4 4 3 Beefalo:HPE StoreOnce Configuration
- 1 Overview
- 1.1 Protecting data from ransomware with data immutability
- 1.2 Supported StoreOnce Catalyst extensions
- 1.3 StoreOnce Catalyst concept and terminology
- 1.4 Catalyst data deduplication modes
- 1.5 Requirements
- 1.6 HPE StoreOnce connections
- 1.7 Minimum supported version of the HPE system
- 1.8 Steps
- 1.9 Recommendations
- 2 Creating HPE StoreOnce Catalyst store
- 3 Setting up Fibre Channel for StoreOnce Catalyst store
- 4 What is next?
- 5 See also
This article describes the SEP sesam integration with the Hewlett Packard Enterprise (HPE) StoreOnce Catalyst storage system. It explains the StoreOnce configuration, which is not part of SEP sesam. For detailed information on HPE StoreOnce, refer to HPE documentation.
The Hewlett Packard Enterprise (HPE) StoreOnce backup appliance allows multiple Catalyst stores to be configured for use as backup storage. StoreOnce Catalyst is an optimized backup protocol for disk-based data protection. HPE StoreOnce fully controls backup data and enables efficient encryption, recovery, deduplication, and replication. SEP sesam uses the HPE StoreOnce Catalyst Library, which implements the StoreOnce Catalyst client API. This API provides the remote procedure call (RPC-based interface) that allows SEP sesam to interact with the StoreOnce appliance.
Protecting data from ransomware with data immutability
HPE StoreOnce also provides efficient protection against ransomware through its data immutability feature. This means that during the defined period of data immutability, stored data cannot be encrypted, modified in any way, or deleted, even in the event of a ransomware attack. Organizations can use immutable backups to restore their data to a state that is still intact and unaffected by the malware. This option can be used as additional protection for your data and specified when creating a Catalyst store. For details, see the section Creating HPE StoreOnce Catalyst store (step 3).
Supported StoreOnce Catalyst extensions
HPE Cloud Bank Storage (HPE StoreOnce v. ≥ 4.1) is an HPE StoreOnce Catalyst extension that writes deduplicated data to cloud storage (public or private), while regular HPE StoreOnce Catalyst stores write data to disk in the HPE StoreOnce system.
- As HPE Cloud Bank stores and HPE StoreOnce Catalyst stores are created and behave in similar manner, SEP sesam can use HPE Cloud Bank storage as a Catalyst copy target where you can replicate or restore your data instead of regular Catalyst stores. Cloud Bank Storage cannot be used as a backup target due to its limited object size.
- You can create Cloud Bank store in a similar way to Catalyst store, as described in Creating HPE StoreOnce Cloud Bank store.
StoreOnce Catalyst concept and terminology
HPE StoreOnce provides bandwidth-efficient backup and restore over LAN, WAN, and Fibre Channel. It provides the flexibility to use different deduplication modes depending on the environment and performance (see the Catalyst data deduplication modes section). Encryption is defined on the Catalyst store side individually for each Catalyst store. Note that once encryption is enabled, it cannot be disabled.
HPE uses the following terminology in the context of StoreOnce Catalyst:
- StoreOnce Catalyst: StoreOnce interface name.
- StoreOnce Catalyst store: Device type where the backups are stored on the StoreOnce appliance.
- StoreOnce Catalyst clients: The applications which connect by using the StoreOnce Catalyst interface.
- StoreOnce Catalyst items: The backup items stored in Catalyst stores on StoreOnce appliances.
- Data job: Any backup or restore.
- Copy job: The actual copy of the data, not the mirror image. The backup application specifies the outbound copy job as the source store and the inbound copy job as the destination store. Once copied, the outbound and inbound copy jobs are independent of each other. This means that each copy job can be deleted, moved, or added to/from the backup application.
- Transfer policies: By selecting Low Bandwidth or High Bandwidth (HBW) it is defined how backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs. See section Catalyst data deduplication modes.
- Physical data size quota: Maximum amount of data that can be written to the store after deduplication.
- Logical data size quota: Maximum amount of data that can be written to the store before deduplication.
- Data immutability period: Also called StoreOnce retention period. During the specified period, the data on the store remains protected for the period of time defined by the immutability period, even if the SEP sesam EOL (retention time) has already expired.
Catalyst data deduplication modes
StoreOnce Catalyst provides the flexibility of performing deduplication at the backup server, target, or application source, depending on your environment and performance requirements. Catalyst stores can be configured individually for a specific deduplication mode in Advanced Settings by selecting the appropriate bandwidth type for Transfer Policies. By specifying the transfer policy mode, you define how backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs.
Source-side/server-side deduplication (HPE: Backup Server Deduplication)
The HPE StoreOnce Catalyst agent deduplicates data on the source side within the backup server, i.e. the backup server or RDS deduplicated before transferring it to StoreOnce. For this, the Primary Transfer Policy must be set to Low Bandwidth (is the bandwidth-optimized mode). This option is recommended for most use cases as it reduces network load and improves backup performance.
Target-side deduplication (HPE: Target Deduplication)
Target deduplication runs deduplication processing at the backup target, after the data is transported to HPE StoreOnce. For this, the Catalyst store must be in performance-optimized mode by setting the Primary Transfer Policy to High Bandwidth. This option is recommended if you want to reduce the disk space required for backup data.
Application-side deduplication (HPE: Application Source Deduplication)
Software-based source-side deduplication uses the SEP sesam Client (without RDS) to perform the deduplication process and write the deduplicated data directly to HPE StoreOnce, without using the Media Server. To use application-side deduplication, select the HPE StoreOnce Bandwidth Optimized Data Transfer option in the properties of the HPE StoreOnce backup event; for details, see Option HPE StoreOnce Bandwidth Optimized Data Transfer. By selecting this option, redundant data is removed before it is transferred to the backup target (only the changed blocks are transferred) thus optimizing bandwidth usage. For application-side deduplication, at least one transfer policy must be set to Low Bandwidth.
Keep the following in mind when using this option:
- Configuring SESAM_DRIVE and SESAM_TAPESERVER for SAP Oracle backups
To send data directly from the SAP Oracle client to the HPE Catalyst Store, a local STPD connection must be established. In the SAP UTIL_FILE or RMAN script, the SESAM_DRIVE parameter must be set to the HPE Catalyst Store to define the connection to the HPE system and the SESAM_TAPESERVER parameter must be specified with the name of the SAP client (as configured in the SEP sesam GUI):
SESAM_DRIVE=SMS:DS@+SO@ix2-store-once-1 where the value after the second @ is <DB:data_stores.name> SESAM_TAPESERVER=sapcertsles11.sep.de where the name is the hostname of the SAP client as specified in the SEP sesam GUI
|For Oracle RMAN, these parameters can be set in the RMAN script directly or with the sbc_rman -d and -S switch. For details, see Backing up the Oracle database.|
To ensure error-free operation of SEP sesam and improve performance, make sure that the following conditions are met:
- For system requirements and supported configurations, see Support Matrix: SEP sesam integration with HPE StoreOnce Catalyst.
- HPE StoreOnce VSA license and additional licenses, e.g., Cloud Storage, Cloud Archive, Security license, etc. For details, see section StoreOnce VSA licensing.
- The Catalyst library is required to access HPE StoreOnce Catalyst store.
- SEP sesam Server v. 4.4.3 Beefalo or higher. Check the hardware requirements for SEP sesam Client, SEP sesam Server or RDS.
- If you want to perform HPE source-side deduplication (on Linux or Windows), you have to configure RDS on the client. For details, see How to create a Remote Device Server (RDS).
HPE StoreOnce connections
The following (TCP) ports are used to allow StoreOnce Catalyst traffic to pass to and from the SEP sesam Server:
- 9387 -> command session port number the server will listen on by default
- 9388 -> data session port number the server will listen on by default
Minimum supported version of the HPE system
The following list shows the minimum supported versions of the HPE system Gen3 and Gen4 Storeonce platform. SEP sesam cannot assure support for releases older than the minimum supported version. For all system requirements and supported configurations, see Support Matrix: SEP sesam integration with HPE StoreOnce Catalyst.
Perform the following steps to use HPE StoreOnce Catalyst store as a storage library. You can connect SEP sesam Server to HPE StoreOnce Catalyst over Ethernet or over Fibre Channel; in the latter case, use the StoreOnce Management Console to set up the backup and restore connections between the ports on the StoreOnce system and the ports on the client servers (see step 2 of the procedure).
|HPE StoreOnce specialists provide recommendations and guidance to consider when configuring Catalysts stores.|
- HPE StoreOnce Catalyst store requires at least 2-6 hours per day for housekeeping (excluding read and write actions). The process starts automatically if no read/write actions are running and cannot be scheduled.
- To achieve an optimal deduplication ratio, it is recommended to create dedicated Catalyst stores for Linux/Unix data, Windows data, and VMs. If databases occupy a lot of your storage space, you should also create dedicated Catalyst store for databases.
- With SEP sesam, every HPE StoreOnce Catalyst store is a SEP sesam data store with its own pool.
Creating HPE StoreOnce Catalyst store
- In the StoreOnce menu -> Data Services -> Catalyst Stores, click the Create Store option in the upper-right corner. The Create Store window opens.
- Enter the name of your Catalyst store. The exact name (case sensitive) is required to add the Catalyst store to the SEP sesam environment later, so write it down. Use underscores (_) or hyphens (-) instead of spaces.
- Optionally, you can set the following options under Security Settings. .
- Store Encryption: If the proper license was applied, you can enable StoreOnce encryption. This built-in encryption of Catalyst store can only be activated for each individual Catalyst store during its setup. Once encryption is enabled, it cannot be disabled.
- If you want to use encryption, SEP recommends using StoreOnce encryption instead of the SEP sesam built-in Task encryption, as backup data cannot be deduplicated when SEP sesam encryption is enabled.
- If you have enabled StoreOnce encryption, save your keystore information to a file that can be retrieved later. For details, see Saving the Encryption Key Store for HPE StoreOnce Catalyst.
- Data Immutability (retention) period for your data jobs and inbound/outbound copy jobs. This option can be used as an additional protection for your data as you set up the retention policy when configuring SEP sesam. If set, the data will be protected for the specified period of time even if the SEP sesam EOL has expired. If the SEP sesam EOL is longer than the StoreOnce data immutability period, the data is protected as defined by SEP sesam EOL.
- Under Advanced Settings, set the primary (default) and secondary transfer policies. Depending on your environment, you can select low (LBW) or high bandwidth (HBW) for each transfer policy. Note that the selected mode for the primary and secondary policy affects how backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs (see the section Catalyst data deduplication modes). SEP sesam uses the primary (default) transfer policy for data transfer between the Remote Device Server and HPE Catalyst store. The secondary transfer policy can be used for reaching a secondary StoreOnce appliance with replication.
Tip You can use application-side deduplication (≥ 4.4.3 Beefalo V2) by setting the HPE StoreOnce Bandwidth Optimized Data Transfer option in the SEP sesam GUI. To use this option, at least one transfer policy must be set to Low Bandwidth. For details on where to set this option, see HPE StoreOnce Backup: Option HPE StoreOnce Bandwidth Optimized Data Transfer.
- STORAGE QUOTAS
You can also set the physical and logical data size quota for each Catalyst store. By setting the quota, you can distribute the physical capacity of the StoreOnce system among different users and effectively determine how much storage space on the HPE StoreOnce backup system can be used by a particular user. Applications with a better deduplication ratio can store more data.
- Physical Storage Quota sets the maximum amount of data that can be written to storage after deduplication. When the threshold is reached, backup jobs can no longer write new data.
- The Logical Storage Quota sets the maximum amount of data that can be written to store before deduplication.
Tip Typically, HPE StoreOnce is used for more than one HPE Catalyst Store. For this multi-store approach, SEP recommends setting Physical Storage Quotas. Note
- When quota limits are set and the quota limit is reached, backups will fail to prevent the quota from being exceeded. Restores are still possible, but all new backups fail. To solve this issue, increase the quota to a sufficient size.
- The SEP sesam data store Disk space usage option for HPE StoreOnce Catalyst Store supports the Catalyst Store Physical Storage Quota and Logical Storage Quota (≥ 4.4.3 Beefalo V2). You can check HPE StoreOnce storage quotas and overall HPE StoreOnce storage sizes in SEP sesam GUI: Main selection -> Components -> Data Stores, double-click your StoreOnce store and then click the HPE Catalyst Store State tab. For details, see Configuring HPE StoreOnce data store in SEP sesam.
- Once your Catalyst store is created, configure the Client Access permission for that store:
Click Add Client and specify a username and password. Catalyst Client Name is the username.
Note that this does not have to be the name of the backup server; you can choose any name. Make a note of these credentials to later create the store in SEP sesam. You can also change the Client Access permission later by using the Permissions tab of the already configured Catalyst store.
Click Create to create your first Catalyst store. Then repeat the procedure to create additional Catalyst stores.
You can use StoreOnce Catalyst over Fibre Channel or over Ethernet. As described in the HPE StoreOnce documentation, both connections work the same way and the supported backup applications do not perceive any difference. However, if you intend to use HPE StoreOnce Catalyst over Fibre Channel, you must perform some additional configuration as described in the next step.
Setting up Fibre Channel for StoreOnce Catalyst store
|As indicated in the HPE StoreOnce documentation, Fibre Channel settings are relevant only for specific StoreOnce models and are available only if the StoreOnce system supports Fibre Channel.|
Consider the following when using StoreOnce Catalyst over Fibre Channel (CoFC):
- Backups are supported on StoreOnce Catalyst over a Fibre Channel interface and over Ethernet networks.
- StoreOnce System to StoreOnce System connectivity through optimized StoreOnce Catalyst copy jobs is supported over both Ethernet and Fibre Channel.
- Running StoreOnce Catalyst over Fibre Channel requires administrator privileges to access OS-specific device files associated with StoreOnce Catalyst over Fibre Channel devices.
- Non-optimal Fibre Channel SAN zoning can result in a lack of Fibre Channel connectivity. The storage administrator must ensure that network segregation, such as zoning, is set up correctly according to HPE recommendations.
- Check the HPE StoreOnce Support Matrix for compatibility at https://www.hpe.com/Storage/StoreOnceSupportMatrix (login required).
StoreOnce Catalyst over Fibre Channel zoning considerations
The following zoning considerations are recommended by HPE:
- StoreOnce Fibre Channel World Wide Names (WWN) can be in the StoreOnce Management Console -> Catalyst Settings- > Fibre Channel. Each StoreOnce port presents one CoFC WWN.
- Zone the SEP sesam Server or any Remote Device Server with at least two Fibre Channel ports and at least two StoreOnce node Fibre Channel ports across different Fibre Channel cards. Ideally, they are also zoned across different SAN fabrics. Multiple connections allow for higher availability.
- If a connection is broken, StoreOnce Catalyst over Fibre Channel will automatically attempt to connect via another path without aborting the backup. Backup only fails if no paths are available from the SEP sesam Server/Remote Device Server or to the StoreOnce. Zone StoreOnce Catalyst Copy over Fibre Channel source and destination copy devices in the same way.
- StoreOnce Catalyst Copy over Fibre Channel is a two-way protocol. Zone the source Initiator WWN with the destination target WWN, and zone the destination Initiator WWN with the source target WWN. The source and destination must be able to communicate with each other over Fibre Channel.
- Use small Fibre Channel zones limiting the number of Fibre Channel ports in each zone.
- StoreOnce Catalyst over Fibre Channel does not use or rely on external multipath drivers. Connections are balanced using StoreOnce Catalyst over Fibre Channel internal algorithms. Catalyst over Fibre Channel ignores installed multipath drivers.
Fibre Channel configuration
- In the StoreOnce GUI, go to HPE StoreOnce -> StoreOnce Catalyst -> Fibre Channel settings tab and locate the Identifier at the top of the Configuration window. This is the CoFC identifier that is used as the data address for accessing Catalyst store over Fibre Channel and must be provided to SEP sesam when creating a new store. It has the format COFC-<device-id>, e.g., COFC-1JB6Q36FMNR4JG0X.
- Make sure Devices per Initiator Port is configured correctly.
Check the Number of Logins and the Number of Devices per Login for each port. These values determine the number of concurrent backup/restore and copy connections allowed on each Fibre Channel port of the HPE StoreOnce system.
- The Number of Logins does not relate to how many total sessions can be established over a StoreOnce port; it defines the number of client-side ports that are zoned to connect to that port.
- Devices per Initiator Port determines the number of backup and restore connections that are allowed from each SEP sesam Server Fibre Channel port to ports on the StoreOnce system. It is recommended to increase this value according to your needs. Note that if you increase the value, you must run a device file rescan on the client to detect and recognize the change. StoreOnce Catalyst over Fibre Channel presents a device type of Processor. In Windows Device Manager, these devices are shown as Other Devices. After zoning the devices or changing the number of Devices per Initiator Port, right-click Other Devices and then select Scan for hardware changes to detect the new devices.