Configuring EMC DD Boost with Veeam Availability Suite

This article provides a tour of the configuration steps required to integrate EMC Data Domain System with Veeam Availability Suite 9 as well as provides benefits of using EMC DD Boost for backup application.

Data Domain Boost (DD Boost) software provides advanced integration with backup and enterprise applications for increased performance and ease of use. DD Boost distributes parts of the deduplication process to the backup server or application clients, enabling client-side deduplication for faster, more efficient backup and recovery. All Data Domain systems can be configured as storage destinations for leading backup and archiving applications using NFS, CIFS, Boost, or VTL protocols.

The following applications work with a Data Domain system using the DD Boost interface: EMC Avamar, EMC NetWorker, Oracle RMAN, Quest vRanger, Symantec Veritas NetBackup (NBU), Veeam and Backup Exec. In this example, we will be using Veeam Availability Suite version 9.

Data Domain Systems for Service Provider

Data Domain Secure Multitenancy (SMT) is the simultaneous hosting by a service provider for more than one consumer (Tenant) or workload (Applications, Exchange, Standard VMs, Structured Data, Unstructured Data, Citrix VMs).

SMT provides the ability to securely isolate many users and workloads in a shared infrastructure, so that the activities of one Tenant are not apparent or visible to the other Tenants. A Tenant is a consumer (business unit, department, or customer) who maintains a persistent presence in a hosted environment.

Basic Configuration requirements are:

  • Enable SMT in the DD System
  • Role Based Access Control in DD Systems
  • Tenant Self-Service in the DD Systems
  • A Tenant is created on the DD Management Center and/or DD system.
  • A Tenant Unit is created on a DD system for the Tenant.
  • One or more MTrees are created to meet the storage requirements for the Tenant’s various types of backups.
  • The newly created MTrees are added to the Tenant Unit.
  • Backup applications are configured to send each backup to its configured Tenant Unit MTree.

Prerequisites:

  1. Backup Server

Physical Server- Fibre Channel or iSCSI

OR

Virtual Server- Fibre Channel with N-Port Virtualization or NPIV or Pass-through Storage or iSCSI

  1. Backup Software

Backup Application, DD Boost Library, DD Boost-over-FC Transport

  1. Storage Area Network

Fibre Channel or iSCSI

  1. Data Domain System

DD Boost Service

DD Boost-over-FC Server

SCSI Commands over FC

SCSI Processor Devices

  1. Virtual Infrastructure

Hyper-v Server cluster & System Center Virtual Machine Manager OR

VMware vCenter with vSphere Hosts

Designing DD Boost for resiliency & availability

The Data Domain System broadcast itself to the backup server using one or more path physically or virtually connected. The design of entire systems depend on the Data Domain sizing on how you connect Data Domain with backup server(s), how many backup jobs will be running, size of backup, de-duplication, data retention and frequency of data restore. A typical backup solution should include the following environment.

  • Backup server with 2 initiator HBA ports (A and B)
  • Data Domain System has 2 FC target endpoints (C and D)
  • Fibre Channel Fabric zoning is configured such that both initiator HBA ports can access both FC target endpoints
  • Data Domain system is configured with a SCSI target access group containing:
  • Both FC target endpoints on the Data Domain System
  • Dual Fabric for fail over and availability
  • Multiple physical and logical Ethernet for availability and fail over

Examples of Sizing

To calculate the maximum simultaneous connection to Data Domain Fibre Channel System (DFC) from all Backup servers. DFC device (D) is the number of devices to be advertised to the initiator of the backup server(s). Lets say we have 1 backup server, single data domain systems, the backup server is running 100 backup jobs.

DFC Device Count D= (minimum 2 X S)/128

J=1 Backup Server x 100 Backup Jobs=100

C= 1 (Single DD System)

S=JXC (100X1)=100

D=2*100/128 = 1.56 rounded up 2

Therefore, all DFC groups on the Data Domain system must be configured with 2 devices.

Step1: Preparing DD System

Step2: Managing system licenses

  1. Select Administration > Licenses> Click Add Licenses.
  2. On the License Window, type or paste the license keys. Type each key on its own line or separate each key by a space or comma (DD System Manager automatically places each key on a new line)
  3. Click Add. The added licenses display in the Added license list.

OR

  1. In System Manager, select Protocols > DD Boost > Settings. If the Status indicates that DD Boost is not licensed, click Add
  2. License and enter a valid license in the Add License Key dialog box.

Step3: Setting up CIFS Protocol

  1. On the DD System Manager Navigation>click Protocols > CIFS.
  2. In the CIFS Status area, click Enable.

Step4: Remove Anonymous Log on

  1. Select Protocols > CIFS > Configuration.
  2. In the Options area, click Configure Options.
  3. To restrict anonymous connections, click the checkbox of the Enable option in the

Step4: Restrict Anonymous Connections area.

  1. In the Log Level area, click the drop-down list to select the level number 1.
  2. In the Server Signing area, select Enabled to enable server signing

Step5: Specifying DD Boost user names

The following user will be used to connect to DD boost from backup software.

  1. Select Protocols > DD Boost.
  2. Select Add, above the Users with DD Boost Access list.
  3. On the Add User dialog appears. To select an existing user, select the user name in the drop-down list. EMC recommends that you select a user name with management role privileges set to none.
  4. To create and select a new user, select Create a new Local User and Enter the password twice in the appropriate fields. Click Add.

Step6: Enabling DD Boost

  1. Select Protocols > DD Boost > Settings.
  2. Click Enable in the DD Boost Status area.
  3. Select an existing user name from the menu then complete the wizard.

Step7: Creating a storage unit

  1. Select Protocols > DD Boost > Storage Units.
  2. Click Create. The Create Storage Unit dialog box is displayed.
  3. Enter the storage unit name in the Name box e.g. DailyRepository1
  4. Select an existing username that will have access to this storage unit. EMC recommends that you select a username with management role privileges set to none. The user must be configured in the backup application to connect to the Data Domain system.
  5. To set storage space restrictions to prevent a storage unit from consuming excess space: enter either a soft or hard limit quota setting, or both a hard and soft limit.
  6. Click Create.
  7. Repeat the above steps for MonthlyRepository1 each Data Domain Boost-enabled system.

Step8: Encrypting Communication between Backup Server and Data Domain (Optional)

Generate an advanced certificate from Active Directory Certificate services and install into the Data Domain DD Boost. You must install the same certificate into the backup servers so that both data domain and data domain client which is backup server can talk to each via encrypted certificate.

  1. Start DD System Manager on the system to which you want to add a host certificate.
  2. Select Protocols > DD Boost > More Tasks > Manage Certificates….
  3. In the Host Certificate area, click Add.
  4. To add a host certificate enclosed in a .p12 file, Select I want to upload the certificate as a .p12 file. Type the password in the Password box.
  5. Click Browse and select the host certificate file to upload to the system.
  6. Click Add.
  7. To add a host certificate enclosed in a .pem file, Select I want to upload the public key as .pem file and use a generated private key. And Click Browse and select the host certificate file to upload to the system.
  8. Click Add.

DD Boost client access and encryption

  1. Select Protocols > DD Boost > Settings.
  2. In the Allowed Clients section, click Create. The Add Allowed Client dialog appears.
  3. Enter the hostname of the client. This can be a fully-qualified domain name (e.g. Backupserver1.domain.com) or a hostname with a wildcard (e.g. *.domain.com).
  4. Select the Encryption Strength. The options are None (no encryption), Medium (AES128-SHA1), or High (AES256-SHA1).
  5. Select the Authentication Mode. The options are One Way, Two Way.
  6. Click OK.

Step9:Configuring DD Boost over Fibre Channel

  1. Select Protocols > DD Boost > Fibre Channel.
  2. Click Enable to enable Fibre Channel transport.
  3. To change the DD Boost Fibre Channel server name from the default (hostname), click Edit, enter a new server name, and click OK.
  1. Select Protocols > DD Boost > Storage Units to create a storage unit (if not already

created by the application).

  1. Install the DD Boost API/plug-in (if necessary, based on the application).

Step10: Configuring storage for DD Extended Retention (Optional)

Before you proceed with Extended Retention you must add required license on the DD System.

  1. Select Hardware > Storage tab.
  2. In the Overview tab, select Configure Storage. In the Configure Storage tab, select the storage to be added from the Available Storage list.
  3. Select the appropriate Tier Configuration (or Active or Retention) from the menu.
  4. Select the checkbox for the Shelf to be added.
  5. Click the Add to Tier button. Click OK to add the storage.

Step11: Configure a Veeam backup repository

  1. To create an EMC Data Domain Boost-enabled backup repository, navigate to the Backup Infrastructure section of the user interface, then select Backup Repositories and right-click to select Add Backup Repository.

DDBoost

  1. The next step is to select the repository type, De-duplicating storage appliance. Type the Name of the DD Systems, Choose Fibre Channel or Ethernet Option, add credentials to connect to DD System and Gateway to connect to DD System. To be able to connect Veeam Backup server to the DD System using Fibre Channel you must add DD System & Veeam Backup server in the same SAN zone. You also need to enable FC on the DD System. To be able to connect Veeam Backup Server using Ethernet Veeam backup Server and DD System must be in same VLAN or for multi-VLAN you must enable unrestricted communication between VLANs.
  2. On the next screen, select the Storage Unit of the DD System to be used by the Veeam Server as repository, leave concurrent connection as default
  3. On the Next screen, enable vPower NFS, complete the wizard

Step12: Configure Veeam Backup Job & Backup Copy Job

The critical decision on backup jobs will be whether to do an active full backup or leverage synthetic full backups. Veeam Backup Job Creation GuideVeeam Backup Copy Job Creation Guide

Here is short business case of backup type.

Veeam Backup Options:

  1. Active Full- Financial or health sector prefer to keep a monthly full backup of data and retain certain period of time for corporate compliance and satisfying external auditor’s  requirement to keep data off-site for a period of time.
  2. Synthetic Full- A standard practice to keep synthetic full at all time to reduce storage cost and recovery time objective for any organization.

Sythetic

  • For most environments, Veeam recommends to do synthetic full backups when leveraging EMC Data Domain Boost. This will save stress on primary storage for the vSphere and Hyper-V VMs and the Boost-enabled synthesizing is very fast.
  • For a Backup Copy job using GFS retention (Monthly, Weekly, Quarterly and/or Annual restore points), the gateway server must be closest to the Data Domain server, since the Backup Copy job frequently involves an offsite transfer. When the Data Domain server is designated in the repository setup, ensure that consideration is given to the gateway server if it is being used off site.
  • Backup job timed out value must be higher than 30 minutes to be able to retry the job if it is to fail for any reason

DD System Option:

  • A virtual synthetic full backup is the combination of the last full (synthetic or full) backup and all subsequent incremental backups. Virtual synthetics are enabled by default.
  • The synthetic full backups are faster when Data Domain Boost is enabled for a repository
  • DD Boost reduces backup transformation time by less than 80% of total time if DD Boost was not used.
  • The first job has the bulk of the blocks of the vSphere or Hyper-V VM on the DD Boost Storage Unit, it will only need to transfer metadata and any possible changed blocks. This can be a significant improvement on the active full backup process when there is a fast source storage resource in place.
  • With DD Boost, multi-link provides fail over & resiliency. DD Boost also provides parallel processing of concurrent jobs to DD Boost Storage unit.
  1. To display the DD Boost option settings, select Protocols > DD Boost > Settings >Advanced Options.
  2. To change the settings, select More Tasks > Set Options. Select or deselect any option to be enabled.
  3. Click OK.

Veeam integrate with EMC and NetApp Storage Snapshots!

Taking a VMware snapshots and Hyper-v checkpoint can produce a serious workload on VM performance, and it can take considerable effort by sys admin to overcome this technical challenge and meet the required service level agreement. Most Veeam user will run their backup and replication after hours considering impact to the production environment, but this can’t be your only backup solution. What if storage itself goes down, or gets corrupted? Even with storage-based replication, you need to take your data out of the single fault domain. This is why many customers prefer to additionally make true backups stored on different storage. Never to store production and backup on to a same storage.

Veeam1

Source: Veeam

Now you can take advantage of storage snapshot. Veeam decided to work with storage vendor such as EMC and NetApp to integrate production storage, leveraging storage snapshot functionality to reduce the impact on the environment from snapshot/checkpoint removal during backup and replication.

Supported Storage

  • EMC VNX/VNXe
  • NetApp FAS
  • NetApp FlexArray (V-Series)
  • NetApp Data ONTAP Edge VSA
  • HP 3PAR StoreServ
  • HP StoreVirtual
  • HP StoreVirtual VSA
  • IBM N series

Unsupported Storage

  • Dell Compellent

NOTE: My own experience with HP StoreVirtual and HP 3PAR are awful. I had to remove HP StoreVirtual from production store and introduce other fibre channel to cope with workload. Even though Veeam tested snapshot mechanism with HP, I would recommend avoid HP StoreVirtual if you have high IO workload.

Benefits

Veeam suggest that you can get lower RPOs and lower RTOs with Backup from Storage Snapshots and Veeam Explorer for Storage Snapshots.

Veeam and EMC together allow you to:

  • Minimize impact on production VMs
  • Rapidly create backups from EMC VNX or VNXe storage snapshots up to 20 times faster than the competition
  • Easily recover individual items in two minutes or less, without staging or intermediate steps

As a result of integrating Veeam with EMC, you can backup 20 times faster and restore faster using Veeam Explorer. Hence users can achieve much lower RPOs (recovery point objectives) and lower RTOs (recovery time objectives) with minimal impact on production VMs.

How it works

Veeam Backup & Replication works with EMC and NetApp storage, along with VMware to create backups and replicas from storage snapshots in the following way.

Veeam2

Source: Veeam

The backup and replication job:

  1. Analyzes which VMs in the job have disks on supported storage.
  2. Triggers a vSphere snapshot for all VMs located on the same storage volume. (As a part of a vSphere snapshot, Veeam’s application-aware processing of each VM is performed normally.)
  3. Triggers a snapshot of said storage volume once all VM snapshots have been created.
  4. Retrieves the CBT information for VM snapshots created on step 2.
  5. Immediately triggers the removal of the vSphere snapshots on the production VMs.
  6. Mounts the storage snapshot to one of the backup proxies connected into the storage fabric.
  7. Reads new and changed virtual disk data blocks directly from the storage snapshot and transports them to the backup repository or replica VM.
  8. Triggers the removal storage snapshot once all VMs have been backed up.

VMs run off snapshots for the shortest possible time (Subject to storage array- EMC works better), while jobs obtain data from VM snapshot files preserved in the storage snapshot. As the result, VM snapshots do not get a chance to grow large and can be committed very quickly without overloading production storage with extended merge procedure, as is the case with classic techniques for backing up from VM snapshots.

Integration with EMC storage will bring great benefit to customers who wants to take advantage of their storage array. Veeam Availability Suite v9 will provide the chance to reduce IO on to your storage array and bring your SLA under control.

References:

Backup from storage snapshots

Integration with emc storage snapshot

Veeam integrates with emc snapshots

New Veeam availability suite version 9