProtect Data Manager instance. This field can be empty.

VPC ID The VPC ID of your existing Virtual Private Cloud.

Subnet ID The ID of the subnet within your Virtual Private Cloud to which the PowerProtect Data Manager instance will be deployed.

Private IP Address (Optional) Assign the PowerProtect Data Manager instance a private IP address in your Virtual Private Cloud. A private IP address will be automatically generated for you if this field is left blank.

NOTE: If you wish to use your own DNS servers, you must provide a value.

Security Group ID (Optional) Assign the PowerProtect Data Manager instance a security group used to access it. A security group will be automatically generated for you if this field is left blank.

IP Range Permitted for Inbound Communication

The IP address ranges allowed to connect to the PowerProtect Data Manager instance. Specify a single IP address or an IP address range in CIDR notation (for example,

3

24 Deployment

Table 12. PowerProtect Data Manager Instance and Network Configuration (continued)

Parameters Description

192.160.8.0/16). The default is 0.0.0.0/0, which allows unrestricted access. Any range entered here will be the default for all inbound ports.

NOTE: It is recommended that this be changed after PowerProtect Data Manager is deployed. For more information, see Configure network traffic rules

Key Pair A key pair that can be used to access the PowerProtect Data Manager instance.

Table 13. PowerProtect Data Manager DNS Configuration

Parameters Description

Enable DNS Configuration Select Yes to use one or more of your own DNS servers, which allows for reverse DNS lookups of IP addresses to hostnames. Otherwise, leave the default selection of No to use the AWS DNS server.

Make note of the following:

If the selection is Yes, ensure the following prerequisites.

Your DNS servers already have entries for the IP address and fully qualified domain name of the PowerProtect Data Manager instance.

Your DNS servers are able to resolve Amazon-provided hostnames to IP addresses. Either add the default AWS DNS server as a forwarder, or enter its IP address as one of the three entries of the following DNS Server parameter.

If the selection is No, leave the following two parameters empty.

DNS Server Enter the IP addresses of up to 3 DNS servers, separated by commas.

FQDN Enter the fully qualified domain name of the PowerProtect Data Manager instance.

Table 14. DDVE Instance Configuration

Parameters Description

Launch DDVE Instance Select Yes to deploy and launch a DDVE instance in the same subnet as PowerProtect Data Manager. The values entered for the PowerProtect Data Manager instance for IP Range Permitted for Inbound Communication and Key Pair will be applied to the DDVE instance.

DDVE Model The instance type and storage capacity of the DDVE instance. 16TB-Model--m5.xlarge 32TB-Model--m5.2xlarge 96TB-Model--m5.4xlarge 256TB-Model--m58xlarge

Override default Metadata disks

You can override the default number of metadata disks assigned to the DDVE instance.

By default, the number of metadata disks provides 10% of the total storage capacity of the DDVE instance.

16TB-Model--m5.xlargeTwo 1 TB metadata disks

32TB-Model--m5.2xlargeFour 1 TB metadata disks

96TB-Model--m5.4xlargeTen 1 TB metadata disks

256TB-Model--m58xlargeThirteen 2 TB metadata disks

IAM Role for S3 access The IAM role that enables DDVE access to S3.

Security Group ID (Optional) Assign the DDVE instance a security group used to access it. A security group will be automatically generated for you if this field is left blank.

9. You can enter configuration settings that will be automatically applied to the PowerProtect Data Manager and DDVE instances when the stack is deployed.

Deployment 25

Table 15. Automatic Configuration Settings (Optional)

Parameters Description

Enable Automatic Configuration and Accept Product End User License Agreement (EULA)

Confirm if automatic configuration is enabled and the terms and conditions outlined in the product End User License Agreement (EULA) accepted. Select Yes to accept the EULA.

NOTE: Do not select Yes if you need to restore a PowerProtect Data Manager disaster-recovery backup.

Select No if you do not accept the EULA. If you select No, automatic configuration is disabled. To configure the instances manually after deployment, see Configure the PowerProtect Data Manager virtual appliance.

Allow Stack Optimization Confirm if stack optimization is allowed. Selecting Yes is recommended. It allows you to view the deployment status of the PowerProtect Data Manager and DDVE instances from the AWS Marketplace Management Portal, and to know when their user interfaces are available.

NOTE: Before selecting Yes, a gateway endpoint must be set up. To create a gateway endpoint, see Gateway VPC endpoints.

Data Manager Common Password

Enter the password for the PowerProtect Data Manager instance. The password must contain at least 9 characters, 1 lowercase letter, 1 uppercase letter, 1 numeral, 1 special character, and be no more than 128 characters in length.

The same password will be used by the PowerProtect Data Manager instance for all system accounts, including the lockbox and administrator user.

Data Manager Common Password Confirmation

Data Manager Timezone Select a timezone for the PowerProtect Data Manager instance.

Data Manager NTP Server Enter the IP address or FQDN of one or two NTP servers for the PowerProtect Data Manager instance. Separate NTP servers with commas.

DDVE Common Password Enter the password for the DDVE instance. The password must contain at least 9 characters, 1 lowercase letter, 1 uppercase letter, 1 numeral, 1 special character, no spaces, and be no more than 100 characters in length.

The same password will be used by the DDVE instance for the sysadmin account and the object store passphrase.

DDVE Common Password Confirmation

DDVE S3 Bucket name Enter the name of an empty S3 bucket that already exists. To create an S3 bucket, see the PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide at Customer Support.

10. From the CloudFormation > Stacks > Create stack > Configure stack options page:

a. Either enable or disable Rollback on failure.

Selecting Disabled is recommended.

If you select Enabled, stack optimization was enabled, and automatic configuration was enabled but fails, then the deployment of PowerProtect Data Manager will be aborted.

If you select Disabled and automatic configuration was enabled but fails, then the instances must be manually configured after deployment, see Configure the PowerProtect Data Manager virtual appliance .

b. Click Next.

11. From the CloudFormation > Stacks > Create stack > Review Stack Name pane, where Stack Name is replaced by the name of the PowerProtect Data Manager instance you provided in step 5:

a. Review the information provided for accuracy and edit anything that is incorrect.

NOTE: Incorrect information can cause the automatic configuration of PowerProtect Data Manager and DDVE to

fail.

26 Deployment

b. Click Create Stack at the bottom of the page to create the PowerProtect Data Manager instance.

12. From the CloudFormation > Stacks > Stack Name pane, wait until CREATE_COMPLETE is displayed.

Note that Stack Name is replaced by the name of the PowerProtect Data Manager instance you provided in step 5.

13. From the EC2 Instance Management Console, wait until the PowerProtect Data Manager instance is initialized. Also note the automatically generated security group for the instance.

Deployment 27

Configuration

Topics:

Configure the PowerProtect Data Manager virtual appliance Configuring network traffic rules Configuring DDVE and storage Configuring and monitoring system health Configuring disaster recovery Deploying SupportAssist to AWS Using SSH Accessing the PowerProtect Data Manager UI Updating PowerProtect Data Manager

Configure the PowerProtect Data Manager virtual appliance Once the PowerProtect Data Manager instance is deployed, it is referred to as a virtual appliance. After the virtual appliance is started, you might need to configure it. Note that this information also applies to any DDVE virtual appliance, and that the following task will need to be repeated.

Prerequisites

Wait for the PowerProtect Data Manager virtual appliance to start and initialize. This process takes a few minutes, and you will not be able to follow step 1 until it is finished.

(Optional) Download a local copy of the PowerProtect Data Manager virtual appliance license file.

About this task

Perform the following steps from a host that has access to the PowerProtect Data Manager virtual appliance. Performing these steps and having them applied takes approximately 10 minutes.

NOTE: If the PowerProtect Data Manager instance was automatically configured, then you can skip this procedure.

However, you must still follow steps 1 and 7 if you want to configure email or enable auto support.

Steps

1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:

https://<appliance_hostname> NOTE: You can specify the hostname or the IP address of the appliance.

2. If an SSL certificate warning page appears with the message Your connection is not private, click Advanced, and then click Proceed to hostname_or_ip_address (unsafe).

3. On the Welcome pane, perform the following actions:

a. To set up PowerProtect Data Manager as a new deployment, select New Install. b. To perform disaster recovery, select Restore Backup. c. Click Next.

4. On the License pane, perform the following actions:

NOTE: If the license was already applied, review the license information and then click Next.

a. In the License Type field, select a type of license.

i. To use an evaluation license, select 90 days evaluation license.

4

28 Configuration

A description of the license appears in the License File field. ii. To load a license, select License File > Choose File, and then browse to and select the license that you want to

load. iii. To copy the contents of the license file, select Plain Text and then copy the contents of the license file into the

Plain Text field. b. Click Next.

5. In the Authentication pane, perform the following actions:

The Use common password option is selected by default. This toggle sets one initial password for use with all PowerProtect Data Manager interfaces.

a. Optionally, clear the Use common password option.

If you leave the Use common password option selected, in the Enter a new password and Renter password to confirm fields, specify a password.

If you clear the Use common password option, in the Enter a new password and Renter password to confirm fields, specify individual passwords for the interfaces.

Ensure that the password meets the following requirements:

Contains a minimum of nine characters and a maximum of one hundred characters Contains at least one numeric character (0-9) Contains at least one uppercase character (A-Z) Contains at least one lowercase character (a-z) Contains at least one special character from the following list of acceptable characters:

!@#$%^&*()_-+=~{}[]<>?/`:;',.|\"

Spaces are allowed. Contains only letters from the English alphabet Does not contain other sensitive information that is associated with the user account, such as the first and last

names, username, or email address

NOTE: The admin password expires after 60 days by default. If you do not change it before it expires, you will be

unable to log in to PowerProtect Data Manager until you reset it. For more information, see the PowerProtect Data

Manager Security Configuration Guide.

b. Click Next.

6. In the System Settings pane, perform the following actions:

a. In the Current Timezone list box, select the time zone where the system is physically located. b. To add an NTP server, click Add. c. In the Server IP Address field, specify the NTP server IP address. d. Click Add. e. To change the list of NTP servers, click Edit or Delete. f. Click Next.

7. In the Email Setup - Optional pane, perform the following actions:

a. In the Mail Server field, specify the SMTP server IP address. b. In the Email From field, specify the administrator email address. c. In the Recipient for Test Email field, specify the recipient email address. d. In the Port field, specify the TCP port to connect to the SMTP server. e. In the Username field, specify the mail username. f. In the Password field, specify the mail password. g. To send a test email to the specified IP address, click Send Test Email. h. To acknowledge the test email was successfully sent, click OK. i. To send diagnostic and usage data to Dell EMC for proactive support and to help improve our products and services,

switch Auto Support to ON.

When enabling auto support, click View Terms to review the telemetry software terms. Scroll down to click Accept to finish enabling auto support, or Decline to disable auto support.

j. Click Next.

NOTE: Email Server Setup is required before performing a local user password reset and sending customized alert

notifications.

Configuration 29

8. In the Summary pane, review the configuration choices, and then click Done.

Configuring network traffic rules After the PowerProtect Data Manager instance is deployed, it is recommended to change the default network traffic rules that allow all inbound and outbound connections.

Even if you specified a port range during the deployment of the PowerProtect Data Manager instance, outbound ports will remain unrestricted unless the outbound rules are changed.

For more information about traffic rules, see the PowerProtect Data Manager Security Configuration Guide.

Configure network traffic rules

Configure network traffic rules to restrict inbound and outbound connections.

About this task

CAUTION: Do not use IP addresses that belong to the 172.24.0.192/26 subnet. IP addresses in the 172.24.0.192

172.24.0.255 range are used for Docker network configuration, and unexpected results can occur if they are also

used by PowerProtect Data Manager.

Steps

1. From the EC2 Instance Management Console, click the security group shown after Security groups, and select either Actions > Edit inbound rules or Actions > Edit inbound rules.

2. From either the Edit inbound rules pane or the Edit outbound rules pane, change specific network traffic rules.

Configuring DDVE and storage For information on how to configure DDVE and storage, see the following publications that are available at Customer Support:

PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide PowerProtect Data Manager Administration and User Guide

Configuring and monitoring system health For information on how to configure and monitor system health, and how to configure and monitor alerts, jobs, and tasks, see the PowerProtect Data Manager Administration and User Guide at Customer Support

Configuring disaster recovery PowerProtect Data Manager can be configured to automatically back up critical servers on a periodic basis. This protects your infrastructure from catastrophic data loss.

It is recommended to enable DD MTree replication on a local DDVE instance so that the disaster-recovery data is replicated to a DDVE instance in a different region or Availability Zone. Such an infrastructure enhances existing data-protection schemes.

When configured, the RPO of server disaster-recovery backups is a maximum of one hour, and the RTO of server disaster recovery is approximately 45 minutes, depending on the amount of data recovered. Even if PowerProtect Data Manager server disaster-recovery backups are up to an hour old, the system will attempt to synchronize any backups that occurred between the last backup and the time of failure.

For more information about how to prepare for and recover from a disaster, see the PowerProtect Data Manager Administration and User Guide at Customer Support:

30 Configuration

Deploying SupportAssist to AWS You can deploy SupportAssist by using a gateway or a direct connection. To deploy SupportAssist to AWS using a gateway, you must perform one of the following actions:

Deploy a SupportAssist virtual appliance in VMC to AWS. Deploy a SupportAssist container in a Linux or Windows host that is using Docker to AWS.

For more information, see the PowerProtect Data Manager Administration and User Guide at Customer Support

Using SSH You can use SSH to access the PowerProtect Data Manager virtual appliance on AWS.

PowerProtect Data Manager on AWS does not support password-based SSH access to the virtual appliance. Instead, use the private key from the key pair assigned to the instance when PowerProtect Data Manager was deployed.

For example:

ssh -i data_manager_key_pair.pem admin@ec2-111-222-333-444-compute-1.amazonaws.com For more information, see the Amazon AWS document Connecting to your Linux instance using SSH.

Accessing the PowerProtect Data Manager UI PowerProtect Data Manager provides a web-based user interface (UI) that you can use to manage and monitor system features and settings from any location over a network.

Steps

1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:

https://<appliance_hostname> NOTE: You can specify the hostname or the IP address of the appliance.

2. Login with your user name and password. The Getting Started page appears. The left pane provides links to the available menu items. Expand a menu item for more options. The icons in the PowerProtect Data Manager banner provide additional options.

The Getting Started page

The Getting Started page provides configuration options that are required when the system is first deployed.

The Getting Started page appears upon first deployment of PowerProtect Data Manager and opens to this page by default until you click Skip This.

You can access the Getting Started page at any time by selecting System Settings > Getting Started.

Table 16. PowerProtect Data Manager Getting Started menu items

Options Description

Support View and configure SupportAssist, Email Setup, Auto Support, Logs, and System Health.

Disaster Recovery Backup Configure and manage backups for disaster recovery.

VMware vCenter Opens the Infrastructure > Asset Sources page where you can add a vCenter instance as an asset source so that it can be added to a protection policy.

Protect Assets Opens the Protection Policies page where you can manage protection policy workflows for all asset types.

Configuration 31

UI tools and options

Learn about the available tools in the user interface (UI).

PowerProtect Data Manager UI tools

CAUTION: Although displayed, some tools are not supported in AWS deployments of PowerProtect Data

Manager. Using these tools might cause unexpected results.

Table 17. PowerProtect Data Manager tools

Menu item Description

Dashboard

Click Dashboard to view the overall state of the PowerProtect Data Manager system.

Infrastructure

Click Infrastructure to: View and manage all assets:

VMware virtual machines File systems VMAX storage Groups Kubernetes clusters Microsoft Exchange Server databases Network Attached Storage (NAS) Microsoft SQL Server databases Oracle databases SAP HANA databases

Add vCenter and application and File System host asset sources. View and manage Integrated Storage. Add a VM Direct appliance with the VM Direct protection engine for virtual machine data

protection. Manage the vSphere Installation Bundle (VIB) for virtual machine crash-consistent data

protection performed with the Transparent Snapshot Data Mover (TSDM) protection mechanism.

Manage registration of Oracle RMAN agent, Microsoft application agent, SAP HANA agent, and File System agent.

View and manage Cloud Disaster Recovery.

NOTE: Cloud Disaster Recovery is not supported.

Create and manage a Search Cluster.

NOTE: Search Clusters are not supported.

Add PowerProtect Cloud Snapshot Manager tenants as asset sources for jobs, alerts, and reports.

Protection

Click Protection to: Add protection policies to back up assets. Manage service-level agreements (SLAs). Add, edit, and delete Dynamic Groups for assets.

Restore

Click Restore to: View asset copy location details and initiate a Restore operation. Manage Instant Access Sessions. Use the File Search feature to find and restore virtual machine file copies.

Alerts

Click Alerts to: View and acknowledge alerts and events. Filter alerts by critical, warning, and informational status, and specify the time range. View and examine Audit logs.

32 Configuration

Table 17. PowerProtect Data Manager tools (continued)

Menu item Description

Export audit logs to CSV files. Set audit log boundaries.

There is also a banner UI option, represented by the icon, which provides links that enable you to view all unacknowledged alerts.

Administration

Click Administration to: Configure users and roles. Set password credentials and manage key chains. View and replace certificates. Configure alert notifications. Add external identity providers.

Jobs

Click Jobs to manage jobs, view by protection or system, filter, and view details.

Banner UI options

The following table describes the icons that are located in the PowerProtect Data Manager banner.

Table 18. Banner UI options

Option Description

Click to enter search criteria to find assets, jobs, logs, and alerts.

The number next to this icon indicates the critical unacknowledged alerts over the last 24 hours.

Click to expand for more information about unacknowledged alerts, including:

The total number of alerts (all statuses critical, warning, or informational) that have yet to be acknowledged, or just the unacknowledged alerts from the last 24 hours (marked with the New tag).

The number of critical alerts that have yet to be acknowledged, or just the unacknowledged critical alerts from the last 24 hours (marked with the New tag).

Within this menu, click any of these links to open the Alerts window, where you can view specific details about these unacknowledged alerts.

Click to restore assets from replicated copies through quick recovery. This icon only appears when this system receives replicated metadata from a source system.

Click to configure and manage PowerProtect Data Manager system network, time zone, and NTP settings, DR backups, security, licenses, updates, authentication, agent downloads, and support, and to access the Getting Started page.

Click to log out, and log in as a different user.

Click to see PowerProtect Data Manager version information.

Click to obtain more information about PowerProtect Data Manager, access Customer Support, send feedback, or view the REST API documentation.

Click to launch CloudIQ, APEX Backup Services, and Cloud Snapshot Manager.

Configuration 33

Updating PowerProtect Data Manager When a new version of PowerProtect Data Manager is released, you might want to use the newer version in your cloud environment.

The following general procedure should be followed when updating PowerProtect Data Manager:

1. Back up the PowerProtect Data Manager virtual appliance. For instructions, see the documentation provided by the cloud provider.

NOTE: Backing up the virtu

Manualsnet FAQs

If you want to find out how the PowerProtect Dell works, you can view and download the Dell PowerProtect 19.10 Data Manager Amazon Web Services Deployment Guide on the Manualsnet website.

Yes, we have the Amazon Web Services Deployment Guide for Dell PowerProtect as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Amazon Web Services Deployment Guide should include all the details that are needed to use a Dell PowerProtect. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell PowerProtect 19.10 Data Manager Amazon Web Services Deployment Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell PowerProtect 19.10 Data Manager Amazon Web Services Deployment Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell PowerProtect 19.10 Data Manager Amazon Web Services Deployment Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell PowerProtect 19.10 Data Manager Amazon Web Services Deployment Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.10 Data Manager Amazon Web Services Deployment Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.