PowerProtect Data Manager Appliance is an integrated solution that offers deduplication and data protection capabilities. PowerProtect Data Manager Appliance supports a large ecosystem of traditional and modern workloads. These workloads include replication, instant access, instant restore, search, monitoring and reporting, cloud readiness, disaster recovery, and long-term retention to the cloud.
Figure 1. PowerProtect Data Manager Appliance
PowerProtect Data Manager Appliance provides the following features:
- Integrated customer experience—PowerProtect Data Manager Appliance simplifies the steps needed to configure the appliance. Going beyond simplified appliance configuration, the appliance offers an end-to-end integrated UI experience by delivering unified management, alert, and native reporting capabilities.
- Simplified appliance networking—PowerProtect Data Manager Appliance requires only three public IP addresses on the customer's network for configuration. One IP address is required to carry management traffic, and two IP addresses are required to handle data traffic for workloads protected by the appliance.
In addition, the appliance supports multiple networks to load-balance the management and data traffic network channels.
- Identity and Access Management (IAM)—PowerProtect Data Manager Appliance uses IAM to provide centralized authentication, authorization, single sign-on, and user management capabilities. IAM offers a unified appliance login experience and enhanced security by using Role Based Access Control (RBAC).
- Multi-factor authentication (MFA)—MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a system. PowerProtect Data Manager Appliance adds layers of security beyond usernames and passwords by using MFA with Google Authenticator and Microsoft Authenticator, preventing unauthorized access to the system. Beginning with version 5.16, customers can now take advantage of RSA Secure ID to ensure the highest level of security for their DM5500 system. MFA is disabled by default. When MFA is enabled, the PowerProtect Data Manager Appliance UI prompts you for a verification code, also known as a time-based one-time password (TOTP), after you sign in with your username and password. As a result, your appliance and data are protected from unauthorized access.
- Active Directory support—Active Directory is Microsoft's proprietary directory service that enables administrators to manage permissions and access to network resources.
PowerProtect Data Manager Appliance uses secure Active Directory as an external identity provider for users and groups. When mapped to Active Directory, users in the group can exercise their respective privileges on the appliance based on the role assigned.
- Physical network separation—PowerProtect Data Manager Appliance allows customers to physically separate networks based on their needs. This separation is possible by using the appliance's additional PCIe slot for these distinct networks. Use cases for distinct networks include backup, replication, long-term retention, and Data Domain Cloud Disaster Recovery.
- Expansion Beyond 96TB – The PowerProtect Data Manager Appliance can now accommodate more physical storage than the 96TB that was initially available. More disk enclosures (1-3) can be purchased to increase the usable storage capacity up to 256TB. Using a SAS HBA Card on PCIe Slot 5, the enclosures are linked to the appliance in a daisy chain architecture.
- Cyber Recovery—The Cyber Recovery solution protects mission-critical business data and technology configurations from ransomware and other threats by maintaining them in a secure, air-gapped “vault” that is physically isolated from an unsecure system or network.
- The Cyber Recovery solution enables access to the Cyber Recovery vault only long enough to replicate data from the production system. At all other times, the Cyber Recovery vault is secured and off the network.
- Once the data is secured in the vault, CyberSense identifies suspicious activity through its machine learning technology and allows for recovery of known good data and resumption of normal business operations.
- Retention Lock Compliance—Retention Lock Compliance allows you to meet the strictest data permanence requirements of regulatory standards.
- Any data that is locked cannot be overwritten, modified, or deleted for a user-defined retention period or until Indefinite Retention Hold, if being used, is disabled.
- Retention Lock Compliance requires a security officer user to be present (or created, if not existing), a security officer authorization policy to be enabled using the security officer, and an iDRAC read-only user to be present (or configured, if not existing).
- Retention Lock Compliance must be enabled on the system level and storage unit level before it can be enabled on the policy level:
After enabling the retention lock on the system level, a storage unit with retention lock mode must be created.
Then, the policy must be set up using the retention-locked storage unit, with retention lock enabled on the policy level.
The backups taken using the retention lock enabled policy will then have their copies locked to ensure that data integrity is maintained.
- Replication to external Dell PowerProtect DD/ APEX Protection Storage (formerly DDVE) system —DM5500 requires backups to be written to the local appliance storage. However, customers will want to be able to replicate those backups to traditional Data Domain platforms—either to reuse existing systems or support multiple DM5500s replicating into a single larger target.
- The external PowerProtect DD/ APEX Protection Storage (formerly DDVE) could serve as a centralized remote data center with larger capacity and hold data for longer retention time.
- The external PowerProtect DD/ APEX Protection Storage (formerly DDVE) can be either on-premises or at the remote site.
- DD Boost file-replication encryption should be enabled on both the DM5500 and external PowerProtect DD/ APEX Protection Storage (formerly DDVE).
Note: On DM5500, DD Boost file-replication encryption is enabled, by default, unless the configuration has been changed.
Before configuring the replication policy, the file-replication encryption must be enabled on the target, and the external PowerProtect DD/ APEX Protection Storage (formerly DDVE) must be added as a replication target on DM5500 through the DM5500 UI.
Note: On PowerProtect DD systems with DDOS versions earlier than 7.10, both the replication encryption and authentication modes must match the appliance (source) default setting, which is encryption enabled and authentication mode set to two-way. This match between the appliance and replication target system is necessary for replication to function as expected.
- Replication of ServerDR Backup to external Dell PowerProtect DD/ APEX Protection Storage (formerly DDVE) system—In a catastrophic scenario where the source DM5500 is unavailable. There need to be a strategy in place to bring the system back up to a functional state. The DM5500 system can now replicate the ServerDR backup to an external DD, protecting system metadata and enabling the backup copies of the ServerDR to reconstruct the source.
- Appliance reconfiguration—With PowerProtect Data Manager Appliance, customers can modify configuration parameters—such as the default management and data networks, and DNS, NTP, time zone, and location settings—post deployment without affecting data integrity.
- Audit logging—PowerProtect Data Manager Appliance enables customers to conduct audit logging to ensure that the system is secure. Audit logging is the process of documenting activity within or across systems to assist with meeting standards and debugging security issues.
- Public REST API Support—PowerProtect Data Manager Appliance offers the ability to monitor the DM5500 appliance using the REST API. These APIs can be used to monitor.
- Activities
- System Health
- Storage Health
- Protection Health
- System Alerts
The customer can leverage these APIs to build their own set of custom scripts and to achieve automation.
- Perpetual licensing model—PowerProtect Data Manager Appliance adopts a perpetual licensing model with backend capacity utilization. The system is preconfigured with a default storage capacity license of 12 TB. To increase the storage capacity, you must apply for additional capacity licenses, which are available in 12 TB increments to a maximum of 256 TB.
- Support for proven and modernized workloads—PowerProtect Data Manager Appliance offers differentiated VMware protection. It uses the transparent snapshots data mover (TSDM) framework while still upholding the core values of data protection, data availability, deduplication, operational agility, self-service, and IT governance. The appliance supports various traditional workloads, including file systems, SQL, SAP HANA, Oracle, PowerStore (Storage Arrays) and modern cloud-native Kubernetes workloads.
PowerProtect Data Manager Appliance provides an efficient and comprehensive data protection solution for your modernized workloads with a simplified user interface that is easy to navigate. It streamlines the data protection process and reduces the number of steps required for creation of backups, replication, recovery, expansion, and upgrades. The appliance addresses the issue of copy sprawling, so that monitoring, managing, and analyzing copies of data are no longer tedious tasks.
PowerProtect Data Manager Appliance provides centralized governance that helps mitigate risk and assures compliance of service-level agreements (SLAs) and service-level objectives (SLOs) through simple protection workflows.
PowerProtect Data Manager Appliance enables automated discovery and onboarding of:
- Filesystems
- Databases
- Virtual machines
- Kubernetes clusters
- NAS
- PowerStore
- Multicloud-optimized—Multicloud continues to be the path forward in today’s era of massive growth and distribution of data for our customers. Data protection offerings are being enhanced to enable various cloud providers as consumers embark on this path.
The multicloud-optimized PowerProtect Data Manager Appliance offers a solution for effective long-term retention and disaster recovery of customer data.
- Storage-optimized and performance-optimized—In today's world, the cost and efficiency of a solution are important considerations for most businesses. Customers are always looking for solutions that enable cost-effective and efficient use of storage infrastructure and resources.
PowerProtect Data Manager Appliance delivers deduplication and compression using gzfast as the default algorithm for optimal storage consolidation across the system. The system also uses a hardware-assisted compression card that allows for the highest compression of incoming data without sacrificing performance.
- Improved Data Invulnerability Architecture (DIA) using protection pools—PowerProtect Data Manager Appliance uses DIA to ensure safe and reliable data storage. By performing a full-featured end-to-end verification of incoming data, fault avoidance, and containment, the DIA architecture ensures that customers can retrieve their data with confidence. It also protects against failures of both hardware and software that might result in data loss.
In addition, the system uses a new software-defined RAID technology in the form of protection pools. A protection pool is a patented technology of Dell Technologies. It enables linear scaling of capacity and eliminates the need for separate spare drives, dedicated cloud tier storage, or overprovisioning disks. Protection pools ensure that the services have direct access to the underlying storage without any intervention from the hardware layer. The technology provides better control of storage consolidation, fault avoidance, and self-healing capabilities for the appliance.
- Storage Encryption—The PowerProtect Data Manager Appliance supports encryption of data at rest. Data encryption protects user data if the protection system is stolen or if the physical storage media is lost during transit, and it eliminates accidental exposure of a failed drive if it is replaced. PowerProtect Data Manager leverages both Embedded Key Manager (default) and Key Management Interoperability Protocol (KMIP) (external) to ensure that the customer’s data is protected throughout its life cycle.