- Manuals
- Brands
- Dell
- Data Manager
- 19.5
- Exchange Server User Guide
Dell PowerProtect 19.5 Data Manager Exchange Server User Guide PDF
Summary of Content for Dell PowerProtect 19.5 Data Manager Exchange Server User Guide PDF
PowerProtect Microsoft Application Agent Exchange Server User Guide
Version 19.5
Dell Inc.
June 2020 Rev. 01
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the
problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
2014 - 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
1. Federated backups in the Exchange DAG environment............................................................................... 39
2. Selecting the source path in ItemPoint for Exchange Server................................................................... 69
3. Selecting target path in ItemPoint for Exchange Server ........................................................................... 69
4. Mount Service system tray icon............................................................................................................................. 70
Figures
Figures 3
1. Revision history.................................................................................................................................................................. 7
2. Style conventions............................................................................................................................................................. 7
3. Permissions that the Exchange Admin Configuration tool configures.................................................. 26
4. General configuration file parameters.................................................................................................................. 30
5. Primary system configuration file parameters...................................................................................................31
6. Attributes of the EMCExchangeBackupRestore.BackupData.ExchangeBackupDatabase object....................................................................................................................................................................................58
7. Attributes of the EMCExchangeBackupRestore.BackupData.ExchangeBackup object.............. 59
8. Attributes of the EMCExchangeBackupRestore.MountData.ExchangeMount object................. 68
9. Debug log file names.....................................................................................................................................................73
10. Return codes and description.................................................................................................................................73
Tables
4 Tables
Figures.......................................................................................................................................... 3
Tables............................................................................................................................................4
Preface..........................................................................................................................................................................................7
Chapter 1: Configuring the Microsoft Application Agent for Exchange Server..................................... 10 Overview of Application Direct with Exchange Server................................................................................................... 10 Application Direct backup and restore operations............................................................................................................ 11 Configuring the Data Domain System................................................................................................................................ 11
Installing and upgrading the Data Domain operating system.....................................................................................11 Configuring the Data Domain system...........................................................................................................................11 Configuring the Data Domain Cloud Tier for data movement to the cloud........................................................... 22 Distributed segment processing.................................................................................................................................. 23 Advanced load balancing and link failover.................................................................................................................. 24 Encrypted managed file replication............................................................................................................................. 25 Data Domain High Availability.......................................................................................................................................25 Validating the Data Domain system............................................................................................................................ 25 Troubleshooting the Data Domain system................................................................................................................. 26
Configure users with the App Agent Exchange Admin Configuration tool..................................................................26 Configuring an administrative user..............................................................................................................................26 Configuring a non-administrative user........................................................................................................................28 Update Admin Password.............................................................................................................................................. 30 Validating an existing administrator.............................................................................................................................30
Create a configuration file..................................................................................................................................................30 Import the configuration file...............................................................................................................................................33 Configuring the lockbox......................................................................................................................................................34
Commands to create and manage the lockbox.........................................................................................................35 Create a lockbox............................................................................................................................................................ 37
Import the EMCExchangeBackupRestore PowerShell modules to Exchange Server 2010......................................37
Chapter 2: Backing Up Exchange Server......................................................................................... 38 Overview of Application Direct with Exchange Server backups...................................................................................38
Federated backups of a DAG.......................................................................................................................................38 Best practices to back up Exchange Server with Application Direct........................................................................... 39 Back up Exchange Server with the Windows PowerShell backup cmdlet.................................................................. 40
Syntax to perform stand-alone server backups........................................................................................................ 40 Syntax to perform federated backups.........................................................................................................................41 Optional parameters for the Backup-Exchange cmdlet........................................................................................... 42
Listing backups and save files............................................................................................................................................43 List backups with the Get-ExchangeBackup cmdlet................................................................................................43 List backups and save files with the msagentadmin administration command..................................................... 46
Move and recall save sets on a Data Domain Cloud Tier .............................................................................................. 48 Move save sets to the Data Domain Cloud Tier........................................................................................................48 Recall save sets from the Data Domain Cloud Tier...................................................................................................49
Contents
Contents 5
Optional parameters for the msagentadmin administration command.................................................................. 49 Deleting backups ................................................................................................................................................................ 50
Delete backups with the Remove-ExchangeBackup cmdlet...................................................................................50 Delete backups with the msagentadmin administration command.........................................................................53
Deleting expired backups .................................................................................................................................................. 55 Prerequisites.................................................................................................................................................................. 55 Delete expired backups with the ddbmexptool.exe tool.......................................................................................... 55 Optional parameters for the ddbmexptool expiry tool..............................................................................................56
Reading the backup object from Windows PowerShell cmdlet output........................................................................57 Output formats.............................................................................................................................................................. 57 EMCExchangeBackupRestore.BackupData.ExchangeBackupDatabase object attributes................................. 58 EMCExchangeBackupRestore.BackupData.ExchangeBackup object attributes................................................. 59
Chapter 3: Restoring Exchange Server Backups.............................................................................. 60 Best practices to restore Exchange Server with Application Direct............................................................................ 60 Prerequisite for Exchange restore operations.................................................................................................................60 Restoring Exchange Server databases............................................................................................................................. 61
Restore a backup to the source database.................................................................................................................. 61 Restore a backup to an alternate database............................................................................................................... 63 Optional parameters for the Restore-Exchange cmdlet.......................................................................................... 64
Performing granular-level restores................................................................................................................................... 65 Mount backups.............................................................................................................................................................. 65 Browse and recover granular-level data with ItemPoint for Microsoft Exchange Server...................................68 Managing mounted backups with the Mount Service system tray icon................................................................69
Performing Exchange Server disaster recovery..............................................................................................................70 Perform Exchange Server disaster recovery ............................................................................................................70 Perform disaster recovery from the Data Domain Cloud Tier.................................................................................. 71
Chapter 4: Troubleshooting............................................................................................................73 Debug logs for troubleshooting Exchange backup and recovery issues...................................................................... 73 Error codes in the msagentadmin administration command output............................................................................. 73 App Agent Exchange Admin Configuration tool fails in a parent-child domain........................................................... 74
6 Contents
Preface As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.
If a product does not function correctly or does not function as described in this document, contact a technical support professional.
NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this
document, go to the Support website https://www.dell.com/support.
Data Domain is now PowerProtect DD. References to Data Domain or DD systems in this documentation, in the UI, and
elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many cases the UI has
not yet been updated to reflect this change.
Purpose This document describes how to configure and use the PowerProtect Microsoft application agent to back up and restore Microsoft Exchange Server.
Audience This document is intended for the user, who installs and configures and uses the Microsoft application agentto back up and restore Microsoft Exchange Server.
Revision history The following table presents the revision history of this document.
Table 1. Revision history
Revision Date Description
01 June 30, 2020 Initial release of this document for the Microsoft application agent 19.5.
Related documentation The following publications provide additional information:
PowerProtect Microsoft Application Agent Installation Guide PowerProtect Microsoft Application Agent Release Notes PowerProtect Microsoft Application Agent SQL Server User Guide PowerProtect ItemPoint for Microsoft SQL Server User Guide PowerProtect ItemPoint for Microsoft Exchange Server User Guide PowerProtect Database Application Agent Installation and Administration Guide PowerProtect Database Application Agent Release Notes DDBEA section of the eLab Navigator at https://elabnavigator.emc.com/eln/modernHomeDataProtection Data Domain Operating System documentation
Typographical conventions The following type style conventions are used in this document:
Table 2. Style conventions
Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.
Preface 7
Table 2. Style conventions (continued)
Italic Used for full titles of publications that are referenced in text.
Monospace Used for:
System code System output, such as an error message or script Pathnames, file names, file name extensions, prompts, and syntax Commands and options
Monospace italic Used for variables.
Monospace bold Used for user input.
[ ] Square brackets enclose optional values.
| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.
{ } Braces enclose content that the user must specify, such as x, y, or z.
... Ellipses indicate non-essential information that is omitted from the example.
You can use the following resources to find more information about this product, obtain support, and provide feedback.
Where to find product documentation https://www.dell.com/support https://www.dell.com/community
Where to get support The Support website https://www.dell.com/support provides access to product licensing, documentation, advisories, downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Support.
To access a product-specific page:
1. Go to https://www.dell.com/support. 2. In the search box, type a product name, and then from the list that appears, select the product.
Knowledgebase The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by keyword.
To search the Knowledgebase:
1. Go to https://www.dell.com/support. 2. On the Support tab, click Knowledge Base. 3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by typing a
product name in the search box, and then selecting the product from the list that appears.
Live chat To participate in a live interactive chat with a support agent:
1. Go to https://www.dell.com/support. 2. On the Support tab, click Contact Support. 3. On the Contact Information page, click the relevant support, and then proceed.
Service requests To obtain in-depth help from Licensing, submit a service request. To submit a service request:
1. Go to https://www.dell.com/support.
8 Preface
2. On the Support tab, click Service Requests.
NOTE: To create a service request, you must have a valid support agreement. For details about either an account or
obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the
Service Request Number field, type the service request number, and then click the right arrow.
To review an open service request:
1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests. 3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.
Online communities For peer contacts, conversations, and content on product support and solutions, go to the Community Network https://www.dell.com/ community. Interactively engage with customers, partners, and certified professionals online.
How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPAD.Doc.Feedback@emc.com.
Preface 9
Configuring the Microsoft Application Agent for Exchange Server
Topics:
Overview of Application Direct with Exchange Server Application Direct backup and restore operations Configuring the Data Domain System Configure users with the App Agent Exchange Admin Configuration tool Create a configuration file Import the configuration file Configuring the lockbox Import the EMCExchangeBackupRestore PowerShell modules to Exchange Server 2010
Overview of Application Direct with Exchange Server Learn about the features and capabilities that the Microsoft application agent for Application Direct with Exchange Server supports.
Backup and recovery NOTE:
The Microsoft application agent backups of Exchange Server data are not supported with third-party hardware
providers.
The Microsoft application agent does not support the MetaCacheDatabase (MCDB) feature in Exchange Server 2019.
Ensure that you do not enable MCDB in Exchange Server 2019.
Exchange Server (also known as writer) or database-level backups. Block-based full and incremental backups. Backups over either IP or FC. PowerShell cmdlet interface to perform the backup and restore operations that include listing, mounting, and deletion of backups. Federated backups in the IP DAG and IP-less DAG (no administrative access point) environments. Instant access to backup copies of Exchange database and logs file on Data Domain (that is, mounting backups). Individual database restore. Item level restores (also known as granular-level restores), in which individual mailboxes, mailbox folders, or messages are restored
using ItemPoint.
Data Domain Cloud Tier Marking block-based backups to move from a Data Domain storage unit to a Data Domain Cloud Tier. Manually recalling block-based backups from a Data Domain Cloud Tier to a Data Domain storage unit. Automatically recalling save sets from a Data Domain Cloud Tier to a Data Domain storage unit or restoring backups directly from the
cloud.
NOTE: Direct restore operations are only available for DDOS 6.1 using Elastic Cloud Storage
Deleting block-based backups on a Data Domain Cloud Tier.
1
10 Configuring the Microsoft Application Agent for Exchange Server
Environmental support Common lockbox path, which is the same lockbox in a common location for the application agents. Coexistence with other backup products that you use to protect data that the Microsoft application agent does not protect.
However, the Microsoft application agent cannot coexist with the database application agent. Supports Data Domain High Availability.
Data Domain High Availability on page 25 provides information.
Application Direct backup and restore operations An Application Direct backup to a Data Domain system uses the following components:
The Application Direct library API enables the backup software to communicate with the Data Domain system.
The DDBEA section of the eLab Navigator at https://elabnavigator.emc.com/eln/modernHomeDataProtection provides information about the supported versions of the Application Direct library and the Data Domain operating system.
The distributed segment processing component reviews the data that is already stored on the Data Domain system, and sends only unique data for storage. The distributed segment processing component enables the backup data to be deduplicated on the database or application host to reduce the amount of data transferred over the network. Distributed segment processing on page 23 provides information.
When the Data Domain system restores data to a client, the system converts the stored data to its original non-deduplicated state before sending it over the network.
Configuring the Data Domain System Before you can use the Microsoft application agent for Exchange Server, you must configure a Data Domain system.
The Microsoft application agent uses Application Direct technology to store backups on a Data Domain system.
Installing and upgrading the Data Domain operating system The Data Domain Operating System Installation Guide provides information about how to install and upgrade the Data Domain (DD) operating system.
You require a license to implement many of the features on a Data Domain system.
NOTE: You require the Application Direct license to use the Microsoft application agent software. You also require a
replication license for both the source and destination Data Domain systems to use the replication feature.
Contact the Data Domain sales representative for more information and to purchase licensed features.
The Data Domain Operating System Administration Guide provides information about all the licensed features, and how to display and enable Data Domain licenses. The DDBEA section of the eLab Navigator at https://elabnavigator.emc.com/eln/ modernHomeDataProtection lists the versions of Data Domain OS that are supported with the Microsoft application agent.
Configuring the Data Domain system This section describes how to configure the Data Domain system.
The Data Domain Operating System Command Reference Guide provides complete descriptions of the commands used in these sections.
Opening ports in a firewall to enable Data Domain backups NOTE: This topic is relevant only if you use an Ethernet connection for backup and restore operations with the
Microsoft application agent.
Ensure that the following ports are open on the firewall to enable the Application Direct backups and optimized duplication.
TCP 2049 (NFS) TCP 2051 (Replication)
Configuring the Microsoft Application Agent for Exchange Server 11
TCP 111 (NFS portmapper) TCP xxx (select a port for NFS mountd, where the default MOUNTD port is 2052)
Enabling Data Domain Boost on a Data Domain system Every Data Domain system that supports DD Boost must have a unique name. You can use the DNS name of the Data Domain system, which is always unique.
About this task
Enable DD Boost on a Data Domain system by using one of the following methods:
The ddboost enable command
Data Domain System Manager on the Data Management > DD Boost page
The Data Domain Operating System Administration Guide provides information.
The Data Domain Operating System Command Reference Guide provides more information about the commands used in this procedure.
Steps
1. On the Data Domain system, log in as an administrative user. 2. Verify whether you have enabled the file system, and the file system is running, by running the following command:
filesys status
To enable the file system, run the following command:
filesys enable
3. Verify whether you have enabled the DD Boost license by running the following command:
license show
To add the DD Boost license by using the license key from the Data Domain installation package, run the following command:
license add license-key
4. Configure the DD Boost username and password for the Data Domain system.
You can configure only one user for DD Boost access on a Data Domain system at a time. The username and password are case- sensitive.
Configure the username and the password by running the following commands:
user add username password password
ddboost set user-name username
5. Enable Data Domain Boost by running the following command:
ddboost enable
Changing Data Domain Boost access rights When you enable the Data Domain Boost service for the first time on a Data Domain system, all database servers can access the service by default.
Use the ddboost access command to override this default, and restrict access to specific database servers.
For example, to remove the default access permission for all servers and add new access permissions for two specific database servers, dbserver1.datadomain.com and dbserver2.datadomain.com, run the following commands:
# ddboost disable # ddboost access del
12 Configuring the Microsoft Application Agent for Exchange Server
# ddboost clients add dbserver1.datadomain.com dbserver2.datadomain.com # ddboost enable
The Data Domain Operating System Command Reference Guide provides information about these commands.
These commands establish the access controls that enable only the dbserver1.datadomain.com and dbserver2.datadomain.com database servers to access the DD Boost service.
NOTE: Before you configure backups, add the database server host that contains the Microsoft application agent
software to a host access group.
If these commands fail to establish access controls, rerun the ddboost enable command to configure the default access control that enables all hosts to access the DD Boost service. If the commands have established access controls, rerunning the ddboost enable command enables them. The ddboost enable command does not modify the access control list.
Consider the following guidelines when you change the Data Domain Boost access rights:
Ensure that no backup operations are running to the Data Domain system. Run the ddboost disable command to prevent the backup operations.
NOTE: When you disable DD Boost, you disable the data access to all database servers.
Specify only a fully qualified domain name, IP address, or resolvable DNS name for the client. If you have changed or deleted a username, the change in access rights does not affect any current operation. For example, deleting
the current clients from the Data Domain Boost access list by running the ddboost access del command does not stop a backup that is in progress. The current operations do not fail because of the change in access rights.
After you change the access rights, run the ddboost enable command to re-enable Data Domain Boost and permit operations that are relevant to the changed access rights.
You can run the ddboost clients show config command to verify which database servers have DD Boost access rights. If the command output is *, all database servers have the access rights. For example:
# ddboost clients show config
DD Boost access allowed from the following clients *
# ddboost clients show config
DD Boost access allowed from the following clients: aehdb2 aehdb2.datadomain.com aehdb3 aehdb3.datadomain.com aehdb4 aehdb4.datadomain.com aehdb5 aehdb5.datadomain.com Verify the active client connections by running the following command:
# ddboost show connections
Configuring the Data Domain Boost server The following sections explain how to configure the Data Domain Boost server.
Creating storage units Create one or more storage units on each Data Domain system that you use with the Microsoft application agent.
About this task
Ensure that you use a unique storage unit name on a single Data Domain system. However, you can use the same storage unit name on more than one Data Domain system.
NOTE: Storage unit names are case-sensitive.
You must provide the storage unit name when you perform the backup and restore operations with the Microsoft application agent.
Configuring the Microsoft Application Agent for Exchange Server 13
You can create a storage unit by using one of the following methods:
The ddboost storage-unit command
Data Domain System Manager on the Data Management > DD Boost page
The Data Domain Operating System Administration Guide provides information.
You must create at least one storage unit on each Data Domain system that you will use with the Microsoft application agent. You can share a storage unit on a Data Domain system with more than one client system.
Steps
1. Run the following command on the Data Domain system:
ddboost storage-unit create
2. Repeat step 1 for each Data Domain system that is enabled with DD Boost. 3. To list the status of the storage units, run the following command:
ddboost storage-unit show
Deleting storage units
About this task
To delete a specified storage unit and its contents, and any DD Boost associations, run the following command:
# ddboost storage-unit delete
The ddboost destroy command deletes all storage units from the Data Domain system and permanently removes all the data files contained in the storage units.
The Data Domain Operating System Command Reference Guide provides information about the ddboost commands.
(Optional) Configuring quotas for storage units Provision the storage on a Data Domain system through optional quota limits for a storage unit.
About this task
You can specify quota limits at either the storage unit level or the MTree level either when you create a storage unit or later. The Data Domain Operating System Command Reference Guide provides details about the quota and ddboost commands.
To enable quota limits on the Data Domain system, run the following command:
quota capacity enable To verify the quota status, run the following command:
quota capacity status To configure quota limits when you create a storage unit, run the following command:
ddboost storage-unit create storage_unit_name [quota-soft-limit n {MiB|GiB|TiB|PiB}] [quota-hard-limit n {MiB|GiB|TiB|PiB}]
To configure quota limits after you create a storage unit, run the following command:
quota capacity set storage-units storage_unit_list {soft-limit n {MiB|GiB|TiB|PiB}} {hard- limit n {MiB|GiB|TiB|PiB}}
For example:
quota capacity set storage-units SU_AEHDB5 soft-limit 10 GiB hard-limit 20 GiB
SU_AEHDB5: Quota soft limit: 10240 MiB, hard limit: 20480 MiB
14 Configuring the Microsoft Application Agent for Exchange Server
Alternately, you can set the quota limits at the MTree level. For example:
quota capacity set mtrees /data/col1/SU_AEHDB5 soft-limit 10 GiB hard-limit 20 GiB
/data/col1/SU_AEHDB5: Quota soft limit: 10240 MiB, hard limit: 20480 MiB To verify the quota limits of a storage unit, run the following command:
quota capacity show storage-units storage_unit_list
Alternately, to verify the quota limits at the MTree level, run the following command:
quota capacity show mtrees mtree_path
Configuring distributed segment processing You must configure the distributed segment processing option on the Data Domain system. The option setting applies to all the database servers and all the software that uses DD Boost.
You can manage the distributed segment processing by using one of the following methods:
The ddboost command.
Data Domain System Manager on the Data Management > DD Boost page.
The Data Domain Operating System Administration Guide provides information.
To configure the distributed segment processing option, run the following command:
ddboost option set distributed-segment-processing {enabled | disabled} Enabling or disabling the distributed segment processing option does not require a restart of the Data Domain file system.
A host on which you have installed the Data Domain Operating System (DD OS) release 5.2 or later enables the distributed segment processing feature by default. If you upgrade a host from DD OS release 5.0.x or 5.1.x to DD OS release 5.2 or later, the distributed segment processing option remains in its previous state, that is, either enabled or disabled.
Configuring advanced load balancing and link failover The advanced load balancing feature balances the load of a data transfer and distributes the load in private network when the Data Domain system receives data from the DD Boost client.
About this task
The process provides greater throughput, especially for environments that use multiple 1 GbE connections. The following restrictions apply to the configuration of the advanced load balancing and link failover:
You can add interfaces to groups only by using an IP address. You must use interfaces that have the same link speed in a group. You must not mix 1 GbE interfaces with 10 GbE interfaces in a
group.
You can manage advanced load balancing and link failover by using one of the following methods:
The ddboost ifgroup command.
Data Domain System Manager on the Data Management > DD Boost page.
The Data Domain Operating System Administration Guide provides information.
Create the interfaces by using the net command before you create the interface group.
To create an interface group on the Data Domain system by adding existing interfaces to the group and registering the Data Domain system with the Microsoft application agent, perform the following steps:
Configuring the Microsoft Application Agent for Exchange Server 15
Steps
1. Add the interfaces to the group by running the ddboost ifgroup command. For example:
ddboost ifgroup add interface 192.168.1.1
ddboost ifgroup add interface 192.168.1.2
ddboost ifgroup add interface 192.168.1.3
ddboost ifgroup add interface 192.168.1.4
You can create only one interface group and you cannot rename this group.
2. Select one interface on the Data Domain system to register with the Microsoft application agent. 3. Create a failover aggregated interface and register that interface with the Microsoft application agent.
The Data Domain Operating System Administration Guide describes how to create a virtual interface for link aggregation.
You can use an interface that is not part of the ifgroup to register with the Microsoft application agent. You must register the interface with a resolvable name by using either DNS or any other name-resolution mechanism.
4. Enable the interface group on the Data Domain system by running the following command:
ddboost ifgroup enable
5. Verify the configuration by running the following command:
ddboost ifgroup show config interfaces
6. Add or delete interfaces from the group.
Results
After setting up the interface group, you can add or delete interfaces from the group.
Configuring DD Boost over fibre channel DD OS release 5.3 and later support fibre channel (FC) communication between the Data Domain Boost library and the Data Domain system.
About this task
NOTE: This topic is relevant only if you use fibre channel for backup and restore operations with the Microsoft
application agent.
To use some products, you require the use of fibre channel as the data transfer mechanism between the Data Domain Boost library and Data Domain system. The Data Domain Boost over fibre channel transport (DD Boost-over-FC) enables such products to access the DD Boost technology features.
Although fibre channel is specified as a general-purpose data transport mechanism, you can use fibre channel solely as a transport for SCSI device access. Fibre channel hardware and drivers reside solely within the SCSI protocol stacks in host operating systems. The DD Boost-over-FC transport must use SCSI commands for all communication.
To request access to a Data Domain system, the Microsoft application agent specifies the DD Boost-over-FC server name that is configured for the Data Domain system. The DD Boost-over-FC transport logic within the DD Boost library performs the following tasks:
Examines the set of generic SCSI devices that are available on the database server. Uses SCSI commands to identify a catalog of devices, which are pathnames of the SCSI devices that the database server operating
system discovers. Issues SCSI commands to the identified generic SCSI devices to transfer Data Domain Boost protocol requests and responses
between the library and the Data Domain system.
The DD Boost-over-IP advanced load balancing and link failover feature and its associated ifgroups require the IP transport. You can achieve load balancing and link-level high availability for the DD Boost-over-FC transport through different means.
16 Configuring the Microsoft Application Agent for Exchange Server
The DD Boost-over-FC communication path applies only between the database server or Data Domain Boost library and the Data Domain system. The DD Boost-over-FC communication path does not apply to communication between two Data Domain systems.
To enable the DD Boost-over-FC service, you must install the supported fibre channel target HBAs on the host. The Data Domain Operating System Command Reference Guide and Data Domain Operating System Administration Guide provide information about using the scsitarget command for managing the SCSI target subsystem.
Steps
1. Enable the DD Boost-over-FC service by running the following command:
# ddboost option set fc enabled
2. (Optional) Set the dfc-server-name by running the following command:
# ddboost fc dfc-server-name set server_name
Alternatively, accept the default name, which is the base hostname of the Data Domain system. A valid dfc-server-name consists of one or more of the following characters:
lowercase letters (az) uppercase letters (AZ) digits (09) underscore (_) dash ()
NOTE: The dot or period character (.) is not valid within a dfc-server-name. You cannot use the fully qualified
domain name of a Data Domain system as the dfc-server-name.
3. Create a DD Boost FC group by running the following command:
# ddboost fc group create group_name
For example:
# ddboost fc group create lab_group
4. Configure the device set of the DD Boost FC group by running the following command:
# ddboost fc group modify group_name device-set count count endpoint {all | none | endpoint_list}
For example:
# ddboost fc group modify lab_group device-set count 8 endpoint all
5. Add initiators to the DD Boost FC group by running the following command:
# ddboost fc group add group_name initiator initiator_spec
For example:
# ddboost fc group add lab_group initiator "initiator-15,initiator-16"
6. Verify that the DFC devices are visible on the client. 7. Ensure that the user, who performs the backups and restores has the required permissions to access the DFC devices.
Managing the DD Boost-over-FC path The ifgroup-based advanced load balancing and link failover mechanism does not apply to the Fibre Channel transport.
The Data Domain system advertises one or more Processor-type SCSI devices to the database server over one or more physical paths. The database server operating system discovers the devices and makes them available to applications through a generic SCSI mechanism (SCSI Generic driver on Linux, SCSI Pass-Through Interface on Windows).
Consider the following example:
Configuring the Microsoft Application Agent for Exchange Server 17
The database server has two initiator HBA portsA and B Data Domain System has two FC target endpointsC and D You have configured Fibre Channel Fabric zoning so that both initiator HBA ports can access both FC target endpoints You have configured Data Domain system with a DD Boost FC group that contains the following components:
Both FC target endpoints on the Data Domain system Both initiator HBA ports Four devices (0, 1, 2, and 3)
In this example, the media server operating system might discover up to 16 generic SCSI devices; one for each combination of initiator, target endpoint, and device number:
/dev/sg11: (A, C, 0) /dev/sg12: (A, C, 1) /dev/sg13: (A, C, 2) /dev/sg14: (A, C, 3) /dev/sg15: (A, D, 0) /dev/sg16: (A, D, 1) /dev/sg17: (A, D, 2) /dev/sg18: (A, D, 3) /dev/sg19: (B, C, 0) /dev/sg20: (B, C, 1) /dev/sg21: (B, C, 2) /dev/sg22: (B, C, 3) /dev/sg23: (B, D, 0) /dev/sg24: (B, D, 1) /dev/sg25: (B, D, 2) /dev/sg26: (B, D, 3) When the Microsoft application agent requests that the Data Domain Boost library establish a connection to the server, the DD Boost- over-FC transport logic within the DD Boost library uses SCSI requests to build a catalog of these 16 generic SCSI devices. The SCSI devices are paths to access the DD Boost-over-FC service on the Data Domain System. As part of establishing the connection to the server, the DD Boost-over-FC transport logic provides the catalog of paths to the server.
Selecting the initial path The server maintains statistics about the DD Boost-over-FC traffic over the various target endpoints and known initiators. During the connection setup procedure, path management logic in the server evaluates these statistics and then selects the path, through which the server establishes the connection, based on the following criteria:
Evenly distribute the connections across different paths for queue-depth constrained clients. Queue-depth constraints on page 19 provides more information.
Select the least busy target endpoint. Select the least busy initiator from among the paths to the selected target endpoint.
Dynamic rebalancing The server periodically performs dynamic rebalancing when the statistics reveal the following situations:
For queue-depth constrained clients that Queue-depth constraints on page 19 describes, connections are distributed unequally across available paths
Workload across target endpoints is out of balance Workload across initiators is out of balance
When the server finds one of these situations, the server marks one or more connections for server-directed path migration. In a future data transfer operation, the server requests that the DD Boost library use a different path from the catalog for subsequent operations.
Client path failover The server dynamic rebalancing logic directs the client to use a different path. However, the client can use a different path if the client receives errors while using the connection's current path.
For example, assume the path catalog for a connection consists of eight paths:
/dev/sg21: (A, C, 0) /dev/sg22: (A, C, 1) /dev/sg23: (A, D, 0) /dev/sg24: (A, D, 1) /dev/sg25: (B, C, 0) /dev/sg26: (B, C, 1) /dev/sg27: (B, D, 0) /dev/sg28: (B, D, 1)
18 Configuring the Microsoft Application Agent for Exchange Server
The server selects the (A, C, 0) path during an initial path selection. The DFC transport logic in the DD Boost library starts sending and receiving data for the connection by using SCSI commands to /dev/sg21.
Later, the link from the target endpoint C to the switch becomes unavailable. Any subsequent SCSI request that the DFC transport logic submits to /dev/sg21 fails with an error code that indicates that the process could not deliver the SCSI request to the device.
In this case, the DFC transport logic looks in the catalog of devices for a path with a different physical component and a different combination of initiator and target endpoints. The DFC transport logic retires the SCSI request on the selected path, and repeats the process till the DFC transport logic finds a path that can successfully complete the SCSI request.
Queue-depth constraints The specific SCSI device that receives a request is irrelevant to the DD Boost-over-FC solution. All SCSI devices are identical destination objects for SCSI commands. When processing a SCSI request, the server logic gives no consideration to the specific device on which the SCSI request arrived.
Certain client operating systems restrict the number of outstanding I/O requests that the operating system can simultaneously process over a SCSI device. For example, the Windows SCSI Pass-Through Interface mechanism conducts only one SCSI request at a time through each of its generic SCSI devices. When multiple connections (for example, backup jobs) try to use the same generic SCSI device, the performance of the DD Boost-over-FC solution is impacted.
The Data Domain system also imposes a limit on the number of outstanding I/O requests for each advertised SCSI device. You must advertise multiple SCSI devices on the Data Domain system to overcome performance issues in the case of heavy workloads. The term queue-depth describes the system-imposed limit on the number of simultaneous SCSI requests on a single device. Client systems, such as Windows, the queue depth of which is so low as to impact performance, are considered to be queue-depth constrained.
Enabling encrypted file replication To enable the encrypted file replication option, run the following command:
About this task
# ddboost file-replication option set encryption enabled
Enabling encrypted file replication requires additional resources, such as CPU and memory on the Data Domain system, and does not require a restart of the Data Domain file system. The Data Domain Operating System Administration Guide provides information about encrypted file replication.
Data Domain replication Replicate data to remote Data Domain systems by using Data Domain Replicator. Replicating data enables you to perform recoveries in the case of disasters.
The Data Domain Replicator provides automated encrypted replication for disaster recovery and multi-site backup and archive consolidation. The Data Domain Replicator software asynchronously replicates only compressed, deduplicated data over a wide area network (WAN).
The Microsoft application agent does not initiate or monitor a replication. However, the product can restore from the replicated copy on a secondary Data Domain system. You must have used the product to create the backup on a primary Data Domain system. A Data Domain administrator performs the backup replication from the primary system to the secondary system.
To restore from a secondary Data Domain system, the restore operation must point to the secondary Data Domain system in the Data Domain host setting. There are no secondary Data Domain parameters.
Point to the secondary Data Domain system when configuring the restore operation, either explicitly with a Data Domain host parameter or with a configuration file.
NOTE: The replication process must not change the names of the directories and files created by the Microsoft
application agent.
To enable the backup replication and subsequent restore from a secondary Data Domain system, the user ID or primary
group ID of the DD Boost users on the primary and secondary systems must be identical.
You must meet specific configuration requirements to enable the restore of replicated backups from a secondary Data Domain system.
The Knowledgebase Article number 456734, titled Configuration of DDBoost Users on Source and Destination DDRs for MTree Replication, provides more details. The article is available on the Support website at https://www.dell.com/support.
The Configuring replication section in the Data Domain Operating System Administration Guide provides information about creating, enabling, disabling, and deleting replication pairs.
Configuring the Microsoft Application Agent for Exchange Server 19
Configuring usage limits of Data Domain resources Use either the Data Domain operating system commands or the Data Domain Administration GUI to set limits on usage of the following Data Domain resources:
Capacity: The amount of hard drive capacity that the application agent uses on a Data Domain host.
Capacity limits are based on the used logical space, which depends on the amount of data that is written to a storage unit before deduplication. Logical capacity is the size of the uncompressed data. For example, when a 1 GB file is written twice to the same empty storage unit, the storage unit has a logical size of 2 GB, but a physical size of 1 GB.
Streams: The number of Data Domain Boost streams that the application agent uses to read data from a storage unit or write data to a storage unit on a Data Domain host.
NOTE: The Microsoft application agent supports usage limits on Data Domain resources for Application Direct
operations only.
Data Domain uses the term quota to collectively describe the capacity soft and hard limits of a storage unit. Stream limits are called limits.
The Data Domain operating system supports soft and hard limits on capacity and streams usage:
When the Microsoft application agent exceeds a soft limit, the Data Domain host generates an alert. If the administrator has configured a tenant-unit notification list, the Data Domain host sends an email to each address in the list. The Microsoft application agent can continue to use more of the limited resource after a soft limit is exceeded.
When the Microsoft application agent exceeds a hard limit, it cannot use any more of the limited resource.
The Data Domain administrator must create a separate storage unit for each application agent host or set of hosts that are limited.
For example, if there are 10 application agent hosts, the Data Domain administrator must create at least 10 storage units to limit the storage unit capacity that each application agent host uses. To use fewer storage units, the administrator must group the application agent hosts and assign the group to a single storage unit. The application agent hosts in the group share this storage unit. However, you cannot limit the consumption of a storage unit by each host. One application agent host can consume 100% of the storage unit. The resources are consumed on the first-come, first-serve basis.
To determine the stream limits of a storage unit, run the following command:
msagentadmin.exe administration --listSU --config
active write streams: 11 active read streams: 0 soft limit write streams: none soft limit read streams: none soft limit combined streams: 40 hard limit combined streams: 60
NOTE: Depending on the number and type of parallel operations that are performed at a given time, the stream usage
varies. To determine the exact usage of the streams, monitor the number of streams that the storage units use over a
period of time.
Impact of exceeding quota limits At the start of a backup, the Microsoft application agent cannot determine how much capacity is required for the backup. The Microsoft application agent can perform a requested backup only when the destination host has sufficient space or storage capacity. Exceeding the soft quota limit When the Microsoft application agent exceeds the capacity soft limit:
During a backup, if the storage unit is part of a tenant-unit with a notification list, the Data Domain host sends an email to each address in the list. The list can include the Data Domain administrator and the application agent user.
Alerts appear in the Current Alerts panel in the Data Domain Administration GUI regardless of whether the storage unit is part of a tenant-unit.
The backup or restore operation continues without any adverse impact. The application agent does not generate any warning or error message in its log file or operational output.
Exceeding the hard quota limit When the Microsoft application agent exceeds the capacity hard limit during a backup, the Microsoft application agent cancels the backup.
Check the client backup and restore logs for error messages related to insufficient space on the storage unit. The following message shows an example:
20 Configuring the Microsoft Application Agent for Exchange Server
145732:(pid 4584):Max DD Stream Count: 60 153003:(pid 4584): Unable to write to a file due to a lack of space. The error message is: [5005] [ 4584] [984] Thu Apr 14 10:14:18 2016 ddp_write() failed Offset 163577856, BytesToWrite 524288, BytesWritten 0 Err: 5005-ddcl_pwrite failed (nfs: No space left on device) 86699:(pid 4584): Unable to write data into multiple buffers for save-set ID '1460654052': Invalid argument (errno=22)
Configuring usage limits of Data Domain quota To configure capacity usage limits for the application agent, the Data Domain administrator must set the hard capacity limit for the storage unit that the application agent uses for backups:
Steps
1. Determine which application agent hosts use the storage unit. 2. Determine the amount of capacity to allow for the storage unit. 3. Create the storage unit, and then set the capacity quota by using either the GUI or the command prompt. The Data Domain
documentation provides information. 4. Provide the Data Domain hostname, storage unit name, username, and password of the storage unit to the application agent users to
use to perform backups.
The Data Domain administrator can also set the soft capacity quota for the storage unit, which sends alerts and notifications, but does not limit the capacity usage.
NOTE: When a storage unit is almost full and the capacity quota is decreased, the next backup can fail. Data Domain
administrators must notify the Microsoft application agent users when they decrease a capacity quota, so that the
application agent users can evaluate the potential impact on backups.
Impact of exceeding the soft stream limit When the Microsoft application agent exceeds the stream soft stream limit:
During a backup, if the storage unit is part of a tenant-unit with a notification list, the Data Domain host sends an email to each address in the list. The list can include the Data Domain administrator and the application agent user.
Alerts appear in the Current Alerts panel in the Data Domain Administration GUI regardless of whether the storage unit is part of a tenant-unit.
The backup or restore operation continues without any adverse impact. The application agent does not generate any warning or error message in its log file or operational output.
Impact of exceeding the hard stream limit When the Microsoft application agent exceeds the hard stream limit during an operation, the Microsoft application agent cancels the operation.
Check the client backup and restore logs for error messages related to an exceeded stream limit. The following message shows an example:
153004:(pid 4144): Unable to write to a file because the streams limit was exceeded.
Configuring usage limits of Data Domain streams A storage unit can have soft and hard limits for streams. The Data Domain administrator can set individual soft limits for read, write, and replication streams. The administrator can set a hard limit only for the total number of streams.
About this task
To configure a streams usage limit for a storage unit, the Data Domain administrator must set the hard limit for the storage unit that the application agent uses for backups:
Steps
1. Determine which application agent hosts use the storage unit. 2. Determine the number of backup streams to allow for the storage unit. 3. Create the storage unit.
Configuring the Microsoft Application Agent for Exchange Server 21
The Data Domain administrator can set the streams limit either as part of the ddboost storage-unit create command or after creating the storage unit by using the ddboost storage-unit modify command. The Data Domain documentation provides information.
NOTE: The Data Domain administrator cannot set a streams limit by using the Data Domain Administration GUI.
4. Provide the Data Domain hostname, storage unit name, username, and password of the storage unit to the application agent users to use to perform backups.
The Data Domain administrator can also set soft limits for the storage unit, which send alerts and notifications, but do not limit the number of streams used.
The Data Domain administrator can use the ddboost storage-unit modify command to modify the streams limits of storage units. The Data Domain documentation provides information.
CAUTION: The Data Domain administrator must use caution when setting a streams hard limit. Setting the streams
limit to a low value can impact the backup and restore performance. Decreasing a streams limit can result in a
restore failure. The Data Domain administrator must notify the application agent users when decreasing a streams
hard limit so that the application agent users can evaluate the potential impact on backups and restores.
Configuring the Data Domain Cloud Tier for data movement to the cloud You can configure the Microsoft application agent to use the Data Domain Cloud Tier for the movement of backup data to the cloud and the subsequent recall of the backup data from the cloud.
Data Domain (DD) Cloud Tier is a native feature of DD OS 6.0 and later for data movement from the active tier to low-cost, high-capacity object storage in the public, private, or hybrid cloud for long-term retention.
The Microsoft application agent supports the DD Cloud Tier for movement of Application Direct backup data to the cloud, which frees up space on the Data Domain system (active tier).
NOTE: The Microsoft application agent does not support the DD Cloud Tier with a replicated MTree or storage unit in
the case of MTree replication.
You must set up a DD Cloud Tier policy, also known as a data movement policy, for each MTree or storage unit that the Microsoft applicant agent uses for data movement to the cloud.
After you have set up the data movement policies, you can configure and perform the following operations:
Movement of backup data from the Data Domain system to the cloud. Recall of backup data from the cloud to the Data Domain system.
A backup with the Microsoft application agent consists of backup save sets, where a save set is a collection of one or more save files created during the backup session.
A save file is an operating system file or block of data, the simplest object that you can back up or restore. A backup creates one or more save files within a save set. The Microsoft application agent moves and recalls the backup data at the save set level only, moving all the save files in a save set.
Setting up the DD Cloud Tier policy for data movement to the cloud The Microsoft application agent moves the backup data from the active tier to the cloud according to the DD Cloud Tier policy. To enable the data movement to the cloud, you must set up the required policy for each MTree or storage unit.
DD Cloud Tier provides two types of policy, the application-based policy and the age-based policy. The Microsoft application agent supports only the application-based policy, which is managed by the application that creates the backup files on the Data Domain system. This policy moves the backup file content to the cloud according to the application's specifications.
CAUTION: Do not apply an age-based policy to a storage unit that is used by the Microsoft application agent. An age-
based policy moves all the file content (including metadata) from a storage unit to the cloud according to the file age, as
when all the files older than T days are moved. Such data movement by an age-based policy can cause the failure of
metadata queries for the Microsoft application agent.
The DBA must contact the Data Domain administrator to create the application-based policy, also known as a data movement profile, for the MTree or storage unit that the Microsoft application agent uses for the Application Direct backups. The Data Domain documentation provides details about the DD Cloud Tier configuration procedures.
22 Configuring the Microsoft Application Agent for Exchange Server
For any DD OS version earlier than 6.1, the Data Domain administrator must use DD REST APIs to create application-managed based policies through tools such as the curl command. Starting with DD OS 6.1, the Data Domain administrator can run the Data Domain command data-movement policy to configure the application-based policy
Using the data-movement command with DD OS 6.1 or later
DD OS 6.1 or later enables you to configure the application-based policy through the following Data Domain command from the command line. This command sets the application-based policy for the specified Mtrees:
data-movement policy set app-managed {enabled | disabled} to-tier cloud cloud-unit
For example, the following command sets the application-based policy for the Mtree /data/col1/app-agent40:
data-movement policy set app-managed enabled to-tier cloud cloud-unit Cloud mtrees /data/col1/ app-agent40
You can run the following command to display the policy configuration result for verification purposes:
data-movement policy show
Mtree Target(Tier/Unit Name) Policy Value ------------------------- ---------------------- ------------- ------- /data/col1/app-agent40 Cloud/Cloud app-managed enabled ------------------------- ---------------------- ------------- -------
Distributed segment processing Distributed segment processing uses the Data Domain Boost library on the database server and the Data Domain software on Data Domain Replicator. The Microsoft application agent loads the DD Boost library during backup and restore operations.
Distributed segment processing allows the Microsoft application agent to perform parts of the deduplication process, which avoids sending duplicate data to the Data Domain system that you configured as a storage server.
The distributed segment processing feature provides the following benefits:
Increases throughput because the DD Boost library sends only unique data to the Data Domain system. The throughput improvements depend on the redundant nature of the data that you back up, the overall workload on the database server, and the database server capability. In general, greater throughput is attained with higher redundancy, greater database server workload, and greater database server capability.
Decreases network bandwidth requirements by sending the unique data to the Data Domain system through the network.
Manage distributed segment processing by using the ddboost command options. Use distributed segment processing if the network connection is 1 Gb Ethernet. Configuring distributed segment processing on page 15 provides information on how to configure the distributed segment processing.
Distributed segment processing supports the following modes of operation for sending backup data to a Data Domain system:
Distributed segment processing enabled Distributed segment processing disabled
Set the operation mode on the Data Domain system. The Microsoft application agent negotiates with the Data Domain system for the current setting of the option and accordingly performs backups.
Distributed segment processing enabled mode When you enable the distributed segment processing feature, the DD Boost library performs the following tasks:
1. Segments the data. 2. Computes IDs for the data segments. 3. Checks with the Data Domain system for duplicate segments. 4. Compresses unique segments that the Data Domain system does not contain. 5. Sends the compressed data to the Data Domain system, which writes the unique data to disk.
You must configure the local compression algorithm that the DD Boost library uses on the Data Domain system. The Data Domain Operating System Administration Guide provides more information about local compression and its configuration.
Configuring the Microsoft Application Agent for Exchange Server 23
Distributed segment processing disabled mode When you disable the distributed segment processing feature, the DD Boost library sends the data directly to the Data Domain system through the network. The Data Domain system then segments, deduplicates, and compresses the data before writing it to the disk.
NOTE: You cannot disable the distributed segment processing feature on an Extended Retention Data Domain system.
Advanced load balancing and link failover NOTE: This topic is relevant only if you use an Ethernet connection for backup and restore operations with the
Microsoft application agent.
The advanced load balancing and link failover feature enables the following capabilities:
Combination of multiple Ethernet links into an interface group. Registration of only one interface on the Data Domain system with the Microsoft application agent.
If you configure an interface group, the Microsoft application agent negotiates with the Data Domain system on the registered interface to send the data. When the Data Domain system receives the data, the data transfer load is balanced and distributed on all the interfaces in the group.
Load balancing provides greater physical throughput to the Data Domain system as compared to configuring the interfaces into a virtual interface by using Ethernet-level aggregation.
The Data Domain system balances the connection load from multiple database servers on all the interfaces in the group. The advanced load balancing and link failover feature works at the Application Direct software layer. The feature is seamless to the underlying network connectivity, and supports both physical and virtual interfaces.
The feature balances the load of the data transfer depending on the number of outstanding connections on the interfaces. The feature balances the load of the connections only for backup and restore jobs.
The file replication connection between Data Domain systems is not part of the load balancing. You must use only one IP address for the target Data Domain system.
You must exclude one interface from the interface group (ifgroup) and reserve that interface for the file replication path between the source and target Data Domain systems.
Every installation of the Microsoft application agent must be able to connect to every interface that is a member of the interface group on the Data Domain system.
You can use the advanced load balancing and link failover feature with other network layer aggregation and failover technologies. You can put the links that connect the database servers and the switch that connects to the Data Domain system in an aggregated failover mode. This configuration provides end-to-end network failover functionality. You can use any of the available aggregation technologies between the database server and the switch.
The advanced load balancing and link failover feature also works with other network layer functionality, such as VLAN tagging and IP aliasing, on the Data Domain systems. This functionality provides additional flexibility in segregating traffic into multiple virtual networks that run through the same physical links on the Data Domain system.
The Data Domain Operating System Administration Guide provides more information about how to configure VLAN tagging and IP aliasing on a Data Domain system.
The advanced load balancing and link failover feature provides the following benefits:
Eliminates the need to register one storage server for each host that runs the Microsoft application agent, which potentially simplifies installation management.
Routes subsequent incoming backup jobs to the available interfaces if one of the interfaces in the group stops responding while the Data Domain system is operational.
Increases link utilization by balancing the load of the backup and restore jobs on multiple interfaces in the group. Performs a transparent failover of all current jobs to healthy operational links when an interface fails. The process does not interrupt
the jobs.
Configuring advanced load balancing and link failover on page 15 provides information about how to configure advanced load balancing and link failover.
Configuration restrictions The Advanced load balancing and link failover feature has the following restrictions:
You can add interfaces to groups only by using IP addresses. You must use interfaces that have the same link speed in a group.
24 Configuring the Microsoft Application Agent for Exchange Server
You need a switch to connect multiple database servers because a Data Domain system supports only one interface group.
Encrypted managed file replication By default, after the database servers authenticate the file replication jobs by using the preconfigured Application Direct username and password, they set up unencrypted file replication jobs between two Data Domain systems. If you enable the encrypted file replication feature, when the database servers set up a replication job, the session between the source and destination Data Domain systems uses Secure Sockets Layer (SSL) to encrypt all image data and metadata sent over the WAN.
Enabling this feature on the Data Domain system is transparent to the Microsoft application agent. When the Microsoft application agent requests that the Data Domain system perform a file replication job, the source and destination systems negotiate the encryption without involving the Microsoft application agent. Encrypted file replication uses the ADH-AES256-SHA cipher suite, which you cannot change, on the Data Domain operating system. If you enable this feature, you do not require to restart the file system on the Data Domain system.
If you enable encrypted file replication, you must install a replicator license on any source and destination Data Domain systems that have DD OS 5.0 or later. Encrypted file replication applies to all file replication jobs on the system.
You can use encrypted file replication with the encryption of data-at-rest feature, which is available on Data Domain operating systems with the optional encryption license. When you use encrypted file replication with the encryption of data-at-rest feature, the backup process uses SSL to encrypt the backup image data over a WAN.
Enabling encrypted file replication on page 19 provides information on how to enable encrypted file replication. The Data Domain Operating System Administration Guide provides more information about encrypted file replication.
Data Domain High Availability The Data Domain High Availability feature enables you to configure two Data Domain systems as an Active-Standby pair, which provides redundancy in the case of a system failure. The feature ensures that the active and standby systems are in sync so that if the active node fails because of either hardware or software issues, the standby node can continue the services.
The Data Domain High Availability feature provides the following additional support and capabilities:
Supports failover of backup, restore, replication, and management services in the two-node system.
Automatic failover does not require the user intervention. Provides a fully-redundant design with no failures when the system is configured according to the recommendations. Provides an Active-Standby system with no deterioration of performance in the case of a failover. Provides a failover within 10 minutes for most of the operations. Supports IP and FC connections.
Both the nodes must have access to the same IP networks, FC SANs, and hosts.
The latest version of the Data Domain Operating System Administration Guide provides more information about the Data Domain High Availability feature.
Validating the Data Domain system To validate the status of the Data Domain system, run the following commands:
filesys status ddboost status ifgroup show config interfaces ddboost show connections ddboost storage-unit show compression ddboost storage-unit show
The Data Domain Operating System Command Reference Guide provides details about these commands and their options.
The command that you use to validate the communication between the database server and the Data Domain system depends on the type of the network connection that you use.
If you have a DD Boost-over-IP system, log in to the database server, and then run the following command:
# rpcinfo -p
The command output must include the ports listed in Opening ports in a firewall to enable Data Domain backups on page 11.
Configuring the Microsoft Application Agent for Exchange Server 25
If you have a DD Boost-over-FC system, log in to the database server, and then run the relevant command to verify whether the DFC devices are visible on the client.
The Data Domain Operating System Command Reference Guide provides details about the supported commands.
Troubleshooting the Data Domain system The Knowledgebase Article 334991, which is titled How to troubleshoot DataDomain DD Boost connectivity and performance provides information about how to use the ddpconnchk tool to troubleshoot specific Application Direct issues. The article is available on Online Support at https://www.dell.com/support.
Configure users with the App Agent Exchange Admin Configuration tool In order to protect a stand-alone Exchange Server or Exchange database availability group (DAG) with the Microsoft application agent you must configure an account with the required privileges.
The App Agent Exchange Admin Configuration tool simplifies configuring security group memberships by ensuring that users have all the required Active Directory security group memberships and PowerShell management roles.
The App Agent Exchange Admin Configuration tool enables you to create or reset account permissions with the necessary privileges to perform backup and recovery operations on an Exchange Server. After installing the Microsoft application agent, use the tool to create an account, or to modify, validate, and update existing account privileges.
To use the App Agent Exchange Admin Configuration tool, you must be logged in with domain administrator permissions. You can use an existing non-administrative user to run the App Agent Exchange Admin Configuration tool only if you select Skip Active Directory Authentication and configure the user on each Exchange Server node. This option skips the Active Directory authentication and authorization operations for the user, and only sets the user as the Microsoft application agent Exchange user account in the registry for backup and recovery operations.
The Microsoft application agent uses the user account that is set in the registry by the App Agent Exchange Admin Configuration tool to perform backups and database or granular-level recovery.
To create a Microsoft application agent Exchange administrator account, the App Agent Exchange Admin Configuration tool performs the following steps:
Creates an Active Directory user account. Creates a custom Exchange security group, which is EMC App Agent Exchange Admin Roles. Adds the user account to the groups that are listed in the following table:
Table 3. Permissions that the Exchange Admin Configuration tool configures
User group Exchange Server role
Security group memberships on the Microsoft application agent client host
Local Administrator
Security group memberships on Domain Controller Remote Desktop Users
Exchange Security Group memberships Exchange Servers EMC App Agent Exchange Admin Roles, which include: Exchange Roles Database Copies Databases Disaster Recovery Mailbox Import Export Mail Recipient Creation Mail Recipients View-Only Configuration
Configuring an administrative user You can perform the following actions after clicking Configure Admin User:
26 Configuring the Microsoft Application Agent for Exchange Server
Create a Microsoft application agent Exchange Admin user, configure the permissions that are required for Exchange backup and recovery (both database and GLR), and set the user account in the registry.
Update an existing Exchange Admin user's permissions to those that are required for Exchange backup and recovery (both database and GLR), and set the App Agent Exchange administrator account in the registry.
Set an existing user as an App Agent Exchange Admin account in the registry.
Configure an administrative Exchange backup account You can configure an administrator user with the App Agent Exchange Admin Configuration tool by creating an account, or by using an existing account.
Steps
1. In the App Agent Exchange Admin Configuration window, click Configure Admin User. 2. Under Action, select one of the following options:
Create new adminCreate an Exchange user account for Microsoft application agent backup and recovery operations. Configure existing userUse an existing Exchange user account for Microsoft application agent backup and recovery
operations. 3. Type the User Name and Password. 4. If you are creating an account:
a. In the Confirm Password field, retype the password. b. From the Database list, select the Exchange database for which the user will perform backups and recoveries.
5. (Optional) Select Assign Organization Management rights.
Members of the Organization Management role group have permissions to manage Exchange objects and their properties in the Exchange organization. Members can also delegate role groups and management roles in the organization.
NOTE: If you select Assign Organization Management rights, the Microsoft application agent adds the user to the
Organization Management group. The tool does not create a EMC App Agent Exchange Admin Roles security group.
If you do not select this option and also do not select the Skip Active Directory Authentication option, the Microsoft
application agent will create an Active Directory security group called EMC App Agent Exchange Admin Roles and
add the user to that group.
6. (Optional) Select Create ContentSubmitters security group.
This option creates a ContentSubmitters Active Directory security group. This option is unavailable if a ContentSubmitters group is already created in the Active Directory. This option is available only on Exchange Server 2013 and later.
7. (Optional) If you are configuring an existing user, select Skip Active Directory Authentication.
This option skips the Active Directory authentication and authorization operations for the user, and only sets the user as the Microsoft application agent Exchange user account in the registry for backup and recovery operations.
NOTE: This option should be selected when you manually configure a user.
8. Click Configure. The output window shows the status of the configure operation, including any warning or error messages.
Results
The user receives the necessary permissions to backup and restore the Exchange database. View the configured user in the Properties window of the Exchange Servers security group, on the Members tab.
Configuring an administrator in a parent and child domain environment Consider the following when configuring a user in a parent and child domain environment.
In a parent child domain environment, when you create a user in a child domain, then the user is added to the Active Directory of the child mailbox server. However, the user inherits the security group membership from the parent domain.
The App Agent Exchange Admin Configuration Tool does not support user configurations for the following scenarios:
To create a user in the parent Active Directory from a child mailbox server. To create a user in the child Active Directory from a parent mailbox server.
Configuring the Microsoft Application Agent for Exchange Server 27
To create a user from a child or parent mailbox server in a different domain of the same forest.
Manually configure a user in these scenarios.
Examples of administrative user configurations This section provides examples of configuring an administrator with the App Agent Exchange Admin Configuration tool.
Configuring or modifying an Admin user with Organization Management rights
The user will be a member of the Organization Management group, but will not be a member of the EMC App Agent Exchange Admin Roles group.
1. In the App Agent Exchange Admin Configuration window, click Configure Admin User. 2. Complete the Configure Admin User page, and then select Assign Organization Management rights. 3. Click Configure. 4. Verify that all the configurations are correctly set, System Configuration Checker.
Configuring or modifying an Admin user without Organization Management rights
The user will be a member of the EMC App Agent Exchange Admin Roles group, but will not be a member of the Organization Management group.
1. In the App Agent Exchange Admin Configuration window, click Configure Admin User. 2. Complete the Configure Admin User page. Ensure that Assign Organization Management rights is not selected. 3. Click Configure. 4. Verify that all the configurations are correctly set by running the System Configuration Checker.
Manually configuring an Exchange backup Admin user
1. Configure the user manually in Active Directory, and ensure that the user has the appropriate roles and rights, as described in Configure users with the App Agent Exchange Admin Configuration tool on page 26.
2. In the App Agent Exchange Admin Configuration window, click Configure Admin User. 3. On the Configure Admin User page, perform the following steps:
a. Select Configure Existing User. b. In the User Name and Password fields, type the required information. c. Select Skip Active Directory Authentication. d. Click Configure.
Configuring a non-administrative user You can create an Exchange backup user with non-administrative privileges.
In order to configure a non-admin Windows user to perform Exchange protection operations, you must create a domain user and assign that user the required privileges with the App Agent Exchange Admin Configuration tool.
NOTE: You can use a non-administrative user to run the App Agent Exchange Admin Configuration tool only if you select
Skip Active Directory Authentication and configure the user with the tool on each Exchange Server node.
Creating a non-administrative domain account for creating Exchange backup users You can create Exchange backup users with a non-administrative Windows account if it is configured with the required privileges.
Prerequisites
You must be logged in to a domain controller as an administrative domain user.
Steps
1. Create a new domain user.
Once created, the user is listed in the Active Directory Users and Computers window.
2. Open the user Properties window, and in the Members Of tab, ensure that the user is added to the following user groups:
28 Configuring the Microsoft Application Agent for Exchange Server
User right Description
Remote Desktop Users Allows the user to remotely connect to a domain controller.
Account Operators Allows the user to create domain user accounts.
The user is also a member of the Domain Users group by default.
3. Open the Group Policy Management Editor window, and under Windows Settings > Security Settings > Local Policies > User Rights Assignment, grant the user the following rights:
User right Description
Allow log on locally Allows the user to log on to all domain controllers in the domain.
Allow log on through Remote Desktop Services
Allows the user to log on to all domain controllers in the domain through Remote Desktop Services.
Account Operators Allows the user to create domain user accounts.
4. To apply the changes, log out of the domain controller.
Configure a non-administrative Exchange backup account You can use the App Agent Exchange Admin Configuration tool to configure a non-administrative Windows account to perform Exchange backup and recovery.
Prerequisites
Log in to a domain controller with a user who can create domain accounts. Creating a non-administrative domain account for creating Exchange backup users on page 28 provides details on how to configure a non-administrative user with the required privileges.
Steps
1. Create a new domain user.
Once created, the user is listed in the Active Directory Users and Computers window.
2. Open the user Properties window, and in the Members Of tab, ensure that the user is added to the following user groups:
User right Description
Remote Desktop Users Allows the user to remotely connect to a domain controller.
Organization Management Allows the user administrative access to the Exchange organization.
The user is also a member of the Domain Users group by default.
3. Perform the following steps on each Exchange Server that you want to back up, including all servers that are part of a database availability group (DAG):
a. Log on to the Exchange Server as a local Administrator. b. In Computer Management > Local Users and Groups, add the new user to the Administrators group. c. To apply the changes, log out of the Exchange Server. d. Log on to the Exchange Server as the new user. e. Launch the App Agent Exchange Admin Configuration tool. f. In the App Agent Exchange Admin Configuration tool window, click Configure Admin User. g. On the Configure Admin User page, perform the following actions:
i. Select Configure existing user. ii. Enter the credentials for the user created in step 1. iii. Select Skip Active Directory Authentication.
NOTE: Do not select Assign Organization Management rights, otherwise the configuration will fail.
iv. Click Configure.
Results
The user is set in the registry and assigned the non-administrative permissions that are required for Exchange backup and recovery.
Configuring the Microsoft Application Agent for Exchange Server 29
Update Admin Password Click Update Admin Password to modify the Microsoft application agent Exchange administrator account password and update the registry.
Validating an existing administrator Use the App Agent Exchange Admin Configuration tool to verify whether a Microsoft application agent Exchange administrator account is correctly configured.
About this task
NOTE: Validating an existing administrator in a parent and child domain environment can fail because the tool might try
to contact Active Directory to validate credentials from the registry.
Steps
1. In the App Agent Exchange Admin Configuration window, click Validate an existing Admin. 2. In the User Name and Password fields, type the required information. 3. Click Validate.
A window that lists the Exchange servers in your environment opens. 4. Select each server that the user must back up or recover, and then click OK.
The window closes and the validate operation starts. The output window shows the status of the operation including any warning or error messages.
Results
The output window shows the results of the validate operation.
Create a configuration file Create a configuration file with any of the following parameters, as required.
NOTE: For PowerProtect Data Manager integrated centralized and self-service workflows, instead of manually creating
a configuration file, you can run the Import-ExchangeBackupConfigFile cmdlet with the -Backup or -Restore parameter. This cmdlet imports the required configuration parameters into the object.
General The following table describes the parameters for the General configuration file category.
Table 4. General configuration file parameters
Parameter Description
CLIENT=
Specifies the FQDN of Exchange Server, to which you want to back up or restore the databases. In the case of a DAG (IP and IP- less) configuration, specify the FQDN of the DAG instance.
BACKUP_TYPE=BlockBasedBackup Mandatory.
Specifies that the backup will be a block based backup.
LOCKBOX_PATH=
Specifies the complete directory pathname of the lockbox on the database or application host. For example, C:\Program Files \DPSAPPS\common\lockbox.
30 Configuring the Microsoft Application Agent for Exchange Server
Table 4. General configuration file parameters (continued)
Parameter Description
DEBUG_LEVEL=
Specifies whether the software writes debug messages to the debug log file. The default value is 0, in which no debug messages are generated. The highest level is 9, in which the most detailed debug messages are generated.
DELETE_DEBUG_LOGS_DAYS=
Deletes debug log files that are older than the specified number of days. The valid range is between 1 and 30. The default value is 30 days. Regularly deleting debug logs prevents the log folder on the installation drive from becoming too large. When this parameter is used in the backup operation, it will delete backup logs and when it is used in a restore operation, it will delete restore logs.
NOTE: This parameter only deletes debug logs named in the default format and located in the logs folder at
-Retention +
Specifies the period in which to retain a backup. After the period passes, the backup expires.
The default retention period is 30 days. The maximum retention date is 2/7/2106.
The -Retention parameter accepts a + followed by an integer followed by one of the following time indicators:
d specifies a retention period in days.
w specifies a retention period in weeks.
m specifies a retention period in months.
y specifies a retention period in years.
For example, -Retention +20d specifies to retain the backup for 20 days.
Primary system The following table describes the parameters for the Primary system configuration file category.
Table 5. Primary system configuration file parameters
Parameter Description
DDBOOST_USER=
Specifies the username of the DD Boost user.
You must register the hostname and the DD Boost username in the lockbox to enable Microsoft application agent to retrieve the password for the registered user.
DEVICE_HOST=
Specifies the name of the Data Domain server that contains the storage unit, to which you want to back up and restore the databases.
Configuring the Microsoft Application Agent for Exchange Server 31
Table 5. Primary system configuration file parameters (continued)
Parameter Description
You must register the hostname and the DD Boost username in the lockbox to enable Microsoft application agent to retrieve the password for the registered user.
DEVICE_PATH=
Specifies the name and the path of the storage unit, to which you want to back up and restore the databases.
DDBOOST_FC={TRUE | FALSE} Optional.
Specifies whether a backup or restore on the primary Data Domain system uses a Fibre Channel (FC) or IP network connection. The default value is FALSE. Specify TRUE to use an FC network connection during backup and restore.
NOTE: If this parameter is set to TRUE, the primary Data Domain system must be configured to support an FC connection.
DEVICE_FC_SERVICE=
Specifies the name of the FC service configured on the primary Data Domain system to be used for a backup or restore.
DDVDISK_USER=
Specifies the Data Domain vdisk user. If you do not specify this parameter, the value defaults to the DDBOOST_USER.
BACKUP_PREFERENCE={preferred | passive | active} Optional.
This parameter applies only to federated backups of an Exchange DAG.
Specifies the preference of the backup method. The following values are valid:
preferred (default): Backs up the passive copy or replica of each database in the DAG. The Exchange Server, on which each passive database will be backed up will be determined by the server order list. If there are no passive databases (either there is no replica or if all the current replicas are suspended or dismounted), then the active databases will be backed up.
passive: Backs up only passive databases in the DAG.
active: Backs up only active databases in the DAG.
SERVER_ORDER_LIST=
This parameter applies only to federated backups of an Exchange DAG.
Specifies the order in which the databases on each Exchange Server in the DAG are backed up. If you do not specify a list, the coordinating node distributes the backups according to an unordered list of the Exchange Servers in the DAG.
INCLUDE_STANDALONE_DATABASES={TRUE | FALSE} Optional.
This parameter applies only to federated backups of an Exchange DAG.
32 Configuring the Microsoft Application Agent for Exchange Server
Table 5. Primary system configuration file parameters (continued)
Parameter Description
Specifies whether to include public folders and stand-alone databases. The default value is TRUE. Specifying FALSE excludes public folders and stand-alone databases.
Example configuration file contents For example, create the C:\config.cfg file with the following contents:
DDBOOST_USER=DD163_user DEVICE_HOST=ledmd035.lss.example.com DEVICE_PATH=/SU_DD163 LOCKBOX_PATH="C:\Program Files\DPSAPPS\common\lockbox" DDVDISK_USER=DD163_user CLIENT=mw2k8x64exch2.appagentdev.com
Import the configuration file Use the Import-ExchangeBackupConfigFile cmdlet to import the configuration parameters needed to perform a specific operation to an object.
Import the configuration parameters to an object that you can use to perform operations such as backups, listing backups, mounting backups, and restores by using the corresponding cmdlets.
Use the following syntax to import the configuration file parameters with the Import-ExchangeBackupConfigFile cmdlet:
Related manuals for Dell PowerProtect 19.5 Data Manager Exchange Server User Guide
Manualsnet FAQs
If you want to find out how the 19.5 Dell works, you can view and download the Dell PowerProtect 19.5 Data Manager Exchange Server User Guide on the Manualsnet website.
Yes, we have the Exchange Server User Guide for Dell 19.5 as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.
The Exchange Server User Guide should include all the details that are needed to use a Dell 19.5. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.
The best way to navigate the Dell PowerProtect 19.5 Data Manager Exchange Server User Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.
This Dell PowerProtect 19.5 Data Manager Exchange Server User Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.
You can download Dell PowerProtect 19.5 Data Manager Exchange Server User Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.
To be able to print Dell PowerProtect 19.5 Data Manager Exchange Server User Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.5 Data Manager Exchange Server User Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.