Contents

Dell PowerProtect 19.5 Data Manager AWS Deployment Guide PDF

1 of 26
1 of 26

Summary of Content for Dell PowerProtect 19.5 Data Manager AWS Deployment Guide PDF

PowerProtect Data Manager AWS Deployment Guide

Version 19.5

July 2020 Rev. 02

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the

problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Preface..........................................................................................................................................................................................4

Chapter 1: Getting Started...............................................................................................................7 Introducing PowerProtect Data Manager software..........................................................................................................7 PowerProtect Data Manager for AWS............................................................................................................................... 7 PowerProtect Data Manager and DDVE............................................................................................................................8 AWS data-transfer costs......................................................................................................................................................8 Architecture overview...........................................................................................................................................................8 References............................................................................................................................................................................ 12 Terminology...........................................................................................................................................................................12 Accessing the PowerProtect Data Manager UI............................................................................................................... 13

The Getting Started page............................................................................................................................................. 14 UI tools and options ...................................................................................................................................................... 14

Chapter 2: Installation Prerequisites............................................................................................... 17 PowerProtect Data Manager interoperability...................................................................................................................17 Microsoft application agent and Oracle RMAN agent interoperability..........................................................................17 VMware Cloud interoperability........................................................................................................................................... 17 Preparing your environment to deploy PowerProtect Data Manager to AWS............................................................18

General requirements.....................................................................................................................................................18 Resources assigned........................................................................................................................................................19 VPC DNS requirements................................................................................................................................................ 20

Chapter 3: Deploying PowerProtect Data Manager to AWS............................................................... 21 Deploy PowerProtect Data Manager to AWS..................................................................................................................21

Chapter 4: Configuration............................................................................................................... 23 Configure the PowerProtect Data Manager virtual appliance...................................................................................... 23 Configure network traffic rules......................................................................................................................................... 25 Configuring DDVE and storage..........................................................................................................................................25 Configuring and monitoring system health...................................................................................................................... 25 Configuring disaster recovery............................................................................................................................................25 Deploying Secure Remote Services to AWS................................................................................................................... 25 Using SSH............................................................................................................................................................................ 26

Contents

Contents 3

Preface As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.

If a product does not function correctly or does not function as described in this document, contact a technical support professional.

NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this

document, go to the Support website https://www.dell.com/support.

Data Domain (DD) is now PowerProtect DD. References to Data Domain or Data Domain systems in this documentation,

in the user interface, and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In

many cases the user interface has not yet been updated to reflect this change.

Purpose This guide describes how to deploy the PowerProtect Data Manager software to Amazon Web Services (AWS).

Audience This document is intended for the system administrator who will deploy the PowerProtect Data Manager software.

Revision history The following table presents the revision history of this document.

Table 1. Revision history

Revision Date Description

02 July 31, 2020 Amazon updates.

01 June 30, 2020 Initial release of this document for PowerProtect Data Manager 19.5.

Related documentation The following publications provide additional information:

PowerProtect Data Manager Administration and User Guide

Describes how to configure the software. PowerProtect Data Manager Release Notes

Contains information on new features, known limitations, environment, and system requirements for the software. PowerProtect Data Manager Security Configuration Guide

Contains security information.

PowerProtect Data Manager API documentation: https://developer.dellemc.com

Lists the PowerProtect Data Manager APIs and includes tutorials to guide you in their use.

Typographical conventions The following type style conventions are used in this document:

4 Preface

Table 2. Style conventions

Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.

Italic Used for full titles of publications that are referenced in text.

Monospace Used for:

System code System output, such as an error message or script Pathnames, file names, file name extensions, prompts, and syntax Commands and options

Monospace italic Used for variables.

Monospace bold Used for user input.

[ ] Square brackets enclose optional values.

| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.

{ } Braces enclose content that the user must specify, such as x, y, or z.

... Ellipses indicate non-essential information that is omitted from the example.

You can use the following resources to find more information about this product, obtain support, and provide feedback.

Where to find product documentation https://www.dell.com/support https://www.dell.com/community

Where to get support The Support website https://www.dell.com/support provides access to product licensing, documentation, advisories, downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Support.

To access a product-specific page:

1. Go to https://www.dell.com/support. 2. In the search box, type a product name, and then from the list that appears, select the product.

Knowledgebase The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by keyword.

To search the Knowledgebase:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Knowledge Base. 3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by typing a

product name in the search box, and then selecting the product from the list that appears.

Live chat To participate in a live interactive chat with a support agent:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Contact Support. 3. On the Contact Information page, click the relevant support, and then proceed.

Preface 5

Service requests To obtain in-depth help from Licensing, submit a service request. To submit a service request:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests.

NOTE: To create a service request, you must have a valid support agreement. For details about either an account or

obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the

Service Request Number field, type the service request number, and then click the right arrow.

To review an open service request:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests. 3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.

Online communities For peer contacts, conversations, and content on product support and solutions, go to the Community Network https://www.dell.com/ community. Interactively engage with customers, partners, and certified professionals online.

How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPAD.Doc.Feedback@emc.com.

6 Preface

Getting Started This section includes the following topics:

Topics:

Introducing PowerProtect Data Manager software PowerProtect Data Manager for AWS PowerProtect Data Manager and DDVE AWS data-transfer costs Architecture overview References Terminology Accessing the PowerProtect Data Manager UI

Introducing PowerProtect Data Manager software PowerProtect Data Manager software is an enterprise solution that provides software-defined data protection, deduplication, operational agility, self-service, and IT governance.

PowerProtect Data Manager enables the transformation from traditional centralized protection to an IT-as-a-service model based on a self-service design. This design ensures that you can enforce compliance and other business rules, even when backup responsibilities are decentralized to individual database administrators and application administrators.

PowerProtect Data Manager key features include:

Software-defined data protection with integrated deduplication, replication, and reuse Data backup and recovery self-service operations from native applications that are combined with central IT governance Multicloud optimization with integrated cloud tiering SaaS-based monitoring and reporting Modern services-based architecture for ease of deployment, scaling, and upgrading

PowerProtect Data Manager integrates multiple data protection products within the Dell EMC Data Protection portfolio to enable data protection as a service, providing the following benefits:

Enables the data protection team to create data paths with provisioning, automation, and scheduling to embed protection engines into the infrastructure for high-performance backup and recovery.

Enables backup administrators of large-scale environments to schedule Microsoft SQL and Oracle backups from a central location on the PowerProtect Data Manager server.

Uses an agent-based approach to discover the protected and unprotected databases on an application server. Enables governed self-service and centralized protection by:

Monitoring and enforcing Service Level Objectives (SLOs) Identifying violations of Recovery Point Objectives (RPO) Applying retention locks on backups that are created using the Microsoft application agent and Oracle RMAN agent.

Provides a RESTful interface that allows the user to monitor, configure, and orchestrate Power Protect Data Manager. Customers can use the APIs to integrate their own automation framework or quickly write new scripts with the help of easy-to-follow tutorials.

PowerProtect Data Manager for AWS You use an Amazon Web Services (AWS) CloudFormation template to deploy PowerProtect Data Manager to an Elastic Compute Cloud (EC2) instance in a Virtual Private Cloud (VPC). This EC2 instance has PowerProtect Data Manager installed on it.

PowerProtect Data Manager for AWS provides protection for cloud-based assets such as the following:

Oracle, SQL, and SAP Hana databases virtual machines in VMware Cloud for AWS Kubernetes clusters deployed to AWS

1

Getting Started 7

Backed up data is stored in Amazon Simple Storage Service buckets with a high level of deduplication.

Amazon AWS Documentation and the AWS CloudFormation User Guide provide more information about Amazon Web Services.

PowerProtect Data Manager and DDVE In order to function in an AWS environment, PowerProtect Data Manager requires that Data Domain Virtual Edition (DDVE) also be present.

DDVE is a software-only protection storage appliance: a virtual deduplication appliance that provides data protection for entry, enterprise, and service-provider environments. Like any Data Domain (DD) system, DDVE is always paired with backup software.

When you deploy PowerProtect Data Manager to AWS, DDVE can be deployed to AWS at the same time. You can also deploy DDVE to AWS outside of the PowerProtect Data Manager deployment process. For more information, see the Power Protect DD Virtual Edition on Amazon Web Services Installation and Administration Guide at Dell EMC Online Support

AWS data-transfer costs Amazon charges a monthly fee based on the amount and types of data transferred by PowerProtect Data Manager and DDVE in an AWS cloud.

Consider the following information when planning your AWS architecture:

Most of the data that is transferred in an AWS cloud occurs between the hosts being protected and DDVE. If Kubernetes is being used, data is also transferred between the protection engine hosts and DDVE. Amazon does not have data-transfer fees for hosts that are in the same availability zone (AZ). For details of all Amazon data-transfer fees, see Amazon EC2 Pricing.

NOTE: If you minimize the path that data transfers take by using as few availability zones and regions as possible, then

you will minimize data-transfer costs.

For pricing of Amazon monthly hosting in general, see the Amazon Pricing Calculator.

An example of data-transfer costs The following describes a possible data-protection scenario.

A data-transfer cost of $.01 per gigabyte. Twenty 100 GB databases that each have a daily change rate of 5 percent. Weekly full backups Daily incremental backups and archived-log backups An average deduplication ratio of 2:1 for initial full backups and for incremental backups An average deduplication ratio of between 20:1 and 30:1 for subsequent full backups.

This data-protection scenario would result in approximately 3,600 GB of data transfer in the first month, with a total first-month cost of $36.

Architecture overview PowerProtect Data Manager is deployed with a private IP address. To access it from an external site, a VPN gateway must be configured.

The following diagram represents the basic architecture of PowerProtect Data Manager on AWS. It shows a single region, single Virtual Private Cloud (VPC), and single availability zone (AZ).

8 Getting Started

Figure 1. Basic PowerProtect Data Manager architecture

Sensitive PowerProtect Data Manager data, such as passwords, is encrypted and stored in a lockbox. For more information about PowerProtect Data Manager security, see the Power Protect Data Manager Security Configuration Guide at Dell EMC Online Support. When deployed to AWS, the PowerProtect Data Manager lockbox is located in a secure Elastic Block Store (EBS) volume.

Backup data is stored in a Simple Storage Services (S3) bucket, and the backup metadata is stored on a DDVE EBS volume. For more information, see the Power Protect DD Virtual Edition on Amazon Web Services Installation and Administration Guide at Dell EMC Online Support.

DDVE and a single availability zone To minimize data-transfer costs, application hosts and DDVE can be located in the same AZ.

Getting Started 9

Figure 2. PowerProtect Data Manager and DDVE in a single AZ

DDVE and multiple availability zones If application hosts are distributed across more than one AZ, you can minimize data-transfer costs by installing a separate instance of DDVE in each AZ.

NOTE: To deploy additional instances of DDVE to AWS outside of the PowerProtect Data Manager deployment process,

see the Power Protect DD Virtual Edition on Amazon Web Services Installation and Administration Guide at Dell EMC

Online Support

10 Getting Started

Figure 3. PowerProtect Data Manager and DDVE in two AZs

DDVE and multiple availability zones with only a single DDVE instance If application hosts are distributed across more than one availability zone, but a DDVE instance exists in only one of the AZs, additional data-transfer costs will be incurred.

Getting Started 11

Figure 4. PowerProtect Data Manager and a single DDVE instance for two AZs

PowerProtect Data Manager policies and DDVE If a different DDVE instances is in each AZ or region, ensure that PowerProtect Data Manager policies are configured to protect all the hosts in the same AZ or region as each DDVE instance.

References Some procedures in this document reference other publications for detailed procedures.

For additional information, see the following publications that are available at Dell EMC Online Support:

PowerProtect Data Manager Security Configuration Guide PowerProtect Database Application Agent Installation and Administration Guide PowerProtect Microsoft Application Agent Exchange Server User Guide PowerProtect Microsoft Application Agent Installation Guide PowerProtect Microsoft Application Agent SQL Server User Guide PowerProtect Oracle RMAN Agent Administration Guide PowerProtect Storage Direct Agent Installation and Administration Guide PowerProtect Storage Direct Primary and Protection Storage Configuration Guide PowerProtect Storage Direct Solutions Guide PowerProtect DD Virtual Edition on Amazon Web Services Installation and Administration Guide

Terminology Familiarize yourself with the terminology that is used in the PowerProtect Data Manager user interface and documentation.

The following table provides more information about names and terms you should know to use PowerProtect Data Manager:

12 Getting Started

Term Description

Application Agent Application Agents are installed on application or database host servers to manage protection using PowerProtect Data Manager. These Agents are commonly known as DDBoost Enterprise Agents (DDBEA) for databases and applications.

Application Aware Virtual machine protection policy that includes additional application-aware data protection for Microsoft SQL Servers. An application-aware virtual machine protection policy provides the ability to quiesce the application during virtual machine image backup to perform a full backup of SQL databases. You can also schedule SQL server log backups for the virtual machines in the policy.

Asset Assets are objects in PowerProtect Data Manager for which you want to manage protection, including VMs, databases, and file systems.

Asset Source Assets that PowerProtect Data Manager protects reside within Asset Sources, which include vCenter Servers, application or database hosts, and file servers.

Cloud Tier Storage Cloud Tier storage can be added to an external DD system to expand the DD deduplication storage capacity onto less expensive object storage in public or private object storage clouds, including Dell EMC secure Elastic Cloud Storage appliances.

Copy A PowerProtect Data Manager copy is a point-in-time backup copy of an Asset.

Copy Map The PowerProtect Data Manager Copy Map is a visual representation of backup copy locations on your Protection Storage and is available for all protected Assets that have copies.

Discovery Discovery is an internal process that scans Asset Sources to find new assets to protect and scans infrastructure components to monitor their health and status.

Instant Access PowerProtect Data Manager VM backup copies can be accessed, mounted, and booted directly from the Protection Storage targets as running VMs. Copies can also be moved to a production VMware datastore using vMotion.

PowerProtect Data Manager VM application-aware backup copies can be mounted directly from the Protection Storage targets as running SQL databases, which includes the ability to roll forward log backups. These SQL database disks can also be moved to a production VMware datastore using vMotion.

Power Protect Data Manager Agent

An agent that is included in PowerProtect Data Manager and installed on each application agent host server so that you can monitor and manage the application agent through PowerProtect Data Manager.

Protection Policy Protection Policies configure and manage the entire life cycle of backup data, which includes backup type, assets, backup start/stop time, backup device, and backup retention.

Service Level Agreement (SLA) An optional policy that you can layer on top of a Protection Policy. An SLA performs additional checks on protection activities to ensure that protection goals meet the standards that your organization requires. SLAs are made up of one or more Service Level Objectives.

Service Level Objectives (SLO) Definable rules that set the criteria for Recovery Point Objectives (RPO), encryption, and locations of backups according to your company requirements.

Accessing the PowerProtect Data Manager UI PowerProtect Data Manager provides a web-based user interface (UI) that you can use to manage and monitor system features and settings from any location over a network.

Steps

1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:

https://appliance_hostname NOTE: You can specify the hostname or the IP address of the appliance.

2. Log in with your user name and password. The Getting Started page appears.

The left pane provides links to the available menu items. Expand a menu item for more options.

Getting Started 13

The icons in the PowerProtect Data Manager banner provide additional options.

The Getting Started page The Getting Started page provides configuration options that are required when the system is first deployed.

The Getting Started page appears upon first deployment of PowerProtect Data Manager and opens to this page by default until you click Skip This.

You can access the Getting Started page at any time by selecting System Settings > Getting Started.

Table 3. PowerProtect Data Manager Getting Started menu items

Options Description

Support View and configure Secure Remote Services (SRS), Email Setup, Auto Support, Logs, and System Health.

Disaster Recovery Backup Configure and manage backups for disaster recovery.

VMware vCenter Opens the Infrastructure > Asset Sources page where you can add a vCenter instance as an asset source so that it can be added to a protection policy.

Protect Assets Opens the Protection Policies page where you can manage Protection Life Cycle workflows for all asset types.

UI tools and options Learn about the available tools in the user interface (UI).

PowerProtect Data Manager UI tools CAUTION: Although displayed, some tools are not supported in AWS deployments of PowerProtect Data Manager.

Using these tools might cause unexpected results.

Table 4. PowerProtect Data Manager tools

Menu item Description

Dashboard

Provides a high-level view of the overall state the PowerProtect Data Manager system and includes the following information:

AlertsSystem alerts ProtectionDetails about protection policies JobsStatus of all Jobs that are filtered by a selected time period or status type. Select the

status in the Jobs pane to open the Jobs window, where you can manage jobs, search, and view details.

PolicyDetails include number of successes, failures, and excluded assets for each asset type Protection StorageProtection storage usage statistics RecoveryRecovery statistics HealthDetails about the health of the system, including services, licenses, support, protection

engines, server backups, and uptime

PowerProtect Data Manager refreshes the data hourly unless you run an ad hoc discovery.

Infrastructure

Click Infrastructure to perform the following tasks:

View and manage all assets. Add vCenter and Application and File System Host asset sources. View and manage Integrated Storage. Add a VM Direct appliance with the VM Direct protection engine for virtual machine data

protection. Manage registration of the Oracle RMAN agent, Microsoft application agent, SAP HANA agent,

and File System agent. View and manage Cloud Disaster Recovery.

14 Getting Started

Table 4. PowerProtect Data Manager tools (continued)

Menu item Description

NOTE: Cloud Disaster Recovery is not supported.

Create and manage a Search Cluster.

NOTE: Search Clusters are not supported.

Protection

Click Protection to perform the following tasks:

Add protection policy groups to assets. Manage SLA. Add, edit, and delete Dynamic Groups for assets.

Recovery

Click Recovery to perform the following tasks:

View asset copy location details and initiate a Restore operation. Manage Instant Access Sessions. Use the File Search feature to find and restore virtual machine file copies.

Alerts

Click Alerts to perform the following tasks:

View and acknowledge alerts and events. View and examine Audit logs. Export audit logs to CSV files. Set audit log boundaries.

Administration

Click Administration to perform the following tasks:

Configure users and roles. Set password credentials and manage key chains. Configure alert notifications. Add LDAP Identity Sources.

Jobs

Click Jobs to manage jobs, view by completed or running, filter, and view details.

Reporting

Click Reporting to log in to PowerProtect Central.

Banner UI options The following table describes the icons that are located in the PowerProtect Data Manager banner.

Table 5. Banner UI options

Option Description

Click to enter search criteria to find assets, jobs, logs, and alerts.

Click to see recent alerts.

Click to configure and manage PowerProtect Data Manager system network, time zone, and NTP settings, DR backups, security, licenses, upgrades, authentication, agent downloads, and support, and to access the Getting Started page.

Click to log out, and log in as a different user.

Click to see PowerProtect Data Manager version information.

Getting Started 15

Table 5. Banner UI options (continued)

Option Description

Click to obtain more information about PowerProtect Data Manager, access Dell EMC Support, or view the REST API documentation.

16 Getting Started

Installation Prerequisites This section contains the following topics:

Topics:

PowerProtect Data Manager interoperability Microsoft application agent and Oracle RMAN agent interoperability VMware Cloud interoperability Preparing your environment to deploy PowerProtect Data Manager to AWS

PowerProtect Data Manager interoperability PowerProtect Data Manager integrates multiple data protection products within the Dell EMC Data Protection portfolio to enable data protection as a service. PowerProtect Data Manager enables new data paths with provisioning, automation, and scheduling that enable a data protection team to embed protection engines into the infrastructure for high-performance backup and recovery.

NOTE: PowerProtect Data Manager for AWS is only compatible with Data Domain Virtual Edition (DDVE) 5.0.

This section includes several tables that list the supported software and hardware configurations for an PowerProtect Data Manager deployment for each direct data path.

Microsoft application agent and Oracle RMAN agent interoperability The Microsoft application agent and Oracle RMAN agent enable an application administrator to protect and recover data on a SQL Server host and Oracle server host. PowerProtect Data Manager integrates with the Microsoft application agent and Oracle RMAN agent to check and monitor the backup compliance against protection policies. PowerProtect Data Manager also supports central scheduling for backups.

You can install the Microsoft application agent or Oracle RMAN agent on the host that you plan to protect by using the installation instructions that are provided in the PowerProtect Data Manager Administration and User Guide.

NOTE: The most up-to-date software compatibility information for the PowerProtect Data Manager software and

application agents is provided in the E-Lab Navigator, available at https://elabnavigator.emc.com/eln/

modernHomeDataProtection.

Table 6. Microsoft application agent and Oracle RMAN agent support matrix

Product Supported versions

Microsoft application agent Software compatibility information for the PowerProtect Data Manager software and the Microsoft application agent is provided in the E-Lab Navigator, available at https:// elabnavigator.emc.com/eln/modernHomeDataProtection.

Oracle RMAN agent Software compatibility information for the PowerProtect Data Manager software and the Oracle RMAN agent is provided in the E-Lab Navigator, available at https:// elabnavigator.emc.com/eln/modernHomeDataProtection.

VMware Cloud interoperability PowerProtect Data Manager on AWS works with VMware Cloud (VMC) on AWS. Unless otherwise noted, PowerProtect Data Manager for AWS supports all of the features that are supported by VMC on AWS. For information about what is not supported by VMC on AWS, see the PowerProtect Data Manager Administration and User Guide.

2

Installation Prerequisites 17

Required DNS configuration You must configure a DNS server to be used for name resolution of hosts in the VMC and PowerProtect Data Manager on AWS networks. This server can be located in either the VMC on AWS network or the PowerProtect Data Manager on AWS network.

Forward and reverse lookups are required for the following hosts:

the PowerProtect Data Manager instance all DDVE instances the VM Direct protection engines vCenter and ESXi

Ensure you set this DNS server as the primary DNS server for the PowerProtect Data Manager instance once it has been deployed. For more information, see the PowerProtect Data Manager Administration and User Guide.

Required network traffic rules You must configure certain network traffic rules in order for hosts in the PowerProtect Data Manager on AWS network to communicate with hosts in the VMC on AWS network.

PowerProtect Data Manager requires inbound and outbound traffic between it and the following hosts in the VMC on AWS network:

the VM Direct protection engines the primary DNS server vCenter and ESXi

To configure PowerProtect Data Manager traffic rules on an instance after it has been deployed, see Configure network traffic rules on page 25.

All DDVE instances requires inbound and outbound traffic between them and the VM Direct protection engines in the VMC on AWS network. To configure DDVE traffic rules, see the PowerProtect Data Manager Administration and User Guide.

Preparing your environment to deploy PowerProtect Data Manager to AWS The following sections provide general guidelines to deploy PowerProtect Data Manager to AWS.

The guidelines are as follows:

1. For a secure login to PowerProtect Data Manager, create an EC2 key access pair. See Amazon EC2 Key Pairs for instructions. 2. Set up the network environment.

For secure access to the PowerProtect Data Manager on AWS, it is recommended that you use the Virtual Private Cloud (VPC) architecture provided by AWS. Set up and configure the following components:

VPC subnet routing tables security groups network access control list

General requirements Review the general requirements for deploying PowerProtect Data Manager to AWS.

Create an AWS account To deploy PowerProtect Data Manager to AWS, you must have an AWS account. To set up an account, go to https://aws.amazon.com/ getting-started/.

18 Installation Prerequisites

Identity and access management AWS recommends that you create an identity and access management (IAM) user or role for authenticating with AWS and never use root credentials to deploy a CloudFormation template. The IAM user must be allowed to perform AWS CloudFormation actions.

The following links provide more information about AWS best practices:

Creating an IAM User in Your AWS Account Using IAM Roles What is AWS CloudFormation?

Security and operational best practices Amazon recommends that you enable AWS CloudTrail logs to enable governance, compliance, and operational and risk auditing of your AWS account. AWS CloudTrail enables you to do the following:

View the event history of your AWS account activity, including AWS Management Console actions, AWS SDKs, CLI, and other AWS services.

Identify the initiator of actions, resources involved, and event timing.

This event history helps to simplify security analysis, resource change tracking, and troubleshooting.

The following links provide more information:

Working with CloudTrail Turn on CloudTrail across all regions and support for Multiple Trails

AWS service limits and restrictions The following links provide more information about AWS service limits and restrictions:

Bucket Restrictions and Limitations IAM and STS Limits How do I manage my AWS service limits? AWS Service Quotas

Additional links The following additional links provide more information about the AWS features that are used with a PowerProtect Data Manager deployment:

Working with the AWS Management Console AWS Cloud Formation AWS Identity and Access Management (IAM) Amazon Virtual Private Cloud Amazon Elastic Compute Cloud Documentation

Resources assigned Learn the system resources assigned to PowerProtect Data Manager (PPDM) in an AWS environment.

NOTE: These system resources belong to the required m5.2xlarge PPDM EC2 instance type.

8 CPU cores 32 GB of RAM for PowerProtect Data Manager Seven disks with the following capacities:

Disk 1100 GB Disk 2500 GB Disks 3 and 410 GB each Disks 5 through 75 GB each

One 1-GB NIC

NOTE: These resources cannot be changed. If they are insufficient for a required protection workload, multiple PPDM

EC2 instances can be deployed.

Installation Prerequisites 19

VPC DNS requirements Learn the VPC requirements to host PowerProtect Data Manager in an AWS environment.

DNS resolution enabled DNS hostnames enabled

NOTE: DNS hostnames are disabled by default when you create a VPC. You must change this.

20 Installation Prerequisites

Deploying PowerProtect Data Manager to AWS

This section contains the following topics:

Topics:

Deploy PowerProtect Data Manager to AWS

Deploy PowerProtect Data Manager to AWS Use this method to deploy PowerProtect Data Manager to AWS.

About this task

Performing the following steps takes approximately 15 minutes. After PowerProtect Data Manager is deployed, it must be configured. Configuring PowerProtect Data Manager takes approximately 10 minutes. For more information on configuring PowerProtect Data Manager, see Configure the PowerProtect Data Manager virtual appliance on page 23.

Steps

1. In a browser, navigate to https://aws.amazon.com/marketplace.

2. Search for PowerProtect Data Manager and Data Domain Virtual Edition.

3. Select Dell EMC PowerProtect Data Manager, and then click Continue to Subscribe.

4. Click Continue to Configuration.

5. Select the following configuration, and then click Continue to Launch.

Fulfillment OptionSelect Cloud Formation Template. Software VersionSelect the correct version. RegionSelect where to deploy PowerProtect Data Manager and DDVE.

6. Review the configuration details, select Launch the Cloud Formation template, and then select Launch. The template URL is populated.

7. From the CloudFormation > Stacks > Create stack pane, click Next

8. From the CloudFormation > Stacks > Create stack > Specify stack details pane, enter a name for the PPDM and DDVE EC2 instances in the Stack name text box.

Table 7. PPDM Instance and Network Configuration

Parameters Description

IAM Role The IAM Role that grants access to resources for the PPDM EC2 instance. This field can be empty.

VPC ID The VPC ID of your existing Virtual Private Cloud.

Subnet ID The ID of the subnet within your VIrtual Private Cloud that you will deploy the software to.

Private IP Address (Optional) Assign the PPDM EC2 instance a private IP address in your Virtual Private Cloud. A private IP address will be automatically generated for you if this field is left blank.

Security Group ID (Optional) Assign the PPDM EC2 instance a security group used to access it. A security group will be automatically generated for you if this field is left blank.

3

Deploying PowerProtect Data Manager to AWS 21

Table 7. PPDM Instance and Network Configuration (continued)

Parameters Description

IP Range Permitted for Inbound Communication The IP address ranges allowed to connect to the PPDM EC2 instance. Specify a single IP address or an IP address range in CIDR notation (for example, 192.160.8.0/16). The default is 0.0.0.0/0, which allows unrestricted access. Any range entered here will be the default for all inbound ports.

NOTE: It is recommended that this be changed after PPDM is deployed. For more information, see Configure network traffic rules on page 25

Key Pair A key pair that can be used to access the EC2 instance.

Table 8. DDVE Instance Configuration

Parameters Description

Launch DDVE Instance Select Yes to deploy a DDVE instance with PPDM, and then launch it in the same subnet. The values entered for the PPDM instance for IP Range Permitted for Inbound Communication and Key Pair will be applied to the DDVE instance.

DDVE Capacity The storage capacity of the DDVE instance.

IAM Role for S3 access The IAM role that enables DDVE access to S3.

Security Group ID (Optional) Assign the DDVE EC2 instance a security group used to access it. A security group will be automatically generated for you if this field is left blank.

9. From the CloudFormation > Stacks > Create stack > Configure stack options page, click Next.

10. From the CloudFormation > Stacks > Create stack > Review Stack Name pane:

Note that Stack Name is replaced by the name of the PPDM EC2 instance you provided in step 5.

a. Review the information provided for accuracy. b. Edit any information that is incorrect. c. Click Create Stack at the bottom of the page to create the PPDM EC2 instance.

11. From the CloudFormation > Stacks > Stack Name pane, wait until CREATE_COMPLETE is displayed.

Note that Stack Name is replaced by the name of the PPDM EC2 instance you provided in step 5.

12. From the EC2 Instance Management Console, wait until the PPDM EC2 instance is initialized. Also note the automatically generated security group for the instance.

22 Deploying PowerProtect Data Manager to AWS

Configuration This section contains the following topics:

Topics:

Configure the PowerProtect Data Manager virtual appliance Configure network traffic rules Configuring DDVE and storage Configuring and monitoring system health Configuring disaster recovery Deploying Secure Remote Services to AWS Using SSH

Configure the PowerProtect Data Manager virtual appliance Once the PowerProtect Data Manager EC2 instance is deployed, it is referred to as a virtual appliance. After the virtual appliance is started, you must configure it. Note that this information also applies to any DDVE EC2 instance deployed at the same time as a PowerProtect Data Manager EC2 instance.

Prerequisites

Wait for the PowerProtect Data Manager virtual appliance to start and initialize. This process takes a few minutes, and you will not be able to follow step 1 until it is finished.

(Optional) Download a local copy of the PowerProtect Data Manager virtual appliance license file.

About this task

Perform the following steps from a host that has access to the PowerProtect Data Manager virtual appliance. Performing these steps and having them applied takes approximately 10 minutes.

Steps

1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:

https://appliance_hostname NOTE: You can specify the hostname or the IP address of the appliance.

2. If an SSL certificate warning page appears with the message Your connection is not private, click Advanced, and then click Proceed to hostname_or_ip_address (unsafe).

3. On the Welcome pane, perform the following actions:

a. To set up PowerProtect Data Manager as a new installation, select New Install. b. To perform a disaster recovery, select Restore Backup. c. Click Next.

4. On the License pane, perform the following actions:

NOTE: If the license was already applied, review the license information and then click Next.

a. In the License Type field, select a type of license.

i. To use an evaluation license, select 90 days evaluation license.

A description of the license appears in the License File field. ii. To load a license, select License File > Choose File, and then browse to and select the license that you want to load.

4

Configuration 23

iii. To copy the contents of the license file, select Plain Text and then copy the contents of the license file into the Plain Text field.

b. Click Next.

5. In the Authentication pane, perform the following actions:

The Use same password for all option is selected by default. PowerProtect Data Manager uses the same password for admin, services, and lockbox accounts.

a. Optionally, clear the Use same password for all option.

If you leave the Use same password for all option selected, in the Enter a new password and Renter password to confirm fields, specify a password.

If you clear the Use same password for all option, in the Enter a new password and Renter password to confirm fields, specify individual passwords for the administrative, services, and lockbox accounts.

Ensure that the password meets the following requirements:

a minimum of nine characters and a maximum of one hundred characters at least one numeric character (0-9) at least one uppercase character (A-Z) at least one lowercase character (a-z) at least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:'";,./<>?

b. Click Next.

6. In the System Settings pane, perform the following actions:

a. In the Current Timezone list box, select the time zone where the system is physically located. b. To add an NTP server, click Add. c. In the Server IP Address field, specify the NTP server IP address. d. Click Add. e. To change the list of NTP servers, click Edit or Delete. f. Click Next.

7. In the Email Setup - Optional pane, perform the following actions:

a. In the Mail Server field, specify the SMTP server IP address. b. In the Email From field, specify the administrator email address. c. In the Recipient for Test Email field, specify the recipient email address. d. In the Port field, specify the TCP port to connect to the SMTP server. e. In the Username field, specify the mail username. f. In the Password field, specify the mail password. g. To send a test email to the specified IP address, click Send Test Email. h. To acknowledge the test email was successfully sent, click OK. i. To send diagnostic and usage data to Dell EMC for proactive support and to help improve our products and services, switchAuto

Support to ON.

When enabling auto support, click View Terms to review the telemetry software terms. Scroll down to click Accept to finish enabling auto support, or Decline to disable auto support.

j. Click Next.

NOTE: Email Server Setup is required before performing a local user password reset and sending customized alert

notifications.

8. In the Summary pane, review the configuration choices, and then click Done.

Next steps

Getting Started provides information.

24 Configuration

Configure network traffic rules Once the PowerProtect Data Manager EC2 instance is deployed, it is recommended to change the default network traffic rules that allow all inbound and outbound connections.

About this task

NOTE: Even if you specified a port range during the deployment of the PowerProtect Data Manager EC2 instance,

outbound ports will remain unrestricted unless the outbound rules are changed.

Steps

1. From the EC2 Instance Management Console, click the security group shown after Security groups, and select either Actions > Edit inbound rules or Actions > Edit inbound rules.

2. From either the Edit inbound rules pane or the Edit outbound rules pane, change specific network traffic rules.

NOTE: For more information, see the PowerProtect Data Manager Security Configuration Guide

CAUTION: Do not use IP addresses that belong to the 172.24.0.192/26 subnet. IP addresses in the 172.24.0.192

172.24.0.255 range are used for Docker network configuration, and unexpected results can occur if they are also

used by PowerProtect Data Manager.

Configuring DDVE and storage For information on how to configure DDVE and storage, see the following publications that are available at Dell EMC Online Support:

Power Protect DD Virtual Edition on Amazon Web Services Installation and Administration Guide PowerProtect Data Manager Administration and User Guide

Configuring and monitoring system health For information on how to configure and monitor system health, and how to configure and monitor alerts, jobs, and tasks, see the PowerProtect Data Manager Administration and User Guide at Dell EMC Online Support

Configuring disaster recovery PowerProtect Data Manager can be configured to automatically back up critical servers on a periodic basis. This protects your infrastructure from catastrophic data loss.

It is recommended to enable DD MTree replication on a local DDVE instance so that the disaster-recovery data is replicated to a DDVE instance in a different region or Availability Zone. Such an infrastructure enhances existing data-protection schemes.

When configured, the Recovery Point Objective (RPO) of ServerDR backups is a maximum of one hour, and the Recovery Time Objective (RTO) of ServerDR is approximately 45 minutes, depending on the amount of data recovered. Even if PowerProtect Data Manager ServerDR backups are up to an hour old, the system will attempt to synchronize any backups that occurred between the last backup and the time of failure.

For more information about how to prepare for and recover from a disaster, see the PowerProtect Data Manager Administration and User Guide at Dell EMC Online Support:

Deploying Secure Remote Services to AWS To deploy Secure Remote Services (SRS) to AWS, you must perform one of the following actions:

Deploy an SRS virtual appliance in VMC to AWS. Deploy an SRS container in a Linux or Windows host that is using Docker to AWS.

For more information, see the Secure Remote Services Installation Guide at Dell EMC Online Support

Configuration 25

Using SSH You can use SSH to access the PowerProtect Data Manager virtual appliance on AWS.

PowerProtect Data Manager for AWS does not support password-based SSH a

Manualsnet FAQs

If you want to find out how the 19.5 Dell works, you can view and download the Dell PowerProtect 19.5 Data Manager AWS Deployment Guide on the Manualsnet website.

Yes, we have the AWS Deployment Guide for Dell 19.5 as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The AWS Deployment Guide should include all the details that are needed to use a Dell 19.5. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell PowerProtect 19.5 Data Manager AWS Deployment Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell PowerProtect 19.5 Data Manager AWS Deployment Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell PowerProtect 19.5 Data Manager AWS Deployment Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell PowerProtect 19.5 Data Manager AWS Deployment Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.5 Data Manager AWS Deployment Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.