SnapProtect Field Guide for HP 3PAR Storage System

August 2012 v1.2

Frank Yoo Product Specialist

Document History
Revision History
Rev. v1.0 v1.1 v1.2 Date December 19, 2011 December 21, 2011 August, 2012 Summary of Changes Initial Release D. Foster Review & Edits [FY]: Revised the area to define the Array S/N matched whats in BOL

CommVault Products - Confidential

August 2012 v1.2

Document History ............................................................................................................... 2

Revision History ................................................................................................................................... 2

SnapProtect Field Guide Objective & Overview ............................................................... 5 HP 3PAR Storage System Overview .................................................................................. 6
Architecture of HP 3PAR ..................................................................................................................... 6 ASIC-based thin storage .................................................................................................................. 7 Virtual Volumes ................................................................................................................................ 7 Virtual Volume LUN exports and LUN masking ............................................................................... 8 HP 3PAR Storage-Systems................................................................................................................. 8

CommVault Integration Requirements for SnapProtect ................................................... 9

Array Software Licenses ...................................................................................................................... 9 Simpana Software ............................................................................................................................... 9 Basic File System Environments ..................................................................................................... 9 Application Environments .............................................................................................................. 10 Virtual Environments ...................................................................................................................... 10 Supported Applications and Operating Environments ...................................................................... 10

SnapProtect Array Configuration Details with HP 3PAR ................................................ 11

HP 3PAR Array Configuration for Clone/Snap .................................................................................. 11 Steps to Configure the HP 3PAR Array............................................................................................. 14 How to define an HP 3PAR Array: ................................................................................................. 14 SnapProtect Storage Policy Configuration ........................................................................................ 15 Create and configure a Storage Policy with a Snapshot Copy: ..................................................... 15

The SnapProtect Process ................................................................................................. 18

SnapProtect Backup Operation ......................................................................................................... 18 Backup Copy Operation .................................................................................................................... 18 Production Host Configuration .......................................................................................................... 19 Application Configurations ............................................................................................................. 19 VMware Configurations.................................................................................................................. 23 Proxy Configuration ........................................................................................................................... 24 Exchange Configuration ................................................................................................................ 24 Oracle Configuration ...................................................................................................................... 25 Verification of Configuration Using SnapTest (for iSCSI / FC) .......................................................... 26

Security & Storage Policy Best Practices ....................................................................... 30

Security Roles ................................................................................................................................... 30 Storage Policies ................................................................................................................................. 31

Manipulating Snapshots ................................................................................................... 33

Mount/Dismount Snaps for Manual Browse ...................................................................................... 34 Reverting a Snapshot ........................................................................................................................ 37

CommVault Products - Confidential

August 2012 v1.2

Application Aware Revert .............................................................................................................. 37 Non Application Aware Revert ....................................................................................................... 39 Out of Place Restore Capabilities (VMware Example) ................................................................... 40

Appendix ........................................................................................................................... 42
Determine the HP 3PAR Array ID ..................................................................................................... 42 There are two ways that you can determine the HP 3PAR Array ID: ............................................ 42 Alternatively, you can obtain the HP 3PAR Array ID using the following formulae: ...................... 43 How to assign a new CPG / Virtual Volume / VLUN to a specific Host ............................................. 44 SnapProtect with HP 3PAR Clone .................................................................................................... 49 SnapProtect with HP 3PAR Snap ..................................................................................................... 51 Snap Reconciliation Registry Key ..................................................................................................... 52

CommVault Products - Confidential

August 2012 v1.2

SnapProtect Field Guide Objective & Overview

The SnapProtect Field Guide provides detailed descriptions for configuring hardware-based snapshot mechanisms with the CommVault Simpana Platform. This guide is an introductory overview of the HP 3PAR storage array with its built in technology and feature sets, along with the licenses and configuration requirements to integrate these controls with CommVault Simpana Platform. This document covers multiple storage environments and use cases in detail with best practices for scheduling and storage policies to achieve consistent results both for recovery and protection needs. Simpana SnapProtect enables a modernized approach to data protection merging hardware storage systems snapshots directly into the protection/backup process. By automatically integrating application intelligence with the array snapshot abilities, Simpana is able to reach through the application and file systems into the storage array and discover volume/disk configurations for the snapshot operations and coordinate these operations with proper application quiesce minimizing administrative configuration and eliminating the any scripting requirements. When a scheduled protection job for the defined application runs, the source system quiesces the selected applications and automatically creates a set of persistent snapshots within the production storage system. With a confirmation of the successful snapshot creation by the host, the workload in the protection job shifts to a secondary proxy server to offload backup operations. This shift releases the production host and it returns to full production side operations. This allows a consistent data image to be created in minutes with RPOs aligning with the frequency of schedule. The Proxy completes the second half of the protection job by reaching into the SAN, mounting the snapshot and automatically indexing and cataloging the file-level contents of the snapshots relative to the production host and the selected contents. Unlike hardware-based snap approaches Simpana extends beyond simply creating or deleting snapshots. SnapProtect blends the speed and efficiency of array snapshots directly into the backup /recovery process offering full system recovery or single file/search and restore. Once the content aware indexing completes, the snapshot is retained in the array as a persistent recovery copy to provide the rapid recovery option to revert or restore the data volumes. The Proxy serves a secondary role after the snapshot executes. The same snapshots will mount and copy the relevant file contents from the snapshot and apply the Simpana data deduplication process to the data during transport to the backup copy destination. The backup copy employs a separate retention than the snapshot allowing aggressive snapshot retention to conserve tier1 space to meet the RTO/RPO needs. As data moves into the backup copy the original indices are preserved and stored along with the data to ensure access from any location. More importantly the backup copy leverages Simpanas data deduplication to move and store less. In light of many of todays new privacy regulations data encryption is a critical feature to apply to data to keep it highly secured from unwanted eyes. A modernized data management system ensures you can take advantage of both benefits at the same time; deduplicating data for reduction while also encrypting it for security without impacting Production Processes. SnapProtect supports the leading SAN/NAS storage solutions from Dell, EMC, NetApp, LSI, HP, SUN, IBM and HDS and this list continues to expand. Please refer to www.commvault.com for the most up to date revision of the supported hardware and software configurations.

CommVault Products - Confidential

August 2012 v1.2

HP 3PAR Storage System Overview

HP 3PAR Inc., originally a manufacturer of system and software for data storage and information management headquartered in California, USA has been wholly owned by Hewlett-Packard since 2010. HP 3PAR led to develop InServ storage server with Utility Storage being one of the major development of storage category in mind, giving a multi-tenant platform on which service providers can deliver both virtualized and scalable enterprise IT as a utility service. HP 3PARs T-series array competes directly with the high-end storage arrays such as the EMC DMX and HDS USP, as well as the F-series to cover the EMC Clariion (CX) and HP EVA ranges. HP 3PAR employs one of the first differentiating Thin Provisioning mechanisms, whereby a fat-to-thin volume conversion is achieved without disrupting any of the operations on the storage system itself. Thin Provisioning allows HP 3PAR customers to use storage on demand and allow for greater storage efficiencies by consuming space as required, limiting wasted capacity. This is NOT a HP 3PAR Administrator/Maintenance Training Guide. Please visit www.hp.com/3par for further training material. (Login Required)

Architecture of HP 3PAR
Each HP 3PAR storage system features a high-speed, full mesh, passive system backplane that joins multiple controller nodes to form a cache-coherent, mesh-active cluster. Within this architecture comes tight coordination among clustered controller nodes paired through custom ASIC, then fiber channel connections from each node in the pair with dual-ported drive chassis owned by the pair. Controller nodes then provide the host connectivity either via iSCSI or SAN:

CommVault Products - Confidential

August 2012 v1.2

ASIC-based thin storage The HP P10k Controllers nodes feature Thin Provisioning built-In technology unique to HP 3PAR, also available in the T-Class and F-Class arrays. The HPs 3PAR Gen4 ASIC feature a fat-to-thin volume conversion algorithm built into the silicon. The capability works with the HP 3PAR software to enable users to take a thick provisioned volume on legacy storage and convert them to thin provisioned volumes on the system on-the-fly. During this process, allocated-but-unused capacity within each data volume is initialized with zeros. The Gen3 and 4 ASICs use built-in zero detection capability to recognize and virtualized blocks of zeros to drive these conversions while maintaining high-level performance. Virtual Volumes There are two types of Virtual Volumes: Base Volume: Considered the original Virtual Volume where it directly maps all the uservisible data. Snapshot Volume: is mapped indirectly to the parents data. When a block is written to the parent, the original block is copied from the parent to the snapshot data space as a Copy-OnWrite model. Once the data has been copied, the snapshot now points to the snapshot reserve area.

Virtual Volumes have three types of spaces: The User Space representing the user-visible space The Snapshot data space used to store modified data associated with snapshots in 16KB pages The Snapshot

Showing below is an example of the Virtual Volume Usage in order and how to define the Copy Space for the clone/snap:

CommVault Products - Confidential

August 2012 v1.2

Virtual Volume LUN exports and LUN masking Virtual Volumes are only visible to a host if they are exported as Virtual LUNs (VLUNs). Virtual Volumes can be exported in three different ways: To specific hosts: The Virtual Volume would be visible to the specified WWNs, irrespective of which port those WWNs appear on. This is a convenient way to export Virtual Volumes to known hosts To any host on a specific port: This is useful when the hosts are not known prior, or in a situations where the WWN of the host cannot be trusted To specific hosts on a specified port: On the system, Virtual Volumes themselves do not consume LUN numbers as they do on some systems. Only VLUNs will consume LUN numbers.

HP 3PAR Storage-Systems
Three different offerings are available for the HP 3PAR storage systems, F-Class being the entry level model, and the P10000 model being the high-end model: Model F-Class F200 F400 T-Class T400 T800 P10k V400 V800 960 1920 800 TB 1.6 PB 96 x 8GB/sec 192 x 8GB/sec 640 1280 400 TB 800 TB 64 x 4GB/sec or 16 x iSCSI 128 x 4GB/sec or 32 x iSCSI Max #Disks 192 384 Max RAW Cap. 128 TB 384 TB Connectivity 12 x 4 GB/sec or 8 x iSCSI 24 x 4GB/sec or 16 x iSCSI

CommVault Products - Confidential

August 2012 v1.2

CommVault Integration Requirements for SnapProtect

Array Software Licenses
CommVault recommends (depending on the application environment) enabling the following Array Software Licenses on the HP 3PAR storage system to integrate with CommVault Software: By default all functionality in the HP 3PAR storage system layer should be enabled (Snapshot capabilities come standard with the current HP 3PAR models). There are no other Array Licenses required. If in doubt, please engage an HP Representative to ensure all of appropriate functionality has been configured properly. HP requires HP 3PAR storage system to have run thru the Storage-System Initialization Utility to have run correctly prior to running any functionality thru the HP 3PAR InForm Management Console. This step is REQUIRED to ensure that the storage system have their designated IP addresses for the array to work correctly. Please engage an HP Representative to ensure HP 3PAR storage system is fully up and functional.

Simpana Software
SnapProtect solutions will require the appropriate data agents as defined by the customer configuration. Below we will define a few terms in use going forward in this document: Production Host Server hosting the actual production LUN for snapshot or clone operations Proxy Host Server mounting the snapshot or clone for backup purposes off of the Production Host Array Hardware Storage Array executing the snapshots File System iDataAgent iDataAgent for protecting the file system of a host and is also a base requirement for most Application iDataAgents. MediaAgent Agent for creating and managing snapshots as well as for writing data to backup targets Application iDataAgent iDataAgents to protect applications such as SQL, Exchange, DB2, SAP and Oracle. Enables Application Aware snapshots to be created when backups are scheduled Virtual Server Agent (VSA) iDataAgent providing protection of Virtualization Environments without installing backup iDataAgents internal to the guests CommVault VSS Software Provider CommVault VSS Software Provider for Windows Guests to allow for programmatic controls of the Windows VSS components

Basic File System Environments As with all configurations, a CommServe, necessary storage capacity, and MediaAgents must exist to enable a completely functional solution. On top of the basic infrastructure components, the SnapProtect base configuration requires the following agents on the Production Host: File System iDataAgent (for the appropriate Operating System) MediaAgent CommVault VSS Software Provider (Windows Only)

For a configuration where snapshots mount off host to a Proxy server, implement the following agents on the Proxy server: File System iDataAgent (Must be similar to Production Host Operating System) MediaAgent

CommVault Products - Confidential

August 2012 v1.2

Application Environments When implementing for Application Environments simply add the appropriate snap supported Application iDataAgent to the SnapProtect base configuration as follows on the Production Host: File System iDataAgent (for the appropriate Operating System) MediaAgent CommVault VSS Provider Software Provider (Windows Only) Application iDataAgent for selected Application o Exchange use the Exchange Database iDataAgent o DB2 use the DB2 iDataAgent o Microsoft SQL use the MSSQL iDataAgent o Oracle use the Oracle iDataAgent o SAP use the SAP iDataAgent

For a configuration where snapshots mount off host to a Proxy server, implement the following agents on the Proxy server: File System iDataAgent (Must be similar to Production Host Operating System) MediaAgent Application specific iDataAgent (Must be the same to Production Host) to enable Proxy Application API (i.e. Exchange Management Pack, Oracle for RMAN integration, etc.)

Virtual Environments The SnapProtect snapshot engines Using a dedicated on the Production individual file and following: with the Virtual Server Agent enables point-in-time snapshots with hardware to provide snapshot functionality for data protection operations of virtual guests. ESX server for selective copy to Tier 2 storage completely removes any utilization ESX farm. The copy operation to Tier 2 storage enables Granular Recovery for folder recovery. To enable SnapProtect for the Virtual Environment ensure the

File System iDataAgent (for the appropriate Operating System) MediaAgent Virtual Server Agent (VSA) iDataAgent

The virtual server Agent may be running as a Hot Add mode guest external to the production farm to eliminate processing. The Virtual Server Agent leverages Proxy capabilities by default with no agents installed on the ESX server.

Supported Applications and Operating Environments

Please visit Books On-Line (http://documentation.commvault.com) for a complete listing of supported SnapProtect Applications and Operating Environments and any potential solution caveats.

CommVault Products - Confidential

August 2012 v1.2

10

SnapProtect Array Configuration Details with HP 3PAR

HP 3PAR Array Configuration for Clone/Snap
To successfully provision storage for SnapProtect using Snap/Clone for HP 3PAR, you require the following steps to successfully create, assign and map logical devices for Production Host use: 1. 2. 3. 4. Create / Register Host that is connected to the HP 3PAR Array Create a Common Provisioning Group (CPG) if required Create / Export a Virtual Volume Create a Virtual Volume LUN for use

Example below, and on the page that follows, shows a HP 3PAR Array ID of 1302965 (3par2.commvault.com) has a CommVault Common Provisioning Group, with a Virtual Volume augpcs01 exported to host augpcs01 and has a provisioned Virtual LUN with LUN ID #13 created:

CommVault Products - Confidential

August 2012 v1.2

11

Also to note that the host augpcs01 has the following information for the iSCSI connectivity to the specified Virtual Volume:

For Snap and Clone to successfully work, we must also provide a CPG that will act as the reserve space for the operations to work correctly from the Virtual Volume properties:

CommVault Products - Confidential

August 2012 v1.2

12

For SnapProtect to function appropriately, Host with visibility to LUNs MUST has been presented appropriately. Further information on whether the LUN has been properly configured for SnapProtect use, please refer to Appendix How to map a new LUN to a Host section to map a LUN appropriately.

CommVault Products - Confidential

August 2012 v1.2

13

Steps to Configure the HP 3PAR Array

Defining configuration properties for arrays leveraged for SnapProtect occurs in the Array Management area of the Simpana Control Panel. Defining the HP 3PAR array can be achieved in two ways and allows execution of snapshot operations during the appropriate backup jobs using the credentials provided. How to define an HP 3PAR Array:

1. Click on the Array Management in the Control Panel:

2. Select Add on the Array Management Dialog Box:

3. Select HP 3PAR from the Snap Vendor list 4. Specify the HP 3PAR ID of the array in the Name. Refer to the Appendix section on how to define a HP 3PAR ID 5. Specify the HP 3PAR InForm Management server IP address for the Control Host 6. Enter the access information for the HP 3PAR Management Server in the Username and Password fields 7. The Device Group is the CPG that you wish to use to store the snapshot information

CommVault Products - Confidential

August 2012 v1.2

14

SnapProtect Storage Policy Configuration

SnapProtect operations require a Primary Snap Copy to house the indexing information for the data retained internal to the snapshots. Any currently defined or newly created storage policy supports the addition of an additional Primary Snap Copy. For detailed information on storage policy creation and the options available for configuration see the online documentation at:
http://documentation.commvault.com/commvault/release_9_0_0/books_online_1/english_us/index/index.html

Create and configure a Storage Policy with a Snapshot Copy: 1. Select a Storage Policy and right click; select All Tasks; select Create New Snapshot Copy

2. Define a unique Copy Name of the newly created Snapshot Copy and define the Library and MediaAgent where the Snapshot Copy Indexing information will be stored:

CommVault Products - Confidential

August 2012 v1.2

15

3. Select the Retention tab and define the retention for the number of days or cycles the snapshot will live internal to the Array and click OK to create the Snapshot Copy within the Storage Policy:

4. The configured Storage Policy will now show both the previously defined Primary Copy and the new Snapshot Copy as seen below:

5. To protect Snapshot data in the Primary Snap Copy to the Primary Storage Policy Copy initiate a Backup Copy to back up the selected jobs. To define which snapshots are marked for inclusion of the backup copy operation, select the previously configured storage policy, right click and go to properties. 6. Select the Snapshot tab. Under the Snapshot tab are the options to define which snapshots generate backup copies. The selective rules allow all snapshot operations to drive a synchronous backup copy or selectively choose snapshots based upon timing or manual select. Any job meeting the rules for backup copy will be mounted on the defined proxy upon executing the backup copy operation.

CommVault Products - Confidential

August 2012 v1.2

16

7. To execute the Storage Policy Backup Copy operation, simply right click on the Storage Policy, select All Tasks, and Run Backup Copy. The Backup Copy dialog box allows for backup copy creation on demand or through a schedule:

CommVault Products - Confidential

August 2012 v1.2

17

The SnapProtect Process

SnapProtect Backup Operation
SnapProtect backups consist of the following operations: 1. The backup job initiates from the CommCell Console via schedule or an on-demand job 2. When the backup job starts, the file system, associated applications, or Virtual Machines properly acquiesce (VSS calls in Windows or through application interfaces such as RMAN to put the DB in a Hot Backup mode). In VMware configurations, vStorage APIs are called to create software snapshots and enable delta file creation for each of the guests targeted as contents of the snapshot. 3. Array API is called to: a. Verify the backup job contents (validating the underlying disk structure for file systems, databases, VM Data stores, etc.. and the required log files) i. Clone: Create and link a temporary Clone Volume to the Production volume, wait for synchronization, mark the linked temporary cloned volume as a separate unexported volume ii. Snap: Create a Snap session for the Production volume b. If not done already, assign the Clone/Snap to the appropriate host in question (either the production or the proxy host) and make a linked copy of the Clone/Snap c. Mount up the linked copy Clone/Snap on the source or the selected proxy host for post snapshot operations (E.g. Scan & Catalog for File System, Integrity checks for Exchange Database & Backup to media if selected). For VMware and RMAN proxy configurations, the Virtual Machines and database files are registered by the proxy application software. 4. Unmount the linked copy Clone/Snap and delete the linked copy, preserving the original Clone/Snap from any modifications This snapshot now provides availability for backup copy operations and high speed restore / mount / revert operations.

Backup Copy Operation

A backup copy operation provides the capability to copy the snapshots of the data to media. You have the ability to enable/disable backup copy operations for a snapshot copy, i.e., once a backup copy is enabled, the snapshots will be copied to media during a Backup Copy operation. Additionally, the snapshots will be copied to media based on the backup copy rules specified for the snapshot copy. A backup copy execution occurs during the SnapProtect backup or at a later time. The backup copy operations can be useful for creating additional standby copies of data. When selecting/deselecting a job for backup copy operations, ensure that all the dependent jobs (for example, incremental, differential, etc.) in the complete backup cycle are selected/deselected as the snapshots are copied to media in a sequential order. If a previously selected snapshot has not been copied to media, a request inline SnapProtect backup job will complete without creating the backup copy due to sequential order in which these copies must be made. An on demand offline backup copy operations must be scheduled for the current backup and the previously non copied job to get the data to backup media. Backup Copy operations mount the selected snapshots in sequential fashion to execute a file system level backup of the snapshots. For Oracle and VMware, the backup copy operations will leverage RMAN and VADP to provide complete object integration (table level restore, single file access, etc.) in to the backup copy store.

CommVault Products - Confidential

August 2012 v1.2

18

During the Backup Copy operation: 1. The snapshot is mounted to the source or proxy host. The mounted snapshot receives commands to scan and backups like a normal file system and the required contents are read. 2. The file system backup is performed to Primary Copy of the storage policy of all defined files. The data is indexed and linked back to the original production host. 3. When the backup copy job is finished, the snapshot is unmounted and retained based upon Snapshot Copy retention settings.

Production Host Configuration

Application Configurations Protecting Application Databases and log volumes through an Array snapshot provide fast access for recovery and many flexible options for data protection. SnapProtect integrates key Application awareness together with the Array and our Platform to deliver all of the benefits of traditional streaming backups with all of the performance and Proxy capabilities of a snapshot. This application awareness allows true log-consistent hot backups with appropriate log management operations based off the contents of the data in the snapshot. SnapProtect aligns all of the log and data base volumes and snapshots using them in concert to provide fast low impact recovery points through the Array without scripts. Before stepping through any configuration steps, deploy the proper agents on the Production Host requiring snapshot integration with the Array. Application environments require: File System iDataAgent (for the appropriate Operating System) The Base agent that manages and protects the file system data from the Production Host. File System contents are supported for SnapProtect operations as well, but it is recommended to define application data sets with the application iDataAgent.

If no supported Application iDAs are available, end-user written Pre and Post Snap scripts can be used to acquiesce the unsupported application successfully for SnapProtect integration. MediaAgent Provides media management capabilities to execute Array functions and provide LAN free access to snapshots for recovery CommVault VSS Provider Provide VSS interaction with the Array and the Simpana Platform to ensure Microsoft Applications are properly acquiesced and protected during the snapshot process Application iDataAgent for selected Application Provides low level application integration for Oracle, SQL, Exchange, VMware, Hyper-V, DB2, SAP, etc. ensuring the appropriate APIs are called when acquiescing and releasing the application during the snapshot operations. This iDataAgent will also align the volumes for snap based off the logical databases or contents defined in the subclient including logs. If five databases all have separate LUNS, and Log Volumes, the application agent will defined the contents appropriately for all ten volumes to be snapshotted together.

CommVault Products - Confidential

August 2012 v1.2

19

The following steps will configure the implemented Virtualization Environment for SnapProtect operations: 1. Enable SnapProtect on the Application Server acting as the Production Host in the CommCell GUI. Right Click on the server name, select All Tasks, and then select Properties. 2. Navigate to the Advanced Tab and check the box marked Enable SnapProtect. This will consume a SnapProtect license from the license key:

3. Browse to the Production Host Application iDA (in this case we are using Exchange Database iDA) and select the desired subclient to enable SnapProtect Operations:

4. Browse to the SnapProtect Operations tab; check the SnapProtect box. Select 3PAR Snap/Clone as the Available Snap Engines:

CommVault Products - Confidential

August 2012 v1.2

20

5. To define Proxy configurations on the SnapProtect Operations tab click on the drop down box next to Use Proxy. This provides available servers to use as the Proxy during the index and backup copy operations. The selected server mounts the Array snapshot when a backup copy operation executes. If the Use source if proxy is unreachable is selected the snapshot will default to the Product Host if the defined proxy server is unreachable for any reason:

6. Ensure the Storage Device tab has a storage policy with a Snap Copy defined and click OK to close the Subclient properties. 7. To execute a Snap Operation for the Application agent, simply schedule or generate a backup request of the previously configured Subclient.

CommVault Products - Confidential

August 2012 v1.2

21

For Exchange Database SnapProtect operations, an ESE consistency check run on the snapshot copy to validate the consistency of the database files. This is enabled by default and can be found and modified under the advanced job options on the scheduled backup operation. It is highly recommended to leave this enabled to provide integrity checks to Exchange messaging environments.

CommVault Products - Confidential

August 2012 v1.2

22

VMware Configurations SnapProtect enables fast protection of large or volatile VMware environments without placing load on the production Virtualization Farm. SnapProtect technology integration with the Virtual Server Agent (VSA) enables the Array to perform backups in minutes even with large numbers of virtual machines and sizable data stores. A dedicated ESX server for Proxy data movement completely removes any utilization on the ESX farm with granular access providing individual file and folder recovery from the secondary tier of storage. Prior to configuring the virtualization environment, deploy the proper agents requiring snapshot integration with the Array. VMware specifically requires more security rights beyond the typical VADP use case. See the Appendix for security details in creating proper security environment for SnapProtect. Virtualization environments require the following agents: Virtual Server Agent (VSA) on the physical server(s) or virtual hot-add guest(s) File System iDataAgent on the physical server(s) or virtual hot-add guest(s) MediaAgent on the physical server(s) or virtual hot-add guest(s)

The following steps will configure the implemented Virtualization Environment for SnapProtect operations: 1. First, enable SnapProtect on the physical or virtual server with the VSA Agent by selecting the server in the CommCell GUI. Right Click on the server name, select All Tasks, and then select Properties. 2. Navigate to the Advanced Tab and check the box marked Enable SnapProtect. This will consume a SnapProtect license from the license key:

3. Browse to the VSA iDataAgent and select the desired backup set and then access the properties on the desired Subclient to enable SnapProtect Operations:

CommVault Products - Confidential

August 2012 v1.2

23

4. Browse to the SnapProtect Operations tab, check the SnapProtect box. Select 3PAR Clone/Snap as the Available Snap Engines. 5. To define Proxy configurations on the SnapProtect Operations tab, below the Proxy ESX Server, click on Select ESX server for snap mount. This opens a dialogue box with the available ESX servers in the environment. Select the desired ESX server to perform the Proxy operations for generating granular backups to disk/tape/cloud. The selected ESX server mounts the Array snapshot when a backup copy operation executes. 6. Ensure the Storage Device tab has a storage policy with a Snap Copy defined and click OK to close the Subclient properties. 7. To execute a Snap Operation for the VSA agent, simply schedule or generate a backup request of the previously configured Subclient.

Proxy Configuration
SnapProtect provides a modernized architecture for handling data protection operations within the datacenter. Proxy capabilities enable an array-based snapshot to mount off-host eliminating backup processes on the production servers and linking indexing information to the original location. Allowing for multiple snapshots from differing servers across high-speed FC and IP networks eliminates any compression, deduplication, and encryption load and centralizes this execution to a dedicated tier of services. Each OS with a SnapProtect client requires a similar OS for proxy (i.e. Windows to Windows, Linux to Linux, etc.) execution. Simpana will automatically link indexing information back to the original host enabling full application protection for recovery purposes. Execution of application integrity checks may also occur on the Proxy servers to validate the data prior to backup creation. For a configuration where snapshots mount off host to a Proxy server, implement the following agents on the Proxy server. File System iDataAgent (Must be similar to Production Host Operating System) MediaAgent Application Specific Binaries for Proxy (i.e. Exchange Management Pack, Oracle for RMAN integration, etc.)

Exchange Configuration Any Proxy configuration interacting with Exchange Databases provides the capability to execute an ESE Integrity check against the Exchange Database. In order to enable the Proxy to validate the Microsoft Exchange database files, install the proper version of the Microsoft Exchange Management Tools from the Exchange installation media on to the Proxy:

CommVault Products - Confidential

August 2012 v1.2

24

Upon implementation of the management tools, verify the implementation of the necessary MediaAgent and File System as well. This enables the Proxy for selection as the Proxy Host in the application Subclient contents. When scheduling the Microsoft Exchange SnapProtect backup operation, click the advanced button. This will bring you to the General Options to enable the integrity check for the Exchange Backup job upon Snapshot Index completion:

Oracle Configuration SnapProtect supports ASM (Automatic Storage Management) and RMAN backups with Array based snapshots. With this support SnapProtect enables RMAN based movement to disk/tape allowing Recovery Manager (RMAN) for the movement to media operation. This however, requires the installation and configuration of the Oracle binaries and the configuration of an Oracle instance on the Proxy server. In order to perform a proxy based SnapProtect backup or restore operation; configure the following on the proxy computer: The Oracle database instance on the proxy machine should be the same version as the source. For example if Oracle 10.2.0.4 is installed on source then the proxy should be 10.2.0.4 ASM instances require configuration for both ASM and the RDBMS instances on the Proxy. The catalog user and the catalog database must be the accessible by the source and the proxy Oracle instances. Best Practice is to mount the snapshots on the same mount point as the source. Best Practice is to ensure that the data and log mount points do not overlap. Before executing any ASM based Snapshot or Movement to media jobs, run the following commands: o cd $ORACLE_HOME/rdbms/lib o gmake -f ins_rdbms.mk ikfed; ensure that KFED utility is specified in the path. After putting the above configurations and considerations in place, the configured server may enable RMAN for tape movement and properly manage ASM databases in a proxy configuration. Table Level restores of SnapProtect data is now supported. Note: It is highly recommended to work with Professional Services to ensure successful implementation of SnapProtect with Oracle databases, especially in Proxy Configuration.

CommVault Products - Confidential

August 2012 v1.2

25

Verification of Configuration Using SnapTest (for iSCSI / FC)

Validation of the SnapProtect configuration prior to running production jobs occurs through the SnapTest utility. This tool is located in the Base folder of the Simpana installation, allows one to check array connectivity and exercise the hardware snap engine to create and remove snapshots. Running this prior to productions routines will validate the configuration is properly defined on the Production Host side. 1. Locate the SnapTest executable in the base directory (..\Simpana\Base\SnapTest.exe) and run it from the Command Line:

2. To prevent automatic reverts / or to prevent automated tests, select Advanced Operation option - 2:

CommVault Products - Confidential

August 2012 v1.2

26

3. Select option 2 for Miscellaneous Task

4. Check if we can send a SCSI inquiry to the storage device by selecting Option 3:

5. Enter the Mount Point for SCSI inquiry. Windows you must enter a drive letter or a mount path (junction point). In a Unix/Linux environment, enter the mount path location not the device name, e.g. /dev/sda. You will now get a result similar to the following:

CommVault Products - Confidential

August 2012 v1.2

27

6. From the Main Menu, choose option 1 - Performance Individual Snap Operations. 7. Select 3PAR Clone or Snap by selecting Option 23 or 24:

CommVault Products - Confidential

August 2012 v1.2

28

8. Exercise the selected Snapshot Engine by selecting Option 1:

This will create a new Snapshot based on the Engine you have selected and will give you the necessary information to confirm all works.

CommVault Products - Confidential

August 2012 v1.2

29

Security & Storage Policy Best Practices

Security Roles
The power of a Storage Array in providing fast full volume recovery changes data architectures and SLA alignment. Any technology providing fast sweeping recovery directly linked to production data can be potentially dangerous without proper controls. Revert operations are perfect for massive data corruptions on productions volumes that require fast recoveries, assuming the proper controls are in place to allow only those who understand what the defined action will do for/to the business. Typical script based tools lack these controls and expose environments to high risk side effects with very little oversight or reporting. A single miss-aligned scripted argument could bring an entire production database environment down and cause catastrophic data loss. Further, restoring data through array based reverts when a single file/database is all that is necessary can destroy entire collections of data resetting the environment back hours or days if done incorrectly. Recent mail, revenue transactions, business data, etc. would all be lost due to a simple mistake in operation Rather than risking the business to make or beat the backup window with scripts or standalone tool sets, an integrated data management platform should provide proper safety controls to allow critical actions to entrust the right users at the right time while ensuring a reporting and audit system to overlay the full end-to-end view. In most medium to large environments, application operational responsibilities, backup, DR, compliance and audit may be distributed functions that need to be coordinated into a single policy. The embedded role based security system native to Simpana automates this function. For Example, a customer may have three specific roles within an operations environment: Backup Admins Application owners (DBAs) Audit & Business Compliance

Each of these roles owns specific responsibilities for managing and protecting the enterprise. Backup Admins are the typical day to day operators with access to perform standard backup and recoveries, manage media, issue reports, etc. However, the Backup Admin Role may not be the right team to execute application level recoveries or have the capabilities to issue array-based reverts for recoveries due to knowledge and awareness of the application architecture. The Application Owner Role is not so concerned about the general day to day backup environment, but is laser focused on the application space they own. They need to know what tools are available to them and who has the capabilities to execute on those toolsets at any time as they manage the applications running the business. Any recovery operations involving their applications, especially powerful techniques such as Array reverts and snapshots must be managed from their group to mitigate any risk to the business. The Audit Role simply needs to eliminate red flag events and provide security, operational, and process proof of who can perform what and how.

CommVault Products - Confidential

August 2012 v1.2

30

To meet this requirement specific roles should be defined solely for the SnapProtect and Application iDAs within the CommCell. An example of this basic security structure as defined in Simpana Security Roles as noted here:

Storage Policies
Managing proper retention on the snapshot copies becomes another critical requirement. Improper retention either increases the amount of tier 1 storage that is holding recovery points, or it causes the snapshots to fall short of fully meeting SLA requirements for the business. Simpanas Storage Policies are broken down into copies for managing retention on the proper tier of storage. In the typical Storage Policy for SnapProtect, three copies will be available, the Primary SnapCopy, the Primary backup to disk copy, and the Offsite disk/tape copy. Properly meeting SLA requirements for the business requires proper alignment for the retention characteristics of each of the storage tiers. For example, SLAs for Sub 24hr RPO/RTO drastically lower the returns on leveraging snapshot technology on copies beyond 48 hours. The typical Best Practice for Storage Policy configuration will change from environment to environment, with the standard retention aligning to the primary recovery time for the SnapCopy with the primary backup to disk and tape copies providing SLA coverage for complete Site based disasters. For Example, with the previous description retention may be set in the following way: Primary SnapCopy 2days & 0 Cycles Primary Disk Copy 28days & 1 Cycle Offsite Disk/Tape Copy 60days & 1 Cycle

CommVault Products - Confidential

August 2012 v1.2

31

This definition allows snapshot retention on a 48 hour rotation providing multiple high-speed recovery points available on the array to meet the SLA requirement. This configuration requires storage space allocation to maintain two persistent days of change for the associated clients. By setting cycles to 0, the removal of old snapshots occurs regardless of success, so proper alerting and monitoring is required. The other recommended option for SnapCopy retention sets the days variable to 0 and focuses solely on the Number of cycles. In this configuration full backups must occur frequently to allow for proper snap management. With this setup, the # of snapshots retained will be determined on the number of cycles configured. The scheduled frequency becomes very important to defining the environment conditions. If eight snapshots execute over a week timeframe, then 7 days of delta change must be available in the Array configuration. If eight Snapshots execute in a 48 hour period, only 48 hours of delta change must be available in the Array configuration. Fully understanding the schedule and process configurations enable making the proper retention setting when keying off of cycles. Improperly setting retention and effects of days and cycles can adversely affect the available recovery scenarios for the business applications. This definition will then enable the Primary and Secondary backup to disk and tape copies. Backup Copies should follow that standard backup schedule for the production (i.e. daily backups should equate into at least one Snap Copy Point in time to drive local and offsite backups). Remember, backup copies will execute synchronously, and the failure to backup Snap Copies to disk/tape will extend the storage requirement on the Array, as the snapshots will not prune until the selected recovery points execute in a Backup Copy to disk/tape copies. Application data will always be consistent on this data movement. Backup Copy operations will always use File System mechanisms to protect the properly acquiesced applications except in the instance of RMAN Proxys in an Oracle configuration. The rest of the data aging follows the standard days and cycles rules for purging off data sets. Snapshots may be deleted from the array due to factors like low disk space on the array, number of snapshots exceeds the threshold etc. and the jobs corresponding to these deleted snapshots can no longer be used for any data recovery or backup copy operations. Use the nRunSnapRecon registry key to start snap reconciliation to check for missing snapshots once in every 24 hours and marks jobs corresponding to the missing snapshots as invalid. See Appendix for detailed information.

CommVault Products - Confidential

August 2012 v1.2

32

Manipulating Snapshots
Part of the value of creating and leveraging snapshot is the flexible options it provides IT in achieve typical tasks by leaning on the high speed storage infrastructure to efficient results. Out of place refresh, single file recoveries, mount and browse capabilities, etc. provide flexibility to executing daily IT operations. The following sections describe how to perform these operations for hosts protected with SnapProtect. 1. Snapshot access is always achieved via right clicking on your defined object and selecting the All Tasks options and selecting List Snaps

2. The snapshot list for the client application is displayed when the List Snaps item is selected. From the dialog several snapshot operations are available.

CommVault Products - Confidential

August 2012 v1.2

33

Mount/Dismount Snaps for Manual Browse

1. After accessing the available snapshots for the selected client, mount the desired snapshot by a right click on the snapshot shown in the menu. Select the mount operation to continue

2. The following dialog appears. Click Yes to continue. On HP 3PAR arrays the mount time rarely will exceed 1 2 minutes.

3. Define the host you wish to mount the snapshot to (this must be a MediaAgent). Ensure the host has the appropriate Storage Zoning to mount this snapshot. If this is an iSCSI volume log in the initiator for this host if not already done, otherwise the mount will fail. For Destination Path, select a mount point. This must be a folder, and is recommended to be a empty folder.

4. Once the snapshot is mounted the following dialog will appear. Click OK.

5. The Snapshot list updates with the current information on the snap which will include the mount path and the updated time of the mount operation.

CommVault Products - Confidential

August 2012 v1.2

34

6. The mounted snapshot can now be accessed from the mount host.

7. Dismount of the snapshot is a simple process. Select the mounted snapshot and use the right click menu to select the Unmount option.

8. The following dialog will appear. Click OK to continue.

CommVault Products - Confidential

August 2012 v1.2

35

9. Once completed the following dialog will appear.

It is important to remember to dismount the snapshot once finished. If a snapshot has been manually mounted it will not be pruned until it no longer is being accessed. Mounted snaps that havent been copied for backup copy will fail on the backup copy operation until they are unmounted.

CommVault Products - Confidential

August 2012 v1.2

36

Reverting a Snapshot
There are two ways to revert a snapshot. One is application aware and one is not. Generally the application aware revert is the mechanism to use. Application Aware Revert 1. An application aware revert is done in the context of a standard recovery. This starts with browsing for the application data to be restored. Click the Browse Backup Data menu item.

2. The backup selection dialogue appears to select the time frame from which the restore will take place. Here the latest backup will be used. Click OK.

3. The browse window will appear from which the appropriate application data can be selected for restore. The entire information store for Exchange is selected. Click the Recover All Selected button.

CommVault Products - Confidential

August 2012 v1.2

37

4. The Recovery dialog box appears. Select the Advanced Button.

5. In the Advanced Dialog check the Use hardware revert option and click OK to the warning dialog to proceed with the revert operation.

This will execute a LUN revert from the Latest Snapshot back to the production Server Some Applications require an overwrite option for any restore to occur including LUN based Reverts. Ensure applications like Exchange and others have the appropriate overwrite settings defined for this to execute properly. ALL FILES and DATABASES will be rolled back to the point in time of the last snapshot. DO NOT REVERT IF NOT ALL DATA REQUIRES TO BE ROLLED BACK TO THE PREVIOUS POINT IN TIME!

CommVault Products - Confidential

August 2012 v1.2

38

Non Application Aware Revert A hardware revert can be done which is not application aware as well. This is done directly from the snapshot list. This process initiates a rollback for the selected volumes instantly to the desired point in time without communicating with applications for graceful restore. This option may be leveraged for file systems and shut down application environments. 1. The process begins by selecting the List Snaps menu item to bring up the list of snapshots dialog.

2. When the dialog appears, select the desired snap and use the right click menu to select the Use hardware revert option to revert the snap. The following confirmation dialog will appear.

3. Validate this operation is correct and type Confirm in the dialog box and click OK to perform the operation. Caution should be taken when using the non-application aware revert functionality as you can corrupt a running application because of this operation. You should be sure that you will not cause any data corruption issues before using this option.

CommVault Products - Confidential

August 2012 v1.2

39

Out of Place Restore Capabilities (VMware Example)

Within the restore process snapshots can be used just like any other media based backup. MediaAgent software and access to the storage array for access to the snap directly is a requirement. Also, the corresponding application agent must be installed on the target for it to be an eligible candidate (if necessary). 1. To restore out of place select the Browse Backup Data option for the desired data set. Select the appropriate time or the latest backup.

2. Depending on the application different options are available for out of place restore. The selected VM will be restored to a different data store with a new name. Browse into the subclient contents and select the data to be recovered out of place. In this case the selection is a Virtual Machine.

CommVault Products - Confidential

August 2012 v1.2

40

3. When the Recover All Selected button is clicked the following dialog appears to direct the restore activity. Note the VM Name. The ability to automatically enable the VM can be done through the Power ON Virtual Machine After Restore box.

4. The Browse Virtual Center / ESX Server for Destination provides out of place selections. Here DataStore_3 is the location for the VM recovery. Select OK, and then OK again on the Restore Options windows to execute the recovery, out of place.

CommVault Products - Confidential

August 2012 v1.2

41

Appendix
Determine the HP 3PAR Array ID
To understand where the HP 3PAR Array identification is brought it, we must first understand how the Storage Management Initiative Specification (SMI-S) is committed to be implemented according to the IEEE OUI (Organizational Unique Identifier). All WWNs have a 24-bit OUI that is purchased from the IEEE (Institute of Electrical and Electronics Engineers) registration authority. Formats of each WWN will have: First 2 bytes are either 10:00 or 2x:xx where X are vendor specific bits, Followed by the 3-byte identifier, And the rest of vendor specific bytes.

There are two ways that you can determine the HP 3PAR Array ID: 2F:F7 is the identifier for target for HP 3PAR. 00:02:AC is the identifier for HP 3PAR arrays as per the OUI from the IEEE The rest of the bytes are identified as per the Serial Number of the system:

From the Serial Number #1302965, we can get the last 4 digits - 2965, in hex this is B95. Adding all the values, you can deduce a HP 3PAR Array ID of 2FF70002AC000B95.

CommVault Products - Confidential

August 2012 v1.2

42

Alternatively, you can obtain the HP 3PAR Array ID using the following formulae: 3PAR Array ID = 2FF7000 + DevID.substr(4,3) + 000 + DevID.substr(12,4) DevID can be found by using the SnapTest.exe tool:

The function substr is for substring, where from (x,y): X: offset of where the entire char* / string starts (starting from 0) Y: length of the substring DevID.substr(4,3) would mean: 2AC here since 2 is the 5th position (0 itself is position 1) within the string highlighted above, and 3 is the length of characters DevID.substr(12,4) would mean: th 0B95 here since the 0 is the 13 position within the string highlighted above and 4 is the length of characters In this example you can deduce the HP 3PAR Array ID of: 2FF7000 + 2AC + 00 + 0B95 = 2FF70002AC000B95

CommVault Products - Confidential

August 2012 v1.2

43

How to assign a new CPG / Virtual Volume / VLUN to a specific Host

This assumes that proper hardware zoning / network configuration has been done for HBA or the Ethernet NIC of server to give visibility to a HP 3PAR array. This example also assumes that you have installed the relevant HP 3PAR Inform Management Console as well. We first start off by creating a new CPG to store the Virtual Volume and possibly allocate the Copy Space for clone/snap operations:

Once created, you can now create a new Virtual Volume under the CPG, either fully / thin provisioned Virtual Volume:

CommVault Products - Confidential

August 2012 v1.2

44

Once added and applied for specific hosts to see the Virtual Volume, we can now create a VLUN that will become a visible LUN to the specific host(s) that will become visible to the exported Virtual Volume:

CommVault Products - Confidential

August 2012 v1.2

45

CommVault Products - Confidential

August 2012 v1.2

46

We have now successfully provisioned a CPG, Virtual Volume and have assigned a specific VLUN to the host augpcs01 with LUN ID of #13:

CommVault Products - Confidential

August 2012 v1.2

47

We can now continue to configuring SnapProtect.

CommVault Products - Confidential

August 2012 v1.2

48

SnapProtect with HP 3PAR Clone

CommVault will always run a Synchronization process to the Clone target volumes. Below shows the original VLUN presented to the augpcs01 host:

In a HP 3PAR system, there is no need for a reserved LUN to be created for the Cloning feature. Instead a Cloned VLUN device will separately be created on the fly:

HP 3PAR Inform Management console shows under the Unexported Virtual Volumes:

CommVault Products - Confidential

August 2012 v1.2

49

When the SnapProtect Job is running, you will notice that with Clone operation requires a synchronisation and is required before the Clone can become a separate Virtual Volume. You MUST also have enough space left in the CPG otherwise the SnapProtect Job will give an error message stating a failure to create a Clone pair. This completes a full HP 3PAR Clone SnapProtect job analysis.

CommVault Products - Confidential

August 2012 v1.2

50

SnapProtect with HP 3PAR Snap

Snapshot does not require an initial synchronisation unlike Clones, as it will only copy if the source volumes blocks are modified based on the Copy-On-Write model. Once a Snapshot has been taken, you will notice in HP 3PAR Inform that we see a new Snapshot created with the CommVault naming convention:

CommVault will utilize the following naming contention for the SnapProtect Jobs for the Snapshot LUN Name:

SP_<commcell id as per the CSDB>_<Job ID>_XXX

You will also notice that there is a child session that ties in with the Snapshot created CV_CHILD. Snapshot child(s) are created based on the snapshot to allow: To effectively allow a duplicate copy of the Snap so that in the event of a separate mount and the information has been modified, there is no hard changes made to the original snapshot Allowing effectively the duplicate to be mounted/unmounted to the source / proxy host doing the cataloging, protecting the original snapshot from any anomalies

Once snapshots cataloged, the child session will be destroyed and only the primary snapshot copy itself will remain. This completes a full HP 3PAR Snap SnapProtect job analysis.

CommVault Products - Confidential

August 2012 v1.2

51

Snap Reconciliation Registry Key

This key validates Simpana created snapshots have not been altered externally to the software invalidating recovery options. Location Windows Unix NetWare Key Value Value Type Valid Range Default Value Created in HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance<xxx>\MediaManager Not Applicable Not Applicable nRunSnapRecon (optional) Not Applicable DWORD 1 or x, where x is any other value than 1 None Client Computer To enable Snap Reconciliation from the Media Manager. When this registry key is set to 1, the snap reconciliation is enabled and the MM will run the snap reconciliation every 24 hours. When this registry key is set to 0, the snap reconciliation is disabled. Also, the absence of this registry key is considered as if the value is set to 0 and hence the snap reconciliation will not be started. N/A SnapProtect Backup

Description

Additional Information Applies To

CommVault Products - Confidential

August 2012 v1.2

52