Contents

Dell Data Protection Central 19.1 Data Protection Getting Started Guide PDF

1 of 36
1 of 36

Summary of Content for Dell Data Protection Central 19.1 Data Protection Getting Started Guide PDF

Dell EMC Data Protection Central Getting Started Guide

19.1

June 2020 Rev. 02

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the

problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

2017 - 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Preface..........................................................................................................................................5

1 Overview..................................................................................................................................... 8 Data Protection Central overview.......................................................................................................................................8 Environment and system requirements .............................................................................................................................9 Monitoring systems ............................................................................................................................................................ 10 Managing Avamar systems ................................................................................................................................................10 Search and recover capabilities...........................................................................................................................................11 Report capabilities.................................................................................................................................................................11

2 Deployment and Configuration..................................................................................................... 12 Check the network setup with each system.................................................................................................................... 12 Deploy Data Protection Central as an OVA...................................................................................................................... 13 Deploy Data Protection Central using a .jar file ...............................................................................................................14 Verify the deployment......................................................................................................................................................... 15 Configuring LDAP ............................................................................................................................................................... 15

Configure LDAP or AD user access............................................................................................................................. 16 Add LDAP or AD while deploying Data Protection Central.......................................................................................16 Add LDAP or AD after deploying Data Protection Central........................................................................................17 Add a secure LDAP (LDAPS) certificate.....................................................................................................................21 Verify the LDAP or AD connection status...................................................................................................................21 Login format with LDAP users.....................................................................................................................................22

Configuring Network Time Protocol................................................................................................................................. 23 Configuring Network Time Protocol during Data Protection Central OVA deployment...................................... 23 Configuring Network Time Protocol after Data Protection Central deployment..................................................23

Access control..................................................................................................................................................................... 23 Pre-loaded accounts..................................................................................................................................................... 23

Certificate management.....................................................................................................................................................24 Generate a self-signed certificate..................................................................................................................................... 24 Generate a Certificate Signing Request...........................................................................................................................25

3 Getting Started with Administration............................................................................................ 26 Log in to Data Protection Central..................................................................................................................................... 26 User interface...................................................................................................................................................................... 26

Header.............................................................................................................................................................................26 User menu.......................................................................................................................................................................27 Left menu........................................................................................................................................................................27 Pages...............................................................................................................................................................................27 Master and Detail panes............................................................................................................................................... 27 Changing dashboards....................................................................................................................................................28 Filtering........................................................................................................................................................................... 28 Sort information that is displayed in tables................................................................................................................ 29 Dialog boxes................................................................................................................................................................... 29 Notification bar.............................................................................................................................................................. 29

Contents

Contents 3

Overflow button............................................................................................................................................................ 29 Dashboards overview..........................................................................................................................................................29 Health overview...................................................................................................................................................................30 Alerts overview.................................................................................................................................................................... 30 Capacity overview...............................................................................................................................................................30 Activities overview.............................................................................................................................................................. 30 Audit overview..................................................................................................................................................................... 30 System management overview......................................................................................................................................... 30 Search and recover overview.............................................................................................................................................31 Reports overview................................................................................................................................................................. 31

4 Adding Systems to Data Protection Central.................................................................................. 32 Add an Avamar system.......................................................................................................................................................32 Add a NetWorker system................................................................................................................................................... 33

Edit NetWorker Virtual Edition firewall settings to enable Data Protection Central to read jobs....................... 34 Add a Data Domain System................................................................................................................................................34 Add a Data Protection Advisor system.............................................................................................................................35 Add a Search system.......................................................................................................................................................... 35

4 Contents

Preface As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of the software or hardware currently in use might not support some functions that are described in this document. The product release notes provide the most up-to-date information on product features.

If a product does not function correctly or does not function as described in this document, contact a technical support professional.

Purpose This document includes information about how to deploy Data Protection Central, and then get started with Data Protection Central administration.

Audience This document is intended for administrators of Data Protection Central.

Revision history The following table presents the revision history of this document.

Table 1. Revision history

Revision Date Description

02 June 2020 Must use NTP server IP address (not NTP server name).

01 May 2019 Beta release of the Data Protection Central 19.1 Getting Started Guide.

Related Documentation For information about Data Protection Central compatibility, refer to the Data Protection Central Release Notes.

The Data Protection Central documentation set includes the following publications:

Data Protection Central Getting Started Guide Data Protection Central Security Configuration Guide Data Protection Central Release Notes Data Protection Central Administration Guide

The documentation for the following products includes more information:

Avamar Data Domain Search Data Protection Advisor NetWorker

Special notice conventions that are used in this document The following conventions are used for special notices:

NOTE: Identifies content that warns of potential business or data loss.

Preface

Preface 5

NOTE: Contains information that is incidental, but not essential, to the topic.

Typographical conventions The following type style conventions are used in this document:

Table 2. Style conventions

Bold Used for interface elements that a user specifically selects or clicks, for example, names of buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page, pane, screen area with title, table label, and window.

Italic Used for full titles of publications that are referenced in text.

Monospace Used for:

System code System output, such as an error message or script Pathnames, file names, file name extensions, prompts, and syntax Commands and options

Monospace italic Used for variables.

Monospace bold Used for user input.

[ ] Square brackets enclose optional values.

| Vertical line indicates alternate selections. The vertical line means or for the alternate selections.

{ } Braces enclose content that the user must specify, such as x, y, or z.

... Ellipses indicate non-essential information that is omitted from the example.

You can use the following resources to find more information about this product, obtain support, and provide feedback.

Where to find product documentation https://www.dell.com/support https://community.emc.com

Where to get support The Support website https://www.dell.com/support provides access to product licensing, documentation, advisories, downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Support.

To access a product-specific page:

1. Go to https://www.dell.com/support. 2. In the search box, type a product name, and then from the list that appears, select the product.

Knowledgebase The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx) or by keyword.

To search the Knowledgebase:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Knowledge Base. 3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by typing a

product name in the search box, and then selecting the product from the list that appears.

6 Preface

Live chat To participate in a live interactive chat with a support agent:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Contact Support. 3. On the Contact Information page, click the relevant support, and then proceed.

Service requests To obtain in-depth help from Licensing, submit a service request. To submit a service request:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests.

NOTE: To create a service request, you must have a valid support agreement. For details about either an account or

obtaining a valid support agreement, contact a sales representative. To get the details of a service request, in the

Service Request Number field, type the service request number, and then click the right arrow.

To review an open service request:

1. Go to https://www.dell.com/support. 2. On the Support tab, click Service Requests. 3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.

Online communities For peer contacts, conversations, and content on product support and solutions, go to the Community Network https:// community.emc.com. Interactively engage with customers, partners, and certified professionals online.

How to provide feedback Feedback helps to improve the accuracy, organization, and overall quality of publications. You can send feedback to DPAD.Doc.Feedback@emc.com.

Preface 7

Overview Learn about Data Protection Central.

This chapter contains the following sections:

Topics:

Data Protection Central overview Environment and system requirements Monitoring systems Managing Avamar systems Search and recover capabilities Report capabilities

Data Protection Central overview Data Protection Central provides a solution for data protection administrators who manage multiple independent data protection applications and storage devices.

When you work with multiple data protection applications, operational monitoring and management can be a complex, time consuming effort.

Data Protection Central enables administrators to efficiently and effectively monitor and manage the software products within the Data Protection Suite family from a single user interface, simplifying the entire data protection experience.

Data Protection Central includes the following features:

Comprehensive dashboards Data Protection Central has a comprehensive and customizable dashboard for at-a-glance monitoring of systems and activities. Data Protection Central supports up to 20 dashboards per user.

Avamar system monitoring and management Data Protection Central supports a maximum combination of 200 NetWorker and Avamar systems.

When you add an Avamar system to Data Protection Central, you can perform the following tasks:

Launch AUI or Avamar Administrator, using Single-Sign On (SSO) for supported versions. Monitor system health status and any alerts from the system. Monitor storage capacity usage. Monitor backup and replication activities at the Avamar job level. Monitor backup and replication activities at the Avamar asset level. Assets are virtual machines or clients that you add to the Avamar

system. Rerun failed backup and replication activities at the job or asset level. Manage and run Avamar protection policies. View assets that are added to Avamar.

NetWorker system monitoring Data Protection Central supports a maximum combination of 200 NetWorker and Avamar systems.

When you add a NetWorker system to Data Protection Central, you can perform the following tasks:

Launch NetWorker Management Console or the NetWorker Management Web UI, using Single-Sign On (SSO) for supported versions. Monitor system health status and any alerts from the system.

1

8 Overview

Monitor backup and replication activities at the NetWorker action level. Monitor backup activities at the NetWorker asset level. View assets that are added to NetWorker.

Data Domain system monitoring Data Protection Central supports adding up to 80 Data Domain systems.

When you add a Data Domain system to Data Protection Central, you can perform the following tasks:

Launch Data Domain System Manager, using Single-Sign On (SSO) for supported versions. Monitor system health status and any alerts from the system. Monitor storage capacity usage.

Search integration Data Protection Central supports adding a single Search system.

When you integrate Search with Data Protection Central, you can launch Search Web User Interface, using Single-Sign On (SSO) for supported versions.

Data Protection Advisor integration Data Protection Central supports adding a single Data Protection Advisor system.

When you integrate Data Protection Advisor with Data Protection Central, you can perform the following tasks:

Launch DPA Web Console, using Single-Sign On (SSO) for supported versions. Run 11 of the most used Data Protection Advisor reports on Avamar, NetWorker, and Data Domain systems.

Environment and system requirements The following list includes information about environment and system requirements:

To deploy the Data Protection Central OVA, you must use VMware vCenter with VMware ESX 5.5 or later. The Data Protection Central OVA does not deploy directly to the ESXi server.

The Data Protection Central host must have a minimum of 4 CPUs, 8 GB of RAM, and 550 GB of disk space available. The FQDN, IP, Netmask, NTP, Gateway, DNS, and time zone must be configured.

The FQDN must resolve to the IP address. The environment must use static network settings. Data Protection Central requires a minimum browser window size of 1366x768. Ensure that the DNS is set up correctly. The correct DNS setup ensures that systems can resolve the Data Protection Central

hostname and FQDN name. Data Protection Central is compatible with VMware vSphere Fault Tolerance (FT), VMware vSphere High Availability (HA), and

VMware vSphere vMotion. It is highly recommended that the ESXi server for the VMware environment where Data Protection Central is deployed is protected

from unexpected power outages with an uninterrupted power supply device. NOTE: If you must power off the Data Protection Central virtual machine, do not use the Power off the virtual

machine feature in vCenter. Instead, shut down the machine gracefully with the Shut Down Guest OS menu option.

Alternatively, log in to Data Protection Central using shell or SSH and type: shutdown -h now.

Do not use the underscore symbol in a hostname. This is a standard requirement for hostname configurations. For example, mars_jupiter.planets is not a valid hostname. When you deploy Data Protection Central to a server with a hostname that contains the underscore symbol (_), the deployment will succeed but Data Protection Central will be unusable due to communication issues.

If you are using only IPv4 in your environment, do not disable the IPv6 configuration. Some Data Protection Central components use the IPv6 loopback address. If you disable IPv6, those components do not start.

The following table includes information about the minimum versions of products that are supported with Data Protection Central:

Overview 9

Table 3. Compatibility

Product Supported versions

NetWorker 9.2.1.4

18.1

18.2

19.1

Avamar 7.5.1-101_HF298709_27 hotfix

18.1

18.2

19.1

Data Domain 6.0

6.1

6.1.1

6.1.2

6.2

Data Protection Advisor 18.1

18.2

19.1

Search 18.1

18.2

19.1

Mozilla Firefox Latest version

Google Chrome Latest version

Monitoring systems Data Protection Central includes system monitoring features.

The systems monitoring features include:

Job Activities: Monitor backup and replication activities at the job-level for Avamar and NetWorker systems. Asset Activities: Monitor backup and replication activities at the asset-level within jobs for Avamar and NetWorker systems. Health: Monitor the health status for Avamar, NetWorker, and Data Domain systems. Alerts: Monitor alerts originating from Avamar, NetWorker, and Data Domain systems. Capacity: Monitor capacity usage for Avamar and Data Domain systems.

NOTE: If a Data Domain system is configured in a monitored Avamar system, the Data Domain system is automatically

added as a monitored system. However, you must add the Data Domain system credentials to Data Protection Central to

enable the full system monitoring features.

Managing Avamar systems For Avamar systems, Data Protection Central includes policy management and client management capabilities.

Data Protection Central includes the following Policy Management capabilities:

View, add, edit, and delete policies, retentions, schedules, and datasets. Add clients and proxies to policies.

10 Overview

Perform a backup of a policy. Rerun a backup or replication activity.

Data Protection Central includes the capability for you to view existing clients that are associated with an Avamar system.

Search and recover capabilities Data Protection Central integrates with Search to provide you with the ability to perform complex search and recover operations.

Data Protection Central launches Search in a new browser tab.

After launching Search, you can perform the following tasks:

Perform a targeted full content index (FCI) search. Search for files by name, location, size, owner, file type, and date. Perform advanced search queries including symbols, wildcards, filters, and operators. From the Search Results page:

View a preview of the content. Download content. Recover content. Review the size of files or directories.

For comprehensive information about Search, refer to the Search documentation set.

NOTE: To take full advantage of Data Protection Central capabilities, it is recommended that all systems that are

configured in Search also be configured in Data Protection Central.

Report capabilities Data Protection Central provides the capability for you to run 11 of the most used Data Protection Advisor reports for Avamar, NetWorker, and Data Domain systems.

Data Protection Central reporting features require you to have Data Protection Advisor in the environment. For more information about Data Protection Advisor, refer to the Data Protection Advisor documentation set.

You can run, and then view these reports directly in the Data Protection Central user interface. You can also specify the reporting period for these reports within the Data Protection Central interface.

NOTE: To take full advantage of Data Protection Central capabilities, it is recommended that all systems that are

configured in Data Protection Advisor also be configured in Data Protection Central.

Overview 11

Deployment and Configuration Learn about how to deploy and configure Data Protection Central.

Topics include:

Topics:

Check the network setup with each system Deploy Data Protection Central as an OVA Deploy Data Protection Central using a .jar file Verify the deployment Configuring LDAP Configuring Network Time Protocol Access control Certificate management Generate a self-signed certificate Generate a Certificate Signing Request

Check the network setup with each system Before deploying the Data Protection Central OVA, ensure that the network setup with each Avamar,NetWorker, Data Domain, and Data Protection Advisor system is correct.

Steps

1. Ensure that the time on the system is set correctly.

For successful activation of certificates, the time that appears on the system must be in synchronization with Data Protection Central.

It is recommended that Data Protection Central and all the systems that Data Protection Central monitors be configured with a Network Time Protocol (NTP) server. This configuration helps keep the system times in sync. Configuring Network Time Protocol on page 23 provides more information about configuring an NTP server.

2. Find out the Data Protection Central DNS hostname and domain name. 3. Check if the system is on the same domain as Data Protection Central.

If the system is on the same domain, ensure that the DNS entry and search domain values are set.

If the system is on a different domain, add the Data Protection Central DNS entry through the yast2 command, or by editing the /etc/resolv.conf file on the system.

4. To check whether the system can resolve the Data Protection Central hostname and IP address, use the nslookup command.

Type the following command:

nslookup -query=any

5. Check whether the hostname resolves correctly.

If the hostname resolves correctly, the network setup is correctly configured. Otherwise, check all previously entered values.

6. If DNS cannot resolve the Data Protection Central host name, add the short name entry in the /etc/hosts file. For example:

10.x.x.x dpc.domain.local dpc

2

12 Deployment and Configuration

Deploy Data Protection Central as an OVA Deploy the Data Protection Central Open Virtualization Appliance (OVA) using a VMware vSphere client. Refer to the VMware documentation for specific information regarding how to deploy an OVF template.

Prerequisites

Ensure that the following system requirements are met:

The DNS is set up correctly. The correct DNS set up ensures that systems monitored by Data Protection Central can resolve the Data Protection Central hostname and Fully Qualified Domain Name (FQDN).

VMware vCenter with VMware ESX 5.5 or later is deployed. To deploy the Data Protection Central OVA, you must use vCenter. The Data Protection Central OVA does not deploy directly to the ESXi server.

A minimum of 4 CPUs and 8 GB of RAM. 550 GB of disk space available. The FQDN, IP, Netmask, Gateway, DNS, NTP, and time zone are configured.

The FQDN must resolve to the IP address. The environment is using static network settings. It is highly recommended that the ESXi server for the VMware environment where Data Protection Central is deployed is protected

from unexpected power outages with an uninterrupted power supply device. NOTE: If you must power off the Data Protection Central virtual machine, do not use the Power off the virtual

machine feature in vCenter. Instead, shut down the machine gracefully with the Shut Down Guest OS button or the

shutdown -h now bash shell command.

Steps

1. Log in to vCenter using the vSphere client. 2. Specify an ESXi server on which to deploy the OVF. 3. Begin deploying an OVF template. 4. Type the file or URL location. 5. Verify the OVF template details match the version of Data Protection Central that is to be deployed. 6. Accept the end user license agreement. 7. Specify the name and location of the Data Protection Central virtual machine. 8. Select the virtual disk format.

When selecting the virtual disk format, the Thick Provision Lazy Zeroed option is recommended.

9. Specify network properties:

a. For the Network IPv4 address, specify the IPv4 address for the virtual appliance. This field is required if an IPv6 address is not provided.

b. For the IPv4 Default Gateway, specify the default gateway IPv4 address that you want the virtual appliance to use. This field is required if an IPv4 address is provided.

c. For the IPv4 Network Netmask, specify the netmask of the virtual appliance. This field is required if an IPv4 address is provided. d. For the Network IPv6 address, specify the IPv6 address for the virtual appliance. This field is required if an IPv4 address is not

provided. e. For the IPv6 Default Gateway, specify the default gateway IPv4 address that you want the virtual appliance to use. This field is

required if IPv6 is provided. f. For the IPv6 Network Prefix, specify the prefix length. This field is required if IPv6 is provided.

10. Specify DNS Settings:

a. For the DNS, specify up to three domain name servers for this virtual appliance.

IPv4 and IPv6 addresses may be included. Separate entries with commas.

b. For the FQDN [e.g. hostname.domain], specify the FQDN for the virtual appliance.

NOTE: Ensure that you correctly configure hostname resolution for the name of the appliance. Forward and

reverse lookups must succeed.

11. In the NTP Server field, specify up to three Network Time Protocol (NTP) servers.

Separate NTP server IP addresses with commas.

12. Specify Operation System User Passwords:

a. Under Configure OS root password, specify the password for the Linux OS root account.

Deployment and Configuration 13

The operating system root account is for OVA deployment only.

b. Under Configure OS admin password, specify the password for the Linux OS admin.

The operating system admin account is the default user for Data Protection Central operating system administration.

The OS root and OS admin password length must be between 8 and 256 characters.

13. In Lockbox Settings, under Configure lockbox password, specify a Master password for the Data Protection Central lockbox.

The lockbox password length must be between 8 and 256 characters.

Data Protection Central uses a lockbox to encrypt and store the credentials of the systems it monitors. This password is used along with certain System Stable Values (SSVs) to create an encryption key.

14. Under Location Settings, select the timezone of the Data Protection Central virtual machine. 15. (Optional) Configure LDAP.

Add LDAP or AD while deploying Data Protection Central on page 16 provides the steps to configure LDAP while deploying the OVA.

16. Validate the information that you specified, and then complete the deployment of the Data Protection Central OVF.

Deploy Data Protection Central using a .jar file Data Protection Central can be installed on a standalone server or virtual machine using a self-extracting .jar file.

Prerequisites

Ensure that the following minimum system requirements are met:

Standalone server deployments require 1.5GHz processor. Virtual machine deployments require 4 CPUs with 1 core each. 8GB of RAM. 550 GB of disk space available. The environment is running SuSE Linux Enterprise Server 12 SP2.

It is recommended that you disable AppArmor. If you must enable AppArmor, ensure that the AppArmor profiles do not block the applications used by Data Protection Central.

Java Platform Standard Edition Development Kit (JDK) version 8u181 or greater is installed, including the following packages:

javapackages-tools-2.0.1-8.1.x86_64 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2.x86_64 java-1_8_0-openjdk-1.8.0.181-27.26.2.x86_64

NOTE: Java may require additional packages to be installed. If there is a firewall, ensure that the ports that Data

Protection Central requires have inbound and outbound access. See the Data Protection Central Security Configuration Guide for a list of required ports.

The Linux socat package is installed. The DNS is set up correctly. The correct DNS set up ensures that systems monitored by Data Protection Central can resolve the Data

Protection Central hostname and Fully Qualified Domain Name (FQDN). The FQDN, IP, Netmask, Gateway, DNS, NTP, and time zone are configured. The environment is using static network settings.

NOTE: If you are installing Data Protection Central on a Hyper-V virtual machine, you must use a Generation-1 Hyper-V

virtual machine.

Prior to installing Data Protection Central, ensure that an administrative user exists on the host named 'admin' and is added to a group named 'admin' .

Steps

1. Download and save the Data Protection Central .jar file.

Make note of the file name and directory where it is saved.

2. Launch a terminal window. 3. Log in as the root user. 4. Change the directory to the location where the .jar file is saved

14 Deployment and Configuration

5. Start the installation by typing the following command:

java -jar .jar

Verify the deployment When the deployment is complete, to verify that Data Protection Central was deployed successfully, perform the following steps.

Prerequisites

Ensure that the virtual machine where the OVA file was deployed is powered on.

In a software-only installation (deploying Data Protection Central by using a .jar file), you must reset the default Master password for the lockbox (the default Master password is changeme) by removing and re-creating the lockbox. See the Data Protection Central Administration Guide for these procedures.

About this task

NOTE: Data Protection Central is supported with Mozilla Firefox and Google Chrome.

Steps

1. Open a browser, and then type the following in the Address field:

https:// The Data Protection Central Login page appears.

2. In the Username field, type:

administrator@dpc.local 3. In the Password field, type:

secret 4. Click LOG IN.

The first time you log in you are required to change the password. The password requirements are as follows:

A minimum of 9 characters. A maximum of 15 characters. At least 1 lowercase character. At least 1 uppercase character. At least 1 number. At least 1 of the following special characters:

! @ # $ % ^ & * ( ) - _ The password cannot include any white space.

The Data Protection Central Security Configuration Guide provides the steps to reset the administrator@dpc.local password.

Configuring LDAP Learn about LDAP requirements and configuration procedures.

Data Protection Central supports OpenLDAP and Active Directory (AD) authentication.

You can configure LDAP during or after deploying Data Protection Central.

The Troubleshooting chapter in the Data Protection Central Administration Guide provides detailed troubleshooting information on diagnosing and resolving common LDAP configuration issues.

NOTE: LDAP without TLS protocol communicates in clear text without encryption. Secure LDAP (LDAPS) does not

support communication in clear text. When you configure LDAP without TLS, to improve security, it is recommended

that you use a segmented network containing only the LDAP server and the Data Protection Central server.

Deployment and Configuration 15

Configure LDAP or AD user access Before you configure Lightweight Directory Access Protocol (LDAP) or Windows Active Directory (AD), configure the users who will access Data Protection Central.

About this task

Perform this procedure on the server that hosts Lightweight Directory Access Protocol (LDAP) or Windows Active Directory (AD).

Steps

1. Create an administrative user group that will contain the users who can access Data Protection Central.

The following list describes the default containers, according to the configuration type:

For Lightweight Directory Access Protocol (LDAP), the default user group is the OU=People folder. For Windows Active Directory (AD), the default user group is the OU=Users folder.

2. For AD accounts only, set the user group scope setting to Global.

NOTE: Users who are part of this group are granted administrative privileges to Data Protection Central and the

system management applications for any systems added to Data Protection Central, including Single-Sign On

access.

3. Add any users that require access to Data Protection Central to the user group.

Add LDAP or AD while deploying Data Protection Central You can configure Lightweight Directory Access Protocol (LDAP) or Windows Active Directory (AD) when you deploy Data Protection Central.

Steps

1. While deploying the Data Protection Central OVA, under Configure LDAP (Optional), specify the following settings:

LDAP server name / IP address: Type the LDAP server name or IP address of the server where LDAP is hosted.

Type the name in one of the following formats:

Type the LDAP server name in the following format:

{ldap | ldaps}.

For example:

ldap.corp Type the IP address of the LDAP server.

For example:

sample.dpc.local Configure for secure LDAP (ldaps): Select either LDAP or LDAPS, depending on the LDAP security type. Port number of the LDAP: Type the LDAP server port number. Admin user Distinguished Name (DN): Type the administrative username in the distinguished name format.

For example, consider the following entry for LDAP:

uid=admin,ou=people,dc=dpc,dc=local

For example, consider the following entry for Active Directory:

cn=Administrator,dc=abc,dc=xyz,dc=com Admin Password: Type the password for the administrative user. Search Admin group name: Type the name of the user group name that contains the users who require access to Data

Protection Central.

16 Deployment and Configuration

For example, if the group distinguished name is cn=dp_admin, ou=groups, dc=dpc, dc=local, specify dp_admin in the Search Admin group name field

The default user group name is dp_admin.

Base Distinguished Name (DN): Type the domain base distinguished name.

For example:

dc=dpc,dc=xyz,dc=com LDAP Type: Select the type of LDAP:

Windows Active Directory (AD) Lightweight Directory Access Protocol (LDAP) server

2. Click Next and proceed with deploying the OVA.

Results

The administrator password is stored in the Data Protection Central lockbox and removed from the LDAP properties file.

Add LDAP or AD after deploying Data Protection Central You can optionally configure LDAP or AD after deploying Data Protection Central.

About this task

The following roadmap describes the workflow to add LDAP or AD to Data Protection Central.

Steps

1. Access the Data Protection Central system through ssh and prepare to add LDAP.

Prepare to add LDAP or AD to the Data Protection Central system on page 17 provides information.

2. Create the LDAP properties file.

Create an LDAP properties file on page 17 and Examples of the LDAP properties file on page 20 provide information.

3. Finish adding LDAP and log in to the Data Protection Central user interface.

Finish adding LDAP or AD and log in to the Data Protection Central user interface on page 20 provides information.

Prepare to add LDAP or AD to the Data Protection Central system Before you add LDAP or AD, you must access the Data Protection Central system and stop the services.

Steps

1. Login to the Data Protection Central system using SSH.

2. To switch to the root user, type the following command:

su -

3. To stop the Data Protection Central services, type the following command:

/usr/local/dpc/bin/dpc stop

Next steps

Create or edit the ldap.properties file in the /var/lib/dpc/elg/ folder to specify the values that are specific to the environment.

Create an LDAP properties file Learn how to create an LDAP properties file.

The LDAP properties file must match the exact file name of ldap.properties and be located in the /var/lib/dpc/elg/ directory.

Deployment and Configuration 17

NOTE: To quickly create an LDAP properties file, it is recommended that you copy the LDAP properties template file

located at /usr/local/dpc/lib/elg/conf/ldap.properties.example into /var/lib/dpc/elg/ ldap.properties.

The following table describes the attributes that you can specify in the LDAP properties file.

Table 4. LDAP properties file attributes

Attribute Description Examples

elg.ldap.type Required.

Specifies the type of LDAP environment. Specify either LDAP or AD.

elg.ldap.type=LDAP

elg.ldap.type=AD

elg.ldap.server.urls Required.

Specifies the URL of the server where LDAP is hosted. Type the URL in the following format:

{ldap | ldaps}:// :

elg.ldap.server.urls=ldap:// ldap.dpc.local:389/

elg.ldap.server.urls=ldaps:// ldap.dpc.local:636/

elg.ldap.base.dn Required.

Specifies the domain base distinguished name of the LDAP server.

elg.ldap.base.dn=dc=dpc,dc=local

elg.ldap.admin.dn Required.

Specifies the administrative username in the base distinguished name format.

For example:

LDAP:

elg.ldap.admin.dn=uid=admin,ou=pe ople,dc=dpc,dc=local

Active Directory:

elg.ldap.admin.dn=cn=administrato r,dc=abc,dc=xyz,dc=com

or, alternatively:

elg.ldap.admin.dn=administrator@x yz.com

elg.ldap.admin.password Required.

Specifies the password for the administrative user.

After you save the file and restart the Data Protection Central services, the password is stored in the lockbox and removed from the ldap.properties file.

elg.ldap.admin.password=changeme1

or, if the password contains Java special characters, escape the special character with a backslash \:

For example, if the password is change\me1, enter it like this:

elg.ldap.admin.password=change\ \me1

elg.ldap.group.search.name Required.

Specifies the user group name that contains the users who require access to Data Protection Central.

If you do not specify this attribute, the default value of dp_admin is used.

For example, if the distinguished name of the group is cn=backupadmins, ou=groups,

18 Deployment and Configuration

Table 4. LDAP properties file attributes(continued)

Attribute Description Examples

dc=dpc, dc=local, specify the group name with the following entry:

elg.ldap.group.search.name=backup admins

elg.ldap.group.search.base Optional.

Specifies the distinguished name of the administrator user group on the LDAP server.

NOTE: Do not specify this attribute unless there are duplicate entries of the group name on the LDAP or AD server. If you specify this attribute when there is a single instance of a group, user authentication may fail.

If the group name specified with elg.ldap.group.search.name is duplicated on the LDAP or AD server, then you must specify this attribute for Data Protection Central to identify the correct instance of the group name.

When there is only one instance of the group name, Data Protection Central automatically locates the group on the LDAP or AD server.

For example, consider the following scenario.

The LDAP server has two BackupAdmins groups in different locations. The groups have the following distinguished names:

cn=backupadmins,ou=groups,dc=d pc,dc=local

cn=backupadmins,ou=groupcontai ner,dc=dpc,dc=local

You want to use the group located in the groupcontainer folder. Data Protection Central.

In this scenario, specify:

elg.ldap.group.search.base=ou=gro upcontainer

Special characters in admin username and password If the Admin username or password in the ldap.properties file incorporates Java special characters, they must be escaped by a \ (backslash).

Admin username example

If the Admin username in the ldap.properties file uses the domain\username format, the following example would be incorrect because it omits the escape character (a backslash):

elg.ldap.admin.dn=dpc.local\administrator

The correct syntax includes the \ escape character:

elg.ldap.admin.dn=dpc.local\\administrator

Admin password example

If the Admin password incorporates a Java special character, the following example would be incorrect:

elg.ldap.admin.password=password1\

The correct syntax would be:

elg.ldap.admin.password=password1\\

Supported Java special characters

Table 5. Examples of Java special characters on page 19 provides examples of Java special characters that you must escape by using a backslash.

Table 5. Examples of Java special characters

Special characters escaped by \ Display

\' Single quotation mark

Deployment and Configuration 19

Table 5. Examples of Java special characters(continued)

Special characters escaped by \ Display

\" Double quotation mark

\\ Backslash

\t Tab

\b Backspace

\r Carriage return

\f Formfeed

\n Newline

Examples of the LDAP properties file

Consider the following examples of the LDAP property file.

Example LDAP properties file

elg.ldap.type=LDAP elg.ldap.server.urls=ldaps://dpc.local.domain.com:636/ elg.ldap.base.dn=dc=local,dc=domain,dc=com elg.ldap.admin.dn=uid=Admin,ou=People,dc=local,dc=domain,dc=com elg.ldap.admin.password=PgK17y5* elg.ldap.group.search.name=dp_admin

Example LDAP properties file for active directory

elg.ldap.type=AD elg.ldap.server.urls=ldap://dpc.corp.domain.com:389/ elg.ldap.base.dn=dc=corp,dc=domain,dc=com elg.ldap.admin.dn=cn=Administrator,cn=Users,dc=sddc,dc=local elg.ldap.admin.password=4tHgI8fL elg.ldap.group.search.name=dp_admin

Finish adding LDAP or AD and log in to the Data Protection Central user interface After you add the ldap.properties file, perform the following steps to complete the LDAP configuration.

Steps

1. To assign administrator ownership on the ldap.properties file, type the following command:

chown admin:admin /var/lib/dpc/elg/ldap.properties

2. To set the protection of the ldap.properties file, type the following command:

chmod 644 /var/lib/dpc/elg/ldap.properties

3. To restart Data Protection Central and activate the change, type the following command:

/usr/local/dpc/bin/dpc start

4. Once Data Protection Central is started, type the following command to confirm that all of the services are active:

/usr/local/dpc/bin/dpc status

5. Launch a web browser and navigate to the Data Protection Central address using the fully qualified domain name.

20 Deployment and Configuration

For example:

https://dpc.local.com

6. Log in to the Data Protection Central user interface with the credentials for the LDAP user account.

Add a secure LDAP (LDAPS) certificate Learn how to add a secure LDAP (LDAPS) certificate.

About this task

Secure LDAP (LDAPs) uses TLS, and therefore requires certificate-based authentication.

If the LDAP server that authenticates Data Protection Central credentials uses a non-standard certificate authority, you must add the root certificate of the authority that signed the LDAP server certificate to the Data Protection Central keystore.

Data Protection Central automatically uses the certificate authorities available within the standard Java keystore.

Steps

1. To retrieve the certificate details from the LDAP server, type the following command:

/usr/local/dpc/bin/dpc trust-ldaps

The certificate details are listed. The operation prompts you to continue with adding the certificate to the keystore. 2. To add the LDAP server's certificate to the Data Protection Central Java keystore, type y in response to the prompt.

3. After the certificate is added to the keystore, restart the Data Protection Central services using the following commands:

/usr/local/dpc/bin/dpc stop /usr/local/dpc/bin/dpc start

Verify the LDAP or AD connection status You can verify the LDAP or AD connection status by looking for messages in the log file or on the Audit page.

Check the LDAP status in the log file Check the /var/log/dpc/elg/elg.log log file for messages about the LDAP connection status.

Messages that appear during LDAP connection failure

If the following message appears, the LDAP client did not make a successful connection to the LDAP server:

2018-04-03 11:00:26,929 INFO localhost-startStop-1 c.e.c.c.SecurityConfig LDAP or AD Directory Service providers are not available There are multiple issues that can prevent the LDAP client from connecting to the LDAP server. Look for error messages in the log file that provide more information.

The following table describes various error messages that appear during LDAP connection failures and their causes.

Table 6. LDAP communication messages

Message Cause

INFO localhost-startStop-1 c.e.c.c.SecurityConfig LDAP or AD Directory Service providers are not available

No LDAP or AD settings are provided or they are provided with incorrect information.

.ADLdapAuthenticationProvider Ignoring AD authentication. Verification of ldap settings failed. Failed to connect

Invalid AD configuration information.

Deployment and Configuration 21

Table 6. LDAP communication messages(continued)

Message Cause

.LdapAuthenticationProvider Ignoring LDAP authentication. Verification of ldap settings failed. Failed to connect

Invalid LDAP configuration information.

PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path

Validation of the LDAP server certificate could not be completed.

One possible solution for this issue is to add the LDAP server certificate to the Data Protection Central Java keystore.

Messages that appear during LDAP connection success

Messages similar to the following appear when the LDAP client successfully connects to the LDAP server:

c.e.c.s.a.l.LDAPSecureStorage LDAP admin credentials are secured c.e.c.s.a.l.ExternalAuthenticationProvider Type: LDAP c.e.c.s.a.l.ExternalAuthenticationProvider Base DN: dc=mydomain,dc=com c.e.c.s.a.l.ExternalAuthenticationProvider Admin user DN: cn=Administrator,dc=my-domain,dc=com c.e.c.s.a.l.ExternalAuthenticationProvider User Base: ou=people c.e.c.s.a.l.ExternalAuthenticationProvider User Search DN: (|(uid={0})(cn={0})) c.e.c.s.a.l.ExternalAuthenticationProvider User Pattern DN: [] c.e.c.s.a.l.ExternalAuthenticationProvider Group Name: dp_admin c.e.c.s.a.l.ExternalAuthenticationProvider Group Search Base: ou=group c.e.c.s.a.l.ExternalAuthenticationProvider Group Search Filter:(&(member={0})(cn=dp_admin)) o.s.s.l.DefaultSpringSecurityContextSource URL 'ldap://12.3.104.150:546/dc=my-domain,dc=com', root DN is 'dc=mydomain,dc=com' 12.3.104.150:546/dc=my-domain,dc=com', root DN is 'dc=mydomain,dc=com'

Check the LDAP status on the Audit page You can verify the success of the LDAP configuration on the Data Protection Central Audit page.

If LDAP configuration is successful, you can log into the Data Protection Central web user interface with an LDAP account. If configuration fails, login to Data Protection Central using the administrator@dpc.local account and browse to the Audit for details.

The Audit page shows the overall status of the operation and the status of each individual sub-task. You can use this information to locate the point in the operation that caused the LDAP configuration to fail.

The following figure shows an example of an LDAP configuration activity on the Audit page.

Figure 1. LDAP configuration activities on the Audit page

Login format with LDAP users Learn about login formats that Data Protection Central supports for LDAP users.

Active Directory username login format Data Protection Central supports User Principal Name (UPN) login format in release 18.2 and earlier. Beginning with Data Protection Central 19.1, the sAMAccountName user login format is also supported.

The following examples demonstrate the username formats that Data Protection Central supports.

UPN format

UpnUsername@domain

UpnUsername@upnSuffixDomain

22 Deployment and Configuration

sAMAccountName format

username

domain\username

username@domain

Configuring Network Time Protocol Data Protection Central utilizes a Network Time Protocol (NTP) server to update system time.

To ensure that Data Protection Central can use single sign-on (SSO) to launch system management applications, you must configure Data Protection Central and all monitored systems with the same NTP server and disable VMware time sync.

Configuring Network Time Protocol during Data Protection Central OVA deployment To configure Network Time Protocol during Data Protection Central OVA deployment, use the NTP Server field to specify up to three Network Time Protocol (NTP) servers. Separate NTP server IP addresses with commas.

If an NTP server is configured during deployment, VMware time sync is disabled by default.

Configuring Network Time Protocol after Data Protection Central deployment If an NTP server was not configured during Data Protection Central deployment, you must configure an NTP server after deployment

Steps

1. Add the NTP server to the /etc/ntp.conf file.

2. Disable VMware time sync using the following command:

/usr/bin/vmware-toolbox-cmd timesync disable

3. Validate VMware time sync is disabled using the following command:

/usr/bin/vmware-toolbox-cmd timesync status

Access control Access control settings provide protection of resources against unauthorized access.

Pre-loaded accounts The following table describes the pre-loaded Data Protection Central accounts.

Table 7. Pre-loaded accounts

User account Description

Data Protection Central administrator The default user for Data Protection Central web application administration.

Linux operating system admin The default user for Data Protection Central operating system level administration.

This account is for OVA deployments only.

Deployment and Configuration 23

Table 7. Pre-loaded accounts(continued)

User account Description

NOTE: Only the Linux OS admin can log in using a secure shell (ssh).

Linux operating system root The root operation system account.

This account is for OVA deployments only.

Certificate management Data Protection Central uses certificates for secure http access (https).

By default, Data Protection Central generates a default SSL self-signed certificate in the following location:

/var/lib/dpc/webcerts The self-signed certificate is sufficient to establish an encrypted channel between web browsers and the server. The self-signed certificate cannot be used for authentication.

You can use the following types of certificates for Data Protection Central authentication:

A self-signed certificate. A certificate that is signed by a trusted certificate authority (CA) vendor.

NOTE: Consider company policies when creating certificates.

Generate a self-signed certificate To enable a secure browser connection, create a private key and a self-signed certificate.

Steps

1. To connect to the Data Protection Central server as an admin user, run the following command:

ssh admin@SERVER

2. To change to the root user, run the following command:

su -

3. To change the directory to /var/lib/dpc/webcerts, run the following command:

cd /var/lib/dpc/webcerts

4. To generate a new certificate, run the following command:

openssl req -newkey rsa:2048 -sha256 -x509 -keyout private-key.pem -out cert.pem -nodes - days 3650

5. Set the owner and group of the new certificate files to the following:

chown admin *.pem

6. Restart NGINX.

systemctl restart nginx

7. To verify the new self-signed certificate, browse Data Protection Central.

24 Deployment and Configuration

Generate a Certificate Signing Request To enable a secure browser connection, generate a Certificate Signing Request (CSR).

Steps

1. To connect to the Data Protection Central server as an admin user, type the following command:

ssh admin@SERVER

2. To change to the root user, type the following command:

su -

3. To change the directory to /var/lib/dpc/webcerts, type the following command:

cd /var/lib/dpc/webcerts

4. To generate a new certificate using the private key at the self-sign step, type the following command:

openssl req -newkey rsa:2048 -sha256 -key private-key.pem -out cert.csr

5. Send the cert.csr to a certificate authority (CA) vendor.

6. Replace the current cert.pem file to the certificate received from the CA vendor. 7. Restart NGINX.

systemctl restart nginx

8. To verify the new certificate, browse Data Protection Central.

Deployment and Configuration 25

Getting Started with Administration Learn about how to get started with administering Data Protection Central.

NOTE: For comprehensive information about Data Protection Central administration, refer to the Data Protection Central Administration Guide.

Topics include:

Topics:

Log in to Data Protection Central User interface Dashboards overview Health overview Alerts overview Capacity overview Activities overview Audit overview System management overview Search and recover overview Reports overview

Log in to Data Protection Central To use the Data Protection Central monitoring and management features, log in to the user interface.

Steps

1. In a browser address bar, type https://, and then the FQDN or IP address of the Data Protection Central server.

2. In the Username field, type a valid username. The default web browser account is:

administrator@dpc.local 3. In the Password field, type the password for the user. The web browser account password is:

secret 4. Click LOG IN.

If this is the first time you are logging in to Data Protection Central, you are prompted to change the password.

User interface The Data Protection Central user interface includes the following components.

Header The header includes the following components:

Active Filter button: This button enables you to filter the information that appears on a page by one or more systems, groups, or tags.

The Active Filter button appears only on pages where you can filter information. User menu: This menu enables you to change the password or log out of Data Protection Central. About button: This button enables you to view Data Protection Central version information.

3

26 Getting Started with Administration

Figure 2. Header

User menu The User menu provides the capability for you to perform user tasks.

To perform the following user tasks, use the User menu:

Change the password of the local Data Protection Central administrator user (administrator@dpc.local). NOTE: If an external LDAP or AD user is logged in to the Data Protection Central environment, change password is

not supported.

Log out of the user interface.

Figure 3. User menu

Left menu The left menu provides the capability for you to browse the user interface.

From the left menu, you can access the following Data Protection Central features:

Dashboard Health Alerts Capacity Asset Activities Job Activities System Management Asset Inventory Reports Audit Search and Recovery

Pages Data Protection Central presents information in dashboards and detail pages.

Dashboard pages provide at a glance insight into operational behavior.

Detail pages display focused information and provide the capability for you to perform Data Protection Central tasks.

Master and Detail panes Most Data Protection Central pages are composed of a Master and Detail pane.

The Master pane appears on the left side of a page and displays information in a table format. The Detail pane appears on the right side of a page and displays additional information for a selected row in a table. The Detail pane may also include buttons that you can use to perform tasks that are specific to the selected row in the table.

Getting Started with Administration 27

Changing dashboards Click the Dashboard drop-down list to select a different dashboard.

Filtering Data Protection Central includes filtering capabilities. Filtering allows you to customize the information that appears.

The following filter types are available for you to use:

Column filters: Appear in table headers. Domain Filter: Appears in the Policies, Retentions, Schedules, and Datasets pages for Avamar only. Active Filter: Appears in the user interface header. Asset Filter: Appears as a search bar on the Asset Inventory page. Widget Filter: Appears in widgets on the dashboard.

Column filters Column filters can be used to filter the information that appears in table columns. Depending on the table column, You can specify one of the following options:

All Available Last Hour Last 24 hours Last 7 days Custom (specific date-and-time range)

Domain Filter The Domain Filter can be used to select the domains that you want to view in the Policies, Retentions, Schedules, and Datasets pages for Avamar only. When adding a policy, retention, schedule or dataset, the domain filter also determines which domain the policy, retention, schedule or dataset is added in.

Asset Filter The Asset Filter can be used to filter assets listed on the Asset Inventory page. The Asset Filter search bar enables you to filter assets using a search phrase such as an asset tag, operating system, plugin, or asset name.

Active Filter The Active Filter can be used to filter by system or system group (one or more). On the Asset Inventory and Asset Activities pages, you can use the Active Filter to filter by asset tags.

The Active Filter appears in on the following pages:

Health Alerts Capacity Job Activities Asset Activities Asset Inventory

To filter certain items with the Active Filter, move one or more systems or system groups to the Filtered By pane.

When the Active Filter is enabled, a white filter icon appears enclosed in a circle in the header

Widget Filter The Widget Filter can be used to refine the information that appears in a widget.

All types of widgets include a Widget Filter that enables you to filter the information reported in that widget by time range, system, system groups, or, for asset specific widgets, by asset tags.

Several widgets allow you to filter by time range. You can specify one of the following options:

All Available Last Hour Last 24 hours Last 7 days

The Activities Trend widget enables you to view a historical 7-day trend of activities by using the Days Ago filter. For example, if you want to see the 7-day activity trend from 30 days ago, select Days Ago, and use the slider to select 30. To drill down to a data grid with more details, select a point in the graph.

The Activities Count and Activities Trend widgets allow you to choose to view activities information at the job or asset level. Also, these widgets allow you to pick whether to display backup activities, replication activities, or both.

28 Getting Started with Administration

When you use a dashboard widget to access a page, the information that is displayed is automatically filtered based on the widget filter settings.

Any active filters that are applied to a page, are listed in the filtered by section that appears at the top of the table.

Monitoring data is stored for 90 days. The All Available option is limited to data stored within the last 90 days.

Sort information that is displayed in tables Information that is displayed in tables can be sorted in ascending or descending order.

About this task

To sort information, click a column heading.

After you click the column heading, an arrow appears. An up-arrow indicates that the column data is sorted in ascending order. A down- arrow indicates that the column data is sorted in descending order.

Dialog boxes Dialog boxes can appear with information about a specific task. Dialog boxes can also appear for questions that require a decision.

Notification bar To inform you of completed events or to alert you of issues that may require attention, notifications may appear in a bar across the top of the Data Protection Central interface.

Figure 4. Example notification

Overflow button Overflow buttons can appear within the user interface. When you click an Overflow button, a menu of available operations appears.

Figure 5. Overflow button

Dashboards overview Data Protection Central dashboards provide at-a-glance insight into systems and activities.

Dashboard widgets include key performance indicators that display the following types of system information:

Backup Activities Replication Activities Trends Assets Capacity Health Alerts

From dashboard widgets, you can drill down into specific areas of interest.

All dashboard widgets have customizable settings. The customizable settings vary based on each widget. Certain widgets allow you to change the view, activity type, and time range. All widgets include a widget filter that you can use to filter by systems and groups. The widget filter also can filter by asset tags when available for a widget .

Getting Started with Administration 29

You can customize the dashboard layout to your preference by changing the widget type. Individualized dashboard settings are stored for each user. You can add, edit, and delete custom dashboards. Each user can create and store up to 20 dashboards.

Health overview Data Protection Central tracks various criteria to determine system health status, including communication, alerts, SSO, and capacity for systems that are configured in Data Protection Central.

This information is used to determine the overall health state of the system. The health status is reported on the Health page.

Alerts overview To view and manage alerts for Data Protection Central and all systems, visit the Alerts page.

Data Protection Central maps alerts from systems to three alert levels: Error, Warning, or Informational.

Capacity overview Capacity monitoring can keep you aware of unexpected data growth that may cause downstream failures.

To view the capacity state of all Avamar and Data Domain systems that are configured in Data Protection Central, visit the Capacity page.

Activities overview Data Protection Central Activities include system activities at the job and asset level.

System activity includes information about backup and replication activities for Avamar and NetWorker systems connected to Data Protection Central.

NOTE: NetWorker replication activities are not reported on the Asset Activities page because NetWorker does not

perform replication at the level of individual assets.

Audit overview Audit information includes actions and tasks that Data Protection Central users have performed. The audit information can also be used to track the status of long running tasks.

View audit information on the Audit page.

System management overview The System Management page provides the capability for you to add, edit, remove, and manage systems and groups in Data Protection Central.

The following list includes the system management capabilities that are available in Data Protection Central:

Add, edit, and delete Avamar, NetWorker, Data Domain, Data Protection Advisor, and Search systems. Organize systems into groups, including the ability to add, edit, and delete groups. View system information. Launch the native management application for the system. For Avamar systems:

View, add, edit, and delete policies, retentions, schedules, and datasets. Add clients and proxies to policies. Perform a backup of a policy.

When an Avamar system is not reporting, you can reactivate messaging.

30 Getting Started with Administration

Search and recover overview Data Protection Central integrates with Search to provide you with the ability to perform complex search and recover operations.

Data Protection Central launches Search in a new browser window.

For information about how to use Search, refer to the Search documentation set.

NOTE: To take full advantage of Data Protection Central capabilities, it is recommended that all systems that are

configured in Search also be configured in Data Protection Central.

Reports overview Data Protection Central provides the capability for you to run 11 of the most used Data Protection Advisor reports for Avamar, NetWorker, and Data Domain systems.

Data Protection Central reporting features require you to have Data Protection Advisor system configured with Data Protection Central.

For more information about Data Protection Advisor, refer to the Data Protection Advisor documentation set.

You can run, and then view these reports directly in the Data Protection Central user interface. You can also specify the reporting period for these reports within the Data Protection Central interface.

NOTE: To take full advantage of Data Protection Central capabilities, it is recommended that all systems that are

configured in Data Protection Advisor also be configured in Data Protection Central.

Getting Started with Administration 31

Adding Systems to Data Protection Central Learn about how to add data protection systems to Data Protection Central.

NOTE: For information about editing systems and troubleshooting, refer to the Data Protection Central Administration Guide.

Topics include:

Topics:

Add an Avamar system Add a NetWorker system Add a Data Domain System Add a Data Protection Advisor system Add a Search system

Add an Avamar system To use Data Protection Central to monitor and manage Avamar systems, add one or more Avamar systems.

Steps

1. In the Left menu, select System Management.

2. Click .

The Add System window appears.

3. On the Select System Type page, select Avamar, and then click Next. 4. On the Connection Information page, specify the following information:

Name: Specify a name that helps identify the system. Hostname: Specify the fully qualified domain name (FQDN) of the Avamar system. Avamar Username: Specify the username of the Avamar system. For Avamar Administrator, the username is MCUser. Avamar Password: Specify the password for the Avamar system user interface. OS Root password: Specify the OS root password.

5. (Optional) To specify optional fields, click Show optional fields, and then specify the following information, as required:

Port: Specify the Avamar MCS port. The default value is 9443. To specify the default value, leave this field blank. NOTE: When you add a system to Data Protection Central that uses a non-standard port, you must modify the

Data Protection Central firewall to allow communication with that port. The Data Protection Central Security Configuration Guide provides instructions.

Override MCGUI URL: Specify an alternate URL destination for the AVAMAR ADMINISTRATOR button.

To override the AVAMAR ADMINISTRATOR link to direct to the AUI, type https:// /aui.

6. Click Next. 7. On the Certificate Verification page, to ensure that you are adding the correct system, verify that the certificate information being

displayed matches the exact certificate on the Avamar system. 8. Once you have confirmed that the certificate information is correct, select Accept Certificate, and then click SAVE.

Data Protection Central does not validate the certificate and uses the certificate that you verify to connect with the system. If the remote system's certificate changes, Data Protection Central will refuse to connect with the system.

In this scenario, edit the system on the Data Protection Central System Management page to verify the new certificate details.

4

32 Adding Systems to Data Protection Central

Add a NetWorker system To use Data Protection Central to monitor and manage NetWorker systems, add one or more NetWorker systems.

Steps

1. In the Left menu, select System Management.

2. Click

The Add System window appears.

3. On the Select System Type page, select NetWorker, and then click Next. 4. On the Connection Information page, specify the following information:

Name: Specify a name that helps identify the system. Hostname: Specify the IP address or fully qualified domain name (FQDN) of the NetWorker server. Username: Specify the local NetWorker Authentication Service administrator username. Password: Specify the local NetWorker Authentication Service administrator password.

5. (Optional) To specify optional fields, click Show optional fields, and then specify the following information, as required:

Port: Specify the REST API port number. The default value is 9090. NOTE: When you add a system to Data Protection Central that uses a non-standard port, you must modify the

Data Protection Central firewall to allow communication with that port. The Data Protection Central Security Configuration Guide provides instructions.

NMC URL: Specify the NMC URL when NMC is installed on a server that is different from the NetWorker server. Type the URL in the following format:

:// : /gconsole.jnlp

where:

is either HTTP or HTTPS, depending on the connection type set up to access NMC. is the NMC server hostname or IP address. is the port number for the HTTP or HTTPS service. The default port number is 9000 for HTTP and 9090 for HTTPS.

NWUI URL: Specify the URL when the NetWorker Management Web UI software is installed in a location that is different from the default location. Type the URL in the following format:

https:// : /nwui

where:

is the NetWorker Management Web UI server hostname or IP address. is the port number for the HTTPS service. The default port number is 9090.

6. Click Next. 7. On the Certificate Verification page, to ensure that you are adding the correct system, verify that the certificate information being

displayed matches the certificate on the NetWorker system. 8. Once you have confirmed that the certificate information is correct, select Accept Certificate, and then click SAVE.

Data Protection Central does not validate the certificate and uses the certificate that you verify to connect with the system. If the remote system's certificate changes, Data Protection Central will refuse to connect with the system.

In this scenario, edit the system on the Data Protection Central System Management page to verify the new certificate details.

Next steps

If the NetWorker system is a NetWorker Virtual Edition system, perform the procedure described in Edit NetWorker Virtual Edition firewall settings to enable Data Protection Central to read jobs on page 34.

Adding Systems to Data Protection Central 33

Edit NetWorker Virtual Edition firewall settings to enable Data Protection Central to read jobs The NetWorker Virtual Edition default firewall setting blocks Data Protection Central from reading job information. As a result, no information about NetWorker jobs is reported unless you change the firewall settings.

About this task

Perform the following procedure on the NetWorker Virtual Edition system to enable Data Protection Central to read jobs information. NOTE: This procedure modifies the firewall to use port 5671 and requires NetWorker 9.2.1.4, 18.1.0.2-41, or 18.2.0-28,

and later versions. If you are using earlier NetWorker versions, you must modify the firewall to use port 5672 instead of

5671. For example, if using NetWorker 18.1.0.1-37, modify the firewall to use port 5672, but if using NetWorker

18.1.0.2-41, then modify firewall to use port 5671.

Steps

1. Log into the NetWorker Virtual Edition system's root account (or log in to another account and 'su' to root). 2. Open the /etc/entfirewall.base file for editing.

3. Modify the following lines to allow a connection to port 5671. The added text is in bold:

# Netty and Rabbit MQ exec_rule -A INPUT -p tcp -m multiport --dport 5445,5446,5671,61619 -j ACCEPT exec_rule -A OUTPUT -p tcp -m multiport --dport 5445,5446,5671,61619 -j ACCEPT

4. To apply the changes, restart the firewall service using the following commands:

a. service entfirewall stop b. service entfirewall start

5. To confirm that job information is reported in Data Protection Central, run a NetWorker backup, and then verify that the backup is reported on the Data Protection Central Job Activities page.

NOTE: If you upgrade NetWorker, the firewall settings revert back to block Data Protection Central from reading job

information and you must perform this workaround procedure again.

Add a Data Domain System Steps

1. In the Left menu, select System Management.

2. Click .

The Add System window appears.

3. On the Select System Type page, select Data Domain, and then click Next. 4. On the Connection Information page, specify the following information:

Name: Specify a name that helps identify the system. Hostname: Specify the Fully Qualified Domain Name (FQDN) of the Data Domain system. Username: Specify the Data Domain administrator username. Password: Specify the Data Domain administrator password.

5. Click Next. 6. On the Certificate Verification page, to ensure that you are adding the correct system, verify that the certificate information being

displayed matches the certificate on the Data Domain system. 7. Once you have confirmed that the certificate information is correct, select Accept Certificate, and then click SAVE.

Data Protection Central does not validate the certificate and uses the certificate that you verify to connect with the system. If the remote system's certificate changes, Data Protection Central will refuse to connect with the system.

In this scenario, edit the system on the Data Protection Central System Management page to verify the new certificate details.

34 Adding Systems to Data Protection Central

Add a Data Protection Advisor system To use the Data Protection Central reporting features, you must add a Data Protection Advisor system.

Steps

1. In the Left menu, select System Management.

2. Click .

The Add System dialog box appears.

3. On the Select System Type page, select Data Protection Advisor, and then click Next. 4. On the Connection Information page, specify the following information:

Name: Specify a name that helps identify the system. Hostname: Specify the fully qualified domain name (FQDN) of the Data Protection Advisor system. Username: Specify the Data Protection Advisor Administrator username. Password: Specify the Data Protection Advisor Administrator password.

5. (Optional) To specify a non-default Data Protection Advisor port number, click Show optional fields, and then type the port number in the Port field.

NOTE: When you add a system to Data Protection Central that uses a non-standard port, you must modify the Data

Protection Central firewall to allow communication with that port. The Data Protection Central Security Configuration Guide provides instructions.

6. Click Next. 7. On the Certificate Verification page, to ensure that you are adding the correct system, verify that the certificate information being

displayed matches the certificate on the Data Protection Advisor system. 8. Once you have confirmed that the certificate information is correct, select Accept Certificate, and then click SAVE.

Data Protection Central does not validate the certificate and uses the certificate that you verify to connect with the system. If the remote system's certificate changes, Data Protection Central will refuse to connect with the system.

In this scenario, edit the system on the Data Protection Central System Management page to verify the new certificate details.

Add a Search system To perform advanced search and recover operations, you must add a Search system.

Steps

1. In the Left menu, select System Management.

2. Click .

The Add System window appears.

3. On the Select System Type page, select Data Protection Search, and then click Next. 4. On the Connection Information page, specify the following information:

Name: Specify a name that helps identify the Search system. Hostname: Specify the fully qualified domain name (FQDN) of the Search system. Username: Specify the Search Administrator username. Password: Specify the Search Administrator password.

5. (Optional) To specify optional fields, click Show optional fields, and then specify the following information, as required:

Admin Rest API Port: Specify the Search REST API port. The default value is 448. Search UI Port: Specify the Search UI port. The default value is 443.

NOTE: When you add a system to Data Protection Central that uses a non-standard port, you must modify the Data

Protection Central firewall to allow communication with that port. The Data Protection Central Security Configuration Guide provides instructions.

6. Click Next.

Adding Systems to Data Protection Central 35

7. On the Certificate Verification page, to ensure that you are adding the correct system, verify that the certificate information being displayed matches the certificate on the Search system.

8. Once you have confirmed that the certificate information is correct, select Accept Certificate, and then click SAVE.

Data Protection Central does not validate the certificate and uses the certificate that you verify to connect with the system. If the remote system's certificate changes, Data Protection Central will refuse to connect with the system.

In this scenario, edit the system on the Data Protection Central System Management page to verify the new certificate details.

36 Adding Systems to Data Prot

Manualsnet FAQs

If you want to find out how the Data Protection Central Dell works, you can view and download the Dell Data Protection Central 19.1 Data Protection Getting Started Guide on the Manualsnet website.

Yes, we have the Getting Started Guide for Dell Data Protection Central as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Getting Started Guide should include all the details that are needed to use a Dell Data Protection Central. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell Data Protection Central 19.1 Data Protection Getting Started Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell Data Protection Central 19.1 Data Protection Getting Started Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell Data Protection Central 19.1 Data Protection Getting Started Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell Data Protection Central 19.1 Data Protection Getting Started Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell Data Protection Central 19.1 Data Protection Getting Started Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.