4 4 3 Beefalo:HPE StoreOnce Configuration
- 1 Overview
- 1.1 StoreOnce Catalyst concept and terminology
- 1.2 Catalyst data deduplication modes
- 1.3 Requirements
- 1.4 HPE StoreOnce connections
- 1.5 Minimum supported version of HPE system
- 1.6 Steps
- 1.7 Recommendations
- 2 Creating HPE StoreOnce Catalyst store
- 3 Setting up Fibre Channel for StoreOnce Catalyst store
- 4 What is next?
- 5 See also
This article describes SEP sesam integration with Hewlett Packard Enterprise (HPE) StoreOnce Catalyst storage system. It explains StoreOnce configuration, which is not part of SEP sesam. For detailed information on HPE StoreOnce, refer to HPE documentation.
The Hewlett Packard Enterprise (HPE) StoreOnce backup appliance allows to configure multiple Catalyst stores to be used as backup storage. HPE StoreOnce fully controls backup data and enables efficient encryption, recovery, deduplication, and replication. SEP sesam uses HPE StoreOnce Catalyst Library which implements the StoreOnce Catalyst client API. This API provides the remote procedure call (RPC-based interface) that allows SEP sesam to interact with the StoreOnce appliance.
With SEP sesam v. 4.4.3 Beefalo V2 it is recommended to use HPE Cloud Bank Storage (HPE StoreOnce v. ≥ 4.1) as a Catalyst copy target where you can replicate or restore your data instead of regular Catalyst stores. It cannot be used as a backup target due to its limited object size.
You can create a Cloud Bank store in a similar manner to Catalyst store, as described in Creating HPE StoreOnce Cloud Bank store.
Protecting data from ransomware with data immutability
HPE StoreOnce also provides efficient protection against ransomware through the data immutability feature. This means that during the defined period of data immutability, the stored data cannot be encrypted, modified in any way, or deleted, even in the event of a ransomware attack. Organisations can use immutable backups to restore their data to a state that is still intact and unaffected by the malware. This option can be used as additional protection for your data and specified when creating a Catalyst store. For details, see the section Creating HPE StoreOnce Catalyst store (step 3).
StoreOnce Catalyst concept and terminology
HPE StoreOnce provides bandwidth-efficient backup and restore over LAN, WAN, and Fibre Channel. It provides the flexibility to use different deduplication modes depending on the environment and performance (see the Catalyst data deduplication modes section). Encryption is defined on the Catalyst store side individually for each Catalyst store; note that once encryption is enabled, it cannot be disabled.
HPE uses the following terminology related to StoreOnce Catalyst:
- StoreOnce Catalyst: StoreOnce interface name.
- StoreOnce Catalyst store: Device type where the backups are stored on the StoreOnce appliance.
- StoreOnce Catalyst clients: The applications which connect by using the StoreOnce Catalyst interface.
- StoreOnce Catalyst items: The backup items stored in the Catalyst stores on the StoreOnce appliances.
- Data job: Any backup or restore.
- Copy job: Actual copy of the data, not mirror image. The backup application specifies outbound copy job as source store and inbound copy job as destination store. Once copied, the outbound and inbound copy jobs are independent of each other. This means that each copy job can be deleted, moved, or added to/from the backup application.
- Transfer policies: By selecting Low Bandwidth or High Bandwidth (HBW) it is defined how the backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs. See section Catalyst data deduplication modes.
- Physical data size quota: Maximum amount of data that can be written to the store after deduplication.
- Logical data size quota: Maximum amount of data that can be written to the store before deduplication.
- Data immutability period: Also named StoreOnce retention period. During the specified period, the data on store remains protected for the amount of time defined by immutability period even if the SEP sesam EOL (retention time) has already expired.
Catalyst data deduplication modes
StoreOnce Catalyst provides the flexibility of performing deduplication at backup server, target, or application source, depending on your environment and performance requirements. Catalyst stores can be configured individually for specific deduplication mode in the Advanced Settings by selecting the appropriate bandwidth type for Transfer Policies. By specifying the transfer policy mode you define how the backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs.
Source-side/server-side deduplication (HPE: Backup Server Deduplication)
The HPE StoreOnce Catalyst agent deduplicates data on the source side within the backup server, i.e. the backup server or RDS deduplicated before transferring it to StoreOnce. For this, the Primary Transfer Policy must be set to Low Bandwidth (is the bandwidth-optimized mode). This option is recommended for most use cases as it reduces the network load and improves backup performance.
Target-side deduplication (HPE: Target Deduplication)
Target deduplication runs deduplication processing at the backup target, after the data is transported to HPE StoreOnce. For this, the Catalyst store must be in the performance-optimized mode by setting the Primary Transfer Policy to High Bandwidth. This option is recommended when there is a need to reduce the disk space required for backup data.
Application-side deduplication (HPE: Application Source Deduplication)
Software-based source-side deduplication uses the SEP sesam Client (without RDS) to perform the deduplication process and writes the deduplicated data directly to HPE StoreOnce, without using the Media Server. As of v. 4.4.3 Beefalo V2, you can use the application-side deduplication by selecting the HPE StoreOnce Bandwidth Optimized Data Transfer option in the properties of the HPE StoreOnce backup event; for details, see Option HPE StoreOnce Bandwidth Optimized Data Transfer. By selecting this option, redundant data is removed before it is transmitted to the backup target (only the changed blocks are transferred) thus optimizing bandwidth utilization. Application-side deduplication requires at least one transfer policy to be set to Low Bandwidth.
Keep the following in mind when using this option:
- Configuring SESAM_DRIVE and SESAM_TAPESERVER for SAP Oracle backups
To send the data straight from the SAP Oracle client to the HPE Catalyst Store, a local STPD connection must be established. In the SAP UTIL_FILE or in the RMAN script, the SESAM_DRIVE parameter must be set to the HPE Catalyst Store to define the connection to the HPE system and the SESAM_TAPESERVER parameter must be specified with the name of the SAP client (as it is configured in the SEP sesam GUI):
SESAM_DRIVE=SMS:DS@+SO@ix2-store-once-1 where the value after the second @ is <DB:data_stores.name> SESAM_TAPESERVER=sapcertsles11.sep.de where the name is the hostname of the SAP client as specified in the SEP sesam GUI
|For Oracle RMAN, these parameters can be set in the RMAN script directly or by using sbc_rman -d and -S switch. For details, see Backing up the Oracle database.|
To ensure error-free operation of SEP sesam and improve performance, make sure that the following conditions are met:
- HPE StoreOnce VSA license and additional licenses, e.g., Cloud Storage, Cloud Archive, Security license, etc. For details, see section StoreOnce VSA licensing.
- The Catalyst library is required to access the HPE StoreOnce Catalyst store.
- SEP sesam Server v. 4.4.3 Beefalo or higher. Check Hardware requirements for SEP sesam Client, SEP sesam Server or RDS.
- If you want to perform HPE source-side deduplication (on Linux or Windows), you have to configure RDS on the client. For details, see How to create a Remote Device Server (RDS).
HPE StoreOnce connections
The following (TCP) ports are used to allow the StoreOnce Catalyst traffic to pass to and from the SEP sesam Server:
- 9387 -> command session port number the server will listen on by default
- 9388 -> data session port number the server will listen on by default
Minimum supported version of HPE system
The following list shows the minimum supported versions of HPE system Gen3 and Gen4 Storeonce platform. SEP sesam cannot assure support for releases older than the minimum supported version.
Perform the following steps to use the HPE StoreOnce Catalyst store as a storage library. You can connect SEP sesam Server to the HPE StoreOnce Catalyst over Ethernet or over Fibre Channel; in the latter case, use StoreOnce Management Console to set up the backup and restore connections between the ports on the StoreOnce System and the ports on the client servers (see step 2 of the procedure).
|HPE StoreOnce specialists provide recommendations and notes which should be considered when configuring Catalysts stores.|
- HPE StoreOnce Catalyst store requires at least 2-6 hours per day for housekeeping (without read and write actions ). The process starts automatically if no read/write actions are running and cannot be scheduled.
- To have the most optimal deduplication ratio, it is recommended to create dedicated Catalysts stores for Linux/Unix data, Windows data, and VMs. Additionally, if databases occupy a lot of your storage space, create a dedicated Catalyst store for databases, too.
- With SEP sesam, every HPE StoreOnce Catalyst store is a SEP sesam data store with its own pool.
Creating HPE StoreOnce Catalyst store
- In the StoreOnce menu -> Data Services -> Catalyst Stores, click Create Store option at the top right corner. The Create Store window opens.
- Enter the name of your Catalyst store. The exact name (case sensitive) is required to add the Catalyst store to SEP sesam environment later, so write it down. Use underscores (_) or dashes (-) instead of spaces.
- Optionally, under the Security Settings, set the following options.
- Store Encryption: If the proper license was applied, you can enable StoreOnce encryption. This built-in encryption of the Catalyst store can only be activated individually for each Catalyst store during its setup. Once encryption is enabled, it can no longer be disabled.
- If you want to use encryption, SEP recommends to use StoreOnce encryption instead of SEP sesam built-in Task encryption, as the backup data cannot be deduplicated when SEP sesam encryption is enabled.
- If you have enabled StoreOnce encryption, save your keystore information in a file that can be retrieved later. For details, see Saving Encryption Key Store for HPE StoreOnce Catalyst.
- Data Immutability (retention) period for your data jobs and inbound/outbound copy jobs. This option can be used as additional protection for your data as you set up the retention policy when configuring SEP sesam. If set, the data will be protected for the defined period of time, even if the SEP sesam EOL has expired. If the SEP sesam EOL is longer than StoreOnce data immutability period, the data is protected as defined by SEP sesam EOL.
- Under the Advanced Settings, set the primary (default) and secondary transfer policy. Depending on your environment, you can select low (LBW) or high bandwidth (HBW) for each transfer policy. Note that the selected mode for the primary and secondary policy affects how the backup data is transferred between SEP sesam and HPE Catalyst store and where the deduplication process occurs (see section Catalyst data deduplication modes). SEP sesam uses the primary (default) transfer policy for data transfer between the Remote Device Server and the HPE Catalyst store. The secondary transfer policy can be used for reaching a secondary StoreOnce appliance with the replication.
Tip As of v. 4.4.3 Beefalo V2, you can use the application-side deduplication by setting the HPE StoreOnce Bandwidth Optimized Data Transfer option in the SEP sesam GUI. To use this option, at least one transfer policy must be set to Low Bandwidth. For details on where to set this option, see HPE StoreOnce Backup: Option HPE StoreOnce Bandwidth Optimized Data Transfer.
- STORAGE QUOTAS
You can also define the physical and logical data size quota for each Catalyst store. By setting the quota, you can distribute the physical capacity of the StoreOnce system among different users and effectively determine how much storage space on the HPE StoreOnce backup system can be used by a particular user. Applications with a better deduplication ratio can store more data.
- Physical Storage Quota sets the maximum amount of data that can be written to the store after deduplication. When the threshold level is reached, the backup jobs can no longer write new data.
- Logical Storage Quota sets the maximum amount of data that can be written to the store before deduplication.
Tip Normally the HPE StoreOnce is used for more than one HPE Catalyst Store. For this multi-store approach, SEP recommends to set Physical Storage Quotas. Note
- When quota limits are set and the quota limit is reached, backups will fail to prevent the quota from being exceeded. Restores are still allowed, but all new backups will fail. To solve this issue, increase the quota to the sufficient size.
- As of Beefalo V2, the SEP sesam data store Disk space usage option for HPE StoreOnce Catalyst Store supports Catalyst Store Physical Storage Quota and Logical Storage Quota. You can check the HPE StoreOnce storage quotas and the overall HPE StoreOnce storage sizes in SEP sesam GUI: Main selection -> Components -> Data Stores, double-click your StoreOnce store and then click the HPE Catalyst Store State tab. For details, see Configuring HPE StoreOnce data store in SEP sesam.
- Once your Catalyst store is created, configure the Client Access permission for this store:
Click Add Client and specify a user name and password. Catalyst Client Name is the user name.
Note that this does not have to be the name of the backup server, you can choose whatever name you wish. Write down these credentials to create the store in SEP sesam later on. You can also change the Client Access permission later by using the Permissions tab of the already configured Catalyst store.
Click Create to create your first Catalyst store. Then repeat the procedure to create additional Catalyst stores.
You can use StoreOnce Catalyst over Fibre Channel or over Ethernet. As stated in the HPE StoreOnce documentation, both connections function in the same way and supported backup applications do not perceive a difference. However, if you intend to use HPE StoreOnce Catalyst over Fibre Channel, you have to perform some additional configuration, as described in the next step.
Setting up Fibre Channel for StoreOnce Catalyst store
|As stated in the HPE StoreOnce documentation, the Fibre Channel settings are only relevant to certain StoreOnce models and are only available if the StoreOnce system supports Fibre Channel.|
Consider the following when using StoreOnce Catalyst over Fibre Channel (CoFC):
- Backups are supported on StoreOnce Catalyst over a Fibre Channel interface and over Ethernet networks.
- StoreOnce System to StoreOnce System connectivity through optimized StoreOnce Catalyst copy jobs is supported over both Ethernet and Fibre Channel.
- Administrator privileges are required to run StoreOnce Catalyst over Fibre Channel to access OS-specific device files associated with StoreOnce Catalyst over Fibre Channel devices.
- Non-optimal Fibre Channel SAN zoning can lead to a lack of Fibre Channel connectivity. The storage administrator must ensure that network segregation, such as zoning, is set up correctly as recommended by HPE.
- Check the HPE StoreOnce Support Matrix for compatibility at https://www.hpe.com/Storage/StoreOnceSupportMatrix (login required).
StoreOnce Catalyst over Fibre Channel zoning considerations
The following zoning considerations are recommended by HPE:
- StoreOnce Fibre Channel World Wide Names (WWN) are found in the StoreOnce Management Console -> Catalyst Settings- > Fibre Channel. Each StoreOnce port presents one CoFC WWN.
- Zone the SEP sesam Server or every Remote Device Server with at least two Fibre Channel ports and at least two StoreOnce node Fibre Channel ports across different Fibre Channel cards. Ideally, they are also zoned across different SAN fabrics. Multiple connections allow for higher availability.
- If a connection is broken, StoreOnce Catalyst over Fibre Channel will automatically attempt to connect on a different path without aborting the backup. The backup will fail only if no paths are available from the SEP sesam Server/Remote Device Server or to the StoreOnce. Zone StoreOnce Catalyst Copy over Fibre Channel source and destination copy devices the same way.
- StoreOnce Catalyst Copy over Fibre Channel is a two-way protocol. Zone the source Initiator WWN with the destination target WWN, and zone the destination Initiator WWN with the source target WWN. The source and destination must be able to communicate with each other over Fibre Channel.
- Use small Fibre Channel zones limiting the number of Fibre Channel ports in each zone.
- StoreOnce Catalyst over Fibre Channel does not use or rely on any external multipath drivers. Connections are balanced using StoreOnce Catalyst over Fibre Channel internal algorithms. Catalyst over Fibre Channel ignores installed multipath drivers.
Fibre Channel configuration
- In the StoreOnce GUI, go to HPE StoreOnce -> StoreOnce Catalyst -> Fibre Channel settings tab and locate the Identifier at the top of the Configuration window. This is the CoFC identifier that is used as data address to access the Catalyst store over Fibre Channel and must be provided to SEP sesam during the creation of a new store. It is in the format COFC-<device-id>, e.g., COFC-1JB6Q36FMNR4JG0X.
- Make sure Devices per Initiator Port is configured properly.
Check the Number of Logins and Number of Devices per Login for each port. These values determine the number of concurrent backup/restore and copy connections allowed on each Fibre Channel port on the HPE StoreOnce system.
- The Number of Logins does not relate to how many total sessions can be established over a StoreOnce port; it defines the number of client-side ports that are zoned to connect to that port.
- Devices per Initiator Port determines the number of backup and restore connections that are allowed from each SEP sesam Server Fibre Channel port to the ports on the StoreOnce system. It is recommended to increase this value according to your needs. Note that when increasing the value, you must run a device file rescan on the client for the change to be recognized. StoreOnce Catalyst over Fibre Channel presents a device type of Processor. In Windows Device Manager, these devices are shown as Other Devices. After zoning the devices or changing the number of Devices per Initiator Port, right-click Other Devices and then select Scan for hardware changes to detect the new devices.