© IBM Corporation IBM Spectrum Protect Plus IBM Spectrum Storage Family E-Dist Grugliasco (To) - 24 Maggio 2018 Ruggero Luvie’ IBM Software Defined Storage TechSales [email protected]
© IBM Corporation
IBM Spectrum Protect PlusIBM Spectrum Storage Family
E-DistGrugliasco (To) - 24 Maggio 2018
Ruggero Luvie’IBM Software Defined Storage [email protected]
IBM Spectrum Protect delivered….
IBM Spectrum Protect delivered….
DEDUPLICATION
Up to 10 TB/H4 PB managed data x istance1 PB data stored x instance
NODE REPLICATION
HA & DR solutionData ready for use on remote site Object Granularity Different retentionHW agnostic
The same efficiencies of a dedicated appliance using commodity storage
Hardware agnostic,
permanent licensing
Reduced licensing Costs
Unified management
IBM Spectrum Protect delivered….
Data
Store the primary copy of backup data
in IBM Cloud Object Storage (COS).
Store a secondary copy
of backup data in IBM Cloud
Object Storage at a Disaster
recovery site.
Policy-based replication to store
long-term copies of backup data
in IBM Cloud Object Storage at
primary site.
IBM Spectrum Protect policy-based
replication using dissimilar policies
Primary site
IBM Cloud
Object storage
Primary site
IBM Spectrum Protect
policy-based replication
Primary site DR site
Fast disk
Fast disk
IBM Cloud
Object storage
IBM Cloud
Object storage
IBM Spectrum Protect delivered….
Cloud accellerator
Tier to cloud
IBM Spectrum Protect delivered….
Analytics-based detection ofsecurity abnormalities
• Number of files backed up
• Number of bytes backed up
• Drastic change indeduplication rate
Security Dashboard
GDPR compliance itemsGDPR technote
IBM Spectrum Protect evolving….
Snapshots
Allows for speed !!Require less storage space
Reduce data movement
Enable more frequent backups
Reduced RTO and RPO
Copy Data Management
Reuse data !! Accelerated copy access for many use cases
• Devops
• D.R. & recovery
• Analytics
• Clone
• .....
Reduce storage requirements
➢ Data Protect and Data Reuse solution for VMware and Hyper-V environments
• Employ an easy-to-use user-facing management portal and policy-driven data protection for fast backup and instant operational recovery
• See protection compliance and storage utilization at a glance with a Service Level Dashboard
• Search instantly and restore across many virtual machines (VMs) and recovery points with a global catalog of VMs and files
• Deploy quickly using Open Virtual Appliance (OVA) and agentless architecture
• Integrate IBM® Spectrum Protect™ (optional) for advanced data protection and storage
Backup Data Put to Work
IBM Spectrum Protect Plus – business value
• Spectrum Protect Plus - Master software (GUI, scheduler, catalog engine). Typically 1 per
environment.
• VADP Proxies - Shifts processing load off the SPP host
• vSNAP - Storage server repository for Protect Plus VM snapshots. One or more per
environment.
<SPP is deployed as a virtual appliance.
Vmware Requirements• vSphere 5.5 and later
• vSphere 6.0 and later
• vSphere 6.5 and later
Hyper-V Requirements• Microsoft Hyper-V Server
2016
• SUSE or Red Hat (minimum kernel of 2.6.32)
• 64-bit quad core
• 8 GB RAM (16 GB recommended)
• 60 GB disk space
VADP Proxy can be either virtual or physical
Vsnap can be either virtual or physical
SPP appliance OVA• VMDK/pRDM (NFS/VMFS) storage
Virtual appliance (vSnap OVA)• VMDK/pRDM (NFS/VMFS) storage
Physical, Intel-based, CentOS(vSnap installer package)
• Block storage (DAS, iSCSI, FC)
IBM Spectrum Protect Plus - Key Components
IBM Spectrum Protect Plus - ArchitectureIBM Spectrum Protect Plus - Architecture
• Datastores, folders, sub-folders or VMs can be selected as source for backup.
• All VMs in the selected datastore, folder or subfolder are included and any VMs subsequently added are automatically protected
• Backups are done at the block-level and run in a “Base Once+ Incremental Forever” model.
• Each backup is a “Synthetic Full” backup (no previous base or incremental backup is required for any restore).
IBM Spectrum Protect Plus - Backup
IBM Spectrum Protect Plus – recovery/restore
• Test Mode
Creates temporary VMs for development/testing, snapshot verification and DR verification on a scheduled, repeatable basis without affecting production environments.
Can use fenced networking to establish a safe environment without interfering with production.
VMs created through Test mode are given unique names and UUIDs to avoid conflicts.
• Clone Mode
Creates copies of VMs for use cases requiring permanent or long-running copies for data mining or duplication of a test environment in a fenced network.
VMs created through Clone mode are given unique names and UUIDs to avoid conflicts.
• Production Mode
Enables DR at the local site from primary storage or a remote DR site, replacing original VM with recovery image. All configurations are carried over as part of the recovery, including names and UUIDs
IBM Spectrum Protect Plus – recovery/restore
15
• More than just recovery operational recovery
• Derive business value from your protected data
• Spin up VMs and VMDKs for easy, secure data access for multiple use cases
Data Access Use Cases
Test/Dev Reporting
Analytics DevOps
IBM Spectrum Protect Plus – use cases
• At-a-glance status
• Drill-down data on:
✓ Protection status
✓ SLA compliance
✓ Storage utilization
✓ VM sprawl
IBM Spectrum Protect Plus - dashboard
IBM Spectrum Protect Plus – vers 10.1.1
Backup optimization
• Backup optimization • Enhanced Backup Workflow
• Optimized operation flow
• VADP Proxy Push Installation and Update• Centralized Operation & distribution
• Proxy Management Options• Site association
• Transport mode
• Log retention
• Compression
• Selectively Expire Backups
IBM Spectrum Protect Plus – vers 10.1.1
Replication & Protection
10.1.1 allows you to create multiple sites . Having multiple sites allows you to create “local” resources (vSnap, VADP Proxy) for each site. This gives enhanced backup performance and is a more accurate representation of the actual environment.
VADP proxy can be assigned to specific jobs using a ‘by site’ rule
SNAP storage can be assigned to specific site
SLA can be defined to use a specific site
Site can be used to set up vsnap replication
IBM Spectrum Protect Plus – vers 10.1.1
Replication & Protection
vSnap Replication
Allows asynchronous replication between vSnap repositories for offsite, DR or additional copies.
• Similar idea to storage hardware replication
• Create a storage partnership between 2 vSnap repositories
• Vsnap Replication is enabled at SLA level
• Multiple partnerships available
• The same Vsnap can be backup and replication target st the same time
IBM Spectrum Protect Plus – vers 10.1.1
IBM Spectrum Protect Plus – vers 10.1.1
Replication & Protection
Replication & Protection
• Catalog Backup
• Gives a way to protect and recover all SPP catalog information
• Just add to an existing SLA policy or create a new SLA policy
• This is not a catalog merge, rather backup and restore
IBM Spectrum Protect Plus – vers 10.1.1
• IBM Spectrum Protect Plus supports following versions of MS SQL:• (Standalone, Failover Clustering, and AlwaysOn configurations)
• SQL 2008 R2 SP3 on Windows Server 2012 R2
• SQL 2012 on Windows Server 2012 R2
• SQL 2012 SP2 on Windows Server 2016
• SQL 2014 on Windows Server 2012 R2
• SQL 2014 on Windows Server 2016
• SQL 2016 on Windows Server 2012 R2
• SQL 2016 on Windows Server 2016
➢ Please refer to IBM SPP Supportability Matrix http://www-01.ibm.com/support/docview.wss?uid=swg22013789
IBM Spectrum Protect Plus – vers 10.1.1
SQL support
• IBM SPP performs backups of SQL databases at the block level.
• These backups run on “Base-Once-Incremental-Forever” scheme.
• First backup is full. All the allocated blocks from the source database are transferred to vSnap server.
• All subsequent backups are block-level incremental and transfer only changed blocks.
• IBM SPP queries Windows Update Sequence Number (USN) Journal (aka Change Journal) to locate and backup the changed blocks.
• Each backup keeps track of last USN Id, which is used by next backup to query for changed blocks.
• Backups are “application consistent”.
IBM Spectrum Protect Plus – vers 10.1.1
SQL support
• Oracle Database Versions• Oracle 11g R2
• Oracle 12c R1
• Oracle 12c R2
Operating System Versions• AIX 6.1 TL9+
• AIX 7.1+
• Red Hat Enterprise Linux/Centos/Oracle 6.5+
• Red Hat Enterprise Linux/Centos/Oracle 7.0+
• SUSE Linux Enterprise Server 11.0 SP4+
• SUSE Linux Enterprise Server 12.0 SP1+
Please refer to IBM SPP Supportability Matrix http://www-01.ibm.com/support/docview.wss?uid=swg22013789
IBM Spectrum Protect Plus – vers 10.1.1
Oracle support
• Oracle database must be running in MOUNTED or OPEN state and must have ARCHIVELOG mode enabled.
• Python version 2.6.x or 2.7.x must be installed
• SSH service must be running on port 22 and SFTP must be enabled.
IBM Spectrum Protect Plus user agent must have the follow privileges:• The user agent must belong to the Oracle inventory group (usually named “oinstall”).
• The user agent must have the following sudo privileges. This is required to discover storage layouts, mount and unmount disks and manage databases.
• Run commands as root and as Oracle software owner users without a password (NOPASSWD).
• Run commands without requiring interactive terminal (!requiretty),
• Preserve certain environment variables when using sudo (env_keep += ORACLE_HOME, env_keep += ORACLE_SID)
IBM Spectrum Protect Plus – vers 10.1.1
Oracle support
• Oracle backups run on “Base-Once-Incremental-Forever” scheme.
• Oracle Block Change Tracking is required. If not present, it is enabled automatically during the first backup.
• The first Oracle backup is a full backup.• IBM SPP creates a new vSnap volume and mounts it to the Oracle server using NFS. If
Oracle server has NFS disabled, the SPP appliance will automatically enable it.
• A level 0 image copy of the database is created using RMAN, then a snapshot of the vSnap volume is created.
• Subsequent backups are incremental• The previous created volume is reused and mounted on the application server using NFS.
• A level 1 incremental backup is created using RMAN and then it is immediately applied on top of the previous image copy to bring it up to date, then a snapshot of the vSnapvolume is created.
IBM Spectrum Protect Plus – vers 10.1.1
Oracle support
IBM Spectrum Protect Plus – vers 10.1.1
Oracle support
• SPP will automatically create a log backup volume and mount it to the application server.
• In RAC Configuration, when the log backup schedule is triggered, one active node performs the log backup and the other nodes take no action.
• SPP automatically manages the retention of logs in its own log backup volume. After a successful database backup, older logs are deleted automatically from this log backup volume.
• NOARCHIVELOG databases are not eligible for point-in-time recovery, log backup will fail.
• SPP creates clone volumes from the selected snapshot and mounts it on the Oracle server using NFS.• In case of RAC, the share is mounted on all nodes.
• Oracle Direct NFS is required. If not already configured, it is enabled automatically by the restore job.
• Databases can be restored in two modes – Test and Production
• Databases can be restored to the original or alternate Oracle home.
• Databases can be restored to original or alternate directory paths • (production mode only)
• Databases can be restored to the original or a new name.
IBM Spectrum Protect Plus – vers 10.1.1
Oracle support : restore
Production Database restore steps:• A new database instance is created using the original or
alternate name specified by the user.
• If restoring with same name and same directory paths:
• Control file is restored from backup
• Datafiles are restored from backup using RMAN
• If restoring with new name and/or new directory paths:
• A new control file is created, containing new DB name and/or new data paths.
• If new paths point to filesystem directories, they are created if they do not already exist.
• If new paths point to ASM, the specified diskgroups must already exist.
• Datafiles are restored from backup to the specified new paths.
• Media recovery is performed to make the database consistent using the archived log backups present under the NFS share.
• The database is opened in READ WRITE mode.
IBM Spectrum Protect Plus – vers 10.1.1
Test Database restore steps:• A new database instance is created using the
original or alternate name specified by the user.
• A new control file is created to point to the datafile image copies under the NFS share.
• Media recovery is performed to make the database consistent using the archived log backup present under the NFS share.
• The database is opened in READ WRITE mode.
• After successful restore, job goes into RESOURCE ACTIVE state.
• When user invokes Cancel, the test mode database is shut down and the NFS share is unmounted.
• The restored databases run in NOARCHIVELOG mode.
• In case of RAC, the database is opened on the first node only. The operation is skipped on other nodes.
• A third restore option, “Instant Access” provides access to database files.
• After mounting the clone volume, job goes into RESOURCE ACTIVE state.
• User can manually browse the contents of the NFS share and use custom RMAN commands.
• When canceling, the share is unmounted and job ends.
IBM Spectrum Protect Plus – vers 10.1.1
Oracle support : restore
Role Based Access Control (RBAC) allows organizations to give control of the data directly to those that need it. It does this while only allowing the access and permissions you define.
Built in Roles for ease of use
• Application Admin
• Backup Only
• Restore Only
• SYSADMIN
• Self Service
• VM Admin
Built in Resource Groups for ease of use
• All Resources
• Database All Resource Pool
• Hypervisor All Resource Pool
IBM Spectrum Protect Plus – vers 10.1.1
RBAC
Users can be defined either locally or on LDAP . Users associates Roles with Resource Group setting the authorization limits assigned to such user
Resource Groups - A resource group defines the resources that will be made available to a user. Every resource added to IBM Spectrum Protect Plus can be included in a resource group, along with individual IBM Spectrum Protect Plus functions and screens. A resource group could include an individual hypervisor, with access to only backup and reporting functionality. When the resource group is associated with a role and a user, the user will only see the screens associated with backup and reporting for the assigned hypervisor.
Roles - Roles define the actions that can be performed on the resources defined in a resource group.
IBM Spectrum Protect Plus – vers 10.1.1
RBAC
• SPP uses an open REST API to handle communication between the back-end and the GUI.
• This REST API can be leveraged to allow for scripting, integration and automation.
• Server responses are in JSON format
• Spectrum Protect Plus is able to integrate with existing automation tools like Jenkins, Puppet, vRealize Orchestrator, Control-M and others.
• Any scripting language able to make REST calls and parse JSON can be used (Python, JavaScript, PowerShell, Groovy, etc.)
IBM Spectrum Protect Plus – vers 10.1.1
Rest API
SPP 10.1.1 also add the following enhancements for vmware environments :
• VMware Tagging
• VMDK Exclusion for Backups
• Exclusion Rules on SLA
• VMware 6.5 Support for Encrypted VMs
IBM Spectrum Protect Plus – vers 10.1.1
Vmware updates
IBM Spectrum Protect Plus – vers 10.1.1
Putting it all togheter
IBM Spectrum Protect Plus – vers 10.1.1
In the cloud
44Spectrum Protect Plus (SPP) Server can be configured to backup directly to Spectrum Protect (SP)
or offload a copy from the vSnap repository
Scenario 1 – Direct Offload
- Select the option in the SLA Policy
”Offload to Spectrum Protect” and
define a frequency.
- Plus communicates to the VM via
VADP to create a backup into the
vSnap repository
- Based on the schedule set in the
Plus SLA Policy, Plus communicates
to SPVE and then SPVE
communicates directly to the VM
- SPVE data movers backup the VM
directly into the Protect storage pool
specified by the SPVE data mover (benefit: block level incrementals)
- Backup and recoveries to Protect
and Protect Plus can be driven
though Spectrum Protect Plus
IBM Spectrum Protect Plus – Spectrum Protect
45
Spectrum Protect Plus (SPP) Server can be configured to backup directly to Spectrum Protect (SP)
or offload a copy from the vSnap repository
Scenario 2 – vSnap Offload
- Select the option in the SLA Policy
to ‘Use Backup Storage’ to offload
from vSnap to Spectrum Protect.
- Plus communicates to the VM via
VADP to create a backup into the
vSnap repository
- Based on the schedule, SPVE will
tell vSnap to create an NFS mount
of the VM
- SPVE data movers make a copy of
the VM that is mounted and moves
it to the Protect storage pool
specified by the SPVE data mover (note: no block level incrementals)
- Backup and recoveries to Protect
and Protect Plus can be driven
though Spectrum Protect Plus
IBM Spectrum Protect Plus – Spectrum Protect
Simplified copy data management that can increase business velocity and efficiency
IBM Spectrum CDM
High-performance, highly scalable hybrid cloud storage for unstructured data
IBM Spectrum Scale
Highly flexible, scale-out enterprise block storage for hybrid clouds that deploys in minutes
IBM Spectrum Accelerate
Long term retention for active archive data that lowers costs up to 90% by delivering a fast tape file systemIBM Spectrum Archive
Virtualization and optimization of of hybrid cloud block environments that helps improve flexibility and stores up to 5x more data
IBM Spectrum Virtualize
Optimized hybrid cloud data protection that can simplify restores and reduce backup costs by up to 53 percentIBM Spectrum Protect
Hybrid cloud storage and data management that helps optimize applications and reduce costs by up to 73%IBM Spectrum Control
Flexible and economical scalable hybrid cloud object storage with geo-dispersed enterprise availability and security IBM Cloud Object Storage
Easy to manage software-defined file storage for the enterprise
Spectrum Suite of Products
Flash
AnyStorage
Cloud Services
Family of Storage Managementand Optimization Software
Private, Publicor Hybrid Cloud
Storage Rich Servers
Secure EfficientHybridCloud
High-Performance