Contents

Dell PowerProtect 19.11 Data Manager Network Attached Storage User Guide PDF

1 of 40
1 of 40

Summary of Content for Dell PowerProtect 19.11 Data Manager Network Attached Storage User Guide PDF

PowerProtect Data Manager 19.11 Network Attached Storage User Guide

June 2022 Rev. 01

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid

the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

2021 - 2022 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Preface......................................................................................................................................... 5

Chapter 1: PowerProtect Data Manager for Network Attached Storage Overview..........................9 PowerProtect Data Manager overview..........................................................................................................................9

About asset sources, assets, and storage............................................................................................................... 9 Additional procedures for system administrators...................................................................................................... 10 Prerequisites....................................................................................................................................................................... 10

Configure PowerProtect Data Manager for NAS protection............................................................................. 11 Resource requirements for a NAS protection engine.......................................................................................... 11 Files with restricted permissions.............................................................................................................................. 12 Enable Isilon/PowerScale basic authentication.................................................................................................... 12 Supported Internet Protocol versions.....................................................................................................................12

Limitations............................................................................................................................................................................12 Protection engine limitations.....................................................................................................................................15

Resolved limitations...........................................................................................................................................................15 NAS protection deployment recommendations..........................................................................................................16 Role-based security........................................................................................................................................................... 16 Data-in-flight encryption..................................................................................................................................................16 Roadmap for NAS protection.......................................................................................................................................... 17

Chapter 2: Managing Assets and Protection.................................................................................18 About NAS protection.......................................................................................................................................................18

Replication triggers...................................................................................................................................................... 18 Extended retention...................................................................................................................................................... 19

Enable the NAS asset source..........................................................................................................................................21 Add a NAS appliance......................................................................................................................................................... 21 Add a NAS share................................................................................................................................................................22 Edit or delete a NAS asset source................................................................................................................................ 23 Deploy a protection engine for NAS asset protection............................................................................................. 24 Add a centralized protection policy for NAS assets................................................................................................. 25 Extended retention........................................................................................................................................................... 29 Restore a NAS asset to the original location...............................................................................................................31 Restore a NAS asset to an alternate location............................................................................................................ 32 NAS file level restore using File Search....................................................................................................................... 32 Protection engine parameters........................................................................................................................................34

Set protection engine parameters...........................................................................................................................34 Determine protection engine usage for a protection job.........................................................................................34 Change the protection engine Docker network range.............................................................................................35

Appendix A: Network Attached Storage Best Practices and Troubleshooting...............................36 Review protection logs.................................................................................................................................................... 36 Protection engine troubleshooting................................................................................................................................36 Connectivity troubleshooting......................................................................................................................................... 36 Snapshot troubleshooting............................................................................................................................................... 37

Contents

Contents 3

Manually delete Isilon/PowerScale snapshots..................................................................................................... 38 Credential troubleshooting..............................................................................................................................................39 Backup troubleshooting................................................................................................................................................... 39

4 Contents

As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.

If a product does not function correctly or does not function as described in this document, contact Customer Support.

NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this document,

go to the Customer Support website.

Product naming Data Domain (DD) is now PowerProtect DD. References to Data Domain or Data Domain systems in this documentation, in the user interface, and elsewhere in the product include PowerProtect DD systems and older Data Domain systems. In many cases the user interface has not yet been updated to reflect this change.

Language use This document might contain language that is not consistent with Dell Technologies current guidelines. Dell Technologies plans to update the document over subsequent future releases to revise the language accordingly.

This document might contain language from third-party content that is not under Dell Technologies control and is not consistent with the current guidelines for Dell Technologies own content. When such third-party content is updated by the relevant third parties, this document will be revised accordingly.

Website links The website links used in this document were valid at publication time. If you find a broken link, provide feedback on the document, and a Dell Technologies employee will update the document as necessary.

Purpose This document describes how to configure and administer the Dell PowerProtect Data Manager software to protect and recover the data on network attached storage (NAS) shares and appliances. The PowerProtect Data Manager Administration and User Guide provides additional details about configuration and usage procedures.

Audience This document is intended for the host system administrator who is involved in managing, protecting, and reusing data across the enterprise by deploying PowerProtect Data Manager software.

Revision history The following table presents the revision history of this document.

Preface

Preface 5

Table 1. Revision history

Revision Date Description

01 June 21, 2022 Initial release of this document for PowerProtect Data Manager version 19.11.

Compatibility information Software compatibility information for the PowerProtect Data Manager software is provided by the E-Lab Navigator.

Related documentation The following publications are available at Customer Support and provide additional information:

Table 2. Related documentation

Title Content

PowerProtect Data Manager Administration and User Guide Describes how to configure the software.

PowerProtect Data Manager Deployment Guide Describes how to deploy the software.

PowerProtect Data Manager Licensing Guide Describes how to license the software.

PowerProtect Data Manager Release Notes Contains information about new features, known limitations, environment, and system requirements for the software.

PowerProtect Data Manager Security Configuration Guide Contains security information.

PowerProtect Data Manager Amazon Web Services Deployment Guide

Describes how to deploy the software to Amazon Web Services (AWS).

PowerProtect Data Manager Azure Deployment Guide Describes how to deploy the software to Microsoft Azure.

PowerProtect Data Manager Google Cloud Platform Deployment Guide

Describes how to deploy the software to Google Cloud Platform (GCP).

PowerProtect Data Manager Cloud Disaster Recovery Administration and User Guide

Describes how to deploy Cloud Disaster Recovery (Cloud DR), protect virtual machines in the AWS or Azure cloud, and run recovery operations.

PowerProtect Data Manager Cyber Recovery User Guide Describes how to install, update, patch, and uninstall the PowerProtect Cyber Recovery software.

PowerProtect Data Manager File System User Guide Describes how to configure and use the software with the File System agent for file-system data protection.

PowerProtect Data Manager Kubernetes User Guide Describes how to configure and use the software to back up and restore namespaces and PVCs in a Kubernetes cluster.

PowerProtect Data Manager Microsoft Exchange Server User Guide

Describes how to configure and use the software to back up and restore the data in a Microsoft Exchange Server environment.

PowerProtect Data Manager Microsoft SQL Server User Guide

Describes how to configure and use the software to back up and restore the data in a Microsoft SQL Server environment.

PowerProtect Data Manager Oracle RMAN User Guide Describes how to configure and use the software to back up and restore the data in an Oracle Server environment.

PowerProtect Data Manager SAP HANA User Guide Describes how to configure and use the software to back up and restore the data in an SAP HANA Server environment.

PowerProtect Data Manager Storage Direct User Guide Describes how to configure and use the software with the Storage Direct agent to protect data on VMAX storage arrays through snapshot backup technology.

6 Preface

Table 2. Related documentation (continued)

Title Content

PowerProtect Data Manager Network Attached Storage User Guide

Describes how to configure and use the software to protect and recover the data on network-attached storage (NAS) shares and appliances.

PowerProtect Data Manager Virtual Machine User Guide Describes how to configure and use the software to back up and restore virtual machines and virtual-machine disks (VMDKs) in a vCenter Server environment.

VMware Cloud Foundation Disaster Recovery With PowerProtect Data Manager

Provides a detailed description of how to perform an end-to- end disaster recovery of a VMware Cloud Foundation (VCF) environment.

PowerProtect Data Manager Public REST API documentation Contains the Dell Technologies APIs and includes tutorials to guide you in their use.

vRealize Automation Data Protection Extension for Data Protection Systems Installation and Administration Guide

Describes how to install, configure, and use the vRealize Data Protection Extension.

Typographical conventions The following type style conventions are used in this document:

Table 3. Style conventions

Formatting Description

Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.

Italic Used for full titles of publications that are referenced in text.

Monospace Used for: System code System output, such as an error message or script Pathnames, file names, file name extensions, prompts, and syntax Commands and options

Monospace italic Used for variables.

Monospace bold Used for user input.

[ ] Square brackets enclose optional values.

| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.

{ } Braces enclose content that the user must specify, such as x, y, or z.

... Ellipses indicate non-essential information that is omitted from the example.

You can use the following resources to find more information about this product, obtain support, and provide feedback.

Where to find product documentation The Customer Support website The Community Network

Preface 7

Where to get support The Customer Support website provides access to product licensing, documentation, advisories, downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Customer Support.

To access a product-specific page:

1. Go to the Customer Support website. 2. In the search box, type a product name, and then from the list that appears, select the product.

Knowledgebase The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by keyword.

To search the Knowledgebase:

1. Go to the Customer Support website. 2. On the Support tab, click Knowledge Base. 3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by

typing a product name in the search box, and then selecting the product from the list that appears.

Live chat To participate in a live interactive chat with a support agent:

1. Go to the Customer Support website. 2. On the Support tab, click Contact Support. 3. On the Contact Information page, click the relevant support, and then proceed.

Service requests To obtain in-depth help from a support agent, submit a service request. To submit a service request:

1. Go to the Customer Support website. 2. On the Support tab, click Service Requests.

NOTE: To create a service request, you must have a valid support agreement. For details about either an account or

obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the

Service Request Number field, type the service request number, and then click the right arrow.

To review an open service request:

1. Go to the Customer Support website. 2. On the Support tab, click Service Requests. 3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.

Online communities For peer contacts, conversations, and content on product support and solutions, go to the Community Network. Interactively engage with customers, partners, and certified professionals online.

How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPAD.Doc.Feedback@emc.com.

8 Preface

PowerProtect Data Manager for Network Attached Storage Overview

Topics:

PowerProtect Data Manager overview Additional procedures for system administrators Prerequisites Limitations Resolved limitations NAS protection deployment recommendations Role-based security Data-in-flight encryption Roadmap for NAS protection

PowerProtect Data Manager overview For network attached storage (NAS), PowerProtect Data Manager provides centralized backup and restore operations to protect data on the network.

PowerProtect Data Manager can protect NAS assets in two ways:

AppliancesAutomatic discovery of shares on supported Dell PowerStore, Unity, and PowerScale (Isilon) products. SharesNetwork File System (NFS) and Common Internet File System (CIFS) shares from other NAS platforms.

The E-Lab Navigator provides compatibility information about supported NAS types.

Protecting a NAS with PowerProtect Data Manager does not require Network Data Management Protocol (NDMP). However, protecting a NAS requires deploying a specialized NAS protection engine as a data mover between the NAS and PowerProtect Data Manager. Containerized NAS agents run on the protection engine to support multiple NAS protection operations.

NAS protection backs up and recovers ACLs and extended attributes for NFS and CIFS shares.

Roadmap for NAS protection provides more instructions about the necessary steps to protect NAS assets.

The REST API provides additional operations. The PowerProtect Data Manager Public REST API documentation provides more information.

About asset sources, assets, and storage

Assets are the basic units that PowerProtect Data Manager protects. Asset sources are the mechanism by which PowerProtect Data Manager manages assets and communicates with the storage system that stores backup copies of the assets.

PowerProtect Data Manager supports Dell PowerProtect DD Management Center (DDMC) as the storage and programmatic interface for controlling the DD systems, and external DD systems.

For network attached storage, the asset source is of type NAS. Assets can be network shares or NAS appliances.

More generally, asset sources can also include vCenter servers, Kubernetes clusters, application hosts, and other supported types. These other asset sources support additional asset types, such as virtual machines. The PowerProtect Data Manager Administration and User Guide provides more information about supported asset sources and types.

1

PowerProtect Data Manager for Network Attached Storage Overview 9

Additional procedures for system administrators The PowerProtect Data Manager Administration and User Guide provides more information about procedures that require the Administrator role. The PowerProtect Data Manager system administrator typically performs these procedures, some of which have server-wide effect.

Many of these procedures are not specific to protecting NAS assets. However, some procedures in the PowerProtect Data Manager Administration and User Guide are prerequisites for, or also applicable to, NAS protection. For example:

Adding and configuring protection storage, including storage units Adding and configuring virtual networks Configuring additional objectives for protection policies, such as exclusions, extended retention, replication, and cloud tiering Managing protection policies, including adding or removing assets, and disabling a policy, configuring an SLA, and protection

rules Managing backups, such as editing retention periods and deleting backup copies Managing any running jobs

Review these procedures when required for your environment or when called out by a task in this guide. If required, coordinate with your PowerProtect Data Manager system administrator or backup and restore administrators.

Prerequisites Before you configure PowerProtect Data Manager for NAS protection, observe the following points and perform the following actions: 1. Ensure that there are sufficient vCenter resources available to deploy a NAS protection engine. Resource requirements for a

NAS protection engine provides more information. 2. Open the required ports between all components, including the NAS. The PowerProtect Data Manager Security

Configuration Guide provides more information and instructions.

For example, Windows file servers require an outbound rule to allow traffic on ports 139 and 445. Modify the firewall to open these ports.

3. NAS protection engines require time synchronization with PowerProtect Data Manager for deployment and operation. Configure an NTP server. In the time configuration options for each ESXi server, enable the NTP client and ensure that the NTP service is running.

4. Configure PowerProtect Data Manager. Configure PowerProtect Data Manager for NAS protection provides more information.

Appliance protection

The following prerequisites apply for Isilon/PowerScale appliances:

The Isilon OneFS Web Administration Guide and Isilon OneFS CLI Administration Guide provide more information and instructions, where not otherwise indicated here.

1. Enable basic authentication. Enable Isilon/PowerScale basic authentication provides instructions. 2. Create a NAS protection user in the System access zone with both of the following roles: BackupAdmin and

SystemAdmin.

The NAS protection user needs read/write Windows ACL NTFS and share permissions.

Supply the NAS protection user credentials as the management credentials when you add the NAS appliance, when you add CIFS shares to a protection policy, and when you set asset level credentials.

3. Some required paths are not shared by default. To protect CIFS shares, create a CIFS share for /ifs with the name ifs.

Provide full access for the NAS protection user. For added security, you can limit access to only the NAS protection user.

To protect NFS shares, export /ifs/.snapshot, and select the options to enable mount access to subdirectories and not map root users. Ensure that read-only permission is set to No.

Add the NAS protection engine and PowerProtect Data Manager by hostname, FQDN, or IP address as clients, root clients, and read/write clients to the NFS export.

10 PowerProtect Data Manager for Network Attached Storage Overview

4. For NFS shares, add clients to the exports for other shares, as required. Files with restricted permissions provides more information.

5. For NFS shares, change the global settings to enable NFS export services. Enable NFSv3 or NFSv4, as required. 6. For SMB shares, configure the following settings in the PowerScale UI SMB server settings area:

Table 4. Isilon/PowerScale SMB settings

Setting Value

Visible at Root Yes

Accessible at Root Yes

Visible in Subdirectory No

Accessible in Subdirectory

Yes

Notes

1. A trial license is provided with the PowerProtect Data Manager software. Contact Customer Support for assistance with a permanent PowerProtect Data Manager license.

2. When signing occurs during certificate exchange between PowerProtect Data Manager and NAS asset sources, if you have specified a hostname or fully qualified domain name (FQDN) with an underscore (_), then communication happens by IP address, as provided during registration.

Configure PowerProtect Data Manager for NAS protection

Prepare the PowerProtect Data Manager server by performing the following initial system configuration tasks:

About this task

The PowerProtect Data Manager Administration and User Guide provides more information about each task. If your environment already protects other assets, you may have already completed some of these tasks.

Steps

1. Add protection storage.

2. (Optional) Configure a storage unit.

3. Configure virtual networks, if applicable.

4. Configure the PowerProtect Search Engine, if needed.

The Search Engine is required for File Level Restore (FLR).

5. Enable the virtual machine asset source and register the vCenter server where you intend to deploy the protection engine.

Resource requirements for a NAS protection engine

Note the following system requirements, which are the same as for a VM Direct Engine:

CPU 4 * 2 GHz (4 virtual sockets, 1 core for each socket).

Memory 8 GB RAM.

Disks 2 disks (59 GB and 98 GB).

Internet Protocol version

IPv4 only.

SCSI controller Maximum of 4.

NIC One vmxnet3 NIC with one port.

PowerProtect Data Manager for Network Attached Storage Overview 11

Files with restricted permissions

If you use limited-privilege credentials to back up files without permissions for groups and owners, additional action is required before you add the NAS appliance or share to PowerProtect Data Manager. For example, files with 500, 600, and 700 permissions. Complete one of the following sections, as applicable.

Without this action, appliance backups are complete with an exception, where some files are skipped. The job details in the user interface contain the count of folders and files that are skipped during the protection. The backup logs contain detailed information on the number of skipped elements and the reason for skipping the files/folders.

PowerScale (Isilon) appliance

On the NAS appliance, add the NAS protection engine and PowerProtect Data Manager by hostname, FQDN, or IP address as clients, root clients, and read/write clients to the NFS export for the share. Enable mount access to subdirectories.

The Isilon OneFS Web Administration Guide and Isilon OneFS CLI Administration Guide provide more information about clients, modifying NFS exports, and adding a client to an NFS export. The Add NAS wizard contains a reminder for this step.

NAS shares

Add the NAS protection engine by hostname, FQDN, or IP address as a client of the NAS server to ensure that the NAS agent can read these files with restricted permissions. Because NAS server platforms can vary significantly, consult the documentation for your NAS server for instructions.

Enable Isilon/PowerScale basic authentication

For Isilon/PowerScale 9.2, basic authentication is disabled by default. Before you add an Isilon/PowerScale appliance, enable basic authentication through the appliance console.

Steps

1. Connect to the Isilon/PowerScale console.

The Isilon OneFS CLI Administration Guide provides instructions.

2. Enable basic authentication:

isi_gconfig -t web-config auth_basic=true Privilege elevation with sudo may be required, depending on the user permissions and appliance configuration.

Supported Internet Protocol versions

PowerProtect Data Manager only supports the use of IPv4 addresses.

Using an IPv6 address can result in errors or other unexpected behavior. When configuring devices to connect over the network with PowerProtect Data Manager, use only IPv4 addresses.

Limitations Observe the following information when planning NAS protection:

Backup

The Appliance protection section contains related information for backups of NAS appliances.

1. By default, only protected NAS assets display a value for asset size. This behavior is consistent with assets that belong to PowerStore/PowerScale/Unity and Generic Shares. In PPDM 19.10 and earlier versions, This behavior is restricted to assets that belong to Generic Shares and PowerScale.

12 PowerProtect Data Manager for Network Attached Storage Overview

The asset size for both protected and unprotected assets, which belong to Unity/Powerstore, displays the file system size instead of the NAS share size. This provides an inflated number for asset size as the file system size is inclusive of all the shares that are hosted on it.

2. PowerProtect Data Manager cannot back up NFS shares if the NFS export is set to map the root user to nobody. The mounted share does not have read or write privileges, and the operation fails because of permission errors. This limitation applies to all NFS shares.

For Isilon/PowerScale appliances:

Change the NFS export settings to Do not map root users.

or

If you have a user/group (local or through an authentication provider) added to the BackupAdmin role, that user can be associated with the NFS assets. Membership of the associated user supersedes the file system permissions for protection purposes. If you do not have a user/group of this type, create one for PowerProtect Data Manager instead of using the root.

The Isilon OneFS Web Administration Guide and Isilon OneFS CLI Administration Guide provide more information about NFS export settings and root squashing.

3. For CIFS, the presence of some special characters in the name of a file, folder, or asset name may result in the failure of backup and recovery operations. For example: <, >, and =. The Microsoft CIFS protocol documentation contains more information and a full list of special characters that should not be used.

Restricted access shares

1. For NAS appliances, the NAS agent successfully backs up discovered shares with the No Access property. The appliance permits a snapshot of the share despite access restrictions, and the agent backs up the snapshot.

To prevent backups of restricted-access shares, add the share as an exclusion. For CIFS and NFS shares, the agent honors the permission and the backups fails. All restore operations for restricted asset shares fail for both appliances and shares.

Restore and FLR

1. NAS backups do not support FLR from backups on remote (replicated) protection storage or from backups in a cloud stage (Cloud Tier).

2. When you search with FLR for folders, the folder size may be incorrectly shown as zero even when the folder contains files and other folders of nonzero size. Restore operations are unaffected.

3. The FLR UI limit is 500 selected items. Selecting 500 or more files or folders in a single FLR operation may return an error message or encounter browser limitations. To work around the limitation, restore the next higher folder, split large FLR operations into multiple smaller operations, or use the REST API instead. FLR operations to restore folders that contain more than 500 files or subfolders are unaffected.

4. For FLR, selecting both a file or folder and its parent folder from the same backup may result in inconsistent renaming of duplicate restored data. Select files and folders that do not share a parent/child relationship and select only the parent folder to recover everything in that folder. For example, instead of selecting /foo and /foo/bar, select only /foo.

5. Unity and PowerStore appliances have known mounting issues with NFS v3 and v4. Share-level recovery and FLR fail with an error when you restore to the original or alternate location under the following conditions: NFS v3: The NFS export path contains the file system name followed by a forward slash (/). For example, 10.2.3.4:/

filesystem_name/share_name.

NFS v4: The NFS export path contains a forward slash (/). For example, 10.2.3.4:/test/share.

NOTE: The NFS syntax imposes one forward slash immediately after the colon (:) as part of the separation between

host and path (host:/path). Instead, this limitation applies to any additional forward slashes that are present in the

path (filesystem_name/share_name).

Instead, restore to a location where these conditions are not present. 6. When you perform FLR on different versions of a file from multiple backups of a Linux file server, unexpected behavior

may occur. If you select the options to restore to the same folder and overwrite original files, PowerProtect Data Manager does not mark the restored files with the transaction ID. Instead, the restore operation appends the complete path to the expected restore location.

PowerProtect Data Manager for Network Attached Storage Overview 13

For example, the file /mnt/tmp/backup/dir4/test.txt that should be restored to /mnt/tmp/backup/mnt/tmp/ backup/dir4/test_transactionid.txt is instead restored to /mnt/tmp/backup/mnt/tmp/backup/mnt/tmp/ backup/dir4/test.txt. Other share types are not affected.

This limitation affects NFS v4 exports that were created with the option fsid=0 or fsid=root. For these exports, perform FLR to an alternate location instead of restoring to the original location.

7. For FLR and share-level restore, to restore from a backup of an asset which is no longer part of a protection policy, set asset-level credentials.

8. You can only cancel FLR operations at the job level. PowerProtect Data Manager does not support FLR cancellation for individual assets.

9. You cannot restart NAS FLR jobs. 10. When restoring NFS shares to alternate locations, the UI prompts you for credentials even though NFS shares do not require

credentials. However, the restore fails unless you provide the same credentials that were used to create the protection policy.

11. For FLR, when you restore different versions of files with Restore to an Alternate Share or Array, the resulting folder does not have the original ACLs. Instead, the restore creates this folder with root ownership and attributes.

12. For CIFS, the presence of some special characters in the name of a file, folder, or asset name may result in the failure of backup and recovery operations. For example: <, >, and =. The Microsoft CIFS protocol documentation contains more information and a full list of special characters that should not be used.

Access control lists (ACLs)

CAUTION: If PowerProtect Data Manager cannot restore the ACLs from a backup, the restore succeeds without

exception. The restore log contains more information for troubleshooting.

1. If you restore a backup to a share that uses a different protocol version from the original share, the ACLs of the restored files and folders may not exactly match the originals.

2. If a share is offered through multiple protocols, the backup only preserves the ACLs for the selected protocol. 3. When PowerProtect Data Manager cannot preserve the ACLs during a backup, that backup completes with an exception.

Backup stream counts

1. During a NAS backup, the reported active stream count may not be correct until the backup completes or until all active streams from a NAS protection engine close. During this time, the reported active stream count may not match the number of active streams as reported by PowerProtect DD. Most often, this issue occurs during full backups with large slice sizes. To determine the number of active streams before backup completion, use the PowerProtect DD UI.

Appliance protection

The following limitations apply for Isilon/PowerScale appliances:

1. If PowerProtect Data Manager was updated from an older release, the asset list may show two additional discovered entries: /ifs/.snapshot and /ifs. These assets are marked as not detected. These entries are process artifacts, not valid assets, and you can ignore them. For new installations, PowerProtect Data Manager filters these entries from the asset list.

Do not add these assets to a protection policy other than an exclusion policy. If you add them to a protection policy, PowerProtect Data Manager skips any resulting backups of these assets.

2. PowerProtect Data Manager only supports the automatic discovery and protection of shares which are part of the System access zone.

3. Share size is not automatically discovered, so protection rules which are based on share size do not return any assets.

The following limitations apply for Unity/PowerStore appliances:

1. PowerProtect Data Manager cannot back up replicated shares.

14 PowerProtect Data Manager for Network Attached Storage Overview

Updating from previous releases

For Isilon/PowerScale appliances with multiple NFS exports that have the same name and different properties, the PowerProtect Data Manager 19.9 UI listed the duplicate exports as separate NFS assets. These duplicate assets could be assigned to multiple protection policies. However, this behavior has changed for PowerProtect Data Manager 19.10.

If you had assigned duplicate assets to multiple protection policies, perform the following actions:

1. After updating to PowerProtect Data Manager 19.10, the UI shows one of the assets for each export in the Available state. The remaining duplicate assets for that export are shown as Not Detected. Verify whether the Available asset is part of the correct protection policy.

2. The Restore window shows duplicate assets with the same name. However, the backup data for these assets is identical. After the update, the duplicate assets remain visible. Ensure that you restore from the correct backup.

3. The FLR UI displays the contents of a duplicate asset multiple times. Ensure that you restore from the correct backup.

For assets that are shown as Not Detected, PowerProtect Data Manager disables the option to restore to the original location.

Capacity usage

The following two use cases can affect front-end protected capacity by terabyte (FETB) capacity usage:

If a NAS offers shares through multiple protocols, the same data may be available through more than one asset. PowerProtect Data Manager displays these shares for you to select a preferred protocol.

If a NAS offers multiple shares that are part of the same file system path, the same data may be available through more than one asset.

For example, the export paths for two shares /test1 and /test2 share the same local file system path /home/users/ validation.

If you add duplicate or overlapping assets to one or more protection policies, the FETB usage increases proportionately to the number of such assets. PowerProtect Data Manager displays a warning when you try to add duplicate or overlapping assets to protection policies.

Protection engine limitations

Observe the following points when planning and working with protection engines: Deploy protection engines with fully qualified domain names (FQDNs) or IP addresses only. Short names are no longer

supported. Existing protection engines which were deployed with short names are deprecated. A future release will require you to delete and redeploy these protection engine with FQDNs or IP addresses instead.

When you deploy protection engines with FQDNs, each FQDN must have a DNS record. Protection engines are part of server disaster recovery backups. However, the disaster-recovery process does not

automatically redeploy protection engines.

Resolved limitations Observe the following information when planning NAS protection:

1. If PowerProtect Data Manager cannot protect files, folders, or ACLs in an asset because of a permission issue, the backup skips these items and completes with an exception. This behavior is expected. However, the permission issue may happen at the root level for the asset, leaving no data for PowerProtect Data Manager to protect.

Previous releases marked this backup as completed with exception even though the backup was empty. PowerProtect Data Manager 19.10 and later releases mark these backups as failed.

2. When you remove or delete a discovered asset from an appliance, the next discovery cycle marks that asset as not detected. Previous releases marked backups of these assets as failed. PowerProtect Data Manager 19.10 and later releases skip backups of these assets.

3. PowerProtect Data Manager 19.10 and later releases support NAS protection functionality as part of server disaster recovery, enabling you to restore NAS backups in case of disaster. The PowerProtect Data Manager Administration and User Guide provides more information.

PowerProtect Data Manager for Network Attached Storage Overview 15

NAS protection deployment recommendations Use the sizing information presented here to calculate an optimal deployment for your environment.

PowerProtect Data Manager divides NAS assets into slices by using threshold values. The threshold slice size is 200 GB or a count of one million files, with a tolerance of up to 30%. To avoid creating nonoptimized slices, the tolerance allows PowerProtect Data Manager to deviate from the threshold value and keep data together. For example, a single 260 GB folder is still within the 30% tolerance value and would be considered one slice. Empty placeholder slices help protect the asset layout structure.

Each slice uses one stream. Protection engine parameters provides information about the relationship between streams and NAS protection engines. When calculating the number of NAS protection engines, allow up to 120% to 150% of the estimated slice count for overhead such as placeholder slices.

You can use a sizing tool for NAS to get an approximate value of the number of proxy engines needed to support the production workload. Size recommendations for the number of proxy engines that need to be deployed to protect a certain workload depend on multiple factors, including:

Size of the asset Approximate file count and data layout Data change rate between incremental backups Expected backup duration being attempted

For example, for an asset with 50TB data spanned across 50 million files being backed up using a single network port, a 36-hour backup window needs approximately three NAS proxy engines. A 3% data change rate for the asset would result in incremental backups taking approximately 6 hours leveraging the same proxy engine count.

Similarly, for an asset with 100TB data spanned across 100 million filed being backed up using a single network port, a 42-hour backup window needs approximately seven NAS proxy engines. A 3% data change rate for the asset would result in incremental backups taking approximately 6 hours leveraging the same proxy engine count.

For optimum performance, use a dedicated 10 Gigabit Ethernet (10 GbE) network interface per NAS protection engine. The ESXi network stack constrains throughput. More NAS protection engines with dedicated interfaces can achieve higher net aggregated throughput when reading from the NAS and writing to protection storage.

If the entire environment is 10 GbE, including the NAS and the protection storage, network speed constrains throughput. You may find that read throughput from the NAS appliance and write throughput to protection storage are reduced in an environment with multiple NAS protection engines. In this case, increase the number of network interfaces on the NAS and the protection storage.

Asset-level parallelism balances the number of available streams across multiple assets. PowerProtect Data Manager supports multiple simultaneous backups so long as there are sufficient available compute resources. Asset-level parallelism supports up to 256 streams per asset. Set protection engine parameters provides instructions to configure parallelism.

Role-based security PowerProtect Data Manager provides predefined user roles that control access to areas of the user interface and to protected operations. Some of the functionality in this guide is reserved for particular roles and may not be accessible from every user account.

By using the predefined roles, you can limit access to PowerProtect Data Manager and to backup data by applying the principle of least privilege.

The PowerProtect Data Manager Security Configuration Guide provides more information about user roles, including the associated privileges and the tasks that each role can perform.

Data-in-flight encryption PowerProtect Data Manager provides centralized management of backup and restore encryption for application agents. Backup and restore encryption is supported for both centralized and self-service operations where applicable.

You can ensure that the backup and restore content is encrypted when read on the source system, transmitted in encrypted form, and then decrypted before it is saved on the destination storage. This prevents another party from intercepting private data.

16 PowerProtect Data Manager for Network Attached Storage Overview

PowerProtect Data Manager only supports encryption in-flight for File System, Kubernetes clusters, Microsoft SQL Server, Microsoft Exchange Server, network attached storage (NAS), Oracle, and SAP HANA workloads. This is a global setting that is applicable to all supported workloads.

For File System, Microsoft SQL Server, Microsoft Exchange Server, Oracle, and SAP HANA workloads, backup and restore encryption is only supported for Application Direct hosts. For File System agents, restore encryption is supported for image-level restore only. For Microsoft SQL Server agents, restore encryption is supported for database-level restore only.

The PowerProtect Data Manager Administration and User Guide and PowerProtect Data Manager Security Configuration Guide provide more information about encryption in-flight, such as how to enable the feature and important considerations to understand before enabling.

Roadmap for NAS protection Complete the following objectives to protect NAS assets.

Steps

1. Review the NAS protection prerequisites and complete the initial configuration.

Prerequisites and Limitations provides more information.

2. Enable the NAS asset source.

Enable the NAS asset source provides instructions.

3. Add a NAS appliance or share.

Add a NAS appliance and Add a NAS share provide instructions.

4. Deploy at least one protection engine.

Deploy a protection engine for NAS asset protection provides instructions.

5. Configure a protection policy for NAS assets.

Add a centralized protection policy for NAS assets provides instructions.

6. If required, perform a manual backup with the NAS protection policy.

The PowerProtect Data Manager Administration and User Guide provides more information. Alternatively, protection starts according to the specified schedule.

PowerProtect Data Manager for Network Attached Storage Overview 17

Managing Assets and Protection

Topics:

About NAS protection Enable the NAS asset source Add a NAS appliance Add a NAS share Edit or delete a NAS asset source Deploy a protection engine for NAS asset protection Add a centralized protection policy for NAS assets Extended retention Restore a NAS asset to the original location Restore a NAS asset to an alternate location NAS file level restore using File Search Protection engine parameters Determine protection engine usage for a protection job Change the protection engine Docker network range

About NAS protection Protection policies for NAS assets are either centralized or exclusion. PowerProtect Data Manager centrally manages all stages of the protection policy and controls policy operation.

If a NAS offers the same asset through multiple protocols, PowerProtect Data Manager provides an opportunity to select a preferred protocol for data protection.

When you add a share with ACLs and that share is offered through multiple protocols, selecting CIFS is recommended, to back up the corresponding ACLs.

PowerProtect Data Manager supports protecting NAS shares with hard links created on the same file system, so long as the hard links are for files and not directories, and do not span file systems. Soft links are not supported.

Replication triggers

PowerProtect Data Manager orchestrates protection policy replication objectives independently of the primary backup or retention. When you add a replication objective to a policy, select one of the available triggers.

The default replication trigger is a schedule window that you define by setting a recurrence period plus start and end times. Replication occurs during the defined window. For example, every day between 8 p.m. and 12 a.m.

You can also trigger replication immediately after the completion of the associated primary backup or retention, whether scheduled or manual. At the start of the primary backup, PowerProtect Data Manager generates an associated replication job that remains queued until the end of the protection job. If the backup fails or completes with exception, the associated replication job is skipped. Restarting the protection job queues the associated replication job again.

NOTE:

Replication after backup completion is only supported for centralized protection policies. This feature is not yet available for

self-service protection policies or for replication objectives that are based on extended retention.

Older application agents may not support replication after backup completion. Update the applicable application agents to

the current version before configuring this trigger.

2

18 Managing Assets and Protection

Using a schedule can help you manage network traffic by replicating during off-peak hours. However, for larger backup sets, the primary backup or retention may not finish before the start of the replication schedule, which creates a replication backlog. Replication after backup completion prevents a replication backlog from forming.

To prevent data loss, the replication after backup completion trigger replicates new backups from the primary objective and any outstanding backups that have not yet replicated.

Extended retention

You can extend the retention period for the primary full or synthetic-full backup copy for long-term retention. For example, your regular schedule for daily backups can use a retention period of 30 days, but you can extend the retention period to keep the full or synthetic-full backups taken on Mondays for 10 weeks.

Centralized protection policies support weekly, monthly, and yearly recurrence schedules to meet the demands of your compliance objectives. For example, you can retain the last full or synthetic-full backup containing the last transaction of a fiscal year for 10 years. When you extend the retention period of a backup in a protection policy, you can retain scheduled full or synthetic-full backups with a repeating pattern for a specified amount of time.

For example:

Retain full or synthetic-full yearly backups that are set to repeat on the first day of January for 5 years. Retain full or synthetic-full monthly backups that are set to repeat on the last day of every month for 1 year. Retain full or synthetic-full yearly backups that are set to repeat on the third Monday of December for 7 years.

Preferred alternatives

When you define an extended retention objective for a protection policy, you define a set of matching criteria that select preferred backups to retain. If the matching criteria do not identify a matching backup, PowerProtect Data Manager automatically retains the preferred alternative backup according to one of the following methods:

Look-backRetain the last available full backup that was taken before the matching criteria. Look-forwardRetain the next available full backup that was taken after the matching criteria.

For example, consider a situation where you configured a protection policy to retain the daily backup for the last day of the month to extended retention. However, a network issue caused that backup to fail. In this case, look-back matching retains the backup that was taken the previous day, while look-forward matching retains the backup that was taken the following day.

By default, PowerProtect Data Manager uses look-back matching to select the preferred alternative backup. A grace period defines how far PowerProtect Data Manager can look in the configured direction for an alternative backup. If PowerProtect Data Manager cannot find an alternative backup within the grace period, extended retention fails.

You can use the REST API to change the matching method or the grace period for look-forward matching. The PowerProtect Data Manager Public REST API documentation provides instructions. If there are no available backups for the defined matching period, you can change the matching method to a different backup.

For look-forward matching, the next available backup can be an ad-hoc backup or the next scheduled backup.

Selecting backups by weekday

This section applies to centralized protection policies. Self-service protection policies have no primary backup objective configuration.

When you configure extended retention to match backups by weekday, PowerProtect Data Manager may identify a backup that was taken on one weekday as being taken on a different weekday. This behavior happens where the backup window does not align with the start of the day. PowerProtect Data Manager identifies backups according to the day on which the corresponding backup window started, rather than the start of the backup itself.

For example, consider a backup schedule with an 8:00 p.m. to 6:00 a.m. backup window:

Backups that start at 12:00 a.m. on Sunday and end at 6:00 a.m. on Sunday are identified as Saturday backups, since the backup window started on Saturday.

Backups that start at 8:01 p.m. on Sunday and end at 12:00 a.m. on Monday are identified as Sunday backups, since the backup window started on Sunday.

Backups that start at 12:00 a.m. on Monday and end at 6:00 a.m. on Monday are identified as Sunday backups, since the backup window started on Sunday.

Managing Assets and Protection 19

In this example, when you select Sunday backups for extended retention, PowerProtect Data Manager does not retain backups that were taken between 12:00 a.m. and 8:00 p.m. This behavior happens even though the backups occurred on Sunday. Instead, PowerProtect Data Manager selects the first available backup that started after 8:00 p.m. on Sunday for extended retention.

If no backups were created between 8:01 p.m. on Sunday and 6:00 a.m. on Monday, PowerProtect Data Manager retains the next alternative to extended retention. In this example, the alternative was taken after 6:00 a.m. on Monday.

Extended retention backup behavior

When PowerProtect Data Manager identifies a matching backup, automatic extended retention creates a job at the beginning of the backup window for the primary objective. This job remains queued until the end of the backup window and then starts.

The following examples describe the behavior of backups with extended retention for centralized and self-service protection.

Centralized protection

For an hourly primary backup schedule that starts on Sunday at 8:00 p.m. and ends on Monday at 6:00 p.m. with a weekly extended retention objective that is set to repeat every Sunday, PowerProtect Data Manager selects the first available backup starting after 8:00 p.m. on Sunday for long-term retention.

The following diagram illustrates the behavior of backups with extended retention for a configured protection policy. In this example, full daily backups starting at 10:00 p.m. and ending at 6:00 a.m. are kept for 1 week. Full weekly backups are set to repeat every Sunday and are kept for 1 month.

Figure 1. Extend retention backup behavior

Self-service protection

For self-service backups, PowerProtect Data Manager uses a default backup window of 24 hours. For a backup schedule that starts on Sunday at 12:00 p.m and ends on Monday at 12:00 p.m. with a weekly extended retention objective that is set to repeat every Sunday, PowerProtect Data Manager selects the first available backup that is taken between 12:00 p.m. on Sunday and 12:00 p.m. on Monday for long-term retention.

Replication of extended retention backups

You can change the retention time of selected full primary backups in a replication objective by adding a replication objective to the extended retention backup. The rules in the extended retention objective define the selected full primary backups. Review the following information about replication of extended retention backups.

Before you configure replication of extended retention backups, create a replication objective for the primary backup. Configure the replication objective of the extended retention and match this objective with one of the existing replication

objectives based on the primary backup. Any changes to a new or existing storage unit in the extended retention replication objective or the replication objective of the primary backup is applied to both replication objectives.

The replication objective of extended retention backups only updates the retention time of replicated backup copies and does not create any new backup copies in the replication storage.

20 Managing Assets and Protection

Enable the NAS asset source Enabling the asset source in PowerProtect Data Manager allows you to add and register the asset source for the protection of NAS assets.

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. From the left navigation pane, select Infrastructure > Asset Sources.

The Asset Sources window appears.

3. Click + to reveal the New Asset Source tab.

4. In the NAS pane, click Enable Source.

5. Review the informational dialog box, and then click Close. The Asset Sources window updates to display a NAS tab.

Add a NAS appliance For supported appliance types, add the NAS as an asset source so that PowerProtect Data Manager can automatically discover any assets to protect.

Prerequisites

Review the Prerequisites and Limitations.

About this task

NOTE: After a NAS appliance has been added, an asset belonging to the same appliance cannot be added as a NAS share.

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. From the left navigation pane, select Infrastructure > Asset Sources.

The Asset Sources window appears.

3. Click the NAS tab. The list of configured NAS assets appears.

4. Click Add. The Add NAS wizard opens.

5. For Source Types, select Appliance. The wizard presents the applicable fields for appliances.

6. Complete the following fields:

Field Description

Name Type a descriptive name for the appliance.

Array Type Select a supported appliance type from the drop-down.

Address Type the hostname or IP address for the appliance management interface.

Port Type the port number for HTTPS REST API access to the appliance. The default ports are 443 (Unity, Powerstore) and 8080 (PowerScale/Isilon).

Credentials Select an existing set of management credentials. Alternatively, you can select Add Credentials, provide new credentials, and then click Save.

The supplied credentials must provide appliance management console privileges that allow the agent to discover network shares. The appliance documentation provides more information about roles and privileges. Add non-local users in the format user@domain. Roles with suitable privileges include:

Managing Assets and Protection 21

Appliance type Roles

PowerStore, Unity Storage Administrator, Storage Operator, Operator, Administrator PowerScale/Isilon BackupAdmin, SystemAdmin

7. By default, discovery happens automatically after you add the NAS and subsequent discoveries are either manual or scheduled. To schedule a full discovery at a certain time every day, select Schedule Discovery, and then specify a time.

8. If the NAS SSL certificate cannot be trusted automatically, a dialog box appears to request certificate approval. Review the certificate, and then click Verify.

9. Click Save.

The NAS appliance appears as an entry in a table on the Asset Sources window. You can click the magnifying glass icon next to the entry to view more details, such as the NAS type and model, the discovery status, and the last discovery date.

After you add the appliance, PowerProtect Data Manager starts a discovery in the background. Subsequent discoveries depend on the settings that you chose. You can always do an on-demand discovery.

10. From the left navigation pane, select Infrastructure > Assets.

The Assets window appears.

11. Select the NAS tab.

After a successful discovery, the NAS assets that are discovered from the appliance appear.

Discovery time is based on networking bandwidth. Each discovery process that you initiate is impacted by both the resources that are discovered and the resources that perform the discovery. PowerProtect Data Manager may not appear to update the list of assets while discovery is in progress.

Next steps

You can review the list of discovered NAS assets on the NAS tab of the Infrastructure > Assets page.

PowerProtect Data Manager requires a scheduled or manual discovery to learn about appliance-based changes, such as different protocol versions.

Add a NAS share For appliances where PowerProtect Data Manager does not support automatic discovery, add the NAS share as an asset source.

Prerequisites

Review the Prerequisites and Limitations.

Open any required non-standard ports between the NAS protection engine and the NAS.

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. From the left navigation pane, select Infrastructure > Asset Sources.

The Asset Sources window appears.

3. Click the NAS tab. The list of configured NAS assets appears.

4. Click Add. The Add NAS wizard opens.

5. For Source Types, select Share. The wizard presents the applicable fields for shares.

6. Select an existing set of credentials that provide read and write permissions for the share.

Alternatively, you can select Add Credentials from the drop-down list, provide new credentials, and then click Save.

7. Select the applicable share protocol: NFS or CIFS.

8. Type the full URL to the NAS share, including the applicable port number.

Use the correct syntax for the selected protocol. For example:

22 Managing Assets and Protection

Table 5. Syntax and port numbers by protocol

Protocol Syntax

NFS :/ CIFS \\ \

where can be either the fully qualified domain name or IP address for the NAS. The default port number is 443.

Common port numbers include 139 and 445 for CIFS and 2049 for NFS. Some NAS shares may use different port numbers. Consult the documentation for your NAS to determine the port numbers in use.

PowerProtect Data Manager validates the input and checks whether the destination address is reachable. The check does not verify whether the share is accessible or that the share name is correct.

9. To add additional shares on the same asset source, click Add another source.

Additional sources use the same credentials and protocol.

10. Click Save.

The NAS appliance appears as an entry in a table on the Asset Sources window. You can click the magnifying glass icon next to the entry to view more details.

11. From the left navigation pane, select Infrastructure > Assets.

The Assets window appears.

12. Select the NAS tab. The shares for each asset source appear.

Edit or delete a NAS asset source You can change the properties for an existing NAS asset source. Depending on the type of asset source, properties such as appliance type, address, and protocol can't be changed. You can also remove a NAS asset source.

Prerequisites

Review the Prerequisites and Limitations.

About this task

To remove a NAS asset source, first remove all of the associated assets from protection policies. After you delete a NAS asset source, the associated assets move to a deleted state. However, you can restore backups for those assets to another available asset until the end of the retention period. PowerProtect Data Manager removes deleted assets without backups from the Assets page.

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. From the left navigation pane, select Infrastructure > Asset Sources.

The Asset Sources window appears.

3. Click the NAS tab. The list of configured NAS asset sources appears.

4. To change the properties for a NAS asset source, select the asset source and then click Edit. The Edit NAS wizard opens.

5. For NAS appliances:

Update the following fields.

Field Description

Name Type a descriptive name for the appliance.

Port Type the port number for HTTPS REST API access to the appliance. The default ports are 443 (Unity, Powerstore) and 8080 (PowerScale/Isilon).

Managing Assets and Protection 23

Field Description

Credentials Select an existing set of management credentials. Alternatively, you can select Add Credentials, provide new credentials, and then click Save.

The supplied credentials must provide appliance management console privileges that allow the agent to discover network shares. The appliance documentation provides more information about roles and privileges. Add non-local users in the format user@domain. Roles with suitable privileges include:

Appliance type Roles

PowerStore, Unity Storage Administrator, Storage Operator, Operator, Administrator PowerScale/Isilon BackupAdmin, SystemAdmin

a. By default, discovery happens automatically after you add the NAS and subsequent discoveries are either manual or scheduled. To schedule a full discovery at a certain time every day, select Schedule Discovery, and then specify a time.

b. If the NAS SSL certificate cannot be trusted automatically, a dialog box appears to request certificate approval. Review the certificate, and then click Verify.

c. Click Save.

The table entry for the NAS appliance updates. You can click the magnifying glass icon next to the entry to view more details, such as the NAS type and model, the discovery status, and the last discovery date.

PowerProtect Data Manager applies your changes to the selected asset source.

6. For NAS shares:

Update the following fields.

Field Description

Port Type the port number for access to the share. The default port number is 443. Common port numbers include 139 and 445 for CIFS and 2049 for NFS. Some NAS shares may use different port numbers. Consult the documentation for your NAS to determine the port numbers in use.

Credentials Select an existing set of NAS credentials. Alternatively, you can select Add Credentials, provide new credentials, and then click Save.

PowerProtect Data Manager validates the input. The check does not verify whether the share is available.

a. Click Save.

The table entry for the NAS share updates. You can click the magnifying glass icon next to the entry to view more details.

PowerProtect Data Manager applies your changes to the selected asset source.

7. To remove a NAS asset source, select the asset source and then click Delete.

PowerProtect Data Manager warns you to remove associated assets from protection policies.

a. Click OK to acknowledge the warning.

PowerProtect Data Manager removes the selected asset source.

Deploy a protection engine for NAS asset protection The NAS protection engine hosts the NAS agent. If there is no available protection engine, data protection operations fail.

About this task

These steps contain a simplified protection engine deployment specific to NAS asset protection.

For existing protection engine deployments, expand the details section for each engine to determine the supported protection types.

24 Managing Assets and Protection

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. From the left navigation pane, select Infrastructure > Protection Engines.

The Protection Engines window appears.

3. In the VM Direct Engines pane of the Protection Engines window, click Add. The Add Protection Engine wizard displays.

4. On the Protection Engine Configuration page, complete the required fields, which are marked with an asterisk.

Supported Protection TypeSelect NAS asset protection. Hostname, Gateway, IP Address, Netmask, and Primary DNSNote that only IPv4 addresses are supported. vCenter to DeployIf you have added multiple vCenter server instances, select the vCenter server on which to deploy

the protection engine.

NOTE: Ensure that you do not select the internal vCenter server.

ESX Host/ClusterSelect on which cluster or ESXi host you want to deploy the protection engine. NetworkDisplays all the networks that are available under the selected ESXi Host/Cluster. For virtual networks

(VLANs), this network carries Management traffic. Data StoreDisplays all datastores that are accessible to the selected ESXi Host/Cluster based on ranking (whether

the datastores are shared or local), and available capacity (the datastore with the most capacity appearing at the top of the list).

You can choose the specific datastore on which the protection engine resides, or leave the default selection of to allow PowerProtect Data Manager to determine the best location to host the protection engine.

5. Click Next.

6. On the Networks Configuration page:

NAS protection does not support virtual networks. Leave the Preferred Network Portgroup selection blank and then click Next to continue without virtual network configuration.

7. On the Summary page, review the information and then click Finish.

The protection engine is added to the VM Direct Engines pane. An additional column indicates the engine purpose. Note that it can take several minutes to register the new protection engine in PowerProtect Data Manager. The protection engine also appears in the vSphere Client.

Next steps

If the protection engine deployment fails, review the network configuration of PowerProtect Data Manager in the System Settings window to correct any inconsistencies in network properties. After successfully completing the network reconfiguration, delete the failed protection engine and then add the protection engine in the Protection Engines window.

Add a centralized protection policy for NAS assets Create a protection policy that backs up NAS assets on a schedule. NAS supports both synthetic-full backups and full backup types, and they can have different retention values. However, you must add a synthetic-full backup before you can add a full backup.

Prerequisites

To enable File Level Restore (FLR) for this protection policy, enable the Search Engine. PowerProtect Data Manager Administration and User Guide provides instructions to enable and configure the Search Engine.

About this task

If you set credentials at the protection policy level, all assets protected by the policy should use the same credentials for access. Otherwise, if any asset uses different credentials, set additional credentials at the asset level. The PowerProtect Data Manager Administration and User Guide provides more information. Add non-local users in the format user@domain.

Use the information and instructions in NAS protection deployment recommendations and Protection engine parameters to set an appropriate stream count.

Managing Assets and Protection 25

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. From the left navigation pane, select Protection > Protection Policies.

The Protection Policies window appears.

3. Click Add.

The Add Policy window appears.

4. In the Type page, specify the new protection policy fields.

a. In the Name field, specify a descriptive name for the protection policy.

If you do not specify an existing storage unit and let PowerProtect Data Manager automatically create a storage unit, the name that you specify here becomes part of the storage unit name.

b. In the Description field, specify a short description of the protection policy. c. In the Type field, select NAS. d. Click Next.

The Purpose page appears.

5. In the Purpose page:

a. Select Centralized Protection. b. Click Select Credentials.

The Set Credentials dialog box opens. c. Select a credential from the drop-down list or add a NAS credential.

PowerProtect Data Manager uses these credentials at the policy level for all shares unless otherwise specified at the asset level.

The credentials provide snapshot creation and export permissions on the appliance, and read/write access to the NAS shares. Supply administrator-level credentials. For supported appliances, these credentials are specific to the discovered assets rather than the management console.

d. Click Save. e. Click Next.

The Assets page appears and displays any matching unprotected assets that have not been assigned to a protection policy.

6. Select the unprotected assets that you want to add to the backup for this protection policy.

Within this page, you can filter by share name, protocol, and asset source to locate the required assets.

To avoid duplicate backups, a yellow identifies NAS assets that are offered through multiple protocols. Select the entry with the preferred protocol.

NOTE: For generic shares and PowerScale shares, the .snapshot folder is not backed up as it contains the manual

snapshots, which increases shares size during the backup.

7. Click Next. The Objectives page appears.

8. On the Objectives page, select a policy-level Service Level Agreement (SLA) from the Set Policy Level SLA list, or select Add to open the Add Service Level Agreement wizard and create a policy-level SLA.

The PowerProtect Data Manager Administration and User Guide provides instructions.

9. Click Add under Primary Backup. The Add Primary Backup dialog box appears.

10. To schedule a synthetic-full backup of the protection policy, on the Schedules pane of the Add Primary Backup dialog box, specify the following fields:

a. Backup everySpecify how often to create a synthetic-full backup. A synthetic-full backup uses only the changed data since the last backup to create a new full backup.

b. Retain forSpecify the retention period for the backup.

The retention period cannot be less than any associated replication frequency. If you set a shorter retention time this value automatically updates to match the replication frequency.

You can extend the retention period for the latest primary backup. For example, your regular schedule for daily backups can use a retention period of 30 days. However, you can extend retention to keep the backups taken on Mondays for 10 weeks. Extended retention provides more information.

26 Managing Assets and Protection

c. Start and EndThe activity window. Specify a time of day to start the synthetic-full backup, and a time of day after which backups cannot be started.

NOTE: Any backups started before End occurs continue until completion.

d. Click Save within the pane for the synthetic-full backup schedule.

11. To schedule a full backup of the protection policy, complete the following actions:

a. On the Objectives page, under Primary Backup, click Edit. b. Click Add backup.

The backup type in the Create a field defaults to Full. c. In the backup every field, specify how often to create the backup. d. In the Repeat on field, specify the day on which the backup is to repeat. e. In the Retain for field, specify the retention period for the backup. f. In the Start and End fields, specify the time of day to start the backup and a time of day after which backups cannot be

started. g. Click Save within the pane for the full backup schedule..

12. Specify the fields on the Target pane of the Add Primary Backup dialog:

a. Storage NameFor the primary backup, select a destination from the list of existing DD systems. Alternatively, select Add to add a system and then complete the details in the Storage Target window.

The Space field indicates the total amount of space, and the percentage of available space, on the storage system.

b. Storage UnitSelect an existing storage unit from the list, or select New to let PowerProtect Data Manager automatically create a storage unit for this policy.

c. Network InterfaceSelect a network interface from the list, if applicable. d. Retention LockMove the Retention Lock slider to the right to enable retention locking for these backups on the

selected system. PowerProtect Data Manager uses Governance mode for retention locking, which means that the lock can be reverted at any time if necessary. Toggling the Retention Lock slider on or off applies to the current backup copy only, and does not impact the retention lock setting for existing backup copies.

e. SLASelect an existing service level agreement that you want to apply to this schedule from the list, or select Add to create an SLA within the Add Service Level Agreement wizard.

The PowerProtect Data Manager Administration and User Guide provides instructions.

13. Click Save to save your changes and return to the Objectives page.

The Objectives page updates to display the name and location of the target storage system under Primary Backup.

After completing the objective, you can change any details by clicking Edit next to the objective.

14. Optionally, extend the retention period for a primary backup:

Extended retention provides more information about Extend Retention functionality.

a. Click Extend Retention next to Primary Backup. An entry for Extend Retention is created below Primary Backup.

b. Under Extend Retention, click Add. The Add Extended Retention dialog appears.

c. Extend the retention of a full primary backup copy everySpecify the preferred recurrence for the extended retention backup objective.

d. Repeat onDepending on the frequency of the full backup schedule, specify the day of the week, the date of the month, or the date of the year that the extended retention backup occurs.

e. Retain ForSpecify the retention period for the backup. You can retain an extended retention backup for a maximum of 70 years.

f. Click Save to save your changes and return to the Objectives page.

15. Optionally, replicate the backups:

NOTE:

To enable replication, ensure that you add remote protection storage as the replication location. The PowerProtect Data

Manager Administration and User Guide provides detailed instructions about adding remote protection storage.

When creating multiple replicas for the same protection policy, it is recommended to select a different storage system

for each copy. If you select a storage unit that is the target of another objective for the same policy, the UI issues

a warning. The PowerProtect Data Manager Administration and User Guide provides information about replicating to

shared protection storage to support PowerProtect Cyber Recovery. Verify the storage targets and the use case before

you continue.

Managing Assets and Protection 27

For replicas of centralized backups, when you set retention periods for different backup types, any undefined types use the full backup retention period. For example, if you do not define a log backup in the primary objective, the log backup for the replication objective is also undefined. After you run a manual log backup, replicas of that log backup use the same retention period as the full backup.

Replication after backup completion is not available for replication objectives that are based on extended retention.

a. Click Replicate next to Primary Backup or Extend Retention. An entry for Replicate is created to the right of the primary or extended retention backup objective.

NOTE: PowerProtect Data Manager supports replicating an extended retention backup only if the primary backup

already has one or more replication objectives. Also, for replication of an extended retention backup, you can only

select from the protection storage systems to which the primary objective replicates.

For example, if there are six protection storage systems available (DD1-DD6), and the primary backup is on DD1:

Replicate1, which is based on the primary backup, replicates to DD2.

Replicate2, which is based on the primary backup, replicates to DD3.

Extended retention backup is backed up to DD1.

Replicate3, which is based on the extended retention backup, must replicate to DD2 or DD3.

b. Under Replicate, click Add. The Add Replication dialog appears.

c. Select a storage target:

Storage NameSelect a destination from the list of protection storage. Or, select Add to add a protection storage system and complete the details in the Storage Target window.

Storage UnitSelect an existing storage unit on the protection storage system. Or, select New to automatically create a storage unit.

Network InterfaceSelect a network interface from the list, if applicable. Retention LockMove the Retention Lock slider to the right to enable retention locking for these replicas. SLASelect an existing replication service level agreement that you want to apply to this schedule from the list. Or,

select Add to create a replication SLA within the Add Service Level Agreement wizard.

The PowerProtect Data Manager Administration and User Guide provides more information about replication targets, such as SLAs.

d. Select when to replicate the backups:

Replication triggers provides more information.

To replicate after the backup finishes, move the Replicate immediately upon backup completion slider to on. For scheduled replication, move the Replicate immediately upon backup completion slider to off, and then

complete the schedule details in the Add Replication dialog.

For replication of the primary backup, the schedule frequency can be every day, week, month, or x hours. For replication of the extended retention backup, the schedule frequency can be every day, week, month, year, or x hours.

For daily, weekly, and monthly schedules, the numeric value cannot be modified. For hourly, however, you can edit the numeric value. For example, if you set Create a Full backup every 4 hours, you can set a value of anywhere from 1 to 12 hours.

All replicas of the primary backup objective use the same retention period and, by default, this retention period is inherited from the Retain For value of the synthetic-full backup schedule.

e. To specify a different retention period for specific replicas, clear Set the same retention time for all replicated copies, click Edit, change the value in the Retain For field, and then click Save.

CAUTION: Setting a shorter retention period for replicas of incremental, differential, or log backups than

for the corresponding full backup may result in being unable to recover from those replicas.

This retention period is applied to all the replicated copies (synthetic full and full) of this primary backup objective. f. Click Save to save your changes and return to the Objectives page.

16. Click Next. The Options page appears.

17. Use the following options if required for the policy:

28 Managing Assets and Protection

Option Description

Enable indexing for file search and restore Enables FLR. Enable the Search Engine before you activate this option.

Troubleshooting Enables a higher debug logging level for extended troubleshooting.

18. Click Next. The Summary page appears.

19. Review the protection policy configuration details. You can click Edit next to any details to make changes. When you are done, click Finish.

An informational message appears to confirm that PowerProtect Data Manager has saved the protection policy.

When the new protection policy is created and assets are added to the protection policy, PowerProtect Data Manager performs backups according to the backup schedule.

20. Click OK to exit the window, or click Go to Jobs to open the Jobs window to monitor the configuration of the new protection policy.

NOTE: For generic shares and PowerScale shares, the .snapshot folder is not backed up as it contains the manual

snapshots, which increases shares size during the backup.

Next steps

The PowerProtect Data Manager Administration and User Guide provides instructions to perform a manual backup of a protection policy.

Extended retention You can extend the retention period for the primary backup copy for long-term retention. For example, your regular schedule for daily backups can use a retention period of 30 days, but you can extend the retention period to keep the full backups taken on Mondays for 10 weeks.

Both centralized and self-service protection policies support weekly, monthly, and yearly recurrence schedules to meet the demands of your compliance objectives. For example, you can retain the last full backup containing the last transaction of a fiscal year for 10 years. When you extend the retention period of a backup in a protection policy, you can retain scheduled full backups with a repeating pattern for a specified amount of time.

For example:

Retain full yearly backups that are set to repeat on the first day of January for 5 years. Retain full monthly backups that are set to repeat on the last day of every month for 1 year. Retain full yearly backups that are set to repeat on the third Monday of December for 7 years.

Preferred alternatives

When you define an extended retention objective for a protection policy, you define a set of matching criteria that select preferred backups to retain. If the matching criteria do not identify a matching backup, PowerProtect Data Manager automatically retains the preferred alternative backup according to one of the following methods:

Look-backRetain the last available full backup that was taken before the matching criteria. Look-forwardRetain the next available full backup that was taken after the matching criteria.

For example, consider a situation where you configured a protection policy to retain the daily backup for the last day of the month to extended retention. However, a network issue caused that backup to fail. In this case, look-back matching retains the backup that was taken the previous day, while look-forward matching retains the backup that was taken the following day.

By default, PowerProtect Data Manager uses look-back matching to select the preferred alternative backup. A grace period defines how far PowerProtect Data Manager can look in the configured direction for an alternative backup. If PowerProtect Data Manager cannot find an alternative backup within the grace period, extended retention fails.

You can use the REST API to change the matching method or the grace period for look-forward matching. The PowerProtect Data Manager Public REST API documentation provides instructions. If there are no available backups for the defined matching period, you can change the matching method to a different backup.

For look-forward matching, the next available backup can be an ad-hoc backup or the next scheduled backup.

Managing Assets and Protection 29

Selecting backups by weekday

This section applies to centralized protection policies. Self-service protection policies have no primary backup objective configuration.

When you configure extended retention to match backups by weekday, PowerProtect Data Manager may identify a backup that was taken on one weekday as being taken on a different weekday. This behavior happens where the backup window does not align with the start of the day. PowerProtect Data Manager identifies backups according to the day on which the corresponding backup window started, rather than the start of the backup itself.

For example, consider a backup schedule with an 8:00 p.m. to 6:00 a.m. backup window:

Backups that start at 12:00 a.m. on Sunday and end at 6:00 a.m. on Sunday are identified as Saturday backups, since the backup window started on Saturday.

Backups that start at 8:01 p.m. on Sunday and end at 12:00 a.m. on Monday are identified as Sunday backups, since the backup window started on Sunday.

Backups that start at 12:00 a.m. on Monday and end at 6:00 a.m. on Monday are identified as Sunday backups, since the backup window started on Sunday.

In this example, when you select Sunday backups for extended retention, PowerProtect Data Manager does not retain backups that were taken between 12:00 a.m. and 8:00 p.m. This behavior happens even though the backups occurred on Sunday. Instead, PowerProtect Data Manager selects the first available backup that started after 8:00 p.m. on Sunday for extended retention.

If no backups were created between 8:01 p.m. on Sunday and 6:00 a.m. on Monday, PowerProtect Data Manager retains the next alternative to extended retention. In this example, the alternative was taken after 6:00 a.m. on Monday.

Extended retention backup behavior

When PowerProtect Data Manager identifies a matching backup, automatic extended retention creates a job at the beginning of the backup window for the primary objective. This job remains queued until the end of the backup window and then starts.

The following examples describe the behavior of backups with extended retention for centralized and self-service protection.

Centralized protection

For an hourly primary backup schedule that starts on Sunday at 8:00 p.m. and ends on Monday at 6:00 p.m. with a weekly extended retention objective that is set to repeat every Sunday, PowerProtect Data Manager selects the first available backup starting after 8:00 p.m. on Sunday for long-term retention.

The following diagram illustrates the behavior of backups with extended retention for a configured protection policy. In this example, full daily backups starting at 10:00 p.m. and ending at 6:00 a.m. are kept for 1 week. Full weekly backups are set to repeat every Sunday and are kept for 1 month.

Figure 2. Extend retention backup behavior

30 Managing Assets and Protection

Self-service protection

For self-service backups, PowerProtect Data Manager uses a default backup window of 24 hours. For a backup schedule that starts on Sunday at 12:00 p.m and ends on Monday at 12:00 p.m. with a weekly extended retention objective that is set to repeat every Sunday, PowerProtect Data Manager selects the first available backup that is taken between 12:00 p.m. on Sunday and 12:00 p.m. on Monday for long-term retention.

Replication of extended retention backups

You can change the retention time of selected full primary backups in a replication objective by adding a replication objective to the extended retention backup. The rules in the extended retention objective define the selected full primary backups. Review the following information about replication of extended retention backups.

Before you configure replication of extended retention backups, create a replication objective for the primary backup. Configure the replication objective of the extended retention and match this objective with one of the existing replication

objectives based on the primary backup. Any changes to a new or existing storage unit in the extended retention replication objective or the replication objective of the primary backup is applied to both replication objectives.

The replication objective of extended retention backups only updates the retention time of replicated backup copies and does not create any new backup copies in the replication storage.

Restore a NAS asset to the original location A restore to the original location enables you to restore data from primary or replicated backups to the same location on the NAS.

Prerequisites

Review the Prerequisites and Limitations.

CAUTION: If PowerProtect Data Manager cannot restore the ACLs from a backup, the restore succeeds without

exception. The restore log contains more information for troubleshooting.

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Restore Administrator role.

2. From the left navigation pane, select Restore > Assets.

The Restore window appears.

3. Click the NAS tab. The Restore window displays a list of NAS assets.

4. Select the check box next to the NAS asset that contains the backup, and then click Restore.

You can use the Search field or the filter in the Name column to locate a specific asset.

The NAS Restore wizard opens on the Copy Selection page.

5. Select one of the configured stages from the associated protection policy. For example, the primary backup or a replication stage. The wizard displays a list of the available copies from which you can restore.

6. Select an available copy, and then click Next. The NAS Restore wizard moves to the Location page.

7. Select Restore and Overwrite the Original Share, and then click Next.

NOTE: Restoring from the backup does not overwrite any data which is not part of the backup. Only files that are part

of the backup are overwritten with restored data.

8. On the Summary page, verify the details, and then click Restore to start the restore.

9. Go to the Jobs window to monitor the restore. A restore job appears with a progress bar and start time. If a restore job for this asset is already in progress, PowerProtect Data Manager queues a new restore job.

Managing Assets and Protection 31

Restore a NAS asset to an alternate location A restore to an alternate location enables you to restore data from primary or replicated backups to a different location on the NAS, or to a different NAS.

Prerequisites

Ensure that the original share and the new destination share use the same protocol version. For example, CIFS 3.0.

Ensure that the new destination share has enough space to accept the restored data.

Review the Prerequisites and Limitations.

CAUTION: If PowerProtect Data Manager cannot restore the ACLs from a backup, the restore succeeds without

exception. The restore log contains more information for troubleshooting.

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Restore Administrator role.

2. From the left navigation pane, select Restore > Assets.

The Restore window appears.

3. Click the NAS tab. The Restore window displays a list of NAS assets.

4. Select the check box next to the NAS asset that contains the backup, and then click Restore.

You can use the Search field or the filter in the Name column to locate a specific asset.

The NAS Restore wizard opens on the Copy Selection page.

5. Select one of the configured stages from the associated protection policy. For example, the primary backup or a replication stage. The wizard displays a list of the available copies from which you can restore.

6. Select an available copy, and then click Next. The NAS Restore wizard moves to the Location page.

7. Select Restore to an Alternate Share or Array, and then click Next.

NOTE: Restoring from the backup does not overwrite any data which is not part of the backup. Only files that are part

of the backup are overwritten with restored data.

A table of available shares appears. A yellow indicates the presence of a warning for the destination share.

8. Select the destination share from the table. Review any warnings and then click OK.

9. For NFS shares, provide the same credentials that you used to create the protection policy.

10. Click Next.

11. On the Summary page, verify the details, and then click Restore to start the restore.

12. Go to the Jobs window to monitor the restore. A restore job appears with a progress bar and start time. If a restore job for this asset is already in progress, PowerProtect Data Manager queues a new restore job.

NAS file level restore using File Search Use the PowerProtect Search Engine to restore individual files and folders from one or more NAS backups.

Prerequisites

Review the Prerequisites and Limitations.

CAUTION: If PowerProtect Data Manager cannot restore the ACLs from a backup, the restore succeeds without

exception. The restore log contains more information for troubleshooting.

32 Managing Assets and Protection

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Restore Administrator role.

2. From the PowerProtect Data Manager UI, select Restore > Assets, and then select the NAS tab.

The Restore window displays the NAS assets that are available to restore.

3. Click File Search. The NAS File Search page opens and displays a list of search criteria fields.

4. Complete the search criteria fields.

You can filter results by name, by file type, by size, and by folder. You can also limit results to particular shares and appliances, by protocol, and by date.

You can also use the Show Only Files toggle to exclude folders and the Last Backup Only toggle to exclude older backups.

The search applies criteria as you type. The Results pane lists files and folders that match the criteria.

5. In the Results pane, select the files that you want to restore, and then click Add. The Results pane collapses and the current selections move to the Selected Files pane.

6. Return to the search criteria and repeat the previous steps as required to select additional files and folders. When you are finished, click Restore. The NAS Restore wizard appears, displaying the File Versions page.

7. If you selected different versions of files or folders from multiple backups of the same NAS asset, select how PowerProtect Data Manager should distinguish files and folders from different backups:

Option Description

In the Same Folder The restore appends a suffix to the filename. The suffix identifies the backup from which the file or folder was restored.

In a Separate Folder The restore uses separate folders to group files from different backups. The folder name identifies the backup from which the file or folder was restored.

NOTE: If both of the following conditions are true, PowerProtect Data Manager restores the unchanged files and

folders to a folder whose name reflects the most recent transaction ID.

You specify multiple versions of files and folders whose contents did not change between the selected backups.

You choose to restore to a separate folder.

8. Click Next. The NAS Restore wizard moves to the Location page.

9. Select a location to which PowerProtect Data Manager should restore the files and folders:

Option Description

Restore and Overwrite the Original Files and Folders

The restore operation overwrites any files at the original location with the same names.

Restore to an Alternate Share or Array A table of available shares appears. Complete the following substeps.

If you selected an alternate location:

a. Select the destination share from the table. b. Review any warnings. c. Provide write access credentials for the destination share. d. Click Save.

10. Click Next. The NAS Restore wizard moves to the Summary page.

11. On the Summary page, verify the details, and then click Restore to start the restore.

12. Go to the Jobs window to monitor the restore. A restore job appears with a progress bar and start time. If a restore job for this asset is already in progress, PowerProtect Data Manager queues a new restore job.

Managing Assets and Protection 33

Protection engine parameters A NAS protection engine can protect multiple NAS assets simultaneously by hosting separate containerized agents for backup and restore operations on individual shares. PowerProtect Data Manager selects a protection engine for each protection job based on engine availability.

Each protection engine has 24 parallel streams that you can use to protect NAS assets. Likewise, you can assign a number of these parallel streams to use for a particular NAS asset. By default, PowerProtect Data Manager allocates 8 streams per NAS asset, per backup operation. For restore operations, the default is 8 streams for share-level restore and one stream for FLR.

To improve performance, you can deploy more protection engines.

Set protection engine parameters

You can change the number of parallel streams to use for a particular NAS asset when you perform backup operations. Increasing the number of parallel streams may affect the performance of other operations that use the same protection engine.

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator role.

2. From the left navigation pane, select Infrastructure > Assets.

The Assets window appears.

3. Select the NAS tab. A list of known NAS assets appears.

4. Select an asset from the list and then click More Actions > Set Stream Count. The Set Stream Count window appears and displays the number of selected assets.

5. Type a new value for Maximum Streams.

You can allocate up to 256 streams.

6. Click Save.

Determine protection engine usage for a protection job For any completed protection job, you can see which protection engine the job used. Use this information to aid troubleshooting.

Steps

1. Log in to the PowerProtect Data Manager user interface as a user with the Administrator, Backup Administrator, or Restore Administrator role.

2. From the left navigation pane, select Jobs > Protection Jobs.

The Protection Jobs window appears.

3. Use the search and filter functions to locate and select the completed protection job.

4. Select the corresponding Job ID. The job summary opens.

5. Locate the appropriate asset row, and then click . The right pane opens to the Step tab.

6. Expand step two (BACKUP_SNAPSHOT) .

7. Review the detailed information for step two.

The vProxyList entry indicates which protection engine the job used.

34 Managing Assets and Protection

Change the protection engine Docker network range The NAS protection engine contains a private Docker network that operates within the 10.255.255.0/24 address range. If this range conflicts with your network, NAS backups can fail. In this case, change the Docker network range to another subnet.

Prerequisites

Obtain the NAS protection engine credentials. The PowerProtect Data Manager Security Configuration Guide provides more information about obtaining protection engine credentials.

Steps

1. Connect to the NAS protection engine console and change to the root user.

2. Using a Linux text editor, open the /etc/sysconfig/docker configuration file.

3. Locate the DOCKER_OPTS line.

4. Change the IP address range to a value that does not conflict with your network.

For example, DOCKER_OPTS="--bip=192.168.2.1/24" 5. Save and close the configuration file.

6. Restart the Docker service:

systemctl restart docker.service 7. Verify that the private Docker network uses the new IP address range:

ifconfig docker0

docker0 Link encap:Ethernet HWaddr 02:42:C8:22:4A:A3 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::42:c8ff:fe22:4aa3/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:998 errors:0 dropped:0 overruns:0 frame:0 TX packets:886 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:286110 (279.4 Kb) TX bytes:1037418 (1013.1 Kb) The Docker bridge should use the first IP address from the new range. All other Docker interfaces obtain IP addresses from the new range.

Managing Assets and Protection 35

Network Attached Storage Best Practices and Troubleshooting

Topics:

Review protection logs Protection engine troubleshooting Connectivity troubleshooting Snapshot troubleshooting Credential troubleshooting Backup troubleshooting

Review protection logs NAS protection creates logs at the asset and job levels that you can download to analyze when resolving problems.

Log in to the PowerProtect Data Manager user interface as a user with the Administrator, User, Backup Administrator, or Restore Administrator role.

On the Jobs > Protection Jobs page, select the job that corresponds to the problem which requires troubleshooting. The job details provide more information about any potential issues.

To review the protection logs, select Export Log. The log export contains two files with consolidated logs from PowerProtect Data Manager and the NAS protection workflow, respectively. The NAS protection log contains the logs from both the NAS agent and NAS protection engine.

Review nasdm.log and Nas_sessionID.log to determine the root cause of any issue. Some of the troubleshooting guidance in this appendix uses the additional logs from the consolidated NAS protection log.

Protection engine troubleshooting The following sections provide guidance for troubleshooting protection engine issues:

Unable to reserve a protection engine

If the existing protection engines are fully reserved for backup and restore operations, reschedule some NAS protection policies for periods with lower protection engine usage.

If you have already optimized the protection policy scheduling around protection engine availability, deploy more protection engines.

Connectivity troubleshooting The following sections provide guidance for troubleshooting connectivity issues:

Before performing further troubleshooting, verify that you have an available route between PowerProtect Data Manager and the affected components. Try to ping the affected component and verify that the affected component is online.

A

36 Network Attached Storage Best Practices and Troubleshooting

Unable to resolve a protection engine

Connect to the PowerProtect Data Manager console and change to the root user. Using a Linux text editor, open /etc/ resolv.conf and verify that the DNS server details are correct.

Unable to connect to an appliance or file server

Verify that the network connections between PowerProtect Data Manager, the protection engines, and the appliance or file server are operational.

Error messages during protection engine or Search Engine node deployment

You may receive HTTP 503 service unavailable errors, messages about Certificate window disabled, or connection errors. Ensure that the local DNS service provides hostname and FQDN resolution for all components.

Unable to connect to a protection storage system

This symptom includes being unable to verify the connection to a protection storage system and connection timeouts.

Ensure that the stored security certificate for the protection storage system is valid. Verify that DD Boost is enabled. Verify that the protection storage system has enough available space.

Unable to add an asset source

If you can ping the asset source, connect to the PowerProtect Data Manager console as the admin user. Try to establish a connection on the applicable port with the command curl -S asset:port. Observe the output from curl.

Unable to connect to a protection engine after deployment

Verify whether PowerProtect Data Manager and the protection engine are on the same virtual network (VLAN).

Unable to back up a NAS appliance because of connectivity errors

You may receive error messages such as Unable to communicate with NAS appliance when the appliance does not respond as expected and backups may fail to start.

Verify that the NAS appliance is available. Verify connectivity between PowerProtect Data Manager, the protection engine, and the NAS appliance. Verify the appliance and management credentials and, if required, update the stored appliance credentials.

Snapshot troubleshooting The following sections provide guidance for troubleshooting snapshot issues:

Unable to create a snapshot

On the NAS appliance, verify whether the backup operation would exceed any of the snapshot limits. System-wide and directory snapshot limits vary by appliance. The appliance documentation provides more information.

If necessary, remove any snapshots that are no longer required and then try the backup again. Verify that the NAS appliance management credentials are correct. Check the NAS appliance licensing.

Network Attached Storage Best Practices and Troubleshooting 37

Unable to create a snapshot on Isilon/PowerScale

On the appliance, verify whether the /ifs/.snapshot directory exists. If this directory does not exist, contact Isilon/ PowerScale Customer Support.

Confirm that you have shared the required paths for CIFS and NFS protection. Prerequisites provides more information.

Unable to mount an appliance snapshot or share asset

Download the NAS protection workflow logs. Review protection logs provides instructions.

Open snapshotAndSlice.log and copy the mount command from the log. Replace the password placeholder with the appliance or share credential. Use the appliance or file server console to test the mount command.

Use the output from the mount command on the appliance or file server console to troubleshoot. Resolve configuration issues such as invalid credentials or connectivity problems. If there are no configuration issues, contact Customer Support.

Isilon/PowerScale backup times increase

An increasing number of snapshots in /ifs/.snapshot may reduce appliance performance, resulting in increased backup times. Creating snapshots for assets under the same path can also reduce appliance performance. Some task failures may also result in failure to delete a snapshot. Remove unneeded snapshots to restore performance. Manually delete Isilon/PowerScale snapshots provides instructions.

Backup cancellation or failure prevents snapshot deletion on Isilon/ PowerScale

If you cancel backups for multiple assets, circumstances may prevent removal of the corresponding snapshots from the appliance. If the backup status is Failed, retrieve and examine the log bundle. Where a system report, job status, or log indicates that the snapshot was not deleted, manually remove the snapshot. Manually delete Isilon/PowerScale snapshots provides instructions. The log bundle for the backup contains the ID for the corresponding snapshot.

Manually delete Isilon/PowerScale snapshots

Use this task as directed by troubleshooting sequences.

About this task

The Isilon OneFS CLI Administration Guide provides more information or instructions for the following steps, and best practices for creating and managing snapshots.

Steps

1. Connect to the Isilon/PowerScale console.

2. List the snapshots:

isi snapshot snapshots list 3. Determine which snapshots can be safely deleted.

4. Delete each snapshot:

isi snapshot snapshots delete --snapshot= --force where is the identifier for a snapshot which can be safely deleted.

38 Network Attached Storage Best Practices and Troubleshooting

Credential troubleshooting The following sections provide guidance for troubleshooting credential issues:

Backups fail during the mount stage with credential issues

If the snapshot mount operation fails, verify the credentials in use on the NAS appliance or share. Change the credentials in PowerProtect Data Manager at the protection policy or asset level to reflect the verified NAS credentials.

Credential issues with protection storage

PowerProtect Data Manager manages protection storage, including credentials. However, you can manually reset the storage unit password. Click Infrastructure > Storage. Select the protection storage system and then click More Actions > Manage Storage Units. Select the storage unit and then click Update Password. The PowerProtect Data Manager Administration and User Guide provides more information.

If the storage unit user account on the protection storage system is locked, you can manually enable the user account. The PowerProtect DD Security Configuration Guide provides instructions.

Unable to back up some assets on a protection policy that protects assets from more than one source

If the asset sources do not share the same credentials, verify the credentials for each asset. Set new credentials at the asset level.

Backup troubleshooting The following sections provide guidance for troubleshooting backup issues:

After you perform an asset-level restore operation, perform a full backup of the asset to maintain backup consistency.

Consecutive incremental backups fail

Perform a manual full backup of the NAS asset. The PowerProtect Data Manager Administration and User Guide provides instructions.

The agent log displays a count of skipped files and folders that is greater than the total number skipped

If a file or folder is skipped for multiple reasons, the agent log displays an entry for each reason that it is skipped. Rather than the file or folder incrementing the count of skipped files and folders a single time, the count is incremented for each entry. This does not affect the backup data, incremental backups, or recovery operations.

Unable to back up a NAS appliance because of connectivity errors

You may receive error messages such as Unable to communicate with NAS appliance when the appliance does not respond as expected and backups may fail to start.

Verify that the NAS appliance is available. Verify connectivity between PowerProtect Data Manager, the protection engine, and the NAS appliance. Verify the appliance and management credentials and, if required, update the stored appliance credentials.

Network Attached Storage Best Practices and Troubleshooting 39

Unable to back up CIFS shares on PowerScale/Isilon appliances after updating PowerProtect Data Manager

Perform a manual full backup and then verify that subsequent backups succeed.

Unable to back up share assets

Verify that the share address and path are valid and mountable. Adding a share does not verify that the share can be backed up.

Manualsnet FAQs

If you want to find out how the PowerProtect Dell works, you can view and download the Dell PowerProtect 19.11 Data Manager Network Attached Storage User Guide on the Manualsnet website.

Yes, we have the Network Attached Storage User Guide for Dell PowerProtect as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Network Attached Storage User Guide should include all the details that are needed to use a Dell PowerProtect. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell PowerProtect 19.11 Data Manager Network Attached Storage User Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell PowerProtect 19.11 Data Manager Network Attached Storage User Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell PowerProtect 19.11 Data Manager Network Attached Storage User Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell PowerProtect 19.11 Data Manager Network Attached Storage User Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell PowerProtect 19.11 Data Manager Network Attached Storage User Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.