Professional Documents
Culture Documents
Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC, and other trademarks are trademarks
of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the
USA.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” DELL EMC MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO
THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
Use, copying, and distribution of any DELL EMC software described in this publication requires an applicable software license. The trademarks, logos, and service marks
(collectively "Trademarks") appearing in this publication are the property of DELL EMC Corporation and other parties. Nothing contained in this publication should be construed
as granting any license or right to use any Trademark without the prior written permission of the party that owns the Trademark.
AccessAnywhere Access Logix, AdvantEdge, AlphaStor, AppSync ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic Problems, Automated Resource Manager,
AutoStart, AutoSwap, AVALONidm, Avamar, Aveksa, Bus-Tech, Captiva, Catalog Solution, C-Clip, Celerra, Celerra Replicator, Centera, CenterStage, CentraStar, EMC
CertTracker. CIO Connect, ClaimPack, ClaimsEditor, Claralert ,CLARiiON, ClientPak, CloudArray, Codebook Correlation Technology, Common Information Model, Compuset,
Compute Anywhere, Configuration Intelligence, Configuresoft, Connectrix, Constellation Computing, CoprHD, EMC ControlCenter, CopyCross, CopyPoint, CX, DataBridge ,
Data Protection Suite. Data Protection Advisor, DBClassify, DD Boost, Dantz, DatabaseXtender, Data Domain, Direct Matrix Architecture, DiskXtender, DiskXtender 2000, DLS
ECO, Document Sciences, Documentum, DR Anywhere, DSSD, ECS, elnput, E-Lab, Elastic Cloud Storage, EmailXaminer, EmailXtender , EMC Centera, EMC ControlCenter,
EMC LifeLine, EMCTV, Enginuity, EPFM. eRoom, Event Explorer, FAST, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic
Visualization, Greenplum, HighRoad, HomeBase, Illuminator , InfoArchive, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, Isilon, ISIS,Kazeon, EMC
LifeLine, Mainframe Appliance for Storage, Mainframe Data Library, Max Retriever, MCx, MediaStor , Metro, MetroPoint, MirrorView, Mozy, Multi-Band
Deduplication,Navisphere, Netstorage, NetWitness, NetWorker, EMC OnCourse, OnRack, OpenScale, Petrocloud, PixTools, Powerlink, PowerPath, PowerSnap, ProSphere,
ProtectEverywhere, ProtectPoint, EMC Proven, EMC Proven Professional, QuickScan, RAPIDPath, EMC RecoverPoint, Rainfinity, RepliCare, RepliStor, ResourcePak,
Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, ScaleIO Smarts, Silver Trail, EMC Snap, SnapImage, SnapSure, SnapView, SourceOne,
SRDF, EMC Storage Administrator, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX, TimeFinder, TwinStrata, UltraFlex,
UltraPoint, UltraScale, Unisphere, Universal Data Consistency, Vblock, VCE. Velocity, Viewlets, ViPR, Virtual Matrix, Virtual Matrix Architecture, Virtual Provisioning, Virtualize
Everything, Compromise Nothing, Virtuent, VMAX, VMAXe, VNX, VNXe, Voyence, VPLEX, VSAM-Assist, VSAM I/O PLUS, VSET, VSPEX, Watch4net, WebXtender, xPression,
xPresso, Xtrem, XtremCache, XtremSF, XtremSW, XtremIO, YottaYotta, Zero-Friction Enterprise Storage.
In step one, the diagram describes how clients and servers are storing data on the primary storage device.
Step two illustrates the conventional process of handling backups through backup servers. The backup
servers preserve the data on the primary storage device by copying it to a tape library.
In step three, tapes are physically transported and stored off-site for archival and disaster recovery
purposes. This prevents the loss of backup data in case of a negative event in the data center.
Step four describes off-site data recovery process. In this case, data recovery requires a manual process
of transporting the tapes back to the primary storage device in the data center.
• Data Domain systems are a protection storage platform for backup and archive data that reduce the
amount of disk storage needed to retain and protect data by ratios of 10-30x and greater, making disk a
cost-effective alternative to tape. These systems can scale up to 150 PB of logical capacity managed
by a single system with DD Cloud Tier. With throughput up to 68 TB/hour, Data Domain systems make
it possible to complete more backups in less time and provide faster, more reliable restores.
• Data Domain Replicator software transfers only the deduplicated and compressed unique changes
across any IP network, requiring a fraction of the bandwidth, time, and cost, compared to traditional
replication methods. “Time-to-DR readiness” is greatly reduced when compared to other replication
methods.
• Data Domain’s Data Invulnerability Architecture – built into every Data Domain system – provides
industry’s best defense against data integrity issues ensuring you can access and recover your data
when you need it.
• Finally, Data Domain systems are able to consolidate backup, archive, and disaster recovery onto a
single platform making them an ideal protection storage solution.
Data Domain deduplication greatly reduces the data footprint before the data is backed up. Data Domain
global compression technology combines an exceptionally efficient high-performance in-line deduplication
technology with a local compression technique. The reduced data footprint allows data to be retained on-
site for longer periods and allows transfer across the network for archival.
Data recovery is similarly transformed by the elimination of time-consuming and resource intensive
handling of tape.
Tape backups can optionally be incorporated into a Data Domain environment if required by regulatory or
corporate requirements.
The list on the left comprise primarily of backup, archive, and enterprise applications that are not only Dell
EMC’s offerings with Dell EMC NetWorker and Avamar, but also with Quest, Veritas, Oracle, HP, IBM,
SAP Hana, and others.
The data is transferred from the application to the primary storage through Ethernet or Fibre Channel.
Ethernet uses mass storage protocols, NFS or CIFS. It can also use optimized protocols such as NDMP
and Data Domain Boost.
Fibre Channel connectivity enables a Data Domain system to act as a virtual tape library which eliminates
virtual tape management. Fibre Channel connectivity also enables DD Boost over Fibre Channel.
After the data is received by Data Domain system, it is deduplicated during storage process and later it is
replicated for disaster recovery. Only the deduplicated and compressed unique data segments that have
been filtered out through the process on the target tier are replicated.
Most Data Domain systems support the addition of one or more storage expansion shelves to increase
capacity.
Documents for each hardware model are published on the Dell EMC support site.
Many Data Domain models provide keyboard and PS2 mouse port for connecting directly to the unit with a
keyboard and monitor. Check with the onsite administrator for the preferred access method. For repairs in
the field, access to the command line interface to shut down, restart, and run diagnostics is usually
through the serial port.
All Data Domain systems may be connected to Ethernet networks for TCP/IP-based data transfer and
system management. All models have a minimum of two built-in ports. Some models may be configured
with additional ports by adding optional Ethernet expansion cards. Newer systems also include a
dedicated Ethernet port for what is known as lights-out management or remote system management.
Interface cards are usually added to provide additional network capacity.
Connecting to a Fibre Channel-based storage area network is supported by adding a host bus adapter
card. In these environments, the virtual tape library VTL software license and/or DD Boost software
license is also required.
DD6800, DD9300 and DD9800 each support Data Domain Cloud Tier. DD Cloud Tier allows up to 2x the
capacity of the Active Tier to be natively-tiered to the cloud for long term retention.
The DD6300 all-in-one model replaces the previous DD2500 and DD4200 models.
The new DD6800 and DD9300 models are dataless head models. DD6800 replaces the previous DD4500
model and the DD9300 replaces the DD7200 model.
Note: The term all-in-one or AIO refers to systems where both the OS and user data are stored in the
head disk or controller. The term dataless head or DLH refers to systems where no user data is stored in
the controller and the system can therefore take a controller upgrade/headswap later.
This table is extracted from the Data Domain Hardware Overview and Installation Guide for the DD9500
and DD9800 models. Please refer to this guide for more information.
ES30-SATA can accommodate 15 one, two, or three TB drives and supports the DD6300, DD6800,
DD9300, and DD9800.
ES30-SAS can accommodate 15 two or three TB drives and supports the DD6300, DD6800, DD9300, and
DD9800.
Both the ES30-SATA and ES30-SAS have one spare drive. ES30-SATA and ES30-SAS shelves can be
attached to the same head unit, but cannot be combined in the same set.
The ES30-60 can accommodate 15 four TB drives and supports the DD6800, DD9300, and DD9800
DS60 (Dense Storage) shelf supports 3TB and 4TB SAS drives in 15 drive increments, up to 60 drives per
shelf. DS60 is available for the DD6300, DD6800, DD9300, and DD9800 systems.
With greater storage capacity and higher speed access, Data Domain systems need to accelerate
processing metadata and data access throughout the file system. The current trend is to add denser
drives which leads to spindle consolidation thus reducing the overall performance of data movement
through the system.
The solution is to provide a faster cache tier for storing Data Domain file system metadata clients that is
fast to access and process by using a low-latency flash cache solution. The Solid State Drive cache tier
provides the SSD cache storage for the file system. The file system draws the required storage from the
SSD cache tier without active intervention from the user.
These improvements provide higher random IOPS with low latency and overall system performance
improvement despite the density of the SSD being used.
It uses the same form factor as the earlier ES30 expansion shelves and offers different quantities of 800
GB SAS solid state drives depending on the capacity of the active tier.
There is a physical shelf count limit per SAS string. You cannot attach an FS15 shelf to a SAS string
already containing a maximum number of shelves – 7 ES30’s, for instance. You need to attach it to a
string with fewer than 7 shelves.
With a DD9800, the FS15 can be configured as required with either 8 or 15 disks and with DD6800 and
DD9300 models in a high availability configuration with variable numbers of SSDs- 2 or 5 disks for
DD6800 and 5 or 8 disks for DD9300.
DD VE is agile- it is designed for use with VMware, it is exceptionally quick to set up and run. You can
start with a small capacity configuration and scale as large as 16 TB.
Dell EMC offers a DD VE evaluation license for a limited 500 GB capacity, and full function of DD
Replication, DD Encryption, and DD Boost with no set expiration. This license can be replaced with larger
capacity licenses if needed – up to a maximum of 16 TB. Other limited time evaluation licenses are also
available.
DD VE can be managed by both DD System Manager and DD Management Center. It supports all
replication topologies between virtual and physical systems. It also supports all common backup software
currently supported by Data Domain.
• Features that function exactly as those in a physical Data Domain system are DD Boost, CIFS
workgroup and active directory, NFS, DD Encryption, garbage collection and DD Replication.
• Features that are optimized for use with DD VE are stream counts, MTree counts, the DD System
Manager, IPv4 and IPv6, and head unit swaps.
• New features supporting the DD VE system are the deployment assessment tool, licensing through the
Electronic Licensing and Management System (ELMS), virtual resource monitoring, and RAID-On-
LUN.
DD OS 6.1 supports ELMS. Data Domain systems running DD OS 6.1 can use either ELMS or Data
Domain licensing.
ELMS on Data Domain systems use one license file per system. The license file contains a single license
for all purchased features.
Served licenses are on a license server and the DD system has to check in with the server to see what is
licensed. Served licenses are supported only with DD VE.
Unserved licenses are the licenses that are applied directly to the DD system.
• Customers will first place the license order through the Sales portal. MyQuotes is the EMC sales page
to order e-licenses.
• The order is processed and ELMS generates a license authorization code(LAC) in order to activate the
purchased licenses
a. For unserved license, the customer accesses ELMS and enters the license activation code.
ELMS displays the licenses included with the provided activation code. The customer chooses
the features to activate and once entered, ELMS generates the license file. The customer
downloads the license file and applies it on the selected DD VE system.
b. For served license, the customer applies the license file to the Common License server where it
can serve licenses to any DD VE systems configured to use the license server.
Physical separation of the backup traffic from replication traffic can be achieved by using two separate
Ethernet interfaces on the Data Domain system. This allows backups and replication to run simultaneously
without network conflicts.
The protocols supported by Data Domain systems over Ethernet connections include:
• NFS
• CIFS
• NDMP
• DD Boost
• Telnet/SSH (for system administration purposes only)
• FTP/SFTP (for system administration purposes only)
• HTTP/HTTPS (for system administration purposes only)
If the Data Domain virtual tape library (VTL) option is licensed, the backup or archive server sees the Data
Domain system as one or multiple VTLs.
If the Data Domain Boost (DD Boost) option is licensed, then any supported backup application will be
able to perform backup and restore operations using the DD Boost protocol over Fibre Channel
connection. For more information on backup applications that support the DD Boost over Fibre Channel,
please refer to the Data Domain Boost Compatibility Guide and Data Domain Boost Administrator Guide
available on Dell EMC support portal.
The /ddvar folder keeps the administrative files separated from storage files that are on the MTree.
You can neither rename or delete a /ddvar directory, nor you can access all of its sub-directories. But the
files stored in /ddvar can be deleted and retrieved as well.
MTree provides more granular space management and reporting. This simplifies management of several
features including replication, snapshots, quotas, and retention lock. These operations can be performed
on a specific MTree rather than on the entire file system. For example, here you can configure a directory
export level only to the /HR directory rather than configuring for the entire file system and simplify the data
management.
• File-based deduplication
• Segment-based deduplication
In file-based deduplication, only the original instance of a file is stored. Future identical copies of the file
use a small reference to the original file content. File-based deduplication is also called single-instance
storage (SIS).
Variable-length segment deduplication evaluates data by examining its contents to look for the boundary
from one segment to the next. Variable-length segments are any number of bytes within a range
determined by the particular algorithm implemented.
SISL scaling architecture provides faster and efficient deduplication by minimizing excessive disk
accesses to check if a segment is on disk:
• 99% of duplicate data segments are identified inline in RAM before the data is stored to disk.
• Scales with Data Domain systems using newer and faster CPUs and RAM.
• Increases the throughput-rate of newly added data.
Data Domain Operating System (DD OS) is built to ensure that you can reliably recover your data with
confidence. Its elements comprise an architectural design which provides data invulnerability.
Four technologies used in DIA which help in protecting the data against data loss are:
• Inline data verification
• Fault avoidance and containment
• Continuous fault detection and healing
• File system recoverability
DIA helps to provide data integrity, recoverability, extremely resilient, and protective disk storage. This
keeps data safe.
The inline data verification checks and verifies all file system data and metadata. The end-to-end
verification flow includes:
• Writes request from backup software
• Analyzes data for redundancy
• Stores new data segments
• Stores fingerprints
• Verifies if DD OS can read data from disk
• Verifies if the checksum that is read back matches the checksum written to disk.
In addition to end-to-end verification, Data Domain systems are equipped with a specialized log-structured
file system and fault tolerance and containment mechanism. Newer data is never overwritten on the
existing data. Traditional file systems often overwrite blocks when data is changed, and then uses the old
block address. The Data Domain file system writes only to new blocks. This eliminates the chances of
incorrect overwrite, that may be caused by a software bug, to the latest backup data. This also ensures
that the older version remains safe.
RAID 6 redundancy enables continuous fault detection and healing to provide an extra level of protection
within the Data Domain operating system. The DD OS detects faults and recovers them continuously.
Continuous fault detection and healing ensures successful data restore operations. DD OS periodically
rechecks for the integrity of the RAID stripes.
The DIA file system recovery reconstructs lost or corrupted file system metadata. It includes several file
system check tools. If a Data Domain system does have a problem, DIA file system recovery ensures that
the system is brought back online quickly.
Data Domain Boost is a software option supported across the entire Data Domain family, that distributes
parts of the deduplication process out of the Data Domain system and onto the backup or application
server enabling client-side deduplication. This can speed backups by up to 50% and enables more
efficient resource utilization, including reducing the impact on the server by 20 to 40%. It also reduces the
impact on the network by 80 to 99%.
In addition, DD Boost for backup applications enables the application to control Data Domain replication
process with full catalog awareness of both the local and remote copies of the backup.
DD Boost for Enterprise Applications provides application owners control and visibility of their own
backups to Data Domain systems using their native utilities.
Dell EMC has qualified Data Domain Virtual Tape Library with leading open systems and IBM i enterprise
backup applications. It integrates non-disruptively into existing Fibre Channel storage area network (SAN)
backup environments.
Any Data Domain system running VTL can also run other backup operations simultaneously using NAS,
NDMP, and DD Boost.
Using Data Domain Replicator software, organizations can vault virtual tape cartridges over a wide area
network (WAN) to another site for disaster recovery, remote office backup and recovery, or multisite tape
consolidation.
Disk-based network storage provides a shorter RTO by eliminating the need for handling, loading, and
accessing tapes from a remote location.
VTL Tape out to cloud feature is now available from DD OS 6.1 and DD VE 3.1. It offers the ability to store
off-site and retrieve tapes for long term retention (LTR) use cases.
When replicating over untrusted networks, Data Domain Replicator can encrypt sensitive data. This
encryption can be enabled on all or only a selected portion of the replicated data set.
For fast time-to-DR readiness, Data Domain Replicator provides logical throughput performance of up to
52 TB per hour over a 10 Gb network in replication deployments where one Data Domain system is
mirroring its data to another.
You can also consolidate data from up to 270 remote sites by simultaneously replicating data to a single,
large Data Domain system at a central hub.
Data Domain Replicator offers flexibility by providing multiple replication topologies such as full-system
mirroring, bidirectional, many-to-one, one-to-many, and cascaded. In addition, you can replicate either all
or a subset of data on the Data Domain system. For the highest level of security, DD Replicator can
encrypt data being replicated between DD systems using the standard Secure Socket Layer (SSL)
protocol.
To manage network utilization, you can set up a schedule to throttle Data Domain Replicator WAN
utilization at different times of the day.
• One-to-one replication, which is the simplest type of replication. This is from the Data Domain source
system to a Data Domain destination system.
• In a bidirectional replication pair, data from the source is replicated to the destination directory on the
destination system and from the source directory on the destination system to the destination directory
on the source system.
• In many-to-one replication, data flows from several source directories to a single destination system.
For example, this type of replication occurs when several branch offices replicate their data to the
corporate headquarters IT system.
• In a cascaded replication topology, directory replication is chained among three or more Data Domain
systems. Data recovery can be performed from the non-degraded replication pair context. One
additional topology is available: cascaded one-to-many.
In a typical virtual synthetic workload, backup applications leverage virtual synthesis (via DD Boost) on the
Data Domain system to create a full backup by using incremental backups and the last full backup. Recipe
based Virtual Synthetic Replication is not a new form of replication, but instead provides optimization on
the existing replication types such as Managed File Replication and MTree Replication. Instead of
sending a new full backup file, instructions are sent to synthesize the regions from the file already present
in DDFS to generate a new full backup file. These instructions are called INCLUDE RPC. When
INCLUDE RPCs are received, it will copy the reference of those regions already present in DDFS to
generate a new backup file.
In this example, Gen 0 is the backup file already present in DDFS. Gen 1 is the target file where the new
file is generated. From the Gen 0 file, instructions are sent which include the 3 regions. These included
files are used to synthesize the Gen 1 file. Gen 0 file is called the Base file while the Gen 1 file is called
the Target file. In this example, there is only one Gen 0 file. However, in a normal user environment, there
can be multiple base files.
Backup applications that benefit from this feature include: Avamar, Networker, and NetBackup. However,
there were some VSR limitations. Only 8 base files can be remembered at any given time. If there are
more than 8 base files at ingest, replication can only use 8 base files on the destination side. Any base
files over that are ignored. In addition, the offset and the length of the VS operation must be 4MB aligned
to be remembered. The portions that are not 4MB aligned will be ignored.
The goal of this feature is to improve the replication performance on the Virtual Synthetic (VS) workload.
VSR worked on both the Virtual Synthetic (VS) and Fastcopy plus Overwrite workload.
However, Recipe replication will only work on the VS workload and does not apply to the Fastcopy plus
Overwrite workload. Recipe Replication will be applied automatically when there is qualified VS workloads.
It functions transparently to the application and to customers. Similar to synthetic replication, Recipe
Replication will also work with MTree Replication (MREPL) and Managed File Replication (MFR).
Recipe Replication overcomes the challenges faced with a VS workload by using an attribute B-tree that
can store large size attributes persistently.
The storage migration utilizes a lot of system resources, but you can control this with throttle settings that
gives the migration a relatively higher or lower priority. You can also suspend a migration to make the
resources available for other processes and later resume the migration when resource demand is lower.
The replacement of existing storage enclosures offer higher performance, higher capacity, and a smaller
data footprint.
Data Domain Extended Retention provides an internal tiering approach that enables cost-effective, long-
term retention of backup data on Data Domain system. With this, customers can leverage Data Domain
systems for long-term backup retention and minimize reliance on tape. Data Domain Extended Retention
transparently incorporates two tiers of storage on a Data Domain system to achieve cost-effective
scalability while delivering the throughput required to ingest hundreds of terabytes of backup data. This
combination makes Data Domain systems the ideal tape elimination solution for long-term backup
retention.
Data Domain Extended Retention provides transparent separation of short-term and long-term backup
data by storing it in different tiers on Data Domain systems. Data is initially stored in the active tier for
backup and operational recovery, then moved to an extremely scalable retention tier that is optimized for
long-term data retention, usually measured in years.
It ensures long-term data access and recoverability with fault isolation so that in the event of a failure or
catastrophe, the system continues to operate with all unaffected components.
Data Domain Extended Retention enables granular unit-to-unit replication for disaster recovery. In the
event of a connectivity issue affecting the replication process, the Data Domain system only needs to
replicate the impacted unit to resynchronize.
Locked files cannot be modified on the Data Domain system even after the retention period for the file
expires. Archive data that is retained on the Data Domain system is not deleted automatically when the
retention period expires. An archiving application must delete the file.
With DD Retention Lock Governance edition, IT administrators can meet secure data retention
requirements while keeping the ability to update the retention period should the corporate governance
policies change.
DD Retention Lock Compliance, when enabled on an MTree, ensures that all the files are locked by an
archiving application for a time-based retention period, cannot be deleted or overwritten under any
circumstances until the retention period expires. This is archived using multiple hardening procedures:
• Requiring dual sign-on for certain administrative actions. Before engaging DD Retention Lock
Compliance edition, the System Administrator must create a Security Officer role. The System
Administrator can create the first Security Officer, but only the Security Officer can create other
Security Officers on the system.
• Some of the actions requiring dual sign-on are:
– Extending the retention periods for an MTree
– Renaming the MTree
– Deleting the Retention Lock Compliance license from the Data Domain system
– Securing the system clock from illegal updates
• DD Retention Lock Compliance implements an internal security clock to prevent malicious
tampering with the system clock. The security clock closely monitors and records the system clock.
If there is an accumulated two-week skew within a year between the security clock and the system
clock, then the Data Domain file system (DDFS) is disabled and can be resumed only by a security
officer.
The cloud tier supports the Data Domain retention lock feature and it meets all the regulatory and
compliance policies.
From DD OS 6.0, the supported cloud storage includes ECS (Dell EMC Elastic Cloud Storage),
Virtustream, Amazon web services, and Microsoft Azure.
Encryption at active tier is applicable, only if encryption is enabled at the system level. The system level
encryption is a licensed feature.
The cloud units have separate controls for enabling encryption. The encryption of Data at Rest is enabled
by default in the cloud. Users have the option to disable encryption, if desired.
From DD OS 6.0, external key manager is not supported. Once the data is in the cloud tier, the encryption
status cannot be changed. So the decision to encrypt the data or not to encrypt must be made before
sending any data to the cloud.
The complete process of data transfer between a Data Domain system and the cloud is done over a
secure HTTP connection.
Managed file replication and MTree replication can be implemented on cloud tier-enabled systems with
latest DD OS. Directory replication works only on the /backup Mtree, thus directory replication is not
affected by cloud tier. Collection replication is not supported on cloud tier-enabled Data Domain systems.
The data backed up with a DD VE in one region can be replicated to DD VE systems configured in the
same or other regions.
The third-party backup applications can avoid the cost and effort of integration with the DD Boost APIs by
directly accessing the mount points. This allows the customers to use the DD Boost feature without
actually integrating their applications with DD Boost APIs.
The third party applications supported in this release are: CommVault, MySQL, and MongoDB.
BoostFS Profiler is a software tool designed to help users evaluate or qualify backup applications for
BoostFS file system using comparative performance analysis against NFS. It is an interactive terminal that
guides users through the evaluation process which includes environment setup for the test, execution of
the test, cataloguing the test artifacts, and compilation of test results for analysis.
• Provides access to DD Boost capabilities such as link aggregation with Dynamic Interface Groups and
backup application control of replication
• Application owners have control of backups that are created using BoostFS
For environments requiring encryption keys to be changed on a periodic basis to meet compliance
regulation, you can manage the lifecycle of the encryption key for each Data Domain system individually
with encryption key rotation. If an external encryption key manager is needed, then the Data Domain
system can be integrated with RSA Data Protection Manager(DPM) for an enterprise-wide external
encryption management.
In addition to above features it also provides inline encryption, which means as the data is being ingested,
the data stream is deduplicated, compressed, and encrypted using an encryption key before being written
to the RAID group.
Encryption of data at rest protects user data if the Data Domain system is lost or stolen. It also eliminates
accidental exposure if a failed drive needs replacements. When the file system is intentionally locked, an
intruder who circumvents the network security controls and gains access to the Data Domain system will
be unable to read the file system without the proper administrative control, passphrase, and cryptographic
key.
Encryption of data in-flight encrypts data being transferred via DD Replicator software. It uses OpenSSL
AES 256-bit encryption to encapsulate the replicated data over the wire. The encryption encapsulation
layer is immediately removed as soon as it lands on the destination Data Domain system. Data within the
payload can also be encrypted via Data Domain encryption software.
System sanitization was designed to remove all traces of deleted files without any residual remains and
restore the system to the state prior to the file's existence. The Data Domain sanitization command exists
to enable the administrator to delete files at the logical level, whether a backup set or individual files. The
primary use of the sanitize command is to resolve Classified Message Incidents (CMIs) that occur when
classified data is copied inadvertently onto a non-secure system. System sanitization is typically required
in government installations.
• Admin: Allows you to administer- configure, and monitor the entire Data Domain system.
• Security: In addition to user role privileges, security allows you to set up security officer configurations
and manage other security officer operators.
• Backup-operator: In addition to user role privileges, backup-operator allows you to create snapshots,
import and export tapes to a VTL library and move tapes within a VTL library.
• None: Used for DD Boost authentication and tenant-users only. A none role user can log in to a Data
Domain system and can change their password, but cannot monitor or configure the primary system.
Data Domain “admin” role is designed to have the capability of both creating and destroying data stored
on Data Domain systems. This design does not prevent any rogue administrator from deleting data on the
system.
The new Limited-Admin role allows all admin privileges except the ability to perform data delete
operations. This prevents any potentially malicious administrator from deleting any data from the Data
Domain systems.
For these CLI commands, users on same level cannot perform these operations on each other:
• User enable/disable
• User delete
The cloud provider has a host certificate which is issued by the well known CA authority. A Certificate
Authority (CA) certificate and Certificate Revocation List (CRL), needs to be imported on the Data Domain
system in order to configure Cloud Tier.
For secure SSL/TLS communication with the Cloud, CRL and CA certificates imported will be used for
cloud provider identity verification.
Secure multi-tenancy for Data Domain systems is a feature that enables secure isolation of many users
and workloads on a shared system. As a result, the activities of one tenant are not visible or apparent to
other tenants. This capability improves cost efficiencies through a shared infrastructure while providing
each tenant with the same visibility, isolation, and control that they would have with their own stand-alone
Data Domain system.
A tenant may be one or more business units or departments hosted onsite for an enterprise or “large
enterprise” (LE). For example, Finance and Human Resources sharing the same Data Domain system.
Each department would be unaware of the presence of the other. A tenant may also be one or more
external applications that are hosted remotely by a service provider (SP) on behalf of a client.
In SMT terms, the landlord is the storage admin or the Data Domain Administrator. The landlord is
responsible for managing the Data Domain system. The landlord sets up the file systems, storage,
networking, replication, and protocols. They are also responsible for monitoring overall system health and
replace any failed hardware as necessary.
A tenant is responsible for scheduling and running the backup application for the tenant customer, and for
managing their own tenant-units including configuring backup protocols and monitoring resources and
stats within their tenant-unit.
Tenant-units are logical containers for MTrees. They also contain important information, such as users,
notification groups, and other configuration elements. Tenant-units cannot be viewed or detected by other
tenants, which ensures security and isolation of the control path, when running multiple tenants
simultaneously on the shared infrastructure.
Tenant administrators can perform self-service fast copy operations within their tenant units for data
restores as needed. Tenant administrators are able to monitor data capacity and associated alerts for
capacity and stream use.
The landlord responsible for the Data Domain system monitors and manages all tenants in the system,
and has visibility across the entire system. They set capacity and stream quotas on the system for the
different tenant units, and report on tenant unit data.
A tenant-unit is a partition of a Data Domain system that serves as a unit of administrative isolation
between tenants. Multiple roles with different privilege levels combine to provide the Administrative
isolation on a multi-tenant Data Domain system. The Tenant Admin and Tenant User can be restricted
only to certain tenant-units on a Data Domain system and allowed to execute a subset of the commands
that a Data Domain system administrator would be allowed. Both of these roles enable tenant self-service.
The DD Boost protocol allows creation of multiple DD Boost users on a Data Domain system. With that,
each tenant can be assigned one or more DD Boost user credentials that can be assigned to access
privileges to one ore more MTrees in a tenant unit defined for a particular tenant. This allows secure
access to different tenant datasets using their separate DD Boost credentials by restricting access and
visibility.
Metering and Reporting enable a provider to ensure that they are running a sustainable business model.
The need of such reporting in a multi-tenant environments is even greater for the provider to track usage
on a shared asset such as a Data Domain System.
Similarly, for other protocols such as CIFS, NFS, and VTL, the native protocol level access control
mechanisms can be used to provide isolation.
The initial installation and configuration of the Data Domain Operating System will most-likely be done with
direct access to the hardware either through a serial connection or using a keyboard and monitor directly
attached to the system.
To initially access the Data Domain system, the default administrator’s username and password will be
used. The default administrator name is sysadmin. The initial password for the sysadmin user on a
physical Data Domain system is the system’s serial number. The initial password for the sysadmin user on
a virtual Data Domain instance is “changeme.”
The DD OS Command Reference Guide provides information for using the commands to accomplish
specific administration tasks. Each command also has an online help page that gives the complete
command syntax. Help pages are available at the CLI using the help command. Any Data Domain system
command that accepts a list (such as a list of IP addresses) accepts entries separated by commas, by
spaces, or both.
Data Domain systems running with DD OS 5.0 or higher supports remote power management using the
Intelligent Platform Management Interface (IPMI), and they support remote monitoring of the boot
sequence using Serial over LAN (SOL).
Some of the capabilities of remote power management that are supported through IPMI are:
• Powering off to save power on the systems that are not currently in use
• Running diagnostics
You can access the System Manager from many popular web browsers like Microsoft Internet Explorer™,
Google Chrome™ and Mozilla Firefox™.
4) Simultaneous management of multiple Data Domain system across Data centers or remote sites
The DDMC solution is designed for customers with multiple Data Domain systems who are seeking to
aggregate management and reporting from a single interface.
In contrast, the Data Domain System Manager is primarily a single system management tool that provides
centralized monitoring and management for up to 20 systems. The Data Domain System Manager does
not aggregate storage and/or performance data from multiple systems, as provided by the Data Domain
Management Center.
The initial installation and configuration is done with direct access to the hardware either through a serial
connection or using a keyboard and monitor directly attached to the system. After the initial configuration
is done, you can use the SSH or Telnet (if enabled), IPMI, or SOL utilities to access the system using the
CLI remotely.
DD OS can be accessed using the GUI through Data Domain System Manager which is a single system
management tool that provides centralized monitoring and management or the Data Domain Management
Center that aggregates management and reporting from a single interface.
ESRS is the remote service solution application that is installed on one or more customer-supplied
dedicated servers. ESRS becomes the single point of entry and exit for all IP-based EMC remote service
activities for the devices associated with that particular ESRS.
ESRS functions as a communication broker between the managed devices, the Policy Manager, and the
Dell EMC enterprise. The Policy Manager allows you to set permissions for devices that are being
managed by ESRS. ESRS is an HTTPS handler. All messages are encoded using standard XML and
SOAP application protocols. ESRS message types include:
• Device state heartbeat polling
• Connect homes
• Remote access session initiation
• User authentication requests
• Device management synchronization
ESRS supports the use of ConnectEMC. The ConnectEMC method encrypts alerts and autosupport
reports before transmission to Dell EMC Customer Support. It also provides High Availability support.
The ConnectEMC method sends messages in a secure format using FTP or HTTPS. When it is used with
an EMC Secure Remote Support (ESRS) gateway, one benefit is that a single gateway can forward
messages from multiple systems, and this allows you to configure network security for only the ESRS
gateway instead of for multiple systems. Also, a usage intelligence report is generated.
In general, there are Autosupport alerts and alert-summaries sent to Dell EMC Support. An eLicense is
required if the system is a physical Data Domain system or DD VE.
Configure network security only for ESRS gateway instead of multiple systems.
HA uses a floating IP address to provide data access to the Data Domain HA pair regardless of which
physical node is the active node.
MDU is basically similar to the atomic upgrade, but comprised with standalone component RPMs like
ddsh.rpm, vtl.rpm. These standalone components come in smaller packages to facilitate faster delivery to
the system.
An MDU is triggered when a specific component (vtl.rpm) is used to upgrade the system; the effect of the
new component will take place just as in an atomic upgrade, but only the processes relating to the specific
component will reboot instead of the entire system. After completing an MDU, the DD OS version changes
like an atomic upgrade.