Transcription
Best PracticesDell EMC Integrated Data Protection Appliance:Configuration Best PracticesIntegrated Data Protection Appliance version 2.6AbstractThis guide provides best practices for deploying and configuring the Dell EMC Integrated Data Protection Appliance (IDPA) server.January 2021H18637
RevisionsRevisionsDateDescriptionJanuary 2021Initial release for IDPA version 2.6AcknowledgmentsAuthor: Sandeep RajagopalThe information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in thispublication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.Use, copying, and distribution of any software described in this publication requires an applicable software license.This document may contain certain words that are not consistent with Dell's current language guidelines. Dell plans to update the document oversubsequent future releases to revise these words accordingly.This document may contain language from third party content that is not under Dell's control and is not consistent with Dell's current guidelines for Dell'sown content. When such third party content is updated by the relevant third parties, this document will be revised accordingly.Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of DellInc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [2/4/2021] [Best Practices] [H18637]2Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Table of contentsTable of contentsRevisions.2Acknowledgments .2Table of contents .3Executive summary.5Audience .51Introduction .62IDPA deployment preparation checklist .82.1Install the Network Validation Tool .92.2Default username and passwords on the IDPA .92.3License activation .102.3.1 In-product activation .102.3.2 Manual activation .1034Network connectivity overview .113.1DP4400 .113.2DP5800 .123.3DP8300 and DP8800 .13Sizing overview.164.15Scalability overview .16Installation overview .175.1Installing the IDPA preinstallation patch .175.1.1 Installing the IDPA preinstallation patch on the DataProtection-ACM.175.2Connect to the ACM .205.3Network configuration wizard .225.4Install and deploy IDPA .235.5Troubleshooting .275.5.1 Retry installation .275.5.2 Roll back Installation .285.5.3 Accessing vCenter .2836Use cases .297Upgrade IDPA software (DP4400) .317.1Supported upgrade paths .317.2Upgrade components .317.3Upgrade prerequisites .327.4Upgrade the appliance software .33Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Table of contents7.5Troubleshooting component software upgrades .357.5.1 Retry upgrade process .357.5.2 Avamar .357.5.3 vCenter .367.5.4 Upgrade log files .37A4Technical support and resources .39A.1Document references for IDPA.39A.2IDPA training resources .39Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Executive summaryExecutive summaryThis guide provides best practices for deploying and configuring the Dell EMC Integrated Data ProtectionAppliance (IDPA) server.As part of an effort to improve its product lines, Dell Technologies periodically releases revisions of itssoftware and hardware. Some functions that are described in this document might not be supported by allversions of the software or hardware that are currently in use. The product release notes provide the most upto-date information about product features.Contact a technical support professional for assistance with product functionality.AudienceThis document is intended for experienced system administrators or the Dell Technologies ProfessionalServices (PS) team to deploy and configure the IDPA server.5Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Introduction1IntroductionThe Dell EMC Integrated Data Protection Appliance (IDPA) is an all-in-one backup appliance. It reduces thecomplexity of managing multiple data silos, point solutions, and vendor relationships by simplifyingdeployment and management. The IDPA delivers powerful, enterprise-grade data protection capabilities forsmall, midsize, and enterprise organizations at a low cost to protect.The IDPA provides a solution for data protection administrators who are challenged by having to manageindependent and disconnected applications to configure and manage data protection and storage devices.IDPA System Manager enables administrators to efficiently manage the IDPA components from a single userinterface—including monitoring, reporting, analytics, and search—to simplify the data protection experience.The IDPA provides easy configuration and integration of data protection components in a consolidatedsolution and offers the following: Simplified deployment and configurationBackup administrationDeduplicationNative cloud disaster recovery (DR) and Long-Term Retention (LTR)Instant access and restoreMonitoring and analyticsSearchScalabilityUnified supportDell EMC Integrated Data Protection ApplianceDuring manufacturing, each internal component in IDPA is assigned an IP address for internal connectivityand communications. During deployment, the system administrator or Dell EMC Professional Service (PS)members configure IDPA components and the Dell EMC switch to communicate on a public network in thecustomer environment. This process requires configuring the management interface of each component witha customer-supplied public IP address.The configured IDPA includes the following virtual machines in a vSAN: 6One virtual VMware vCenter Server Appliance (vCSA)One Appliance Configuration Manager (ACM) serverThree VMware ESXi hosts (IDPA DP5800, DP8300, and DP8900 models only)Dell EMC Avamar Virtual Edition (AVE): IDPA DP4400 and DP5800 models only.AV ProxyIDPA System ManagerDell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Introduction Search servers:- Data Protection Advisor (DPA) servers:- Three servers for DP8300 and DP8800 models (two Index Data servers and one Index Masterserver)One server for DP4400 and DP5800 models, which acts as both the Index Data server and IndexMaster serverDPA Application ServerDPA Data Collection AgentDPA Datastore ServerCloud Disaster Recovery (CDRA) (optional component)The vSAN provides the following benefits: 7RedundancyFailover and high availabilityLoad balancing with virtual machines moved between ESXi hosts automaticallyDell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
IDPA deployment preparation checklist2IDPA deployment preparation checklistBefore you begin the deployment, the system administrator or Dell EMC Professional Services (PS) membermust complete the following requirements.PrechecklistStatusDeployment prerequisites The completed pre-engagement questionnaire (PEQ) is copied. When the IP addresses for the IDPA components are reserved, the IP addressesto the hostnames in the DNS server are assigned. Ensure that the hostnamesthat are assigned to the point products are in lower case and do not haveunderscores ( ) or @ characters, which would cause the configuration to fail. During the appliance configuration, the DNS server settings are configuredproperly. After you configure the hostname and domain name of the pointproducts, you cannot modify the settings. You can modify the DNS server IPaddress on the point products after the appliance is configured. Ensure that thenew DNS server has the same hostname and domain names that are associatedwith the corresponding point product IP addresses. For more information aboutmodifying the DNS server IP address, see the KB article Integrated DataProtection Appliance: How to change DNS entries in a deployed IDPA (537628). The Network Validation Tool (NVT) is installed. Ensure that the NVT runssuccessfully without errors before you schedule the onsite visit of a PS engineer. The required cables and SFP/QSFP are available according to the customeruplink requirement. The engineer is aware of the customer’s uplink-related configuration of the IDPAand Dell EMC switch. You must provide the switch configuration file to the PSengineer before the onsite visit. All required licenses (Data Domain, Data Protection Advisor, and Avamar) arepresent with the customer before the PS engineer visit. Power requirements for the IDPA rack are in place.The following cables are present: 8 USB (male) to serial (male) RJ45 (male) to serial (female) (Optional) null modem or serial cable if you encounter a problem that requires aserial connection to the Data Domain system CAT6 Ethernet cableThe Putty application is installed on the PS engineer’s laptop.The WinSCP application is installed on the PS engineer’s laptop.The required network and firewall ports for installing IDPA are open on thecustomer network. For more information, see the network ports content in theIDPA Security Configuration Guide.Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
IDPA deployment preparation checklist2.1Install the Network Validation ToolThe Network Validation Tool (NVT) for IDPA runs automated tests to validate the network configuration. Youmust run the NVT for IDPA from a system on the management network. Before you install IDPA, complete thenetwork configuration for the data center. After the network requirements are met for the appliance, you mustinstall and run the NVT to validate the network requirements and deployment of the IDPA in the data center.To download the NVT, and for more information about NVT, see the IDPA support page.2.2Default username and passwords on the IDPATable 2 summarizes the default usernames and passwords that a remote PS engineer requires to log in toand to configure the IDPA.Default username and passwords on the IDPAComponentsUsernamePasswordsVMware ESXi hostsrootIdpa 1234VCSAvsphere.local\Administrator rootIdpa 1234Network switchadminIdpa 1234Initial ACM passwordrootIdpa 1234Data Domain systemsysadminIdpa 1234iDRACrootIdpa 1234Avamar/NDMP acceleratorrootchangemeUse English characters when changing any of the default passwords.Ensure that the password meets the following criteria: Maximum of 20 charactersMinimum of nine charactersMust not start with a hyphen (-)Contains at least one uppercase and one lowercase letterContains at least one numberMust not include common names and usernames like root or adminContains at least one special character, such as:-9period (.)hyphen (-)underscore ( )Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
IDPA deployment preparation checklist2.3License activationTo use all the features of the IDPA server, you must have a license file before deployment of the IDPA server.You can activate the IDPA server using in-product activation or manual activation.2.3.1In-product activationThe in-product license activation enables the ACM to automatically download the licenses for ProtectionStorage, Backup Server, and Reporting and Analytics products from the ELMS server.Note: Ensure that the appliance is connected to a network with a working Internet connection to automaticallydownload the licenses.After you download the licenses, the License tab on the IDPA Configuration page is not displayed. If thelicenses are not downloaded successfully during the network configuration, the License tab is displayed onthe IDPA Configuration page with a Check online for licenses button. You can click Check online forlicenses to download the licenses from the ELMS server.Note: If the system is unable to download the licenses automatically from the ELMS server, an error messagedisplays, and you must manually activate the licenses.2.3.2Manual activationThe manual license activation feature enables you to upload and activate the licenses that you havedownloaded from the ELMS server.The following are the prerequisites: Ensure that you have the email with the License Authorization Code (LAC) letter that you receivedduring the order-fulfillment process.The LAC letter includes the license authorization code (for initial activations, this letter is the serialnumber of the appliance) that is associated with your order. The letter also includes instructions fordownloading software binaries, and instructions for activating the entitlements online through DellEMC Software Licensing Central. For more information, see the Software Licensing CentralActivation, Entitlements, Rehost, and Regeneration Guide.To manually activate the licenses on the IDPA configuration page, complete the following actions.1. In the Welcome page, select the optional components that you must install in the configuration, andclick Next.2. In the License page, complete the following steps for each section (Browse on the ProtectionStorage, Backup Server, and Reporting and Analytics).a. Click the license section. The Open dialog box is displayed.b. Select the license for the respective product, and click Open.The licenses are activated, and a green checkmark appears next to Browse.10Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Network connectivity overview3Network connectivity overviewThe following tables detail the IP addresses required by IDPA for various components. These addresses canbe assigned either as a range of addresses or as individual, noncontiguous addresses. Using a range is thepreferred method because it simplifies the assignment and reduces the chance for errors while you enter theIP addresses. When you use a range of IP addresses during the IDPA configuration, the IP addresses areassigned in a standard order.The following tables are separated to provide model-specific information about the IP address that must beallocated to a component. The first column in each table lists the value that you must add to the first IPaddress in the range.3.1DP4400The IDPA DP4400 has the following tables. Table 3: IP address range assignmentsTable 4: Management IP address range assignments with dedicated backup networkTable 5: Backup IP address range assignments with dedicated backup networkIP address range assignmentsIP range allocationExampleComponentsAssigned field 0192.0.2.1vCenterVMware vCenter Server VM 1192.0.2.2Protection storageDDVE management IP 2192.0.2.3Protection storageDDVE backup IP 1 3192.0.2.4Protection storageDDVE backup IP 2 4192.0.2.5Backup applicationAvamar Virtual Edition Server IP 5192.0.2.6Backup applicationAvamar proxy VM 6192.0.2.7IDPA System ManagerIDPA System Manager VM 7192.0.2.8Reporting and Analytics(optional)Application server host VM 8192.0.2.9Reporting and Analytics(optional)Datastore server host VM 9192.0.2.10Search (optional)Index Master node host VM 10192.0.2.11DD Cloud DR CDRA(optional)CDRANote: For more information about the network and firewall ports that are used in IDPA, see the section“Network ports” in the Dell EMC PowerProtect DP Series Appliance Security Configuration Guide.11Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Network connectivity overviewManagement IP address range assignments with dedicated backup networkManagement IPrange allocationComponentAssigned field 0vCenterVMware vCenter Server VM 1Protection storageManagement IP 2Backup applicationAvamar Virtual Edition Server IP 3Backup applicationAvamar proxy VM 4IDPA System ManagerIDPA System Manager VM 5Reporting and AnalyticsApplication server host VM 6Reporting and AnalyticsDatastore server host VM 7SearchIndex Master node host VM 8DD Cloud DR CDRA (optional)CDRA virtual applianceBackup IP address range assignments with dedicated backup network3.2Backup IP rangeallocationComponentAssigned field 0Protection storageDDVE backup IP 1 1Protection storageDDVE backup IP 2 2Backup applicationAvamar proxy VMDP5800The IDPA DP5800 has the following tables: Table 6: IP address range assignmentTable 7: Management IP address range assignments for with dedicated backup networkTable 8: Backup IP address range assignments with dedicated backup networkIP address range assignment12IP range allocationComponentAssigned field 0Data DomainData Domain management IP 1Data DomainData Domain backup IP 1 2Data DomainData Domain backup IP 2 3Data DomainData Domain backup IP 3 4Backup applicationAvamar Virtual Edition Server IP 5Backup applicationAvamar proxy IP 6IDPA System ManagerIDPA System Manager 7DP Advisor (optional)Application server IPDell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Network connectivity overviewIP range allocationComponentAssigned field 8DP Advisor (optional)Datastore server IP 9DP Advisor (optional)Agent IP 10Search (optional)Index Master node 11DD Cloud DR CDRA(optional)CDRA virtual applianceManagement IP address range assignments for with dedicated backup networkManagement IP rangeallocationComponentAssigned field 0Backup applicationAvamar Virtual Edition Server IP 1Backup applicationAvamar proxy IP 2IDPA System ManagerIDPA System Manager 3DP AdvisorApplication server IP 4DP AdvisorDatastore server IP 5DP AdvisorAgent IP 6DD Cloud DR CDRA(optional)CDRA virtual appliance 7Data DomainData Domain management IP 8SearchIndex Master node 9vCenterVMware vCenter Server VMBackup IP address range assignments with dedicated backup network3.3Backup IP rangeallocationComponentAssigned field 0Data DomainData Domain management IP 1Data DomainData Domain backup IP 1 2Data DomainData Domain backup IP 2 3Data DomainData Domain backup IP 3 6AvamarAvamar proxy IPDP8300 and DP8800The IDPA DP8300 and DP8800 have the following tables: 13Table 9: IP address range assignmentsTable 10: Management IP address range assignments with dedicated backup networkTable 11: Backup IP address range assignments with dedicated backup networkDell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Network connectivity overviewIP address range assignmentsIP range allocationComponentAssignment field 0Data DomainData Domain management IP 1Data DomainData Domain backup IP 1 2Data DomainData Domain backup IP 2 3Data DomainData Domain backup IP 3 4Data DomainData Domain backup IP 4 5Data DomainData Domain backup IP 5 6Data DomainData Domain backup IP 6(DP8800 Only) 7Backup applicationAvamar proxy IP 8IDPA SystemManagerIDPA System Manager 9DP Advisor (optional)Application server IP 10DP Advisor (optional)Datastore server IP 11DP Advisor (optional)Agent IP 12Search (optional)Index Master node 1 13Search (optional)Index data node 1 14Search (optional)Index data node 2 15DD Cloud DR CDRA(optional)CDRA virtual applianceManagement IP address range assignments with dedicated backup network14Management IPrange allocationComponentAssigned field 0Backup applicationManagement IP 1IDPA System ManagerIDPA System Manager 2SearchIndex Master node 3SearchIndex data node 1 4SearchIndex data node 2 5SearchIndex data node 3 6DP AdvisorApplication server IP 7DP AdvisorData server IP 8DP AdvisorAgent IP 9DD Cloud DR CDRA(optional)CDRA virtual applianceDell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Network connectivity overviewBackup IP address range assignments with dedicated backup networkBackup IP rangeallocationComponentAssigned field 0Data DomainData Domain Management IP 1Data DomainData Domain backup IP 1 2Data DomainData Domain backup IP 2 3Data DomainData Domain backup IP 3 4Data DomainData Domain backup IP 4 5Data DomainData Domain backup IP 5 6AvamarAvamar proxy IP 7IDPA SystemManagerIDPA System ManagerThe DP8300 and DP8800 have the following IP address requirements: DP8300: 13 IP addresses which include the following- 1 management IP address5 backup IP addressesDP8800: 14 IP addresses which include the following:-1 management IP address6 backup IP addressesNote: For more information about the network and firewall ports that are used in IDPA, see the section“Network ports” in the IDPA Security Configuration Guide.15Dell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Sizing overview4Sizing overviewSizing the IDPA is the most important activity to complete before the installation process. Sizing the applianceprovides the system administrator with a holistic view of the compute, bandwidth, and storage consumptionfor the workloads that the customer wants to protect using the IDPA.To facilitate the sizing process, the system administrator (SE) and Professional Service (PS) team memberscan use the Solution Builder tool (Dell Technologies internal access only). This tool can generate the sizingreport for the IDPA based on customer inputs and workloads that would be protected using the IDPA.4.1Scalability overviewThe IDPA models are designed to scale up to accommodate changing needs. See the section “Expandingstorage capacity” in the Dell EMC Integrated Data Protection Appliance Product Guide for more informationabout how to add storage capacity. For the DP4400S model with a capacity from 8 TB to 24 TB, you can expand the storage capacity inmultiples of 4 TB increments up to 24 TB. By adding the disk expansion kit, you can also expand thecapacity beyond 24 TB in 12 TB increments.For the DP4400 model with a capacity from 24 TB to 96 TB, you can expand the storage capacity in12 TB increments. You can expand the capacity up to a maximum of 96 TB.You can also expand the storage capacity of the DP5xxx and DP8xxxx models. For more informationrelated to storage capacity expansion, see the section “Storage capacity” in the Dell EMC IntegratedData Protection Appliance Product Guide.Table 12 details the configuration for the IDPA models.Configuration of IDPA models16ModelMinimum capacityMaximum capacityDP44008 TB24 TB24 TB96 TBDP580096 TB288 TBDP8300192 TB720 TBDP8800624 TB1 PBDell EMC Integrated Data Protection Appliance: Configuration Best Practices H18637
Installation overview5Installation overviewThis white paper is designed for personnel who install, configure, and maintain the Integrated Data ProtectionAppliance DP4400. It is assumed that the DP4400 appliance is already racked and stacked in the customer’sdata center before you proceed with the steps in this section.Note: This procedure is applicable for the IDPA DP4400 model. The other models are preconfigured andinstalled by the Professional Services (PS) team.5.1Installing the IDPA preinstallation patchBefore you configure the DataProtection-ACM virtual machine, install the latest IDPA preinstallation patch if itis available.For example: Idpa pre update N.N.N-nnnnnn.zipIn this example, N.N.N is the latest preinstallation patch version, and nnnnnn is the build number.Note: You must install the preinstallation patch before you connect to the DataProtection-ACM using abrowser for the initial configuration.5.1.1Installing the IDPA preinstallation patch on the DataProtection-ACMThe following steps describe how to install the preinstallation patch on the DataProtection-ACM.1. To identify the current version of your IDPA, run the following command:# rpm -qa grep dataprotection2. Go to drivers to see if a preinstallation patch is available for your version of IDPA. If apreinstallation patch is available, download it to your local folder.3. Extract the contents of the file Idpa pre update N.N.N.nnnnnn.zip.The .zip file contains the Idpa pre update N.N.N.nnnnnn.tar.gz patch and an associated ReadMe.txtfile. N.N.N is the latest preinstallation patch version, and nnnnnn is the build number.Note: For more information about installing the preinstallation patch, see the ReadMe.txt file.4. Open the WinSCP or SCP application on the service laptop, and connect to the DataProtection-ACMby performing the following actions:a.b.c.d.e.f.17In the File protocol field, select SFTP.In the Hostname field, enter 192.168.100.100 as the IP address of the DataProtection-ACM.In the Port number field, specify the default port number 22.In the Username field, enter root.In the Password field, enter Idpa 1234.Click Login.D
The Dell EMC Integrated Data Protection Appliance (IDPA) is an all-in-one backup appliance. It reduces the complexity of managing multiple data silos, point solutions, and vendor relationships by simplifying deployment and management. The IDPA delivers powerful, enterprise-grade data protection capabilities for
