- Manuals
- Brands
- Dell
- Data Manager
- 19.6
- Azure Deployment Guide
Dell PowerProtect 19.6 Data Manager Azure Deployment Guide PDF
Summary of Content for Dell PowerProtect 19.6 Data Manager Azure Deployment Guide PDF
PowerProtect Data Manager Azure Deployment Guide
Version 19.6
January 2021 Rev. 02
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
Preface.........................................................................................................................................................................................4
Chapter 1: Getting Started............................................................................................................ 7 Introducing PowerProtect Data Manager software....................................................................................................7 Audience.................................................................................................................................................................................7 PowerProtect Data Manager for Azure......................................................................................................................... 8 PowerProtect Data Manager and DDVE........................................................................................................................8 Azure data-transfer costs................................................................................................................................................. 8 Architecture overview........................................................................................................................................................9 References...........................................................................................................................................................................12 Terminology......................................................................................................................................................................... 12 Accessing the PowerProtect Data Manager UI..........................................................................................................13
The Getting Started page.......................................................................................................................................... 14 UI tools and options ....................................................................................................................................................14
Chapter 2: Installation Prerequisites............................................................................................ 17 PowerProtect Data Manager interoperability............................................................................................................. 17 Microsoft application agent and Oracle RMAN agent interoperability................................................................. 17 Networking interopability................................................................................................................................................. 17 Preparing your environment to deploy PowerProtect Data Manager to Azure................................................. 18
General requirements.................................................................................................................................................. 18 Resources assigned..................................................................................................................................................... 19
Chapter 3: Deploying PowerProtect Data Manager to Azure........................................................ 20 Deploy PowerProtect Data Manager to Azure.......................................................................................................... 20
Chapter 4: Configuration.............................................................................................................23 Configure the PowerProtect Data Manager virtual appliance............................................................................... 23 Configure network traffic rules..................................................................................................................................... 25 Configuring DDVE and storage...................................................................................................................................... 25 Configuring and monitoring system health................................................................................................................. 25 Configuring disaster recovery........................................................................................................................................ 25 Deploying Secure Remote Services to Azure.............................................................................................................25 Using SSH........................................................................................................................................................................... 26
Contents
Contents 3
Preface As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.
If a product does not function correctly or does not function as described in this document, contact a technical support professional.
NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this document,
go to the Support website https://www.dell.com/support.
Data Domain (DD) is now PowerProtect DD. References to Data Domain or Data Domain systems in this documentation, in
the user interface, and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many
cases the user interface has not yet been updated to reflect this change.
Purpose This guide describes how to deploy the PowerProtect Data Manager software to Microsoft Azure.
Audience This document is intended for the system administrator who will deploy the PowerProtect Data Manager software.
Revision history The following table presents the revision history of this document.
Table 1. Revision history
Revision Date Description
02 January 22, 2020 Added the section "Networking interoperability."
01 October 27, 2020 Initial release of this document for PowerProtect Data Manager version 19.6.
Related documentation The following publications are available at Dell EMC Online Support and provide additional information:
PowerProtect Data Manager Administration and User GuideDescribes how to configure the software. PowerProtect Data Manager Deployment GuideDescribes how to deploy the software. PowerProtect Data Manager Release NotesContains information on new features, known limitations, environment, and
system requirements for the software. PowerProtect Data Manager Security Configuration GuideContains security information. PowerProtect Data Manager AWS Deployment GuideDescribes how to deploy the software to Amazon Web Services
(AWS). PowerProtect Data Manager Azure Deployment GuideDescribes how to deploy the software to Microsoft Azure. PowerProtect Data Manager GCP Deployment GuideDescribes how to deploy the software to Google Cloud Platform
(GCP). PowerProtect Data Manager Cloud Disaster Recovery Administration and User GuideDescribes how to deploy Cloud DR,
protect VMs in the AWS or Azure cloud, and run recovery operations. PowerProtect Data Manager for Cyber Recovery User GuideDescribes how to install, upgrade, patch, and uninstall the
Dell EMC PowerProtect Cyber Recovery software.
4 Preface
PowerProtect Data Manager for File System Agent User GuideDescribes how to configure and use the software with the File System agent for file system data protection.
PowerProtect Data Manager for Microsoft Application Agent Exchange Server User GuideDescribes how to configure and use the software in a Microsoft Exchange Server environment.
PowerProtect Data Manager for Microsoft Application Agent SQL Server User GuideDescribes how to configure and use the software in a Microsoft SQL Server environment.
PowerProtect Data Manager for Oracle RMAN Agent User GuideDescribes how to configure and use the software in an Oracle Server environment.
PowerProtect Data Manager for SAP HANA Agent User GuideDescribes how to configure and use the software in an SAP HANA Server environment.
PowerProtect Data Manager for Storage Direct Agent User GuideDescribes how to configure and use the software with the Storage Direct agent to protect data on VMAX storage arrays through snapshot backup technology.
PowerProtect Data Manager API documentation: https://developer.dellemc.comContains the PowerProtect Data Manager APIs and includes tutorials to guide to you in their use.
Typographical conventions The following type style conventions are used in this document:
Table 2. Style conventions
Formatting Description
Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.
Italic Used for full titles of publications that are referenced in text.
Monospace Used for: System code System output, such as an error message or script Pathnames, file names, file name extensions, prompts, and syntax Commands and options
Monospace italic Used for variables.
Monospace bold Used for user input.
[ ] Square brackets enclose optional values.
| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.
{ } Braces enclose content that the user must specify, such as x, y, or z.
... Ellipses indicate non-essential information that is omitted from the example.
You can use the following resources to find more information about this product, obtain support, and provide feedback.
Where to find product documentation https://www.dell.com/support https://www.dell.com/community
Where to get support The Support website https://www.dell.com/support provides access to product licensing, documentation, advisories, downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Support.
To access a product-specific page:
Preface 5
1. Go to https://www.dell.com/support. 2. In the search box, type a product name, and then from the list that appears, select the product.
Knowledgebase The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by keyword.
To search the Knowledgebase:
1. Go to https://www.dell.com/support. 2. On the Support tab, click Knowledge Base. 3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by
typing a product name in the search box, and then selecting the product from the list that appears.
Live chat To participate in a live interactive chat with a support agent:
1. Go to https://www.dell.com/support. 2. On the Support tab, click Contact Support. 3. On the Contact Information page, click the relevant support, and then proceed.
Service requests To obtain in-depth help from Licensing, submit a service request. To submit a service request:
1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests.
NOTE: To create a service request, you must have a valid support agreement. For details about either an account or
obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the
Service Request Number field, type the service request number, and then click the right arrow.
To review an open service request:
1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests. 3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.
Online communities For peer contacts, conversations, and content on product support and solutions, go to the Community Network https:// www.dell.com/community. Interactively engage with customers, partners, and certified professionals online.
How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPAD.Doc.Feedback@emc.com.
6 Preface
Getting Started
Topics:
Introducing PowerProtect Data Manager software Audience PowerProtect Data Manager for Azure PowerProtect Data Manager and DDVE Azure data-transfer costs Architecture overview References Terminology Accessing the PowerProtect Data Manager UI
Introducing PowerProtect Data Manager software PowerProtect Data Manager software is an enterprise solution that provides software-defined data protection, deduplication, operational agility, self-service, and IT governance.
PowerProtect Data Manager enables the transformation from traditional centralized protection to an IT-as-a-service model based on a self-service design. This design ensures that you can enforce compliance and other business rules, even when backup responsibilities are decentralized to individual database administrators and application administrators.
PowerProtect Data Manager key features include:
Software-defined data protection with integrated deduplication, replication, and reuse Data backup and recovery self-service operations from native applications that are combined with central IT governance Multicloud optimization with integrated cloud tiering SaaS-based monitoring and reporting Modern services-based architecture for ease of deployment, scaling, and upgrading
PowerProtect Data Manager integrates multiple data protection products within the Dell EMC Data Protection portfolio to enable data protection as a service, which:
Enables the data protection team to create data paths with provisioning, automation, and scheduling to embed protection engines into the infrastructure for high-performance backup and recovery.
Enables backup administrators of large-scale environments to schedule Microsoft SQL and Oracle backups from a central location on the PowerProtect Data Manager server.
Uses an agent-based approach to discover the protected and unprotected databases on an application server. Enables governed self-service and centralized protection by:
Monitoring and enforcing Service Level Objectives (SLOs). Identifying violations of Recovery Point Objectives (RPOs). Applying retention locks on backups that are created using the Microsoft application agent and Oracle RMAN agent.
Provides a RESTful interface that allows the user to monitor, configure, and orchestrate Power Protect Data Manager. Customers can use the APIs to integrate their own automation framework or quickly write new scripts with the help of easy-to-follow tutorials.
Audience This guide is intended for administrators who want to deploy PowerProtect Data Manager to a Microsoft Azure cloud in order to protect application hosts by backing up their application data.
Administrators should be familiar with the following Azure-related technology and concepts:
The Azure Marketplace
1
Getting Started 7
Virtual machines and appliances Storage Virtual networks The Azure Resource Manager
Azure documentation and Azure Resource Manager documentation provides more information about Microsoft Azure.
PowerProtect Data Manager for Azure You use a Microsoft Azure Resource Manager (ARM) template to deploy PowerProtect Data Manager to a virtual appliance in an Azure cloud. This virtual appliance has PowerProtect Data Manager installed on it.
PowerProtect Data Manager for Azure provides protection for cloud-based assets such as the following:
Oracle, SQL, and SAP HANA databases Kubernetes clusters deployed to Azure
NOTE: If you use SAP HANA, ensure the Azure virtual machine hosting the agent has its fully qualified domain name
(FQDN) added to its/etc/hosts file. For more information, see the PowerProtect Data Manager for SAP HANA Agent
User Guide at Dell EMC Online Support.
Azure documentation and Azure Resource Manager documentation provides more information about Microsoft Azure.
PowerProtect Data Manager and DDVE In order to function in an Azure environment, PowerProtect Data Manager requires that Data Domain Virtual Edition (DDVE) also be present.
DDVE is a software-only protection storage appliance: a virtual deduplication appliance that provides data protection for entry, enterprise, and service-provider environments. Like any Data Domain (DD) system, DDVE is always paired with backup software.
When you deploy PowerProtect Data Manager to Azure, DDVE can be deployed to Azure at the same time. You can also deploy DDVE to Azure outside of the PowerProtect Data Manager deployment process. For more information, see PowerProtect DD Virtual Edition in Azure Installation and Administration Guide at Dell EMC Online Support.
Azure data-transfer costs Microsoft charges a monthly fee based on the amount and types of data transferred by PowerProtect Data Manager and DDVE in an Azure cloud.
Consider the following information when planning your Azure architecture:
Most of the data that is transferred in an Azure cloud occurs between the hosts being protected and DDVE. If Kubernetes is being used, data is also transferred between the protection engine hosts and DDVE. Microsoft does not have data-transfer fees for hosts that are in the same region. For current details of all Microsoft data-transfer costs and other fees, see Bandwidth Pricing Details and the Pricing
Calculator.
NOTE: To minimize data-transfer costs, minimize the path that data transfers take by using as few availability zones and
regions as possible.
An example of data transfer
The following items describe a possible data-protection scenario where the hosts being protected and storage are in different regions:
Outbound data transfers in the Central US region Twenty 100 GB databases that each have a daily change rate of 5 percent Weekly full backups Daily incremental backups and archived-log backups An average deduplication ratio of 2:1 for initial full backups and for incremental backups
8 Getting Started
An average deduplication ratio of between 20:1 and 30:1 for subsequent full backups
This data-protection scenario would result in approximately 3,600 GB of data transfer in the first month.
NOTE: Different regions have different data-transfer costs.
Architecture overview Access PowerProtect Data Manager and DDVE is managed by Virtual Network (Vnet) service endpoints and their policies, as well as by network and application security groups. DDVE uses blob containers to store the backed up data of virtual appliances and virtual machines deployed to Azure. For more information about this, see the following Microsoft articles:
Virtual network service endpoint policies for Azure Storage Network security groups Application security groups Quickstart: Upload, download, and list blobs with the Azure portal
PowerProtect Data Manager deploys with a private IP address. For access from an external site, configure a VPN connection.
The following diagram represents the basic architecture of PowerProtect Data Manager on Azure. The diagram shows a possible distribution of PowerProtect Data Manager and DDVE in one private subnet, and application hosts in another.
NOTE: For security considerations, deploy PowerProtect Data Manager and DDVE to a private subnet.
Getting Started 9
Figure 1. Basic PowerProtect Data Manager architecture
Sensitive PowerProtect Data Manager data, such as passwords, is encrypted and stored in a lockbox. For more information about PowerProtect Data Manager security, see the PowerProtect Data Manager Security Configuration Guide at Dell EMC Online Support.
Control and Data Paths
The following diagram shows the transfer of data between PowerProtect Data Manager and DDVE and application hosts. This network traffic composes the majority of data transferred in an Azure cloud.
10 Getting Started
Figure 2. Paths
DDVE and the replication of data between private subnets.
The following diagram shows the replication of data between private subnets as well as the transfer of data during regular operations. It also shows application hosts distributed between public and private subnets.
NOTE: To deploy additional instances of DDVE to Azure outside of the PowerProtect Data Manager deployment process,
see the PowerProtect DD Virtual Edition in Azure Installation and Administration Guide at Dell EMC Online Support
Getting Started 11
Figure 3. Replication
PowerProtect Data Manager policies and DDVE
If a different DDVE instance is in each region or availability zone, ensure that PowerProtect Data Manager policies are configured to protect all the hosts in the same region or availability zone as each DDVE instance.
References Some procedures in this document reference other publications for detailed procedures.
For additional information, see the following publications that are available at Dell EMC Online Support:
PowerProtect Data Manager Security Configuration Guide PowerProtect Database Application Agent Installation and Administration Guide PowerProtect Data Manager for Microsoft Application Agent Exchange Server User Guide PowerProtect Microsoft Application Agent Installation Guide PowerProtect Data Manager for Microsoft Application Agent SQL Server User Guide PowerProtect Data Manager for Oracle RMAN Agent User Guide PowerProtect Storage Direct Agent Installation and Administration Guide PowerProtect Storage Direct Primary and Protection Storage Configuration Guide PowerProtect Storage Direct Solutions Guide PowerProtect DD Virtual Edition in Azure Installation and Administration Guide
Terminology Familiarize yourself with the terminology that is used in the PowerProtect Data Manager user interface and documentation.
The following table provides more information about names and terms you should know to use PowerProtect Data Manager:
12 Getting Started
Table 3. Term list
Term Description
Application Agent Application Agents are installed on application or database host servers to manage protection using PowerProtect Data Manager. These Agents are commonly known as DDBoost Enterprise Agents (DDBEA) for databases and applications.
Application Aware Virtual machine protection policy that includes additional application-aware data protection for Microsoft SQL Servers. An application-aware virtual machine protection policy provides the ability to quiesce the application during virtual machine image backup to perform a full backup of SQL databases. You can also schedule SQL server log backups for the virtual machines in the policy.
Asset Assets are objects in PowerProtect Data Manager for which you want to manage protection, including VMs, databases, and file systems.
Asset Source Assets that PowerProtect Data Manager protects reside within Asset Sources, which include vCenter Servers, application or database hosts, and file servers.
Cloud Tier Storage Cloud Tier storage can be added to an external DD system to expand the DD deduplication storage capacity onto less expensive object storage in public or private object storage clouds, including Dell EMC secure Elastic Cloud Storage appliances.
Copy A PowerProtect Data Manager copy is a point-in-time backup copy of an Asset.
Copy Map The PowerProtect Data Manager Copy Map is a visual representation of backup copy locations on your Protection Storage and is available for all protected Assets that have copies.
Discovery Discovery is an internal process that scans Asset Sources to find new assets to protect and scans infrastructure components to monitor their health and status.
Instant Access PowerProtect Data Manager VM backup copies can be accessed, mounted, and booted directly from the Protection Storage targets as running VMs. Copies can also be moved to a production VMware datastore using vMotion. PowerProtect Data Manager VM application-aware backup copies can be mounted directly from the Protection Storage targets as running SQL databases, which includes the ability to roll forward log backups. These SQL database disks can also be moved to a production VMware datastore using vMotion.
Power Protect Data Manager Agent
An agent that is included in PowerProtect Data Manager and installed on each application agent host server so that you can monitor and manage the application agent through PowerProtect Data Manager.
Protection Policy Protection Policies configure and manage the entire life cycle of backup data, which includes backup type, assets, backup start/stop time, backup device, and backup retention.
Service Level Agreement (SLA)
An optional policy that you can layer on top of a Protection Policy. An SLA performs additional checks on protection activities to ensure that protection goals meet the standards that your organization requires. SLAs are made up of one or more Service Level Objectives.
Service Level Objectives (SLOs)
Definable rules that set the criteria for Recovery Point Objectives (RPOs), encryption, and locations of backups according to your company requirements.
Accessing the PowerProtect Data Manager UI PowerProtect Data Manager provides a web-based user interface (UI) that you can use to manage and monitor system features and settings from any location over a network.
Steps
1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:
https://<appliance_hostname> NOTE: You can specify the hostname or the IP address of the appliance.
2. Log in with your username and password.
Getting Started 13
The Getting Started page appears. The left pane provides links to the available menu items. Expand a menu item for more options. The icons in the PowerProtect Data Manager banner provide additional options.
The Getting Started page
The Getting Started page provides configuration options that are required when the system is first deployed.
The Getting Started page appears upon first deployment of PowerProtect Data Manager and opens to this page by default until you click Skip This.
You can access the Getting Started page at any time by selecting System Settings > Getting Started.
CAUTION: Although displayed, some configuration options are not supported in Azure deployments of
PowerProtect Data Manager. Attempting to configure these resources might cause unexpected results.
Table 4. PowerProtect Data Manager Getting Started menu items
Options Description
Support View and configure Secure Remote Services (SRS), Email Setup, Auto Support, Logs, and System Health.
Disaster Recovery Backup Configure and manage backups for disaster recovery.
VMware vCenter Opens the Infrastructure > Asset Sources page where you can add a vCenter instance as an asset source so that it can be added to a protection policy.
NOTE: VMware vCenter is not supported.
Protect Assets Opens the Protection Policies page where you can manage Protection Life Cycle workflows for all asset types.
UI tools and options
Learn about the available tools in the user interface (UI).
PowerProtect Data Manager UI tools
CAUTION: Although displayed, some tools are not supported in Azure deployments of PowerProtect Data
Manager. Using these tools might cause unexpected results.
Table 5. PowerProtect Data Manager tools
Menu item Description
Dashboard
Provides a high-level view of the overall state the PowerProtect Data Manager system and includes the following information: AlertsSystem alerts ProtectionDetails about protection policies JobsStatus of all Jobs that are filtered by a selected time period or status type. Select
the status in the Jobs pane to open the Jobs window, where you can manage jobs, search, and view details.
PolicyDetails include number of successes, failures, and excluded assets for each asset type
Protection StorageProtection storage usage statistics RecoveryRecovery statistics HealthDetails about the health of the system, including services, licenses, support,
protection engines, server backups, and uptime PowerProtect Data Manager refreshes the data hourly unless you run an ad hoc discovery.
14 Getting Started
Table 5. PowerProtect Data Manager tools (continued)
Menu item Description
Infrastructure
Click Infrastructure to: View and manage all assets:
VMware virtual machines File systems VMAX storage Groups Kubernetes clusters Microsoft Exchange and SQL databases Oracle databases SAP HANA databases
Add vCenter and application and File System host asset sources. View and manage Integrated Storage. Add a VM Direct appliance with the VM Direct protection engine for virtual machine data
protection.
NOTE: VM Direct appliances are not supported.
Manage registration of Oracle RMAN agent, Microsoft application agent, SAP HANA agent, and File System agent.
View and manage Cloud Disaster Recovery.
NOTE: Cloud Disaster Recovery is not supported.
Create and manage a Search Cluster.
NOTE: Search Clusters are not supported.
Protection
Click Protection to: Add protection policies to back up assets. Manage Service Level Agreements (SLAs). Add, edit, and delete Dynamic Groups for assets.
Recovery
Click Recovery to: View asset copy location details and initiate a Restore operation. Manage Instant Access Sessions. Use the File Search feature to find and restore virtual machine file copies.
Alerts
Click Alerts to: View and acknowledge alerts and events. View and examine Audit logs. Export audit logs to CSV files. Set audit log boundaries.
Administration
Click Administration to: Configure users and roles. Set password credentials and manage key chains. View certificates. Configure alert notifications. Add LDAP Identity Sources.
Jobs
Click Jobs to manage jobs, view by protection or system, filter, and view details.
Reporting
Click Reporting to log in to PowerProtect Central.
Getting Started 15
Banner UI options
The following table describes the icons that are located in the PowerProtect Data Manager banner.
Table 6. Banner UI options
Option Description
Click to enter search criteria to find assets, jobs, logs, and alerts.
Click to see recent alerts.
Click to restore assets from replicated copies through quick recovery. This icon only appears when this system receives replicated metadata from a source system.
Click to configure and manage PowerProtect Data Manager system network, time zone, and NTP settings, DR backups, security, licenses, upgrades, authentication, agent downloads, and support, and to access the Getting Started page.
Click to log out, and log in as a different user.
Click to see PowerProtect Data Manager version information.
Click to obtain more information about PowerProtect Data Manager, access Dell EMC Support, or view the REST API documentation.
Click to launch Cloud Snapshot Manager.
16 Getting Started
Installation Prerequisites
Topics:
PowerProtect Data Manager interoperability Microsoft application agent and Oracle RMAN agent interoperability Networking interopability Preparing your environment to deploy PowerProtect Data Manager to Azure
PowerProtect Data Manager interoperability PowerProtect Data Manager integrates multiple data protection products within the Dell EMC Data Protection portfolio to enable data protection as a service. PowerProtect Data Manager enables new data paths with provisioning, automation, and scheduling that enable a data protection team to embed protection engines into the infrastructure for high-performance backup and recovery.
NOTE: PowerProtect Data Manager for Azure is only compatible with Data Domain Virtual Edition (DDVE) 6.0.
This section includes several tables that list the supported software and hardware configurations for an PowerProtect Data Manager deployment for each direct data path.
Microsoft application agent and Oracle RMAN agent interoperability The Microsoft application agent and Oracle RMAN agent enable an application administrator to protect and recover data on a SQL Server host and Oracle server host. PowerProtect Data Manager integrates with the Microsoft application agent and Oracle RMAN agent to check and monitor the backup compliance against protection policies. PowerProtect Data Manager also supports central scheduling for backups.
You can install the Microsoft application agent or Oracle RMAN agent on the host that you plan to protect by using the installation instructions that are provided in the PowerProtect Data Manager Administration and User Guide.
NOTE: The most up-to-date software compatibility information for the PowerProtect Data Manager software
and application agents is provided in the E-Lab Navigator, available at https://elabnavigator.emc.com/eln/
modernHomeDataProtection.
Table 7. Microsoft application agent and Oracle RMAN agent support matrix
Product Supported versions
Microsoft application agent Refer to the E-Lab Navigator.
Oracle RMAN agent Refer to the E-Lab Navigator.
Networking interopability This section details PowerProtect Data Manager on Azure networking interoperability and requirements.
Required DNS configuration
You must configure a DNS server to be used for name resolution of hosts in the PowerProtect Data Manager-on-Azure network.
2
Installation Prerequisites 17
Forward and reverse lookups are required for the following hosts:
the PowerProtect Data Manager instance all DDVE instances
Ensure you set this DNS server as the primary DNS server for the PowerProtect Data Manager instance once it has been deployed. For more information, see the PowerProtect Data Manager Administration and User Guide.
Required network traffic rules
PowerProtect Data Manager requires inbound and outbound traffic between it and the primary DNS server. To configure PowerProtect Data Manager traffic rules on an instance after it has been deployed, see Configure network traffic rules on page 25.
Preparing your environment to deploy PowerProtect Data Manager to Azure The following sections provide general guidelines to deploy PowerProtect Data Manager to Azure.
The guidelines are as follows:
1. For a secure login to PowerProtect Data Manager, create a key access pair. For instructions, see Detailed Steps: Create and Manage SSH Keys for Authentication to a Linux VM in Azure.
2. Set up the network environment.
For secure access to the PowerProtect Data Manager on Azure, it is recommended that you use the Virtual Private Cloud (VPC) architecture provided by Azure. Set up and configure the following components:
The VPC A subnet Routing tables Security groups A network access control list
General requirements
Review the general requirements for deploying PowerProtect Data Manager to Azure.
Create an Azure account
To deploy PowerProtect Data Manager to Azure, you must have an Azure account. To set up an account, navigate to https:// azure.microsoft.com. For information about creating an Azure account, see Create an Azure Account.
Security and operational best practices
The following links provide more information:
Security Best Practices for Azure Solutions Cluster Operator and Developer Best Practices to Build and Manage Applications on Azure Kubernetes Service (AKS)
Azure service limits and restrictions
The following links provide more information about Azure service limits and restrictions:
Azure Subscription and Service Limits, Quotas, and Constraints Azure AD Service Limits and Restrictions Naming Rules and Restrictions for Azure Resources
18 Installation Prerequisites
Resources assigned
Learn the system resources assigned to PowerProtect Data Manager (PPDM) in an Azure environment.
NOTE: These system resources belong to the required D8s_v3 PPDM instance type.
8 CPU cores 32 GB of RAM 16 data disks 12,800 IOPS 64 GB of temporary storage One 1-GB NIC
NOTE: These resources cannot be changed. If they are insufficient for a required protection workload, multiple PPDM
instances can be deployed.
Installation Prerequisites 19
Deploying PowerProtect Data Manager to Azure
Topics:
Deploy PowerProtect Data Manager to Azure
Deploy PowerProtect Data Manager to Azure Use this method to deploy PowerProtect Data Manager to Azure.
About this task
Performing the following steps takes approximately 25 minutes. After PowerProtect Data Manager is deployed, it must be configured. Configuring PowerProtect Data Manager takes approximately 10 minutes. For more information on configuring PowerProtect Data Manager, see Configure the PowerProtect Data Manager virtual appliance on page 23.
Steps
1. In a browser, navigate to https://portal.azure.com.
2. Log in to the Azure account.
3. From the Home > Marketplace > Get Started pane, select Search the Marketplace and search for and select Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions.
4. Click Create.
5. From the Home > Marketplace > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > Basics pane, provide the project and instance details.
Table 8. Infrastructure Configuration
Parameters Description
Subscription The subscription to use.
Resource group Select the resource group to use, or click Create New. NOTE: If you select a resource group, it must be empty. For more information about creating resource groups, see Manage Azure Resource Manager Resource Groups by Using the Azure Portal.
Region The region where both PowerProtect Data Manager and DDVE will be deployed.
6. Click Next: Infrastructure Configuration.
7. From the Home > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > Infrastructure Configuration pane, configure the virtual networks and storage account.
Table 9. Infrastructure Configuration
Parameters Description
Virtual network Select the virtual network that both PPDM and DDVE will be deployed to, or click Create New.
NOTE: For more information about creating virtual networks, see What Is Azure Virtual Network?
Subnet The subnet to which PPDM and DDVE will be deployed.
3
20 Deploying PowerProtect Data Manager to Azure
Table 9. Infrastructure Configuration (continued)
Parameters Description
NOTE: It is recommended that you deploy PPDM and DDVE to a private subnet. If you create a virtual network from the Azure portal, a subnet will be created and used automatically.
Diagnostics Storage Account Select the diagnostics storage account to use for both PPDM and DDVE, or click Create New.
8. Click Next: PPDM Configuration.
9. From the Home > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > PPDM Configuration pane, configure PowerProtect Data Manager.
Table 10. PPDM Configuration
Parameters Description
PPDM Version The desired PPDM version.
PPDM Name The hostname to assign to PPDM. This is limited to 10 alphanumeric characters.
PPDM VM Size The resources assigned to PPDM. This cannot be changed from the default of D8s_v3, which provides 8 CPU cores, 32 GB of RAM, 16 data disks, 12,800 IOPS, 64 GB of temporary storage, and one 1-GB NIC .
Admin User Name The username for administrator SSH access to PPDM. This cannot be root, admin, or support.
Admin Authentication Type Select either Password or SSH Public Key to determine how users are authenticated when using SSH.
NOTE: SSH public key authentication requires a password change after the first login.
Password Either enter the administrator password, or select the representation of an SSH public key.
Confirm Password
10. Click Next: DDVE on Hot Blob Configuration.
11. From the Home > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > DDVE on Hot Blob Configuration pane, configure DDVE.
Table 11. DDVE on Hot Blob Configuration
Parameters Description
Deploy DDVE Select Yes to deploy and launch a DDVE instance in the same subnet as PPDM. Select No to deploy only PPDM.
NOTE: You might choose to not deploy DDVE if you already have an instance deployed, or if you are performing PPDM-server disaster recovery.
DDVE Name The hostname to assign to DDVE. This is limited to 10 alphanumeric characters.
DDVE Name The hostname to assign to DDVE. This is limited to 10 alphanumeric characters.
DDVE VM Size The resources assigned to DDVE.
DDVE Capacity (TB) The capacity of the DDVE data disk.
DDVE admin user The username for administrator SSH access to DDVE. This cannot be changed from the default of sysadmin.
Sysadmin Authentication type
Select either Password or SSH Public Key to determine how users are authenticated when using SSH.
NOTE: SSH public key authentication requires a password change after the first login.
Password Either enter the administrator password, or select the representation of an SSH public key.
Deploying PowerProtect Data Manager to Azure 21
Table 11. DDVE on Hot Blob Configuration (continued)
Parameters Description
Confirm Password
12. Click Next: Review + create >.
13. From the Home > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > Review + create pane, click Create.
14. From the Home > Overview pane, wait until Your deployment is underway is replaced by Your deployment is complete.
NOTE: The deployment of PowerProtect Data Manager and DDVE can take up to 10 minutes.
22 Deploying PowerProtect Data Manager to Azure
Configuration
Topics:
Configure the PowerProtect Data Manager virtual appliance Configure network traffic rules Configuring DDVE and storage Configuring and monitoring system health Configuring disaster recovery Deploying Secure Remote Services to Azure Using SSH
Configure the PowerProtect Data Manager virtual appliance Once the PowerProtect Data Manager instance is deployed, it is referred to as a virtual appliance. After the virtual appliance is started, you must configure it. Note that this information also applies to any DDVE instance deployed at the same time as a PowerProtect Data Manager instance.
Prerequisites
Wait for the PowerProtect Data Manager virtual appliance to start and initialize. This process takes a few minutes, and you will not be able to follow step 1 until it is finished.
(Optional) Download a local copy of the PowerProtect Data Manager virtual appliance license file.
About this task
Perform the following steps from a host that has access to the PowerProtect Data Manager virtual appliance. Performing these steps and having them applied takes approximately 10 minutes.
Steps
1. From a host that has network access to the virtual appliance, use Google Chrome to connect to its private IP address:
https://<appliance_private_IP> NOTE: If you wish to connect to the appliance by its hostname, you must configure DNS. For more information, see
Name Resolution for Resources in Azure Virtual Networks.
2. If an SSL certificate warning page appears with the message Your connection is not private, click Advanced, and then click Proceed to hostname_or_ip_address (unsafe).
3. On the Welcome pane, perform the following actions:
a. To set up PowerProtect Data Manager as a new installation, select New Install. b. To perform a disaster recovery, select Restore Backup. c. Click Next.
4. On the License pane, perform the following actions:
NOTE: If the license was already applied, review the license information and then click Next.
a. In the License Type field, select a type of license.
i. To use an evaluation license, select 90 days evaluation license.
A description of the license appears in the License File field.
ii. To load a license, select License File > Choose File, and then browse to and select the license that you want to load.
4
Configuration 23
iii. To copy the contents of the license file, select Plain Text and then copy the contents of the license file into the Plain Text field.
b. Click Next.
5. In the Authentication pane, perform the following actions:
The Use same password for all option is selected by default. PowerProtect Data Manager uses the same password for admin, services, and lockbox accounts.
a. Optionally, clear the Use same password for all option.
If you leave the Use same password for all option selected, in the Enter a new password and Renter password to confirm fields, specify a password.
If you clear the Use same password for all option, in the Enter a new password and Renter password to confirm fields, specify individual passwords for the administrative, services, and lockbox accounts.
Ensure that the password meets the following requirements: a minimum of nine characters and a maximum of one hundred characters at least one numeric character (0-9) at least one uppercase character (A-Z) at least one lowercase character (a-z) at least one special character from the following list of acceptable characters:
~!@#$%^&*()_+`-={}|[]\:'";,./<>?
b. Click Next.
6. In the System Settings pane, perform the following actions:
a. In the Current Timezone list box, select the time zone where the system is physically located. b. To add an NTP server, click Add. c. In the Server IP Address field, specify the NTP server IP address. d. Click Add. e. To change the list of NTP servers, click Edit or Delete. f. Click Next.
7. In the Email Setup - Optional pane, perform the following actions:
a. In the Mail Server field, specify the SMTP server IP address. b. In the Email From field, specify the administrator email address. c. In the Recipient for Test Email field, specify the recipient email address. d. In the Port field, specify the TCP port to connect to the SMTP server. e. In the Username field, specify the mail username. f. In the Password field, specify the mail password. g. To send a test email to the specified IP address, click Send Test Email. h. To acknowledge the test email was successfully sent, click OK. i. To send diagnostic and usage data to Dell EMC for proactive support and to help improve our products and services,
switch Auto Support to ON.
When enabling auto support, click View Terms to review the telemetry software terms. Scroll down to click Accept to finish enabling auto support, or Decline to disable auto support.
j. Click Next.
NOTE: Email Server Setup is required before performing a local user password reset and sending customized alert
notifications.
8. In the Summary pane, review the configuration choices, and then click Done.
Next steps
Getting Started on page 7 provides information.
24 Configuration
Configure network traffic rules Once the PowerProtect Data Manager instance is deployed, it is recommended to change the default network traffic rules that allow all inbound and outbound connections.
About this task
NOTE: Even if you specified a port range during the deployment of the PowerProtect Data Manager instance, outbound
ports remain unrestricted unless you change the outbound rules.
Steps
1. From the Azure portal, navigate to Home > Virtual machines, and click the entry for the PowerProtect Data Manager virtual appliance.
2. From the pane for the virtual appliance, click Networking.
3. From the Network Interface pane, click either Inbound port rules or Outbound port rules, and change specific network traffic rules.
NOTE: For more information, see the PowerProtect Data Manager Security Configuration Guide
CAUTION: Do not use IP addresses that belong to the 172.24.0.192/26 subnet. IP addresses in the
172.24.0.192172.24.0.255 range are used for Docker network configuration, and unexpected results can
occur if they are also used by PowerProtect Data Manager.
Configuring DDVE and storage For information on how to configure DDVE and storage, see the following publications that are available at Dell EMC Online Support:
PowerProtect DD Virtual Edition in Azure Installation and Administration Guide PowerProtect Data Manager Administration and User Guide
Configuring and monitoring system health For information on how to configure and monitor system health, and how to configure and monitor alerts, jobs, and tasks, see the PowerProtect Data Manager Administration and User Guide at Dell EMC Online Support
Configuring disaster recovery PowerProtect Data Manager can be configured to automatically back up critical servers on a periodic basis. This protects your infrastructure from catastrophic data loss.
It is recommended to enable DD MTree replication on a local DDVE instance so that the disaster-recovery data is replicated to a DDVE instance in a different region. Such an infrastructure enhances existing data-protection schemes.
When configured, the RPO of ServerDR backups is a maximum of one hour, and the RTO of ServerDR is approximately 45 minutes, depending on the amount of data recovered. Even if PowerProtect Data Manager ServerDR backups are up to an hour old, the system will attempt to synchronize any backups that occurred between the last backup and the time of failure.
For more information about how to prepare for and recover from a disaster, see the PowerProtect Data Manager Administration and User Guide at Dell EMC Online Support:
Deploying Secure Remote Services to Azure To deploy Secure Remote Services (SRS) to Azure, you must deploy an SRS container in a Linux or Windows host that is using Docker to Azure.
Configuration 25
For more information, see the Secure Remote Services Installation Guide at Dell EMC Online Support
Using SSH You can use SSH to access the PowerProtect Data Manager virtual appliance on Azure.
PowerProtect Data Manager for Azure supports two methods of SSH access. You can use password-based SSH, or you can use
Related manuals for Dell PowerProtect 19.6 Data Manager Azure Deployment Guide
Manualsnet FAQs
If you want to find out how the 19.6 Dell works, you can view and download the Dell PowerProtect 19.6 Data Manager Azure Deployment Guide on the Manualsnet website.
Yes, we have the Azure Deployment Guide for Dell 19.6 as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.
The Azure Deployment Guide should include all the details that are needed to use a Dell 19.6. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.
The best way to navigate the Dell PowerProtect 19.6 Data Manager Azure Deployment Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.
This Dell PowerProtect 19.6 Data Manager Azure Deployment Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.
You can download Dell PowerProtect 19.6 Data Manager Azure Deployment Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.
To be able to print Dell PowerProtect 19.6 Data Manager Azure Deployment Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.6 Data Manager Azure Deployment Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.