Contents

Dell PowerProtect 1.1 Data Manager Installation Guide PDF

1 of 174
1 of 174

Summary of Content for Dell PowerProtect 1.1 Data Manager Installation Guide PDF

Dell EMC Enterprise Copy Data Management Version 1.1

Installation and Administration Guide 302-003-165

REV 01

Copyright 2016-2017 Dell Inc. or its subsidiaries. All rights reserved.

Published March 2017

Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS-IS. DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND

WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED

IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners.

Published in the USA.

Dell EMC Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.DellEMC.com

2 Enterprise Copy Data Management 1.1 Installation and Administration Guide

7

Deploying and Configuring the Appliance 11 Enterprise Copy Data Management (eCDM) interoperability matrix........... 12 Minimum system requirements................................................................... 12 Deploying the OVA in a vSphere environment............................................. 13

Deploying the OVA file on a vCenter server....................................13 Deploying the OVA file by using the vSphere Client on an ESXi host .......................................................................................................15

Configuring the virtual appliance.................................................................16 eCDM eLicensing........................................................................................ 18

Trial license.................................................................................... 19 FETB license..................................................................................20 License management......................................................................21

Upgrading the eCDM appliance ................................................................. 23

Getting Started 27 About Enterprise Copy Data Management (eCDM)....................................28 Accessing the eCDM UI..............................................................................28

About the Settings window............................................................30 Credentials window....................................................................... 32 Using the Help Center................................................................... 32 Using the Onboarding Panel.......................................................... 32

Discovering Protectable Assets 33 About inventory sources, storage systems, and protectable assets............34

Data Domain credentials................................................................ 34 Protectable assets.........................................................................34

Prerequisites for discovering Inventory Sources........................................ 35 Discovering Inventory Sources .................................................................. 36 Discovering assets and copies manually......................................................37 Editing Inventory Sources ..........................................................................37 Deleting Inventory Sources ........................................................................38

Managing Tenants 39 Tenants...................................................................................................... 40

Multi-tenancy................................................................................ 40 System Tenant.............................................................................. 40

Users ......................................................................................................... 40 Default Admin user ....................................................................... 40

Roles........................................................................................................... 41 Executive role.................................................................................41 Export and Recovery Admin role.................................................... 41 Operations Monitor role.................................................................42 EMC Remote Support role.............................................................42 Security Admin role....................................................................... 42

Preface

Chapter 1

Chapter 2

Chapter 3

Chapter 4

CONTENTS

Enterprise Copy Data Management 1.1 Installation and Administration Guide 3

Storage Admin role........................................................................ 43 System Tenant Admin role.............................................................43

Managing the System Tenant.....................................................................44 Managing tenants.......................................................................................46

Creating tenants............................................................................46 Editing tenants.............................................................................. 47 Deleting a tenant........................................................................... 47 Viewing tenants............................................................................. 48

Managing user accounts.............................................................................48 Managing users that are assigned to the System Tenant...............49 Configuring LDAP or AD authentication authorities....................... 52 Modifying or deleting LDAP group to role mapping........................60 Logging in to the eCDM appliance with an LDAP or AD user......... 60 Troubleshooting LDAP configuration issues...................................60

Assigning assets to tenants.........................................................................61 Removing assets that are assigned to tenants............................................ 61 Reviewing tenant compliance..................................................................... 62

Managing Assets 63 Managing the Inventory of Assets.............................................................. 64

Protectable Assets........................................................................ 64 Storage Assets.............................................................................. 66 Protection Storage Assets.............................................................67

Tagging assets........................................................................................... 68 Categorized tags........................................................................... 69 XtremIO Consistency Group tags.................................................. 69 Using tags..................................................................................... 69

Reviewing Primary Storage Protection.......................................................73 Reviewing Protection Storage.................................................................... 74

Creating and Assigning Protection Plans 75 About protection plans............................................................................... 76

Managing and monitoring SLO compliance.................................... 76 About Service Level Objectives..................................................... 76 About stages................................................................................. 80

Prerequisites for assigning protection to protectable assets...................... 84 Setting Data Domain MTree Credentials........................................84 Configuring Data Domain, VMAX, XtremIO, and RecoverPoint for ProtectPoint..................................................................................85 Configuring XtremIO storage groups to use ProtectPoint............. 85

Creating a protection plan.......................................................................... 86 Naming a protection plan...............................................................87 Adding stages to a protection plan.................................................87 Assign a tenant to a protection plan .............................................. 91 Configuring Protection Plan Settings............................................. 91 Reviewing protection plans............................................................92

Managing protection plans......................................................................... 92 Assigning protection to an asset....................................................93 Editing a protection plan................................................................93 Activating a protection plan to make it available to assigned tenants ...................................................................................................... 94 Assign or unassign tenants to a protection plan.............................94 Suspending or resuming protection plans...................................... 95 Deleting protection plans...............................................................95

Chapter 5

Chapter 6

CONTENTS

4 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Removing a protection plan that is assigned to a protectable asset... 96 Reviewing the status of protection plans.......................................96 Monitoring protection plans...........................................................98 Reviewing protection plan compliance......................................... 100

Recovering and Reusing Data 101 Viewing protection copy set summaries.................................................... 102 Deleting copy sets.....................................................................................103 Exporting copy sets.................................................................................. 104

Prerequisites for exporting a VMAX copy set...............................104 Creating FAST.X Device manually................................................ 104 Exporting a VMAX copy set..........................................................107 Exporting an XtremIO copy set..................................................... 113

Unexporting an exported copy set............................................................. 117 Restoring a copy set to an alternate location............................................. 118 Restoring a copy set to the same location................................................. 121 Consideration and limitations.................................................................... 123

Using the Dashboard 125 About Dashboard...................................................................................... 126

Dashboard widgets....................................................................... 127 Capacity monitoring in the Dashboard.......................................................128

Reviewing Primary Storage Protection........................................ 128 Reviewing Protection Storage......................................................129

License......................................................................................................129 Reviewing tenant compliance....................................................................130 Reviewing protection plan compliance....................................................... 131 eCDM Health............................................................................................ 132

Monitoring the System 135 Monitoring protection plans...................................................................... 136 Monitoring tasks....................................................................................... 137 Monitoring events..................................................................................... 139 Viewing notifications................................................................................. 140

Protecting the eCDM server 143 Managing system backups........................................................................ 144

Configuring the Data Domain system........................................... 144 Configuring the appliance system protection............................... 145 Performing a manual appliance backup.........................................147 Monitoring system protection activities....................................... 147 Manually deleting system backups............................................... 148

Performing a disaster recovery................................................................. 148 Performing an eCDM disaster recovery .......................................148 Troubleshooting disaster recoveries.............................................150

Configuring the System 151 Monitoring system state and system health.............................................. 152

Monitoring and changing the state of the appliance..................... 152 Monitoring system component health.......................................... 154

Reconfiguring the virtual appliance........................................................... 156

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Chapter 11

CONTENTS

Enterprise Copy Data Management 1.1 Installation and Administration Guide 5

Reconfiguring the network settings............................................. 157 Modifying the time zone...............................................................158 Modifying the lockbox passphrase............................................... 158 Managing passwords for OS user accounts..................................159 Managing keychains......................................................................161

Modifying the eCDM appliance hardware settings.................................... 162 Modifying the appliance memory configuration............................ 162 Modifying the data disk size......................................................... 162 Modifying the system disk size.....................................................164

Logs and Troubleshooting 167 Logs settings.............................................................................................168

Log levels..................................................................................... 168 Exporting logs.............................................................................. 169

Registering eCDM with EMC Secure Remote Services..............................171 Callhome...................................................................................... 173

Chapter 12

CONTENTS

6 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Preface

As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.

If a product does not function correctly or does not function as described in this document, contact a technical support professional.

Note

This document was accurate at publication time. To ensure that you are using the latest version of this document, go to the Support website at https:// support.emc.com.

Purpose This document describes how to install, configure, and administer Enterprise Copy Data Management (eCDM) software.

Audience This document is intended for the host system administrator who is involved in managing, protecting, and reusing data across the enterprise by deploying eCDM.

Revision history The following table presents the revision history of this document.

Table 1 Revision history

Revision Date Description

05 March 10, 2017 Update to Exporting a VMAX copy set on page 107.

04 January 09, 2017 Corrected documentation version to Enterprise Copy Data Management 1.1.

03 December 16, 2016 Updates to Enterprise Copy Data Management 1.0 SP1. The following topics were updated:

l Enterprise Copy Data Management (eCDM) interoperability matrix on page 12

l Discovering assets and copies manually on page 37

l Adding a tag to a protectable asset on page 70

l Prerequisites for exporting a VMAX copy set on page 104

l Exporting an XtremIO copy set on page 113

Enterprise Copy Data Management 1.1 Installation and Administration Guide 7

Table 1 Revision history (continued)

Revision Date Description

l Restoring a copy set to an alternate location on page 118

l Restoring a copy set to the same location on page 121

l Consideration and limitations on page 123

l Unexporting an exported copy set on page 117

02 October 26, 2016 Minor updates for Enterprise Copy Data Management 1.0. The following topics were updated:

l Editing Inventory Sources

l Deleting Inventory Sources

l Restoring a copy set to an alternate location

01 September 12, 2016 Release of this document for Enterprise Copy Data Management 1.0.

Special notice conventions that are used in this document The following conventions are used for special notices:

NOTICE

Identifies content that warns of potential business or data loss.

Note

Contains information that is incidental, but not essential, to the topic.

Typographical conventions The following type style conventions are used in this document:

Table 2 Style conventions

Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.

Italic Used for full titles of publications that are referenced in text.

Monospace Used for:

l System code

l System output, such as an error message or script

l Pathnames, file names, file name extensions, prompts, and syntax

Preface

8 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Table 2 Style conventions (continued)

l Commands and options

Monospace italic Used for variables.

Monospace bold Used for user input.

[ ] Square brackets enclose optional values.

| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.

{ } Braces enclose content that the user must specify, such as x, y, or z.

... Ellipses indicate non-essential information that is omitted from the example.

You can use the following resources to find more information about this product, obtain support, and provide feedback.

Where to find product documentation

l https://support.emc.com

l https://community.emc.com

Where to get support The Support website at https://support.emc.com provides access to licensing information, product documentation, advisories, and downloads, as well as how-to and troubleshooting information. This information may enable you to resolve a product issue before you contact Support.

To access a product specific Support page:

1. Go to https://support.emc.com/products.

2. In the Find a Product by Name box, type a product name, and then select the product from the list that appears.

3. Click the following button:

4. (Optional) To add the product to My Saved Products, in the product specific page, click Add to My Saved Products.

Knowledgebase The Knowledgebase contains applicable solutions that you can search for by solution number, for example, 123456, or by keyword.

To search the Knowledgebase:

1. Go to https://support.emc.com.

2. Click Advanced Search. The screen refreshes and filter options appear.

3. In the Search Support or Find Service Request by Number box, type a solution number or keywords.

4. (Optional) To limit the search to specific products, type a product name in the Scope by product box, and then select the product from the list that appears.

5. In the Scope by resource list box, select Knowledgebase. The Knowledgebase Advanced Search panel appears.

Preface

Enterprise Copy Data Management 1.1 Installation and Administration Guide 9

6. (Optional) Specify other filters or advanced options.

7. Click the following button:

Live chat To participate in a live interactive chat with a support agent:

1. Go to https://support.emc.com.

2. Click Chat with a Support Agent.

Service requests To obtain in-depth help from Support, submit a service request. To submit a service request:

1. Go to https://support.emc.com.

2. Click Create a Service Request.

Note

To create a service request, you must have a valid support agreement. Contact a sales representative for details about obtaining a valid support agreement or with questions about an account.

To review an open service request:

1. Go to https://support.emc.com.

2. Click Manage service requests.

Online communities Go to the Community Network at https://community.emc.com for peer contacts, conversations, and content on product support and solutions. Interactively engage online with customers, partners, and certified professionals for all products.

How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPAD.Doc.Feedback@emc.com.

Preface

10 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 1

Deploying and Configuring the Appliance

This section contains the following topics:

l Enterprise Copy Data Management (eCDM) interoperability matrix................... 12 l Minimum system requirements........................................................................... 12 l Deploying the OVA in a vSphere environment.....................................................13 l Configuring the virtual appliance........................................................................ 16 l eCDM eLicensing................................................................................................18 l Upgrading the eCDM appliance .........................................................................23

Deploying and Configuring the Appliance 11

Enterprise Copy Data Management (eCDM) interoperability matrix

The following table summarizes the supported software and hardware configurations for an eCDM deployment.

Table 3 eCDM support matrix

Product Supported versions

VMAX3 VMAX3 storage array 400K, 200K, 100K with microcode 5977-811-785

SMI-S provider: Solution Enabler (SYMAPI) 8.2.0.8, 8.3.0.6

Data Domain DD990, DD4500, DD7200, DD9500

DDOS 5.7.1, 5.7.2, 5.7.3, 6.0

DDMC 1.4.5

Data Domain Management Center Support Matrix provides more information.

XtremIO 4.0.0-64, 4.0.1-x, 4.0.2-x

RecoverPoint 4.4.x, 5.0

RecoverPoint Support Matrix provides more information.

ProtectPoint V2.0, V3.0, and V3.1 for ProtectPoint with VMAX

V3.1 for ProtectPoint with XtremIO

ProtectPoint Compatibility Matrix provides more information.

VMware ESX server 5.5.x, 6.x

VMware vCenter server 5.5.x, 6.x

Minimum system requirements Review the following system requirements.

Minimum supported hardware requirements for the ESXi host Review the following VMware documentation for information about the minimum supported hardware requirements for the ESXi host on which you deploy the appliance:

l ESXi 6.0 hardware requirements

l ESX 5.5.x hardware requirements

Example 1 Minimum supported hardware requirements for eCDM

Deploying and Configuring the Appliance

12 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Example 1 Minimum supported hardware requirements for eCDM (continued)

The eCDM appliance has the following minimum system requirements:

l 8 CPU cores

l 16 GB memory

l One 100 GB disk and one 500 GB disk

Note

The appliance deploys the disks as Independent - Persistent. Virtual machine snapshot do not include disk images.

l One 1 GB/s NIC

Deploying the OVA in a vSphere environment You can deploy the OVA by using one of the following methods.

l Manually deploying the OVA to a vCenter serverUse this method to deploy the OVA to a standalone or cluster host, while logged into the vCenter server. Supports configuring the network settings during the deployment.

l Manually deploying the OVA to an ESXi hostUse this method to deploy the OVA while logged in to an ESXi host that is not managed by a vCenter server. Use the VM console to configure the network settings after the deployment completes.

Deploying the OVA file on a vCenter server Use this method to deploy the OVA to a standalone or cluster host, while logged into the vCenter server. Supports configuring the network settings during the deployment.

Procedure

1. Log in to the vSphere client.

2. From the File menu, select Deploy OVF Template.

3. On the Source window:

a. Navigate to the OVA package:

l Type a URL path to the OVA package.

l Click Browse and navigate to the OVA package location.

b. Click Next.

4. On the OVF Template Details window, review the details, and then click Next.

5. On the Name and Location window, specify a name for the virtual appliance, and optionally the inventory location, for example a datacenter or VM folder. Click Next.

6. If the location you selected in the previous step has more than one available host, the Host / Cluster window appears.

a. Select the ESXi host or cluster on which you want to deploy the virtual appliance.

Deploying and Configuring the Appliance

Deploying the OVA in a vSphere environment 13

b. Click Next.

7. On the Resource Pool window, perform one of the following tasks, and then click Next.

l When you deploy the virtual appliance in a cluster with multiple hosts, select the specific host in the cluster on which to deploy the virtual appliance.

Note

If DRS is enabled, the target host is automatically selected.

l When you deploy the virtual appliance on a host with a resource pool or vApp, select the resource pool or vApp on which to deploy virtual appliance.

8. On the Storage window:

a. Select the destination datastore on which to store the virtual appliance files.

b. Click Next.

9. On the Disk Format window, select the disk format.

To ensure that amount of storage space allocated to the virtual appliance is available, select Thick Provision Lazy Zeroed.

10. On the Network Mapping window, select the Source and Destination networks to use with the appliance, and then click Next.

11. On the IP Address/Allocation window, select the protocol that the appliance will use, IPv4 or IPv6, and then click Next.

12. On the Network Properties window, specify the following information, and then click Next.

a. In the Network IP address field, specify the IPv4 address or IPv6 address for the virtual appliance.

Note

For IPv6 addresses, use the nslookup command to resolve the hostname of the appliance to the IP address. Specify the IPv6 address in the format that appears in the nslookup output. For example, if the nslookup output returns the expanded form of the IP address (2620:0000:0170:0714:6d63:c749:beec:c2e4), do not specify the compressed form of the IP address (2620:0:170:714:6d63:c749:beec:c2e4).

b. In the Default Gateway field, specify the default gateway IPv4 address or IPv6 address that you want the virtual appliance to use.

c. In the Network Netmask/Prefix field, when you use IPv4 addressing, specify the netmask of the virtual appliance. When you use IPv6 addressing specify the prefix length.

d. In the DNS field, specify up to three domain name servers for this virtual appliance, separated by commas.

e. In the FQDN field, specify the Fully Qualified Domain Name (FQDN) for the virtual appliance.

Deploying and Configuring the Appliance

14 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Note

Ensure that you correctly configure host name resolution for the name of the appliance. Forward and reverse lookups must succeed.

13. On the Ready to Complete window:

a. Review the deployment configuration details.

b. If you will immediately configure the appliance, select Power on after deployment.

c. Click Finish.

The Deploying eCDM window appears and provides status information about the deployment.

Deploying the OVA file by using the vSphere Client on an ESXi host Use this method to deploy the OVA while logged in to an ESXi host that is not managed by a vCenter server. You must use the VM console to configure the network settings after the deployment completes.

Procedure

1. Log in to the vSphere client.

2. From the File menu, select Deploy OVF Template.

3. On the Source window:

a. Navigate to the OVA package:

l Type a URL path to the OVA package.

l Click Browse and navigate to the OVA package location.

b. Click Next.

4. On the OVF Template Details window, review the details, and then click Next.

5. On the Name and Location window, specify a name for the virtual appliance, and optionally the inventory location, for example a datacenter or VM folder. Click Next.

6. On the Resource pool window, select the resource pool or vApp on which to deploy virtual appliance.

7. On the Storage window:

a. Select the destination datastore on which to store the virtual appliance files.

b. Click Next.

8. On the Disk Format window, select the disk format.

To ensure that amount of storage space allocated to the virtual appliance is available, select Thick Provision Lazy Zeroed.

9. On the Network Mapping window, select the Source and Destination networks to use with the appliance, and then click Next.

10. On the Ready to Complete window:

a. Review the deployment configuration details.

b. If you will immediately configure the appliance, select Power on after deployment.

Deploying and Configuring the Appliance

Deploying the OVA file by using the vSphere Client on an ESXi host 15

c. Click Finish.

The Deploying eCDM window appears and provides status information about the deployment.

Configuring networking for the virtual appliance

Perform the following steps from the Console window on the virtual appliance, after the virtual appliance successfully boots to a command prompt.

Procedure

1. Log in to the appliance with the root user account.

The default password for the root account is changeme.

2. From the command prompt, type configure_appliance.

The prompts to configure the appliance appear.

3. At the Specify the Fully Qualified Domain Name (FQDN) for this VM prompt, specify the Fully Qualified Domain Name (FQDN) for the virtual appliance.

Note

Ensure that you correctly configure host name resolution for the name of the appliance. Forward and reverse lookups must succeed.

4. At the Specify the IP address for this VM prompt, specify the IPv4 address or IPv6 address for the virtual appliance.

Note

For IPv6 addresses, use the nslookup command to resolve the hostname of the appliance to the IP address. Specify the IPv6 address in the format that appears in the nslookup output. For example, if the nslookup output returns the expanded form of the IP address (2620:0000:0170:0714:6d63:c749:beec:c2e4), do not specify the compressed form of the IP address (2620:0:170:714:6d63:c749:beec:c2e4).

5. At the Specify the default gateway address for this VM prompt, specify the default gateway IPv4 address or IPv6 address that you want the virtual appliance to use.

6. At the Specify the netmask (for IPv4 only) or the prefix length (for IPv6 only) prompt, when you use IPv4 addressing, specify the netmask of the virtual appliance. When you use IPv6 addressing specify the prefix length.

7. At the Specify up to three domain name servers for this VM prompt, specify up to three domain name servers for this virtual appliance, separated by commas.

The Setting up the network and hostname status appear.

Configuring the virtual appliance After you deploy and power on the virtual appliance, you must configure the appliance.

Perform the following steps from a host that has access to the virtual appliance.

Deploying and Configuring the Appliance

16 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Procedure

1. From a host that has network access to the virtual appliance, use the Google Chrome browser to connect to the appliance:

https://appliance_ip_address

2. If an SSL certificate warning page appears with the message Your connection is not private, click Advanced, and then click Proceed to hostname_or_ip_address (unsafe).

3. On the eCDM License Agreement window:

a. Read the agreement.

b. Select Accept the license agreement.

c. Click Next.

4. On the Install Options window, select New Install, and then click Next.

5. On the Network Setup window, review the network settings and then click Next.

Note

You can change the values displayed in this window after you complete the initial configuration by using the dashboard.

6. On the OS password window:

a. In the Password and Confirm password fields, specify a password for the root, admin, and support OS user accounts and the lockbox passphrase.

b. Click Next.

Specify a password that meets the following requirements:

l Minimum of eight characters

l At least one numeric character (0-9)

l At least one uppercase character (A-Z)

l At least one lowercase character (a-z)

l At least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:";,./<>?

You can specify individual passwords for each OS user account after you complete the initial configuration. Managing passwords for OS user accounts on page 159 provides more information.

Note

The admin OS user account differs from the admin account that you use to connect to the eCDM GUI.

7. On the Time Zone window, select the time zone, and then click Next.

8. On the eCDM System Tenant window, specify a name for the System Tenant, and then click Finish.

Ensure that you specify a name that meets the following requirements:

Deploying and Configuring the Appliance

Configuring the virtual appliance 17

l Ensure that the name contains between 1 to 50 characters in length.

l Acceptable characters include the following:

n Lowercase characters (a-z)

n Uppercase characters (A-Z)

n Numeric characters (0-9)

n Period (.)

n Underscore (_)

The eCDM Installing window appears.

Results

The appliance configuration completes.

Note

The System Tenant is the root Service Provider tenant in the appliance tenant hierarchy. The next time that you log in to the appliance you will specify the System Tenant as well as the tenant administrator account credentials. By default, the tenant administrator username is admin and the default password is admin. It is recommended that you change the default password for the admin account. Managing the System Tenant on page 44 provides more information.

eCDM eLicensing The eCDM eLicensing solution allows you to apply different types of licenses based on the requirements in your environment, and to easily update the license if your requirements change.

License types consist of the following:

l Trial licenseApplied automatically upon installation of eCDM and allows full use of the product without applying a license key for a period of up to 90 days. Upon expiry of a trial license, you can apply a permanent licensing solution.

l Front-end protected capacity by terabyte or FETBThe primary model of eLicensing, which is based on the actual capacity that you need to protect. For example, you can purchase a 100 TB license which will allow you to protect up to 100 TB of actual data.

Note

You can only add or manage an EMC Secure Remote Services (ESRS) gateway with the FETB license.

The Dashboard window and the Overview tab of the Settings window reflect the type of license currently applied, along with current status details such as expiry date and capacity usage, if applicable. When you start eCDM and the Dashboard displays for the first time, the license information displays similar to the following.

Deploying and Configuring the Appliance

18 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 1 Dashboard License information

Depending on the type of license that is applied, eCDM will appear in one of the following licensed states.

Table 4 License types/states

License type/state Duration Functionality available

Compliance

Trial Licensed 90 Days from install completion

All n/a

Trial - Expired Until a license is applied

All n/a

FETB n/a All Based on capacity

Trial license All new installations of eCDM come with a trial license that is automatically applied upon completion of the install.

This trial license allows you to protect an unlimited amount of data without applying a license key for a period of up to 90 days. At any time during the trial period, you can apply a permanent license. The number of days remaining on the trial license displays in the Dashboard window and the Overview tab of the Settings window.

Deploying and Configuring the Appliance

Trial license 19

Figure 2 Dashboard Trial License

Expired trial license When the trial license expires, eCDM will continue to function without interruption so that you can apply an FETB license.

FETB license Front-end protected capacity by terabyte (FETB) licensing is the primary model of eLicensing. FETB is based on the actual capacity that you need to protect. For example, you can purchase a 100 TB license which allows you to protect up to 100 TB of actual data.

When you purchase an FETB license from Dell EMC and apply the license, eCDM runs in a fully functional state and the license will not expire. Using the eCDM Main window, you can view license compliance status as well as current consumption statistics so that you know how much data you can protect before additional licensing is required. Figure 3 FETB Capacity statistics

Deploying and Configuring the Appliance

20 Enterprise Copy Data Management 1.1 Installation and Administration Guide

If you exceed licensed capacity, eCDM continues to function normally, allowing you to purchase the additional capacity that is required without service interruption.

The FETB license is not dependent on the size of a LUN, and is therefore not impacted by the thin provisioning of a LUN. Additionally, moved or replicated data does not count towards the actual capacity, as demonstrated in the following example.

Example 2 FETB license with thin provisioning, moved data, and replicated data.

In this example, a 3 TB Oracle database runs on storage that was carved out as a 10 TB thin provisioned Storage Group. Daily backups, representing the change rate, are 100GB in size.

Table 5 FETB Capacity license actual consumption

Object Content Size

VMAX Storage Group Oracle Database 10 TB (Thin Provisioned Capacity)

Oracle Database Database and Log Files 3 TB (Actual Used Capacity)

Incremental Backup (Daily) Log Files 100 GB (Actual Moved Capacity)

DD Replicated Copy Database and Log Files 5 TB (Logical DD Capacity)

In this case, eCDM should require 3 TB of licenses in order to protect the environment. The 10TB, 100GB, and 5TB numbers that associate with provisioned, moved, and replicated capacities should be irrelevant to licensing.

License management The eCDM Dashboard displays information about the license currently in use, including the type of license applied, compliance state, and available capacity.

The Settings window, which you can launch from the main menu or by clicking Maintain within the Dashboard License widget, allows you to manage your license.

When you select the Overview tab in the Settings window, one of the quadrants displays your current license information. From this window, click Edit License to add a new license or edit the existing license.

Deploying and Configuring the Appliance

License management 21

Figure 4 Edit License in the Settings window

Add or edit a license At any time during the trial license period, or when the trial license expires, you can apply an FETB license to permanently license the eCDM software. The trial period can provide a good indication of the amount of capacity you will require in your environment.

After determining the capacity best suited to your environment, contact Dell EMC Licensing to obtain the license key. The license key information provided by Dell EMC is contained within a file. Once you obtain the license file, perform the following to add a new license or edit an existing license.

Procedure

1. In the Overview tab of the Settings window, click the Edit License button. The Edit License dialog box displays.

Deploying and Configuring the Appliance

22 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 5 Edit License Text dialog box

2. Open your license file to copy the text from the file and paste in this box, or click the Upload File button to browse to and select the license file. The license file contains a .lic extension.

Figure 6 Select license file

3. Click Save.

When you click Save, the Edit License box populates with the text from the updated file. When you return to the Settings window, the license quadrant updates to reflect the new licensing information, and the eCDM Dashboard window also displays the updated license details.

Upgrading the eCDM appliance Perform the following steps to upgrade a eCDM appliance.

Before you begin

Perform the following steps on a host that the eCDM appliance can access over the network.

When you update the appliance, put the appliance in maintenance mode, take a snapshot of the appliance, and then perform the update.

Deploying and Configuring the Appliance

Upgrading the eCDM appliance 23

Procedure

1. Download the upgrade package and then use the Google Chrome browser to connect to the appliance.

https://appliance_ip_address

2. At the login screen, specify the following values, and then click Login.

Note

The values in each field are case sensitive.

a. In the User field, specify an account for the appliance that is assigned to the sysadmin role, for example admin.

b. In the Password field, specify the password for the sysadmin account.

The default password is admin.

3. From the Main menu, select Settings.

The Settings window appears with the Overview tab selected.

4. On the Overview tab, use the Maintenance mode toggle change the system status to Maintenance mode.

Changing the state of the appliance on page 152 provides more information about putting the appliance in to maintenance mode.

5. Perform the following steps from the vSphere client to create a snapshot of the appliance.

a. Right-click the appliance and select Shutdown Guest OS.

b. Right-click appliance and select Edit Settings.

c. Select Disk 1, and then in the Disk Mode section, select Dependent.

d. Select Disk 2, and then in the Disk Mode section, select Dependent. Click OK.

e. Right-click the appliance and select Snapshot > Take snapshot.

f. On the Take virtual machine Snapshot window, in the Name field, type a name for the snapshot, and optionally in the Description field, type a description.

g. After the snapshot completes, right-click the appliance and select Power On.

6. From a host that has network access to the virtual appliance, use the Google Chrome browser to connect to the appliance:

https://appliance_ip_address

7. If an SSL certificate warning page appears with the message Your connection is not private, click Advanced, and then click Proceed to hostname_or_ip_address (unsafe).

8. At the login screen, specify the following values, and then click Login.

Note

The values in each field are case sensitive.

Deploying and Configuring the Appliance

24 Enterprise Copy Data Management 1.1 Installation and Administration Guide

a. In the User field, specify an account for the appliance that is assigned to the sysadmin role, for example admin.

b. In the Password field, specify the password for the sysadmin account.

The default password is admin.

9. From the Main menu, select Settings.

The Settings window appears with the Overview tab selected.

10. Select the Upgrades tab.

11. Click Upload File, navigate to the path that contains the upgrade package, select the package, and then click Open.

The upload progress bar appears and displays the status of the upload process. When the upload completes one of the following states appears for the package:

l Available: Upgrade package is valid and ready for install.

l Invalid: Upgrade package is not valid and is not installable.

12. In the Updates window, click the Install button, located to the right of the name of the package that you want to install.

13. In the Confirmation window, perform one of the following tasks:

l To proceed with the upgrade and put the appliance in Maintenance mode, perform one of the following tasks:

n View the certificate details, and then click Trust and Confirm.

n If the certificate details have been previously view and accepted, click OK.

l To cancel the upgrade, click Cancel.

Note

To monitor the update status if the connection to the eCDM appliance closes. Connect to https://IP_address_appliance:14443.

The update process starts and the upgrade status window appears. When the upgrade process completes the following changes occur:

l The State of the package displays one of the following values:

n Installed: Upgrade completed successfully.

n Failed: Upgrade did not complete successfully.

l The upgrade automatically removes the package from the appliance repository.

14. From the Main menu, select Settings, and confirm that the Health panel reports that all components are running.

After you finish

Use the vSphere web client, to delete the snapshot and change the disk mode:

1. Right-click the appliance and select Shutdown Guest OS.

2. Right-click the appliance and select Manage Snapshots.

3. In the Manage Snapshots window, select the snapshot, and then click Delete.

Deploying and Configuring the Appliance

Upgrading the eCDM appliance 25

4. Right-click appliance and select Edit Settings.

5. Select Disk 1, and then in the Disk Mode section, select Independent - Persistent.

6. Select Disk 2, and then in the Disk Mode section, select Independent - Persistent.

7. Right-click the appliance and select Power On.

8. Use the Chrome browser to log in to the appliance and use the Maintenance mode toggle to take the appliance out of maintenance mode.

Deploying and Configuring the Appliance

26 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 2

Getting Started

This section includes the following topics:

l About Enterprise Copy Data Management (eCDM)........................................... 28 l Accessing the eCDM UI..................................................................................... 28

Getting Started 27

About Enterprise Copy Data Management (eCDM) Enterprise Copy Data Management (eCDM) software is an enterprise solution that streamlines the process of monitoring, managing, and analyzing copies of data while addressing copy sprawl. eCDM software is a tool that is designed for self-service copy orchestration, automated Service Level Objectives (SLO) compliance, and actionable insight that optimizes efficiency.

With eCDM, you can manage, protect, and reuse data across the enterprise by deploying the following services to:

l Discover, access, and recover copies nondisruptively across primary and protection storage without introducing new infrastructure or complexity

l Automate efficient copy creation

l Automate data SLO compliance and efficiency that ensures the right number of copies are stored in the right place at the right level of protection

l Optimize operations based on actionable analytics and insight

Accessing the eCDM UI eCDM provides a stand-alone UI that you can use to manage and monitor system performance.

Use the main menu to browse the eCDM UI.

Procedure

1. From a host that has network access to the virtual appliance, use the Google Chrome browser to connect to the appliance:

https://appliance_ip_address

2. At the login screen, type the user name and password, and then click Login.

3. To open the main menu from anywhere in the UI, click .

The eCDM window appears and displays the available menu items.

4. To browse to another location in the UI, click a menu item.

This action opens the menu item in the eCDM window. The following figure displays the eCDM main menu.

Getting Started

28 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 7 Main menu

5. To review the available features, click an icon from the menu.

Table 6 Main menu icons

Icon Description

The dashboard provides at-a-glance insight into the overall state of copy replication management within a data protection environment. Use the dashboard to:

l View compliance information for tenants

l View primary storage capacity and deduplication statistics

l View the type of license in use and the state of the license

Use Tenant Management to:

l Configure tenants and users

l Assign roles to users

l Assign assets to tenants

Use Assets to:

l Discover storage managers and protectable assets

l Assign tags to protectable assets

l Set protection by assigning a protection plan to a protectable asset

l Assign or unassign a tenant against a protectable asset

Use Protection Plans to:

l Create and manage protection plans

l Assign protection plans to tenants

l Assign or remove protection against assets

Getting Started

Accessing the eCDM UI 29

Table 6 Main menu icons (continued)

Icon Description

Use Settings to review the following information and perform configuration changes:

l OverviewGeneral configuration settings

l Inventory Sources

l CredentialsPassword and keychain management

l LogsLog configuration and export

l System ProtectionServer backup configuration for disaster recovery preparedness

l Upgrades

Use Activity Monitor to monitor tasks for various areas of the system. For example, Compliance, Discovery, and Workflow.

Use the Help Center to review instructional videos.

6. To log off and log in as a different user, go to the Main menu, and then click

.

About the Settings window On the Main menu, select Settings to view the state of the appliance and to modify the configuration of the appliance.

The Settings window has the following tabs:

l OverviewThis tab provides you general information about the health of the system and the ability to modify eCDM configuration settings. Overview window on page 31 provides more information.

l Inventory SourcesThis tab provides you with the ability to create and manage inventory sources. About inventory sources, storage systems, and protectable assets on page 34 provides more information.

l CredentialsThis tab displays the following panels:

n SystemProvides the ability to change the passwords for the admin, support, and root operating system user accounts, as well as the lockbox password. Managing passwords for OS user accounts on page 159 provides more information about how to change OS passwords. Modifying the lockbox passphrase on page 158 provide more information about how to change the lockbox password.

n KeychainProvides the ability to manage the Keychain credentials. Managing keychains on page 161 provides more information.

l Logs PanelThis tab provides you the ability to configure logging and the ability to export the log files. Logs settings on page 168 provides more information.

l System ProtectionDisplays the server backup configuration and the ability to configure server backups, for disaster recoveries.

Getting Started

30 Enterprise Copy Data Management 1.1 Installation and Administration Guide

l UpgradesEnables you to perform appliance upgrades. Upgrading the eCDM appliance on page 23 describes how to update the appliance.

Overview window The Overview tab provides you with a window that displays the overall health of the eCDM appliance, in the Health panel. and a Maintenance mode toggle, to enable or disable maintenance mode.

The following table provides an overview of each panel:

Table 7 Overview window

Panel Information provided

Network Displays the hostname and IP address of the appliance. To modify the network configuration of the appliance, click the Network Settings link. For example, to change the IP address, netmask, hostname, DNS servers, and gateway. Reconfiguring the network settings on page 157 describes how to change the network configuration settings.

System information Displays the system ID of the appliance, the appliance version, and the date that the last software update was installed on the appliance.

Time Zone Displays the time zone that is configured for the appliance. To choose

a new time zone, select Edit. Modifying the time zone on page 158 describes how to change the time zone.

Health Displays the state of the appliance. The state of the appliance appears as an icon and is determined by the state of all system components. For example, if one system component is not in a Running state, then the overall state of the appliance is Partially Operational. A summary of the state of each system component appears below the state of the appliance.

The Up time value provides to the number of days since the last reboot of the appliance.

Monitoring system state and system health on page 152 provides more information about the Health panel and how to put the appliance in maintenance mode.

License Displays the state of the appliance license. If the appliance is in evaluation mode, this pane displays the number of evaluation days left, before the license expires. To add license file information, click the

Edit button. eCDM eLicensing on page 18 provides more information about how to license the appliance.

EMC Secure Remote Services (ESRS)

Displays information about EMC Secure Remote Services. To modify

the configuration, click the Edit button. Registering eCDM with EMC Secure Remote Services on page 171 provides more information about how to register the appliance with ESRS.

Getting Started

About the Settings window 31

Credentials window The Credentials tab displays the following panels:

l SystemProvides the ability to change the passwords for the admin, support, and root operating system user accounts, as well as the lockbox password. Managing passwords for OS user accounts on page 159 provides more information about how to change OS passwords. Modifying the lockbox passphrase on page 158 provide more information about how to change the lockbox password.

l KeychainProvides the ability to manage the Keychain credentials. Managing keychains on page 161 provides more information.

Using the Help Center Use the Help Center to view instructional videos for common eCDM tasks.

To access the Help Center, click Main menu > Help Center.

Go to the Dell EMC Online Support site at https://support.emc.com/ to review the eCDM documentation set.

Using the Onboarding Panel The Onboarding Panel provides a quick-start guide to license eCDM, create Inventory Sources, assign assets, create protection plans, and configure Disaster Recovery.

To open the eCDM Onboarding Panel, click . The Onboarding Panel button is on the upper right corner of the screen. Once a user completes the workflow in the Onboarding panel, the option is disabled

To enable the eCDM Onboarding Panel, select Main menu > Help Center and toggle the Onboarding Panel option to ON.

Getting Started

32 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 3

Discovering Protectable Assets

This section includes the following topics:

l About inventory sources, storage systems, and protectable assets................... 34 l Prerequisites for discovering Inventory Sources................................................ 35 l Discovering Inventory Sources ..........................................................................36 l Discovering assets and copies manually............................................................. 37 l Editing Inventory Sources ................................................................................. 37 l Deleting Inventory Sources ............................................................................... 38

Discovering Protectable Assets 33

About inventory sources, storage systems, and protectable assets

Inventory sources are the mechanism that eCDM uses to communicate with and manage the storage systems and protectable assets.

To manage inventory sources, each type of storage manager offers a programmatic interface to it. Usually, the storage manager is an externally addressable system. For example, the Data Domain Management Center (DDMC) is the programmatic interface for controlling the Data Domain systems. Many also offer the benefit of providing programmatic interfaces to multiple storage arrays.

For discovery to work, provide information that gives eCDM access to the inventory sources in the environment. By interrogating those inventory sources, eCDM determines what storage systems exist, and what resources to protect on them. When eCDM performs actions, such as creating a snapshot, eCDM talks to the inventory source for a resource to create the snapshot for protection. When eCDM verifies objective compliance, eCDM communicates with the inventory source to discover the copies of the LUNs in the storage groups. Storage systems are what eCDM allows you to protect. Viewing Protection Storage Asset details on page 67 provides information how to interpret storage asset information.

Data Domain credentials eCDM manages Data Domain systems through the Data Domain Management Console, but also requires credentials for each Data Domain system to correctly manage vDisk functionality.

When you discover a new Data Domain Management Console inventory source, eCDM discovers all Data Domain systems that are managed by that Data Domain Management Console. After each Data Domain system is discovered, eCDM requires the vDisk credentials to be set to correctly configure and protect using ProtectPoint to Data Domain vDisk pools. For any vDisk pool that is being used for eCDM protection, set the respective credentials of the vDisk user for the vDisk pool.

Note

vDisk pools appear as Data Domain MTrees in the Assets section of eCDM.

Protectable assets A protectable asset is a resource, made up of storage groups or Consistency Groups, to which you can assign protection and verify that they are protected.

eCDM protects resources with protection plans. eCDM limits the assignment of protection to storage groups or consistency groups (collections of disks) as opposed to individual disks. These concepts are storage-array specific concepts which, in general, represent a collection of disks/LUNs/volumes that are acted on as a single entity.

Discovering Protectable Assets

34 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Prerequisites for discovering Inventory Sources Perform these tasks before you discover the Inventory Sources.

l Ensure that the eCDM Virtual Appliance is deployed and configured in the environment. Deploying and Configuring the Appliance on page 11 provides information.

l Log in with administrative rights.

l eCDM requires that all inventory sources be configured with an NTP server.

l For discovery of SMI-S Provider (VMAX) and Data Domain Management Center hosts, note the following known problem number 253887:

n SMIS-IP reverse lookup from host fails and displays the following error:

- Failed to set up SymApi handle: Could not establish symapi Client/Server session: SYMAPI_C_NET_HANDSHAKE_FAILED.

n Data Domainrelated failures may result if the FQDN is not resolvable from the host with the following error:

DD Error: Severity: 1 ERROR: ddv_connect_with_user_pwd() failed, Err: 5138-**** Error communicating with host : could not resolve host.

To avoid these errors, ensure that SMI-S Provider and Data Domain Management Center FQDN are resolvable from the appliance.

l Before discovery of SMI-S Provider (VMAX) inventory sources:

n Verify that the storapid and storsrvd daemons are running on the SMI-S server.

n Ensure that the Dell EMC CIM Object Manager (ECOM) is running on SMI-S provider host. This is the service that eCDM uses to communicate with SMI-S provider. Refer to the corresponding Solutions Enabler Installation and Configuration Guide for information on how to check and start the ECOM service.

Verifying that the storapid and storsrvd daemons are running

1. Use ssh to access the SMI-S host.

2. To display the daemon statuses, run the stordaemon list command. Check for the status of the storapid and storsrvd daemons. If they are not running, continue to the following step.

3. To start the required daemons, run the following commands:

l stordaemon start storsrvd l stordaemon start storapid

4. Save the changes

5. Exit the SMI-S host.

Discovering Protectable Assets

Prerequisites for discovering Inventory Sources 35

Discovering Inventory Sources The Storage Admin and System Tenant Admin roles can perform this task.

Procedure

1. Click main menu > Settings > Inventory Sources.

2. To define a new inventory source, click New.

3. In the New Inventory Source window, specify the new Inventory Source attributes:

a. In the Name field, specify an Inventory Source name.

b. In the Management Type field, select the inventory Source type storage manager application from the drop-down list.

SMI-S Provider in the drop-down list refers to VMAX.

Data Domain Management Center in the dropdown discovers all of the Data Domain systems within the Data Domain Management Center.

c. Specify the System Hostname and the port for SSL communication.

The hostname can be the hostname, Fully Qualified Domain Name, or the IP address. To specify an IPv6 address, enclose the address in square brackets [ ].

eCDM auto-populates the port by default according to the storage manager application that is selected from the list box. This field is user-configurable.

4. Type the Inventory Source credentials.

You can use a previously stored set of credentials in Stored Keychain or create a set of credentials in New Keychain:

l If you are using a Stored Keychain:

a. Select the Stored Keychains tab.

b. Select the desired keychain.

c. Click Save.

l If you are creating a set of credentials:

a. Select the New Keychain tab.

b. Specify a Username, Password, and Credential name. These credentials are the way that the new keychain is identified in the Stored Keychains tab.

Note

The username and password in the keychain must match the required user and password for the inventory source or managed asset. Refer to storage vendor documentation for information on credentials. Data Domain Management Center sets the credentials for the Data Domain Management Center instance.

c. Click Save.

Discovering Protectable Assets

36 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Results

On clicking Save to create the Inventory Source, a pop-up indicates that eCDM is starting the discovery process. eCDM checks for connectivity to the storage manager, including the credentials, and discovers the storage arrays. If discovery fails because of incorrect credentials, failed connectivity, or inability to gather device information, eCDM displays a message informing you.

Discovery time is based on networking bandwidth. The resources that are being discovered and are doing the discovering take a performance hit each time that you go through a discovery. It may appear that eCDM is not updating the Inventory Source data when you click Refresh or Discover to carry out a discovery. Dell EMC does not recommend clicking Refresh or Discover repeatedly because each click starts the discovery process again, causing a delay in reflecting the updated inventory source data.

eCDM automatically discovers all the storage systems, protectable assets, and data copies within the inventory source.

Discovering assets and copies manually In cases that the system takes a long time to respond because of networking bandwidth variations, eCDM may not perform asset and copy discovery operations automatically. Perform this discovery manually.

Procedure

1. Click main menu > Settings > Inventory Sources.

2. Manually initiate the discovery. Click Run Discovery.

Editing Inventory Sources

Before you begin

l The Storage Admin and System Tenant Admin roles can perform this task.

l Log in with administrative rights.

Procedure

1. Click main menu icon > Settings > Inventory Sources.

2. Select the inventory source that you would like to change from the list of displayed inventory sources.

3. Click Edit icon within the inventory source that you would like to edit.

The Edit Inventory Source window appears.

4. In the Edit Inventory Source window, edit the applicable attributes, and then click one of the save options:

l If you plan to reuse these credentials for another inventory source, click Save Credentials and then click Save.

l If you want these credentials to be unique to this particular inventory source, click Save.

Discovering Protectable Assets

Discovering assets and copies manually 37

Deleting Inventory Sources eCDM supports deleting only those inventory sources with no associated assets actively under protection.

Before you begin

l The Storage Admin and System Tenant Admin roles can perform this task.

l Log in with administrative rights.

Procedure

1. Click main menu icon > Settings > Inventory Sources.

2. Select the inventory source that you would like to delete from the list of inventory sources.

3. Click Delete icon within the inventory source that you would like to delete.

The Remove Inventory Source window appears.

4. Click OK to delete the inventory source.

Discovering Protectable Assets

38 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 4

Managing Tenants

This section includes the following topics:

l Tenants..............................................................................................................40 l Users .................................................................................................................40 l Roles...................................................................................................................41 l Managing the System Tenant............................................................................ 44 l Managing tenants.............................................................................................. 46 l Managing user accounts.................................................................................... 48 l Assigning assets to tenants................................................................................ 61 l Removing assets that are assigned to tenants....................................................61 l Reviewing tenant compliance.............................................................................62

Managing Tenants 39

Tenants A tenant is an organizational unit or container in a eCDM deployment.

A tenant can represent a business group in an enterprise or a stand-alone company that subscribes to cloud services from a service provider. Each tenant has its own dedicated configuration. Some system-level configuration is shared across tenants.

Multi-tenancy eCDM multi-tenancy provides service providers with the ability to logically separate assets and protection plans into different organizational units, called tenants within the eCDM environment.

Creating multiple tenants helps you to manage complex configurations.

System Tenant The eCDM environment has a single System Tenant. This tenant is also known as the Service Provider Tenant or Landlord. The System Tenant is at the root of the tenant hierarchy tree. You can create multiple tenants in the eCDM environment, which are sub-tenants of the System Tenant.

Users Users belong to the default System Tenant and can be defined as either local or LDAP/AD. The System Tenant Admin role assigns all users and user roles within the System Tenant.

The role that is assigned to a user defines what privileges are associated with the user and determines the tasks that the user can perform.

Note

User authorization grants or denies users access to resources managed by eCDM. User authorization is identical, regardless of whether the user was authenticated by eCDM or by a Microsoft Windows Active Directory LDAP server.

Default Admin user The default admin user is preassigned the System Tenant Admin role during installation of eCDM. This user has super user control over the eCDM appliance and cannot be deleted. However, you can modify the attributes of the default admin user.

You can edit the following properties of the default admin user:

l Profile which includes the name and description

l Users

l LDAP and AD groups

l Assigned assets

Managing Tenants

40 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Roles Roles are containers of access privileges that you assign to users. By assigning a role to users, the users receive all the privileges that are defined by the role. Only one role can be associated to their user account.

Privileges define the tasks that users can perform in an eCDM environment.

Roles consist of a set of privileges that can be associated with a user to determine what tasks they can perform.

Executive role Enables the user to monitor the dashboard. Users who are assigned to this role cannot access other screens and functionality.

For example, assign the Executive role to an IT management-level user in the organization that requires an overview of compliance status and operations.

Privileges that are associated with this role include the following:

l Monitor Events

l View Historical Data

l View Tasks/Activities

l View Tenants

l View Plans

l View System Settings

l Workflow Execution

l View Host

Export and Recovery Admin role Enables the user to export data and to recover data. You can audit the activities of the Export and Recovery Admin role. This role is intentionally separated from the System Tenant Admin role and assigned to an individual with specific security clearance only for managing eCDM data and performing copy access and recovery operations.

For example, assign the Export and Recovery role to a user in the organization who requires access to data because they export and recover data for other users in the organization. The actions that are associated with the Export and Recovery role are maintained in a chain of record within eCDM.

Privileges that are associated with this role include the following:

l Monitor Events

l View Diagnostic Logs

l View Historical Data

l View Tasks/Activities

l View Tenants

l View User Security

l View System Settings

l View User Security

Managing Tenants

Roles 41

l View/Manage System Settings

l View Data Source Assets

l View Protection Storage Targets

l View Storage Array

l View Inventory Sources

l View Host

Operations Monitor role The Operations Monitor role provides read-only level access to monitor activities and operations within the scope and boundaries of a tenant.

Assign the Operations Monitor role to a user that monitors the following activities and operations, but does not require the ability to configure the tenant or the system.

l Dashboard

l Activity Center

l Notification Center

The Operations Monitor role cannot access other eCDM screens and functionality.

EMC Remote Support role Provides EMC Support Personnel with read-only access to monitor system activities to diagnose and troubleshoot system issues, and gather log files. EMC Support Personnel cannot perform configuration changes or user management tasks.

Privileges that are associated with this role include the following:

l Monitor Events

l View Historical Data

l View Tasks/Activities

l Monitor Security/System Audit

l View/Manage Diagnostic Logs

l View Tenants

l View User Security

l View/Manage System Settings

l View Data Source Assets

l View Protection Storage Targets

l View Storage Array

l View Inventory Sources

l View Host

Security Admin role Enables the user to manage user accounts, access audit logs, and manage the Authentication Source. This role is designed for high-security environments where individuals have clearance to manage users and the authentication source. Users who are assigned to this role can access the audit logs, but do not have permission to make other system-wide configuration changes. This user does not have access to system- wide tenant containers.

Managing Tenants

42 Enterprise Copy Data Management 1.1 Installation and Administration Guide

For example, assign the Security Admin role to a user in the organization that is dedicated to maintaining security, but does not require full system access.

Privileges that are associated with this role include the following:

l Monitor Events

l View Historical Data

l View Tasks/Activities

l Monitor/Manage Security/System Audit

l View/Manage Diagnostic Logs

l View/Manage Tenants

l View/Manage User Security

l View/Manage System Settings

l View Host

Storage Admin role Enables a user to monitor and manage assets including the ability to assign or unassign tenants or protection plans to assets.

Assign the Storage Admin role to a user that manages storage devices, manages and monitor assets, and assigns or removes tenants or protection plans from assets.

Privileges that are associated with this role include the following:

l Monitor Events

l View Historical Data

l View Tasks/Activities

l View Diagnostic Logs

l View Tenants

l View System Settings

l Manage Discovery Jobs

l Manage Tasks

l Workflow Execution

l View/Manage Data Source Access

System Tenant Admin role A System Tenant Admin is an eCDM system-wide role that is typically assigned to an individual or small group that is made up of trusted personnel with system-wide access.

The System Tenant Admin role is assigned to the person who installs the eCDM software and is responsible for ensuring the product's availability for other users. The System Tenant Admin role configures single sign-on and performs basic tenant setup tasks including designating at least one identity store, creating tenants, and assigning users and roles. For example, assign the System Tenant Admin role to the user in the organization that requires full access control to the system.

The System Tenant Admin role performs the following tasks or defines dedicated roles to perform them:

l Creates tenants and manages them

Managing Tenants

Storage Admin role 43

l Creates users and assigns roles

l Manages system-wide configuration such as system defaults for branding and notification providers

l Monitors system logs

l Performs troubleshooting

The capabilities of the System Tenant Admin role extend down to tenants and subtenants and across all tenants. A Storage Admin role cannot prevent the System Tenant Admin role from viewing or managing the contents of their tenant container that can include control of users and roles.

In a eCDM single-tenant deployment, the System Tenant Admin role can also assume other roles.

Managing the System Tenant The eCDM environment has a single System Tenant. This tenant is also known as the Service Provider Tenant or Landlord. The System Tenant is at the root of the tenant hierarchy tree. You can create multiple tenants in the eCDM environment, which are sub-tenants of the System Tenant

The System Tenant Admin role performs basic tenant setup tasks. Setup tasks include designating users or LDAP or AD usergroups, and assigning roles for each tenant with the eCDM.

Note

By default, all assets on the eCDM server belongs to the System Tenant Admin. Only the System Tenant Admin can assign assets to other tenants.

Use the following procedure to modify the properties of the default System Tenant and the system defined user admin account for the System Tenant that was created during the eCDM installation process.

Procedure

1. To edit the default System Tenant that was created during installation:

a. Go to Main menu > Tenant Management.

The Tenant Management window appears.

b. Click the TENANTS tab.

The default System Tenant that was created during installation appears in the list of tenants.

Note

Take note of the name of the System Tenant. Within eCDM, the System Tenant appears in a list with other tenants and is only differentiated to other tenants by its name.

c. Select the tenant that you specified as the System Tenant during

installation, and then click .

The Tenant Information window appears.

Managing Tenants

44 Enterprise Copy Data Management 1.1 Installation and Administration Guide

d. To edit the name of the System Tenant, select the PROFILE tab, and then type a new name for the System Tenant in the Tenant field. For example, type the company name or division.

Note

The username attribute is not case-sensitive. Do not use the same name with different capitalization when editing the username field, the update will fail.

e. To edit the description information for the System Tenant, type a description of the System Tenant in the Description field.

f. Click Update.

g. To assign protectable assets to the tenant, click PROTECTABLE ASSETS.

To sort the assets alphabetically, click Asset Name.

h. To assign protection storage assets to the tenant, click PROTECTION STORAGE ASSETS.

2. To edit the system defined user account for the System Tenant:

a. Click the USERS tab.

The default user account for the System Tenant appears in the USERS window.

b. To edit the account, click .

The User window appears.

c. Type the first and last name of the System Tenant Admin.

d. Type the name of the System Tenant Admin in the Username field.

For the username:

l Ensure that the name contains between 1 to 50 characters in length.

l Acceptable characters include the following:

n Lowercase characters (a-z)

n Uppercase characters (A-Z)

n Numeric characters (0-9)

n Period (.)

n Underscore (_)

Note

The following special characters are not supported: @%,$#!^&*()?"}{[]<>)

e. Type an email address that you can use to contact the System Tenant Admin. Use the following format for the email address:

abc@xyz.com

f. Type a password for the System Tenant Admin in the Password fields.

Specify a password that meets the following requirements:

Managing Tenants

Managing the System Tenant 45

l Minimum of eight characters

l At least one numeric character (0-9)

l At least one uppercase character (A-Z)

l At least one lowercase character (a-z)

l At least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:";,./<>?

g. To assign the System Tenant Admin role, in the Role section, select System Tenant Admin.

h. Click Save.

Managing tenants A tenant is an organizational unit or container in a eCDM environment, which contains assets. This section includes information about creating, editing, removing, or viewing a tenant.

Creating tenants With the System Tenant Admin role, you can create tenants.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. Create a tenant:

a. From the Tenant Management window, click the TENANTS tab.

If tenants were previously created, they appear in the list.

b. To create a tenant, click + New.

c. Type the name of the tenant in the Add a New Tenant field.

Note

The Tenant Name attribute is case-insensitive. Do not use the same name with different capitalization when editing the Add a New Tenant field.

For example, type the company name or division.

Ensure that the tenant name meets the following requirements:

l Ensure that the name contains between 1 to 50 characters in length.

l Acceptable characters include the following:

n Lowercase characters (a-z)

n Uppercase characters (A-Z)

n Numeric characters (0-9)

n Period (.)

n Underscore (_)

Managing Tenants

46 Enterprise Copy Data Management 1.1 Installation and Administration Guide

d. Type a description of the tenant.

The description can contain:

l A maximum of 1000 characters.

l Any string of characters including the following: a-z, A-Z.

e. To apply changes, click Save.

The new tenant appears in the list with the date it was created.

f. To sort the tenants alphabetically, click Name.

Editing tenants With the System Tenant Admin role, you can edit attributes of tenants that you previously created.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. Select the tenant whose attributes you want to edit.

To sort the tenants alphabetically, click Name.

3. Click .

The Edit Tenant Profile window appears.

4. To edit the name and description of the tenant, click PROFILE, perform the changes, and then click Update.

Note

The Tenant field is case-insensitive. When you change the tenant name, do not use an existing name with different capitalization. The update will fail.

5. To edit the assets that are assigned to a tenant:

a. Click one of the following:

l PROTECTABLE ASSETS

l PROTECTION STORAGE ASSETS

b. To assign an asset to a tenant, click + Assets, and then select one or more assets from the list that you want to assign to the tenant.

c. To unassign an asset, select one or more assets from the list that you want to unassign from the tenant, and then click x Unassign.

Note

The ownership of an unassigned asset belongs to the System Tenant.

6. Click Update.

Deleting a tenant With the System Tenant Admin and Security Admin role, you can soft delete tenants. A soft deleted tenant appears greyed out in the UI. For all roles except the System

Managing Tenants

Editing tenants 47

Tenant Admin and Security Admin roles, deleting a tenant hides the tenant from view. After a tenant is deleted, it cannot be recovered.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. To sort the tenants alphabetically, click Name.

3. Select the tenant that you want to delete.

4. Click .

The Remove Tenant message appears.

5. To remove the tenant, click OK.

Results

Deleted appears beside the deleted tenant in the list. This tenant is deleted from any assigned assets and protection plans. Deleting the tenant stops all compliance monitoring operations. Do not run any actions on this tenant.

Viewing tenants With the System Tenant Admin role or the Storage Admin role, you can view the attributes of tenants.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. To sort the tenants alphabetically, click Name.

3. Select the tenant whose attributes you want to view and click .

The Tenant Information window appears.

4. To view the name and description of the tenant, click PROFILE.

5. To view the assets that are assigned to a tenant, click the following:

l PROTECTABLE ASSETS

l PROTECTION STORAGE ASSETS

Managing user accounts With the System Tenant Admin role, you can create users or LDAP and AD groups.

Users You can create local users on the eCDM appliance to perform management tasks for tenants. When you create a local user account for the System Tenant, you must assign a role to the user. The users and roles that are associated with the System Tenant are propagated to sub-tenants. For example, a user that you create in the System Tenant, can access all subtenants with the same privileges that the user has in the System Tenant.

Managing Tenants

48 Enterprise Copy Data Management 1.1 Installation and Administration Guide

LDAP or AD groups When you configure LDAP or AD authentication in the Authentication Service, use the User Group resources to assign roles to the LDAP groups. The User Group resource defines the role assignments for an LDAP or AD user group.

Managing users that are assigned to the System Tenant This section includes information about adding, editing, deleting, or viewing users that are assigned to the System Tenant.

Only the System Tenant Admin role and the Security Admin role can create a user account, view user accounts, and assign a single role to a user account. A user can only see their own role within their own account.

Note

User authorization grants or denies users access to resources managed by eCDM. User authorization is identical, regardless of whether the user is defined locally or was authenticated by using LDAP.

Adding users With the System Tenant Admin role and Security Admin role, you can add users to the System Tenant.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. To sort the tenants alphabetically, click Name.

3. Select the System Tenant and click .

4. Click the USERS tab.

The USERS window appears.

5. To create a user, click + New.

The New User window appears.

6. Type the first and last name of the user in the First Name and Last Name fields.

7. Type the name of the System Tenant Admin in the Username field.

For the username:

l Ensure that the name contains between 1 to 50 characters in length.

l Acceptable characters include the following:

n Lowercase characters (a-z)

n Uppercase characters (A-Z)

n Numeric characters (0-9)

n Period (.)

n Underscore (_)

Note

The following special characters are not supported: @%,$#!^&*()?"}{[]<>)

Managing Tenants

Managing users that are assigned to the System Tenant 49

8. Type an email address that you can use to contact the user. Use the following format for the email address:

abc@xyz.com 9. Type a password for the user.

Specify a password that meets the following requirements:

l Minimum of eight characters

l At least one numeric character (0-9)

l At least one uppercase character (A-Z)

l At least one lowercase character (a-z)

l At least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:";,./<>?

10. Assign one role for the user in the Role section.

11. Click Save.

The Tenant Management Users window appears and the newly created user appears in the list with the name and the date that the user was created. To sort the user names alphabetically, click Name.

Results

After you create a user, you can edit or delete that user.

Editing users With the System Tenant Admin role and Security Admin role, you can edit users that are assigned to the System Tenant.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. To sort the tenants alphabetically, click Name.

3. Select the System Tenant, and then click .

The Tenant Information window appears.

4. Click the USERS tab.

The USERS window appears.

5. Select the user whose attributes that you want to edit.

6. Click .

The Edit User window appears.

7. Edit the user information:

l Change the first or last name of the user.

l Change the username.

Managing Tenants

50 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Note

The username attribute is case-insensitive. Do not specify an existing username with different capitalization, the update will fail.

l Change the email address of the user.

l Change the password of the user.

Note

If the user you are editing is yourself, you must provide a password.

Type a password that meets the following requirements:

n Minimum of eight characters

n At least one numeric character (0-9)

n At least one uppercase character (A-Z)

n At least one lowercase character (a-z)

n At least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:";,./<>?

8. Change the role that was assigned to the user.

Note

Performing this task requires the System Tenant Admin role.

9. Click Save.

Deleting users With the System Tenant Admin role and Security Admin role, you can delete users.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. To sort the tenants alphabetically, click Name.

3. Select the System Tenant, and then click .

4. Click the USERS tab.

The USERS window appears.

5. Select the user that you want to delete.

6. Click .

The Remove User message appears.

7. To remove the user, click OK.

Results

The deleted user is removed from the list of users in the USERS window.

Managing Tenants

Managing users that are assigned to the System Tenant 51

Viewing users With the System Tenant Admin role, you can view the attributes of users.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. To sort the tenants alphabetically, click Name.

3. Select the System Tenant and click .

4. Click the USERS tab.

Results

The USERS window appears and lists the users. For each user, you can review the username, first and last name, assigned roles, email address, and the date that the user was created.

Configuring LDAP or AD authentication authorities When you configure the System Tenant to authenticate users by using an external authentication authority, you can log in with a local user account or with a username and password that is managed by Lightweight Directory Access Protocol (LDAP), Lightweight Directory Access Protocol over SSL (LDAPS), or a Microsoft Active Directory server (AD).

eCDM does not authenticate the user against the LDAP authority. The Authentication Service performs a look-up to determine the LDAP or AD group that the authenticated user belongs to in the external authority. When authentication succeeds, the Authentication Service issues a token for the user. The eCDM GUI uses the token information to ensure that the user can perform only the activities that the user has privileges to perform.

Note

eCDM only supports authentication by using an external authentication authority with the System Tenant and you can only configure one authority.

eCDM does not support an AD server that is in the .local domain.

Configuring LDAP or AD authentication To configure the System Tenant to use an LDAP or AD authentication authority, including LDAPS for authentication, perform the following steps.

Procedure

1. Use the Chrome web browser to connect to the UI with an account that has the System Tenant Admin role.

2. Go to Main menu > Tenant Management.

3. Select the System Tenant and click .

4. Click the LDAP tab.

The LDAP window appears.

5. Click + LDAP Server.

The Configure a new LDAP Server window appears.

Managing Tenants

52 Enterprise Copy Data Management 1.1 Installation and Administration Guide

6. On the Configure a new LDAP Server, configure the attributes in the following table:

Attribute Description

LDAP Server

Type the protocol and hostname or IP address of the LDAP or AD server, in the following format:

protocol://hostname_or_ip_address

where:

l protocol is LDAP for LDAP or AD authorities and LDAPS for LDAPS. For example to configure an AD server named idd- ad.iddlab.com, type ldap://idd-ad.iddlab.com

l hostname_or_ip_address is the FQDN or IP address of the external authentication authority. When the authority uses IPv6 addressing, enclose the IP address in square brackets ([ ]). For example, ldap://[2620:0:170:5a9::1:2]

Note

When you specify the LDAPS protocol, eCDM automatically downloads the certificates that are required to connect to the authentication authority.

Domain Type the base distinguished name (DN) of the LDAP or AD authority. For example, dc=ecdm_lab, dc=ldap.example.com

Port Type the port number that is used by the external authentication authority. For LDAP, the default port number is 389. For LDAPS, the default port number is 636.

User Search

Type the DN of the search path that the authentication service uses when searching for users in the LDAP or AD hierarchy. Ensure that you specify a search path that is relative to the base DN that you specified in the Domain option. For example:

l For an AD configuration, specify the value in the objectClass property for an AD user.

l For an LDAP configuration, specify the value in the account object class.

Group Search

Type the DN of the search path that the authentication service should use when searching for groups in the LDAP or AD hierarchy. Ensure that you specify a search path that is relative to the base DN that you specified in the Domain attribute. For example:

l For an AD configuration, specify the value in the objectClass property for an AD group.

l For an LDAP configuration, specify the value in the posixGroup object class.

Group Attribute Name

Type the attribute that the authentication service should use to validate the group name in the LDAP or AD hierarchy. For example:

Managing Tenants

Configuring LDAP or AD authentication authorities 53

Attribute Description

l For an AD configuration, specify sAMAccountName.

l For an LDAP configuration, specify cn.

User Attribute ID

Type the attribute that the authentication service should use to validate the username in the LDAP or AD hierarchy. For example:

l For an AD configuration, specify sAMAccountName.

l For an LDAP configuration, specify cn.

Query User Type a user account that has full read access to the LDAP or AD directory, in the following format: user@domain. For example, administrator@ldap.example.com

Query Password

Type the password of the user account that you specified in the Query User attribute.

7. Click Save.

8. Assign LDAP or AD groups to an eCDM role. This step is required before you can log in to the appliance with an LDAP or AD account.

Assigning a role to an LDAP or AD group

Roles are containers of access privileges that you assign to LDAP or AD groups. By assigning a role to a group, all users in the group or receive all the privileges defined by the role. Privileges define the tasks that users, and LDAP and AD groups can perform in a eCDM environment. eCDM privileges are assigned to roles, you cannot directly assign a privilege to a user, or LDAP and AD group.

Before you begin

Configure eCDM to use an LDAP or AD authentication authority.

Procedure

1. Use the Chrome web browser to connect to the UI with an account that has the System Tenant Admin role.

2. Go to Main menu > Tenant Management.

3. Select the System Tenant and click .

4. Click the LDAP tab and then click the + (New Group Map) icon.

The Map LDAP Groups to Role window appears.

5. In the LDAP Group field, type the group name, and then click Search.

The LDAP Group field supports the use of the * wildcard option.

The Group list displays a list of LDAP or AD groups that contain the search string that you specified. Use the Sort button to sort the group list alphabetically.

6. From the Group list, select the LDAP or AD group, and then from the Roles list, select the role to assign to the group.

7. Perform one of the following tasks:

l To save the LDAP group to role assignment, click Save.

l To save the LDAP group to role assignment and assign another LDAP group to a role, click Save and Add Another.

Managing Tenants

54 Enterprise Copy Data Management 1.1 Installation and Administration Guide

l To close the window without saving the changes, click Close.

Example: Configuring an AD authority for the System Tenant

In this example, an AD server with the name idd-ad.iddlab.com has an AD group that is named Protection_admins, which has three users: Meghan, Patrick, and Liam. These users require access to the eCDM appliance with the privileges that are assigned to the Executive role.

1. To view the properties of the AD configuration, use a third party tool, for example the AD Explorer program. The following figure provides an example of the key user attributes on the AD server, that are required to configure idd-ad.iddlab.com on the eCDM appliance.

Figure 8 AD and user properties in AD Explorer

Based on this AD configuration, you would specify the following values for eCDM LDAP configuration options:

l Domain: dc=iddlab, dc=com l Hostname: idd-ad-iddlab.com l User Search: One of the following values: top, inetOrgPerson, or user l User Attribute ID: cn The following figure provides an example of the group attributes that are required to configure the idd-ad.iddlab.com authority on the eCDM appliance.

Managing Tenants

Configuring LDAP or AD authentication authorities 55

Figure 9 AD group properties in AD Explorer

Based on the properties of Protection_admins, you would specify the following values for the eCDM LDAP configuration options:

l Group Search: top or group.

l Group Attribute Name: sAMAccountName 2. Edit the properties of the System Tenant and add a new LDAP server.

The following figure provides an example of the LDAP configuration window, with the values associated with the AD server idd-ad.iddlab.com.

Figure 10 LDAP configuration window for an AD authority

3. Assign an AD group to the Executive role. The following figure provides an example of the LDAP Groups to Role window. In this example, the * wildcard was used to search for the group.

Managing Tenants

56 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 11 LDAP Groups to Role window

Example: Configuring an LDAP authority for the System Tenant

In this example, an LDAP server with the name alberta.lss.emc.com has a group that is named AlbertaAllGroups, which contains three LDAP users: alberta_user1, alberta_user2, and alberta_user3. These users require access to the eCDM appliance with the privileges that are assigned to the Executive role.

1. To view the properties of the LDAP configuration, use a third party tool, for example the LDAP Admin program. The following figure provides an example of the key user attributes to use when configuring an LDAP authority.

Figure 12 LDAP Admin server and group attributes

Based on this configuration, you would specify the following values for the eCDM LDAP configuration options:

l Domain: dc=alberta,dc=emc,dc=com l Hostname: alberta.lss.emc.com l Group Search: One of the following values: top or groupOfUniqueNames l Group Attribute Name: cn The following figure provides an example of the value to specify in the user search attribute.

Managing Tenants

Configuring LDAP or AD authentication authorities 57

Figure 13 LDAP Admin user search attribute

Based on this configuration, you would specify the following values for the eCDM LDAP configuration options:

l User Search: One of the following objectClass values: top, person, organizationalPerson, or inetOrgPerson

l User Attribute ID: cn 2. Edit the properties of the System Tenant and add a new LDAP server.

The following figure provides an example of the LDAP configuration window and the values that are associated with the LDAP server alberta.lss.emc.com.

Figure 14 LDAP configuration window for an LDAP authority

3. Assign an LDAP group to the Executive role. The following figure provides an example of the LDAP Groups to Role window. In this example, the * wildcard was used to search for the group name.

Managing Tenants

58 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 15 LDAP Groups to Role window

Editing an LDAP or AD authority configuration Edit the existing LDAP or AD authority configurations for the System Tenant.

Procedure

1. Use the Chrome web browser to connect to the UI with an account that has the System Tenant Admin role.

2. Go to Main menu > Tenant Management.

3. Select the System Tenant and click .

4. On the LDAP tab, select the LDAP or AD authority that you want to modify, and then click the Edit icon.

5. Modify the LDAP attributes as required, and then click Save.

Deleting an LDAP or AD authority configuration Delete an existing LDAP or AD authority configuration to enable the tenant to use local user accounts for authentication.

Procedure

1. Use the Chrome web browser to connect to the UI with an account that has the System Tenant Admin role.

2. Go to Main menu > Tenant Management.

3. Select the System Tenant and click .

4. On the LDAP tab, select the LDAP or AD authority that you want to delete, and then click the Delete icon.

Note

When an LDAP or AD server is deleted, all the LDAP groups that were mapped to eCDM roles are deleted.

Managing Tenants

Configuring LDAP or AD authentication authorities 59

Modifying or deleting LDAP group to role mapping To modify the role assigned to an LDAP group, delete the LDAP group from the Group to Role Maps table and then add a new LDAP group to role mapping for the group.

Procedure

1. Use the Chrome web browser to connect to the UI with an account that has the System Tenant Admin role.

2. Go to Main menu > Tenant Management.

3. Select the System Tenant and click .

4. On the LDAP tab, in the Group to Role Maps table, click the X (Delete) icon to the right of the LDAP group that you want to delete.

5. On the Remove Group Map window, click OK.

6. Recreate the LDAP group to role mapping.

Logging in to the eCDM appliance with an LDAP or AD user When you log in to the appliance with an LDAP or AD user, specify the username and domain name.

Before you begin

The user account must be a member of an LDAP or AD group, which is assigned to a role on the appliance.

Procedure

1. From a host that has network access to the virtual appliance, use the Google Chrome browser to connect to the appliance:

https://appliance_ip_address 2. In the User name field, type the LDAP or AD user account in the following

format:

username@domain. For example, administrator@ldap.example.com.

3. In the Password field, type the password for the user account that you specified in the User name field.

Troubleshooting LDAP configuration issues This section provides information about error messages that might appear when you configure an external authority for authentication.

For more information about LDAP configuration error, refer to http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0.

org.springframework.ldaps.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, commentL AcceptSecurityContext error, data 52e, v1db1]

This message appears when the user credentials that you specified are not correct.

To resolve this issue, ensure that the values in the Query User and Query Password fields are correct.

org.springframework.ldap.InvalidNameException: Invalid name: domain_name

This message appears when base DN is not correct.

Managing Tenants

60 Enterprise Copy Data Management 1.1 Installation and Administration Guide

To resolve this issue, ensure that the value in the Domain field is correct.

org.springframework.ldap.UncategorizedLdapException: Uncategorized Exception occurred during LDAP processing; nested exception is javax.naming.NamingException: Cannot parse url: url

This message appears when the format of the Name field is not correct.

To resolve this issue, ensure that you specify the Name field in the format ldap:// hostname_ip_address for an LDAP or AD authority or ldaps:// hostname_ip_address for an LDAPS authority.

Assigning assets to tenants As a System Tenant Admin or Storage Admin, you can assign assets to tenants.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. To sort the tenants alphabetically, click Name.

3. Select the tenant for whom you want to assign assets to.

4. Click .

The Tenant Information window appears.

5. Click PROTECTABLE ASSETS or PROTECTION STORAGE ASSETS, and then click + Assets.

The Inventory window appears.

6. Select one or more assets from the list that you want to assign to the tenant.

7. Click Save.

8. To view protectable assets that are assigned to the tenant, click PROTECTABLE ASSETS.

9. To view protection storage assets that are assigned to the tenant, click PROTECTION STORAGE ASSETS.

Removing assets that are assigned to tenants You can remove assets from a tenant that you have configured.

Before you begin

The System Tenant Admin role and the Storage Admin role can perform this task.

Procedure

1. Go to Main menu > Tenant Management.

The Tenant Management window appears.

2. To sort the tenants alphabetically, click Name.

3. Select the tenant for whom you want to delete assets from.

4. Click .

The Tenant Information window appears.

Managing Tenants

Assigning assets to tenants 61

5. Click PROTECTABLE ASSETS or PROTECTION STORAGE ASSETS.

6. Select one or more assets from the list that you want to unassign from the tenant.

7. To remove an asset, click X Unassign or X.

Results

This action removes assets that were previously assigned to the tenant, and ownership is transferred back to the System Tenant.

Reviewing tenant compliance You can use the Compliance by Tenant widget to view the rate of compliance to the service level objectives defined per tenant.

To review tenant compliance, go to Main menu > Dashboard > Compliance by Tenant.

The compliance rate is calculated based on the last 8 days up to the current date, and is color coded according to the legend that appears along the bottom of the widget. The following figure displays tenant compliance. Figure 16 Compliance by Tenant widget

The following table describes the Compliance by Tenant fields.

Table 8 Compliance by Tenant fields

Field Description

Tenant Tenant name

Compliance Rate For this tenant and the associated plan, the calculated value (in percent) for meeting plan objectives over the last 8 days

Objective Compliance

The total number of objectives achieved compared to the total number of objectives that are defined for the plan ovpper the last 8 days

Validated The day the compliance was last determined

Managing Tenants

62 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 5

Managing Assets

This section contains the following topics:

l Managing the Inventory of Assets......................................................................64 l Tagging assets................................................................................................... 68 l Reviewing Primary Storage Protection.............................................................. 73 l Reviewing Protection Storage............................................................................74

Managing Assets 63

Managing the Inventory of Assets You can manage Protectable Assets, Storage Assets, and Protection Storage Assets through the Inventory pane.

Go to Main menu > Assets > Inventory. The Inventory pane appears where you can view Protectable Assets, Storage Assets, and Protection Storage Assets.

Protectable Assets Protectable Assets provide an enterprise inventory view of the data sources. Only the assets that are present in the environment and are auto-discovered, appear in the Main menu > Assets > Protection > Inventory list. The Protectable Assets inventory list appears in the left pane.

You can search for Protectable Assets by name or assigned tag.

Protectable Assets include the following:

l VMAX Storage Groups

l XtremIO Consistency Groups

Inventory Source details The Inventory Source window displays all the inventory sources that have been discovered and their details.

l Storage Manager application

l Version

l Serial number

l When the inventory source was last discovered

VMAX Storage Groups VMAX Storage Groups are a collection of Symmetrix logical volumes that are used by an application, a server, or a collection of servers to present storage to hosts.

XtremIO Consistency Groups An XtremIO Consistency Group is a set of writable volumes that is logically grouped for simultaneous operation as a whole that can be used by a server, or a collection of servers. XtremIO Consistency Groups are configured to replicate XtremIO disks that are identified by source LUNs to Data Domain static images within a Data Domain (DD) pool.

Viewing Protectable Asset details You can view summaries of protected copy sets in the system. Details such as the name of the storage system containing the copy set, system usage, location, date the copy set was created, date the copy set expires, size, and recovery time are available to you.

Procedure

1. Go to Main menu > Assets > Inventory.

All the Protectable Assets in the system appear, as displayed in the following figure.

Managing Assets

64 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 17 Protectable Assets

You can search for Protectable Assets by name or assigned tag.

2. To view details for an asset, select one of the following Protectable Asset groups:

l VMAX Storage Groups

l XtremIO Consistency Groups

All the discovered assets in the system appear and displays the following information:

l Storage Group or Consistency Group name

l Storage System

l Tenant name

l Protection Plan and whether protected

l Compliance check and whether assigned

3. To view additional details:

a. Select an asset.

b. At the end of the row, click the icon.

The latest related protection copy sets and their respective point-in-time (PIT) information appear. The copy map consists of the root node and its child nodes. The root node represents a Protected Asset, which is the protected Storage Group or Consistency Group.

l When you click the root node, a popup dialog box displays the Storage System and the Storage Group or Consistency Group that it belongs to. The child nodes represent copy sets. Each child node is a copy set.

l When you click a child node, the dialog box displays the Storage System where the Copy Set is stored, the time the Copy Set was created, and the size of the Copy Set.

The following figure displays details for Protectable Assets.

Managing Assets

Protectable Assets 65

Figure 18 Protectable Assets Details

4. To view a brief summary of each copy set, click a node.

A pop-up dialog box displays a brief summary of the copy set, as displayed in the following figure. Figure 19 PIT Node Details

Storage Assets As a System Tenant Admin or Storage Admin, you can use Storage Assets to view top- level primary storage array information.

Viewing Storage Asset details Procedure

1. Go to Main menu > Assets > Inventory.

The Inventory pane appears. The following figure displays Storage Asset details.

Managing Assets

66 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 20 Storage Assets

2. To view usage summary details for an asset, select one of the following Storage Assets groups:

l VMAX System

l XtremIO Systems

Protection Storage Assets As a System Tenant Admin and Storage Admin, you can use Protection Storage Assets to manage and view information for RecoverPoint Clusters, Data Domain systems, and Data Domain MTrees. You can also assign tenants and set credentials for Data Domain MTrees.

Note

A Data Domain MTree is a logical partition of a Data Domain File System. eCDM deals only with a special type of Data Domain Mtree - virtual disk (vDisk) pool.

Viewing Protection Storage Asset details Procedure

1. Go to Main menu > Assets > Inventory.

The Inventory pane appears. The following figure displays Protection Storage Asset details.

Managing Assets

Protection Storage Assets 67

Figure 21 Protection Storage Assets

2. To view summary details for an asset, select one of the following Protection Storage Assets groups:

l RecoverPoint Clusters

l Data Domain Systems

l Data Domain MTrees

3. To view, assign, or change a tenant assignment for a Data Domain MTree, click

.

4. To create a keychain or assign a stored keychain credential for a Data Domain

MTree, click .

Tagging assets You can create tags and search for tags that are assigned to protectable assets.

Tags are meant to describe specific details about protectable assets. Think of tags as index words, they are the metadata that you can use to define protectable assets. You can create custom tags and choose to include them under a new category.

eCDM uses tags to identify which vDisk pools it requires to either create device groups and vDisks, or to tell RecoverPoint which vDisk pools to use when creating a RecoverPoint Consistency Group. After assigning the tag with the asset once, you do not need to assign a tag with this asset again.

Consider business requirements and future functional expansion when determining tags and tag categories:

l Is there a business requirement to support local sites such as service centers or departments?

l Should specific assets be available to only a specific part of the organization?

Managing Assets

68 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Categorized tags You can group tags under a tag category. Categories are meant for broad groupings of tagged protectable assets. Think of categories as general topics for tags.

XtremIO Consistency Group tags XtremIO Consistency Group tags are imported into eCDM and cannot be modified or deleted.

You can only modify or delete XtremIO Consistency Group tags from the XtremIO Management Server. If you assign an asset with the XtremIO Consistency Group tag, and then delete it from the XtremIO Management Server, eCDM loses the tag in rediscovery of the asset.

If you rename an XtremIO Consistency Group tag in the XtremIO Management Server, and then rediscover the XtremIO Consistency Group asset in eCDM, only the new tag appears with the asset. Both the current and previous tags remain in the list of possible tags.

You can assign XtremIO Consistency Group tags to other non-XtremIO Consistency Group assets, for example, Data Domain MTrees. eCDM maintains these tags. When you rename a tag on the XtremIO Management Server, manually assign the tag to a non-XtremIO Consistency Group asset.

Using tags Use the following procedures to build, assign, remove, rename, or view tags.

You can create tags and search for tags that are assigned to protectable assets.

Tags are meant to describe specific details about protectable assets. Think of tags as index words, they are the metadata that you can use to define protectable assets. You can create custom tags and choose to include them under a new category.

Building tags To use a tag, create it under a tag category, and assign the tag to a protectable asset.

Creating a tag category

You can group tags under a tag category. Categories are meant for broad groupings of tagged protectable assets. Think of categories as general topics for tags. Categories are there to help identify, classify, and sort protectable assets.

When using tag categories, consider the following:

l A tag category cannot be renamed.

l If in-use, you cannot remove a tag from a category.

l Tags within a category cannot be moved to another category.

l If a category is being used, you cannot delete the category. To delete a category,

click .

Procedure

1. Click the tag icon.

The Manage Tags page appears.

Managing Assets

Categorized tags 69

2. Click + Category.

3. Type the name of the category that you want to create in the Category name field.

Only the following characters are supported in the Category name field:

l Lowercase characters (a-z)

l Uppercase characters (A-Z)

l Numeric characters (0-9)

l All currency symbols, including dollar signs ($), pound signs (), and euro signs ()

l Spaces, periods (.), underscores (_), hyphens (-), and number signs (#)

4. Click .

The new category appears in the Manage Tags page. You can add tags to the category.

Creating a tag

When using tags, consider the following.

l If in-use, tags cannot be removed from a category tag

l Tags within a category cannot be moved to another category

Procedure

1. Click the tag icon.

The Manage Tags page appears.

2. Choose the category in which you want to create the tag.

3. Click + Tag.

The tag name field appears.

4. In the tag name field, type the name of the tag that you want to create.

Only the following characters are supported in the tag name field:

l Lowercase characters (a-z)

l Uppercase characters (A-Z)

l Numeric characters (0-9)

l All currency symbols, including dollar signs ($), pound signs (), and euro signs ()

l Spaces, periods (.), underscores (_), hyphens (-), and number signs (#)

5. Click .

The new tag appears under the designated tag category.

Adding a tag to a protectable asset

Procedure

1. Go to Main menu > Assets > Inventory.

The Protectable Assets pane appears.

2. Click .

Managing Assets

70 Enterprise Copy Data Management 1.1 Installation and Administration Guide

A list of tags appears.

3. In the find... field:

a. Type the name of the tag that you want to add to the protectable asset.

b. Select the tag from the list. If the tag does not exist, create a tag.

Note that if the tagged vDisk pool has a different tenant than the protected asset, eCDM chooses another pool that uses the same tenant. It's not clear which pool is used, especially if there is more than one pool that has the same tenant as the protected asset. This is pertaining to bug 262244.

The tag appears in the asset details list.

4. Review the details for the protectable asset:

The icon indicates the name of the tag that was assigned to the asset. In this example, the Marketing: Dallas and Marketing: Toronto tags were assigned to the asset. The following figure displays tag information for a protectable asset.

Figure 22 Viewing tags

Removing a tag from a protectable asset

Procedure

1. Go to Main menu > Assets > Inventory.

The Protectable Assets pane appears.

2. For each tag that you want to remove, click X.

3. To remove the tag, click Yes.

Managing Assets

Using tags 71

Figure 23 Removing tags

Viewing tags Procedure

1. Go to Main menu > Assets > Inventory.

The list of protectable assets appears.

2. Review the details for the protectable asset:

The icon indicates the name of the tag that was assigned to the asset. In this example, the Marketing: Dallas and Marketing: Toronto tags were assigned to the asset. Figure 24 Viewing tags

Renaming tags Procedure

1. Click the tag icon.

The Manage Tags page appears.

2. To edit a specific tag:

a. Click the tag that you want to rename.

Managing Assets

72 Enterprise Copy Data Management 1.1 Installation and Administration Guide

b. Click .

c. Type a new name for the tag in the field.

3. Click .

Deleting tags You can only delete tags that are not assigned to protectable assets.

To remove a tag that has been assigned to a protectable asset, first remove that tag from all protectable assets, and then use this procedure to delete the tag.

Procedure

1. Click the icon.

The Manage Tags page appears.

2. To edit a specific tag:

a. Click the tag that you want to delete.

b. Click .

3. Click .

Reviewing Primary Storage Protection You can use the Primary Storage Protection widget to view front end capacity information at the system level through a single resource. This includes the data source capacity that is protected by one or more eCDM plans, total discovered data source capacity, and total used capacity.

To review Primary Storage Protection, go to Main menu > Dashboard > Primary Storage Protection.

This widget allows you to calculate the amount of unprotected capacity. When you log in as a specific tenant user, the widget provides the capacity for plans and data sources assigned to that tenant and all its child tenants. When you log in as a user with system administrative privileges, the widget displays the capacity for plans and data sources for the entire system. Figure 25 Primary Storage Protection widget

Managing Assets

Reviewing Primary Storage Protection 73

Reviewing Protection Storage You can use the Protection Storage widget to view capacity information for back-end storage.

To review Protection Storage, go to Main menu > Dashboard > Protection Storage.

The Protection Storage widget breaks down information on available storage and used storage. Additionally, the widget displays information on the average deduplication rate across all Protection Storage systems.

The following figure displays a Data Domain system with 150 TB total capacity and current statistics for deduplication.

Figure 26 Protection Storage widget

Managing Assets

74 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 6

Creating and Assigning Protection Plans

This section includes the following topics:

l About protection plans....................................................................................... 76 l Prerequisites for assigning protection to protectable assets..............................84 l Creating a protection plan..................................................................................86 l Managing protection plans.................................................................................92

Creating and Assigning Protection Plans 75

About protection plans Protection plans define sets of Service Level Objectives (SLO) that apply to specific periods of time, called stages. These objectives drive configuration, active protection, and copy data management operations that satisfy the business requirements for the specified data. Protection plans are divided into stages that contain objectives.

Users with the System Admin role can create protection plans. Protection plans should reflect service levels that can be offered to tenants.

After a protection plan is created, it can be activated and fixed in its level of services. After activation, you can assign tenants that you want to make the protection plan available to. These steps can be performed when a protection plan is created or at a later date.

Note

If you rename a VMAX storage group asset after you discover it in eCDM, assets with both names are present everywhere within eCDM, including compliance results and dashboard aggregation. Also, the VMAX asset with the new name does not inherit the protection of the asset with the previous name. Retake any actions for the previously named VMAX storage group on the newly named VMAX storage group. For example, if the VMAX asset with the previous name was being protected, reset Protection for the newly renamed storage group asset.

Managing and monitoring SLO compliance You can use protection plans to manage, monitor SLO compliance, and organize data protection into tiers of service.

l To monitor compliance by protection plan, use the eCDM Compliance by Plan Dashboard.

l To manage SLO compliance and ensure that all protection copy data is in compliance with SLOs, create protection plans. For example, you can create a separate protection plan for each department, such as Finance, Accounting, and Human Resources that defines the SLO for each department's data requirements.

About Service Level Objectives A Service Level Objective (SLO) defines the objectives that must be achieved within a certain timeframe and frequency. These objectives drive configuration, active protection, and data management operations that satisfy the business requirements for the specified data. You can assign the following objectives to a stage.

Data Lifecycle Compliance Set the following objectives to meet data lifecycle compliance objectives.

Data Lifecycle Compliance Set the following objectives to meet data lifecycle compliance objectives.

Recovery Point

Use the Recovery Point objective to set the maximum time that can elapse between copies.

Creating and Assigning Protection Plans

76 Enterprise Copy Data Management 1.1 Installation and Administration Guide

When eCDM validates the Recovery Point objective, it reviews all the copies that are taken during the stage to ensure that the gap between each consecutive copy creation time is not greater than the Recovery Point objective.

Note

The Recovery Point objective is resource-intensive. The smaller the Recovery Point objective setting, the more resources are consumed in the storage environment. The Recovery Point Objective can be specified in units of an hour, day, week, month, or year.

To create protection copies that are moved to a Data Domain system:

1. Set the Recovery Point objective to no less than 6 hours. Six hours is the minimum amount of time that should elapse between copies that are assigned to Protection.

2. Set the Storage Class objective to Protection.

To create local snapshots on VMAX or XtremIO:

1. Set the Recovery Point objective to 1 hour or more.

2. Set the Storage Class objective to Primary.

Any plan that incurs protection by eCDM should have both Recovery Point objective and Storage Class objective specified.

l If the Storage Class is set to Protection, do not set the Recovery Point objective to less than 6 hours.

l If the Storage Class is set to Primary, the minimum amount of time for the Recovery Point objective is one hour.

To determine the copies that exist between the start and end of the stage, eCDM performs a compliance verification for each stage. If the gap is less than or equal to the set Recovery Point objective, eCDM then measures the time difference between each of the copies. eCDM also measures the difference in time between the beginning or end of the stage and the copy closest to it in the next or previous stage, to determine that the time difference is within the Recovery Point objective. If all these checks are in compliance, the objective is in compliance.

Retention

Use the Retention objective to set the minimum acceptable amount of time to retain protection copies.

You can set an expiration date for every copy that is associated with a protection plan or asset combination.

Note that in reference to following known problem number 259440, eCDM does not discover retention time for copies that are made by XtremIO itself. eCDM treats copies that are made by XtremIO as being kept forever. eCDM retention workflow skips XtremIO copies for scrubbing, which could result in inconsistency in the number of copies that eCDM retains in the Asset and Protection Copies data against the XtremIO array data. Viewing Protectable Asset details on page 64 provides information.

Creating and Assigning Protection Plans

About Service Level Objectives 77

Note

Retaining too many protection copies for too long of a retention period might affect the Maximum Copies objective.

For each stage, eCDM performs a compliance verification to determine whether the creation time and retention value of each protection copy exceeds the specified retention period. Protection copies that pass this verification are in compliance. If all the copies within the stage time period are in compliance, the objective is met.

Data Location Compliance Set the following objectives to meet the data location compliance objective.

Storage Class

Use the Storage Class objective to discover protection copies on the specified class of storage. In this objective, you set the expectation of where copies should be made and where they should reside.

The Storage Class Objective determines whether primary storage snapshots are used for data copies or whether data copies are moved by using ProtectPoint to Data Domain. eCDM uses device metadata during discovery to get information about a device and discovered copy data.

Set the Storage Class objective to Protection to:

l Reduce overall total cost of ownership and retain long-term copies.

l Maintain copies on low-cost protection storage (Data Domain).

Set the Storage Class objective to Primary to maintain copies on primary storage (VMAX and XtremIO).

Any plan that incurs protection by eCDM should have both Recovery Point objective and Storage Class objective specified:

l If the Storage Class is set to Protection, do not set the Recovery Point objective to less than 6 hours.

l If the Storage Class is set to Primary, do not set the RPO to less than 1 hour.

For each stage, eCDM performs a compliance verification to collect all copies within a stage time period and verify that the copies are tagged as primary and protection during discovery are equal to the set objective. If the copies are equal to the set objective, the objective is in compliance.

Protection Compliance Set the following objectives to meet the protection compliance objective.

Data Consistency

Use the Data Consistency objective to specify whether copies should be Crash or Application consistent. eCDM creates crash-consistent snapshots or copies. However, eCDM does not create application consistent copies.

During asset discovery, eCDM looks for metadata that indicates whether a copy is a static image on a Data Domain system that was created by EMC Data Domain DD Boost for Enterprise Applications (DDBEA). Copies with this metadata are

Creating and Assigning Protection Plans

78 Enterprise Copy Data Management 1.1 Installation and Administration Guide

tagged as Application consistent. Copies that are found without this metadata are tagged as Crash consistent.

l Crash consistent

n To create crash consistent snapshots or copies, set this objective to Crash consistent.

n Crash consistent snapshots or copies capture all data simultaneously. A crash consistent copy does not capture the contents of memory or any pending I/O operations. If a crash consistent copy is restored in its entirety, then the data is in the same state that it would have been if the system had crashed at the exact moment that the copy was made.

n If an application can recover from a failure, for example in the occurrence of a power outage or other failure event, then the application can recover a crash consistent copy of its data.

l Application consistent

n To use eCDM to track if copies were created on a Data Domain system by using DDBEA, set this objective to Application consistent.

n Application consistent snapshots or copies capture the contents of storage, pending I/O operations, and all transactions in process. When restoring an application consistent copy, no additional work is usually required to restore the application data from the copy.

n To create application consistent copies, use an application such as DDBEA.

For each stage, eCDM performs a compliance verification to collect all copies within the stage time period and verify that the copies that are tagged as Crash consistent or Application consistent during discovery are equal to the set objective. If the snapshots or copies are equal to the set objective, the objective is in compliance.

Copy Compliance Set the following objectives to meet the data copy compliance objectives.

Maximum Copies

Use the Maximum Copies objective to flag excessive numbers of copies for the specified data.

For each stage, eCDM performs compliance verification to determine the number of copies that exist within the date range of the stage at verification time. If equal or fewer copies of a specific asset exist than are specified, this objective is satisfied.

Minimum Copies

Use the Minimum Copies objective to flag the minimum number of copies that are expected to exist. The combination of Recovery Point objective and Retention objective controls how many copies exist in a stage.

To ensure more than one protection copy per Recovery Point objective in the retention period:

1. Set the Minimum Copies objective.

2. Set the Retention objective.

3. Ensure that the Recovery Point objective does not create too many copies for the stage in relation to the Retention objective.

Creating and Assigning Protection Plans

About Service Level Objectives 79

For each stage, eCDM performs compliance verification to check the number of copies that exist within the stage timeframe and compare against the objective value. If the number of copies is equal to or exceeds the set objective, then this objective is met.

About stages A stage defines the duration for which a set of Service Level Objectives is applied.

Each protection plan can have one or more stages.

This table defines the configuration options for stages.

Table 9 Stage configuration options

Stage Description

Start On The Start On time is defined by a duration and an offset number. The Start On time is determined relative to now and it is always the beginning of the selected duration.

The duration can be:

l Day

l Week

l Month

l Year

End On Together with the Start On time, the End On time indicates the duration moving backward in time, for which the set of objectives is applicable.

The End On time is the end of the duration and the specified offset number.

Protection objective rules are applied to the data continuously until you disable the protection plan. The Start On and End On times form a window in time that looks back from now.

If the Storage Class specifies that snapshots to primary storage are performed every 12 hours starting on day 1 and ending on day 5, snapshots of the data on the primary storage device are taken every 12 hours. At any specified time, if you look back over the past 5 days, you should see a snapshot of the data on the primary storage device for every 12 hour duration during those 5 days.

Calculating the duration of a stage Use the following formula to calculate the Start On time and End On time for a stage.

Stage defined with Start On = Day 1 and End On = Day 2, Compliance Verification frequency = 6 hours A Plan consisting of a single stage that is defined with Start On Day 1 and End On Day 2 and a Compliance Verification frequency of 6 hours represents the following:

l Start On: Compliance checking is effective from the beginning of the first day ago, which equates to right now. The asterisk in the following figure denotes this concept. Right now is the beginning of the first day back in time.

l End On: Compliance is checked until the end of the second day.

l If the plan is active, eCDM performs Compliance checking every 6 hours.

l If the plan remains active for 9 months then every 6 hours eCDM checks that the plan's objectives have been met over the past 2 days.

Creating and Assigning Protection Plans

80 Enterprise Copy Data Management 1.1 Installation and Administration Guide

l Plans are active from the time they are published until the time they are suspended or deactivated.

Figure 27 Stage 1 Start On = Day 1, End On = Day 2

Stage defined with Start On = Day 1 and End On = Week 1 A stage that is defined with Start On = Day 1 and End On = Week 1 represents the following:

l Start On: The stage is effective from the beginning of the first day.

l End On: The stage is effective until the end of the first week.

Creating and Assigning Protection Plans

About stages 81

Figure 28 Stage 2, Start On = Day 1, End On = Week 1

Stage defined with Start On = Month 3 and End On = Month 5 A stage that is defined with Start On = Month 3 and End On = Month 5 represents the following:

l Start On: The stage is effective from the beginning of the third month.

l End On: The stage is effective until the end of the fifth month.

Figure 29 Stage 3, Start on Month 3, End on Month 5

Example Protection Plans The examples below both provision all storage that is required and verify every hour. There are differences with ProtectPoint and Data Domain verification.

Example A Example A includes the following stages and objectives:

l Provisions and configures all required storage.

l Validates all plan objectives every hour.

l For ProtectPoint copies, verifies that a daily copy is created and kept for 15 days on Data Domain.

l If the number of ProtectPoint copies on the Data Domain is more than 16, the eCDM administrator is notified.

l Creates a snapshot every 8 hours to be kept on primary storage for 2 days.

l If 6 snapshots do not exist on primary storage, the eCDM administrator is notified.

Creating and Assigning Protection Plans

82 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 30 Example A

Example B Example B includes the following stages and objectives:

l Provisions and configures all required storage.

l Validates all plan objectives every hour.

l For daily ProtectPoint copies, verifies that a daily copy is created and kept for 7 days on Data Domain.

l If the number of ProtectPoint copies on the Data Domain is less than 7 or more than 8, the eCDM administrator is notified.

l Verifies that a weekly ProtectPoint copy is kept on the Data Domain that starts on week 2 and extends through week 4.

l If three weekly ProtectPoint copies do not exist, the eCDM administrator is notified.

Creating and Assigning Protection Plans

About stages 83

Figure 31 Example B

Prerequisites for assigning protection to protectable assets Procedure

1. Ensure that you tag assets correctly before you assign a protection plan.

Tagging assets on page 68 provides information.

2. Ensure that you assign tenants correctly before you assign a protection plan.

Assign a tenant to a protection plan on page 91 provides information.

3. Ensure that you configure Data Domain, VMAX, XtremIO, and RecoverPoint for ProtectPoint configuration.

Setting Data Domain MTree Credentials eCDM requires you to set the credential for each target Data Domain MTree (or vDisk pool) used for ProtectPoint provision and protection.

Consider the following:

l Ensure that you have discovered all the Data Domain Management Center inventory sources. Discovering Inventory Sources on page 36 provides information.

l Ensure that you set the Data Domain MTree credentials before you assign the following to a protection plan:

n VMAX storage groups to a plan with Storage Class Objective Protection.

n XtremIO storage groups to a plan with Storage Class Objective Protection.

Creating and Assigning Protection Plans

84 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Procedure

1. Go to Assets > Inventory > Protection Assets - Data Domain MTrees.

2. Locate the MTree to be used as the target of ProtectPoint provision and protection, and click the Set Credential icon.

3. Select one of the options for saving credentials:

l Click Stored Keychains tab, select one of the previously saved credentials, and click Save.

l Click New Keychain tab, populate the required fields, select Store in eCDM Keychain , and click Save.

4. Ensure that you use the same credentials as the Data Domain system username and password as the current owner of the MTrees.

Configuring Data Domain, VMAX, XtremIO, and RecoverPoint for ProtectPoint

The Enterprise Copy Data Management (eCDM) interoperability matrix on page 12 provides information on supported Data Domain, VMAX, XtremIO, RecoverPoint, and ProtectPoint versions.

Procedure

1. For Data Domain:

a. Install the supported version and licenses.

b. Enable Boost and vDisk.

Refer to Data Domain documentation for information.

2. For RecoverPoint:

a. Install the supported version and license.

b. Register the Data Domain system and protection pools on RecoverPoint.

Refer to RecoverPoint documentation for information.

3. For XtremIO:

a. Install the supported version and license.

b. Register the XtremIO array on RecoverPoint.

c. Create initiator groups on XtremIO for RecoverPoint systems.

Refer to XtremIO documentation for information.

Configuring XtremIO storage groups to use ProtectPoint When provisioning ProtectPoint and XtremIO with eCDM, you must associate the source consistency group information with the destination Data Domain MTree information.

Before you begin

l Ensure that the XtremIO, Data Domain, and RecoverPoint systems are interconnected using Fibre Channel and Ethernet as required for ProtectPoint. Refer to ProtectPoint documentation for information.

l Ensure that XtremIO Consistency Group volumes are assigned to an appropriate initiator group to make them visible and available to RecoverPoint. Refer to ProtectPoint documentation for information.

Creating and Assigning Protection Plans

Configuring Data Domain, VMAX, XtremIO, and RecoverPoint for ProtectPoint 85

l Ensure that the Data Domain MTrees that you plan to use for protection are registered with the RecoverPoint systems.

l Ensure that the Data Domain MTrees that you plan to use for recovery are not registered with the RecoverPoint systems.

Procedure

1. Create a protection plan that specifies a storage class objective with a value of Protection.

Creating a protection plan on page 86 provides information.

2. If the consistency group has not already been tagged in XtremIO, create a tag for the source consistency group. Creating a tag on page 70 provides more information.

Note

If the source consistency group is tagged in XtremIO, you do not have to tag it. XtremIO Consistency Group tags are imported into and propagated through eCDM. XtremIO Consistency Groups on page 64 provides more information.

3. Tag the Data Domain MTrees to be used for protection with the same tag that was used in the previous step.

a. Go to main menu > Assets > Data Domain MTrees.

b. Locate the MTree that you plan to use for protection and select it.

c. Right-click and select Tag.

4. Tag the Data Domain MTrees to be used for recovery with the same tag that was used in the previous step.

a. Go to main menu > Assets > Data Domain MTrees.

b. Locate the MTree that you plan to use for recovery and select it.

c. Right-click and select Tag.

5. Set the credentials for each Data Domain MTree that is used for protection or recovery.

Ensure that you use the same credentials as the Data Domain system username and password that created the Data Domain MTrees. Prerequisites for assigning protection to protectable assets on page 84 provides information on how to set the Data Domain MTree credentials.

6. Set protection on the tagged consistency group with a protection plan that includes a Storage Class objective of Protection.

Creating a protection plan The following sections include information about protection plans.

Before you begin

The System Tenant Admin role can perform this task.

Creating and Assigning Protection Plans

86 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Naming a protection plan Before you begin

The System Tenant Admin role can perform this task.

Procedure

1. Go to Main menu > Protection Plans.

The Protection Plans window appears.

2. To create a protection plan, click + New.

The Plan Details window appears.

3. Type the name of the protection plan.

4. Type a description of the protection plan.

5. Click Next.

The + Add Stage window appears.

Adding stages to a protection plan One or more stages must be added to a protection plan.

Before you begin

The System Tenant Admin role can perform this task.

Procedure

1. In the Stages and Objectives window, click + Add Stage.

The Stages Details window appears.

2. Type a name for the stage.

3. For the Stage starts On field:

a. Select one of the following options:

l Day

l Week

l Month

l Year

b. Select the timeframe.

The Stage starts On time is always the beginning of the selected timeframe. Calculating the duration of a stage on page 80 provides information.

4. For the Stage ends On field:

a. Select one of the following options:

l Day

l Week

l Month

l Year

Creating and Assigning Protection Plans

Naming a protection plan 87

b. Select the timeframe.

Together with the Stage start On time, the timeframe indicates the period moving backward in time, for which the set of objectives is applicable. The Stage end On time is the end of the timeframe that is defined by the selected Time Period and specified offset.

Calculating the duration of a stage on page 80 provides information.

5. To perform protection actions that are required to meet the specified objectives, select the Allow eCDM to perform all necessary protection activities during this stage field.

This option requires both the Recovery Point and Storage Class objectives to be included in the stage.

6. Continue with setting objectives.

Adding objectives to a stage within a protection plan A Service Level Objective defines the objectives that must be achieved within a certain timeframe and frequency. These objectives drive configuration, active protection, and data management operations that satisfy the business requirements for the specified data. You can assign multiple objectives to a stage.

Before you begin

The System Tenant Admin role can perform this task.

Select one or more objectives that are based on what you want to do within the stage of the protection plan. A protection plan can consist of one or more stages.

Procedure

1. For the Recovery Point objective:

a. To set the maximum acceptable amount of time that can elapse between protection copies, select the objective.

To ensure more than one protection copy per Recovery Point objective in the retention period, apply this objective also to the Minimum Copies objective and the Retention objective.

b. Select one of the following options for the duration of time:

l Day

l Week

l Month

l Year

Any protection plan that specifies the Recovery Point objective must also specify a Storage Class objective. If Protection is selected as part of the Storage Class objective, select a duration of time longer than 6 hours.

c. Select the timeframe.

2. For the Storage Class objective:

a. To set the expected class of storage of a protection copy, select the objective.

Use this objective to discover protection copies on the specified class of storage. In this objective, you set the expectation of where copies should be made and where they should be found.

Creating and Assigning Protection Plans

88 Enterprise Copy Data Management 1.1 Installation and Administration Guide

b. Select one of the following options:

l Primary Primary is top-level primary storage array that is provided by VMAX and XtremIO.

l Protection Protection is dedicated protection for tenants by the Data Domain system.

Any protection plan that specifies the Storage Class objective must also specify a Recovery Point objective. If Protection is selected as part of the Storage Class objective, select a duration of time longer than 6 hours.

3. For the Data Consistency objective:

a. To set the expected level of data consistency for protection copies, select this objective.

b. Select one of the following options:

l Application consistent Application consistent snapshots or copies capture the contents of storage, pending I/O operations, and all transactions in process. When restoring an application consistent copy, no additional work is required to restore the application data from the copy.

l Crash consistent Crash consistent snapshots or copies capture all data simultaneously. A crash consistent copy does not capture the contents of memory or any pending I/O operations. If a crash consistent copy is restored in its entirety, then the data is in the same state it would have been if the system had crashed at the exact moment that the copy was made.

If an application can recover from a failure, for example in the occurrence of a power outage or other failure event, then the application can recover a crash consistent copy of its data.

4. For the Maximum Copies objective:

a. To set the maximum number of copies that are expected to exist in the defined location, select the objective.

Use this objective to flag excessive numbers of protection copies for the specified data. If fewer copies of a specific asset exist than are specified, this objective is satisfied.

b. Select the number of copies.

Note

Protection copy data includes snapshots, copies, and replicas on either protection or primary storage.

5. For the Minimum Copies objective:

a. To set the minimum number of protection copies that are expected to exist in the defined location, select the objective.

If more copies of a specific asset exist than this objective specifies, then this objective is satisfied.

Creating and Assigning Protection Plans

Adding stages to a protection plan 89

To ensure more than one protection copy per Recovery Point objective in the retention period, apply this objective also to the Retention objective.

b. Select the number of copies.

Note

Copy data includes snapshots, copies, and replicas on either protection or primary storage.

6. For the Retention objective:

a. To set the minimum amount of time that a copy should be retained, select the objective.

You can set an expiration date for every copy that is associated with a protection plan or asset combination. If at least one copy exists at every Recovery Point objective within the specified retention period, this objective is satisfied.

To ensure more than one protection copy per Recovery Point objective in the retention period, apply this objective also to the Minimum Copies objective.

b. Select one of the following options:

l Day

l Week

l Month

l Year

c. Select the timeframe.

7. After all the required objectives for the stage have been selected and defined, to complete the definition of the stage and add it to the plan, click Add Stage.

The Stages window appears. You can add multiple stages with separate objectives to a protection plan.

8. In the Stages window, a list of the stages added to the protection plan along with their specified objectives appear.

l To hide the details of the objectives for a specific stage, click Hide Stage Details. A description of the objectives appears.

l To remove a stage from the Stages window, click on the stage that you want to remove.

9. To assign tenants to the protection plan, click Next.

If you have the System Tenant Admin role, you can assign tenants to the protection plan.

10. To complete configuring the protection plan, click Finish.

The Protection Plans window appears and the newly created protection plan appears in the list:

l To sort the protection plan names alphabetically, click Name.

Creating and Assigning Protection Plans

90 Enterprise Copy Data Management 1.1 Installation and Administration Guide

l To view the details of the protection plan, click . The Protection Plans Details window appears.

Assign a tenant to a protection plan After completing the Protection Plan tasks, complete the following steps to assign a tenant to a protection plan.

Before you begin

The System Tenant Admin role can perform this task.

You can create and activate a plan without assigning a tenant to it, but you cannot use the plan without assigning a tenant to it. You must assign plan to a tenant to be able to assign assets to the plan for protection.

Procedure

1. To select a tenant to assign to a protection plan, in the left pane, select Tenants or click Next.

The Tenants window appears.

2. Select one or more tenants.

To select all the tenants, click Select All.

3. To finish creating the protection plan, click Finish.

Results

The Protection Plans window appears.

A list of protection plans along with their status, stages, and number of assigned

tenants appear. The icon indicates the number of tenants that have this protection plan available. In this example, the Silver protection plan has three tenants that are assigned.

Configuring Protection Plan Settings Before you begin

The System Tenant Admin role can perform this task.

Procedure

1. To keep the plan editable after creation, set the protection plan to inactive mode. Select Keep this plan Inactive. I am still working on it.

By default, new plans are considered Inactive. Inactive plans allow you to edit the protection plan before tenants start using them. Disabling this option automatically activates and publishes the plan on creation. The data protection objectives that are defined within the plan immediately begin to be enforced on all the selected data.

2. To make this plan active, select Make this plan Active. Allow any unassigned tenants unrestricted access.

Selecting this field allows any unassigned tenants unrestricted access to this plan.

3. To specify the maximum acceptable amount of time that can elapse between objectives being verified for a protection copy, in the Validate all plan objectives every field, select one of the following options:

Creating and Assigning Protection Plans

Assign a tenant to a protection plan 91

l Hour

l Day

l Week

l Month

l Year

4. To use eCDM to automatically provision the storage for ProtectPoint, select Allow eCDM to automatically provision and configure storage.

5. Click Finish.

The Protection Plans window appears.

Reviewing protection plans You can view details of protection plans that you previously created.

Before you begin

The System Tenant Admin role can perform this task.

Procedure

1. Go to Main menu > Protection Plans. The Protection Plans window opens.

A list of protection plans along with their status, number of stages, and number of assigned tenants appear. Figure 32 Protection Plans window

2. To view the details of a specific protection plan, click .

The Protection Plans Details window appears.

Managing protection plans The following sections include information about managing protection plans.

For a protection plan, you can perform the following actions:

l Activate or deactivate

l Edit

l Suspend or resume

l Delete

l Assign or unassign tenants

Creating and Assigning Protection Plans

92 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Assigning protection to an asset You can set protection of an asset by assigning the asset to a protection plan.

Before you begin

The System Tenant Admin role and Storage Admin role can perform this task.

Note

You can assign only one asset to a protection plan in one operation. To assign a group of assets to the plan, you need to repeat it for each asset.

If you rename a VMAX storage group asset after you discover it in eCDM, assets with both names are present everywhere within eCDM, including compliance results and dashboard aggregation. Also, the VMAX asset with the new name does not inherit the protection of the asset with the previous name. Retake any actions for the previously named VMAX storage group on the newly named VMAX storage group. For example, if the VMAX asset with the previous name was being protected, reset Protection for the newly renamed storage group asset.

Procedure

1. Go to Main menu > Assets > Protectable Assets. The list of assets appears.

2. Select the asset for which you want to assign a protection plan.

3. To assign protection, click .

The list of protection plans appears.

4. Select a protection plan from the list that you want to assign to the asset. A asset cannot be assigned to two or more plans.

Indicates protection plans that are assigned to the asset.

Indicates protection plans that are not assigned to the asset.

5. Click Save. This action assigns protection plans to the asset.

Editing a protection plan You can edit a protection plan when it is in Inactive mode.

Before you begin

The System Tenant Admin role and the Storage Admin role can perform this task.

Procedure

1. Go to Main menu > Protection Plans.

The Protection Plans window appears.

2. Select the protection plan that you want to edit.

3. Ensure that the protection plan is in Inactive mode.

To change the status of the protection plan from Active to Inactive:

Creating and Assigning Protection Plans

Assigning protection to an asset 93

a. Click .

The TENANTS window appears.

b. Unassign all tenants from this protection plan.

c. Click Save.

d. Select the protection plan and click .

4. Click . The Plan Details window appears.

Activating a protection plan to make it available to assigned tenants Activating a protection plan activates plan activity, validation, and protection actions.

Before you begin

The System Tenant Admin role can perform this task.

Procedure

1. Go to Main menu > Protection Plans. The Protection Plans window appears.

2. Select the protection plan that you want to activate and make available to all tenants.

3. Click . This action activates the protection plan.

4. To assign a tenant to this protection plan, click .

The TENANTS window appears.

a. Select the tenants that you want to assign to this protection plan.

b. Click Save.

The protection plan is now available to all assigned tenants.

Assign or unassign tenants to a protection plan You can assign or unassign access to protection plans for specific tenants. Unassigning a protection plan revokes access to the plan for specific tenants. Revoked tenants cannot assign protectable assets to the protection plan.

Before you begin

Assigning a protection plan allows the System Tenant Admin or Storage Admin to grant a tenant access to specific protection plans. You cannot apply protection plans and drive validation or protection without assigning the protection plan to an asset.

Note

You cannot edit a protection plan that has assigned tenants. To edit a plan with assigned tenants, you must first unassign the tenants and then deactivate the plan. The status of the protection plan changes from Active to Inactive.

Procedure

1. Go to Main menu > Protection Plans.

The Protection Plans window appears.

2. Select the protection plan that you want to assign or unassign a tenant to.

Creating and Assigning Protection Plans

94 Enterprise Copy Data Management 1.1 Installation and Administration Guide

3. Ensure that the protection plan is in Active mode.

4. To assign or unassign a tenant to this protection plan:

a.

Click .

The TENANTS window appears.

b. Select the tenants that you want to assign or unassign to this protection plan.

c. Click Save.

Results

A protection plan is only available to the tenants to which it has been assigned. The Protection Plans window appears.

A list of protection plans along with their status, stages, and number of assigned tenants appear.

Figure 33 Protection Plans window

Suspending or resuming protection plans Suspending a protection plan suspends plan activity, validation, and protection actions. You can suspend a protection plan after it is assigned to a tenant.

Before you begin

The System Tenant Admin role can perform this task.

To suspend a protection plan, click .

To resume a protection plan, click . Resuming a protection plan resumes plan activity, validation, and protection actions.

Deleting protection plans When a plan is inactive to all tenants, you can delete the protection plan. Deleting a plan removes the plan from eCDM. A deleted plan can no longer be assigned to tenants.

Before you begin

The System Tenant Admin role can perform this task.

Creating and Assigning Protection Plans

Suspending or resuming protection plans 95

Procedure

1. Go to Main menu > Protection Plans.

The Protection Plans window appears.

2. Select the inactive protection plan that you want to delete.

3. Click .

Removing a protection plan that is assigned to a protectable asset Use the following procedure to remove a protection plan that was previously assigned to a protectable asset.

Before you begin

The System Tenant Admin role and Storage Admin role can perform this task.

Procedure

1. Go to Main menu > Assets > Protectable Assets.

The list of assets appears.

2. Select the asset for which you want to unassign a protection plan.

3. To remove protection, click the Protection icon ( ). Alternatively, go to Actions > Unassign Protection.

A confirmation message appears.

4. Select Yes.

Reviewing the status of protection plans The status describes the protection plan's position in the workflow.

Before you begin

The System Tenant Admin role can perform this task.

Protection plans support the following statuses:

l Active

l Inactive

l Suspended

Active status The Active status indicates that you can assign tenants, storage, and protectable assets against the protection plan.

The protection plan, when assigned to assets and published, drives validation and protection activities.

Active protection plans are visible to the following users, and can be applied to System Tenant Admin owned protectable assets:

l EMC Remote Support

l Executive

l Operations Monitor

l Storage Admin

Creating and Assigning Protection Plans

96 Enterprise Copy Data Management 1.1 Installation and Administration Guide

l System Tenant Admin

The following actions are available when the protection plan is in the Active status:

l New

l Deactivate

l Assign and unassign tenants

l View details

Note

You cannot suspend a protection plan that has no assigned tenants.

Inactive status The Inactive status indicates that you can edit a protection plan without restriction.

When a protection plan is in an Inactive state, you cannot use the protection plan to drive validation or protection activities.

Note

You cannot view protection plans that are in a suspended or inactive state from the Assets windows.

Inactive protection plans are visible to the following users, and can be applied to System Tenant Admin owned protectable assets:

l EMC Remote Support

l Executive

l Operations Monitor

l Storage Admin

l System Tenant Admin

The following actions are available when the protection plan is in Inactive status:

l New

l Edit

l Delete

l Activate

l View details

Suspended status The Suspended status indicates that System Tenant Admins can globally suspend protection plans.

Tenants can suspend protection plans assigned to them. Validation activities are temporarily paused.

Note

You cannot view protection plans that are in a suspended or inactive state from the Assets windows.

When protection plans are suspended, the protection plans are visible to the following users:

Creating and Assigning Protection Plans

Reviewing the status of protection plans 97

l EMC Remote Support

l Executive

l Operations Monitor

l Storage Admin

l System Tenant Admin

The following actions are available when the protection plan is in Suspended status:

l New

l Resume

l View details

Note

You cannot suspend a protection plan that has no assigned tenants.

Monitoring protection plans The Activity monitor window allows you to monitor protection plans in the system to determine whether the protection plans are active or inactive, how many tasks are associated with the protection plan, and other system state and health details.

Procedure

1. Go to Main menu > Activity Monitor.

By default, the Plan Compliance tab displays, as shown in the following figure.

Figure 34 Activity Monitor - Plan Compliance

2. To filter plans by status or name, click their respective Filtered Views button.

The items based on the selection, display in the lower half of the screen.

3. To view the details of a protection plan, click the plan name.

The plan details screen displays. The following figure displays protection plan details.

Creating and Assigning Protection Plans

98 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 35 Activity Monitor - Plan details

4. In the Plan Compliance window, to filter protection plans by status, or asset name, click their respective Filtered Views button.

The items that are based on the selection, display in the lower half of the screen.

5. In the Plan Compliance window, to search for an asset, type the name or description into the Search box.

The assets based on the search criteria display in the lower half of the screen.

6. To view tasks that are tied to this protection plan, click the Associated Task link.

All the associated tasks and events that are linked to the protection plan are listed. The following figure displays task and event details for a protection plan.

Figure 36 Activity Monitor - Plan Compliance Task and Event details

Creating and Assigning Protection Plans

Monitoring protection plans 99

Reviewing protection plan compliance You can use the Compliance by Plan widget to view protection plans that are most out of compliance. The rate of compliance is calculated according to the service level objectives defined for those plans. A lower percentage indicates a less compliant plan.

To review protection plan compliance, go to Main menu > Dashboard > Compliance by Plan.

Each plan that is identified as out of compliance lists the number of tenants using this protection plan, as displayed in the following figure. Figure 37 Compliance by Plan

Compliance by Plan is displayed according to the information in the following table.

Table 10 Compliance by Plan fields

Field Description Setting

Time Interval

The period of time over which the compliance rate is calculated.

By default, this is based on the last eight days up to the current date.

Plans to display

The number of plans to display in the widget. A minimum of one, to a maximum of eight. By default, the widget shows the top five plans out of compliance, starting with the least compliant.

Only show active plans

Display only plans currently in use, or display all protection plans.

On or off.

Creating and Assigning Protection Plans

100 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 7

Recovering and Reusing Data

This section includes the following topics:

l Viewing protection copy set summaries............................................................102 l Deleting copy sets............................................................................................ 103 l Exporting copy sets.......................................................................................... 104 l Unexporting an exported copy set.....................................................................117 l Restoring a copy set to an alternate location.................................................... 118 l Restoring a copy set to the same location......................................................... 121 l Consideration and limitations............................................................................ 123

Recovering and Reusing Data 101

Viewing protection copy set summaries You can view summaries of protected copy sets in the system. Details such as the name of the storage system containing the copy set, system usage, location, date the copy set was created, date the copy set expires, size, and recovery time are available to you.

Procedure

1. Go to Main menu > Assets.

All the protectable assets in the system appear. Figure 38 Protectable Assets

2. Select an asset, and then at the end of the row click the icon.

The latest related protection copy sets and their respective point-in-time (PIT) information appear. The copy map consists of the root node and its child nodes. The root node represents a Protected Asset, which is the protected Storage Group.

l When you click the root node, a popup dialog box displays the Storage System and the Storage Group that it belongs to. The child nodes represent copy sets. Each child node is a copy set.

l When you click a child node, the dialog box displays the Storage System where the Copy Set is stored, the time the Copy Set was created, and the size of the Copy Set.

Recovering and Reusing Data

102 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 39 Protectable Assets Details

3. To view a brief summary of each copy set, click a node.

A pop-up dialog box displays a brief summary of the copy set. Figure 40 PIT Node Details

Deleting copy sets You can delete copy sets from the system. However, you must be cautious when deleting copy sets, as all protection copies that are part of the copy set are deleted from the storage system, and the action cannot be undone.

Before you begin

Only users with System Tenant Admin and Storage Admin roles can delete copy sets.

Procedure

1. Go to Main menu > Assets.

All the discovered assets in the system appear.

Recovering and Reusing Data

Deleting copy sets 103

2. Select an asset, and then at the end of the row click the icon.

The latest related protection copy sets and their respective point-in-time (PIT) information appear.

3. Select a copy set, and then click .

A pop-up message alerts you that the protection copy set will be deleted.

4. Click Yes.

Exporting copy sets This section describes how to export copy sets to different arrays. Only users with either System Tenant Admin or Export and Recovery Admin privileges can perform exports.

Prerequisites for exporting a VMAX copy set Some prerequisite actions are required before you export a VMAX copy set.

l For native VMAX and ProtectPoint VMAX, ensure that Port Groups (PGs) exist on the VMAX. Note that is VMAX terminology for an Initiator Group (IG). The PGs and IGs must meet the following criteria:

n VMAX IGs and hosts must have names in the patterns of _IG and _PG respectively, where is the name of the host that you specify for the copy to be exported to in eCDM Export for Reuse window.

n The WWPN for the eCDM Host created or selected must be part of the VMAX IG with the corresponding name.

l For native VMAX, ensure that storage groups exist with at least as many unused local disks/volumes of exactly the same size as the source SG. For example, if the source SG has 3 volumes of 10GB each, the target SG must have at least 3 unused volumes of exactly 10 GB available.

l For ProtectPoint VMAX, you can use the eCDM option Create a Storage Group for this. Step 5 of Exporting a VMAX copy set on page 107 below provides more information. Alternatively, you can select an existing group. Follow the procedure provided in Creating FAST.X Device manually on page 104 for more information on requirements.

l The disks in the storage group created or selected for the export will remain unavailable for reuse until the export is canceled by unexporting the protection copy set.

Creating FAST.X Device manually

Before you begin

For ProtectPoint VMAX Restore to Alternate Location and Rollback, you must ensure that the NSRSnapSG storage group contains enough encapsulated FAST.X vdisks. eCDM does not automatically create these for you. The disks are released after being used for the restore or rollback operation.

For ProtectPoint VMAX, if you use an existing storage group for the recovery, the storage group must contain enough encapsulated FAST.X vdisks.

The encapsulated FAST.X vdisks in both scenarios must meet the following criteria:

Recovering and Reusing Data

104 Enterprise Copy Data Management 1.1 Installation and Administration Guide

l Ensure that the disk is not locked; that is, not used by something already.

l Ensure that the disk is equal or greater in number than the source disk to be recovered or rolled back

l Ensure that the disk exactly matches the size and geometry of the source disk to be recovered or rolled back

Procedure

1. List the devices that are in your pool. For example, on the Data Domain system run the following command:

#vdisk device show list pool user1_pool1

Output such as the following appears:

Device Device-group Pool Capacity WWN (MiB) ------------ ------------------------------- ------------- -------- ----------------------------------------------- vdisk-dev575 eCDM_P1476977925973-user1_sg1 user1_pool1 5120 60:02:18:80:00:08:a0:26:0a:05:7f: 31:b9:90:03:52

2. Obtain the details (geometry) for this device which is the source device for the snapshot (vdisk static-image) that we will be recovering. For example, on the Data Domain system run the following command:

#vdisk device show detailed wwn

Output such as the following appears:

60:02:18:80:00:08:a0:26:0a:05:7f:31:b9:90:03:52 Device: vdisk-dev575 GUID: 000008a0260a000d030008a0260a057f31b9900352000d000000023f WWN: 600218800008a0260a057f31b9900352 Device-group: eCDM_P1476977925973- user1_sg1 Pool: user1_pool1 State: read- write Capacity (MiB): 5120 MiB Head count: 15 Cylinder count: 2731 Sectors per track: 256

3. Create a device-group to put a new device in. For example, on the Data Domain system run the following command:

#vdisk device-group create pool user1_pool1 vdisk device-group create pool user1_pool1 user1_rec_dev_group

4. Create a device to encapsulate in the NSRSnapSG SG for VMAX ProtectPoint restores, using the geometry info from the source device.

For example, run the following command:

Recovering and Reusing Data

Creating FAST.X Device manually 105

#vdisk device-group create pool user1_pool1 vdisk device create heads 15 cylinders 2731 sectors-per-track 256 pool user1_pool1

Alternatively, you can create disks using size instead of geometry, as long as the size exactly matches the size of the source vdisk.

5. Obtain a list of the "access groups" on the Data Domain.

For example, on the Data Domain system run the following command: #vdisk device-group create pool user1_pool1 scsitarget group show list

In this example, since the VMAX 1011 is used, the device was added to the group nsm_vmax_1011_scsi_group.

Output such as the following appears:

Group Name Service # Initiators # Devices ------------------------ ----------- ------------ --------- RP_g015_cluster DD-Boost FC 0 1 RP_ledmg010 DD-Boost FC 4 1 RP_ledmg015_group DD-Boost FC 4 1 RP_ledmg011_group DD-Boost FC 4 1 esx_c022_c219_scsi_group VDisk 0 0 jr_test_group1 VDisk 0 0 ledmc011 VDisk 1 16 ledmc018_restore_group VDisk 1 2 ledme013_st VDisk 1 0 ledme015_restore_group VDisk 1 2 ledmf117 VDisk 2 34 nsm_vmax1011_scsi_group VDisk 4 418 test VDisk 0 0 vmax1012_group VDisk 4 200 ------------------------ ----------- ------------ ---------

6. Expose the device to the VMAX by adding it to an "access group."

For example, run the following command: #vdisk device-group create pool user1_pool1 scsitarget group add nsm_vmax1011_scsi_group device vdisk-dev682 primary-endpoint all secondary-endpoint all

7. Encapsulate the device to the NSRSnapSG SG.

For example, run the following command: symconfigure -sid 1011 -cmd "add external_disk wwn=600218800008a0260a057f31b9900352,encapsulate_data=YES;" commit -nop

Recovering and Reusing Data

106 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Output such as the following appears:

A Configuration Change operation is in progress. Please wait...

Establishing a configuration change session...............Established. Processing symmetrix 000196701011 Performing Access checks..................................Allowed. Checking Device Reservations..............................Allowed. Initiating COMMIT of configuration changes................Queued. COMMIT requesting required resources......................Obtained. Step 009 of 085 steps.....................................Executing. Step 232 of 232 steps.....................................Executing. Local: COMMIT............................................Done.

New symdev: 00E0D [TDEV] New symdev: FF89F [DATA device] Terminating the configuration change session..............Done.

The configuration change session has successfully completed.

8. Add the device to the NSRSnapSG storage group. For example, run the symcli command:

For example, run the symcli command: symsg -sid 1011 -sg NSRSnapSG add dev 00E0D

9. Verify which SG the device is in (if any).

For example, run the symcli command: symaccess -sid 1011 list -type storage -dev

Output such as the following appears:

00E0D

Storage Group Name -------------------------------- NSRSnapSG

Exporting a VMAX copy set You can export a protection copy set to a target storage destination for access and mounting via the hosts which are zoned and masked to see the storage devices that are protected in the copy set.

Procedure

1. Go to eCDM Main menu > Assets.

All the discovered assets in the system appear.

Recovering and Reusing Data

Exporting a VMAX copy set 107

Figure 41 Protectable Assets

2. Select an asset, and then at the end of the row click the icon.

The latest related protection copy sets and their respective point-in-time (PIT) information appear. Figure 42 Protectable Assets Details

3. Select a copy set, and then click .

A wizard appears.

4. On the Reuse or Recovery page, select Export for Reuse, and then click Next.

Recovering and Reusing Data

108 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 43 Export Wizard

5. Create or select a Storage Group.

l For native VMAX, on the Select Storage Groups page: Select the target destination Storage Group for the recovery devices you want to export the copy set to, and then click Next.

l For ProtectPoint VMAX, you can either:

n On the Select the Target Destination Storage Group page:

a. Click Select Storage Group.

b. Select the target destination Storage Group for the recovery devices that you want to export the copy set to.

c. Click Next.

n On the Select the Target Destination Storage Group page:

a. Click Create a Storage Group.

b. Enter a name for the storage group to be created.

c. Click Next.

Recovering and Reusing Data

Exporting a VMAX copy set 109

Figure 44 Select the Target Destination Storage Group

Note

After you make your selection, click Next to go to the Define Export Host page.

Figure 45 Create a Storage Group

6. On the Define Export Host page:

a. Select the Export Host for the recovery devices you want to export the copy set to.

b. Click Next.

c. You have an option to add a New Host, and edit or delete an Export Host.

Recovering and Reusing Data

110 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Note

If you try to export a copy set that is already exported from the same array to the same host, the export fails because the copy set is already exported to the host.

Figure 46 Define Export Host

l To add a host:

a. Click +New Host. In the Export Host area.

b. In the Export Host area, type the Host Name and WWPN details.

c. Click Save.

d. If you want to add more than one WWPN, click +WWPN again.

Note

Only System Tenant Admin and Storage Admin roles can add hosts.

l To edit host details, click . In the Export Host area, edit details, and then click Save.

l To delete a host, click .

7. Verify information about the export such as, storage groups and export host details on the Export Summary page.

Recovering and Reusing Data

Exporting a VMAX copy set 111

Figure 47 Export Summary

8. Click Finish.

You are taken back to the Assets/Details page where you see that the export is complete. Figure 48 Export complete

To view details about the export, click the export hyperlink.

The Export Details dialog box appears.

Figure 49 Export Details

Recovering and Reusing Data

112 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Note

Export requests are handled asynchronously and may take a significant amount of time to complete. On completion of the export processing, a system notification is generated indicating whether the export was performed successfully. Even while the export processing is ongoing, the exported copy is visible in the user interface. If you try to cancel an export while the export processing is going on for a copy set, a message displays indicating that the resource is locked, and the operation is not permitted.

Exporting an XtremIO copy set You can export a copy set to a target storage destination, for access and mounting via the hosts, that are zoned and masked to see the protected storage devices that are contained in this copy. ProtectPoint XtremIO exports are carried out directly from the DDR vDisk, not an XtremIO consistency group.

Before you begin

For RecoverPoint exports, ensure that you specify an eCDM host with WWPNs, which are part of an existing scsitarget group. You can configure or verify this by using the DDR CLI with the scsitarget group command. Refer to Data Domain documentation for information. For information about existing scsitarget groups and initiators, on the Data Domain console access the Hardware > Fibre Channel and click the Access Groups tab.

Procedure

1. Go to Main menu > Assets.

All the discovered assets in the system appear. Figure 50 Protectable Assets

2. Select an XtremIO asset, and then click the icon at the end of the row.

The latest related protection copy sets and their respective point-in-time (PIT) information appear.

Recovering and Reusing Data

Exporting an XtremIO copy set 113

Figure 51 Protectable Assets Details

3. Select a copy set, and then click .

A wizard appears.

4. On the Reuse or Recovery page, select Export for Reuse, and then click Next.

Figure 52 Export Wizard

5. Click Next.

If you select an export of a ProtectPoint RecoverPoint and XtremIO protection copy sets, or XtremIO and Data Domain protection copy sets then the Select Device Groups wizard page displays. On this page, you can either Select a Device Group or Create a Device Group as shown in the following screen. After you make your selection, click Next to go to the Define Export Host page.

Recovering and Reusing Data

114 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 53 Select Device Groups

6. On the Define Export Host page:

a. Select the Export Host for the recovery devices you want to export the copy set to.

b. Click Next.

c. You have an option to add a New Host, and edit or delete an Export Host.

Note

If you try to export a copy set that is already exported from the same array to the same host, the export fails because the copy set is already exported to the host.

l To add a host:

a. Click +New Host. In the Export Host area.

b. In the Export Host area, type the Host Name and WWPN details.

c. Click Save.

d. If you want to add more than one WWPN, click +WWPN again.

Note

Only System Tenant Admin and Storage Admin roles can add hosts.

l To edit host details, click . In the Export Host area, edit details, and then click Save.

l To delete a host, click .

Recovering and Reusing Data

Exporting an XtremIO copy set 115

Figure 54 Define Export Host

7. Click Next.

The Export Summary page appears.

8. Verify information about the export such as, storage groups and export host details on the Export Summary page.

Figure 55 Export Summary

9. Click Finish.

You are taken back to the Assets/Details page where you see that the export is complete. Figure 56 Export complete

To view details about the export, click the export hyperlink.

Recovering and Reusing Data

116 Enterprise Copy Data Management 1.1 Installation and Administration Guide

The Export Details dialog box appears.

Note

Export requests are handled asynchronously and may take a significant amount of time to complete. On completion of the export processing, a system notification is generated indicating whether the export was performed successfully. Even while the export processing is ongoing, the exported copy is visible in the user interface. If you try to cancel an export while the export processing is going on for a copy set, a message displays indicating that the resource is locked, and the operation is not permitted.

Figure 57 Export Details

Unexporting an exported copy set After you have finished using an exported copy set, you can unexport the exported copy set.

Note

Unmount the LUNs at the host before running an unexport, and ensure that the devices are offline.

Procedure

1. Go to Main menu > Assets.

All the discovered assets in the system appear.

2. Select an asset, and then at the end of the row click the icon.

The latest related protection copy sets and their respective point-in-time (PIT) information appear.

3. Go to the existing export you want to unexport, and then click the highlighted hostname.

An Export Details dialog box appears.

Recovering and Reusing Data

Unexporting an exported copy set 117

Figure 58 Export Details

4. Click Cancel Export.

The copy set is unexported.

Note

Unexport requests and unexport processing are handled asynchronously and may take a significant amount of time to complete. On completion of the unexport processing, a system notification is generated indicating whether the unexport was performed successfully. Even while the unexport processing is ongoing, the unexported copy is visible in the user interface. If you try to cancel an unexport while the unexport processing is going on for a copy set, a message displays indicating that the resource is locked, and the operation is not permitted.

Restoring a copy set to an alternate location You can redirect recovery of a selected copy set to an alternate target destination. Only users with System Tenant Admin or Export and Recovery Admin privileges can perform a recovery to an alternate location. Note that the Recover to Alternate Location option is not available for ProtectPoint for XtremIO snapshots.

Before you begin

l For ProtectPoint VMAX, ensure that the NsrSnapSG storage group contains as many unused FAST.X vDisks of the same size as the source disks. Creating FAST.X Device manually on page 104 provides information.

l For native VMAX and ProtectPoint VMAX: ,

n Ensure that a storage group exists with at least as many unused local disks/ volumes of exactly the same size as the source SG. For example, if the source SG has 3 volumes of 10GB each, the target SG must have at least 3 unused volumes of exactly 10 GB available.

n Ensure that all LUNs in the target storage group are unmounted from all hosts.

l For XtremIO, the target Storage Group must be empty for the initial restore to alternate location, or be a consecutive restore of a copy set from the same protection copy set (asset).

Recovering and Reusing Data

118 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Procedure

1. Go to Main menu > Assets.

All the discovered assets in the system appear, as displayed in the following figure. Figure 59 Protectable Assets

2. Select an asset, and then at the end of the row click the icon.

The latest related protection copy sets and their respective point-in-time (PIT) information appear, as displayed in the following figure. Figure 60 Protectable Assets Details

3. Select an asset, and then at the end of the row click the icon.

The latest related protection copy sets and their respective point-in-time (PIT) information appear.

4. Select a copy set, and then click .

A wizard appears. The following figure displays the Reuse or Recovery page.

Recovering and Reusing Data

Restoring a copy set to an alternate location 119

Figure 61 Reuse or Recovery

5. On the Reuse or Recovery page, select the Recover to Alternate Location option, and then click Next.

The Recover to Alternate Location page appears.

6. Select the Storage system and devices to recover to.

The storage groups are automatically discovered for the storage system. The following figure displays the Recover to Alternate Location page.

Figure 62 Recover to Alternate Location

7. Select the Storage group from the list, and then click Next.

8. Ensure that the Storage Group contains regular devices that match the geometry of the devices in the production Storage Group.

9. Verify information about the recovery on the Export Summary page.

The following figure displays the Export Summary page.

10. Click Finish.

Recovering and Reusing Data

120 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Restoring a copy set to the same location You can start a recovery of a copy back to its original location, overwriting the current data on the source devices. Only users with System Tenant Admin or Export and Recovery Admin privileges can perform a rollback to production.

Before you begin

l Unmount all the source LUNs from all hosts before performing a Rollback to Production.

l For ProtectPoint VMAX:

n Before performing a rollback, ensure that the VMAX storage group NsrSnapSG contains a sufficient number of FAST.X encapsulated vDisks from the Data Domain server containing the static images.

n Ensure that they are equal or greater in number and the same size. These FAST.X devices are only used during the rollback operation and are released after the operation is complete. Creating FAST.X Device manually on page 104 provides information.

l Ensure that, when you create FAST.X devices for restores, the vDisks that are encapsulated come from a vDisk pool that is owned by the vDisk user that owns the vDisk pool containing the backup vDisks. This pool can be either the same vDisk pool as the backup devices, or from a different pool as long as it is owned by the same user.

Procedure

1. Go to Main menu > Assets.

All the discovered assets in the system appear, as displayed in the following figure. Figure 63 Protectable Assets

2. Select an asset, and then at the end of the row click the icon.

The latest related protection copy sets and their respective point-in-time (PIT) information appear, as displayed in the following figure.

Recovering and Reusing Data

Restoring a copy set to the same location 121

Figure 64 Protectable Assets Details

3. Select a copy set, and then click .

A wizard appears. The following figure displays the Rollback to Production option on the Reuse and Recovery page.

Figure 65 Rollback to Production

4. On the Reuse or Recovery page, select the Rollback to Production option, and then click Next.

The summary for the rollback appears.

5. Verify information about the rollback on the Summary page.

A warning appears informing you that data on the devices that are listed will be overwritten. The following figure displays information about the rollback on the Summary page.

Recovering and Reusing Data

122 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 66 Rollback to Production Summary

6. Click Finish.

Note

Restore operations are performed asynchronously. On completion of the restore, a system notification is generated indicating whether the restore was performed successfully.

Consideration and limitations Before you perform an Export, Restore, or Rollback to Production operation, review the following items:

l All required SAN connections and visibility between each of the arrays and target hosts are in place.

l Due to Data Domain limitations, eCDM supports only the following characters in device-group provisioning names:

n lower-case letters (az)

n upper-case letters (AZ)

n digits (09)

n underscore (_)

n dash ()

All other characters are not supported.

l When performing exports from a VMAX or Data Domain, ensure that the WWPNs used for the export operations are present in an initiator group. eCDM does not create initiator groups on the VMAX or Data Domain at this time.

l ProtectPoint VMAX operations use the FAST.X devices in the NsrSnapSG storage group for the restore and restore to alternate location operations.

Recovering and Reusing Data

Consideration and limitations 123

l For ProtectPoint VMAX operations, the same Data Domain user must own all device groups that are involved in the operation. These groups include, the backup device group, and the device groups used for instantiating the static images

l For ProtectPoint XtremIO operations, the device group that is used to instantiate static images for restore and export can be owned by a different Data Domain user. However, it is recommended that they are owned by the same Data Domain user as the backup device group.

Recovering and Reusing Data

124 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 8

Using the Dashboard

This section contains the following topics:

l About Dashboard.............................................................................................. 126 l Capacity monitoring in the Dashboard.............................................................. 128 l License............................................................................................................. 129 l Reviewing tenant compliance........................................................................... 130 l Reviewing protection plan compliance...............................................................131 l eCDM Health.................................................................................................... 132

Using the Dashboard 125

About Dashboard The eCDM Dashboard provides at-a-glance insight into key product information operational behavior. The Dashboard is divided into quadrants with each quadrant able to display unique information. The eCDM user can customize the Dashboard from a selection of compliance and key indicators.

For example, a system administrator logging into eCDM can be presented with a Dashboard showing summary information such as the following:

l Compliance by Tenant

l Compliance by Plan

l License

l Primary Storage Protection

l Protection Storage

The following figure illustrates this Dashboard view.

Figure 67 eCDM Dashboard

The following table lists the icons available in the Dashboard.

Table 11 eCDM UI, Dashboard, and quadrant icons

Icon Description

Main menu Browse to anywhere in the UI.

Expand/Collapse a quadrant

Expands or collapses any specific Dashboard quadrant to full screen.

Quadrant controls Expands the available quadrant widgets or controls.

Using the Dashboard

126 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Table 11 eCDM UI, Dashboard, and quadrant icons (continued)

Icon Description

Begin Cycle The quadrant cycles through all widgets configured for the specific quadrant at a 60-second interval.

Reset to Default Resets the widgets in that specific quadrant to the original display settings.

Clear Quadrant Removes all widgets from the quadrant.

Lock Quadrant Prevents any changes to widgets (addition or removal of) in the quadrant.

View widgets Displays the available widgets. You can drag widgets from here to any location on the Dashboard to change the display.

Day/Night icon Toggle the UI display between a light and dark background.

Logoff Log off from the eCDM UI.

Widget settings Access the widget settings for any quadrant.

Dashboard widgets The following widgets are available in the eCDM UI.

l Compliance by Tenant

l Compliance by Plan

l License

l Primary Storage Protection

l Protection Storage

l eCDM Health

To change the display, you can drag widgets to any location on the Dashboard:

l To display available widgets, click on the right side of the Dashboard.

l To modify the display, drag widgets to any quadrant in the Dashboard.

l To change the Dashboard view from day to night, click .

l To collapse the list of widgets, click .

Using the Dashboard

Dashboard widgets 127

Figure 68 Dashboard widgets

Capacity monitoring in the Dashboard The eCDM Dashboard provides the ability to view the available capacities of your protection storage systems to ensure that the systems do not reach capacity and thereby impact the availability of eCDM services.

Widgets available from the eCDM Dashboard display the total global protection storage as it currently exists.

Reviewing Primary Storage Protection You can use the Primary Storage Protection widget to view front end capacity information at the system level through a single resource. This includes the data source capacity that is protected by one or more eCDM plans, total discovered data source capacity, and total used capacity.

To review Primary Storage Protection, go to Main menu > Dashboard > Primary Storage Protection.

This widget allows you to calculate the amount of unprotected capacity. When you log in as a specific tenant user, the widget provides the capacity for plans and data sources assigned to that tenant and all its child tenants. When you log in as a user with system administrative privileges, the widget displays the capacity for plans and data sources for the entire system.

Using the Dashboard

128 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 69 Primary Storage Protection widget

Reviewing Protection Storage You can use the Protection Storage widget to view capacity information for back-end storage.

To review Protection Storage, go to Main menu > Dashboard > Protection Storage.

The Protection Storage widget breaks down information on available storage and used storage. Additionally, the widget displays information on the average deduplication rate across all Protection Storage systems.

The following figure displays a Data Domain system with 150 TB total capacity and current statistics for deduplication.

Figure 70 Protection Storage widget

License You can use the License widget to view the type of license currently applied, along with current status details such as expiry date and capacity usage, if applicable.

To review the license, go to Main menu > Dashboard > License.

License types consist of the following:

l Trial licenseApplied automatically upon installation of eCDM and allows full use of the product without applying a license key for a period of up to 90 days. When

Using the Dashboard

Reviewing Protection Storage 129

the trail period ends, eCDM continues to operate with full functionality so that you can apply a permanent license.

Note

You can only add or manage an EMC Secure Remote Services (ESRS) gateway with an FETB license.

l Front-end protected capacity by terabyte or FETBThe primary model of eLicensing, which is based on the actual capacity that you need to protect. For example, you can purchase a 100 TB license which will allow you to protect up to 100 TB of actual data.

The section eCDM Licensing provides more information on licensing in eCDM.

Reviewing tenant compliance You can use the Compliance by Tenant widget to view the rate of compliance to the service level objectives defined per tenant.

To review tenant compliance, go to Main menu > Dashboard > Compliance by Tenant.

The compliance rate is calculated based on the last 8 days up to the current date, and is color coded according to the legend that appears along the bottom of the widget. The following figure displays tenant compliance. Figure 71 Compliance by Tenant widget

The following table describes the Compliance by Tenant fields.

Table 12 Compliance by Tenant fields

Field Description

Tenant Tenant name

Compliance Rate For this tenant and the associated plan, the calculated value (in percent) for meeting plan objectives over the last 8 days

Objective Compliance

The total number of objectives achieved compared to the total number of objectives that are defined for the plan ovpper the last 8 days

Validated The day the compliance was last determined

Using the Dashboard

130 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Reviewing protection plan compliance You can use the Compliance by Plan widget to view protection plans that are most out of compliance. The rate of compliance is calculated according to the service level objectives defined for those plans. A lower percentage indicates a less compliant plan.

To review protection plan compliance, go to Main menu > Dashboard > Compliance by Plan.

Each plan that is identified as out of compliance lists the number of tenants using this protection plan, as displayed in the following figure. Figure 72 Compliance by Plan

Compliance by Plan is displayed according to the information in the following table.

Table 13 Compliance by Plan fields

Field Description Setting

Time Interval

The period of time over which the compliance rate is calculated.

By default, this is based on the last eight days up to the current date.

Plans to display

The number of plans to display in the widget. A minimum of one, to a maximum of eight. By default, the widget shows the top five plans out of compliance, starting with the least compliant.

Only show active plans

Display only plans currently in use, or display all protection plans.

On or off.

Using the Dashboard

Reviewing protection plan compliance 131

eCDM Health You can use the eCDM Health widget to view appliance information at-a-glance, as well as a specific breakdown of the state of each eCDM service, similar to the Overview tab under the Settings window.

To review eCDM Health, go to Main menu > Dashboard > eCDM Health.

The eCDM Health widget looks similar to the following. Figure 73 eCDM Health

Within the initial eCDM Health widget view, you can determine the following:

l The overall appliance status, for example, Operational, Maintenance, or Quiesce.

l The amount of space currently in use on the disks, calculated as a percentage.

You can then click the i badge in the top-right corner of the widget to view more details. The widget expands to reveal the following details:

l Current appliance status (for example, operational, maintenance mode, quiesce).

l Name and version of the appliance.

l Uptime, which provides the number of days since the last reboot of the appliance.

l An indicator that backups are scheduled to run, if applicable.

l The amount of time in days since the last backup.

l The amount of time in days since the last update or patch.

l More specific capacity details for used and total space as well as any critical disk partitions (those which are more than 90% used).

Additionally, the lower pane provides a breakdown of each eCDM Service and its current state, as shown in the following.

Using the Dashboard

132 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 74 eCDM Health by Service

Using the Dashboard

eCDM Health 133

Using the Dashboard

134 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 9

Monitoring the System

This section includes the following topics:

l Monitoring protection plans..............................................................................136 l Monitoring tasks............................................................................................... 137 l Monitoring events.............................................................................................139 l Viewing notifications.........................................................................................140

Monitoring the System 135

Monitoring protection plans The Activity monitor window allows you to monitor protection plans in the system to determine whether the protection plans are active or inactive, how many tasks are associated with the protection plan, and other system state and health details.

Procedure

1. Go to Main menu > Activity Monitor.

By default, the Plan Compliance tab displays, as shown in the following figure.

Figure 75 Activity Monitor - Plan Compliance

2. To filter plans by status or name, click their respective Filtered Views button.

The items based on the selection, display in the lower half of the screen.

3. To view the details of a protection plan, click the plan name.

The plan details screen displays. The following figure displays protection plan details.

Figure 76 Activity Monitor - Plan details

Monitoring the System

136 Enterprise Copy Data Management 1.1 Installation and Administration Guide

4. In the Plan Compliance window, to filter protection plans by status, or asset name, click their respective Filtered Views button.

The items that are based on the selection, display in the lower half of the screen.

5. In the Plan Compliance window, to search for an asset, type the name or description into the Search box.

The assets based on the search criteria display in the lower half of the screen.

6. To view tasks that are tied to this protection plan, click the Associated Task link.

All the associated tasks and events that are linked to the protection plan are listed. The following figure displays task and event details for a protection plan.

Figure 77 Activity Monitor - Plan Compliance Task and Event details

Monitoring tasks The Activity monitor area allows you to monitor tasks for various areas of the system. For example, Compliance, Discovery, and Workflow.

Procedure

1. Go to Main menu > Activity Monitor, and then select the Tasks tab.

By default, all tasks for the last 8 days with All Status and All Results display, as shown in the following figure.

Monitoring the System

Monitoring tasks 137

Figure 78 Activity Monitor - Tasks

2. To search for a task, type the name into the Search box.

The tasks that are based on the search criteria display in the lower half of the screen.

3. To filter tasks by number of days or hours, status, or results, click their respective Filtered Views button.

The items that are based on the selection, display in the lower half of the screen.

4. To view the details of a task, click the task.

The task details display on the right side of the screen, as shown in the following figure.

Monitoring the System

138 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 79 Activity Monitor - Tasks details

Monitoring events The Activity Monitor area allows you to monitor events for various areas of the system.

Procedure

1. Go to Main menu > Activity Monitor, and then select the Events tab.

By default all events for the last 8 days with All Status display.

Figure 80 Activity Monitor - Events

2. To search for an event, type details into the Search box.

The events that are based on your search criteria display in the lower half of the screen.

Monitoring the System

Monitoring events 139

3. To filter events by number of days or hours and severity, click their respective Filtered Views button.

The items that are based on your selection display in the lower half of the screen.

Viewing notifications The notifications center allows you to view notifications for tasks and events.

Procedure

1. To access the notifications center, click the Bell button on the upper right corner of the screen. The number indicates the number of unacknowledged notifications in the system.

The following figure illustrates how to access the notification center.

Figure 81 Notification bell

The Notifications pane displays on the right side of the screen, as shown in the following figure. New notifications are denoted by a red dot in front of its name.

Monitoring the System

140 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 82 Notification pane

2. To filter the notification view, type the choice in the Search field.

The notifications display.

3. To acknowledge that you have seen new notifications, click Acknowledge All.

The red dot in front of all the new notifications disappear.

Monitoring the System

Viewing notifications 141

Monitoring the System

142 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 10

Protecting the eCDM server

This section describes how to create a disaster recovery plan and perform disaster recoveries of the eCDM appliance, and includes the following topics:

l Managing system backups................................................................................ 144 l Performing a disaster recovery.........................................................................148

Protecting the eCDM server 143

Managing system backups The eCDM system protection service provides you with the ability to protect the persistent data of an eCDM system from catastrophic loss by creating a series of system backups.

Each backup is considered a full backup even though it is created in an incremental manner. The persistent data that is saved in a backup includes the Lockbox and Elasticsearch databases. The backup operation creates a point-in-time snapshot of the database while the system is in a quiesced state. While the system is quiesced, the eCDM limits user functionality. After the snapshot completes, and while eCDM copies the snapshots to the Data Domain storage unit, full user functionality is restored.

To store system backups, you must configure and assign a private Data Domain storage unit for an eCDM system. The eCDM system protection service enables you to manage the frequency and start time of an automated system backup, perform on- demand backups, and define the length of time that the system backups are available for recovery.

Configuring the Data Domain system Before you begin

Before you can use the Data Domain to protect the appliance, configure DD Boost, NFS, and the storage unit that the appliance uses on the Data Domain system. The DD Boost feature requires a separate DD Boost license, which you add to the Data Domain System.

Procedure

1. Use a web browser to log in to the EMC Data Domain System Manager as the sysadmin user.

2. In the left navigation pane, select Protocols > DD Boost.

3. On the Settings tab that is located near the top of the page, perform the following tasks:

a. Ensure that the DD Boost Status is Enabled.

b. If it does not appear, add the appliance to the Allowed Clients table:

a. Click the + (Add) button that is located above the table and to the right.

b. In the Client field, specify the fully qualified domain name (FQDN) of the host.

c. In the Authentication mode list, select None.

d. In the Encryption Strength list, select None.

e. Click OK.

Note

By default, all clients (*) are allowed to access DD Boost.

c. If it does not exist, add the DD Boost user to the Users with DD Boost Access table:

a. Click the + (Add) button that is located above the table and to the right.

Protecting the eCDM server

144 Enterprise Copy Data Management 1.1 Installation and Administration Guide

b. In the User list, select an existing local user, or select Create a new Local User and then create a user account.

c. Click Add, and then click Close.

4. To create a storage unit for the appliance, perform the following steps on the Storage Units tab, which is located along to top:

a. Click the + (Add) button that is located above the table and to the right.

b. In the Name field, specify a descriptive name for the storage unit.

c. In the User field, select the DD Boost user.

d. Click Create.

The Storage Unit table provides information about the new storage unit, including the full path.

5. In the left navigation pane:

a. Select Protocols > NFS.

b. Ensure that the NFS Status option that is located above the Exports tab is set to Enabled.

6. To configure an export for the file system that contains the storage unit, perform the following tasks

On the Exports tab, which is located along the top:

a. Click Create.

b. In the Directory path field, specify the full directory path for storage unit that you created.

c. In the Clients list, select the client for the appliance.

If the appliance does not appear in the table, perform the following steps:

a. Click the Add button.

b. In the Client field, specify the FQDN of the appliance.

c. Click OK.

d. Click OK, and then click Close.

Configuring the appliance system protection Configure disaster recovery protection for the appliance the and the appliance metadata.

Before you begin

Configure a DD Boost Storage Unit that is dedicated to the appliance, and ensure that the appliance has client access privileges to DD Boost.

Procedure

1. From a host that has network access to the virtual appliance, use the Google Chrome browser to connect to the appliance:

https://appliance_ip_address

2. At the login screen, specify the following values, and then click Login.

Protecting the eCDM server

Configuring the appliance system protection 145

Note

The values in each field are case sensitive.

a. In the User field, specify an account for the appliance that is assigned to the sysadmin role, for example admin.

b. In the Password field, specify the password for the sysadmin account.

The default password is admin.

3. From the Main menu, select Settings.

The Settings window appears with the Overview tab selected.

4. Select the System Protection tab.

The System Protection window appears.

5. Click Edit.

6. In the Data Domain System field, specify the FQDN of the Data Domain System. For example, bu-idd-ecdm.emc.com

7. In the DD Boost Storage Unit field, specify the full path that you defined for the storage unit. For example, /data/col1/ecdm

8. In the Backup Schedule section, to enable the backup schedule, select the Inactive toggle, and then choose the backup frequency.

l If you select Daily, select the time to start the backup each day.

l If you select Hourly, specify the backup interval.

Note

You cannot change the start time when you choose an hourly backup.

9. In the Backup Retention section, define how the appliance retains system backups.

a. In the Minimum number of backups to retain field, specify the minimum number of server backups to retain on the system.

The smallest supported value is 2.

b. In the Maximum number of backups to retain field, type the maximum number of server backups to retain on the system.

Specify a value that is greater than or equal to the Minimum number of backups to retain value and less than or equal to 360.

c. In the Keep System DR backup until field, specify the retention time for a server backup.

The minimum supported retention time is 2 day and the maximum supported retention time is 10 years.

10. Click Save.

Protecting the eCDM server

146 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Troubleshooting backup configuration issues The following section provides a list of error messages that might appear when you configure an appliance backup configuration.

Data Domain storage unit mount command failed with error: 'Cannot mount full path: Access is denied' This error message appears when an NFS export does not exist on the Data Domain System for the full path to the DD Boost Storage Unit.

To resolve this issue, ensure that you have configured an NFS export for the full path of the DD Boost storage unit and that the appliance is and Export client.

Data Domain storage unit mount command failed with error: 'Cannot resolve FQDN: The name or service not known' This error message appears when the appliance cannot contact the Data Domain System by using the specified FQDN. To resolve this issue, ensure that you can resolve the FQDN and IP address of the Data Domain System.

Performing a manual appliance backup You can manually backup t he system, as required.

Procedure

1. Use the Chrome web browser to log in to the appliance management interface.

2. From the Main menu, select Settings.

3. Select the System Protection tab.

The System Protection window appears.

4. Click Back Up Now, and on the confirmation window, click Yes.

The Activity Monitor enables you to monitor the progress of the system backup. Monitoring system protection activities provides more information.

Results

When the backup completes, the System Protection window displays a summary of the backup.

Monitoring system protection activities Perform the following steps to monitor the progress of a system backup.

Procedure

1. From the Main menu, select Activity Monitor.

2. Click Tasks, and then select System task type.

Results

The Activity Monitor window displays a list of system protection tasks and the progress of each task.

The following figure provides an example of the Activity window with the status of two system tasks: the system backup task and the workflow task associated with the system backup.

Protecting the eCDM server

Performing a manual appliance backup 147

Figure 83 System tasks in the Activity Monitor window

Manually deleting system backups You can delete a system backup before the end of the retention period, only when the number of existing backups is greater than the value defined in the Minimum Number of Backups to Retain field.

Procedure

1. Use the Chrome web browser to log in to the appliance management interface.

2. From the Main menu, select Settings.

3. Select the System Protection tab.

The System Protection window appears.

4. Select the backup that you want to delete, and the click the Trash Can icon located to the right of the backup.

5. To permanently delete the server backup, on the Confirm window, click Continue.

Performing a disaster recovery To restore the data from a system backup in the event of a disaster, you must deploy a new appliance from an OVA, and then select the system backup to restore. The persistent data in the selected backup replaces the persistent data on the new appliance.

Performing an eCDM disaster recovery Perform a disaster recovery to restore a point-in-time configuration of an appliance from a backup.

Before you begin

Before you perform the disaster recovery, you must:

l Deploy a new appliance.

Note

The IP family for the appliance must match the IP family at the time of backup.

l Ensure that the new appliance has access to the Data Domain System that contains the server backups.

l Have knowledge of the following environmental information:

Protecting the eCDM server

148 Enterprise Copy Data Management 1.1 Installation and Administration Guide

n FQDN of the Data Domain system that contains the server backup.

n DD Boost Storage Unit that contains the server backup.

n The lockbox password set at the time of the backup.

Procedure

1. From a host that has network access to the virtual appliance, use the Google Chrome browser to connect to the appliance:

https://appliance_ip_address

2. On the eCDM License Agreement window:

a. Read the agreement.

b. Select Accept the license agreement.

c. Click Next.

3. On the Install Options window, select Recover from backup, and then click Next.

4. On the Network Setup window, review the network settings and then click Next.

Note

You can change the values displayed in this window after you complete the initial configuration by using the dashboard.

5. On the OS password window, in the Password and Confirm password fields, specify a password for the root, admin, support and lockbox accounts, and then click Next.

Specify a password that meets the following requirements:

l Minimum of eight characters

l At least one numeric character (0-9)

l At least one uppercase character (A-Z)

l At least one lowercase character (a-z)

l At least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:";,./<>?

6. On the Set the System Time Zone window, select the time zone and then click Next.

7. On the Recover Settings window, perform the following steps to configure the Data Domain System:

a. In the Data Domain System field, specify the FQDN of the Data Domain system.

b. In the DD Boost Storage Unit field, specify the full path that you defined for the storage unit.

c. In the Lockbox password field, specify the lockbox password that was configured for the appliance at the time of the selected server backup.

d. To save the configuration, click Connect.

Protecting the eCDM server

Performing an eCDM disaster recovery 149

e. To display a list of server backups, click Browse.

f. Select the server backup from which you want to recover, and then click Recover.

Results

The Recovery Progress window appears and once the recover operation completes, a system reboot occurs. After the reboot and component start up completes, the Dashboard appears.

Troubleshooting disaster recoveries

ERROR 500: Cannot resolve hostname: Name or service not known. Ensure that you can resolve the FQDN and IP address of the Data Domain System. This error message appears on the Recover Settings page when the appliance cannot contact the Data Domain System by using the specified FQDN.

To resolve this issue, ensure that you can resolve the FQDN and IP address of the Data Domain System.

Data Domain storage unit mount command failed with error: 'mount.nfs: mounting hostname/path failed, reason given by server: No such file or directory This error message appears on the Recover Settings page when the appliance cannot access the path that you specified the in DD Boost Storage Unit field.

To resolve this issue, confirm that the path to the DD Boost Storage Unit exists and is accessible on the Data Domain system.

Lockbox authorization failed. This may occur when the specified passphrase is not correct. This error message appears when you specify a passphrase value that does not match the passphrase used at the time of the server backup.

To resolve this issue, specify the correct passphrase value.

Protecting the eCDM server

150 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 11

Configuring the System

This section contains the following topics:

l Monitoring system state and system health......................................................152 l Reconfiguring the virtual appliance...................................................................156 l Modifying the eCDM appliance hardware settings............................................162

Configuring the System 151

Monitoring system state and system health The Settings window provides you with the ability to monitor the state of the appliance and the health of each system component. The Overview tab also provides you with the ability to change the overall state of the appliance from Operational to Maintenance, or from Maintenance to Operational.

The Overview tab provides you with a window that displays the overall health of the eCDM appliance, in the Health panel. The Health box provides you with the ability to open the View Services window. The Services Status window displays the state of each system component.

Monitoring and changing the state of the appliance The Overview tab provides you with a window that displays the overall health of the eCDM appliance, in the Health panel. The state of the appliance appears as an icon and is determined by the state of all system components. For example, if one system component is not in a Running state, then the overall state of the appliance is Partially Operational. A summary of the state of each system component appears below the state of the appliance.

The following table summarizes each appliance state.

Table 14 Appliance states

Icon State

OperationalThis state appears when the appliance is accessible with full functionality. When the state of the appliance is operational, the state of each system component is also operational.

QuiesceThis state appears during a quiesce of the appliance.

FailedThis state appears when the appliance cannot successfully change states. When you see this state, contact Dell EMC Support for assistance.

MaintenanceThis state appears when the appliance is in maintenance mode. You can access and manage the appliance but with limited functionality. You must put the appliance in Maintenance mode for some configuration changes, for example, to change the network settings or to upgrade the appliance. When configuration changes or an update completes, you must manually change the state of the appliance from Maintenance to Operational.

Partially operationalThis state appears when one or more of the system

components are not in an Up state. View the System Health window to determine that state of each appliance component.

Changing the state of the appliance Use the toggle on Overview tab of the Settings window to change the system state of the appliance. Before you can put the appliance in maintenance mode, allow all

Configuring the System

152 Enterprise Copy Data Management 1.1 Installation and Administration Guide

tasks to complete or cancel in-progress tasks. You cannot put the appliance in maintenance mode when there are in-progress tasks.

Before you begin

Changing the state of an appliance requires the Manage System Settings privilege. Connect to the UI with a user that has System Tenant Admin, Security Admin, or EMC Remote support role.

Procedure

1. From the Main menu, select Settings.

The Settings window appears with the Overview tab selected.

2. On the Overview tab, use the Maintenance mode toggle to change the system status.

3. To enable Maintenance Mode, perform the following steps:

a. Change the Maintenance mode toggle from OFF to ON.

The Maintenance mode window appears with a summary of tasks.

b. To stop any running tasks, select the task box, and then click Cancel Tasks.

The following figure provides an example of the Maintenance mode window with two running System tasks. Figure 84 Maintenance mode window

c. Click Begin Maintenance Mode to start the change of the system status.

A Confirmation window appears.

4. To take the appliance out of Maintenance Mode, change the Maintenance mode toggle from ON to OFF.

Results

The state of appliance changes on the Overview window and in the Health box. When you put an appliance in Maintenance mode, the following changes occur:

l The states of most services with the exception of Infrastructure services appear as Maintenance in the View Services window. The infrastructure services while operational will only allow some processing requests, for example, the requests that are required to change network settings, or to update the appliance.

l Users cannot access the GUI while the appliance is in maintenance mode.

l Users that are logged into the GUI and did not start the maintenance mode operation are logged out of the GUI.

l An orange banner appears in the GUI that indicates the systems is in maintenance mode.

Configuring the System

Monitoring and changing the state of the appliance 153

The following figure provides an example of the GUI, when the appliance is in Maintenance mode. Figure 85 Settings when the appliance is in Maintenance mode

Monitoring system component health The Settings window provides you with the ability to monitor the state of the appliance and the health of each system component. To view the health of the system components, click the Main menu icon and select Settings. The system health information appears in the Health group box.When you select the View Services icon in the Health panel, the View Services window appears.

The View Services window displays system health components in four groups Management, Infrastructure, Core, and Protection. The state of each component appears beside the name of the component. The following table provides a summary of each component state.

Table 15 Component states

Icon State

RunningThis state appears when the associated service or component is running with full functionality. When all components are in running state, the state of the appliance is operational.

QuiesceThis state appears during a quiesce of the associated service or component.

MaintenanceThis state appears when the associated service is in maintenance. In maintenance, components have limited functionality. Infrastructure services do not go into maintenance. When other components are in maintenance, the appliance state is also maintenance.

Note

You must put the appliance in Maintenance mode for some configuration changes, for example, to change the network settings or to upgrade the appliance. When configuration changes or an update completes, you must manually change the state of the appliance from Maintenance to Operational.

Configuring the System

154 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Table 15 Component states (continued)

Icon State

Initializing This state appears when the component is starting. When the component successfully starts, the state changes to Running.

Shutting down This state appears when the service associated with the component is stopping.

Shut down This state appears when the service has stopped.

No response This state appears when the service associated with the component is running but the service is not responding.

Core Service system health components The following table summarizes the core services system health components.

Table 16 Core system health component

System option Description

Rest Server Provides the status of the Rest Server.

Catalog Provides the status of the Catalog.

System Manager Provides the status of the System Manager.

Task Manager Provides the status of the Task Manager service.

Log Manager Provides the status of the Log Manager service.

Sytem Disaster Recovery

Provides the status of a system disaster recovery

LockboxDMC Provides the status of the Lockbox.

Authentication Provides the status of the Authentication Service.

Event Provides the status of the Event Service.

Infrastructure Service system health components The following table summarizes the Infrastructure system health components.

Table 17 Infrastructure system health component

System option Description

Catalog Store Provides the status of the Catalog database.

Message Bus Provides the status of the Message Bus.

Workflow Database Provides the status of the Workflow database.

Web Server Provides the status of the Tomcat service.

UI Provides the status of the User Interface service.

Configuring the System

Monitoring system component health 155

Table 17 Infrastructure system health component (continued)

System option Description

HTTP Proxy Provides the status of the HTTP Proxy service.

Secrets Manager Provides the status of the Secrets Manager service.

Service Manager Provides the status of the Service service.

UI Store Provides the status of the UI database.

Management Service system health components The following table summarizes the Management system health components.

Table 18 Management system health components

System option Description

Dashboard Provides the status of the Dashboard service.

Historical Provides the status of the Historical Data Service.

Media Manager Provides the status of the Media Manager service.

Telemetry Manager Provides the status of the Telemetry Manager service.

Configuration Manager

Provides the status of the Configuration Manager service.

Scheduler Provides the status of the Scheduler service.

Workflow Manager Provides the status of the Workflow Manager service.

License Manager Provides the status of the License Manager service.

Protection Service system health component The following table summarizes the Protection system health component.

Table 19 Protection system health component

System option Description

Storage Manager Provides the status of the Storage Manager.

Discovery Provides the status of the Discovery Service.

Dynamic Protection Provides the status of the Dynamic Protection Service.

Reconfiguring the virtual appliance The options in the Settings window enable you to reconfigure the appliance.

Use the options on the Overview tab in the Settings window to reconfigure the network settings, and the time zone. Use the Credentials tab in the Settings window to change the password for OS user accounts and the lockbox passphrase.

Configuring the System

156 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Reconfiguring the network settings Perform the following steps to modify the IP address, netmask, gateway, and DNS servers defined for the appliance.

Before you begin

To reconfigure the appliance, you must put the appliance in maintenance mode.

Procedure

1. From the Main menu, select Settings.

The Settings window appears with the Overview tab selected.

2. On the Overview tab, use the Maintenance mode toggle change the system status to Maintenance mode.

Changing the state of the appliance on page 152 provides more information about putting the appliance in to maintenance mode.

3. On the Overview tab, click the Information icon in the Network box, perform one of the following tasks, and then click Save.

l To change the hostname of the virtual appliance, in the Hostname (FQDN) field, specify the Fully Qualified Domain Name (FQDN) for the virtual appliance.

Note

Ensure that you correctly configure host name resolution for the name of the appliance. Forward and reverse lookups must succeed.

l To change the IP address of the virtual appliance, in the IP Address field, specify the IPv4 address or IPv6 address for the virtual appliance.

Note

You cannot change the IP address family.

l To change the netmask of the virtual appliance, in the Netmask field, when you use IPv4 addressing, specify the netmask of the virtual appliance. When you use IPv6 addressing specify the prefix length.

l To change the gateway used by the virtual appliance, in the Gateway field, specify the default gateway IPv4 address or IPv6 address that you want the virtual appliance to use.

l To change the DNS servers used by the virtual appliance, perform one of the following tasks:

n To remove an existing DNS server, in the DNS Addresses box, clear the specified IP address, and then click Save.

Note

The appliance requires at least one defined DNS server in the first DNS Addresses field, you can only clear the entry for additional DNS servers.

n To edit an existing DNS server, in the DNS Addresses box, select the IP address of the DNS server, modify the value, and then click Save.

n To add the IP address of a new DNS server, specify the IP address of the DNS server in an empty DNS Addresses field, and then click Save.

Configuring the System

Reconfiguring the network settings 157

Note

You can specify up to three DNS servers.

Results

After the configuration completes, the services on the appliance automatically restart and you must put the appliance back to Operational mode. The web browser redirects you to the following page: http://new_ip_address:9000/index.html, however the login screen does not appear. To put the appliance in Operational mode, perform the following steps:

1. Change the web address to http://new_ip_address/index.html.

2. If an SSL certificate warning page appears with the message Your connection is not private, click Advanced, and then click Proceed to new_ip_address (unsafe).

3. Log in to the appliance.

4. Use the Maintenace mode toggle to put the appliance in Operational mode.

Modifying the time zone Perform the following steps to modify the time zone for the appliance.

Procedure

1. From the Main menu, select Settings.

The Settings window appears with the Overview tab selected.

2. In the Time Zone box, click the Information icon.

The Change Time Zone window appears.

3. Select the new time zone, and then click Save.

Optionally, specify the name of the time zone in the Search field. The list box will display the time zones that match the Search field text.

Results

After you complete the configuration changes, the services on the appliance will automatically restart.

Modifying the lockbox passphrase Perform the following steps to modify the lockbox passphrase.

Note

You cannot change passphrase when the appliance is in a pending or quiesce node state.

Procedure

1. From the Main menu, select Settings.

The Settings window appears with the Overview tab selected.

2. Select the Credentials tab.

3. Click they key icon in the upper right hand corner of the lockbox.

The Change Lockbox Passphrase window appears.

Configuring the System

158 Enterprise Copy Data Management 1.1 Installation and Administration Guide

4. In the Old Passphrase field, type the current passphrase for the lockbox.

5. In the New Passphrase field, type a new passphrase for the lockbox.

Specify a password that meets the following requirements:

l Minimum of eight characters

l At least one numeric character (0-9)

l At least one uppercase character (A-Z)

l At least one lowercase character (a-z)

l At least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:";,./<>?

6. In the Confirm New Passphrase field, type the same value that you specified in the New Passphrase field, and then click Save.

7. Click Save.

Managing passwords for OS user accounts This section describes how to change the password for the admin, root, and support user accounts when an acount lockout occurs, before the password expires, and after the password expires.

Modifying the OS user passwords before expiration The passwords for each OS user account expires every 60 days. Before the password expires, perform the following steps to modify the password for the root, admin and support accounts.

Note

You cannot change password when the appliance is in a pending or quiesce node state.

Procedure

1. From the Main menu, select Settings.

The Settings window appears with the Overview tab selected.

2. Select the Credentials tab.

The Systems window displays a list of OS user accounts.

3. Click they key icon in the upper right hand corner of the OS user account with the password that you want to change.

The Change Password window appears.

4. In the Old Password field, type the current password for the selected user account.

5. In the New Password field, type a new password for the selected user account.

Specify a password that meets the following requirements:

l Minimum of eight characters

l At least one numeric character (0-9)

l At least one uppercase character (A-Z)

l At least one lowercase character (a-z)

Configuring the System

Managing passwords for OS user accounts 159

l At least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:";,./<>?

6. In the Confirm New Password field, type the same password that you specified in the New Password field.

7. Click Save.

Modifying an expired OS user passwords Perform the following steps to modify an expired password for an OS user.

Procedure

1. Connect to the appliance console, and at the Login prompt, specify the user whose password has expired.

Note

eCDM does not support using the ssh command with the root account, If you want to use ssh to connect to the appliance and change the password for the root account, you must log in to ssh with the admin account, and then use the su command to change to the root account.

2. At the Password prompt, specify the expired password.

A message appears to warn you that a password change is required.

3. At the (current) UNIX password prompt, specify the expired password.

4. At the New password prompt, specify a new password.

Specify a password that meets the following requirements:

l Minimum of eight characters

l At least one numeric character (0-9)

l At least one uppercase character (A-Z)

l At least one lowercase character (a-z)

l At least one special character from the following list of acceptable characters:

~!@#$%^&*()_+`-={}|[]\:";,./<>?

5. At the Retype new password prompt, specify the new password.

Unlocking OS user accounts After four failed log in attempts the appliance locks out an OS user account.

Messages similar to the following appear when an OS account lock out occurs:

Account locked due to 4 failed logins su: Authentication failure Perform the following steps to unlock an OS user account.

Procedure

1. Connect to the appliance console with the root account.

Configuring the System

160 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Note

eCDM does not allow you to use ssh to connect to the appliance with the root account.

2. Type /sbin/pam_tally2 -r -u to reset the password for the OS account.

For example, to unlock the admin account, type:

/sbin/pam_tally2 -r -u admin

Output similar to the following appears:

Login Failures Latest failure From admin 5 07/12/16 14:36:01 pts/2

3. Type /sbin/pam_tally2 to confirm that the admin account does not appear in the list of accounts with failed user login attempts.

Managing keychains You can create, edit, delete, and view keychain credentials.

Adding a keychain Procedure

1. Click the Main menu and select Settings > CREDENTIALS > KEYCHAIN. The KEYCHAIN window appears.

2. Click + New Credentials. The New Credential window appears.

3. Specify a Credential name, Username, and Password.

Note

The username and password in the keychain must match the required user and password for the inventory source or managed asset. Refer to storage vendor documentation for information on credentials.

Editing a keychain Procedure

1. Click the Main menu and select Settings > CREDENTIALS > KEYCHAIN. The KEYCHAIN window appears.

2. Select the keychain that you would like to edit. The Keychain Details window appears.

3. Toggle the Edit Mode field to ON.

4. Edit the values in the following fields as required:

l Credential name

l Username

l Password

Configuring the System

Managing keychains 161

Note

The username and password in the keychain must match the required user and password for the inventory source or managed asset. Refer to storage vendor documentation for information on credentials.

Deleting a keychain Procedure

1. Click the Main menu and select Settings > CREDENTIALS > KEYCHAIN. The KEYCHAIN window appears.

2. Select the keychain that you would like to delete. The Keychain Details window appears.

3. Toggle the Edit Mode field to ON.

4. Select Delete Credential.

Viewing keychain credentials To view keychain credentials, click Main menu > Settings > CREDENTIALS > KEYCHAIN and then select the user whose keychain details that you want to review.

Modifying the eCDM appliance hardware settings Follow the steps in this section to expand the size of the data disk and system disk, and modify the memory configuration, only under the guidance and recommendation of Dell EMC Support.

Modifying the appliance memory configuration Adjust the memory configuration of the appliance to support changes in the protection environment.

Procedure

1. Log in to the vSphere web client.

2. Right-click the appliance and select Edit Settings.

The Edit Settings window appears with the Virtual Hardware button selected.

3. In the Memory field, specify the new memory value.

Ensure that the value you specify does not exceed 16 times the amount of memory the virtual machine has when powered on and is a multiple of 4MB.

4. Click OK.

Modifying the data disk size Follow these steps to expand the size of a data disk that is single partitioned and has the log partition is on the system disk.

Procedure

1. Perform the following steps from the vSphere web client:

a. Right-click the appliance and select Shut Down Guest OS.

Configuring the System

162 Enterprise Copy Data Management 1.1 Installation and Administration Guide

b. After the appliance power off completes, right-click the appliance and select Edit Settings.

The Edit Settings window appears with the Virtual Hardware button selected.

c. Increase the provisioned size of Hard disk 2 to the desired size, and then click OK.

Note

You cannot decrease the provisioned size of the disk.

d. Right-click the appliance and select Power On.

2. Perform the following steps from the appliance console, as the root user.

Note

If you use ssh to connect to the appliance, log in with the admin account, and then use the su command to change to the root account.

a. Reboot the appliance by typing reboot.

b. On the GNU GRAB menu, press e to edit the GNU GRAB menu.

c. In the edit screen, search for the line that starts with Linux, and then add word single before the entry splash=0

The following figure provides an example of the edit screen with the updated text. Figure 86 Editing the GNU GRUB menu

d. Press Ctrl-x to reboot into single-user mode.

e. When prompted, type the password for the root account.

f. Unmount the data disk, by typing umount /data01.

g. Start the partition utility, by typing parted, and then perform the following tasks:

a. Type select /dev/sdb.

Configuring the System

Modifying the data disk size 163

b. Type print. If you are prompted to fix issues, type fix at each prompt. The output displays the new disk size in the Size field and the current size in the table.

c. Type resize 1 new_size. Where new_size is the value that appears in the Size field in the output of the print command.

For example, to resize the disk to 700 GB, type: resize 1 752GB d. Type quit.

3. Reboot the appliance by typing systemctl reboot.

4. Log in to the appliance console as the root user.

Note

If you use ssh protocol to connect to the appliance, log in with the admin account, and then use the su command to change to the root account.

5. Grow the xfs file system by typing xfs_growfs -d /data01.

6. Confirm the new partition size by typing df -h.

Modifying the system disk size Follow these steps to expand the size of a data disk when the log partition is the last partition on the system disk.

Procedure

1. Perform the following steps from the vSphere web client:

a. Right-click the appliance and select Shut Down Guest OS.

b. After the appliance power off completes, right-click the appliance and select Edit Settings.

The Edit Settings window appears with the Virtual Hardware button selected.

c. Increase the provisioned size of Hard disk 1 to the desired size, and then click OK.

Note

You cannot decrease the provisioned size of the disk.

d. Right-click the appliance and select Power On.

2. Boot from a SLES 12 CD.

3. Start the partition utility, by typing parted, and then perform the following tasks.

a. Type select /dev/sdx.

b. Type print. If you are prompted to fix issues, type fix at each prompt. The output displays the new disk size in the Size field and the current size in the table.

c. Type quit.

Configuring the System

164 Enterprise Copy Data Management 1.1 Installation and Administration Guide

4. Reboot the appliance by typing systemctl reboot.

5. Log in to the appliance console as the root user.

Note

If you use ssh protocol to connect to the appliance, log in with the admin account, and then use the su command to change to the root account.

6. Grow the xfs file system by typing xfs_growfs -d /data01.

7. Confirm the new partition size by typing df -h.

Configuring the System

Modifying the system disk size 165

Configuring the System

166 Enterprise Copy Data Management 1.1 Installation and Administration Guide

CHAPTER 12

Logs and Troubleshooting

This section contains the following topics related to log configuration and enabling the EMC Secure Remote Services (ESRS) gateway:

l Logs settings.................................................................................................... 168 l Registering eCDM with EMC Secure Remote Services..................................... 171

Logs and Troubleshooting 167

Logs settings Logs settings provides you with the ability to change the logging levels for any eCDM related component, and to export log bundles on demand.

You can access the Logs Levels and Exports tabs from the eCDM Settings window. Select Main Menu > Settings, and then click Logs. By default, Logs opens on the Levels window. Figure 87 Log Levels window

Log levels The Levels tab allows you to set the log level for individual components, or use the same level for all components. By default, each eCDM component is initially set to Info.

Note

The Levels tab only displays the eCDM supporting components for which can you set log levels.

Logs and Troubleshooting

168 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Components are categorized under the following services:

l Core

l Protection

l Management

You can set each component to one of five different log levels:

l Error

l Warn

l Info

l Debug

l Trace

To set the log level for individual components, use the slider next to the component.

To change all components to the same log level: Select the desired log level from the drop-down.

1. Drag the Set all levels to slider to the right.

2. Select the log level from the drop-down.

The following figure illustrates how to set the same log level for all components.

Figure 88 Choose Log level for all components

Exporting logs Use the following procedure to generate and download a log bundle.

Procedure

1. From the main menu, click Settings > Logs > Export.

The Exports window appears.

2. Set the date range by using the slider.

Logs and Troubleshooting

Exporting logs 169

The range can be a maximum period of 7 days up to the current date. The range must be a minimum of 1 day.

The following figure displays the available dates for log bundle generation.

Figure 89 Available Dates for log bundle generation

3. Click the Create Bundle button.

The new Log bundle displays in the Log Exports table, with a status of "Building."

4. When the status changes to "Completed", download and view the log bundle by clicking the link for the entry in the table.

5. To cancel or delete the log bundle entry, click the next to the log bundle.

When a bundle is cancelled, or a bundle generation fails, an entry continues to appear in the table until deleted.

The following figure illustrates how to cancel or delete a log bundle entry.

Figure 90 Log bundle link

Logs and Troubleshooting

170 Enterprise Copy Data Management 1.1 Installation and Administration Guide

After you create the first log bundle, subsequent log bundles created within the available specified dates will provide an estimated generation time (Estimated Completion), and an estimated size (Estimated Current Bundle).

Note

The Used space that is indicated in pink in this window displays a minimum of 33 MB. eCDM requires this space for file overhead.

Registering eCDM with EMC Secure Remote Services EMC Secure Remote Services (ESRS) allows landlord and tenant users to register the eCDM server with a gateway host IP address for remote access. Once registered, Technical Support Engineers can remotely connect to an eCDM instance to troubleshoot issues.

Use the following procedure to register or manage the ESRS Gateway.

Procedure

1. Go to Main Menu > Settings > Overview > EMC Secure Remote Services (ESRS) and click the Edit icon within the quadrant.

A dialog box appears. The following figure displays the ESRS quadrant.

Figure 91 ESRS quadrant in Settings window

2. In the dialog box, type the gateway hostname or IP address.

The following figure illustrates the ESRS gateway registration.

Logs and Troubleshooting

Registering eCDM with EMC Secure Remote Services 171

Figure 92 Register the gateway hostname or IP

3. After typing the gateway hostname or IP address, click Save to complete registration of the ESRS gateway.

Note

Currently, you can only use IPv4 for the gateway. IPv6 is not supported.

4. After saving, an Edit icon appears next to the gateway hostname field, which allows you to update the hostname. When you update the hostname, eCDM overwrites the previous entry but does not unregister this gateway, and there is no option within the Settings window to delete the previous entry. To unregister the previous gateway address, you must use a curl command.

Note

You can only add or manage an ESRS gateway when you apply a front-end terabyte (FETB) license. If using a trial license, the Edit icon is disabled and the following message displays in the ESRS quadrant.

Logs and Troubleshooting

172 Enterprise Copy Data Management 1.1 Installation and Administration Guide

Figure 93 ESRS Gateway disabled for trial license

Callhome When you register an ESRS gateway, you also enable the Callhome feature, which allows Technical Support Engineers to collect data related to troubleshooting device and eCDM appliance issues. Callhome does not collect any personal information.

The following table lists the type of information collected by Callhome.

Table 20 Information collected by Callhome

Category Type of information collected

eCDM appliance l Date of the last upgrade

l Any patches applied

l Version of the appliance

l Uptime (in days) since the last appliance reboot

Data Domain inventory

l Number of Data Domain systems

l Data Domain operating system version and system ID

l Mtrees per Data Domain system

l Data Domain system capacity

VMAX 3 inventory l Number of VMAX Systems

l VMAX operating system version and system ID

l Protected asset list of LUNS and Storage Groups with size

XIO inventory l Number of XIO clusters

l XIO operating system version

eCDM operational inventory

l Asset information (number of assets, asset groups, assets protected vs unprotected)

l Plans (number of plans, plans instances per tenant)

Logs and Troubleshooting

Callhome 173

Table 20 Information collected by Callhome (continued)

Category Type of information collected

l Tenants (number of tenants)

l Tags (number of tags and tag categories)

l Active plan details (assets and their types, objectives for each stage)

Usage l Amount of data being protected

Licensing l Status of the license applied

Storage managers l Number of Unisphere instances in inventory

l Unisphere hostnames and versions

l Number of DDMC instances in inventory

l DDMC hostnames and versions

Logs and Troubleshooting

174 Ent

Manualsnet FAQs

If you want to find out how the 1.1 Dell works, you can view and download the Dell PowerProtect 1.1 Data Manager Installation Guide on the Manualsnet website.

Yes, we have the Installation Guide for Dell 1.1 as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Installation Guide should include all the details that are needed to use a Dell 1.1. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell PowerProtect 1.1 Data Manager Installation Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell PowerProtect 1.1 Data Manager Installation Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell PowerProtect 1.1 Data Manager Installation Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell PowerProtect 1.1 Data Manager Installation Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 1.1 Data Manager Installation Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.