4 4 3 Beefalo:HPE StoreOnce Configuration

From SEPsesam
Jump to: navigation, search
This page contains changes which are not marked for translation.

Other languages:
Deutsch • ‎English

Copyright © SEP AG 1999-2021. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3 Beefalo/Beefalo V2. For previous documentation version(s), check SEP sesam Archive.


This article describes SEP sesam integration with Hewlett Packard Enterprise (HPE) StoreOnce Catalyst storage system. It explains StoreOnce configuration, which is not part of SEP sesam. For detailed information on HPE StoreOnce, refer to HPE documentation.
The Hewlett Packard Enterprise (HPE) StoreOnce backup appliance allows to configure multiple Catalyst stores to be used as backup storage. HPE StoreOnce fully controls backup data and enables efficient encryption, recovery, deduplication, and replication. SEP sesam uses HPE StoreOnce Catalyst Library which implements the StoreOnce Catalyst client API. This API provides the remote procedure call (RPC-based interface) that allows SEP sesam to interact with the StoreOnce appliance.

With SEP sesam v. 4.4.3 Beefalo V2 it is recommended to use HPE Cloud Bank Storage (HPE StoreOnce v. ≥ 4.1) as a Catalyst copy target where you can replicate or restore your data instead of regular Catalyst stores. It cannot be used as a backup target due to its limited object size.

You can create a Cloud Bank store in a similar manner to Catalyst store, as described in Creating HPE StoreOnce Cloud Bank store.

Protecting data from ransomware with data immutability

HPE StoreOnce also provides efficient protection against ransomware through the data immutability feature. This means that during the defined period of data immutability, the stored data cannot be encrypted, modified in any way, or deleted, even in the event of a ransomware attack. Organisations can use immutable backups to restore their data to a state that is still intact and unaffected by the malware. This option can be used as additional protection for your data and specified when creating a Catalyst store. For details, see the section Creating HPE StoreOnce Catalyst store (step 3).

StoreOnce Catalyst concept and terminology

HPE StoreOnce provides bandwidth-efficient backup and restore over LAN, WAN, and Fibre Channel. It provides the flexibility to use different deduplication modes depending on the environment and performance (see the Catalyst data deduplication modes section). Encryption is defined on the Catalyst store side individually for each Catalyst store; note that once encryption is enabled, it cannot be disabled.

HPE uses the following terminology related to StoreOnce Catalyst:

  • StoreOnce Catalyst: StoreOnce interface name.
  • StoreOnce Catalyst store: Device type where the backups are stored on the StoreOnce appliance.
  • StoreOnce Catalyst clients: The applications which connect by using the StoreOnce Catalyst interface.
  • StoreOnce Catalyst items: The backup items stored in the Catalyst stores on the StoreOnce appliances.
  • Data job: Any backup or restore.
  • Copy job: Actual copy of the data, not mirror image. The backup application specifies outbound copy job as source store and inbound copy job as destination store. Once copied, the outbound and inbound copy jobs are independent of each other. This means that each copy job can be deleted, moved, or added to/from the backup application.
  • Transfer policies: By selecting Low Bandwidth or High Bandwidth (HBW) it is defined how the backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs. See section Catalyst data deduplication modes.
  • Physical data size quota: Maximum amount of data that can be written to the store after deduplication.
  • Logical data size quota: Maximum amount of data that can be written to the store before deduplication.
  • Data immutability period: Also named StoreOnce retention period. During the specified period, the data on store remains protected for the amount of time defined by immutability period even if the SEP sesam EOL (retention time) has already expired.

Catalyst data deduplication modes

StoreOnce Catalyst provides the flexibility of performing deduplication at backup server, target, or application source, depending on your environment and performance requirements. Catalyst stores can be configured individually for specific deduplication mode in the Advanced Settings by selecting the appropriate bandwidth type for Transfer Policies. By specifying the transfer policy mode you define how the backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs.

Source-side/server-side deduplication (HPE: Backup Server Deduplication)

The HPE StoreOnce Catalyst agent deduplicates data on the source side within the backup server, i.e. the backup server or RDS deduplicated before transferring it to StoreOnce. For this, the Primary Transfer Policy must be set to Low Bandwidth (is the bandwidth-optimized mode). This option is recommended for most use cases as it reduces the network load and improves backup performance.

Target-side deduplication (HPE: Target Deduplication)

Target deduplication runs deduplication processing at the backup target, after the data is transported to HPE StoreOnce. For this, the Catalyst store must be in the performance-optimized mode by setting the Primary Transfer Policy to High Bandwidth. This option is recommended when there is a need to reduce the disk space required for backup data.

Application-side deduplication (HPE: Application Source Deduplication)

Software-based source-side deduplication uses the SEP sesam Client (without RDS) to perform the deduplication process and writes the deduplicated data directly to HPE StoreOnce, without using the Media Server. As of v. 4.4.3 Beefalo V2, you can use the application-side deduplication by selecting the HPE StoreOnce Bandwidth Optimized Data Transfer option in the properties of the HPE StoreOnce backup event; for details, see Option HPE StoreOnce Bandwidth Optimized Data Transfer. By selecting this option, redundant data is removed before it is transmitted to the backup target (only the changed blocks are transferred) thus optimizing bandwidth utilization. Application-side deduplication requires at least one transfer policy to be set to Low Bandwidth.

Information sign.png Note

Keep the following in mind when using this option:

  • If High Bandwidth is configured for both, the Primary and Secondary Transfer policy, the application-side deduplication cannot be performed on the client. In this case, the data is transferred directly from the client to the StoreOnce system with target deduplication, without deduplicating the data in advance at its source by the client.
  • HPE StoreOnce Bandwidth Optimized Data Transfer is important mainly for WAN clients. By enabling it, SEP sesam establishes the connection between the local STPD and HPE StoreOnce. This option is only available if the SEP sesam STPD service is part of the SEP sesam Client installation. This is the case with the SEP sesam Windows Client installation and in case of SEP sesam Linux RDS installation.
  • HPE StoreOnce Bandwidth Optimized Data Transfer can also be used for SAP Oracle (RMAN) backups and SAP Netweaver (Oracle) backups if the following parameters are configured before you start a backup: the first one is SESAM_DRIVE that has to be set to the HPE Catalyst Store, the second is SESAM_TAPESERVER where you specify the name of your SAP (on Oracle) client. These parameters can be configured in the SAP UTIL_FILE or in the RMAN script.
Configuring SESAM_DRIVE and SESAM_TAPESERVER for SAP Oracle backups

To send the data straight from the SAP Oracle client to the HPE Catalyst Store, a local STPD connection must be established. In the SAP UTIL_FILE or in the RMAN script, the SESAM_DRIVE parameter must be set to the HPE Catalyst Store to define the connection to the HPE system and the SESAM_TAPESERVER parameter must be specified with the name of the SAP client (as it is configured in the SEP sesam GUI):

where the value after the second @ is <DB:data_stores.name>
where the name is the hostname of the SAP client as specified in the SEP sesam GUI 
SEP Tip.png Tip
For Oracle RMAN, these parameters can be set in the RMAN script directly or by using sbc_rman -d and -S switch. For details, see Backing up the Oracle database.


To ensure error-free operation of SEP sesam and improve performance, make sure that the following conditions are met:

HPE StoreOnce connections

The following (TCP) ports are used to allow the StoreOnce Catalyst traffic to pass to and from the SEP sesam Server:

  • 9387 -> command session port number the server will listen on by default
  • 9388 -> data session port number the server will listen on by default

Minimum supported version of HPE system

The following list shows the minimum supported versions of HPE system Gen3 and Gen4 Storeonce platform. SEP sesam cannot assure support for releases older than the minimum supported version.

HPE system Version
Gen4 ≥ 4.1.3
Gen3 ≥ 3.18.7


Perform the following steps to use the HPE StoreOnce Catalyst store as a storage library. You can connect SEP sesam Server to the HPE StoreOnce Catalyst over Ethernet or over Fibre Channel; in the latter case, use StoreOnce Management Console to set up the backup and restore connections between the ports on the StoreOnce System and the ports on the client servers (see step 2 of the procedure).

  1. Creating HPE StoreOnce Catalyst store
  2. Setting up Fibre Channel for HPE StoreOnce Catalyst store


SEP Tip.png Tip
HPE StoreOnce specialists provide recommendations and notes which should be considered when configuring Catalysts stores.
  • HPE StoreOnce Catalyst store requires at least 2-6 hours per day for housekeeping (without read and write actions ). The process starts automatically if no read/write actions are running and cannot be scheduled.
  • To have the most optimal deduplication ratio, it is recommended to create dedicated Catalysts stores for Linux/Unix data, Windows data, and VMs. Additionally, if databases occupy a lot of your storage space, create a dedicated Catalyst store for databases, too.
  • With SEP sesam, every HPE StoreOnce Catalyst store is a SEP sesam data store with its own pool.

Creating HPE StoreOnce Catalyst store

  1. In the StoreOnce menu -> Data Services -> Catalyst Stores, click Create Store option at the top right corner. The Create Store window opens.
  2. Enter the name of your Catalyst store. The exact name (case sensitive) is required to add the Catalyst store to SEP sesam environment later, so write it down. Use underscores (_) or dashes (-) instead of spaces.
  3. Creating Catalyst store.jpg

  4. Optionally, under the Security Settings, set the following options.
    • Store Encryption: If the proper license was applied, you can enable StoreOnce encryption. This built-in encryption of the Catalyst store can only be activated individually for each Catalyst store during its setup. Once encryption is enabled, it can no longer be disabled.
    • Information sign.png Note
      • If you want to use encryption, SEP recommends to use StoreOnce encryption instead of SEP sesam built-in Task encryption, as the backup data cannot be deduplicated when SEP sesam encryption is enabled.
    • Data Immutability (retention) period for your data jobs and inbound/outbound copy jobs. This option can be used as additional protection for your data as you set up the retention policy when configuring SEP sesam. If set, the data will be protected for the defined period of time, even if the SEP sesam EOL has expired. If the SEP sesam EOL is longer than StoreOnce data immutability period, the data is protected as defined by SEP sesam EOL.
  5. Catalyst store security settings.jpg

  6. Under the Advanced Settings, set the primary (default) and secondary transfer policy. Depending on your environment, you can select low (LBW) or high bandwidth (HBW) for each transfer policy. Note that the selected mode for the primary and secondary policy affects how the backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs (see section Catalyst data deduplication modes). SEP sesam uses the primary (default) transfer policy for data transfer between the Remote Device Server and the HPE Catalyst store. The secondary transfer policy can be used for reaching a secondary StoreOnce appliance with the replication.
    SEP Tip.png Tip
    As of v. 4.4.3 Beefalo V2, you can use the application-side deduplication by setting the HPE StoreOnce Bandwidth Optimized Data Transfer option in the SEP sesam GUI. To use this option, at least one transfer policy must be set to Low Bandwidth. For details on where to set this option, see HPE StoreOnce Backup: Option HPE StoreOnce Bandwidth Optimized Data Transfer.
    You can also define the physical and logical data size quota for each Catalyst store. By setting the quota, you can distribute the physical capacity of the StoreOnce system among different users and effectively determine how much storage space on the HPE StoreOnce backup system can be used by a particular user. Applications with a better deduplication ratio can store more data.
    • Physical Storage Quota sets the maximum amount of data that can be written to the store after deduplication. When the threshold level is reached, the backup jobs can no longer write new data.
    • SEP Tip.png Tip
      Normally the HPE StoreOnce is used for more than one HPE Catalyst Store. For this multi-store approach, SEP recommends to set Physical Storage Quotas.
    • Logical Storage Quota sets the maximum amount of data that can be written to the store before deduplication.
    Information sign.png Note
    • When quota limits are set and the quota limit is reached, backups will fail to prevent the quota from being exceeded. Restores are still allowed, but all new backups will fail. To solve this issue, increase the quota to the sufficient size.
    • As of Beefalo V2, the SEP sesam data store Disk space usage option for HPE StoreOnce Catalyst Store supports Catalyst Store Physical Storage Quota and Logical Storage Quota. You can check the HPE StoreOnce storage quotas and the overall HPE StoreOnce storage sizes in SEP sesam GUI: Main selection -> Components -> Data Stores, double-click your StoreOnce store and then click the HPE Catalyst Store State tab. For details, see Configuring HPE StoreOnce data store in SEP sesam.
  8. Catalyst store settings.jpg
    Click Create to create your first Catalyst store. Then repeat the procedure to create additional Catalyst stores.

  9. Once your Catalyst store is created, configure the Client Access permission for this store:
    Click Add Client and specify a user name and password. Catalyst Client Name is the user name.
    Note that this does not have to be the name of the backup server, you can choose whatever name you wish. Write down these credentials to create the store in SEP sesam later on. You can also change the Client Access permission later by using the Permissions tab of the already configured Catalyst store.
  10. Client access.jpg

You can use StoreOnce Catalyst over Fibre Channel or over Ethernet. As stated in the HPE StoreOnce documentation, both connections function in the same way and supported backup applications do not perceive a difference. However, if you intend to use HPE StoreOnce Catalyst over Fibre Channel, you have to perform some additional configuration, as described in the next step.

Setting up Fibre Channel for StoreOnce Catalyst store

Information sign.png Note
As stated in the HPE StoreOnce documentation, the Fibre Channel settings are only relevant to certain StoreOnce models and are only available if the StoreOnce system supports Fibre Channel.

Consider the following when using StoreOnce Catalyst over Fibre Channel (CoFC):

  • Backups are supported on StoreOnce Catalyst over a Fibre Channel interface and over Ethernet networks.
  • StoreOnce System to StoreOnce System connectivity through optimized StoreOnce Catalyst copy jobs is supported over both Ethernet and Fibre Channel.
  • Administrator privileges are required to run StoreOnce Catalyst over Fibre Channel to access OS-specific device files associated with StoreOnce Catalyst over Fibre Channel devices.
  • Non-optimal Fibre Channel SAN zoning can lead to a lack of Fibre Channel connectivity. The storage administrator must ensure that network segregation, such as zoning, is set up correctly as recommended by HPE.
  • Check the HPE StoreOnce Support Matrix for compatibility at https://www.hpe.com/Storage/StoreOnceSupportMatrix (login required).

StoreOnce Catalyst over Fibre Channel zoning considerations

The following zoning considerations are recommended by HPE:

  • StoreOnce Fibre Channel World Wide Names (WWN) are found in the StoreOnce Management Console -> Catalyst Settings- > Fibre Channel. Each StoreOnce port presents one CoFC WWN.
  • Zone the SEP sesam Server or every Remote Device Server with at least two Fibre Channel ports and at least two StoreOnce node Fibre Channel ports across different Fibre Channel cards. Ideally, they are also zoned across different SAN fabrics. Multiple connections allow for higher availability.
  • If a connection is broken, StoreOnce Catalyst over Fibre Channel will automatically attempt to connect on a different path without aborting the backup. The backup will fail only if no paths are available from the SEP sesam Server/Remote Device Server or to the StoreOnce. Zone StoreOnce Catalyst Copy over Fibre Channel source and destination copy devices the same way.
  • StoreOnce Catalyst Copy over Fibre Channel is a two-way protocol. Zone the source Initiator WWN with the destination target WWN, and zone the destination Initiator WWN with the source target WWN. The source and destination must be able to communicate with each other over Fibre Channel.
  • Use small Fibre Channel zones limiting the number of Fibre Channel ports in each zone.
  • StoreOnce Catalyst over Fibre Channel does not use or rely on any external multipath drivers. Connections are balanced using StoreOnce Catalyst over Fibre Channel internal algorithms. Catalyst over Fibre Channel ignores installed multipath drivers.

Fibre Channel configuration

  1. In the StoreOnce GUI, go to HPE StoreOnce -> StoreOnce Catalyst -> Fibre Channel settings tab and locate the Identifier at the top of the Configuration window. This is the CoFC identifier that is used as data address to access the Catalyst store over Fibre Channel and must be provided to SEP sesam during the creation of a new store. It is in the format COFC-<device-id>, e.g., COFC-1JB6Q36FMNR4JG0X.
  2. Make sure Devices per Initiator Port is configured properly.
  3. Check the Number of Logins and Number of Devices per Login for each port. These values determine the number of concurrent backup/restore and copy connections allowed on each Fibre Channel port on the HPE StoreOnce system.

    • The Number of Logins does not relate to how many total sessions can be established over a StoreOnce port; it defines the number of client-side ports that are zoned to connect to that port.
    • Devices per Initiator Port determines the number of backup and restore connections that are allowed from each SEP sesam Server Fibre Channel port to the ports on the StoreOnce system. It is recommended to increase this value according to your needs. Note that when increasing the value, you must run a device file rescan on the client for the change to be recognized.
    • StoreOnce Catalyst over Fibre Channel presents a device type of Processor. In Windows Device Manager, these devices are shown as Other Devices. After zoning the devices or changing the number of Devices per Initiator Port, right-click Other Devices and then select Scan for hardware changes to detect the new devices.