Technical White Paper

Dell EMC PowerProtect DD Virtual Edition on

Microsoft Azure
Abstract
This white paper explains the steps to deploy and configure Dell EMC™
PowerProtect DD Virtual Edition (DDVE) on Microsoft® Azure.

June 2021

H18832
Revisions

Revisions
Date Description
June 2021 Initial release

Acknowledgments
Author: Charu

The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this
publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.

Use, copying, and distribution of any software described in this publication requires an applicable software license.

This document may contain certain words that are not consistent with Dell's current language guidelines. Dell plans to update the document over
subsequent future releases to revise these words accordingly.

This document may contain language from third party content that is not under Dell's control and is not consistent with Dell's current guidelines for Dell's
own content. When such third party content is updated by the relevant third parties, this document will be revised accordingly.

Copyright © 2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell
Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [6/28/2021] [Technical White Paper] [H18832]

2 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Table of contents

Table of contents
Revisions.............................................................................................................................................................................2
Acknowledgments ...............................................................................................................................................................2
Table of contents ................................................................................................................................................................3
Executive summary .............................................................................................................................................................5
Audience .............................................................................................................................................................................5
1 Introduction ...................................................................................................................................................................6
1.1 DDVE cloud features ..........................................................................................................................................6
1.2 Architecture overview .........................................................................................................................................7
2 Deploying DDVE on Azure ...........................................................................................................................................8
2.1 Prerequisites to deploy DDVE on Azure ............................................................................................................8
2.1.1 Setup the network environment ..........................................................................................................................8
2.1.2 Enable VNet service endpoint to Azure storage .................................................................................................8
2.1.3 Create a container in Azure hot blob storage .....................................................................................................8
2.1.4 Get storage account access key ......................................................................................................................12
2.1.5 Prepare the SSH key pair .................................................................................................................................12
2.1.6 Understanding compute and storage requirements .........................................................................................12
2.2 Deploying DDVE on Azure ...............................................................................................................................13
3 Configuring DDVE on Azure .......................................................................................................................................20
4 Best Practices.............................................................................................................................................................25
4.1 Supportability ....................................................................................................................................................25
4.2 Azure Licensing ................................................................................................................................................25
4.3 Power Control ...................................................................................................................................................25
4.4 Storage best practices ......................................................................................................................................25
4.4.1 Data disk limitations ..........................................................................................................................................25
4.4.2 Expanding DDVE on block storage ..................................................................................................................25
4.4.3 Expanding DDVE on hot blob storage ..............................................................................................................25
4.4.4 Hot blob storage location ..................................................................................................................................26
4.4.5 Create separate account for each DDVE .........................................................................................................26
4.4.6 Disk caching .....................................................................................................................................................26
4.4.7 Converting from evaluation to production .........................................................................................................26
4.5 Security best practices .....................................................................................................................................26
4.6 Network best practices .....................................................................................................................................26
5 Conclusion ..................................................................................................................................................................27
A Technical support and resources ...............................................................................................................................28

3 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Table of contents

A.1 Related resources.............................................................................................................................................28

4 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Executive summary

Executive summary
Dell EMC PowerProtect DD Virtual Edition (DDVE) is a software defined data protection solution which brings
efficient and reliable data protection to remote and branch office, entry-level, and cloud environments. This
white paper discusses the prerequisites, how to deploy and configure PowerProtect DDVE on Microsoft Azure.

Audience
This white paper is intended for Dell Technologies customers, partners and employees looking for options to
protect the workloads hosted on Azure cloud using Dell EMC PowerProtect DDVE.

5 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Introduction

1 Introduction
DDVE is a software-defined data protection solution of PowerProtect DD series appliance, with all the core
differentiating features of DD series.

DDVE runs the DD Operating System (DDOS) and includes the DD System Manager graphical user interface
(GUI) and the DDOS command line interface (CLI) for performing system operations.

DDVE includes the following features:

• High-speed, variable length deduplication for a 10 to 30 times reduction in storage requirements

• Unparalleled data integrity to ensure reliable recovery, and seamless integration with leading backup
and archiving applications
• DD Boost to speed backups by 50 percent
• DD Encryption for enhanced security of data
• DD Replicator for network efficient replication that enables faster time-to-DR readiness

DDVE can be deployed on any standard hardware, converged or hyperconverged, and runs in VMware
vSphere, Microsoft Hyper-V, KVM, as well as in-cloud with Amazon Web Services(AWS)(cloud and gov cloud),
VMware Cloud(VMC), Azure(cloud and gov cloud) and Google Cloud Platform(GCP). DDVE is also certified
with VxRail™ and Dell PowerEdge servers.

DDVE scales up to 256 TB (in-cloud AWS, Azure, and Google Cloud) and up to 96 TB (on-premises) per
instance.

1.1 DDVE cloud features

DDVE provides the capabilities of a cloud DD system using the following resource configuration sizes:

• DDVE on Block storage- up to 16 TB

o DDVE capacity is available in 1 TB increments starting at 512 GB.
• DDVE on Hot Blob storage(recommended) - up to 256 TB

Supported DD protocols:

• DD Boost over IP
• DD Boost FS

Supported DD features:

• DD Boost managed file replication (MFR)

• Encryption
• MTree replication
• DD System Manager GUI for DDVE management
• DD Active Tier (DD Cloud Tier is not supported)
• Secure multitenancy (SMT) with Network Isolation Support
• DD Boost/BoostFS for Big Data
• Key Management Interoperability Protocol (KMIP)
• More restricted IPtables settings
• Azure for Government Cloud

6 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Introduction

Note: DDVE supports these replication capabilities:

• Managed file replication and MTree replication.

• Replication across availability zones and regions.
• Bi-directional replication between on-premises and Azure

1.2 Architecture overview

The following diagram represents the architecture of the DDVE on Microsoft Azure Cloud solution.

1. To keep data traffic between DDVE and Azure storage within the Azure infrastructure, it is
recommended to create an Azure storage service endpoint. The service endpoint keeps DDVE from
depending on a NAT Gateway or Public IP address to access the hot blob container.
2. Dell Technologies recommends a VPN connection to replicate data from an on-premises host to DDVE
in the cloud or the opposite way. This approach keeps data transfers secure.
3. DDVE is categorized as a backend server. It must be kept in a private subnet with a private address.
Never set a public IP address for DDVE.
4. The storage account must be in the same region where the DDVE instance is running. A separate hot
blob storage account with a container is required for each DDVE.
5. All DDVE instances must be secured with the appropriate security group entries.

Note:

• Typically, SSH (Port 22) or HTTPS (Port 443) is used for DDVE inbound access.
• HTTPS (443) must be allowed for outbound Azure hot blob container access for DDVE.
• TCP ports 2049 and 2051 are used for DD Boost and replication purposes.

7 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

2 Deploying DDVE on Azure

2.1 Prerequisites to deploy DDVE on Azure

2.1.1 Setup the network environment

For secure access to the DDVE instance, it is recommended to use the virtual network architecture that Azure
provides. For more details refer Azure Virtual Network concepts and best practices. Setup and configure the
following components:

• Resource group
• Virtual network
• Subnets
• Network Security groups
• Service endpoint for connectivity to Microsoft.Storage

2.1.2 Enable VNet service endpoint to Azure storage

The DDVE object store solution requires network connectivity to the object storage container. To route traffic
directly from the virtual network to the storage service on the Microsoft Azure backbone network, it is
recommended to enable Virtual Network (VNet) service endpoints to Azure storage. By default, the Azure VNet
service endpoints are disabled. It can be enabled on the subnet in the virtual network.

Steps:

• In the VPC pane, click Service endpoint and + Add.

• In the popup window, in the service column, select Microsoft.Storage.
• In the subnet column, select the subnets.

2.1.3 Create a container in Azure hot blob storage

A storage account is required in the same region where DDVE is deployed. Create a separate storage account
for each DDVE.

Steps involved are as follows:

1. Create a StorageV2 account in the same region where DDVE is deployed.

8 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

• On the Basics page, provide details for subscription, resource group, storage account name and
region.

• On the Advanced page, configure the security settings and select the access tier as Hot.

9 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

• On the Networking page, configure network connectivity and network routing details.

• Provide the recovery options in the Data Protection page.

10 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

• Review the summary and click on Create to create a storage account.

2. Create a new hot blob container as the backup storage for the DDVE. Ensure that the container is empty.

• Navigate to the new storage account and to the Blob service section.

11 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

• Select Containers and click + Container. Type a name for the container.

• Set the public access level to Private (no anonymous access) and click Create.

2.1.4 Get storage account access key

The access key of the storage account is required to configure the access from DDVE to Azure hot blob storage.
For more details see Manage storage account access keys.

2.1.5 Prepare the SSH key pair

For secure login to DDVE through SSH, create an SSH key pair. For more information on how to create a SSH
key pair, see How to use SSH keys with Windows on Azure

2.1.6 Understanding compute and storage requirements

Azure provides several types of disk storage with different performance characteristics such as IOPS,
throughput, latency, and so on. Standard HDD is recommended as a cost-effective solution. Premium SSD is

12 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

recommended as a performance-optimized solution. Select the appropriate DDVE virtual machine instance type
according to capacity and workload.

Note:

• Standard SSD is also supported, but it is not the recommended configuration.

• Use the same disk type within a DDVE.
• Other instance types (Standard_F8, Standard_F8s, Standard_D4_V2, Standard_DS4_V2,
Standard_D16_V3, Standard_D16s_v3 and Standard_D32s_v3) are still supported, but the new v4
instance types are recommended.

2.2 Deploying DDVE on Azure

Steps to deploy DDVE from the Azure marketplace:

1. Login to the Azure portal.

• For Azure public cloud: https://portal.azure.com
• For Azure Gov Cloud: https://portal.azure.us
• For Azure China Cloud: https://portal.azure.cn
2. Search for "Dell EMC" to find Power Protect DD Virtual Edition in Azure Marketplace.

3. Select a software plan (DDOS version) and begin the deployment.

4. On the Basic page, configure basic information for the DDVE:
• Resource Group: Specify the resource group for the DDVE.
• Virtual machine name: Enter a name for DDVE. Maximum length is ten characters. For Azure
Gov Cloud, maximum length is six characters.
• Region: For better performance, ensure that DDVE and the storage account are in the same
region. Also create a separate storage account for each DDVE.

13 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

• Availability options: By default, No infrastructure redundancy required is selected. Other

options can be selected based on the infrastructure requirements. For details, see
https://docs.microsoft.com/en-us/azure/virtualmachines/linux/availability.
• Images: This option shows the selected DDOS version.
• Azure Spot instance: Select No. DDVE does not support the Azure spot instance. For details, see
https://docs.microsoft.com/en-us/azure/virtual-machines/spot-vms.
• Size: Specify the DDVE instance type based on the capacity. Select Standard_D4ds_v4,
Standard_D8ds_v4, Standard_D16ds_v4, or Standard_D32ds_v4.
• Authentication type: SSH public key and password authentication are supported. SSH public key
authentication forces a password change at first login.
• Username: Enter sysadmin.
• SSH public key: Copy and paste the SSH public key.
• Password: Enter the password for sysadmin.
• Public inbound ports: Select Allow selected ports.
• Select inbound port: According to the IT and networking practices, select "HTTP (80), HTTPS
(443), SSH (22)" to enable the SSH and UI access to DDVE.

14 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

5. On the Disks page, configure the disk storage for the DDVE.
• OS disk type: Select Standard HDD or Premium SSD based on the requirements.
• Encryption Type: Select (Default) Encryption at-rest with a platform-managed key. If one want
to encrypt the disk at-rest with one’s own managed key, see https://docs.microsoft.com/en-
us/azure/virtual-machines/linux/diskencryption.
• Enable Ultra Disk compatibility: Select No. DDVE does not support this option. For more details,
see https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#ultra-disk.
• Host Caching: Select None.
• For Data Disks, NVRAM disk is added automatically during deployment. Metadata disks can be
added by clicking on Create and attach a new disk or can be added after deployment.

6. On the Networking page, define network connectivity for the DDVE.

• Virtual network: Specify the VNet for the DDVE.
• Subnet: Specify the VNet for the DDVE.
• Public IP: For security, deploying DDVE in a private subnet and leaving the public IP address as
None is recommended.
• NIC network security group: Configure it as the network setup.
• Public inbound ports: Select Allow selected ports.
• Select inbound ports: According to IT and networking practices, select "HTTP (80), HTTPS (443),
SSH (22)" to enable the SSH and UI access to the DDVE.
• Accelerated networking: Select Off.
Note: Azure accelerated networking is not supported in this version of the DDVE.
• Load balancing: Select No.

15 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

7. On the Management page, configure monitoring and management options for DDVE.
• Boot diagnostics: Select On if is required to capture the serial console output of the DDVE to help
diagnose a startup issue.
• System assigned managed Identify: Select Off.
• Enable auto-shutdown: Select Off.

16 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

8. On the Advanced page, this version of the DDVE does not support these options.
9. On the Tags page, a tag can be created or assigned to the DDVE from a resource management and billing
perspective.

17 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

10. On the Review+Create page, verify that the configuration summary for creating the DDVE is correct.

11. Click Create.

The Azure portal starts the DDVE deployment. When the deployment finishes, DDVE can be found in the
resource group. Select Go to resource to view the DDVE instance details.

18 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Deploying DDVE on Azure

12. DDVE instance is running and ready for configuration.

Note: Adding metadata disks in Azure

DDVE uses disks to save metadata.

• Managed disk is recommended. Azure also enables to convert unmanaged disks to managed
disks.
• It is not necessary to shut down the virtual machine before adding metadata disks.
• The metadata disk is not usually resized. To add more storage to the virtual machine, a new virtual
disk can be created.
• Metadata disk capacity—The required metadata capacity varies based on workload. Dell EMC
recommends that metadata capacity be equal to 10% of the total DDVE capacity, which is sufficient
for most workloads. If the workload is using a higher deduplication ratio, consider adding more
metadata disks.
• Licensed capacity—Ensure that the DDVE instance can support the licensed capacity. If the new
licensed capacity is more than the supported capacity of the DDVE instance, upgrade the DDVE
instance.

For more details on adding metadata disks, converting metadata disk types, resizing the DDVE instance refer

Dell EMC PowerProtect DDVE in the Azure Cloud Installation and Administration Guide

19 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Configuring DDVE on Azure

3 Configuring DDVE on Azure

DDVE configuration can be done in two ways, DD system manager (UI) or command-line interface (CLI). In this
white paper, configuring DDVE using DD system manager is discussed in detail.

Steps to configure Azure hot blob storage and create a file system:

1. Log in to the DD System Manager with the sysadmin credentials.

2. Accept the End User License Agreement (EULA). The Configuration wizard opens.

20 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Configuring DDVE on Azure

3. To replace licenses, select Licenses and click Yes (otherwise, the pre-installed 500-GB evaluation license
is used.)

Note: The DDVE pre-installed evaluation license provides 45 days of limited access to DDVE software for
evaluation purposes and may only be used in a non-production environment.

4. Network is already configured. Click No to proceed further.

5. Select File System and click Yes.
6. Select Configure Active Tier > Enable Object Store to configure the Azure hot blob storage.
7. Enter the container name, storage account name, key, and passphrase.
The container can be created through the Azure portal. Ensure that the container is empty when enabling
object store or the operation fails.

ddve-7-6-05container

ddvetrial1

8. Optional: Import the Baltimore CyberTrust Root certificate to communicate with Azure Object Store.

21 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Configuring DDVE on Azure

9. Add the metadata storage.

10. Review the summary and click Submit to create the file system and enable it.

22 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Configuring DDVE on Azure

11. Review the File System creation complete list and click OK.

12. Read about new components that are available in different releases, then click Close.
13. Select Data Management > File System to view space usage and availability details for the hot blob
storage and the local metadata storage.

23 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Configuring DDVE on Azure

14. To configure or update the eLicense on DDVE, select Licenses > Replace licenses.

15. To relaunch the configuration wizard, select Maintenance > System > Configure System.

24 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Best Practices

4 Best Practices

4.1 Supportability
Azure supports interactive serial console, which can help to debug boot up and networking issues, troubleshoot
malfunctioning instance, interact with Grand Unified Bootloader (GRUB), and perform other troubleshooting
tasks. It is recommended to do the following.

• Enable the "Boot Diagnostics" feature during deployment for troubleshooting.

• Enable ASUP in DDVE

4.2 Azure Licensing

The DDVE license is node locked, which means the same license cannot be used on multiple DDVE instances.
To facilitate DDVE license management, it is recommended to use served-mode license if multiple DDVEs will
be deployed.

4.3 Power Control

It is recommended to use DDOS interfaces to power-off or reboot the DDVE instance. If the virtual machine is
powered-off using the Azure interface, it might not shut down cleanly.

4.4 Storage best practices

The virtual disk that is allocated to the virtual machine is discovered automatically. However, it is recommended
to explicitly add it to the DDVE storage active tier and create or expand the file system.

4.4.1 Data disk limitations

• The maximum size of each disk is 4 TB, the recommended size is 1 B for performance consideration.
• VM size determines the maximum number of data disks for the Azure VM instances that DDVE uses. See
Virtual Machine sizes for data disk limitations (the root disk and resource disk that Azure adds are not
counted in this limitation). The NVRAM emulation disk is also counted as one data disk for Azure.

4.4.2 Expanding DDVE on block storage

DDVE capacity can be dynamically expanded by adding more data disks to the instance. Increments of 1 TB
are recommended. When the maximum capacity that the instance supports is reached, it is recommended to
upgrade the VM to a larger size before adding more storage to the system. Do not manually set or change the
spindle group setting when adding storage. DDVE automatically assigns the spindle group.

4.4.3 Expanding DDVE on hot blob storage

The local block storage is used for caching metadata. Based on different workloads, the needed metadata size
varies. Dell Technologies recommends configuring the metadata storage size as 10% of total capacity, which
is enough for most workloads. For workloads with a higher deduplication ratio, more metadata is needed.
Metadata storage can be dynamically expanded. When the metadata storage space usage exceeds 80%, an
alert is raised. Immediately add a metadata disk to the DDVE to avoid running out of space.

25 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Best Practices

4.4.4 Hot blob storage location

When DDVE is used on hot blob storage, ensure that the hot blob storage account and DDVE instance are in
the same region. Configuring the VM and storage account in different regions can result in lower performance
and higher costs.

4.4.5 Create separate account for each DDVE

Azure infrastructure throttles each storage account, and each storage account has its own IOPS and throughput
limits. For best performance, create a separate storage account for each DDVE.

4.4.6 Disk caching

Host-caching is not supported for data disks (DDVE on block storage) or metadata disks (DDVE on hot blob
storage). Changing the cache setting of an Azure disk detaches and reattaches the target disk. For the operating
system disk, the VM is restarted. Ensure to stop all applications and services that this disruption might affect
before changing the disk cache setting.

4.4.7 Converting from evaluation to production

Rather than convert an evaluation version of DDVE to a production version, Dell Technologies recommends a
fresh deployment. If it is required to convert from an evaluation to production version, Dell Technologies
recommends:

• Destroy the existing file system

• Delete small data disks (not the root, NVRAM disks)
• Configure new disks according to the recommendations

4.5 Security best practices

• Avoid public IP address to configure the system.
• For better security, it is recommended to disable authentication that is based on username and password.
If the username-and-password-based authentication is desired, it is recommended to configure a strong
password.
• After protecting the DDVE using secure setup, within DDVE network traffic that enters can be filtered by
using the iptables feature.
• Since the DDVE in AWS is always running in a VPC, the VPC should be configured so that only required
and trusted clients have access to the DD system.

4.6 Network best practices

• It is recommended to use public or private subnet architecture to deploy the DDVE in private subnet.
• It is highly recommended to use VPN connections between different geographical regions (VNets).
• The DDVE object store feature needs connectivity to its object storage, such as to the Azure storage
account container. Because the object store communication is over https, the outbound security group
setting must allow communication over port 443. There are different ways to enable DDVE connectivity to
the object store and the recommended one is using a VNet service endpoint for accessing the Azure hot
blob storage.

26 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Conclusion

5 Conclusion
DDVE can be easily deployed on Azure platform and can protect the applications running on the cloud
environments. DDVE can be up and running in minutes and delivers increased transactional and operational
efficiencies along with high-speed and variable length deduplication.

27 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832

Technical support and resources

A Technical support and resources

Dell.com/support is focused on meeting customer needs with proven services and support.

Storage and data protection technical white papers and videos provide expertise that helps to
ensure customer success with Dell EMC storage and data protection products.

A.1 Related resources

• DDVE on Azure Installation and Administration Guide
Dell EMC PowerProtect DDVE in the Azure cloud

• DDVE Installation and Administration Guide

Dell EMC PowerProtect DDVE on Premises

• Security best practices for Azure solutions

Security best practices

28 Dell EMC PowerProtect DD Virtual Edition on Microsoft Azure | H18832