Home » Dell Manuals » Storage Devices » Dell PowerVault DL4000 » Manual Viewer

Dell PowerVault DL4000 Dell PowerVault DL4000 Backup To Disk Appliance - Power - Page 17

Encryption, True Global Deduplication

View all Dell PowerVault DL4000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

Figure 3. True Global Deduplication AppAssure 5 performs target-based inline data deduplication. This means that the snapshot data is transmitted over to the Core before it is deduplicated. Inline data deduplication simply means the data is deduplicated before it is committed to disk. This is very different from at-source or post-process deduplication, where the data is deduplicated at the source before it is transmitted to the target for storage, and in post-process the data is sent raw to the target where it is analyzed and deduplicated after the data has been committed to disk. At-source deduplication consumes precious system resources on the machine whereas the post-process data deduplication approach needs all the requisite data on disk (a greater initial capacity overhead) before commencing the deduplication process. On the other hand, inline data deduplication does not require additional disk capacity and CPU cycles on the source or on the Core for the deduplication process. Conventional backup applications perform repetitive full backups every week, while AppAssure performs incremental block level backups of the machines forever. This incremental forever approach in tandem with data deduplication helps to drastically reduce the total quantity of data committed to the disk with a reduction ratio of as much as 80:1. Encryption AppAssure 5 provides integrated encryption to protect backups and data-at-rest from unauthorized access and use, ensuring data privacy. AppAssure 5 provides strong encryption. By doing so, backups of protected computers are inaccessible. Only the user with the encryption key can access and decrypt the data. There is no limit to the number of encryption keys that can be created and stored on a system. DVM uses AES 256-bit encryption in the Cipher Block Chaining (CBC) mode with 256-bit keys. Encryption is performed inline on snapshot data, at line speeds without impacting performance. This is because DVM implementation is multi-threaded and uses hardware acceleration specific to the processor on which it is deployed. Encryption is multi-tenant ready. The deduplication has been specifically limited to records that have been encrypted with the same key; two identical records that have been encrypted with different keys is not be deduplicated against each other. This design decision ensures that deduplication cannot be used to leak data between different encryption domains. This is a benefit for managed service providers, as replicated backups for multiple tenants (customers) can be stored on a single core without any tenant being able to see or access other tenant data. Each active tenant encryption key creates an encryption domain within the repository where only the owner of the keys can see, access, or use the data. In a multi-tenant scenario, data is partitioned and deduplicated within the encryption domains. 17

Section	Page
Dell PowerVault DL4000 Backup To Disk Appliance — Powered By AppAssure User's Guide	3
Introduction To AppAssure 5	11
About AppAssure 5	11
AppAssure 5 Core Technologies	11
Live Recovery	11
Recovery Assure	12
Universal Recovery	12
True Global Deduplication	12
AppAssure 5 True Scale Architecture	12
AppAssure 5 Deployment Architecture	13
AppAssure 5 Smart Agent	14
AppAssure 5 Core	14
Snapshot Process	15
Replication Disaster Recovery Site Or Service Provider	15
Recovery	15
Product Features Of AppAssure 5	15
Repository	16
True Global Deduplication	16
Encryption	17
Replication	18
Recovery-as-a-Service (RaaS)	19
Retention And Archiving	19
Virtualization And Cloud	20
Alerts And Event Management	20
AppAssure 5 License Portal	20
Web Console	20
Service Management APIs	20
White Labeling	21
Managing AppAssure 5 Licenses	23
About The AppAssure 5 License Portal	23
About Navigation In The License Portal	23
About The License Portal Server	23
About Accounts	24
About Obtaining A License Key	24
Registering Your Appliance On The License Portal	25
Registering For A License Portal Account	26
Activating A License Portal Account	27
Logging On To The AppAssure 5 License Portal	27
Using The License Portal Wizard	27
Adding A Core To The License Portal	29
Adding An Agent	29
Configuring Personal Settings	30
Configuring Personal Security Settings	30
Changing Your AppAssure License Portal Password	31
Viewing Users	31
Inviting Users And Setting User Security Privileges	32
Editing User Security Privileges	33
Revoking User Privileges	33
About Groups	33
Managing Groups	34
Adding A Group Or Subgroup	34
Deleting A Subgroup	34
Editing Group Information	34
Editing Branding Settings For The Root Group	35
Adding Company And Billing Information For A Group	36
Managing Licenses	37
About License Pools	38
Viewing Your License Key	38
Assigning Group Licenses	38
Assigning Subgroup Licenses	39
About Distributing License Pools between Subgroups	39
About Billing For Licenses	39
About Disposing Of Licenses	40
Configuring Advanced License Portal Settings	40
Managing Registered Machines	40
About License Portal Reports	41
Summary Category	41
User Category	42
Group Category	42
Machines Category	42
License Category	43
Drill-Downs	44
Generating A Report	45
Managing Subscriptions	45
Working With The AppAssure 5 Core	47
Accessing The AppAssure 5 Core Console	47
Roadmap For Configuring The AppAssure 5 Core	47
Managing Licenses	47
Changing A License Key	48
Contacting The License Portal Server	48
Managing AppAssure 5 Core Settings	48
Changing The Core Display Name	48
Adjusting The Nightly Job Time	49
Modifying The Transfer Queue Settings	49
Adjusting The Client Timeout Settings	49
Configuring Deduplication Cache Settings	49
Modifying AppAssure 5 Engine Settings	50
Modifying Database Connection Settings	50
About Repositories	51
Roadmap For Managing A Repository	51
Creating A Repository	52
Viewing Details About A Repository	53
Modifying Repository Settings	53
Adding A Storage Location To An Existing Repository	54
Checking A Repository	56
Deleting A Repository	56
Managing Security	56
Adding An Encryption Key	56
Editing An Encryption Key	57
Changing An Encryption Key Passphrase	57
Importing An Encryption Key	58
Exporting An Encryption Key	58
Removing An Encryption Key	58
Understanding Replication	58
About Replication	58
About Seeding	59
About Failover And Failback In AppAssure 5	60
About Replication And Encrypted Recovery Points	60
About Retention Policies For Replication	60
Performance Considerations For Replicated Data Transfer	60
Roadmap For Performing Replication	61
Configuring Replication	61
Monitoring Replication	64
Pausing And Resuming Replication	65
Managing Replication Settings	66
Removing Replication	66
Removing An Agent From Replication On The Source Core	66
Removing An Agent On The Target Core	67
Removing A Target Core From Replication	67
Removing A Source Core From Replication	67
Recovering Replicated Data	67
Roadmap For Failover And Failback	68
Setting Up An Environment For Failover	68
Performing Failover On The Target Core	68
Performing Failback	69
Managing Events	70
Configuring Notification Groups	70
Configuring An Email Server And Email Notification Template	71
Configuring Repetition Reduction	72
Configuring Event Retention	72
Managing Recovery	73
About Recovery Points	73
About System Information	73
Viewing System Information	73
Dismounting Select Recovery Points	74
Dismounting All Recovery Points	74
Downloading Installers	74
About The Agent Installer	74
Downloading And Installing The Agent Installer	74
Managing Replication Settings	75
About Archiving	75
Creating An Archive	75
Importing An Archive	76
Managing SQL Attachability	76
Configuring SQL Attachability Settings	77
Configuring Nightly SQL Attachability Checks And Log Truncation	78
About The Local Mount Utility	78
Downloading And Installing The Local Mount Utility	78
Adding A Core To The Local Mount Utility	79
Mounting A Recovery Point Using The Local Mount Utility	79
Exploring A Mounted Recovery Point Using The Local Mount Utility	80
Dismounting A Recovery Point Using The Local Mount Utility	80
About The Local Mount Utility Tray Menu	81
Using AppAssure 5 Core And Agent Options	81
Managing Exchange Database Mountability Checks And Log Truncation	82
Configuring Exchange Database Mountability And Log Truncation	82
Forcing A Mountability Check	82
Forcing Checksum Checks	83
Recovery Point Status Indicators	83
Protecting Workstations And Servers	85
About Protecting Workstations And Servers	85
Configuring Machine Settings	85
Viewing And Modifying Configuration Settings	85
Viewing System Information For A Machine	86
Configuring Notification Groups For System Events	86
Editing Notification Groups For System Events	88
Customizing Retention Policy Settings	89
Viewing License Information	92
Modifying Protection Schedules	92
Modifying Transfer Settings	93
Restarting A Service	94
Viewing Machine Logs	94
Protecting A Machine	95
Creating Custom Schedules For Volumes	96
Modifying Exchange Server Settings	96
Modifying SQL Server Settings	97
Deploying An Agent (Push Install)	97
Replicating A New Agent	98
Managing Machines	99
Removing A Machine	99
Forcing Log Truncation	99
Replicating Agent Data On A Machine	100
Setting Replication Priority For An Agent	100
Canceling Operations On A Machine	101
Viewing Machine Status And Other Details	101
Managing Multiple Machines	101
Deploying To Multiple Machines	101
Monitoring The Deployment Of Multiple Machines	105
Protecting Multiple Machines	105
Monitoring The Protection Of Multiple Machines	106
Managing Snapshots And Recovery Points	107
Viewing Recovery Points	107
Viewing A Specific Recovery Point	107
Mounting A Recovery Point For A Windows Machine	107
Mounting A Recovery Point Volume On A Linux Machine	108
Removing Recovery Points	109
Forcing A Snapshot	109
Pausing And Resuming Snapshots	110
Restoring Data	110
Exporting Backup Information For Your Windows Machine To A Virtual Machine	110
Exporting Windows Data Using ESXi Export	111
Exporting Windows Data Using VMware Workstation Export	112
Exporting Windows Data Using Hyper-V Export	114
Performing A Rollback For A Windows Machine	116
Performing A Rollback For A Linux Machine	117
About Bare Metal Restore For Windows Machines	118
Prerequisites For Performing A Bare Metal Restore For A Windows Machine	118
Roadmap For Performing A Bare Metal Restore For A Windows Machine	118
Creating A Bootable CD ISO Image	119
Loading A Boot CD	120
Launching A Restore From The Appassure 5 Core	121
Mapping Volumes	121
Viewing The Recovery Progress	121
Starting A New Server	122
Repairing Startup Problems	122
Performing A Bare Metal Restore For A Linux Machine	122
Viewing Events And Alerts	123
Protecting Server Clusters	125
About Server Cluster Protection In AppAssure 5	125
Supported Applications And Cluster Types	125
Protecting A Cluster	126
Protecting Nodes In A Cluster	127
Process Of Modifying Cluster Node Settings	128
Roadmap For Configuring Cluster Settings	128
Modifying Cluster Settings	128
Configuring Cluster Event Notifications	129
Modifying The Cluster Retention Policy	130
Modifying Cluster Protection Schedules	131
Modifying Cluster Transfer Settings	131
Converting A Protected Cluster Node To An Agent	131
Viewing Server Cluster Information	132
Viewing Cluster System Information	132
Viewing Summary Information	132
Working With Cluster Recovery Points	133
Managing Snapshots For A Cluster	133
Forcing A Snapshot For A Cluster	133
Pausing And Resuming Cluster Snapshots	134
Dismounting Local Recovery Points	134
Performing A Rollback For Clusters And Cluster Nodes	134
Performing A Rollback For CCR (Exchange) And Dag Clusters	134
Performing A Rollback For SCC (Exchange, SQL) Clusters	135
Replicating Cluster Data	135
Removing A Cluster From Protection	135
Removing Cluster Nodes From Protection	135
Removing All Nodes In A Cluster From Protection	136
Viewing A Cluster Or Node Report	136
Reporting	139
About Reports	139
About The Reports Toolbar	139
About Compliance Reports	139
About Errors Reports	140
About The Core Summary Report	140
Repositories Summary	140
Agents Summary	141
Generating A Report For A Core Or Agent	141
About The Central Management Console Core Reports	142
Generating A Report From The Central Management Console	142
Completing A Full Recovery Of The DL4000 Backup To Disk Appliance	143
Create A RAID 1 Partition For The Operating System	143
Install The Operating System	143
Run The Recovery And Update Utility	144
Changing The Host Name Manually	147
Stop AppAssure Core Service	147
Delete AppAssure Server Certificates	147
Delete Core Server And Registry Keys	147
Launching AppAssure Core With The New Hostname	147
Change The Display Name In AppAssure	148
Update Trusted Sites In Internet Explorer	148
Appendix A — Scripting	149
About Powershell Scripting	149
Powershell Scripting Prerequisites	149
Testing Scripts	149
Input Parameters	150
AgentProtectionStorageConfiguration (namespace Replay.Common.Contracts.Agents)AgentTransferConfiguration (namespace Replay.Common.Contracts.Transfer)BackgroundJobRequest (namespace Replay.Core.Contracts.BackgroundJobs)ChecksumCheckJobRequest (namespace Replay.Core.Contracts.Exchange.ChecksumChecks)DatabaseCheckJobRequestBase (namespace Replay.Core.Contracts.Exchange)ExportJobRequest (namespace Replay.Core.Contracts.Export)NightlyAttachabilityJobRequest (namespace Replay.Core.Contracts.Sql)RollupJobRequest (namespace Replay.Core.Contracts.Rollup)TakeSnapshotResponse (namespace Replay.Agent.Contracts.Transfer)TransferJobRequest (namespace Replay.Core.Contracts.Transfer)TransferPostscriptParameter (namespace Replay.Common.Contracts.PowerShellExecution)TransferPrescriptParameter (namespace Replay.Common.Contracts.PowerShellExecution)VirtualMachineLocation (namespace Replay.Common.Contracts.Virtualization)VolumeImageIdsCollection (namespace Replay.Core.Contracts.RecoveryPoints)VolumeName (namespace Replay.Common.Contracts.Metadata.Storage)VolumeNameCollection (namespace Replay.Common.Contracts.Metadata.Storage)VolumeSnapshotInfo (namesapce Replay.Common.Contracts.Transfer)VolumeSnapshotInfoDictionary (namespace Replay.Common.Contracts.Transfer)	150
Pretransferscript.ps1	155
Posttransferscript.ps1	156
Preexportscript.ps1	157
Postexportscript.ps1	157
Prenightlyjobscript.ps1	158
Postnightlyjobscript.ps1	160
Sample Scripts	162
Getting Help	163
Contacting Dell	163

Match case Limit results 1 per page

Figure 3. True Global Deduplication

AppAssure 5 performs target-based inline data deduplication. This means that the snapshot data is transmitted over to

the Core before it is deduplicated. Inline data deduplication simply means the data is deduplicated before it is committed

to disk. This is very different from at-source or post-process deduplication, where the data is deduplicated at the source

before it is transmitted to the target for storage, and in post-process the data is sent raw to the target where it is

analyzed and deduplicated after the data has been committed to disk. At-source deduplication consumes precious

system resources on the machine whereas the post-process data deduplication approach needs all the requisite data

on disk (a greater initial capacity overhead) before commencing the deduplication process. On the other hand, inline

data deduplication does not require additional disk capacity and CPU cycles on the source or on the Core for the

deduplication process. Conventional backup applications perform repetitive full backups every week, while AppAssure

performs incremental block level backups of the machines forever. This incremental forever approach in tandem with

data deduplication helps to drastically reduce the total quantity of data committed to the disk with a reduction ratio of as

much as 80:1.

Encryption

AppAssure 5 provides integrated encryption to protect backups and data-at-rest from unauthorized access and use,

ensuring data privacy. AppAssure 5 provides strong encryption. By doing so, backups of protected computers are

inaccessible. Only the user with the encryption key can access and decrypt the data. There is no limit to the number of

encryption keys that can be created and stored on a system. DVM uses AES 256-bit encryption in the Cipher Block

Chaining (CBC) mode with 256-bit keys.

Encryption is performed inline on snapshot data, at line speeds without impacting performance. This is because DVM

implementation is multi-threaded and uses hardware acceleration specific to the processor on which it is deployed.

Encryption is multi-tenant ready. The deduplication has been specifically limited to records that have been encrypted

with the same key; two identical records that have been encrypted with different keys is not be deduplicated against

each other. This design decision ensures that deduplication cannot be used to leak data between different encryption

domains. This is a benefit for managed service providers, as replicated backups for multiple tenants (customers) can be

stored on a single core without any tenant being able to see or access other tenant data. Each active tenant encryption

key creates an encryption domain within the repository where only the owner of the keys can see, access, or use the

data. In a multi-tenant scenario, data is partitioned and deduplicated within the encryption domains.