Physical Backup Media. Virtual Backup Media.
New Media Technologies. Software Architectures—CommVault. Software Architectures—NetBackup. Application Backup Strategies. Monitoring and Reporting. The physical infrastructure is common to all tenants, but each network device routers, switches, firewalls, and so forth is virtualized such that each tenant's virtual network container is overlaid on the common physical network. The various tenant container models that are available, validated, and supported in the Virtual Services Architecture 1.
Figure provides an overview of these tenant container models. For this project, the Bronze container model was used at the CSP site to provide tenancy to the Enterprise customer. Figure illustrates the details of the Bronze container model. Combining industry-leading performance and scalability, the UCS C directly targets environments deploying any software-defined and distributed storage environments.
The rack server offers the highest levels of drive density. The system is targeted at the service provider, storage server, and big data markets. The chassis can accommodate 1 or 2 Network IO Modules, 1 or 2 server modules, 56 3. One of the server slots can be used by a storage expansion module for an additional 4 3. The server modules can also accommodate 2 SSDs for internal storage dedicated to that module. SAS expanders are configurable to assign the 3. C is an accelerated, TTM-driven program. The BaaS Sizing Guidelines can be leveraged in a highly repeatable fashion as capacity and performance thresholds are achieved within an environment.
The initial and predicted growth of the use case and service will dictate which scale model to use to meet capacity and demand. The BaaS Sizing Guidelines offerings are segmented into three types depending on projected size of capacity i. Small—TB 2. Medium—TB 3. Commvault Architecture and design guidelines represent current Commvault views on this topic as of the date of publication and is subject to change at any time without notice. Commvault Multi-Tenancy This section will describe how Commvault achieves secure multi-tenancy within a single CommCell environment. Simply put, Commvault defines multi-tenancy as the secure separation and management of shared resources between defined entities.
The following sections detail Simpana multi-tenancy features specific for CSPs. For example some tenants may require having dedicated data movers known as MediaAgents or storage, whereas other tenants it may be perfectly acceptable to utilize a shared environment. Simpana CommServe can manage any of the examples referenced above within a single CommServe.
Symantec Backup Exec Blueprints
Service providers will only have to install multiple CommServes if the tenant requires a completely physically isolated data management instance or has to manage more than 20, clients. Managing individual user permissions may be acceptable for some individual enterprises.
However, at the service provider level this would quickly become unmanageable. Typical roles restrict functional tasks such as backup and restore including locations , as well as who can access report or delete protected data. Agents are modules installed on clients to protect a specific type of data such as the file system, database, or application. This provides secure authentication and agent identification to prevent possible data breaches through spoofing. It does this by using more common username-password agent authentication techniques by competitive solutions.
Client Computer Groups The power of Client Computer Groups provides the service provider administrator the flexibility to group resources by a multitude of parameters. Groups can be automatically updated as new or existing clients meet the designated criteria known as Smart Client Computer Groups. Policies Managing your data management environment at the individual user or single tenant level would quickly become unmanageable, therefore using a policy-based approach is critical for scaling.
The power of Storage Policies can group or segment data in a public or private categories, which provides flexibility depending on Service Offering defined to tenants. Through the use of Storage Policies some tenants can share a storage target to optimize service cost, whereas some tenants may have a dedicated data target per tenant for privacy requirements.
Get PDF Commvault Simpana 10 - Module Ten - Job Scheduling and Backup Window Optimisation
Schedule Policy Maximizing resource utilization is important to service providers and Commvault can intelligently schedule jobs to keep resource at top utilization to achieve data protection goals. Commvault provides the ability to set the timing of a job to start, which in most cases is a data protection job such as backup or archiving.
Schedule policies provide the facility for service providers to offer that option to their tenants, which can be a service uplift ie.
- Kemetic Diet: Ancient African Wisdom for Health of Mind, Body and Spirit;
- The Random Book of… Andrew;
- Dissipative Solitons in Reaction Diffusion Systems: Mechanisms, Dynamics, Interaction: 70 (Springer Series in Synergetics);
- Tandemworld eNewsletter for Jan ?
- #3 “It’s the Messianics, Stupid”: Papa Likes Her Like That -- Hes HOT for His Israeli Wife (Mystery-Bred Manna).
Data Mover a. The Storage Policies direct the Media Agent to which storage target should be used per job, which can be shared among many tenants or dedicated to a single tenant. To provide the service provider with the highest level granularity and flexibility, Media Agents can have multiple Storage Polices running simultaneously with almost any variety of configurations. The service provider can satisfy private requirements and drive up hardware utilization. This protects against a variety of networking attacks such as spoofing. Firewalls Firewalls provide security by blocking unauthorized access to networked computing and communications resources.
Internet Protocol IP ports are configured in firewalls, permitting specific kinds of information to flow to and from opened IP address:port combinations, in specific directions in, out or both.
Firewall functionality is most often provided by either a stand-alone network appliance, or firewall software running on a general-purpose computer. This firewall feature provides the ability offer multiple network configurations per CommCell instance. CommCell components separated by a firewall must be configured to reach each other through the firewall using connection routes.
Once configured, they can communicate to perform data management operations like backup, browse, and restore. Typically, this IP address belongs to a firewall or gateway that works as a NAT device for connections from the internal network to the outside. In scenarios like this, you can establish port forwarding at the gateway to forward connections coming in to specific ports to machines on the internal network that are mapped to those ports.
This creates a custom route from the client towards the internal servers. Figure shows a client connecting to the CommServe and MediaAgent computer through a port-forwarding gateway setup. The proxy, which is the agent running in the perimeter network authenticates, encrypts, and proxies accepted tunnel connections to connect the clients operating outside to clients operating inside.
With this setup, firewalls can be configured to disallow straight connections between inside and outside networks. Figure shows a perimeter network setup where a client from outside communicates to the CommServe and MediaAgent operating in an internal network through the Simpana proxy. If you are a roaming user who travels frequently, you might operate the software in this scenario. Proxy Proxies are an important component of service providers network security configuration to reduce the number of ports opened and provide secure data transfer between service provider and tenant.
Encryption For a networking perspective, data can be encrypted from end-to-end from at the source as well as in-transit. For more information regarding Commvault encryption configuration options refer to Books Online. For example, a tenant could run a capacity report, however the report view would be limited to resources assigned to that tenant. Assigning and grouping tenant resources can be accomplished in many ways and for more information refer to the user management section of this report.
Service providers can assign permissions at a report level basis. For example, a service provider could have a whole portfolio of reports and only publish certain reports subscribed to by tenants or even users. Commvault has a service to build custom reports that are multi-tenant enabled through the Personalization Service. For more information on the Personalization Service refer to Books Online. CommCell Console — Advanced administration — Advanced recovery requirements 2.
Throughout the document there have been several discussions of security related topics. For example, a tenant has been assigned Client Owner permissions to a server where the tenant would have administrative like privileges which would be limited in scope to that server. Enabling Privacy Some tenant may require additional security and assurances their privacy is being appropriately controlled in a multi-tenant environment.
For more information on Enabling Privacy refer to Books Online. Data Level Security As described in the Clients section under Management Server , the CommServe generates an SSL certificate when new clients join the environment to provide an extra level of security ensuring no spoofing or rogue access to data. The Commvault Simpana Storage Policies act as a channel for backup and restore operations. Its chief function is to map data from its original location to a physical media, in one or more locations.
The other function it servers is to determines how long the data will be retained at each given location. There are three different types of Storage Policy Copies. Primary Copy—First copy Simpana receives from the client. Snap Copy—Snapshot that still resides on the disk subsystem. There are two different types of Secondary Copies: 1. Selective Copy—Allows for a specific full backup job to be copied from a source copy either the Primary or another Synchronous Copy to another target copy. It is the Secondary Copies that allow Commvault Simpana to distribute data to multiple locations logically or physically.
Any MediaAgents that have connectivity between each other can pass copies between themselves.
Ask a Question
Commvault Deduplication Commvault Simpana Deduplication provides an efficient method to transmit and store data by identifying and eliminating duplicate blocks of data during backups. All data types from Windows, Linux, UNIX operating systems and multiple platforms can be deduplicated when data is copied to secondary storage.
Deduplication allows the optimizes use of storage media by eliminating duplicate blocks of data and reduces network traffic by sending only unique data during backup operations. Deduplication works as follows: 1. A block of data is read from the source and a signature for the block of data is generated using hash algorithm. Signatures are unique for each data block. The signature is compared against a database of existing signatures for data blocks that are already on the destination storage. If the signature already exists, the DDB records that an existing data block is used again on the destination storage.
The associated MediaAgent writes the index information and the duplicate data block is discarded.