EMC NETWORKER DELEGATION MODEL FOR ROBO ENVIRONMENT
Puneet Goyal Technical Specialist HCL Comnet Table of Contents Introduction ...... 4
Goal and Objective ...... 6
Audience ...... 6
What is Delegation Model? ...... 6
The Concept ...... 7
Understanding the customer’s backup environment and architecture ...... 9
Collecting features which can be used in the solution ...... 10
Authentication-related feature ...... 10
Backup/Cloning-related feature ...... 11
Recovery-related feature ...... 13
VMware-related Feature ...... 16
Storage-related feature ...... 19
Hardware-related feature ...... 21
Support-related features ...... 22
Drawing the prototype ...... 22
Considerations ...... 26
Implementing the model ...... 26
Creating attributes specific to ROBO sites ...... 27
Authentication users with LDAP...... 27
Deciding access rights for the local IT admin ...... 28
Deciding the privileges ...... 28
Creating restricted data zones (RDZ) for ROBO sites ...... 29
Testing the console view as a local IT admin ...... 32
Testing recovery ...... 32
Delegating the part ...... 33
Delegating index to centralized repository ...... 33
2014 EMC Proven Professional Knowledge Sharing 2
Delegating ROBO site backups to local IT ...... 34
Delegating ROBO site recovery to local IT ...... 34
Delegating ROBO site tape management to local IT ...... 35
Delegating ROBO site administration to local IT ...... 36
Gaining the claps ...... 36
Appendix ...... 37
Disclaimer: The views, processes or methodologies published in this article are those of the author. They do not necessarily reflect EMC Corporation’s views, processes or methodologies.
2014 EMC Proven Professional Knowledge Sharing 3
Introduction Most global clients who demand backup have inventory centers, branch offices, and remote offices spread across the world along with a main data center (Figure 1). The main data center is generally safe and has all that is required for a backup and disaster recovery solution. However, business and user data which resides at remote and branch offices often do not have a proper backup and disaster recovery solution. The situation becomes more difficult for backup administrators when they speak a different language. Most users prefer having their local IT onsite for their data recovery. The situation becomes worse when they themselves don’t know where exactly the share was coming on their local machine. These users mainly put their business-critical data on groupshares and homeshares. These people are mainly from non-IT backgrounds and need their data back at any cost.
Figure 1: Remote office connected with main data center and disaster recovery site
Delegation Model is a special type of model in which customers route all their data recovery through their own local IT residing at their local sites such as remote office/branch office (ROBO) instead of backup administrators. This reduces the backup administrator’s workload and makes it easier for users to recover their data, though backup administrators are still responsible for disaster recovery. Delegation model is just a general term to delegate some part
2014 EMC Proven Professional Knowledge Sharing 4 of the administrative work to another group. Generally, customers want to customize the model to best fit their needs.
Until now, solution architects used EMC Avamar® for their backup accounts in ROBO environments. However, not every account can accommodate the new solution in the existing setup.
In my experience, accounts which have EMC NetWorker® as a backup solution can be also be used as part of a delegation model for ROBO environment. This use case of NetWorker has not been explored until recently. In 2013, EMC completely changed EMC NetWorker, making it more adaptable to the backup environment and fulfilled almost all customer expectations. The new features added in this software—such as Restricted Data Zone (RDZ), support for Windows 2012 R2, latest database support, online savesets cloning, block-based backup, and NetWorker Snapshot Management (NSM)—improved space recovery for Advanced File Type Device (AFTD) and many other features completely changed the software. It is now much more compatible and can now be used for ROBO environments.
NetWorker is now not only a backup solution but it also interacts with the console user in a very friendly way. The error messages and option for client side logs which it displays are now very easy to understand. Using basic EMC NetWorker functionality can provide a ROBO backup solution using the existing backup solution. It even provides a disaster recovery solution as the software makes a central repository of all of its indexes so it would be much easier to make a disaster recovery copy of the solution. The wide adaptability and acceptability of the solution for operating systems, databases, applications, backup devices, and more makes it responsive to customer needs.
This Knowledge Sharing article takes you on a journey to implement Delegation model by using NetWorker as the main backup product.
2014 EMC Proven Professional Knowledge Sharing 5
Goal and Objective The goal of this article is to provide a foundational understanding of delegation model and assist in developing a “blueprint” for the tailored solution which can be extracted by the NetWorker and some backup device.
This article introduces a method of designing a service-based branch infrastructure design. The branch environment is typically part of a larger network that supports an organization's main sites and data centers. However, branch sites introduce a number of significant constraints that modify the options that are available to solution designers. This article explains how to look at the specific requirements of the branch office within the larger context of an organization's IT services.
Audience While Engineering personnel are the intended audience, this article is also suitable for solution designers who find difficulty offering other products besides NetWorker due to budget issues or environment adaptability.
What is Delegation Model? A Delegation model is a model designed for the customer in such a way that only disaster recovery part remains with the service/support vendor. The rest, such as backup, recovery, and reporting remains with the customer. The delegation model offers a way to delegate administration, monitoring, reporting and planning to the customer while keeping disaster recovery with the service company. In short, it is the “Model to increase virtual backup administrators”. Figure 2 depicts a brief idea of what responsibilities are given the local IT and what remain with the backup administrators for the ROBO environment.
2014 EMC Proven Professional Knowledge Sharing 6
Figure 2: Backup administrator’s tasks allocated to local IT
The Concept A big problem for global customers is how to back up their remote offices and branch offices. They know that solutions are readily available that can protect their main data centers with advanced technologies that provide incredible results but none of the solutions will become the “best fit champion” for them. Often, the customer places blame on the product vendor for not thinking of a solution for them. I find that customer demands are not unrealistic, they just want some restriction and some automated facilities with the backup solution. Figure 3 shows how customers back up their remote office due to lack of bandwidth at ROBO sites.
2014 EMC Proven Professional Knowledge Sharing 7
Figure 3: Different types of remote offices backing up through different backup method
Basic nature of the ROBO users:
a. They are mainly from non-IT backgrounds and believe their IT department is capable of handling any kind of data loss. b. They are mainly mobile users and use sync center to sync their important data with the central branch office server. c. The remote and branch office are on a low-bandwidth link. d. They are in different time-zones. e. They speak different languages which makes it difficult for the backup administrator to communicate during restoration coordination. f. They calculate and compare the SLA of ROBO with the data centers.
Let’s suppose we can give them a solution which provides the capability to customize the system according to their wish and need, restricts machine visibility, provides restriction to the users, and helps recover or back up in a self-instructing fashion. I believe we can do all these things with the help of EMC NetWorker.
EMC customers who use NetWorker as a primary solution for data centers look to EMC to provide the same type of solution for their ROBO environment that can fulfill their customization needs. The new advanced EMC Networker meets this requirement.
2014 EMC Proven Professional Knowledge Sharing 8
Reasons for choosing NetWorker for the delegation model concept of are:
a. EMC NetWorker is widely accepted globally. b. Increased support for the wide range of operating systems such as Window 2012 and Window 2012 R2. c. Both the data center console and the ROBO console can be placed in a single window for centralized monitoring.
Understanding the customer’s backup environment and architecture For many years, designing backup infrastructure to support branch office sites has been a challenging task. The complexities introduced by the limitations in available network latency, bandwidth, performance issues, and geographic separation significantly impact an organization’s ability to implement an appropriate single IT solution for all of its sites. As wide area network (WAN) bandwidth and performance grows, client and server technologies are also introduced (or enhanced) to support branch office operations better and the situation continues to improve. However, there will always be a fundamental difference in the backup design for a geographically distributed ROBO environment and the backup design for a data center. ROBO sites introduce a number of significant constraints that modify the options that are available to solution designers1.
The ROBO environment includes the branch sites themselves, any regional sites that they may connect through and, where applicable, a central site that is associated with the branch sites and small satellite offices. Because the goals of the business and many other organization- specific factors determine an organization's environment, no single definition of an environment fits all organizations, although the goals for this environment are usually consistent with the following statement:
“Provide an easy recoverable, low risk, fault tolerant, high performance backup infrastructure to all geographic areas of the organization for as little cost a possible1.” While this is an excellent mission statement to keep in mind for your designs, a number of technical and non-technical constraints can affect your ability to deliver a design that meets this statement. The key to successful ROBO infrastructure backup design is to identify these constraints and their effect and then communicate them to the relevant parties before the design is agreed upon or implemented. This is especially true in larger environments that are unlikely to support a single common approach in all of the branch sites. For these organizations, the final
2014 EMC Proven Professional Knowledge Sharing 9 design must provide various levels of performance and fault tolerance for the end users and support staff across the environment.
The backup architecture of a data center is generally the same everywhere. They use an enterprise backup solution such as NetWorker to transfer all the backed up data to the media device which can be either a tape library or a disk-based device. The tapes get vaulted or they use a replication method to transfer backed up data to another data center for disaster recovery purposes.
Collecting features which can be used in the solution2, 3
Identifying the main features required to prepare the solution is important to get the best use of it. These features play a key role in:
Authentication-related feature NetWorker server in LDAP mode
The Lightweight Data Authentication Protocol version 3 (LDAPv3) is required to authenticate all local IT users through Active Directory. This is because in a delegation model concept, the numbers of administrators are more and thus the password management is also a bigger issue for Windows and backup admininstration. NetWorker provides the ability to distribute an LDAP configuration from the NMC server to any NetWorker server that is managed by the NMC server. This puts the NetWorker server in LDAP mode. A NetWorker server in LDAP mode authorizes LDAP authenticated users based on the LDAP groups to which they belong (provided those LDAP groups have been configured as part of the “external roles” attribute).
Restricted Data-zone (Multi-tenancy facility)
Use the Multi-Tenancy Facility option to create multiple restricted data zones. End users can access a single NetWorker server without being able to view data, backups, recoveries, or modify in other data zones. In addition, Tenant administrators within a restricted data zone can only see a very limited amount of the information (log and alerts) managed by the global administrator or other restricted data zones.
2014 EMC Proven Professional Knowledge Sharing 10
The Multi-Tenancy Facility feature is enabled by configuring a Restricted Data Zone resource on the NetWorker server. A restricted data zone is associated with its own NetWorker resources. The following roles apply to the Multi-Tenancy Facility feature: I. global administrator II. tenant administrator
Figure 4: Restricted data zone properties window
Backup/Cloning-related feature Storage node balancing
Starting in NetWorker 8.1, a new feature—Save session distribution—has been introduced that allows one to configure how save sessions are distributed among storage nodes. The Save session distribution feature can be applied to all NetWorker clients globally or to selected clients only. This feature has two options:
I. Max sessions. Save sessions are distributed based on each storage node device's max sessions attribute. This is the default distribution method.
2014 EMC Proven Professional Knowledge Sharing 11
II. Target sessions. Save sessions are distributed based on each storage node device's target sessions attribute. This option is more likely to spread the backup load across multiple storage nodes, while the “max sessions” option is more likely to concentrate the backup load on fewer storage nodes.
Direct file Access (Client Direct)
A new attribute, Client Direct, allows you to enable direct file access (DFA) for the client resource so that client backups can bypass the storage node and send deduplicated backup data directly to Data Domain® Boost storage devices, or send non-deduplicated backup data directly to AFTD storage. The Client Direct option is selected by default and is located in the General tab of the Client Properties window, as shown in the Figure 5.
Figure 5: Client Direct option in Client properties window
2014 EMC Proven Professional Knowledge Sharing 12
Cross-platform AFTD client direct support for non-root UNIX/LINUX clients
Non-root and cross-platform Client Direct backups to AFTDs are now supported for NetWorker clients on UNIX/Linux or Microsoft Windows. The AFTD can be managed by a Linux/UNIX or a Windows storage node. The AFTD can be local or mountable on the storage node.
Virtual synthetic full backups for Data Domain systems
A virtual synthetic full (VSF) backup is the same as a synthetic full backup, except that it is performed on a single Data Domain system. Similar to synthetic full, VSF uses full and partial backups to create a new full backup. However, since the backup occurs on a Data Domain system using new DD Boost APIs, the backup does not require save set data to be sent over the wire, resulting in improved performance over synthetic full and traditional backups.
Block-based backups on windows
Block-based backup is a technology where the backup application scans a volume or a disk in a file system, and backs up all the blocks that are changed or in use in the file system. Block- based backup uses Volume Shadow Copy Service (VSS) snapshot capability to create a consistent copy of the source volume for backup and Virtual Hard Disk (VHD) format, which is sparse, to write data to the target device. Block-based backup supports only AFTD and Data Domain as target devices. These devices support the client direct functionality that is a mandatory requirement for block-based backup. For incremental backups, it uses the Change Block Tracking (CBT) driver to identify the changed blocks so that only the blocks that are changed can be backed up.
Automatic savegroup cloning
The method for setting up an automatic clone operation based on the backup group resource has a new feature. The clone operation can now be set to begin after each save set is backed up. Alternatively, you can still select to have the clone operation begin only after all of the save set backups for the group have completed.
Recovery-related feature Windows Bare Metal Recovery
Windows Bare Metal Recovery (BMR) is available for Windows operating systems. This support includes a new Windows BMR wizard in the NetWorker Management Console. The BMR
2014 EMC Proven Professional Knowledge Sharing 13 window is very interactive and EMC provides the bootable ISO to start the BMR. The wizard will ask for some basic configuration such as network details, data location, etc.
Recovering ACL files as non-root user
Previously, non-root users could not browse and recover files if the save sets contained Access Control Lists (ACL)/metadata associated with root permissions. NetWorker now provides the ability to browse and recover files with associated ACLs in directories for which the user is not the primary owner.
To recover files with associated ACLs, ACL passthrough must be checked in the Recover section of the NetWorker Server Properties window, as shown in Figure 6. The feature is enabled by default.
Figure 6: Server properties window
If ACL passthrough is disabled, the message “Permission denied (has acl)” displays when a non-owner attempts to browse ACL files in the directory.
2014 EMC Proven Professional Knowledge Sharing 14
Recovery using recovery wizard and NMC
NetWorker introduces new recover functionality with a Recovery wizard that allows you to recover data to NetWorker 8.1 clients from NMC. The Recover wizard supports browsable, save set, and directed recoveries. The Recover wizard does not support cross-platform recoveries.
Clicking the Recover tab in the NetWorker Administration window of NMC allows you to run the Recover wizard from the menu by selecting Recover > New Recover, as shown in Figure 7.
Figure 7: Recover tab option in NMC console
Use the Recovery wizard to configure scheduled and immediate recoveries of:
Filesystem backup Block-Based Backup (BBB) BBB cloned to tape
You can also use the Recovery wizard to configure an immediate recover of a SnapShot Management backup.
Once recovery operations are in progress, recover activity displays in the window, as shown in Figure 8.
2014 EMC Proven Professional Knowledge Sharing 15
Figure 8: Recover operation progress
VMware-related Feature VADP Backup
NetWorker software provides support for backup and recovery of VMware virtual clients using traditional NetWorker file system backup and recovery or by using VMware backup technologies such as VCB or the vStorage APIs for Data Protection (VADP), which provide LAN-free backups of VMware virtual machines. Additionally, the NetWorker software provides automatic discovery of VMware environments and notification of changes to those environments, and provides both a graphical map and tabular view of VMware environments.
Support for vSphere 5.5
NetWorker supports vSphere version 5.5 for virtualization workflows, including the VMware Protection solution that uses the EMC Backup and Recovery appliance, and VADP.
2014 EMC Proven Professional Knowledge Sharing 16
When using VADP, you must perform the following prerequisites on the NetWorker server/proxy machine in order to run vSphere 5.5:
1. Since the registry key for SSL verification is not set by default, add the following keypath in the registry: 'HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/VMware, Inc./VMware Virtual Disk Development Kit' Add a DWORD VerifySSLCertificates and set it to zero ('VerifySSLCertificates=0'). This will disable SSL verification for all VDDK hotadd operations.
2. Install .NET framework 3.5.1 or later on the proxy. In Windows 2008 R2, even though the .NET framework is bundled with the operating system, ensure that you enable the framework under Server Manager-> features.
3. Install VC++ runtime 9.0 (VC++2008 SP1) on the proxy. The following link provides more details: http://www.microsoft.com/en-us/download/details.aspx?id=2092
Recovery of a VM which already exists in the environment by allowing a name change
Recovery of the virtual machine fails if the virtual machine already exists in the specified ESX or VC server. If you did not want to delete the original VM, the VM had to be removed from the inventory and the datastore folders associated with the VM renamed. This is no longer required in the new NetWorker 8.0 SP1. A VM that already exists in the environment can be recovered by changing the name of the VM.
Change Block Tracking (CBT)
Virtual machines running on ESX 4.0 or later hosts with Virtual Hardware 7 can keep track of disk sectors that have changed. This feature is called Changed Block Tracking (CBT).
On a virtual machine, the virtual disk block changes are tracked from outside of the virtual machine in the virtualization layer. When a backup is performed, NetWorker uses CBT to determine which files have changed since the last backup and backs up only those files.
2014 EMC Proven Professional Knowledge Sharing 17
NetWorker VMware protection solution
NetWorker 8.1 introduces a new NetWorker-integrated VMware backup and monitoring solution. In this solution, once you deploy an EMC Backup and Recovery appliance in the vSphere Client, you can monitor the VMs and create and modify backup and clone policies for the appliance by using NMC. Figure 9 displays the default policy that appears in NMC upon deployment of the EMC Backup and Recovery appliance.
Figure 9: VMware protection policies window
You can then assign VMs to the backup and clone policies using the EMC Backup and Recovery plug-in in the vSphere Web Client. When you click in EMC Backup and Recovery in the left pane of the vSphere Web Client and connect to a backup appliance, the EMC Backup and Recovery user interface displays, as shown in Figure 10.
2014 EMC Proven Professional Knowledge Sharing 18
Figure 10: vSphere web client backup and recovery console window
You can also perform full recoveries of these backups from the vSphere Client, or file-level recoveries from the EMC Data Protection Restore Client.
Storage-related feature Auto-configuration of NDMP device
Previously, NDMP backups required manual configuration to offload DSA workload and activities to storage nodes and clients. When not configured appropriately, NDMP data travels to the storage node via the NetWorker server and the NetWorker server must then handle index processing, creating performance issues. Large NDMP index conversion operations need to share the NetWorker server which is typically busy with other backup operations, leading to performance issues.
NetWorker supports auto-configuration of NDMP backups by automating the selection of resources and offloading the index conversion.
NetWorker Snapshot Management
NetWorker server and client software includes NetWorker Snapshot Management (NSM) that integrates and replaces the previous stand-alone NetWorker PowerSnap modules for VMAX®
2014 EMC Proven Professional Knowledge Sharing 19
(Symmetrix®), VNX Block (CLARiiON®), and RecoverPoint. NSM is a single, wizard-facilitated NetWorker feature that provides an improved user experience with greater flexibility to protect production data with less dependency on backup windows. NSM is covered by a volume license.
NSM manages snapshots, which are point-in-time (PiT) copies of production data created by the replication capabilities of the storage array. NSM can restore the data from snapshots and can copy snapshots to conventional storage media such as disk or tape.
NSM provides snapshot backups with the same benefits that NetWorker offers for conventional backups such as monitoring, lifecycle policies, and granular filesystem recoveries.
NSM simplifies the user experience through integration with NetWorker client software and the implementation of configuration and recovery wizards.
The following new NSM features and support represent improvements over the former PowerSnap module software: I. Integration with NetWorker client installation package, available under NetWorker capacity licensing II. NMC Client Configuration Wizard a. Discovery and configuration of snapshot clients b. Step-by-step configuration of snapshot creation, snapshot lifecycle policies, and snapshot rollover to conventional storage media such as disk or tape III. NMC Recovery Wizard a. Step-by-step restore procedures b. Restore from snapshot save sets stored on a storage array and from rollover save sets stored on conventional storage media IV. Support for VMAX VPSnap and VNX VNX-SNAP V. Optional configuration on a single host without a separate mount (proxy) host VI. Secure retention of RecoverPoint client user credentials in the server lockbox VII. Reduction of the previous multiple log files to a single log file per client VIII. Support for VMAX thin-provisioned LUNs
2014 EMC Proven Professional Knowledge Sharing 20
Hardware-related feature NPIV support for tape device and jukebox
NetWorker now supports N_Port ID Virtualization (NPIV), allowing multiple systems to share a single physical Fibre Channel port. This support includes tape devices and jukeboxes, and allows jukeboxes to be configured in an AIX LPAR environment (AIX versions 6.1 and 7.1).
LTO-6 tape device support
NetWorker supports the configuration of LTO-6 tape devices.
LTO device default block size increase to 256 KB
In NetWorker, the default block size for an LTO device increases from 128 KB to 256 KB. When NetWorker labels a new or used volume in an LTO device and the Device block size attribute of the device is the handler default, the label operation uses a 256 KB block size. Increasing the default LTO block size results in Data Domain VTL deduplication ratios improving by up to 15%, and physical tape device write speed over higher-latency SAN links improving by an average 30%.
Optimized disk reading
NetWorker introduces a new feature to optimize data read performance from the client system during standard file system backups. NetWorker introduces an intelligent algorithm which chooses an optimal block size value in the range of 64 KB and 8 MB based on the current read performance of the client system. This discovery occurs during the actual data transfer and does not add overhead to the backup process, while potentially significantly increasing disk read performance. This feature is transparent to the rest of the backup process and does not require additional configuration.
You can override dynamic value by setting the environment variable NSR_READ_SIZE to a desired block size. For example, NSR_READ_SIZE=65536 forces NetWorker to use 64KB block size during the read process.
2014 EMC Proven Professional Knowledge Sharing 21
Support-related features Window 8.0, Window 8.1, Windows 2012, and Window 2012 R2 support
NetWorker provides Windows System State and File System backup and recovery support for Windows 8 clients, Windows Server 2012 (including non-optimized backup and recovery for Windows Server 2012 deduplicated volumes), and UEFI-based systems running Windows. Optimized backup of data deduplication volumes on Windows Server 2012 is not supported.
The following browser and JRE version requirements identified in NMC for Windows 8 and Windows Server 2012 can be ignored: I. Firefox version number (17.0.1) II. JRE version 1.8
Window 2012 support for Cluster Shared Volumes (CSV)
The backup and recovery of file system data on Windows Server 2012 File Servers configured for Windows Continuous Availability with Cluster Shared Volumes (CSV) is now supported. Support of CSV backups includes three levels: Full, Incremental, and Synthetic-full.
Volume-level optimized deduplication
Volume-level optimized deduplication is a new feature in Windows Server 2012. When the data deduplication role is enabled, a Deduplication VSS Writer supports backup of volumes in their optimized deduplication form. NetWorker supports backup of optimized deduplication volumes, and restore of optimized deduplication backups to a set of eligible restore targets.
Drawing the prototype The backup admin should have rights to see all the resources and local IT details for each site and be allowed to add/subtract the resources. Figure 11, 12, 13, and 14 illustrate the access view format provided to backup administrators and remote office administrators (sub-admins).
2014 EMC Proven Professional Knowledge Sharing 22
Figure 11: Backup Administrator prototype view
Figure 12: Local IT admin prototype view for Site A, Site B, and Site C
2014 EMC Proven Professional Knowledge Sharing 23
Figure 13: Local IT admin prototype view for Site D and Site E
Figure 14: Local IT admin prototype view for Site F
2014 EMC Proven Professional Knowledge Sharing 24
The following points are important to note while drawing the prototype:
1. The prototype of the delegation model should be such that the all of the administration part should go the local IT people. We should keep the following points in mind during prototype definition: 2. The administration should be simple and easy to understand for all the local IT people so that if any local IT is replaced, the new people should be able to use it with minimum effort of knowledge transfer. 3. The administration should be responsive and should guide the local IT people if they are going in wrong direction. 4. The local IT people should have the privilege to log in to the console through their default username and password. This request should be routed to backup administrator to reset that person’s credentials. For this, LDAP is the best way and NetWorker gives the option to authenticate the users with LDAP v3. 5. All important resources such as policies, schedule, storage node, pool, label, client, and group are the most customizable attributes and they vary according to the geographical region. The most changing attribute—group time and schedule—is generally different in ROBO environments due to daylight savings time and different local IT shift timings. These attributes should be given to the local IT so that they can change it according to their best fit. 6. The local IT should have the privilege to have daily reports automatically sent to their e- mail ID at 8:00 AM daily so that they can know what they had backed up last night and what they had missed. 7. The reporting should be clean and easily understandable with a minimum amount of legends such as client name, SSID, volume name, saveset details, date, time, and status. These reports will not only provide a monitoring benefit to the local IT but also helps them track the media during the recovery, and enabling them to easily know which media contains what data. The recovery will be much easier in this case. 8. The monitoring console should be light-weight and should have color indicator for failed and successful status. 9. The recovery should be in the same monitoring console and should provide the option to save the recovery instance after recovery completion so that it could be used in the future. The recovery should be based on input-output format. 10. The backup should have disaster recovery savesets for each client so that any server can be built up during disaster.
2014 EMC Proven Professional Knowledge Sharing 25
11. The local IT should have basic knowledge of all NetWorker terminology so that they know how to perform first-level monitoring. 12. The model should have master view for the backup admin and limited view for the local IT admin. 13. The model should provide full access for the backup admin and limited permissions for the local IT admin. The permission given to local IT should be highly customizable and should have the option to view, change, and modify the settings. It should be customizable by the backup admin only.
Considerations When configuring local IT admin within the restricted data zone, consider:
1. Non-default resources in the global data zone are not visible to local IT who only have privileges within the restricted data zone. 2. Local IT admin cannot be a member of more than one unique restricted data zone. However, local IT can appear in multiple resource instances of the same restricted data zone. This allows for granular control over the local IT admin and their privileges because all restricted data zones group together in a similar way to those Client resources with the same name group. 3. A restricted data zone can have multiple local IT admins. 4. The Privileges section of the Restricted Data Zone resource specifies the privileges for a local IT. For resources that have a restricted data zone associated with them, the Restricted Data Zone resource and the User Groups resource use the same Privileges attributes. 5. Local IT admin can only create devices and jukeboxes on storage nodes that are associated to them exclusively within the restricted data zone.
Implementing the model The model implementation consists of:
1. Creating attributes specific to ROBO sites 2. Authentication users with LDAP 3. Deciding access rights for the local IT admin 4. Deciding the privileges 5. Creating restricted data zones for ROBO sites 6. Testing the console view as a local IT admin 7. Testing recovery
2014 EMC Proven Professional Knowledge Sharing 26
Creating attributes specific to ROBO sites Since each site will use its own attribute, a new attribute must be made for each site. This includes time policies, snapshot policies, schedules, directives, media pools, and labels. Traditionally, NetWorker uses the same attributes for multiple clients’ configuration but in restricted data zone, a new attribute is required for each site. This eliminates the dependency of changing any attribute for a particular ROBO site.
Authentication users with LDAP4 The global administrator configures a restricted data zone and assigns tenant administrators. When an LDAP user logs in for the first time, a user object is automatically created on the Console server. You only need to map LDAP user roles or LDAP user names to Console user roles. If necessary, you can also create user objects before users initially log in. For example, you may want to restrict user access to managed servers before a user logs in for the first time.
To add a Console user account when using LDAP authentication:
1. Create the Console user:
a. Log in to the Console server as a Console Security Administrator.
b. From the Console window, click Setup.
c. In the left pane, right-click Users and select New. The Create User dialog box opens and displays the Identity tab.
d. In the User Name attribute, type the LDAP user name.
e. (Optional) In the Full Name field, type the full name of the LDAP user.
f. (Optional) In the Description field, type the user description.
g. Click OK.
2. Map LDAP users to Console roles.
a. In the left pane, select Roles.
b. In the right pane, right-click Console User and select Properties.
2014 EMC Proven Professional Knowledge Sharing 27
c. In the External Roles attribute, add each LDAP user role or LDAP user name to be mapped. Type each entry on a separate line.
3. Click OK.
4. Assign privileges to the tenant administrator within the restricted data zone.
Deciding access rights for the local IT admin The access right for the local IT admin is decided by local IT itself. If the local IT admin is managing more than one site, instead of adding his name in all of the RDZ he is managing, the RDZ should be configured with all the clients and resources present at all those sites which he is managing. RDZ has this limitation that one user cannot be added to multiple zones. To mitigate this issue, the logic is to create single RDZ and all the resources to that RDZ. This single RDZ will be managed by the local IT who will be able to see all the clients in one console.
Deciding the privileges You can customize privileges associated with a local IT admin within a restricted data zone to fit specific requirements. The “privileges” field will give you this option in RDZ resource. There are some pre-configured resources. You just have to check it.
Remote Access All clients
Allows a local IT admin to:
1. Remotely browse and recover data associated with any client within the restricted data zone. 2. View configurations for all client resources that are within the restricted data zone.
Operate NetWorker
Allow local IT admin to perform NetWorker operations.
Configure NetWorker
Allows local IT admin to configure resources associated with the NetWorker server, its storage nodes, and clients. This includes creating, editing, and deleting resources within the restricted data zone. Local IT admins can only edit resources within their own particular restricted data zone. However, they can create new resources if they are not blocked by the quantity
2014 EMC Proven Professional Knowledge Sharing 28 restrictions in the restricted data zone. Local IT admins with this privilege cannot configure NetWorker resources that have not been assigned to them within the restricted data zone.
Monitor NetWorker
Allow local IT admin to:
1. Monitor NetWorker operations, including device status, save group status, and messages. 2. View media database information. 3. View NetWorker configuration information within the restricted data zone.
Operate Devices and Jukeboxes
Allows local IT admin to perform device and autochanger operations—such as mounting, unmounting, and labeling—within the restricted data zone. The Monitor NetWorker privilege must also be enabled. A local IT admin with this privilege can also view device status, pending messages, and view information in the media database.
Recover local data, Backup local data
Allows a local IT admin to recover/backup data from the NetWorker server to the local client and to view most attributes in the client's configuration.
Delete application settings, change application settings, view application settings, create application settings
Allows a local IT admin to delete, change, view, and create application settings that were set in the NetWorker software for the particular data zone.
Change security settings, delete security settings, create security settings, view security settings
Allows a local IT admin to change, delete, create, and view the security settings that were set in the NetWorker software for the particular data zone.
Creating restricted data zones (RDZ) for ROBO sites To configure a restricted data zone, apply a set of privileges on a per resource basis. Note that User Groups privileges are applied on a per data zone level. The association of a restricted data zone to resource is one-to-many, such that a restricted data zone can be associated with multiple resources. However, a single resource cannot be associated to different restricted data
2014 EMC Proven Professional Knowledge Sharing 29 zones. When a resource is associated to a restricted data zone, it is immediately made available for use by the restricted data zone. Note that NetWorker clients and groups that are associated to a restricted data zone must both belong exclusively to that particular restricted data zone, and must not participate in other restricted data zones. The Multi-Tenancy Facility feature does not support a scenario where one group is used to back up clients that belong to different restricted data zones.
Error messages appear if there is an attempt to:
a. Associate more of a particular type of resource than is specified in the Restriction attribute of the Restricted Data Zone resource. b. Configure a resource which cannot be associated to a Restricted Data Zone.
How to configure a restricted data zone4
Local IT administrators cannot create or edit a Restricted Data Zone resource. However, they can view the resource from the Console or CLI. To configure a restricted data zone, you must create or edit a Restricted Data Zone resource:
1. Ensure that you have at least the minimum privileges to create or edit a Restricted Data Zone resource. 2. To configure a restricted data zone where tenant administrators are assigned: a. Ensure that the tenant administrators are not listed in Users attribute of any User Groups resources. Privileges set in a User Groups resource apply to all resources, not just the resources within a Restricted Data Zone. b. Remove the *@* character from the Users attribute of each of the NetWorker User Groups resources. By default, *@* appears in the Users field of the User Groups resource named Users. 3. Configure the following customized NetWorker resources for the restricted data zone, if required. Default directives, labels, media pools, schedules, and policies are available to all restricted data zones at all times. 4. In the server Administration interface, click Configuration. 5. Right-click Restricted Data Zones and select New. The Create Restricted Data Zone dialog box appears. 6. Name the restricted data zone: a. Click the General tab. b. In the Name field, type the name of the of the restricted data zone.
2014 EMC Proven Professional Knowledge Sharing 30
c. (Optional) In the Comment field, add a descriptive comment for the restricted data zone. 7. Set restrictions to limit the number of clients, devices, storage nodes, and jukeboxes that the tenant administrator can create or associate within the restricted data zone. 8. List the local IT administrators and assign their privileges within the restricted data zone. For LDAP authentication, in the External roles field, add the user accounts that are granted permission to create and manage the NetWorker resources within this particular restricted data zone as a tenant administrator. 9. In the group and client tab, select the group and the clients associated with that group. In the Jukeboxes and devices tab, select a jukebox that can be accessed by the specific local IT admin within this particular restricted data zone. 10. The resources such as directives, labels, media pools, schedules and policies are also required to be associated. 11. In the storage node tab, select the storage node that the local IT administrator can access and use within the restricted data zone. 12. Click OK to finish the configuration.
Figure 15 shows Restricted Data Zone properties window.
Figure 15: Restricted data zone properties window
2014 EMC Proven Professional Knowledge Sharing 31
Testing the console view as a local IT admin After creating the restricted data zone, it is important to test the NetWorker management console. Cross-check whether the local IT admin is able to see the required resources or not. It is important that local IT should not be able to view/change any other site resources. The following steps needs to be considered for testing:
1. The local IT admin will supply username and password to log in to the NMC. 2. This user will be authenticated with the LDAP. 3. In the monitoring tab, local IT should only see the group which belongs to his site. 4. Under configuration tab, the client should see only his site’s resources available there. Some default resources will also be there and they will remain uncovered for every site but these resources will not have any negative affect. 5. Under Devices tab, local IT should be able to see his site’s jukeboxes and storage node. 6. Under Media tab, local IT should be able to his site’s media pool and media volumes.
Testing recovery This is the last part for implementing the delegation model. The testing of recovery is important here because, after delegation, the local IT admin has to deal with it and should not find it difficult to perform the recovery. Although EMC had worked hard to make it simple and integrated the recovery console with NMC, a knowledge transfer session is required to demonstrate how the recovery console works. The new recovery console is a step-by-step guide that asks the user for input.
2014 EMC Proven Professional Knowledge Sharing 32
Figure 16: Recover Configuration properties window Delegating the part Delegating index to centralized repository The index of all backed up data is saved to the centralized repository and then replicated to another data center. Remote and branch offices either go with some ROBO-supported backup tool (extra cost) or use a native backup utility or some free tool to take the backup locally. In both cases, their indexes remain on different repository and do not get the same safeguard as the data center indexes receive. They always remain isolated with the indexes of the main data center and the backup administrator has to manage them separately.
Ideally, since indexes are the “running pulse” of any recovery, the design should be such that the data center and ROBO indexes should go to the same location and be replicated to the disaster recovery site.
2014 EMC Proven Professional Knowledge Sharing 33
Figure 17: Remote site offices backing up through different media
Delegating ROBO site backups to local IT Secondly, data backed up for ROBO either remains on the local hard disk of the same server machine or deduplication, compression-type of advanced technologies are used to send data across the WAN which consumes network bandwidth. Keep in mind that ROBOs generally have low-bandwidth links and global customers have hundreds of ROBO sites around the world. Handle the backup of all these small offices with low backup speed and recovering them within the SLA becomes a nightmare for backup administrators.
The low-bandwidth issue can be solved if the design provides for data back up at the branch office itself and the index travels to the main data center. This will eliminate the requirement for a high bandwidth link as only the indexes travel on the network.
Delegating ROBO site recovery to local IT Third, dependency for data recovery is the main challenge for those who choose a centralized solution. The backup administrator team would need to be contacted for each data recovery. Interacting with the recovery admin just for their lost data could become an issue for those in different geographical regions. Plus, a backup admin for a customer with hundreds of branch offices would find it challenging to manage the recovery of hundreds of sites within the defined SLA.
To prevent this situation, the solution should be designed in such a way that the recovery part goes to the branch offices and the backup admin should be no longer be responsible for any
2014 EMC Proven Professional Knowledge Sharing 34 kind of data loss. This will prevent the user from interacting with the backup admin, while enabling the backup admin to manage the recovery within the stipulated SLAs.
Figure 18: Delegating recovery tasks to local IT
Delegating ROBO site tape management to local IT Fourth, tape management such as tape vaulting and tape tracking is a painful task for backup admins with hundreds of ROBO offices and the chance of mis-management increases. In the span of years, the number of tapes in each of ROBO can grow to 50 or more, requiring new tools to manage the tapes.
The easy way to sort out this situation is to involve many admin people with knowledge of tape management. I’m not suggesting hiring new employees. Rather, involve local IT at ROBO offices and delegate the task to them for tape vaulting and tape managing. They will now be responsible for each tape tracking and the service company will be free from any kind of tape management for ROBO environments.
2014 EMC Proven Professional Knowledge Sharing 35
Delegating ROBO site administration to local IT Obviously, management of ROBO sites will be difficult as each has more than one server and the administration of these servers require more eyes as well.
Involving local IT to manage their own sites independently is a great idea can easily be done by using the restricted data zone feature in EMC NetWorker.
Gaining the claps Basic EMC NetWorker functionality can provide a ROBO backup solution using the existing data center backup solution. Even the disaster recovery solution can be provided as the software makes a central repository of all of its indexes so it would be much easier to make a disaster recovery copy of the solution. The wide adaptability and acceptability of the solution for operating systems, databases, applications, backup devices, and more makes it responsive to customer needs.
The main point for the local IT admin to keep in mind is the disaster recovery backup. The disaster recovery backup or the backup of Windows roles and features will help the backup admin re-build the server after disaster.
I have highlighted some of the benefits of using NetWorker as a ROBO solution to provide a sample of a customized delegation model for customer.
Solution architect will be able to add the ROBO backup solution with the data center solution. EMC Networker will once again prove the adaptability of the software. The delegation model can be customized according to the customer’s need and be delivered as a professional solution. Helps customers include branch and remote offices together with the data center to provide complete protection to their environment. Helps Professional Services write a tailor-made solution for customers’ needs. Managing the solution in the same backup console along the data center servers. Document can be easily integrated into the procedure generator tools and made available via the web. Solution architect will find a new way to use the added feature of EMC NetWorker for their customers and remain competitive with other vendors.
2014 EMC Proven Professional Knowledge Sharing 36
Appendix 1. Branch office infrastructure solution architecture guide version 3.0 (Microsoft, Windows Server 2008) 2. EMC NetWorker Release 8.0 and Service packs Rev 14, 12 December, 2013 3. EMC NetWorker Release 8.1 and Service packs Rev 09, 10 January, 2014 4. EMC NetWorker Administration Guide Release 8.0 Rev 04
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO RESPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
2014 EMC Proven Professional Knowledge Sharing 37