PowerProtect Data Manager 19.9 – Revolutionary Protection for VMware

Introduction

In Casino Royale, Vesper Lynd says to James Bond, “There are dinner jackets and dinner jackets; this is the latter”. In the spirit of Bond, there are updates and there are updates. This version 19.9 update to PowerProtect Data Manager is most definitely the latter.

I’ve been hearing the buzz about what’s been coming in Data Manager 19.9 for some time. It’s like knowing a really great spoiler for a TV show – you’re not allowed to say anything, but you’d love nothing more than to run around telling everyone. I’ve behaved myself, but it’s been a struggle!

There are two huge updates in Data Manager 19.9. That’s not to say they are the only updates, but there are two that will make a significant difference for a modern business. The first, as you may have guessed from the blog title, concerns VMware. But I’ll get to it and the second in a while.

First, let’s look at some of the other new features. (To keep things brief I’ll focus just on new features – there are just as many changed features as there are new, but for those, I’ll suggest going to the release notes, which I’ll link to at the end of this article.)

Application Agent Changes

First off, there are a bunch of new options for application agents, including:

• The Jobs manager now allows you to cancel running jobs.
• Asset sources can now be deleted.
• You can specify a custom lockbox location when using the Microsoft application agent.
• If an asset has been configured for centralised backups, you can specify a different retention time when you run a self-service backup.
• The Linux filesystem agent supports BTRFS.
• Block-based backups for RHEL 8, 8.1 and 8.2 systems are supported with SELinux configured.
• Hierarchical view of SQL assets now available in the UI – this allows you to drill down through hosts, instances, AAGs and database assets.
• Enhanced Oracle database discovery process – this allows Data Manager to discover Oracle databases based on pmon entries rather than relying solely on /etc/oratab contents.
• Advanced settings for Oracle database backups are available within the Data Manager UI, including: Files Per Set, Maximum Open Files, Block Size and Section Size.
• Oracle RMAN backups are now supported on AIX.

Compatibility Changes

Okta. It’s pretty cool, isn’t it? Well with Data Manager 19.9, you’ve now got Okta integration via their Open ID Connect (OIDC). So that means you can use Okta with Data Manager for universal authentication with single sign-on and multi-factor authentication.

If you’re protecting OpenShift, Data Manager now deploys Velero using the RedHat OpenShift API for Data Protection (OADP) for those assets.

Finally, if you’re using Data Manager to protect Kubernetes, it can now use structured custom resource definitions (CRDs) for enhanced security.

Disaster Recovery

There are two key changes relating to disaster recovery – these are:

• Cloud DR – If you’re using Cloud Disaster Recovery with Data Manager, it can now fully support private networks, removing all historical requirement for public network access.
• DDBoost – Disaster recovery backups for the server can now be configured using DDBoost. In previous versions, Data Manager used NFS to connect to a Data Domain/PowerProtect DD appliance, which resulted in a bit of manual configuration that you’d have to remember to repeat if you were adding a search node. By using DDBoost, Data Manager takes care of all of that configuration for you.

Maintenance

Updating PowerProtect Data Manager has always been easy, and it keeps getting easier. In this latest version, there’s a new interface area added for handling software updates, and it can connect via SupportAssist to automatically download updates as they become available.

There’s also now a customer feedback button – I know it may not seem like a lot, but you can use it to report directly back to teams responsible for Data Manager what you think.

Protection Enhancements

It’s in the enhancements to protection options that we get the HUGE changes in Data Manager, but I still want to go through the other changes first. (I’m still saving the best to last.)

So let’s look at the smaller changes, first:

• Virtual machine restores – You can now change virtual machine networking settings on restore. This includes options to change the virtual network the VM is attached to, or whether the virtual NIC is initially connected when powered on.
• Google Cloud VMware Engine – Regardless of whether it’s been deployed on-premises or within the cloud, Data Manager can now protect virtual machines running in the Google Cloud VMware Engine (GCVE).
• Azure Deployment – Data Domain Virtual Edition can be configured at the same time as Data Manager during an Azure deployment.
• Compressed Restores – The VM direct engine now supports compressed restores, which can deliver a substantial boost to recoveries. Yes, you’ll use a bit more CPU on the PowerProtect DD system and the recovery host, but the data will get across the wire faster.

As I said, the big enhancements are in protection, but I’ll come back to them when I get to the end of the other enhancements.

Security Enhancements

Here are three new security enhancements (on top of the Okta integration and Kubernetes security enhancements I previously mentioned):

• If you replace the default self-signed certificates, 19.9 (and later) agents can automatically retrieve the security certificates at registration.
• Encryption over the wire is supported for backup and restore operations – this covers all file system backups, Microsoft Exchange, Microsoft SQL, Oracle RMAN, NAS and SAP HANA.
• There are new roles in the system: Security Administrator, Backup Administrator and Restore Administrator. These are built around the principle of least privilege.

User Interface

I’m really loving the way the Data Manager interface is evolving. While I was playing around with version 19.9 in my lab I couldn’t help dragging my husband over multiple times to say “Look at this! It’s beautiful!” In the user interface, we see the following changes:

• Grouping for job monitoring – when viewing policy job details, you can turn on grouping by a variety of scenarios. SQL/Exchange, Oracle, Filesystems, SAP HANA, Kubernetes, NAS and VMware all support grouping options. These sum up all the details for the group, making it easy to see roll-up information when viewing the details of a policy. Underneath these bullet points you’ll see an example of options for VMware grouping.
• Centralised restore tracking now goes to the asset level.
• Improvements on notification, log, alert and error messages – All of these have been revamped to provide informative consistent and easy to understand information.

Here’s the grouping option:

The Big New Features

As I said earlier, there are two big new features with PowerProtect Data Manager 19.9.

NAS

Data Manager 19.9 introduces next-generation NAS support. The NDMP protocol is very old these days – it hasn’t been updated for over a decade, and SNIA seems to only hold/publish the protocol as a courtesy. In short, NDMP was good while it lasted, but it’s time to find better ways of doing things.

Data Manager now includes a NAS proxy, which is a lightweight containerized virtual machine you can automatically deploy for the protection of NAS shares. It can automatically detect shares on Unity, PowerScale, and PowerStore appliances, and you can define shares via NFS or CIFS for any other NAS appliance.

It’s faster and more streamlined than NDMP-based protection, doesn’t require a fundamental understanding within the product for each individual appliance type, and you get independence from individual appliances for recovery.

Data Manager doesn’t just do a basic read of the shares you designate for backup, though. It performs automatic slicing to deliver high-speed, multi-streamed backups for optimised throughput. Here’s a snippet from the NAS client guide:

PowerProtect Data Manager divides NAS assets into slices by using threshold values. The threshold slice size is 200 GB or a count of one million files, with a tolerance of up to 30%. To avoid creating nonoptimized slices, the tolerance allows PowerProtect Data Manager to deviate from the threshold value and keep data together. For example, a single 260 GB folder is still within the 30% tolerance value and would be considered one slice. Empty placeholder slices help protect the asset layout structure.

Each slice uses one stream. Protection engine parameters … provides information about the relationship between streams and NAS protection engines. When calculating the number of NAS protection engines, allow up to 120% to 150% of the estimated slice count for overhead such as placeholder slices.

Dell EMC PowerProtect Data Manager for Network Attached Storage v19.9 User Guide

What that means is that as the size of your NAS share(s) grows, Data Manager will auto-slice the backups to deliver high-speed backups. You don’t have to do anything to make this happen – it just does it for you, out of the box. And that’s where you get the performance from. Think of it as an evolved version of NetWorker’s Dynamic Parallel Save Streams – but this version has been working out.

VMware Transparent Snapshots

Do you have VMware within your environment? If you do, you need to:

• Start planning when you’re going to upgrade to, or deploy Data Manager 19.9
• Start planning when you’re going to upgrade to vSphere 7.0U3

This isn’t just an upgrade, this is a ground-breaking change. Data Manager 19.9 introduces transparent snapshots, moving away from traditional VMware VADP interfaces. That means no more proxies. None. Zip. Nada. Instead, with compatible VMware environments (see above point about vSphere), a tiny snapshot data mover is installed into the ESX servers directly. And that data mover has the Data Domain Boost API built right into it.

No proxies alone would be enough to make it impressive, but the no-proxy part is just the “nice to have” feature. No, the real crux of it is that this practically eliminates VM stun as a risk within the backup environment. (I say “practically” because we can always theoretically pretend someone has a VM that does ten bazillion IOs per nanosecond that might cause problems.) As the documentation says: “Near zero latency impact to your virtual machines during snapshot creation”.

The transparent snapshot engine completely rewrites how virtual machines are handled for backup purposes. VM stun, as you may know, is the term used to describe potential pauses with a busy virtual machine during the snapshot process – and that snapshot process is necessary in a VADP-style backup. But Transparent Snapshots don’t work that way, hence why it’s practically eliminated. What’s more: it’s typically 5x faster than VADP-style backups.

The architecture for transparent snapshots has been thoroughly documented already by Dell experts in a whitepaper. Rather than try to explain it myself, I’d really recommend you read the whitepaper – while downloading the vSphere and Data Manager upgrade packages. You can access the whitepaper here.

If you think this is an incremental change, you’re very, very mistaken. This is the moment where your virtualisation/infrastructure team starts asking you when you can start protecting with Data Manager.

Wrapping Up

PowerProtect Data Manager hasn’t just had an update, it’s had an Update with a capital-U. The addition of next-generation NAS protection and VMware transparent snapshots gives you truly game-changing data protection functionality within your environment, and I’d strongly encourage you to update it as soon as possible. (And don’t forget: if you’ve not deployed it yet, you can download and deploy without a license for a 90 day evaluation period.)

Here are some key links for Data Manager 19.9 to get you started:

• Support Product Homepage
• Downloads
• Documentation
  • 19.9 Documentation Portfolio
  • 19.9 Release Notes
  • 19.9 NAS User Guide
  • 19.9 Virtual Machine Protection Quick Start
• Transparent snapshots intro video

This is not a version you want to miss.