Contents

Dell DD OS 7.7 Azure Cloud Operating System Installation And Administration Guide PDF

1 of 55
1 of 55

Summary of Content for Dell DD OS 7.7 Azure Cloud Operating System Installation And Administration Guide PDF

Dell EMC PowerProtect DDVE in the Azure Cloud Installation and Administration Guide

7.7

September 2021 Rev. 01

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid

the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

2016 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Revision history..........................................................................................................................................................................5

Preface......................................................................................................................................... 6

Chapter 1: Getting Started............................................................................................................ 7 Purpose of this guide.......................................................................................................................................................... 7 Audience.................................................................................................................................................................................7 Architecture overview........................................................................................................................................................ 7

Chapter 2: Introducing DDVE ....................................................................................................... 9 Introducing DDVE................................................................................................................................................................ 9 DDVE features .................................................................................................................................................................... 9 DDVE cloud features ......................................................................................................................................................... 9

Chapter 3: Deploying DDVE..........................................................................................................12 Prerequisites for deploying DDVE on Azure................................................................................................................ 12

Set up the network environment............................................................................................................................. 12 Enable VNet service endpoint to Azure storage.................................................................................................. 12 Create a container in Azure hot blob storage....................................................................................................... 13 Configure storage account authentication method ............................................................................................13 Prepare the SSH key pair...........................................................................................................................................15 Understanding compute and storage requirements............................................................................................ 15

Deploying DDVE from the Azure Marketplace............................................................................................................ 17 Adding metadata disks in Azure..................................................................................................................................... 18

Adding managed disks in Azure................................................................................................................................ 18 Resizing the DDVE instance in Azure .......................................................................................................................... 19 Converting metadata disk type .............................................................................................................................. 20

Converting unmanaged to managed disks ............................................................................................................ 21 Converting disk storage type.................................................................................................................................... 21 Expand metadata storage......................................................................................................................................... 22

Chapter 4: Completing Initial DDVE Configuration.......................................................................23 Initial system configuration ............................................................................................................................................ 23 Configuring DDVE on Azure hot blob storage using DDSM....................................................................................23 Configuring DDVE in Azure using the CLI................................................................................................................... 29 Recovering DDVE with system headswap.................................................................................................................. 33 Recovering the DDVE instance......................................................................................................................................34 Changing authentication to OAuth 2.0........................................................................................................................ 35

Change authentication to OAuth 2.0 using DDSM............................................................................................. 36 Change authentication to OAuth 2.0 using CLI................................................................................................... 37

Configuring the system for data access .....................................................................................................................37

Chapter 5: Administering DDVE...................................................................................................39 Adding virtual storage ..................................................................................................................................................... 39 Extensions to DDOS for DDVE...................................................................................................................................... 39

Contents

Contents 3

perf..................................................................................................................................................................................39 System vresource........................................................................................................................................................40

DDVE-only commands..................................................................................................................................................... 40 Modified DDOS commands..............................................................................................................................................41 Unsupported DDOS commands .................................................................................................................................... 43 Troubleshooting performance issues............................................................................................................................47

Appendix A: Best Practices for Working with DDVE in the Cloud................................................. 48 Supportability..................................................................................................................................................................... 48 Azure licensing................................................................................................................................................................... 48 Power control.....................................................................................................................................................................48 Storage best practices.....................................................................................................................................................48 Security best practices....................................................................................................................................................50

Appendix B: Networking Best Practices for DDVE in the Cloud.................................................... 52 Network setup in Azure...................................................................................................................................................52 Setting up NTP time synchronization in Azure..........................................................................................................53

Appendix C: Installing and Configuring DDVE on Block Storage in the Cloud ...............................54 Deploying DDVE on Azure block storage.....................................................................................................................54

Azure system configuration requirements ........................................................................................................... 54 Specifications for DDVE on Azure block storage................................................................................................ 54 Creating DDVE from Azure Marketplace...............................................................................................................54 Adding disks in Azure................................................................................................................................................. 55

4 Contents

Revision history Table 1. DDVE in Azure Installation and Administration Guide revision history

Revision Date Description

01 September 2021 Update for DDOS 7.7

Revision history 5

As part of an effort to improve its product lines, we periodically release revisions of its software and hardware. Therefore, some functions described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information on product features.

Purpose This manual describes how to install, configure, and administer DD Virtual Edition (DDVE) systems.

Audience This manual is intended for use by both system administrators and general users of DD Virtual Edition.

Related documentation The following publications and websites provide additional information:

DD Operating System Release Notes DD Operating System Initial Configuration Guide

This manual explains configuration steps that are common to hardware and virtual DD systems. DD Operating System OS Command Reference Guide

This manual explains how to administer DD systems from the command line. DD Operating System OS Administration Guide

This manual explains how to administer DD systems with the System Manager graphical user interface.

DD Boost for OpenStorage Administration Guide

This manual explains how to use the DD Boost protocol for data transfer between backup software and DD systems. Avamar, DD and NetWorker Compatibility Guide: http://compatibilityguide.emc.com:8080/CompGuideApp/

This website lists Avamar and NetWorker software support for DDVE.

Where to get help We support, product, and licensing information can be obtained as follows:

Product information

For documentation, release notes, software updates, or information about products, go to Online Support at https://support.emc.com.

Technical support

For technical support of this release of DDVE, go to Online Support at https://support.emc.com.

Your comments Your suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Send your opinions of this document to DPAD.Doc.Feedback@emc.com.

Preface

6 Preface

Getting Started This chapter includes the following topics:

Topics:

Purpose of this guide Audience Architecture overview

Purpose of this guide

This installation guide is a supplement to the DD Operating System Administration Guide, which includes content for all DD systems. It describes upgrading the DDVE software and using the DD System Manager to monitor DD systems for errors, disk space, and service events.

This guide contains content specific to deploying DD Virtual Edition (DDVE) on Azure cloud. Use this guide with the DD Operating System Administration Guide and applicable Azure documentation.

See Azure documentation for more information.

Audience This document is intended for data protection and storage administrators who want to use Microsoft Azure Cloud to back up DD Virtual Edition (DDVE) content. Users should know about the following technology:

Azure virtual machines Azure storage Azure virtual network

Architecture overview DDVE is a virtual deduplication appliance that provides data protection for entry, enterprise, and service provider environments.

The following diagram represents the architecture of the DDVE on Microsoft Azure Cloud solution.

1

Getting Started 7

Figure 1. Dell EMC Power Protect DD Virtual Edition (DDVE) on Azure

Legend:

1. To keep data traffic between DDVE and Azure storage within the Azure infrastructure, Dell Technologies recommends that you create an Azure storage service endpoint. The service endpoint keeps DDVE from depending on a NAT Gateway or Public IP address to access the hot blob container.

2. Dell Technologies recommends a VPN connection to replicate data from an on-premises host to DDVE in the cloud or the opposite way. This approach keeps data transfers secure.

3. DDVE is categorized as a backend server. It must be kept in a private subnet with a private address. Never set a public IP address for DDVE.

4. The storage account must be in the same region where the DDVE instance is running. A separate hot blob storage account with a container is required for each DDVE.

5. All DDVE instances must be secured with the appropriate security group entries.

Typically SSH (Port 22) or HTTPS (Port 443) is used for DDVE inbound access.

HTTPS (443) must be allowed for outbound Azure hot blob container access for DDVE.

TCP ports 2049 and 2051 are used for DD Boost and replication purposes.

See the DDVE documentation for more information and for a complete list of ports.

8 Getting Started

Introducing DDVE This chapter includes the following topics:

Topics:

Introducing DDVE DDVE features DDVE cloud features

Introducing DDVE DD Virtual Edition (DDVE) is a software-only protection storage appliance: a virtual deduplication appliance that provides data protection for entry, enterprise and service provider environments. Like any DD system, DDVE is always paired with backup software.

DDVE runs the DD Operating System (DDOS), and includes the DD System Manager graphical user interface (GUI) and the DDOS command line interface (CLI) for performing system operations.

DDVE includes the following features:

High-speed, variable length deduplication for a 10 to 30 times reduction in storage requirements Unparalleled data integrity to ensure reliable recovery, and seamless integration with leading backup and archiving

applications DD Boost to speed backups by 50 percent DD Encryption for enhanced security of data DD Replicator for network efficient replication that enables faster time-to-DR readiness

DDVE runs on two types of platforms:

On premises, DDVE supports VMware, Hyper-V, KVM, and VxRail. In the cloud, DDVE also runs in the Amazon Web Services (AWS) (cloud and gov cloud), Azure (cloud and gov cloud),

VMware Cloud (VMC) on AWS cloud platforms, and Google Cloud Platform (GCP).

For more information about the features and capabilities of DD systems (both physical and virtual), see the DD Operating System Administration Guide.

DDVE features Resource configurations depend on your DDVE configuration. For features for cloud configurations within the admin guide for your specific cloud provider, see DDVE cloud features on page 9.

The DDOS Administration Guide, DD Boost OST Guide, and DD Boost for Partner Integration Administration Guide provide additional information about the supported protocols and features.

DDVE cloud features DDVE provides the capabilities of a cloud DD system using the following resource configuration sizes:

DDVE supports: Azure Standard Cloud Azure Government Cloud Azure China Cloud (DDVE does not support U.S. DoD Cloud)

2

Introducing DDVE 9

DDVE supports two types of data storage for Azure: DDVE on Block storage DDVE on Hot Blob storage (recommended)

Table 2. DDVE on Azure resource configuration size

Type Resource configuration size

DDVE on Block storage DDVE on Block storage: Up to 16 TB. DDVE capacity is available in 1 TB increments starting at

512 GB.

DDVE on Hot Blob storage (recommended) DDVE capacity is available up to 256 TB.

The following diagram shows the disk and container layouts for DDVE on block storage and Hot Blob storage.

Figure 2. DDVE in Azure hot blob storage with managed disks (recommended)

The following sections list supported DD protocols and features in DDVE.

Supported DD protocols

DD Boost over IP DD Boost FS

Supported DD features

DD Boost managed file replication (MFR) Encryption MTree replication DD System Manager GUI for DDVE management DD Active Tier (DD Cloud Tier is not supported) Secure multitenancy (SMT) with Network Isolation Support DD Boost/BoostFS for Big Data

10 Introducing DDVE

Key Management Interoperability Protocol (KMIP) More restricted IPtables settings Azure for Government Cloud Retention Lock Governance Edition (supported on DDVE, on premises and in the cloud) Auto Retention Lock (ARL) and Indefinite Retention Hold (IRH), supported for RLG MTrees on DDVE

NOTE: DDVE supports these replication capabilities:

Managed file replication and MTree replication

Replication across availability zones and regions

Bi-directional replication between on-premises and Azure

The DDOS Administration Guide, DD Boost OST Guide, DD Boost for Partner Integration Administration Guide provide additional information about supported protocols and features.

Introducing DDVE 11

Deploying DDVE This chapter includes the following topics:

Topics:

Prerequisites for deploying DDVE on Azure Deploying DDVE from the Azure Marketplace Adding metadata disks in Azure Resizing the DDVE instance in Azure Converting metadata disk type

Prerequisites for deploying DDVE on Azure While DDVE is running in Azure cloud, you can back up and restore your operational data from Azure hot blob storage.

DDVE on Azure supports Active Tier (Cloud Tier is not supported).

The following sections provide general guidelines to deploy, configure, and run DDVE on Azure with Active Tier on Azure hot blob storage.

Set up the network environment

For secure access to the DDVE instance, Dell EMC recommends that you use the virtual network architecture that Azure provides.

About this task

Set up and configure the following components: Resource group Virtual network Subnets Network Security groups Service endpoint for connectivity to Microsoft.Storage

See Networking Best Practices for DDVE in the Cloud on page 52 for more information.

Enable VNet service endpoint to Azure storage

The DDVE object store solution requires network connectivity to the object storage container.

About this task

To route traffic directly from your virtual network to the storage service on the Microsoft Azure backbone network, you must enable Virtual Network (VNet) service endpoints to Azure storage. See Virtual Network service endpoints for more information.

By default, the Azure VNet service endpoints are disabled. You can enable them on the subnet in your virtual network.

NOTE: Dell EMC recommends that you enable the VNet service endpoint for security and efficiency. Never enable or

attach a public IP address to DDVE in the cloud.

Steps

1. In the VPC pane, click Service endpoint and + Add.

3

12 Deploying DDVE

2. In the popup window, in the service column, select Microsoft.Storage.

3. In the subnet column, select the subnets.

Create a container in Azure hot blob storage

A storage account is required in the same region where DDVE is deployed. Create a separate storage account for each DDVE.

Steps

1. Create a StorageV2 account in the same region where DDVE is deployed. Select the following values:

PerformanceStandard Account kindGeneral-purpose V2 Access tierHot

See Create an Azure Storage account for steps.

2. Create a new hot blob container as the backup storage for the DDVE. Ensure that the container is empty.

For more information, see Manage blob in Azure Portal.

a. Go to your new storage account and to the Blob service section. b. Select Containers, and click + Container. Type a name for the container. c. Set the public access level to Private (no anonymous access), and click Create.

Configure storage account authentication method

With DDOS 7.7 (and later), a DDVE deployed on Azure supports two methods of authentication to the storage account. Using OAuth 2.0 (recommended) on page 13 Using HMAC access keys on page 15

Using OAuth 2.0 (recommended)

Open Authorization (OAuth) 2.0 is an industry standard for authentication between clients and servers.

OAuth 2.0 uses an authorization framework in which a client (for example, a compute VM instance) requests an authorization grant from the resource owner (for example, Azure) to access a protected resource (for example, Azure cloud storage). The

Deploying DDVE 13

client then uses the authorization grant to request an OAuth 2.0 token from an authorization server (for example, Azure metadata server).

The resource owner delegates the authorization server to issue an OAuth 2.0 token that is based on the permissions of the authorization grant. The OAuth 2.0 token has a limited lifetime and specific permissions that are based on the authorization grant.

Managed identities

Managed identities for Azure resources are a feature of Azure Active Directory (AD).

Two managed identity types are possible:

System-assigned managed identity

This type of managed identity is enabled directly on an Azure service instance. When the identity is enabled, Azure creates an identity for the instance in the Azure AD tenant that is trusted by the subscription of the instance. After the identity is created, the credentials are provisioned on the instance. The life cycle of a system-assigned identity is directly tied to the Azure service instance on which it is enabled. If the instance is deleted, Azure automatically cleans up the credentials and the identity in Azure AD.

User-assigned managed identity

This type of managed identity is created as a stand-alone Azure resource. Azure creates an identity in the Azure AD tenant that is trusted by the subscription in use. Then the identity can be assigned to one or more Azure service instances. The life cycle of a user-assigned identity is managed separately from the life cycle of the Azure service instances to which it is assigned.

For more information about managed identities, see https://docs.microsoft.com/en-us/azure/active-directory/managed- identities-azure-resources/overview.

DDVE does not support configuring both types of managed identities for the same DDVE. You must configure only one type of managed identity for a DDVE:

Configure system-assigned managed identity on page 14 Configure user-assigned managed identity on page 15

Configure system-assigned managed identity

Enable system-assigned managed identity for a DDVE.

Prerequisites

You can assign only one type of managed identity. If you configure a system-assigned managed identity, you cannot also configure a user-assigned managed identity for the same DDVE.

Steps

1. In the Azure portal:

a. Select DDVE instance > Identity > System assigned. b. Under Status, select On and click Save.

2. In the storage account, click Access Control (IAM).

3. In the Add menu, select Add role assignment.

4. In the Add role assignment dialog:

a. For Role, select Storage Blob Data Owner. b. For Assign access to, select Virtual Machine. c. In the Search by name field, enter the name of the DDVE.

Results

The DDVE is configured for system-assigned managed identity.

14 Deploying DDVE

Configure user-assigned managed identity

Configure user-assigned managed identity for a DDVE.

Prerequisites

You can assign only one type of managed identity. If you configure a user-assigned managed identity, you cannot also configure a system-assigned managed identity for the same DDVE.

Steps

1. In the Azure portal:

a. Go to Identity resource. b. Create a new identity by clicking +Create.

2. Switch to the managed identity, and click Azure role assignments.

3. In the Add role assignment dialog:

a. For Scope, select Storage. b. For Resource, select a storage account. c. For Role, select Storage Blob Data Owner.

4. Attach the user-assigned managed identity to a DDVE:

a. Select DDVE instance > Identity > User assigned. b. Click +Add and add a user-assigned identity.

Results

The DDVE is configured for user-assigned managed identity.

Using HMAC access keys

Hash-based message authentication code (HMAC) uses the storage account access keys for authentication to the cloud storage.

To configure the access from DDVE to Azure hot blob storage, the access key of the storage account is required.

To view and copy your storage account access keys, see Manage storage account access keys.

Prepare the SSH key pair

For secure login to DDVE through SSH, you must create an SSH key pair.

About this task

To create an SSH key pair, see How to use SSH keys with Windows on Azure.

Understanding compute and storage requirements

Azure provides several types of disk storage with different performance characteristics such as IOPS, throughput, latency, and so on.

Standard HDD is recommended as a cost-effective solution.

Premium SSD is recommended as a performance-optimized solution.

Select the appropriate DDVE virtual machine instance type according to capacity and workload.

The metadata requirements that are listed here are based on 10X deduplication ratio and 2X compression. If your workload has a higher deduplication ratio, add more metadata disks as required.

Deploying DDVE 15

Table 3. DDVE on Azure: Performance-optimized solution with Premium SSD

Instance type Standard_D4ds_v4 Standard_D8ds_v4 Standard_D16ds_v4 Standard_D32ds_v4

CPU 4 8 16 32

Memory (GiB) 16 32 64 128

System Disk 250 GiB Premium SSD Root disk

250 GiB Premium SSD Root disk

250 GiB Premium SSD Root disk

250 GiB Premium SSD Root disk

10 GiB Premium SSD NVRAM disk

10 GiB Premium SSD NVRAM disk

10 GiB Premium SSD NVRAM disk

10 GiB Premium SSD NVRAM disk

Storage capacity

16 TB 32 TB 96 TB 256 TB

Metadata disks

Premium SSD

Up to 2 X 1 TiB

Premium SSD

Up to 4 X 1 TiB

Premium SSD

Up to 10 X 1 TiB

Premium SSD

Up to 13 X 2 TiB

Table 4. DDDVE on Azure: Cost-effective solution with Standard HDD

Instance type Standard_D4ds_v4 Standard_D8ds_v4 Standard_D16ds_v4

CPU 4 8 16

Memory (GiB) 16 32 64

System Disk 250 GiB Standard HDD Root disk

250 GiB Standard HDD Root disk 250 GiB Standard HDD Root disk

10 GiB Standard HDD NVRAM disk

10 GiB Standard HDD NVRAM disk 10 GiB Standard HDD NVRAM disk

Storage capacity 16 TB 32 TB 96 TB

Metadata disks Standard HDD

Up to 2 X 1 TiB

Standard HDD

Up to 4 X 1 TiB

Standard HDD

Up to 10 X 1 TiB

NOTE:

Standard SSD is also supported, but it is not the recommended configuration.

Use the same disk type within a DDVE.

Other instance types (Standard_F8, Standard_F8s, Standard_D4_V2, Standard_DS4_V2, Standard_D16_V3,

Standard_D16s_v3 and Standard_D32s_v3) are still supported, but the new v4 instance types are recommended.

For more information about the Azure Ddsv4-series instance, see https://docs.microsoft.com/en-us/azure/virtual-

machines/ddv4-ddsv4-series.

Table 5. Azure Hot Blob Storage Stream and MTree Counts

System capacity

Instance type Max Mtree

Stream Counts

Read Write Replication In

Replication Out

Combined

16 TB Standard_F8s

Standard_F8

Standard_D4ds_v4

6 30 45 45 42 60

32 TB Standard_DS4_v2

Standard_D4_v2

Standard_D8ds_v4

14 50 90 90 82 90

96 TB Standard_D16s_v3

Standard_D16_v3

32 50 180 180 100 180

16 Deploying DDVE

Table 5. Azure Hot Blob Storage Stream and MTree Counts (continued)

System capacity

Instance type Max Mtree

Stream Counts

Read Write Replication In

Replication Out

Combined

Standard_D16ds_v4

256 TB Standard_D32s_v3

Standard_D32ds_v4

128 110 540 540 220 540

Deploying DDVE from the Azure Marketplace Learn how to deploy DDVE from the Azure Marketplace.

Steps

1. Log in to the Azure portal. For Azure public cloud: https://portal.azure.com For Azure Gov Cloud: https://portal.azure.us For Azure China Cloud: https://portal.azure.cn

2. Search for "Dell EMC" to find Power Protect DD Virtual Edition in Azure Marketplace.

3. Select a software plan (DDOS version) and begin the deployment.

4. On the Basic page, configure basic information for the DDVE:

Resource Group: Specify the resource group for your DDVE. Virtual machine name: Enter a name for DDVE. Maximum length is ten characters. For Azure Gov Cloud, maximum

length is six characters. Region: For better performance, ensure that DDVE and the storage account are in the same region. Also create a

separate storage account for each DDVE. Availability options: By default, No infrastructure redundancy required is selected. You can select other options

that are based on your infrastructure requirements. For details, see https://docs.microsoft.com/en-us/azure/virtual- machines/linux/availability.

Images: This option shows the selected DDOS version. Azure Spot instance: Select No. DDVE does not support the Azure spot instance. For details, see https://

docs.microsoft.com/en-us/azure/virtual-machines/linux/spot-vms. Size: Specify the DDVE instance type based on the capacity. Select Standard_D4ds_v4, Standard_D8ds_v4,

Standard_D16ds_v4, or Standard_D32ds_v4. Authentication type: SSH public key and password authentication are supported. SSH public key authentication forces

a password change at first login. Username: Enter sysadmin. SSH public key: Copy and paste the SSH public key. Password: Enter the password for sysadmin. Public inbound ports: Select Allow selected ports. Select inbound port: According to your IT and networking practices, you can select "HTTP(80), HTTPS(443),

SSH(22)" to enable the SSH and UI access to your DDVE.

5. On the Disks page, configure the disk storage for the DDVE.

OS disk type: Select Standard HDD or Premium SSD based on your requirements. Encryption Type: Select (Default) Encryption at-rest with a platform-managed key. If you want to encrypt

the disk at-rest with your own managed key, see https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk- encryption.

Enable Ultra Disk compatibility: Select No. DDVE does not support this option. For more details, see https:// docs.microsoft.com/en-us/azure/virtual-machines/linux/disks-types#ultra-disk.

Host Caching: Select None. For Data Disks, NVRAM disk is added automatically during deployment. Metadata disks can be added after deployment.

6. On the Networking page, define network connectivity for the DDVE.

Virtual network: Specify the VNet for the DDVE.

Deploying DDVE 17

Subnet: Specify the VNet for the DDVE. Public IP: For security, deploying DDVE in a private subnet and leaving the public IP address as None is recommended. NIC network security group: Configure it as your network setup. Public inbound ports: Select Allow selected ports. Select inbound ports: According to your IT and networking practices, you can select "HTTP(80), HTTPS(443),

SSH(22)" to enable the SSH and UI access to the DDVE. Accelerated networking: Select Off.

NOTE: Azure accelerated networking is not supported in this version of the DDVE.

Load balancing: Select No.

7. On the Management page, configure monitoring and management options for DDVE.

Boot diagnostics: Select On if you want to capture the serial console output of the DDVE to help diagnose a startup issue.

System assigned managed Identify: Select Off. Enable auto-shutdown: Select Off.

8. On the Advanced page, this version of the DDVE does not support these options.

9. On the Tags page, you can create or assign a tag to the DDVE from a resource management and billing perspective.

10. On the Review+Create page, verify that the configuration summary for creating the DDVE is correct.

11. Click Create. The Azure portal starts the DDVE deployment. When the deployment finishes, you can find the DDVE in your resource group.

Adding metadata disks in Azure DDVE uses disks to save metadata. For metadata disks, Dell EMC recommends Standard HDD for cost effectiveness and Premium SSD for better performance. Managed disk is recommended. Azure also enables you to convert unmanaged disks to managed disks. It is not necessary to shut down the virtual machine before adding metadata disks. The metadata disk is not usually resized. To add more storage to the virtual machine, you can create a new virtual disk.

Required capacity

Metadata disk capacityThe required metadata capacity varies based on workload. Dell EMC recommends that metadata capacity be equal to 10% of the total DDVE capacity, which is sufficient for most workloads. If your workload is using a higher deduplication ratio, consider adding more metadata disks.

Licensed capacityEnsure that the DDVE instance can support the licensed capacity. If the new licensed capacity is more than the supported capacity of the DDVE instance, upgrade the DDVE instance.

Metadata disk requirements

For 16TB, 32TB, and 96TB DDVE instances, the minimum size of the metadata disk is 1 TiB. The recommended size for all metadata disks is 1 TiB. For example, if 10 TiB of metadata capacity are required, configure ten

1-TiB metadata disks. The metadata disks should be the same disk type as the OS and NVRAM disk. For 256 TB DDVE instance, the recommended size for all metadata disks is 2 TiB. For example, if 20 TiB of metadata

capacity are required, configure ten 2-TiB metadata disks.

Adding managed disks in Azure

Use these procedures to add managed disks to DDVE in Azure.

Steps

1. Allocate and attach managed disks to DDVE:

a. Log in to the Azure portal.

18 Deploying DDVE

b. Search the name of the DDVE virtual machine. c. In the right pane under SETTINGS, select Disks. d. Click Add data disk. e. Select Create disk from the menu. f. In the pop-up window, enter values for the following:

Disk name: A name for the disk Resource group: Specifies the resource group for the disk. Dell EMC recommends that you select the same resource

group as the DDVE. Source Type: Select None. Size: Click Change Size to select a storage type of Standard HDD or Premium SSD and size of 1024 GiB or 2048

GiB. Host Caching: Select None. Host caching is not supported in DDVE.

2. Click Create.

3. Click Save (disk icon in the upper left corner of the page) to add the data disks.

4. Repeat the steps above to add more metadata disks.

5. Display new disks with the disk show hardware command.

6. If the file system is already enabled, add the new disks with the storage add tier active command, and expand the file system with filesys expand command.

Resizing the DDVE instance in Azure

About this task

Follow these steps to resize the DDVE virtual machine instance from: A small instance to a large instance. An instance without premium SSD support to an instance with premium SSD support. An instance to the recommended instance in the same capacity. For example, upgrade a 256-TB DDVE instance from

Standard_D32s_v3 to Standard_D32ds_v4.

Steps

1. In the Azure portal, click Stop to stop the current DDVE instance.

2. Resize the virtual machine:

a. Select Settings > Size. b. Select the new size for the DDVE instance, and then click Select.

The DDVE instance type may only be upgraded from small capacity to large capacity in this direction: Standard_F8s > Standard_DS4_v2 > Standard_D16s_v3 > Standard_D32s_v3 Standard_F8 > Standard_D4_v2 > Standard_D16_v3

Deploying DDVE 19

Standard_D4ds_v4 > Standard_D8ds_v4 > Standard_D16ds_v4 > Standard_D32ds_v4

For Premium SSD support, the DDVE instance type may only be upgraded in this direction: Standard_F8 > Standard_F8s/Standard_D4ds_v4 Standard_D4_v2 > Standard_DS4_v2/Standard_D8ds_v4 Standard_D16_v3 > Standard_D16s_v3/Standard_D16ds_v4

The DDVE instance type may only be upgraded to the recommended instance in this direction: Standard_F8/Standard_F8s > Standard_D4ds_v4 Standard_D4_V2/Standard_DS4_V2 > Standard_D8ds_v4 Standard_D16_V3/Standard_D16s_v3 > Standard_D32ds_v4 Standard_D32s_v3 > Standard_D32ds_v4

The Azure portal indicates that the DDVE virtual machine has been successfully resized.

3. Click Start to launch the resized DDVE instance.

Converting metadata disk type For best performance, Dell EMC recommends using Premium SSD for metadata disks. If you are using Standard Disk and want to convert to Premium SSD, follow the instructions in this section.

Observe the following:

Do not use managed disks and unmanaged disks together. Do not use Standard HDD/SSD and Premium SSD together. During the conversion, the DDVE is stopped and restarted.

20 Deploying DDVE

Converting unmanaged to managed disks

If the DDVE is using unmanaged disks for metadata disks, convert the metadata disks into managed disks.

Steps

1. Use SSH to log in to the DDVE.

2. Shut down the DDVE with this CLI command:

System poweroff

3. Sign in to the Azure portal.

4. Select the DDVE from the list of VMs in the portal.

5. If the DDVE is not in stopped (deallocated) status, click Stop in the VM Overview pane, and wait for the DDVE to stop.

6. In the blade for the VM, select Disks from the menu.

7. At the top of the Disks blade, select Migrate to managed disks.

8. If the DDVE is in an availability set, a warning on the Migrate to managed disks blade directs you to convert the availability set. To convert the availability set, click the link in the warning. Once the availability set is converted, or if your DDVE is not in an availability set, click Migrate to start migrating your disks to managed disks.

9. After migration is complete, restart the DDVE.

10. To convert all the metadata disks from unmanaged to managed disks, repeat these steps.

Converting disk storage type

Convert the operating system, NVRAM, and metadata disks from Standard HDD or SSD disk to Premium SSD disk.

Steps

1. Use SSH to log in to the DDVE.

2. Shut down the DDVE with this CLI command:

System poweroff

3. Sign in to the Azure portal.

4. Select the DDVE from the list of VMs in the portal.

5. If the DDVE is not in stopped (deallocated) status, click Stop in the VM Overview pane, and wait for the DDVE to stop.

6. In the pane for the DDVE, select Disks from the menu.

7. Select the metadata disk that you want to convert.

8. Select Size + Performance from the menu.

9. Change the Disk SKU from Standard HDD or SSD to Premium SSD.

10. Click Resize, and close the disk pane.

11. To convert all the metadata disks to Premium SSD, repeat these steps.

Results

The update of the disk type is instantaneous. You can restart your DDVE after the conversion. NOTE: The conversion requires some time to complete in the background. The change in performance can be observed in

several hours.

Deploying DDVE 21

Expand metadata storage

Expand metadata storage by increasing the size of metadata disks.

Prerequisites

It is recommended that you expand metadata storage by adding new metadata disks. You can expand metadata storage by increasing the size of existing metadata disks when the:

Total number of metadata disks reaches its limit. DDVE is upgraded from the 96 TB instance to the 256 TB instance. Before expanding metadata storage, disable the file system. You cannot expand the first metadata disk. Observe the recommended increment size of 1 TiB. Shrinking the metadata disk is not supported.

Steps

1. Log in to the Azure portal, find your DDVE, and stop it.

2. In the blade for the VM, select Disks from the menu.

3. Select the metadata disk that you want to expand.

NOTE: The first metadata disk is not available for expansion.

4. Select Size + Performance from the menu.

5. Change the Size (GiB) of the disk (for example, from 1024 GiB to 2048 GiB).

6. Select Resize and close the disk pane.

7. To increase the size of other metadata disks, if required, repeat Step 3 to Step 6.

8. Start the DDVE.

9. Disable the file system with the filesys disable command.

10. Expand metadata storage with the filesys expand command.

11. Enable file system with the filesys enable command, and check file system status with filesys status command to ensure that it is running.

12. To confirm the metadata storage expansion, use the filesys show space tier active local-metadata command.

22 Deploying DDVE

Completing Initial DDVE Configuration This chapter includes the following topics:

Topics:

Initial system configuration Configuring DDVE on Azure hot blob storage using DDSM Configuring DDVE in Azure using the CLI Recovering DDVE with system headswap Recovering the DDVE instance Changing authentication to OAuth 2.0 Configuring the system for data access

Initial system configuration You can perform the initial system configuration by using the DDSM Configuration Wizard or manually using the CLI.

DHCP is enabled on the DDVE system by default. If the DHCP service is available, the DDVE system receives IP addresses from the DHCP server.

NOTE: DHCP is automatically enabled for up to two virtual network interfaces. If more virtual network interfaces are

attached, you must manually enable DHCP on them.

NOTE: The Microsoft article, Add network interfaces to or remove network interfaces from virtual machines provides

instructions.

Using the CLI

Access the CLI by using ssh or a terminal emulator to access the DDOS command line. The CLI configuration utility contains four sections: Network, eLicense, System, and DD Boost.

Using the UI

Access DDSM by entering the IP address of the DDVE into a web browser, and logging in. The UI Configuration Wizard contains six sections: Networking, File System, System Settings, DD Boost, CIFS, and NFS.

Configuring DDVE on Azure hot blob storage using DDSM You can configure DDVE on Azure Hot Blob Storage using the DD System Manager (DDSM) UI.

Prerequisites

Review the metadata storage size and count requirements in the Storage Best Practices section. Create the storage account and container for each DDVE. Ensure that the container is empty and remember the container

name (you use this name when you create the object-store profile).

About this task

This procedure configures Azure hot blob storage and creates a file system.

4

Completing Initial DDVE Configuration 23

Steps

1. Log in to the DD System Manager with the sysadmin credentials.

2. Accept the End User License Agreement (EULA).

The Configuration wizard opens.

3. To replace licenses, select Licenses and click Yes (otherwise, the pre-installed 500-GB evaluation license is used.)

NOTE: The DDVE pre-installed evaluation license provides 45 days of limited access to DDVE software for evaluation

purposes and may only be used in a non-production environment.

4. Select File System and click Yes.

5. Select Configure Active Tier > Enable Object Store to configure the Azure hot blob storage.

6. Enter the container name, storage account name, key (not required if using OAuth 2.0), and passphrase.

You can create the container through the Azure portal. Ensure that the container is empty when enabling object store or the operation fails.

24 Completing Initial DDVE Configuration

7. Optional: Import the Baltimore CyberTrust Root certificate to communicate with Azure Object Store.

Completing Initial DDVE Configuration 25

8. Add the metadata storage, as shown.

9. Review the summary and click Submit to create the file system and enable it.

26 Completing Initial DDVE Configuration

10. Review the File System creation complete list and click OK.

Completing Initial DDVE Configuration 27

11. Read about new components that are available in different releases, then click Close.

12. Select Data Management > File System to view space usage and availability details for the hot blob storage and the local metadata storage.

13. To configure or update eLicenses on DDVE, select Licenses > Replace licenses, as shown in the following figure.

28 Completing Initial DDVE Configuration

14. To relaunch the configuration wizard, select Maintenance > System > Configure System.

Configuring DDVE in Azure using the CLI Use this procedure to configure DDVE in Azure with the Command Line Interface (CLI).

Steps

1. Use SSH to log in to the DDVE instance with sysadmin credentials.

If you did not specify a password during deployment, when you log in for the first time, you must change the password.

The initial configuration wizard starts.

2. Press Enter to dismiss all wizard options, exit the wizard, and complete the configuration by using CLI commands.

3. Proceed as shown in the following figure:

$ ssh -l sysadmin The authenticity of host '**.**.**.** (**.**.**.**)' can't be established. ECDSA key fingerprint is SHA256:CSbkxaW7hqCnF1S27WKjM01BJISYxs7XejBdKHUs+wE. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '**.**.**.**' (ECDSA) to the list of known hosts. EMC Data Domain Virtual Edition Password: Welcome to Data Domain OS *.*.*.*-****** ---------------------------------------- Press any key then hit enter to acknowledge the receipt of EULA information: q

Security Officer Do you want to create security officer ? (yes|no) [no]: Do you want to configure system using GUI wizard (yes|no) [no]:

Network Configuration Configure Network at this time (yes|no) [no]:

eLicenses Configuration Configure eLicenses at this time (yes|no) [no]:

System Configuration Configure System at this time (yes|no) [no]:

Storage object-store profile Configuration Configure Storage object-store profile at this time (yes|no) [no]:

Configuration complete.

4. To update the eLicense on DDVE, copy the license file to /ddvar and use the file name as follows: # elicense update .lic.

# elicense update atos_cap_96_TB.lic

Completing Initial DDVE Configuration 29

Existing licenses:

Capacity licenses: ## Feature Capacity Type State Expiration Date Note -- -------- -------- -------------------- ------ --------------- ---- 1 CAPACITY 0.45 TiB unexpired evaluation active n/a -- -------- -------- -------------------- ------ --------------- ----

Feature licenses: ## Feature Count Type State Expiration Date Note -- ------------------------- ----- -------------------- ------ --------------- ---- 1 REPLICATION 1 unexpired evaluation active n/a 2 DDBOOST 1 unexpired evaluation active n/a 3 RETENTION-LOCK-GOVERNANCE 1 unexpired evaluation active n/a 4 ENCRYPTION 1 unexpired evaluation active n/a -- ------------------------- ----- -------------------- ------ --------------- ----

New licenses:

Capacity licenses: ## Feature Capacity Type State Expiration Date Note -- -------- --------- --------------- ------ --------------- ---- 1 CAPACITY 87.31 TiB permanent (int) active n/a -- -------- --------- --------------- ------ --------------- ----

Feature licenses: ## Feature Count Type State Expiration Date Note -- ----------- ----- --------------- ------ --------------- ---- 1 DDBOOST 1 permanent (int) active n/a 2 ENCRYPTION 1 permanent (int) active n/a 3 REPLICATION 1 permanent (int) active n/a -- ----------- ----- --------------- ------ --------------- ----

** New license(s) will overwrite all existing license(s).

Do you want to proceed? (yes|no) [yes]: yes

eLicense(s) updated. Use the # elicense show command to verify.

# elicense show System locking-id: V4MXYV1S7R6VZVRWW6T9JTMPPBZEGY4CL25FSPX775WJC8GM6P57YKTD HGYDGR9AJZ4Y66CSH152YJRS6UPHFUZ2PP6VATMY2FMWSSKKZ8SHD

System software-id: Not available Instance software-id: Not available

Licensing scheme: EMC Electronic License Management System (ELMS) node-locked mode

Capacity licenses: ## Feature Capacity Type State Expiration Date Note -- -------- --------- --------------- ------ --------------- ---- 1 CAPACITY 87.31 TiB permanent (int) active n/a -- -------- --------- --------------- ------ --------------- ----

Feature licenses: ## Feature Count Type State Expiration Date Note -- ----------- ----- --------------- ------ --------------- ---- 1 REPLICATION 1 permanent (int) active n/a 2 DDBOOST 1 permanent (int) active n/a 3 ENCRYPTION 1 permanent (int) active n/a -- ----------- ----- --------------- ------ --------------- ---- License file last modified at : 2018/05/07 18:56:36.

5. Use # storage object-store enable to enable object store.

30 Completing Initial DDVE Configuration

# storage object-store enable Object-store is enabled.

6. Enter values for the following to create the Object store:

a. System PassphraseRequired to encrypt the object store credentials. It will also will be used to encrypt keys if file system encryption is enabled. If the passphrase has already been set, the user is not prompted to enter a passphrase.

b. Account NameIf no account exists, create one first. c. Primary KeyStorage account > access keys (not required if using OAuth 2.0 mode).

d. Container NameCreate a container under the storage account. The container must be empty or the operation fails. e. Baltimore Cyber Trust RootThis certificate is required to communicate with the object store. Import it for the profile

creation to succeed. NOTE: The Baltimore Cyber Trust Root might not appear when object-store is enabled (because all certificates are

imported once).

# storage object-store profile set

# storage object-store profile set A passphrase needs to be set on the system. Enter new passphrase: Re-enter new passphrase: Passphrases matched. The passphrase is set Enter the account name: Enter the primary key: Enter the container name:

Object-store endpoint needs the Baltimore CyberTrust Root certificate to be imported. Do you want to import that certificate with below fingerprint? D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 (yes|no) [yes]: yes

Profile is set.

OAuth 2.0 example:

# storage object-store profile set A passphrase needs to be set on the system. Enter new passphrase: Re-enter new passphrase: Passphrases matched. The passphrase is set OAuth is the recommended way of authentication to the object store. Do you want to choose OAuth? (yes|no) [yes]: Enter the account name: Enter the container name:

Profile is set.

7. Use # storage add tier active dev4 to add the metadata storage.

# storage add tier active dev4

Checking storage requirements...done Adding dev4 to the active tier...done

Updating system information...done

dev4 successfully added to the active tier. Multiple devices can also be added as metadata storage using the # storage add tier active dev4-6 command. This command is useful in when adding dev4, dev5, and dev6 to the DDVE.

# storage add tier active dev4-6

Checking storage requirements...done Adding dev4 to the active tier...done

Updating system information...done

Completing Initial DDVE Configuration 31

dev4 successfully added to the active tier.

Checking storage requirements... done Adding dev5 to the active tier...done

Updating system information...done

dev5 successfully added to the active tier.

Checking storage requirements... done Adding dev6 to the active tier...done

Updating system information...done

dev6 successfully added to the active tier.

NOTE: Use the # storage show all command to view the disks that are attached.

# storage show all Active tier details: Device Device Device Group Size ----------- ------ ---------- (available) 4 1023.0 GiB (available) 5 1023.0 GiB (available) 6 1023.0 GiB ----------- ------ ----------

Spindle Devices Count Total Size Group ------- ------- ----- ---------- 2 4 1 1023.0 GiB 3 5 1 1023.0 GiB 4 6 1 1023.0 GiB ------- ------- ----- ----------

Current active tier size: 2.9 TiB Active tier maximum capacity: 35.2 TiB** ** The maximum capacity supported by system memory.

Capacity License: License Total Used Remaining -------- --------- -------- --------- CAPACITY 87.31 TiB 2.70 TiB 84.61 TiB -------- --------- -------- ---------

8. Use # filesys create to create the file system.

# filesys create A filesystem of approximate size 2.71 TiB will be created. Do you want to continue? (yes|no) [yes]: yes

ok, continuing.

This will take 5 - 10 minutes.

Provisioning storage... ########################################### [100%]

Initializing filesystem... ########################################### [100%]

snapshot schedules deleted

32 Completing Initial DDVE Configuration

You now have a freshly initialized filesystem. Enable the filesystem using 'filesys enable'.

9. Use # filesys enable to enable the file system.

# filesys enable Please wait.............................. The filesystem is now enabled.

Recovering DDVE with system headswap A system headswap recovers a DDVE instance from a head unit failure. The head unit is the DDVE root disk.

Prerequisites

System headswap between the same DDOS versions is recommended. When the same DDOS version is unavailable, system headswap can be done with a later DDOS version. The DDOS version compatibility rules are the same as the RPM upgrade.

Ensure that the vNVRAM disk and metadata disks from system A (original system) are available for attaching to the new instance B. If either the vNVRAM disk or any metadata disk is unavailable, use Recovering the DDVE instance on page 34.

A static IP address that is configured using DDVE interfaces (CLI or UI) is not recommended. If a static IP address is configured on the network interface in the original DDVE, the same configuration is restored on the new head. This scenario might cause a network disconnection.

Generally, instead of configuring a static IP address using DDVE interfaces, configure it in the cloud provider environment. The DDVE uses DHCP to obtain the static IP address that you configure in the cloud environment.

If you are already using a static IP address that is configured within DDVE, and a disconnection occurs after following these steps, power off the DDVE. Then add an additional network interface to the new DDVE, and login using the IP address of this interface. Finally, enable or reconfigure the primary network interface on the new head, preferably using DHCP.

About this task

Follow these steps only to recover DDVE with a head unit (root disk) failure.

Steps

1. Create instance B with head unit (root disk only) with the same instance type as the original.

2. Detach the vNVRAM and metadata storage from the broken head unit and attach them to the instance B head unit.

3. Set the system passphrase.

NOTE: Set the passphrase to match system A, otherwise, headswap fails.

Completing Initial DDVE Configuration 33

# system passphrase set Enter new passphrase: Re-enter new passphrase: Passphrases matched. The passphrase is set.

4. Ensure that system A is in Stopped (Deallocated) status.

This step is required to detach the bucket from system A and make it available to be attached to system B.

5. Run system headswap.

NOTE: The system restarts during the headswap process.

# system headswap This command returns the system back to its prior operational conditions. The system will be rebooted before resuming normal operations. ** If system passphrase was set on the old head, you will need to do one of the following after headswap completes: - unlock the filesystem if you have encrypted data, or - set the system passphrase if you don't have encrypted data Are you sure? (yes|no) [no]: yes ok, proceeding. Please enter sysadmin password to confirm 'system headswap': Restoring the system configuration, do not power off / interrupt process ... Broadcast message from root (Mon Apr 30 13:44:10 2018): The system is going down for reboot NOW!

6. Check filesys status after the headswap process is complete.

# filesys status The filesystem is enabled and running.

Recovering the DDVE instance The system recovery procedure recovers a DDVE instance from failure of the head unit, NVRAM disk, metadata disks, or any combination of these components. The head unit is the DDVE root disk.

Prerequisites

System recovery between the same DDOS versions is recommended. When the same DDOS version is not available, system recovery can be done with a later DDOS version. The DDOS version compatibility rules are the same as the RPM upgrade.

A static IP address that is configured using DDVE interfaces (CLI or UI) is not recommended. If a static IP address is configured on the network interface in the original DDVE, the same configuration is restored on the new head. This scenario might cause a network disconnection.

Generally, instead of configuring a static IP address using DDVE interfaces, configure it in the cloud provider environment. The DDVE uses DHCP to obtain the static IP address that you configure in the cloud environment.

If you are already using a static IP address that is configured within DDVE, and a disconnection occurs after following these steps, power off the DDVE. Then add an additional network interface to the new DDVE, and login using the IP address of this interface. Finally, enable or reconfigure the primary network interface on the new head, preferably using DHCP.

About this task

Follow these steps only to recover DDVE when metadata disks or NVRAM disks are unavailable or failed. If both NVRAM and metadata disks are available, use Recovering DDVE with system headswap on page 33.

Steps

1. Create instance B with the same configuration as instance A. It must include the same memory size, maximum capacity, and metadata disk capacity. The instance type can be a new generation type that the DDOS version supports.

34 Completing Initial DDVE Configuration

2. Enable the object-store:

# storage object-store enable

3. Set the object-store profile:

Set the passphrase to match that of system A, otherwise, the recovery fails. Set the storage account/container name to the same as system A. When creating the profile on system B, select the same authentication method (OAuth 2.0 or HMAC) as system A.

Follow the CLI prompts:

# storage object-store profile set A passphrase needs to be set on the system. Enter new passphrase: Re-enter new passphrase: Passphrases matched. The passphrase is set Enter the account name: Enter the primary key: Enter the container name:

Object-store endpoint needs the Baltimore CyberTrust Root certificate to be imported. Do you want to import that certificate with below fingerprint? D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 (yes|no) [yes]:

Profile is set.

4. Add a metadata disk:

NOTE: Add a data disk with the capacity to match or exceed the capacity of system A .

# storage add dev4

5. Run the system recovery precheck:

# system recovery precheck from object-store

6. Run the recovery:

# system recovery start from object-store

7. Check the recovery status:

# system recovery status

NOTE: The system restarts during the recovery process.

8. After the recovery process completes, check the file system status:

# filesys status

Changing authentication to OAuth 2.0 You can use DDSM or CLI to change the authentication method to OAuth 2.0.

Before changing the authentication method to OAuth 2.0, observe these prerequisites:

Completing Initial DDVE Configuration 35

Table 6. Prerequisites

Managed identity type Steps

User-assigned managed identity Create a user-assigned managed identity, assign the Storage Blob Data Owner to it, and attach the identity to the DDVE.

For steps, see Configure user-assigned managed identity on page 15.

System-assigned managed identity Enable a system-assigned managed identity for a DDVE and assign the Storage Blob Data Owner role to the storage account.

For steps, see Configure system-assigned managed identity on page 14.

Change the authentication method to OAuth 2.0:

Change authentication to OAuth 2.0 using DDSM on page 36 Change authentication to OAuth 2.0 using CLI on page 37

Change authentication to OAuth 2.0 using DDSM

Use the DDSM to change the authentication method to OAuth 2.0.

Prerequisites

Observe the requirements listed in Prerequisites on page 36.

Steps

1. Log in to DDSM.

2. Disable the file system:

a. Navigate to the Data Management tab and select File System. b. At the bottom of the summary page, click Disable.

3. Change the authentication method:

a. Navigate to the Data Management tab and select File System. b. Click Modify ObjectStore.

4. Select the OAuth 2.0 authentication method and click OK.

36 Completing Initial DDVE Configuration

5. Enable the file system.

Change authentication to OAuth 2.0 using CLI

Use the CLI to change the authentication method to OAuth 2.0.

Prerequisites

Observe the requirements listed in Prerequisites on page 36.

Steps

1. Login to DDVE using SSH.

2. Disable the file system using the filesys disable command.

3. Run the storage object-store profile set command. To select the OAuth 2.0 authentication method, enter yes.

# storage object-store profile set Profile already exists. OAuth is the recommended way of authentication to the object store. Do you want to choose OAuth? (yes|no) [yes]: yes

Profile updated.

4. Enable the file system using the filesys enable command.

Configuring the system for data access If you did not configure data access with the configuration wizard, use the procedures referenced in this section to configure one or more protocols.

Depending on your environment, you must configure one or more protocols and clients for data access. Clients enable access to the DDVE system with the configured protocol. The DDVE system provides the DD Boost protocol for cloud or on-premises systems.

Completing Initial DDVE Configuration 37

DD BoostFor setting up the DD Boost feature, see the DD Boost for Open Storage Administration Guide or DD Boost for Partner Integration Administration Guide, available at https://support.emc.com.

Application integrationFor information about how to integrate the DD system with backup software, see the documentation for the applicable application at the DD Integration Documentation section on the DD Support web site https://support.emc.com.

38 Completing Initial DDVE Configuration

Administering DDVE This chapter includes the following topics:

Topics:

Adding virtual storage Extensions to DDOS for DDVE DDVE-only commands Modified DDOS commands Unsupported DDOS commands Troubleshooting performance issues

Adding virtual storage More virtual storage can be added to the DDVE using the GUI or the CLI.

Using the GUI

In DD SM, click Hardware > Storage > Configure Storage to add the additional devices to the DDVE active tier.

Using the CLI

When you add a new virtual data disk to an existing DDOS file system, use the filesys expand command instead of the filesys create command. For instructions and restrictions, see Adding disks in Azure

Extensions to DDOS for DDVE Several DDOS commands are supported on the DDVE platform only. This section describes these commands.

perf

Collect and show DDVE performance statistics. perf disable trace event-regexp [module {default | ddfs}] Disable tracing of specified events.

perf enable trace event-regexp [module {default | ddfs}] Enable tracing of the specified events.

perf start histogram [module {default | ddfs} Start collecting performance histograms. This command may reduce performance marginally.

perf start stats Start printing statistics. This command may reduce performance marginally.

perf start trace [allow-wrap] [module {default | ddfs}] Start tracing events. This command may reduce performance marginally.

perf status trace event-regexp [module {default | ddfs}]

5

Administering DDVE 39

Shows whether tracing is enabled or disabled for the specified events.

perf stop histogram histogram-filename [module {default | ddfs} Stop collecting histograms and write the collected histograms to the specified file.

perf stop stats Stop printing statistics.

perf stop trace trace-filename [module {default | ddfs}] Stop tracing events and write the collected traces to the specified file.

System vresource

Display details about the virtual CPU and memory resources on the DDVE. system vresource show [current | requirements]

# system vresource show requirements Active Tier Cloud Tier Instance Capacity (TB) Capacity (TB) Type ------------- ------------- ----------------- 16 n/a Standard_D4ds_v4 32 n/a Standard_D8ds_v4 96 n/a Standard_D16ds_v4 256 n/a Standard_D32ds_v4 ------------- ------------- ----------------- ** The maximum allowed system capacity for active tier on block storage is 16 TB

DDVE-only commands The following commands only work on DDVE and are not supported on physical DD systems.

Table 7. DDVE-only commands

Command Description

elicense checkout feature-license

Allows user to check out the features of licenses for License Server installation

elicense checkout capacity-license value {TB|GB}

Allows user to check out the capacity of licenses for License Server installation. Here is sample output: sysadmin@localhost# elic checkout capacity- license capacity value 10 TB Checking out CAPACITY license willl also checkout available feature licenses. An addition 10 TB CAPACITY license will be checked out. 10 TB additional CAPACITY license has been checked out. License(s) have been checked out for REPLICATION, DDBOOST, ENCRYPTION. Total 10 TB CAPACITY license is now available on this system.

elicense checkin { | all} Allows user to check in features for licenses for License Server installation

elicense license-server set server { | } port elicense license-server reset Returns DDVE to factory license settings.

elicense license-server show filesys show space tier active local- metadata

Displays the usage for the metadata storage. NOTE: Some portion of the disk space is reserved for internal metadata, such as index. The amount of reserved

40 Administering DDVE

Table 7. DDVE-only commands (continued)

Command Description

space is based on the maximum capacity of the platform and not on licensed capacity.

net hosts add Two DDVEs in different regions cannot resolve each other's hostname. Run this command to add a host list entry.

NOTE: For VNET to VNET connection between different regions in Azure, see Microsoft.com.

storage object-store enable Enables the object-store feature for DDVE.

storage object-store disable Disables the object-store feature for DDVE.

storage object-store profile set Configures the object-store access profile.

storage object-store profile show Displays the object-store access profile.

storage object-store profile status This CLI lists the object-store profile information set on the DDVE.

system vresource show [requirements] Displays the file system capacity, the number of virtual CPUs, and the amount of memory assigned to the virtual machine running the DDVE instance. The requirements option displays the physical storage requirements for DDVE.

Modified DDOS commands The behavior of the following commands is modified on the DDVE platform:

Table 8. Modified DDOS commands

Command Changes

alert The tenant-unit parameter is not supported.

compression The tenant-unit parameter is not supported.

config setup show Arguments for configuring features not available in DDVE have been removed.

ddboost clients show active The tenant-unit parameter is not supported.

ddboost file-replication show active The tenant-unit parameter is not supported.

ddboost file-replication show detailed-file- history

The tenant-unit parameter is not supported.

ddboost file-replication show file-history The tenant-unit parameter is not supported.

ddboost option reset The fc parameter is not supported.

ddboost option show The fc parameter is not supported.

ddboost storage-unit create The tenant-unit parameter is not supported.

ddboost storage-unit modify The tenant-unit parameter is not supported.

ddboost storage-unit show The tenant-unit parameter is not supported.

ddboost streams show active The tenant-unit parameter is not supported.

ddboost streams show history The tenant-unit parameter is not supported.

disk rescan The . parameter is not supported.

Administering DDVE 41

Table 8. Modified DDOS commands (continued)

Command Changes

disk show state DDVE system disks show the System Dev state.

disk show stats The DDVE format for this command is disk show stats [dev ]

disk status The Spare row has been removed from the output. The System row has been added.

enclosure show all The [ ] parameter is not supported.

enclosure show controllers The [ ] parameter is not supported.

enclosure show cpus The [ ] parameter is not supported.

enclosure show io-cards The [ ] parameter is not supported.

enclosure show memory The [ ] parameter is not supported.

filesys encryption keyes delete The [tier {active | archive} | archive-unit <unit-name>] parameter is not supported.

filesys encryption keys show The [tier {active | archive} | archive-unit <unit-name>] parameter is not supported.

filesys fastcopy The [retention-lock] parameter is supported with DDVE.

Retention lock compliance mode is not supported for any DDVE.

filesys show compression The [tier {active | archive} | archive-unit <unit-name>] parameter is not supported.

filesys show space The [tier {active | archive} | archive-unit <unit-name> | arcjove-unit {all | name>] parameter is not supported.

mtree create The tenant-unit parameter is not supported.

mtree list The tenant-unit parameter is not supported.

mtree show compression The tenant-unit and tenant-unit parameters are not supported.

mtree show performance The tenant-unit parameter is not supported.

net create interface The parameter is not supported.

net destroy The parameter is not supported.

perf The vtl option is not supported on any perf command.

storage add The enclosure and disk parameters are not supported.

storage remove The enclosure and disk parameters are not supported.

storage show The archive option is not supported.

system show stats NVRAM statistics are not reported, because DDVE systems do not have physical NVRAM.

quota The tenant-unit parameter is not supported.

replication MTree replication is the only type of replication supported.

snapshot The tenant-unit parameter is not supported.

42 Administering DDVE

Unsupported DDOS commands The following DDOS commands and command options are not supported on the DDVE platform.

Table 9. Unsupported commands and command options

Unsupported command or command option Notes

adminaccess https generate certificate Deprecated. Use adminaccess certificate generate instead.

alerts add Deprecated. Use alerts notify-list add instead.

alerts del Deprecated. Use alerts notify-list del instead.

alerts notify-list option set group-name tenant-alert-summary {enabled | disabled} alerts notify-list option reset group-name tenant-alert-summary alerts reset Deprecated. Use alerts notify-list reset instead.

alerts show alerts-list Deprecated. Use alerts notify-list show instead.

alerts test Deprecated. Use alerts notify-list test instead.

archive authorization autosupport display Deprecated. Use autosupport show report instead.

autosupport reset support-list Deprecated. Use autosupport reset { all | alert- summary | asup-detailed | support-notify } instead.

autosupport show support-list Deprecated. Use autosupport show { all | asup- detailed | alert-summary | support-notify } instead.

cifs set authentication nt4 Deprecated. Use cifs set authentication active- directory instead.

cluster ddboost fc ddboost option reset fc ddboost option set distributed-segment- processing disabled

Turning off distributed segment processing (DSP) with this DDBoost command is not supported for DDVE on DDOS 6.1.2.x.

ddboost option show Turning off DSP with this DDBoost command is not supported for DDVE on DDOS 6.1.2.x.

ddboost option show fc ddboost show image-duplication Deprecated. Use ddboost file-replication show

instead.

ddboost user option set user default-tenant- unit tenant-unit ddboost user option reset user [default- tenant-unit] disk add devdisk-id [spindle-group 1-16] Deprecated. Use storage add instead.

disk add enclosure enclosure-id Deprecated. Use storage add instead.

Administering DDVE 43

Table 9. Unsupported commands and command options (continued)

Unsupported command or command option Notes

disk benchmark start Not supported by DDVE in cloud

disk benchmark show Not supported by DDVE in cloud

disk benchmark stop Not supported by DDVE in cloud

disk benchmark watch Not supported by DDVE in cloud

disk expand Deprecated. Use storage add instead.

disk failenclosure-id.disk-id disk multipath disk port disk rescan [enclosure-id.disk-id] disk show detailed-raid-info Deprecated. Use disk show state and storage show

instead.

disk show failure-history disk show performance Not supported by DDVE in cloud

disk show raid-info Deprecated. Use disk show state and storage show instead.

disk show reliability-data disk disk show stats Not supported by DDVE in cloud

disk unfail enclosure beacon enclosure show all [enclosure] This command is supported, but not with the enclosure

argument.

enclosure show chassis enclosure show controllers enclosure This command is supported, but not with the enclosure

argument.

enclosure show cpus [enclosure] This command is supported, but not with the enclosure argument.

enclosure show fans enclosure show io-cards [enclosure] This command is supported, but not with the enclosure

argument.

enclosure show memory [enclosure] This command is supported, but not with the enclosure argument.

enclosure show nvram enclosure show powersupply enclosure show summary enclosure show temperature-sensors enclosure show topology enclosure test topology filesys archive filesys clean update-stats Deprecated. Use filesys show space instead.

filesys encryption

44 Administering DDVE

Table 9. Unsupported commands and command options (continued)

Unsupported command or command option Notes

filesys encryption passphrase change Deprecated. Use system passphrase change instead.

filesys retention-lock Deprecated. Use mtree retention-lock instead.

filesys show compression tier The tier option is not supported.

filesys show history Deprecated. Use filesys show compression daily instead.

ha create Not supported by DDVE in cloud

ha destroy Not supported by DDVE in cloud

ha status Not supported by DDVE in cloud

ha failover Not supported by DDVE in cloud

ha online Not supported by DDVE in cloud

ha offline Not supported by DDVE in cloud

license The license commands are not supported because DDVE uses new elicense commands.

mtree show compression mtree_path tier net aggregate net config ifname type cluster net create interface virtual-ifname net create interface physical-ifname vlan vlan-id

net create virtual vethid net destroy virtual-ifname net destroy vlan-ifname net failover net modify virtual-ifname bonding {aggregate | failover net set portnaming ndmp ndmpd nfs option disable report-replica-as- writable

Deprecated. Use filesys option disable report- replica-as-writable instead.

nfs option enable report-replica-as-writable Deprecated. Use filesys option enable report- replica-as-writable instead.

nfs option reset report-replica-as-writable Deprecated. Use filesys option reset report- replica-as-writable instead.

nfs option show report-replica-as-writable Deprecated. Use filesys option show report- replica-as-writable instead.

perf * module vtl san shelf migration start Not supported by DDVE in cloud

shelf migration status Not supported by DDVE in cloud

Administering DDVE 45

Table 9. Unsupported commands and command options (continued)

Unsupported command or command option Notes

shelf migration suspend Not supported by DDVE in cloud

shelf migration resume Not supported by DDVE in cloud

shelf migration precheck Not supported by DDVE in cloud

shelf migration option Not supported by DDVE in cloud

shelf migration finalize Not supported by DDVE in cloud

shelf migration show history Not supported by DDVE in cloud

snapshot add schedule name [days days] time time [,time...] [retention period]

Deprecated. Use snapshot schedule create instead.

snapshot add schedule name [days days] time time every mins [retention period]

Deprecated. Use snapshot schedule create instead.

snapshot add schedule name [days days] time time-time [every hrs | mins] [retention period]

Deprecated. Use snapshot schedule create instead.

snapshot del schedule {name | all} Deprecated. Use snapshot schedule destroy instead.

snapshot modify schedule name {[days days] | time time [,time...] | [retention period]}

Deprecated. Use snapshot schedule modify instead.

snapshot modify schedule name {[days days] | time time every {mins | none} | [retention period]}

Deprecated. Use snapshot schedule modify instead.

snapshot modify schedule name {[days days] | time time-time [every {hrs | mins | none}] | [retention period]}

Deprecated. Use snapshot schedule modify instead.

snapshot reset schedule Deprecated. Use snapshot schedule reset instead.

snapshot show schedule Deprecated. Use snapshot schedule show instead.

storage add enclosure enclosure-id storage add disk enclosure-id.disk-id storage remove enclosure enclosure-id storage remove disk enclosure_id.disk-id system firmware system option set console system retention-lock system sanitize system show anaconda system show controller-inventory system show nvram system show nvram-detailed system show oemid system upgrade continue user user change priv Deprecated, with no replacement.

vserver config set host Not supported by DDVE in cloud

46 Administering DDVE

Table 9. Unsupported commands and command options (continued)

Unsupported command or command option Notes

vserver config reset Not supported by DDVE in cloud

vserver config show Not supported by DDVE in cloud

vserver config perf-stats start Not supported by DDVE in cloud

vserver config perf-stats stop Not supported by DDVE in cloud

vserver config perf-stats status Not supported by DDVE in cloud

vtl lunmask Deprecated. Use vtl group instead.

vtl lunmask add Deprecated. Use vtl group add instead.

vtl lunmask del Deprecated.

vtl lunmask show Deprecated. Use vtl group show instead.

Troubleshooting performance issues You can check DDVE performance statistics as follows:

By monitoring the collection of diagnostics data using metrics in the Azure portal. How to monitor virtual machines in Azure provides more detailed information.

You can also use the following to monitor benchmark performance:

perf Extensions to DDOS for DDVE on page 39 provides more information about commands.

CPU Performance

The two key statistics for CPU performance are:

CPU usageCPU usage as a percentage during the interval CPU readyThe percentage of time that the virtual machine was ready, but could not get scheduled to run on the physical

CPU. This counter might not be displayed by default.

If these counters are high, there may be a performance problem on the hypervisor host.

Memory Performance

Memory swappingThe key statistic for memory performance, which is the current amount of guest physical memory swapped out to the virtual machines swap file.

Virtual Disk Performance

The key statistics for virtual disk performance are:

I/O throughputA decrease in these values indicates a performance issue. I/O latencyAn increase in read and write latency values indicates a performance problem. Failed commandsAn increase in the average number of outstanding read and write requests indicates a performance problem.

Administering DDVE 47

Best Practices for Working with DDVE in the Cloud

This chapter includes the following topics:

Topics:

Supportability Azure licensing Power control Storage best practices Security best practices

Supportability

About this task

Azure supports interactive serial console, which can help to debug boot up and networking issues, troubleshoot malfunctioning instance, interact with Grand Unified Bootloader (GRUB), and perform other troubleshooting tasks. We recommend the following. Enable the "Boot Diagnostics" feature during deployment for troubleshooting. Enable ASUP in DDVE.

Azure licensing DDVE licenses are node locked, which means the same license cannot be used on multiple DDVE instances. To facilitate DDVE license management, use served-mode licenses if multiple DDVEs are being deployed.

NOTE:

A DDVE license might become invalid after removing the first NIC ethV0.

If there is a head swap, a served-mode license continues to work on the new DDVE instance. For other licenses, you

must re-activate the licenses.

Power control We recommend that you use DDOS interfaces to power-off or reboot the DDVE instance. If you power-off the virtual machine using the Azure interface, it might not shut down cleanly.

By Azure platform design, using the guest OS from inside Azure to shut down the system leaves the virtual machine in Stopped status. To ensure that the DDVE instance is Deallocated (Stopped), do the following:

1. From the DDOS interface, power off the DDVE instance. 2. Click the Stop button in the Azure Portal or execute stop-azvm in the Powershell command line.

Storage best practices The virtual disk that is allocated to the virtual machine is discovered automatically. However, you must explicitly add it to the DDVE storage active tier and create or expand the file system.

A

48 Best Practices for Working with DDVE in the Cloud

Data disk limitations

https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits provides details about Azure limitations. Observe the following requirements for planning storage expansion:

The maximum size of each disk is 4 TB, the recommended size is 1 B for performance consideration. VM size determines the maximum number of data disks for the Azure VM instances that DDVE uses. See Virtual Machine

Sizes for data disk limitations (the root disk and resource disk that Azure adds are not counted in this limitation). The NVRAM emulation disk is also counted as one data disk for Azure. For example, for one DDVE instance in Azure that supports up to 16 TB block storage, the maximum number of data disks = (32 - 1) = 31.

Expanding DDVE on block storage

DDVE capacity can be dynamically expanded by adding more data disks to the instance. Increments of 1 TB are recommended. When the maximum capacity that the instance supports is reached, you must upgrade the VM to a larger size before adding more storage to the system.

Do not manually set or change the spindle group setting when adding storage. DDVE automatically assigns the spindle group.

Expanding DDVE on hot blob storage

The local block storage is used for caching metadata. Based on different workloads, the needed metadata size varies. Dell Technologies recommends that you configure the metadata storage size as 10% of total capacity, which is enough for most workloads. For workloads with a higher deduplication ratio, more metadata is needed.

Metadata storage can be dynamically expanded. When the metadata storage space usage exceeds 80%, an alert is raised. Immediately add a metadata disk to the DDVE to avoid running out of space. The DDOS Administration Guide provides a procedure for expanding storage. Dell Technologies recommends that you always use a 1 TB disk.

Hot blob storage location

When you use DDVE on hot blob storage, ensure that your hot blob storage account and DDVE instance are in the same region. Configuring the VM and storage account in different regions can result in lower performance and higher costs.

Create separate storage account for each DDVE

Azure infrastructure throttles each storage account, and each storage account has its own IOPS and throughput limits. For best performance, create a separate storage account for each DDVE.

Disk caching

Host-caching is not supported for data disks (DDVE on block storage) or metadata disks (DDVE on hot blob storage). Changing the cache setting of an Azure disk detaches and reattaches the target disk. For the operating system disk, the VM is restarted. Ensure that you stop all applications and services that this disruption might affect before changing the disk cache setting.

Converting from evaluation to production

Rather than convert an evaluation version of DDVE to a production version, Dell Technologies recommends a fresh deployment. If you decide to convert from an evaluation to production version, Dell Technologies recommends that you:

Destroy the existing file system Delete small data disks (not the root, NVRAM disks) Configure new disks according to the recommendations in this guide

Best Practices for Working with DDVE in the Cloud 49

Security best practices

Avoid Public IP address

To prevent brute force attacks on the DDVE, do not use a public IP address to configure your system.

Secure access

The following table illustrates the different authentication methods that DDVE supports.

Table 10. Access Types and Authentication

Access Type Authentication Methods

UI Username and password X509 certificates

SSH Username and password

SSH key pair

REST API Username and password X509 certificates

For better security, it is recommended that you disable authentication that is based on username and password. If you want to use the username-and-password-based authentication, it is recommended that you configure a strong password.

NOTE: Do not disable password-based login if you want to configure Avamar Virtual Edition, NetWorker, or other backup

software to connect to DDVE in Azure. Password authentication is used for communication between them.

Because Azure is a public cloud, pay attention to the security in your deployment. Follow these best practices:

Use public key based authentication for SSH access. Use certificate-based authentication for DDSM access. Do not configure public IP for DDVE in Azure, unless necessary. Use an external KMIP server to store encryption keys. Enable encryption for DDFS and replication.

When deploying DDVE from the market place, you can select one of the following authentication types. The username is always sysadmin.

PasswordThe complexity of this password should meet the following requirements for Azure and DDOS: Password should be at least nine characters long. Password should have at least one:

Uppercase character (A-Z) Lowercase character (a-z) Digit (0-9) Special character @ number $ % ^ & * - _ ! + = [ ] { } | \ : ' , . ? / ` ~ " ( ) ;

Password should not have more than three consecutive repeated characters. SSH Public KeyThe default password for sysadmin is "changeme". At the first login, you are required to change the

password.

IP Tables feature

After protecting the DDVE using secure setup, within DDVE you can filter the network traffic that enters by using the iptables feature. The Net Filter section of the DDOS Command Reference Guide provides more configuration information.

Security rules settings

Because DDVE in Azure is always running in a VPC, configure the VPC so that only required and trusted clients can access the DD system. The following tables show the TCP and UDP ports that the DD system uses for inbound and outbound traffic. Also

50 Best Practices for Working with DDVE in the Cloud

shown are the services that use the ports. Consider the following information when configuring VPC firewall rules. For additional information, see Security Rules.

Inbound rules

The following are the inbound ports that the DDVE uses.

Table 11. Inbound ports used by DDVE

Port Service Description

TCP 22 SSH Used for SSH (CLI) access and configuring DDVE.

TCP 443 HTTPS Used for DDSM (UI) access and configuring DDVE.

TCP 2049 DD Boost, NFS Main port used by NFS. Can be modified by using the nfs set server-port command, which requires SE mode.

TCP 2051 Replication, DD Boost, Optimized Duplication

Used only if replication is configured (run replication show config command on DD system to determine). This port can be modified by using replication modify.

TCP 3009 SMS (system management) Used for managing a system remotely using DDSM. This port cannot be modified. If you plan to configure replication from within the DDSM, open this port (since the replication partner must be added to the DDSM).

Depending on the protocol that is used to backup data to DDVE, additional ports are enabled with inbound firewall rules.

Outbound rules

The following are the outbound ports that the DDVE uses.

Table 12. Outboard ports used by DDVE

Port Service Description

UDP 123 NTP Used by the DD system to synchronize to a time server.

TCP 443 HTTPS Used for DDVE to be able to communicate with outside services.

TCP 2049 DD Boost, NFS Main port used by NFS. Can be modified by using the nfs set server-port command, which requires SE mode.

TCP 2051 Replication, DD Boost, Optimized Duplication

Used only if replication is configured (run replication show config on DD system to determine). This port can be modified using replication modify.

TCP 3009 SMS (system management) Used for managing a system remotely using DDSM. This port cannot be modified. If you plan to configure replication from within the DDSM, open this port (since the replication partner must be added to the DDSM).

Depending on the other applications and services that are being used, additional ports shall be enabled for outbound firewall rules.

Best Practices for Working with DDVE in the Cloud 51

Networking Best Practices for DDVE in the Cloud

This chapter includes the following topics:

Topics:

Network setup in Azure Setting up NTP time synchronization in Azure

Network setup in Azure Network configuration requirements and recommendations are provided.

Virtual Private Cloud: Azure Virtual Network in the Cloud Architecture

Your virtual private cloud (VPC) in Azure is the Virtual Network (VNet). We recommend that you use public or private subnet architecture to deploy DDVE in a private subnet. The subnet secures the DDVE VMs with the appropriate use of various VNet service components, such as route tables, access control lists, and security groups.

Public IP address

For security and to protect DDVE from potential attacks over the open internet, never expose the DDVE using a Public IP address directly over internet. We strongly recommend that you use VPN connections between different geographical regions (VNets). For example, you can use secure VPN connections for replication between different VNets, different cloud regions, cloud to on-premises, and vice versa.

Network interfaces

You can add multiple network interfaces to the DDVE instance. The maximum number of network interfaces varies by VM size. See Add network interfaces to or remove network interfaces from virtual machines for more information.

Static private IP Address

If you want to assign the network interface with a static private IP address, follow the steps in Configure private IP address for a VM using Azure portal to add a static private IP address to the DDVE instance.

Within DDVE, there is no requirement to configure the interface to a static IP address. Configuring the network interface using DHCP, which is enabled by default, is recommended.

Object store connectivity

The DDVE object store feature needs connectivity to its object storage, such as to the Azure storage account container. Because the object store communication is over https, the outbound security group setting must allow communication over port 443. There are different ways to enable DDVE connectivity to the object store. Of the following three options, we recommend only the third option (Using a VNet service endpoint).

Using the public IP from the public subnetShould not be used.

B

52 Networking Best Practices for DDVE in the Cloud

Using NAT (Network Address Translation)If the private subnet is configured to use NAT, DDVE will be able to communicate to an object store over NAT.

We strongly recommend using VNet service endpoint for accessing the Azure hot blob storage. It does not require the DDVE to have a public IP address to communicate to Azure blob storage but uses the private IP address instead. In this case, an internet gateway, NAT, or virtual private gateway are not needed to access Azure blob storage. This method also allows the traffic to the Azure endpoint to stay within the Azure network and is routed internally to Azure blob storage.

NOTE: When you use DDVE on hot blob storage, ensure that your hot blob storage account and your DDVE instance are

located in the same region. Configuring the VM and storage account in different regions can result in lower performance

and higher costs.

NOTE: To add a Service Endpoint in the VPC:

1. In the Service column, select Microsoft.Storage.

2. In the Subnets column, specify the subnet where DDVE is located so that DDVE can access blob storage through the

Service Endpoint.

Setting up NTP time synchronization in Azure It is important that the time on the DDVE instance is correctly synchronized. Any drift in time might impact the object store communication.

About this task

System time is required for secure communication. We recommend that you sync time with the NTP server for DDVE in Azure. While performing initial configuration of the DDVE system, you can enable NTP and configure the NTP server. If you do not use the CLI configuration wizard to perform initial configuration, you can use the ntp enable command on the DDOS command line. For more information about time sync for Linux VMs in Azure, refer to Time sync for Linux VMs in Azure.

Steps

1. Under Administration, select Settings.

2. Select More Tasks > Configure Time Settings.

3. Under NTP, select Manually Configure and add your own NTP servers.

4. Using CLI, run the following commands to configure NTP on DDVE.

ntp add timeserver ntp enable ntp sync

Networking Best Practices for DDVE in the Cloud 53

Installing and Configuring DDVE on Block Storage in the Cloud

This chapter includes the following topics:

Topics:

Deploying DDVE on Azure block storage

Deploying DDVE on Azure block storage Use the procedures in this section to use DDVE on Azure block storage.

We strongly recommend that you use the DDVE on hot blob storage solution. Prerequisites for deploying DDVE on Azure on page 12 provides more information.

Azure system configuration requirements

These are the system configuration requirements for configuring the DDVE on Azure block storage.

Table 13. Azure System Requirements on Block Storage

Instance type Standard_F8/ Standard_F8s/Standard_D4ds_v4

CPU 8/4

Memory (GiB) 16

System disk 250 GiB standard root disk

10 GiB standard NVRAM disk

Storage capacity 16 TB

Specifications for DDVE on Azure block storage

Table 14. Azure block storage stream counts

Configuration Write Steam Read Stream Repl Source Repl Dest Mixed Stream Max Mtree

16TB 45 30 45 45 60 6

Creating DDVE from Azure Marketplace

DDVE is available in the Azure Marketplace.

About this task

Refer to Deploying DDVE from the Azure Marketplace on page 17 for details and Azure system requirements.

C

54 Installing and Configuring DDVE on Block Storage in the Cloud

Adding disks in Azure

Prerequisites

Ensure that you have enough licensed capacity available to add new capacity to DDVE. Ensure that the DDVE instance can support the new capacity. If the new capacity is more than the DDVE instance supported

capacity, you must upgrade the DDVE instance. New block storage for the DDVE must meet the following requirements:

The minimum size of the first data disk is 512 GiB. The minimum size of subsequent data disks is 1 TiB. The recommended size for all data disks is 1 TiB. For example, if 10 TiB of capacity are required, configure 10 x 1 TiB data

disks.

About this task

Although DDVE supports Standard HDD and Standard SDD as data disks (for DDVE on block storage) or metadata disks (for DDVE on hot blob storage), Dell EMC recommends Standard HDD disks.

A 10 GiB vNVRAM disk is created automatically after you deploy DDVE in Azure.

Next steps

To add additional storage in the future, follow the requireme

Manualsnet FAQs

If you want to find out how the Azure Cloud Dell works, you can view and download the Dell DD OS 7.7 Azure Cloud Operating System Installation And Administration Guide on the Manualsnet website.

Yes, we have the Installation And Administration Guide for Dell Azure Cloud as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Installation And Administration Guide should include all the details that are needed to use a Dell Azure Cloud. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell DD OS 7.7 Azure Cloud Operating System Installation And Administration Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell DD OS 7.7 Azure Cloud Operating System Installation And Administration Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell DD OS 7.7 Azure Cloud Operating System Installation And Administration Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell DD OS 7.7 Azure Cloud Operating System Installation And Administration Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell DD OS 7.7 Azure Cloud Operating System Installation And Administration Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.