Professional Documents
Culture Documents
Appliance
Product Guide
2.7
September 2021
Rev. 01
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2017 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Other trademarks may be trademarks of their respective owners.
Contents
Revision history..........................................................................................................................................................................5
Chapter 1: Introduction................................................................................................................. 6
Document scope and audience........................................................................................................................................ 6
Product naming conventions and terminology changes............................................................................................ 6
Product features.................................................................................................................................................................. 7
System architecture and components........................................................................................................................... 9
Detailed configuration...................................................................................................................................................9
Base hardware................................................................................................................................................................9
Embedded software.................................................................................................................................................... 10
System self-protection............................................................................................................................................... 10
Network connectivity overview................................................................................................................................10
Customer Support tasks...................................................................................................................................................12
Contents 3
Shut down Hypervisor manually............................................................................................................................... 51
Troubleshooting startup................................................................................................................................................... 51
Troubleshoot LDAP...........................................................................................................................................................53
Troubleshoot secure LDAP configuration..............................................................................................................53
Verify Internal LDAP password................................................................................................................................ 53
Create internal LDAP password...............................................................................................................................54
Change the ACM DNS..................................................................................................................................................... 54
Credential mismatch.........................................................................................................................................................55
Troubleshoot Protection Software............................................................................................................................... 55
Troubleshooting health monitoring............................................................................................................................... 56
Troubleshooting component software upgrades.......................................................................................................56
Retry upgrade process...............................................................................................................................................56
Advanced troubleshooting (support only).............................................................................................................57
Rollback is Successful................................................................................................................................................ 58
Rollback Failed............................................................................................................................................................. 58
Upgrade log files..........................................................................................................................................................59
Resolve TLS Error After the Firmware Update....................................................................................................60
4 Contents
Revision history
Table 1. IDPA Product Guide Revision History
Revision Date Description
01 September 2021 First release of this document for IDPA
2.7
Revision history 5
1
Introduction
This chapter provides a general overview of the Integrated Data Protection Appliance features and hardware configurations.
Topics:
• Document scope and audience
• Product naming conventions and terminology changes
• Product features
• System architecture and components
• Customer Support tasks
6 Introduction
Table 2. Product naming conventions and terminology changes (continued)
Existing Product/Component Name New Name/Terminology
Cyber Recovery (VM) Cyber Recovery (Service)
Integrated Dell Remote Access Controller (iDRAC) iDRAC
iDRAC Service Module (iSM) / iSM service iDRAC Service Module
Product features
IDPA provides a simplified configuration and integration of data protection components in a consolidated solution.
Integrated solution
The IDPA is an integrated solution that offers complete Backup, Replication, Recovery, Deduplication, Instant Access and
Restore, Search, Reporting & Analytics, cloud readiness with disaster recovery and long-term retention to the cloud, all in a
single appliance. The appliance is available in various configurations based on your requirements and storage capacity. .
● DP4400
● DP5800
● DP8300
● DP8800
IDPA DP4400 model is a hyperconverged, 2U system that a user can install and configure onsite.
The DP4400 includes a virtual edition of Protection Software server ( Protection Software (Service)) as the Protection
Software node, a virtual edition of Protection Storage system (Protection Storage) as the Protection Storage node, Cloud DR,
Data Protection Central as a centralized system management , an (ACM) for simplified configuration and upgrades, Search,
Reporting & Analytics, and a compute node that hosts the virtual components and the software.
DP4400 contains an Hypervisor server , which hosts all these virtual editions of the point products mentioned above.
Other models of IDPA (DP5900, DP8400, and DP8900) are shipped as a complete unit, with hardware components racked
and cabled in the factory. The DP5xxx models have a physical Protection Storage and Protection Software. The DP8xxx
models have a physical Protection Storage and Protection Software component. Installation and initial configuration of the IDPA
(DP5900, DP8400, and DP8900) appliances are completed by Customer Support. In addition to an Protection Software as the
Backup Server node and a Protection Storage as the Protection Storage node, these Integrated Data Protection Appliance
models, include the Data Protection Central, Search, Reporting & Analytics, Cloud DR, compute nodes, a network switch and
an .
NOTE: The Cloud Disaster Recovery node is available in the appliance based on the license that you have.
NOTE: The Cloud DR node is available in the appliance based on the license that you have.
If your organization enables communication through the Internet, as part of the initial configuration of the system, you can
register the IDPA Appliance, Protection Software, Protection Storage and components with Secure Remote Services (formerly
ESRS). The Secure Remote Services is a secure, IP-based, distributed customer service support system that provides Dell EMC
customers with command, control, and visibility of support-related activities.
Centralized management
The Data Protection Central provides advanced monitoring and management capabilities of the IDPA from a single pane of glass
and includes the following features.
● A comprehensive dashboard that allows you to manage and includes information about Protection Software, Protection
Storage, Search, and components.
○ Backup activities
○ Replication activities
○ Assets
○ Capacity
○ Health
○ Alerts
Introduction 7
● Advanced search and recover operations through integration with Search.
● Comprehensive reporting capabilities
● Cloud backups.
Appliance administration
The ACM provides a web-based interface for configuring, monitoring, and upgrading the appliance.
The ACM dashboard displays a summary of the configuration of the individual components. It also enables the administrators
to monitor the appliance, modify configuration details such as expanding the Protection Storage disk capacity, change the
common password for the appliance, update customer information, and change the values in the General Settings panel. The
General Settings panel on the ACM Dashboard allows you to change the LDAP settings, displays the time zones, NTP server
status, external LDAP server status, status of FIPS, and so on. The ACM dashboard enables you to upgrade the system and its
components. It also displays the health information of the Appliance Server and VMware components.
Backup administration
The IDPA uses Protection Software (AVE) servers for the DP4xxx models perform backup operations, with the data being
stored in a Protection Storage system.
You can also add an Protection Software NDMP Accelerator (you must manually configure the NDMP Accelerator) to enable
backup and recovery of NAS systems. For more information about the configuration details, see Configuration options for each
model. The Protection Software NDMP Accelerator uses the network data management protocol (NDMP) to enable backup and
recovery of network-attached storage (NAS) systems. The accelerator performs NDMP processing and then sends the data
directly to the Protection Storage Server (Protection Storage Storage).
Search
The Search feature provides a powerful way to search backup data within the IDPA and then restore the backup data based on
the results of the Search. Scheduled collection activities are used to gather and index the metadata (such as keyword, name,
type, location, size, and backup server/client, or indexed content) of the backup, which is then stored within the IDPA.
Disaster recovery
The Cloud DR is a solution, which enables disaster recovery of one or more on-premise Services to the cloud. Cloud DR
integrates with the existing on-premise backup software and a Protection Storage system to copy the service backups to the
cloud. It can then run a disaster recovery test or a failover, which converts a VM to an Amazon Web Services Elastic Compute
Cloud (EC2) or a Microsoft Azure instance, and then runs these instances in the cloud.
NOTE: Installing Cloud DR components, Search, and (based on ) is optional. Also, if these components are already
configured in your environment, then the appliance can be configured to use the central implementation in your
environment. You do not need to configure the optional components that are bundled in IDPA again.
NOTE: While configuring the network, if you select IPv6 network protocol, then Cloud DR and Search are disabled.
However, the dashboard does not display any data that is associated with external Cloud DR, Search, and . Moreover,
you must manage and configure any such external instances. Also, IDPA does not support local Search and Analytics (not
part of IDPA but are centrally implemented at the customer environment) when these functions are performed by external
implementations.
8 Introduction
Scalability
The IDPA models are designed to be scalable so it can scale up with ever-changing needs. See the Expanding storage capacity
section in the Dell EMC Integrated Data Protection ApplianceInstallation and Upgrade Guide for more information about how to
add storage capacity.
● For the DP4400 model with a capacity from 8 TB to 24 TB, you can expand the storage capacity in multiples of 4 TB
increments up to 24 TB. By adding the Disk Expansion Kit, you can also expand the capacity beyond 24 TB in 12 TB
increments.
● For the DP4400 model with a capacity from 24 TB to 96 TB, you can expand the storage capacity in 12 TB increments, and
you can expand the capacity up to a maximum of 96 TB.
● The storage capacity of the DP5xxx and DP8xxxx models can also be expanded. For more information related to storage
capacity expansion, see #unique_9
The following table details the configuration for the IDPA models.
Unified support
The same Customer Support team supports both the hardware and the software that is used in the appliance.
Detailed configuration
The IDPA is available in the following models:
Base hardware
The following hardware is included with the IDPA models, DP4400, DP5300, DP5900, DP8400, and DP8900:
Introduction 9
Table 5. IDPA hardware (continued)
IDPA models Hardware
DP8300 ○ Single Phase
○ 3-Phase Delta
DP8800
○ 3-Phase WYE
● Three Dell R640 servers
● Dell S4048 48-port switch
NOTE: Ports Fo 1/13, Fo 1/14, Fo 1/51, Fo 1/52, Fo
1/53, and Fo 1/54 are reserved for uplinks to the
network environment.
● Internal cabling
Embedded software
After the initial configuration, the following applications are deployed and configured:
● Appliance Configuration Manager
● Protection Storage for DP4400
● VMware Hypervisor Manager Server
● Protection Software for DP4400 and DP5300.
● Data Protection Central
● Reporting & Analytics (optional)
○ Cloud DR Add-on (optional)
○ Search (optional)
■ Search Index Primary Node
■ Cloud DR Add-on
System self-protection
The IDPA is configured to protect itself from data loss with the backup and storage applications in the system. The system
is protected with self-defined and self-initiated backup jobs that are scheduled daily and have a 30-day retention period. The
system metadata is protected using checkpoint backup to the internal target storage.
NOTE: Backup jobs are related to Services hosted on the IDPA appliance. If one of the servers in the cluster fails, it may
not be possible to take a snapshot of the Service, which leads to backup failure. Once all the three servers in the cluster are
up and running, you must re-enable the backup jobs from the Protection Software UI. For more information on re-enabling
the backup jobs through the Protection Software UI, refer to the Avamar Administration Guide.
10 Introduction
and reduces the chance for errors while entering the IP addresses. When a range of IP addresses is used during the IDPA
configuration, the IP addresses are assigned in a standard order.
The initial deployment of IDPA using ACM supports both IPv4 and IPv6-enabled networks. However, you must manually
configure the dual stack networks.
NOTE: The Search and Cloud DR components do not support IPv6-enabled networks.
The below tables are separated to provide you a model-wise information on the IP address that must be allocated to a
component. The first column in each table under "IP address range assignments" is the value that must add to the first IP
address in the range.
DP4400
IDPA DP4400 model has the following tables:
● IP address range assignments on page 11
● Management IP address range assignments with Dedicated Backup Network on page 11
● Backup IP address range assignments with Dedicated Backup Network on page 12
NOTE: The number of IP addresses required in the IP address range assignments table may vary based on the optional
components you have selected.
NOTE: For more information on the network and firewall ports that are used in IDPA, see Network ports in the IDPA
Security Configuration Guide.
Introduction 11
Table 8. Management IP address range assignments with Dedicated Backup Network (continued)
Management IP Range Allocation Component Assigned Field
+6 Reporting & Analytics (optional) Datastore Server Host Service
+7 Search Index Primary Node Host Service
+8 DD Cloud DR (optional) Data Domain Cloud Disaster Recovery
(DD Cloud DR) Cloud DR virtual
appliance
NOTE: For more information on the network and firewall ports that are used in IDPA, see Network ports in the IDPA
Security Configuration Guide.
12 Introduction
2
Monitor and manage the appliance
This chapter introduces the features and functionality of the ACM dashboard.
Topics include:
Topics:
• About the ACM dashboard
• Start up the IDPA
• Access components with a browser
• User accounts for components
• Change passwords and synchronize components
• Monitor the Storage Pool cluster
• Configure IDPA to use specific interfaces for replication
The initial view displays the Home page and tabs for Health and Upgrade.
Logging out
Click the Logout button.
The Secure Remote Services (SRS) is a separate application that can be installed and deployed. For more information on
SRS such as overview, documentation, and so on, see https://support.emc.com/products/31755?siteLocale=en_US.
You can configure the Secure Remote Services present under the General Settings panel. If the Secure Remote Services
is not configured, you can configure it by clicking the Edit icon.
NOTE: Protection Storage cannot be managed by the Protection Storage Management Center (DDMC) instance.
The DPC supports single sign-on (SSO) for Protection Storage. See the Enabling and disabling SSO and Configuring Single
Sign-On (SSO) groups sections of the Configuring SSO authentication topic in the Dell EMC DD OS Version 7.2 Administration
Guide to configure SSO from the DPC.
When using the internal IDPA secure LDAP server, use the following credentials while performing the steps described in the
Configuring Single Sign-On (SSO) groups section of the Dell EMC DD OS Version 7.2 Administration Guide.
1. In the User Group field, specify: dp_admin
2. In the Domain name field, specify: idpa.local
3. In the Management Role list, select: admin
Prerequisites
NOTE: Adding licenses to expand the storage directly from the Protection Storage user interface is not supported.
Steps
1. In the Protection Storage panel, mouse over the gear icon on the top right and click the Expand storage.
The Storage expansion and license upgrade wizard appears.
2. Click Browse and select the required license files for the additional storage.
3. Click Expand.
Results
After several minutes, the dashboard reflects the increased storage capacity. For detailed information on how to expand the
storage capacity, see the #unique_24.
Prerequisites
Username criteria:
● Minimum of 1 character and a maximum of 31 characters
● Must not contain any special characters other than hyphen (-), underscore (_), and period (.)
● Can contain the following:
○ A lower case alphabet
○ An upper case alphabet
○ A digit
○ Hyphen (-), underscore (_), or period (.)
● Can start and end with an underscore (_)
● Must not start and end with hyphen (-) and period (.)
Password criteria:
● Minimum of 9 characters and a maximum of 20 characters
● Must not start with a hyphen (-)
● Must not contain any special characters other than hyphen (-), underscore (_), and period (.)
● Must contain at least one of the following:
○ A lower case alphabet
○ An upper case alphabet
○ A digit
○ Any of the special characters; hyphen (-), underscore (_), and period (.)
● Password must not include common names and usernames like root or admin
● Password must not end with a period (.)
● Password can contain a maximum of three consecutive repeated characters
● Ensure that the password is not based on your personal login information. For example, there must not be any common
character string between the username and password.
Results
The Security Officer user is successfully created.
NOTE: The customer must separately manage the Security Officer user password. The Appliance Change Password
functionality does not change this password.
Prerequisites
NOTE: Protection Storage cloud storage units must be pre-configured on the Protection Storage system before they are
configured for cloud tier in the Protection Software UI.
See the latest Dell EMC DD OS Administration Guide and the latest Avamar Data Domain System Integration Guide available on
our support site (https://www.dell.com/support) for more information on this.
Steps
1. On the ACM home tab, click the Protection Storage Data Protection Central link.
The Data Domain System Manager GUI is displayed.
2. Follow the Importing CA certificates procedure in the latest Dell EMC DD OS Administration Guide .
After importing the certificate, close the Protection Storage Data Protection Central.
3. Connect to the user interface through Data Protection Central.
The Avamar Administrator GUI is displayed.
4. Follow the Add or edit a Data Domain system to support cloud tier procedure in the latest Dell EMC DD OS Administration
Guide or the latest Avamar Data Domain System Integration Guide.
NOTE: The ACM makes the step that refers to Adding a Data Domain system unnecessary. To learn how to access the
Edit Data Domain System dialog box, refer to Editing a Data Domain system.
5. Follow the Creating a new tier group procedure in the latest Avamar Data Domain System Integration Guide.
6. To verify your configuration, click the Activity launcher button in Avamar Administrator and review the list of session on
the Activity Monitor tab.
Search panel
The Search panel displays the Search version, IP address for the Index Primary node, and any alerts that require your action. To
load the Search console, click the Search link.
Hover over Services to view the status information for Search services.
If Search is not configured during the initial configuration process, the panel displays a message indicating Search is not
configured. To configure the Search node, click the message. The Search Configuration screen appears. On the Search
Configuration screen, provide the required IP address and click Configure.
IDPA supports the use of an external Search node if you are running a corporate deployment of the Search instance. However,
the Search panel on the IDPA dashboard (ACM) does not display any data that is associated with the external Search
separately. IDPA does not support local analytics and search functions when external instances of Search are used. Moreover,
if you are using an external Search instance, you must configure and manage any such external instances as external instances
cannot be configured and managed through the ACM.
Cloud DR panel
The Cloud DR panel displays the Cloud DR version, and alerts that require any action. To load the Cloud DR console, click the
Cloud DR Web UI link.
IDPA supports the use of an external Cloud DR if you are running a corporate deployment of the Cloud DR instance. However,
the Cloud DR panel on the IDPA dashboard (ACM) does not display any events or data that is associated with the external Cloud
DR separately. Moreover, if you are using an external Cloud DR instance, you must configure and manage any such external
Cloud DR instances as external instances cannot be configured and managed through the ACM.
If Cloud DR is not configured during the initial configuration process, the panel displays Click to configure Cloud DR, indicating
that Cloud DR is not configured. To configure the Cloud DR node, click the message. The Cloud DR Configuration screen is
displayed. On the Cloud DR Configuration screen, provide the IP address and click Configure.
NOTE:
● Do not change the Protection Software root user password before configuring Cloud DR from the dashboard.
● Do not change the Protection Storage boost user password before configuring Cloud DR from the Dashboard.
● If a cloud account and email address are not configured during the Cloud DR configuration, the Cloud DR Login page
does not work. You must configure a cloud account and email address manually in Cloud DR.
Once the above steps are successful, the Updating Data Domain message is displayed. It may take some time to update
the Data Domain settings.
Prerequisites
● You have logged in to Cloud DR as administrator.
● You have an AWS account that is already configured before connecting to the cloud account.
NOTE: IDPA does the Cloud DR configuration automatically.
Steps
1. Click Cloud Account on the menu bar.
The Connect to Cloud Account page appears.
2. Click Add Cloud Account.
3. In the Connecting to AWS Cloud account dialog box, enter the access key and the secret key for the AWS account.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html provides information about obtaining
the access and secret keys.
4. To copy the IAM policy, click Copy IAM Policy.
This action copies to the buffer a JSON version of the minimum AWS user account permissions that are required for Cloud
DR implementation, which can then be applied to AWS to set the permissions policy for the AWS user.
5. To view the Identity and Access Management (IAM) policy that represents the minimum AWS user account permissions that
are required for Cloud DR implementation, click Show IAM Policy.
6. To save the AWS cloud account, click Verify & Save.
The Cloud DR verifies that the account exists before saving the cloud account information and closing the Connecting to
AWS Cloud account dialog box.
NOTE: When you have provided credentials to an AWS account, you cannot change to another AWS account.
Steps
1. Click Cloud Account on the menu bar.
The Connect to Cloud Account page appears.
2. Click Add Cloud DR Target to set up one or more Cloud DR targets on the cloud account.
The Cloud DR target is the S3 bucket on AWS where data is written when Services are backed up to the cloud. The Cloud
DR Server is deployed on one of the targets.
The Add Cloud DR Target dialog box opens.
3. Enter a name for the Cloud DR target.
The name entered here appears in the Protection Software Administrator when creating a Cloud DR backup policy.
4. Select an Amazon S3 bucket for the Cloud DR target.
5. Click Advance security option and select an encryption method:
Option Description
SSE-S3 Default encryption (no cost)
SSE-KMS Key management service encryption (incurs a cost)
NOTE: If you select the SSE-KMS encryption method, only the default customer managed key is supported. Changing
the encryption key might cause errors with the files in the Amazon S3 bucket.
Prerequisites
● Cloud DR targets are required in the AWS account before performing this task. Connect to the cloud account and add Cloud
DR targets on page 19 contains information about adding Cloud DR targets to the AWS account.
● AWS Marketplace terms must be accepted before deploying the Cloud DR Server.
Steps
1. Click Cloud DR Server on the menu bar.
● If no Cloud DR Server has been deployed, the Deploy Cloud DR Server page appears.
● If the Cloud DR Server has already been deployed, the Cloud DR Server page appears. You cannot deploy additional
Cloud DR Server instances.
2. In the Cloud DR Server Configuration section, select the Cloud DR target on which to deploy the Cloud DR Server.
3. To allocate IP addresses for the Cloud DR solution, provide the IPV4 CIDR Range.
4. In the User Configuration section, enter and confirm passwords for the Cloud DR Server Admin and Cloud DR Server
Monitor users.
The passwords must:
● Be at least eight characters in length
● Contain characters of a minimum of three of the following types:
○ English uppercase: A-Z
○ English lowercase: a-z
○ Numeric character: 0–9
Results
When the Cloud DR Server is deployed, connect to the Cloud DR Server by clicking the Cloud DR Server hostname.
Steps
1. In the Cloud DR Server user interface, select Protection > VM Protection in the navigation pane.
The existing protected Services appear in the right pane. The Rapid recovery image column indicates whether the Service
is enabled for rapid recovery.
2. Select one or more Services and click Create Rapid Recovery Image.
Results
● The Cloud DR Server creates the AMI and removes any previous AMI for an earlier copy.
● You can verify the results by reviewing the Rapid recovery image column.
● You can disable rapid recovery for a Service by selecting it and clicking Disable Rapid Recovery Image.
● You can monitor the protection status and its progress by reviewing the Protection status column.
NOTE: Ensure that when you set up Disaster Recovery for client Services that need to be restored on the cloud using
Cloud DR, the OS version on the client Services must be supported by AWS at the time of restore. While performing a
recovery to AWS, if the kernel version of the OS on the client Services is not an AWS supported kernel version, then the
recovery activities fail with an error message.
Prerequisites
To perform a DR test or failover of a Service by using the Cloud DR Server interface, you must have instances of Services that
are backed up by the on-premises backup software and copied to the cloud.
Steps
1. In the Cloud DR Server user interface, select Recovery > VM Recovery
You can also open the VM Recovery page from the dashboard by clicking See All in the Recovery pane.
The VM Recovery page appears.
2. Select the Service you want to recover and click DR Test or Failover.
If you click Failover and the Service has never been tested, a message prompts you about this condition. Running a DR test
is recommended before implementing a failover. The message also recommends that you shut down the production Service
to avoid a possible data loss that is caused by accidental user access.
Click Select Copy to continue.
3. On the Copy and Network window, select the Service copy and the network where you want to launch the EC2 instance.
The Advanced Options section at the bottom of the window indicates the auto-selected EC2 instance type and security
group to use for the recovery process.
4. If you do not want to use the auto-selected EC2 instance type or security group, expand Advanced Options and select an
alternate EC2 instance type and one or more security groups.
5. Click Start DR Test or Start Failover.
Results
The recovery process begins and you can monitor progress on the DR Activities page. During the recovery process:
1. If the Service is not enabled for rapid recovery, a temporary Restore Service instance is launched in each region where
recovery is needed. This instance performs hydration during recovery, and is automatically terminated after 10 minutes of
idle time.
2. The Cloud DR Server then converts the VMDK to an AMI and launches an EC2 instance that is based on the AMI.
3. When the EC2 instance is running, the Cloud DR Server deletes the VMDK and AMI.
Steps
1. Click the Edit icon next to the value you want to modify.
a. Enter the name of the administrator in the Admin name field and click Save.
b. Enter the contact number of the administrator in the Admin contact number field and click Save.
c. Enter the name of the company in the Company Name field and click Save.
d. Enter the location of the IDPA in the Location field and click Save.
e. Enter the site ID of the IDPA in the Site ID field and click Save.
2. Click the Gear icon and select Email Configuration.
The Email Configuration dialog box appears.
a. Enter the SMTP server IP address in the SMTP server field.
b. The Port field is auto populated and specifies the default SMTP port.
c. Enter the email address in the Administrator email field.
The system sends an email alert to this email address when the system encounters a critical or fatal error.
d. Click Test Email to send an email to the address that you have specified.
e. Click Configure.
The system saves the changes that you have made to the email configurations.
Verify Site ID
You can verify your Site ID number on the Online Support website.
Steps
1. Log in to the Online Support website with your credentials.
2. Select Service Center.
3. On the Service Center page, below the Sites and Contracts area, click Administer a Site.
4. Ensure that the site where the storage system is installed is listed in the My Sites area.
NOTE: You can also search for a site and add it to the My Sites list. If a site ID is not available or the correct site ID is
not listed, you must notify your local field representative to request one.
Steps
1. In the General Settings panel, click the gear icon and select the setting that you want to change.
2. Select or type a new value:
● Time zone - Select the time zone from the list and click Save. The time zone is updated for the Protection Software,
Protection Storage, Reporting & Analytics nodes, and Search nodes, the ACM, and the Hypervisor Manager host server.
NOTE: If this setting is changed, the Protection Storage node restarts automatically.
● External LDAP - See Configure the external LDAP environment on page 24 for more information.
● Secure Remote Services - Enter the SRS gateway IP address and your RSA Secure ID credentials, then click
Configure.
● NTP server IP address - To change the Gateway IP address, see Change the NTP server IP address on page 26.
● Configure DNS - To change the primary and secondary DNS server IP address, see Change the DNS server on page 26
● FIPS Mode - Federal Information Processing Standards (FIPS) can be enabled on IDPA appliance. By default, the FIPS
mode is disabled. See the IDPA Security Configuration Guide for more information about enabling FIPS mode.
Steps
1. On the ACM dashboard, in the upper right corner of the General Settings panel, select the Configure external LDAP
option from the gear icon drop-down menu.
The LDAP settings dialog box appears.
2. In the LDAP settings dialog box, do the following:
a. In the LDAP type field, select AD or OPENLDAP.
b. Select the Secure LDAP checkbox to verify that the LDAP is secure.
c. In the Server hostname field, enter the LDAP server hostname.
d. In the Domain name field, enter the domain name.
● The domain to which the Server hostname belongs should be the same as the Domain name specified.
● The domain name can be alphanumeric characters and special characters.
e. In the Query username field, enter the query username.
The query username can be alphanumeric characters and special characters (-, _, ., ,, and =).
f. In the Query password field, enter the query password.
Steps
1. In the ACM dashboard, go to the General Settings panel, and click the Configure external LDAP option in the Gear icon
drop-down menu.
2. Select Update External LDAP password.
Only the Query password field is accessible after you select this field.
3. Enter the new password for the LDAP query user, and click Validate.
4. Click Save to save the new password.
The password is changed for all the appliance components configured with LDAP.
Steps
1. Update the LDAP settings from the ACM dashboard using the following values:
● LDAP type: OPENLDAP
● Secure LDAP: Checked/selected
● Server hostname: <ACM_HOSTNAME_FQDN>
● Domain name: dc=idpa,dc=local
● Query username: uid=idpauser,ou=People,dc=idpa,dc=local
● Query password: <Internal LDAP user account password>
● Admin groupname: dp_admin
● Port number: 636
2. Connect to the ACM by using an SSH client.
3. Modify the following settings in the /usr/local/dataprotection/var/configmgr/server_data/config/
commonconfig.xml file:
Prerequisites
Ensure to verify the following before changing the NTP server IP address:
● The new IP is valid and reachable from all the appliance components.
● Private network IP is used to connect to the ACM dashboard UI.
● IP address is in the same network or subnet mask.
Steps
1. In the General Settings panel, click the Gear icon and select Configure NTP.
The Update NTP window is displayed.
2. Enter the IP address in the NTP server IP address field.
3. Click Save.
The system validates the NTP server IP address, and the Update NTP window displays the progress bar with the NTP
update status.
● If the validations are successfully, the status displays as Completed.
● If the validations fail, the status displays as Failed.
4. Click Finish.
If the validations fail or if there is any error, see the pre-requisites section to resolve the errors, and start the procedure
again.
NOTE: If NTP update fails for a component, the other remaining components on which the new NTP is set are also
rolled back to the previous NTP.
The General settings panel displays the new NTP server IP address, and it is also successfully updated on all the
components.
Prerequisites
Ensure to verify the following before changing the DNS server IP address:
● Forward and reverse lookup for the new DNS server IP address
● OS FQDN for the new DNS server IP address
● The new DNS server must have the same IP-FQDN mapping as in the existing old DNS server for all the IPs used by the
appliance components.
● No components with out of sync error
Steps
1. In the General Settings panel, click the Gear icon and select Configure DNS.
The Update DNS server window is displayed.
2. Enter the IP address in the Primary DNS server IP address and Secondary DNS server IP address fields.
3. Click Save.
The system validates the DNS IP address, and the Update DNS server window displays the progress bar with the DNS
update status.
● If the validations are successfully, the status displays as Completed.
● If the validations fail, the status displays as Failed.
4. Click Finish.
If the validations fail or if there is any error, see the pre-requisites section to resolve the errors, and start the procedure
again.
The General settings panel displays the new DNS IP address, and it is also successfully updated on all the components.
Prerequisites
Ensure to verify the following before changing the gateway IP address:
● DNS, NTP, SMTP, LDAP, and all the components are reachable through this gateway.
● Private network IP is used to connect to the ACM dashboard UI.
● Gateway IP is in the same network or subnet mask.
● For DP5xxx and DP8xxx models, if VLAN changes are required, then it has to be updated on TOR switch, Hypervisor nodes,
and Protection Storage before changing the gateway.
Steps
1. In the General Settings panel, click the Gear icon and select Configure Gateway.
The Update Gateway window is displayed.
2. Enter the IP address in the Gateway IP address field.
3. Click Save.
The system validates the gateway IP address, and the Update Gateway window displays the progress bar with the gateway
update status.
● If the validations are successfully, the status displays as Completed.
● If the validations fail, the status displays as Failed.
4. Click Finish.
If the validations fail or if there is any error, see the pre-requisites section to resolve the errors, and start the procedure
again.
The General settings panel displays the new gateway IP address, and it is also successfully updated on all the components.
Prerequisites
● Ensure that there are no ACM dashboard operations in progress, such as password change, NTP update, and so on.
● The delete functionality is available only if the appliance has any optional components that are configured.
Steps
1. Go to the ACM dashboard.
2. Select any of the following optional component:
● Data Protection Central
● Reporting & Analytics
● Search
● Cloud DR
3. Click the gear icon of the corresponding optional component.
Each component panel has the gear icon at the top right side.
4. Select the Delete option.
For example, to delete DPC, select Delete DPC.
5. Click Yes on the confirmation window.
The delete operation successfully deletes the corresponding optional component.
6. Click OK.
WARNING: Once you delete the optional components, any data associated with it is permanently deleted.
Also, once you delete them, you will not be able to harness or use the features or functionalities provided by
them.
Prerequisites
● Ensure that there are no backup jobs running on the Protection Software Backup Server.
○ If there are backup jobs running on Protection Software Backup Server when the IDPA appliance shutdown operation is
in progress, the shutdown operation waits for the Protection Software jobs to complete with the status Waiting for
shutdown of Backup Server.
○ It is recommended that you wait for the backup jobs to complete. However, if you must shut down the appliance
immediately, and then you must log in to the Protection Software UI and cancel the backup jobs that are in progress.
● Shutting down IDPA requires physical intervention or the use of iDRAC to restart the system. If you are remotely shutting
down the IDPA appliances, ensure that either you have physical access to the system or have configured iDRAC on the
system.
Steps
1. On the ACM dashboard Home tab, click the Shutdown Appliance icon.
2. Enter the ACM root password, and click Yes.
The appliance shut down progress is displayed.
The IDPA appliance shuts down the components in the following order:
● Protection Software
● Search
● Reporting & Analytics
● Data Protection Central
● Cloud DR Agent
● Protection Storage
● Appliance Configuration Manager
Health
The Health tab displays status information and alerts for the server hardware and the virtual infrastructure components of IDPA
including Hypervisor Platform alerts from Hypervisor servers.
Health monitoring provides information on Hypervisor Manager certificate renewal success and Hypervisor/Hypervisor Manager
filesystem health. The Integrated Data Protection Appliance automatically renews self-signed and CA signed Hypervisor
Manager certificates.
The IDPA uses Secure Remote Services to automatically send critical and fatal events to Customer Support for troubleshooting
(events are sent only for the IDPA, Protection Software, Protection Storage, and Reporting & Analytics). A support ticket is
opened based on the events that are received. Critical and fatal events are sent to Customer Support either after 30 min
have elapsed, or when 30 events have accumulated, whichever occurs first. The appliance also automatically emails Customer
Support basic appliance configuration information to aid in troubleshooting scenarios.
By default, all events are deleted after 30 days. If no events have occurred in the selected time period, the Event Summary
and Event Details panel indicate that there is no data available.
Event Summary
The Event Summary panel displays a summary of the status events on the appliance, which is grouped by Device and
Severity.
To refresh the data displayed on the Health page, click the Refresh icon beside the Event filter list.
NOTE: The application refreshes the data based on the filters that you have selected.
To change the time period for which events are displayed, select an option from the Event filter list. Selecting Today lists
events that have occurred from midnight to the present.
To show only events for a specific device or of a specific severity in the Event Details panel, click the corresponding wedge in
the chart.
Event Details
The Event Details panel displays a list of the status events on the appliance. Use the Component, Component Name, and
Severity lists and click Search to filter the events and display the details of each event. To read more detailed information
about an event, click its table entry. To export the list as a .CSV file, click the CSV icon.
To clear the options selected in the filters, click Reset.
Troubleshooting
If a critical component of the health monitoring function is not working, the panels indicate that the service is down and an
error message is displayed at the top of the page. For more information about how to resolve issues with the Health tab, see
Troubleshooting health monitoring on page 56.
You can modify the storage capacity threshold in the HealthmonitorConfig.properties file that is located at /usr/
local/dataprotection/customscripts/ in the ACM service, so that the system can send an email alert once the
storage capacity reaches the specified value.
To update the storage capacity threshold in the HealthmonitorConfig.properties file, perform the following steps:
Steps
1. Go to /usr/local/dataprotection/customscripts/ on the ACM service and open the
HealthmonitorConfig.properties file.
2. Locate the entries which have shm.<product/product partition>.used_space_percentage=xx and set the
percentage value.
Where, xx is the percentage value that you set.
For example, shm.avamar.boot.used_space_percentage=90 or
shm.dpa.app.server.root.used_space_percentage=90.
3. Save and close the HealthmonitorConfig.properties file.
Upgrade
The Upgrade tab allows an administrator to update the IDPA software. For more information about how to upgrade the IDPA
software, see the Upgrade to Integrated Data Protection Appliance 2.7 section in the Dell EMC Integrated Data Protection
Appliance Installation and Upgrade Guide for DP4400 and the Dell EMC Integrated Data Protection Appliance Field and
Professional Services Deployment Guide for DP5900, DP8400, and DP8900 Guide for the DP5xxx and DP8xxx models.
Steps
1. Power on IDPA system.
2. Power on the NDMP accelerator or accelerators if they are included in the configuration.
NOTE: Do not continue until both Protection Storage and all NDMP accelerators are fully initialized. To verify that the
Protection Storage system is fully initialized, log in to the IDPA system using sysadmin as the username , and for
password, use the common password. Check the file system status using the filesys status command. The file
system should be up and running. To verify that the NDMP accelerators are fully initialized, connect to the accelerator
node using SSH.
3. For configurations with a physical Protection Software implementation, power on the utility node and storage nodes.
This step is not necessary for configurations with virtual Protection Software.
4. Login to the Protection Software Admin GUI to ensure that the appliance is powered on and Protection Software is fully
initialized.
5. On other IDPA models, power on each of the Hypervisor servers, moving from the bottom Hypervisor server to the top.
Results
The remaining process finishes automatically. Once the Hypervisor servers are powered on, IDPA automatically starts all other
components.
NOTE: After IDPA starts successfully, you can connect to the ACM dashboard and monitor the progress of the startup.
If there is a failure in the startup, the application displays an error message with an option to access the ACM dashboard
page.
NOTE: Ensure you are using Flash version 27.0.0.183 or later to access the Hypervisor Manager web client.
Protection Storage user https:// Yes (you can configure this manually. sysadmin
interface <component_ip> See the Enabling and disabling
SSO and Configuring Single Sign-
On (SSO) groups sections of the
Configuring SSO authentication topic
in the Dell EMC DD OS Version
Steps
1. Log in to the ACM dashboard.
2. In the upper right corner of the ACM dashboard, click Change Appliance Password (key icon).
3. Specify the required credentials.
Steps
1. Log in to the ACM dashboard.
2. On the ACM dashboard, in the upper right corner of the General Settings panel, select the Configure external LDAP
option from the gear icon drop-down menu.
The LDAP settings dialog box appears.
3. In the Query password field, change the query password.
The query password should consist a minimum of 9 to 20 characters, contains at least one lower case alphabet, one upper
case alphabet, one digit, and any of the supported special characters (-, _, and .).
NOTE: Do not change Protection Storage boost user password before configuring Cloud DR from the Dashboard.
NOTE: Update the Protection Storage boost user password only after configuring Cloud DR from the Dashboard.
Search settings
To change the Search OS root password, you must log in and change the OS root password for each Search node.
Steps
1. Log in to the VMware vSphere Appliance Management UI by going to https://<VCSA hostname or IP>:5480 using
the credentials as root/<common IDPA password>.
2. In the vCenter Server Appliance Management UI, click Administration.
3. In the Password Expiration Settings pane, select No for the Root password expires field.
4. Click Submit.
Steps
1. Log in to the VMware vSphere Appliance Management UI by going to https://<VCSA hostname or IP>:5480 using
the credentials as root/<common IDPA password>.
2. In the vCenter Server Appliance Management UI, click Administration.
3. In the Change root password pane, specify all the required fields and click Submit.
4. Cycle through a new password five times to clear the restriction and reset to the same password that was set before the
password expiry.
5. Initiate the upgrade process using the RETRY option.
LDAP settings
NOTE: Backup jobs are related to Services hosted on the IDPA appliance. If one of the servers in the cluster fails, it may
not be possible to take a snapshot of the Service, which leads to backup failure. Once all the three servers in the cluster are
up and running, you must re-enable the backup jobs from the Protection Software UI. For more information on re-enabling
the backup jobs through the Protection Software UI, refer to the Avamar Administration Guide.
Steps
1. Log in to the Protection Storage system using SSH.
2. Run the following command to list the available mtree (Protection Software mtree) on the Protection Storage system:
sysadmin@ddhostname # mtree list
Output similar to the following is displayed:
vlan280 enabled 2 1 1
Remote Host
------------
vdppunvm126.vdp.emc.com
------------
5. Similarly, create the ifgroup on the destination Protection Storage system, and add the interfaces, clients, and the
Protection Software mtree path as mentioned in the above steps.
Once you have successfully created the ifgroup, output similar to the following is displayed:
6. Execute the replication from the Protection Software UI, and from the Protection Storage system, verify if the replication
traffic is using the interfaces in the replication ifgroup, by running the following command:
ifgroup show connections
7. Once the above steps are successfully run, you can continue to configure the replication policies. For more information, see
the Dell EMC Avamar Administration Guide.
Steps
1. Unlock the bezel by using the bezel key.
2. Press the release button, and pull the left end of the bezel.
3. Unhook the right end, and remove the bezel.
NOTE: Dell recommends that you install only the hard drives provided by Dell in the disk expansion kit.
Steps
1. Remove the hard drive blank.
2. Press the release button on the front of the hard drive to open the release handle.
3. Insert the hard drive into the hard drive slot and slide until the hard drive connects with the backplane.
4. Close the hard drive release handle to lock the hard drive in place.
Steps
1. Align and insert the right end of the bezel onto the system.
2. Press the release button and fit the left end of the bezel onto the system.
3. Lock the bezel by using the key.
Prerequisites
The following prerequisites are required when expanding the DP4400 (8 TB to 24 TB) model beyond 24 TB using the disk
expansion kit:
● Ensure that you have IDPA version 2.6.
● Ensure that the storage capacity in the new license is not less than the capacity in your current license.
● Ensure to clear browser cache.
● If the original Protection Storage license includes license for cloud tier, then the new storage expansion license must include
the license for the cloud tier.
Steps
1. Log in to the ACM UI.
The ACM dashboard Home page is displayed.
2. Click the Gear icon and select Expand storage in the Protection Storage panel.
The Storage expansion window is displayed.
3. Click Browse on the License file field in the Protection Storage section.
The Open dialog box is displayed.
4. Select the license file for disk expansion that you have downloaded.
NOTE: If the license is valid, a green tick is displayed.
5. Select the I agree that the expansion operation overwrites data on the additional 8 drives check box to overwrite the
existing data on the new drives.
NOTE: This check box is available only when you are expanding your storage capacity from the 8 TB - 24 TB appliance
beyond 24 TB.
6. Select the I agree to restart Protection Storage server or I agree to restart Protection Storage file system check
box to restart the protection storage server for adding the SCSI controller and restart file system service to enable the cloud
feature during the storage expansion.
NOTE: This option is applicable only when you are expanding your storage capacity from the 8 TB - 24 TB appliance
beyond 24 TB.
NOTE: The I agree to restart Protection Storage server or I agree to restart Protection Storage file system
check box is not displayed when the SCSI controller was added previously and if there is no change in the cloud tier
enabled status.
NOTE: The I agree to restart Protection Storage file system check box enables the cloud feature on the protection
storage server during storage expansion.
NOTE: The I agree to restart Protection Storage server check box adds the SCSI controller to the protection
storage server and to change the cloud tier enabled status (if applicable) during the storage expansion.
NOTE: Ensure that there is no active I/O operation running on Protection Storage server.
7. Click Expand.
The Storage expansion window displays the progress bar. You can see the details of the storage expansion.
8. Click Finish.
Results
The storage capacities are updated in the Total backup storage, Available backup storage, and the Cloud Storage fields in
the Protection Storage panel.
NOTE: The Cloud Storage field is updated if you have added the cloud feature during storage expansion.
NOTE: The check boxes in Step 5 and Step 6 are displayed if you are expanding the storage capacity of the appliance
beyond 24 TB.
Troubleshoot shutdown
During the shut down process, if the appliance or any of the components fail to shut down automatically, you can manually shut
down the IDPA appliance and its individual components.
If the Protection Software or Protection Storage systems fail to shut down, aside from performing a manual shut down of
these components, you must also shut down the infrastructure components, which include Hypervisor Manager and Hypervisor
servers.
46 Troubleshooting
Table 15. Appliance shutdown validation failures (continued)
Component Failure Message Corrective Action
Hypervisor Hypervisor password out Update the Hypervisor password from ACM
of sync Dashboard. If any non-standard virtual machines
are present on , you must power off those virtual
machines manually.
Protection Storage Protection Storage Update the password from the ACM Dashboard.
sysadmin user out of
sync.
Reporting & Analytics DPA Server , DPA Update the passwords from the DPA panel, from the
agent or DPA datastore ACM Dashboard.
passwords are out of
sync
Search DPS master or data index Update the passwords from DPS panel on the ACM
nodes are out of sync Dashboard.
● password out of sync ● Update the password from the ACM Dashboard.
● Jobs are running on ● From the UI, terminate the jobs or wait for
completion of the jobs
Troubleshooting 47
Table 16. Appliance shutdown failures (continued)
Component Failure Message Corrective Action
service search-cis-
schedule status
service search-cis-core
status
service nginx status
service elasticsearch
status
Search Failed to shutdown DPS Data Check the below service status and stop
Master node them if not already stopped:
48 Troubleshooting
Protection Software shutdown validation errors
The following is a comprehensive list of Protection Software shutdown validation errors that you might encounter before
shutting down the Protection Software Server.
If you encounter any of these errors, you must take the suggested action for the error you encounter. After you take the
suggestion action on the validation error, you can initiate the appliance shutdown once again.
Found running jobs on Avamar, will not Ensure that there are no backup jobs running on Protection
proceed for appliance shutdown Software Server. See Shut down the IDPA on page 28 for
more information.
Also see Enabling and disabling a backup policy section in the
Dell EMC Avamar Administration Guide for disabling all the
backup policies through the Protection Software UI.
Backup Server MCS flush not done within last 1. Log in to the Protection Software Utility node.
12 hours 2. Backup the MCS data by running the mcserver.sh –
flush command.
3. Shut down the appliance.
Troubleshooting 49
Steps
Login to the Protection Software server with SSH by using the Protection Software IP address.
a. Create a checkpoint by running the following command.
mccli checkpoint create --override_maintenance_scheduler
b. Backup the MCS data by running the following command:
mcserver.sh --flush
c. Stop all Protection Software services by running the following command.
dpnctl stop all
d. Power off the Protection Software from Hypervisor Manager.
NOTE: If you have the DP4400 appliance, then you must shutdown Hypervisor. For more information about manual shut
down of Hypervisor, see Shut down ESX manually.
NOTE: The manual shut down for Protection Storage is applicable for the DP4400 appliance.
Steps
1. Open a new SSH session to login to the Protection Storage system and Protection Storage.
2. Shut down the Protection Storage system by running the following command.
system poweroff
NOTE: If you have the DP4400 appliance, then you must shutdown Hypervisor. For more information about manual shut
down of Hypervisor, see Shut down ESX manually.
Steps
1. Open a browser and enter the IP address to access Hypervisor Manager.
The login page is displayed.
2. Enter your username and password on the Hypervisor Manager login page.
3. Shut down the Data Protection virtual application.
NOTE: All Services and virtual applications under Data Protection virtual application are automatically shut down.
4. Shut down the IDPA Service Guest operating system and the Service.
50 Troubleshooting
Shut down Hypervisor manually
This section provides you information about how to shut down the Hypervisor manually.
Steps
1. Login to the Hypervisor server on which the Hypervisor Manager is installed.
2. Login to each Hypervisor host.
3. Set all Hypervisor hosts into maintenance mode by running the following command on each host
esxcli system maintenanceMode set -e true -m noAction
4. Shut down all Hypervisor host using the Hypervisor Platform client or the Hypervisor host.
Troubleshooting startup
If one part of the startup process fails to complete automatically, the problem can be resolved manually to enable startup to
continue.
Troubleshooting 51
2. Start the DataProtection-Hypervisor Manager by running the /etc/init.d/local.sh script on Hypervisor or power on
the Service.
DataProtection-ACM Service starts five minutes after the Hypervisor Manager Service starts.
3. If Protection Storage Hypervisor Manager (Service) is not up, click the Power on button to start the Protection Storage
Hypervisor Manager (Service).
The system waits until Protection Storage Hypervisor Manager (Service) is up and running.
4. If Protection Storage is not started, start Protection Storage Service from ESX UI.
5. Log in to Protection Storage using admin credentials.
The ACM runs dpnctl status all, dpnctl start all, and dpnctl start maint commands.
6. If something goes wrong, run the following in sequence and click the Power on button:
● DataProtectionSearch Vapp
● DPADatastoreServer service
● DPAApplicationServer service
● DataDomainCloudDR VApp
● DataProtectionCentral VApp
● Protection Storage proxy Hypervisor Manager (Service).
7. If DPS vApp does not get started, start the vApp.
8. Start the services of Search by logging in to index Primary IP using operating system root credentials and run the following
commands:
a. service elasticsearch start
b. service search-cis-core start
c. service search-cis-schedule start
d. service search-networker-worker start
e. service search-networker-action start
f. service search-avamar-worker start
g. service search-avamar-action start
h. service search-worker start
i. service search-adminapi start
j. service search-api start
9. Log in to the Application Server Service using SSH.
10. Stop all Application Services by running the following command:
/opt/emc/dpa/services/bin/dpa.sh service stop
If there are any errors, you may continue to ignore them.
11. Log in to the Application Server Service using SSH.
12. Stop all Datastore Server services by running the following command:
/opt/emc/dpa/services/bin/dpa.sh service stop
13. Verify if all the services are stopped on the Application Server and on the Datastore Server by running the following
command:
/opt/emc/dpa/services/bin/dpa.sh service status
14. Once all the services on both the Application and the Datastore servers are stopped, restart the services on the Datastore
Server by running the following command:
/opt/emc/dpa/services/bin/dpa.sh service start
15. Once all the services on the Datastore servers are started, restart the services on the Application Server by running the
following command:
/opt/emc/dpa/services/bin/dpa.sh service start
16. You must wait for sometime until all the services are started on Datastore Server. You can verify the status by running the
following command:
/opt/emc/dpa/services/bin/dpa.sh service status
17. You must wait for sometime until all the services are started on Application Server. You can verify the status by running the
following command:
52 Troubleshooting
/opt/emc/dpa/services/bin/dpa.sh service status
18. Log in to Hypervisor Manager using idpauser credentials, select AVProxy Service and click the Power on button.
19. After IDPA starts, start two services of Protection Software using dpnctl start emt command.
Troubleshoot LDAP
This topic provides you information about how to troubleshoot LDAP configurations.
Steps
1. Connect to the ACM by using an SSH client.
2. Using a text editor, open the catalina.sh file that is located in the /usr/local/dataprotection/tomcat/bin/
directory.
3. In the catalina.sh file, locate the following line:
JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
-Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`"
Prerequisites
If you know your internal LDAP password, note it down and keep it ready.
Steps
1. Connect to the ACM by using an SSH client.
2. To validate your existing password, run the ldapsearch command with your password. An example is given below.
Troubleshooting 53
Create internal LDAP password
If you do not remember the internal LDAP password, you must first set the internal LDAP password, by performing the following
steps:
Steps
1. Connect to the ACM by using an SSH client.
2. Generate a hash for the new password. An example input is given below.
3. Create a file with the modified hash file. An example is given below.
# vi /etc/openldap/update_idpauserpwd.ldif
dn: uid=idpauser,ou=People,dc=idpa,dc=com
changetype: modify
replace: userPassword
userPassword: <COMMAND_OUPUT_IN_FIRSTSTEP>
4. Execute the following command to update the password using the LDAP root password.
Steps
1. Connect to the ACM by using an SSH client.
2. Edit the /etc/resolv.conf file, and then specify the IP address of the customer DNS server and the domain name.
For example, when the customer environment has a public DNS server with an IP address of 10.254.66.23 and the domain
name is mycompany.com, the /etc/resolv.conf file contains the following entries:
NOTE: The following output is an example, not the actual domain name and nameserver addresses. The customer must
provide the required details.
search mycompany.com
nameserver 10.254.66.23
nameserver 192.168.100.100
NOTE: Ensure that the entry for the public DNS server appears before the private DNS server. If the private DNS
server appears first, the DPA integration with the Protection Storage system will fail.
54 Troubleshooting
Credential mismatch
This section provides information about how to resolve the password mismatch scenario for the IDPA point products. If you
manually modify the password on the point products and do not use the change password option on IDPA Appliance the system
displays an error message when you try to update the password using the ACM dashboard.
Steps
1. Click the warning message in the point products panel and enter a new password.
2. Click Update Password in the point products panel and enter a new password.
3. Click the Refresh button on the ACM dashboard.
The system updates the new password for all the relevant accounts.
Troubleshooting 55
Troubleshooting health monitoring
If there is an issue with SNMP or one of the health monitor processes, the Health tab cannot display data.
● If the Message Broker service is down, verify that the RabbitMQ service is running with the following command:
● If the Database service is down, verify that the PostgreSQL service is running with the following command:
56 Troubleshooting
Protection Software
If the Protection Software upgrade fails while upgrading the IDPA software, and if you are retrying the Protection Software
upgrade even after 24 hours of failure, then you must manually upgrade the Protection Software Server.
If the Protection Software upgrade fails during the RETRY operation, with a message Validated checkpoint not
found, you must manually resolve this issue by creating a checkpoint on the Protection Software Server. To create a
checkpoint on the Protection Software Server, see the Upgrade Prerequisites section. Once a valid checkpoint is created,
you can go to Protection Software UI and click the Sync button which is displayed for the failed component.
Hypervisor
In case if the Hypervisor is rebooted when any of the component product upgrade is in progress, then the upgrade process
stops. You must wait until the services on the Hypervisor server is up and running, and then attempt a retry of the upgrade for
that component.
To verify that the Hypervisor server services are up and running, try logging into the Hypervisor client console. A successful
login indicates that the services on the Hypervisor server are started.
Using rollback
The Rollback option reverts the component to its previous state using the snapshots taken. The upgrade process uses
Hypervisor Platform snapshot technology to preserve the preupgrade configuration of the IDPA. Before a component is
upgraded, a snapshot of the component Service is created. When the upgrade is completed successfully, the snapshots are
deleted. If the upgrade fails, the snapshots are used to revert the components to their previous state. If the upgrade fails and
any of the Services are not restored, review the information in Upgrade log files on page 59 and contact Customer Support.
1. In the Upgrade progress window, select Troubleshooting (Support only) checkbox at the top.
The ROLLBACK button is displayed for the component with upgrade failure.
2. Click ROLLBACK.
The component reverts to the previous version. Refer to the section Rollback is Successful on page 58.
If rollback is unsuccessful, see the section Rollback Failed on page 58.
Using Sync
If there is a mismatch between the versions of the upgraded component, for example, instead of upgrading to Protection
Software version 18.2.0-134, the component gets upgraded to Protection Software version 7.5.1-101, this results in upgrade
failure of that particular point product. Although the Support personnel can manually update the failed component/point product
in the background using the SYNC functionality, the SYNC functionality does not verify the operating system version of the
point product. The customer or Support personnel performing the manual upgrade must ensure that the appropriate operating
system rollup is applied to the point product before manually upgrading it.
If there is no mismatch between the versions of the upgraded component, the SYNC operation is successful. Once the SYNC
operation is completed successfully, the ROLLBACK, RETRY, and SYNC buttons are disabled.
For more information about the operating system rollup versions and their associated patches if applicable, see the Integrated
Data Protection Appliance Software Compatibility Guide.
After the manual update, follow these steps:
1. In the Upgrade progress window, select Troubleshooting (Support only) checkbox at the top.
The SYNC and ROLLBACK buttons get enabled for the components that failed to upgrade.
Troubleshooting 57
2. Click SYNC. The SYNC validates the manually upgraded component version and reflects the upgrade progress bar in green
and status to completed.
Rollback is Successful
IDPA is rolled back to its previous state.
No manual action is required from your side. You can login to dashboard to ensure that all the services are up and running.
Optionally, after analyzing the logs, if you find any issues with the upgrade, you can go to upgrade once again.
You can download the logs from the upgrade progress user interface. Alternatively, you can also retrieve the logs from /
data01/upgradeLogs directory on the Appliance Configuration Manager.
Rollback Failed
If the IDPA rollback fails during the upgrade procedure, you need to perform the following manual steps.
Steps
1. Check for all the products in VMware Hypervisor Manager to ensure that there is no snapshot by the name BeforeUpgrade.
If the BeforeUpgrade snapshot exists, you must delete that snapshot. To delete the BeforeUpgrade VMware Hypervisor
Manager snapshots from all the components, perform the following steps on each of the component where BeforeUpgrade
snapshot exists:
● VM Proxy:
a. Revert to the snapshot and then delete the snapshot.
● Protection Software Server:
a. Shut down the Protection Software Service.
b. Revert to the snapshot and delete the snapshot.
c. Change all the data disks to independent-persistent.
d. Power on the Protection Software Service to verify if all the Protection Software services are up and running.
● Reporting & Analytics Services:
a. Revert to snapshots of all Reporting & Analytics Services such as Reporting & Analytics Datastore Server, Reporting &
Analytics Application Server, Reporting & Analytics Agent, Reporting & Analytics DD Processor Tool, and so on.
b. Delete the snapshots.
c. Log in using putty to the Reporting & Analytics Datastore Server and note down the datastore directory in /data01
with the name datastore-xxxx
d. Execute following command:
/opt/emc/dpa/services/bin/dpa.sh datastore import /data01/datastore-*/
e. Log in to the Reporting & Analytics Application Server using putty and run the following command:
/opt/emc/dpa/services/bin/dpa.sh service start
f. Verify that the services are correctly starting by going to https://dpaAppServerIp:9002
● Search Services:
a. Stop the Search Services.
b. Shutdown or power off the Search Vapp.
c. Revert to the snapshot BeforeUpgrade.
d. Delete the snapshot BeforeUpgrade from all Search Services.
e. Change hard disk 3 mode to independent-persistent for all the Search Services.
f. Power on the Search VApp.
g. Ensure that all Search Services are up and running.
● Search Index Primary Node Services:
a. Log in to Search Primary Index Node using putty.
b. Execute the following commands:
58 Troubleshooting
● service dpworker status
● service unicorn status
● service elasticsearch status
● Protection Storage: If there is a failure in the Protection Storage upgrade, contact Customer Support.
2. Start the Protection Software scheduler service by logging in to Protection Software using putty and running the dpnctl
start scheduler command:
3. Uninstall the dataprotection-upgrade RPM from ACM
To uninstall the dataprotection-upgrade RPM, on ACM, run the rpm -qa | grep dataprotection-upgrade
command to check if any dataprotection-upgrade RPM is present. If it is present, note down its name and uninstall it
by using the –e dataprotection-upgrade-rpm-name command.
4. Use create tar command to create a tarball of /data01/tmp/patch/logs folder and save it to the /data01/
upgradeLogs folder.
5. Restart the tomcat service on ACM using following commands:
● service dataprotection_webapp stop
● service dataprotection_webapp start
RUNNING,26,Please Contact Dell/EMC Support to upgrade Physical Backup server and NDMP
RUNNING,74,Performing post upgrade operations
RUNNING,74,Please login again to Appliance Management deployment and configuration page
Troubleshooting 59
Error: Could not open input file: /usr/java/jdk1.8.0_131/jre/lib/plugin.pack
javaws.jar...
Error: Could not open input file: /usr/java/jdk1.8.0_131/jre/lib/javaws.pack
deploy.jar...
Error: Could not open input file: /usr/java/jdk1.8.0_131/jre/lib/deploy.pack
rt.jar...
Error: Could not open input file: /usr/java/jdk1.8.0_131/jre/lib/rt.pack
jsse.jar...
Error: Could not open input file: /usr/java/jdk1.8.0_131/jre/lib/jsse.pack
charsets.jar...
Error: Could not open input file: /usr/java/jdk1.8.0_131/jre/lib/charsets.pack
localedata.jar...
Error: Could not open input file: /usr/java/jdk1.8.0_131/jre/lib/ext/localedata.pack
60 Troubleshooting
5
Additional resources
This chapter provides references to other materials related to the Integrated Data Protection Appliance and individual
components.
Topics:
• Document references for IDPA
• Document references for individual components
• IDPA training resources
Additional resources 61
This publication explains how to manage Protection Storage systems with an emphasis on procedures using the Protection
Storage Data Protection Central.
DPC node
The following documents contain information that is related to Data Protection Central for IDPA:
● Data Protection Central Release Notes
Contains the most up-to-date information about the current release.
● Data Protection Central Getting Started Guide
This document includes information about how to deploy , and then get started with IDPA Appliance Data Protection Central
administration.
● Data Protection Central Administration Guide
This document includes information about how to administer DPC.
● Data Protection Central Security Configuration Guide
This document includes information about security features and capabilities of DPC.
62 Additional resources
This document provides information about how to use the Reporting & Analytics web console to run and create reports, view
alerts, and view the status of replication operations.
Search
The following document contains information that is related to Search:
● Search Installation and Administration Guide
This publication describes how to install, maintain, and configure Search.
Cloud DR
The following documents contain information that is related to DD Cloud DR and Cloud DR:
● Data Domain Cloud Disaster Recovery Release Notes
Contains supplemental information about DD Cloud DR and the most up-to-date information about the current release.
● Data Domain Cloud Disaster Recovery Installation and Administration Guide
This document describes how to install, deploy, and use the DD Cloud DR product.
Additional resources 63