Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
White Paper<br />
<strong>EMC</strong> BACKUP-AS-A-SERVICE<br />
<strong>EMC</strong> AVAMAR, <strong>EMC</strong> DATA PROTECTION ADVISOR,<br />
AND <strong>EMC</strong> HOMEBASE<br />
• Deliver backup services for cloud and traditional hosted<br />
environments<br />
• Reduce storage space and incre<strong>as</strong>e backup speeds<br />
• Provide portal-b<strong>as</strong>ed backup management<br />
<strong>EMC</strong> Solutions Group<br />
Abstract<br />
Th<strong>is</strong> white paper provides information on creating a <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
platform using <strong>EMC</strong> ® technology such <strong>as</strong> <strong>EMC</strong> Avamar ® , <strong>EMC</strong> Data Protection<br />
Adv<strong>is</strong>or, and <strong>EMC</strong> HomeB<strong>as</strong>e. It also explores the design considerations<br />
related to the platform’s implementation, and provides information on how to<br />
integrate various components in that infr<strong>as</strong>tructure.<br />
March 2012
Copyright © 2012 <strong>EMC</strong> Corporation. All Rights Reserved.<br />
<strong>EMC</strong> believes the information in th<strong>is</strong> publication <strong>is</strong> accurate <strong>as</strong> of its<br />
publication date. The information <strong>is</strong> subject to change without notice.<br />
The information in th<strong>is</strong> publication <strong>is</strong> provided “<strong>as</strong> <strong>is</strong>.” <strong>EMC</strong> Corporation makes<br />
no representations or warranties of any kind with respect to the information in<br />
th<strong>is</strong> publication, and specifically d<strong>is</strong>claims implied warranties of<br />
merchantability or fitness for a particular purpose.<br />
Use, copying, and d<strong>is</strong>tribution of any <strong>EMC</strong> software described in th<strong>is</strong><br />
publication requires an applicable software license.<br />
For the most up-to-date l<strong>is</strong>ting of <strong>EMC</strong> product names, see <strong>EMC</strong> Corporation<br />
Trademarks on <strong>EMC</strong>.com.<br />
All trademarks used herein are the property of their respective owners.<br />
Part Number H10508<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
2
Contents<br />
Executive summary ............................................................................................................................... 5<br />
Business c<strong>as</strong>e .................................................................................................................................. 5<br />
Solution overview ............................................................................................................................ 5<br />
Key results/ recommendations ........................................................................................................ 6<br />
Introduction.......................................................................................................................................... 7<br />
Purpose ........................................................................................................................................... 7<br />
Scope .............................................................................................................................................. 7<br />
Audience ......................................................................................................................................... 7<br />
Terminology ..................................................................................................................................... 7<br />
<strong>What</strong> <strong>is</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong>? .............................................................................................................. 8<br />
Overview .......................................................................................................................................... 8<br />
Self-service portal ............................................................................................................................ 8<br />
Portal implementation ..................................................................................................................... 9<br />
Design considerations ................................................................................................................... 10<br />
Orchestration tool .......................................................................................................................... 10<br />
Developing a workflow .............................................................................................................. 11<br />
vCO PowerShell ......................................................................................................................... 12<br />
Reporting capabilities .................................................................................................................... 13<br />
<strong>EMC</strong> Avamar ....................................................................................................................................... 14<br />
Overview ........................................................................................................................................ 14<br />
Multi-tenant Support ...................................................................................................................... 15<br />
CLI and API Support ....................................................................................................................... 15<br />
Workflows ................................................................................................................................. 15<br />
MCCLI examples ........................................................................................................................ 16<br />
Configuration Datab<strong>as</strong>e Access ...................................................................................................... 17<br />
Limitations and workarounds ......................................................................................................... 17<br />
<strong>EMC</strong> Data Protection Adv<strong>is</strong>or .............................................................................................................. 18<br />
Overview ........................................................................................................................................ 18<br />
Reporting ....................................................................................................................................... 19<br />
CLI and API support ........................................................................................................................ 20<br />
Scheduling reports .................................................................................................................... 20<br />
On-demand reports ................................................................................................................... 21<br />
<strong>EMC</strong> HomeB<strong>as</strong>e .................................................................................................................................. 23<br />
Overview ........................................................................................................................................ 23<br />
CLI and API Support ....................................................................................................................... 24<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
3
Avamar Scripts ................................................................................................................................... 25<br />
Overview ........................................................................................................................................ 25<br />
General script notes ....................................................................................................................... 25<br />
<strong>Service</strong> provider t<strong>as</strong>ks .................................................................................................................... 25<br />
L<strong>is</strong>t all Avamar domains and sub-domains present in the system .............................................. 25<br />
Create an Avamar domain ......................................................................................................... 25<br />
Deleting an Avamar domain....................................................................................................... 26<br />
Tenant admin t<strong>as</strong>ks ........................................................................................................................ 26<br />
Add a machine to the Avamar domain ....................................................................................... 26<br />
L<strong>is</strong>t client’s domain name .......................................................................................................... 27<br />
Delete client from a domain ....................................................................................................... 27<br />
Create a default dat<strong>as</strong>et ............................................................................................................ 27<br />
Create a custom dat<strong>as</strong>et ............................................................................................................ 28<br />
Create a retention policy ............................................................................................................ 28<br />
Create a schedule ...................................................................................................................... 29<br />
Create a group ........................................................................................................................... 30<br />
Tenant admin m<strong>as</strong>ter script ....................................................................................................... 30<br />
Tenant user t<strong>as</strong>ks ........................................................................................................................... 31<br />
Add machines to the ex<strong>is</strong>ting backup group. ............................................................................. 31<br />
Conclusion ......................................................................................................................................... 33<br />
Summary ....................................................................................................................................... 33<br />
Findings ......................................................................................................................................... 33<br />
About <strong>EMC</strong> Proven Solutions ...................................................................................................... 34<br />
Take the next step .......................................................................................................................... 34<br />
References.......................................................................................................................................... 34<br />
White papers ................................................................................................................................. 34<br />
Product documentation .................................................................................................................. 34<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
4
Executive summary<br />
Business c<strong>as</strong>e<br />
Solution overview<br />
<strong>Service</strong> providers face the challenge of offering robust backup services to protect<br />
their customers’ data for both consumers of cloud-b<strong>as</strong>ed services and traditional<br />
hosting services, while deploying the backup solution in a scalable f<strong>as</strong>hion. Similarly,<br />
the BaaS solution must integrate into ex<strong>is</strong>ting orchestration and management<br />
infr<strong>as</strong>tructures. Ideally, the integration of all the different systems must result in a<br />
single management interface for the customers’ and service provider’s<br />
admin<strong>is</strong>trators.<br />
<strong>Service</strong> providers can offer <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong> <strong>as</strong> an alternative to ex<strong>is</strong>ting<br />
dedicated, stand-alone, d<strong>is</strong>k- or tape-b<strong>as</strong>ed backup offerings; while integrating<br />
customer service catalogs into an e<strong>as</strong>y-to-deploy platform.<br />
<strong>EMC</strong>’s BaaS solution provides service providers with the ability to offer backup<br />
services to all of their customers, regardless of whether they are consumers of cloudb<strong>as</strong>ed<br />
services or traditional hosting services.<br />
Th<strong>is</strong> white paper describes a carrier-cl<strong>as</strong>s backup solution for virtual and physical<br />
servers, including the backup components and <strong>as</strong>sociated portal and orchestration<br />
integration.<br />
Th<strong>is</strong> solution can be used to provide backup services for:<br />
• <strong>Backup</strong>s at the application, file system, or virtual machine image level within a<br />
multitenant service provider cloud environment<br />
• Bare-metal backup of physical servers within service provider data centers<br />
In addition, th<strong>is</strong> solution can be used in the following environments that are not<br />
provided <strong>as</strong>-a-service:<br />
• <strong>Backup</strong>s at the application, file system, physical servers, or virtual machine<br />
image level within a traditional hosting environment<br />
• <strong>Backup</strong>s for application, file system, or virtual machine image level within a<br />
single or multi-organization enterpr<strong>is</strong>e<br />
For th<strong>is</strong> solution use c<strong>as</strong>e the service provider, or enterpr<strong>is</strong>e, components are colocated<br />
within one geographic data center environment.<br />
Th<strong>is</strong> white paper validates the integration of the solution’s components and provides<br />
broad guidelines about how th<strong>is</strong> type of solution can be built and integrated into the<br />
service provider’s environment.<br />
Key solution components include:<br />
• <strong>EMC</strong> Avamar 6.0 – Provides centralized and scalable backup environment with<br />
deduplication and replication capabilities.<br />
• <strong>EMC</strong> Data Protection Adv<strong>is</strong>or 5.8 – Creates reports on storage utilization and<br />
backup coverage.<br />
• <strong>EMC</strong> HomeB<strong>as</strong>e 6.6 – Automates platform configuration logging and provides<br />
restore and migration capabilities for physical and virtualized systems.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
5
Key results/<br />
recommendations<br />
<strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong> enables service providers to change the way in which they<br />
provide backup services to their customers. By leveraging an in-house BaaS<br />
infr<strong>as</strong>tructure, service providers can provide uniform data backup capabilities and<br />
also offer differentiated offerings across their customer b<strong>as</strong>e, allowing them to:<br />
• Improve flexibility and simplify application deployment.<br />
• Enable end-users to focus on revenue generating activities and other projects<br />
instead of equipment log<strong>is</strong>tics.<br />
• Create a strong foundation to leverage the benefits of other services such <strong>as</strong><br />
backup, data protection, and more.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
6
Introduction<br />
Purpose<br />
Scope<br />
Audience<br />
Terminology<br />
Th<strong>is</strong> white paper describes the architecture of the <strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong> (BaaS)<br />
solution b<strong>as</strong>ed on <strong>EMC</strong> ® Avamar ® , <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, and <strong>EMC</strong><br />
HomeB<strong>as</strong>e. It also d<strong>is</strong>cusses how service providers can leverage the <strong>EMC</strong> BaaS<br />
framework to deploy backup services. Th<strong>is</strong> framework allows service providers to<br />
adapt their service portfolio to their customers’ dynamic business requirements.<br />
Throughout th<strong>is</strong> white paper we <strong>as</strong>sume that you have some familiarity with the<br />
concepts and operations related to backup and virtualization technologies, and their<br />
use in cloud and data center infr<strong>as</strong>tructures.<br />
Th<strong>is</strong> white paper d<strong>is</strong>cusses multiple <strong>EMC</strong> products <strong>as</strong> well <strong>as</strong> those from other<br />
vendors. Some general configuration and operational procedures are outlined.<br />
However for detailed product installation information, ple<strong>as</strong>e refer to the user<br />
documentation for those products.<br />
Th<strong>is</strong> white paper <strong>is</strong> intended for <strong>EMC</strong> employees, partners, and customers including IT<br />
planners, system architects and admin<strong>is</strong>trators, and any others involved in<br />
evaluating, acquiring, managing, operating, or designing a <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
infr<strong>as</strong>tructure environment leveraging <strong>EMC</strong> technologies.<br />
Table 1 defines some of the key terms used in th<strong>is</strong> paper.<br />
Table 1. Terminology<br />
Term Definition<br />
Tenant A customer of compute/backup services. A service<br />
provider will have multiple tenants within their BaaS<br />
infr<strong>as</strong>tructure.<br />
URL Uniform resource locator<br />
API Application programming interface<br />
CLI Command line interface<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
7
<strong>What</strong> <strong>is</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong>?<br />
Overview<br />
Self-service portal<br />
<strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong> (BaaS) uses cloud infr<strong>as</strong>tructure to back up data to a shared,<br />
rather than dedicated, backup infr<strong>as</strong>tructure. <strong>Service</strong> providers can offer BaaS to their<br />
customers who want a flexible, on-demand backup infr<strong>as</strong>tructure without having to<br />
purch<strong>as</strong>e, configure, or maintain it themselves.<br />
Much like an electric power utility, in which end-users consume and pay for power<br />
without needing to understand or maintain the component devices and infr<strong>as</strong>tructure<br />
required to provide the service, customers can draw upon the el<strong>as</strong>tic resources that<br />
cloud infr<strong>as</strong>tructure delivers and pay only for what they need.<br />
A BaaS environment typically cons<strong>is</strong>ts of:<br />
• Self-service portal<br />
• <strong>Backup</strong> clients<br />
• Secure multitenant enabled shared infr<strong>as</strong>tructure<br />
The integration of any <strong>as</strong>-a-<strong>Service</strong> offering by a service provider <strong>is</strong> a key part of their<br />
solution development and delivery mechan<strong>is</strong>m. Only by integrating any new <strong>as</strong>-a-<br />
<strong>Service</strong> offering into their ex<strong>is</strong>ting portal can they continue to offer their services in a<br />
cost-effective and scalable f<strong>as</strong>hion. Allowing tenants to sign up for new services,<br />
change service levels, and perform b<strong>as</strong>ic t<strong>as</strong>ks through a web-b<strong>as</strong>ed portal <strong>is</strong> critical<br />
for maintaining scalability.<br />
In addition, some service providers w<strong>is</strong>h to use their portals not only for tenant<br />
access but also <strong>as</strong> the mechan<strong>is</strong>m used by their staff to manage and admin<strong>is</strong>ter the<br />
environment. Regardless, the ability to integrate any new <strong>as</strong>-a-<strong>Service</strong> offering into<br />
the provider’s ex<strong>is</strong>ting environment <strong>is</strong> critical.<br />
Th<strong>is</strong> solution initially developed a proof-of-concept portal implementation, <strong>as</strong> shown<br />
in Figure 1, using simple web/shell scripts. We then went further and used VMware<br />
vCenter Orchestrator (vCO) <strong>as</strong> an orchestration tool along with the VMware web portal<br />
to provide a more capable proof-of-concept web-b<strong>as</strong>ed portal. Th<strong>is</strong> VMware-b<strong>as</strong>ed<br />
solution <strong>is</strong> shown in the figures throughout th<strong>is</strong> white paper.<br />
A web-b<strong>as</strong>ed portal with underlying orchestration simplifies admin<strong>is</strong>tration and<br />
management, and thereby avoids requiring users to learn the full-featured<br />
admin<strong>is</strong>trative consoles of the underlying applications. Th<strong>is</strong> also allows service<br />
providers to limit and audit the functions that are available to each user.<br />
The goal of th<strong>is</strong> proof-of-concept w<strong>as</strong> to demonstrate what functionality a portal could<br />
provide and how.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
8
Portal<br />
implementation<br />
Figure 1. Example of simple web page l<strong>is</strong>ting of scripts<br />
For th<strong>is</strong> use c<strong>as</strong>e we used VMWare vCenter Orchestrator and leveraged its GUI for<br />
each integration of Avamar and Data Protection Adv<strong>is</strong>or (DPA) action. <strong>Service</strong><br />
providers will need to customize and integrate the CLI and API capabilities into their<br />
own specific service portal offering.<br />
To integrate Avamar we created command shell scripts for vCO to execute MCCLI<br />
commands over SSH connections to the Avamar server. DPA reports can be scheduled<br />
and stored in a folder where they can be picked up by the portal. Alternatively, DPA<br />
5.x supports XML formatted commands for accessing DPA reports in raw format.<br />
In th<strong>is</strong> use c<strong>as</strong>e we integrated Avamar and DPA functionality into the portal. The<br />
integration <strong>is</strong> further d<strong>is</strong>cussed in subsequent sections. In addition, examples of<br />
scripts we used to enable the vCO workflows are shown in Avamar Scripts.<br />
There are various portal and service catalog options available which perform all or<br />
some of the portal and catalog functions. Choosing a portal/catalog depends on what<br />
functionality <strong>is</strong> needed, ex<strong>is</strong>ting systems, price, and other considerations. For th<strong>is</strong><br />
use c<strong>as</strong>e, we created simple shell/web scripts using CLI options to initiate<br />
backup/restore/configuration actions. We integrated these into vCO to provide the<br />
portal interface shown in Figure 2.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
9
Design<br />
considerations<br />
Orchestration tool<br />
Figure 2. Example implementation of BaaS self-service portal using vCO<br />
One major design consideration for th<strong>is</strong> solution <strong>is</strong> enforcing secure multitenancy on<br />
a shared back-end infr<strong>as</strong>tructure. User authentication and access controls are<br />
available within each component of the overall solution. We chose to enforce user<br />
authentication and authorization at the service portal rather than at the point of<br />
interaction with each component.<br />
We felt th<strong>is</strong> would be the most compatible implementation, <strong>as</strong> service providers<br />
would already have ex<strong>is</strong>ting authentication mechan<strong>is</strong>ms in place for their portals and<br />
would not need to integrate authentication with each product. Th<strong>is</strong> means that all<br />
interactions between the portal and the underlying servers use a shared<br />
authentication mechan<strong>is</strong>m. The service portal must then enforce user access<br />
controls. Th<strong>is</strong> eliminated additional complexities such <strong>as</strong> p<strong>as</strong>sword and account<br />
synchronization between the underlying servers and the portal. Th<strong>is</strong> incre<strong>as</strong>es the<br />
complexity of the portal side of the implementation, <strong>as</strong> it must control user access<br />
and perform input validation before calling the underlying scripts.<br />
A production implementation may require additional considerations including using a<br />
tiered account strategy to control portal access to certain systems. One example may<br />
be using different portals for customer and infr<strong>as</strong>tructure machines or for<br />
audit/compliance re<strong>as</strong>ons.<br />
An orchestration tool allows you to define a workflow and the operations needed to<br />
execute it on demand. For example, it could prov<strong>is</strong>ion the server using C<strong>is</strong>co UCS<br />
Manager plug-ins, deploy the storage using automated processes, configure the<br />
network, update CMDB, prov<strong>is</strong>ion the provider vDC and organization vDC, and so on.<br />
There are various orchestration tools available which perform all or some of the<br />
orchestration functions. Choosing an orchestrator depends on what functionality or<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
10
infr<strong>as</strong>tructure integration <strong>is</strong> needed, ex<strong>is</strong>ting systems, price, and other<br />
considerations. For our use c<strong>as</strong>e testing we focused on vCenter Orchestrator.<br />
VMware vCenter Orchestrator uses an open and flexible plug-in architecture to<br />
automate prov<strong>is</strong>ioning and operational t<strong>as</strong>ks across both VMware and third-party<br />
applications, <strong>as</strong> shown in Figure 3.<br />
Figure 3. VMware vCenter Orchestrator architecture<br />
Developing a workflow<br />
The general process for developing a workflow <strong>is</strong> <strong>as</strong> follows:<br />
1. Provide general information about the workflow.<br />
2. Create the input parameters.<br />
3. Create the logic of the workflow by laying out and linking the schema.<br />
4. Bind the input and output parameters of each element to workflow attributes,<br />
creating the necessary parameters and attributes <strong>as</strong> you define each element.<br />
5. Create supporting scripts for scriptable t<strong>as</strong>ks or custom dec<strong>is</strong>ion elements.<br />
6. Create the layout and behavior of the input parameters dialog box that the<br />
user sees when they run the workflow by creating the workflow presentation.<br />
7. Validate the workflow.<br />
An overview of th<strong>is</strong> workflow <strong>is</strong> shown in Figure 4.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
11
Figure 4. Example of designing a workflow using vCO<br />
vCO PowerShell<br />
Our reference implementation also leveraged the vCenter Orchestrator Windows<br />
PowerShell plug-in for simple and rapid prototyping. Windows PowerShell <strong>is</strong> a<br />
command-line shell and scripting language designed for system admin<strong>is</strong>tration, <strong>as</strong><br />
such it h<strong>as</strong> wide-spread industry support. There are PowerShell scripts already written<br />
for many common t<strong>as</strong>ks, and vCO users can e<strong>as</strong>ily use and reuse these scripts.<br />
The vCO PowerShell plug-in <strong>is</strong> used to call PowerShell scripts and commandlets<br />
(cmdlets) from Orchestrator actions and workflows, and to work with the result. For<br />
Avamar integration, the PowerShell script will SSH to the Avamar server, run the<br />
MCCLI commands, and return the output.<br />
PowerShell requires Windows to run, and so we have a Windows machine with<br />
PowerShell installed on it (PowerShell host). Connection between the PowerShell<br />
plug-in and remote host machine <strong>is</strong> establ<strong>is</strong>hed using SSH.<br />
For th<strong>is</strong> project, we used the SSH plug-in of vCO to create workflows that gather user<br />
input and then call the underlying CLI commands and shell scripts. A production<br />
implementation would also need to strictly enforce user authorization checks and<br />
validate user input. Th<strong>is</strong> <strong>is</strong> d<strong>is</strong>cussed in further detail in the Avamar section.<br />
Examples of the PowerShell scripts we used are shown in Avamar Scripts.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
12
Reporting<br />
capabilities<br />
The reports included with Avamar and Data Protection Adv<strong>is</strong>or (DPA) provide an<br />
overall view of the backup and storage environment. Figure 5 illustrates DPA reports<br />
which were integrated into the portal for our reference implementation by scheduling<br />
those reports for pickup and d<strong>is</strong>play by the portal.<br />
Figure 5. Sample l<strong>is</strong>t of DPA reporting page in vCO<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
13
<strong>EMC</strong> Avamar<br />
Overview<br />
<strong>EMC</strong> Avamar provides scalable backup and restore capabilities with integrated data<br />
deduplication and support for mult<strong>is</strong>ite replication. It also supports multitenant<br />
implementations through the use of domains. Avamar deduplicates backup data<br />
across sites and servers to reduce total d<strong>is</strong>k storage by up to 50 times, enabling costeffective<br />
long-term retention on Avamar data store servers. <strong>Backup</strong> data can also be<br />
encrypted in-flight and at-rest for security and privacy.<br />
Avamar 6.0 supports Change Block Tracking (CBT) for VMware client recoveries in<br />
addition the ex<strong>is</strong>ting CBT backup support. Avamar 6.0 can also automatically loadbalance<br />
across multiple Avamar VMware proxies to simplify and speed-up VMware<br />
backups and recoveries.<br />
Figure 6 shows the Avamar admin<strong>is</strong>trative portal.<br />
Figure 6. <strong>EMC</strong> Avamar Admin<strong>is</strong>trator interface<br />
Th<strong>is</strong> proven solution uses the Avamar Virtual Edition (AVE) for testing and simulation.<br />
Th<strong>is</strong> implementation <strong>is</strong> deployed <strong>as</strong> a virtual machine within VMware. It <strong>is</strong> intended<br />
for smaller deployments up to 2 TB, but it <strong>is</strong> functionally comparable to a full multinode<br />
Avamar grid deployment scaling to 100 TB or more of deduplicated storage.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
14
Multi-tenant<br />
Support<br />
CLI and API<br />
Support<br />
Avamar segregates user data using “domains” (these are an Avamar management<br />
feature and are not tied to Internet domains). Each domain <strong>is</strong> logically segregated<br />
within the Avamar system, with backup metadata for each client <strong>as</strong>signed and<br />
accessible through that domain. By using domains, reporting and other actions<br />
within Avamar can be restricted to hosts, clients, or groups within a specific domain<br />
or sub-domain. By organizing clients within th<strong>is</strong> hierarchy, it <strong>is</strong> possible to use<br />
Avamar reporting capabilities to generate status and stat<strong>is</strong>tical reports about backup<br />
related operations.<br />
When implementing user access controls in the service portal, each customer should<br />
be <strong>as</strong>signed a domain or sub-domain within the Avamar hierarchy. Th<strong>is</strong> hierarchy<br />
should be enforced on all backup calls that each user places to the Avamar system<br />
through the portal.<br />
Whichever user the service portal uses to connect to the Avamar MCCLI should be<br />
granted access to the appropriate levels of the Avamar Hierarchy. Th<strong>is</strong> <strong>is</strong> how multitier<br />
access controls can be implemented at both the service portal and Avamar levels<br />
if required for audit or compliance re<strong>as</strong>ons.<br />
Through the use of the Avamar Management Console Command Line Interface<br />
(MCCLI) service providers can provide customized access to the backup, restore,<br />
configuration, and reporting <strong>as</strong>pects of Avamar without requiring direct access to the<br />
Avamar Management Console GUI (MCGUI). The MCGUI <strong>is</strong> a Java software application<br />
that can be installed on a Windows or Linux client.<br />
Workflows<br />
For th<strong>is</strong> project we used the vCO SSH plug-in to create workflows that do the<br />
following:<br />
• Gather user input<br />
• Connect to the AVE server<br />
• Run the required MCCLI commands or shell scripts<br />
• Return any output or error codes<br />
One important <strong>as</strong>pect of implementing portal integration around Avamar MCCLI <strong>is</strong><br />
identity management and access controls. When the SSH plug-in connects to the<br />
MCCLI application it runs <strong>as</strong> a privileged Avamar admin<strong>is</strong>trator which can access any<br />
available commands. The commands are not run <strong>as</strong> the portal user. It <strong>is</strong> the<br />
responsibility of the portal code to validate the input and parse the returning MCCLI<br />
attributes to determine what information can be presented to the requesting<br />
individual.<br />
For example, if a tenant admin<strong>is</strong>trator requested to see all domains within the Avamar<br />
instance the MCCLI request would return all domains – not just those that are within<br />
that tenant’s domain. It <strong>is</strong> the responsibility of the portal code to review and edit the<br />
values p<strong>as</strong>sed to and returned from the MCCLI to validate the sub-set of domains the<br />
requesting user <strong>is</strong> permitted to see. It may also be necessary for the portal to make<br />
multiple MCCLI calls on behalf of a particular user to first determine what information<br />
they are permitted to see and then actually request that information. In th<strong>is</strong> way the<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
15
portal, which <strong>is</strong> vCO in our solution, manages identities and the access they have into<br />
the Avamar environment.<br />
Figure 7 shows a workflow design in vCO.<br />
Figure 7. Designing a workflow in vCO<br />
MCCLI examples<br />
Figure 8 and Figure 9 show two sample MCCLI commands. In these examples, “ROOT”<br />
<strong>is</strong> the tenant’s top level domain, which could be “/” for service provider<br />
admin<strong>is</strong>trators creating a new tenant.<br />
/usr/local/avamar/bin/mccli domain add –-domain=”${ROOT}”<br />
–-location=”${NAME}” -–email=”${EMAIL}” -–contact=”${CONTACT}”<br />
--name=”${DOMAIN}”<br />
Figure 8. Example script using MCCLI to create a new domain<br />
/usr/local/avamar/bin/mccli client add<br />
--location=”${LOCATION}” –contact=”{CONTACT}”<br />
--domain=”${ROOT}${DOMAIN}” –name=”${HOST}”<br />
Figure 9. Example script using MCCLI to add a host to a domain<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
16
Configuration<br />
Datab<strong>as</strong>e Access<br />
Limitations and<br />
workarounds<br />
The MCCLI returns error and status codes and messages upon execution of each<br />
command. And command output <strong>is</strong> also returned <strong>as</strong> shown in Figure 10.<br />
# /usr/local/avamar/bin/mccli domain add --name="/cust001"<br />
0,22527,Domain added.<br />
Attribute Value<br />
--------- --------------------------------------------------------<br />
-----------------------<br />
domain <br />
# echo $?<br />
0<br />
# /usr/local/avamar/bin/mccli domain add --name="/cust001"<br />
1,22541,Domain already ex<strong>is</strong>ts.<br />
# echo $?<br />
1<br />
Figure 10. Example using MCCLI to show status and return codes<br />
The error code and message numbers can be used to quickly parse and process the<br />
output from each MCCLI command.<br />
Currently, the ability to integrate Avamar-b<strong>as</strong>ed VMware client recovery with a portal<br />
<strong>is</strong> limited in Avamar 6.0. It <strong>is</strong> possible to access all Avamar VMware client backup<br />
capabilities through the MCCLI just not all the MCCLI recovery actions.<br />
Full documentation for configuring Avamar using MCCLI <strong>is</strong> provided in the Avamar<br />
Management Console Command Line Interface (MCCLI) Programmer Guide.<br />
It <strong>is</strong> possible to directly access the Enterpr<strong>is</strong>e Management Server (EMS) or<br />
Management Console Server (MCS) datab<strong>as</strong>es in a read-only manner to provide direct<br />
access to the Avamar configuration. Querying the datab<strong>as</strong>e directly may allow more<br />
customization of the service provider’s portal integration. The datab<strong>as</strong>e views<br />
exposed are documented in the Avamar Admin<strong>is</strong>tration Guide.<br />
One of the challenges involved in deploying Avamar in service provider environments<br />
<strong>is</strong> the requirement that each Avamar client should have a unique IP address to<br />
communicate with the Avamar backup server. Th<strong>is</strong> unique IP address <strong>is</strong> required to<br />
establ<strong>is</strong>h bidirectional communication between the backup client and the Avamar<br />
server. A unique IP address <strong>is</strong>n't required to just back up the client, but <strong>is</strong> required for<br />
restoration operations. For more details on how to design solutions refer to the <strong>EMC</strong><br />
white paper, Creating <strong>Backup</strong> <strong>as</strong> a <strong>Service</strong> (BaaS) Solutions Leveraging <strong>EMC</strong> Avamar,<br />
<strong>as</strong> well <strong>as</strong> the product documentation.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
17
<strong>EMC</strong> Data Protection Adv<strong>is</strong>or<br />
Overview<br />
<strong>EMC</strong> Data Protection Adv<strong>is</strong>or (DPA) <strong>is</strong> a soph<strong>is</strong>ticated reporting and analytics platform<br />
that provides customers with full v<strong>is</strong>ibility into the effectiveness of their data<br />
protection strategy. It performs th<strong>is</strong> by monitoring all of the technologies that a<br />
customer uses to protect their data including backup software, storage arrays and file<br />
servers.<br />
The DPA reporting engine provides customizable reports to highlight problems with<br />
the environment, and enables customers to perform:<br />
• Capacity management<br />
• <strong>Service</strong> level reporting<br />
• Chargeback<br />
• Change management<br />
• Troubleshooting<br />
The DPA Predictive Analys<strong>is</strong> Engine provides customers with early warning of<br />
problems that might be about to occur, and generates alerts allowing customers to<br />
resolve problems sooner, reducing business impact.<br />
Figure 11 shows a typical DPA view.<br />
Figure 11. Storage environment viewed through <strong>EMC</strong> Data Protection Adv<strong>is</strong>or<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
18
Reporting<br />
DPA provides standard Avamar specific reports such <strong>as</strong> client count, daily backup<br />
data, job status, and so on. These standard reports can be used by service providers<br />
to monitor the health of their backup environment.<br />
In a multitenant environment DPA <strong>is</strong> able to run reports on each tenant (each Avamar<br />
“domain”). Th<strong>is</strong> can be done by DPA <strong>as</strong> it <strong>is</strong> aware of the <strong>as</strong>sociation between clients<br />
and the domain that each client belongs to. Similarly, <strong>as</strong> clients are added and<br />
removed from domains the reports that DPA runs will reflect that information.<br />
Figure 12 shows a DPA multitenant view.<br />
Figure 12. DPA multitenant view<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
19
CLI and API<br />
support<br />
<strong>EMC</strong> HomeB<strong>as</strong>e <strong>is</strong> also integrated with DPA for reporting purposes. It will<br />
automatically configure DPA for a new tenant’s client which DPA will then include in<br />
future reports for billing. DPA can also be used to generate reports on the success<br />
and failure of HomeB<strong>as</strong>e installations and backups along with whether profiles were<br />
successfully captured from ex<strong>is</strong>ting and new clients<br />
DPA provides the following mechan<strong>is</strong>ms through which its output can be integrated<br />
into a web-b<strong>as</strong>ed portal, including:<br />
• Scheduling reports to run automatically and their output stored in a location<br />
which can be accessed by the portal<br />
• Directly running reports from the command line and specifying where the report<br />
output will be stored<br />
Scheduling reports<br />
The recommended approach for making DPA reports available to the portal <strong>is</strong> <strong>as</strong><br />
follows:<br />
• Schedule the reports to be run on a regular b<strong>as</strong><strong>is</strong>.<br />
• Store the output of the reports in a hierarchical file-system sorted by tenant and<br />
report, and which can be accessed by the portal.<br />
• Have the portal code scan for new reports when those pages of the portal are<br />
accessed.<br />
Figure 13 shows a sample screen of the DPA Portal webpage <strong>as</strong> well <strong>as</strong> the actual<br />
reports, which had previously been scheduled.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
20
Figure 13. DPA de-dupe rate d<strong>is</strong>tribution report<br />
On-demand reports<br />
The second option for integrating report output into the portal <strong>is</strong> by providing users<br />
with the ability to directly execute a report. The user selecting th<strong>is</strong> option will have to<br />
wait for the report to be run by the DPA engine but will get an up-to-the-minute report.<br />
In th<strong>is</strong> c<strong>as</strong>e the portal code will execute the script and once complete d<strong>is</strong>play the<br />
resulting report to the user. Th<strong>is</strong> mechan<strong>is</strong>m should be used sparingly and only if<br />
necessary <strong>as</strong> it will be very difficult to predict how long the report will take to run.<br />
Using th<strong>is</strong> option for reports which take more than a few minutes to run <strong>is</strong> strongly<br />
d<strong>is</strong>couraged. Users should be warned that the portal will not d<strong>is</strong>play the report until it<br />
h<strong>as</strong> been completed, and the next portal page will not appear instantaneously <strong>as</strong><br />
when d<strong>is</strong>playing already-run reports.<br />
Figure 14 shows a sample portal screen and the subsequent report.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
21
Figure 14. DPA SLA client summary<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
22
<strong>EMC</strong> HomeB<strong>as</strong>e<br />
Overview<br />
<strong>EMC</strong> HomeB<strong>as</strong>e provides f<strong>as</strong>t, repeatable, bare-metal server recoveries and<br />
migrations across d<strong>is</strong>similar hardware.<br />
HomeB<strong>as</strong>e automatically creates and stores server configuration profiles b<strong>as</strong>ed on<br />
your schedules and retention policies, and can apply these profiles to new hardware<br />
to recover a server, readying it for immediate operations. HomeB<strong>as</strong>e also provides<br />
server configuration and change reporting capabilities b<strong>as</strong>ed on its profiling<br />
technology.<br />
HomeB<strong>as</strong>e integration with Avamar provides complete business resiliency, while<br />
reducing the amount of storage required to enable full system recovery when<br />
compared to traditional imaging solutions. Where imaging solutions generate images<br />
that are thousands of megabytes in size, HomeB<strong>as</strong>e creates configuration profiles of<br />
just a few megabytes and restores all other needed files from the ex<strong>is</strong>ting Avamar<br />
backup. Th<strong>is</strong> combination provides a f<strong>as</strong>t, comprehensive server recovery solution<br />
with minimal storage requirements.<br />
In addition, the integration of HomeB<strong>as</strong>e with Avamar allows fully automated and<br />
unattended one-click restores of supported Windows and RHEL servers across<br />
d<strong>is</strong>similar hardware platforms and between physical and virtual server stacks.<br />
HomeB<strong>as</strong>e profiling <strong>is</strong> initiated using the Avamar pre-scripting capability during the<br />
backup, and full system recoveries are driven from the HomeB<strong>as</strong>e Server console.<br />
HomeB<strong>as</strong>e 6.6 adds a variety of capabilities for further automating recovery to<br />
VMware virtual machines and for incre<strong>as</strong>ed multitenant security, including:<br />
• Multitenancy for recovery sessions, ensuring that an admin<strong>is</strong>trator initiating<br />
recoveries through the HomeB<strong>as</strong>e portal can only see their specific clients.<br />
• vSphere integration to automatically prov<strong>is</strong>ion a virtual machine with<br />
specifications (CPU, memory, d<strong>is</strong>k, and so on) matching the source physical<br />
server <strong>as</strong> part of the process when recovering to VMware-b<strong>as</strong>ed virtual systems.<br />
Figure 15 shows the HomeB<strong>as</strong>e user interface.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
23
CLI and API<br />
Support<br />
Figure 15. Standard <strong>EMC</strong> HomeB<strong>as</strong>e admin<strong>is</strong>trative user interface<br />
Because HomeB<strong>as</strong>e e<strong>as</strong>ily integrates with ex<strong>is</strong>ting backup workflows, server<br />
configuration recovery information <strong>is</strong> always synchronized with data recovery<br />
information, ensuring reliable and simple server recovery.<br />
HomeB<strong>as</strong>e <strong>is</strong> e<strong>as</strong>ily integrated into DPA with a few simple steps, enabling DPA to<br />
automatically detect new HomeB<strong>as</strong>e enabled servers and include these in future<br />
reports for billing <strong>as</strong> well <strong>as</strong> reports on the status of HomeB<strong>as</strong>e profiles for a client.<br />
The HomeB<strong>as</strong>e server <strong>is</strong> designed using the latest <strong>Service</strong> Orientated Architecture<br />
(SOA). The HomeB<strong>as</strong>e server provides a REST b<strong>as</strong>ed API to make its operating system<br />
and hyperv<strong>is</strong>or prov<strong>is</strong>ioning capability available to internal and external integrators.<br />
Using th<strong>is</strong> flexible API, HomeB<strong>as</strong>e allows server recovery workflows to be e<strong>as</strong>ily<br />
integrated with data backup workflows, ensuring that server recovery information <strong>is</strong><br />
always in sync with data recovery information.<br />
Similarly, th<strong>is</strong> REST-b<strong>as</strong>ed API can be used to integrate HomeB<strong>as</strong>e into a service<br />
provider’s portal <strong>as</strong> well <strong>as</strong> automating agent installation and configuration options.<br />
In HomeB<strong>as</strong>e 6.6 the REST API does not support recovery operations. These can only<br />
be done through the HomeB<strong>as</strong>e portal. The REST API <strong>is</strong> thoroughly documented in the<br />
<strong>EMC</strong> HomeB<strong>as</strong>e user documentation. Our solution did not do any integration of<br />
HomeB<strong>as</strong>e into the Portal.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
24
Avamar Scripts<br />
Overview<br />
General script<br />
notes<br />
<strong>Service</strong> provider<br />
t<strong>as</strong>ks<br />
Th<strong>is</strong> section describes examples of the scripts we used to integrate Avamar with our<br />
<strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong> solution platform.<br />
Note: These scripts are presented <strong>as</strong> examples only. Any scripts used in your own<br />
environment must be written for your specific application. <strong>EMC</strong> does not<br />
endorse or support these scripts beyond informational purposes.<br />
All of the example scripts presented here are shell scripts, placed on the Avamar<br />
(Linux) server. The complete path <strong>is</strong> required to run them in the vCenter Orchestrator.<br />
All scripts run the Avamar MCCLI command line utility with required arguments. They<br />
are run by the vCO SSH plug-in. All scripts run <strong>as</strong> the root user of Avamar server. For<br />
production environments, a different security approach may be required. For<br />
information about building your own custom solutions using MCCLI, refer to the<br />
Avamar Management Console and Command Line Interface (MCCLI) Programmer’s<br />
Guide.<br />
Throughout th<strong>is</strong> section, “domain” refers to the Avamar domain, not the Active<br />
Directory domain. The Avamar domain <strong>is</strong> similar to a folder. All objects related to that<br />
account (tenant) reside in that folder. Security can be set on Avamar domains to<br />
restrict tenants’ ability to see other tenant information.<br />
It <strong>is</strong> expected that the Avamar client <strong>is</strong> already installed on all the client machines<br />
before a machine can participate in the backup program. One way <strong>is</strong> to prov<strong>is</strong>ion the<br />
VM image with the Avamar client already installed. If an ex<strong>is</strong>ting machine does not<br />
have the client, it must be installed first, before it can participate in the backup<br />
program. Avamar client <strong>is</strong> available from the Avamar server itself.<br />
L<strong>is</strong>t all Avamar domains and sub-domains present in the system<br />
Th<strong>is</strong> script l<strong>is</strong>ts all domains and sub-domains in a given Avamar domain. If the<br />
recursive option <strong>is</strong> removed, it only gets the sub-domains of a given domain.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: /Tenants)<br />
echo L<strong>is</strong>ting domains of $1<br />
/avamar/bin/mccli domain show --recursive=true --domain=$1<br />
Create an Avamar domain<br />
Th<strong>is</strong> <strong>is</strong> the first step for prov<strong>is</strong>ioning a tenant backup space in the Avamar system. All<br />
tenants object (sub-tenants, machines names, backup policies, schedules, and so<br />
on) reside in th<strong>is</strong> domain.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: Tenants/Tenant-01)<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
25
Tenant admin<br />
t<strong>as</strong>ks<br />
(Assumes tenants Avamar domain <strong>is</strong> already ex<strong>is</strong>ting)<br />
echo Adding the Avamar Domain $1<br />
/avamar/bin/mccli domain add --name=$1<br />
/avamar/bin/mccli domain show --name=$1<br />
Deleting an Avamar domain<br />
To delete a domain all objects need to be deleted first. The force option can be used<br />
without doing so, but that must to be used with caution <strong>as</strong> it will delete all child<br />
domains and the machines participating in those domains, policies, groups,<br />
schedules, and dat<strong>as</strong>ets present in those domains. To use the force option, check the<br />
MCCLI programming guide.<br />
Input Arguments in sequence<br />
$1 = Complete root domain path where the domain need to be deleted<br />
<strong>is</strong> present, without the domain name itself(ex: /Tenants)<br />
$2 = Just the name of the Avamar Domain to be deleted (ex: Tenant-<br />
01)<br />
echo Deleting the Avamar Domain $2 from $1<br />
/avamar/bin/mccli domain delete --name=$2 --domain=$1<br />
/avamar/bin/mccli domain show --name=$1/$2 --recursive=true<br />
The t<strong>as</strong>ks described in <strong>Service</strong> provider t<strong>as</strong>ks can also be added <strong>as</strong> tenant admin<br />
t<strong>as</strong>ks too, <strong>as</strong> they must manage their own sub-domains/sub-tenants and the objects<br />
under that. But security needs to be set at the tenant level so that they can’t see other<br />
tenant information.<br />
Add a machine to the Avamar domain<br />
Adding a machine to the Avamar domain <strong>is</strong> a two step process. First it needs to be<br />
added to the domain and then it needs to be activated (invited in Avamar terms<br />
which can be done from the client side or from the server side, but can only be done<br />
from the server side in th<strong>is</strong> solution).<br />
Adding a machine does not automatically backup the machine. Adding the machine<br />
name lets the server <strong>as</strong>sign a unique ID for the client to participate in all the backup<br />
operations. When the machine <strong>is</strong> added to a group, then only the machine backup<br />
happens <strong>as</strong> defined in the dat<strong>as</strong>et.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: Tenants/Tenant-01)<br />
$2 = Complete machine name (ex:TenantMachineName)<br />
echo Adding the Client $2 to the Avamar Domain $1<br />
/avamar/bin/mccli client add --name=$1/$2<br />
/avamar/bin/mccli client show --domain=$1<br />
/avamar/bin/mccli client invite --name=/$1/$2<br />
/avamar/bin/mccli client show --domain=$1<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
26
L<strong>is</strong>t client’s domain name<br />
Th<strong>is</strong> script gets the complete domain path of the machine.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: Tenants/Tenant-01)<br />
$2 = Complete or partial machine name (ex:WinXPTest)<br />
echo L<strong>is</strong>ting client and its domain name<br />
/avamar/bin/mccli client show --domain=$1 | grep $2<br />
Delete client from a domain<br />
Deleting a client from a domain <strong>is</strong> the same <strong>as</strong> removing the machine from the entire<br />
backup system. If it <strong>is</strong> added again, it will be treated <strong>as</strong> a new machine and will have<br />
a new unique ID. Also, all backups related to that machine will be marked for<br />
deletion. To move between the domains, the move operation should be used (refer to<br />
the MCCLI programming guide).<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: Tenants/Tenant-01)<br />
$2 = Complete or partial machine name (ex:WinXPTest)<br />
echo Deleting the Client $2 from the Avamar Domain $1<br />
/avamar/bin/mccli client delete --name=$1/$2<br />
/avamar/bin/mccli client show --domain=$1<br />
The tenant admin must set up the following:<br />
• Dat<strong>as</strong>et (the data to be backed up)<br />
• Retention policy (how long a backup must be kept in the system)<br />
• Schedule (when and what interval the backup needs to be performed)<br />
• Group (to have all these objects plus the machine names participating in<br />
particular backup program).<br />
Usually these are set once, and future machines follow the same backup pattern <strong>as</strong><br />
the other machines in the same group.<br />
Create a default dat<strong>as</strong>et<br />
Th<strong>is</strong> <strong>is</strong> required to define what to back up. In th<strong>is</strong> script we are backing up the<br />
complete machine. For default dat<strong>as</strong>et details, refer to the MCCLI programming guide.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: /Tenants/Tenant-<br />
01)<br />
$2 = Dat<strong>as</strong>et name (to e<strong>as</strong>ily identify _DS <strong>is</strong> added in the script,<br />
but th<strong>is</strong> <strong>is</strong> not required.)<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
27
echo Creating a DEFAULT dat<strong>as</strong>et called $2_DS in the Avamar Domain<br />
$1<br />
/avamar/bin/mccli dat<strong>as</strong>et add --name=$1/$2_DS<br />
/avamar/bin/mccli dat<strong>as</strong>et show --recursive=true --domain=$1<br />
| grep $2_DS<br />
Create a custom dat<strong>as</strong>et<br />
A default or custom dat<strong>as</strong>et <strong>is</strong> required to define what to back up. In Create a default<br />
dat<strong>as</strong>et we backed up the complete machine. In th<strong>is</strong> script we can define a particular<br />
file, folder, datab<strong>as</strong>e, or anything that <strong>is</strong> supported by Dat<strong>as</strong>et definitions. For<br />
dat<strong>as</strong>et definition details, refer to the MCCLI programming guide.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: /Tenants/Tenant-<br />
01)<br />
$2 = Dat<strong>as</strong>et name (to e<strong>as</strong>ily identify _DS <strong>is</strong> added in the script,<br />
but th<strong>is</strong> <strong>is</strong> not required.)<br />
$3 = Target folder to backup (C:/Temp, do not use back sl<strong>as</strong>h,<br />
C:\temp <strong>is</strong> not recognized.)<br />
echo Creating a custom dat<strong>as</strong>et called $2_DS in the Avamar Domain<br />
$1<br />
/avamar/bin/mccli dat<strong>as</strong>et add --name=$1/$2_DS -alldata=false<br />
echo Adding Windows File System Plugin to the Dat<strong>as</strong>et<br />
/avamar/bin/mccli dat<strong>as</strong>et add-target --name=$1/$2_DS -target=$3<br />
--plugin=3001<br />
echo L<strong>is</strong>ting the Dat<strong>as</strong>et just created<br />
/avamar/bin/mccli dat<strong>as</strong>et show --domain=$1 | grep $2_DS<br />
Create a retention policy<br />
A retention policy <strong>is</strong> required to define how long a backup must be retained.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: /Tenants/Tenant-<br />
01)<br />
$2 = Dat<strong>as</strong>et name (to e<strong>as</strong>ily identify _RP <strong>is</strong> added in the script,<br />
but th<strong>is</strong> <strong>is</strong> not required.)<br />
$3 = Enter the number of day or months or years the Policy h<strong>as</strong> to<br />
expire after, from today. Example: To expire th<strong>is</strong> policy after 5<br />
days, just input "5D" without quotes. Similarly 13W for 13 weeks<br />
3Y for 3 years An exact date can also be mentioned, but the<br />
format, YYYY-MM-DD<br />
echo Creating a Retention Policy called $2_RP in the Avamar Domain<br />
$1<br />
/avamar/bin/mccli retention add --domain=$1 --name=$2_RP -b<strong>as</strong>ic=$3<br />
echo L<strong>is</strong>ting the Retention Policy details that <strong>is</strong> just created<br />
/avamar/bin/mccli retention show --name=$1/$2_RP<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
28
Create a schedule<br />
A schedule <strong>is</strong> required to define when to perform the back up, and at what interval.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: /Tenants/Tenant-<br />
01)<br />
$2 = Dat<strong>as</strong>et name (to e<strong>as</strong>ily identify _RP <strong>is</strong> added in the script,<br />
but th<strong>is</strong> <strong>is</strong> not required.)<br />
$3 = Either one of the following argument <strong>is</strong> required.<br />
To back up at specific intervals [--hours=String]: Set the time of day for a daily<br />
schedule in 24-hour format.<br />
Example: --hours=2,5,7,10,23<br />
To back up on selected weekdays [--days=String]: Set the days of week for a weekly<br />
schedule, or the day of month for a monthly schedule. Valid values are M[onday],<br />
Tu[esday], W[ednesday], Th[ursday], F[riday], Sa[turday], and Su[nday].<br />
Example: --days=M,TU,F,SA<br />
To back up on a particular day of the month [--nth-day=String]: Set the nth day of a<br />
month for a monthly schedule. Valid values are 1, 2, ..., 28, and l<strong>as</strong>t.<br />
Example: --nth-day=12,23,l<strong>as</strong>t<br />
To back up on a particular week of the month [--week=String]: Set the week of the<br />
month for a monthly schedule. Valid values are first, second, third, fourth, and l<strong>as</strong>t<br />
Example: -week=second<br />
Optional arguments [--desc=String]: You can enter textual description of the schedule<br />
[--duration=String]: Back up window in format HH:MM.<br />
Example: --duration=5:00 [--start=String]<br />
Start time in format HH:MM (24 hour format)<br />
Example: --start=13:30 [--tz=String]<br />
Time zone for start time defaults to time zone of machine.<br />
Example: --tz=CST OR --tz=America/Toronto<br />
echo Creating a schedule called $2_SCH in the Avamar Domain $1<br />
/avamar/bin/mccli schedule add --name=$1/$2_SCH $3<br />
/avamar/bin/mccli schedule show --name=$1/$2_SCH<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
29
Create a group<br />
A group <strong>is</strong> required to organize the dat<strong>as</strong>et, retention policy, and schedule in addition<br />
to the machine names participating in th<strong>is</strong> backup plan.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: /Tenants/Tenant-<br />
01)<br />
$2 = Dat<strong>as</strong>et name (to e<strong>as</strong>ily identify _RP <strong>is</strong> added in the script,<br />
but th<strong>is</strong> <strong>is</strong> not required.)<br />
$3 = Boolean value (true/false) - Making th<strong>is</strong> value true will<br />
immediately enable the scheduled backups. Making it false keep<br />
everything ready for future usage.<br />
echo Creating a Group called $2_GRP in the Avamar Domain $1<br />
echo Th<strong>is</strong> <strong>is</strong> used to hold Dat<strong>as</strong>et, Retention Policy, Schedule and<br />
the MachineNames to be backed up.<br />
/avamar/bin/mccli group add --domain=$1 --name=$2_GRP -enabled=$3<br />
echo L<strong>is</strong>ting the Group details that <strong>is</strong> just created<br />
/avamar/bin/mccli group show --name=$1/$2_GRP<br />
Tenant admin m<strong>as</strong>ter script<br />
The following script performs the domain, dat<strong>as</strong>et, retention, and scheduling t<strong>as</strong>ks.<br />
Input Arguments in sequence<br />
$1 = Complete Avamar domain name with path (ex: /Tenants/Tenant-<br />
01)<br />
$2 = string Name used to create _DS, _RP,<br />
_GRP, _SCH<br />
$3 = Machine name to backup.<br />
echo Creating a dat<strong>as</strong>et called $2_DS in the Avamar Domain $1<br />
/avamar/bin/mccli dat<strong>as</strong>et add --name=$1/$2_DS<br />
/avamar/bin/mccli dat<strong>as</strong>et show --recursive=true |grep<br />
'$2_DS'<br />
echo Creating a schedule called $2_SCH in the Avamar Domain $1<br />
/avamar/bin/mccli schedule add --name=$1/$2_SCH -hours=11,12,15,18,23<br />
/avamar/bin/mccli schedule show --name=$1/$2_SCH<br />
echo Creating a Retention policy called $2_RP in the Avamar Domain<br />
$1<br />
/avamar/bin/mccli retention add --name=$1/$2_RP<br />
/avamar/bin/mccli retention show --name=$1/$2_RP<br />
echo Creating a Group called $2_GRP in the Avamar Domain $1<br />
/avamar/bin/mccli group add --name=$1/$2_GRP -dat<strong>as</strong>et=$1/$2_DS<br />
--enabled=true --retention=$1/$2_RP -schedule=$1/$2_SCH<br />
/avamar/bin/mccli group show --name=$1/$2_GRP<br />
echo Adding the machine to the group $2_GRP<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
30
Tenant user t<strong>as</strong>ks<br />
/avamar/bin/mccli group add-client --client-name=$1/$3 -name=$1/$2_GRP<br />
/avamar/bin/mccli group show-client-members --name=$1/$2_GRP<br />
These scripts show examples of tenant user t<strong>as</strong>ks.<br />
Add machines to the ex<strong>is</strong>ting backup group.<br />
Th<strong>is</strong> script adds the machine names to a group that <strong>is</strong> already defined by the tenant<br />
admin. Th<strong>is</strong> script does the following:<br />
• Searches for the machine<br />
• Gets the domain of the machine<br />
• Finds the respective group and adds the machine to the group.<br />
If the group <strong>is</strong> already activated, the back up happens with the other machines in that<br />
group. Th<strong>is</strong> script can also be performed by the tenant admin.<br />
It <strong>is</strong> also possible to create a script that adds a bulk number of machines to the<br />
group. For more information about bulk adding, refer to the MCCLI programming<br />
guide.<br />
Input Arguments in sequence<br />
$1 = Exact Tenant User’s machine name<br />
#!/bin/b<strong>as</strong>h<br />
#IFS <strong>is</strong> used to split the input at a pattern<br />
export IFS=" "<br />
# accept the c<strong>as</strong>e insensitive machine name <strong>as</strong> input and convert to<br />
upper c<strong>as</strong>e<br />
macName=`echo $1 | tr [:lower:] [:upper:]`<br />
echo "macName=$macName"<br />
export MACHINE="foo"<br />
export DOMAIN="bar"<br />
# check if there a machine ex<strong>is</strong>ts in the entire avamar domains<br />
l<strong>is</strong>tmachines=`/avamar/bin/mccli client show --recursive=true<br />
| grep -i $macName`<br />
#lop thorugh each machine and see if it matches with the machine<br />
name p<strong>as</strong>sed <strong>as</strong> input argument<br />
for eachMachinename in $l<strong>is</strong>tmachines; do<br />
/avamar/bin/mccli client show --recursive=true | grep -i<br />
$macName | read eachMachinename validDomainName junk<br />
#convert each line to upper c<strong>as</strong>e<br />
test=`echo $eachMachinename | tr [:lower:] [:upper:]`<br />
# echo "test=$test"<br />
#check if it matches with the machinename p<strong>as</strong>sed <strong>as</strong> input<br />
if [ "$test" == "$macName" ]<br />
then<br />
#if matches, accept th<strong>is</strong> <strong>as</strong> valid machine name<br />
#echo $eachMachinename found<br />
validMachineName=$eachMachinename<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
31
# echo "validMachineName=$validMachineName"<br />
# echo "validDomainName=$validDomainName"<br />
# echo "MACHINE=$MACHINE DOMAIN=$DOMAIN"<br />
MACHINE=$validMachineName<br />
DOMAIN=$validDomainName<br />
# echo "MACHINE=$MACHINE DOMAIN=$DOMAIN"<br />
# next<br />
fi<br />
# get the complete path (Avamar Domain Name) of the machine<br />
name in Avamar system<br />
# checks if the first letter <strong>is</strong> /<br />
#if [[ $test == /* ]]<br />
#then<br />
# equal th<strong>is</strong> to the domain name<br />
# echo $eachMachinename found<br />
validDomainName=$eachMachinename<br />
#fi<br />
done<br />
MACHINE=$validMachineName<br />
DOMAIN=$validDomainName<br />
# echo "MACHINE=$MACHINE DOMAIN=$DOMAIN"<br />
# echo "MACHINE=$MACHINE DOMAIN=$DOMAIN"<br />
/avamar/bin/mccli group show-client-members -name=${DOMAIN}${DOMAIN}_GRP<br />
/avamar/bin/mccli group add-client --clientname=${DOMAIN}/${MACHINE}<br />
--name=${DOMAIN}${DOMAIN}_GRP<br />
/avamar/bin/mccli group show-client-members -name=${DOMAIN}${DOMAIN}_GRP<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
32
Conclusion<br />
Summary<br />
Findings<br />
Th<strong>is</strong> <strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong> solution provides service providers with an integrated<br />
carrier-grade, scalable, multitenant backup service which can backup and restore<br />
physical and virtual machines.<br />
As organizations incre<strong>as</strong>e their use of out-sourced data centers, their backup<br />
challenges can also grow. <strong>Service</strong> providers who already offer cloud-b<strong>as</strong>ed services or<br />
traditional hosting services are ideally positioned to provide local BaaS for customers<br />
to round out their other <strong>as</strong>-a-service offerings.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong> allows service providers to provide robust backup<br />
protection leveraging <strong>EMC</strong> Avamar and HomeB<strong>as</strong>e technologies. <strong>EMC</strong> BaaS can also<br />
deduplicate data stored in virtual d<strong>is</strong>ks, significantly reducing storage consumption<br />
and enabling replication of virtual d<strong>is</strong>ks across data center locations.<br />
Th<strong>is</strong> solution provides a reference implementation for delivering backup services that<br />
leverage a service provider’s ex<strong>is</strong>ting orchestration and portal infr<strong>as</strong>tructure.<br />
<strong>EMC</strong> BaaS leveraging <strong>EMC</strong> Data Protection Adv<strong>is</strong>or technology provides the enhanced<br />
reporting capabilities that customers demand including backup job status, used<br />
capacity; restore job status, and daily compression rate reports.<br />
We found the following key results during the testing of th<strong>is</strong> solution:<br />
• The <strong>EMC</strong> BaaS solution with <strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, and<br />
<strong>EMC</strong> HomeB<strong>as</strong>e supported per-customer backup services on a service provider<br />
multitenant cloud platform.<br />
• The <strong>EMC</strong> BaaS solution with VMware vCloud Director and vCloud Orchestrator<br />
can integrate Avamar and Data Protection Adv<strong>is</strong>or with industry-leading<br />
orchestration and portal solutions.<br />
• The <strong>EMC</strong> BaaS solution successfully backed up and restored user data over LAN<br />
networks.<br />
• The backup and restore support w<strong>as</strong> all encomp<strong>as</strong>sing, including: files,<br />
applications, system backups, virtual machine image backups, and bare-metal<br />
backup of physical servers.<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
33
About <strong>EMC</strong><br />
Proven<br />
Solutions<br />
Take the next step<br />
References<br />
White papers<br />
Product<br />
documentation<br />
<strong>EMC</strong> Proven Solutions help customers identify and overcome business challenges by<br />
reducing r<strong>is</strong>k and time-to-value of their information infr<strong>as</strong>tructure. <strong>EMC</strong> leverages its<br />
expert<strong>is</strong>e and proven technologies with its strategic relationships with C<strong>is</strong>co,<br />
Microsoft, Oracle, SAP, and VMware to deliver solutions that support our customers<br />
business and technical requirements. All solutions are rigorously tested and<br />
documented with reference architectures and best practices designed to reduce the<br />
total cost of ownership of the infr<strong>as</strong>tructure and incre<strong>as</strong>e IT Efficiency.<br />
<strong>EMC</strong> offers a portfolio of consulting and professional services for service providers<br />
and their customers to <strong>as</strong>s<strong>is</strong>t in balancing workloads across service delivery models<br />
– ranging from legacy physical architectures and virtualized infr<strong>as</strong>tructures through<br />
on– and off-prem<strong>is</strong>e cloud architectures. The <strong>EMC</strong> Cloud Adv<strong>is</strong>ory <strong>Service</strong> with Cloud<br />
Optimizer helps customers develop a strategy for optimizing the placement of<br />
application workloads. By <strong>as</strong>sessing three factors – economics, trust and<br />
functionality – organizations can maximize their cost savings and business agility<br />
gained through the use of private and public cloud resources.<br />
For additional information, see the white papers l<strong>is</strong>ted below. <strong>EMC</strong> documents are<br />
available on the <strong>EMC</strong> online support website.<br />
• Compute-<strong>as</strong>-a-<strong>Service</strong> (<strong>EMC</strong>)<br />
• Understanding <strong>EMC</strong> Avamar with <strong>EMC</strong> Data Protection Adv<strong>is</strong>or — Applied<br />
Technology (<strong>EMC</strong>)<br />
For additional information, see the product documents l<strong>is</strong>ted below.<br />
• VMware vCloud Director Documentation<br />
• VMware vSphere Documentation<br />
• VMware vCenter Orchestrator Documentation<br />
• Avamar 6.0 Management Console Command Line Interface (MCCLI) Programmer<br />
Guide (<strong>EMC</strong>)<br />
• <strong>EMC</strong> Data Protection Adv<strong>is</strong>or API Reference (<strong>EMC</strong>)<br />
<strong>EMC</strong> <strong>Backup</strong>-<strong>as</strong>-a-<strong>Service</strong><br />
<strong>EMC</strong> Avamar, <strong>EMC</strong> Data Protection Adv<strong>is</strong>or, <strong>EMC</strong> HomeB<strong>as</strong>e<br />
34