Home > Storage > Unity XT > Storage Admin > Dell Unity: Operating Environment (OE) Overview > Data protection
A suite of local and remote protection methods are available on the Dell Unity system. Unified Snapshots provides point-in-time copies of storage resources and offers consistent functionality across block and file resources. Native Asynchronous Replication leverages the technology of Unified Snapshots to offer protection of block and file resources on an interval basis using a single Dell Unity system or between systems. Native Synchronous Replication provides zero data loss protection of your block and file resources between a source and remote purpose-built Dell Unity system. NDMP backup for file is supported as well to protect file systems through backup to a remote tape library or other supported backup devices. Finally, Data at Rest Encryption can be enabled on the purpose-built Dell Unity system to provide security against drive theft.
The following sections overview each of the data protection features. For more information about the data protection offerings on the Dell Unity platform, see the following white papers:
Taking point-in-time views of your block and file data has never been easier. Unified Snapshots is supported on block resources (LUNs, Consistency Groups, Thin Clones, VMware vStorage VMFS Datastores, and Virtual Volumes) and file resources (File Systems, VMware NFS Datastores, and Virtual Volumes). Unified Snapshots uses Redirect on Write technology. After a snapshot is taken, Redirect on Write routes incoming writes to the storage resource to a new location on the same Pool. As a result, the snapshot only begins to consume space from the Pool when new data is written to the storage resource. Snapshots can be attached (block) or mounted (file) and written to in the same manner as their parent resources.
With Dell OE version 4.4, MetroSync is available. MetroSync is a file synchronous replication solution which replicates data to a remote system over Fibre Channel. Included with MetroSync is Snapshot replication and Snapshot Schedule replication. Only Read-Only snapshots can be replicated. If a user creates Read-Write snapshots on the source, they will not be replicated to the destination system. When a replicated snapshot gets deleted on the source, it will automatically get deleted on the destination. Also, any modification on the snapshot at the source is going to be changed on the destination. Modifying the snapshot on the destination system, however, does not make any changes on the source.
Additionally, with MetroSync, a Snapshot Schedule can be replicated and applied to file resources that are synchronously replicated. To replicate a Snapshot Schedule, the user has to select Synchronize snapshot schedule to remote system during File System creation. During the creation of a File System, a user can select a synchronously replicated snapshot schedule. Once a replicated Snapshot Schedule is selected, the destination system is assigned the same schedule. The snapshot schedule cannot be modified on the destination; however, a user can modify the replicated Snapshot Schedule on the source, and the changes will be reflected on the destination system. If a local snapshot schedule is configured on the source resources, the destination will not have a snapshot schedule associated with it and cannot be modified.
With the Dell Unity OE version 4.2 code release, asynchronous replication supports the replication of read-only snapshots to either a local or a remote site along with the resource data. Both scheduled snapshots and user-created snapshots can be replicated. Snapshot replication is supported for all resources that support asynchronous replication (that is, LUNs, Consistency Groups, Thin Clones, File Systems, VMware vStorage VMFS datastores, and VMware NFS datastores). To support snapshot replication, both the source and destination systems must be running Dell Unity OE version 4.2 or later. Only read-only snapshots are eligible for replication, and they can only be replicated to the disaster recovery site where the replication destination storage resource is located. Any snapshots that are writable, such as attached block snapshots or file snapshots with shares or exports, are not replicated.
Starting with Dell Unity OE version 5.0, asynchronously replicated file resources can also be configured in advanced replication topologies. This allows for configurations such as fan-out and cascading replication at the granularity of a NAS Server and its associated file resources. With advanced replication configured, snapshot replication is also supported. In OE versions prior to the 5.1 release snapshot replication can only be enabled on one session at a time when using advanced replication. In Dell Unity OE version 5.1 and later, snapshot replication is supported on all replication sessions within an advanced File replication environment. In OE versions 5.2 and later, a single resource can be replicated synchronously to a second system while also replicating asynchronously to up to three additional systems. For more information about Dell Unity replication capabilities, see the Dell Unity: Replication Technologies white paper.
In Dell Unity OE version 4.1, multiple snapshots of a single LUN can be attached to a host simultaneously, enabling more snapshot use cases in customer environments. In addition, an attached snapshot can have two options: Read-Only or Read/Write. Read-Only access disallows any writes to the snapshot data while Read/Write access allows changes to be made.
Also, in Dell Unity OE version 4.1, a refresh functionality is available for block snapshots. When refreshing a snapshot, the snapshot replaces its data with the latest source resource’s data without changing its mount point. A user can refresh a snapshot of a block resource regardless of whether it is attached to a host. Snapshot refresh is available for LUNs, Consistency Groups, Thin Clones, and VMware vStorage VMFS Datastores. In OE version 5.1 and later, file system Read/Write (shares) and VMware NFS Datastore snapshots can be refreshed.
Storage resources can be configured with a snapshot schedule, which will automatically take a snapshot of the specified resource on the given interval (Figure 5). Additionally, snapshots can be configured to automatically expire after a given time interval or when the parent Pool nears full capacity. This can free up valuable resources to ensure continued access to production resources.
For more information about Unified Snapshots on the Dell Unity platform, see the Dell Unity: Snapshots and Thin Clones white paper.
In Dell Unity OE version 4.2 and newer, Thin Clones are supported. A Thin Clone is a read/write copy of a Block level storage resource (LUN, LUN within Consistency Group or VMware vStorage VMFS Datastores) and is provisioned from the block resource or a snapshot. Thin Clones share the same blocks as their parent block level storage resources. On creation of a Thin Clone, the data will be available to present to a host as needed. Any changed data on the Thin Clone will not affect the base resource and vice versa. Also, any changes to the Thin Clone will not affect the snapshot source.
Users can create, view, modify, refresh, and delete thin clones. In addition, users can use data services for Thin Clones from the Unisphere, UEMCLI, and REST API. Thin clone is based on pointer-based technology, which means Thin Clones only consume space from the storage pool when there is changed data from the original source.
For more information about Thin Clones on the Dell Unity platform, see the Dell Unity: Snapshots and Thin Clones white paper.
Provide local and remote protection for your block and file resources using Native Asynchronous Replication. Asynchronous replication uses the Ethernet protocol to transfer data between Dell Unity systems. Block and file resources can be configured for replication between the Pools of a system, or to a remote system. Native Asynchronous Replication uses Unified Snapshots technology to track the changed data from the source resource and transfer only the altered data to the destination, saving on bandwidth and disk activity. A Recovery Point Objective (RPO) is specified to define the interval at which data is synced from source to destination. Native Asynchronous Replication is supported on purpose-built Dell Unity systems as well as on Dell UnityVSA. This makes Dell UnityVSA a viable candidate for serving as a low-cost backup and/or disaster recovery site. Furthermore, native block asynchronous replication to the VNXe1600 and VNXe3200 products is also supported.
Native synchronous replication is supported on block resources (LUNs, Consistency Groups, and VMware vStorage VMFS Datastores). Native Synchronous Replication uses the Fibre Channel protocol to transfer data between two purpose-built Dell Unity systems. Two purpose-built Dell Unity systems may be connected for both asynchronous and synchronous replication sessions. In this configuration, mission-critical block resources can be replicated synchronously while lower priority block and file resources can be replicated asynchronously.
MetroSync is available on systems running Dell Unity OE version 4.4 or later. This feature provides the ability to create remote synchronous replication sessions for file storage resources including NAS Servers, file systems, and VMware NFS datastores. Synchronous replication is a zero RPO (Recovery Point Objective) data protection solution which ensures each block of data is saved locally and also to a remote image before the write is acknowledged to the host. This ensures that there is zero data loss if a disaster occurs. In synchronous replication solutions, there are also trade-offs. As each write needs to be saved locally and remotely, added response time occurs during each transaction. This response time increases as distance increases between remote images. Synchronous replication has a distance limitation based on latency between systems. This limitation is generally 60 miles or 100 kilometers between sites. To support synchronous replication, the latency of the link must be less than 10 milliseconds.
Synchronous replication uses the first Fibre Channel (FC) port configured on the system to replicate both the NAS Server and file system data. The synchronous replication management virtual port is used to send management and orchestration commands between systems. Since there is no Fibre Channel support on Dell UnityVSA systems, synchronous replication cannot be configured on the virtual storage appliance.
Synchronous replication requires two separate physical Unity systems, meaning it cannot be used to replicate file resources locally within the same system. Both the source and the destination systems must be running Dell Unity OE version 4.4 or later in order to support synchronous replication.
In order to synchronously replicate a file resource, the associated NAS Server must be synchronously replicated first. After this is configured, synchronous replication can be configured on its associated file systems. When MetroSync is configured, the following functionality is also available:
In Dell Unity OE version 4.5 and later, support for MetroSync Manager (MSM) was added. MetroSync Manager is a stand-alone Windows application that can be configured to monitor the system statuses of two systems (“Site A” and “Site B”) participating in file synchronous replication. This optional tool enables automatic failover if a critical failure occurs, such as if an entire site goes offline due to a power outage or an entire network outage. Without MSM, users would need to manually initiate the cabinet level unplanned failover command. MSM uses the same cabinet level failover feature, but does not require a user to manually run it and instead automatically initiates the failover if it senses a critical failure. The overall benefit of this is the reduction of overall downtime if a disaster occurs, while ensuring that production resources can continue accessing data without issue from the destination site. MSM can monitor a one-way configuration with one site replicating exclusively to another site. It can also monitor both systems in a bi-directional configuration, with some source objects replicating in one direction and other source objects replicating in the opposite direction.
In addition to MetroSync, Dell Unity systems running OE 5.2 and later support synchronously replicating a single resource to a second system while also replicating asynchronously to up to three additional systems. Further, each replicated resource can be replicated to additional sites or systems. For more information, see the Dell Unity Replication Technologies white paper.
For more information about Dell Unity MetroSync or MetroSync Manager, see the Dell Unity: MetroSync white paper.
The onboard SAS ports as well as the 12 Gb SAS I/O Module include hardware that contains the capability of encrypting all data written to the Dell Unity system. With D@RE enabled, all user data will be encrypted as it is written to the backend drives and decrypted during departure. Because encryption and decryption are handled by a dedicated hardware piece on the SAS interface, there is minimal system impact when D@RE is enabled. Furthermore, offering encryption at the controller level eliminates the need for specially made self-encrypting drives. A keystore file holding information about the encrypted data is mirrored between the SPs and can also be saved to an external device for offsite backup. D@RE must be enabled at the time of initialization during licensing to use the feature, and it cannot be turned off once it is enabled.
As of Dell Unity OE version 4.2, the system supports external key management through use of the Key Management Interoperability Protocol (KMIP), which allows the system to offload an encrypted system ignition key to an external key management application. This feature provides additional protection in case an entire system is lost or stolen because unauthorized access is prevented without the ignition key.
For more information about the Data at Rest Encryption feature, see the Dell Unity: Data at Rest Encryption white paper.
Dell Unity systems support two-way and three-way NDMP, allowing administrators to protect file systems by backing up to a tape library or other supported backup device. Three-way NDMP transfers the backup data over the network, while two-way NDMP transfers the data over Fibre Channel. Eliminating backup data on the network by backing up data directly to the backup device can decrease network congestion and reduce backup times. To use two-way NDMP, the system must be running Dell Unity OE version 4.4 or later. The following figure shows a two-way NDMP configuration.
When configuring two-way NDMP, connect the backup device to a switch and zoned to the Fibre Channel ports on the Dell Unity system. Directly connecting the backup device to the storage system is not supported. When cabling and zoning the system, the Synchronous Replication port, which is the first Fibre Channel port on the system, is not supported for the backup device.
Dell Unity supports taking NDMP full backups, incremental backups, restores, and tape cloning. Both dump and tar backups are supported, but VBB type backups are not. The backup application can specify the following parameters when running an NDMP backup. Enabling all these parameters when running an NDMP backup is recommended.
Combining NDMP, local snapshots, and remote protection enables Dell Unity storage systems to be deployed with a wide array of data protection capabilities, including the ability to replicate to or from multiple arrays in a multisite topology. In addition, the NDMP backups can be taken on the destination NAS Server, alleviating the backup load from the production system.
Cloud Tiering Appliance (CTA) enables the ability to move data from Dell Unity to the cloud based on user-configured policies. An example of this includes moving any files that are larger than 50 MB and which have not been accessed in 30 days to the cloud. After a file is moved off the primary storage, an 8-16 KB stub that points to the actual location of the data is left. Any requests to read the data that has been moved can be passed through or recalled from the cloud. From the end-user point of view, this process is seamless because the stub resembles the actual file and the data continues to be accessible on demand.
Starting with Dell Unity OE version 4.1 and CTA version 11, CTA is available on Dell Unity for file tiering. When using CTA with Dell Unity as the source, only tiering to Microsoft Azure, and S3 cloud repositories are supported. To use CTA, Dell Unity must be running Dell Unity OE version 4.1 or later. When tiering file data to a cloud repository, CTA can also leverage compression and/or encryption.
With Dell Unity OE version 4.2 and CTA version 12, the system additionally supports block archiving to Microsoft Azure, Amazon S3, and IBM Cloud Object Storage (Cleversafe) public clouds, and Dell Elastic Cloud Storage (ECS) S3 private clouds. CTA leverages the native snapshot differentials API in order to efficiently take backups of the block data, including LUNs, Consistency Groups, and Thin Clones, to the cloud. Block archiving keeps the source block resource unaltered, it only reads the data and makes a copy in the cloud. Once archived, the source block resource can be deleted. If ever needed, the block resource can be restored from the cloud into a new block resource.
Using CTA helps customers achieve many benefits including reducing capital expenses by reclaiming capacity on primary storage, lowering operating expenses by reducing the number of administrative tasks, and improved performance by reducing backup times. The following figure shows the benefits of CTA.
With Dell Unity OE version 4.2 and later, and CTA version 12 SP1 and later, the CTA file migration feature is supported with Dell Unity systems. CTA supports SMB (CIFS), NFS, and multiprotocol source File Systems. When having a Dell Unity as a target, the supported source platforms are VNX and NetApp. For file migration, CTA acts as a policy engine by interacting with the source VNX or NetApp storage system and the target Dell Unity storage system. CTA identifies files in the source system that fit an administrator-defined criteria and moves them from the source system to the target system. For source files that had been tiered to a cloud repository, the movement is stub aware, meaning that it maintains the stubs without recalling the files to the target.
For more information about CTA support with Dell Unity, see the Dell Unity: Cloud Tiering Appliance (CTA) white paper.