Dell DR4300 DR Series System Administrator Guide - Page 15

Encryption at Rest, Streams vs. Connections, Replication, DR Series System Interoperability Guide

Get Dell DR4300 PDF manuals and user guides View all Dell DR4300 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

The DR Series system supports the 64:1 replication of data (32:1 if on the DR4X00 and 8:1 for the DR2000v), whereby up to 64 source DR Series systems can write data to different individual containers on a single, target DR Series system. This supports, for example, the use case where branch or regional offices can each write their own data to a separate, distinct container on a main corporate DR Series system. NOTE: Be aware that the storage capacity of the target DR Series system is directly affected by the number of source systems writing to its containers and by the amount being written by each of the source systems. If the source and target systems reside in different Active Directory (AD) domains, then the data that resides on the target DR Series system may not be accessible. When AD is used for authentication for DR Series systems, the AD information is saved with the file. This can serve to restrict user access to the data based on the type of AD permissions that are in place. NOTE: This same authentication information is replicated to the target DR Series system when you have replication configured. To prevent domain access issues, ensure that both the target and source systems reside in the same Active Directory domain. For a complete list of supported management application, refer to the DR Series System Interoperability Guide. Encryption at Rest Data that resides on the DR Series system can be encrypted. When encryption is enabled, the DR Series system uses the Industry standard FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) encryption algorithm for encrypting and decrypting user data. The content encryption key is managed by the key manager, which operates in either a Static mode or an Internal mode. In Static mode, a global, fixed key is used to encrypt all data. In internal mode, key lifecycle management is performed in which the keys are periodically rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is userconfigurable and can be specified in days. A user-defined passphrase is used to generate a pass phrase key, which is used to encrypt the content encryption keys. It is mandatory to define a passphrase to enable encryption. The system supports up to a limit of 1023 different content encryption keys. Streams vs. Connections This topic describes the differences between data streams and application connections. Streams can be likened to the number of files written at the same time to a DR Series system. The DR Series system tracks the number of files being written and assembles the data into 4MB chunks before processing that section of the data. If the stream count is exceeded, the data is processed out of order and overall deduplication savings can be affected. For details on maximum stream count, see the Dell DR Series System Interoperability Guide. Connections are created by applications; within a single connection, there can be multiple streams depending on the application and how many backup jobs are running in parallel over that single connection. Replication can use up to 16 streams over a single port using one connection. For example, suppose you are running backups using Backup Exec and using DR4100 and the CIFS protocol. If you have: • One Backup Exec server connected to the DR4100 over CIFS and one backup running, you have one connection and one stream. • One Backup Exec server connected to the DR4100 over CIFS with 10 concurrent backups running, you have one connection and ten streams. This means that Backup Exec is writing ten different files to the DR4100. Replication Replication is the process by which key data is saved from storage locations, with the goal of maintaining consistency between redundant resources in data storage environments. Data replication improves the level of fault-tolerance, which improves the reliability of maintaining saved data and permits accessibility to the same stored data. 15

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
The DR Series system supports the 64:1 replication of data (32:1 if on the DR4X00 and 8:1 for the DR2000v), whereby up to
64 source DR Series systems can write data to different individual containers on a single, target DR Series system. This
supports, for example, the use case where branch or regional offices can each write their own data to a separate,
distinct container on a main corporate DR Series system.
NOTE:
Be aware that the storage capacity of the target DR Series system is directly affected by the number of
source systems writing to its containers and by the amount being written by each of the source systems.
If the source and target systems reside in different Active Directory (AD) domains, then the data that resides on the
target DR Series system may not be accessible. When AD is used for authentication for DR Series systems, the AD
information is saved with the file. This can serve to restrict user access to the data based on the type of AD permissions
that are in place.
NOTE:
This same authentication information is replicated to the target DR Series system when you have
replication configured. To prevent domain access issues, ensure that both the target and source systems reside in
the same Active Directory domain.
For a complete list of supported management application, refer to the
DR Series System Interoperability Guide
.
Encryption at Rest
Data that resides on the DR Series system can be encrypted. When encryption is enabled, the DR Series system uses
the Industry standard FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) encryption algorithm for
encrypting and decrypting user data. The content encryption key is managed by the key manager, which operates in
either a Static mode or an Internal mode. In Static mode, a global, fixed key is used to encrypt all data. In internal mode,
key lifecycle management is performed in which the keys are periodically rotated. The minimum key rotation period
before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-
configurable and can be specified in days. A user-defined passphrase is used to generate a pass phrase key, which is
used to encrypt the content encryption keys. It is mandatory to define a passphrase to enable encryption. The system
supports up to a limit of 1023 different content encryption keys.
Streams vs. Connections
This topic describes the differences between data streams and application connections.
Streams can be likened to the number of files written at the same time to a DR Series system. The DR Series system
tracks the number of files being written and assembles the data into 4MB chunks before processing that section of the
data. If the stream count is exceeded, the data is processed out of order and overall deduplication savings can be
affected. For details on maximum stream count, see the
Dell DR Series System Interoperability Guide
.
Connections are created by applications; within a single connection, there can be multiple streams depending on the
application and how many backup jobs are running in parallel over that single connection. Replication can use up to 16
streams over a single port using one connection.
For example, suppose you are running backups using Backup Exec and using DR4100 and the CIFS protocol. If you have:
One Backup Exec server connected to the DR4100 over CIFS and one backup running, you have
one connection
and
one stream
.
One Backup Exec server connected to the DR4100 over CIFS with 10 concurrent backups running, you have
one
connection
and
ten streams
. This means that Backup Exec is writing ten different files to the DR4100.
Replication
Replication is the process by which key data is saved from storage locations, with the goal of maintaining consistency
between redundant resources in data storage environments. Data replication improves the level of fault-tolerance,
which improves the reliability of maintaining saved data and permits accessibility to the same stored data.
15