Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

DRAFT - pending HYCU approval

HYCU R-Cloud Hybrid Cloud Edition

HYCU R-Cloud Hybrid Cloud Edition formerly known as HYCU for Enterprise Cloud, is a high performing backup and recovery solution for Nutanix, VMware, AWS GovCloud (US), Azure Government, file servers, and servers. It is designed to make data protection as simple and cost-effective as possible, to improve your business agility, and to bring unified security, reliability, performance, and user experience across on-premises and cloud environments.

To protect against ransomware, longer retention backup files should be immutable (that is, not subject to change or deletion). The solution is DataCore Swarm. Swarm provides a secure, durable, and cost-effective software-defined object storage solution.

Swarm Object Storage

Swarm is a secure, durable, scalable, and S3-compatible storage with multi-tenancy. With Swarm object storage, you can store more backups, spend less time managing storage, and reduce storage spending while guaranteeing backups are continually safeguarded and instantly available a month, a year, or even a decade from now. The on-premises alternative removes concerns over unexpected cloud charges and potential GDPR violations by keeping backup data within your data center.

Swarm’s logical and extensible multi-tenancy enables providing a backup target with custom capacity, access, and data protection policies for any number of applications, employees, or subscribers.

Prerequisites

  • HYCU v5.0.0-1491+

  • The latest DataCore Swarm v16.1.4

    • Erasure Encoding enabled to support multi-part upload, 4:2 recommended.

  • Swarm Content Portal with Gateway v8.1.1 or higher is mandatory.

Sequence of Operations

From a high level, use the following steps to configure the environment:

On your Swarm domain

  1. Create a token that provides the credentials used in API calls from HYCU when communicating with Swarm.

  2. Create a bucket with Erasure Coding and Content Versioning enabled.

  3. Enable object locking on the bucket using the Swarm Content Portal.

From the HYCU backup controller UI

  1. Add a backup target for immutable backups using the Swarm bucket created above.

  2. Create a backup Policy for the new backup target

  3. Associate the custom policy with the sources ( VM’s , servers or file shares ) you wish to backup.

Swarm Configuration

Enabling Policy Versioning for the Swarm Cluster

  1. In the Swarm UI (not the Content Portal), select Settings from the side navigation bar.

  2. Select “allowed” corresponding to policy.versioning then click Save.

Generating an Access Token

The tokens are generated at the domain level, not at the Bucket level. To generate the token;

  1. Navigate to the Swarm storage domain in a web browser and click the Settings gear icon.

  2. Expand the drop-down and select Tokens sub-menu. On the Domain settings view, press the +Add to generate a new S3 token.

  3. Enter the description and desired Expiration Date, then check the S3 Secret Key box.

  4. At this point, you can either change the S3 Secret Key to the desired value or accept the auto-generated key. The key in these screenshots is an example value that has been intentionally redacted.

  5. Click Add to save your settings and create the S3 token.

Important to copy the result

Verify the result is copied to a file before clicking Close as these details are used later to configure object storage credentials.

Creating a Bucket for HYCU

  1. From the Swarm Content Portal, navigate to the storage domain, then click the +Add button on the right next to the settings gear icon.

  2. Select the type “Bucket Object Container”.

  3. Provide the desired bucket name that complies with the bucket naming rules and verify S3 Compatible is checked.

  4. Click Add to create the bucket.

Enabling Erasure Coding on Bucket

  1. From the domain panel, select the recently created bucket.

  2. Click on the gear icon for Bucket settings.

  3. To check if Erasure Coding is enabled, uncheck the Inherit Protection box.

  4. If Erasure Coding is not Enabled, click on Enabled and enter the EC Default Encoding of your choice. It is recommended to use a 4:2 EC Encoding.

Refer to the Erasure Coding for more information.

Enabling Versioning for Object Locking

Content versioning is needed to support the immutability option in HYCU. It is enabled for the bucket by selecting Enabled from the drop-down menu.

By default, the owner of a bucket has all permissions. Other users can be assigned permissions in the domain, tenant, or root policies. They must be allowed for actions:

  • ListDomain

  • ListBucket

  • ListBucketMultipartUploads

  • AbortMultipartUpload

  • PutBucketObjectLocking

  • GetBucketObjectLocking

  • GetBucketLocation

  • GetObjectRetention

  • PutObjectRetention

  • GetObjectLegalHold

  • PutObjectLegalHold

  • GetObject

  • PutObject

  • DeleteObject

Enable Object Locking on Bucket

Important

The bucket must have versioning enabled.

  1. Search and select the target bucket name.

  2. Click Settings > Properties.

image-20240820-075641.png
  1. Select the checkbox for Enable Object Locking.

HYCU does not support Default Mode “None” , you must select Governance or Compliance and you must set a default duration.

  1. Click Save.
    The bucket has Object Locking enabled once the configurations are saved. Any objects written to that bucket have the defined duration with the selected mode automatically applied, unless different values are provided at the time of write. A gray lock icon next to the bucket name represents that the bucket has Object Locking enabled.

Note

Object Locking cannot be disabled once enabled for a bucket. The retention mode and duration can be updated.

HYCU Configuration

Create a backup target

  1. Navigate on the HYCU dashboard of the backup controller to the Targets section and press +Add

  2. Select S3 Compatible and press Next

    image-20240820-080305.png
  3. Fill in the name and description as well as allowed concurrent backup jobs ( default is 1 )

  4. Enable compression if you need data compression before it is stored on the target

    image-20240820-080512.png
  5. Define the maximum allowed storage capacity for backups on this target.

If you chose to use DataCore Swarm Quota Management , make sure to set the maximum allowed storage capacity above the highest quota.

  1. Add a service endpoint, HYCU supports both HTTP and HTTPS

HYCU only support AWS Signature v4

  1. Define the bucket name, access token and secret key for this target. ( see earlier section on how to pre-create those )

DataCore Swarm supports both bucket - and path style addressing,
We recommend path style as it is much easier to configure in combination with SSL certificates.

  1. Uncheck metering as this only applies to archive mode targets.

    image-20240820-080752.png
  2. Press Save to continue

  3. Once the target has been created you will see it on the target overview table, a green healtcheck mark will indicate the target is reachable and has passed the healthcheck HYCU runs against it. If your target uses object locking you will see an additional little lock icon appear next to the target name.

image-20240820-081352.png

HYCU Required advanced configuration

The following custom configuration need to be added to the HYCU backup controller for use with DataCore Swarm.

 target.cloud.skip.tagging.endpoint.suffixes=.datacore.com
 target.write.test.enable=false
 backup.restore.cloud.num.of.io.requests=32

Disabling Object Tagging

DataCore Swarm v16 does not currently support Object Tagging, to disable use of S3 Object Tagging by the WORM maintenance task, you will need to supply an endpoint suffix the exclude ( based on s3 endpoint name )

Example: in our certification lab the endpoint name was hycu.swarm.datacore.com , adjust the suffix to match your active endpoint.

target.cloud.skip.tagging.endpoint.suffixes=.datacore.com

Disabling Target Throughput Testing

HYCU performs a target throughput test operation which runs by default every 15 min and attempts to write, read and delete 128MB of data. This is due to their unique RTO assurance functionality which estimates the restore times as part of compliance calculations.

We recommend disabling this feature for version locked buckets, since the data will be kept around due to a configured default retention and data deletion in Swarm is a delayed background process.

target.write.test.enable=false

For non-version locked buckets we recommend changing the check interval to 1hr

target.test.interval.minutes=60

Enhancing restore performance

By default HYCU will only use 8 concurrent I/O threads to restore data, we recommend using at least 32 for better restore performance.

This will require more CPU and RAM on the HYCU backup controller

HCYU How to create custom configuration

Connect to the HYCU backup controller using SSH or console access.

Default access credentials for the backup controller are:

hycu:hycu/4u

Open or create the config.properties file in a text editor

sudo vi /hycudata/opt/grizzly/config.properties

Scroll to the bottom of the file and add the variable and value

Save the changes and exit the editor.

Restart the HYCU services for the changes to take effect:

sudo systemctl restart grizzly

HYCU Custom Backup Policy

See the official documentation here: https://support.hycu.com/hc/en-us/sections/115001018365-R-Cloud-Hybrid-Cloud-Edition-User-Documentation

  • No labels