Integrating Swarm Object Storage with HYCU R-Cloud Hybrid Cloud Edition
HYCU R-Cloud Hybrid Cloud Edition
HYCU R-Cloud Hybrid Cloud Edition formerly known as HYCU for Enterprise Cloud, is a high performing backup and recovery solution for Nutanix, VMware, AWS GovCloud (US), Azure Government, file servers, and servers. It is designed to make data protection as simple and cost-effective as possible, to improve your business agility, and to bring unified security, reliability, performance, and user experience across on-premises and cloud environments.
To protect against ransomware, longer retention backup files should be immutable (that is, not subject to change or deletion). The solution is DataCore Swarm. Swarm provides a secure, durable, and cost-effective software-defined object storage solution.
Swarm Object Storage
Swarm is a secure, durable, scalable, and S3-compatible storage with multi-tenancy. With Swarm object storage, you can store more backups, spend less time managing storage, and reduce storage spending while guaranteeing backups are continually safeguarded and instantly available a month, a year, or even a decade from now. The on-premises alternative removes concerns over unexpected cloud charges and potential GDPR violations by keeping backup data within your data center.
Swarm’s logical and extensible multi-tenancy enables providing a backup target with custom capacity, access, and data protection policies for any number of applications, employees, or subscribers.
Prerequisites
HYCU v5.0.0-1491+
The latest DataCore Swarm v16.1.4
Erasure Encoding enabled to support multi-part upload, 4:2 recommended.
Swarm Content Portal with Gateway v8.1.1 or higher is mandatory.
Sequence of Operations
From a high level, use the following steps to configure the environment:
On your Swarm domain
Create a token that provides the credentials used in API calls from HYCU when communicating with Swarm.
Create a bucket with Erasure Coding and Content Versioning enabled.
Enable object locking on the bucket using the Swarm Content Portal.
From the HYCU backup controller UI
Add a backup target for immutable backups using the Swarm bucket created above.
Create a backup Policy for the new backup target
Associate the custom policy with the sources ( VM’s , servers or file shares ) you wish to backup.
Swarm Configuration
Enabling Policy Versioning for the Swarm Cluster
In the Swarm UI (not the Content Portal), select Settings from the side navigation bar.
Select “allowed” corresponding to
policy.versioning
then click Save.In case versioning does not set via the UI, refer to the Appendix for instructions on how to enable versioning via the Swarm command-line interface.
Generating an Access Token
The tokens are generated at the domain level, not at the Bucket level. To generate the token;
Navigate to the Swarm storage domain in a web browser and click the Settings gear icon.
Expand the drop-down and select Tokens sub-menu. On the Domain settings view, press the +Add to generate a new S3 token.
Enter the description and desired Expiration Date, then check the S3 Secret Key box.
At this point, you can either change the S3 Secret Key to the desired value or accept the auto-generated key. The key in these screenshots is an example value that has been intentionally redacted.
Click Add to save your settings and create the S3 token.
Important to copy the result
Verify the result is copied to a file before clicking Close as these details are used later to configure object storage credentials.
Creating a Bucket for HYCU
From the Swarm Content Portal, navigate to the storage domain, then click the +Add button on the right next to the settings gear icon.
Select the type “Bucket Object Container”.
Provide the desired bucket name that complies with the bucket naming rules and verify S3 Compatible is checked.
Click Add to create the bucket.
Enabling Erasure Coding on Bucket
From the domain panel, select the recently created bucket.
Click on the gear icon for Bucket settings.
To check if Erasure Coding is enabled, uncheck the Inherit Protection box.
If Erasure Coding is not Enabled, click on Enabled and enter the EC Default Encoding of your choice. It is recommended to use a 4:2 EC Encoding.
Refer to the Erasure Coding for more information.
Enabling Versioning for Object Locking
Content versioning is needed to support the immutability option in HYCU. It is enabled for the bucket by selecting Enabled from the drop-down menu.
By default, the owner of a bucket has all permissions. Other users can be assigned permissions in the domain, tenant, or root policies. They must be allowed for actions:
ListDomain
ListBucket
ListBucketMultipartUploads
AbortMultipartUpload
PutBucketObjectLocking
GetBucketObjectLocking
GetBucketLocation
GetObjectRetention
PutObjectRetention
GetObjectLegalHold
PutObjectLegalHold
GetObject
PutObject
DeleteObject
Enable Object Locking on Bucket
Important
The bucket must have versioning enabled.
Search and select the target bucket name.
Click Settings > Properties.
Select the checkbox for Enable Object Locking.
HYCU does not support Default Mode “None” , you must select Governance or Compliance and you must set a default duration.
Click Save.
The bucket has Object Locking enabled once the configurations are saved. Any objects written to that bucket have the defined duration with the selected mode automatically applied, unless different values are provided at the time of write. A gray lock icon next to the bucket name represents that the bucket has Object Locking enabled.
HYCU Configuration
Create a backup target
Navigate on the HYCU dashboard of the backup controller to the Targets section and press +Add
Select S3 Compatible and press Next
Fill in the name and description as well as allowed concurrent backup jobs ( default is 1 )
Enable compression if you need data compression before it is stored on the target
Define the maximum allowed storage capacity for backups on this target.
Add a service endpoint, HYCU supports both HTTP and HTTPS
Define the bucket name, access token and secret key for this target. ( see earlier section on how to pre-create those )
Uncheck metering as this only applies to archive mode targets.
Press Save to continue
Once the target has been created you will see it on the target overview table, a green healtcheck mark will indicate the target is reachable and has passed the healthcheck HYCU runs against it. If your target uses object locking you will see an additional little lock icon appear next to the target name.
HYCU Required advanced configuration
The following custom configuration need to be added to the HYCU backup controller for use with DataCore Swarm.
target.cloud.skip.tagging.endpoint.suffixes=.datacore.com
target.write.test.enable=false
backup.restore.cloud.num.of.io.requests=32
Disabling Object Tagging
DataCore Swarm v16 does not currently support Object Tagging, to disable use of S3 Object Tagging by the WORM maintenance task, you will need to supply an endpoint suffix the exclude ( based on s3 endpoint name )
Example: in our certification lab the endpoint name was hycu.swarm.datacore.com , adjust the suffix to match your active endpoint.
target.cloud.skip.tagging.endpoint.suffixes=.datacore.com
Disabling Target Throughput Testing
HYCU performs a target throughput test operation which runs by default every 15 min and attempts to write, read and delete 128MB of data. This is due to their unique RTO assurance functionality which estimates the restore times as part of compliance calculations.
We recommend disabling this feature for version locked buckets, since the data will be kept around due to a configured default retention and data deletion in Swarm is a delayed background process.
target.write.test.enable=false
For non-version locked buckets we recommend changing the check interval to 1hr
Enhancing Multipart performance
Multipart chunk size for backup and copy operations, are by default 10 MB. You can achieve better performance by increasing this at the expense of needing more memory on the HCYU appliance.
Enhancing archive performance
Enhancing File share backup performance
By default HYCU will use a minimum multipart chunk size of 5MB. We recommend increasing the minimum to 10MB.
Enhancing restore performance
By default HYCU will only use 8 concurrent I/O threads to restore data, we recommend using at least 32 for better restore performance.
HCYU How to create custom configuration
Connect to the HYCU backup controller using SSH or console access.
Default access credentials for the backup controller are:
Open or create the config.properties file in a text editor
Scroll to the bottom of the file and add the variable and value
Save the changes and exit the editor.
Restart the HYCU services for the changes to take effect:
HYCU Custom Backup Policy
See the official documentation here: https://support.hycu.com/hc/en-us/sections/115001018365-R-Cloud-Hybrid-Cloud-Edition-User-Documentation
© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.