Cloud Tier Implementation and Administration Participant Guide PDF

CLOUD TIER
IMPLEMENTATION AND
ADMINISTRATION
PARTICIPANT GUIDE
PARTICIPANT GUIDE
Table of Contents
Cloud Tier Implementation and Administration ..................................................................... 1
Dell EMC Cloud Tier Overview .................................................................................. 2

Dell EMC Cloud Tier Overview............................................................................................. 3
Model Sizing ........................................................................................................................ 4
Cloud Tier Components and Platform Support ..................................................................... 6
Cloud Tier Capacity Options ................................................................................................ 7
Cloud Tier Protocol Support ................................................................................................. 8
Deduplication and Cleaning ................................................................................................. 9
Retention Lock and Encryption .......................................................................................... 11
Replication ......................................................................................................................... 13
Cloud Tier Migration........................................................................................................... 15
Configuring Cloud Tier ............................................................................................ 16

Configure Storage .............................................................................................................. 17
Enable the Cloud Tier ........................................................................................................ 19
Viewing Active and Cloud Tier Statistics ............................................................................ 20
Cloud Unit Status Details ................................................................................................... 21
Cloud Tier Unit Preconfiguration ........................................................................................ 22
Create Cloud Units............................................................................................................. 23
S3 Authentication with Signature Version 4........................................................................ 24
Configuring Cloud Tier Demonstration ............................................................................... 26
Data Movement ........................................................................................................ 27

Data Movement Policies and Schedules ............................................................................ 28
Efficient File Recall ............................................................................................................ 29
Tape Out to Cloud.............................................................................................................. 30
Cloud Tier Data Movement Demonstration ........................................................................ 31
Appendix ................................................................................................. 33
Cloud Tier Implementation and Administration
Page ii © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview
© Copyright 2021 Dell Inc. Page 1

Page 2 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier enables the movement of data from the active tier of a
PowerProtect DD appliance to low-cost, high-capacity object storage in the public,
private, or hybrid cloud. Data is moved to the cloud for long-term data retention.
Only unique, deduplicated data1 is sent from the PowerProtect DD appliance to the
cloud or retrieved from the cloud.
Backup Data
Cloud storage in the public, private,
Cloud Tier Architecture
or hybrid cloud for long-term data
retention.
Active Tier Cloud Tier Benefits
Cloud Tier
Cloud Tier
Cloud Unit 1
Considerations
Cloud Unit 2
Only unique data is sent to the

cloud.
1Sending only deduplicated data ensures that the data being sent to the cloud
occupies as little space as possible.

Model Sizing
Here the supported physical memory and storage requirements for each
PowerProtect DD model.
Model Memory Cloud Number Supported Number Capacity

(GB) Capacity of SAS Disk Shelf of ES40 for
(TB) I/O Types for Shelves Metadata
Modules Metadata or DS60 Storage
Storage Disk
Packs
Required
DD3300 16 8 N/A N/A N/A 1 x 1 TB

(4 TB virtual disks
Capacity) = 1 TB
DD3300 48 16
(8 TB
Capacity)
DD3300 48 32
(16 TB
Capacity)
DD3300 64 64
(32 TB
Capacity)
DD6900 288 576 2 DS60 or 2 30 x 4 TB

ES40 HDDs =
120 TB
DD9400 576 1536 2 DS60 or 4 60 x 4 TB

ES40 HDDs =
240 TB

DD9900 1152 2016 2 DS60 or 5 75 x 4 TB

ES40 HDDs =
300 TB
DDVE* 32 32 N/A N/A N/A 1 x 500 GB

(16 TB virtual disk
Capacity) = 500 GB2
DDVE* 60 128
(64 TB
Capacity)
DDVE* 80 192
(96 TB
Capacity)
* Dell EMC Cloud Tier is supported on DDVE for on-premises implementations only.
2The minimum metadata size is a hard limit. Dell Technologies recommends that
you start with 1 TB for metadata storage and expand in 1 TB increments. The
DDVE Installation and Administration Guide provides more details about using
Cloud Tier with DDVE.

Cloud Tier Components and Platform Support
Backup Data Single namespace
Supported cloud storage (Long-term

retention)
Active Tier
Data Movement
Policy Cloud Tier
Cloud Unit 1
Requires extra storage for metadata Cloud Unit 2
The Dell EMC Cloud Tier is managed through a single namespace. There is no
separate cloud gateway or virtual appliance required. The native PowerProtect DD
policy management framework supports the data movement.
Cloud storage supports Dell EMC Elastic Cloud Storage (ECS), Alibaba, Amazon
Web Services S3, Google Cloud Provider, S3 Flexible provider cloud unit, and
Microsoft Azure. Extra storage is required to hold metadata associated with the
data in the cloud tier. Deduplication, cleaning, and replication operations use
metadata.
Cloud Tier is supported on physical PowerProtect DD systems with expanded

memory configurations. Cloud Tier can be used with DDVE 3.0 or later in 16 TB, 64
TB, and 96-TB storage options.
Extra metadata storage is required to support the cloud tier. The amount of
required metadata storage is based on the PowerProtect DD model.
Cloud Tier is supported in PowerProtect DD High Availability (DD HA)

configurations. Both nodes must be running DDOS 6.0 or higher with DD HA
enabled.

Cloud Tier Capacity Options
Active Tier
Data Movement
Policy Cloud Tier
Cloud Unit 1
Cloud Unit 2
Dell EMC Cloud Tier supports one or two cloud units on each PowerProtect DD
appliance.
• Each cloud unit has the maximum capacity of the active tier3.
• Each cloud unit maps to a cloud provider4.
• Metadata shelves5 store metadata for both cloud units.
This example shows a system with an active tier and two cloud units. Each cloud
unit has a capacity equal to that of the active tier. Data that is stored on the active
tier provides local access to data and can be used for operational recoveries. The
cloud tier provides long-term retention for data that is stored in the cloud.
3You can scale the cloud tier to maximum capacity without scaling the active tier
any larger.
4 Each cloud unit can write to a separate supported cloud provider.
5The number of metadata shelves you need depends on the cloud unit physical
capacity.

Cloud Tier Protocol Support
The NFS, CIFS, and DD Boost protocols are supported for data movement to and
from the cloud tier.
PowerProtect DD VTL Tape Out to Cloud is supported with DDOS version 6.1 and
later. DD VTL Tape Out to Cloud supports storing the VTL vault on Cloud Tier
storage.
There is no support for vDisk pools as used with Dell EMC ProtectPoint.

Deduplication and Cleaning
PowerProtect DD Appliance
Deduplication is not allowed

Active Tier across tiers.
Cloud Tier
Cloud units each have their own
deduplication pools.
Cloud Unit 1
The cloud tier uses the same Cloud Unit 2

compression algorithm as the active tier.
• Each cloud unit has its own segment index and metadata and thus each cloud
is a deduplication unit by itself6.
• The cloud tier uses the same compression algorithm7 as the active tier.
• Cloud deduplication does not do the packing phase.
• Cloud tier cleaning can be schedule-based or on demand8.
• The schedule for cloud tier cleaning is set relative to active tier cleaning9.
6 There is no deduplication across tiers: active tier and cloud tier.
7On most PowerProtect DD appliances, the default compression algorithm is

gzfast. For legacy Data Domain systems and the PowerProtect DD3300, the lz
compression algorithm is used by default.
8 Cleaning of the active tier and the cloud tier cannot take place simultaneously.

• On-demand cleaning is invoked from the user interface10 on a specific cloud

unit.
• Cloud tier cleaning does not do partial copy forward11 to avoid unnecessary
reads from the cloud.
• Most of the work of cleaning happens locally12 using local cloud metadata
information.
9 The schedule specifies to run cloud tier cleaning after every Nth run of active tier
cleaning. By default, cloud tier cleaning runs after every 4th scheduled active tier
cleaning.
10 On-demand cleaning can be run from either the DD System Manager or CLI.
11 When all segments within a region are dead, the entire object is deleted.
12 The cloud storage is accessed to delete objects in the cloud with no live data and
to perform some copy forward of container metadata-related activities.

Retention Lock and Encryption
DD Retention Lock is supported by Dell EMC Cloud Tier.

• Files that are locked on the active tier using retention lock can be moved to
the cloud.
• You can apply retention lock on files that are already in the cloud tier.
• Deleting files in the cloud unit is prevented on PowerProtect DD appliances
using DD Retention Lock Compliance.
Secure HTTP (HTTPS) is used for the transfer of data between a PowerProtect
DD appliance and the cloud.

Encryption can be enabled13 at three levels:

• The PowerProtect DD appliance
• The active tier14
• The cloud tier
A license for encryption is required.
Encryption of data at rest is enabled by default15 on data in the cloud.
Active tier encryption is not required to enable encryption on the cloud tier.
Cloud units have separate controls for enabling encryption.
Using an external key manager is not supported.
13You are prompted for the security officer username and password to enable
encryption.
14Encryption of the active tier is only applicable if encryption is enabled for the
system.
15 Users can disable encryption.

Replication
You can enable Dell EMC Cloud Tier on one or both systems in a replication pair.
If the source system is Cloud Tier-enabled, data may be read from the cloud if the
file was already migrated to the cloud tier from the active tier. A replicated file is
always placed first in the active tier on the destination system even when Cloud
Tier is enabled.
Using Cloud Tier with

different replication types:
Active Tier
• MTree replication and

Cloud Tier managed file
Cloud Unit 1 replication are
Cloud Unit 2
supported on Cloud
Tier-enabled
PowerProtect DD
appliances.
• Collection replication is
not supported on cloud
tier-enabled systems.
• Cloud Tier does not
affect directory
replication16.
16Directory replication works only on the /backup directory which cannot be

configured for cloud data movement.

Once data is in the cloud,

the encryption status
cannot be changed17.
The use of an embedded

key manager is supported.
17
Before sending any data to the cloud the decision to encrypt data or not must be
made.

Cloud Tier Migration
It is possible to migrate the system data from and older appliance that is configured
with Dell EMC Cloud Tier to a newer appliance. Migrating to a newer appliance can
improve performance, add additional capacity, and provide access to new features.
Active Tier Active Tier
Cloud Tier Cloud Tier
Cloud Unit 1 Cloud Unit 1
Cloud Unit 2 Cloud Unit 2
Cloud Tier migration consists of the following steps:

1. Copy active tier data from the existing system to the new system.
2. Copy cloud tier metadata from the existing system to the new system.
3. Disconnect the cloud bucket from the existing system.
4. Connect the cloud bucket to the new system.
5. Commit the migration operation.
Several prerequisites must be met before starting the migration procedure.
The migration process migrates the active tier storage, and the locally stored cloud
tier metadata from the existing system to a new system. During the migration, the
source system operates in a restricted mode.
The procedure to initiate the Cloud Tier migration is only available through the CLI.
See the Dell EMC DDOS Administration Guide, available on the Dell EMC Support
site for more information about migrating Cloud Tier.

Configuring Cloud Tier

Configure Storage
Expand Cloud Tier and click

Configure.
Select the device you want

to add from the Addable
Storage list.
With Dell EMC Cloud Tier storage, the PowerProtect DD appliance holds the
metadata for the files residing in the cloud18.
To configure storage for the cloud tier:

1. Select Hardware > Storage.
2. In the Overview tab, expand Cloud Tier and click Configure.
3. In the Addable Storage section, select the checkbox for the shelf you want to
add.
4. Click Add to Tier.
5. Click Next.
18 A copy of the metadata resides in the cloud for disaster recovery.

6. Select an assessment option to determine if the devices meet performance

recommendations.
a. Using only DD Boost for backup
b. Using CIFS or NFS for backup
c. Skip Assessment
7. Click Done.

Enable the Cloud Tier
When the file system is disabled, click

Enable Cloud Tier.
Disable the file system before enabling

Cloud Tier
The cloud tier requires a local store for a local copy of the cloud metadata. To
configure Cloud Tier, you must meet the storage requirement for the licensed
capacity.
To enable the cloud tier on a PowerProtect DD appliance:

1. Go to Data Management > File System.
2. To disable the file system, click Disable at the bottom of the screen.
3. Click OK to proceed.
4. When the file system is disabled select, Enable Cloud Tier.
5. Select Enable file system after creation. The cloud tier is now enabled with
designated storage.
If creating a file system, the cloud tier can be enabled at the time that the new file
system is created. To create a file system, select Create File System and then
configure the active tier of the system.

Viewing Active and Cloud Tier Statistics
In Data Management > File System, the main panel displays statistics for the
active and cloud tiers.
The statistics viewable in the DD System Manager for both the active and cloud tier
are:
• Size
• Used
• Available
• Pre-Compression
• Total Compression Factor (Reduction %)
• Cleanable
• Space Usage

Cloud Unit Status Details
To provide more information to the user, the DD System Manager displays the
reasons why the cloud storage is in error state.

Cloud Tier Unit Preconfiguration
Before configuring a cloud unit on a PowerProtect DD appliance, perform the

following actions:
1. Configure your firewall19.

2. Download the appropriate certificates for your cloud provider.
3. Convert the downloaded certificate to .pem format20.
4. Add the certificate using the DD System Manager or CLI.
19You must have Port 443 or Port 80 open to the cloud provider networks for both
endpoint IPs and provider authentication IP for bi-directional traffic. Remote cloud
provider destination IP and access authentication IP address ranges must be
enabled through the firewall.
20 Downloaded certificate files have a .crt extension. Use OpenSSL to convert the
file from .crt format to .pem. For additional information, see that the Dell EMC
DDOS System Administration Guide on the Dell EMC support site.

Create Cloud Units
The links on
this page
contain
configuration
information
Alibaba Cloud Amazon Web Services Flexible Cloud
and the
S3 Tier Provider
procedure to
Framework for
create cloud
S3
units on
supported
cloud
platforms.
Google Cloud Storage Microsoft Azure

S3 Authentication with Signature Version 4
Overview
All interactions with cloud providers are authenticated with a signature protocol.
Support for S3 flexible cloud providers that support S3 authentication with signature
V4 is now part of DDOS.
The customer benefits are:
• Support for a more secure authentication protocol.

• Continuing the support for signature V2 along with addition of support for
signature V4.
• Automatically detect the signature version supported by the S3 flexible cloud
providers.

Command Line Interface Changes
A new field S3 Signature Version is added to display the cloud profile version.
In the output of cloud profile show, DDOS displays two possible values: s3v2
or s3v4.
Once set, the signature version of the cloud profile cannot be modified.

Configuring Cloud Tier Demonstration
Movie:

Data Movement
Data Movement

Data Movement
Data Movement Policies and Schedules
There are three types of

data movement policies.
1. Age-based threshold21
2. Age-range threshold22
3. App-driven policy23
Data Movement Schedule
Data movement can be

initiated manually or set
up automatically using a
schedule.
21Used for all files older than a set number of days. For example, all files older than
90 days.
22All files older than X days, but younger than Y days. For example, all files older
than 30 days but younger than 365 days.
23 Set by applications using REST APIs.

Data Movement
Efficient File Recall
Agent
Recall is the act of bringing data from the cloud to the active tier. Restore is the act
of recovering data from the active tier and making it available to the client.
Data can be recalled from the cloud tier using the DD System Manager (DDSM) or
the CLI.

Data Movement
Tape Out to Cloud
Tape Out to cloud storage offers the ability to store offsite and retrieve tapes for
long-term retention (LTR) use cases.
Requirements Backup and End-to-End Policies Configuring Tape Recall

Restore Workflow Tape Out to from the
Workflow for Cloud Cloud
Long-Term
Retention

Data Movement
Cloud Tier Data Movement Demonstration
Movie:
Cloud Tier Data Movement

Appendix

Appendix
Architecture
Policy Data CC: Cloud Connector

MTree movement
Metadata
Data
Active Unit Cloud Unit
Active CP Cloud CP
(metadata)
Index, container metadata,
directory manager
Conceptually, cloud storage is treated as a storage tier attached to a PowerProtect

DD appliance. The cloud tier is implemented within the cloud volume. The cloud
volume has one or two cloud units. With cloud tier, active data is stored locally,
while data for long-term retention is stored on the cloud. Some MTree data may be
located in the active tier with older data residing in the cloud.
Metadata to support the cloud is maintained in the cloud tier shelf of the local
storage. This metadata is used in operations such as deduplication, cleaning, and
replication. Using local storage for metadata minimizes writes to the cloud. The
metadata includes the index, the Directory Manager (DM) for managing the
namespace and container metadata. Some metadata, including container
metadata, is also stored with the data in the cloud for disaster recovery purposes.
Data is sent to the cloud in compressed regions within a container as a unique

object. The local metadata container stores the metadata that describes each
compressed data region that is sent to the cloud.
The cloud architecture isolates tier-related issues.

Appendix
Benefits
Cloud Tier provides a scalable
solution for long-term data
storage. With Cloud Tier, users
can store up to two times the
maximum active tier capacity in
the cloud for long-term
retention of data. With cloud
tiering policies, data is in the
right place at the right time.
Data is scheduled to be moved
to the cloud using policies
based on the age of the data.
When data is moved from the

active tier to the cloud tier, it is
deduplicated and stored in
object storage in the native
format. Moving data to the cloud results in a lower total cost of ownership (TCO)
over time for long term, cloud storage. The cloud tier supports encryption of data at
rest and the DD Retention Lock feature, thus ensuring the ability to satisfy
regulatory and compliance policies.

Appendix
Considerations
Here are a few considerations when deciding to implement Cloud Tier:
• A cloud capacity license is required for Cloud Tier. Use the Dell EMC Electronic
License Management System (ELMS) file to apply the license.
• The Cloud Tier feature may consume all available bandwidth in a shared WAN
link, especially in a low-bandwidth configuration (1 Gbps). The Cloud Tier
feature may impact other applications sharing the WAN link.
• On systems with a dedicated management interface, reserve that interface for
system management traffic (using protocols such as HTTP and SSH). Backup
and cloud tier data traffic should be directed to other interfaces, such as eth1a.

Appendix
Prerequisites
Complete the following tasks on the new system before beginning the migration
operation:
1. Verify both the source and destination systems are running DDOS 7.3.0.5 or
higher. Cloud Tier migration is not supported on DDVE instances.
2. Add a Cloud Tier license on the new system.
3. Add other feature licenses as required on the new system.
4. If a passphrase is configured on the existing system, set the same passphrase
on the new system. The passphrase store-on-disk setting should not be less
secure on the destination than on the source.
5. If encryption is configured on the existing system, set the same encryption
values including key manager settings and FIPS compliance on the new
system.
6. If automatic key rotation is configured on the existing system, disable it before
starting the migration. Reenable it on the new system after the migration.
7. If encryption is configured on the existing system, back up the key export files
from the existing system.
8. If Retention Lock Compliance is enabled on the existing system, enable RLC on
the new system.
9. Record the cloud profile and cloud unit information from the existing system.
10. Create the file system on the new system, but do not enable it.

Appendix
Restricted Mode
While the PowerProtect DD appliance is in restricted mode, the active tier storage
is available for backup operations, but I/O on the cloud tier storage is not permitted.
The following operations are not permitted while the migration is in progress:
• Sending active tier data to cloud tier storage.
• Recalling data from cloud tier storage.
• Cleaning the cloud tier storage.
• Restoring files directly or reading from the cloud tier storage.
• File system cleaning on the source system.
• System sanitization cannot be performed on the source system.
• Enabling or disabling file system encryption.
• Enabling, disabling, or setting the embedded key manager or an external key
manager.
• Creating, destroying, deleting, or syncing keys from the embedded key manager
or an external key manager.

Appendix
Cloud Provider Certificates

Import certificate authority (CA) certificates before adding cloud units for Alibaba,
Amazon Web Services S3 (AWS), Azure, Elastic Cloud Storage (ECS), and Google
Cloud Provider (GCP).
• For Alibaba download the GlobalSign Root R1 certificate from
https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-
certificates.
• For AWS and Azure24, root CA certificates can be downloaded from:
https://www.digicert.com/digicert-root-certificates.htm.
• For ECS, the root certificate authority varies by customer. Contact the load
balancer provider for details. For ECS private cloud, local ECS authentication,
and web storage (S3), access to ports 9020 (HTTP) and 9021 (HTTPS) must be
enabled through the firewall. ECS private cloud load balancer IP access and
port rules must be configured.
• For GCP download the GlobalSign Root R2 certificate from
https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-
certificates.
• For an S3 Flexible provider, import the root CA certificate. Contact your S3
Flexible provider for details.
24For AWS and Azure cloud providers, download the Baltimore CyberTrust root
certificate.

Appendix
Adding a Certificate
After downloading a certificate file, add the CA Certificate:
1. Go to Data Management > File System > Cloud Units.
2. Click Manage Certificates from the tool bar.
3. Click Add, and select one of the options from the Add CA Certificate for Cloud
screen.
4. Click Add.

Appendix
Creating Cloud Units for Alibaba Cloud
Configuration
Regions are configured at the bucket level instead of the object level. All objects
that are contained in a bucket are stored in the same region. A region is specified
when a bucket is created, and cannot be changed once it is created.
The Alibaba Cloud user credentials must have permissions to create and delete
buckets and to add, modify, and delete files within the buckets they create.
AliyunOSSFullAccess is preferred, but the minimum requirements are:

• ListBuckets
• GetBucket
• PutBucket
• DeleteBucket
• GetObject
• PutObject
• DeleteObject

Appendix
Procedure
To create a cloud unit for Alibaba Cloud:

1. Select Data Management > File System > Cloud Units.
2. Click Add. The Add Cloud Unit dialog is displayed.
3. Enter a name for this cloud unit. Only alphanumeric characters are supported.
4. For Cloud provider, select Alibaba Cloud from the drop-down list.

Appendix
5. Enter the provider Access key as password text.

6. Enter the provider Secret key as password text.
7. Ensure that port 443 (HTTPS) is not blocked in firewalls. Communication with
the Alibaba cloud provider occurs on port 443.
8. If an HTTP proxy server is required to get around a firewall for this provider,
click Configure for HTTP Proxy Server.
9. Click Add.

Appendix
Creating Cloud Units for Amazon Web Services S3
Configuration
AWS offers a range of storage classes. The Cloud Providers Compatibility Matrix,
available from https://elabnavigator.emc.com/eln/elnhome provides up-to-date
information about the supported storage classes.
For enhanced security, the Cloud Tier feature uses Signature Version 4 for all AWS
requests. Signature Version 4 signing is enabled by default.
The AWS user credentials must have permissions to create and delete buckets and
to add, modify, and delete files within the buckets they create.
S3FullAccess is preferred, but the minimum requirements are:

• CreateBucket
• ListBucket
• DeleteBucket
• ListAllMyBuckets
• GetObject
• PutObject
• DeleteObject

Appendix
Procedure
To create a cloud unit for Amazon Web Services S3:

4. For Cloud provider, select Amazon Web Services S3 from the drop-down list.

Appendix
5. Select the Storage class from the drop-down list.

6. Select the appropriate Storage region from the drop-down list.
the AWS cloud provider occurs on port 443.
click Configure for HTTP Proxy Server. Enter the proxy hostname, port, user,
and password.
11. Click Add.

Appendix
Creating a Cloud Unit for Flexible Cloud Tier Provider

Framework for S3
Configuration
The Cloud Tier feature supports qualified S3 cloud providers under an S3 Flexible
provider configuration option.
The S3 Flexible provider option supports the standard and standard-infrequent-

access storage classes. The endpoints vary depending on cloud provider, storage
class, and region. Be sure that DNS can resolve these hostnames before
configuring cloud units.

Appendix
Procedure
To create a cloud unit for a qualified S3 cloud provider:

4. For Cloud provider, select Flexible Cloud Tier Provider Framework for S3
from the drop-down list.

Appendix

7. Specify the appropriate Storage region.
8. Enter the provider endpoint in this format: http://<ip/hostname>:<port>.
If you are using a secure endpoint, use https:// instead.
9. For Storage class, select the appropriate storage class from the drop-down list.
the S3 cloud provider occurs on port 443.
and password.
12. Click Add.

Appendix
Creating Cloud Units for Google Cloud Storage
Configuration
The Google Cloud Provider user credentials must have permissions to create and
delete buckets and to add, modify, and delete files within the buckets they create.
The minimum requirements are:

• ListBucket
• PutBucket
• GetBucket
• DeleteBucket
• GetObject
• PutObject
• DeleteObject

Appendix
Procedure
To create a cloud unit for Google Cloud Storage:

4. For Cloud provider, select Google Cloud Storage from the drop-down list.

Appendix

7. Storage class is set as Nearline by default. If a multiregional location is
selected (Asia, EU or US), and then the storage class and the location
constraint is Nearline Multiregional. All other regional locations have the
storage class set as Nearline Regional.
8. Select the Storage region.
Google Cloud Provider occurs on port 443.
and password.
11. Click Add.

Appendix
Creating Cloud Unit for Microsoft Azure
Configuration
Microsoft Azure offers a range of storage account types. The Cloud Providers
Compatibility Matrix, available from
http://compatibilityguide.emc.com:8080/CompGuideApp/ provides up-to-date
information about the supported storage classes.
The Azure cloud provider uses the endpoint account

name.blob.core.windows.net. The account name is obtained from the Azure
cloud provider console. Be sure that DNS can resolve these hostnames before
configuring cloud units.

Appendix
Procedure
To create a cloud unit for Microsoft Azure Storage:

4. For Cloud provider, select Microsoft Azure Storage from the drop-down list.

Appendix
5. For Account type, select Government or Public.

6. Select the Storage class from the drop-down list.
7. Enter the provider Account name.
8. Enter the provider Primary key as password text.
9. Enter the provider Secondary key as password text.
the Azure cloud provider occurs on port 443.
and password.
12. Click Add.

Appendix
Data Movement Schedule
Frequency can be set to

Can be manual or Daily, Weekly, Monthly, or
scheduled Never
Data movement can be initiated manually or set up automatically using a schedule.
The schedule can be viewed at Data Management > File System > Summary.
The data movement schedule is set at Data Management > File System > Cloud
Units > Settings > Data Movement.
If a cloud unit is inaccessible when cloud tier data movement runs, the cloud unit is
skipped in that run. Data movement on that cloud unit occurs in the next run if the
cloud unit becomes available. The data movement schedule determines the
duration between two runs. If the cloud unit becomes available and you cannot wait
for the next scheduled run, you can start the data movement manually.

Appendix
Recall Data from the Cloud
For nonintegrated backup applications, you must recall the data to the active tier
before you can restore it. Backup administrators must trigger a recall or backup
applications must perform a recall before cloud-based backups can be restored.
Once a file is recalled, aging is reset and starts again from 0, and the file is eligible
based on the age policy set. A file can be recalled on the source MTree only.
Integrated applications can recall a file directly.
Recall fails if there is no space in the active tier to move the file. This decision is
made before any movement is started. Recall is per file. Dell EMC Cloud Tier
checks for existing data segments on the active tier. Only segments not present in
the active tier are invoked for recall from the cloud.

Appendix
Recall Data Using DDSM
Select Data Management > File System > Summary. In the Cloud Tier section of
the Space Usage panel, click Recall, or expand the File System status panel at
the bottom of the screen. Click Recall.
The Recall link is available only if a cloud unit is created and has
data. The Recall File from Cloud dialog is displayed.
In the Recall File from Cloud dialog, enter the exact file name (no wildcards) and
full path of the file, for example: /data/col1/mt11/ file1.txt. Click Recall to
start the recall process.
Only four recall jobs are active at any given time. uUp to 1,000 recall jobs can be
queued up to run automatically as previous jobs complete. The recall queue is
automatically regenerated, so if the system is restarted during a recall the recall
continues when the system is back up.
Once the file has been recalled to the active tier, you can restore the data.

Appendix
Recall Data Using the CLI
Check the Location of the File
Use the filesys report generate file-location [path {<path-

name> | all}] [output-file <filename>] command to check the location
of the file to recall.
The path-name can be a file or directory; if it is a directory, all files in the directory
are listed.
Recall the File
Recall the file using the data-movement recall path <path-name>

command.
This command is asynchronous, and it starts the recall.
Monitor the Status of the Recall
Monitor the status of the recall using the data-movement status [path
{pathname | all | [queued] [running] [completed] [failed]} |
to-tier cloud | all}] command.
If the status shows that the recall is not running for a given path, the recall may
have finished, or it may have failed.
Verify the Location of the File
Verify the location of the file using the filesys report generate file-
location [path {<path-name> | all}] [output-file <filename>]
command.
Once the file has been recalled to the active tier, you can restore the data.

Appendix
Requirements
The Dell EMC Cloud Tier feature must be licensed and enabled on either a physical
or virtual PowerProtect DD appliance. A cloud profile and cloud unit name should
be configured before using the DD VTL Tape Out to Cloud feature.
Both DD VTL and Cloud Tier Capacity licenses are required to use the DD VTL
Tape Out to Cloud feature.

Appendix
Backup and Restore Workflow for Long-Term Retention
The workflow for backing up and restoring data using the PowerProtect DD VTL
Tape Out to Cloud feature is as follows:
1. Perform the backup server or client configuration and user application setup.
2. Back up to primary disk storage pools
3. During backup, the data is copied while the backup server maintains the
necessary backup catalog and tracking metadata.
4. Data replicates to the DD VTL vault.
5. This replication can be onsite or geographically separated sites. The backup
server tracks the tapes in a “mountable” state.
6. Once the tapes are ready for long-term retention, they are ejected from the tape
storage pool.
7. The backup server tracks tapes in the “nonmountable” state.
8. The backup server continues to monitor the tape while the Long-Term Retention
to Cloud functionality moves the tapes to the cloud tier.

Appendix
9. Once in the cloud tier vault, the backup server maintains the tape status to be
“Offsite.”
10. Restore process: The PowerProtect DD appliance recalls the tapes from the
cloud tier vault and places them in the DD VTL vault. Once the tapes are in the
vault, they can be moved to the library where the backup application can use
them.
You can manage a DD VTL using the DD System Manager (DDSM) or the
command-line interface (CLI).

Appendix
End-to-End Workflow
The DD VTL Tape Out to Cloud feature uses these components in the
PowerProtect DD appliance. The user interacts with the system using the DDSM or
CLI. The DD VTL service uses the Tape Out to Cloud functionality built on the DD
file system Long-Term Retention service.
The DD file system uses NFS v3 APIs to access the DD VTL tape pool and send
the virtual tapes in the vault to the cloud tier.

Appendix
Tape Out to Cloud Policies

There are two types of policies that Tape Out to Cloud is built upon.
The Tape selection policy is applied at the pool level and sets the age threshold for
data moving to the cloud. The minimum setting is 14 days. If the policy is set to
user-managed, the user uses a command to select one or more tapes to move at
the next scheduled data movement. If the setting is set to none, no tapes are
moved to the cloud.
Only tapes in the vault are eligible to move to the cloud.
The cloud data movement schedule defines how frequently vaulted tapes are
moved to the cloud. The cloud data movement schedule can be set to never, to any
number of days/weeks, or run manually.
You can find specific commands that are used to set the tape selection policy, and
cloud data movement schedule in the DDOS Command Reference Guide on the
Dell EMC Support site.

Appendix
Configuring Tape Out to Cloud
Prepare the VTL Pool for Data Movement
Data movement for VTL occurs at the tape volume level. Individual tape volumes or
collections of tape volumes can be moved to the cloud tier but only from the vault
location. Tapes in other elements of a VTL cannot be moved.
1. Select Protocols > DD VTL.

2. Expand the list of pools, and select a pool on which to enable migration to
Cloud Tier.
3. In the Cloud Data Movement pane, click Create under Cloud Data Movement
Policy.
4. In the Policy drop-down list, select a data movement policy: Age of tapes in
days or Manual selection.
5. Set the data movement policy details.
a. For Age of tapes in days, select an age threshold after which tapes are
migrated to Cloud Tier, and specify a destination cloud unit.
b. For Manual selection, specify a destination cloud unit.
6. Click Create.
Remove Tapes from the Backup Application Inventory
Use the backup application verify the tape volumes that will move to the cloud are
marked and inventoried according to the backup application requirements.
Select Tape Volumes for Data Movement
Manually select tapes for migration to the cloud tier (immediately or at the next
scheduled data migration), or manually remove tapes from the migration schedule.

2. Expand the list of pools, and select the pool which is configured to migrate
tapes to the cloud tier.
3. In the pool pane, click the Tape tab.

Appendix
4. Select tapes for migration to the cloud tier.

5. Click Select for Cloud Move to migrate the tape at the next scheduled
migration, or Move to Cloud Now to immediately migrate the tape.
Note: If the data movement policy is based on tape ages, the Select for Cloud
Move is not available, as the protection system automatically selects tapes for
migration.
6. Click Yes at the confirmation dialog.

Appendix
Tape Recall from the Cloud

From the DD System Manager:
2. Expand the list of pools, and select the pool which is configured to migrate
tapes to the cloud tier.
3. In the pool pane, click the Tape tab.
4. Select one or more tapes that are located in a cloud unit.
5. Click Recall Cloud Tapes to recall tapes from Cloud Tier.
After the next scheduled data migration, the tapes are recalled from the cloud unit
to the vault. From the vault, the tapes can be returned to a library.


Cloud Tier Implementation and Administration Participant Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Tier Implementation and Administration Participant Guide PDF

Uploaded by

Copyright:

Available Formats

CLOUD TIER

Cloud Tier Implementation and Administration ..................................................................... 1

Dell EMC Cloud Tier Overview .................................................................................. 2

Configuring Cloud Tier ............................................................................................ 16

Data Movement ........................................................................................................ 27

Cloud Tier Implementation and Administration

Page ii © Copyright 2021 Dell Inc.

Cloud Tier Implementation and Administration

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 1

Dell EMC Cloud Tier Overview

Cloud Tier Implementation and Administration

Page 2 © Copyright 2021 Dell Inc.

Dell EMC Cloud Tier Overview

Active Tier Cloud Tier Benefits

Only unique data is sent to the

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 3

Model Memory Cloud Number Supported Number Capacity

DD3300 16 8 N/A N/A N/A 1 x 1 TB

DD6900 288 576 2 DS60 or 2 30 x 4 TB

DD9400 576 1536 2 DS60 or 4 60 x 4 TB

Cloud Tier Implementation and Administration

Page 4 © Copyright 2021 Dell Inc.

DD9900 1152 2016 2 DS60 or 5 75 x 4 TB

DDVE* 32 32 N/A N/A N/A 1 x 500 GB

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 5

Cloud Tier Components and Platform Support

Backup Data Single namespace

Supported cloud storage (Long-term

Requires extra storage for metadata Cloud Unit 2

Cloud Tier is supported on physical PowerProtect DD systems with expanded

Cloud Tier is supported in PowerProtect DD High Availability (DD HA)

Cloud Tier Implementation and Administration

Page 6 © Copyright 2021 Dell Inc.

Cloud Tier Capacity Options

4 Each cloud unit can write to a separate supported cloud provider.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 7

Cloud Tier Protocol Support

Cloud Tier Implementation and Administration

Page 8 © Copyright 2021 Dell Inc.

Deduplication and Cleaning

Deduplication is not allowed

The cloud tier uses the same Cloud Unit 2

6 There is no deduplication across tiers: active tier and cloud tier.

7On most PowerProtect DD appliances, the default compression algorithm is

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 9

• On-demand cleaning is invoked from the user interface10 on a specific cloud

Cloud Tier Implementation and Administration

Page 10 © Copyright 2021 Dell Inc.

Retention Lock and Encryption

DD Retention Lock is supported by Dell EMC Cloud Tier.

Cloud Tier Implementation and Administration

© Copyright 2021 Dell Inc. Page 11

Encryption can be enabled13 at three levels:

A license for encryption is required.

Encryption of data at rest is enabled by default15 on data in the cloud.

Cloud units have separate controls for enabling encryption.

Using an external key manager is not supported.

15 Users can disable encryption.