Beruflich Dokumente
Kultur Dokumente
June 2011
Page 1
Contents
SnapProtect Field Guide Objective & Overview ...................................................................................4 NetApp Storage Overview ..................................................................................................................6 CommVault Integration Requirements for SnapProtect .......................................................................8 Array Software Licenses ............................................................................................................................ 8 Simpana Software ................................................................................................................................... 10 Software Requirements ...................................................................................................................... 10 Basic File System Environments .......................................................................................................... 10 Application Environments ................................................................................................................... 11 NAS Environments .............................................................................................................................. 11 Virtual Environments .......................................................................................................................... 11 SnapVault and SnapMirror Environments .......................................................................................... 12 Supported Applications and Operating Environments ....................................................................... 12 SnapProtect Array Configuration Details with NetApp FAS ................................................................ 13 NetApp Array Configuration ................................................................................................................... 13 SnapVault & SnapMirror ......................................................................................................................... 15 Data Fabric Manager (DFM) ................................................................................................................ 15 Steps to Configure the NetApp Architecture .......................................................................................... 16 SnapProtect Storage Policy Configuration .............................................................................................. 18 Enabling SnapVault and SnapMirror ................................................................................................... 21 The SnapProtect Process .................................................................................................................. 24 SnapProtect Backup Operation........................................................................................................... 24 Backup Copy Operations ..................................................................................................................... 24 Production Host Configuration ............................................................................................................... 26 For NAS Configurations ....................................................................................................................... 26 Application Configurations ................................................................................................................. 29 For VMware Configurations ................................................................................................................ 33 Microsoft HyperV Configurations ....................................................................................................... 35 Proxy Configuration ................................................................................................................................ 37 For Exchange ....................................................................................................................................... 37 For Oracle ............................................................................................................................................ 38 Configuration Verification Using SnapTest ........................................................................................ 40 Security & Storage Policy Best Practices............................................................................................ 47 Configuring SnapProtect on NetApp Storage Page 2
Security Roles ...................................................................................................................................... 47 Storage Policies ................................................................................................................................... 49 Manipulating Snapshots ................................................................................................................... 51 Mount/Dismount Snaps for Manual Browse .......................................................................................... 52 Reverting a Snapshot .............................................................................................................................. 55 Application Aware Revert ................................................................................................................... 55 Non Application Aware Revert............................................................................................................ 58 Out of Place Restore Capabilities (VMware Example) ......................................................................... 60 Appendix ......................................................................................................................................... 64 The SnapMirror Process Explained ......................................................................................................... 64 SnapMirror and DataAging Explained ................................................................................................. 67 VADP-SPE User Permissions .................................................................................................................... 71 Snap Reconciliation Registry Key ............................................................................................................ 72 Array Credentials for a Non Root User ................................................................................................... 73
Page 3
SnapProtect supports the leading SAN/NAS storage solutions from Dell, EMC, NetApp, LSI, HP, SUN, IBM and HDS. As of Simpana 9 Service Pack 2, CommVault integrated SnapProtect with the Thin Replication capabilities of the NetApp Storage Architecture. This enables joint CommVault and NetApp customers to leverage SnapVault and SnapMirror between NetApp arrays to provide disk to disk backups by only moving the changed blocks from one NetApp Array to the other through the Thin Replication relationships defined on the storage. Snapshots within the NetApp array replicate to another array while maintaining all previously mentioned capabilities for off-host proxy backups, indexing of all snapshot copies, etc. This provides customers with NetApp Storage a truly integrated approach to managing large data sets by leveraging one data management platform to create, mount, dismount, retain, recover, and delete snapshots as well as create thin provision replication policies and even provision storage on the secondary NetApp Array. Please refer to www.commvault.com for the most up to date revision of the supported hardware and software configurations.
Page 5
Page 6
While very similar in function, SnapVault and SnapMirror are two different technologies. SnapMirror relationships are between a specified source volume on a primary array and a destination volume where the replica lives on the secondary array. Once this relationship is created, SnapMirror will creates a snapshot copy of the data on the source volume and then copy only the delta blocks from the source to the destination read only volume. Updates can occur in a Synchronous, Semi Synchronous, or Asynchronous fashion (Simpana only supports a scheduled asynchronous replication today). When the scheduled replication occurs, the updates to the destination volume only reflect the incremental changes seen on the source. The result of this process is an online, read-only volume containing the same data as the source at the time of the most recent update, including any snapshots present on the source volume. Manually severing the SnapMirror allows the destination SnapMirror volume to be accessed as read write, or alternatively snapshots may be mounted as a FlexClone to execute DR operations from the destination volume. SnapVault relationships are between a specified source volume/qtree on a primary array and a destination volume/qtree where the replica baseline and snapshot vaulted versions live on the secondary array. For each Snapshot set, SnapVault saves the number of primary storage Snapshot copies you specify. The SnapVault secondary storage system carries out a specified set of scheduled data transfer and Snapshot actions. For each of its secondary volume/qtrees on a given volume, SnapVault retrieves, from the Snapshot data of each corresponding primary volume/qtree, the incremental changes to the primary volume/qtrees made since the last data transfer. Then SnapVault creates a volume Snapshot copy of the changes in the secondary volume/qtrees. For each transfer SnapVault saves the number of secondary storage Snapshot copies specified. The primary difference between SnapVault and SnapMirror is that SnapVault target volumes are not exact replicas of the source volumes they can have different retention criteria for the snaps than the source volumes. In SnapProtect all of these operations are orchestrated by a set of APIs built into DFM (Data Fabric Manager). DFM registers each of the arrays, and creates policies and relationships that define the replication topology, schedule, and retention. Required DFM components are: Operations Manager Protection Manager Provisioning Manager
Page 7
No required software on the Production Host or Proxy is necessary for NetApp snapshot integration.
Page 8
Application/Environment
Application & FS iDAs NAS iDA (NetApp Only) Virtual Server iDA
Connection Protocol
iSCSI, FC, NFS CIFS, NFS iSCSI, FC, NFS
1 - With Block Based Storage, Flex Clone is not explicitly required. If FlexClone is not available, the FAS will default to LUN Clone. 2- C-MODE is not supported by SnapProtect as NetApp has not rolled out support for C-Mode DOT environments with the necessary SnapVault/SnapMirror capabilities.
Page 9
Simpana Software
Software Requirements CommVault for SnapProtect solutions will require the appropriate data agents as defined by the customer configuration. Below we will define a few terms in use going forward in this document: Production Host Server housing the actual production LUN being snapped or cloned Proxy Server mounting the snapshot or clone for backup purposes off of the Production Host Array Hardware Storage Array executing the snapshots File System iDA iDataAgent for protecting the file system of a host MediaAgent Agent for creating and managing snapshots as well as for writing data to backup targets Application iDA Agents providing for application aware data protection operations for applications such as SQL, Exchange, Oracle etc. Enables Application Aware snapshots Virtual Server Agent (VSA) Agent providing protection of Virtualization Environments without placing backup agents internal to the guests VSS Provider CommVault VSS Provider for Windows to allow for creation of snapshots with application consistency NAS iDA Logical IDA linked to an NDMP host for data protection operations
Note** - To enable SnapVault and SnapMirror functionality, the appropriate NetApp Hardware licenses must be available and the CommCell must have license type 196 added to provide support.
Basic File System Environments As with all configurations, a CommServe, necessary storage capacity, and MediaAgents must exist to enable a completely functional solution. On top of the basic infrastructure components, the SnapProtect base configuration requires the following agents on the Production Host: File System iDA (for the appropriate Operating System) MediaAgent CommVault VSS Provider (Windows Only)
For a configuration where snapshots mount off host to a Proxy server, implement the following agents on the Proxy server. File System iDA (Must be similar to Production Host OS) MediaAgent
Page 10
Application Environments When implementing for Application Environments simply add the appropriate snap supported Application iDA to the SnapProtect base configuration as follows on the Production Host: File System iDA (for the appropriate Operating System) MediaAgent CommVault VSS Provider Application iDA for selected Application
For a configuration where snapshots mount off host to a Proxy server, implement the following agents on the Proxy server. With SnapVault and Mirror capabilities the option to choose a Proxy Server from the Secondary Array is possible. To do so, the same software components must be available in the Proxy to Tape Server as well. File System iDA (Must be similar to Production Host OS) MediaAgent Application specific binaries to enable Proxy application API protection (i.e. Exchange Management Pack, Oracle for RMAN integration, etc.)
NAS Environments For Network Attached Storage environments (NetApp Only) the configuration is slightly different. Since a NAS iDA is a logical agent pointing to an assigned IP address to the NetApp FAS, nothing must be installed for the Production host. Simply configure the NAS iDA per Books Online and check the enable SnapProtect box under the client advanced properties to enable local ONTAP snaps to drive the protection operation. There is no notion of a Proxy in this configuration due to the local nature of the ONTAP snapshot. NDMP operations will simply function from the primary FAS. In the scenario where the customer wants to execute crashconsistent snapshots of VM, database, or application environments, the best way to achieve this is through the NAS iDA. It allows the customer to define the Volume, qtree, or LUN as the contents of a NAS iDA subclient and execute a crash consistent snap at the schedule defined on the subclient. Virtual Environments The SnapProtect with the Virtual Server Agent enables pointin-time snapshots with hardware snapshot engines to provide snapshot functionality for data protection operations of virtual guests. Using a dedicated ESX server for selective copy to tier2 storage completely removes any utilization on the Production ESX farm. The copy operation to tier2 storage enables Granular Recovery for individual file and folder recovery. Configuring SnapProtect on NetApp Storage Page 11
To enable SnapProtect for the Virtual Environment ensure the following: File System iDA (for the appropriate Operating System) MediaAgent Virtual Server Agent (VSA) iDA
The virtual server Agent may be running as a Hot Add mode guest external to the production farm to eliminate processing. The Virtual Server Agent leverages Proxy capabilities by default with no agents installed on the ESX server. SnapVault and SnapMirror Environments SnapProtect now extends enterprise management for backup and recovery in the data center for local Snapshot copies on NetApp primary storage and replication to secondary and tertiary storage, as well as tape creation. Any of the above environments discussed (application data, file data for NAS, file data in LUNs, or data in virtualized environments) with SnapVault and SnapMirror enables management, storage provisioning, cataloging, and the granular recoverability for seamless operation off of any copy.
Supported Applications and Operating Environments See Books Online for a complete listing of supported SnapProtect Applications and Operating Environments and any potential solution caveats. http://documentation.commvault.com
Page 12
Note** - Ensure the Volumes/LUNS have enough space to accommodate the retention settings internal to Simpana for SnapProtect functions.
Page 13
Other Provisioning Best Practices include: When Possible - Group LUNs according to their rate of change: When planning for Snapshots, do not create LUNs with high rate of change in the same volumes as LUNs with a low rate of change. When calculating the size of volumes, use rate of change to determine the amount of space necessary for Snapshots. ONTAP takes Snapshots at a volume level and the rate of change of data in all LUNs affects the amount of space needed for Snapshots. A 1:1 Volume to LUN relationship is not Necessary, but may simplify Storage and Application Management. It is also best practice to ensure each LUN lives within a Qtree in SnapMirror and SnapVault configurations. Thin Provisioned Volumes with LUNS are a great way to provide flexibility to your storage provisioning and snapshot management; however, it is not required. SnapProtect will still provide the full suite of capabilities for recovery regardless of the Volume to LUN relationship and ratio. Disable NetApp Schedule for Snapshots on Volumes CommVault highly recommends disabling the native NetApp schedule for snapshots on volumes Simpana manages. This ensures snapshot retention and storage use is in line with the policies defined within Simpana. This may accomplished by un-checking the Scheduled checkbox for the volume from Filer View (below) or System Manager.
Page 14
Note** Failing to disable the internal snapshot scheduling set by default may cause contention issues if multiple calls occur at the same time for snapshot creation. Snapshot retention management only applies to CommVault Simpana generated snapshots.
Page 15
3. Select NetApp for the Snap Vendor dropdown 4. Enter the Fully Qualified Domain Name or IP address of the Controller for the FAS in the Array ID field, or the FQDN of the DFM server in the Name field. 5. Enter a username and confirm the username password for the Username and Password fields. DFM will use the login credentials for the NetApp Management Console, while registered FAS will use local login rights (Root, etc. See Appendix for specific security rights for a non-Root user) 6. For NetApp Arrays, ensure the File Server button is selected. If it will act as a Primary Array in a SnapVault or SnapMirror relationship, ensure the Primary Checkbox is marked. This will also consume a license for SKU based customers. If this is a DFM component, ensure the DataFabric Manager button is selected. NetApp NFS Specific Integration Notes
Page 16
1. For VMware ensure the VMware Data Store array ID (FQDN or IP address in vCenter) matches what the array ID (IP or FQDN) in Array Management. For example, if the Data Store leverages the NetApp controller IP address then utilize the NetApp IP address for Array Management. The same rule applies for applications leveraging NFS storage. Ensure the same naming convention appears in array management as it appears for the application access. 2. For NFS Data Stores in VMware configurations Repeat Steps 2 7 from the preceding page for each IP used for NetApp NFS storage into Array Management. A single IP for a management interface is not sufficient for NFS configurations with SnapProtect in VMware 3. The VSA will need visibility into the storage network for NFS and iSCSI implementations. This may require a second network connection on the VSA for isolated storage networks.
Page 17
2. Define a unique Copy Name of the newly created Snapshot Copy and define the Library and MediaAgent where the Snapshot Copy indexing information will be stored.
Page 18
3. Select the Retention tab and define retention for the number of days or cycles the snapshots will live internal to the array and click OK to create the Snapshot Copy
The configured Storage Policy will show both the previously defined Primary Copy and the new Snapshot Copy as seen below.
4. To protect Snapshot data in the Primary Snap Copy to the Primary Storage Policy Copy initiate a Backup Copy to backup the selected jobs. To define which snapshots are marked for inclusion of the backup copy operation select the previously configured Storage Policy, right click and go to properties. 5. Select the Snapshot tab. Under the Snapshot tab are the options to define which snapshots generate backup copies. The selection rules allow all snapshot operations to drive a synchronous backup copy or selectively choose snapshots based upon timing or manual selection. Any job meeting the rules for backup copy will be mounted on the defined proxy upon executing the backup copy operation.
Page 19
6. To execute the Storage Policy Backup Copy operation, simply right click on the Storage Policy, select All Tasks, and Run Backup Copy. The Backup Copy dialog box allows for backup copy creation on demand or through a schedule.
Page 20
Enabling SnapVault and SnapMirror SnapVault and SnapMirror copies are managed and controlled by creating a specified SnapCopy for the Vault and Mirror destinations. Execution of the Vault or Mirror process initiates through a simple Auxiliary Copy operation between Snap Copies. Simpana supports all Vault and Mirror configurations supported by NetApp Protection Manager Policies. To create configure a Storage Policy with a Snapshot Copy: 1. Select a Storage Policy and right click; select All Tasks; select Create New Snapshot Copy 2. On the General Tab define the copy name as well as the disk library target for indexing. Select the Protection Type as a Mirror or Vault Copy. Note, if Mirror is selected, the retention tab will remain greyed out as the Mirror copy will inherit the retention values of the primary Snap Copy. If Vault is chosen the Retention Tab will be enabled to define specific retention needs.
3. Under the Copy Policy Tab, define the Source Copy from which the Mirror or Vault process will execute from. A mirror can come from the Primary Snap copy or from another Mirror or Vault Copy. Same for a Vault Copy, with the one exception, a Vault cannot specify another Vault copy as the Source (this is not supported by DFM architecture with NetApp)
Page 21
4. Next go to the Provisioning Tab and select the Resource Pool (automatically imported from DFM) as the destination storage location for the Vault/Mirror copies.
5. Click Ok. At this point DFM will execute upon a conformance check and will create the protection policy internal to the NetApp Management Console.
Page 22
6. To execute the NetApp Thin Replication for Mirror or Vault, simply execute an Auxiliary Copy from the Source Snap Copy to the destination. Schedule this process as often as desired to synchronize the snapshot points in time from one array to the next.
Page 23
For Oracle and VMware, the backup copy operations will leverage RMAN and VADP to provide complete object integration (table level restore, single file access, etc.) in to the backup copy store. During the Backup Copy operation: 1. The snapshot is mounted to the source or proxy computer. The mounted snapshot receives commands to scan and backups like a normal file system and the required contents are read. 2. The file system backup is performed to Primary Copy of the Storage Policy of all defined files. The data is indexed and linked back to the original production host. 3. When the backup copy job is finished, the snapshot is unmounted and retained based upon SnapCopy retention settings. ** Note With Vault and Mirror operations it is possible to execute backup operations off of the Vault or Mirror copy. You must define the SnapCopy for Backup Copy execution on the Storage Policy properties. A new Subclient Option noted as Separate Proxy for Snap to Tape will allow servers local to the secondary and tertiary copies to mount the desired snapshots and drive the data protection operations to disk or tape.
Page 25
Page 26
1. Next select the NAS iDA server name just added and right click and select properties. Navigate to the Advanced Tab and select the Enable SnapProtect checkbox.
2. Create a new subclient (or simply use the default one) and select the Volumes that will leverage snapshots for protection. It is recommended to select the NFS and CIFS shares at the VOLUME level as NetApp snapshots will occur at the volume level. For best multi-threaded performance create multiple subclients for separate volumes to drive higher parallelism for backup copy creation.
3. After setting the contents, navigate to the SnapProtect Operations Tab and enable SnapProtect for this Subclient by selecting the SnapProtect checkbox. Choose NetApp as the available snap engine, and then set the appropriate Storage Policy under the Storage Device Tab. When completed, choose OK to save the configuration.
Page 27
4. The defined NFS/CIFS shares will now execute snapshots for their protection when backup jobs are selected. Backup copies will enact NDMP Backups from the defined snapshots based off the snapshot job selection in the Storage Policy. Incremental snapshots will leverage SnapDiff APIs to execute fast incremental indexes of the snapshot copies. Note** - Selecting Restore ACLS or Use Direct Access Restore is not applicable when restoring data from a snapshot. Note** - Cross-platform restores of NetApp data to Windows/Unix hosts using File System NDMP Restore Enabler is not supported with SnapProtect enabled operations.
Page 28
Application Configurations Protecting Application Databases and log volumes through an array snapshot provides fast access for recovery and many flexible options for data protection. SnapProtect integrates key application awareness together with the array and our Platform to deliver all of the benefits of traditional streaming backups with all of the performance and Proxy capabilities of a snapshot. The application awareness allows true log consistent hot backups with appropriate log management operations based off the contents of the data in the snapshot. SnapProtect aligns all of the log and data base volumes and snapshots using them in concert to provide fast low impact recovery points through the Array without scripts. Before stepping through any configuration steps, deploy the proper agents on the Production Host requiring snapshot integration with the Array. Application environments require: File System iDA (for the appropriate Operating System) The Base agent that manages and protects the file system data from the Production Host. File System contents are supported for SnapProtect operations as well, but it is recommended to define application data sets with the application iDA.
**Note - If no supported Application iDAs are available, end-user written Pre and Post Snap scripts can be used to acquiesce the unsupported application successfully for SnapProtect integration. MediaAgent Provides media management capabilities to execute array functions and provide LAN free access to snapshots for recovery CommVault VSS Provider Provide VSS interaction with the array and the Simpana Platform to ensure Microsoft applications are properly quiesced and protected during the snapshot process Application iDA for selected applications Provides low level application integration for Oracle, SQL, Exchange, VMware, Hyper-V, DB2, SAP, etc. ensuring the appropriate APIs are called when quiescing and releasing the application during the snapshot operations. This iDA will also align the volumes to be snapped based off the logical databases or contents defined in the subclient including logs. If five databases all have separate LUNS and log volumes, the application agent will defined the contents appropriately for all ten volumes to be snapshotted together.
Page 29
The following steps will configure the implemented Application Environment for SnapProtect operations: 1. First, enable SnapProtect on the Application Server acting as the Production Host in the CommCell GUI. Right Click on the server name, select All Tasks, and then select Properties. 2. Navigate to the Advanced Tab and check the box marked Enable SnapProtect. This will consume a SnapProtect license from the license key.
3. Browse to the Production Host Application iDA (in this case we are using Exchange Database iDA) and select the desired subclient to enable SnapProtect Operations.
Page 30
4. Browse to the SnapProtect Operations tab; check the SnapProtect box. Select NetApp as the Available Snap Engine.
5. To define Proxy configurations on the SnapProtect Operations tab click on the drop down box next to Use Proxy. This provides available servers to use as the Proxy during the index and backup copy operations. The selected server mounts the Array snapshot when a backup copy operation executes. If the Use source if proxy is unreachable is selected the snapshot will default to the Product Host if the defined proxy server is unreachable for any reason.
6. Ensure the Storage Device tab has a Storage Policy with a Snap Copy defined and click OK to close the Subclient properties.
Page 31
7. To execute a Snap Operation for the Application agent, simply schedule or generate a backup request of the previously configured subclient.
**Note - For Exchange Database SnapProtect operations, an ESE consistency check run on the snapshot copy to validate the consistency of the database files. This is enabled by default and can be found and modified under the advanced job options on the scheduled backup operation. It is highly recommended to leave this enabled to provide integrity checks to Exchange messaging environments.
Page 32
For VMware Configurations SnapProtect enables fast protection of large or volatile VMware environments without placing load on the production Virtualization Farm. SnapProtect technology integration with the Virtual Server Agent (VSA) enables the Array to perform backups in minutes even with large numbers of virtual machines and sizable data stores. A dedicated ESX server for Proxy data movement completely removes any utilization on the ESX farm with granular access providing individual file and folder recovery from the secondary tier of storage. Prior to configuring the virtualization environment, deploy the proper agents requiring snapshot integration with the Array. VMware specifically requires more security rights beyond the typical VADP use case. See the Appendix for security details in creating proper security environment for SnapProtect. Virtualization environments require the following agents: Virtual Server Agent (VSA) on the physical server(s) or virtual hot-add guest(s) File System iDA on the physical server(s) or virtual hot-add guest(s) MediaAgent on the physical server(s) or virtual hot-add guest(s)
The following steps will configure the implemented Virtualization Environment for SnapProtect operations: 1. First, enable SnapProtect on the physical or virtual server with the VSA Agent by selecting the server in the CommCell GUI. Right Click on the server name, select All Tasks, and then select Properties. 2. Navigate to the Advanced Tab and check the box marked Enable SnapProtect. This will consume a SnapProtect license from the license key.
3. Browse to the VSA iDA and select the desired backup set and then access the properties on the desired subclient to enable SnapProtect Operations. Configuring SnapProtect on NetApp Storage Page 33
4. Browse to the SnapProtect Operations tab, check the SnapProtect box. Select NetApp as the Available Snap Engine.
5. To define Proxy configurations on the SnapProtect Operations tab, below the Proxy ESX Server, click on Select ESX server for snap mount. This opens a dialogue box with the available ESX servers in the environment. Select the desired ESX server to perform the Proxy operations for generating granular backups to disk/tape/cloud. The selected ESX server mounts the Array snapshot when a backup copy operation executes.
6. Ensure the Storage Device tab has a Storage Policy with a Snap Copy defined and click OK to close the Subclient properties. 7. To execute a Snap Operation for the VSA agent, simply schedule or generate a backup request of the previously configured subclient.
Page 34
Microsoft HyperV Configurations SnapProtect enables fast protection of large or volatile HyperV environments placing minimal load on the production Virtualization Farm. SnapProtect technology integration with the Virtual Server Agent (VSA) enables the Array to perform backups in minutes even with large numbers of virtual machines and sizable data stores. Granular access provides individual file and folder recovery from the secondary tier of storage along with the full guest .vhd files. Prior to configuring the virtualization environment, deploy the proper agents requiring snapshot integration with the Array. Microsoft HyperV is very similar to an application environment for the components necessary to execute SnapProtect operations. Microsoft HyperV virtualization environments require the following agents: Virtual Server Agent (VSA) on the Microsoft HyperV physical server(s) or virtual cluster server(s) File System iDA on the Microsoft HyperV physical server(s) or virtual cluster server(s) MediaAgent on the Microsoft HyperV physical server(s) or virtual cluster server(s) CommVault VSS Provider on the Microsoft HyperV physical server(s)
The following steps will configure the implemented Virtualization Environment for SnapProtect operations: 1. First, enable SnapProtect on the physical or virtual server with the VSA Agent by selecting the server in the CommCell GUI. Right Click on the server name, select All Tasks, and the n select Properties. 2. Navigate to the Advanced Tab and check the box marked Enable SnapProtect. This will consume a SnapProtect license from the license key.
3. Browse to the VSA iDA and select the desired backup set and then access the properties on the desired subclient to enable SnapProtect Operations.
Page 35
4. Browse to the SnapProtect Operations tab; check the SnapProtect box. Select NetApp as the Available Snap Engine. To define Proxy configurations on the SnapProtect Operations tab click on the drop down box next to Use Proxy. This provides available servers to use as the Proxy during the index and backup copy operations. The selected server mounts the Array snapshot when a backup copy operation executes.
Note** - Always select a proxy if this client is a node of a Hyper-V Live Migration Cluster 5. Ensure the Storage Device tab has Storage Policy with a Snap Copy defined and click OK to close the Subclient properties. 6. To execute a Snap Operation for the VSA agent, simply schedule or generate a backup request of the previously configured subclient.
Page 36
Proxy Configuration
SnapProtect provides a modernized architecture for handling data protection operations within the datacenter. Proxy capabilities enable an array based snapshot to mount off-host eliminating backup processes on the production servers and linking indexing information to the original location. Allowing for multiple snapshots from differing servers across high-speed FC and IP networks eliminates any compression, deduplication, and encryption load and centralizes this execution to a dedicated tier of services. Each OS with a SnapProtect client requires a similar OS for proxy (i.e. Windows to Windows, Linux to Linux, etc.) execution. Simpana will automatically link indexing information back to the original host enabling full application protection for recovery purposes. Execution of application integrity checks may also occur on the Proxy servers to validate the data prior to backup creation. For a configuration where snapshots mount off host to a Proxy server, implement the following agents on the Proxy server.
File System iDA (Must be similar to Production Host OS) MediaAgent Application Specific Binaries for Proxy (i.e. Exchange Management Pack, Oracle & RMAN, etc.)
For Exchange Any Proxy configuration interacting with Exchange Databases provides the capability to execute an ESE Integrity check against the Exchange Database. In order to enable the Proxy to validate the Microsoft Exchange database files, install the proper version of the Microsoft Exchange Management Tools from the Exchange installation media on to the Proxy.
Page 37
Upon implementation of the management tools, verify the implementation of the necessary MediaAgent and File System as well. This enables the Proxy for selection as the Proxy Host in the application subclient contents. When scheduling the Microsoft Exchange SnapProtect backup operation, click the advanced button. This will bring you to the General Options to enable the integrity check for the Exchange Backup job upon Snapshot Index completion.
For Oracle SnapProtect supports Unix and Linux based ASM (Automatic Storage Management) and RMAN backups with Array based snapshots. With this support SnapProtect enables RMAN based movement to disk/tape allowing Recovery Manager (RMAN) for the movement to media operation. This however, requires the installation and configuration of the Oracle binaries and the configuration of an Oracle instance on the Proxy server. In order to perform a proxy based SnapProtect backup or restore operation; configure the following on the proxy computer: The Oracle database instance on the proxy machine should be the same version as the source. For example if Oracle 10.2.0.4 is installed on source then the proxy should be 10.2.0.4 ASM instances require configuration for both ASM and the RDBMS instances on the Proxy. The catalog user and the catalog database must be the accessible by the source and the proxy Oracle instances. Best Practice is to mount the snapshots on the same mount point as the source. Best Practice is to ensure that the data and log mount points do not overlap. Page 38
Before executing any ASM based Snapshot or Movement to media jobs, run the following commands: o cd $ORACLE_HOME/rdbms/lib o gmake -f ins_rdbms.mk ikfed; ensure that kfed is specified in the path.
After putting the above configurations and considerations in place, the configured server may enable RMAN for tape movement and properly manage ASM databases in a proxy configuration.
Note** - Table Level restores of SnapProtect data is now supported. Note** - It is highly recommended to work with Professional Services to ensure successful implementation of SnapProtect with Oracle databases, especially in Proxy Configurations
Page 39
Page 40
In this example the LUNs are being exposed via iSCSI 3. Choose Option 2 Send SCSI inquiry to the storage device
For Windows Servers enter a drive letter or mount path for the mount point. In a Unix/Linux environment, enter only a mount path location.
Page 41
The iSCSI LUN presentation from the NetApp FAS shows in the inquiry string output. This validates we have an array based volume to execute snapshot operations from. 4. Choose option 3 Snapshot management
Page 42
Select the appropriate Snap Engine 5. Exercise the selected Snapshot Engine by choosing C
Page 43
6. Enter the Mount Point for the volume(s) on the NetApp FAS
Page 44
7. Execute array options for Mounting, Dismounting, etc as necessary. Successful creation and deletion of snapshots will verify the configuration is likely correct. Enter D to delete
Page 45
Note that snap identifiers will require that the - be included as shown here.
8. Once deleted, the snapshots will no longer exist in the array. Choose option E to exit from the Snap Engine Operation menu.
Page 46
Each of these roles own specific responsibilities to managing and protection the enterprise. Backup Admins are the typical day to day operators with access to perform standard backup and recoveries, manage media, issue reports, etc. However, the Backup Admin Role may not be the right team to execute application level recoveries or have the capabilities to issue array based reverts for recoveries due to knowledge and awareness of the application architecture. The Application Owner Role is not so concerned about the general day to day backup environment, but is laser focused on the application space they own. They need to know what tools are available to them and who has the capabilities to execute on those toolsets at any time as they manage the applications running the business. Any recovery operations involving their applications, especially powerful techniques such as Array reverts and snapshots must be managed from their group to mitigate any risk to the business. The Audit Role simply needs to eliminate red flag events and provide security, operational, and process proof of who can perform what and how.
Page 47
For this three specific roles should be defined solely for the SnapProtect and Application iDAs within the CommCell. An example of this basic security structure as defined in Simpana Security Roles is below: Audit Team
X X X X X X X X X X X X X X X X X X
Backup
Security Roles
Administrative Management Agent Management Agent Scheduling Alert Management Browse Browse and In-Place Recover Browse and Out of Place Recover Compliance Search Data Protection Data Protection Management End User Search Job Management Library Management Library Administration License Management MediaAgent Management Report Management Storage Policy Management User Management Vault Tracker Operations
Application
X X X X X X X X X X X
(Separate groups may provide this grouping of users more right for other objects in the CommCell. This solely highlights the ability to lock down capabilities for the applications to ensure that an entire volume is not inadvertently reverted with SnapProtect integration.)
Page 48
Storage Policies Managing proper retention on the snapshot copies becomes another critical requirement. Improper retention either increases the amount of tier 1 storage that is holding recovery points, or it causes the snapshots to fall short of fully meeting SLA requirements for the business. Simpanas Storage Policies are broken down into copies for managing retention on the proper tier of storage. In the typical Storage Policy for SnapProtect, three copies will be available, the Primary SnapCopy, the Primary backup to disk copy, and the Offsite disk/tape copy. Properly meeting SLA requirements for the business requires proper alignment for the retention characteristics of each of the storage tiers. For example, SLAs for Sub 24hr RPO/RTO drastically lower the returns on leveraging snapshot technology on copies beyond 48hrs. The typical Best Practice for Storage Policy configuration will change from environment to environment, with the standard retention aligning to the primary recovery time for the SnapCopy with the primary backup to disk and tape copies providing SLA coverage for complete Site based disasters. For Example, with the previous description retention may be set in the following way: Primary SnapCopy 2days & 0 Cycles Primary Disk Copy 28days & 1 Cycle Offsite Disk/Tape Copy 60days & 1 Cycle
This definition allows snapshot retention on a 48hr rotation providing multiple high-speed recovery points available on the array to meet the SLA requirement. This configuration requires storage space allocation to maintain two persistent days of change for the associated clients. By setting cycles to 0, the removal of old snapshots occurs regardless of success, so proper alerting and monitoring is required. The other recommended option for SnapCopy retention sets the days variable to 0 and focuses solely on the Number of cycles. In this configuration full backups must occur frequently to allow for proper snap management. With this setup, the # of snapshots retained will be determined on the number of cycles configured. The scheduled frequency becomes very important to defining the environment conditions. If 8 snapshots execute over a week timeframe, then 7 days of delta change must be available in the Array configuration. If 8 Snapshots execute in a 48 hour period, only 48hrs of delta change must be available in the Array configuration. Fully understanding the schedule and process configurations enable making the proper retention setting when keying off of cycles. Improperly setting retention and effects of days and cycles can adversely affect the available recovery scenarios for the business applications. This definition will then enable the Primary and Secondary backup to disk and tape copies. Backup Copies should follow that standard backup schedule for the production (i.e. daily backups should equate into at least one SnapCopy Point in time to drive local and offsite backups). Remember, backup copies will execute synchronously, and the failure to backup SnapCopys to disk/tape will extend the storage requirement on the Array, as the snapshots will not prune until the selected recovery points execute in a Backup Copy to disk/tape copies. Application data will always be consistent on this data movement. Backup Copy operations will always use File System mechanisms to protect the properly acquiesced applications except in the instance of RMAN Proxys in an Oracle configuration. The rest of the data aging follows the standard days and cycles rules for purging off data sets.
Page 49
Note** - Snapshots may be deleted from the array due to factors like low disk space on the array, number of snapshots exceeds the threshold etc. and the jobs corresponding to these deleted snapshots can no longer be used for any data recovery or backup copy operations. Use the nRunSnapRecon registry key to start snap reconciliation to check for missing snapshots once in every 24 hours and marks jobs corresponding to the missing snapshots as invalid. See Appendix for detailed information.
Page 50
Manipulating Snapshots
Part of the value of creating and leveraging snapshot is the flexible options it provides IT in achieve typical tasks by leaning on the high speed storage infrastructure to efficient results. Out of place refresh, single file recoveries, mount and browse capabilities, etc. provide flexibility in executing daily IT operations. The following sections describe how to perform these operations for hosts protected with SnapProtect. 1. Snapshot access is always achieved via right clicking on your defined object and selecting the All Tasks options and selecting List Snaps
2. The snapshot list for the client application is displayed when the List Snaps item is selected. From the dialog several snapshot operations are available.
Page 51
2. The following dialog appears. Click Yes to continue. On NetApp arrays the mount time rarely will exceed 30 45 seconds.
3. Define the host you wish to mount the snapshot to (this must be a MediaAgent). Ensure the host has the appropriate Storage Zoning to mount this snapshot. If this is an iSCSI volume log in the initiator for this host if not already done, otherwise the mount will fail. For Destination Path, select a mount point. This must be a folder, and is recommended to be an empty folder.
4. Once the snapshot is mounted the following dialog will appear. Click OK.
Page 52
5. The Snapshot list updates with the current information on the snap which will include the mount path and the updated time of the mount operation.
6. The mounted snapshot can now be accessed from the mount host.
Page 53
7. Dismount of the snapshot is a simple process. Select the mounted snapshot and use the right click menu to select the Unmount option.
Note** - It is important to remember to dismount the snapshot once finished. If a snapshot has been manually mounted it will not be pruned until it no longer is being accessed. Mounted snaps that have not been copied for backup copy will fail on the backup copy operation until they are unmounted.
Page 54
Reverting a Snapshot
There are two ways to revert a snapshot. One is application aware and one is not. Generally the application aware revert is the mechanism to use. Application Aware Revert 1. An application aware revert is done in the context of a standard recovery. This starts with browsing for the application data to be restored. Click the Browse Backup Data menu item.
2. The backup selection dialogue appears to select the time frame from which the restore will take place. Here the latest backup will be used. Click OK.
Page 55
3. The browse window will appear from which the appropriate application data can be selected for restore. The entire information store for Exchange is selected. Click the Recover All Selected button.
Page 56
5. In the Advanced Dialog check the Use hardware revert option and click OK to the warning dialog to proceed with the revert operation.
This will execute a LUN revert from the Latest Snapshot back to the production Server (in this case we showed Exchange). Note** - Some Applications require an overwrite option for any restore to occur including LUN based Reverts. Ensure Applications such as Exchange and others have the appropriate overwrite settings defined for this to execute properly. ALL FILES and DATABASES will be rolled back to the point in time of the last snapshot. DO NOT REVERT IF NOT ALL DATA REQUIRES TO BE ROLLED BACK TO THE PREVIOUS POINT IN TIME!
Page 57
Non Application Aware Revert A hardware revert can be done which is not application aware as well. This is done directly from the snapshot list. This process initiates a rollback for the selected volumes instantly to the desired point in time without communicating with applications for graceful restore. This option may be leveraged for file systems and shut down application environments. 1. The process begins by selecting the List Snaps menu item to bring up the list of snapshots dialog.
2. When the dialog appears, select the desired snap and use the right click menu to select the Use hardware revert option to revert the snap. The following confirmation dialog will appear.
3. Validate this operation is correct and type Confirm in the dialog box and click OK to perform the operation. Configuring SnapProtect on NetApp Storage Page 58
Note** - Caution should be taken when using the non-application aware revert functionality as you can corrupt a running application as a result of this operation. You should be absolutely sure that you will not cause any data corruption issues before using this option.
Page 59
Page 60
2. Depending on the application different options are available for out of place restore. In this example the graphics show a VSA agent used to backup VMs which live in a data store which is an NFS share being presented by the NetApp FAS. The selected VM will be restored to a different data store with a new name. Browse into the subclient contents and select the data to be recovered out of place. In this case the selection is a Virtual Machine.
3. When the Recover All Selected button is clicked the following dialog appears to direct the restore activity. Note the VM Name. The ability to automatically enable the VM can be done through the Power ON Virtual Machine After Restore box.
Page 61
4. The Browse Virtual Center / ESX Server for Destination provides out of place selections. Here DataStore_3 is the location for the VM recovery. Select OK, and then OK again on the Restore Options windows to execute the recovery, out of place.
Page 62
Page 63
Appendix
The SnapMirror Process Explained
Make sure destination filer has SnapMirror access to the source filer. The SnapMirror filer's name or IP address should be in /etc/snapmirror.allow. Use wrfile to add entries to /etc/snapmirror.allow:
source-filer> wrfile /etc/snapmirror.allow destination-filer <Ctrl+C> source-filer> rdfile /etc/snapmirror.allow destination-filer
Alternatively, you can also go into each of the hosts in DFM and configure the FAS for the proper security rights for source and destination. This is done by selecting the Hosts section and editing the During the First Auxiliary Copy Job (to get the full detailed Snap Management plan for SnapMirror/SnapVault to run) it runs will always give you a Conformation check:
Page 64
During every SnapMirror Auxiliary Copy, SnapMirror will create a BackupVersion basically a new Snapshot of the entire volume requiring replication:
Once a new Snapshot for SnapMirror is available the Snapshot is listed under the volume on the Primary Filer:
Page 65
On the destination filer site, we notice the same Snapshot has been sent. In addition, if there were any previous SnapMirror on-demand jobs run, only the very last one will stay on the target box:
NetApp calls this a Swizzling Process. That is, the primary FAS takes delta set between the original snapshot used from the previous SnapMirror job and the new snapshot created for the current SnapMirror job. Only the details of the snapshot and the deltas are sent to the destination FAS, and will refer to the previous snapshot (that used to be the target SnapMirror session) and will de-swizzle the volume to match what is in the primary FASs side. The previous snapshot does not get deleted as the entire de-swizzling process is a background job.
Page 66
SnapMirror and DataAging Explained Once a job has been Data-Aged or even deleted manually, the job will no longer appear in the SnapMirror target as well (SnapVault is not affected here): Pre-deleted:
Page 67
Page 68
Secondary FAS:
The DataAging process will not remove this either. Only the next AuxCopy will this is after a new job has run (AuxCopy complains there is no new data to move): Primary FAS shows a new snapshot used for SnapMirror:
Page 69
Secondary FAS now shows the new snapshot here, but the de-swizzle process has not removed the volume snapshot pertained to Job 18.
Now the Job has been deleted from within Simpana. This wont affect the SnapMirror relationship until the next job is run and another Auxiliary Copy has been run, the latest SnapMirror Snapshot that was synchronized to the Secondary FAS will be the one responsible for deleting the snapshot on the destination FAS box.
Page 70
Host Configuration
Storage partition configuration
Page 71
SnapProtect Backup
Page 72
NetApp1> useradmin user add snapprotectuser -c SnapProtect Management Account" -n S Admin" g snapprotectgroup The same user can be used for NDMP credentials by using the encrypted password NetApp1> ndmpd password snapprotectsuser
Page 73