OST Plug-in Configuration

Overview

Veritas OST (Open Storage) allows NetBackup and Backup Exec to seamlessly integrate with a DXi disk backup system (DXi V-Series, DXi4700, DXi4800, DXi6702, DXi690x, DXi9000, and DXi T10). Once installed and configured, NetBackup or Backup Exec can manage the backups through the DXi and take advantage of the system’s capabilities such as data deduplication and replication.

You can enable the OST WORM (Write Once, Read Many) feature in both newly created and existing OST LSUs (Logical Storage Units). This DXi capability safeguards all data on WORM-enabled LSUs from being encrypted, modified, or deleted within a user-configured timeframe.

You can enable this feature using either:

OST Targeted AIR requires all of the following:

  • NetBackup 7.6 or later
  • OST Plugin version 10.1.0 or later
  • and DXi SW version 4.1 or later
  • An updated external mappings file

See OST Plug-in Installation for more information.

Additional Information

Installing and configuring the DXi and OST for operation consists of the following major steps. See the following sections and linked topics for detailed instructions for completing each step:

Before you can configure the DXi with OST, you must download and install the OST Plug-in and install it on the media server. See OST Plug-in Installation.

DXi OST Configuration

You must configure the following on the DXi system before you configure NetBackup or Backup Exec.

Note: You can also use the OST Wizard to configure the DXi for OST. To learn more about using the Configuration Wizards, refer to Configuration Wizards in the DXi User's Guide for your DXi model.

  1. Configure OST Authentication - To authenticate the OST storage servers on a media server, you must create OST user credentials. See Manage Remote Users.

  2. Configure Storage Servers - You must configure storage servers on the DXi remote management console before you configure NetBackup or Backup Exec. See Storage Servers.

  3. Configure Target IP Mapping - This page allows you to associate a data IP address with a replication IP address on a target DXi. This can be necessary if the target DXi is configured with different network interfaces (and therefore different IP addresses) for data and replication traffic. See Target IP Mapping.

NetBackup Media Server OST Configuration

See the Veritas NetBackup System Administrator’s Guide for information about NetBackup installation and basic configuration. Also, see the NetBackup Shared Storage Guide before proceeding further. See the Veritas NetBackup documentation Landing Page for documentation specific to your NetBackup version.

Backup Exec Media Server OST Configuration

Please consult Veritas Services and Operations Readiness Tools (SORT)  for instructions on Backup Exec installation and basic configuration.

Additional OST Configuration

See the Veritas NetBackup System Administrator’s Guide or the Backup Exec User’s Guide for information on creating a backup policy to backup data to an OST disk pool.

Once the backup policies are configured, optimized duplication begins after the backup completes.

OST AIR requires NetBackup 7.1 or later. Targeted AIR requires NBU 7.6 or later. Setting up Automatic Image Replication (AIR) or Targeted AIR requires that you first configure the target (remote) DXi and then the source DXi. In addition, you must create storage lifecycle policies (SLPs) in NetBackup that define when the automatic replication occurs and which backup images are duplicated.

To automatically replicate (duplicate) all data on an LSU to a remote LSU that resides on a DXi in a different NetBackup domain:

  1. On the target system, add the source system to the list of allowed replication sources. See Replication.

  2. On the target system, create a local OST user. See Manage Application Access Users.

    Caution: On the target system, make sure to create a local user on the Configuration > System > Application Access Users page.

  3. On the target system, create a storage server and LSU to receive the replicated OST data. See Adding an LSU.

    Note: Quantum recommends selecting the Available Capacity option when creating an LSU for use with Automatic Image Replication.

  4. On the source system, configure replication to the target system. See Replication.

  5. On the source system, create a remote OST user with the same user name and password that you used in step 2 above. See Create a Remote User for OST AIR.

    Caution: On the source system, make sure to create a remote user on the Configuration > System > Application Access Users page.

    Note: If the target DXi uses different IP addresses for data and replication traffic, you must configure target IP mapping on the source DXi.

  6. On the source system, create a storage server and LSU, and enable the LSU for Automatic Image Replication.

    For Remote Storage Server and Remote LSU, make sure to specify the storage server and LSU created in step 3 above. Also, for Remote User, make sure to select the remote user created in step 5 above.

  7. Register and configure the storage servers in NetBackup. See Storage Servers. Also, create disk pools in NetBackup and make sure the Replication property on the disk pool is updated. See Replication.

    If the disk pool is the source, the Replication property of the disk pool should be source. If the disk pool is the target on the remote NetBackup media server, then the Replication property should be target.

    Note: A disk pool can be a target and also a source to another remote NetBackup media server. Make sure that the Replication property on the disk pool is updated before creating the storage lifecyle policies (SLPs).

  8. Configure storage lifecycle policies in NetBackup to control when automatic replication of the LSU occurs (see the Veritas NetBackup Administrator's Guide).

1

Configure target DXi:

  • Add allowed replication source.
  • Create local OST user.
  • Create storage server and LSU.
2

Configure the source DXi:

  • Specify replication target.
  • Create remote OST user.
  • Create storage server and LSU with AIR enabled.
3 Create storage lifecycle policies (SLPs) on the NetBackup server in each domain to control when duplication occurs and images are imported.

Create a Remote User for OST AIR

Add a remote user to create OST user credentials for use with OST AIR. When you enable Automatic Image Replication for an LSU, you specify a remote user. The remote user credentials on the source DXi must match the local user credentials on the target (remote) DXi.

To add a remote user:

  1. Log on to the DXi remote management console.

  2. Navigate to the Configuration > OST > Manage Remote Users page.

  3. Click Add.

  4. Enter information about the remote user:

    User name Enter the name of the remote user.
    New Password Enter the password for the remote user.
    Confirm New Password Enter the password again to confirm it.
    Description (Optional) Enter a brief description of the remote user.
  5. Click Apply.

The OST path to tape (Direct to Tape) option allows you to copy OST LSUs to a physical tape library using NetBackup.

Note: This procedure assumes that you have physically connected the DXi and the target library using Fibre Channel either directly or through a Fibre Channel SAN. If you are connecting the devices using a SAN, you must perform the appropriate Fibre Channel switch zoning. You must also appropriately map the library device LUNs on the library side to correctly present them to the DXi.

Configuring OST path to tape consists of the following major steps. See the following subsections for detailed instructions for completing each step:

The following DXi systems support OST path to tape:

  • DXi4700 - Multi-Protocol (MP) configuration
  • DXi4800 - Multi-Protocol (MP) configuration
  • DXi6701 or DXi6702
  • DXi690x
  • DXi9000
  • DXi T10

The following steps must be completed before setting up NetBackup OST path to tape:

  • The NetBackup version running on the media server must be 7.1.x, with all updates applied.
  • The DXi must be installed and configured.
  • Fibre Channel connectivity must be configured.
  • Aliases for the NDMP host (the DXi) must be created on the EMM server.

Create Aliases for the NDMP Host

For optimal path to tape (direct copy) performance, you should create aliases for the NDMP host (the DXi) on the Enterprise Media Manager (EMM) server.

If you create aliases for the DXi, then data is sent directly from the DXi to tape during path to tape (direct copy) operations. If you do not create these aliases, data will be sent from the DXi to the media server, then back to the DXi before it is written to tape, which can cause slower performance.

To create aliases for the NDMP host:

  1. On the EMM server, retrieve a list of all NDMP hosts (DXi systems).

    For Windows, run the following command:

    C:\Program Files\Veritas\NetBackup\bin\admincmd\nbemmcmd -listhosts -machinetype ndmp

    For Linux, Solaris, or AIX, run the following command as root:

    /usr/openv/netbackup/bin/admincmd/nbemmcmd -listhosts -machinetype ndmp

  2. For each host (DXi) returned in Step 1 that will be performing direct copy to tape, retrieve a list of aliases

    For Windows, run the following command:

    C:\Program Files\Veritas\NetBackup\bin\admincmd\nbemmcmd -machinealias -getaliases -machinename <ndmphost> -machinetype ndmp

    For Linux, Solaris, or AIX, run the following command as root:

    /usr/openv/netbackup/bin/admincmd/nbemmcmd -machinealias -getaliases -machinename <ndmphost> -machinetype ndmp

  3. A host (DXi) should have all available aliases: NetBIOS hostname, DNS hostname, and FQDN (fully qualified domain name). If the host (DXi) does not have one or more of these aliases, you should create them. To create an alias for a host (DXi), use the following commands.

    For Windows, run the following command:

    C:\Program Files\Veritas\NetBackup\bin\nbemmcmd -machinealias -machinename <ndmphost> -addalias -alias <alias_name> -machinetype ndmp

    For Linux, Solaris, or AIX, run the following command as root:

    /usr/openv/netbackup/bin/admincmd/nbemmcmd -machinealias -machinename <ndmphost> -addalias -alias <alias_name> -machinetype ndmp

Note: To correct any DNS issues (or simply to be proactive), you can add the entries to the hosts file.

The Physical Device Discovery page allows you to discover and configure attached physical tape libraries and tape drives. After you discover and configure the libraries and drives, you can use them for path to tape data movement.

Note: The DXi4700 Multi-Protocol configuration license allows a maximum of 3 attached path-to-tape devices.

To discover and configure an attached physical tape library and tape drives:

  1. Access the DXi remote management console.

  2. Navigate to the Configuration > PTT > Physical Device Discovery page.

  3. Click Scan to detect attached physical libraries.

    Attached physical libraries display in the list. Select a library in the list to view all of the drives in the library

  4. Make sure the changer and all of its drives are enabled. If necessary, select a changer or drive and click Enable.

To configure direct path to tape from backups made to the DXi:

  1. Access the DXi remote management console and perform the following steps:

    1. Navigate to the Configuration > PTT > Backup Application Specific page.

    2. Click Add.

    3. Specify the Username and New Password that are used by the NetBackup NDMP credentials in order to establish an NDMP connection.

    4. Click Apply.

  2. In NetBackup, under NDMP Credentials, you must create a new NDMP host using the DXi hostname as the name and using the username and password entered in the previous step. The hostname should be resolved by the DNS.

    Note: Using uppercase letters in the hostname is acceptable but will not be preserved after entry. For that reason, Quantum recommends using lowercase letters in the Hostname or IP Address box.

  3. In NetBackup, when running the Configure Storage Devices wizard, the user must select the host and set the NDMP option.

  4. Continue with the remaining configuration steps in the wizard.

    A storage unit is created pointing to the physical tape library.

NetBackup uses NDMP direct copy when you duplicate a backup image. Certain conditions apply to the duplication, explained in this section.

To run a duplication, you can use any of the following methods:

  • The Duplicate option in the Catalog node of the NetBackup Administration Console.
  • NetBackup Vault (see the NetBackup Vault Administrator’s Guide).
  • The bpduplicate command (see the NetBackup Commands Guide).
  • A NetBackup Storage Life-cycle Policy.

Requirements

For NetBackup to use NDMP direct copy when you duplicate an image:

  • As the destination for the duplication, you must designate an NDMP storage unit in a DXi.
  • An NDMP tape drive must be available to mount the target image. The NDMP tape drive must be a physical tape drive in a tape library

If these two requirements are met, NDMP direct copy is enabled. NetBackup copies the image directly to the designated storage unit without using media server I/O or network bandwidth.

Initiate NDMP Direct to Tape with the Administration Console

To initiate a NDMP Direct to Tape with the Administration Console:

  1. In the NetBackup Administration Console, expand NetBackup Management > Catalog.
  2. Set up the search criteria for the image you want to duplicate. Click Search Now.

  3. Right-click the images you want to duplicate and select Duplicate from the shortcut menu.

    Note: You must designate an NDMP storage unit (physical tape library) as the destination for the duplication. Use the Storage Unit box in the Setup Duplication Variables dialog box.

For more information, see the section “Duplicating Backup Images” in the Veritas NetBackup System Administrator’s Guide.

Quantum’s DXi Accent software accelerates backups and reduces network bandwidth requirements by distributing deduplication between the backup server and the DXi.

DXi Accent Availability

DXi Accent is available for the following DXi-Series disk backup systems:

  • DXi V-Series
  • DXi4700
  • DXi4800
  • DXi6701, and DXi6702
  • DXi6802
  • DXi690x
  • DXi8500
  • DXi9000
  • DXi T10

DXi Accent Requirements

To use DXi Accent, all of the following requirements must be met:

  • Firewall port 1062 is open for IP address that is used for data transfer.

  • The media server is running and meets the following requirements:

    Operating System

    One of the following operating systems:

    • Red Hat Enterprise 6, 7, 8
    • SUSE Linux 11, 12, 15

    • Windows 64-bit 2012 or later.
    CPU Greater than 2.2 GHz processor with at least 2 cores (4 cores recommended)
    Memory 2 GB RAM or greater
  • The OST Plug-in is installed on the media server. See OST Plug-in Installation.
  • By default, Accent is disabled on the DXi. See Enable or Disable Accent on the DXi and Media Server.
  • By default, Accent is enabled on the media server when you install the OST Plug-in. See Enable or Disable Accent on the DXi and Media Server.

When all of these requirements are met, Accent will be used for all OST transport between the media server and the DXi. Otherwise, normal OST transport will be used. For information about the maximum number of connections when Accent is enabled, see Maximum Number of Concurrent DXi Accent Jobs.

Note: When DXi Accent is in use, you can monitor Accent performance information in the DXi remote management console, on the Status > Accent page. For more information, see the User’s Guide for your DXi system.

By default, DXi Accent is disabled on the DXi. To use Accent, you must enable it on the DXi.

Note: If Accent is enabled, all media servers that are using the same DXi must have the latest OST plug-in installed.

Select the version of DXi Software installed on the system.

To enable or disable Accent on the DXi:

  1. Access the DXi remote management console.

  2. Navigate to the Configuration > OST > Accent page.

  3. To enable DXi Accent, select the Enable Accent check box.

    Or to disable DXi Accent, clear the Enable Accent check box.

  4. Click Apply.

  5. To enable or disable encryption when sending OST data from the media server to the DXi, select the Change encryption type link or go to the Configuration > System > Security > Data Encryption page.

  6. Select an option in the Encryption drop-down box. Encryption applies to all OST data traffic.

    None OST data is not encrypted.
    Default AES 128 OST data is encrypted using AES 128-bit encryption.
    Default AES 256 OST data is encrypted using AES 256-bit encryption.
    TLS with AES 256

    OST data is encrypted using AES 256-bit encryption with Transport Layer Security (TSL).

    OST Media Server with TLS Encryption

    The certificate and key files installed on the DXi system must match the files on the OST media server. For more information on certificate and key files, see OST Plug-in Installation.

    Additional Information

    • Using 256-bit encryption provides a stronger level of security but may have an impact on system performance in some situations.
    • If TLS with AES 256 is selected, the factory installed certificates are inadequate for security. The factory installed certificates should be considered public domain and are provided only for convenience. You must install new certificates for secure encryption.
    • If encryption is enabled, all other OST data will use TLS with AES 256 encryption.

  7. If you selected the TLS with AES 256 encryption option, install the required certificate and key files on the DXi:

    • Certificate File
    • Private Key File
    • Certificate Authority File
    • Certificate Revocation List

    To install a file, click the Browse button to browse the system and locate the file, and then click Open. Click Install to install the selected file on the DXi.

    Caution: Installing certificate files requires a system reboot immediately after the changes are applied. Wait for at least 15 minutes before logging back in.

    Additional Information

    • You can install new certificate and key files at any time, as long as there are no active network connections between the OST media server and the DXi.
    • To remove all certificate and key files, click Restore Factory Defaults.

  8. Click Apply.

Platforms Supported Maximum Streams Using DXi Accent
DXi9000 768GiB (Veeam) 768
DXi9000 768GiB (non-Veeam) 2000
DXi9000 384GiB 768
DXi9000 192GiB 384
DXi T10 300
DXi4800 50
DXi4800 ISC 300
DXi4801 40
DXi6900-S 768
DXi6900 G1/2(256GB) 256
DXi6900 G1/2 (128GB) 128
DXi4700 Gen2 50

If the connection limit is reached, one or more of the following messages (or similar) is logged in the DXi log in the /var/log/messages directory:

VServer "hybrid-dedupe-no-encrypt" limit reached (limit 100).

VServer "hybrid-dedupe-no-encrypt" connection limit failed due to VServer "hybrid-group".

VServer "hybrid-group" connection limit failed due to VServer "hybrid-remote-group".

VServer "hybrid-remote-group" limit reached (limit 100).

VServer "hybrid-dedupe-no-encrypt" connection limit failed due to VServer "hybrid-group".

VServer "hybrid-group" limit reached (limit 100).

In addition, NetBackup or Backup Exec displays a message:

  • NetBackup - The following progress message displays: Critical bpdm (pid=12515) image open failed: error 2060020: storage server connection limit exceeded
  • Backup Exec - A generic error message will displays for several underlying errors.

When the connection limit is reached on the DXi, the OST plug-in retries the connection for 300 seconds by default. If the connection cannot be established after 300 seconds, the connection times out and an error is returned.

The default connection timeout is 300 seconds. To change the timeout value, edit the following setting in the /usr/Quantum/QuantumPlugin.conf file (Linux) or the C:\libstspiQuantum.ini file (Windows):

DATA_CONNECTION_BUSY_TIMEOUT

The following OST Plug-in configurable options are supported:

The following Linux and Unix configurable options are supported:

  1. DEBUG_LEVEL:

    This defines the level of logging to enable. The value of this option defines the level of log messages to output. It is set to one of the following values:

    • EMERGENCY
    • ALERT
    • CRITICAL
    • ERROR
    • WARNING
    • NOTICE
    • INFO
    • DEBUG

    By default, DEBUG_LEVEL is set to ERROR.

  2. OPDUP_TIMEOUT:

    The Optimized Duplication option of NetBackup uses the replication feature of the OST server. The DXi replication feature cannot replicate unless the backup image file is deduplicated.

    On-demand deduplication of the backup image file can take an unknown amount of time. OPDUP_TIMEOUT is the time in seconds to wait for deduplication of backup image file extent of 256MB or smaller before giving up on the replication attempt.

    If the file copy extent length is larger than 256MB, then the wait time will be a proportional multiple of OPDUP_TIMEOUT. For example, if the extent length is X*256MB, wait time will be X*OPDUP_TIMEOUT, where X need not be an integer. By default, OPDUP_TIMEOUT is set to 180 seconds.

    Note: This option is available only on Linux and Unix platforms. On Windows the timeout is fixed at 180 seconds.

    To change the default value of any of these options, edit the /usr/Quantum/QuantumPlugin.conf file and set the desired values.

The following Windows configurable options are supported:

  1. LOG_LEVEL:

    This is similar to the DEBUG_LEVEL on Linux and Unix. It defines the level of logging to enable. The value of this option defines the level of log messages to output.

    • NONE - Disables logging for the logger.
    • TRACE - Enables tracing to error messages.
    • DEBUG - Enables debug to error messages.
    • INFO - Enables information to error messages.
    • WARN - Enables warning and error messages.
    • ERROR - Enables only error messages.

  2. LOG_LIMIT:

    This defines the maximum file size (in byte) for the logger. Default size of the log file is 10 MB. Increase this value if more logging has to be captured.

    Edit %WINDIR%\libstspiQuantum*.ini to change the default values.

OST Plug-in Log

The OST Plug-in logs various messages to %WINDIR%\libstspiQuantum*.log on a Windows media server.

The OST Plug-in logs various messages to log files under: /var/log/ostlog/client directory on a Linux or Unix media server.

Example

# tail -f /var/log/ostlog/client/ost_client.log

DEBUG - 20080725 16:12:43 15982 pgnapi.c:57 Plugin Prefix Quantum claimed.

DEBUG - 20080725 16:12:43 15982 pgnapi.c:58 stspi_claim exited

DEBUG - 20080725 16:12:43 15982 pgnapi.c:754 stspi_get_server_prop_byname_v9 entered

DEBUG - 20080725 16:12:43 15982 comm.c:939 ostSendRequest: message:0x20000005

DEBUG - 20080725 16:12:43 15982 pgnapi.c:798 stspi_get_server_prop_byname_v9 exited

DEBUG - 20080725 16:12:43 15982 pgnapi.c:44 stspi_claim_v9 entered

DEBUG - 20080725 16:12:43 15982 pgnapi.c:57 Plugin Prefix Quantum claimed.

DEBUG - 20080725 16:12:43 15982 pgnapi.c:58 stspi_claim exited

DEBUG - 20080725 16:12:43 15982 pgnapi.c:207 stspi_open_server_v9 entered

DEBUG - 20080725 16:12:43 15982 comm.c:939 ostSendRequest: message:0x20000002

Transmission Control Protocol (TCP)

The TCP Keep Alive settings can be configured to prevent an OST connection termination by a firewall.

Parameter Description Default Max

TCP_KEEPIDLE

Set the TCP option TCP_KEEPIDLE for socket connections. This is equivalent to tcp_keepalive_time. System settings 276446

TCP_KEEPCNT

 

 Set the TCP option TCP_KEEPCNT for socket connections. This is equivalent to tcp_keepalive_probes. System settings 1215752191

TCP_KEEPINTVL

Set the TCP option TCP_KEEPINTVL for socket connections. This is equivalent to tcp_keepalive_intvl. System settings 276446

Accent Path Optimization (APO)

Accent Path Optimization is on by default, but can be turned off using either the PATH_OPTIMIZATION_BLACKLIST setting noted in the following table, or in the DXi GUI under Configuration > System > Client Plugins. See the User Guide in your product's Documentation Center for more information.

Parameter Description Default Max

PATH_OPTIMIZATION_BLACKLIST

A comma-separated list of IP addresses or hostnames which should not participate in path optimization.

"*" will disable path optimization for all hosts.

Note: Using uppercase letters in the hostname is acceptable but will not be preserved after entry. For that reason, Quantum recommends using lowercase letters in the Hostname or IP Address box.

 Empty N/A

PATH_OPTIMIZATION_PROBE_TIMEOUT_MS

 The maximum time to spend determining which interfaces on the server are reachable. 1000 65000