Symantec Backup Exec
Blueprints
Blueprint
for Private Cloud Services
Backup Exec Technical Services
Symantec Backup Exec Blueprints 2
Notice
This Backup Exec Blueprint presentation includes example diagrams that contain objects that represent applications and platforms from other companies such as Microsoft and VMware. These diagrams may or may not match or resemble actual implementations found in end user environments. Any likeness or similarity to actual end user environments is completely by coincidence.
The goal of the diagrams included in this blueprint presentation is not to recommend specific ways in which to implement applications and platforms from other companies such as Microsoft and VMware, but rather to illustrate Backup Exec best practices only. For guidelines and best practices on installing and configuring applications and platforms from other companies, please refer to best practice documentation and other resources provided by those companies.
Symantec Backup Exec
Blueprints
•
Blueprints
Help Customers Avoid Common Challenges/Pitfalls
• Each
Blueprint
Contains:
‒ Recommended Configuration: Best-practice implementation example ‒ Life Preservers: Best practices and pitfalls to avoid
• Use
Blueprints
to:
‒ Present the Backup Exec best practice implementation example ‒ Highlight key “life preserver” guidelines to avoid problems
Symantec Backup Exec
Blueprints
4
Introduction
Key terms and principles
Backup Exec 2012
Private Cloud Services
Key terms and definitions
Term Definition
Backup Exec Private Cloud Services The feature name.
Enterprise Server Option The parent option of the Central Admin Server Option (CASO).
Central administration server The Backup Exec server on which CASO is installed.
Managed Backup Exec server The new name for a managed media server .
Cloud Backup Exec server
The Backup Exec server that is located in the managed service provider’s data center that hosts the deduplication disk storage.
The Backup Exec server can be a central administration server or a managed Backup Exec server, depending on configuration.
Deduplication disk storage The disk storage device that is enabled for data deduplication and is
located on the Backup Exec server.
Backup definition A group of options that you select that define the backup selections, the
backup job methods and options, and any stages.
Offsite copy The backup data that is stored on a managed Backup Exec server, then
6
Example Diagrams and Life Preservers
Multitenant cloud Backup Exec server configuration of
Private Cloud Services
Example Diagram:
Private Cloud Services
Multitenant cloud Backup Exec server configuration
DC/DNS Server
Customer 1 LAN Customer 2 LAN
MSP Data Center LAN
Backup Exec - CAS Customer 2 Domain Customer 1 Domain MSP Domain
High-level Best Practices
Backup Exec servers at customer sites in MSP’s domain Use transfer drives to seed the cloud Backup Exec server Backup Exec servers at customer sites on physical hardware Backup Exec servers at customer sites protected by encryption Local backups of customer servers for fast restore capability Leverage deduplication to optimized backup storage
Optimized duplication can improve WAN transfer speeds The Backup Exec 3600 appliance can be used as MBES
1 2 3 4 5 6 7 VPN
DC/DNS Server Virtual Host Backup Exec - MBES BE 3600 - MBES Virtual Host DC/DNS Server
Managed Services Provider NOC Optimized Duplication Stream
Microsoft BitLocker 8 1 2 3 4 5 6 7 8 1 5 6 Tape Out Virtual Machines Virtual Machines Diagram Legend Backup Exec
UI (CAS) Cloud Backup Exec Server
Symantec Backup Exec Blueprints 8
Life Preservers:
Private Cloud Services
Managed Services Provider NOC
•
Backup Exec Server at Managed Service Provider’s NOC
– Cloud Backup Exec server and Central Administration Server
– Enabled with local deduplication disk storage device
– Deduplication device shared with Backup Exec servers at customer sites
– Select “Private cloud server” option
•
Cloud Backup Exec Server Deduplication Disk Device
– Maximum of 64 TB of deduplicated data (should scale to 10x or better)
•
Tape Considerations
– Customer backups can be stored to tape attached to cloud Backup Exec
server
– One job definition can include all backup stages:
(1) Local backup at customer site
(2) Duplication of backup from customer site to cloud Backup Exec server at MSP NOC (3) Duplication of backup at cloud Backup Exec server to tape
Life Preservers:
Private Cloud Services
Customer sites
•
Backup Exec Servers at Customer Sites
– Managed Backup Exec servers (controlled by CAS at MSP NOC)
– Enabled for deduplication
– Member of MSP’s domain, not customer’s domain
– No local logon access for customers (required for multitenant security)
– Customer backups stored to local Backup Exec server, then copied to cloud
Backup Exec server (optimized duplication)
– Can be custom Backup Exec server or BE 3600 Appliance
•
Security Requirements
– Custom Backup Exec servers should be on standalone hardware (not VMs)
– Should be enabled with disk encryption
– Member of MSP’s domain, not customer’s domain
Symantec Backup Exec Blueprints 10
Life Preservers:
Private Cloud Services
Replicating backups to cloud Backup Exec server
•
Optimized Duplication
– Only unique blocks transmitted to cloud Backup Exec server
– Blocks already contained at cloud Backup Exec server are skipped
– Can greatly improve WAN transfer efficiency
•
Backup Exec Built-in Security Features
– Communication between Backup Exec servers/components secured
– TSL/SSL encryption technology
•
Other Security Recommendations
– Enable SSL on all VMware hosts being protected by Backup Exec
– Secure communications between MSP NOC and customer sites using VPN
Life Preservers:
Private Cloud Services
Multitenancy support
•
Multitenancy in Private Cloud Services
– Customer data not physically separate from other customers
– Data co-exists in cloud Backup Exec server’s deduplication disk device
– Managed Services Provider is full owner/controller of backup operations
– Clients cannot control, see, or restore their data or other client’s data
– Fully dependent upon Managed Services Provider for backup/restore
– Managed Services Provider is trusted advisor; has “keys to the kingdom”
•
Domain Requirements
– Client Backup Exec servers part of Managed Services Provider’s domain
– Clients not given local logon access (multitenant security)
•
Seeding the Cloud Backup Exec Server
– Process for adding data to cloud Backup Exec server’s deduplication device
Symantec Backup Exec Blueprints 12
Life Preservers:
Private Cloud Services
Performance
•
Network Recommendations
– Less than one percent packet loss
– Round-trip latency of 250ms or better
•
Loss of Network Connection
– Results in stopping of scheduled backup operations
– Backups resume when network connection is restored
– If necessary, Backup Exec servers at client sites can be reverted to
standalone
– Details in planning and deployment guide
Life Preservers:
Private Cloud Services
Catalog modes
•
Centralized Catalogs
– Catalog data stored at cloud Backup Exec server (CAS)
– Easy catalog backup/protection
– High demands on network connectivity between sites
– Requires persistent network connection
•
Distributed Catalogs
– Most catalog data maintained at Backup Exec servers at client sites
– Usually recommended for distributed configurations
– Persistent network connection between sites not required
•
Replicated Catalogs
– Combination of centralized and distributed
– Catalogs maintained at CAS as well as Backup Exec servers at client sites
Symantec Backup Exec Blueprints 14
Life Preservers:
Private Cloud Services
Other considerations
•
Two Private Cloud Services Configurations
– Multitenant cloud Backup Exec server (dealt with in this blueprint)
– Single-tenant cloud Backup Exec servers
•
Single-tenant Configuration
– Each customer has own cloud Backup Exec server at MSP NOC
– Backup Exec server at customer site in customer’s domain
– Customer has logon access to local Backup Exec server
– Some customers may require this due to regulations in their vertical
•
Mix-and-Match
– MSPs may use either or both Private Cloud Services configurations
•
Other Related Backup Exec Blueprints
– Blueprint: Optimized Duplication
