Contents

Dell DD OS 7.3 Amazon Operating System Installation And Administration Guide PDF

Pages 56
Year 0
Language(s)
English en
1 of 56
1 of 56

Summary of Content for Dell DD OS 7.3 Amazon Operating System Installation And Administration Guide PDF

PowerProtect DD Virtual Edition on Amazon Web Services Installation and Administration Guide

DDVE 6.0

October 2020 Rev. 03

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid

the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

2016 - 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Revision history..........................................................................................................................................................................5

Preface......................................................................................................................................... 6

Chapter 1: Getting Started............................................................................................................ 7 Purpose of this guide.......................................................................................................................................................... 7 Audience.................................................................................................................................................................................7 Prerequisites, limitations, and resources........................................................................................................................7 Architecture overview........................................................................................................................................................ 8

Chapter 2: Introducing DDVE ...................................................................................................... 10 Introducing DDVE...............................................................................................................................................................10 DDVE cloud features ........................................................................................................................................................10

Chapter 3: Deploying DDVE..........................................................................................................12 Preparing your environment to deploy DDVE on AWS............................................................................................. 12

Create an S3 bucket....................................................................................................................................................12 Set up role-based access to the AWS object store ........................................................................................... 14

Deploying DDVE in AWS...................................................................................................................................................16 Deploying DDVE using a Cloud Formation Template........................................................................................... 16 Deploying DDVE manually from the AWS console...............................................................................................20 Adding more metadata disks for the DDVE instance..........................................................................................23 Expand metadata storage......................................................................................................................................... 26

Chapter 4: Completing Initial DDVE Configuration....................................................................... 27 Configuring DDVE on AWS............................................................................................................................................. 27

Using the DD System Manager to configure DDVE ...........................................................................................27 Using the CLI to configure the DDVE.................................................................................................................... 30

Recovering DDVE with system headswap.................................................................................................................. 34 Recovering the system.................................................................................................................................................... 36

Chapter 5: Administering DDVE...................................................................................................38 Upgrade from M4 to M5 instance type....................................................................................................................... 38 Upgrading M5 instance type.......................................................................................................................................... 39 Extensions to DDOS for DDVE...................................................................................................................................... 39

perf..................................................................................................................................................................................39 System vresource........................................................................................................................................................40

DDVE-only commands......................................................................................................................................................40 Modified DD OS commands.............................................................................................................................................41 Unsupported DD OS commands ...................................................................................................................................42 Troubleshooting performance issues............................................................................................................................47

Appendix A: Best Practices for Working with DDVE in the Cloud................................................. 48 ASUP configuration.......................................................................................................................................................... 48 AWS licensing.....................................................................................................................................................................48

Contents

Contents 3

Storage best practices.....................................................................................................................................................48 Security best practices....................................................................................................................................................50

Appendix B: Networking Best Practices for DDVE in the Cloud.................................................... 53 Network setup in AWS.....................................................................................................................................................53 Network infrastructure setup.........................................................................................................................................54

Appendix C: Installing and Configuring DDVE on Block Storage in the Cloud ...............................56 Overview of DDVE on block storage............................................................................................................................56 Configuring DDVE on block storage with DD System Manager............................................................................ 56

4 Contents

Revision history Table 1. DDVE 6.0 on AWS Installation and Administration Guide revision history

Revision Date Description

03 October 2020 Documentation bug fixes

02 September 2020 Fixed typo (DDOS-73286)

01 August 2020 Initial Publication (with DD OS 7.3)

Revision history 5

As part of an effort to improve its product lines, we periodically release revisions of its software and hardware. Therefore, some functions described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information on product features.

Purpose This manual describes how to install, configure, and administer DD Virtual Edition (DDVE) systems.

Audience This manual is intended for use by both system administrators and general users of DD Virtual Edition.

Related documentation The following publications and websites provide additional information:

DD Operating System Release Notes DD Operating System Initial Configuration Guide

This manual explains configuration steps that are common to hardware and virtual DD systems.

DD Operating System OS Command Reference Guide

This manual explains how to administer DD systems from the command line.

DD Operating System OS Administration Guide

This manual explains how to administer DD systems with the System Manager graphical user interface.

DD Boost for OpenStorage Administration Guide

This manual explains how to use the DD Boost protocol for data transfer between backup software and DD systems.

Avamar, DD and NetWorker Compatibility Guide: http://compatibilityguide.emc.com:8080/CompGuideApp/

This website lists Avamar and NetWorker software support for DDVE.

Where to get help We support, product, and licensing information can be obtained as follows:

Product information

For documentation, release notes, software updates, or information about products, go to Online Support at https://support.emc.com.

Technical support

For technical support of this release of DDVE, go to Online Support at https://support.emc.com.

Your comments Your suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Send your opinions of this document to [email protected]

Preface

6 Preface

Getting Started This chapter includes the following topics:

Topics:

Purpose of this guide Audience Prerequisites, limitations, and resources Architecture overview

Purpose of this guide

This installation guide is intended as a supplement to the DD Operating System Administration Guide, which includes content applicable to all DD systems, including upgrading the DDVE software and using the DD System Manager to monitor DD systems for errors, disk space, and service events.

This guide contains content specific to deploying DD Virtual Edition (DDVE) on Amazon Web Services. Use this guide in conjunction with the DD Operating System Administration Guide and applicable AWS documentation.

See AWS Cloud Formation documentation for more information.

Audience This document is intended for data protection and storage administrators who want to use Amazon Web Services to back up DD Virtual Edition (DDVE) content. Users should have knowledge of the following technology:

AWS Management Console AWS services, such as AWS IAM, AWS CloudFormation, VPC, AWS security group, and route tables Amazon EC2, EBS, and S3 services

Prerequisites, limitations, and resources Review the general requirements for deploying DDVE on Amazon Web Services (AWS).

Create an AWS account

To deploy DDVE on AWS, you must have an AWS account. To set up an account, go to https://aws.amazon.com/getting- started/.

Identity and access management

AWS recommends that you create an IAM user or role for authenticating with AWS and never use root credentials to deploy the CloudFormation template. The IAM user must be allowed to perform AWS CloudFormation actions. The EC2 instance must be granted the IAM role to provide permissions to S3 storage.

The following links provide more information about AWS best practices:

Creating-an-IAM-User-in-Your-AWS-Account Using-IAM-Roles What-is-AWS-CloudFormation?

1

Getting Started 7

Security and operational best practices

Amazon recommends that you enable AWS CloudTrail logs to enable governance, compliance, and operational and risk auditing of your AWS account. AWS CloudTrail enables you to:

View the event history of your AWS account activity, including AWS Management Console actions, AWS SDKs, CLI, and other AWS services.

Identify the initiator of actions, resources involved, and event timing.

This event history helps to simplify security analysis, resource change tracking, and troubleshooting.

The following links provide more information:

Working-with-CloudTrail Turn-on-CloudTrail-across-all-regions-and-support-for-Multiple-Trails

AWS service limits and restrictions

The following links provide more information about AWS service limits and restrictions:

Bucket-Restrictions-and-Limitations IAM-and-STS-Limits How-do-I-manage-my-AWS-service-limits? AWS-Service-Quotas

Additional links

The following additional links provide more information about the AWS features that are used with a DDVE deployment:

Working-with-the-AWS-Management-Console AWS-Cloud-Formation AWS-Identity-and-Access-Management-(IAM) Amazon-Virtual-Private-Cloud Amazon-Elastic-Compute-Cloud-Documentation

Architecture overview DDVE is a virtual deduplication appliance that provides data protection for entry, enterprise, and service provider environments.

The following diagram represents the architecture of the DDVE on AWS solution.

8 Getting Started

Figure 1. Dell EMC Power Protect DD Virtual Edition (DDVE) on AWS

Legend:

1. To keep data traffic between DDVE and the S3 bucket within the AWS infrastructure, it is recommended that you create an S3 endpoint. The S3 endpoint keeps DDVE from depending on a NAT Gateway or Public IP address to access the S3 bucket.

2. To keep data transfers secure, it is recommended to use a VPN connection to replicate data from an on-premises host to DDVE in the cloud or the opposite way.

3. DDVE is categorized as a backend server. It must be kept in a private subnet with a private address. Never set a public IP address for DDVE.

4. It is recommended that you create the S3 bucket in the region where the DDVE instance is running. A separate bucket per each DDVE is required.

5. All DDVE instances must be secured with the appropriate security group entries.

Typically SSH (Port 22) or HTTPS (Port 443) is used for DDVE inbound access.

HTTPS (443) must be allowed for outbound S3 bucket access for DDVE.

TCP ports 2049 and 2051 are used for DD Boost and replication purposes.

See the DDVE documentation for more information and for a complete list of ports.

Availability Zones

DDVE is deployed within a single Availability Zone (AZ). It can be deployed within additional AZs to provide region redundancy using DD replication capabilities. The solution can also be deployed in alternative regions to provide further redundancy as needed.

Getting Started 9

Introducing DDVE This chapter includes the following topics:

Topics:

Introducing DDVE DDVE cloud features

Introducing DDVE DD Virtual Edition (DDVE) is a software-only protection storage appliance: a virtual deduplication appliance that provides data protection for entry, enterprise and service provider environments. Like any DD system, DDVE is always paired with backup software.

DDVE runs the DD Operating System (DD OS), and includes the DD System Manager graphical user interface (GUI) and the DD OS command line interface (CLI) for performing system operations.

DDVE includes the following features:

High-speed, variable length deduplication for a 10 to 30 times reduction in storage requirements Unparalleled data integrity to ensure reliable recovery, and seamless integration with leading backup and archiving

applications DD Boost to speed backups by 50 percent DD Encryption for enhanced security of data DD Replicator for network efficient replication that enables faster time-to-DR readiness

DDVE runs on two types of platforms:

On premises, DDVE supports VMware, Hyper-V, KVM, and VxRail. In the cloud, DDVE also runs in the Amazon Web Services (AWS) (cloud and gov cloud), Azure (cloud and gov cloud),

VMware Cloud (VMC) on AWS cloud platforms, and Google Cloud Platform (GCP).

For more information about the features and capabilities of DD systems (both physical and virtual), see the DD Operating System Administration Guide.

DDVE cloud features DDVE provides the capabilities of a cloud DD system using the following resource configuration sizes:

Table 2. DDVE on AWS resource configuration size

Type Resource configuration size

DDVE on Block storage up to 16 TB

DDVE on S3 storage up to 256 TB

The following sections list supported DD protocols and features in DDVE.

Supported DD protocols

DD Boost over IP DD Boost FS

2

10 Introducing DDVE

Supported DD features

DD Boost managed file replication (MFR) Encryption MTree replication DD System Manager GUI for DDVE management DD Active Tier (DD Cloud Tier is not supported) Secure multitenancy (SMT) with Network Isolation Support DD Boost/BoostFS for Big Data Key Management Interoperability Protocol (KMIP) More restricted IPtables settings AWS for Government Cloud

NOTE: DDVE supports these replication capabilities:

Managed file replication and MTree replication

Replication across availability zones and regions

Bi-directional replication between on-premises and AWS

The DD OS Administration Guide, DD Boost OST Guide, DD Boost for Partner Integration Administration Guide provide additional information about supported protocols and features.

Introducing DDVE 11

Deploying DDVE This chapter includes the following topics:

Topics:

Preparing your environment to deploy DDVE on AWS Deploying DDVE in AWS

Preparing your environment to deploy DDVE on AWS While DDVE is running in AWS cloud, customers can backup and restore their operational data from an S3 object store.

Observe these requirements:

Storage tier - DDVE on AWS supports Active Tier (Cloud Tier is not supported). Storage class - AWS provides multiple storage classes (Standard S3, Standard-IA, and so on). Standard S3 offers high

durability, availability, and performance for frequently accessed data. DDVE on AWS supports Standard S3.

The following sections provide general guidelines to deploy, configure, and run DDVE on AWS with Active Tier on S3 storage.

The high-level steps are as follows:

1. Configure the network environment.

For secure access to the DDVE, Dell EMC recommends that you use the VPC architecture that AWS provides. Configure the following components:

VPC Subnet Route tables Security groups Network access control list VPC Gateway endpoint for connectivity to S3

NOTE: DDVE supports only legacy endpoint format. If you configure firewall rules for endpoints, requests that map to

the legacy endpoints (*. s3- .amazonaws.com) must be allowed instead of the standard endpoints (*.

s3. .amazonaws.com).

Networking Best Practices for DDVE in the Cloud on page 53 provides more information. 2. Create an S3 bucket. 3. Configure role-based access to the AWS object store. 4. For secure login to DDVE, create an EC2 key access pair. See Amazon EC2 Key Pairs for instructions.

Create an S3 bucket

About this task

Create a bucket in S3 and make note of the bucket name. The bucket name is used in the IAM policy template to get access to the bucket. It is also used to create the object store profile on the DDVE.

Steps

1. Log in to the AWS console. Select Services > S3.

2. Click Create bucket and enter the bucket name and region.

3

12 Deploying DDVE

NOTE: Observe these requirements when creating a bucket for DDVE use:

To access an S3 bucket, AWS recommends using hosted-style URLs (where domain name includes the bucket name) instead of path-style URLs. For hosted-style URLs to work, do not use dots (".") in the bucket name.

Create the bucket in the same region as the DDVE instance. Provide a bucket name that is no longer than 48 characters. Do not enable bucket versioning for the bucket that is associated with the DDVE for these reasons:

Versioning adds to storage costs because older versions of the objects are retained despite running the DDVE garbage collection process.

Enabling versioning can also cause potential performance issues.

3. Click Create Bucket.

NOTE: Do not set up life-cycle rules for this bucket. Life-cycle rules could cause loss of critical data from the object

store.

Deploying DDVE 13

Set up role-based access to the AWS object store

Object store in AWS uses role-based access for S3 access. To access the S3 bucket, create and attach the Identity and Access Management (IAM) role to DDVE.

Prerequisites

To create the IAM role and the policy that is associated with the role, the AWS user must have the necessary IAM privileges. The following IAM privileges and actions are required to create and attach the IAM role:

"iam:AddRoleToInstanceProfile", "iam:AttachRolePolicy", "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:GetRole", "iam:GetRolePolicy", "iam:ListRolePolicies", "iam:ListRoles", "iam:PassRole", "iam:RemoveRoleFromInstanceProfile", "iam:UpdateRolePolicy", "iam:CreateInstanceProfile", "iam:PutRolePolicy", "iam:DeleteInstanceProfile"

About this task

When the role is attached to DDVE, the S3 object store credentials are automatically fetched. The AWS infrastructure periodically rotates the access credentials. The DDVE automatically fetches the new credentials before the old credentials expire.

Steps

1. Create the policy to attach with the IAM role:

a. Sign in to the AWS Management Console and open the IAM Service Console. b. In the navigation pane of the IAM console, select Policies > Create policy. c. Do one of the following:

Create a policy for AWS Standard Cloud:

In the Create policy web page, select the JSON tab. Replace the text under the JSON tab with the following content. Replace my-bucket-name with the name of the bucket that was created previously.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::my-bucket-name", "arn:aws:s3:::my-bucket-name/*" ] } ] }

Create a policy for AWS Gov Cloud:

In the Create policy web page, select the JSON tab. Replace the text under the JSON tab with the following content. Replace my-bucket-name with the name of the bucket that was created previously. For the resource tag below, use arn:aws-us-gov:s3:::my-bucket-name for AWS Gov clouds.

14 Deploying DDVE

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws-us-gov:s3:::my-bucket-name", "arn:aws-us-gov:s3:::my-bucket-name/*" ] } ] }

d. Verify this information, and then click Review policy. e. Provide a name and description for the policy, and click Create policy.

NOTE: Make a note of the policy name. It will be used to attach the policy to the role in the next step.

2. Create the role for S3 bucket access:

a. In the navigation pane of the IAM console, select Roles > Create role. b. On the Create role page:

i. For Select type of trusted entity, select AWS service. ii. For Choose the service that will use this role, select EC2, and then click Next Permissions.

c. On the Attach permissions policies page, select the policy that you created in the previous step. Select Next Tags to create a tag for the role.

Deploying DDVE 15

Figure 2. Creating a role

d. Click Next:Review. In the Review section, provide a name for the role and click Create role.

Next steps

You must attach the role to the DDVE instance before it can be configured. This task can be done during or after deployment.

Deploying DDVE in AWS You can deploy DDVE on AWS in two ways.

About this task

Methods of deployment in AWS:

Cloud Formation Template (CFT) from AWS marketplace DDVE Manual Deployment from AWS console

Dell EMC strongly recommends using the CFT method because it automatically creates and attaches NVRAM and metadata disks in the correct order according to Storage best practices.

Deploying DDVE using a Cloud Formation Template

This method is recommended.

Steps

1. Go to the appropriate Website:

For deployment in AWS standard cloud, use https://aws.amazon.com/marketplace. For deployment in AWS Gov cloud, use https://aws.amazon.com/mp/govcloud/.

2. Search for PowerProtect DD Virtual.

3. Select Dell EMC PowerProtect DD Virtual Edition (DDVE) and click Continue to Subscribe.

16 Deploying DDVE

NOTE: Your screen might be different than shown in the following figure.

Figure 3. Deploying DDVE using a CFT

4. Click Continue to Configuration.

Figure 4. Subscribing to the software

5. Select the following configuration, and then click Continue to Launch.

Fulfillment OptionSelect Cloud Formation Template. Software VersionSelect the correct version. RegionSelect where the DDVE is to deploy.

Deploying DDVE 17

Figure 5. Configuring software

6. Review the configuration details, select Launch the Cloud Formation template, and then select Launch. The template URL is populated.

7. Click Next.

8. Enter the following values to create the stack.

Stack name DDVE ModelFour options are available:

16 TB-Modelm5.xlarge 32 TB-Modelm5.2xlarge 96 TB-Modelm5.4xlarge 256 TB-Modelm5.8xlarge

System capacity Instance type vCPU Memory (GiB) Number of default metadata disks

16 TB M5.xlarge 4 16 2 x 1 TiB

32 TB M5.2xlarge 8 32 4 x 1 TiB

96 TB M5.4xlarge 16 64 10 x 1 TiB

256 TB M5.8xlarge 32 128 13 x 2 TiB

Override default metadata disks You can choose to override the default number of metadata disks by selecting a value from 1-24. The maximum number of metadata disks that can be attached to a DDVE instance in AWS is 24.

NOTE: Only the number of metadata disks can be overridden. The size of individual disks cannot be changed.

18 Deploying DDVE

DDVE name tag IAM Role for S3 accessType in the correct IAM role to be attached to the DDVE. Key pairSelect an existing key pair from the drop-down list. Subnet ID Security Groups

NOTE: The values in this figure are examples only. Replace them with values from your setup.

9. Continue stack configuration as needed. Click Next.

10. Review the stack configuration and click Create Stack.

11. Check the status of the stack you create on the ddve-stack-test page.

12. When the stack creation is complete, go to the EC2 instances and select the region to deploy the DDVE. Use the DDVE name tag from step 8 and verify that the corresponding EC2 instance is running.

NOTE: Avoid disabling or modifying the primary interface settings. The primary interface in cloud deployments has the

default gateway setting and is the only interface with which the DDVE can connect to the metadata server. The

metadata server is critical for DDVE operation.

Deploying DDVE 19

Deploying DDVE manually from the AWS console

This is an alternate approach for deployment.

Steps

1. Login to AWS console and navigate to the EC2 instances link.

2. Under the EC2 instances tab, select Private Images. Select the AMI image from the region in which you wish to deploy DDVE, and then click Launch.

3. Select the instance type from the three supported instance types. Click Configure Instance Details. For more details, refer to Storage best practices.

4. Select the VPC and subnet in which to deploy DDVE, and select the IAM role that you created in the previous section. Selecting the role during deployment automatically attaches it to this DDVE instance. If you did not previously create the VPC, subnet, or the IAM role, you can create them in this step. When you are done, click Add Storage.

20 Deploying DDVE

5. Add the NVRAM disk and metadata disks as shown below. Then click Add Tags.

a. Add a 10 GiB NVRAM disk (highlighted in red). b. Add the metadata disks (highlighted in green) according to the following configuration table.

NOTE: It is important to add the NVRAM disk before adding the metadata disks. Adding them in a different order

causes an unsupported hardware configuration error. Also, ensure that the EBS volume type is GP2 for all disks.

Table 3. Recommended configuration

Instance Type Number of metadata disks Size of each metadata disk Object store capacity

M5.xlarge 2 1 TiB 16 TB

M5.2xlarge 4 1 TiB 32 TB

M5.4xlarge 10 1 TiB 96 TB

M5.8xlarge 13 2 TiB 256 TB

NOTE: By default, the recommended metadata storage is 10% of the total capacity. This recommendation is based on a

10x deduplication ratio and a 2x compression ratio. For workloads with higher deduplication ratios, you can add more

metadata disks.

6. Add the tags as shown in the following figure, and then click Configure Security Groups.

Deploying DDVE 21

Adding tags enables you to easily search for volumes and instances.

7. Select from an existing security group. If you haven't created one previously, you can create it now. Click Review and Launch.

8. Review the configuration details, and then click Launch.

9. Select a key pair value or create a new key pair value for this instance, and then click Launch Instance.

22 Deploying DDVE

10. Click View instances to navigate to the EC2 instance tab. Search for the tag you created in step 6.

NOTE: Avoid disabling or modifying the primary interface settings. The primary interface in cloud deployments has the

default gateway setting and is the only interface with which the DDVE can connect to the metadata server. The

metadata server is critical for DDVE operation.

Adding more metadata disks for the DDVE instance

If required, more metadata disks can be added to the DDVE instance from the AWS console.

Prerequisites

AWS DDVE instances support adding only up to 24 metadata disks. If you reach the limit for adding metadata disks, you can choose to expand the existing metadata disks. See Expand metadata storage on page 26 for details.

Steps

1. Log in to the AWS console.

Deploying DDVE 23

2. Select EC2 dashboard under services. Navigate to the Elastic Block Store pane and click Volumes.

3. Provide the following details. Then click Create Volume.

Volume Type: Select GP2. Size (GiB): Select 1024 for 16/32/96 TB DDVE instance and 2048 for 256 TB DDVE instance. Availability Zone (AZ): Choose the same AZ in which the DDVE instance is deployed. Name Tag: Add a name tag for the volume to filter it in searches.

Leave Snapshot ID blank.

4. In the Volumes tab, enter the name tag (created in previous step) for the volume. Select the volume, click Actions, and select Attach Volume.

24 Deploying DDVE

5. In the attach volume window, enter the instance ID and device name:

Instance: Enter the name/instance ID of the DDVE instance, and select the correct instance from the list of instance options.

Device: Based on the instance, a default device name is automatically populated in this field. The device names for existing volumes on this instance can be /dev/sd* or /dev/xvd*. Ensure that the new volume being attached follows the device naming convention for other metadata disks on this instance.

NOTE: You can check the device names for an instance by selecting an instance in the EC2 dashboard and viewing the

block device names for its EBS volumes:

Deploying DDVE 25

6. To create and attach additional metadata disks to the DDVE instance, repeat steps 2 on page 24 to 5 on page 25.

7. To configure the metadata storage using CLI or DDSM, log in to the DDVE instance.

Using CLI:

Run the disk show hardware command to verify that the new metadata disk or disks are successfully added to the DDVE instance.

Run the storage add dev command to add the new metadata disk or disks to the active tier.

Run the filesys expand to make the newly added metadata disk or disks available to the filesystem.

Using DDSM:

Alternatively, you can configure the storage using DDSM. Click Hardware > Storage > Configure Storage.

NOTE: Do not manually configure spindle groups. Spindle group configuration occurs automatically.

Expand metadata storage

Expand metadata storage by increasing the size of existing metadata disks.

Prerequisites

It is recommended that you expand metadata storage by adding new metadata disks. When the total number of metadata disks reaches its limit, you can expand metadata storage by increasing the size of existing metadata disks.

Before expanding metadata storage, disable the file system. You cannot expand the first metadata disk. When expanding the size of an existing metadata disk, it is recommended to expand it in 1 TiB increments. Shrinking the metadata disk is not supported.

Steps

1. Shut down the DDVE instance by using the system system poweroff command from the CLI.

2. Log in to the AWS web console.

a. From the Volumes tab, select the metadata disk that you want to expand.

NOTE: The first metadata disk is not available for expansion.

b. Click Actions > Modify Volume. c. Change the size of the metadata disk (for example, from 1024 TiB to 2048 TiB), and click Modify.

3. To increase the size of other metadata disks, if required, repeat step 2 on page 26.

4. From the AWS web console, select the DDVE and start it.

5. Disable the file system with the filesys disable command.

6. Expand metadata storage with the filesys expand command.

7. Enable the file system by using the filesys enable command.

8. To confirm the metadata storage expansion, use the filesys show space tier active local-metadata command.

26 Deploying DDVE

Completing Initial DDVE Configuration This chapter includes the following topics:

Topics:

Configuring DDVE on AWS Recovering DDVE with system headswap Recovering the system

Configuring DDVE on AWS You can use the DDSM interface or the CLI to configure the DDVE on AWS.

Prerequisites

Ensure that you complete the following:

Consider metadata storage size and count requirements. See Storage Best Practices. Create an S3 bucket in the same region in which DDVE is deployed. Create a bucket in AWS provides instructions. Make a note of the bucket name. You will need it to create the object store profile.

About this task

Use one of the following procedures to configure the DDVE on AWS:

Using the DD System Manager to configure DDVE on page 27 Using the CLI to configure the DDVE on page 30

Using the DD System Manager to configure DDVE

Use this procedure to configure DDVE on AWS using the DD System Manager interface.

Steps

1. Log in to DD System Manager using the DDVE IP address. The default login credentials for the DDVE instance are:

Username: sysadmin AWS default password: Default sysadmin password is the EC2 instance-id for the DDVE

2. Add licenses. Select from the list of options of licenses to apply:

Pre-Installed Evaluation License (provides 45 days of limited access to DDVE software for evaluation purposes and may only be used in a non-production environment.)

NOTE: If you begin the configuration with the evaluation license, but want to purchase a license later, you need the

Node Locking ID for the DDVE instance. Click Administration > Licenses to view the Node Locking ID.

License File License Server (if available)

3. Accept the End User License Agreement.

4. The configuration wizard is launched automatically. Leave the Network settings as default and click No to proceed.

5. Click Yes to set up File System configuration.

6. For the Storage Type, select Object Store and enter the passphrase and the bucket name. For AWS GovCloud, there is an option to select the FIPS endpoint, as shown in the following figure.

4

Completing Initial DDVE Configuration 27

7. For Configure CA Certificates, import the Baltimore CyberTrust Root certificate to communicate with AWS S3 Object Store.

8. Configure Storage. Under Available Storage, select the disks and click Add to Metadata to move them to the Metadata Storage section. Add the disks to the active tier to add the metadata storage disk to the instance.

9. On the File System Summary Page, select the Summary tab to review all the fields. Select Enable file system after creation and click Submit.

10. The file system is created and enabled.

11. Click OK to go to the System Settings tab.

12. Change the DDVE password.

28 Completing Initial DDVE Configuration

13. Configure the email server as required.

14. Click Submit to save the system settings. Close the wizard.

15. DDVE must have accurate and consistent time synchronization for object store communication. DDVE can synchronize time by using Amazon Time Sync Service or by configuring an NTP server.

Option Description

Method 1 - Using Amazon Time Sync Service (recommended)

By default, DDVE uses Amazon Time Sync Service for time synchronization through a chrony client. DDVE does not require Internet access or configuration of security group rules to use this time synchronization service. Dell EMC recommends using the Amazon Time Sync Service.

Method 2 - Configuring NTP server (not recommended)

To override the default, you can configure an NTP server on the DDVE:

a. Select Administration > Settings. b. Select More Tasks > Configure Time Settings. c. Under More Tasks, select NTP > Manually Configure and add the NTP servers as

0.amazon.pool.ntp.org.

NOTE: To switch to the default service (Amazon Time Sync), select Administration >

Settings > More Tasks > Configure Time Settings > Choose None.

Results

The DDVE configuration is complete.

Updating the configuration

If you modify the object-store profile or make other changes after the initial DDVE configuration, you will need to relaunch the configuration wizard.

Steps

1. Select Maintenance > System.

2. Select Configuration System.

Completing Initial DDVE Configuration 29

3. Select Data Management > File System to view object store local metadata storage.

Using the CLI to configure the DDVE

You can log in through SSH to configure the DDVE using the command line interface (CLI). Authentication using EC2 key access pair and username and password are supported.

Steps

1. Log in to the DDVE instance to configure the system. The default login credentials for the DDVE instance are:

Username: sysadmin AWS default password: Default sysadmin password is the EC2 instance-id for the DDVE.

# ssh [email protected] EMC DD Virtual Edition Password:

Welcome to Data Domain OS 7.2.0.5-xyz [email protected]#

2. During the first login, users are prompted to accept the EULA and change the password.

3. The configuration wizard launches.

4. Follow the steps in the wizard to add an elicense and to configure object store.

NOTE:

If an elicense file cannot be found in /ddr/var, the license can be pasted directly in the wizard.

The System Passphrase is required to encrypt the object store credentials. If file system encryption is enabled, the

System Passphrase is also used to encrypt keys.

For AWS, the profile creation requires that you import the Baltimore CyberTrust Root certificate to communicate

with the object store.

For AWS GovCloud, profile creation has an additional option to enable the FIPS endpoint.

Welcome to Data Domain OS 7.2.0.5-xyz ----------------------------------------- Do you want to configure system using GUI wizard (yes|no) [no]:

Network Configuration Configure Network at this time (yes|no) [no]:

eLicenses Configuration Configure eLicenses at this time (yes|no) [no]: yes

30 Completing Initial DDVE Configuration

Available eLicense Files # File Name - ------------ 1 elicense.lic - ------------ Do you want to use an existing eLicense file (yes|no) [yes]: Enter the index of eLicense file [1|cancel] :1 Pending eLicense Settings Existing Licenses: Capacity licenses: ## Feature Capacity Type State Expiration Date Note -- -------- --------- --------------- ------ --------------- ---- 1 CAPACITY 87.31 TiB permanent (int) active n/a -- -------- --------- --------------- ------ --------------- ---- ________** System is using internal licenses.

New Licenses: Capacity licenses: ## Feature Capacity Type Date Note State Expiration -- -------- --------- --------------- ------ --------------- ---- 1 CAPACITY 87.31 TiB permanent (int) active n/a -- -------- --------- --------------- ------ --------------- ----

** New license(s) will overwrite existing license(s). Do you want to save these settings (Save|Cancel|Retry): Save

Successfully updated eLicenses.

Filesystem Configuration Configure Filesystem at this time (yes|no) [no]: System Configuration Configure System at this time (yes|no) [no]:

CIFS Configuration Configure CIFS at this time (yes|no) [no]:

NFS Configuration Configure NFS at this time (yes|no) [no]:

SMT Configuration Configure SMT at this time (yes|no) [no]:

Storage object-store profile Configuration Configure Storage object-store profile at this time (yes|no) [no]: yes Do you want to enable object store (yes|no) [yes]: A passphrase needs to be set on the system. Enter new passphrase: Re-enter new passphrase: Passphrases matched.

Config object store DD VE is running in AWS. Role-based access will be used to access s3. Enter the bucket name: sharms62-atos-bkt1 Do you want to use the FIPs 140-2 endpoint (yes|no) [no]: no Object-store endpoint needs the Baltimore CyberTrust Root certificate to be imported. Do you want to import that certificate with below fingerprint? D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 (yes|no) [yes]:

Completing Initial DDVE Configuration 31

Pending Object Store Settings

Bucket name: sharms62-atos-bkt1 Do you want to save these settings (Save|Cancel|Retry): Save The passphrase is set

Successfully set object store profile.

Configuration complete.

5. Run the following command to view the disks that are attached to the DDVE:

# disk show hardware Disk Slot Manufacturer/Model Firmware Serial No. Capacity Type (pci/idx) ---- --------- -------------------- -------- ---------- --------- ----- dev1 -/a Virtual BLOCK Device n/a (unknown) 250.0 GiB BLOCK dev2 -/b Virtual BLOCK Device n/a (unknown) 10.0 GiB BLOCK dev3 -/c Virtual BLOCK Device n/a (unknown) 1.0 TiB BLOCK ---- --------- -------------------- -------- ---------- --------- -----

6. Add the metadata storage disks to the active tier:

# storage add tier active dev

7. Create and enable the file system:

# filesys create # filesys enable

8. DDVE requires reliable time synchronization for object store communication. DDVE can synchronize time by using Amazon Time Sync Service or by configuring an NTP server.

Option Description

Method 1 - Using Amazon Time Sync Service (recommended)

By default, DDVE uses Amazon Time Sync Service for time synchronization through a chrony client. DDVE does not require Internet access or configuration of security group rules to use this time synchronization service. Dell EMC recommends using the Amazon Time Sync Service.

Method 2 - Configuring NTP server (not recommended)

To override the default, you can configure an NTP server by running these commands:

ntp add timeserver 0.amazon.pool.ntp.org ntp enable ntp sync

NOTE: ntp disable switches to the default time synchronization option (Amazon

Time Sync Service).

Results

The DDVE configuration is complete.

Configure the DDVE manually

This section describes how to manually configure the DDVE, e.g., updating elicense, setting the system passphrase, enabling the object-store feature and setting the object-store profile. These steps can be executed if the configuration wizard was skipped or at any point after the initial configuration.

Steps

1. Add the elicense by placing the license file under /ddr/var/license. Run the command elicense update license.lic

NOTE: If the license file cannot be found in /ddr/var its content can be pasted directly on the console.

32 Completing Initial DDVE Configuration

# elicense update license.lic Existing licenses:

Capacity licenses: ## Feature Capacity Type State Expiration Date Note -- -------- -------- -------------------- ------ --------------- ---- 1 CAPACITY 0.45 TiB unexpired evaluation active n/a -- -------- -------- -------------------- ------ --------------- ---- Feature licenses: ## Feature Count Type State Expiration Date Note -- ------------------------- ----- -------------------- ------ --------------- ---- 1 REPLICATION 1 unexpired evaluation active n/ a 2 DDBOOST 1 unexpired evaluation active n/ a 3 RETENTION-LOCK-GOVERNANCE 1 unexpired evaluation active n/ a 4 ENCRYPTION 1 unexpired evaluation active n/ a -- ------------------------- ----- -------------------- ------ --------------- ----

New licenses:

Capacity licenses: ## Feature Capacity Type State Expiration Date Note -- -------- --------- --------------- ------ --------------- ---- 1 CAPACITY 87.31 TiB permanent (int) active n/a -- -------- --------- --------------- ------ --------------- ---- Feature licenses: ## Feature Count Type State Expiration Date Note -- ----------- ----- --------------- ------ --------------- ---- 1 DDBOOST 1 permanent (int) active n/a 2 ENCRYPTION 1 permanent (int) active n/a 3 REPLICATION 1 permanent (int) active n/a -- ----------- ----- --------------- ------ --------------- ----

** New license(s) will overwrite all existing license(s). Do you want to proceed? (yes|no) [yes]: yes

eLicense(s) updated.

2. 2. Set the system passphrase by running the command system passphrase set.

# system passphrase set Enter new passphrase: Re-enter new passphrase: Passphrases matched. Passphrase is set.

3. Enable object store using the command storage object-store enable.

# storage object-store enable Object-store is enabled.

4. 4. Run the following command to create/modify the cloud profile: # storage object- store profile set. Enter the bucket name and import the Baltimore CyberTrust Root certificate to communicate with the object store.

NOTE: For AWS GovCloud, profile creation will have an additional option to enable the FIPS endpoint.

# storage object-store profile set A passphrase needs to be set on the system. Enter new passphrase: Re-enter new passphrase:

Completing Initial DDVE Configuration 33

Passphrases matched. The passphrase is set DD VE is running in AWS. Role-based access will be used to access s3. Enter the bucket name: Do you want to use the FIPs 140-2 endpoint (yes|no) [no]: no Object-store endpoint needs the Baltimore CyberTrust Root certificate to be imported. Do you want to import that certificate with below fingerprint? D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 (yes|no) [yes]: Profile is set

Recovering DDVE with system headswap The system headswap command recovers DDVE with head unit failure in AWS.

Prerequisites

Ensure that vNVRAM disk and Metadata disks from system A (original system) are available. These disks will be attached to the new instance B. If either vNVRAM disk or any metadata disk is not available, use the system recovery from object- store command instead.

Steps

1. Create instance B with Head Unit (root disk only) with the same instance type as instance A.

2. Attach the same role to instance B as that of instance A.

3. On instance A, make a note of the vNVRAM disk name (usually sdb). Use the same name when attaching the vNVRAM disk to instance B.

4. Detach the vNVRAM and metadata disks from the failed head unit.

5. Attach the vNVRAM disk to instance B. While attaching the vNVRAM disk, ensure that the name of the disk on instance B is same as that on instance A.

34 Completing Initial DDVE Configuration

NOTE: Ensure that the vNVRAM disk is attached before attaching the metadata disks.

6. Attach the metadata disks to instance B.

7. Set the system passphrase.

NOTE: Set the passphrase to match system A, otherwise, the headswap fails.

# system passphrase set Enter new passphrase: Re-enter new passphrase: Passphrases matched. The passphrase is set.

8. Before executing the headswap command, ensure that system A is powered off. This step is required to detach the bucket from system A and make it available to be attached to system B.

9. Execute system headswap.

NOTE: The system will reboot during the headswap process.

# system headswap This command returns the system back to its prior operational conditions. The system will be rebooted before resuming normal operations. ** If system passphrase was set on the old head, you will need to do one of the following after headswap completes: - unlock the filesystem if you have encrypted data, or - set the system passphrase if you don't have encrypted data Are you sure? (yes|no) [no]: yes ok, proceeding. Please enter sysadmin password to confirm 'system headswap': Restoring the system configuration, do not power off / interrupt process ... Broadcast message from root (Mon Apr 30 13:44:10 2018): The system is going down for reboot NOW!

10. Verify the file system status after the headswap process completes.

# filesys status The filesystem is enabled and running.

NOTE:

You may need to re-activate the license on the new instance if an unserved-mode license is used.

The CLI elicense check-out and elicense check-in are used to obtain licenses from the DDVE.

If you experience an invalid key magic issue after a headswap, set the passphrase on the new DDVE system, and

then perform the headswap ddboost user revoke token-access sysadmin command.

If the DDVE was attached to an AV-server and you experienced a certificate authentication issue after a

headswap, detach and re-attach the DD from the AV-server. The AV-server regenerates the certificate and

imports it to DD.

Completing Initial DDVE Configuration 35

Recovering the system The system recovery command recovers the DDVE system with head unit, vNVRAM disk, and metadata disk after a failure of one or more of these components.

About this task

If both vNVRAM disk and Metadata disks are available, then the system headswap command should be used instead.

Steps

1. Create instance B with the same configuration as instance A, including instance type, metadata disk capacity, and role.

2. Enable object-store:

# storage object-store enable Object-store is enabled.

3. Set object-store profile:

a. Set the passphrase to match system A, otherwise, the recovery fails to proceed. b. Set the same s3 bucket name from system A:

# storage object-store profile set A passphrase needs to be set on the system. Enter new passphrase: Re-enter new passphrase: Passphrases matched. The passphrase is set DDVE is running in AWS. Role-based access will be used to access s3. Enter the bucket name: Object-store endpoint needs the Baltimore CyberTrust Root certificate to be imported. Do you want to import that certificate with below fingerprint? D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 (yes|no) [yes]:

Profile is set.

# storage object-store profile set

c. Follow the rest of the CLI prompts.

4. Add EBS volumes to the active tier:

NOTE: Add EBS volumes to match or exceed the capacity of system A .

# storage add dev3 Checking storage requirements...done Adding dev3 to the active tier...done Updating system information...done dev3 successfully added to the active tier.

5. Run the system recovery precheck:

# system recovery precheck from object-store Recovery precheck passed. Use start command to start the recovery.

6. Run the recovery:

# system recovery start from object-store System recovery has started. Use status command to check the status.

7. Check the recovery status:

# system recovery status System recovery is running: stage 2 of 6 (attaching object-store)

36 Completing Initial DDVE Configuration

NOTE: The system reboots during the recovery process.

8. Check that the filesys status after the recovery process completes:

# filesys status The filesystem is enabled and running.

Completing Initial DDVE Configuration 37

Administering DDVE This chapter includes the following topics:

Topics:

Upgrade from M4 to M5 instance type Upgrading M5 instance type Extensions to DDOS for DDVE DDVE-only commands Modified DD OS commands Unsupported DD OS commands Troubleshooting performance issues

Upgrade from M4 to M5 instance type To benefit from performance improvements, you can upgrade an M4 instance type to the next generation M5 instance type.

Prerequisites

Ensure that:

DDOS version is 7.2 or later. If the DDOS version is older, upgrade the DDOS version. Run the system show version command to check the DDOS version on the DDVE.

The DDOS upgrade is successful.

Steps

1. To ensure a clean file system shutdown, run the system poweroff command.

2. From the AWS management console, change the instance type to one with the same or higher capacity.

Capacity (TB) vCPU #, memory (GiB) M4 instance type M5 instance type

16 4, 16 m4.xlarge m5.xlarge

32 8, 32 m4.2xlarge m5.2xlarge

96 16, 64 m4.4xlarge m5.4xlarge

NOTE: Alternatively, you can change the instance type with this command:

aws ec2 modify-instance-attribute --instance-id --instance-type "{\"Value\": \" \"}"

For example:

aws ec2 modify-instance-attribute --instance-id i-03abf8df1da1bf061 --instance-type "{\"Value\": \"m5.4xlarge\"}"

3. Enable the ena attribute by using this AWS command:

aws ec2 modify-instance-attribute --instance-id --ena-support 4. To verify that ena support is enabled for the instance, run this AWS command:

aws ec2 describe-instances --instance-ids --query "Reservations[].Instances[].EnaSupport"

5. From the AWS management console, power on the DDVE.

5

38 Administering DDVE

6. On the DDVE, verify that the system is up, and ensure that the file system status is enabled and running.

7. To confirm that the instance type is an M5 instance type, run the system vresource show current command:

Upgrading M5 instance type You can upgrade the current M5 instance type to higher capacity supported configuration.

About this task

For details about supported configurations, see Storage size specifications on page 49.

NOTE: Instance upgrade is not supported for DDVE with block storage as it supports a maximum capacity of 16 TB.

Steps

1. Power off the system using the system poweroff command.

From the AWS console, check that the DDVE instance is in the stopped state.

2. Select Action > Instance Settings > Change Instance Type.

3. Select the new instance type and click Apply.

4. Power on the DDVE from the AWS console.

5. Once the DDVE is powered on, run the command system vresource show to verify the new instance configuration.

Extensions to DDOS for DDVE Several DDOS commands are supported on the DDVE platform only. This section describes these commands.

perf

Collect and show DDVE performance statistics. perf disable trace event-regexp [module {default | ddfs}] Disable tracing of specified events.

perf enable trace event-regexp [module {default | ddfs}] Enable tracing of the specified events.

perf start histogram [module {default | ddfs} Start collecting performance histograms. This command may reduce performance marginally.

perf start stats Start printing statistics. This command may reduce performance marginally.

perf start trace [allow-wrap] [module {default | ddfs}] Start tracing events. This command may reduce performance marginally.

perf status trace event-regexp [module {default | ddfs}] Shows whether tracing is enabled or disabled for the specified events.

perf stop histogram histogram-filename [module {default | ddfs} Stop collecting histograms and write the collected histograms to the specified file.

perf stop stats Stop printing statistics.

perf stop trace trace-filename [module {default | ddfs}] Stop tracing events and write the collected traces to the specified file.

Administering DDVE 39

System vresource

Display details about the virtual CPU and memory resources on the DDVE. system vresource show [current | requirements]

# system vresource show requirements Active Tier Cloud Tier Instance Capacity (TB) Capacity (TB) Type ------------- ------------- --------------------------------------------- 16 n/a m5.xlarge 32 n/a m5.2xlarge 96 n/a m5.4xlarge 256 n/a m5.8xlarge ------------- ------------- --------------------------------------------- ** The maximum allowed system capacity for active tier on block storage is 16 TB

DDVE-only commands The following commands only work on DDVE and are not supported on physical DD systems.

Table 4. DDVE-only commands

Command Description

elicense checkout feature-license

Allows user to check out the features of licenses for License Server installation

elicense checkout capacity-license value {TB|GB}

Allows user to check out the capacity of licenses for License Server installation. Here is sample output: [email protected]# elic checkout capacity- license capacity value 10 TB Checking out CAPACITY license willl also checkout available feature licenses. An addition 10 TB CAPACITY license will be checked out. 10 TB additional CAPACITY license has been checked out. License(s) have been checked out for REPLICATION, DDBOOST, ENCRYPTION. Total 10 TB CAPACITY license is now available on this system.

elicense checkin { | all} Allows user to check in features for licenses for License Server installation

elicense license-server set server { | } port elicense license-server reset Returns DDVE to factory license settings.

elicense license-server show filesys show space tier active local- metadata

Displays the usage for the metadata storage. NOTE: Some portion of the disk space is reserved for internal metadata, such as index. The amount of reserved space is based on the maximum capacity of the platform and not on licensed capacity.

net hosts add Two DDVEs in different regions cannot resolve each other's hostname. Run this command to add a host list entry.

storage object-store enable Enables the object-store feature for DDVE.

storage object-store disable Disables the object-store feature for DDVE.

storage object-store profile set Configures the object-store access profile.

storage object-store profile show Displays the object-store access profile.

40 Administering DDVE

Table 4. DDVE-only commands (continued)

Command Description

storage object-store profile status This CLI lists the object-store profile information set on the DDVE.

system vresource show [requirements] Displays the file system capacity, the number of virtual CPUs, and the amount of memory assigned to the virtual machine running the DDVE instance. The requirements option displays the physical storage requirements for DDVE.

Modified DD OS commands The behavior of the following commands is modified on the DDVE platform:

Table 5. Modified DD OS commands

Command Changes

alert The tenant-unit parameter is not supported.

compression The tenant-unit parameter is not supported.

config setup show Arguments for configuring features not available in DDVE have been removed.

ddboost clients show active The tenant-unit parameter is not supported.

ddboost file-replication show active The tenant-unit parameter is not supported.

ddboost file-replication show detailed-file- history

The tenant-unit parameter is not supported.

ddboost file-replication show file-history The tenant-unit parameter is not supported.

ddboost option reset The fc parameter is not supported.

ddboost option show The fc parameter is not supported.

ddboost storage-unit create The tenant-unit parameter is not supported.

ddboost storage-unit modify The tenant-unit parameter is not supported.

ddboost storage-unit show The tenant-unit parameter is not supported.

ddboost streams show active The tenant-unit parameter is not supported.

ddboost streams show history The tenant-unit parameter is not supported.

disk rescan The . parameter is not supported.

disk show state DDVE system disks show the System Dev state.

disk show stats The DDVE format for this command is disk show stats [dev ]

disk status The Spare row has been removed from the output. The System row has been added.

enclosure show all The [ ] parameter is not supported.

enclosure show controllers The [ ] parameter is not supported.

enclosure show cpus The [ ] parameter is not supported.

enclosure show io-cards The [ ] parameter is not supported.

Administering DDVE 41

Table 5. Modified DD OS commands (continued)

Command Changes

enclosure show memory The [ ] parameter is not supported.

filesys encryption keyes delete The [tier {active | archive} | archive-unit <unit-name>] parameter is not supported.

filesys encryption keys show The [tier {active | archive} | archive-unit <unit-name>] parameter is not supported.

filesys fastcopy The [retention-lock] parameter is supported with DDVE.

Retention lock compliance mode is not supported for any DDVE.

filesys show compression The [tier {active | archive} | archive-unit <unit-name>] parameter is not supported.

filesys show space The [tier {active | archive} | archive-unit <unit-name> | arcjove-unit {all | name>] parameter is not supported.

mtree create The tenant-unit parameter is not supported.

mtree list The tenant-unit parameter is not supported.

mtree show compression The tenant-unit and tenant-unit parameters are not supported.

mtree show performance The tenant-unit parameter is not supported.

net create interface The parameter is not supported.

net destroy The parameter is not supported.

perf The vtl option is not supported on any perf command.

storage add The enclosure and disk parameters are not supported.

storage remove The enclosure and disk parameters are not supported.

storage show The archive option is not supported.

system show stats NVRAM statistics are not reported, because DDVE systems do not have physical NVRAM.

quota The tenant-unit parameter is not supported.

replication MTree replication is the only type of replication supported.

snapshot The tenant-unit parameter is not supported.

Unsupported DD OS commands The following DD OS commands and command options are not supported on the DDVE platform.

Table 6. Unsupported commands and command options

Unsupported command or command option Notes

adminaccess https generate certificate Deprecated. Use adminaccess certificate generate instead.

alerts add Deprecated. Use alerts notify-list add instead.

alerts del Deprecated. Use alerts notify-list del instead.

42 Administering DDVE

Table 6. Unsupported commands and command options (continued)

Unsupported command or command option Notes

alerts notify-list option set group-name tenant-alert-summary {enabled | disabled} alerts notify-list option reset group-name tenant-alert-summary alerts reset Deprecated. Use alerts notify-list reset instead.

alerts show alerts-list Deprecated. Use alerts notify-list show instead.

alerts test Deprecated. Use alerts notify-list test instead.

archive authorization autosupport display Deprecated. Use autosupport show report instead.

autosupport reset support-list Deprecated. Use autosupport reset { all | alert- summary | asup-detailed | support-notify } instead.

autosupport show support-list Deprecated. Use autosupport show { all | asup- detailed | alert-summary | support-notify } instead.

cifs set authentication nt4 Deprecated. Use cifs set authentication active- directory instead.

cluster ddboost fc ddboost option reset fc ddboost option set distributed-segment- processing disabled

Turning off distributed segment processing (DSP) with this DDBoost command is not supported for DDVE on DD OS 6.1.2.x.

ddboost option show Turning off DSP with this DDBoost command is not supported for DDVE on DD OS 6.1.2.x.

ddboost option show fc ddboost show image-duplication Deprecated. Use ddboost file-replication show

instead.

ddboost user option set user default-tenant- unit tenant-unit ddboost user option reset user [default- tenant-unit] disk add devdisk-id [spindle-group 1-16] Deprecated. Use storage add instead.

disk add enclosure enclosure-id Deprecated. Use storage add instead.

disk benchmark start Not supported by DDVE in cloud

disk benchmark show Not supported by DDVE in cloud

disk benchmark stop Not supported by DDVE in cloud

disk benchmark watch Not supported by DDVE in cloud

disk expand Deprecated. Use storage add instead.

disk failenclosure-id.disk-id disk multipath

Administering DDVE 43

Table 6. Unsupported commands and command options (continued)

Unsupported command or command option Notes

disk port disk rescan [enclosure-id.disk-id] disk show detailed-raid-info Deprecated. Use disk show state and storage show

instead.

disk show failure-history disk show performance Not supported by DDVE in cloud

disk show raid-info Deprecated. Use disk show state and storage show instead.

disk show reliability-data disk disk show stats Not supported by DDVE in cloud

disk unfail enclosure beacon enclosure show all [enclosure] This command is supported, but not with the enclosure

argument.

enclosure show chassis enclosure show controllers enclosure This command is supported, but not with the enclosure

argument.

enclosure show cpus [enclosure] This command is supported, but not with the enclosure argument.

enclosure show fans enclosure show io-cards [enclosure] This command is supported, but not with the enclosure

argument.

enclosure show memory [enclosure] This command is supported, but not with the enclosure argument.

enclosure show nvram enclosure show powersupply enclosure show summary enclosure show temperature-sensors enclosure show topology enclosure test topology filesys archive filesys clean update-stats Deprecated. Use filesys show space instead.

filesys encryption filesys encryption passphrase change Deprecated. Use system passphrase change instead.

filesys retention-lock Deprecated. Use mtree retention-lock instead.

filesys show compression tier The tier option is not supported.

filesys show history Deprecated. Use filesys show compression daily instead.

ha create Not supported by DDVE in cloud

ha destroy Not supported by DDVE in cloud

44 Administering DDVE

Table 6. Unsupported commands and command options (continued)

Unsupported command or command option Notes

ha status Not supported by DDVE in cloud

ha failover Not supported by DDVE in cloud

ha online Not supported by DDVE in cloud

ha offline Not supported by DDVE in cloud

license The license commands are not supported because DDVE uses new elicense commands.

mtree show compression mtree_path tier net aggregate net config ifname type cluster net create interface virtual-ifname net create interface physical-ifname vlan vlan-id

net create virtual vethid net destroy virtual-ifname net destroy vlan-ifname net failover net modify virtual-ifname bonding {aggregate | failover net set portnaming ndmp ndmpd nfs option disable report-replica-as- writable

Deprecated. Use filesys option disable report- replica-as-writable instead.

nfs option enable report-replica-as-writable Deprecated. Use filesys option enable report- replica-as-writable instead.

nfs option reset report-replica-as-writable Deprecated. Use filesys option reset report- replica-as-writable instead.

nfs option show report-replica-as-writable Deprecated. Use filesys option show report- replica-as-writable instead.

perf * module vtl san shelf migration start Not supported by DDVE in cloud

shelf migration status Not supported by DDVE in cloud

shelf migration suspend Not supported by DDVE in cloud

shelf migration resume Not supported by DDVE in cloud

shelf migration precheck Not supported by DDVE in cloud

shelf migration option Not supported by DDVE in cloud

shelf migration finalize Not supported by DDVE in cloud

shelf migration show history Not supported by DDVE in cloud

Administering DDVE 45

Table 6. Unsupported commands and command options (continued)

Unsupported command or command option Notes

snapshot add schedule name [days days] time time [,time...] [retention period]

Deprecated. Use snapshot schedule create instead.

snapshot add schedule name [days days] time time every mins [retention period]

Deprecated. Use snapshot schedule create instead.

snapshot add schedule name [days days] time time-time [every hrs | mins] [retention period]

Deprecated. Use snapshot schedule create instead.

snapshot del schedule {name | all} Deprecated. Use snapshot schedule destroy instead.

snapshot modify schedule name {[days days] | time time [,time...] | [retention period]}

Deprecated. Use snapshot schedule modify instead.

snapshot modify schedule name {[days days] | time time every {mins | none} | [retention period]}

Deprecated. Use snapshot schedule modify instead.

snapshot modify schedule name {[days days] | time time-time [every {hrs | mins | none}] | [retention period]}

Deprecated. Use snapshot schedule modify instead.

snapshot reset schedule Deprecated. Use snapshot schedule reset instead.

snapshot show schedule Deprecated. Use snapshot schedule show instead.

storage add enclosure enclosure-id storage add disk enclosure-id.disk-id storage remove enclosure enclosure-id storage remove disk enclosure_id.disk-id system firmware system option set console system retention-lock system sanitize system show anaconda system show controller-inventory system show nvram system show nvram-detailed system show oemid system upgrade continue user user change priv Deprecated, with no replacement.

vserver config set host Not supported by DDVE in cloud

vserver config reset Not supported by DDVE in cloud

vserver config show Not supported by DDVE in cloud

vserver config perf-stats start Not supported by DDVE in cloud

vserver config perf-stats stop Not supported by DDVE in cloud

vserver config perf-stats status Not supported by DDVE in cloud

vtl lunmask Deprecated. Use vtl group instead.

46 Administering DDVE

Table 6. Unsupported commands and command options (continued)

Unsupported command or command option Notes

vtl lunmask add Deprecated. Use vtl group add instead.

vtl lunmask del Deprecated.

vtl lunmask show Deprecated. Use vtl group show instead.

Troubleshooting performance issues You can check DDVE performance statistics as follows:

With native tools in AWS

You can also use the following to monitor benchmark performance:

perf Extensions to DDOS for DDVE on page 39 provides more information about commands.

CPU Performance

The two key statistics for CPU performance are:

CPU usageCPU usage as a percentage during the interval CPU readyThe percentage of time that the virtual machine was ready, but could not get scheduled to run on the physical

CPU. This counter might not be displayed by default.

If these counters are high, there may be a performance problem on the hypervisor host.

Memory Performance

Memory swappingThe key statistic for memory performance, which is the current amount of guest physical memory swapped out to the virtual machines swap file.

Virtual Disk Performance

The key statistics for virtual disk performance are:

I/O throughputA decrease in these values indicates a performance issue. I/O latencyAn increase in read and write latency values indicates a performance problem.

Failed commandsAn increase in the average number of outstanding read and write requests indicates a performance problem.

Administering DDVE 47

Best Practices for Working with DDVE in the Cloud

This chapter includes the following topics:

Topics:

ASUP configuration AWS licensing Storage best practices Security best practices

ASUP configuration We recommend enabling AutoSupport (ASUP) in DDVE. Although Experience, Secure Remote Services (ESRS) is not yet supported in AWS, you can use the email transfer server to transfer ASUP files.

About this task

Set up the following items to ensure that ASUPs and alert emails from the DDVE instance are sent to Dell EMC.

1. Administrator: Specify a password and email address for the administrator. 2. Email/location: Specify the mail sever to use to send outgoing alert and ASUPs to recipients. Recipients are subscribers to

groups. A default group is created that contains the email addresses of the administrator and a Dell EMC email address, [email protected] The location field is for information only.

3. Review the summary carefully. The default email address for alerts and autosupport emails is [email protected] A detailed autosupport and an alert summary are scheduled to run daily at 6:00 AM system time.

AWS licensing The DDVE license is node locked which means the same license cannot be used on multiple DDVE instances. To facilitate DDVE license management, we recommend using served-mode licenses if multiple DDVEs are to be deployed.

NOTE:

The DDVE license might become invalid after removing the first NIC ethV0.

In the case of a head swap, the license will continue to work on new DDVE instance if served-mode licenses are used,

otherwise you need to re-activate the license.

You may create a new DDVE instance from an AWS snapshot. The license is automatically checked out from the license

server on the new instance if served-mode licenses are used, as long as the license server has sufficient licenses for this

new instance to check out. Otherwise you need to re-activate the license.

Storage best practices

Use the appropriate storage type

Use GP2 EBS volumes for the root disk, NVRAM disk, and metadata disks.

A

48 Best Practices for Working with DDVE in the Cloud

Object storage specifications

The following table lists the supported instance types and their storage configuration for object storage.

Metadata disk storage is recommended to be 10% of the total capacity. Each metadata disk is recommended to be 1 TiB.

Table 7. Storage size specifications

DDVE configuration

Instance type Root disk (GP2) NVRAM disk (GP2)

Metadata disk (GP2)

Metadata disks required

16 TB M5.xlarge 250 GiB 10 GiB 1024 GiB 1-2

32 TB M5.2xlarge 250 GiB 10 GiB 1024 GiB 1-4

96 TB M5.4xlarge 250 GiB 10 GiB 1024 GiB 1-10

256 TB M5.8xlarge 250 GiB 10 GiB 2048 GiB 1-13

NOTE:

If the incorrect instance type is used, the system displays an alert for an unsupported virtual hardware configuration.

The metadata requirements that are listed above are based on a 10x deduplication ratio and a 2x compression ratio. For

workloads with a higher deduplication ratio, more metadata storage is required.

The maximum number of metadata disks that you can add to a DDVE instance in AWS is 24.

Block storage specifications

The following table lists the instance types and storage types that are required for block storage.

Table 8. Storage configuration types for DDVE in AWS (block store)

DDVE configuration Instance type Root disk type/size NVRAM disk type/ size

Data disk type/size

16 TB M5.xlarge GP2/250 GB GP2/10 GB GP2/1024 GB

NOTE:

DDVE with block storage supports a maximum capacity of 16 TB. The recommended size of each data disk is one TiB.

If the incorrect instance type is used, the system displays an alert for an incorrect virtual hardware configuration.

Table 9. Supported stream and Mtree counts

System capacity

Instance type

vCPU Memory (GiB)

Max Mtree Stream counts

Read Write Replicatio n in

Replicatio n out

Combined

16 TB M5.xlarge 4 16 6 30 45 45 42 60

32 TB M5.2xlarge 8 32 14 50 90 90 82 90

96 TB M5.4xlarge 16 64 32 50 180 180 100 180

256 TB M5.8xlarge 32 128 128 110 540 540 220 540

Metadata disk storage expansion notes

Dell EMC recommends to use 10% of the system capacity as the metadata storage, where each metadata disk size is one TiB. This metadata storage recommendation is based on 10X deduplication ratio and 2X compression. For workloads with a higher deduplication ratio, more metadata storage may be required. If metadata storage usage exceeds 80%, an alert is generated. Add a metadata disk to the DDVE immediately to avoid running out of space.

The DD OS Administration Guide provides a procedure for expanding storage. Dell EMC recommends that you always use 1 TiB metadata disks.

Best Practices for Working with DDVE in the Cloud 49

Spindle group

You are not required to specify a spindle group when adding metadata disks. The spindle group assignment is balanced automatically when adding storage. Do not set or change the spindle group settings manually. Run the storage show all command to verify that each data volume is assigned to a different spindle group.

Object storage bucket configuration notes

The bucket that is provided during file system creation must be empty, otherwise file system creation fails. When the file system is destroyed, the associated bucket and the objects it contains are not automatically deleted or

removed. The bucket must be intentionally deleted to avoid incurring the cost for the content stored in the bucket. Do not enable S3 versioning on the bucket. Doing so incurs additional cost because older versions of the objects are

retained, although they are removed by the GC cycles. Do not configure any life-cycle policy on the bucket as it might result in loss of critical data.

Converting from evaluation to production

Rather than convert an evaluation version of DDVE to a production version, Dell EMC recommends a fresh deployment. If you decide to convert from an evaluation version to production version, Dell EMC recommends that you:

Destroy the existing file system Delete any small data disk (not the root or NVRAM disks) Configure new disks according to the recommendations in this guide

Security best practices

Avoid Public IP address

To prevent brute force attacks on the DDVE, it must not be configured with a public IP address.

Secure access

The following table illustrates the different authentication methods that are supported by DDVE.

Table 10. Access Types and Authentication

Access Type Authentication Methods

GUI username/password X509 certificates

SSH username/password

SSH key pair

REST API username/password X509 certificates

For better security, we recommend you disable the username/password based user authentication. If the username/password based authentication is desired, we recommend that you configure a stronger password.

NOTE: Password based login should not be disabled if you want to configure Avamar Virtual Edition, NetWorker, or other

backup software to connect to DDVE in AWS, because password authentication is used for communication between them.

Because AWS is a public cloud, pay attention to the security in your deployment. We suggest these best practices:

Use public key based authentication for SSH access Use certificate based authentication for DDSM access Do not configure public IP for DDVE in AWS, if possible Use external KMIP server to store encryption keys Enable encryption for DDFS and replication

50 Best Practices for Working with DDVE in the Cloud

After a DDVE deployment from the market place, DDVE SSH login with a username and password is enabled. The default password for the sysadmin user is the EC2 instance ID of the DDVE instance. At the first login, a password change is required. The EC2 key access pair associated with the sysadmin user is an optional alternative to username and password authentication.

IP Tables feature

After protecting the DDVE using secure setup, within the DDVE you can filter the network traffic that enters by using the iptables feature. For more configuration information, see the DD OS 6.2 Command Reference Guide's Net Filter section.

Security rules settings

Since the DDVE in AWS is always running in a VPC, the VPC should be configured so that only required and trusted clients have access to the DD system. The following tables show the TCP and UDP ports that are used by the DD system for inbound and outbound traffic, and which service makes use of them. Consider the following information when configuring VPC firewall rules. For additional information, see Amazon EC2 Security Groups for Linux Instances.

Inbound rules

The following are the inbound ports used by DDVE.

Table 11. Inbound ports used by DDVE

Port Service Description

TCP 22 SSH Used for SSH (CLI) access and for configuring DDVE.

TCP 443 HTTPS Used for DDSM (GUI) access and for configuring DDVE.

TCP 2049 DD Boost/NFS Main port used by NFS - can be modified using the nfs set server-port command which requires SE mode.

TCP 2051 Replication/DD Boost/ Optimized Duplication

Used only if replication is configured (run replication show config command on DD system to determine). This port can be modified using replication modify.

TCP 3009 SMS (system management) Used for managing a system remotely using DDSM. This port cannot be modified. This port will also need to be opened if you plan to configure replication from within the DDSM, since the replication partner needs to be added to the DDSM.

Depending on the protocol that is used to backup data to DDVE, additional ports are enabled with inbound firewall rules.

Outbound rules

The following are the outbound ports that are used by DDVE.

Table 12. Outboard ports used by DDVE

Port Service Description

UDP 123 NTP Used by the DD system to synchronize to a time server.

TCP 443 HTTPS Used for DDVE to be able to communicate with outside services.

TCP 2049 DD Boost/NFS Main port used by NFS - can be modified using the nfs set server-port command which requires SE mode.

TCP 2051 Replication/DD Boost/ Optimized Duplication

Used only if replication is configured (run replication show config on DD system to determine). This port can be modified using replication modify.

Best Practices for Working with DDVE in the Cloud 51

Table 12. Outboard ports used by DDVE (continued)

TCP 3009 SMS (system management) Used for managing a system remotely using DDSM. This port cannot be modified. This port will also need to be opened if you plan to configure replication from within the DDSM, as the replication partner needs to be added to the DDSM.

Depending on the other applications/services that are being used, additional ports shall be enabled for outbound firewall rules.

52 Best Practices for Working with DDVE in the Cloud

Networking Best Practices for DDVE in the Cloud

This chapter includes the following topics:

Topics:

Network setup in AWS Network infrastructure setup

Network setup in AWS

VPC Architecture

We recommend you use public or private subnet architecture to deploy the DDVE in private subnet. It will secure the DDVEs (VMs) with the appropriate use of various VPC components such as route tables, access control lists, security groups, etc.

Public IP address

Due to security considerations and in order to protect the DDVE from potential attacks over open internet, the DDVE MUST NOT be exposed using Public IP directly over internet. It is highly recommended that you use VPN connections between different geographical regions (VPCs). For example, the replication between different VPCs, different cloud regions, cloud to on-premise and vice versa can be used via the secure VPN connection.

Object store connectivity

The DDVE object store feature needs connectivity to its object storage, such as to the S3 bucket. The object store communication is over https, so the outbound security group setting must allow communication over port 443. There are different ways to enable DDVE connectivity to the object store. Out of the following three we recommend only the third option (Using VPC endpoint).

Using the public IP from the public subnet: should not be used Using NAT (Network Address Translation): If the private subnet is configured to use NAT, then DDVE will be able to

communicate to object store over NAT. We strongly recommend using VPC endpoint for accessing the Amazon S3. It does not require the DDVE to have a public IP

address to communicate to S3, it uses the private IP address instead. (In this case, an internet gateway, NAT, or virtual private gateway are not needed to access S3). This method also allows the traffic to the S3 endpoint to stay within the Amazon network and will be routed internally to S3.

B

Networking Best Practices for DDVE in the Cloud 53

NOTE:

Refer to Role based access for S3 object store for configuring the DDVE to access the S3 bucket securely.

The S3 bucket that was created for DDVE use, MUST be in the same region where DDVE is running.

For information see Amazon AWS documentation.

Network infrastructure setup This section describes security group restrictions for AWS.

Security groups

The security groups restrict access to an instance based on

1. Port 2. IP range 3. Security group (its own or another)

Inbound control

The security groups are stateful which means that the responses to the inbound traffic will be allowed to go out regardless of outbound rules. The following are the inbound ports that are allowed for DDVE.

Table 13. DDVE Inbound Ports

Port Service Description

TCP 22 SSH Used for SSH (CLI) access and for configuring DDVE.

TCP 443 HTTPS Used for DDSM (GUI) access and for configuring DDVE.

TCP 2049 DD Boost/NFS Main port used by NFS - can be modified using the nfs set server- port command which requires SE mode.

TCP 2051 Replication/DD Boost/ Optimized Duplication

Used only if replication is configured (run replication show config on DD system to determine).This port can be modified using replication modify.

TCP 3009 SMS (system management) Used for managing a system remotely using DD System Manager. This port cannot be modified. This port is used only on DD systems running DD OS 4.7.x or later. This port will also need to be opened if you plan to configure

54 Networking Best Practices for DDVE in the Cloud

Table 13. DDVE Inbound Ports (continued)

Port Service Description

replication from within the DD System Manager, as the replication partner needs to be added to the DD System Manager.

Depending on the protocol that is used to backup data to DDVE, additional ports will be allowed with inbound security group rules.

Outbound control

As stated earlier the security groups are stateful, which means that if a request is allowed to be sent out of a DDVE, its responses will be allowed regardless of inbound rules. The following are the outbound ports that shall be allowed for DDVE.

Table 14. DDVE Outbound Ports

Port Service Description

UDP 123 NTP Used by the DD system to synchronize to a time server.

TCP 443 HTTPS Used for DDVE to be able to communicate with Object store (S3).

TCP 2049 DD Boost/NFS Main port used by NFS - can be modified using the nfs set server- port command which requires SE mode.

TCP 2051 Replication/DD Boost/ Optimized Duplication

Used only if replication is configured (run replication show config on DD system to determine). This port can be modified using replication modify.

TCP 3009 SMS (system management) Used for managing a system remotely using DD System Manager. This port cannot be modified. This port is used only on DD systems running DD OS 4.7.x or later. This port will also need to be opened if you plan to configure replication from within the DD System Manager, as the replication partner needs to be added to the DD System Manager.

Depending on the other applications/services that are being used, additional ports shall be allowed.

Networking Best Practices for DDVE in the Cloud 55

Installing and Configuring DDVE on Block Storage in the Cloud

This chapter includes the following topics:

Topics:

Overview of DDVE on block storage Configuring DDVE on block storage with DD System Manager

Overview of DDVE on block storage DDVE on block storage provides enterprise customers and service providers who are running applications in the public cloud with a deduplication data protection appliance that provides object storage efficiency and ease of management.

DDVE on block storage supports:

Backup and restore using active tier data into cloud block storage while DDVE is running in the cloud. DD System Manager to configure, manage, and monitor DDVE on block storage. DD Management Center for multisystem management of DDVE systems in the cloud on block storage.

Configuring DDVE on block storage with DD System Manager You can use the DD System Manager to configure DDVE as an active tier on a block storage system.

About this task

Use the Configuration wizard to configure the active tier and create the file system on the DDVE instance.

Steps

1. Log in as sysadmin with the password Ec2 .

2. To configure the active tier on block storage, ensure that the Enable Object Store checkbox is cleared and click Next.

3. Add the block storage attached to the DDVE to the active tier.

NOTE: For block storage solution, the maximum supported storage capacity is 16 TB.

4. Review the summary and select Submit to create the file system and enable it.

5. To

Manualsnet FAQs

If you want to find out how the DD OS 7.3 Dell works, you can view and download the Dell DD OS 7.3 Amazon Operating System Installation And Administration Guide on the Manualsnet website.

Yes, we have the Installation And Administration Guide for Dell DD OS 7.3 as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Installation And Administration Guide should include all the details that are needed to use a Dell DD OS 7.3. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell DD OS 7.3 Amazon Operating System Installation And Administration Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell DD OS 7.3 Amazon Operating System Installation And Administration Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell DD OS 7.3 Amazon Operating System Installation And Administration Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell DD OS 7.3 Amazon Operating System Installation And Administration Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell DD OS 7.3 Amazon Operating System Installation And Administration Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.