Contents

Dell PowerProtect 19.6 Data Manager Azure Deployment Guide PDF

1 of 26
1 of 26

Summary of Content for Dell PowerProtect 19.6 Data Manager Azure Deployment Guide PDF

PowerProtect Data Manager Azure Deployment Guide

Version 19.6

January 2021 Rev. 02

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid

the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Preface.........................................................................................................................................................................................4

Chapter 1: Getting Started............................................................................................................ 7 Introducing PowerProtect Data Manager software....................................................................................................7 Audience.................................................................................................................................................................................7 PowerProtect Data Manager for Azure......................................................................................................................... 8 PowerProtect Data Manager and DDVE........................................................................................................................8 Azure data-transfer costs................................................................................................................................................. 8 Architecture overview........................................................................................................................................................9 References...........................................................................................................................................................................12 Terminology......................................................................................................................................................................... 12 Accessing the PowerProtect Data Manager UI..........................................................................................................13

The Getting Started page.......................................................................................................................................... 14 UI tools and options ....................................................................................................................................................14

Chapter 2: Installation Prerequisites............................................................................................ 17 PowerProtect Data Manager interoperability............................................................................................................. 17 Microsoft application agent and Oracle RMAN agent interoperability................................................................. 17 Networking interopability................................................................................................................................................. 17 Preparing your environment to deploy PowerProtect Data Manager to Azure................................................. 18

General requirements.................................................................................................................................................. 18 Resources assigned..................................................................................................................................................... 19

Chapter 3: Deploying PowerProtect Data Manager to Azure........................................................ 20 Deploy PowerProtect Data Manager to Azure.......................................................................................................... 20

Chapter 4: Configuration.............................................................................................................23 Configure the PowerProtect Data Manager virtual appliance............................................................................... 23 Configure network traffic rules..................................................................................................................................... 25 Configuring DDVE and storage...................................................................................................................................... 25 Configuring and monitoring system health................................................................................................................. 25 Configuring disaster recovery........................................................................................................................................ 25 Deploying Secure Remote Services to Azure.............................................................................................................25 Using SSH........................................................................................................................................................................... 26

Contents

Contents 3

Preface As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.

If a product does not function correctly or does not function as described in this document, contact a technical support professional.

NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this document,

go to the Support website https://www.dell.com/support.

Data Domain (DD) is now PowerProtect DD. References to Data Domain or Data Domain systems in this documentation, in

the user interface, and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many

cases the user interface has not yet been updated to reflect this change.

Purpose This guide describes how to deploy the PowerProtect Data Manager software to Microsoft Azure.

Audience This document is intended for the system administrator who will deploy the PowerProtect Data Manager software.

Revision history The following table presents the revision history of this document.

Table 1. Revision history

Revision Date Description

02 January 22, 2020 Added the section "Networking interoperability."

01 October 27, 2020 Initial release of this document for PowerProtect Data Manager version 19.6.

Related documentation The following publications are available at Dell EMC Online Support and provide additional information:

PowerProtect Data Manager Administration and User GuideDescribes how to configure the software. PowerProtect Data Manager Deployment GuideDescribes how to deploy the software. PowerProtect Data Manager Release NotesContains information on new features, known limitations, environment, and

system requirements for the software. PowerProtect Data Manager Security Configuration GuideContains security information. PowerProtect Data Manager AWS Deployment GuideDescribes how to deploy the software to Amazon Web Services

(AWS). PowerProtect Data Manager Azure Deployment GuideDescribes how to deploy the software to Microsoft Azure. PowerProtect Data Manager GCP Deployment GuideDescribes how to deploy the software to Google Cloud Platform

(GCP). PowerProtect Data Manager Cloud Disaster Recovery Administration and User GuideDescribes how to deploy Cloud DR,

protect VMs in the AWS or Azure cloud, and run recovery operations. PowerProtect Data Manager for Cyber Recovery User GuideDescribes how to install, upgrade, patch, and uninstall the

Dell EMC PowerProtect Cyber Recovery software.

4 Preface

PowerProtect Data Manager for File System Agent User GuideDescribes how to configure and use the software with the File System agent for file system data protection.

PowerProtect Data Manager for Microsoft Application Agent Exchange Server User GuideDescribes how to configure and use the software in a Microsoft Exchange Server environment.

PowerProtect Data Manager for Microsoft Application Agent SQL Server User GuideDescribes how to configure and use the software in a Microsoft SQL Server environment.

PowerProtect Data Manager for Oracle RMAN Agent User GuideDescribes how to configure and use the software in an Oracle Server environment.

PowerProtect Data Manager for SAP HANA Agent User GuideDescribes how to configure and use the software in an SAP HANA Server environment.

PowerProtect Data Manager for Storage Direct Agent User GuideDescribes how to configure and use the software with the Storage Direct agent to protect data on VMAX storage arrays through snapshot backup technology.

PowerProtect Data Manager API documentation: https://developer.dellemc.comContains the PowerProtect Data Manager APIs and includes tutorials to guide to you in their use.

Typographical conventions The following type style conventions are used in this document:

Table 2. Style conventions

Formatting Description

Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.

Italic Used for full titles of publications that are referenced in text.

Monospace Used for: System code System output, such as an error message or script Pathnames, file names, file name extensions, prompts, and syntax Commands and options

Monospace italic Used for variables.

Monospace bold Used for user input.

[ ] Square brackets enclose optional values.

| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.

{ } Braces enclose content that the user must specify, such as x, y, or z.

... Ellipses indicate non-essential information that is omitted from the example.

You can use the following resources to find more information about this product, obtain support, and provide feedback.

Where to find product documentation https://www.dell.com/support https://www.dell.com/community

Where to get support The Support website https://www.dell.com/support provides access to product licensing, documentation, advisories, downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Support.

To access a product-specific page:

Preface 5

1. Go to https://www.dell.com/support. 2. In the search box, type a product name, and then from the list that appears, select the product.

Knowledgebase The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by keyword.

To search the Knowledgebase:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Knowledge Base. 3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by

typing a product name in the search box, and then selecting the product from the list that appears.

Live chat To participate in a live interactive chat with a support agent:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Contact Support. 3. On the Contact Information page, click the relevant support, and then proceed.

Service requests To obtain in-depth help from Licensing, submit a service request. To submit a service request:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests.

NOTE: To create a service request, you must have a valid support agreement. For details about either an account or

obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the

Service Request Number field, type the service request number, and then click the right arrow.

To review an open service request:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests. 3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.

Online communities For peer contacts, conversations, and content on product support and solutions, go to the Community Network https:// www.dell.com/community. Interactively engage with customers, partners, and certified professionals online.

How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPAD.Doc.Feedback@emc.com.

6 Preface

Getting Started

Topics:

Introducing PowerProtect Data Manager software Audience PowerProtect Data Manager for Azure PowerProtect Data Manager and DDVE Azure data-transfer costs Architecture overview References Terminology Accessing the PowerProtect Data Manager UI

Introducing PowerProtect Data Manager software PowerProtect Data Manager software is an enterprise solution that provides software-defined data protection, deduplication, operational agility, self-service, and IT governance.

PowerProtect Data Manager enables the transformation from traditional centralized protection to an IT-as-a-service model based on a self-service design. This design ensures that you can enforce compliance and other business rules, even when backup responsibilities are decentralized to individual database administrators and application administrators.

PowerProtect Data Manager key features include:

Software-defined data protection with integrated deduplication, replication, and reuse Data backup and recovery self-service operations from native applications that are combined with central IT governance Multicloud optimization with integrated cloud tiering SaaS-based monitoring and reporting Modern services-based architecture for ease of deployment, scaling, and upgrading

PowerProtect Data Manager integrates multiple data protection products within the Dell EMC Data Protection portfolio to enable data protection as a service, which:

Enables the data protection team to create data paths with provisioning, automation, and scheduling to embed protection engines into the infrastructure for high-performance backup and recovery.

Enables backup administrators of large-scale environments to schedule Microsoft SQL and Oracle backups from a central location on the PowerProtect Data Manager server.

Uses an agent-based approach to discover the protected and unprotected databases on an application server. Enables governed self-service and centralized protection by:

Monitoring and enforcing Service Level Objectives (SLOs). Identifying violations of Recovery Point Objectives (RPOs). Applying retention locks on backups that are created using the Microsoft application agent and Oracle RMAN agent.

Provides a RESTful interface that allows the user to monitor, configure, and orchestrate Power Protect Data Manager. Customers can use the APIs to integrate their own automation framework or quickly write new scripts with the help of easy-to-follow tutorials.

Audience This guide is intended for administrators who want to deploy PowerProtect Data Manager to a Microsoft Azure cloud in order to protect application hosts by backing up their application data.

Administrators should be familiar with the following Azure-related technology and concepts:

The Azure Marketplace

1

Getting Started 7

Virtual machines and appliances Storage Virtual networks The Azure Resource Manager

Azure documentation and Azure Resource Manager documentation provides more information about Microsoft Azure.

PowerProtect Data Manager for Azure You use a Microsoft Azure Resource Manager (ARM) template to deploy PowerProtect Data Manager to a virtual appliance in an Azure cloud. This virtual appliance has PowerProtect Data Manager installed on it.

PowerProtect Data Manager for Azure provides protection for cloud-based assets such as the following:

Oracle, SQL, and SAP HANA databases Kubernetes clusters deployed to Azure

NOTE: If you use SAP HANA, ensure the Azure virtual machine hosting the agent has its fully qualified domain name

(FQDN) added to its/etc/hosts file. For more information, see the PowerProtect Data Manager for SAP HANA Agent

User Guide at Dell EMC Online Support.

Azure documentation and Azure Resource Manager documentation provides more information about Microsoft Azure.

PowerProtect Data Manager and DDVE In order to function in an Azure environment, PowerProtect Data Manager requires that Data Domain Virtual Edition (DDVE) also be present.

DDVE is a software-only protection storage appliance: a virtual deduplication appliance that provides data protection for entry, enterprise, and service-provider environments. Like any Data Domain (DD) system, DDVE is always paired with backup software.

When you deploy PowerProtect Data Manager to Azure, DDVE can be deployed to Azure at the same time. You can also deploy DDVE to Azure outside of the PowerProtect Data Manager deployment process. For more information, see PowerProtect DD Virtual Edition in Azure Installation and Administration Guide at Dell EMC Online Support.

Azure data-transfer costs Microsoft charges a monthly fee based on the amount and types of data transferred by PowerProtect Data Manager and DDVE in an Azure cloud.

Consider the following information when planning your Azure architecture:

Most of the data that is transferred in an Azure cloud occurs between the hosts being protected and DDVE. If Kubernetes is being used, data is also transferred between the protection engine hosts and DDVE. Microsoft does not have data-transfer fees for hosts that are in the same region. For current details of all Microsoft data-transfer costs and other fees, see Bandwidth Pricing Details and the Pricing

Calculator.

NOTE: To minimize data-transfer costs, minimize the path that data transfers take by using as few availability zones and

regions as possible.

An example of data transfer

The following items describe a possible data-protection scenario where the hosts being protected and storage are in different regions:

Outbound data transfers in the Central US region Twenty 100 GB databases that each have a daily change rate of 5 percent Weekly full backups Daily incremental backups and archived-log backups An average deduplication ratio of 2:1 for initial full backups and for incremental backups

8 Getting Started

An average deduplication ratio of between 20:1 and 30:1 for subsequent full backups

This data-protection scenario would result in approximately 3,600 GB of data transfer in the first month.

NOTE: Different regions have different data-transfer costs.

Architecture overview Access PowerProtect Data Manager and DDVE is managed by Virtual Network (Vnet) service endpoints and their policies, as well as by network and application security groups. DDVE uses blob containers to store the backed up data of virtual appliances and virtual machines deployed to Azure. For more information about this, see the following Microsoft articles:

Virtual network service endpoint policies for Azure Storage Network security groups Application security groups Quickstart: Upload, download, and list blobs with the Azure portal

PowerProtect Data Manager deploys with a private IP address. For access from an external site, configure a VPN connection.

The following diagram represents the basic architecture of PowerProtect Data Manager on Azure. The diagram shows a possible distribution of PowerProtect Data Manager and DDVE in one private subnet, and application hosts in another.

NOTE: For security considerations, deploy PowerProtect Data Manager and DDVE to a private subnet.

Getting Started 9

Figure 1. Basic PowerProtect Data Manager architecture

Sensitive PowerProtect Data Manager data, such as passwords, is encrypted and stored in a lockbox. For more information about PowerProtect Data Manager security, see the PowerProtect Data Manager Security Configuration Guide at Dell EMC Online Support.

Control and Data Paths

The following diagram shows the transfer of data between PowerProtect Data Manager and DDVE and application hosts. This network traffic composes the majority of data transferred in an Azure cloud.

10 Getting Started

Figure 2. Paths

DDVE and the replication of data between private subnets.

The following diagram shows the replication of data between private subnets as well as the transfer of data during regular operations. It also shows application hosts distributed between public and private subnets.

NOTE: To deploy additional instances of DDVE to Azure outside of the PowerProtect Data Manager deployment process,

see the PowerProtect DD Virtual Edition in Azure Installation and Administration Guide at Dell EMC Online Support

Getting Started 11

Figure 3. Replication

PowerProtect Data Manager policies and DDVE

If a different DDVE instance is in each region or availability zone, ensure that PowerProtect Data Manager policies are configured to protect all the hosts in the same region or availability zone as each DDVE instance.

References Some procedures in this document reference other publications for detailed procedures.

For additional information, see the following publications that are available at Dell EMC Online Support:

PowerProtect Data Manager Security Configuration Guide PowerProtect Database Application Agent Installation and Administration Guide PowerProtect Data Manager for Microsoft Application Agent Exchange Server User Guide PowerProtect Microsoft Application Agent Installation Guide PowerProtect Data Manager for Microsoft Application Agent SQL Server User Guide PowerProtect Data Manager for Oracle RMAN Agent User Guide PowerProtect Storage Direct Agent Installation and Administration Guide PowerProtect Storage Direct Primary and Protection Storage Configuration Guide PowerProtect Storage Direct Solutions Guide PowerProtect DD Virtual Edition in Azure Installation and Administration Guide

Terminology Familiarize yourself with the terminology that is used in the PowerProtect Data Manager user interface and documentation.

The following table provides more information about names and terms you should know to use PowerProtect Data Manager:

12 Getting Started

Table 3. Term list

Term Description

Application Agent Application Agents are installed on application or database host servers to manage protection using PowerProtect Data Manager. These Agents are commonly known as DDBoost Enterprise Agents (DDBEA) for databases and applications.

Application Aware Virtual machine protection policy that includes additional application-aware data protection for Microsoft SQL Servers. An application-aware virtual machine protection policy provides the ability to quiesce the application during virtual machine image backup to perform a full backup of SQL databases. You can also schedule SQL server log backups for the virtual machines in the policy.

Asset Assets are objects in PowerProtect Data Manager for which you want to manage protection, including VMs, databases, and file systems.

Asset Source Assets that PowerProtect Data Manager protects reside within Asset Sources, which include vCenter Servers, application or database hosts, and file servers.

Cloud Tier Storage Cloud Tier storage can be added to an external DD system to expand the DD deduplication storage capacity onto less expensive object storage in public or private object storage clouds, including Dell EMC secure Elastic Cloud Storage appliances.

Copy A PowerProtect Data Manager copy is a point-in-time backup copy of an Asset.

Copy Map The PowerProtect Data Manager Copy Map is a visual representation of backup copy locations on your Protection Storage and is available for all protected Assets that have copies.

Discovery Discovery is an internal process that scans Asset Sources to find new assets to protect and scans infrastructure components to monitor their health and status.

Instant Access PowerProtect Data Manager VM backup copies can be accessed, mounted, and booted directly from the Protection Storage targets as running VMs. Copies can also be moved to a production VMware datastore using vMotion. PowerProtect Data Manager VM application-aware backup copies can be mounted directly from the Protection Storage targets as running SQL databases, which includes the ability to roll forward log backups. These SQL database disks can also be moved to a production VMware datastore using vMotion.

Power Protect Data Manager Agent

An agent that is included in PowerProtect Data Manager and installed on each application agent host server so that you can monitor and manage the application agent through PowerProtect Data Manager.

Protection Policy Protection Policies configure and manage the entire life cycle of backup data, which includes backup type, assets, backup start/stop time, backup device, and backup retention.

Service Level Agreement (SLA)

An optional policy that you can layer on top of a Protection Policy. An SLA performs additional checks on protection activities to ensure that protection goals meet the standards that your organization requires. SLAs are made up of one or more Service Level Objectives.

Service Level Objectives (SLOs)

Definable rules that set the criteria for Recovery Point Objectives (RPOs), encryption, and locations of backups according to your company requirements.

Accessing the PowerProtect Data Manager UI PowerProtect Data Manager provides a web-based user interface (UI) that you can use to manage and monitor system features and settings from any location over a network.

Steps

1. From a host that has network access to the virtual appliance, use Google Chrome to connect to the appliance:

https://<appliance_hostname> NOTE: You can specify the hostname or the IP address of the appliance.

2. Log in with your username and password.

Getting Started 13

The Getting Started page appears. The left pane provides links to the available menu items. Expand a menu item for more options. The icons in the PowerProtect Data Manager banner provide additional options.

The Getting Started page

The Getting Started page provides configuration options that are required when the system is first deployed.

The Getting Started page appears upon first deployment of PowerProtect Data Manager and opens to this page by default until you click Skip This.

You can access the Getting Started page at any time by selecting System Settings > Getting Started.

CAUTION: Although displayed, some configuration options are not supported in Azure deployments of

PowerProtect Data Manager. Attempting to configure these resources might cause unexpected results.

Table 4. PowerProtect Data Manager Getting Started menu items

Options Description

Support View and configure Secure Remote Services (SRS), Email Setup, Auto Support, Logs, and System Health.

Disaster Recovery Backup Configure and manage backups for disaster recovery.

VMware vCenter Opens the Infrastructure > Asset Sources page where you can add a vCenter instance as an asset source so that it can be added to a protection policy.

NOTE: VMware vCenter is not supported.

Protect Assets Opens the Protection Policies page where you can manage Protection Life Cycle workflows for all asset types.

UI tools and options

Learn about the available tools in the user interface (UI).

PowerProtect Data Manager UI tools

CAUTION: Although displayed, some tools are not supported in Azure deployments of PowerProtect Data

Manager. Using these tools might cause unexpected results.

Table 5. PowerProtect Data Manager tools

Menu item Description

Dashboard

Provides a high-level view of the overall state the PowerProtect Data Manager system and includes the following information: AlertsSystem alerts ProtectionDetails about protection policies JobsStatus of all Jobs that are filtered by a selected time period or status type. Select

the status in the Jobs pane to open the Jobs window, where you can manage jobs, search, and view details.

PolicyDetails include number of successes, failures, and excluded assets for each asset type

Protection StorageProtection storage usage statistics RecoveryRecovery statistics HealthDetails about the health of the system, including services, licenses, support,

protection engines, server backups, and uptime PowerProtect Data Manager refreshes the data hourly unless you run an ad hoc discovery.

14 Getting Started

Table 5. PowerProtect Data Manager tools (continued)

Menu item Description

Infrastructure

Click Infrastructure to: View and manage all assets:

VMware virtual machines File systems VMAX storage Groups Kubernetes clusters Microsoft Exchange and SQL databases Oracle databases SAP HANA databases

Add vCenter and application and File System host asset sources. View and manage Integrated Storage. Add a VM Direct appliance with the VM Direct protection engine for virtual machine data

protection.

NOTE: VM Direct appliances are not supported.

Manage registration of Oracle RMAN agent, Microsoft application agent, SAP HANA agent, and File System agent.

View and manage Cloud Disaster Recovery.

NOTE: Cloud Disaster Recovery is not supported.

Create and manage a Search Cluster.

NOTE: Search Clusters are not supported.

Protection

Click Protection to: Add protection policies to back up assets. Manage Service Level Agreements (SLAs). Add, edit, and delete Dynamic Groups for assets.

Recovery

Click Recovery to: View asset copy location details and initiate a Restore operation. Manage Instant Access Sessions. Use the File Search feature to find and restore virtual machine file copies.

Alerts

Click Alerts to: View and acknowledge alerts and events. View and examine Audit logs. Export audit logs to CSV files. Set audit log boundaries.

Administration

Click Administration to: Configure users and roles. Set password credentials and manage key chains. View certificates. Configure alert notifications. Add LDAP Identity Sources.

Jobs

Click Jobs to manage jobs, view by protection or system, filter, and view details.

Reporting

Click Reporting to log in to PowerProtect Central.

Getting Started 15

Banner UI options

The following table describes the icons that are located in the PowerProtect Data Manager banner.

Table 6. Banner UI options

Option Description

Click to enter search criteria to find assets, jobs, logs, and alerts.

Click to see recent alerts.

Click to restore assets from replicated copies through quick recovery. This icon only appears when this system receives replicated metadata from a source system.

Click to configure and manage PowerProtect Data Manager system network, time zone, and NTP settings, DR backups, security, licenses, upgrades, authentication, agent downloads, and support, and to access the Getting Started page.

Click to log out, and log in as a different user.

Click to see PowerProtect Data Manager version information.

Click to obtain more information about PowerProtect Data Manager, access Dell EMC Support, or view the REST API documentation.

Click to launch Cloud Snapshot Manager.

16 Getting Started

Installation Prerequisites

Topics:

PowerProtect Data Manager interoperability Microsoft application agent and Oracle RMAN agent interoperability Networking interopability Preparing your environment to deploy PowerProtect Data Manager to Azure

PowerProtect Data Manager interoperability PowerProtect Data Manager integrates multiple data protection products within the Dell EMC Data Protection portfolio to enable data protection as a service. PowerProtect Data Manager enables new data paths with provisioning, automation, and scheduling that enable a data protection team to embed protection engines into the infrastructure for high-performance backup and recovery.

NOTE: PowerProtect Data Manager for Azure is only compatible with Data Domain Virtual Edition (DDVE) 6.0.

This section includes several tables that list the supported software and hardware configurations for an PowerProtect Data Manager deployment for each direct data path.

Microsoft application agent and Oracle RMAN agent interoperability The Microsoft application agent and Oracle RMAN agent enable an application administrator to protect and recover data on a SQL Server host and Oracle server host. PowerProtect Data Manager integrates with the Microsoft application agent and Oracle RMAN agent to check and monitor the backup compliance against protection policies. PowerProtect Data Manager also supports central scheduling for backups.

You can install the Microsoft application agent or Oracle RMAN agent on the host that you plan to protect by using the installation instructions that are provided in the PowerProtect Data Manager Administration and User Guide.

NOTE: The most up-to-date software compatibility information for the PowerProtect Data Manager software

and application agents is provided in the E-Lab Navigator, available at https://elabnavigator.emc.com/eln/

modernHomeDataProtection.

Table 7. Microsoft application agent and Oracle RMAN agent support matrix

Product Supported versions

Microsoft application agent Refer to the E-Lab Navigator.

Oracle RMAN agent Refer to the E-Lab Navigator.

Networking interopability This section details PowerProtect Data Manager on Azure networking interoperability and requirements.

Required DNS configuration

You must configure a DNS server to be used for name resolution of hosts in the PowerProtect Data Manager-on-Azure network.

2

Installation Prerequisites 17

Forward and reverse lookups are required for the following hosts:

the PowerProtect Data Manager instance all DDVE instances

Ensure you set this DNS server as the primary DNS server for the PowerProtect Data Manager instance once it has been deployed. For more information, see the PowerProtect Data Manager Administration and User Guide.

Required network traffic rules

PowerProtect Data Manager requires inbound and outbound traffic between it and the primary DNS server. To configure PowerProtect Data Manager traffic rules on an instance after it has been deployed, see Configure network traffic rules on page 25.

Preparing your environment to deploy PowerProtect Data Manager to Azure The following sections provide general guidelines to deploy PowerProtect Data Manager to Azure.

The guidelines are as follows:

1. For a secure login to PowerProtect Data Manager, create a key access pair. For instructions, see Detailed Steps: Create and Manage SSH Keys for Authentication to a Linux VM in Azure.

2. Set up the network environment.

For secure access to the PowerProtect Data Manager on Azure, it is recommended that you use the Virtual Private Cloud (VPC) architecture provided by Azure. Set up and configure the following components:

The VPC A subnet Routing tables Security groups A network access control list

General requirements

Review the general requirements for deploying PowerProtect Data Manager to Azure.

Create an Azure account

To deploy PowerProtect Data Manager to Azure, you must have an Azure account. To set up an account, navigate to https:// azure.microsoft.com. For information about creating an Azure account, see Create an Azure Account.

Security and operational best practices

The following links provide more information:

Security Best Practices for Azure Solutions Cluster Operator and Developer Best Practices to Build and Manage Applications on Azure Kubernetes Service (AKS)

Azure service limits and restrictions

The following links provide more information about Azure service limits and restrictions:

Azure Subscription and Service Limits, Quotas, and Constraints Azure AD Service Limits and Restrictions Naming Rules and Restrictions for Azure Resources

18 Installation Prerequisites

Resources assigned

Learn the system resources assigned to PowerProtect Data Manager (PPDM) in an Azure environment.

NOTE: These system resources belong to the required D8s_v3 PPDM instance type.

8 CPU cores 32 GB of RAM 16 data disks 12,800 IOPS 64 GB of temporary storage One 1-GB NIC

NOTE: These resources cannot be changed. If they are insufficient for a required protection workload, multiple PPDM

instances can be deployed.

Installation Prerequisites 19

Deploying PowerProtect Data Manager to Azure

Topics:

Deploy PowerProtect Data Manager to Azure

Deploy PowerProtect Data Manager to Azure Use this method to deploy PowerProtect Data Manager to Azure.

About this task

Performing the following steps takes approximately 25 minutes. After PowerProtect Data Manager is deployed, it must be configured. Configuring PowerProtect Data Manager takes approximately 10 minutes. For more information on configuring PowerProtect Data Manager, see Configure the PowerProtect Data Manager virtual appliance on page 23.

Steps

1. In a browser, navigate to https://portal.azure.com.

2. Log in to the Azure account.

3. From the Home > Marketplace > Get Started pane, select Search the Marketplace and search for and select Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions.

4. Click Create.

5. From the Home > Marketplace > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > Basics pane, provide the project and instance details.

Table 8. Infrastructure Configuration

Parameters Description

Subscription The subscription to use.

Resource group Select the resource group to use, or click Create New. NOTE: If you select a resource group, it must be empty. For more information about creating resource groups, see Manage Azure Resource Manager Resource Groups by Using the Azure Portal.

Region The region where both PowerProtect Data Manager and DDVE will be deployed.

6. Click Next: Infrastructure Configuration.

7. From the Home > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > Infrastructure Configuration pane, configure the virtual networks and storage account.

Table 9. Infrastructure Configuration

Parameters Description

Virtual network Select the virtual network that both PPDM and DDVE will be deployed to, or click Create New.

NOTE: For more information about creating virtual networks, see What Is Azure Virtual Network?

Subnet The subnet to which PPDM and DDVE will be deployed.

3

20 Deploying PowerProtect Data Manager to Azure

Table 9. Infrastructure Configuration (continued)

Parameters Description

NOTE: It is recommended that you deploy PPDM and DDVE to a private subnet. If you create a virtual network from the Azure portal, a subnet will be created and used automatically.

Diagnostics Storage Account Select the diagnostics storage account to use for both PPDM and DDVE, or click Create New.

8. Click Next: PPDM Configuration.

9. From the Home > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > PPDM Configuration pane, configure PowerProtect Data Manager.

Table 10. PPDM Configuration

Parameters Description

PPDM Version The desired PPDM version.

PPDM Name The hostname to assign to PPDM. This is limited to 10 alphanumeric characters.

PPDM VM Size The resources assigned to PPDM. This cannot be changed from the default of D8s_v3, which provides 8 CPU cores, 32 GB of RAM, 16 data disks, 12,800 IOPS, 64 GB of temporary storage, and one 1-GB NIC .

Admin User Name The username for administrator SSH access to PPDM. This cannot be root, admin, or support.

Admin Authentication Type Select either Password or SSH Public Key to determine how users are authenticated when using SSH.

NOTE: SSH public key authentication requires a password change after the first login.

Password Either enter the administrator password, or select the representation of an SSH public key.

Confirm Password

10. Click Next: DDVE on Hot Blob Configuration.

11. From the Home > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > DDVE on Hot Blob Configuration pane, configure DDVE.

Table 11. DDVE on Hot Blob Configuration

Parameters Description

Deploy DDVE Select Yes to deploy and launch a DDVE instance in the same subnet as PPDM. Select No to deploy only PPDM.

NOTE: You might choose to not deploy DDVE if you already have an instance deployed, or if you are performing PPDM-server disaster recovery.

DDVE Name The hostname to assign to DDVE. This is limited to 10 alphanumeric characters.

DDVE Name The hostname to assign to DDVE. This is limited to 10 alphanumeric characters.

DDVE VM Size The resources assigned to DDVE.

DDVE Capacity (TB) The capacity of the DDVE data disk.

DDVE admin user The username for administrator SSH access to DDVE. This cannot be changed from the default of sysadmin.

Sysadmin Authentication type

Select either Password or SSH Public Key to determine how users are authenticated when using SSH.

NOTE: SSH public key authentication requires a password change after the first login.

Password Either enter the administrator password, or select the representation of an SSH public key.

Deploying PowerProtect Data Manager to Azure 21

Table 11. DDVE on Hot Blob Configuration (continued)

Parameters Description

Confirm Password

12. Click Next: Review + create >.

13. From the Home > Create Dell EMC PowerProtect Data Manager and Data Domain Virtual Editions > Review + create pane, click Create.

14. From the Home > Overview pane, wait until Your deployment is underway is replaced by Your deployment is complete.

NOTE: The deployment of PowerProtect Data Manager and DDVE can take up to 10 minutes.

22 Deploying PowerProtect Data Manager to Azure

Configuration

Topics:

Configure the PowerProtect Data Manager virtual appliance Configure network traffic rules Configuring DDVE and storage Configuring and monitoring system health Configuring disaster recovery Deploying Secure Remote Services to Azure Using SSH

Configure the PowerProtect Data Manager virtual appliance Once the PowerProtect Data Manager instance is deployed, it is referred to as a virtual appliance. After the virtual appliance is started, you must configure it. Note that this information also applies to any DDVE instance deployed at the same time as a PowerProtect Data Manager instance.

Prerequisites

Wait for the PowerProtect Data Manager virtual appliance to start and initialize. This process takes a few minutes, and you will not be able to follow step 1 until it is finished.

(Optional) Download a local copy of the PowerProtect Data Manager virtual appliance license file.

About this task

Perform the following steps from a host that has access to the PowerProtect Data Manager virtual appliance. Performing these steps and having them applied takes approximately 10 minutes.

Steps

1. From a host that has network access to the virtual appliance, use Google Chrome to connect to its private IP address:

https://<appliance_private_IP> NOTE: If you wish to connect to the appliance by its hostname, you must configure DNS. For more information, see

Name Resolution for Resources in Azure Virtual Networks.

2. If an SSL certificate warning page appears with the message Your connection is not private, click Advanced, and then click Proceed to hostname_or_ip_address (unsafe).

3. On the Welcome pane, perform the following actions:

a. To set up PowerProtect Data Manager as a new installation, select New Install. b. To perform a disaster recovery, select Restore Backup. c. Click Next.

4. On the License pane, perform the following actions:

NOTE: If the license was already applied, review the license information and then click Next.

a. In the License Type field, select a type of license.

i. To use an evaluation license, select 90 days evaluation license.

A description of the license appears in the License File field.

ii. To load a license, select License File > Choose File, and then browse to and select the license that you want to load.

4

Configuration 23

iii. To copy the contents of the license file, select Plain Text and then copy the contents of the license file into the Plain Text field.

b. Click Next.

5. In the Authentication pane, perform the following actions:

The Use same password for all option is selected by default. PowerProtect Data Manager uses the same password for admin, services, and lockbox accounts.

a. Optionally, clear the Use same password for all option.

If you leave the Use same password for all option selected, in the Enter a new password and Renter password to confirm fields, specify a password.

If you clear the Use same password for all option, in the Enter a new password and Renter password to confirm fields, specify individual passwords for the administrative, services, and lockbox accounts.

Ensure that the password meets the following requirements: a minimum of nine characters and a maximum of one hundred characters at least one numeric character (0-9) at least one uppercase character (A-Z) at least one lowercase character (a-z) at least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:'";,./<>?

b. Click Next.

6. In the System Settings pane, perform the following actions:

a. In the Current Timezone list box, select the time zone where the system is physically located. b. To add an NTP server, click Add. c. In the Server IP Address field, specify the NTP server IP address. d. Click Add. e. To change the list of NTP servers, click Edit or Delete. f. Click Next.

7. In the Email Setup - Optional pane, perform the following actions:

a. In the Mail Server field, specify the SMTP server IP address. b. In the Email From field, specify the administrator email address. c. In the Recipient for Test Email field, specify the recipient email address. d. In the Port field, specify the TCP port to connect to the SMTP server. e. In the Username field, specify the mail username. f. In the Password field, specify the mail password. g. To send a test email to the specified IP address, click Send Test Email. h. To acknowledge the test email was successfully sent, click OK. i. To send diagnostic and usage data to Dell EMC for proactive support and to help improve our products and services,

switch Auto Support to ON.

When enabling auto support, click View Terms to review the telemetry software terms. Scroll down to click Accept to finish enabling auto support, or Decline to disable auto support.

j. Click Next.

NOTE: Email Server Setup is required before performing a local user password reset and sending customized alert

notifications.

8. In the Summary pane, review the configuration choices, and then click Done.

Next steps

Getting Started on page 7 provides information.

24 Configuration

Configure network traffic rules Once the PowerProtect Data Manager instance is deployed, it is recommended to change the default network traffic rules that allow all inbound and outbound connections.

About this task

NOTE: Even if you specified a port range during the deployment of the PowerProtect Data Manager instance, outbound

ports remain unrestricted unless you change the outbound rules.

Steps

1. From the Azure portal, navigate to Home > Virtual machines, and click the entry for the PowerProtect Data Manager virtual appliance.

2. From the pane for the virtual appliance, click Networking.

3. From the Network Interface pane, click either Inbound port rules or Outbound port rules, and change specific network traffic rules.

NOTE: For more information, see the PowerProtect Data Manager Security Configuration Guide

CAUTION: Do not use IP addresses that belong to the 172.24.0.192/26 subnet. IP addresses in the

172.24.0.192172.24.0.255 range are used for Docker network configuration, and unexpected results can

occur if they are also used by PowerProtect Data Manager.

Configuring DDVE and storage For information on how to configure DDVE and storage, see the following publications that are available at Dell EMC Online Support:

PowerProtect DD Virtual Edition in Azure Installation and Administration Guide PowerProtect Data Manager Administration and User Guide

Configuring and monitoring system health For information on how to configure and monitor system health, and how to configure and monitor alerts, jobs, and tasks, see the PowerProtect Data Manager Administration and User Guide at Dell EMC Online Support

Configuring disaster recovery PowerProtect Data Manager can be configured to automatically back up critical servers on a periodic basis. This protects your infrastructure from catastrophic data loss.

It is recommended to enable DD MTree replication on a local DDVE instance so that the disaster-recovery data is replicated to a DDVE instance in a different region. Such an infrastructure enhances existing data-protection schemes.

When configured, the RPO of ServerDR backups is a maximum of one hour, and the RTO of ServerDR is approximately 45 minutes, depending on the amount of data recovered. Even if PowerProtect Data Manager ServerDR backups are up to an hour old, the system will attempt to synchronize any backups that occurred between the last backup and the time of failure.

For more information about how to prepare for and recover from a disaster, see the PowerProtect Data Manager Administration and User Guide at Dell EMC Online Support:

Deploying Secure Remote Services to Azure To deploy Secure Remote Services (SRS) to Azure, you must deploy an SRS container in a Linux or Windows host that is using Docker to Azure.

Configuration 25

For more information, see the Secure Remote Services Installation Guide at Dell EMC Online Support

Using SSH You can use SSH to access the PowerProtect Data Manager virtual appliance on Azure.

PowerProtect Data Manager for Azure supports two methods of SSH access. You can use password-based SSH, or you can use

Manualsnet FAQs

If you want to find out how the 19.6 Dell works, you can view and download the Dell PowerProtect 19.6 Data Manager Azure Deployment Guide on the Manualsnet website.

Yes, we have the Azure Deployment Guide for Dell 19.6 as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Azure Deployment Guide should include all the details that are needed to use a Dell 19.6. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell PowerProtect 19.6 Data Manager Azure Deployment Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell PowerProtect 19.6 Data Manager Azure Deployment Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell PowerProtect 19.6 Data Manager Azure Deployment Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell PowerProtect 19.6 Data Manager Azure Deployment Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.6 Data Manager Azure Deployment Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.