Data Domain Fundamentals SRG

Welcome to Data Domain Fundamentals.
Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC, and other trademarks are trademarks
of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the
USA.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” DELL EMC MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO
THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
Use, copying, and distribution of any DELL EMC software described in this publication requires an applicable software license. The trademarks, logos, and service marks
(collectively "Trademarks") appearing in this publication are the property of DELL EMC Corporation and other parties. Nothing contained in this publication should be construed
as granting any license or right to use any Trademark without the prior written permission of the party that owns the Trademark.
AccessAnywhere Access Logix, AdvantEdge, AlphaStor, AppSync ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic Problems, Automated Resource Manager,
AutoStart, AutoSwap, AVALONidm, Avamar, Aveksa, Bus-Tech, Captiva, Catalog Solution, C-Clip, Celerra, Celerra Replicator, Centera, CenterStage, CentraStar, EMC
CertTracker. CIO Connect, ClaimPack, ClaimsEditor, Claralert ,CLARiiON, ClientPak, CloudArray, Codebook Correlation Technology, Common Information Model, Compuset,
Compute Anywhere, Configuration Intelligence, Configuresoft, Connectrix, Constellation Computing, CoprHD, EMC ControlCenter, CopyCross, CopyPoint, CX, DataBridge ,
Data Protection Suite. Data Protection Advisor, DBClassify, DD Boost, Dantz, DatabaseXtender, Data Domain, Direct Matrix Architecture, DiskXtender, DiskXtender 2000, DLS
ECO, Document Sciences, Documentum, DR Anywhere, DSSD, ECS, elnput, E-Lab, Elastic Cloud Storage, EmailXaminer, EmailXtender , EMC Centera, EMC ControlCenter,
EMC LifeLine, EMCTV, Enginuity, EPFM. eRoom, Event Explorer, FAST, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic
Visualization, Greenplum, HighRoad, HomeBase, Illuminator , InfoArchive, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, Isilon, ISIS,Kazeon, EMC
LifeLine, Mainframe Appliance for Storage, Mainframe Data Library, Max Retriever, MCx, MediaStor , Metro, MetroPoint, MirrorView, Mozy, Multi-Band
Deduplication,Navisphere, Netstorage, NetWitness, NetWorker, EMC OnCourse, OnRack, OpenScale, Petrocloud, PixTools, Powerlink, PowerPath, PowerSnap, ProSphere,
ProtectEverywhere, ProtectPoint, EMC Proven, EMC Proven Professional, QuickScan, RAPIDPath, EMC RecoverPoint, Rainfinity, RepliCare, RepliStor, ResourcePak,
Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, ScaleIO Smarts, Silver Trail, EMC Snap, SnapImage, SnapSure, SnapView, SourceOne,
SRDF, EMC Storage Administrator, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX, TimeFinder, TwinStrata, UltraFlex,
UltraPoint, UltraScale, Unisphere, Universal Data Consistency, Vblock, VCE. Velocity, Viewlets, ViPR, Virtual Matrix, Virtual Matrix Architecture, Virtual Provisioning, Virtualize
Everything, Compromise Nothing, Virtuent, VMAX, VMAXe, VNX, VNXe, Voyence, VPLEX, VSAM-Assist, VSAM I/O PLUS, VSET, VSPEX, Watch4net, WebXtender, xPression,
xPresso, Xtrem, XtremCache, XtremSF, XtremSW, XtremIO, YottaYotta, Zero-Friction Enterprise Storage.
Revision Date: July 2017
Revision Number: MR-1SP-DDFUND.6.1
Copyright © 2017 Dell Inc. Data Domain Fundamentals 1

This course covers an overview of Data Domain architecture, features, and functionality

This module focuses on Data Domain solution and its benefits. It also covers the common hardware
features of Data Domain system, current hardware models, features of Data Domain Virtual Edition, and
the software licensing features of ELMS.

This lesson covers a basic overview of Data Domain system, its backup environment and its integration
with existing environments.

Increasing the storage speed and capacity for the data generated along with the cost-effectiveness is a
perpetual challenge. One of the most expensive and resource intensive task is gathering, storing, and
protecting data backups. Writing data on the tapes and shipping and storing the tapes off-site is one of the
largest financial and labor resource challenge in the conventional tape centric environment. The diagram
here illustrates the conventional process of handling backups through backup servers.
In step one, the diagram describes how clients and servers are storing data on the primary storage device.
Step two illustrates the conventional process of handling backups through backup servers. The backup
servers preserve the data on the primary storage device by copying it to a tape library.
In step three, tapes are physically transported and stored off-site for archival and disaster recovery
purposes. This prevents the loss of backup data in case of a negative event in the data center.
Step four describes off-site data recovery process. In this case, data recovery requires a manual process
of transporting the tapes back to the primary storage device in the data center.

Introducing a Data Domain system to an existing backup environment adds a scalable backup and archive
solution to any enterprise environment.
• Data Domain systems are a protection storage platform for backup and archive data that reduce the
amount of disk storage needed to retain and protect data by ratios of 10-30x and greater, making disk a
cost-effective alternative to tape. These systems can scale up to 150 PB of logical capacity managed
by a single system with DD Cloud Tier. With throughput up to 68 TB/hour, Data Domain systems make
it possible to complete more backups in less time and provide faster, more reliable restores.
• Data Domain Replicator software transfers only the deduplicated and compressed unique changes
across any IP network, requiring a fraction of the bandwidth, time, and cost, compared to traditional
replication methods. “Time-to-DR readiness” is greatly reduced when compared to other replication
methods.
• Data Domain’s Data Invulnerability Architecture – built into every Data Domain system – provides
industry’s best defense against data integrity issues ensuring you can access and recover your data
when you need it.
• Finally, Data Domain systems are able to consolidate backup, archive, and disaster recovery onto a
single platform making them an ideal protection storage solution.

In summary, Data Domain systems simplify the storage and handling of data by reducing, or in many
cases, entirely eliminating the need for tape for data storage. With Data Domain systems, data is backed
up to disk instead of tape.
Data Domain deduplication greatly reduces the data footprint before the data is backed up. Data Domain
global compression technology combines an exceptionally efficient high-performance in-line deduplication
technology with a local compression technique. The reduced data footprint allows data to be retained on-
site for longer periods and allows transfer across the network for archival.
Data recovery is similarly transformed by the elimination of time-consuming and resource intensive
handling of tape.
Tape backups can optionally be incorporated into a Data Domain environment if required by regulatory or
corporate requirements.

A Data Domain appliance is a storage system with shelves of disks and a controller. This appliance is
optimized to perform the backup first and then archive the applications. It also supports the industry-
leading enterprise applications.
The list on the left comprise primarily of backup, archive, and enterprise applications that are not only Dell
EMC’s offerings with Dell EMC NetWorker and Avamar, but also with Quest, Veritas, Oracle, HP, IBM,
SAP Hana, and others.
The data is transferred from the application to the primary storage through Ethernet or Fibre Channel.
Ethernet uses mass storage protocols, NFS or CIFS. It can also use optimized protocols such as NDMP
and Data Domain Boost.
Fibre Channel connectivity enables a Data Domain system to act as a virtual tape library which eliminates
virtual tape management. Fibre Channel connectivity also enables DD Boost over Fibre Channel.
After the data is received by Data Domain system, it is deduplicated during storage process and later it is
replicated for disaster recovery. Only the deduplicated and compressed unique data segments that have
been filtered out through the process on the target tier are replicated.

This lesson covers the common hardware features of Data Domain system.

Data Domain systems are based on basic hardware architecture.
Hardware features common to all models include:

• Rack mountable in 4-post racks
• Hot-swappable disks with redundant hot-swappable fans and redundant hot-swappable power
modules
• Dual In-line Memory Module (DIMM) modules for Random Access Memory (RAM)
• A battery backed NVRAM (non-volatile RAM) card or Persistent RAM (PRAM)
• Video, keyboard, and mouse ports that are connected to a monitor, keyboard, and mouse
• Front panel Light Emitting Diodes (LEDs) that provide system status indicators
Most Data Domain systems support the addition of one or more storage expansion shelves to increase
capacity.
Documents for each hardware model are published on the Dell EMC support site.

Connectivity features include keyboard, monitor, and mouse connections; serial and Ethernet connectivity;
and many systems also support Fibre Channel connectivity.
Many Data Domain models provide keyboard and PS2 mouse port for connecting directly to the unit with a
keyboard and monitor. Check with the onsite administrator for the preferred access method. For repairs in
the field, access to the command line interface to shut down, restart, and run diagnostics is usually
through the serial port.
All Data Domain systems may be connected to Ethernet networks for TCP/IP-based data transfer and
system management. All models have a minimum of two built-in ports. Some models may be configured
with additional ports by adding optional Ethernet expansion cards. Newer systems also include a
dedicated Ethernet port for what is known as lights-out management or remote system management.
Interface cards are usually added to provide additional network capacity.
Connecting to a Fibre Channel-based storage area network is supported by adding a host bus adapter
card. In these environments, the virtual tape library VTL software license and/or DD Boost software
license is also required.

Components under high mechanical or electrical stress such as spinning drives, fans, and power supplies
are provided with N+1 redundant configuration. N+1 redundancy is a system configuration in which certain
components have at least one independent backup component so that the system functionality continues if
a part fails. This allows for uninterrupted operation at full capacity and operational status if one component
fails. For data, RAID 6 (Redundant Array of Independent Disks) technology provides additional protection
of data integrity when up to two disks fail.

This lesson covers the current Data Domain hardware models, expansion shelves and SSD shelves.

Here is a look at the new Data Domain systems and the performance and scalability they achieve.
DD6800, DD9300 and DD9800 each support Data Domain Cloud Tier. DD Cloud Tier allows up to 2x the
capacity of the Active Tier to be natively-tiered to the cloud for long term retention.
The models that are currently shipped with DD OS 6.1 are:

• DD2200
• DD6300
• DD6800
• DD9300
• DD9800
• DD Virtual Edition

From DD OS 6.0, Data Domain introduces three new midrange models, replacing four previous Data
Domain models.
The DD6300 all-in-one model replaces the previous DD2500 and DD4200 models.
The new DD6800 and DD9300 models are dataless head models. DD6800 replaces the previous DD4500
model and the DD9300 replaces the DD7200 model.
Note: The term all-in-one or AIO refers to systems where both the OS and user data are stored in the
head disk or controller. The term dataless head or DLH refers to systems where no user data is stored in
the controller and the system can therefore take a controller upgrade/headswap later.

From DD OS 6.0, Data Domain introduces a new system into the high-end space, DD9800. The DD9800
is similar in physical hardware to the DD9500. However, the DD9800 has a larger active tier capacity in
both base and expanded configurations, a standard SSD shelf, and more memory in the expanded
configuration.

This is a list of both DD9500 and DD9800 features.

Here is a continuation of the list of DD9500 and DD9800 features.
This table is extracted from the Data Domain Hardware Overview and Installation Guide for the DD9500
and DD9800 models. Please refer to this guide for more information.

This table highlights the capacities and compatibilities of the options for the ES30 expansion shelves.
ES30-SATA can accommodate 15 one, two, or three TB drives and supports the DD6300, DD6800,
DD9300, and DD9800.
ES30-SAS can accommodate 15 two or three TB drives and supports the DD6300, DD6800, DD9300, and
DD9800.
Both the ES30-SATA and ES30-SAS have one spare drive. ES30-SATA and ES30-SAS shelves can be
attached to the same head unit, but cannot be combined in the same set.
The ES30-60 can accommodate 15 four TB drives and supports the DD6800, DD9300, and DD9800
DS60 (Dense Storage) shelf supports 3TB and 4TB SAS drives in 15 drive increments, up to 60 drives per
shelf. DS60 is available for the DD6300, DD6800, DD9300, and DD9800 systems.

Solid state drive shelves were introduced to manage metadata.
With greater storage capacity and higher speed access, Data Domain systems need to accelerate
processing metadata and data access throughout the file system. The current trend is to add denser
drives which leads to spindle consolidation thus reducing the overall performance of data movement
through the system.
The solution is to provide a faster cache tier for storing Data Domain file system metadata clients that is
fast to access and process by using a low-latency flash cache solution. The Solid State Drive cache tier
provides the SSD cache storage for the file system. The file system draws the required storage from the
SSD cache tier without active intervention from the user.
These improvements provide higher random IOPS with low latency and overall system performance
improvement despite the density of the SSD being used.

The FS15 (Flash Storage) SSD shelf is a solid state expansion shelf used exclusively for the metadata
cache in the active or extended retention tiers of a Data Domain system.
It uses the same form factor as the earlier ES30 expansion shelves and offers different quantities of 800
GB SAS solid state drives depending on the capacity of the active tier.
There is a physical shelf count limit per SAS string. You cannot attach an FS15 shelf to a SAS string
already containing a maximum number of shelves – 7 ES30’s, for instance. You need to attach it to a
string with fewer than 7 shelves.
With a DD9800, the FS15 can be configured as required with either 8 or 15 disks and with DD6800 and
DD9300 models in a high availability configuration with variable numbers of SSDs- 2 or 5 disks for
DD6800 and 5 or 8 disks for DD9300.

This lesson covers the Data Domain Virtual Edition.

Data Domain Virtual Edition is a customer-deployable virtual deduplication appliance that provides data
protection for entry, enterprise and service provider environments.
DD VE is agile- it is designed for use with VMware, it is exceptionally quick to set up and run. You can
start with a small capacity configuration and scale as large as 16 TB.
It is flexible as it offers a flexible deployment environment that includes deduplication, replication, DD

Boost and scalable storage capacity. Users can take advantage of the same powerful deduplication
feature available in all Data Domain hardware products along with the security of full replication
capabilities, and optional use of DD Boost to further speed-up data transfers to your own scalable storage
configurations, making DD VE efficient.

Shown here is a breakdown of features supported with the Data Domain Virtual Edition in the VMware
environment.
Dell EMC offers a DD VE evaluation license for a limited 500 GB capacity, and full function of DD
Replication, DD Encryption, and DD Boost with no set expiration. This license can be replaced with larger
capacity licenses if needed – up to a maximum of 16 TB. Other limited time evaluation licenses are also
available.
DD VE can be managed by both DD System Manager and DD Management Center. It supports all
replication topologies between virtual and physical systems. It also supports all common backup software
currently supported by Data Domain.

Three types of DD OS system features are available in DD VE:
• Features that function exactly as those in a physical Data Domain system are DD Boost, CIFS
workgroup and active directory, NFS, DD Encryption, garbage collection and DD Replication.
• Features that are optimized for use with DD VE are stream counts, MTree counts, the DD System
Manager, IPv4 and IPv6, and head unit swaps.
• New features supporting the DD VE system are the deployment assessment tool, licensing through the
Electronic Licensing and Management System (ELMS), virtual resource monitoring, and RAID-On-
LUN.

This lesson covers the ELMS licensing and the process involved.

Electronic licensing management system (ELMS) electronically represents software licenses. It is the
standard method of electronic license fulfillment and activation used by Dell EMC. DD OS uses one
license per DD VE instance. DD VE does not support previous licenses from legacy DD OS systems.
When deploying the DD VE system, the license must be added to access the file system.
eLicensing electronically represents software license entitlements. It provides standardized ordering,

fulfillment, and activation.
DD OS 6.1 supports ELMS. Data Domain systems running DD OS 6.1 can use either ELMS or Data
Domain licensing.
ELMS on Data Domain systems use one license file per system. The license file contains a single license
for all purchased features.
There are two categories of licenses- served and unserved licenses.
Served licenses are on a license server and the DD system has to check in with the server to see what is
licensed. Served licenses are supported only with DD VE.
Unserved licenses are the licenses that are applied directly to the DD system.

The workflow:
• Customers will first place the license order through the Sales portal. MyQuotes is the EMC sales page
to order e-licenses.
• The order is processed and ELMS generates a license authorization code(LAC) in order to activate the
purchased licenses
a. For unserved license, the customer accesses ELMS and enters the license activation code.
ELMS displays the licenses included with the provided activation code. The customer chooses
the features to activate and once entered, ELMS generates the license file. The customer
downloads the license file and applies it on the selected DD VE system.
b. For served license, the customer applies the license file to the Common License server where it
can serve licenses to any DD VE systems configured to use the license server.

This module covered an overview of Data Domain system. It covered the solution provided by Data
Domain systems for backup and recovery purposes, the various hardware models and features, Data
Domain Virtual Edition and the latest licensing process provided by DD OS 6.1- ELMS.

This module focuses on Data Domain architecture and technologies. It provides an overview of the various
file structures and the type of data it stores. It describes the deduplication process and how SISL is
implemented to optimize the deduplication. DIA is also described with its technologies to provide data
protection.

This lesson covers the data paths used by Data Domain systems.

In a backup environment with Ethernet connectivity, backup and archive media servers send data from
clients to Data Domain systems on the network. A direct connection between a dedicated port on the
backup management server and a dedicated port on the Data Domain system is used.
Physical separation of the backup traffic from replication traffic can be achieved by using two separate
Ethernet interfaces on the Data Domain system. This allows backups and replication to run simultaneously
without network conflicts.
The protocols supported by Data Domain systems over Ethernet connections include:
• NFS
• CIFS
• NDMP
• DD Boost
• Telnet/SSH (for system administration purposes only)
• FTP/SFTP (for system administration purposes only)
• HTTP/HTTPS (for system administration purposes only)

In a backup environment, Fibre Channel connectivity is supported only if an FC HBA is installed on the
backup device. In such environments, the backup and archive media servers send data from clients to
Data Domain systems over a Fibre Channel system attached network (SAN) and make use of DD Boost
protocols and VTL technology for backup operations.
If the Data Domain virtual tape library (VTL) option is licensed, the backup or archive server sees the Data
Domain system as one or multiple VTLs.
If the Data Domain Boost (DD Boost) option is licensed, then any supported backup application will be
able to perform backup and restore operations using the DD Boost protocol over Fibre Channel
connection. For more information on backup applications that support the DD Boost over Fibre Channel,
please refer to the Data Domain Boost Compatibility Guide and Data Domain Boost Administrator Guide
available on Dell EMC support portal.

This lesson covers Data Domain file structures such as /ddvar and MTrees and its features.

The /ddvar is a Third Extended file system (ext3) which stores Data Domain system administrative files,
system core and log files, generated support upload bundles, compressed core files, and .rpm (Red Hat
package manager) upgrade package files.
The /ddvar folder keeps the administrative files separated from storage files that are on the MTree.
You can neither rename or delete a /ddvar directory, nor you can access all of its sub-directories. But the
files stored in /ddvar can be deleted and retrieved as well.

The Managed Tree (MTree) file structure is the destination to store user data. It provides a root directory
for user data. You can configure your backup application to a specific MTree and organize backup files.
MTree provides more granular space management and reporting. This simplifies management of several
features including replication, snapshots, quotas, and retention lock. These operations can be performed
on a specific MTree rather than on the entire file system. For example, here you can configure a directory
export level only to the /HR directory rather than configuring for the entire file system and simplify the data
management.

This lesson covers types of deduplication such as File-based Deduplication and Segment-based
Deduplication. The Data Domain Deduplication process is also explained.

In a computing environment, deduplication is a data compression technique that identifies and eliminates
the redundant copy of large sequences of data by replacing it with a references to the existing data.
Deduplication methods are of two types:
• File-based deduplication
• Segment-based deduplication
In file-based deduplication, only the original instance of a file is stored. Future identical copies of the file
use a small reference to the original file content. File-based deduplication is also called single-instance
storage (SIS).
Fixed-length segment deduplication (also called block-based deduplication or fixed-segment

deduplication) is a technology that reduces data storage requirements by comparing incoming data
segments (also called fixed data blocks or data chunks) with previously stored data segments. It divides
data into a single, fixed length (for example, 4 KB, 8 KB, 12 KB, or larger) and uses hash algorithm to find
duplicate data.
Variable-length segment deduplication evaluates data by examining its contents to look for the boundary
from one segment to the next. Variable-length segments are any number of bytes within a range
determined by the particular algorithm implemented.

Data Domain implements inline deduplication, where variable-length segments are examined as soon as
they arrive in the system to determine .if they are new segments or a duplicate of a segment previously
stored. Data deduplication occurs in RAM, before the data is written to disk. Around 99% of data segments
are analyzed in RAM without disk access and this reduces disk seek time. Writes from RAM to disk are
done in full-stripe batches to increase the efficiency of disk usage.
This slide shows Data Domain Deduplication process:

1. Inbound segments are analyzed in RAM.
2. The stream is divided into variable-length segments, and each is given a unique ID or fingerprint
3. If a segment is redundant, a reference to the stored segment is created.
4. If a segment is unique, it is compressed and stored.

This lesson covers the definition and benefits of SISL. It also describes how Data Domain uses SISL to
implement inline deduplication.

SISL is short for Stream-Informed Segment Layout. Data Domain uses SISL to implement inline
deduplication. SISL uses fingerprint and RAM to identify segments already on disk.
SISL scaling architecture provides faster and efficient deduplication by minimizing excessive disk
accesses to check if a segment is on disk:
• 99% of duplicate data segments are identified inline in RAM before the data is stored to disk.
• Scales with Data Domain systems using newer and faster CPUs and RAM.
• Increases the throughput-rate of newly added data.

Deduplication using SISL includes the following steps:
1. Segment: The data to be sent is split into variable-length segments.
2. Fingerprint: Each segment is given a fingerprint or hash for identification
3. Filter: 99% of the duplicate segments are identified by summary vector and segment locality
techniques in RAM (inline) before storing to disk. If a segment is a duplicate, it is referenced and
discarded. If a segment is new, the data is grouped and compressed.
4. Compress: New segments are grouped and compressed using common algorithms: lz, gz, gzfast,
or off/no compression (lz by default).
5. Write: Writes data (segments, fingerprints, metadata, and logs) to containers stored on disk.

This lesson covers Data Domain Data Invulnerability Architecture or DIA.

Data Invulnerability Architecture (DIA) is an important Data Domain technology that provides safe and
reliable storage. It protects data against data loss from hardware and software failures.
Data Domain Operating System (DD OS) is built to ensure that you can reliably recover your data with
confidence. Its elements comprise an architectural design which provides data invulnerability.
Four technologies used in DIA which help in protecting the data against data loss are:
• Inline data verification
• Fault avoidance and containment
• Continuous fault detection and healing
• File system recoverability
DIA helps to provide data integrity, recoverability, extremely resilient, and protective disk storage. This
keeps data safe.

As stated previously, DIA uses four technologies to prevent data loss.
The inline data verification checks and verifies all file system data and metadata. The end-to-end
verification flow includes:
• Writes request from backup software
• Analyzes data for redundancy
• Stores new data segments
• Stores fingerprints
• Verifies if DD OS can read data from disk
• Verifies if the checksum that is read back matches the checksum written to disk.
In addition to end-to-end verification, Data Domain systems are equipped with a specialized log-structured
file system and fault tolerance and containment mechanism. Newer data is never overwritten on the
existing data. Traditional file systems often overwrite blocks when data is changed, and then uses the old
block address. The Data Domain file system writes only to new blocks. This eliminates the chances of
incorrect overwrite, that may be caused by a software bug, to the latest backup data. This also ensures
that the older version remains safe.
RAID 6 redundancy enables continuous fault detection and healing to provide an extra level of protection
within the Data Domain operating system. The DD OS detects faults and recovers them continuously.
Continuous fault detection and healing ensures successful data restore operations. DD OS periodically
rechecks for the integrity of the RAID stripes.
The DIA file system recovery reconstructs lost or corrupted file system metadata. It includes several file
system check tools. If a Data Domain system does have a problem, DIA file system recovery ensures that
the system is brought back online quickly.

This module covered an overview of Data Domain architecture, its data paths and file structures. It also
describes deduplication and how SISL is used to implement inline deduplication. The data protection
solution DIA is also explained.

This module focuses on the features and benefits of Data Domain Operating System (DD OS).

This lesson covers the features, benefits, and ecosystem of DD Boost protocol and VTL.

DD Boost is a private protocol that is more efficient than CIFS or NFS. DD Boost has a private and
efficient data transfer protocol with options to increase efficiencies.
Data Domain Boost is a software option supported across the entire Data Domain family, that distributes
parts of the deduplication process out of the Data Domain system and onto the backup or application
server enabling client-side deduplication. This can speed backups by up to 50% and enables more
efficient resource utilization, including reducing the impact on the server by 20 to 40%. It also reduces the
impact on the network by 80 to 99%.
In addition, DD Boost for backup applications enables the application to control Data Domain replication
process with full catalog awareness of both the local and remote copies of the backup.
DD Boost for Enterprise Applications provides application owners control and visibility of their own
backups to Data Domain systems using their native utilities.

Dell EMC’s Avamar and NetWorker support DD Boost over LAN, SAN, and WAN. Other leading backup
and enterprise applications support DD Boost over LAN and/or SAN. The applications are:
• Dell EMC Database application agent for DD Boost for Enterprise Applications and ProtectPoint
• Quest NetVault Backup
• Quest vRanger Pro
• Dell EMC Avamar
• Dell EMC Microsoft application agent for DD Boost for Enterprise Applications
• Dell EMC NetWorker
• Hewlett-Packard (HP) Data Protector
• Pivotal Greenplum Data Computing Appliance
• Veeam Backup and Replication
• VMware vSphere Data Protection Advanced (VDPA)

Data Domain Virtual Tape Library(VTL) software eliminates the challenges of physical tape and can
emulate up to 60 or more virtual tape libraries with up to 1080 virtual tape drives, and unlimited tape
cartridges.
Dell EMC has qualified Data Domain Virtual Tape Library with leading open systems and IBM i enterprise
backup applications. It integrates non-disruptively into existing Fibre Channel storage area network (SAN)
backup environments.
Any Data Domain system running VTL can also run other backup operations simultaneously using NAS,
NDMP, and DD Boost.
Using Data Domain Replicator software, organizations can vault virtual tape cartridges over a wide area
network (WAN) to another site for disaster recovery, remote office backup and recovery, or multisite tape
consolidation.
Disk-based network storage provides a shorter RTO by eliminating the need for handling, loading, and
accessing tapes from a remote location.
VTL Tape out to cloud feature is now available from DD OS 6.1 and DD VE 3.1. It offers the ability to store
off-site and retrieve tapes for long term retention (LTR) use cases.

This lesson covers the features, benefits, and types of Data Replication. The various data replication
topologies are also described. This lesson also introduces Recipe Replication.

Data Domain Replicator (DD Replicator) provides automated, policy-based, network efficient, and
encrypted replication for Disaster Recovery (DR) and multi-site backup and archive consolidation. DD
Replicator asynchronously replicates only compressed, deduplicated data over a Wide Area Network
(WAN), which eliminates up to 99 percent of the bandwidth required compared to standard replication
methods.
When replicating over untrusted networks, Data Domain Replicator can encrypt sensitive data. This
encryption can be enabled on all or only a selected portion of the replicated data set.
For fast time-to-DR readiness, Data Domain Replicator provides logical throughput performance of up to
52 TB per hour over a 10 Gb network in replication deployments where one Data Domain system is
mirroring its data to another.
You can also consolidate data from up to 270 remote sites by simultaneously replicating data to a single,
large Data Domain system at a central hub.
Data Domain Replicator offers flexibility by providing multiple replication topologies such as full-system
mirroring, bidirectional, many-to-one, one-to-many, and cascaded. In addition, you can replicate either all
or a subset of data on the Data Domain system. For the highest level of security, DD Replicator can
encrypt data being replicated between DD systems using the standard Secure Socket Layer (SSL)
protocol.
To manage network utilization, you can set up a schedule to throttle Data Domain Replicator WAN
utilization at different times of the day.

Replication is set up with a source Data Domain system and one or more destination Data Domain
systems. There are five replication types: Collection, Directory, MTree, Pool, and Managed.
• Collection:
– Duplicates the entire data store on the source and transfers that to the destination, and the
replicated volume is read-only.
• Directory:
− Provides replication at the level of individual directories.
• Mtree:
– Replicates entire Mtrees, that is, a virtual file structure that enables advanced management.
• Pool:
– Pool replication is similar to directory replication, but the source is VTL data.
• Managed:
– Used with Data Domain Boost and is managed and controlled by the backup software.

Data Domain has various supported replication topologies where data flows from source to destination
directory over a LAN or WAN.
The topologies include:
• One-to-one replication, which is the simplest type of replication. This is from the Data Domain source
system to a Data Domain destination system.
• In a bidirectional replication pair, data from the source is replicated to the destination directory on the
destination system and from the source directory on the destination system to the destination directory
on the source system.
• In many-to-one replication, data flows from several source directories to a single destination system.
For example, this type of replication occurs when several branch offices replicate their data to the
corporate headquarters IT system.
• In a one-to-many replication, multi-stream optimization maximizes replication throughout per context.
• In a cascaded replication topology, directory replication is chained among three or more Data Domain
systems. Data recovery can be performed from the non-degraded replication pair context. One
additional topology is available: cascaded one-to-many.

Virtual synthetic full backup is the combination of the last full (synthetic or full) backup and all subsequent
incremental backups.
In a typical virtual synthetic workload, backup applications leverage virtual synthesis (via DD Boost) on the
Data Domain system to create a full backup by using incremental backups and the last full backup. Recipe
based Virtual Synthetic Replication is not a new form of replication, but instead provides optimization on
the existing replication types such as Managed File Replication and MTree Replication. Instead of
sending a new full backup file, instructions are sent to synthesize the regions from the file already present
in DDFS to generate a new full backup file. These instructions are called INCLUDE RPC. When
INCLUDE RPCs are received, it will copy the reference of those regions already present in DDFS to
generate a new backup file.
In this example, Gen 0 is the backup file already present in DDFS. Gen 1 is the target file where the new
file is generated. From the Gen 0 file, instructions are sent which include the 3 regions. These included
files are used to synthesize the Gen 1 file. Gen 0 file is called the Base file while the Gen 1 file is called
the Target file. In this example, there is only one Gen 0 file. However, in a normal user environment, there
can be multiple base files.
Backup applications that benefit from this feature include: Avamar, Networker, and NetBackup. However,
there were some VSR limitations. Only 8 base files can be remembered at any given time. If there are
more than 8 base files at ingest, replication can only use 8 base files on the destination side. Any base
files over that are ignored. In addition, the offset and the length of the VS operation must be 4MB aligned
to be remembered. The portions that are not 4MB aligned will be ignored.

Recipe Replication is an enhancement to the method of Virtual Synthetic Replication (VSR).
The goal of this feature is to improve the replication performance on the Virtual Synthetic (VS) workload.
VSR worked on both the Virtual Synthetic (VS) and Fastcopy plus Overwrite workload.
However, Recipe replication will only work on the VS workload and does not apply to the Fastcopy plus
Overwrite workload. Recipe Replication will be applied automatically when there is qualified VS workloads.
It functions transparently to the application and to customers. Similar to synthetic replication, Recipe
Replication will also work with MTree Replication (MREPL) and Managed File Replication (MFR).
Recipe Replication overcomes the challenges faced with a VS workload by using an attribute B-tree that
can store large size attributes persistently.

This lesson covers the features of Storage Migration and Migration on Expansion Shelves.

Storage migration in a Data Domain system is a licensed feature. Storage migration supports the
replacement of an existing storage enclosure with new enclosures. The system processes such as data
access, expansion, cleaning, and replication are unaffected during the migration process.
The storage migration utilizes a lot of system resources, but you can control this with throttle settings that
gives the migration a relatively higher or lower priority. You can also suspend a migration to make the
resources available for other processes and later resume the migration when resource demand is lower.
The replacement of existing storage enclosures offer higher performance, higher capacity, and a smaller
data footprint.

The Migration process on a Data Domain system occurs at the shelf level and not at the logical data level.
As a result of this, all disks present on the source shelf are accessed and copied over regardless of
whether it contains any data. Therefore, this process cannot be used to shrink a logical data.

This lesson covers Data Domain Extended retention and retention lock policies.

Data Domain Extended Retention provides long-term retention of backup data and eliminates tape
infrastructure for backup retention. This software is supported on the DD860, DD990, DD4200, DD4500,
DD6800, DD7200, DD9300, DD9500 and DD9800 systems.
Data Domain Extended Retention provides an internal tiering approach that enables cost-effective, long-
term retention of backup data on Data Domain system. With this, customers can leverage Data Domain
systems for long-term backup retention and minimize reliance on tape. Data Domain Extended Retention
transparently incorporates two tiers of storage on a Data Domain system to achieve cost-effective
scalability while delivering the throughput required to ingest hundreds of terabytes of backup data. This
combination makes Data Domain systems the ideal tape elimination solution for long-term backup
retention.
Data Domain Extended Retention provides transparent separation of short-term and long-term backup
data by storing it in different tiers on Data Domain systems. Data is initially stored in the active tier for
backup and operational recovery, then moved to an extremely scalable retention tier that is optimized for
long-term data retention, usually measured in years.
It ensures long-term data access and recoverability with fault isolation so that in the event of a failure or
catastrophe, the system continues to operate with all unaffected components.
Data Domain Extended Retention enables granular unit-to-unit replication for disaster recovery. In the
event of a connectivity issue affecting the replication process, the Data Domain system only needs to
replicate the impacted unit to resynchronize.

Data Domain Retention Lock enables IT organizations to efficiently store and manage different types of
governance and compliance archive data on a single Data Domain system. DD Retention Lock helps to
ensure that data integrity is maintained. Any data that is locked cannot be overwritten, modified, or deleted
for a user-defined retention period of up to 70 years. Data Domain Retention Lock also enables secure file
locking of archive data at an individual file level, enabling these files to be intermixed with unlocked files on
the same Data Domain system. Data Domain Retention Lock leverages industry-standard protocols such
as Network File System (NFS) and Common Internet File System (CIFS) for time-based retention of files.
As a result, it can be integrated seamlessly with industry-leading archive applications providing customers
with an end-to-end archiving solution.
There are two types of DD Retention Lock editions:
1. DD Retention Lock Governance edition
2. DD Retention Lock Compliance edition

DD Retention Lock Governance edition allows customers to maintain the integrity of the archive data with
the assumption that the system administrator is generally trusted with all legal actions performed on the
Data Domain system.
By enabling DD Retention Lock Governance edition on an MTree, IT administrators can:

• Apply retention policies at an individual file level of the data set on the Governance enabled MTree
for a specific period of time.
• Delete an archive file via an archiving application after the retention period expires.
• Update the default values of minimum and maximum retention periods per MTree:
– The default values of minimum and maximum retention periods are 12 hours and 5 years
respectively.
• Extend the retention time of locked archive files.
Locked files cannot be modified on the Data Domain system even after the retention period for the file
expires. Archive data that is retained on the Data Domain system is not deleted automatically when the
retention period expires. An archiving application must delete the file.
With DD Retention Lock Governance edition, IT administrators can meet secure data retention
requirements while keeping the ability to update the retention period should the corporate governance
policies change.
For example, an IT administrator might want to:

• Revert the locked state of a file on a specified path name inside of an MTree
• Delete an MTree enabled with DD Retention Lock Governance

The DD Retention Lock Compliance edition meets the strict requirements of regulatory standards for
electronic records, such as SEC 17a-4(f), and other standards that are practiced worldwide.
DD Retention Lock Compliance, when enabled on an MTree, ensures that all the files are locked by an
archiving application for a time-based retention period, cannot be deleted or overwritten under any
circumstances until the retention period expires. This is archived using multiple hardening procedures:
• Requiring dual sign-on for certain administrative actions. Before engaging DD Retention Lock
Compliance edition, the System Administrator must create a Security Officer role. The System
Administrator can create the first Security Officer, but only the Security Officer can create other
Security Officers on the system.
• Some of the actions requiring dual sign-on are:
– Extending the retention periods for an MTree
– Renaming the MTree
– Deleting the Retention Lock Compliance license from the Data Domain system
– Securing the system clock from illegal updates
• DD Retention Lock Compliance implements an internal security clock to prevent malicious
tampering with the system clock. The security clock closely monitors and records the system clock.
If there is an accumulated two-week skew within a year between the security clock and the system
clock, then the Data Domain file system (DDFS) is disabled and can be resumed only by a security
officer.

This lesson covers the features of Cloud Tier.

Cloud Tier feature of Data Domain enables the movement of inactive data from an active tier of a Data
Domain system to a low-cost and a high-capacity object storage like a public, private, or hybrid cloud. This
mechanism is highly efficient for long term data retention. During the process of data movement, only the
unique and deduplicated data is sent from the Data Domain system to the cloud. This ensures that the
data being sent to the cloud occupies as little space as possible and also results in a lower TCO over time
for a long term storage.
The cloud tier supports the Data Domain retention lock feature and it meets all the regulatory and
compliance policies.
From DD OS 6.0, the supported cloud storage includes ECS (Dell EMC Elastic Cloud Storage),
Virtustream, Amazon web services, and Microsoft Azure.

Encryption in Data Domain can be enabled at three levels:
1. Data Domain system level
2. Active tier level
3. Cloud tier level
Encryption at active tier is applicable, only if encryption is enabled at the system level. The system level
encryption is a licensed feature.
The cloud units have separate controls for enabling encryption. The encryption of Data at Rest is enabled
by default in the cloud. Users have the option to disable encryption, if desired.
From DD OS 6.0, external key manager is not supported. Once the data is in the cloud tier, the encryption
status cannot be changed. So the decision to encrypt the data or not to encrypt must be made before
sending any data to the cloud.
The complete process of data transfer between a Data Domain system and the cloud is done over a
secure HTTP connection.

Cloud tier can be enabled on both source and target Data Domain systems. If the source system is cloud
tier-enabled and the data is migrated to the cloud, then data must be read from the cloud for doing a
replication. A replicated file is always written on the active tier on the destination system even if it is cloud
tier enabled.
Managed file replication and MTree replication can be implemented on cloud tier-enabled systems with
latest DD OS. Directory replication works only on the /backup Mtree, thus directory replication is not
affected by cloud tier. Collection replication is not supported on cloud tier-enabled Data Domain systems.

DD OS 6.1 introduces Replication to Cloud where DD VE instances set up in the cloud replicate from one
DD VE system to another.
The data backed up with a DD VE in one region can be replicated to DD VE systems configured in the
same or other regions.

This lesson covers the features of BoostFS.

BoostFS is a virtual system running on a Linux client. It is based on the DD Boost SDK and the open-
source software FUSE (filesystem in user space). BoostFS exports a storage-unit from a DD system to
create a mount point on the client system. Also, BoostFS collects the results of the file system operations
conducted on the mount points by the kernel on the client system, and translates them into DD Boost SDK
APIs in order to communicate with DD system. As a result, files and directories that are created on the
mount point are actually stored in the storage unit on the DD system.
The third-party backup applications can avoid the cost and effort of integration with the DD Boost APIs by
directly accessing the mount points. This allows the customers to use the DD Boost feature without
actually integrating their applications with DD Boost APIs.
The third party applications supported in this release are: CommVault, MySQL, and MongoDB.
BoostFS Profiler is a software tool designed to help users evaluate or qualify backup applications for
BoostFS file system using comparative performance analysis against NFS. It is an interactive terminal that
guides users through the evaluation process which includes environment setup for the test, execution of
the test, cataloguing the test artifacts, and compilation of test results for analysis.

The benefits of integrating backup application with BoostFS are:
• Improvement in backup performance up to 50%
• Reduction in bandwidth consumption up to 99%
• Load on the server reduced up to 20 to 40%
• Provides access to DD Boost capabilities such as link aggregation with Dynamic Interface Groups and
backup application control of replication
• Application owners have control of backups that are created using BoostFS

This lesson covers Data Domain encryption and Data sanitization.

Data Domain Encryption software option encrypts all data on the system using an internally-generated
encryption key. This encryption key is static and cannot be changed by the user.
For environments requiring encryption keys to be changed on a periodic basis to meet compliance
regulation, you can manage the lifecycle of the encryption key for each Data Domain system individually
with encryption key rotation. If an external encryption key manager is needed, then the Data Domain
system can be integrated with RSA Data Protection Manager(DPM) for an enterprise-wide external
encryption management.
In addition to above features it also provides inline encryption, which means as the data is being ingested,
the data stream is deduplicated, compressed, and encrypted using an encryption key before being written
to the RAID group.

Data Domain system offers two types of encryption:
• Encryption of data at rest
• Encryption of data in-flight
Encryption of data at rest protects user data if the Data Domain system is lost or stolen. It also eliminates
accidental exposure if a failed drive needs replacements. When the file system is intentionally locked, an
intruder who circumvents the network security controls and gains access to the Data Domain system will
be unable to read the file system without the proper administrative control, passphrase, and cryptographic
key.
Encryption of data in-flight encrypts data being transferred via DD Replicator software. It uses OpenSSL
AES 256-bit encryption to encapsulate the replicated data over the wire. The encryption encapsulation
layer is immediately removed as soon as it lands on the destination Data Domain system. Data within the
payload can also be encrypted via Data Domain encryption software.

Data sanitization which is also referred as electronic shredding is performed when classified or sensitive
data is written to any system that is not approved to store such data. Data Domain's sanitization approach
ensures that it complies Department of Defense (DoD) and National Institute of Systems and Technology
(NIST) procedures. Normal file deletion provides residual data that allows recovery.
System sanitization was designed to remove all traces of deleted files without any residual remains and
restore the system to the state prior to the file's existence. The Data Domain sanitization command exists
to enable the administrator to delete files at the logical level, whether a backup set or individual files. The
primary use of the sanitize command is to resolve Classified Message Incidents (CMIs) that occur when
classified data is copied inadvertently onto a non-secure system. System sanitization is typically required
in government installations.
The system sanitize command erases content in the locations as mentioned:

• Segments of deleted files not used by other files
• Contaminated metadata
• All unused storage space in the file system
• All segments used by deleted files that cannot be globally erased, because some segments might
be used by other files

This lesson covers the various user access roles provided in a DD system, the introduction of new limited-
admin role privilege, security enhancements for the user roles, and the security measures taken for a
cloud provider to access data from the DD system.

Roles supported by Data Domain system include:
• Admin: Allows you to administer- configure, and monitor the entire Data Domain system.
• User: Allows you to monitor Data Domain systems.
• Security: In addition to user role privileges, security allows you to set up security officer configurations
and manage other security officer operators.
• Backup-operator: In addition to user role privileges, backup-operator allows you to create snapshots,
import and export tapes to a VTL library and move tapes within a VTL library.
• None: Used for DD Boost authentication and tenant-users only. A none role user can log in to a Data
Domain system and can change their password, but cannot monitor or configure the primary system.
Data Domain “admin” role is designed to have the capability of both creating and destroying data stored
on Data Domain systems. This design does not prevent any rogue administrator from deleting data on the
system.
The new Limited-Admin role allows all admin privileges except the ability to perform data delete
operations. This prevents any potentially malicious administrator from deleting any data from the Data
Domain systems.

Users with similar role level are no longer allowed to perform configuration change operations on each
other. For example, admin1 should not be allowed to change admin2 password.
For these CLI commands, users on same level cannot perform these operations on each other:
• User change password
• User password aging set/reset
• Admin access add/del/reset ssh-keys
• User enable/disable
• User delete
• User change role

For secure communications with a cloud, we now need to verify the cloud provider identity, before backing
up the data from Data Domain.
The cloud provider has a host certificate which is issued by the well known CA authority. A Certificate
Authority (CA) certificate and Certificate Revocation List (CRL), needs to be imported on the Data Domain
system in order to configure Cloud Tier.
For secure SSL/TLS communication with the Cloud, CRL and CA certificates imported will be used for
cloud provider identity verification.

This lesson covers Data Domain Secure Multi-Tenancy, its architecture, and benefits.

The secure multi-tenancy for Data Domain feature allows enterprises and service providers to deliver data
protection-as-a-service.
The feature:
• Enables enterprises to deploy Data Domain systems in a private cloud
• Enables service providers to deploy Data Domain systems in a hybrid or public cloud and,
• SMT also allows different cloud models for protection storage which includes:
– Local Backup (Backup-as-a-Service (BaaS) for hosted applications)
– Replicated Backup (Disaster Recovery-as-a-Service (DRaaS)
– Remote Backup (BaaS over WAN)
Secure multi-tenancy for Data Domain systems is a feature that enables secure isolation of many users
and workloads on a shared system. As a result, the activities of one tenant are not visible or apparent to
other tenants. This capability improves cost efficiencies through a shared infrastructure while providing
each tenant with the same visibility, isolation, and control that they would have with their own stand-alone
Data Domain system.
A tenant may be one or more business units or departments hosted onsite for an enterprise or “large
enterprise” (LE). For example, Finance and Human Resources sharing the same Data Domain system.
Each department would be unaware of the presence of the other. A tenant may also be one or more
external applications that are hosted remotely by a service provider (SP) on behalf of a client.

SMT components, also known as management objects, provide security and isolation within a shared
infrastructure. SMT components are initially created by the admin during the basic provisioning sequence,
but can also be created manually as needed.
In SMT terms, the landlord is the storage admin or the Data Domain Administrator. The landlord is
responsible for managing the Data Domain system. The landlord sets up the file systems, storage,
networking, replication, and protocols. They are also responsible for monitoring overall system health and
replace any failed hardware as necessary.
A tenant is responsible for scheduling and running the backup application for the tenant customer, and for
managing their own tenant-units including configuring backup protocols and monitoring resources and
stats within their tenant-unit.
Tenant-units are logical containers for MTrees. They also contain important information, such as users,
notification groups, and other configuration elements. Tenant-units cannot be viewed or detected by other
tenants, which ensures security and isolation of the control path, when running multiple tenants
simultaneously on the shared infrastructure.

The example in this slide shows two companies Red and Blue share the same Data Domain system.
Tenant units and individual data paths are logically and securely isolated from each other and are
managed independently. Tenant users can backup using their application servers to Data Domain storage
in secure isolation from other tenants on the Data Domain system.
Tenant administrators can perform self-service fast copy operations within their tenant units for data
restores as needed. Tenant administrators are able to monitor data capacity and associated alerts for
capacity and stream use.
The landlord responsible for the Data Domain system monitors and manages all tenants in the system,
and has visibility across the entire system. They set capacity and stream quotas on the system for the
different tenant units, and report on tenant unit data.

Logical data isolation allows providers to spread the capital expenditure and operational expenditure of a
protection storage infrastructure across multiple tenants. Data isolation is achieved by using separate DD
Boost users for different MTrees or by using the access mechanisms of NFS, CIFS, and VTL.
A tenant-unit is a partition of a Data Domain system that serves as a unit of administrative isolation
between tenants. Multiple roles with different privilege levels combine to provide the Administrative
isolation on a multi-tenant Data Domain system. The Tenant Admin and Tenant User can be restricted
only to certain tenant-units on a Data Domain system and allowed to execute a subset of the commands
that a Data Domain system administrator would be allowed. Both of these roles enable tenant self-service.
The DD Boost protocol allows creation of multiple DD Boost users on a Data Domain system. With that,
each tenant can be assigned one or more DD Boost user credentials that can be assigned to access
privileges to one ore more MTrees in a tenant unit defined for a particular tenant. This allows secure
access to different tenant datasets using their separate DD Boost credentials by restricting access and
visibility.
Metering and Reporting enable a provider to ensure that they are running a sustainable business model.
The need of such reporting in a multi-tenant environments is even greater for the provider to track usage
on a shared asset such as a Data Domain System.
Similarly, for other protocols such as CIFS, NFS, and VTL, the native protocol level access control
mechanisms can be used to provide isolation.

This module covered the protocols supported by Data Domain over both Ethernet and Fibre Channel. It
also provides the benefits of various Data Domain features such as DD Boost which is a private, efficient,
and data transfer protocol used with Data Domain systems. The other topics covered include data
security, user access features and SMT, which provide data protection by leveraging encryption and
access permission for different roles. New features like Recipe Replication and Cloud Tier were also
discussed.

This module focuses on how to access a Data Domain system through the Data Domain Command Line
Interface, Data Domain System Manager, and the Data Domain Management Center.

This lesson covers managing the Data Domain system from the Command Line Interface using direct
access and remote access.

Data Domain command line interface (CLI) enables you to manage Data Domain systems.
The initial installation and configuration of the Data Domain Operating System will most-likely be done with
direct access to the hardware either through a serial connection or using a keyboard and monitor directly
attached to the system.
To initially access the Data Domain system, the default administrator’s username and password will be
used. The default administrator name is sysadmin. The initial password for the sysadmin user on a
physical Data Domain system is the system’s serial number. The initial password for the sysadmin user on
a virtual Data Domain instance is “changeme.”
The DD OS Command Reference Guide provides information for using the commands to accomplish
specific administration tasks. Each command also has an online help page that gives the complete
command syntax. Help pages are available at the CLI using the help command. Any Data Domain system
command that accepts a list (such as a list of IP addresses) accepts entries separated by commas, by
spaces, or both.

After the initial configuration is done, you can use the SSH or Telnet (if enabled), IPMI, or SOL utilities to
access the system using the CLI remotely.
Data Domain systems running with DD OS 5.0 or higher supports remote power management using the
Intelligent Platform Management Interface (IPMI), and they support remote monitoring of the boot
sequence using Serial over LAN (SOL).
Some of the capabilities of remote power management that are supported through IPMI are:
• Powering on the Data Domain system after power outage
• Power cycle after a DD OS crash
• Powering off to save power on the systems that are not currently in use
• Obtaining the power status
The console activities that are supported through SOL are:
• Running diagnostics
• Install, upgrade, or reconfiguring the DD OS
• Accessing the BIOS
• Viewing valuable POST and boot messages.

This lesson covers managing the Data Domain system from the GUI using the Data Domain System
Manager and Data Domain Management Center.

Data Domain systems are managed using sophisticated tools like Data Domain System Manager. The
Data Domain System Manager is a browser-based graphical user interface, available through Ethernet
connections, for managing one or more systems from any location. It provides a single, consolidated
management interface that allows for configuration and monitoring of many system features and system
settings. It provides simple configuration wizards which guide you through a simplified configuration of
your system to get your system operating quickly.
You can access the System Manager from many popular web browsers like Microsoft Internet Explorer™,
Google Chrome™ and Mozilla Firefox™.

Data Domain Management Center is a scalable framework that streamlines the management and
monitoring of Data Domain systems. It integrates complex workflows into a single interface which
eliminates the overhead of managing devices across large data centers or remote sites.
Some of the key features include:
1) Health and Status Resource Monitoring
2) Capacity and Replication Management
3) Aggregated System Management
4) Simultaneous management of multiple Data Domain system across Data centers or remote sites
5) Providing Administrative roles with limited responsibilities.
6) Group and Property-based Administration
The DDMC solution is designed for customers with multiple Data Domain systems who are seeking to
aggregate management and reporting from a single interface.
In contrast, the Data Domain System Manager is primarily a single system management tool that provides
centralized monitoring and management for up to 20 systems. The Data Domain System Manager does
not aggregate storage and/or performance data from multiple systems, as provided by the Data Domain
Management Center.
Copyright © 2017 Dell Inc. Course Name 94

This module covered accessing a Data Domain system using the Command Line interface, the Data
Domain Management Center, and the Data Domain System Manager.
The initial installation and configuration is done with direct access to the hardware either through a serial
connection or using a keyboard and monitor directly attached to the system. After the initial configuration
is done, you can use the SSH or Telnet (if enabled), IPMI, or SOL utilities to access the system using the
CLI remotely.
DD OS can be accessed using the GUI through Data Domain System Manager which is a single system
management tool that provides centralized monitoring and management or the Data Domain Management
Center that aggregates management and reporting from a single interface.

This module focuses on the Data Domain support features and the latest upgrade process.

This lesson covers the overview of ESRS support along with ConnectEMC and High Availability Support.

EMC Secure Remote Services, also known as ESRS, is a two-way remote connection between Dell EMC
Customer Service and Dell EMC products that enables remote monitoring, diagnosis, and repair. ESRS
assures availability and optimization of the Dell EMC infrastructure, and is a key component of Dell EMC's
industry leading Customer Service. The connection is secure, high speed, and operates 24x7.
ESRS is the remote service solution application that is installed on one or more customer-supplied
dedicated servers. ESRS becomes the single point of entry and exit for all IP-based EMC remote service
activities for the devices associated with that particular ESRS.
ESRS functions as a communication broker between the managed devices, the Policy Manager, and the
Dell EMC enterprise. The Policy Manager allows you to set permissions for devices that are being
managed by ESRS. ESRS is an HTTPS handler. All messages are encoded using standard XML and
SOAP application protocols. ESRS message types include:
• Device state heartbeat polling
• Connect homes
• Remote access session initiation
• User authentication requests
• Device management synchronization
ESRS supports the use of ConnectEMC. The ConnectEMC method encrypts alerts and autosupport
reports before transmission to Dell EMC Customer Support. It also provides High Availability support.

ConnectEMC is a standardized method that Dell EMC products use to transport system event
files(ASUPs, Alerts) securely to Dell EMC support.
The ConnectEMC method sends messages in a secure format using FTP or HTTPS. When it is used with
an EMC Secure Remote Support (ESRS) gateway, one benefit is that a single gateway can forward
messages from multiple systems, and this allows you to configure network security for only the ESRS
gateway instead of for multiple systems. Also, a usage intelligence report is generated.
In general, there are Autosupport alerts and alert-summaries sent to Dell EMC Support. An eLicense is
required if the system is a physical Data Domain system or DD VE.
Configure network security only for ESRS gateway instead of multiple systems.

The ESRS GUI supports high availability (HA). The configuration is similar to the non-HA systems with the
addition of the HA Peer IP which is a required field.
HA uses a floating IP address to provide data access to the Data Domain HA pair regardless of which
physical node is the active node.

This lesson covers minimally disruptive upgrades and how the upgrade process is different from previous
upgrade methods.

The minimally disruptive upgrade feature lets you upgrade specific software components or apply bug
fixes without a system reboot. Only those services that depend on the component being upgraded are
disrupted, so the MDU feature can prevent significant downtime during certain software upgrades. Not all
software components qualify for a minimally disruptive upgrade; such components must be upgraded as
part of a regular DD OS system software upgrade. A DD OS software upgrade uses a large RPM
(upgrade bundle), which performs upgrade actions for all of the components of DD OS. MDU uses smaller
component bundles, which upgrade specific software components individually.

Prior to DD OS 6.0, most upgrades of a Data Domain require complete system reboots. From DD OS 6.0,
Dell EMC wants to minimize complete system reboots, the solution for that is Minimally Disruptive
Upgrade (MDU).
MDU is basically similar to the atomic upgrade, but comprised with standalone component RPMs like
ddsh.rpm, vtl.rpm. These standalone components come in smaller packages to facilitate faster delivery to
the system.
An MDU is triggered when a specific component (vtl.rpm) is used to upgrade the system; the effect of the
new component will take place just as in an atomic upgrade, but only the processes relating to the specific
component will reboot instead of the entire system. After completing an MDU, the DD OS version changes
like an atomic upgrade.

This module covered the DD support features which includes the EMC Secure Remote Services. ESRS is
a remote connection between Dell EMC Customer Service and Dell EMC products. The ESRS application
provides remote monitoring, diagnosis, and repair. ConnectEMC and High Availability support is also
provided by ESRS. Minimally Disruptive Upgrade(MDU) is the latest upgrade process provided by DD OS
6.0 where only specific software components are upgraded without a complete system reboot.

This course covered features, benefits and advantages of using a Data Domain system for backup
operations, the physical architecture of a typical backup environment using Data Domain systems, and the
methods used for administering a Data Domain system.


Data Domain Fundamentals SRG

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Data Domain Fundamentals SRG

Uploaded by

Copyright:

Available Formats

Welcome to Data Domain Fundamentals.

Revision Date: July 2017

Revision Number: MR-1SP-DDFUND.6.1

Copyright © 2017 Dell Inc. Data Domain Fundamentals 1

Copyright © 2017 Dell Inc. Data Domain Fundamentals 2

Copyright © 2017 Dell Inc. Data Domain Fundamentals 3

Copyright © 2017 Dell Inc. Data Domain Fundamentals 4

Copyright © 2017 Dell Inc. Data Domain Fundamentals 5

Copyright © 2017 Dell Inc. Data Domain Fundamentals 6

Copyright © 2017 Dell Inc. Data Domain Fundamentals 7

Copyright © 2017 Dell Inc. Data Domain Fundamentals 8

Copyright © 2017 Dell Inc. Data Domain Fundamentals 9

Hardware features common to all models include:

Copyright © 2017 Dell Inc. Data Domain Fundamentals 10

Copyright © 2017 Dell Inc. Data Domain Fundamentals 11

Copyright © 2017 Dell Inc. Data Domain Fundamentals 12

Copyright © 2017 Dell Inc. Data Domain Fundamentals 13

The models that are currently shipped with DD OS 6.1 are:

Copyright © 2017 Dell Inc. Data Domain Fundamentals 14

Copyright © 2017 Dell Inc. Data Domain Fundamentals 15

Copyright © 2017 Dell Inc. Data Domain Fundamentals 16

Copyright © 2017 Dell Inc. Data Domain Fundamentals 17

Copyright © 2017 Dell Inc. Data Domain Fundamentals 18

Copyright © 2017 Dell Inc. Data Domain Fundamentals 19

Copyright © 2017 Dell Inc. Data Domain Fundamentals 20

Copyright © 2017 Dell Inc. Data Domain Fundamentals 21

Copyright © 2017 Dell Inc. Data Domain Fundamentals 22

It is flexible as it offers a flexible deployment environment that includes deduplication, replication, DD

Copyright © 2017 Dell Inc. Data Domain Fundamentals 23

Copyright © 2017 Dell Inc. Data Domain Fundamentals 24

Copyright © 2017 Dell Inc. Data Domain Fundamentals 25

Copyright © 2017 Dell Inc. Data Domain Fundamentals 26

eLicensing electronically represents software license entitlements. It provides standardized ordering,

There are two categories of licenses- served and unserved licenses.

Copyright © 2017 Dell Inc. Data Domain Fundamentals 27

Copyright © 2017 Dell Inc. Data Domain Fundamentals 28

Copyright © 2017 Dell Inc. Data Domain Fundamentals 29

Copyright © 2017 Dell Inc. Data Domain Fundamentals 30

Copyright © 2017 Dell Inc. Data Domain Fundamentals 31

Copyright © 2017 Dell Inc. Data Domain Fundamentals 32

Copyright © 2017 Dell Inc. Data Domain Fundamentals 33

Copyright © 2017 Dell Inc. Data Domain Fundamentals 34

Copyright © 2017 Dell Inc. Data Domain Fundamentals 35

Copyright © 2017 Dell Inc. Data Domain Fundamentals 36

Copyright © 2017 Dell Inc. Data Domain Fundamentals 37

Deduplication methods are of two types:

Fixed-length segment deduplication (also called block-based deduplication or fixed-segment

Copyright © 2017 Dell Inc. Data Domain Fundamentals 38

This slide shows Data Domain Deduplication process:

Copyright © 2017 Dell Inc. Data Domain Fundamentals 39

Copyright © 2017 Dell Inc. Data Domain Fundamentals 40

Copyright © 2017 Dell Inc. Data Domain Fundamentals 41

Copyright © 2017 Dell Inc. Data Domain Fundamentals 42

Copyright © 2017 Dell Inc. Data Domain Fundamentals 43

Copyright © 2017 Dell Inc. Data Domain Fundamentals 44

Copyright © 2017 Dell Inc. Data Domain Fundamentals 45

Copyright © 2017 Dell Inc. Data Domain Fundamentals 46

Copyright © 2017 Dell Inc. Data Domain Fundamentals 47

Copyright © 2017 Dell Inc. Data Domain Fundamentals 48

Copyright © 2017 Dell Inc. Data Domain Fundamentals 49

Copyright © 2017 Dell Inc. Data Domain Fundamentals 50

Copyright © 2017 Dell Inc. Data Domain Fundamentals 51

Copyright © 2017 Dell Inc. Data Domain Fundamentals 52

Copyright © 2017 Dell Inc. Data Domain Fundamentals 53