IBM Spectrum Protect Plus IBM Spectrum Storage Family E-Dist Grugliasco (To) - 24 Maggio 2018 IBM Corporation Ruggero Luvie IBM Software Defined Storage TechSales rluvie@it.ibm.com
IBM Spectrum Protect delivered.
IBM Spectrum Protect delivered. DEDUPLICATION Up to 10 TB/H 4 PB managed data x istance 1 PB data stored x instance NODE REPLICATION HA & DR solution Data ready for use on remote site Object Granularity Different retention HW agnostic The same efficiencies of a dedicated appliance using commodity storage Hardware agnostic, permanent licensing Reduced licensing Costs Unified management
IBM Spectrum Protect delivered. Primary site IBM Cloud Object storage Store the primary copy of backup data in IBM Cloud Object Storage (COS). Data Primary site IBM Spectrum Protect policy-based replication Fast disk DR site IBM Cloud Object storage Store a secondary copy of backup data in IBM Cloud Object Storage at a Disaster recovery site. Primary site IBM Spectrum Protect policy-based replication using dissimilar policies Fast disk IBM Cloud Object storage Policy-based replication to store long-term copies of backup data in IBM Cloud Object Storage at primary site.
IBM Spectrum Protect delivered. Cloud accellerator Tier to cloud
IBM Spectrum Protect delivered. Security Dashboard Analytics-based detection of security abnormalities Number of files backed up Number of bytes backed up Drastic change in deduplication rate GDPR compliance items GDPR technote
IBM Spectrum Protect evolving. Snapshots Allows for speed!! Require less storage space Reduce data movement Enable more frequent backups Reduced RTO and RPO Copy Data Management Reuse data!! Accelerated copy access for many use cases Devops D.R. & recovery Analytics Clone... Reduce storage requirements
Backup Data Put to Work Data Protect and Data Reuse solution for VMware and Hyper-V environments Employ an easy-to-use user-facing management portal and policy-driven data protection for fast backup and instant operational recovery See protection compliance and storage utilization at a glance with a Service Level Dashboard Search instantly and restore across many virtual machines (VMs) and recovery points with a global catalog of VMs and files Deploy quickly using Open Virtual Appliance (OVA) and agentless architecture Integrate IBM Spectrum Protect (optional) for advanced data protection and storage
IBM Spectrum Protect Plus business value
IBM Spectrum Protect Plus - Key Components Spectrum Protect Plus - Master software (GUI, scheduler, catalog engine). Typically 1 per environment. VADP Proxies - Shifts processing load off the SPP host vsnap - Storage server repository for Protect Plus VM snapshots. One or more per environment. <SPP is deployed as a virtual appliance. Vmware Requirements vsphere 5.5 and later vsphere 6.0 and later vsphere 6.5 and later Hyper-V Requirements Microsoft Hyper-V Server 2016 VADP Proxy can be either virtual or physical SUSE or Red Hat (minimum kernel of 2.6.32) 64-bit quad core 8 GB RAM (16 GB recommended) 60 GB disk space Vsnap can be either virtual or physical SPP appliance OVA VMDK/pRDM (NFS/VMFS) storage Virtual appliance (vsnap OVA) VMDK/pRDM (NFS/VMFS) storage Physical, Intel-based, CentOS (vsnap installer package) Block storage (DAS, iscsi, FC)
IBM IBM Spectrum Spectrum Protect Protect Plus Plus - - Architecture Architecture
IBM Spectrum Protect Plus - Backup Datastores, folders, sub-folders or VMs can be selected as source for backup. All VMs in the selected datastore, folder or subfolder are included and any VMs subsequently added are automatically protected Backups are done at the blocklevel and run in a Base Once+ Incremental Forever model. Each backup is a Synthetic Full backup (no previous base or incremental backup is required for any restore).
IBM Spectrum Protect Plus recovery/restore
IBM Spectrum Protect Plus recovery/restore Test Mode Creates temporary VMs for development/testing, snapshot verification and DR verification on a scheduled, repeatable basis without affecting production environments. Can use fenced networking to establish a safe environment without interfering with production. VMs created through Test mode are given unique names and UUIDs to avoid conflicts. Clone Mode Creates copies of VMs for use cases requiring permanent or long-running copies for data mining or duplication of a test environment in a fenced network. VMs created through Clone mode are given unique names and UUIDs to avoid conflicts. Production Mode Enables DR at the local site from primary storage or a remote DR site, replacing original VM with recovery image. All configurations are carried over as part of the recovery, including names and UUIDs
IBM Spectrum Protect Plus use cases Data Access Use Cases More than just recovery operational recovery Derive business value from your protected data Spin up VMs and VMDKs for easy, secure data access for multiple use cases Test/Dev Reporting Analytics DevOps 15
IBM Spectrum Protect Plus - dashboard At-a-glance status Drill-down data on: Protection status SLA compliance Storage utilization VM sprawl
Backup optimization Backup optimization Enhanced Backup Workflow Optimized operation flow VADP Proxy Push Installation and Update Centralized Operation & distribution Proxy Management Options Site association Transport mode Log retention Compression Selectively Expire Backups
Replication & Protection 10.1.1 allows you to create multiple sites. Having multiple sites allows you to create local resources (vsnap, VADP Proxy) for each site. This gives enhanced backup performance and is a more accurate representation of the actual environment. VADP proxy can be assigned to specific jobs using a by site rule SNAP storage can be assigned to specific site SLA can be defined to use a specific site Site can be used to set up vsnap replication
vsnap Replication Replication & Protection Allows asynchronous replication between vsnap repositories for offsite, DR or additional copies. Similar idea to storage hardware replication Create a storage partnership between 2 vsnap repositories Vsnap Replication is enabled at SLA level Multiple partnerships available The same Vsnap can be backup and replication target st the same time
Replication & Protection
Replication & Protection Catalog Backup Gives a way to protect and recover all SPP catalog information Just add to an existing SLA policy or create a new SLA policy This is not a catalog merge, rather backup and restore
SQL support IBM Spectrum Protect Plus supports following versions of MS SQL: (Standalone, Failover Clustering, and AlwaysOn configurations) SQL 2008 R2 SP3 on Windows Server 2012 R2 SQL 2012 on Windows Server 2012 R2 SQL 2012 SP2 on Windows Server 2016 SQL 2014 on Windows Server 2012 R2 SQL 2014 on Windows Server 2016 SQL 2016 on Windows Server 2012 R2 SQL 2016 on Windows Server 2016 Please refer to IBM SPP Supportability Matrix http://www-01.ibm.com/support/docview.wss?uid=swg22013789
SQL support IBM SPP performs backups of SQL databases at the block level. These backups run on Base-Once-Incremental-Forever scheme. First backup is full. All the allocated blocks from the source database are transferred to vsnap server. All subsequent backups are block-level incremental and transfer only changed blocks. IBM SPP queries Windows Update Sequence Number (USN) Journal (aka Change Journal) to locate and backup the changed blocks. Each backup keeps track of last USN Id, which is used by next backup to query for changed blocks. Backups are application consistent.
Oracle support Oracle Database Versions Oracle 11g R2 Oracle 12c R1 Oracle 12c R2 Operating System Versions AIX 6.1 TL9+ AIX 7.1+ Red Hat Enterprise Linux/Centos/Oracle 6.5+ Red Hat Enterprise Linux/Centos/Oracle 7.0+ SUSE Linux Enterprise Server 11.0 SP4+ SUSE Linux Enterprise Server 12.0 SP1+ Please refer to IBM SPP Supportability Matrix http://www-01.ibm.com/support/docview.wss?uid=swg22013789
Oracle support Oracle database must be running in MOUNTED or OPEN state and must have ARCHIVELOG mode enabled. Python version 2.6.x or 2.7.x must be installed SSH service must be running on port 22 and SFTP must be enabled. IBM Spectrum Protect Plus user agent must have the follow privileges: The user agent must belong to the Oracle inventory group (usually named oinstall ). The user agent must have the following sudo privileges. This is required to discover storage layouts, mount and unmount disks and manage databases. Run commands as root and as Oracle software owner users without a password (NOPASSWD). Run commands without requiring interactive terminal (!requiretty), Preserve certain environment variables when using sudo (env_keep += ORACLE_HOME, env_keep += ORACLE_SID)
Oracle support Oracle backups run on Base-Once-Incremental-Forever scheme. Oracle Block Change Tracking is required. If not present, it is enabled automatically during the first backup. The first Oracle backup is a full backup. IBM SPP creates a new vsnap volume and mounts it to the Oracle server using NFS. If Oracle server has NFS disabled, the SPP appliance will automatically enable it. A level 0 image copy of the database is created using RMAN, then a snapshot of the vsnap volume is created. Subsequent backups are incremental The previous created volume is reused and mounted on the application server using NFS. A level 1 incremental backup is created using RMAN and then it is immediately applied on top of the previous image copy to bring it up to date, then a snapshot of the vsnap volume is created.
Oracle support SPP will automatically create a log backup volume and mount it to the application server. In RAC Configuration, when the log backup schedule is triggered, one active node performs the log backup and the other nodes take no action. SPP automatically manages the retention of logs in its own log backup volume. After a successful database backup, older logs are deleted automatically from this log backup volume. NOARCHIVELOG databases are not eligible for point-in-time recovery, log backup will fail.
Oracle support : restore Databases can be restored in two modes Test and Production Databases can be restored to the original or alternate Oracle home. Databases can be restored to original or alternate directory paths (production mode only) Databases can be restored to the original or a new name. SPP creates clone volumes from the selected snapshot and mounts it on the Oracle server using NFS. In case of RAC, the share is mounted on all nodes. Oracle Direct NFS is required. If not already configured, it is enabled automatically by the restore job.
Test Database restore steps: A new database instance is created using the original or alternate name specified by the user. A new control file is created to point to the datafile image copies under the NFS share. Media recovery is performed to make the database consistent using the archived log backup present under the NFS share. The database is opened in READ WRITE mode. After successful restore, job goes into RESOURCE ACTIVE state. When user invokes Cancel, the test mode database is shut down and the NFS share is unmounted. The restored databases run in NOARCHIVELOG mode. In case of RAC, the database is opened on the first node only. The operation is skipped on other nodes. Production Database restore steps: A new database instance is created using the original or alternate name specified by the user. If restoring with same name and same directory paths: Control file is restored from backup Datafiles are restored from backup using RMAN If restoring with new name and/or new directory paths: A new control file is created, containing new DB name and/or new data paths. If new paths point to filesystem directories, they are created if they do not already exist. If new paths point to ASM, the specified diskgroups must already exist. Datafiles are restored from backup to the specified new paths. Media recovery is performed to make the database consistent using the archived log backups present under the NFS share. The database is opened in READ WRITE mode.
Oracle support : restore A third restore option, Instant Access provides access to database files. After mounting the clone volume, job goes into RESOURCE ACTIVE state. User can manually browse the contents of the NFS share and use custom RMAN commands. When canceling, the share is unmounted and job ends.
RBAC Role Based Access Control (RBAC) allows organizations to give control of the data directly to those that need it. It does this while only allowing the access and permissions you define. Built in Roles for ease of use Application Admin Backup Only Restore Only SYSADMIN Self Service VM Admin Built in Resource Groups for ease of use All Resources Database All Resource Pool Hypervisor All Resource Pool
RBAC Users can be defined either locally or on LDAP. Users associates Roles with Resource Group setting the authorization limits assigned to such user Resource Groups - A resource group defines the resources that will be made available to a user. Every resource added to IBM Spectrum Protect Plus can be included in a resource group, along with individual IBM Spectrum Protect Plus functions and screens. A resource group could include an individual hypervisor, with access to only backup and reporting functionality. When the resource group is associated with a role and a user, the user will only see the screens associated with backup and reporting for the assigned hypervisor. Roles - Roles define the actions that can be performed on the resources defined in a resource group.
Rest API SPP uses an open REST API to handle communication between the back-end and the GUI. This REST API can be leveraged to allow for scripting, integration and automation. Server responses are in JSON format Spectrum Protect Plus is able to integrate with existing automation tools like Jenkins, Puppet, vrealize Orchestrator, Control-M and others. Any scripting language able to make REST calls and parse JSON can be used (Python, JavaScript, PowerShell, Groovy, etc.)
Vmware updates SPP 10.1.1 also add the following enhancements for vmware environments : VMware Tagging VMDK Exclusion for Backups Exclusion Rules on SLA VMware 6.5 Support for Encrypted VMs
Putting it all togheter
In the cloud
IBM Spectrum Protect Plus Spectrum Protect Scenario 1 Direct Offload - Select the option in the SLA Policy Offload to Spectrum Protect and define a frequency. - Plus communicates to the VM via VADP to create a backup into the vsnap repository - Based on the schedule set in the Plus SLA Policy, Plus communicates to SPVE and then SPVE communicates directly to the VM - SPVE data movers backup the VM directly into the Protect storage pool specified by the SPVE data mover (benefit: block level incrementals) - Backup and recoveries to Protect and Protect Plus can be driven though Spectrum Protect Plus Spectrum Protect Plus (SPP) Server can be configured to backup directly to Spectrum Protect (SP) or offload a copy from the vsnap repository 44
IBM Spectrum Protect Plus Spectrum Protect Scenario 2 vsnap Offload - Select the option in the SLA Policy to Use Backup Storage to offload from vsnap to Spectrum Protect. - Plus communicates to the VM via VADP to create a backup into the vsnap repository - Based on the schedule, SPVE will tell vsnap to create an NFS mount of the VM - SPVE data movers make a copy of the VM that is mounted and moves it to the Protect storage pool specified by the SPVE data mover (note: no block level incrementals) - Backup and recoveries to Protect and Protect Plus can be driven though Spectrum Protect Plus Spectrum Protect Plus (SPP) Server can be configured to backup directly to Spectrum Protect (SP) or offload a copy from the vsnap repository 45
Spectrum Suite of Products IBM Spectrum Control IBM Spectrum Protect Hybrid cloud storage and data management that helps optimize applications and reduce costs by up to 73% Optimized hybrid cloud data protection that can simplify restores and reduce backup costs by up to 53 percent Family of Storage Management and Optimization Software IBM Spectrum Virtualize IBM Spectrum Archive Virtualization and optimization of of hybrid cloud block environments that helps improve flexibility and stores up to 5x more data Long term retention for active archive data that lowers costs up to 90% by delivering a fast tape file system Private, Public or Hybrid Cloud Flash Cloud Services IBM Spectrum Accelerate Highly flexible, scale-out enterprise block storage for hybrid clouds that deploys in minutes IBM Spectrum Scale High-performance, highly scalable hybrid cloud storage for unstructured data Any Storage Storage Rich Servers IBM Cloud Object Storage Flexible and economical scalable hybrid cloud object storage with geo-dispersed enterprise availability and security IBM Spectrum CDM Simplified copy data management that can increase business velocity and efficiency Secure Efficient High-Performance Hybrid Cloud Easy to manage software-defined file storage for the enterprise