My Data Domain Notes
My Data Domain Notes
Data Domain:Data Domain:
DeDuplication Types: DeDuplication Types: - File based DeDuplication - File based DeDuplication – Fixed-Len
– Fixed-Length gth Segment DeDuplicationSegment DeDuplication – Variable-Length Segment DeDuplication – Variable-Length Segment DeDuplication – Post-Process DeDuplication
– Post-Process DeDuplication – In-Line DeDuplication – In-Line DeDuplication
Data Domain System Introduction Data Domain System Introduction DeDuplicating hard!are system DeDuplicating hard!are system – Inline – Inline – Variable-length segments – Variable-length segments – Fingerprints – Fingerprints "ontroller "ontroller – Processors and #$% – Processors and #$% – &thernet and
– &thernet and FibrFibre "hannel connectionse "hannel connections Storage
Storage
-Lo!-cost S$T$ dis' dri(es -Lo!-cost S$T$ dis' dri(es -#$ID ) in so*t!are
-#$ID ) in so*t!are
-+V#$% used to protect un!ritten data -+V#$% used to protect un!ritten data Data Domain
Data Domain DeDuplication:DeDuplication: , Source ased
, Source ased DeDuplicationDeDuplication – .ses DD oost !ith
– .ses DD oost !ith DSP/distributed segment processingDSP/distributed segment processing00 , Target ased DeDuplication
, Target ased DeDuplication – accessible through "IFS1 +FS1 and
– accessible through "IFS1 +FS1 and VTL protocolsVTL protocols Data Domain
Data Domain 2lobal "ompression:2lobal "ompression:
, 2lobal "ompression – &3uals to DeDuplication and cant be
, 2lobal "ompression – &3uals to DeDuplication and cant be turned o4 turned o4 , Local "ompression – "ompress data segments
, Local "ompression – "ompress data segments be*ore !riting to dis'1 be*ore !riting to dis'1 &3uals to 5le &3uals to 5le compressiocompressions/usesns/uses algorithms – l61 g6 and g6*ast0 and can be turned o47
algorithms – l61 g6 and g6*ast0 and can be turned o47 Stream-In*or
Stream-In*ormed Segment med Segment Layout /SISL0 Layout /SISL0 scaling architecture:scaling architecture: , SISL
, SISL architecturarchitecture pro(ides *ast and e pro(ides *ast and e8cient deduplication:e8cient deduplication: 99 o* duplicate
99 o* duplicate data segments are identi5ed inline in #$% be*ore they are stored to dis'7data segments are identi5ed inline in #$% be*ore they are stored to dis'7 System
System throughput increases directly as "P. throughput increases directly as "P. per*ormance increaper*ormance increases7ses7 %inimi6es the dis'
%inimi6es the dis' *ootprint by minimi6ing dis' access7*ootprint by minimi6ing dis' access7 The Data Doma
The Data Domain system DeDuplin system DeDuplication – ;o! it ication – ;o! it !or's:!or's: <7 Segment – Data sliced into segments
<7 Segment – Data sliced into segments
=7 Fingerprint – Segments gi(en 5ngerprint ID /segment ID0 =7 Fingerprint – Segments gi(en 5ngerprint ID /segment ID0 >7 Filter – Fingerprint IDs compared to 5ngerprints in
>7 Filter – Fingerprint IDs compared to 5ngerprints in cache<7I* 5ngerprint ID ne!1 continue=7 cache<7I* 5ngerprint ID ne!1 continue=7 I* 5ngerprintI* 5ngerprint ID duplicate1 re*erence1 then delete
ID duplicate1 re*erence1 then delete
?7 "ompress – 2roups o* ne! segments compressed using common techni3ue/l61 g61 g6*ast0 ?7 "ompress – 2roups o* ne! segments compressed using common techni3ue/l61 g61 g6*ast0
@7 Arite – Segments /including 5ngerprints1 metadata1 B logs0!ritten to containers1containers !ritten to @7 Arite – Segments /including 5ngerprints1 metadata1 B logs0!ritten to containers1containers !ritten to dis'
dis'
Data In(ulnerability
Data In(ulnerability $rchitectur$rchitecture:e:
- Data In(ulnerability $rchitecture is an important &%" Data Domain technology that pro(ides sa*e and - Data In(ulnerability $rchitecture is an important &%" Data Domain technology that pro(ides sa*e and reliable storage7
reliable storage7 – The &%" Data
– The &%" Data Domain operating system /DD CS0 is built Domain operating system /DD CS0 is built *or data protection7 Its elements comprise an*or data protection7 Its elements comprise an architectural design !hose goal is
architectural design !hose goal is data in(ulnerabilitydata in(ulnerability7 There are *our technologies !ithin 7 There are *our technologies !ithin the Datathe Data In(ulnerability $rchitectur
In(ulnerability $rchitecture that e that 5ght data loss:5ght data loss: <7 &ndtoend (eri5cation
<7 &ndtoend (eri5cation -, Veri*y Stripe Integrity , Veri*y Stripe Integrity , Veri*y user data Integrity , Veri*y user data Integrity
, Veri*y 5le system metadata Integrity , Veri*y 5le system metadata Integrity =7 Fault a(oidance and containment =7 Fault a(oidance and containment
, +e! data ne(er o(er!rites good data7 /The system ne(er puts
, +e! data ne(er o(er!rites good data7 /The system ne(er puts existing data at ris'70existing data at ris'70 , There are *e!er complex data structures
, There are *e!er complex data structures , The system
, The system includes non-(olatile #$% /+V#$%0 *or *ast1 sa*e restartsincludes non-(olatile #$% /+V#$%0 *or *ast1 sa*e restarts >7 "ontinuous *ault detection and healing
>7 "ontinuous *ault detection and healing , periodically rechec'
, periodically rechec's the integrity o* s the integrity o* the #$ID stripes and container logsthe #$ID stripes and container logs , uses #$ID system redundancy to heal *aults
, uses #$ID system redundancy to heal *aults , During e(ery read1 data integrity is re-(eri5ed , During e(ery read1 data integrity is re-(eri5ed , $ny errors are healed as they are encountered , $ny errors are healed as they are encountered
?7 File system reco(erability
, is a *eature that reconstructs lost or corrupted 5le system metadata7 It includes 5le system chec' tools7
Data Domain 5le systems:
, The administrati(e 5le system /called dd(ar0 – dd(ar
, The storage 5le system /called %tree0 – bac'up /datacol<0 Data Domain System Protocols:
, +FS – +et!or' 5le system /+FS0 clients can ha(e access to Data Domainsystem directories and %trees7 , "IFS – The "ommon Internet FileSystem /"IFS0 clients can ha(e access to Data Domain system
directories and %trees
, VTL – The (irtual tape library /VTL0 protocol enables bac'up applications to connect to and manage Data Domain system storage as i* it !ere a tape library7 $ll o* the *unctionality generally supported by a physical tape library is a(ailable !ith a Data Domain system con5gured as a VTL7 The mo(ement o* data *rom a system con5gured as a VTL to a physical tape is managed by bac'up so*t!are /not by the Data Domain system07 The VTL protocol is used !ith Fibre "hannel net!or'ing7
, DD oost – The DD oost protocol enables bac'up ser(ers to communicate !ith storage systems !ithout the need *or Data Domain systems to emulate tape7 There are t!o components to DD oost: one component that runs on the bac'up ser(er and another component that runs on a Data Domain system , +D%P – I* the VTL communication bet!een a bac'up ser(er and a Data Domain system is trough +D%P1no Fibre "hannel /F"0 is re3uired7 Ahen you use +D%P1 all initiator and port *unctionality does not apply7
Data Domain Data Paths:
, Data Domain data paths o(er Fibre "hannel net!or's – VTL
, Data Domain data paths o(er &thernet net!or's – +FS1 "IFS1 DD oost and +D%P Data Domain administration inter*aces:
, The &nterprise %anager1 !hich is the graphical user inter*ace /2.I0
, The command line inter*ace /"LI0 – $ccess "LI (ia SS;1 serial console1 telnet1 'eyboard B monitor Data Domain Initial "on5guration using &nterprise %anager – "on5guration Ai6ard: /"ommand Line – Econ5g setup "ommand0
"on5guration Ai6ard consists o* these sections: <7 Licenses1 =7 +et!or'1 >7 File system1 ?7 System1 @7 "IFS1 )7 +FS7
Data Domain %anage System $ccess: , .ser Pri(ileges: > Type o* "lasses <7 admin =7 user >7 security , $dministration access: Ser(ices: <7 telnet =7 *tp >7 http ?7 https @7 ssh ;ard!are: Storage Dis's: <7 $cti(e tier =7 .sable dis's >7 FailedForeign$bsent Dis's
Foreign Dis's – The *oreign state indicates that the dis' contains (alid Data Domain 5le system data and alerts the administrator to the presence o* this data to ma'e sure it is attended properly7 This commonly happens during chassis s!aps1 or !hen ne! shel(es are added to an acti(e system7
+etAor' Inter*aces:
.sing multiple &thernet net!or' cables1 ports1 and inter*aces /lin's0 in parallel1 lin' aggregation increases net!or' throughput1 across a L$+ or L $+s1 until the maximum computer speed is reached7 –GLin' $ggregation onding Types:
<7 #ound robin – Transmits pac'ets in se3uential order *rom 5rst a(ailable lin' through the last in the aggregated group7
=7 alanced – Data sent o(er the inter*aces as determined by the hash method you select7
>7 L$"P – Similar to balanced except *or the control protocol that communicates !ith the other end and coordinates !hat lin's1 !ithin the bond1 are a(ailable7 It pro(ides heartbeat *ail-o(er7
–GLin' Failo(er De5nition: , De5nition
$ (irtual inter*ace may include both physical and (irtual inter*aces as members /called inter*ace group members07
, ;o! It Aor's
Lin' *ailo(er is supported by a bonding dri(er on a Data Domain system7 The bonding dri(er chec's the carrier signal on the acti(e inter*ace e(ery H79 seconds7 I* the carrier signal is lost1 the acti(e inter*ace is changed to another standby inter*ace7 $n address resolution protocol /$#P0 is sent to indicate that the data must o! to the ne! inter*ace
–G%anage VL$+ and IP $lias:
VL$+ and IP alias net!or' inter*aces are used: , For net!or' security
,To segregate net!or' tra8c ,To speed up net!or' tra8c ,To organi6e a net!or' ;o! It Aor's:
I* youJre not using VL$+s1 you can use IP aliases7 IP aliases are easy to implement and are less expensi(e than VL$+1 but they are not a true VL$+7 For example1 you must use one IP address *or management and another IP address to bac' up or archi(e data7 Kou can combine VL$+s and IP aliases7
Data %anagement: –GSnapshot:
Snapshot location: datacol<bac'up
ex: datacol<bac'upaustin7snapshot datacol<bac'upscla7snapshot !here1 7snapshot is a directory
, #eplication donJt replicate snapshot o* a (olume1 it has to be manually con5gured *or replication7 –GFast "opy:
$ *ast copy copies 5les and directory trees o* a source directory to a target directory on a Data Domain system7 Kou can use the *ast copy operation to retrie(e data stored in snapshots7 Fastcopy ta'es space /itJs li'e a clone07
–G#etention Loc': – Licensed *eature
- #etention loc' is an optional1 system-licensed so*t!are *eature that enables organi6ations to protect their data in non-!riteable and non-erasable *ormats *or a speci5ed length o* time1 up to MH years7 #etention loc' protects against:
$ccidents and user errors %alicious acti(ity
– Data !hich has been loc'ed using the retention loc' *eature ma'es the data !riteable and non-erasable7 Files cannot be modi5ed e(en a*ter the retention time *or the 5le expires7 The retention period o* a retention-loc'ed 5le can be extended but not reduced7
- In order *or a 5le to become loc'ed !ith the retention loc'1 the 5leJs access time /called Eatime0 must be set to a *uture date that is beyond the minimum retention period con5gured on the Data Domain system7
– The act o* setting the atime is the signal to the Data Domain system to loc' the 5le7 $s soon as this (alue is set1 the 5le is loc'ed and cannot be deleted or modi5ed be*ore that date7
Data saniti6ation:
- Data saniti6ation is sometimes re*erred to as electronic shredding
– Aith the data saniti6ation *unction1 deleted 5les can be o(er!ritten using a DoD+IST compliant algorithm and procedures
– It remo(es any trace o* deleted 5les !ith no residual remains pre(enting normally deleted data *rom being reco(ered7
– @ phases o* saniti6ation: <7 %erge
>7 &numeration ?7 "opy
@7 Nero
Data &ncryption:
- $lso called inline data encryption
– Protects data on a Data Domain system *rom unauthori6ed access or accidental exposure – #e3uires so*t!are license
– Ahen data is bac'ed-up1 data enters (ia +FS1 "IFS1 VTL1 DD oost and +D%P Tape Ser(er protocols7 It is then:
Segmented Fingerprinted
Deduplicated /or globally compressed0 2rouped
Locally compressed &ncrypted
Important – encryption at a more granular le(el is not possible7 Cnce enabled all the i ncoming data !ill be encrypted7
File System "leaning:
- "leaning reclaims physical storage occupied by expired data7 For example1 as retention periods on bac'up so*t!are expire data1 old bac'ups are remo(ed *rom the bac'up catalog7 Space *rom expired bac'ups becomes a(ailable only a*ter a system cleaning process reclaims the dis' space7
- Ahen application so*t!are expires bac'up or archi(e data1 they are deleted in the sense that they are no longer accessible or a(ailable *or reco(ery *rom the application7 The data is not deleted immediately it is remo(ed during a cleaning operation7 In the case o* retention loc'1 expired 5les !ill not be deleted until the retention loc' period ends7
- The de*ault time schedule *or 5le system cleaning is e(ery Tuesday at ) am and The de*ault "P. throttle is @H7
- na(igate to Data %anagement G File System G "on5guration G "lean Schedule Data Domain #eplication:
Types o* Data Domain #eplication:
- Directory #eplication: For partial site1 single directory bac'up – %Tree#eplication: For partial site1 point-in-time bac'up
– Pool #eplication: In a VTL setting1 speci5ed pools o* (irtual cartridges are treated as a directory /Destination does not re3uire a VTL license0
– "ollection #eplication: For !hole system mirroring /The *astest and lightest impact replication type0 , Cne *undamental di4erence bet!een %tree replication and directory replication is the method used *or determining !hat needs to be replicated bet!een the source and destination7 %Tree replication creates periodic snapshots at the source and transmits the di4erences bet!een t!o consecuti(e snapshots to the destination #eplication Topologies: - < to < – bidirectional – many to < – < to many – cascaded – cascaded < to many #eplication Seeding:
I* the source Data Domain system has a lot o* data1 the initial replication seeding can ta'e some time o(er a slo! lin'7 To expedite the initial seeding1 you can bring the destination system to the same location as the source system to use a high-speed1 lo!-latency lin'7 Cnce data is initially seeded using the high-speed net!or'1 mo(e the system bac' to its intended location7 $s data is initially seeded1 only ne! data is sent *rom that point on!ards7
Lo!-band!idth Cptimi6ation:
$n option that reduces A$+ band!idth utili6ation .se*ul i* using a lo!-band!idth net!or' lin'7 Pro(ides additional compression
Cnly *or replication !ith O) %bs a(ailable band!idth
.se band!idth and net!or'-delay settings together to calculate the proper T"P bu4er si6e *or replication
- Delta compression is a global compression algorithm that is applied a*ter identity 5ltering7 The algorithm loo's *or pre(ious similar segments using a s'etch-li'e techni3ue that sends only the di4erence bet!een pre(ious and ne! segments7
- Delta compression reduces the amount o* data to be replicated o(er lo!-band!idth A$+s by eliminating the trans*er o* redundant data *ound !ith replicated deduplicated data7 This *eature is typically bene5cial to remote sites !ith lo!er Data Domain models
#esynchroni6e #eco(ered Data:
#esynchroni6ation is the process o* reco(ering /or bringing bac' into sync0 the data bet!een a source and destination replication pair a*ter a manual brea' in replication7
&%" DD oost:
- &%" Data Domain oost extends the bac'up optimi6ation bene5ts o* Data Domain deduplication storage solutions by distributing parts o* the deduplication process to the bac'up ser(er or application client7 DD oost dramatically increases throughput speeds1 minimi6es bac'up L$+ load1 and impro(es bac'up ser(er utili6ation7
- In a typical bac'up en(ironment using in-line deduplication1 client data is sent to a Data Domain system !here the data is identi5ed in segments7 These segments are identi5ed to be uni3ue data or duplicate segments7 I* they are uni3ue1 they are compressed and !ritten to the storage subsystem on the Data Domain7
DD oost Features:
- "entrali6ed replication a!areness and management – ac'up application !ell a!are o* replication enabled on the DD end and easy reco(ery o* data can be done *rom the data residing in *ailo(er node7 – Distributed segment processing /DSP0
– $d(anced load balancing and *ailo(er (ia inter*ace groups DD oost – Deduplication and Distributed Segment Processing: Steps:
<7 Segment the data
=7 %ar' 5nger print *or the segmented data >7 compare the 5nger printed segments !ith DD ?7 Filter the uni3ue data
@7 send and !rite the uni3ue data in DD
DD oost "on5guration – Symantec +etac'up ac'up ;ost:
<7 License as re3uired
=7 "reate de(ices1 pools through bac'up ser(er management console
>7 "on5gure bac'up policies and groups to use Data Domain con5gured de(ices
?7 "on5gure duplicate to use Data Domain con5gured de(ices on desired Data Domain systems7 Source DD:
<7 License DD oost7 =7 &nable DD oost
>7 Set a Data Domain local user as a DD oost user7 ?7 "reate DD oost storage units
#eplica DD:
<7 License DD oost =7 &nable DD oost
>7 Set a Data Domain local user as a DD oost user7 ?7 "reate DD oost storage units 7
, +etac'upconsole: "on5gure Data Domain systems as dis' storage ser(ers a7Install Data Domain CST plug-in
b7"on5gure dis' storage ser(ers type CST c7"reate storage li*ecycle policy
, "on5gure Data Domain systems /$ and 0 *or oost a7&nable DD oost
b7Set user
c7"reate storage unit and "IFS share , +. "onsole: "on5gure ac'up Policy a7"reate a ac'up Policy
b7$pply Storage Li*ecycle Policy to ac'up Policy
, +. "onsole: %onitor $cti(ity *or ac'up and Cpt7 Duplication a7Start bac'up policy and monitor acti(ity
, +. "onsole: #estore 5les *rom system a7#estore *rom secondary copy
b7Veri*y #estored Files
,Veri*y Files on Data Domain systems $ and a7Veri*y File #eplicationSpace .sage Stats b7Validate bac'up 5les and 5le replication 5les Data Domain System Per*ormance %etrics: ,system sho! per*ormance – "ommand
-.tili6ation-proc rec( send idle
-proc-percent o* time spent processing net!or' re3uests
rec(-percent o* time spent recei(ing re3uests o(er the net!or' send-percent o* time spent sending re3uests o(er the net!or'
idle-percent o* time !aiting *or net!or' data trans*ers=recei(esendbac'up , system sho! per*ormance
–.tili6ation–QQQ -State-"P. dis' QQQ R"DV%SFJ -a(gmaxmax– 9= 9?> @M<? >? >)> ))H) V-State: " – cleaning D – dis' reconstruction – currently unused
V – (eri5cation /used in the deduplication process0
% – 5ngerprint merge /used in the deduplication process0
S – summary (ector chec'point /used in the deduplication process0 F – currently unused
%onitor Throughput: , system sho! stats = Tuning Solutions:
#educe stream count
DonJt clean during hea(y input DonJt replicate during hea(y input "onsider using lin' aggregation Isolate net!or'
"onsider implementing DD oost %onitor a Data Domain System: S+%P
Syslog
Support bundle
$utosupport logs and alert messages $utosupport logs and alert messages:
– #eport the system status and identi*y potential system problems – Pro(ide daily noti5cation o* the systemJs condition
– Send email noti5cations to speci5c recipients *or 3uic'er1 targeted responses – Supply critical system data to aid support case triage and management DD Cperating System .pgrade:
#elease Types
– #$1 I$1 and 2$ – #estricted a(ailability1 Initial $(ailability and 2eneral $(ailability There is no do!n-grade path
– #ead all release notes be*ore upgrading
– Ahen in doubt1 contact Support be*ore installing an upgrade Preparing *or DDCS .pgrade:
- $re you upgrading more than t!o release *amilies at a time ,, ?7M to ?79 is considered t!o *amilies
,, ?7M to @7H is more than t!o *amilies and re3uires t!o upgrades – Time re3uired
,, Single upgrades can ta'e about ?@ minutes or more
,, During the upgrade1 the Data Domain 5le system is una(ailable
,, Shutting do!n processes1 rebooting a*ter upgrade1 and chec'ing the upgrade all ta'e time – #eplication
,, .pgrade the destination /replica0 be*ore upgrading the source /originator0 – Stop any "IFS client connections be*ore beginning the upgrade%odule Aor'ing on VTL "on5guration:
Setting .p a Virtual Tape Library: &nable VTL
"reate a Library "reate Tapes Import Tapes ,I, &nable VTL:
<7 In the %ore Tas's menu1 select Ser(ice G &nable7 The &nable Ser(ice dialog box appears7
=7 In the &nable VTL dialog box1 clic' CU7 The &nable Ser(ice Status dialog box appears7
>7 Ahen the &nable Ser(ice Status dialog box displays "ompleted1 clic' "lose7
,II, "reate a Library
<7 In the %ore Tas's menu1 clic' Library "reate7 =7 &nter the VTL library in*ormation:
Library +ame – +ame can be *rom < to >= alphanumeric characters7
+umber o* Dri(es – From < to =@) tape dri(es7 Systems !ith ? 2 o* memory /DD?xx1 DD@<H and DD@>H0 can ha(e a maximum o* )? dri(es7
Systems !ith 2 to =? 2 /DD@)Hto DD)9H0 can ha(e a maximum o* <= dri(es7 The DDH !ith ? 2 o* memory can ha(e up to =@) tape dri(es7
Dri(e %odel – I%-LTC-< I%-LTC-=
I%-LTC->
+umber o* Slots – +umber o* slots in the library: .p to >=1HHH slots per library
.p to )?1HHH slots per system
This should be e3ual or greater than the number o* dri(es7
+umber o* "$Ps – /Cptional0 +umber o* cartridge access ports /"$Ps0: .p to <HH "$Ps per library
.p to =HHH "$Ps per system
"hanger %odel +ame – "lic' the drop-do!n list and select the model: L<H
#&STC#&#-L<H TS>@HH
"hec' the bac'up so*t!are application documentation on the Data Domain support site *or the model name that you should use7
>7 "lic' CU7
,III, "reating Tapes
The de*ault capacities *or each I% LTC dri(e type are as *ollo!s: LTC-< dri(e: <HH 2
LTC-= dri(e: =HH 2 LTC-> dri(e: ?HH 2 ,IV, Importing tapes
Importing mo(es existing tapes *rom the (ault to a library slot1 dri(e1 or cartridge access port /"$P07 The number o* tapes that you can import at one time is limited by the number o* empty slots in the library7 /Kou cannot import more tapes than the number o* currently empty slots70
<7 In the Tapes (ie!1 either:
a7 &nter search in*ormation about the tapes to import and clic' Search:
=7 From the Import Tapes: library (ie!1 (eri*y the summary in*ormation and the tape list1 and clic' +ext7 >7 "lic' "lose on the status !indo!7
Aor'ing !ith $ccess 2roups:
$ VTL access group /or VTL group0 is created to hold a collection o* initiator AAP+s or aliases and the dri(es and changers they are
allo!ed to access7 $s !ell1 a de*ault group exists named TapeSer(er1 !here you can add de(ices that !ill support +D%P-based bac'up applications7
$ccess group con5guration allo!s initiators /in general bac'up applications0 to read and !rite data to the de(ices that are also in
$ccess groups allo! clients to access only selected L.+s /media changers or (irtual tape dri(es0 on a system7 $ client that is set up
*or an access group can access only de(ices that are in its access group7
+ote: $(oid ma'ing access group changes on a Data Domain system during acti(e bac'up or restore Wobs7 $ change may cause an acti(e Wob to *ail7 The impact o* changes during acti(e Wobs depends on a
combination o* bac'up so*t!are and host con5gurations7 Vie! $ccess 2roup In*ormation:
L.+s Tab – L.+1 Library1 De(ice1 In-.se Ports1 Primary Ports1 Secondary Ports Initiators Tab – Initiator1 AAP+
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Data Domain &ncryption
:-&ncryption o* Data at #est or Einline data encryption
Protects *rom loststolen1 accidental expose to a lost dri(e1 or intrusion #e3uires a license
&nables data on system dri(es or external storage to be encrypted1 !hile being sa(ed and loc'ed1 be*ore itJs mo(ed to another location
$ll ingested data is encrypted
Data that exists on the Data Domain be*ore enabling encryption is not automatically encrypted but can be later
Inline &ncryption happens during the Data Domain SISL Process:
SegmentG5ngerprintGDeduplicate /globally compress0G2roupGLocally compressG&ncrypt
The *ollo!ing Protocols can be encrypted as data is ingested: +FS1 "IFS1 VTL1 DDoost and +D%P tape ser(er
The a(ailable types o* &ncryption are:
<=bit or =@) $&S /$d(anced &ncryption Standard0 "" mode
Cr both "" /"ipher loc' "haining0 and 2"% /2alios"ounter mode0
YCne important thing to remember is that all data entering DD system !ill be encrypted there are +C other granular le(els o* encryption a(ailable
The *eature can be enabled on the &ncryption tab in File System sho!s status
$lso1 do not *orget an &ncryption passphrase !hen loc'ing or unloc'ing 5le system or disabling &ncryption do not lose your passphrase1 this is imperati(e
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Data Domain DD)H – Technical Speci5cations – #eal Si6e – )? T - $pplied ac'up read throughput !e are getting <HH 2;our Logical "apacity /Standard0 <7? – @7M P /Y0/YYYY0/YYYYY0
Logical "apacity /#edundant0 M7< – =7@ P/YY0/YYYY0/YYYYY0
%ax7 Throughput /Cther0 @7< Thr /%aximum throughput achie(ed using Symantec CpenStorage and <H 2b &thernet0
%ax7 Throughput /DD oost0 97 Thr /YYY0 Po!er Dissipation )H A
"ooling #e3uirement = HM@ T.hr
Data Domain DDM=HH – Technical Speci5cations – #eal Si6e – 9) T "apacity /#a!0 %ax7 .sabe: ?= T
%ax7 .sabe ! DD &xtended #etention: <7M P Logical "apacity /Standard0 ?7= – =<7? P /Y0/YY0
Logical "apacity /#edundant0 ! DD &xtended #etention: <M7< – @7) P /Y0/YY0
%ax7 Throughput /Cther0 <<79 Thr /%aximum throughput achie(ed using +FS and <H 2b &thernet0 /YY0 %ax7 Throughput /DD oost0 =)7H Thr /%aximum throughput achie(ed using DD oost and <H 2b &thernet0
